00)='./file0\x00', 0x40000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="200000004000000003000018300000000f000000000000000200000002000000008000000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000000140)="ed41000000000000dbf4655fdcf4655fdcf4655f0000000000000400080000000000000005000000080000000000000000000000000000000000000000000000bb", 0x41, 0x4200}], 0x0, &(0x7f0000013a00)) [ 209.687321][T20373] EXT4-fs (loop2): mount failed [ 209.698701][T20375] loop4: p1 p2 p3 p4 [ 209.707316][T20375] loop4: p1 size 11290111 extends beyond EOD, truncated 01:15:54 executing program 1: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f000099e000)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$inet_tcp_int(r0, 0x6, 0x19, &(0x7f0000000000)=0x20, 0x4) sendto$inet(r0, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) sendmsg$NL80211_CMD_TDLS_MGMT(r0, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000180)={0x160, 0x0, 0x100, 0x70bd2b, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xc, 0x2a, [@mesh_chsw={0x76, 0x6, {0x4, 0x26, 0x3d, 0x6}}]}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8}, @NL80211_ATTR_IE={0x11d, 0x2a, [@mesh_id={0x72, 0x6}, @ht={0x2d, 0x1a, {0x8, 0x0, 0x1, 0x0, {0x3, 0x1, 0x0, 0x40, 0x0, 0x0, 0x0, 0x3, 0x1}, 0x8, 0x2, 0x2}}, @random_vendor={0xdd, 0xec, "5d4436042fb01afc776f15e249f78a5aa575849e3f8dfaf15c31ab8e96bc93a802a07f9a061d42824f799da013af85391831c9d4d7763587719e0a866b6530d86eec17b03908316c3b2f349db78ce75136f0513d4f0ded6c486518591507ef48244207ef1a137875c55b2461f29fc321232d421909e2e0b878d23b226b9204813abfd58338df63ec0f3a0aa1df08f6ee238f250e1f1517a9491032c8aeef45e3096f8c60fe39eb45570a9ed2a19c2671080fb03c84672b7a6d0050f45aaa2e93af2224c4b60edddc2d45831dacd11acc362166f47ff0f98148d5eea62845deed5ebbae8bd8bcb5c46cfa91e1"}, @ibss={0x6, 0x2, 0x1}, @supported_rates={0x1, 0x1, [{0xc}]}]}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8, 0xcb, 0x7fffffff}, @NL80211_ATTR_TDLS_INITIATOR={0x4}]}, 0x160}, 0x1, 0x0, 0x0, 0x20000004}, 0x4) recvfrom(r0, &(0x7f0000000480)=""/110, 0xfffffe32, 0x734, 0x0, 0xffffffffffffff39) 01:15:54 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(0xffffffffffffffff, 0x800c6613, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x800002, 0x12, r0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r1, &(0x7f000099e000)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$inet_tcp_int(r1, 0x6, 0x19, &(0x7f0000000000)=0x20, 0x4) sendto$inet(r1, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100), 0x10) ioctl$LOOP_GET_STATUS(0xffffffffffffffff, 0x125e, &(0x7f0000000080)) sendmsg$NL80211_CMD_TDLS_MGMT(r1, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000180)={0x160, 0x0, 0x100, 0x70bd2b, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xc, 0x2a, [@mesh_chsw={0x76, 0x6, {0x4, 0x26, 0x3d, 0x6}}]}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8}, @NL80211_ATTR_IE={0x11e, 0x2a, [@mesh_id={0x72, 0x6}, @ht={0x2d, 0x1a, {0x8, 0x0, 0x1, 0x0, {0x3, 0x1, 0x0, 0x40, 0x0, 0x0, 0x0, 0x3, 0x1}, 0x8, 0x2, 0x2}}, @random_vendor={0xdd, 0xec, "5d4436042fb01afc776f15e249f78a5aa575849e3f8dfaf15c31ab8e96bc93a802a07f9a061d42824f799da013af85391831c9d4d7763587719e0a866b6530d86eec17b03908316c3b2f349db78ce75136f0513d4f0ded6c486518591507ef48244207ef1a137875c55b2461f29fc321232d421909e2e0b878d23b226b9204813abfd58338df63ec0f3a0aa1df08f6ee238f250e1f1517a9491032c8aeef45e3096f8c60fe39eb45570a9ed2a19c2671080fb03c84672b7a6d0050f45aaa2e93af2224c4b60edddc2d45831dacd11acc362166f47ff0f98148d5eea62845deed5ebbae8bd8bcb5c46cfa91e1"}, @ibss={0x6, 0x2, 0x1}, @supported_rates={0x1, 0x2, [{0x4}, {0xc}]}]}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8, 0xcb, 0x7fffffff}, @NL80211_ATTR_TDLS_INITIATOR={0x4}]}, 0x160}, 0x1, 0x0, 0x0, 0x20000004}, 0x4) recvfrom(r1, &(0x7f0000000480)=""/110, 0xfffffe32, 0x734, 0x0, 0xffffffffffffff39) 01:15:54 executing program 0: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000400000000300001c300000000f000000000000000200000002000000008000000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000000140)="ed41000000000000dbf4655fdcf4655fdcf4655f0000000000000400080000000000000005000000080000000000000000000000000000000000000000000000bb", 0x41, 0x4200}], 0x0, &(0x7f0000013a00)) [ 209.747468][T20375] loop4: p2 size 1073872896 extends beyond EOD, truncated [ 209.797394][T20375] loop4: p3 size 1912633224 extends beyond EOD, truncated [ 209.816479][T20373] loop2: detected capacity change from 0 to 560 [ 209.844346][T20373] EXT4-fs error (device loop2): __ext4_iget:4846: inode #2: block 3646141627: comm syz-executor.2: invalid block [ 209.856316][T20373] EXT4-fs (loop2): get root inode failed [ 209.861949][T20373] EXT4-fs (loop2): mount failed [ 209.879696][T20375] loop4: p4 size 3657465856 extends beyond EOD, truncated [ 209.969051][T20375] loop4: detected capacity change from 0 to 264192 [ 210.046684][T20375] loop4: p1 p2 p3 p4 [ 210.052620][T20375] loop4: p1 size 11290111 extends beyond EOD, truncated [ 210.061539][T20375] loop4: p2 size 1073872896 extends beyond EOD, truncated [ 210.069676][T20375] loop4: p3 size 1912633224 extends beyond EOD, truncated [ 210.078101][T20375] loop4: p4 size 3657465856 extends beyond EOD, truncated 01:15:54 executing program 5 (fault-call:7 fault-nth:27): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x7a05, 0x1700) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) write$cgroup_int(r2, &(0x7f0000000200), 0xf000) pwrite64(0xffffffffffffffff, 0x0, 0x0, 0x0) sendfile(r2, r3, 0x0, 0xf03b0000) sendfile(r1, r0, 0x0, 0x8000000000004) 01:15:54 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(0xffffffffffffffff, 0x800c6613, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x800002, 0x12, r0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r1, &(0x7f000099e000)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$inet_tcp_int(r1, 0x6, 0x19, &(0x7f0000000000)=0x20, 0x4) sendto$inet(r1, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100), 0x10) ioctl$LOOP_GET_STATUS(0xffffffffffffffff, 0x125e, &(0x7f0000000080)) sendmsg$NL80211_CMD_TDLS_MGMT(r1, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000180)={0x160, 0x0, 0x100, 0x70bd2b, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xc, 0x2a, [@mesh_chsw={0x76, 0x6, {0x4, 0x26, 0x3d, 0x6}}]}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8}, @NL80211_ATTR_IE={0x11e, 0x2a, [@mesh_id={0x72, 0x6}, @ht={0x2d, 0x1a, {0x8, 0x0, 0x1, 0x0, {0x3, 0x1, 0x0, 0x40, 0x0, 0x0, 0x0, 0x3, 0x1}, 0x8, 0x2, 0x2}}, @random_vendor={0xdd, 0xec, "5d4436042fb01afc776f15e249f78a5aa575849e3f8dfaf15c31ab8e96bc93a802a07f9a061d42824f799da013af85391831c9d4d7763587719e0a866b6530d86eec17b03908316c3b2f349db78ce75136f0513d4f0ded6c486518591507ef48244207ef1a137875c55b2461f29fc321232d421909e2e0b878d23b226b9204813abfd58338df63ec0f3a0aa1df08f6ee238f250e1f1517a9491032c8aeef45e3096f8c60fe39eb45570a9ed2a19c2671080fb03c84672b7a6d0050f45aaa2e93af2224c4b60edddc2d45831dacd11acc362166f47ff0f98148d5eea62845deed5ebbae8bd8bcb5c46cfa91e1"}, @ibss={0x6, 0x2, 0x1}, @supported_rates={0x1, 0x2, [{0x4}, {0xc}]}]}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8, 0xcb, 0x7fffffff}, @NL80211_ATTR_TDLS_INITIATOR={0x4}]}, 0x160}, 0x1, 0x0, 0x0, 0x20000004}, 0x4) recvfrom(r1, &(0x7f0000000480)=""/110, 0xfffffe32, 0x734, 0x0, 0xffffffffffffff39) 01:15:54 executing program 1: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f000099e000)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$inet_tcp_int(r0, 0x6, 0x19, &(0x7f0000000000)=0x20, 0x4) sendto$inet(r0, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) sendmsg$NL80211_CMD_TDLS_MGMT(r0, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000180)={0x160, 0x0, 0x100, 0x70bd2b, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xc, 0x2a, [@mesh_chsw={0x76, 0x6, {0x4, 0x26, 0x3d, 0x6}}]}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8}, @NL80211_ATTR_IE={0x11d, 0x2a, [@mesh_id={0x72, 0x6}, @ht={0x2d, 0x1a, {0x8, 0x0, 0x1, 0x0, {0x3, 0x1, 0x0, 0x40, 0x0, 0x0, 0x0, 0x3, 0x1}, 0x8, 0x2, 0x2}}, @random_vendor={0xdd, 0xec, "5d4436042fb01afc776f15e249f78a5aa575849e3f8dfaf15c31ab8e96bc93a802a07f9a061d42824f799da013af85391831c9d4d7763587719e0a866b6530d86eec17b03908316c3b2f349db78ce75136f0513d4f0ded6c486518591507ef48244207ef1a137875c55b2461f29fc321232d421909e2e0b878d23b226b9204813abfd58338df63ec0f3a0aa1df08f6ee238f250e1f1517a9491032c8aeef45e3096f8c60fe39eb45570a9ed2a19c2671080fb03c84672b7a6d0050f45aaa2e93af2224c4b60edddc2d45831dacd11acc362166f47ff0f98148d5eea62845deed5ebbae8bd8bcb5c46cfa91e1"}, @ibss={0x6, 0x2, 0x1}, @supported_rates={0x1, 0x1, [{0xc}]}]}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8, 0xcb, 0x7fffffff}, @NL80211_ATTR_TDLS_INITIATOR={0x4}]}, 0x160}, 0x1, 0x0, 0x0, 0x20000004}, 0x4) recvfrom(r0, &(0x7f0000000480)=""/110, 0xfffffe32, 0x734, 0x0, 0xffffffffffffff39) 01:15:54 executing program 0: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="200000004000000003000020300000000f000000000000000200000002000000008000000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000000140)="ed41000000000000dbf4655fdcf4655fdcf4655f0000000000000400080000000000000005000000080000000000000000000000000000000000000000000000bb", 0x41, 0x4200}], 0x0, &(0x7f0000013a00)) 01:15:54 executing program 2: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x46800, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="200000004000000003000000300000000f000000000000000200000002000000008000000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000000140)="ed41000000000000dbf4655fdcf4655fdcf4655f0000000000000400080000000000000005000000080000000000000000000000000000000000000000000000bbb453d966251f49b1ab9b5b4d3c3f8ccc23b5d09ae234926a1e667ee0255913fede62ba578c07a711", 0x69, 0x4200}], 0x0, &(0x7f0000013a00)) 01:15:54 executing program 4: syz_read_part_table(0x7a000000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000000)="020181ffffff0a000000ff45ac0000ffffffa9000800000000000000024000ffffff82000000e10000008877007200300700a6ffffff00000000008000da55aa", 0x40, 0x1c0}]) [ 210.188356][T20448] loop2: detected capacity change from 0 to 564 [ 210.214868][T20452] FAULT_INJECTION: forcing a failure. [ 210.214868][T20452] name failslab, interval 1, probability 0, space 0, times 0 [ 210.227549][T20452] CPU: 0 PID: 20452 Comm: syz-executor.5 Tainted: G W 5.14.0-syzkaller #0 [ 210.237395][T20452] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 210.247541][T20452] Call Trace: [ 210.248278][T20461] loop4: detected capacity change from 0 to 264192 [ 210.250817][T20452] dump_stack_lvl+0xb7/0x103 [ 210.262012][T20452] dump_stack+0x11/0x1a [ 210.266169][T20452] should_fail+0x23c/0x250 [ 210.270579][T20452] ? mempool_alloc_slab+0x16/0x20 [ 210.275669][T20452] __should_failslab+0x81/0x90 [ 210.280434][T20452] should_failslab+0x5/0x20 [ 210.284992][T20452] kmem_cache_alloc+0x46/0x2e0 [ 210.289757][T20452] mempool_alloc_slab+0x16/0x20 [ 210.294676][T20452] ? mempool_free+0x130/0x130 [ 210.299438][T20452] mempool_alloc+0x8c/0x300 [ 210.303922][T20452] ? __tsan_read8+0x150/0x180 [ 210.308578][T20452] sg_pool_alloc+0x74/0x90 [ 210.312999][T20452] __sg_alloc_table+0xce/0x290 [ 210.317739][T20452] sg_alloc_table_chained+0xaf/0x140 [ 210.323001][T20452] ? sg_alloc_table_chained+0x140/0x140 [ 210.328571][T20452] scsi_alloc_sgtables+0x17c/0x500 [ 210.333711][T20452] sd_init_command+0x96a/0x1640 [ 210.338537][T20452] scsi_queue_rq+0x10e0/0x15a0 [ 210.343278][T20452] blk_mq_dispatch_rq_list+0x695/0x1040 [ 210.348859][T20452] ? __sbitmap_queue_get+0x11/0x20 [ 210.354037][T20452] blk_mq_do_dispatch_sched+0x3b5/0x640 [ 210.359593][T20452] __blk_mq_sched_dispatch_requests+0x1eb/0x290 [ 210.365817][T20452] ? rb_insert_color+0x2fa/0x310 [ 210.370922][T20452] blk_mq_sched_dispatch_requests+0x9f/0x110 [ 210.376947][T20452] __blk_mq_run_hw_queue+0xbc/0x140 [ 210.382183][T20452] __blk_mq_delay_run_hw_queue+0x163/0x2f0 [ 210.387978][T20452] blk_mq_run_hw_queue+0x22c/0x250 [ 210.393085][T20452] blk_mq_sched_insert_requests+0x12b/0x1f0 [ 210.398981][T20452] blk_mq_flush_plug_list+0x2f2/0x3c0 [ 210.404338][T20452] blk_flush_plug_list+0x235/0x260 [ 210.409467][T20452] blk_finish_plug+0x44/0x60 [ 210.414046][T20452] __iomap_dio_rw+0x797/0xa60 [ 210.418706][T20452] iomap_dio_rw+0x30/0x70 [ 210.423012][T20452] ext4_file_write_iter+0xa5e/0x11a0 [ 210.428276][T20452] do_iter_readv_writev+0x2cd/0x370 [ 210.433469][T20452] do_iter_write+0x192/0x5c0 [ 210.438114][T20452] ? splice_from_pipe_next+0x34f/0x3b0 [ 210.443572][T20452] ? kmalloc_array+0x2d/0x40 [ 210.448246][T20452] vfs_iter_write+0x4c/0x70 [ 210.452733][T20452] iter_file_splice_write+0x40a/0x750 [ 210.458114][T20452] ? splice_from_pipe+0xc0/0xc0 [ 210.462978][T20452] direct_splice_actor+0x80/0xa0 [ 210.467984][T20452] splice_direct_to_actor+0x345/0x650 [ 210.473412][T20452] ? do_splice_direct+0x170/0x170 [ 210.478435][T20452] do_splice_direct+0xf5/0x170 [ 210.483207][T20452] do_sendfile+0x618/0xb90 [ 210.487677][T20452] __x64_sys_sendfile64+0xf2/0x130 [ 210.492796][T20452] do_syscall_64+0x3d/0x90 [ 210.497242][T20452] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 210.503121][T20452] RIP: 0033:0x4665f9 [ 210.507023][T20452] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 210.526644][T20452] RSP: 002b:00007f439350a188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 01:15:54 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(0xffffffffffffffff, 0x800c6613, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x800002, 0x12, r0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r1, &(0x7f000099e000)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$inet_tcp_int(r1, 0x6, 0x19, &(0x7f0000000000)=0x20, 0x4) sendto$inet(r1, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100), 0x10) ioctl$LOOP_GET_STATUS(0xffffffffffffffff, 0x125e, &(0x7f0000000080)) sendmsg$NL80211_CMD_TDLS_MGMT(r1, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000180)={0x160, 0x0, 0x100, 0x70bd2b, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xc, 0x2a, [@mesh_chsw={0x76, 0x6, {0x4, 0x26, 0x3d, 0x6}}]}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8}, @NL80211_ATTR_IE={0x11e, 0x2a, [@mesh_id={0x72, 0x6}, @ht={0x2d, 0x1a, {0x8, 0x0, 0x1, 0x0, {0x3, 0x1, 0x0, 0x40, 0x0, 0x0, 0x0, 0x3, 0x1}, 0x8, 0x2, 0x2}}, @random_vendor={0xdd, 0xec, "5d4436042fb01afc776f15e249f78a5aa575849e3f8dfaf15c31ab8e96bc93a802a07f9a061d42824f799da013af85391831c9d4d7763587719e0a866b6530d86eec17b03908316c3b2f349db78ce75136f0513d4f0ded6c486518591507ef48244207ef1a137875c55b2461f29fc321232d421909e2e0b878d23b226b9204813abfd58338df63ec0f3a0aa1df08f6ee238f250e1f1517a9491032c8aeef45e3096f8c60fe39eb45570a9ed2a19c2671080fb03c84672b7a6d0050f45aaa2e93af2224c4b60edddc2d45831dacd11acc362166f47ff0f98148d5eea62845deed5ebbae8bd8bcb5c46cfa91e1"}, @ibss={0x6, 0x2, 0x1}, @supported_rates={0x1, 0x2, [{0x4}, {0xc}]}]}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8, 0xcb, 0x7fffffff}, @NL80211_ATTR_TDLS_INITIATOR={0x4}]}, 0x160}, 0x1, 0x0, 0x0, 0x20000004}, 0x4) recvfrom(r1, &(0x7f0000000480)=""/110, 0xfffffe32, 0x734, 0x0, 0xffffffffffffff39) 01:15:54 executing program 0: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="200000004000000003000026300000000f000000000000000200000002000000008000000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000000140)="ed41000000000000dbf4655fdcf4655fdcf4655f0000000000000400080000000000000005000000080000000000000000000000000000000000000000000000bb", 0x41, 0x4200}], 0x0, &(0x7f0000013a00)) 01:15:54 executing program 1: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f000099e000)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$inet_tcp_int(r0, 0x6, 0x19, &(0x7f0000000000)=0x20, 0x4) sendto$inet(r0, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) sendmsg$NL80211_CMD_TDLS_MGMT(r0, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000180)={0x160, 0x0, 0x100, 0x70bd2b, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xc, 0x2a, [@mesh_chsw={0x76, 0x6, {0x4, 0x26, 0x3d, 0x6}}]}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8}, @NL80211_ATTR_IE={0x11d, 0x2a, [@mesh_id={0x72, 0x6}, @ht={0x2d, 0x1a, {0x8, 0x0, 0x1, 0x0, {0x3, 0x1, 0x0, 0x40, 0x0, 0x0, 0x0, 0x3, 0x1}, 0x8, 0x2, 0x2}}, @random_vendor={0xdd, 0xec, "5d4436042fb01afc776f15e249f78a5aa575849e3f8dfaf15c31ab8e96bc93a802a07f9a061d42824f799da013af85391831c9d4d7763587719e0a866b6530d86eec17b03908316c3b2f349db78ce75136f0513d4f0ded6c486518591507ef48244207ef1a137875c55b2461f29fc321232d421909e2e0b878d23b226b9204813abfd58338df63ec0f3a0aa1df08f6ee238f250e1f1517a9491032c8aeef45e3096f8c60fe39eb45570a9ed2a19c2671080fb03c84672b7a6d0050f45aaa2e93af2224c4b60edddc2d45831dacd11acc362166f47ff0f98148d5eea62845deed5ebbae8bd8bcb5c46cfa91e1"}, @ibss={0x6, 0x2, 0x1}, @supported_rates={0x1, 0x1, [{0xc}]}]}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8, 0xcb, 0x7fffffff}, @NL80211_ATTR_TDLS_INITIATOR={0x4}]}, 0x160}, 0x1, 0x0, 0x0, 0x20000004}, 0x4) recvfrom(r0, &(0x7f0000000480)=""/110, 0xfffffe32, 0x734, 0x0, 0xffffffffffffff39) [ 210.535043][T20452] RAX: ffffffffffffffda RBX: 000000000056c038 RCX: 00000000004665f9 [ 210.542992][T20452] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000004 [ 210.551047][T20452] RBP: 00007f439350a1d0 R08: 0000000000000000 R09: 0000000000000000 [ 210.558996][T20452] R10: 0008000000000004 R11: 0000000000000246 R12: 0000000000000002 [ 210.566951][T20452] R13: 00007ffeba6dfb3f R14: 00007f439350a300 R15: 0000000000022000 [ 210.585249][T20448] EXT4-fs error (device loop2): __ext4_iget:4846: inode #2: block 3646141627: comm syz-executor.2: invalid block [ 210.597317][T20448] EXT4-fs (loop2): get root inode failed [ 210.603085][T20448] EXT4-fs (loop2): mount failed [ 210.620995][T20461] loop4: p1 p2 p3 p4 [ 210.625456][T20461] loop4: p1 size 11290111 extends beyond EOD, truncated 01:15:54 executing program 1: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f000099e000)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$inet_tcp_int(r0, 0x6, 0x19, &(0x7f0000000000)=0x20, 0x4) sendto$inet(r0, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) sendmsg$NL80211_CMD_TDLS_MGMT(r0, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000180)={0x160, 0x0, 0x100, 0x70bd2b, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xc, 0x2a, [@mesh_chsw={0x76, 0x6, {0x4, 0x26, 0x3d, 0x6}}]}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8}, @NL80211_ATTR_IE={0x11e, 0x2a, [@mesh_id={0x72, 0x6}, @ht={0x2d, 0x1a, {0x8, 0x0, 0x1, 0x0, {0x3, 0x1, 0x0, 0x40, 0x0, 0x0, 0x0, 0x3, 0x1}, 0x8, 0x2, 0x2}}, @random_vendor={0xdd, 0xec, "5d4436042fb01afc776f15e249f78a5aa575849e3f8dfaf15c31ab8e96bc93a802a07f9a061d42824f799da013af85391831c9d4d7763587719e0a866b6530d86eec17b03908316c3b2f349db78ce75136f0513d4f0ded6c486518591507ef48244207ef1a137875c55b2461f29fc321232d421909e2e0b878d23b226b9204813abfd58338df63ec0f3a0aa1df08f6ee238f250e1f1517a9491032c8aeef45e3096f8c60fe39eb45570a9ed2a19c2671080fb03c84672b7a6d0050f45aaa2e93af2224c4b60edddc2d45831dacd11acc362166f47ff0f98148d5eea62845deed5ebbae8bd8bcb5c46cfa91e1"}, @ibss={0x6, 0x2, 0x1}, @supported_rates={0x1, 0x2, [{}, {0xc}]}]}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8, 0xcb, 0x7fffffff}, @NL80211_ATTR_TDLS_INITIATOR={0x4}]}, 0x160}, 0x1, 0x0, 0x0, 0x20000004}, 0x4) recvfrom(r0, &(0x7f0000000480)=""/110, 0xfffffe32, 0x734, 0x0, 0xffffffffffffff39) 01:15:54 executing program 0: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000400000000300052e300000000f000000000000000200000002000000008000000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000000140)="ed41000000000000dbf4655fdcf4655fdcf4655f0000000000000400080000000000000005000000080000000000000000000000000000000000000000000000bb", 0x41, 0x4200}], 0x0, &(0x7f0000013a00)) 01:15:54 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(0xffffffffffffffff, 0x800c6613, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x800002, 0x12, r0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r1, &(0x7f000099e000)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$inet_tcp_int(r1, 0x6, 0x19, &(0x7f0000000000)=0x20, 0x4) sendto$inet(r1, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) ioctl$LOOP_GET_STATUS(0xffffffffffffffff, 0x125e, 0x0) sendmsg$NL80211_CMD_TDLS_MGMT(r1, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000180)={0x160, 0x0, 0x100, 0x70bd2b, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xc, 0x2a, [@mesh_chsw={0x76, 0x6, {0x4, 0x26, 0x3d, 0x6}}]}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8}, @NL80211_ATTR_IE={0x11e, 0x2a, [@mesh_id={0x72, 0x6}, @ht={0x2d, 0x1a, {0x8, 0x0, 0x1, 0x0, {0x3, 0x1, 0x0, 0x40, 0x0, 0x0, 0x0, 0x3, 0x1}, 0x8, 0x2, 0x2}}, @random_vendor={0xdd, 0xec, "5d4436042fb01afc776f15e249f78a5aa575849e3f8dfaf15c31ab8e96bc93a802a07f9a061d42824f799da013af85391831c9d4d7763587719e0a866b6530d86eec17b03908316c3b2f349db78ce75136f0513d4f0ded6c486518591507ef48244207ef1a137875c55b2461f29fc321232d421909e2e0b878d23b226b9204813abfd58338df63ec0f3a0aa1df08f6ee238f250e1f1517a9491032c8aeef45e3096f8c60fe39eb45570a9ed2a19c2671080fb03c84672b7a6d0050f45aaa2e93af2224c4b60edddc2d45831dacd11acc362166f47ff0f98148d5eea62845deed5ebbae8bd8bcb5c46cfa91e1"}, @ibss={0x6, 0x2, 0x1}, @supported_rates={0x1, 0x2, [{0x4}, {0xc}]}]}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8, 0xcb, 0x7fffffff}, @NL80211_ATTR_TDLS_INITIATOR={0x4}]}, 0x160}, 0x1, 0x0, 0x0, 0x20000004}, 0x4) recvfrom(r1, &(0x7f0000000480)=""/110, 0xfffffe32, 0x734, 0x0, 0xffffffffffffff39) [ 210.671371][T20461] loop4: p2 size 1073872896 extends beyond EOD, truncated [ 210.722151][T20461] loop4: p3 size 1912633224 extends beyond EOD, truncated [ 210.766151][T20448] loop2: detected capacity change from 0 to 564 [ 210.784942][T20461] loop4: p4 size 3657465856 extends beyond EOD, truncated [ 210.795408][T20448] EXT4-fs error (device loop2): __ext4_iget:4846: inode #2: block 3646141627: comm syz-executor.2: invalid block [ 210.807405][T20448] EXT4-fs (loop2): get root inode failed [ 210.813045][T20448] EXT4-fs (loop2): mount failed [ 210.908932][T20461] loop4: detected capacity change from 0 to 264192 01:15:55 executing program 5 (fault-call:7 fault-nth:28): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x7a05, 0x1700) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) write$cgroup_int(r2, &(0x7f0000000200), 0xf000) pwrite64(0xffffffffffffffff, 0x0, 0x0, 0x0) sendfile(r2, r3, 0x0, 0xf03b0000) sendfile(r1, r0, 0x0, 0x8000000000004) 01:15:55 executing program 1: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f000099e000)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$inet_tcp_int(r0, 0x6, 0x19, &(0x7f0000000000)=0x20, 0x4) sendto$inet(r0, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) sendmsg$NL80211_CMD_TDLS_MGMT(r0, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000180)={0x160, 0x0, 0x100, 0x70bd2b, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xc, 0x2a, [@mesh_chsw={0x76, 0x6, {0x4, 0x26, 0x3d, 0x6}}]}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8}, @NL80211_ATTR_IE={0x11e, 0x2a, [@mesh_id={0x72, 0x6}, @ht={0x2d, 0x1a, {0x8, 0x0, 0x1, 0x0, {0x3, 0x1, 0x0, 0x40, 0x0, 0x0, 0x0, 0x3, 0x1}, 0x8, 0x2, 0x2}}, @random_vendor={0xdd, 0xec, "5d4436042fb01afc776f15e249f78a5aa575849e3f8dfaf15c31ab8e96bc93a802a07f9a061d42824f799da013af85391831c9d4d7763587719e0a866b6530d86eec17b03908316c3b2f349db78ce75136f0513d4f0ded6c486518591507ef48244207ef1a137875c55b2461f29fc321232d421909e2e0b878d23b226b9204813abfd58338df63ec0f3a0aa1df08f6ee238f250e1f1517a9491032c8aeef45e3096f8c60fe39eb45570a9ed2a19c2671080fb03c84672b7a6d0050f45aaa2e93af2224c4b60edddc2d45831dacd11acc362166f47ff0f98148d5eea62845deed5ebbae8bd8bcb5c46cfa91e1"}, @ibss={0x6, 0x2, 0x1}, @supported_rates={0x1, 0x2, [{}, {0xc}]}]}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8, 0xcb, 0x7fffffff}, @NL80211_ATTR_TDLS_INITIATOR={0x4}]}, 0x160}, 0x1, 0x0, 0x0, 0x20000004}, 0x4) recvfrom(r0, &(0x7f0000000480)=""/110, 0xfffffe32, 0x734, 0x0, 0xffffffffffffff39) 01:15:55 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(0xffffffffffffffff, 0x800c6613, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x800002, 0x12, r0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r1, &(0x7f000099e000)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$inet_tcp_int(r1, 0x6, 0x19, &(0x7f0000000000)=0x20, 0x4) sendto$inet(r1, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) ioctl$LOOP_GET_STATUS(0xffffffffffffffff, 0x125e, 0x0) sendmsg$NL80211_CMD_TDLS_MGMT(r1, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000180)={0x160, 0x0, 0x100, 0x70bd2b, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xc, 0x2a, [@mesh_chsw={0x76, 0x6, {0x4, 0x26, 0x3d, 0x6}}]}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8}, @NL80211_ATTR_IE={0x11e, 0x2a, [@mesh_id={0x72, 0x6}, @ht={0x2d, 0x1a, {0x8, 0x0, 0x1, 0x0, {0x3, 0x1, 0x0, 0x40, 0x0, 0x0, 0x0, 0x3, 0x1}, 0x8, 0x2, 0x2}}, @random_vendor={0xdd, 0xec, "5d4436042fb01afc776f15e249f78a5aa575849e3f8dfaf15c31ab8e96bc93a802a07f9a061d42824f799da013af85391831c9d4d7763587719e0a866b6530d86eec17b03908316c3b2f349db78ce75136f0513d4f0ded6c486518591507ef48244207ef1a137875c55b2461f29fc321232d421909e2e0b878d23b226b9204813abfd58338df63ec0f3a0aa1df08f6ee238f250e1f1517a9491032c8aeef45e3096f8c60fe39eb45570a9ed2a19c2671080fb03c84672b7a6d0050f45aaa2e93af2224c4b60edddc2d45831dacd11acc362166f47ff0f98148d5eea62845deed5ebbae8bd8bcb5c46cfa91e1"}, @ibss={0x6, 0x2, 0x1}, @supported_rates={0x1, 0x2, [{0x4}, {0xc}]}]}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8, 0xcb, 0x7fffffff}, @NL80211_ATTR_TDLS_INITIATOR={0x4}]}, 0x160}, 0x1, 0x0, 0x0, 0x20000004}, 0x4) recvfrom(r1, &(0x7f0000000480)=""/110, 0xfffffe32, 0x734, 0x0, 0xffffffffffffff39) 01:15:55 executing program 0: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000400000000300003f300000000f000000000000000200000002000000008000000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000000140)="ed41000000000000dbf4655fdcf4655fdcf4655f0000000000000400080000000000000005000000080000000000000000000000000000000000000000000000bb", 0x41, 0x4200}], 0x0, &(0x7f0000013a00)) 01:15:55 executing program 2: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x46c00, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="200000004000000003000000300000000f000000000000000200000002000000008000000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000000140)="ed41000000000000dbf4655fdcf4655fdcf4655f0000000000000400080000000000000005000000080000000000000000000000000000000000000000000000bbb453d966251f49b1ab9b5b4d3c3f8ccc23b5d09ae234926a1e667ee0255913fede62ba578c07a711", 0x69, 0x4200}], 0x0, &(0x7f0000013a00)) [ 210.979270][T20461] loop4: p1 p2 p3 p4 [ 210.984040][T20461] loop4: p1 size 11290111 extends beyond EOD, truncated [ 211.011803][T20461] loop4: p2 size 1073872896 extends beyond EOD, truncated [ 211.032872][T20523] loop2: detected capacity change from 0 to 566 [ 211.067200][T20461] loop4: p3 size 1912633224 extends beyond EOD, truncated [ 211.076793][T20526] FAULT_INJECTION: forcing a failure. [ 211.076793][T20526] name failslab, interval 1, probability 0, space 0, times 0 [ 211.089417][T20526] CPU: 0 PID: 20526 Comm: syz-executor.5 Tainted: G W 5.14.0-syzkaller #0 [ 211.099420][T20526] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 211.109464][T20526] Call Trace: [ 211.112731][T20526] dump_stack_lvl+0xb7/0x103 [ 211.117362][T20526] dump_stack+0x11/0x1a [ 211.121518][T20526] should_fail+0x23c/0x250 [ 211.125916][T20526] ? kmalloc_array+0x2d/0x40 [ 211.130490][T20526] __should_failslab+0x81/0x90 [ 211.135234][T20526] should_failslab+0x5/0x20 [ 211.139720][T20526] __kmalloc+0x66/0x340 [ 211.143854][T20526] ? ktime_get_coarse_real_ts64+0x10d/0x120 [ 211.149733][T20526] ? splice_from_pipe+0xc0/0xc0 [ 211.154575][T20526] kmalloc_array+0x2d/0x40 [ 211.158984][T20526] iter_file_splice_write+0xc6/0x750 [ 211.164333][T20526] ? atime_needs_update+0x239/0x390 [ 211.169598][T20526] ? touch_atime+0xcf/0x240 [ 211.174086][T20526] ? generic_file_splice_read+0x286/0x310 [ 211.179787][T20526] ? splice_from_pipe+0xc0/0xc0 [ 211.184675][T20526] direct_splice_actor+0x80/0xa0 [ 211.189597][T20526] splice_direct_to_actor+0x345/0x650 [ 211.195013][T20526] ? do_splice_direct+0x170/0x170 [ 211.200036][T20526] do_splice_direct+0xf5/0x170 [ 211.204784][T20526] do_sendfile+0x618/0xb90 [ 211.209198][T20526] __x64_sys_sendfile64+0xf2/0x130 [ 211.214333][T20526] do_syscall_64+0x3d/0x90 [ 211.218733][T20526] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 211.224610][T20526] RIP: 0033:0x4665f9 [ 211.228485][T20526] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 211.248151][T20526] RSP: 002b:00007f439350a188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 211.256549][T20526] RAX: ffffffffffffffda RBX: 000000000056c038 RCX: 00000000004665f9 [ 211.264621][T20526] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000004 [ 211.272582][T20526] RBP: 00007f439350a1d0 R08: 0000000000000000 R09: 0000000000000000 [ 211.280537][T20526] R10: 0008000000000004 R11: 0000000000000246 R12: 0000000000000002 [ 211.288491][T20526] R13: 00007ffeba6dfb3f R14: 00007f439350a300 R15: 0000000000022000 [ 211.314533][T20461] loop4: p4 size 3657465856 extends beyond EOD, truncated [ 211.329278][T20523] EXT4-fs error (device loop2): __ext4_iget:4846: inode #2: block 3646141627: comm syz-executor.2: invalid block [ 211.341299][T20523] EXT4-fs (loop2): get root inode failed [ 211.347071][T20523] EXT4-fs (loop2): mount failed 01:15:55 executing program 4: syz_read_part_table(0x80040000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000000)="020181ffffff0a000000ff45ac0000ffffffa9000800000000000000024000ffffff82000000e10000008877007200300700a6ffffff00000000008000da55aa", 0x40, 0x1c0}]) 01:15:55 executing program 1: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f000099e000)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$inet_tcp_int(r0, 0x6, 0x19, &(0x7f0000000000)=0x20, 0x4) sendto$inet(r0, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) sendmsg$NL80211_CMD_TDLS_MGMT(r0, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000180)={0x160, 0x0, 0x100, 0x70bd2b, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xc, 0x2a, [@mesh_chsw={0x76, 0x6, {0x4, 0x26, 0x3d, 0x6}}]}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8}, @NL80211_ATTR_IE={0x11e, 0x2a, [@mesh_id={0x72, 0x6}, @ht={0x2d, 0x1a, {0x8, 0x0, 0x1, 0x0, {0x3, 0x1, 0x0, 0x40, 0x0, 0x0, 0x0, 0x3, 0x1}, 0x8, 0x2, 0x2}}, @random_vendor={0xdd, 0xec, "5d4436042fb01afc776f15e249f78a5aa575849e3f8dfaf15c31ab8e96bc93a802a07f9a061d42824f799da013af85391831c9d4d7763587719e0a866b6530d86eec17b03908316c3b2f349db78ce75136f0513d4f0ded6c486518591507ef48244207ef1a137875c55b2461f29fc321232d421909e2e0b878d23b226b9204813abfd58338df63ec0f3a0aa1df08f6ee238f250e1f1517a9491032c8aeef45e3096f8c60fe39eb45570a9ed2a19c2671080fb03c84672b7a6d0050f45aaa2e93af2224c4b60edddc2d45831dacd11acc362166f47ff0f98148d5eea62845deed5ebbae8bd8bcb5c46cfa91e1"}, @ibss={0x6, 0x2, 0x1}, @supported_rates={0x1, 0x2, [{}, {0xc}]}]}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8, 0xcb, 0x7fffffff}, @NL80211_ATTR_TDLS_INITIATOR={0x4}]}, 0x160}, 0x1, 0x0, 0x0, 0x20000004}, 0x4) recvfrom(r0, &(0x7f0000000480)=""/110, 0xfffffe32, 0x734, 0x0, 0xffffffffffffff39) 01:15:55 executing program 0: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="200000004000000003000040300000000f000000000000000200000002000000008000000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000000140)="ed41000000000000dbf4655fdcf4655fdcf4655f0000000000000400080000000000000005000000080000000000000000000000000000000000000000000000bb", 0x41, 0x4200}], 0x0, &(0x7f0000013a00)) 01:15:55 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(0xffffffffffffffff, 0x800c6613, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x800002, 0x12, r0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r1, &(0x7f000099e000)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$inet_tcp_int(r1, 0x6, 0x19, &(0x7f0000000000)=0x20, 0x4) sendto$inet(r1, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) ioctl$LOOP_GET_STATUS(0xffffffffffffffff, 0x125e, 0x0) sendmsg$NL80211_CMD_TDLS_MGMT(r1, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000180)={0x160, 0x0, 0x100, 0x70bd2b, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xc, 0x2a, [@mesh_chsw={0x76, 0x6, {0x4, 0x26, 0x3d, 0x6}}]}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8}, @NL80211_ATTR_IE={0x11e, 0x2a, [@mesh_id={0x72, 0x6}, @ht={0x2d, 0x1a, {0x8, 0x0, 0x1, 0x0, {0x3, 0x1, 0x0, 0x40, 0x0, 0x0, 0x0, 0x3, 0x1}, 0x8, 0x2, 0x2}}, @random_vendor={0xdd, 0xec, "5d4436042fb01afc776f15e249f78a5aa575849e3f8dfaf15c31ab8e96bc93a802a07f9a061d42824f799da013af85391831c9d4d7763587719e0a866b6530d86eec17b03908316c3b2f349db78ce75136f0513d4f0ded6c486518591507ef48244207ef1a137875c55b2461f29fc321232d421909e2e0b878d23b226b9204813abfd58338df63ec0f3a0aa1df08f6ee238f250e1f1517a9491032c8aeef45e3096f8c60fe39eb45570a9ed2a19c2671080fb03c84672b7a6d0050f45aaa2e93af2224c4b60edddc2d45831dacd11acc362166f47ff0f98148d5eea62845deed5ebbae8bd8bcb5c46cfa91e1"}, @ibss={0x6, 0x2, 0x1}, @supported_rates={0x1, 0x2, [{0x4}, {0xc}]}]}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8, 0xcb, 0x7fffffff}, @NL80211_ATTR_TDLS_INITIATOR={0x4}]}, 0x160}, 0x1, 0x0, 0x0, 0x20000004}, 0x4) recvfrom(r1, &(0x7f0000000480)=""/110, 0xfffffe32, 0x734, 0x0, 0xffffffffffffff39) [ 211.421223][T20523] loop2: detected capacity change from 0 to 566 [ 211.452848][T20523] EXT4-fs error (device loop2): __ext4_iget:4846: inode #2: block 3646141627: comm syz-executor.2: invalid block [ 211.464880][T20523] EXT4-fs (loop2): get root inode failed 01:15:55 executing program 0: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="200000004000000003000480300000000f000000000000000200000002000000008000000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000000140)="ed41000000000000dbf4655fdcf4655fdcf4655f0000000000000400080000000000000005000000080000000000000000000000000000000000000000000000bb", 0x41, 0x4200}], 0x0, &(0x7f0000013a00)) 01:15:55 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(0xffffffffffffffff, 0x800c6613, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x800002, 0x12, r0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r1, &(0x7f000099e000)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$inet_tcp_int(r1, 0x6, 0x19, &(0x7f0000000000)=0x20, 0x4) sendto$inet(r1, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) ioctl$LOOP_GET_STATUS(0xffffffffffffffff, 0x125e, &(0x7f0000000080)) sendmsg$NL80211_CMD_TDLS_MGMT(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000180)={0x160, 0x0, 0x100, 0x70bd2b, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xc, 0x2a, [@mesh_chsw={0x76, 0x6, {0x4, 0x26, 0x3d, 0x6}}]}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8}, @NL80211_ATTR_IE={0x11e, 0x2a, [@mesh_id={0x72, 0x6}, @ht={0x2d, 0x1a, {0x8, 0x0, 0x1, 0x0, {0x3, 0x1, 0x0, 0x40, 0x0, 0x0, 0x0, 0x3, 0x1}, 0x8, 0x2, 0x2}}, @random_vendor={0xdd, 0xec, "5d4436042fb01afc776f15e249f78a5aa575849e3f8dfaf15c31ab8e96bc93a802a07f9a061d42824f799da013af85391831c9d4d7763587719e0a866b6530d86eec17b03908316c3b2f349db78ce75136f0513d4f0ded6c486518591507ef48244207ef1a137875c55b2461f29fc321232d421909e2e0b878d23b226b9204813abfd58338df63ec0f3a0aa1df08f6ee238f250e1f1517a9491032c8aeef45e3096f8c60fe39eb45570a9ed2a19c2671080fb03c84672b7a6d0050f45aaa2e93af2224c4b60edddc2d45831dacd11acc362166f47ff0f98148d5eea62845deed5ebbae8bd8bcb5c46cfa91e1"}, @ibss={0x6, 0x2, 0x1}, @supported_rates={0x1, 0x2, [{0x4}, {0xc}]}]}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8, 0xcb, 0x7fffffff}, @NL80211_ATTR_TDLS_INITIATOR={0x4}]}, 0x160}, 0x1, 0x0, 0x0, 0x20000004}, 0x4) recvfrom(r1, &(0x7f0000000480)=""/110, 0xfffffe32, 0x734, 0x0, 0xffffffffffffff39) 01:15:55 executing program 1: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f000099e000)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$inet_tcp_int(r0, 0x6, 0x19, &(0x7f0000000000)=0x20, 0x4) sendto$inet(r0, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) sendmsg$NL80211_CMD_TDLS_MGMT(r0, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000180)={0x15c, 0x0, 0x100, 0x70bd2b, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xc, 0x2a, [@mesh_chsw={0x76, 0x6, {0x4, 0x26, 0x3d, 0x6}}]}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8}, @NL80211_ATTR_IE={0x11a, 0x2a, [@mesh_id={0x72, 0x6}, @ht={0x2d, 0x1a, {0x8, 0x0, 0x1, 0x0, {0x3, 0x1, 0x0, 0x40, 0x0, 0x0, 0x0, 0x3, 0x1}, 0x8, 0x2, 0x2}}, @random_vendor={0xdd, 0xec, "5d4436042fb01afc776f15e249f78a5aa575849e3f8dfaf15c31ab8e96bc93a802a07f9a061d42824f799da013af85391831c9d4d7763587719e0a866b6530d86eec17b03908316c3b2f349db78ce75136f0513d4f0ded6c486518591507ef48244207ef1a137875c55b2461f29fc321232d421909e2e0b878d23b226b9204813abfd58338df63ec0f3a0aa1df08f6ee238f250e1f1517a9491032c8aeef45e3096f8c60fe39eb45570a9ed2a19c2671080fb03c84672b7a6d0050f45aaa2e93af2224c4b60edddc2d45831dacd11acc362166f47ff0f98148d5eea62845deed5ebbae8bd8bcb5c46cfa91e1"}, @supported_rates={0x1, 0x2, [{0x4}, {0xc}]}]}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8, 0xcb, 0x7fffffff}, @NL80211_ATTR_TDLS_INITIATOR={0x4}]}, 0x15c}, 0x1, 0x0, 0x0, 0x20000004}, 0x4) recvfrom(r0, &(0x7f0000000480)=""/110, 0xfffffe32, 0x734, 0x0, 0xffffffffffffff39) [ 211.470514][T20523] EXT4-fs (loop2): mount failed [ 211.486999][T20550] loop4: detected capacity change from 0 to 264192 [ 211.524929][T20550] loop4: p1 p2 p3 p4 [ 211.538903][T20550] loop4: p1 size 11290111 extends beyond EOD, truncated [ 211.579791][T20550] loop4: p2 size 1073872896 extends beyond EOD, truncated [ 211.600914][T20550] loop4: p3 size 1912633224 extends beyond EOD, truncated [ 211.623270][T20550] loop4: p4 size 3657465856 extends beyond EOD, truncated [ 211.716278][T20550] loop4: detected capacity change from 0 to 264192 01:15:56 executing program 5 (fault-call:7 fault-nth:29): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x7a05, 0x1700) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) write$cgroup_int(r2, &(0x7f0000000200), 0xf000) pwrite64(0xffffffffffffffff, 0x0, 0x0, 0x0) sendfile(r2, r3, 0x0, 0xf03b0000) sendfile(r1, r0, 0x0, 0x8000000000004) 01:15:56 executing program 0: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000400000000300fffe300000000f000000000000000200000002000000008000000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000000140)="ed41000000000000dbf4655fdcf4655fdcf4655f0000000000000400080000000000000005000000080000000000000000000000000000000000000000000000bb", 0x41, 0x4200}], 0x0, &(0x7f0000013a00)) 01:15:56 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(0xffffffffffffffff, 0x800c6613, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x800002, 0x12, r0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r1, &(0x7f000099e000)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$inet_tcp_int(r1, 0x6, 0x19, &(0x7f0000000000)=0x20, 0x4) sendto$inet(r1, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) ioctl$LOOP_GET_STATUS(0xffffffffffffffff, 0x125e, &(0x7f0000000080)) sendmsg$NL80211_CMD_TDLS_MGMT(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000180)={0x160, 0x0, 0x100, 0x70bd2b, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xc, 0x2a, [@mesh_chsw={0x76, 0x6, {0x4, 0x26, 0x3d, 0x6}}]}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8}, @NL80211_ATTR_IE={0x11e, 0x2a, [@mesh_id={0x72, 0x6}, @ht={0x2d, 0x1a, {0x8, 0x0, 0x1, 0x0, {0x3, 0x1, 0x0, 0x40, 0x0, 0x0, 0x0, 0x3, 0x1}, 0x8, 0x2, 0x2}}, @random_vendor={0xdd, 0xec, "5d4436042fb01afc776f15e249f78a5aa575849e3f8dfaf15c31ab8e96bc93a802a07f9a061d42824f799da013af85391831c9d4d7763587719e0a866b6530d86eec17b03908316c3b2f349db78ce75136f0513d4f0ded6c486518591507ef48244207ef1a137875c55b2461f29fc321232d421909e2e0b878d23b226b9204813abfd58338df63ec0f3a0aa1df08f6ee238f250e1f1517a9491032c8aeef45e3096f8c60fe39eb45570a9ed2a19c2671080fb03c84672b7a6d0050f45aaa2e93af2224c4b60edddc2d45831dacd11acc362166f47ff0f98148d5eea62845deed5ebbae8bd8bcb5c46cfa91e1"}, @ibss={0x6, 0x2, 0x1}, @supported_rates={0x1, 0x2, [{0x4}, {0xc}]}]}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8, 0xcb, 0x7fffffff}, @NL80211_ATTR_TDLS_INITIATOR={0x4}]}, 0x160}, 0x1, 0x0, 0x0, 0x20000004}, 0x4) recvfrom(r1, &(0x7f0000000480)=""/110, 0xfffffe32, 0x734, 0x0, 0xffffffffffffff39) 01:15:56 executing program 1: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f000099e000)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$inet_tcp_int(r0, 0x6, 0x19, &(0x7f0000000000)=0x20, 0x4) sendto$inet(r0, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) sendmsg$NL80211_CMD_TDLS_MGMT(r0, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000180)={0x15c, 0x0, 0x100, 0x70bd2b, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xc, 0x2a, [@mesh_chsw={0x76, 0x6, {0x4, 0x26, 0x3d, 0x6}}]}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8}, @NL80211_ATTR_IE={0x11a, 0x2a, [@mesh_id={0x72, 0x6}, @ht={0x2d, 0x1a, {0x8, 0x0, 0x1, 0x0, {0x3, 0x1, 0x0, 0x40, 0x0, 0x0, 0x0, 0x3, 0x1}, 0x8, 0x2, 0x2}}, @random_vendor={0xdd, 0xec, "5d4436042fb01afc776f15e249f78a5aa575849e3f8dfaf15c31ab8e96bc93a802a07f9a061d42824f799da013af85391831c9d4d7763587719e0a866b6530d86eec17b03908316c3b2f349db78ce75136f0513d4f0ded6c486518591507ef48244207ef1a137875c55b2461f29fc321232d421909e2e0b878d23b226b9204813abfd58338df63ec0f3a0aa1df08f6ee238f250e1f1517a9491032c8aeef45e3096f8c60fe39eb45570a9ed2a19c2671080fb03c84672b7a6d0050f45aaa2e93af2224c4b60edddc2d45831dacd11acc362166f47ff0f98148d5eea62845deed5ebbae8bd8bcb5c46cfa91e1"}, @supported_rates={0x1, 0x2, [{0x4}, {0xc}]}]}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8, 0xcb, 0x7fffffff}, @NL80211_ATTR_TDLS_INITIATOR={0x4}]}, 0x15c}, 0x1, 0x0, 0x0, 0x20000004}, 0x4) recvfrom(r0, &(0x7f0000000480)=""/110, 0xfffffe32, 0x734, 0x0, 0xffffffffffffff39) 01:15:56 executing program 2: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x47101, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="200000004000000003000000300000000f000000000000000200000002000000008000000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000000140)="ed41000000000000dbf4655fdcf4655fdcf4655f0000000000000400080000000000000005000000080000000000000000000000000000000000000000000000bbb453d966251f49b1ab9b5b4d3c3f8ccc23b5d09ae234926a1e667ee0255913fede62ba578c07a711", 0x69, 0x4200}], 0x0, &(0x7f0000013a00)) 01:15:56 executing program 4: syz_read_part_table(0x80ffffff, 0x1, &(0x7f0000000040)=[{&(0x7f0000000000)="020181ffffff0a000000ff45ac0000ffffffa9000800000000000000024000ffffff82000000e10000008877007200300700a6ffffff00000000008000da55aa", 0x40, 0x1c0}]) [ 211.924180][T20602] FAULT_INJECTION: forcing a failure. [ 211.924180][T20602] name failslab, interval 1, probability 0, space 0, times 0 [ 211.932143][T20605] loop4: detected capacity change from 0 to 264192 [ 211.936834][T20602] CPU: 0 PID: 20602 Comm: syz-executor.5 Tainted: G W 5.14.0-syzkaller #0 [ 211.943859][T20603] loop2: detected capacity change from 0 to 568 [ 211.953068][T20602] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 211.953080][T20602] Call Trace: [ 211.953093][T20602] dump_stack_lvl+0xb7/0x103 [ 211.953115][T20602] dump_stack+0x11/0x1a [ 211.981352][T20602] should_fail+0x23c/0x250 [ 211.985777][T20602] __should_failslab+0x81/0x90 [ 211.990541][T20602] ? __iomap_dio_rw+0xf2/0xa60 [ 211.995337][T20602] should_failslab+0x5/0x20 [ 211.999842][T20602] kmem_cache_alloc_trace+0x49/0x310 [ 212.005151][T20602] __iomap_dio_rw+0xf2/0xa60 [ 212.009756][T20602] ? ext4_es_lookup_extent+0x36b/0x490 [ 212.015289][T20602] ? ktime_get_coarse_real_ts64+0x10d/0x120 [ 212.021225][T20602] ? file_update_time+0x1bd/0x3e0 [ 212.026343][T20602] iomap_dio_rw+0x30/0x70 [ 212.030733][T20602] ext4_file_write_iter+0xa5e/0x11a0 [ 212.036010][T20602] do_iter_readv_writev+0x2cd/0x370 [ 212.041303][T20602] do_iter_write+0x192/0x5c0 [ 212.045877][T20602] ? splice_from_pipe_next+0x34f/0x3b0 [ 212.051440][T20602] ? kmalloc_array+0x2d/0x40 [ 212.056013][T20602] vfs_iter_write+0x4c/0x70 [ 212.060529][T20602] iter_file_splice_write+0x40a/0x750 [ 212.065971][T20602] ? splice_from_pipe+0xc0/0xc0 [ 212.070844][T20602] direct_splice_actor+0x80/0xa0 [ 212.075768][T20602] splice_direct_to_actor+0x345/0x650 [ 212.081190][T20602] ? do_splice_direct+0x170/0x170 [ 212.086222][T20602] do_splice_direct+0xf5/0x170 [ 212.090969][T20602] do_sendfile+0x618/0xb90 [ 212.095370][T20602] __x64_sys_sendfile64+0xf2/0x130 [ 212.100464][T20602] do_syscall_64+0x3d/0x90 [ 212.104913][T20602] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 212.110844][T20602] RIP: 0033:0x4665f9 [ 212.114716][T20602] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 212.134406][T20602] RSP: 002b:00007f439350a188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 212.142799][T20602] RAX: ffffffffffffffda RBX: 000000000056c038 RCX: 00000000004665f9 [ 212.150767][T20602] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000004 [ 212.158748][T20602] RBP: 00007f439350a1d0 R08: 0000000000000000 R09: 0000000000000000 [ 212.166707][T20602] R10: 0008000000000004 R11: 0000000000000246 R12: 0000000000000002 01:15:56 executing program 0: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000400000000300feff300000000f000000000000000200000002000000008000000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000000140)="ed41000000000000dbf4655fdcf4655fdcf4655f0000000000000400080000000000000005000000080000000000000000000000000000000000000000000000bb", 0x41, 0x4200}], 0x0, &(0x7f0000013a00)) 01:15:56 executing program 1: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f000099e000)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$inet_tcp_int(r0, 0x6, 0x19, &(0x7f0000000000)=0x20, 0x4) sendto$inet(r0, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) sendmsg$NL80211_CMD_TDLS_MGMT(r0, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000180)={0x15c, 0x0, 0x100, 0x70bd2b, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xc, 0x2a, [@mesh_chsw={0x76, 0x6, {0x4, 0x26, 0x3d, 0x6}}]}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8}, @NL80211_ATTR_IE={0x11a, 0x2a, [@mesh_id={0x72, 0x6}, @ht={0x2d, 0x1a, {0x8, 0x0, 0x1, 0x0, {0x3, 0x1, 0x0, 0x40, 0x0, 0x0, 0x0, 0x3, 0x1}, 0x8, 0x2, 0x2}}, @random_vendor={0xdd, 0xec, "5d4436042fb01afc776f15e249f78a5aa575849e3f8dfaf15c31ab8e96bc93a802a07f9a061d42824f799da013af85391831c9d4d7763587719e0a866b6530d86eec17b03908316c3b2f349db78ce75136f0513d4f0ded6c486518591507ef48244207ef1a137875c55b2461f29fc321232d421909e2e0b878d23b226b9204813abfd58338df63ec0f3a0aa1df08f6ee238f250e1f1517a9491032c8aeef45e3096f8c60fe39eb45570a9ed2a19c2671080fb03c84672b7a6d0050f45aaa2e93af2224c4b60edddc2d45831dacd11acc362166f47ff0f98148d5eea62845deed5ebbae8bd8bcb5c46cfa91e1"}, @supported_rates={0x1, 0x2, [{0x4}, {0xc}]}]}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8, 0xcb, 0x7fffffff}, @NL80211_ATTR_TDLS_INITIATOR={0x4}]}, 0x15c}, 0x1, 0x0, 0x0, 0x20000004}, 0x4) recvfrom(r0, &(0x7f0000000480)=""/110, 0xfffffe32, 0x734, 0x0, 0xffffffffffffff39) 01:15:56 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(0xffffffffffffffff, 0x800c6613, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x800002, 0x12, r0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r1, &(0x7f000099e000)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$inet_tcp_int(r1, 0x6, 0x19, &(0x7f0000000000)=0x20, 0x4) sendto$inet(r1, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) ioctl$LOOP_GET_STATUS(0xffffffffffffffff, 0x125e, &(0x7f0000000080)) sendmsg$NL80211_CMD_TDLS_MGMT(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000180)={0x160, 0x0, 0x100, 0x70bd2b, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xc, 0x2a, [@mesh_chsw={0x76, 0x6, {0x4, 0x26, 0x3d, 0x6}}]}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8}, @NL80211_ATTR_IE={0x11e, 0x2a, [@mesh_id={0x72, 0x6}, @ht={0x2d, 0x1a, {0x8, 0x0, 0x1, 0x0, {0x3, 0x1, 0x0, 0x40, 0x0, 0x0, 0x0, 0x3, 0x1}, 0x8, 0x2, 0x2}}, @random_vendor={0xdd, 0xec, "5d4436042fb01afc776f15e249f78a5aa575849e3f8dfaf15c31ab8e96bc93a802a07f9a061d42824f799da013af85391831c9d4d7763587719e0a866b6530d86eec17b03908316c3b2f349db78ce75136f0513d4f0ded6c486518591507ef48244207ef1a137875c55b2461f29fc321232d421909e2e0b878d23b226b9204813abfd58338df63ec0f3a0aa1df08f6ee238f250e1f1517a9491032c8aeef45e3096f8c60fe39eb45570a9ed2a19c2671080fb03c84672b7a6d0050f45aaa2e93af2224c4b60edddc2d45831dacd11acc362166f47ff0f98148d5eea62845deed5ebbae8bd8bcb5c46cfa91e1"}, @ibss={0x6, 0x2, 0x1}, @supported_rates={0x1, 0x2, [{0x4}, {0xc}]}]}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8, 0xcb, 0x7fffffff}, @NL80211_ATTR_TDLS_INITIATOR={0x4}]}, 0x160}, 0x1, 0x0, 0x0, 0x20000004}, 0x4) recvfrom(r1, &(0x7f0000000480)=""/110, 0xfffffe32, 0x734, 0x0, 0xffffffffffffff39) [ 212.174661][T20602] R13: 00007ffeba6dfb3f R14: 00007f439350a300 R15: 0000000000022000 [ 212.195550][T20603] EXT4-fs error (device loop2): __ext4_iget:4846: inode #2: block 3646141627: comm syz-executor.2: invalid block [ 212.207525][T20603] EXT4-fs (loop2): get root inode failed [ 212.213154][T20603] EXT4-fs (loop2): mount failed 01:15:56 executing program 1: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f000099e000)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$inet_tcp_int(r0, 0x6, 0x19, &(0x7f0000000000)=0x20, 0x4) sendto$inet(r0, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) sendmsg$NL80211_CMD_TDLS_MGMT(r0, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000180)={0x160, 0x0, 0x100, 0x70bd2b, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xc, 0x2a, [@mesh_chsw={0x76, 0x6, {0x4, 0x26, 0x3d, 0x6}}]}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8}, @NL80211_ATTR_IE={0x11e, 0x2a, [@mesh_id={0x72, 0x6}, @ht={0x2d, 0x1a, {0x8, 0x0, 0x1, 0x0, {0x3, 0x1, 0x0, 0x40, 0x0, 0x0, 0x0, 0x3, 0x1}, 0x8, 0x2, 0x2}}, @random_vendor={0xdd, 0xec, "5d4436042fb01afc776f15e249f78a5aa575849e3f8dfaf15c31ab8e96bc93a802a07f9a061d42824f799da013af85391831c9d4d7763587719e0a866b6530d86eec17b03908316c3b2f349db78ce75136f0513d4f0ded6c486518591507ef48244207ef1a137875c55b2461f29fc321232d421909e2e0b878d23b226b9204813abfd58338df63ec0f3a0aa1df08f6ee238f250e1f1517a9491032c8aeef45e3096f8c60fe39eb45570a9ed2a19c2671080fb03c84672b7a6d0050f45aaa2e93af2224c4b60edddc2d45831dacd11acc362166f47ff0f98148d5eea62845deed5ebbae8bd8bcb5c46cfa91e1"}, @ibss={0x6, 0x2}, @supported_rates={0x1, 0x2, [{0x4}, {0xc}]}]}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8, 0xcb, 0x7fffffff}, @NL80211_ATTR_TDLS_INITIATOR={0x4}]}, 0x160}, 0x1, 0x0, 0x0, 0x20000004}, 0x4) recvfrom(r0, &(0x7f0000000480)=""/110, 0xfffffe32, 0x734, 0x0, 0xffffffffffffff39) [ 212.230495][T20605] loop4: p1 p2 p3 p4 [ 212.236698][T20605] loop4: p1 size 11290111 extends beyond EOD, truncated 01:15:56 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(0xffffffffffffffff, 0x800c6613, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x800002, 0x12, r0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r1, &(0x7f000099e000)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$inet_tcp_int(r1, 0x6, 0x19, &(0x7f0000000000)=0x20, 0x4) sendto$inet(r1, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) ioctl$LOOP_GET_STATUS(0xffffffffffffffff, 0x125e, &(0x7f0000000080)) sendmsg$NL80211_CMD_TDLS_MGMT(r1, 0x0, 0x4) recvfrom(r1, &(0x7f0000000480)=""/110, 0xfffffe32, 0x734, 0x0, 0xffffffffffffff39) 01:15:56 executing program 0: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="200000004000000003000002300000000f000000000000000200000002000000008000000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000000140)="ed41000000000000dbf4655fdcf4655fdcf4655f0000000000000400080000000000000005000000080000000000000000000000000000000000000000000000bb", 0x41, 0x4200}], 0x0, &(0x7f0000013a00)) [ 212.288364][T20605] loop4: p2 size 1073872896 extends beyond EOD, truncated [ 212.334781][T20605] loop4: p3 size 1912633224 extends beyond EOD, truncated [ 212.377207][T20605] loop4: p4 size 3657465856 extends beyond EOD, truncated [ 212.417261][T20603] loop2: detected capacity change from 0 to 568 [ 212.459146][T20603] EXT4-fs error (device loop2): __ext4_iget:4846: inode #2: block 3646141627: comm syz-executor.2: invalid block [ 212.471098][T20603] EXT4-fs (loop2): get root inode failed [ 212.476854][T20603] EXT4-fs (loop2): mount failed 01:15:56 executing program 5 (fault-call:7 fault-nth:30): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x7a05, 0x1700) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) write$cgroup_int(r2, &(0x7f0000000200), 0xf000) pwrite64(0xffffffffffffffff, 0x0, 0x0, 0x0) sendfile(r2, r3, 0x0, 0xf03b0000) sendfile(r1, r0, 0x0, 0x8000000000004) 01:15:56 executing program 1: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f000099e000)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$inet_tcp_int(r0, 0x6, 0x19, &(0x7f0000000000)=0x20, 0x4) sendto$inet(r0, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) sendmsg$NL80211_CMD_TDLS_MGMT(r0, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000180)={0x160, 0x0, 0x100, 0x70bd2b, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xc, 0x2a, [@mesh_chsw={0x76, 0x6, {0x4, 0x26, 0x3d, 0x6}}]}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8}, @NL80211_ATTR_IE={0x11e, 0x2a, [@mesh_id={0x72, 0x6}, @ht={0x2d, 0x1a, {0x8, 0x0, 0x1, 0x0, {0x3, 0x1, 0x0, 0x40, 0x0, 0x0, 0x0, 0x3, 0x1}, 0x8, 0x2, 0x2}}, @random_vendor={0xdd, 0xec, "5d4436042fb01afc776f15e249f78a5aa575849e3f8dfaf15c31ab8e96bc93a802a07f9a061d42824f799da013af85391831c9d4d7763587719e0a866b6530d86eec17b03908316c3b2f349db78ce75136f0513d4f0ded6c486518591507ef48244207ef1a137875c55b2461f29fc321232d421909e2e0b878d23b226b9204813abfd58338df63ec0f3a0aa1df08f6ee238f250e1f1517a9491032c8aeef45e3096f8c60fe39eb45570a9ed2a19c2671080fb03c84672b7a6d0050f45aaa2e93af2224c4b60edddc2d45831dacd11acc362166f47ff0f98148d5eea62845deed5ebbae8bd8bcb5c46cfa91e1"}, @ibss={0x6, 0x2}, @supported_rates={0x1, 0x2, [{0x4}, {0xc}]}]}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8, 0xcb, 0x7fffffff}, @NL80211_ATTR_TDLS_INITIATOR={0x4}]}, 0x160}, 0x1, 0x0, 0x0, 0x20000004}, 0x4) recvfrom(r0, &(0x7f0000000480)=""/110, 0xfffffe32, 0x734, 0x0, 0xffffffffffffff39) 01:15:56 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(0xffffffffffffffff, 0x800c6613, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x800002, 0x12, r0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r1, &(0x7f000099e000)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$inet_tcp_int(r1, 0x6, 0x19, &(0x7f0000000000)=0x20, 0x4) sendto$inet(r1, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) ioctl$LOOP_GET_STATUS(0xffffffffffffffff, 0x125e, &(0x7f0000000080)) sendmsg$NL80211_CMD_TDLS_MGMT(r1, 0x0, 0x4) recvfrom(r1, &(0x7f0000000480)=""/110, 0xfffffe32, 0x734, 0x0, 0xffffffffffffff39) 01:15:56 executing program 0: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="200000004000000003000003300000000f000000000000000200000002000000008000000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000000140)="ed41000000000000dbf4655fdcf4655fdcf4655f0000000000000400080000000000000005000000080000000000000000000000000000000000000000000000bb", 0x41, 0x4200}], 0x0, &(0x7f0000013a00)) 01:15:56 executing program 4: syz_read_part_table(0x8cffffff, 0x1, &(0x7f0000000040)=[{&(0x7f0000000000)="020181ffffff0a000000ff45ac0000ffffffa9000800000000000000024000ffffff82000000e10000008877007200300700a6ffffff00000000008000da55aa", 0x40, 0x1c0}]) 01:15:56 executing program 2: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x47400, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="200000004000000003000000300000000f000000000000000200000002000000008000000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000000140)="ed41000000000000dbf4655fdcf4655fdcf4655f0000000000000400080000000000000005000000080000000000000000000000000000000000000000000000bbb453d966251f49b1ab9b5b4d3c3f8ccc23b5d09ae234926a1e667ee0255913fede62ba578c07a711", 0x69, 0x4200}], 0x0, &(0x7f0000013a00)) [ 212.748440][T20665] loop4: detected capacity change from 0 to 264192 [ 212.765014][T20667] loop2: detected capacity change from 0 to 570 [ 212.784408][T20671] FAULT_INJECTION: forcing a failure. [ 212.784408][T20671] name failslab, interval 1, probability 0, space 0, times 0 [ 212.797110][T20671] CPU: 0 PID: 20671 Comm: syz-executor.5 Tainted: G W 5.14.0-syzkaller #0 [ 212.806905][T20671] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 212.816954][T20671] Call Trace: [ 212.820230][T20671] dump_stack_lvl+0xb7/0x103 [ 212.824827][T20671] dump_stack+0x11/0x1a [ 212.828983][T20671] should_fail+0x23c/0x250 [ 212.833394][T20671] ? mempool_alloc_slab+0x16/0x20 [ 212.838454][T20671] __should_failslab+0x81/0x90 [ 212.843210][T20671] should_failslab+0x5/0x20 [ 212.847762][T20671] kmem_cache_alloc+0x46/0x2e0 [ 212.852597][T20671] mempool_alloc_slab+0x16/0x20 [ 212.857447][T20671] ? mempool_free+0x130/0x130 [ 212.862118][T20671] mempool_alloc+0x8c/0x300 [ 212.866669][T20671] ? ext4_inode_block_valid+0x1cc/0x210 [ 212.872228][T20671] bio_alloc_bioset+0xcc/0x530 [ 212.876972][T20671] ? iov_iter_alignment+0x34b/0x370 [ 212.882186][T20671] iomap_dio_bio_actor+0x511/0xb50 [ 212.887275][T20671] ? ext4_iomap_begin+0x5d1/0x620 [ 212.892273][T20671] iomap_dio_actor+0x26e/0x3b0 [ 212.897213][T20671] ? ext4_iomap_overwrite_begin+0x5e/0x80 [ 212.902927][T20671] iomap_apply+0x1df/0x400 [ 212.907326][T20671] __iomap_dio_rw+0x62e/0xa60 [ 212.911982][T20671] ? __iomap_dio_rw+0xa60/0xa60 [ 212.916824][T20671] iomap_dio_rw+0x30/0x70 [ 212.921154][T20671] ext4_file_write_iter+0xa5e/0x11a0 [ 212.926478][T20671] do_iter_readv_writev+0x2cd/0x370 [ 212.931704][T20671] do_iter_write+0x192/0x5c0 [ 212.936342][T20671] ? splice_from_pipe_next+0x34f/0x3b0 [ 212.941792][T20671] ? kmalloc_array+0x2d/0x40 [ 212.946362][T20671] vfs_iter_write+0x4c/0x70 [ 212.950842][T20671] iter_file_splice_write+0x40a/0x750 [ 212.956192][T20671] ? splice_from_pipe+0xc0/0xc0 [ 212.961020][T20671] direct_splice_actor+0x80/0xa0 [ 212.966007][T20671] splice_direct_to_actor+0x345/0x650 [ 212.971379][T20671] ? do_splice_direct+0x170/0x170 [ 212.976389][T20671] do_splice_direct+0xf5/0x170 [ 212.981179][T20671] do_sendfile+0x618/0xb90 [ 212.985644][T20671] __x64_sys_sendfile64+0xf2/0x130 [ 212.990733][T20671] do_syscall_64+0x3d/0x90 [ 212.995127][T20671] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 213.001081][T20671] RIP: 0033:0x4665f9 [ 213.004952][T20671] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 213.024664][T20671] RSP: 002b:00007f439350a188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 213.033093][T20671] RAX: ffffffffffffffda RBX: 000000000056c038 RCX: 00000000004665f9 [ 213.041043][T20671] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000004 01:15:57 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(0xffffffffffffffff, 0x800c6613, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x800002, 0x12, r0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r1, &(0x7f000099e000)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$inet_tcp_int(r1, 0x6, 0x19, &(0x7f0000000000)=0x20, 0x4) sendto$inet(r1, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) ioctl$LOOP_GET_STATUS(0xffffffffffffffff, 0x125e, &(0x7f0000000080)) sendmsg$NL80211_CMD_TDLS_MGMT(r1, 0x0, 0x4) recvfrom(r1, &(0x7f0000000480)=""/110, 0xfffffe32, 0x734, 0x0, 0xffffffffffffff39) 01:15:57 executing program 1: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f000099e000)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$inet_tcp_int(r0, 0x6, 0x19, &(0x7f0000000000)=0x20, 0x4) sendto$inet(r0, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) sendmsg$NL80211_CMD_TDLS_MGMT(r0, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000180)={0x160, 0x0, 0x100, 0x70bd2b, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xc, 0x2a, [@mesh_chsw={0x76, 0x6, {0x4, 0x26, 0x3d, 0x6}}]}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8}, @NL80211_ATTR_IE={0x11e, 0x2a, [@mesh_id={0x72, 0x6}, @ht={0x2d, 0x1a, {0x8, 0x0, 0x1, 0x0, {0x3, 0x1, 0x0, 0x40, 0x0, 0x0, 0x0, 0x3, 0x1}, 0x8, 0x2, 0x2}}, @random_vendor={0xdd, 0xec, "5d4436042fb01afc776f15e249f78a5aa575849e3f8dfaf15c31ab8e96bc93a802a07f9a061d42824f799da013af85391831c9d4d7763587719e0a866b6530d86eec17b03908316c3b2f349db78ce75136f0513d4f0ded6c486518591507ef48244207ef1a137875c55b2461f29fc321232d421909e2e0b878d23b226b9204813abfd58338df63ec0f3a0aa1df08f6ee238f250e1f1517a9491032c8aeef45e3096f8c60fe39eb45570a9ed2a19c2671080fb03c84672b7a6d0050f45aaa2e93af2224c4b60edddc2d45831dacd11acc362166f47ff0f98148d5eea62845deed5ebbae8bd8bcb5c46cfa91e1"}, @ibss={0x6, 0x2}, @supported_rates={0x1, 0x2, [{0x4}, {0xc}]}]}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8, 0xcb, 0x7fffffff}, @NL80211_ATTR_TDLS_INITIATOR={0x4}]}, 0x160}, 0x1, 0x0, 0x0, 0x20000004}, 0x4) recvfrom(r0, &(0x7f0000000480)=""/110, 0xfffffe32, 0x734, 0x0, 0xffffffffffffff39) [ 213.049022][T20671] RBP: 00007f439350a1d0 R08: 0000000000000000 R09: 0000000000000000 [ 213.057023][T20671] R10: 0008000000000004 R11: 0000000000000246 R12: 0000000000000002 [ 213.064971][T20671] R13: 00007ffeba6dfb3f R14: 00007f439350a300 R15: 0000000000022000 [ 213.083450][T20667] EXT4-fs error (device loop2): __ext4_iget:4846: inode #2: block 3646141627: comm syz-executor.2: invalid block 01:15:57 executing program 0: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="200000004000000003000004300000000f000000000000000200000002000000008000000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000000140)="ed41000000000000dbf4655fdcf4655fdcf4655f0000000000000400080000000000000005000000080000000000000000000000000000000000000000000000bb", 0x41, 0x4200}], 0x0, &(0x7f0000013a00)) [ 213.095388][T20667] EXT4-fs (loop2): get root inode failed [ 213.101015][T20667] EXT4-fs (loop2): mount failed [ 213.139632][T20665] loop4: p1 p2 p3 p4 01:15:57 executing program 1: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f000099e000)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$inet_tcp_int(r0, 0x6, 0x19, &(0x7f0000000000)=0x20, 0x4) sendto$inet(r0, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) sendmsg$NL80211_CMD_TDLS_MGMT(r0, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000180)={0x70, 0x0, 0x100, 0x70bd2b, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xc, 0x2a, [@mesh_chsw={0x76, 0x6, {0x4, 0x26, 0x3d, 0x6}}]}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8}, @NL80211_ATTR_IE={0x30, 0x2a, [@mesh_id={0x72, 0x6}, @ht={0x2d, 0x1a, {0x8, 0x0, 0x1, 0x0, {0x3, 0x1, 0x0, 0x40, 0x0, 0x0, 0x0, 0x3, 0x1}, 0x8, 0x2, 0x2}}, @ibss={0x6, 0x2, 0x1}, @supported_rates={0x1, 0x2, [{0x4}, {0xc}]}]}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8, 0xcb, 0x7fffffff}, @NL80211_ATTR_TDLS_INITIATOR={0x4}]}, 0x70}, 0x1, 0x0, 0x0, 0x20000004}, 0x4) recvfrom(r0, &(0x7f0000000480)=""/110, 0xfffffe32, 0x734, 0x0, 0xffffffffffffff39) 01:15:57 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(0xffffffffffffffff, 0x800c6613, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x800002, 0x12, r0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r1, &(0x7f000099e000)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$inet_tcp_int(r1, 0x6, 0x19, &(0x7f0000000000)=0x20, 0x4) sendto$inet(r1, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) ioctl$LOOP_GET_STATUS(0xffffffffffffffff, 0x125e, &(0x7f0000000080)) sendmsg$NL80211_CMD_TDLS_MGMT(r1, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000180)={0x160, 0x0, 0x100, 0x70bd2b, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xc, 0x2a, [@mesh_chsw={0x76, 0x6, {0x4, 0x26, 0x3d, 0x6}}]}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8}, @NL80211_ATTR_IE={0x11e, 0x2a, [@mesh_id={0x72, 0x6}, @ht={0x2d, 0x1a, {0x8, 0x0, 0x1, 0x0, {0x3, 0x1, 0x0, 0x40, 0x0, 0x0, 0x0, 0x3, 0x1}, 0x8, 0x2, 0x2}}, @random_vendor={0xdd, 0xec, "5d4436042fb01afc776f15e249f78a5aa575849e3f8dfaf15c31ab8e96bc93a802a07f9a061d42824f799da013af85391831c9d4d7763587719e0a866b6530d86eec17b03908316c3b2f349db78ce75136f0513d4f0ded6c486518591507ef48244207ef1a137875c55b2461f29fc321232d421909e2e0b878d23b226b9204813abfd58338df63ec0f3a0aa1df08f6ee238f250e1f1517a9491032c8aeef45e3096f8c60fe39eb45570a9ed2a19c2671080fb03c84672b7a6d0050f45aaa2e93af2224c4b60edddc2d45831dacd11acc362166f47ff0f98148d5eea62845deed5ebbae8bd8bcb5c46cfa91e1"}, @ibss={0x6, 0x2, 0x1}, @supported_rates={0x1, 0x2, [{0x4}, {0xc}]}]}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8, 0xcb, 0x7fffffff}, @NL80211_ATTR_TDLS_INITIATOR={0x4}]}, 0x160}, 0x1, 0x0, 0x0, 0x20000004}, 0x4) recvfrom(r1, &(0x7f0000000480)=""/110, 0xfffffe32, 0x734, 0x0, 0xffffffffffffff39) 01:15:57 executing program 0: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="200000004000000003000005300000000f000000000000000200000002000000008000000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000000140)="ed41000000000000dbf4655fdcf4655fdcf4655f0000000000000400080000000000000005000000080000000000000000000000000000000000000000000000bb", 0x41, 0x4200}], 0x0, &(0x7f0000013a00)) [ 213.144153][T20665] loop4: p1 size 11290111 extends beyond EOD, truncated [ 213.199768][T20665] loop4: p2 size 1073872896 extends beyond EOD, truncated [ 213.242703][T20665] loop4: p3 size 1912633224 extends beyond EOD, truncated [ 213.255864][T20667] loop2: detected capacity change from 0 to 570 [ 213.279675][T20667] EXT4-fs error (device loop2): __ext4_iget:4846: inode #2: block 3646141627: comm syz-executor.2: invalid block [ 213.291616][T20667] EXT4-fs (loop2): get root inode failed [ 213.297302][T20667] EXT4-fs (loop2): mount failed [ 213.314289][T20665] loop4: p4 size 3657465856 extends beyond EOD, truncated 01:15:57 executing program 5 (fault-call:7 fault-nth:31): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x7a05, 0x1700) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) write$cgroup_int(r2, &(0x7f0000000200), 0xf000) pwrite64(0xffffffffffffffff, 0x0, 0x0, 0x0) sendfile(r2, r3, 0x0, 0xf03b0000) sendfile(r1, r0, 0x0, 0x8000000000004) 01:15:57 executing program 1: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f000099e000)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$inet_tcp_int(r0, 0x6, 0x19, &(0x7f0000000000)=0x20, 0x4) sendto$inet(r0, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) sendmsg$NL80211_CMD_TDLS_MGMT(r0, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000180)={0x70, 0x0, 0x100, 0x70bd2b, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xc, 0x2a, [@mesh_chsw={0x76, 0x6, {0x4, 0x26, 0x3d, 0x6}}]}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8}, @NL80211_ATTR_IE={0x30, 0x2a, [@mesh_id={0x72, 0x6}, @ht={0x2d, 0x1a, {0x8, 0x0, 0x1, 0x0, {0x3, 0x1, 0x0, 0x40, 0x0, 0x0, 0x0, 0x3, 0x1}, 0x8, 0x2, 0x2}}, @ibss={0x6, 0x2, 0x1}, @supported_rates={0x1, 0x2, [{0x4}, {0xc}]}]}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8, 0xcb, 0x7fffffff}, @NL80211_ATTR_TDLS_INITIATOR={0x4}]}, 0x70}, 0x1, 0x0, 0x0, 0x20000004}, 0x4) recvfrom(r0, &(0x7f0000000480)=""/110, 0xfffffe32, 0x734, 0x0, 0xffffffffffffff39) 01:15:57 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(0xffffffffffffffff, 0x800c6613, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x800002, 0x12, r0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r1, &(0x7f000099e000)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$inet_tcp_int(r1, 0x6, 0x19, &(0x7f0000000000)=0x20, 0x4) sendto$inet(r1, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) ioctl$LOOP_GET_STATUS(0xffffffffffffffff, 0x125e, &(0x7f0000000080)) sendmsg$NL80211_CMD_TDLS_MGMT(r1, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000180)={0x160, 0x0, 0x100, 0x70bd2b, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xc, 0x2a, [@mesh_chsw={0x76, 0x6, {0x4, 0x26, 0x3d, 0x6}}]}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8}, @NL80211_ATTR_IE={0x11e, 0x2a, [@mesh_id={0x72, 0x6}, @ht={0x2d, 0x1a, {0x8, 0x0, 0x1, 0x0, {0x3, 0x1, 0x0, 0x40, 0x0, 0x0, 0x0, 0x3, 0x1}, 0x8, 0x2, 0x2}}, @random_vendor={0xdd, 0xec, "5d4436042fb01afc776f15e249f78a5aa575849e3f8dfaf15c31ab8e96bc93a802a07f9a061d42824f799da013af85391831c9d4d7763587719e0a866b6530d86eec17b03908316c3b2f349db78ce75136f0513d4f0ded6c486518591507ef48244207ef1a137875c55b2461f29fc321232d421909e2e0b878d23b226b9204813abfd58338df63ec0f3a0aa1df08f6ee238f250e1f1517a9491032c8aeef45e3096f8c60fe39eb45570a9ed2a19c2671080fb03c84672b7a6d0050f45aaa2e93af2224c4b60edddc2d45831dacd11acc362166f47ff0f98148d5eea62845deed5ebbae8bd8bcb5c46cfa91e1"}, @ibss={0x6, 0x2, 0x1}, @supported_rates={0x1, 0x2, [{0x4}, {0xc}]}]}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8, 0xcb, 0x7fffffff}, @NL80211_ATTR_TDLS_INITIATOR={0x4}]}, 0x160}, 0x1, 0x0, 0x0, 0x20000004}, 0x4) recvfrom(r1, &(0x7f0000000480)=""/110, 0xfffffe32, 0x734, 0x0, 0xffffffffffffff39) 01:15:57 executing program 0: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="200000004000000003000006300000000f000000000000000200000002000000008000000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000000140)="ed41000000000000dbf4655fdcf4655fdcf4655f0000000000000400080000000000000005000000080000000000000000000000000000000000000000000000bb", 0x41, 0x4200}], 0x0, &(0x7f0000013a00)) 01:15:57 executing program 4: syz_read_part_table(0x97ffffff, 0x1, &(0x7f0000000040)=[{&(0x7f0000000000)="020181ffffff0a000000ff45ac0000ffffffa9000800000000000000024000ffffff82000000e10000008877007200300700a6ffffff00000000008000da55aa", 0x40, 0x1c0}]) 01:15:57 executing program 2: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x47401, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="200000004000000003000000300000000f000000000000000200000002000000008000000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000000140)="ed41000000000000dbf4655fdcf4655fdcf4655f0000000000000400080000000000000005000000080000000000000000000000000000000000000000000000bbb453d966251f49b1ab9b5b4d3c3f8ccc23b5d09ae234926a1e667ee0255913fede62ba578c07a711", 0x69, 0x4200}], 0x0, &(0x7f0000013a00)) [ 213.605541][T20733] loop2: detected capacity change from 0 to 570 [ 213.617590][T20734] loop4: detected capacity change from 0 to 264192 [ 213.635708][T20740] FAULT_INJECTION: forcing a failure. [ 213.635708][T20740] name failslab, interval 1, probability 0, space 0, times 0 [ 213.648348][T20740] CPU: 0 PID: 20740 Comm: syz-executor.5 Tainted: G W 5.14.0-syzkaller #0 [ 213.658145][T20740] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 213.668192][T20740] Call Trace: [ 213.671469][T20740] dump_stack_lvl+0xb7/0x103 [ 213.676102][T20740] dump_stack+0x11/0x1a [ 213.680306][T20740] should_fail+0x23c/0x250 [ 213.684769][T20740] ? mempool_alloc_slab+0x16/0x20 [ 213.689861][T20740] __should_failslab+0x81/0x90 [ 213.694627][T20740] should_failslab+0x5/0x20 [ 213.699129][T20740] kmem_cache_alloc+0x46/0x2e0 [ 213.703892][T20740] mempool_alloc_slab+0x16/0x20 [ 213.708801][T20740] ? mempool_free+0x130/0x130 [ 213.713457][T20740] mempool_alloc+0x8c/0x300 [ 213.717956][T20740] sg_pool_alloc+0x74/0x90 [ 213.722430][T20740] __sg_alloc_table+0xce/0x290 [ 213.727266][T20740] sg_alloc_table_chained+0xaf/0x140 [ 213.732568][T20740] ? sg_alloc_table_chained+0x140/0x140 [ 213.738092][T20740] scsi_alloc_sgtables+0x17c/0x500 [ 213.743188][T20740] sd_init_command+0x96a/0x1640 [ 213.748087][T20740] scsi_queue_rq+0x10e0/0x15a0 [ 213.752873][T20740] blk_mq_dispatch_rq_list+0x695/0x1040 [ 213.758482][T20740] ? __sbitmap_queue_get+0x11/0x20 [ 213.763583][T20740] blk_mq_do_dispatch_sched+0x3b5/0x640 [ 213.769112][T20740] __blk_mq_sched_dispatch_requests+0x1eb/0x290 [ 213.775361][T20740] ? rb_insert_color+0x2fa/0x310 [ 213.780283][T20740] blk_mq_sched_dispatch_requests+0x9f/0x110 [ 213.786243][T20740] __blk_mq_run_hw_queue+0xbc/0x140 [ 213.791482][T20740] __blk_mq_delay_run_hw_queue+0x163/0x2f0 [ 213.797286][T20740] blk_mq_run_hw_queue+0x22c/0x250 [ 213.802422][T20740] blk_mq_sched_insert_requests+0x12b/0x1f0 [ 213.808347][T20740] blk_mq_flush_plug_list+0x2f2/0x3c0 [ 213.813699][T20740] blk_flush_plug_list+0x235/0x260 [ 213.818804][T20740] blk_finish_plug+0x44/0x60 [ 213.823370][T20740] __iomap_dio_rw+0x797/0xa60 [ 213.828057][T20740] iomap_dio_rw+0x30/0x70 [ 213.832421][T20740] ext4_file_write_iter+0xa5e/0x11a0 [ 213.837751][T20740] do_iter_readv_writev+0x2cd/0x370 [ 213.842942][T20740] do_iter_write+0x192/0x5c0 [ 213.847511][T20740] ? splice_from_pipe_next+0x34f/0x3b0 [ 213.852950][T20740] ? kmalloc_array+0x2d/0x40 [ 213.857520][T20740] vfs_iter_write+0x4c/0x70 [ 213.862007][T20740] iter_file_splice_write+0x40a/0x750 [ 213.867361][T20740] ? splice_from_pipe+0xc0/0xc0 [ 213.872224][T20740] direct_splice_actor+0x80/0xa0 [ 213.877214][T20740] splice_direct_to_actor+0x345/0x650 [ 213.882580][T20740] ? do_splice_direct+0x170/0x170 [ 213.887676][T20740] do_splice_direct+0xf5/0x170 [ 213.892417][T20740] do_sendfile+0x618/0xb90 [ 213.896834][T20740] __x64_sys_sendfile64+0xf2/0x130 [ 213.902184][T20740] do_syscall_64+0x3d/0x90 [ 213.906696][T20740] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 213.912651][T20740] RIP: 0033:0x4665f9 [ 213.916518][T20740] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 213.936184][T20740] RSP: 002b:00007f439350a188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 213.944585][T20740] RAX: ffffffffffffffda RBX: 000000000056c038 RCX: 00000000004665f9 01:15:58 executing program 0: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="200000004000000003000007300000000f000000000000000200000002000000008000000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000000140)="ed41000000000000dbf4655fdcf4655fdcf4655f0000000000000400080000000000000005000000080000000000000000000000000000000000000000000000bb", 0x41, 0x4200}], 0x0, &(0x7f0000013a00)) 01:15:58 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(0xffffffffffffffff, 0x800c6613, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x800002, 0x12, r0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r1, &(0x7f000099e000)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$inet_tcp_int(r1, 0x6, 0x19, &(0x7f0000000000)=0x20, 0x4) sendto$inet(r1, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) ioctl$LOOP_GET_STATUS(0xffffffffffffffff, 0x125e, &(0x7f0000000080)) sendmsg$NL80211_CMD_TDLS_MGMT(r1, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000180)={0x160, 0x0, 0x100, 0x70bd2b, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xc, 0x2a, [@mesh_chsw={0x76, 0x6, {0x4, 0x26, 0x3d, 0x6}}]}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8}, @NL80211_ATTR_IE={0x11e, 0x2a, [@mesh_id={0x72, 0x6}, @ht={0x2d, 0x1a, {0x8, 0x0, 0x1, 0x0, {0x3, 0x1, 0x0, 0x40, 0x0, 0x0, 0x0, 0x3, 0x1}, 0x8, 0x2, 0x2}}, @random_vendor={0xdd, 0xec, "5d4436042fb01afc776f15e249f78a5aa575849e3f8dfaf15c31ab8e96bc93a802a07f9a061d42824f799da013af85391831c9d4d7763587719e0a866b6530d86eec17b03908316c3b2f349db78ce75136f0513d4f0ded6c486518591507ef48244207ef1a137875c55b2461f29fc321232d421909e2e0b878d23b226b9204813abfd58338df63ec0f3a0aa1df08f6ee238f250e1f1517a9491032c8aeef45e3096f8c60fe39eb45570a9ed2a19c2671080fb03c84672b7a6d0050f45aaa2e93af2224c4b60edddc2d45831dacd11acc362166f47ff0f98148d5eea62845deed5ebbae8bd8bcb5c46cfa91e1"}, @ibss={0x6, 0x2, 0x1}, @supported_rates={0x1, 0x2, [{0x4}, {0xc}]}]}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8, 0xcb, 0x7fffffff}, @NL80211_ATTR_TDLS_INITIATOR={0x4}]}, 0x160}, 0x1, 0x0, 0x0, 0x20000004}, 0x4) recvfrom(r1, &(0x7f0000000480)=""/110, 0xfffffe32, 0x734, 0x0, 0xffffffffffffff39) 01:15:58 executing program 1: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f000099e000)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$inet_tcp_int(r0, 0x6, 0x19, &(0x7f0000000000)=0x20, 0x4) sendto$inet(r0, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) sendmsg$NL80211_CMD_TDLS_MGMT(r0, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000180)={0x70, 0x0, 0x100, 0x70bd2b, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xc, 0x2a, [@mesh_chsw={0x76, 0x6, {0x4, 0x26, 0x3d, 0x6}}]}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8}, @NL80211_ATTR_IE={0x30, 0x2a, [@mesh_id={0x72, 0x6}, @ht={0x2d, 0x1a, {0x8, 0x0, 0x1, 0x0, {0x3, 0x1, 0x0, 0x40, 0x0, 0x0, 0x0, 0x3, 0x1}, 0x8, 0x2, 0x2}}, @ibss={0x6, 0x2, 0x1}, @supported_rates={0x1, 0x2, [{0x4}, {0xc}]}]}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8, 0xcb, 0x7fffffff}, @NL80211_ATTR_TDLS_INITIATOR={0x4}]}, 0x70}, 0x1, 0x0, 0x0, 0x20000004}, 0x4) recvfrom(r0, &(0x7f0000000480)=""/110, 0xfffffe32, 0x734, 0x0, 0xffffffffffffff39) [ 213.952532][T20740] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000004 [ 213.960477][T20740] RBP: 00007f439350a1d0 R08: 0000000000000000 R09: 0000000000000000 [ 213.968422][T20740] R10: 0008000000000004 R11: 0000000000000246 R12: 0000000000000002 [ 213.976436][T20740] R13: 00007ffeba6dfb3f R14: 00007f439350a300 R15: 0000000000022000 [ 213.994820][T20733] EXT4-fs error (device loop2): __ext4_iget:4846: inode #2: block 3646141627: comm syz-executor.2: invalid block [ 214.006923][T20733] EXT4-fs (loop2): get root inode failed [ 214.012562][T20733] EXT4-fs (loop2): mount failed [ 214.027613][T20734] loop4: p1 p2 p3 p4 [ 214.031955][T20734] loop4: p1 size 11290111 extends beyond EOD, truncated 01:15:58 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(0xffffffffffffffff, 0x800c6613, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x800002, 0x12, r0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r1, &(0x7f000099e000)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$inet_tcp_int(r1, 0x6, 0x19, &(0x7f0000000000)=0x20, 0x4) sendto$inet(r1, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) ioctl$LOOP_GET_STATUS(0xffffffffffffffff, 0x125e, &(0x7f0000000080)) sendmsg$NL80211_CMD_TDLS_MGMT(r1, &(0x7f0000000340)={&(0x7f0000000080), 0xc, &(0x7f0000000300)={&(0x7f0000000180)={0x160, 0x0, 0x100, 0x70bd2b, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xc, 0x2a, [@mesh_chsw={0x76, 0x6, {0x4, 0x26, 0x3d, 0x6}}]}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8}, @NL80211_ATTR_IE={0x11e, 0x2a, [@mesh_id={0x72, 0x6}, @ht={0x2d, 0x1a, {0x8, 0x0, 0x1, 0x0, {0x3, 0x1, 0x0, 0x40, 0x0, 0x0, 0x0, 0x3, 0x1}, 0x8, 0x2, 0x2}}, @random_vendor={0xdd, 0xec, "5d4436042fb01afc776f15e249f78a5aa575849e3f8dfaf15c31ab8e96bc93a802a07f9a061d42824f799da013af85391831c9d4d7763587719e0a866b6530d86eec17b03908316c3b2f349db78ce75136f0513d4f0ded6c486518591507ef48244207ef1a137875c55b2461f29fc321232d421909e2e0b878d23b226b9204813abfd58338df63ec0f3a0aa1df08f6ee238f250e1f1517a9491032c8aeef45e3096f8c60fe39eb45570a9ed2a19c2671080fb03c84672b7a6d0050f45aaa2e93af2224c4b60edddc2d45831dacd11acc362166f47ff0f98148d5eea62845deed5ebbae8bd8bcb5c46cfa91e1"}, @ibss={0x6, 0x2, 0x1}, @supported_rates={0x1, 0x2, [{0x4}, {0xc}]}]}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8, 0xcb, 0x7fffffff}, @NL80211_ATTR_TDLS_INITIATOR={0x4}]}, 0x160}, 0x1, 0x0, 0x0, 0x20000004}, 0x4) recvfrom(r1, &(0x7f0000000480)=""/110, 0xfffffe32, 0x734, 0x0, 0xffffffffffffff39) 01:15:58 executing program 0: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="200000004000000003000008300000000f000000000000000200000002000000008000000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000000140)="ed41000000000000dbf4655fdcf4655fdcf4655f0000000000000400080000000000000005000000080000000000000000000000000000000000000000000000bb", 0x41, 0x4200}], 0x0, &(0x7f0000013a00)) 01:15:58 executing program 1: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f000099e000)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$inet_tcp_int(r0, 0x6, 0x19, &(0x7f0000000000)=0x20, 0x4) sendto$inet(r0, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) sendmsg$NL80211_CMD_TDLS_MGMT(r0, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000180)={0x78, 0x0, 0x100, 0x70bd2b, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xc, 0x2a, [@mesh_chsw={0x76, 0x6, {0x4, 0x26, 0x3d, 0x6}}]}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8}, @NL80211_ATTR_IE={0x38, 0x2a, [@mesh_id={0x72, 0x6}, @ht={0x2d, 0x1a, {0x8, 0x0, 0x1, 0x0, {0x3, 0x1, 0x0, 0x40, 0x0, 0x0, 0x0, 0x3, 0x1}, 0x8, 0x2, 0x2}}, @random_vendor={0xdd, 0x6, "5d4436042fb0"}, @ibss={0x6, 0x2, 0x1}, @supported_rates={0x1, 0x2, [{0x4}, {0xc}]}]}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8, 0xcb, 0x7fffffff}, @NL80211_ATTR_TDLS_INITIATOR={0x4}]}, 0x78}, 0x1, 0x0, 0x0, 0x20000004}, 0x4) recvfrom(r0, &(0x7f0000000480)=""/110, 0xfffffe32, 0x734, 0x0, 0xffffffffffffff39) [ 214.075344][T20734] loop4: p2 size 1073872896 extends beyond EOD, truncated [ 214.134574][T20734] loop4: p3 size 1912633224 extends beyond EOD, truncated [ 214.178055][T20734] loop4: p4 size 3657465856 extends beyond EOD, truncated [ 214.196235][T20733] loop2: detected capacity change from 0 to 570 [ 214.215348][T20733] EXT4-fs error (device loop2): __ext4_iget:4846: inode #2: block 3646141627: comm syz-executor.2: invalid block [ 214.227431][T20733] EXT4-fs (loop2): get root inode failed [ 214.233048][T20733] EXT4-fs (loop2): mount failed 01:15:58 executing program 5 (fault-call:7 fault-nth:32): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x7a05, 0x1700) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) write$cgroup_int(r2, &(0x7f0000000200), 0xf000) pwrite64(0xffffffffffffffff, 0x0, 0x0, 0x0) sendfile(r2, r3, 0x0, 0xf03b0000) sendfile(r1, r0, 0x0, 0x8000000000004) 01:15:58 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(0xffffffffffffffff, 0x800c6613, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x800002, 0x12, r0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r1, &(0x7f000099e000)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$inet_tcp_int(r1, 0x6, 0x19, &(0x7f0000000000)=0x20, 0x4) sendto$inet(r1, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) ioctl$LOOP_GET_STATUS(0xffffffffffffffff, 0x125e, &(0x7f0000000080)) sendmsg$NL80211_CMD_TDLS_MGMT(r1, &(0x7f0000000340)={&(0x7f0000000080), 0xc, &(0x7f0000000300)={&(0x7f0000000180)={0x160, 0x0, 0x100, 0x70bd2b, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xc, 0x2a, [@mesh_chsw={0x76, 0x6, {0x4, 0x26, 0x3d, 0x6}}]}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8}, @NL80211_ATTR_IE={0x11e, 0x2a, [@mesh_id={0x72, 0x6}, @ht={0x2d, 0x1a, {0x8, 0x0, 0x1, 0x0, {0x3, 0x1, 0x0, 0x40, 0x0, 0x0, 0x0, 0x3, 0x1}, 0x8, 0x2, 0x2}}, @random_vendor={0xdd, 0xec, "5d4436042fb01afc776f15e249f78a5aa575849e3f8dfaf15c31ab8e96bc93a802a07f9a061d42824f799da013af85391831c9d4d7763587719e0a866b6530d86eec17b03908316c3b2f349db78ce75136f0513d4f0ded6c486518591507ef48244207ef1a137875c55b2461f29fc321232d421909e2e0b878d23b226b9204813abfd58338df63ec0f3a0aa1df08f6ee238f250e1f1517a9491032c8aeef45e3096f8c60fe39eb45570a9ed2a19c2671080fb03c84672b7a6d0050f45aaa2e93af2224c4b60edddc2d45831dacd11acc362166f47ff0f98148d5eea62845deed5ebbae8bd8bcb5c46cfa91e1"}, @ibss={0x6, 0x2, 0x1}, @supported_rates={0x1, 0x2, [{0x4}, {0xc}]}]}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8, 0xcb, 0x7fffffff}, @NL80211_ATTR_TDLS_INITIATOR={0x4}]}, 0x160}, 0x1, 0x0, 0x0, 0x20000004}, 0x4) recvfrom(r1, &(0x7f0000000480)=""/110, 0xfffffe32, 0x734, 0x0, 0xffffffffffffff39) 01:15:58 executing program 1: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f000099e000)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$inet_tcp_int(r0, 0x6, 0x19, &(0x7f0000000000)=0x20, 0x4) sendto$inet(r0, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) sendmsg$NL80211_CMD_TDLS_MGMT(r0, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000180)={0x78, 0x0, 0x100, 0x70bd2b, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xc, 0x2a, [@mesh_chsw={0x76, 0x6, {0x4, 0x26, 0x3d, 0x6}}]}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8}, @NL80211_ATTR_IE={0x38, 0x2a, [@mesh_id={0x72, 0x6}, @ht={0x2d, 0x1a, {0x8, 0x0, 0x1, 0x0, {0x3, 0x1, 0x0, 0x40, 0x0, 0x0, 0x0, 0x3, 0x1}, 0x8, 0x2, 0x2}}, @random_vendor={0xdd, 0x6, "5d4436042fb0"}, @ibss={0x6, 0x2, 0x1}, @supported_rates={0x1, 0x2, [{0x4}, {0xc}]}]}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8, 0xcb, 0x7fffffff}, @NL80211_ATTR_TDLS_INITIATOR={0x4}]}, 0x78}, 0x1, 0x0, 0x0, 0x20000004}, 0x4) recvfrom(r0, &(0x7f0000000480)=""/110, 0xfffffe32, 0x734, 0x0, 0xffffffffffffff39) 01:15:58 executing program 0: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000400000000300000a300000000f000000000000000200000002000000008000000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000000140)="ed41000000000000dbf4655fdcf4655fdcf4655f0000000000000400080000000000000005000000080000000000000000000000000000000000000000000000bb", 0x41, 0x4200}], 0x0, &(0x7f0000013a00)) 01:15:58 executing program 4: syz_read_part_table(0xa1ffffff, 0x1, &(0x7f0000000040)=[{&(0x7f0000000000)="020181ffffff0a000000ff45ac0000ffffffa9000800000000000000024000ffffff82000000e10000008877007200300700a6ffffff00000000008000da55aa", 0x40, 0x1c0}]) 01:15:58 executing program 2: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x47501, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="200000004000000003000000300000000f000000000000000200000002000000008000000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000000140)="ed41000000000000dbf4655fdcf4655fdcf4655f0000000000000400080000000000000005000000080000000000000000000000000000000000000000000000bbb453d966251f49b1ab9b5b4d3c3f8ccc23b5d09ae234926a1e667ee0255913fede62ba578c07a711", 0x69, 0x4200}], 0x0, &(0x7f0000013a00)) [ 214.457731][T20799] loop2: detected capacity change from 0 to 570 [ 214.477788][T20801] loop4: detected capacity change from 0 to 264192 [ 214.488814][T20804] FAULT_INJECTION: forcing a failure. [ 214.488814][T20804] name failslab, interval 1, probability 0, space 0, times 0 [ 214.501473][T20804] CPU: 0 PID: 20804 Comm: syz-executor.5 Tainted: G W 5.14.0-syzkaller #0 [ 214.511272][T20804] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 214.521320][T20804] Call Trace: [ 214.524594][T20804] dump_stack_lvl+0xb7/0x103 [ 214.529181][T20804] dump_stack+0x11/0x1a [ 214.533330][T20804] should_fail+0x23c/0x250 [ 214.537739][T20804] ? kmalloc_array+0x2d/0x40 [ 214.542362][T20804] __should_failslab+0x81/0x90 [ 214.547106][T20804] should_failslab+0x5/0x20 [ 214.551591][T20804] __kmalloc+0x66/0x340 [ 214.555725][T20804] ? ktime_get_coarse_real_ts64+0x10d/0x120 [ 214.561604][T20804] ? splice_from_pipe+0xc0/0xc0 [ 214.566502][T20804] kmalloc_array+0x2d/0x40 [ 214.570912][T20804] iter_file_splice_write+0xc6/0x750 [ 214.576292][T20804] ? atime_needs_update+0x239/0x390 [ 214.581560][T20804] ? touch_atime+0xcf/0x240 [ 214.586078][T20804] ? generic_file_splice_read+0x286/0x310 [ 214.591789][T20804] ? splice_from_pipe+0xc0/0xc0 [ 214.596643][T20804] direct_splice_actor+0x80/0xa0 [ 214.601664][T20804] splice_direct_to_actor+0x345/0x650 [ 214.607033][T20804] ? do_splice_direct+0x170/0x170 [ 214.612098][T20804] do_splice_direct+0xf5/0x170 [ 214.616888][T20804] do_sendfile+0x618/0xb90 [ 214.621288][T20804] __x64_sys_sendfile64+0xf2/0x130 [ 214.626500][T20804] do_syscall_64+0x3d/0x90 [ 214.630912][T20804] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 214.636840][T20804] RIP: 0033:0x4665f9 01:15:58 executing program 1: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f000099e000)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$inet_tcp_int(r0, 0x6, 0x19, &(0x7f0000000000)=0x20, 0x4) sendto$inet(r0, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) sendmsg$NL80211_CMD_TDLS_MGMT(r0, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000180)={0x78, 0x0, 0x100, 0x70bd2b, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xc, 0x2a, [@mesh_chsw={0x76, 0x6, {0x4, 0x26, 0x3d, 0x6}}]}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8}, @NL80211_ATTR_IE={0x38, 0x2a, [@mesh_id={0x72, 0x6}, @ht={0x2d, 0x1a, {0x8, 0x0, 0x1, 0x0, {0x3, 0x1, 0x0, 0x40, 0x0, 0x0, 0x0, 0x3, 0x1}, 0x8, 0x2, 0x2}}, @random_vendor={0xdd, 0x6, "5d4436042fb0"}, @ibss={0x6, 0x2, 0x1}, @supported_rates={0x1, 0x2, [{0x4}, {0xc}]}]}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8, 0xcb, 0x7fffffff}, @NL80211_ATTR_TDLS_INITIATOR={0x4}]}, 0x78}, 0x1, 0x0, 0x0, 0x20000004}, 0x4) recvfrom(r0, &(0x7f0000000480)=""/110, 0xfffffe32, 0x734, 0x0, 0xffffffffffffff39) 01:15:58 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(0xffffffffffffffff, 0x800c6613, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x800002, 0x12, r0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r1, &(0x7f000099e000)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$inet_tcp_int(r1, 0x6, 0x19, &(0x7f0000000000)=0x20, 0x4) sendto$inet(r1, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) ioctl$LOOP_GET_STATUS(0xffffffffffffffff, 0x125e, &(0x7f0000000080)) sendmsg$NL80211_CMD_TDLS_MGMT(r1, &(0x7f0000000340)={&(0x7f0000000080), 0xc, &(0x7f0000000300)={&(0x7f0000000180)={0x160, 0x0, 0x100, 0x70bd2b, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xc, 0x2a, [@mesh_chsw={0x76, 0x6, {0x4, 0x26, 0x3d, 0x6}}]}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8}, @NL80211_ATTR_IE={0x11e, 0x2a, [@mesh_id={0x72, 0x6}, @ht={0x2d, 0x1a, {0x8, 0x0, 0x1, 0x0, {0x3, 0x1, 0x0, 0x40, 0x0, 0x0, 0x0, 0x3, 0x1}, 0x8, 0x2, 0x2}}, @random_vendor={0xdd, 0xec, "5d4436042fb01afc776f15e249f78a5aa575849e3f8dfaf15c31ab8e96bc93a802a07f9a061d42824f799da013af85391831c9d4d7763587719e0a866b6530d86eec17b03908316c3b2f349db78ce75136f0513d4f0ded6c486518591507ef48244207ef1a137875c55b2461f29fc321232d421909e2e0b878d23b226b9204813abfd58338df63ec0f3a0aa1df08f6ee238f250e1f1517a9491032c8aeef45e3096f8c60fe39eb45570a9ed2a19c2671080fb03c84672b7a6d0050f45aaa2e93af2224c4b60edddc2d45831dacd11acc362166f47ff0f98148d5eea62845deed5ebbae8bd8bcb5c46cfa91e1"}, @ibss={0x6, 0x2, 0x1}, @supported_rates={0x1, 0x2, [{0x4}, {0xc}]}]}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8, 0xcb, 0x7fffffff}, @NL80211_ATTR_TDLS_INITIATOR={0x4}]}, 0x160}, 0x1, 0x0, 0x0, 0x20000004}, 0x4) recvfrom(r1, &(0x7f0000000480)=""/110, 0xfffffe32, 0x734, 0x0, 0xffffffffffffff39) 01:15:58 executing program 0: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000400000000300000b300000000f000000000000000200000002000000008000000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000000140)="ed41000000000000dbf4655fdcf4655fdcf4655f0000000000000400080000000000000005000000080000000000000000000000000000000000000000000000bb", 0x41, 0x4200}], 0x0, &(0x7f0000013a00)) [ 214.640727][T20804] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 214.660421][T20804] RSP: 002b:00007f439350a188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 214.668846][T20804] RAX: ffffffffffffffda RBX: 000000000056c038 RCX: 00000000004665f9 [ 214.676797][T20804] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000004 [ 214.684749][T20804] RBP: 00007f439350a1d0 R08: 0000000000000000 R09: 0000000000000000 [ 214.692714][T20804] R10: 0008000000000004 R11: 0000000000000246 R12: 0000000000000002 [ 214.700666][T20804] R13: 00007ffeba6dfb3f R14: 00007f439350a300 R15: 0000000000022000 01:15:59 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(0xffffffffffffffff, 0x800c6613, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x800002, 0x12, r0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r1, &(0x7f000099e000)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$inet_tcp_int(r1, 0x6, 0x19, &(0x7f0000000000)=0x20, 0x4) sendto$inet(r1, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) ioctl$LOOP_GET_STATUS(0xffffffffffffffff, 0x125e, &(0x7f0000000080)) sendmsg$NL80211_CMD_TDLS_MGMT(r1, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x20000004}, 0x4) recvfrom(r1, &(0x7f0000000480)=""/110, 0xfffffe32, 0x734, 0x0, 0xffffffffffffff39) 01:15:59 executing program 1: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f000099e000)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$inet_tcp_int(r0, 0x6, 0x19, &(0x7f0000000000)=0x20, 0x4) sendto$inet(r0, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) sendmsg$NL80211_CMD_TDLS_MGMT(r0, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000180)={0xec, 0x0, 0x100, 0x70bd2b, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xc, 0x2a, [@mesh_chsw={0x76, 0x6, {0x4, 0x26, 0x3d, 0x6}}]}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8}, @NL80211_ATTR_IE={0xab, 0x2a, [@mesh_id={0x72, 0x6}, @ht={0x2d, 0x1a, {0x8, 0x0, 0x1, 0x0, {0x3, 0x1, 0x0, 0x40, 0x0, 0x0, 0x0, 0x3, 0x1}, 0x8, 0x2, 0x2}}, @random_vendor={0xdd, 0x79, "5d4436042fb01afc776f15e249f78a5aa575849e3f8dfaf15c31ab8e96bc93a802a07f9a061d42824f799da013af85391831c9d4d7763587719e0a866b6530d86eec17b03908316c3b2f349db78ce75136f0513d4f0ded6c486518591507ef48244207ef1a137875c55b2461f29fc321232d421909e2e0b878"}, @ibss={0x6, 0x2, 0x1}, @supported_rates={0x1, 0x2, [{0x4}, {0xc}]}]}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8, 0xcb, 0x7fffffff}, @NL80211_ATTR_TDLS_INITIATOR={0x4}]}, 0xec}, 0x1, 0x0, 0x0, 0x20000004}, 0x4) recvfrom(r0, &(0x7f0000000480)=""/110, 0xfffffe32, 0x734, 0x0, 0xffffffffffffff39) [ 214.765430][T20801] loop4: p1 p2 p3 p4 [ 214.774686][T20801] loop4: p1 size 11290111 extends beyond EOD, truncated 01:15:59 executing program 0: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="200000004000000003000018300000000f000000000000000200000002000000008000000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000000140)="ed41000000000000dbf4655fdcf4655fdcf4655f0000000000000400080000000000000005000000080000000000000000000000000000000000000000000000bb", 0x41, 0x4200}], 0x0, &(0x7f0000013a00)) [ 214.828680][T20801] loop4: p2 size 1073872896 extends beyond EOD, truncated [ 214.871580][T20801] loop4: p3 size 1912633224 extends beyond EOD, truncated [ 214.909363][T20801] loop4: p4 size 3657465856 extends beyond EOD, truncated [ 214.925640][T20799] EXT4-fs error (device loop2): __ext4_iget:4846: inode #2: block 3646141627: comm syz-executor.2: invalid block [ 214.937609][T20799] EXT4-fs (loop2): get root inode failed [ 214.943239][T20799] EXT4-fs (loop2): mount failed [ 215.053767][T20799] loop2: detected capacity change from 0 to 570 [ 215.080830][T20799] EXT4-fs error (device loop2): __ext4_iget:4846: inode #2: block 3646141627: comm syz-executor.2: invalid block [ 215.092800][T20799] EXT4-fs (loop2): get root inode failed [ 215.098486][T20799] EXT4-fs (loop2): mount failed 01:15:59 executing program 5 (fault-call:7 fault-nth:33): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x7a05, 0x1700) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) write$cgroup_int(r2, &(0x7f0000000200), 0xf000) pwrite64(0xffffffffffffffff, 0x0, 0x0, 0x0) sendfile(r2, r3, 0x0, 0xf03b0000) sendfile(r1, r0, 0x0, 0x8000000000004) 01:15:59 executing program 1: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f000099e000)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$inet_tcp_int(r0, 0x6, 0x19, &(0x7f0000000000)=0x20, 0x4) sendto$inet(r0, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) sendmsg$NL80211_CMD_TDLS_MGMT(r0, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000180)={0xec, 0x0, 0x100, 0x70bd2b, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xc, 0x2a, [@mesh_chsw={0x76, 0x6, {0x4, 0x26, 0x3d, 0x6}}]}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8}, @NL80211_ATTR_IE={0xab, 0x2a, [@mesh_id={0x72, 0x6}, @ht={0x2d, 0x1a, {0x8, 0x0, 0x1, 0x0, {0x3, 0x1, 0x0, 0x40, 0x0, 0x0, 0x0, 0x3, 0x1}, 0x8, 0x2, 0x2}}, @random_vendor={0xdd, 0x79, "5d4436042fb01afc776f15e249f78a5aa575849e3f8dfaf15c31ab8e96bc93a802a07f9a061d42824f799da013af85391831c9d4d7763587719e0a866b6530d86eec17b03908316c3b2f349db78ce75136f0513d4f0ded6c486518591507ef48244207ef1a137875c55b2461f29fc321232d421909e2e0b878"}, @ibss={0x6, 0x2, 0x1}, @supported_rates={0x1, 0x2, [{0x4}, {0xc}]}]}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8, 0xcb, 0x7fffffff}, @NL80211_ATTR_TDLS_INITIATOR={0x4}]}, 0xec}, 0x1, 0x0, 0x0, 0x20000004}, 0x4) recvfrom(r0, &(0x7f0000000480)=""/110, 0xfffffe32, 0x734, 0x0, 0xffffffffffffff39) 01:15:59 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(0xffffffffffffffff, 0x800c6613, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x800002, 0x12, r0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r1, &(0x7f000099e000)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$inet_tcp_int(r1, 0x6, 0x19, &(0x7f0000000000)=0x20, 0x4) sendto$inet(r1, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) ioctl$LOOP_GET_STATUS(0xffffffffffffffff, 0x125e, &(0x7f0000000080)) sendmsg$NL80211_CMD_TDLS_MGMT(r1, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x20000004}, 0x4) recvfrom(r1, &(0x7f0000000480)=""/110, 0xfffffe32, 0x734, 0x0, 0xffffffffffffff39) 01:15:59 executing program 0: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000400000000300001c300000000f000000000000000200000002000000008000000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000000140)="ed41000000000000dbf4655fdcf4655fdcf4655f0000000000000400080000000000000005000000080000000000000000000000000000000000000000000000bb", 0x41, 0x4200}], 0x0, &(0x7f0000013a00)) 01:15:59 executing program 4: syz_read_part_table(0xb4030000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000000)="020181ffffff0a000000ff45ac0000ffffffa9000800000000000000024000ffffff82000000e10000008877007200300700a6ffffff00000000008000da55aa", 0x40, 0x1c0}]) 01:15:59 executing program 2: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x47502, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="200000004000000003000000300000000f000000000000000200000002000000008000000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000000140)="ed41000000000000dbf4655fdcf4655fdcf4655f0000000000000400080000000000000005000000080000000000000000000000000000000000000000000000bbb453d966251f49b1ab9b5b4d3c3f8ccc23b5d09ae234926a1e667ee0255913fede62ba578c07a711", 0x69, 0x4200}], 0x0, &(0x7f0000013a00)) [ 215.317155][T20872] loop2: detected capacity change from 0 to 570 [ 215.324023][T20873] loop4: detected capacity change from 0 to 264192 [ 215.345300][T20875] FAULT_INJECTION: forcing a failure. [ 215.345300][T20875] name failslab, interval 1, probability 0, space 0, times 0 [ 215.357962][T20875] CPU: 0 PID: 20875 Comm: syz-executor.5 Tainted: G W 5.14.0-syzkaller #0 [ 215.367762][T20875] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 215.377833][T20875] Call Trace: [ 215.381106][T20875] dump_stack_lvl+0xb7/0x103 [ 215.385707][T20875] dump_stack+0x11/0x1a [ 215.389853][T20875] should_fail+0x23c/0x250 [ 215.394360][T20875] __should_failslab+0x81/0x90 [ 215.399110][T20875] ? __iomap_dio_rw+0xf2/0xa60 [ 215.403858][T20875] should_failslab+0x5/0x20 [ 215.408343][T20875] kmem_cache_alloc_trace+0x49/0x310 [ 215.413662][T20875] __iomap_dio_rw+0xf2/0xa60 [ 215.418266][T20875] ? inode_io_list_move_locked+0x17b/0x260 [ 215.424055][T20875] ? __mnt_drop_write_file+0x5a/0x60 [ 215.429319][T20875] ? file_update_time+0x3ae/0x3e0 [ 215.434408][T20875] iomap_dio_rw+0x30/0x70 [ 215.438744][T20875] ext4_file_write_iter+0xa5e/0x11a0 [ 215.444013][T20875] do_iter_readv_writev+0x2cd/0x370 [ 215.449244][T20875] do_iter_write+0x192/0x5c0 [ 215.453818][T20875] ? splice_from_pipe_next+0x34f/0x3b0 [ 215.459260][T20875] ? kmalloc_array+0x2d/0x40 [ 215.463943][T20875] vfs_iter_write+0x4c/0x70 [ 215.468430][T20875] iter_file_splice_write+0x40a/0x750 [ 215.473796][T20875] ? splice_from_pipe+0xc0/0xc0 [ 215.478702][T20875] direct_splice_actor+0x80/0xa0 [ 215.483626][T20875] splice_direct_to_actor+0x345/0x650 [ 215.489045][T20875] ? do_splice_direct+0x170/0x170 [ 215.494053][T20875] do_splice_direct+0xf5/0x170 [ 215.498803][T20875] do_sendfile+0x618/0xb90 [ 215.503206][T20875] __x64_sys_sendfile64+0xf2/0x130 [ 215.508322][T20875] do_syscall_64+0x3d/0x90 [ 215.512791][T20875] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 215.518822][T20875] RIP: 0033:0x4665f9 [ 215.522696][T20875] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 215.542291][T20875] RSP: 002b:00007f439350a188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 215.550687][T20875] RAX: ffffffffffffffda RBX: 000000000056c038 RCX: 00000000004665f9 [ 215.558637][T20875] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000004 01:15:59 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(0xffffffffffffffff, 0x800c6613, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x800002, 0x12, r0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r1, &(0x7f000099e000)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$inet_tcp_int(r1, 0x6, 0x19, &(0x7f0000000000)=0x20, 0x4) sendto$inet(r1, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) ioctl$LOOP_GET_STATUS(0xffffffffffffffff, 0x125e, &(0x7f0000000080)) sendmsg$NL80211_CMD_TDLS_MGMT(r1, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x20000004}, 0x4) recvfrom(r1, &(0x7f0000000480)=""/110, 0xfffffe32, 0x734, 0x0, 0xffffffffffffff39) 01:15:59 executing program 1: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f000099e000)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$inet_tcp_int(r0, 0x6, 0x19, &(0x7f0000000000)=0x20, 0x4) sendto$inet(r0, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) sendmsg$NL80211_CMD_TDLS_MGMT(r0, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000180)={0xec, 0x0, 0x100, 0x70bd2b, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xc, 0x2a, [@mesh_chsw={0x76, 0x6, {0x4, 0x26, 0x3d, 0x6}}]}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8}, @NL80211_ATTR_IE={0xab, 0x2a, [@mesh_id={0x72, 0x6}, @ht={0x2d, 0x1a, {0x8, 0x0, 0x1, 0x0, {0x3, 0x1, 0x0, 0x40, 0x0, 0x0, 0x0, 0x3, 0x1}, 0x8, 0x2, 0x2}}, @random_vendor={0xdd, 0x79, "5d4436042fb01afc776f15e249f78a5aa575849e3f8dfaf15c31ab8e96bc93a802a07f9a061d42824f799da013af85391831c9d4d7763587719e0a866b6530d86eec17b03908316c3b2f349db78ce75136f0513d4f0ded6c486518591507ef48244207ef1a137875c55b2461f29fc321232d421909e2e0b878"}, @ibss={0x6, 0x2, 0x1}, @supported_rates={0x1, 0x2, [{0x4}, {0xc}]}]}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8, 0xcb, 0x7fffffff}, @NL80211_ATTR_TDLS_INITIATOR={0x4}]}, 0xec}, 0x1, 0x0, 0x0, 0x20000004}, 0x4) recvfrom(r0, &(0x7f0000000480)=""/110, 0xfffffe32, 0x734, 0x0, 0xffffffffffffff39) 01:15:59 executing program 0: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="200000004000000003000026300000000f000000000000000200000002000000008000000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000000140)="ed41000000000000dbf4655fdcf4655fdcf4655f0000000000000400080000000000000005000000080000000000000000000000000000000000000000000000bb", 0x41, 0x4200}], 0x0, &(0x7f0000013a00)) [ 215.566586][T20875] RBP: 00007f439350a1d0 R08: 0000000000000000 R09: 0000000000000000 [ 215.574537][T20875] R10: 0008000000000004 R11: 0000000000000246 R12: 0000000000000002 [ 215.582491][T20875] R13: 00007ffeba6dfb3f R14: 00007f439350a300 R15: 0000000000022000 01:15:59 executing program 1: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f000099e000)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$inet_tcp_int(r0, 0x6, 0x19, &(0x7f0000000000)=0x20, 0x4) sendto$inet(r0, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) sendmsg$NL80211_CMD_TDLS_MGMT(r0, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000180)={0x128, 0x0, 0x100, 0x70bd2b, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xc, 0x2a, [@mesh_chsw={0x76, 0x6, {0x4, 0x26, 0x3d, 0x6}}]}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8}, @NL80211_ATTR_IE={0xe5, 0x2a, [@mesh_id={0x72, 0x6}, @ht={0x2d, 0x1a, {0x8, 0x0, 0x1, 0x0, {0x3, 0x1, 0x0, 0x40, 0x0, 0x0, 0x0, 0x3, 0x1}, 0x8, 0x2, 0x2}}, @random_vendor={0xdd, 0xb3, "5d4436042fb01afc776f15e249f78a5aa575849e3f8dfaf15c31ab8e96bc93a802a07f9a061d42824f799da013af85391831c9d4d7763587719e0a866b6530d86eec17b03908316c3b2f349db78ce75136f0513d4f0ded6c486518591507ef48244207ef1a137875c55b2461f29fc321232d421909e2e0b878d23b226b9204813abfd58338df63ec0f3a0aa1df08f6ee238f250e1f1517a9491032c8aeef45e3096f8c60fe39eb45570a9ed2a19c2671080fb0"}, @ibss={0x6, 0x2, 0x1}, @supported_rates={0x1, 0x2, [{0x4}, {0xc}]}]}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8, 0xcb, 0x7fffffff}, @NL80211_ATTR_TDLS_INITIATOR={0x4}]}, 0x128}, 0x1, 0x0, 0x0, 0x20000004}, 0x4) recvfrom(r0, &(0x7f0000000480)=""/110, 0xfffffe32, 0x734, 0x0, 0xffffffffffffff39) 01:15:59 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(0xffffffffffffffff, 0x800c6613, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x800002, 0x12, r0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r1, &(0x7f000099e000)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$inet_tcp_int(r1, 0x6, 0x19, &(0x7f0000000000)=0x20, 0x4) sendto$inet(r1, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) ioctl$LOOP_GET_STATUS(0xffffffffffffffff, 0x125e, &(0x7f0000000080)) sendmsg$NL80211_CMD_TDLS_MGMT(r1, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={0x0}, 0x1, 0x0, 0x0, 0x20000004}, 0x4) recvfrom(r1, &(0x7f0000000480)=""/110, 0xfffffe32, 0x734, 0x0, 0xffffffffffffff39) [ 215.644303][T20881] loop4: p1 p2 p3 p4 [ 215.648468][T20881] loop4: p1 size 11290111 extends beyond EOD, truncated 01:15:59 executing program 0: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="2000000040000000030000fe300000000f000000000000000200000002000000008000000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000000140)="ed41000000000000dbf4655fdcf4655fdcf4655f0000000000000400080000000000000005000000080000000000000000000000000000000000000000000000bb", 0x41, 0x4200}], 0x0, &(0x7f0000013a00)) [ 215.694497][T20881] loop4: p2 size 1073872896 extends beyond EOD, truncated [ 215.739657][T20881] loop4: p3 size 1912633224 extends beyond EOD, truncated [ 215.779515][T20881] loop4: p4 size 3657465856 extends beyond EOD, truncated [ 215.795344][T20873] loop4: p1 p2 p3 p4 [ 215.809664][T20873] loop4: p1 size 11290111 extends beyond EOD, truncated [ 215.823106][T20872] EXT4-fs error (device loop2): __ext4_iget:4846: inode #2: block 3646141627: comm syz-executor.2: invalid block [ 215.835083][T20872] EXT4-fs (loop2): get root inode failed [ 215.840756][T20872] EXT4-fs (loop2): mount failed [ 215.848831][T20873] loop4: p2 size 1073872896 extends beyond EOD, truncated [ 215.857216][T20873] loop4: p3 size 1912633224 extends beyond EOD, truncated [ 215.865342][T20873] loop4: p4 size 3657465856 extends beyond EOD, truncated [ 215.901839][T20872] loop2: detected capacity change from 0 to 570 [ 215.937649][T20872] EXT4-fs error (device loop2): __ext4_iget:4846: inode #2: block 3646141627: comm syz-executor.2: invalid block [ 215.949880][T20872] EXT4-fs (loop2): get root inode failed [ 215.955531][T20872] EXT4-fs (loop2): mount failed 01:16:00 executing program 5 (fault-call:7 fault-nth:34): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x7a05, 0x1700) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) write$cgroup_int(r2, &(0x7f0000000200), 0xf000) pwrite64(0xffffffffffffffff, 0x0, 0x0, 0x0) sendfile(r2, r3, 0x0, 0xf03b0000) sendfile(r1, r0, 0x0, 0x8000000000004) 01:16:00 executing program 1: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f000099e000)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$inet_tcp_int(r0, 0x6, 0x19, &(0x7f0000000000)=0x20, 0x4) sendto$inet(r0, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) sendmsg$NL80211_CMD_TDLS_MGMT(r0, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000180)={0x128, 0x0, 0x100, 0x70bd2b, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xc, 0x2a, [@mesh_chsw={0x76, 0x6, {0x4, 0x26, 0x3d, 0x6}}]}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8}, @NL80211_ATTR_IE={0xe5, 0x2a, [@mesh_id={0x72, 0x6}, @ht={0x2d, 0x1a, {0x8, 0x0, 0x1, 0x0, {0x3, 0x1, 0x0, 0x40, 0x0, 0x0, 0x0, 0x3, 0x1}, 0x8, 0x2, 0x2}}, @random_vendor={0xdd, 0xb3, "5d4436042fb01afc776f15e249f78a5aa575849e3f8dfaf15c31ab8e96bc93a802a07f9a061d42824f799da013af85391831c9d4d7763587719e0a866b6530d86eec17b03908316c3b2f349db78ce75136f0513d4f0ded6c486518591507ef48244207ef1a137875c55b2461f29fc321232d421909e2e0b878d23b226b9204813abfd58338df63ec0f3a0aa1df08f6ee238f250e1f1517a9491032c8aeef45e3096f8c60fe39eb45570a9ed2a19c2671080fb0"}, @ibss={0x6, 0x2, 0x1}, @supported_rates={0x1, 0x2, [{0x4}, {0xc}]}]}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8, 0xcb, 0x7fffffff}, @NL80211_ATTR_TDLS_INITIATOR={0x4}]}, 0x128}, 0x1, 0x0, 0x0, 0x20000004}, 0x4) recvfrom(r0, &(0x7f0000000480)=""/110, 0xfffffe32, 0x734, 0x0, 0xffffffffffffff39) 01:16:00 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(0xffffffffffffffff, 0x800c6613, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x800002, 0x12, r0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r1, &(0x7f000099e000)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$inet_tcp_int(r1, 0x6, 0x19, &(0x7f0000000000)=0x20, 0x4) sendto$inet(r1, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) ioctl$LOOP_GET_STATUS(0xffffffffffffffff, 0x125e, &(0x7f0000000080)) sendmsg$NL80211_CMD_TDLS_MGMT(r1, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={0x0}, 0x1, 0x0, 0x0, 0x20000004}, 0x4) recvfrom(r1, &(0x7f0000000480)=""/110, 0xfffffe32, 0x734, 0x0, 0xffffffffffffff39) 01:16:00 executing program 0: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="200000004000000003000000400000000f000000000000000200000002000000008000000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000000140)="ed41000000000000dbf4655fdcf4655fdcf4655f0000000000000400080000000000000005000000080000000000000000000000000000000000000000000000bb", 0x41, 0x4200}], 0x0, &(0x7f0000013a00)) 01:16:00 executing program 4: syz_read_part_table(0xbc260000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000000)="020181ffffff0a000000ff45ac0000ffffffa9000800000000000000024000ffffff82000000e10000008877007200300700a6ffffff00000000008000da55aa", 0x40, 0x1c0}]) 01:16:00 executing program 2: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x47a00, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="200000004000000003000000300000000f000000000000000200000002000000008000000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000000140)="ed41000000000000dbf4655fdcf4655fdcf4655f0000000000000400080000000000000005000000080000000000000000000000000000000000000000000000bbb453d966251f49b1ab9b5b4d3c3f8ccc23b5d09ae234926a1e667ee0255913fede62ba578c07a711", 0x69, 0x4200}], 0x0, &(0x7f0000013a00)) 01:16:00 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(0xffffffffffffffff, 0x800c6613, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x800002, 0x12, r0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r1, &(0x7f000099e000)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$inet_tcp_int(r1, 0x6, 0x19, &(0x7f0000000000)=0x20, 0x4) sendto$inet(r1, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) ioctl$LOOP_GET_STATUS(0xffffffffffffffff, 0x125e, &(0x7f0000000080)) sendmsg$NL80211_CMD_TDLS_MGMT(r1, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={0x0}, 0x1, 0x0, 0x0, 0x20000004}, 0x4) recvfrom(r1, &(0x7f0000000480)=""/110, 0xfffffe32, 0x734, 0x0, 0xffffffffffffff39) [ 216.170087][T20954] loop2: detected capacity change from 0 to 573 [ 216.177020][T20956] loop4: detected capacity change from 0 to 264192 [ 216.203969][T20960] FAULT_INJECTION: forcing a failure. [ 216.203969][T20960] name failslab, interval 1, probability 0, space 0, times 0 [ 216.216687][T20960] CPU: 0 PID: 20960 Comm: syz-executor.5 Tainted: G W 5.14.0-syzkaller #0 [ 216.226511][T20960] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 216.236588][T20960] Call Trace: [ 216.239855][T20960] dump_stack_lvl+0xb7/0x103 [ 216.244441][T20960] dump_stack+0x11/0x1a [ 216.248615][T20960] should_fail+0x23c/0x250 [ 216.253022][T20960] ? mempool_alloc_slab+0x16/0x20 [ 216.258146][T20960] __should_failslab+0x81/0x90 [ 216.262927][T20960] should_failslab+0x5/0x20 [ 216.267424][T20960] kmem_cache_alloc+0x46/0x2e0 [ 216.272247][T20960] mempool_alloc_slab+0x16/0x20 [ 216.277099][T20960] ? mempool_free+0x130/0x130 [ 216.281916][T20960] mempool_alloc+0x8c/0x300 [ 216.286418][T20960] ? ext4_inode_block_valid+0x1cc/0x210 [ 216.292053][T20960] bio_alloc_bioset+0xcc/0x530 [ 216.296868][T20960] ? iov_iter_alignment+0x34b/0x370 [ 216.302149][T20960] iomap_dio_bio_actor+0x511/0xb50 [ 216.307351][T20960] ? ext4_iomap_begin+0x5d1/0x620 [ 216.312416][T20960] iomap_dio_actor+0x26e/0x3b0 [ 216.317175][T20960] ? ext4_iomap_overwrite_begin+0x5e/0x80 [ 216.322890][T20960] iomap_apply+0x1df/0x400 [ 216.327318][T20960] __iomap_dio_rw+0x62e/0xa60 [ 216.331979][T20960] ? __iomap_dio_rw+0xa60/0xa60 [ 216.336805][T20960] iomap_dio_rw+0x30/0x70 [ 216.341113][T20960] ext4_file_write_iter+0xa5e/0x11a0 [ 216.346435][T20960] do_iter_readv_writev+0x2cd/0x370 [ 216.351691][T20960] do_iter_write+0x192/0x5c0 [ 216.356265][T20960] ? splice_from_pipe_next+0x34f/0x3b0 [ 216.361704][T20960] ? kmalloc_array+0x2d/0x40 [ 216.366333][T20960] vfs_iter_write+0x4c/0x70 [ 216.371245][T20960] iter_file_splice_write+0x40a/0x750 [ 216.376638][T20960] ? splice_from_pipe+0xc0/0xc0 [ 216.381538][T20960] direct_splice_actor+0x80/0xa0 [ 216.386451][T20960] splice_direct_to_actor+0x345/0x650 [ 216.391837][T20960] ? do_splice_direct+0x170/0x170 [ 216.396884][T20960] do_splice_direct+0xf5/0x170 [ 216.401648][T20960] do_sendfile+0x618/0xb90 [ 216.406040][T20960] __x64_sys_sendfile64+0xf2/0x130 [ 216.411240][T20960] do_syscall_64+0x3d/0x90 [ 216.415669][T20960] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 216.421552][T20960] RIP: 0033:0x4665f9 [ 216.425422][T20960] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 216.445001][T20960] RSP: 002b:00007f439350a188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 216.453389][T20960] RAX: ffffffffffffffda RBX: 000000000056c038 RCX: 00000000004665f9 [ 216.461336][T20960] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000004 01:16:00 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(0xffffffffffffffff, 0x800c6613, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x800002, 0x12, r0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r1, &(0x7f000099e000)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$inet_tcp_int(r1, 0x6, 0x19, &(0x7f0000000000)=0x20, 0x4) sendto$inet(r1, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) ioctl$LOOP_GET_STATUS(0xffffffffffffffff, 0x125e, &(0x7f0000000080)) sendmsg$NL80211_CMD_TDLS_MGMT(r1, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000180)={0x160, 0x0, 0x0, 0x70bd2b, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xc, 0x2a, [@mesh_chsw={0x76, 0x6, {0x4, 0x26, 0x3d, 0x6}}]}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8}, @NL80211_ATTR_IE={0x11e, 0x2a, [@mesh_id={0x72, 0x6}, @ht={0x2d, 0x1a, {0x8, 0x0, 0x1, 0x0, {0x3, 0x1, 0x0, 0x40, 0x0, 0x0, 0x0, 0x3, 0x1}, 0x8, 0x2, 0x2}}, @random_vendor={0xdd, 0xec, "5d4436042fb01afc776f15e249f78a5aa575849e3f8dfaf15c31ab8e96bc93a802a07f9a061d42824f799da013af85391831c9d4d7763587719e0a866b6530d86eec17b03908316c3b2f349db78ce75136f0513d4f0ded6c486518591507ef48244207ef1a137875c55b2461f29fc321232d421909e2e0b878d23b226b9204813abfd58338df63ec0f3a0aa1df08f6ee238f250e1f1517a9491032c8aeef45e3096f8c60fe39eb45570a9ed2a19c2671080fb03c84672b7a6d0050f45aaa2e93af2224c4b60edddc2d45831dacd11acc362166f47ff0f98148d5eea62845deed5ebbae8bd8bcb5c46cfa91e1"}, @ibss={0x6, 0x2, 0x1}, @supported_rates={0x1, 0x2, [{0x4}, {0xc}]}]}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8, 0xcb, 0x7fffffff}, @NL80211_ATTR_TDLS_INITIATOR={0x4}]}, 0x160}, 0x1, 0x0, 0x0, 0x20000004}, 0x4) recvfrom(r1, &(0x7f0000000480)=""/110, 0xfffffe32, 0x734, 0x0, 0xffffffffffffff39) [ 216.469281][T20960] RBP: 00007f439350a1d0 R08: 0000000000000000 R09: 0000000000000000 [ 216.477234][T20960] R10: 0008000000000004 R11: 0000000000000246 R12: 0000000000000002 [ 216.485182][T20960] R13: 00007ffeba6dfb3f R14: 00007f439350a300 R15: 0000000000022000 [ 216.507027][T20954] EXT4-fs error (device loop2): __ext4_iget:4846: inode #2: block 3646141627: comm syz-executor.2: invalid block 01:16:00 executing program 0: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="2000000040000000030000fffe0000000f000000000000000200000002000000008000000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000000140)="ed41000000000000dbf4655fdcf4655fdcf4655f0000000000000400080000000000000005000000080000000000000000000000000000000000000000000000bb", 0x41, 0x4200}], 0x0, &(0x7f0000013a00)) 01:16:00 executing program 1: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f000099e000)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$inet_tcp_int(r0, 0x6, 0x19, &(0x7f0000000000)=0x20, 0x4) sendto$inet(r0, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) sendmsg$NL80211_CMD_TDLS_MGMT(r0, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000180)={0x128, 0x0, 0x100, 0x70bd2b, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xc, 0x2a, [@mesh_chsw={0x76, 0x6, {0x4, 0x26, 0x3d, 0x6}}]}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8}, @NL80211_ATTR_IE={0xe5, 0x2a, [@mesh_id={0x72, 0x6}, @ht={0x2d, 0x1a, {0x8, 0x0, 0x1, 0x0, {0x3, 0x1, 0x0, 0x40, 0x0, 0x0, 0x0, 0x3, 0x1}, 0x8, 0x2, 0x2}}, @random_vendor={0xdd, 0xb3, "5d4436042fb01afc776f15e249f78a5aa575849e3f8dfaf15c31ab8e96bc93a802a07f9a061d42824f799da013af85391831c9d4d7763587719e0a866b6530d86eec17b03908316c3b2f349db78ce75136f0513d4f0ded6c486518591507ef48244207ef1a137875c55b2461f29fc321232d421909e2e0b878d23b226b9204813abfd58338df63ec0f3a0aa1df08f6ee238f250e1f1517a9491032c8aeef45e3096f8c60fe39eb45570a9ed2a19c2671080fb0"}, @ibss={0x6, 0x2, 0x1}, @supported_rates={0x1, 0x2, [{0x4}, {0xc}]}]}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8, 0xcb, 0x7fffffff}, @NL80211_ATTR_TDLS_INITIATOR={0x4}]}, 0x128}, 0x1, 0x0, 0x0, 0x20000004}, 0x4) recvfrom(r0, &(0x7f0000000480)=""/110, 0xfffffe32, 0x734, 0x0, 0xffffffffffffff39) [ 216.519003][T20954] EXT4-fs (loop2): get root inode failed [ 216.524652][T20954] EXT4-fs (loop2): mount failed [ 216.534925][T20881] loop4: p1 p2 p3 p4 [ 216.539306][T20881] loop4: p1 size 11290111 extends beyond EOD, truncated 01:16:00 executing program 1: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f000099e000)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$inet_tcp_int(r0, 0x6, 0x19, &(0x7f0000000000)=0x20, 0x4) sendto$inet(r0, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) sendmsg$NL80211_CMD_TDLS_MGMT(r0, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000180)={0x144, 0x0, 0x100, 0x70bd2b, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xc, 0x2a, [@mesh_chsw={0x76, 0x6, {0x4, 0x26, 0x3d, 0x6}}]}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8}, @NL80211_ATTR_IE={0x102, 0x2a, [@mesh_id={0x72, 0x6}, @ht={0x2d, 0x1a, {0x8, 0x0, 0x1, 0x0, {0x3, 0x1, 0x0, 0x40, 0x0, 0x0, 0x0, 0x3, 0x1}, 0x8, 0x2, 0x2}}, @random_vendor={0xdd, 0xd0, "5d4436042fb01afc776f15e249f78a5aa575849e3f8dfaf15c31ab8e96bc93a802a07f9a061d42824f799da013af85391831c9d4d7763587719e0a866b6530d86eec17b03908316c3b2f349db78ce75136f0513d4f0ded6c486518591507ef48244207ef1a137875c55b2461f29fc321232d421909e2e0b878d23b226b9204813abfd58338df63ec0f3a0aa1df08f6ee238f250e1f1517a9491032c8aeef45e3096f8c60fe39eb45570a9ed2a19c2671080fb03c84672b7a6d0050f45aaa2e93af2224c4b60edddc2d45831dacd11acc"}, @ibss={0x6, 0x2, 0x1}, @supported_rates={0x1, 0x2, [{0x4}, {0xc}]}]}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8, 0xcb, 0x7fffffff}, @NL80211_ATTR_TDLS_INITIATOR={0x4}]}, 0x144}, 0x1, 0x0, 0x0, 0x20000004}, 0x4) recvfrom(r0, &(0x7f0000000480)=""/110, 0xfffffe32, 0x734, 0x0, 0xffffffffffffff39) 01:16:00 executing program 0: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="200000004000000003000000fe0000000f000000000000000200000002000000008000000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000000140)="ed41000000000000dbf4655fdcf4655fdcf4655f0000000000000400080000000000000005000000080000000000000000000000000000000000000000000000bb", 0x41, 0x4200}], 0x0, &(0x7f0000013a00)) [ 216.579373][T20881] loop4: p2 size 1073872896 extends beyond EOD, truncated [ 216.627797][T20881] loop4: p3 size 1912633224 extends beyond EOD, truncated [ 216.646320][T20954] loop2: detected capacity change from 0 to 573 [ 216.670061][T20954] EXT4-fs error (device loop2): __ext4_iget:4846: inode #2: block 3646141627: comm syz-executor.2: invalid block [ 216.682042][T20954] EXT4-fs (loop2): get root inode failed [ 216.687696][T20954] EXT4-fs (loop2): mount failed [ 216.710401][T20881] loop4: p4 size 3657465856 extends beyond EOD, truncated [ 216.738031][T20956] loop_reread_partitions: partition scan of loop4 () failed (rc=-16) 01:16:01 executing program 5 (fault-call:7 fault-nth:35): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x7a05, 0x1700) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) write$cgroup_int(r2, &(0x7f0000000200), 0xf000) pwrite64(0xffffffffffffffff, 0x0, 0x0, 0x0) sendfile(r2, r3, 0x0, 0xf03b0000) sendfile(r1, r0, 0x0, 0x8000000000004) 01:16:01 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(0xffffffffffffffff, 0x800c6613, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x800002, 0x12, r0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r1, &(0x7f000099e000)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$inet_tcp_int(r1, 0x6, 0x19, &(0x7f0000000000)=0x20, 0x4) sendto$inet(r1, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) ioctl$LOOP_GET_STATUS(0xffffffffffffffff, 0x125e, &(0x7f0000000080)) sendmsg$NL80211_CMD_TDLS_MGMT(r1, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000180)={0x160, 0x0, 0x0, 0x70bd2b, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xc, 0x2a, [@mesh_chsw={0x76, 0x6, {0x4, 0x26, 0x3d, 0x6}}]}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8}, @NL80211_ATTR_IE={0x11e, 0x2a, [@mesh_id={0x72, 0x6}, @ht={0x2d, 0x1a, {0x8, 0x0, 0x1, 0x0, {0x3, 0x1, 0x0, 0x40, 0x0, 0x0, 0x0, 0x3, 0x1}, 0x8, 0x2, 0x2}}, @random_vendor={0xdd, 0xec, "5d4436042fb01afc776f15e249f78a5aa575849e3f8dfaf15c31ab8e96bc93a802a07f9a061d42824f799da013af85391831c9d4d7763587719e0a866b6530d86eec17b03908316c3b2f349db78ce75136f0513d4f0ded6c486518591507ef48244207ef1a137875c55b2461f29fc321232d421909e2e0b878d23b226b9204813abfd58338df63ec0f3a0aa1df08f6ee238f250e1f1517a9491032c8aeef45e3096f8c60fe39eb45570a9ed2a19c2671080fb03c84672b7a6d0050f45aaa2e93af2224c4b60edddc2d45831dacd11acc362166f47ff0f98148d5eea62845deed5ebbae8bd8bcb5c46cfa91e1"}, @ibss={0x6, 0x2, 0x1}, @supported_rates={0x1, 0x2, [{0x4}, {0xc}]}]}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8, 0xcb, 0x7fffffff}, @NL80211_ATTR_TDLS_INITIATOR={0x4}]}, 0x160}, 0x1, 0x0, 0x0, 0x20000004}, 0x4) recvfrom(r1, &(0x7f0000000480)=""/110, 0xfffffe32, 0x734, 0x0, 0xffffffffffffff39) 01:16:01 executing program 1: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f000099e000)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$inet_tcp_int(r0, 0x6, 0x19, &(0x7f0000000000)=0x20, 0x4) sendto$inet(r0, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) sendmsg$NL80211_CMD_TDLS_MGMT(r0, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000180)={0x144, 0x0, 0x100, 0x70bd2b, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xc, 0x2a, [@mesh_chsw={0x76, 0x6, {0x4, 0x26, 0x3d, 0x6}}]}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8}, @NL80211_ATTR_IE={0x102, 0x2a, [@mesh_id={0x72, 0x6}, @ht={0x2d, 0x1a, {0x8, 0x0, 0x1, 0x0, {0x3, 0x1, 0x0, 0x40, 0x0, 0x0, 0x0, 0x3, 0x1}, 0x8, 0x2, 0x2}}, @random_vendor={0xdd, 0xd0, "5d4436042fb01afc776f15e249f78a5aa575849e3f8dfaf15c31ab8e96bc93a802a07f9a061d42824f799da013af85391831c9d4d7763587719e0a866b6530d86eec17b03908316c3b2f349db78ce75136f0513d4f0ded6c486518591507ef48244207ef1a137875c55b2461f29fc321232d421909e2e0b878d23b226b9204813abfd58338df63ec0f3a0aa1df08f6ee238f250e1f1517a9491032c8aeef45e3096f8c60fe39eb45570a9ed2a19c2671080fb03c84672b7a6d0050f45aaa2e93af2224c4b60edddc2d45831dacd11acc"}, @ibss={0x6, 0x2, 0x1}, @supported_rates={0x1, 0x2, [{0x4}, {0xc}]}]}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8, 0xcb, 0x7fffffff}, @NL80211_ATTR_TDLS_INITIATOR={0x4}]}, 0x144}, 0x1, 0x0, 0x0, 0x20000004}, 0x4) recvfrom(r0, &(0x7f0000000480)=""/110, 0xfffffe32, 0x734, 0x0, 0xffffffffffffff39) 01:16:01 executing program 0: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="200000004000000003000000feff00000f000000000000000200000002000000008000000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000000140)="ed41000000000000dbf4655fdcf4655fdcf4655f0000000000000400080000000000000005000000080000000000000000000000000000000000000000000000bb", 0x41, 0x4200}], 0x0, &(0x7f0000013a00)) 01:16:01 executing program 2: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x47a02, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="200000004000000003000000300000000f000000000000000200000002000000008000000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000000140)="ed41000000000000dbf4655fdcf4655fdcf4655f0000000000000400080000000000000005000000080000000000000000000000000000000000000000000000bbb453d966251f49b1ab9b5b4d3c3f8ccc23b5d09ae234926a1e667ee0255913fede62ba578c07a711", 0x69, 0x4200}], 0x0, &(0x7f0000013a00)) 01:16:01 executing program 4: syz_read_part_table(0xc9ffffff, 0x1, &(0x7f0000000040)=[{&(0x7f0000000000)="020181ffffff0a000000ff45ac0000ffffffa9000800000000000000024000ffffff82000000e10000008877007200300700a6ffffff00000000008000da55aa", 0x40, 0x1c0}]) [ 217.022775][T21023] loop2: detected capacity change from 0 to 573 [ 217.029422][T21024] loop4: detected capacity change from 0 to 264192 [ 217.054120][T21031] FAULT_INJECTION: forcing a failure. [ 217.054120][T21031] name failslab, interval 1, probability 0, space 0, times 0 [ 217.066769][T21031] CPU: 0 PID: 21031 Comm: syz-executor.5 Tainted: G W 5.14.0-syzkaller #0 [ 217.076564][T21031] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 217.086649][T21031] Call Trace: [ 217.089951][T21031] dump_stack_lvl+0xb7/0x103 [ 217.094550][T21031] dump_stack+0x11/0x1a [ 217.098702][T21031] should_fail+0x23c/0x250 [ 217.103156][T21031] ? mempool_alloc_slab+0x16/0x20 [ 217.108184][T21031] __should_failslab+0x81/0x90 [ 217.112947][T21031] should_failslab+0x5/0x20 [ 217.117504][T21031] kmem_cache_alloc+0x46/0x2e0 [ 217.122271][T21031] mempool_alloc_slab+0x16/0x20 [ 217.127132][T21031] ? mempool_free+0x130/0x130 [ 217.131866][T21031] mempool_alloc+0x8c/0x300 [ 217.136365][T21031] sg_pool_alloc+0x74/0x90 [ 217.140771][T21031] __sg_alloc_table+0xce/0x290 [ 217.145669][T21031] sg_alloc_table_chained+0xaf/0x140 [ 217.150943][T21031] ? sg_alloc_table_chained+0x140/0x140 [ 217.156603][T21031] scsi_alloc_sgtables+0x17c/0x500 [ 217.161702][T21031] sd_init_command+0x96a/0x1640 [ 217.166532][T21031] scsi_queue_rq+0x10e0/0x15a0 [ 217.171268][T21031] blk_mq_dispatch_rq_list+0x695/0x1040 [ 217.176831][T21031] ? __sbitmap_queue_get+0x11/0x20 [ 217.181938][T21031] blk_mq_do_dispatch_sched+0x3b5/0x640 [ 217.187468][T21031] __blk_mq_sched_dispatch_requests+0x1eb/0x290 [ 217.193686][T21031] ? rb_insert_color+0x2fa/0x310 [ 217.198612][T21031] blk_mq_sched_dispatch_requests+0x9f/0x110 [ 217.204588][T21031] __blk_mq_run_hw_queue+0xbc/0x140 [ 217.209790][T21031] __blk_mq_delay_run_hw_queue+0x163/0x2f0 [ 217.215639][T21031] blk_mq_run_hw_queue+0x22c/0x250 [ 217.220796][T21031] blk_mq_sched_insert_requests+0x12b/0x1f0 [ 217.226674][T21031] blk_mq_flush_plug_list+0x2f2/0x3c0 [ 217.232044][T21031] blk_flush_plug_list+0x235/0x260 [ 217.237183][T21031] blk_finish_plug+0x44/0x60 [ 217.241799][T21031] __iomap_dio_rw+0x797/0xa60 [ 217.246620][T21031] iomap_dio_rw+0x30/0x70 [ 217.250933][T21031] ext4_file_write_iter+0xa5e/0x11a0 [ 217.256200][T21031] do_iter_readv_writev+0x2cd/0x370 [ 217.261427][T21031] do_iter_write+0x192/0x5c0 [ 217.266011][T21031] ? splice_from_pipe_next+0x34f/0x3b0 [ 217.271490][T21031] ? kmalloc_array+0x2d/0x40 [ 217.276104][T21031] vfs_iter_write+0x4c/0x70 [ 217.280586][T21031] iter_file_splice_write+0x40a/0x750 [ 217.285993][T21031] ? splice_from_pipe+0xc0/0xc0 [ 217.290826][T21031] direct_splice_actor+0x80/0xa0 [ 217.295803][T21031] splice_direct_to_actor+0x345/0x650 [ 217.301158][T21031] ? do_splice_direct+0x170/0x170 [ 217.306163][T21031] do_splice_direct+0xf5/0x170 [ 217.310968][T21031] do_sendfile+0x618/0xb90 [ 217.315403][T21031] __x64_sys_sendfile64+0xf2/0x130 [ 217.320508][T21031] do_syscall_64+0x3d/0x90 [ 217.324935][T21031] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 217.330874][T21031] RIP: 0033:0x4665f9 [ 217.334753][T21031] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 217.354343][T21031] RSP: 002b:00007f439350a188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 217.362807][T21031] RAX: ffffffffffffffda RBX: 000000000056c038 RCX: 00000000004665f9 01:16:01 executing program 0: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="200000004000000003000000feffffff0f000000000000000200000002000000008000000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000000140)="ed41000000000000dbf4655fdcf4655fdcf4655f0000000000000400080000000000000005000000080000000000000000000000000000000000000000000000bb", 0x41, 0x4200}], 0x0, &(0x7f0000013a00)) 01:16:01 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(0xffffffffffffffff, 0x800c6613, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x800002, 0x12, r0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r1, &(0x7f000099e000)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$inet_tcp_int(r1, 0x6, 0x19, &(0x7f0000000000)=0x20, 0x4) sendto$inet(r1, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) ioctl$LOOP_GET_STATUS(0xffffffffffffffff, 0x125e, &(0x7f0000000080)) sendmsg$NL80211_CMD_TDLS_MGMT(r1, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000180)={0x160, 0x0, 0x0, 0x70bd2b, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xc, 0x2a, [@mesh_chsw={0x76, 0x6, {0x4, 0x26, 0x3d, 0x6}}]}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8}, @NL80211_ATTR_IE={0x11e, 0x2a, [@mesh_id={0x72, 0x6}, @ht={0x2d, 0x1a, {0x8, 0x0, 0x1, 0x0, {0x3, 0x1, 0x0, 0x40, 0x0, 0x0, 0x0, 0x3, 0x1}, 0x8, 0x2, 0x2}}, @random_vendor={0xdd, 0xec, "5d4436042fb01afc776f15e249f78a5aa575849e3f8dfaf15c31ab8e96bc93a802a07f9a061d42824f799da013af85391831c9d4d7763587719e0a866b6530d86eec17b03908316c3b2f349db78ce75136f0513d4f0ded6c486518591507ef48244207ef1a137875c55b2461f29fc321232d421909e2e0b878d23b226b9204813abfd58338df63ec0f3a0aa1df08f6ee238f250e1f1517a9491032c8aeef45e3096f8c60fe39eb45570a9ed2a19c2671080fb03c84672b7a6d0050f45aaa2e93af2224c4b60edddc2d45831dacd11acc362166f47ff0f98148d5eea62845deed5ebbae8bd8bcb5c46cfa91e1"}, @ibss={0x6, 0x2, 0x1}, @supported_rates={0x1, 0x2, [{0x4}, {0xc}]}]}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8, 0xcb, 0x7fffffff}, @NL80211_ATTR_TDLS_INITIATOR={0x4}]}, 0x160}, 0x1, 0x0, 0x0, 0x20000004}, 0x4) recvfrom(r1, &(0x7f0000000480)=""/110, 0xfffffe32, 0x734, 0x0, 0xffffffffffffff39) [ 217.370756][T21031] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000004 [ 217.378704][T21031] RBP: 00007f439350a1d0 R08: 0000000000000000 R09: 0000000000000000 [ 217.386656][T21031] R10: 0008000000000004 R11: 0000000000000246 R12: 0000000000000002 [ 217.394652][T21031] R13: 00007ffeba6dfb3f R14: 00007f439350a300 R15: 0000000000022000 01:16:01 executing program 1: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f000099e000)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$inet_tcp_int(r0, 0x6, 0x19, &(0x7f0000000000)=0x20, 0x4) sendto$inet(r0, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) sendmsg$NL80211_CMD_TDLS_MGMT(r0, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000180)={0x144, 0x0, 0x100, 0x70bd2b, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xc, 0x2a, [@mesh_chsw={0x76, 0x6, {0x4, 0x26, 0x3d, 0x6}}]}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8}, @NL80211_ATTR_IE={0x102, 0x2a, [@mesh_id={0x72, 0x6}, @ht={0x2d, 0x1a, {0x8, 0x0, 0x1, 0x0, {0x3, 0x1, 0x0, 0x40, 0x0, 0x0, 0x0, 0x3, 0x1}, 0x8, 0x2, 0x2}}, @random_vendor={0xdd, 0xd0, "5d4436042fb01afc776f15e249f78a5aa575849e3f8dfaf15c31ab8e96bc93a802a07f9a061d42824f799da013af85391831c9d4d7763587719e0a866b6530d86eec17b03908316c3b2f349db78ce75136f0513d4f0ded6c486518591507ef48244207ef1a137875c55b2461f29fc321232d421909e2e0b878d23b226b9204813abfd58338df63ec0f3a0aa1df08f6ee238f250e1f1517a9491032c8aeef45e3096f8c60fe39eb45570a9ed2a19c2671080fb03c84672b7a6d0050f45aaa2e93af2224c4b60edddc2d45831dacd11acc"}, @ibss={0x6, 0x2, 0x1}, @supported_rates={0x1, 0x2, [{0x4}, {0xc}]}]}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8, 0xcb, 0x7fffffff}, @NL80211_ATTR_TDLS_INITIATOR={0x4}]}, 0x144}, 0x1, 0x0, 0x0, 0x20000004}, 0x4) recvfrom(r0, &(0x7f0000000480)=""/110, 0xfffffe32, 0x734, 0x0, 0xffffffffffffff39) [ 217.413628][T21023] EXT4-fs error (device loop2): __ext4_iget:4846: inode #2: block 3646141627: comm syz-executor.2: invalid block [ 217.425600][T21023] EXT4-fs (loop2): get root inode failed [ 217.431227][T21023] EXT4-fs (loop2): mount failed [ 217.449704][T21024] loop4: p1 p2 p3 p4 [ 217.454502][T21024] loop4: p1 size 11290111 extends beyond EOD, truncated 01:16:01 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(0xffffffffffffffff, 0x800c6613, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x800002, 0x12, r0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r1, &(0x7f000099e000)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$inet_tcp_int(r1, 0x6, 0x19, &(0x7f0000000000)=0x20, 0x4) sendto$inet(r1, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) ioctl$LOOP_GET_STATUS(0xffffffffffffffff, 0x125e, &(0x7f0000000080)) sendmsg$NL80211_CMD_TDLS_MGMT(r1, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000180)={0x160, 0x0, 0x100, 0x0, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xc, 0x2a, [@mesh_chsw={0x76, 0x6, {0x4, 0x26, 0x3d, 0x6}}]}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8}, @NL80211_ATTR_IE={0x11e, 0x2a, [@mesh_id={0x72, 0x6}, @ht={0x2d, 0x1a, {0x8, 0x0, 0x1, 0x0, {0x3, 0x1, 0x0, 0x40, 0x0, 0x0, 0x0, 0x3, 0x1}, 0x8, 0x2, 0x2}}, @random_vendor={0xdd, 0xec, "5d4436042fb01afc776f15e249f78a5aa575849e3f8dfaf15c31ab8e96bc93a802a07f9a061d42824f799da013af85391831c9d4d7763587719e0a866b6530d86eec17b03908316c3b2f349db78ce75136f0513d4f0ded6c486518591507ef48244207ef1a137875c55b2461f29fc321232d421909e2e0b878d23b226b9204813abfd58338df63ec0f3a0aa1df08f6ee238f250e1f1517a9491032c8aeef45e3096f8c60fe39eb45570a9ed2a19c2671080fb03c84672b7a6d0050f45aaa2e93af2224c4b60edddc2d45831dacd11acc362166f47ff0f98148d5eea62845deed5ebbae8bd8bcb5c46cfa91e1"}, @ibss={0x6, 0x2, 0x1}, @supported_rates={0x1, 0x2, [{0x4}, {0xc}]}]}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8, 0xcb, 0x7fffffff}, @NL80211_ATTR_TDLS_INITIATOR={0x4}]}, 0x160}, 0x1, 0x0, 0x0, 0x20000004}, 0x4) recvfrom(r1, &(0x7f0000000480)=""/110, 0xfffffe32, 0x734, 0x0, 0xffffffffffffff39) 01:16:01 executing program 0: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="200000004000000003000000300200000f000000000000000200000002000000008000000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000000140)="ed41000000000000dbf4655fdcf4655fdcf4655f0000000000000400080000000000000005000000080000000000000000000000000000000000000000000000bb", 0x41, 0x4200}], 0x0, &(0x7f0000013a00)) 01:16:01 executing program 1: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f000099e000)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$inet_tcp_int(r0, 0x6, 0x19, &(0x7f0000000000)=0x20, 0x4) sendto$inet(r0, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) sendmsg$NL80211_CMD_TDLS_MGMT(r0, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000180)={0x150, 0x0, 0x100, 0x70bd2b, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xc, 0x2a, [@mesh_chsw={0x76, 0x6, {0x4, 0x26, 0x3d, 0x6}}]}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8}, @NL80211_ATTR_IE={0x110, 0x2a, [@mesh_id={0x72, 0x6}, @ht={0x2d, 0x1a, {0x8, 0x0, 0x1, 0x0, {0x3, 0x1, 0x0, 0x40, 0x0, 0x0, 0x0, 0x3, 0x1}, 0x8, 0x2, 0x2}}, @random_vendor={0xdd, 0xde, "5d4436042fb01afc776f15e249f78a5aa575849e3f8dfaf15c31ab8e96bc93a802a07f9a061d42824f799da013af85391831c9d4d7763587719e0a866b6530d86eec17b03908316c3b2f349db78ce75136f0513d4f0ded6c486518591507ef48244207ef1a137875c55b2461f29fc321232d421909e2e0b878d23b226b9204813abfd58338df63ec0f3a0aa1df08f6ee238f250e1f1517a9491032c8aeef45e3096f8c60fe39eb45570a9ed2a19c2671080fb03c84672b7a6d0050f45aaa2e93af2224c4b60edddc2d45831dacd11acc362166f47ff0f98148d5eea62845"}, @ibss={0x6, 0x2, 0x1}, @supported_rates={0x1, 0x2, [{0x4}, {0xc}]}]}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8, 0xcb, 0x7fffffff}, @NL80211_ATTR_TDLS_INITIATOR={0x4}]}, 0x150}, 0x1, 0x0, 0x0, 0x20000004}, 0x4) recvfrom(r0, &(0x7f0000000480)=""/110, 0xfffffe32, 0x734, 0x0, 0xffffffffffffff39) [ 217.501017][T21024] loop4: p2 size 1073872896 extends beyond EOD, truncated [ 217.559293][T21024] loop4: p3 size 1912633224 extends beyond EOD, truncated [ 217.597267][T21024] loop4: p4 size 3657465856 extends beyond EOD, truncated [ 217.615295][T21023] loop2: detected capacity change from 0 to 573 [ 217.642062][T21023] EXT4-fs error (device loop2): __ext4_iget:4846: inode #2: block 3646141627: comm syz-executor.2: invalid block [ 217.654112][T21023] EXT4-fs (loop2): get root inode failed [ 217.659782][T21023] EXT4-fs (loop2): mount failed [ 217.746326][T21024] loop4: detected capacity change from 0 to 264192 01:16:02 executing program 5 (fault-call:7 fault-nth:36): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x7a05, 0x1700) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) write$cgroup_int(r2, &(0x7f0000000200), 0xf000) pwrite64(0xffffffffffffffff, 0x0, 0x0, 0x0) sendfile(r2, r3, 0x0, 0xf03b0000) sendfile(r1, r0, 0x0, 0x8000000000004) 01:16:02 executing program 1: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f000099e000)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$inet_tcp_int(r0, 0x6, 0x19, &(0x7f0000000000)=0x20, 0x4) sendto$inet(r0, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) sendmsg$NL80211_CMD_TDLS_MGMT(r0, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000180)={0x150, 0x0, 0x100, 0x70bd2b, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xc, 0x2a, [@mesh_chsw={0x76, 0x6, {0x4, 0x26, 0x3d, 0x6}}]}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8}, @NL80211_ATTR_IE={0x110, 0x2a, [@mesh_id={0x72, 0x6}, @ht={0x2d, 0x1a, {0x8, 0x0, 0x1, 0x0, {0x3, 0x1, 0x0, 0x40, 0x0, 0x0, 0x0, 0x3, 0x1}, 0x8, 0x2, 0x2}}, @random_vendor={0xdd, 0xde, "5d4436042fb01afc776f15e249f78a5aa575849e3f8dfaf15c31ab8e96bc93a802a07f9a061d42824f799da013af85391831c9d4d7763587719e0a866b6530d86eec17b03908316c3b2f349db78ce75136f0513d4f0ded6c486518591507ef48244207ef1a137875c55b2461f29fc321232d421909e2e0b878d23b226b9204813abfd58338df63ec0f3a0aa1df08f6ee238f250e1f1517a9491032c8aeef45e3096f8c60fe39eb45570a9ed2a19c2671080fb03c84672b7a6d0050f45aaa2e93af2224c4b60edddc2d45831dacd11acc362166f47ff0f98148d5eea62845"}, @ibss={0x6, 0x2, 0x1}, @supported_rates={0x1, 0x2, [{0x4}, {0xc}]}]}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8, 0xcb, 0x7fffffff}, @NL80211_ATTR_TDLS_INITIATOR={0x4}]}, 0x150}, 0x1, 0x0, 0x0, 0x20000004}, 0x4) recvfrom(r0, &(0x7f0000000480)=""/110, 0xfffffe32, 0x734, 0x0, 0xffffffffffffff39) 01:16:02 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(0xffffffffffffffff, 0x800c6613, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x800002, 0x12, r0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r1, &(0x7f000099e000)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$inet_tcp_int(r1, 0x6, 0x19, &(0x7f0000000000)=0x20, 0x4) sendto$inet(r1, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) ioctl$LOOP_GET_STATUS(0xffffffffffffffff, 0x125e, &(0x7f0000000080)) sendmsg$NL80211_CMD_TDLS_MGMT(r1, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000180)={0x160, 0x0, 0x100, 0x0, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xc, 0x2a, [@mesh_chsw={0x76, 0x6, {0x4, 0x26, 0x3d, 0x6}}]}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8}, @NL80211_ATTR_IE={0x11e, 0x2a, [@mesh_id={0x72, 0x6}, @ht={0x2d, 0x1a, {0x8, 0x0, 0x1, 0x0, {0x3, 0x1, 0x0, 0x40, 0x0, 0x0, 0x0, 0x3, 0x1}, 0x8, 0x2, 0x2}}, @random_vendor={0xdd, 0xec, "5d4436042fb01afc776f15e249f78a5aa575849e3f8dfaf15c31ab8e96bc93a802a07f9a061d42824f799da013af85391831c9d4d7763587719e0a866b6530d86eec17b03908316c3b2f349db78ce75136f0513d4f0ded6c486518591507ef48244207ef1a137875c55b2461f29fc321232d421909e2e0b878d23b226b9204813abfd58338df63ec0f3a0aa1df08f6ee238f250e1f1517a9491032c8aeef45e3096f8c60fe39eb45570a9ed2a19c2671080fb03c84672b7a6d0050f45aaa2e93af2224c4b60edddc2d45831dacd11acc362166f47ff0f98148d5eea62845deed5ebbae8bd8bcb5c46cfa91e1"}, @ibss={0x6, 0x2, 0x1}, @supported_rates={0x1, 0x2, [{0x4}, {0xc}]}]}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8, 0xcb, 0x7fffffff}, @NL80211_ATTR_TDLS_INITIATOR={0x4}]}, 0x160}, 0x1, 0x0, 0x0, 0x20000004}, 0x4) recvfrom(r1, &(0x7f0000000480)=""/110, 0xfffffe32, 0x734, 0x0, 0xffffffffffffff39) 01:16:02 executing program 0: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="200000004000000003000000300300000f000000000000000200000002000000008000000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000000140)="ed41000000000000dbf4655fdcf4655fdcf4655f0000000000000400080000000000000005000000080000000000000000000000000000000000000000000000bb", 0x41, 0x4200}], 0x0, &(0x7f0000013a00)) 01:16:02 executing program 2: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x47b02, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="200000004000000003000000300000000f000000000000000200000002000000008000000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000000140)="ed41000000000000dbf4655fdcf4655fdcf4655f0000000000000400080000000000000005000000080000000000000000000000000000000000000000000000bbb453d966251f49b1ab9b5b4d3c3f8ccc23b5d09ae234926a1e667ee0255913fede62ba578c07a711", 0x69, 0x4200}], 0x0, &(0x7f0000013a00)) [ 217.829153][T21024] loop4: p1 p2 p3 p4 [ 217.837615][T21024] loop4: p1 size 11290111 extends beyond EOD, truncated [ 217.870423][T21091] loop2: detected capacity change from 0 to 573 [ 217.877730][T21024] loop4: p2 size 1073872896 extends beyond EOD, truncated [ 217.903159][T21096] FAULT_INJECTION: forcing a failure. [ 217.903159][T21096] name failslab, interval 1, probability 0, space 0, times 0 [ 217.915791][T21096] CPU: 0 PID: 21096 Comm: syz-executor.5 Tainted: G W 5.14.0-syzkaller #0 [ 217.925587][T21096] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 217.935791][T21096] Call Trace: [ 217.939063][T21096] dump_stack_lvl+0xb7/0x103 [ 217.943664][T21096] dump_stack+0x11/0x1a [ 217.947810][T21096] should_fail+0x23c/0x250 [ 217.952236][T21096] ? kmalloc_array+0x2d/0x40 [ 217.956932][T21096] __should_failslab+0x81/0x90 [ 217.961678][T21096] should_failslab+0x5/0x20 [ 217.966161][T21096] __kmalloc+0x66/0x340 [ 217.970298][T21096] ? ktime_get_coarse_real_ts64+0x10d/0x120 [ 217.976177][T21096] ? splice_from_pipe+0xc0/0xc0 [ 217.981104][T21096] kmalloc_array+0x2d/0x40 [ 217.985526][T21096] iter_file_splice_write+0xc6/0x750 [ 217.990831][T21096] ? atime_needs_update+0x239/0x390 [ 217.996029][T21096] ? touch_atime+0xcf/0x240 [ 218.000514][T21096] ? generic_file_splice_read+0x286/0x310 [ 218.006309][T21096] ? splice_from_pipe+0xc0/0xc0 [ 218.011166][T21096] direct_splice_actor+0x80/0xa0 [ 218.016098][T21096] splice_direct_to_actor+0x345/0x650 [ 218.021529][T21096] ? do_splice_direct+0x170/0x170 [ 218.026576][T21096] do_splice_direct+0xf5/0x170 [ 218.031395][T21096] do_sendfile+0x618/0xb90 [ 218.035800][T21096] __x64_sys_sendfile64+0xf2/0x130 [ 218.040978][T21096] do_syscall_64+0x3d/0x90 [ 218.045385][T21096] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 218.051263][T21096] RIP: 0033:0x4665f9 [ 218.055135][T21096] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 218.074719][T21096] RSP: 002b:00007f439350a188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 218.083115][T21096] RAX: ffffffffffffffda RBX: 000000000056c038 RCX: 00000000004665f9 [ 218.091066][T21096] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000004 [ 218.099020][T21096] RBP: 00007f439350a1d0 R08: 0000000000000000 R09: 0000000000000000 [ 218.107051][T21096] R10: 0008000000000004 R11: 0000000000000246 R12: 0000000000000002 [ 218.115012][T21096] R13: 00007ffeba6dfb3f R14: 00007f439350a300 R15: 0000000000022000 [ 218.127245][T21024] loop4: p3 size 1912633224 extends beyond EOD, truncated [ 218.149193][T21024] loop4: p4 size 3657465856 extends beyond EOD, truncated [ 218.165644][T21091] EXT4-fs error (device loop2): __ext4_iget:4846: inode #2: block 3646141627: comm syz-executor.2: invalid block [ 218.177588][T21091] EXT4-fs (loop2): get root inode failed [ 218.183213][T21091] EXT4-fs (loop2): mount failed 01:16:02 executing program 4: syz_read_part_table(0xcc060000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000000)="020181ffffff0a000000ff45ac0000ffffffa9000800000000000000024000ffffff82000000e10000008877007200300700a6ffffff00000000008000da55aa", 0x40, 0x1c0}]) 01:16:02 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(0xffffffffffffffff, 0x800c6613, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x800002, 0x12, r0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r1, &(0x7f000099e000)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$inet_tcp_int(r1, 0x6, 0x19, &(0x7f0000000000)=0x20, 0x4) sendto$inet(r1, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) ioctl$LOOP_GET_STATUS(0xffffffffffffffff, 0x125e, &(0x7f0000000080)) sendmsg$NL80211_CMD_TDLS_MGMT(r1, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000180)={0x160, 0x0, 0x100, 0x0, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xc, 0x2a, [@mesh_chsw={0x76, 0x6, {0x4, 0x26, 0x3d, 0x6}}]}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8}, @NL80211_ATTR_IE={0x11e, 0x2a, [@mesh_id={0x72, 0x6}, @ht={0x2d, 0x1a, {0x8, 0x0, 0x1, 0x0, {0x3, 0x1, 0x0, 0x40, 0x0, 0x0, 0x0, 0x3, 0x1}, 0x8, 0x2, 0x2}}, @random_vendor={0xdd, 0xec, "5d4436042fb01afc776f15e249f78a5aa575849e3f8dfaf15c31ab8e96bc93a802a07f9a061d42824f799da013af85391831c9d4d7763587719e0a866b6530d86eec17b03908316c3b2f349db78ce75136f0513d4f0ded6c486518591507ef48244207ef1a137875c55b2461f29fc321232d421909e2e0b878d23b226b9204813abfd58338df63ec0f3a0aa1df08f6ee238f250e1f1517a9491032c8aeef45e3096f8c60fe39eb45570a9ed2a19c2671080fb03c84672b7a6d0050f45aaa2e93af2224c4b60edddc2d45831dacd11acc362166f47ff0f98148d5eea62845deed5ebbae8bd8bcb5c46cfa91e1"}, @ibss={0x6, 0x2, 0x1}, @supported_rates={0x1, 0x2, [{0x4}, {0xc}]}]}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8, 0xcb, 0x7fffffff}, @NL80211_ATTR_TDLS_INITIATOR={0x4}]}, 0x160}, 0x1, 0x0, 0x0, 0x20000004}, 0x4) recvfrom(r1, &(0x7f0000000480)=""/110, 0xfffffe32, 0x734, 0x0, 0xffffffffffffff39) 01:16:02 executing program 1: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f000099e000)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$inet_tcp_int(r0, 0x6, 0x19, &(0x7f0000000000)=0x20, 0x4) sendto$inet(r0, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) sendmsg$NL80211_CMD_TDLS_MGMT(r0, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000180)={0x150, 0x0, 0x100, 0x70bd2b, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xc, 0x2a, [@mesh_chsw={0x76, 0x6, {0x4, 0x26, 0x3d, 0x6}}]}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8}, @NL80211_ATTR_IE={0x110, 0x2a, [@mesh_id={0x72, 0x6}, @ht={0x2d, 0x1a, {0x8, 0x0, 0x1, 0x0, {0x3, 0x1, 0x0, 0x40, 0x0, 0x0, 0x0, 0x3, 0x1}, 0x8, 0x2, 0x2}}, @random_vendor={0xdd, 0xde, "5d4436042fb01afc776f15e249f78a5aa575849e3f8dfaf15c31ab8e96bc93a802a07f9a061d42824f799da013af85391831c9d4d7763587719e0a866b6530d86eec17b03908316c3b2f349db78ce75136f0513d4f0ded6c486518591507ef48244207ef1a137875c55b2461f29fc321232d421909e2e0b878d23b226b9204813abfd58338df63ec0f3a0aa1df08f6ee238f250e1f1517a9491032c8aeef45e3096f8c60fe39eb45570a9ed2a19c2671080fb03c84672b7a6d0050f45aaa2e93af2224c4b60edddc2d45831dacd11acc362166f47ff0f98148d5eea62845"}, @ibss={0x6, 0x2, 0x1}, @supported_rates={0x1, 0x2, [{0x4}, {0xc}]}]}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8, 0xcb, 0x7fffffff}, @NL80211_ATTR_TDLS_INITIATOR={0x4}]}, 0x150}, 0x1, 0x0, 0x0, 0x20000004}, 0x4) recvfrom(r0, &(0x7f0000000480)=""/110, 0xfffffe32, 0x734, 0x0, 0xffffffffffffff39) 01:16:02 executing program 0: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="200000004000000003000000300400000f000000000000000200000002000000008000000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000000140)="ed41000000000000dbf4655fdcf4655fdcf4655f0000000000000400080000000000000005000000080000000000000000000000000000000000000000000000bb", 0x41, 0x4200}], 0x0, &(0x7f0000013a00)) 01:16:02 executing program 1: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f000099e000)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$inet_tcp_int(r0, 0x6, 0x19, &(0x7f0000000000)=0x20, 0x4) sendto$inet(r0, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) sendmsg$NL80211_CMD_TDLS_MGMT(r0, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000180)={0x158, 0x0, 0x100, 0x70bd2b, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xc, 0x2a, [@mesh_chsw={0x76, 0x6, {0x4, 0x26, 0x3d, 0x6}}]}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8}, @NL80211_ATTR_IE={0x117, 0x2a, [@mesh_id={0x72, 0x6}, @ht={0x2d, 0x1a, {0x8, 0x0, 0x1, 0x0, {0x3, 0x1, 0x0, 0x40, 0x0, 0x0, 0x0, 0x3, 0x1}, 0x8, 0x2, 0x2}}, @random_vendor={0xdd, 0xe5, "5d4436042fb01afc776f15e249f78a5aa575849e3f8dfaf15c31ab8e96bc93a802a07f9a061d42824f799da013af85391831c9d4d7763587719e0a866b6530d86eec17b03908316c3b2f349db78ce75136f0513d4f0ded6c486518591507ef48244207ef1a137875c55b2461f29fc321232d421909e2e0b878d23b226b9204813abfd58338df63ec0f3a0aa1df08f6ee238f250e1f1517a9491032c8aeef45e3096f8c60fe39eb45570a9ed2a19c2671080fb03c84672b7a6d0050f45aaa2e93af2224c4b60edddc2d45831dacd11acc362166f47ff0f98148d5eea62845deed5ebbae8bd8"}, @ibss={0x6, 0x2, 0x1}, @supported_rates={0x1, 0x2, [{0x4}, {0xc}]}]}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8, 0xcb, 0x7fffffff}, @NL80211_ATTR_TDLS_INITIATOR={0x4}]}, 0x158}, 0x1, 0x0, 0x0, 0x20000004}, 0x4) recvfrom(r0, &(0x7f0000000480)=""/110, 0xfffffe32, 0x734, 0x0, 0xffffffffffffff39) 01:16:02 executing program 0: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="200000004000000003000000300500000f000000000000000200000002000000008000000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000000140)="ed41000000000000dbf4655fdcf4655fdcf4655f0000000000000400080000000000000005000000080000000000000000000000000000000000000000000000bb", 0x41, 0x4200}], 0x0, &(0x7f0000013a00)) 01:16:02 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(0xffffffffffffffff, 0x800c6613, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x800002, 0x12, r0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r1, &(0x7f000099e000)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$inet_tcp_int(r1, 0x6, 0x19, &(0x7f0000000000)=0x20, 0x4) sendto$inet(r1, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) ioctl$LOOP_GET_STATUS(0xffffffffffffffff, 0x125e, &(0x7f0000000080)) sendmsg$NL80211_CMD_TDLS_MGMT(r1, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000180)={0x160, 0x0, 0x100, 0x70bd2b, 0x0, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xc, 0x2a, [@mesh_chsw={0x76, 0x6, {0x4, 0x26, 0x3d, 0x6}}]}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8}, @NL80211_ATTR_IE={0x11e, 0x2a, [@mesh_id={0x72, 0x6}, @ht={0x2d, 0x1a, {0x8, 0x0, 0x1, 0x0, {0x3, 0x1, 0x0, 0x40, 0x0, 0x0, 0x0, 0x3, 0x1}, 0x8, 0x2, 0x2}}, @random_vendor={0xdd, 0xec, "5d4436042fb01afc776f15e249f78a5aa575849e3f8dfaf15c31ab8e96bc93a802a07f9a061d42824f799da013af85391831c9d4d7763587719e0a866b6530d86eec17b03908316c3b2f349db78ce75136f0513d4f0ded6c486518591507ef48244207ef1a137875c55b2461f29fc321232d421909e2e0b878d23b226b9204813abfd58338df63ec0f3a0aa1df08f6ee238f250e1f1517a9491032c8aeef45e3096f8c60fe39eb45570a9ed2a19c2671080fb03c84672b7a6d0050f45aaa2e93af2224c4b60edddc2d45831dacd11acc362166f47ff0f98148d5eea62845deed5ebbae8bd8bcb5c46cfa91e1"}, @ibss={0x6, 0x2, 0x1}, @supported_rates={0x1, 0x2, [{0x4}, {0xc}]}]}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8, 0xcb, 0x7fffffff}, @NL80211_ATTR_TDLS_INITIATOR={0x4}]}, 0x160}, 0x1, 0x0, 0x0, 0x20000004}, 0x4) recvfrom(r1, &(0x7f0000000480)=""/110, 0xfffffe32, 0x734, 0x0, 0xffffffffffffff39) [ 218.387065][T21091] loop2: detected capacity change from 0 to 573 [ 218.401266][T21134] loop4: detected capacity change from 0 to 264192 [ 218.420634][T21091] EXT4-fs error (device loop2): __ext4_iget:4846: inode #2: block 3646141627: comm syz-executor.2: invalid block [ 218.432616][T21091] EXT4-fs (loop2): get root inode failed [ 218.438275][T21091] EXT4-fs (loop2): mount failed [ 218.504106][T21034] loop4: p1 p2 p3 p4 [ 218.508362][T21034] loop4: p1 size 11290111 extends beyond EOD, truncated [ 218.517842][T21034] loop4: p2 size 1073872896 extends beyond EOD, truncated [ 218.560907][T21034] loop4: p3 size 1912633224 extends beyond EOD, truncated [ 218.569230][T21034] loop4: p4 size 3657465856 extends beyond EOD, truncated [ 218.579344][T21134] loop4: p1 p2 p3 p4 [ 218.583530][T21134] loop4: p1 size 11290111 extends beyond EOD, truncated [ 218.594431][T21134] loop4: p2 size 1073872896 extends beyond EOD, truncated [ 218.602337][T21134] loop4: p3 size 1912633224 extends beyond EOD, truncated [ 218.610474][T21134] loop4: p4 size 3657465856 extends beyond EOD, truncated 01:16:02 executing program 5 (fault-call:7 fault-nth:37): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x7a05, 0x1700) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) write$cgroup_int(r2, &(0x7f0000000200), 0xf000) pwrite64(0xffffffffffffffff, 0x0, 0x0, 0x0) sendfile(r2, r3, 0x0, 0xf03b0000) sendfile(r1, r0, 0x0, 0x8000000000004) 01:16:02 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(0xffffffffffffffff, 0x800c6613, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x800002, 0x12, r0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r1, &(0x7f000099e000)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$inet_tcp_int(r1, 0x6, 0x19, &(0x7f0000000000)=0x20, 0x4) sendto$inet(r1, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) ioctl$LOOP_GET_STATUS(0xffffffffffffffff, 0x125e, &(0x7f0000000080)) sendmsg$NL80211_CMD_TDLS_MGMT(r1, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000180)={0x160, 0x0, 0x100, 0x70bd2b, 0x0, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xc, 0x2a, [@mesh_chsw={0x76, 0x6, {0x4, 0x26, 0x3d, 0x6}}]}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8}, @NL80211_ATTR_IE={0x11e, 0x2a, [@mesh_id={0x72, 0x6}, @ht={0x2d, 0x1a, {0x8, 0x0, 0x1, 0x0, {0x3, 0x1, 0x0, 0x40, 0x0, 0x0, 0x0, 0x3, 0x1}, 0x8, 0x2, 0x2}}, @random_vendor={0xdd, 0xec, "5d4436042fb01afc776f15e249f78a5aa575849e3f8dfaf15c31ab8e96bc93a802a07f9a061d42824f799da013af85391831c9d4d7763587719e0a866b6530d86eec17b03908316c3b2f349db78ce75136f0513d4f0ded6c486518591507ef48244207ef1a137875c55b2461f29fc321232d421909e2e0b878d23b226b9204813abfd58338df63ec0f3a0aa1df08f6ee238f250e1f1517a9491032c8aeef45e3096f8c60fe39eb45570a9ed2a19c2671080fb03c84672b7a6d0050f45aaa2e93af2224c4b60edddc2d45831dacd11acc362166f47ff0f98148d5eea62845deed5ebbae8bd8bcb5c46cfa91e1"}, @ibss={0x6, 0x2, 0x1}, @supported_rates={0x1, 0x2, [{0x4}, {0xc}]}]}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8, 0xcb, 0x7fffffff}, @NL80211_ATTR_TDLS_INITIATOR={0x4}]}, 0x160}, 0x1, 0x0, 0x0, 0x20000004}, 0x4) recvfrom(r1, &(0x7f0000000480)=""/110, 0xfffffe32, 0x734, 0x0, 0xffffffffffffff39) 01:16:02 executing program 1: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f000099e000)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$inet_tcp_int(r0, 0x6, 0x19, &(0x7f0000000000)=0x20, 0x4) sendto$inet(r0, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) sendmsg$NL80211_CMD_TDLS_MGMT(r0, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000180)={0x158, 0x0, 0x100, 0x70bd2b, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xc, 0x2a, [@mesh_chsw={0x76, 0x6, {0x4, 0x26, 0x3d, 0x6}}]}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8}, @NL80211_ATTR_IE={0x117, 0x2a, [@mesh_id={0x72, 0x6}, @ht={0x2d, 0x1a, {0x8, 0x0, 0x1, 0x0, {0x3, 0x1, 0x0, 0x40, 0x0, 0x0, 0x0, 0x3, 0x1}, 0x8, 0x2, 0x2}}, @random_vendor={0xdd, 0xe5, "5d4436042fb01afc776f15e249f78a5aa575849e3f8dfaf15c31ab8e96bc93a802a07f9a061d42824f799da013af85391831c9d4d7763587719e0a866b6530d86eec17b03908316c3b2f349db78ce75136f0513d4f0ded6c486518591507ef48244207ef1a137875c55b2461f29fc321232d421909e2e0b878d23b226b9204813abfd58338df63ec0f3a0aa1df08f6ee238f250e1f1517a9491032c8aeef45e3096f8c60fe39eb45570a9ed2a19c2671080fb03c84672b7a6d0050f45aaa2e93af2224c4b60edddc2d45831dacd11acc362166f47ff0f98148d5eea62845deed5ebbae8bd8"}, @ibss={0x6, 0x2, 0x1}, @supported_rates={0x1, 0x2, [{0x4}, {0xc}]}]}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8, 0xcb, 0x7fffffff}, @NL80211_ATTR_TDLS_INITIATOR={0x4}]}, 0x158}, 0x1, 0x0, 0x0, 0x20000004}, 0x4) recvfrom(r0, &(0x7f0000000480)=""/110, 0xfffffe32, 0x734, 0x0, 0xffffffffffffff39) 01:16:02 executing program 0: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="200000004000000003000000300600000f000000000000000200000002000000008000000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000000140)="ed41000000000000dbf4655fdcf4655fdcf4655f0000000000000400080000000000000005000000080000000000000000000000000000000000000000000000bb", 0x41, 0x4200}], 0x0, &(0x7f0000013a00)) 01:16:02 executing program 2: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x47d02, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="200000004000000003000000300000000f000000000000000200000002000000008000000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000000140)="ed41000000000000dbf4655fdcf4655fdcf4655f0000000000000400080000000000000005000000080000000000000000000000000000000000000000000000bbb453d966251f49b1ab9b5b4d3c3f8ccc23b5d09ae234926a1e667ee0255913fede62ba578c07a711", 0x69, 0x4200}], 0x0, &(0x7f0000013a00)) [ 218.742982][T21183] loop2: detected capacity change from 0 to 574 [ 218.756726][T21182] FAULT_INJECTION: forcing a failure. [ 218.756726][T21182] name failslab, interval 1, probability 0, space 0, times 0 [ 218.769365][T21182] CPU: 0 PID: 21182 Comm: syz-executor.5 Tainted: G W 5.14.0-syzkaller #0 [ 218.779305][T21182] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 218.789491][T21182] Call Trace: [ 218.792766][T21182] dump_stack_lvl+0xb7/0x103 [ 218.797414][T21182] dump_stack+0x11/0x1a [ 218.801617][T21182] should_fail+0x23c/0x250 [ 218.806029][T21182] __should_failslab+0x81/0x90 [ 218.810787][T21182] ? __iomap_dio_rw+0xf2/0xa60 [ 218.815586][T21182] should_failslab+0x5/0x20 [ 218.820079][T21182] kmem_cache_alloc_trace+0x49/0x310 [ 218.825426][T21182] __iomap_dio_rw+0xf2/0xa60 [ 218.830004][T21182] ? ext4_es_lookup_extent+0x36b/0x490 [ 218.835448][T21182] ? ktime_get_coarse_real_ts64+0x10d/0x120 [ 218.841343][T21182] ? file_update_time+0x1bd/0x3e0 [ 218.846365][T21182] iomap_dio_rw+0x30/0x70 [ 218.850688][T21182] ext4_file_write_iter+0xa5e/0x11a0 [ 218.855955][T21182] do_iter_readv_writev+0x2cd/0x370 [ 218.861143][T21182] do_iter_write+0x192/0x5c0 [ 218.865756][T21182] ? splice_from_pipe_next+0x34f/0x3b0 [ 218.871218][T21182] ? kmalloc_array+0x2d/0x40 [ 218.875814][T21182] vfs_iter_write+0x4c/0x70 [ 218.880301][T21182] iter_file_splice_write+0x40a/0x750 [ 218.885663][T21182] ? splice_from_pipe+0xc0/0xc0 [ 218.890498][T21182] direct_splice_actor+0x80/0xa0 [ 218.895465][T21182] splice_direct_to_actor+0x345/0x650 [ 218.900822][T21182] ? do_splice_direct+0x170/0x170 [ 218.905910][T21182] do_splice_direct+0xf5/0x170 [ 218.910658][T21182] do_sendfile+0x618/0xb90 [ 218.915187][T21182] __x64_sys_sendfile64+0xf2/0x130 [ 218.920291][T21182] do_syscall_64+0x3d/0x90 [ 218.924694][T21182] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 218.930583][T21182] RIP: 0033:0x4665f9 [ 218.934549][T21182] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 218.954142][T21182] RSP: 002b:00007f439350a188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 218.962545][T21182] RAX: ffffffffffffffda RBX: 000000000056c038 RCX: 00000000004665f9 [ 218.970498][T21182] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000004 [ 218.978489][T21182] RBP: 00007f439350a1d0 R08: 0000000000000000 R09: 0000000000000000 [ 218.986466][T21182] R10: 0008000000000004 R11: 0000000000000246 R12: 0000000000000002 01:16:03 executing program 4: syz_read_part_table(0xcf060000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000000)="020181ffffff0a000000ff45ac0000ffffffa9000800000000000000024000ffffff82000000e10000008877007200300700a6ffffff00000000008000da55aa", 0x40, 0x1c0}]) 01:16:03 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(0xffffffffffffffff, 0x800c6613, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x800002, 0x12, r0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r1, &(0x7f000099e000)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$inet_tcp_int(r1, 0x6, 0x19, &(0x7f0000000000)=0x20, 0x4) sendto$inet(r1, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) ioctl$LOOP_GET_STATUS(0xffffffffffffffff, 0x125e, &(0x7f0000000080)) sendmsg$NL80211_CMD_TDLS_MGMT(r1, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000180)={0x160, 0x0, 0x100, 0x70bd2b, 0x0, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xc, 0x2a, [@mesh_chsw={0x76, 0x6, {0x4, 0x26, 0x3d, 0x6}}]}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8}, @NL80211_ATTR_IE={0x11e, 0x2a, [@mesh_id={0x72, 0x6}, @ht={0x2d, 0x1a, {0x8, 0x0, 0x1, 0x0, {0x3, 0x1, 0x0, 0x40, 0x0, 0x0, 0x0, 0x3, 0x1}, 0x8, 0x2, 0x2}}, @random_vendor={0xdd, 0xec, "5d4436042fb01afc776f15e249f78a5aa575849e3f8dfaf15c31ab8e96bc93a802a07f9a061d42824f799da013af85391831c9d4d7763587719e0a866b6530d86eec17b03908316c3b2f349db78ce75136f0513d4f0ded6c486518591507ef48244207ef1a137875c55b2461f29fc321232d421909e2e0b878d23b226b9204813abfd58338df63ec0f3a0aa1df08f6ee238f250e1f1517a9491032c8aeef45e3096f8c60fe39eb45570a9ed2a19c2671080fb03c84672b7a6d0050f45aaa2e93af2224c4b60edddc2d45831dacd11acc362166f47ff0f98148d5eea62845deed5ebbae8bd8bcb5c46cfa91e1"}, @ibss={0x6, 0x2, 0x1}, @supported_rates={0x1, 0x2, [{0x4}, {0xc}]}]}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8, 0xcb, 0x7fffffff}, @NL80211_ATTR_TDLS_INITIATOR={0x4}]}, 0x160}, 0x1, 0x0, 0x0, 0x20000004}, 0x4) recvfrom(r1, &(0x7f0000000480)=""/110, 0xfffffe32, 0x734, 0x0, 0xffffffffffffff39) 01:16:03 executing program 1: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f000099e000)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$inet_tcp_int(r0, 0x6, 0x19, &(0x7f0000000000)=0x20, 0x4) sendto$inet(r0, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) sendmsg$NL80211_CMD_TDLS_MGMT(r0, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000180)={0x158, 0x0, 0x100, 0x70bd2b, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xc, 0x2a, [@mesh_chsw={0x76, 0x6, {0x4, 0x26, 0x3d, 0x6}}]}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8}, @NL80211_ATTR_IE={0x117, 0x2a, [@mesh_id={0x72, 0x6}, @ht={0x2d, 0x1a, {0x8, 0x0, 0x1, 0x0, {0x3, 0x1, 0x0, 0x40, 0x0, 0x0, 0x0, 0x3, 0x1}, 0x8, 0x2, 0x2}}, @random_vendor={0xdd, 0xe5, "5d4436042fb01afc776f15e249f78a5aa575849e3f8dfaf15c31ab8e96bc93a802a07f9a061d42824f799da013af85391831c9d4d7763587719e0a866b6530d86eec17b03908316c3b2f349db78ce75136f0513d4f0ded6c486518591507ef48244207ef1a137875c55b2461f29fc321232d421909e2e0b878d23b226b9204813abfd58338df63ec0f3a0aa1df08f6ee238f250e1f1517a9491032c8aeef45e3096f8c60fe39eb45570a9ed2a19c2671080fb03c84672b7a6d0050f45aaa2e93af2224c4b60edddc2d45831dacd11acc362166f47ff0f98148d5eea62845deed5ebbae8bd8"}, @ibss={0x6, 0x2, 0x1}, @supported_rates={0x1, 0x2, [{0x4}, {0xc}]}]}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8, 0xcb, 0x7fffffff}, @NL80211_ATTR_TDLS_INITIATOR={0x4}]}, 0x158}, 0x1, 0x0, 0x0, 0x20000004}, 0x4) recvfrom(r0, &(0x7f0000000480)=""/110, 0xfffffe32, 0x734, 0x0, 0xffffffffffffff39) 01:16:03 executing program 0: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="200000004000000003000000300700000f000000000000000200000002000000008000000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000000140)="ed41000000000000dbf4655fdcf4655fdcf4655f0000000000000400080000000000000005000000080000000000000000000000000000000000000000000000bb", 0x41, 0x4200}], 0x0, &(0x7f0000013a00)) [ 218.994418][T21182] R13: 00007ffeba6dfb3f R14: 00007f439350a300 R15: 0000000000022000 01:16:03 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(0xffffffffffffffff, 0x800c6613, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x800002, 0x12, r0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r1, &(0x7f000099e000)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$inet_tcp_int(r1, 0x6, 0x19, &(0x7f0000000000)=0x20, 0x4) sendto$inet(r1, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) ioctl$LOOP_GET_STATUS(0xffffffffffffffff, 0x125e, &(0x7f0000000080)) sendmsg$NL80211_CMD_TDLS_MGMT(r1, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000180)={0x15c, 0x0, 0x100, 0x70bd2b, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xc, 0x2a, [@mesh_chsw={0x76, 0x6, {0x4, 0x26, 0x3d, 0x6}}]}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8}, @NL80211_ATTR_IE={0x11e, 0x2a, [@mesh_id={0x72, 0x6}, @ht={0x2d, 0x1a, {0x8, 0x0, 0x1, 0x0, {0x3, 0x1, 0x0, 0x40, 0x0, 0x0, 0x0, 0x3, 0x1}, 0x8, 0x2, 0x2}}, @random_vendor={0xdd, 0xec, "5d4436042fb01afc776f15e249f78a5aa575849e3f8dfaf15c31ab8e96bc93a802a07f9a061d42824f799da013af85391831c9d4d7763587719e0a866b6530d86eec17b03908316c3b2f349db78ce75136f0513d4f0ded6c486518591507ef48244207ef1a137875c55b2461f29fc321232d421909e2e0b878d23b226b9204813abfd58338df63ec0f3a0aa1df08f6ee238f250e1f1517a9491032c8aeef45e3096f8c60fe39eb45570a9ed2a19c2671080fb03c84672b7a6d0050f45aaa2e93af2224c4b60edddc2d45831dacd11acc362166f47ff0f98148d5eea62845deed5ebbae8bd8bcb5c46cfa91e1"}, @ibss={0x6, 0x2, 0x1}, @supported_rates={0x1, 0x2, [{0x4}, {0xc}]}]}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8, 0xcb, 0x7fffffff}]}, 0x15c}, 0x1, 0x0, 0x0, 0x20000004}, 0x4) recvfrom(r1, &(0x7f0000000480)=""/110, 0xfffffe32, 0x734, 0x0, 0xffffffffffffff39) 01:16:03 executing program 1: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f000099e000)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$inet_tcp_int(r0, 0x6, 0x19, &(0x7f0000000000)=0x20, 0x4) sendto$inet(r0, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) sendmsg$NL80211_CMD_TDLS_MGMT(r0, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000180)={0x15c, 0x0, 0x100, 0x70bd2b, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xc, 0x2a, [@mesh_chsw={0x76, 0x6, {0x4, 0x26, 0x3d, 0x6}}]}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8}, @NL80211_ATTR_IE={0x11b, 0x2a, [@mesh_id={0x72, 0x6}, @ht={0x2d, 0x1a, {0x8, 0x0, 0x1, 0x0, {0x3, 0x1, 0x0, 0x40, 0x0, 0x0, 0x0, 0x3, 0x1}, 0x8, 0x2, 0x2}}, @random_vendor={0xdd, 0xe9, "5d4436042fb01afc776f15e249f78a5aa575849e3f8dfaf15c31ab8e96bc93a802a07f9a061d42824f799da013af85391831c9d4d7763587719e0a866b6530d86eec17b03908316c3b2f349db78ce75136f0513d4f0ded6c486518591507ef48244207ef1a137875c55b2461f29fc321232d421909e2e0b878d23b226b9204813abfd58338df63ec0f3a0aa1df08f6ee238f250e1f1517a9491032c8aeef45e3096f8c60fe39eb45570a9ed2a19c2671080fb03c84672b7a6d0050f45aaa2e93af2224c4b60edddc2d45831dacd11acc362166f47ff0f98148d5eea62845deed5ebbae8bd8bcb5c46c"}, @ibss={0x6, 0x2, 0x1}, @supported_rates={0x1, 0x2, [{0x4}, {0xc}]}]}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8, 0xcb, 0x7fffffff}, @NL80211_ATTR_TDLS_INITIATOR={0x4}]}, 0x15c}, 0x1, 0x0, 0x0, 0x20000004}, 0x4) recvfrom(r0, &(0x7f0000000480)=""/110, 0xfffffe32, 0x734, 0x0, 0xffffffffffffff39) 01:16:03 executing program 0: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="200000004000000003000000300800000f000000000000000200000002000000008000000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000000140)="ed41000000000000dbf4655fdcf4655fdcf4655f0000000000000400080000000000000005000000080000000000000000000000000000000000000000000000bb", 0x41, 0x4200}], 0x0, &(0x7f0000013a00)) [ 219.063776][T21194] loop4: detected capacity change from 0 to 264192 [ 219.153804][T21034] loop4: p1 p2 p3 p4 [ 219.157982][T21034] loop4: p1 size 11290111 extends beyond EOD, truncated [ 219.199282][T21034] loop4: p2 size 1073872896 extends beyond EOD, truncated [ 219.219897][T21034] loop4: p3 size 1912633224 extends beyond EOD, truncated [ 219.228066][T21034] loop4: p4 size 3657465856 extends beyond EOD, truncated [ 219.236438][T21183] EXT4-fs error (device loop2): __ext4_iget:4846: inode #2: block 3646141627: comm syz-executor.2: invalid block [ 219.248377][T21183] EXT4-fs (loop2): get root inode failed [ 219.254024][T21183] EXT4-fs (loop2): mount failed [ 219.261825][T21194] loop4: p1 p2 p3 p4 [ 219.266493][T21194] loop4: p1 size 11290111 extends beyond EOD, truncated [ 219.276578][T21194] loop4: p2 size 1073872896 extends beyond EOD, truncated [ 219.284734][T21194] loop4: p3 size 1912633224 extends beyond EOD, truncated [ 219.292607][T21194] loop4: p4 size 3657465856 extends beyond EOD, truncated [ 219.322392][T21183] loop2: detected capacity change from 0 to 574 [ 219.347179][T21183] EXT4-fs error (device loop2): __ext4_iget:4846: inode #2: block 3646141627: comm syz-executor.2: invalid block [ 219.359181][T21183] EXT4-fs (loop2): get root inode failed [ 219.364838][T21183] EXT4-fs (loop2): mount failed [ 219.387391][ T1038] loop4: p1 p2 p3 p4 [ 219.391460][ T1038] loop4: p1 size 11290111 extends beyond EOD, truncated [ 219.400320][ T1038] loop4: p2 size 1073872896 extends beyond EOD, truncated [ 219.408389][ T1038] loop4: p3 size 1912633224 extends beyond EOD, truncated [ 219.416548][ T1038] loop4: p4 size 3657465856 extends beyond EOD, truncated 01:16:03 executing program 5 (fault-call:7 fault-nth:38): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x7a05, 0x1700) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) write$cgroup_int(r2, &(0x7f0000000200), 0xf000) pwrite64(0xffffffffffffffff, 0x0, 0x0, 0x0) sendfile(r2, r3, 0x0, 0xf03b0000) sendfile(r1, r0, 0x0, 0x8000000000004) 01:16:03 executing program 1: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f000099e000)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$inet_tcp_int(r0, 0x6, 0x19, &(0x7f0000000000)=0x20, 0x4) sendto$inet(r0, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) sendmsg$NL80211_CMD_TDLS_MGMT(r0, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000180)={0x15c, 0x0, 0x100, 0x70bd2b, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xc, 0x2a, [@mesh_chsw={0x76, 0x6, {0x4, 0x26, 0x3d, 0x6}}]}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8}, @NL80211_ATTR_IE={0x11b, 0x2a, [@mesh_id={0x72, 0x6}, @ht={0x2d, 0x1a, {0x8, 0x0, 0x1, 0x0, {0x3, 0x1, 0x0, 0x40, 0x0, 0x0, 0x0, 0x3, 0x1}, 0x8, 0x2, 0x2}}, @random_vendor={0xdd, 0xe9, "5d4436042fb01afc776f15e249f78a5aa575849e3f8dfaf15c31ab8e96bc93a802a07f9a061d42824f799da013af85391831c9d4d7763587719e0a866b6530d86eec17b03908316c3b2f349db78ce75136f0513d4f0ded6c486518591507ef48244207ef1a137875c55b2461f29fc321232d421909e2e0b878d23b226b9204813abfd58338df63ec0f3a0aa1df08f6ee238f250e1f1517a9491032c8aeef45e3096f8c60fe39eb45570a9ed2a19c2671080fb03c84672b7a6d0050f45aaa2e93af2224c4b60edddc2d45831dacd11acc362166f47ff0f98148d5eea62845deed5ebbae8bd8bcb5c46c"}, @ibss={0x6, 0x2, 0x1}, @supported_rates={0x1, 0x2, [{0x4}, {0xc}]}]}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8, 0xcb, 0x7fffffff}, @NL80211_ATTR_TDLS_INITIATOR={0x4}]}, 0x15c}, 0x1, 0x0, 0x0, 0x20000004}, 0x4) recvfrom(r0, &(0x7f0000000480)=""/110, 0xfffffe32, 0x734, 0x0, 0xffffffffffffff39) 01:16:03 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(0xffffffffffffffff, 0x800c6613, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x800002, 0x12, r0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r1, &(0x7f000099e000)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$inet_tcp_int(r1, 0x6, 0x19, &(0x7f0000000000)=0x20, 0x4) sendto$inet(r1, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) ioctl$LOOP_GET_STATUS(0xffffffffffffffff, 0x125e, &(0x7f0000000080)) sendmsg$NL80211_CMD_TDLS_MGMT(r1, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000180)={0x15c, 0x0, 0x100, 0x70bd2b, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xc, 0x2a, [@mesh_chsw={0x76, 0x6, {0x4, 0x26, 0x3d, 0x6}}]}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8}, @NL80211_ATTR_IE={0x11e, 0x2a, [@mesh_id={0x72, 0x6}, @ht={0x2d, 0x1a, {0x8, 0x0, 0x1, 0x0, {0x3, 0x1, 0x0, 0x40, 0x0, 0x0, 0x0, 0x3, 0x1}, 0x8, 0x2, 0x2}}, @random_vendor={0xdd, 0xec, "5d4436042fb01afc776f15e249f78a5aa575849e3f8dfaf15c31ab8e96bc93a802a07f9a061d42824f799da013af85391831c9d4d7763587719e0a866b6530d86eec17b03908316c3b2f349db78ce75136f0513d4f0ded6c486518591507ef48244207ef1a137875c55b2461f29fc321232d421909e2e0b878d23b226b9204813abfd58338df63ec0f3a0aa1df08f6ee238f250e1f1517a9491032c8aeef45e3096f8c60fe39eb45570a9ed2a19c2671080fb03c84672b7a6d0050f45aaa2e93af2224c4b60edddc2d45831dacd11acc362166f47ff0f98148d5eea62845deed5ebbae8bd8bcb5c46cfa91e1"}, @ibss={0x6, 0x2, 0x1}, @supported_rates={0x1, 0x2, [{0x4}, {0xc}]}]}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8, 0xcb, 0x7fffffff}]}, 0x15c}, 0x1, 0x0, 0x0, 0x20000004}, 0x4) recvfrom(r1, &(0x7f0000000480)=""/110, 0xfffffe32, 0x734, 0x0, 0xffffffffffffff39) 01:16:03 executing program 0: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="200000004000000003000000300a00000f000000000000000200000002000000008000000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000000140)="ed41000000000000dbf4655fdcf4655fdcf4655f0000000000000400080000000000000005000000080000000000000000000000000000000000000000000000bb", 0x41, 0x4200}], 0x0, &(0x7f0000013a00)) 01:16:03 executing program 2: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x48201, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="200000004000000003000000300000000f000000000000000200000002000000008000000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000000140)="ed41000000000000dbf4655fdcf4655fdcf4655f0000000000000400080000000000000005000000080000000000000000000000000000000000000000000000bbb453d966251f49b1ab9b5b4d3c3f8ccc23b5d09ae234926a1e667ee0255913fede62ba578c07a711", 0x69, 0x4200}], 0x0, &(0x7f0000013a00)) 01:16:03 executing program 4: syz_read_part_table(0xd0060000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000000)="020181ffffff0a000000ff45ac0000ffffffa9000800000000000000024000ffffff82000000e10000008877007200300700a6ffffff00000000008000da55aa", 0x40, 0x1c0}]) [ 219.594300][T21261] loop2: detected capacity change from 0 to 577 [ 219.607718][T21263] loop4: detected capacity change from 0 to 264192 [ 219.629037][T21266] FAULT_INJECTION: forcing a failure. [ 219.629037][T21266] name failslab, interval 1, probability 0, space 0, times 0 [ 219.641709][T21266] CPU: 0 PID: 21266 Comm: syz-executor.5 Tainted: G W 5.14.0-syzkaller #0 [ 219.651863][T21266] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 219.661931][T21266] Call Trace: [ 219.665205][T21266] dump_stack_lvl+0xb7/0x103 [ 219.669901][T21266] dump_stack+0x11/0x1a [ 219.675283][T21266] should_fail+0x23c/0x250 [ 219.679773][T21266] ? mempool_alloc_slab+0x16/0x20 [ 219.684845][T21266] __should_failslab+0x81/0x90 [ 219.689602][T21266] should_failslab+0x5/0x20 [ 219.694107][T21266] kmem_cache_alloc+0x46/0x2e0 [ 219.699145][T21266] ? _raw_spin_lock_irqsave+0x25/0x80 [ 219.704515][T21266] mempool_alloc_slab+0x16/0x20 [ 219.709351][T21266] ? mempool_free+0x130/0x130 [ 219.714027][T21266] mempool_alloc+0x8c/0x300 [ 219.718523][T21266] ? ext4_inode_block_valid+0x1cc/0x210 [ 219.724049][T21266] bio_alloc_bioset+0xcc/0x530 [ 219.728794][T21266] ? iov_iter_alignment+0x34b/0x370 [ 219.734063][T21266] iomap_dio_bio_actor+0x511/0xb50 [ 219.739879][T21266] ? ext4_iomap_begin+0x5d1/0x620 [ 219.744911][T21266] iomap_dio_actor+0x26e/0x3b0 [ 219.749703][T21266] ? ext4_iomap_overwrite_begin+0x5e/0x80 [ 219.755421][T21266] iomap_apply+0x1df/0x400 [ 219.760105][T21266] __iomap_dio_rw+0x62e/0xa60 [ 219.764784][T21266] ? __iomap_dio_rw+0xa60/0xa60 [ 219.769738][T21266] iomap_dio_rw+0x30/0x70 [ 219.774056][T21266] ext4_file_write_iter+0xa5e/0x11a0 [ 219.779322][T21266] do_iter_readv_writev+0x2cd/0x370 [ 219.784569][T21266] do_iter_write+0x192/0x5c0 [ 219.789134][T21266] ? splice_from_pipe_next+0x34f/0x3b0 [ 219.794916][T21266] ? kmalloc_array+0x2d/0x40 [ 219.799514][T21266] vfs_iter_write+0x4c/0x70 [ 219.804043][T21266] iter_file_splice_write+0x40a/0x750 [ 219.809655][T21266] ? splice_from_pipe+0xc0/0xc0 [ 219.814490][T21266] direct_splice_actor+0x80/0xa0 [ 219.819494][T21266] splice_direct_to_actor+0x345/0x650 [ 219.824922][T21266] ? do_splice_direct+0x170/0x170 [ 219.829931][T21266] do_splice_direct+0xf5/0x170 [ 219.834755][T21266] do_sendfile+0x618/0xb90 [ 219.839154][T21266] __x64_sys_sendfile64+0xf2/0x130 [ 219.844275][T21266] do_syscall_64+0x3d/0x90 [ 219.848684][T21266] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 219.855059][T21266] RIP: 0033:0x4665f9 [ 219.859285][T21266] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 219.879575][T21266] RSP: 002b:00007f439350a188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 01:16:04 executing program 0: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="200000004000000003000000300b00000f000000000000000200000002000000008000000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000000140)="ed41000000000000dbf4655fdcf4655fdcf4655f0000000000000400080000000000000005000000080000000000000000000000000000000000000000000000bb", 0x41, 0x4200}], 0x0, &(0x7f0000013a00)) 01:16:04 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(0xffffffffffffffff, 0x800c6613, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x800002, 0x12, r0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r1, &(0x7f000099e000)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$inet_tcp_int(r1, 0x6, 0x19, &(0x7f0000000000)=0x20, 0x4) sendto$inet(r1, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) ioctl$LOOP_GET_STATUS(0xffffffffffffffff, 0x125e, &(0x7f0000000080)) sendmsg$NL80211_CMD_TDLS_MGMT(r1, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000180)={0x15c, 0x0, 0x100, 0x70bd2b, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xc, 0x2a, [@mesh_chsw={0x76, 0x6, {0x4, 0x26, 0x3d, 0x6}}]}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8}, @NL80211_ATTR_IE={0x11e, 0x2a, [@mesh_id={0x72, 0x6}, @ht={0x2d, 0x1a, {0x8, 0x0, 0x1, 0x0, {0x3, 0x1, 0x0, 0x40, 0x0, 0x0, 0x0, 0x3, 0x1}, 0x8, 0x2, 0x2}}, @random_vendor={0xdd, 0xec, "5d4436042fb01afc776f15e249f78a5aa575849e3f8dfaf15c31ab8e96bc93a802a07f9a061d42824f799da013af85391831c9d4d7763587719e0a866b6530d86eec17b03908316c3b2f349db78ce75136f0513d4f0ded6c486518591507ef48244207ef1a137875c55b2461f29fc321232d421909e2e0b878d23b226b9204813abfd58338df63ec0f3a0aa1df08f6ee238f250e1f1517a9491032c8aeef45e3096f8c60fe39eb45570a9ed2a19c2671080fb03c84672b7a6d0050f45aaa2e93af2224c4b60edddc2d45831dacd11acc362166f47ff0f98148d5eea62845deed5ebbae8bd8bcb5c46cfa91e1"}, @ibss={0x6, 0x2, 0x1}, @supported_rates={0x1, 0x2, [{0x4}, {0xc}]}]}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8, 0xcb, 0x7fffffff}]}, 0x15c}, 0x1, 0x0, 0x0, 0x20000004}, 0x4) recvfrom(r1, &(0x7f0000000480)=""/110, 0xfffffe32, 0x734, 0x0, 0xffffffffffffff39) [ 219.887972][T21266] RAX: ffffffffffffffda RBX: 000000000056c038 RCX: 00000000004665f9 [ 219.896096][T21266] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000004 [ 219.904045][T21266] RBP: 00007f439350a1d0 R08: 0000000000000000 R09: 0000000000000000 [ 219.912166][T21266] R10: 0008000000000004 R11: 0000000000000246 R12: 0000000000000002 [ 219.920219][T21266] R13: 00007ffeba6dfb3f R14: 00007f439350a300 R15: 0000000000022000 01:16:04 executing program 1: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f000099e000)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$inet_tcp_int(r0, 0x6, 0x19, &(0x7f0000000000)=0x20, 0x4) sendto$inet(r0, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) sendmsg$NL80211_CMD_TDLS_MGMT(r0, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000180)={0x15c, 0x0, 0x100, 0x70bd2b, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xc, 0x2a, [@mesh_chsw={0x76, 0x6, {0x4, 0x26, 0x3d, 0x6}}]}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8}, @NL80211_ATTR_IE={0x11b, 0x2a, [@mesh_id={0x72, 0x6}, @ht={0x2d, 0x1a, {0x8, 0x0, 0x1, 0x0, {0x3, 0x1, 0x0, 0x40, 0x0, 0x0, 0x0, 0x3, 0x1}, 0x8, 0x2, 0x2}}, @random_vendor={0xdd, 0xe9, "5d4436042fb01afc776f15e249f78a5aa575849e3f8dfaf15c31ab8e96bc93a802a07f9a061d42824f799da013af85391831c9d4d7763587719e0a866b6530d86eec17b03908316c3b2f349db78ce75136f0513d4f0ded6c486518591507ef48244207ef1a137875c55b2461f29fc321232d421909e2e0b878d23b226b9204813abfd58338df63ec0f3a0aa1df08f6ee238f250e1f1517a9491032c8aeef45e3096f8c60fe39eb45570a9ed2a19c2671080fb03c84672b7a6d0050f45aaa2e93af2224c4b60edddc2d45831dacd11acc362166f47ff0f98148d5eea62845deed5ebbae8bd8bcb5c46c"}, @ibss={0x6, 0x2, 0x1}, @supported_rates={0x1, 0x2, [{0x4}, {0xc}]}]}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8, 0xcb, 0x7fffffff}, @NL80211_ATTR_TDLS_INITIATOR={0x4}]}, 0x15c}, 0x1, 0x0, 0x0, 0x20000004}, 0x4) recvfrom(r0, &(0x7f0000000480)=""/110, 0xfffffe32, 0x734, 0x0, 0xffffffffffffff39) [ 219.938135][T21261] EXT4-fs error (device loop2): __ext4_iget:4846: inode #2: block 3646141627: comm syz-executor.2: invalid block [ 219.950088][T21261] EXT4-fs (loop2): get root inode failed [ 219.955771][T21261] EXT4-fs (loop2): mount failed [ 219.964046][T21034] loop4: p1 p2 p3 p4 [ 219.968555][T21034] loop4: p1 size 11290111 extends beyond EOD, truncated 01:16:04 executing program 1: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f000099e000)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$inet_tcp_int(r0, 0x6, 0x19, &(0x7f0000000000)=0x20, 0x4) sendto$inet(r0, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) sendmsg$NL80211_CMD_TDLS_MGMT(r0, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000180)={0x160, 0x0, 0x100, 0x70bd2b, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xc, 0x2a, [@mesh_chsw={0x76, 0x6, {0x4, 0x26, 0x3d, 0x6}}]}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8}, @NL80211_ATTR_IE={0x11d, 0x2a, [@mesh_id={0x72, 0x6}, @ht={0x2d, 0x1a, {0x8, 0x0, 0x1, 0x0, {0x3, 0x1, 0x0, 0x40, 0x0, 0x0, 0x0, 0x3, 0x1}, 0x8, 0x2, 0x2}}, @random_vendor={0xdd, 0xeb, "5d4436042fb01afc776f15e249f78a5aa575849e3f8dfaf15c31ab8e96bc93a802a07f9a061d42824f799da013af85391831c9d4d7763587719e0a866b6530d86eec17b03908316c3b2f349db78ce75136f0513d4f0ded6c486518591507ef48244207ef1a137875c55b2461f29fc321232d421909e2e0b878d23b226b9204813abfd58338df63ec0f3a0aa1df08f6ee238f250e1f1517a9491032c8aeef45e3096f8c60fe39eb45570a9ed2a19c2671080fb03c84672b7a6d0050f45aaa2e93af2224c4b60edddc2d45831dacd11acc362166f47ff0f98148d5eea62845deed5ebbae8bd8bcb5c46cfa91"}, @ibss={0x6, 0x2, 0x1}, @supported_rates={0x1, 0x2, [{0x4}, {0xc}]}]}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8, 0xcb, 0x7fffffff}, @NL80211_ATTR_TDLS_INITIATOR={0x4}]}, 0x160}, 0x1, 0x0, 0x0, 0x20000004}, 0x4) recvfrom(r0, &(0x7f0000000480)=""/110, 0xfffffe32, 0x734, 0x0, 0xffffffffffffff39) 01:16:04 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(0xffffffffffffffff, 0x800c6613, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x800002, 0x12, r0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r1, &(0x7f000099e000)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$inet_tcp_int(r1, 0x6, 0x19, &(0x7f0000000000)=0x20, 0x4) sendto$inet(r1, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) ioctl$LOOP_GET_STATUS(0xffffffffffffffff, 0x125e, &(0x7f0000000080)) sendmsg$NL80211_CMD_TDLS_MGMT(r1, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000180)={0x158, 0x0, 0x100, 0x70bd2b, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xc, 0x2a, [@mesh_chsw={0x76, 0x6, {0x4, 0x26, 0x3d, 0x6}}]}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8}, @NL80211_ATTR_IE={0x11e, 0x2a, [@mesh_id={0x72, 0x6}, @ht={0x2d, 0x1a, {0x8, 0x0, 0x1, 0x0, {0x3, 0x1, 0x0, 0x40, 0x0, 0x0, 0x0, 0x3, 0x1}, 0x8, 0x2, 0x2}}, @random_vendor={0xdd, 0xec, "5d4436042fb01afc776f15e249f78a5aa575849e3f8dfaf15c31ab8e96bc93a802a07f9a061d42824f799da013af85391831c9d4d7763587719e0a866b6530d86eec17b03908316c3b2f349db78ce75136f0513d4f0ded6c486518591507ef48244207ef1a137875c55b2461f29fc321232d421909e2e0b878d23b226b9204813abfd58338df63ec0f3a0aa1df08f6ee238f250e1f1517a9491032c8aeef45e3096f8c60fe39eb45570a9ed2a19c2671080fb03c84672b7a6d0050f45aaa2e93af2224c4b60edddc2d45831dacd11acc362166f47ff0f98148d5eea62845deed5ebbae8bd8bcb5c46cfa91e1"}, @ibss={0x6, 0x2, 0x1}, @supported_rates={0x1, 0x2, [{0x4}, {0xc}]}]}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_TDLS_INITIATOR={0x4}]}, 0x158}, 0x1, 0x0, 0x0, 0x20000004}, 0x4) recvfrom(r1, &(0x7f0000000480)=""/110, 0xfffffe32, 0x734, 0x0, 0xffffffffffffff39) [ 219.995481][T21034] loop4: p2 size 1073872896 extends beyond EOD, truncated 01:16:04 executing program 0: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="200000004000000003000000301000000f000000000000000200000002000000008000000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000000140)="ed41000000000000dbf4655fdcf4655fdcf4655f0000000000000400080000000000000005000000080000000000000000000000000000000000000000000000bb", 0x41, 0x4200}], 0x0, &(0x7f0000013a00)) [ 220.059227][T21034] loop4: p3 size 1912633224 extends beyond EOD, truncated [ 220.087517][T21261] loop2: detected capacity change from 0 to 577 [ 220.108428][T21261] EXT4-fs error (device loop2): __ext4_iget:4846: inode #2: block 3646141627: comm syz-executor.2: invalid block [ 220.120484][T21261] EXT4-fs (loop2): get root inode failed [ 220.126381][T21261] EXT4-fs (loop2): mount failed [ 220.152369][T21034] loop4: p4 size 3657465856 extends beyond EOD, truncated [ 220.196900][T21263] loop4: p1 p2 p3 p4 [ 220.200979][T21263] loop4: p1 size 11290111 extends beyond EOD, truncated [ 220.220079][T21263] loop4: p2 size 1073872896 extends beyond EOD, truncated [ 220.233300][T21263] loop4: p3 size 1912633224 extends beyond EOD, truncated [ 220.241564][T21263] loop4: p4 size 3657465856 extends beyond EOD, truncated 01:16:04 executing program 5 (fault-call:7 fault-nth:39): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x7a05, 0x1700) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) write$cgroup_int(r2, &(0x7f0000000200), 0xf000) pwrite64(0xffffffffffffffff, 0x0, 0x0, 0x0) sendfile(r2, r3, 0x0, 0xf03b0000) sendfile(r1, r0, 0x0, 0x8000000000004) 01:16:04 executing program 1: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f000099e000)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$inet_tcp_int(r0, 0x6, 0x19, &(0x7f0000000000)=0x20, 0x4) sendto$inet(r0, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) sendmsg$NL80211_CMD_TDLS_MGMT(r0, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000180)={0x160, 0x0, 0x100, 0x70bd2b, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xc, 0x2a, [@mesh_chsw={0x76, 0x6, {0x4, 0x26, 0x3d, 0x6}}]}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8}, @NL80211_ATTR_IE={0x11d, 0x2a, [@mesh_id={0x72, 0x6}, @ht={0x2d, 0x1a, {0x8, 0x0, 0x1, 0x0, {0x3, 0x1, 0x0, 0x40, 0x0, 0x0, 0x0, 0x3, 0x1}, 0x8, 0x2, 0x2}}, @random_vendor={0xdd, 0xeb, "5d4436042fb01afc776f15e249f78a5aa575849e3f8dfaf15c31ab8e96bc93a802a07f9a061d42824f799da013af85391831c9d4d7763587719e0a866b6530d86eec17b03908316c3b2f349db78ce75136f0513d4f0ded6c486518591507ef48244207ef1a137875c55b2461f29fc321232d421909e2e0b878d23b226b9204813abfd58338df63ec0f3a0aa1df08f6ee238f250e1f1517a9491032c8aeef45e3096f8c60fe39eb45570a9ed2a19c2671080fb03c84672b7a6d0050f45aaa2e93af2224c4b60edddc2d45831dacd11acc362166f47ff0f98148d5eea62845deed5ebbae8bd8bcb5c46cfa91"}, @ibss={0x6, 0x2, 0x1}, @supported_rates={0x1, 0x2, [{0x4}, {0xc}]}]}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8, 0xcb, 0x7fffffff}, @NL80211_ATTR_TDLS_INITIATOR={0x4}]}, 0x160}, 0x1, 0x0, 0x0, 0x20000004}, 0x4) recvfrom(r0, &(0x7f0000000480)=""/110, 0xfffffe32, 0x734, 0x0, 0xffffffffffffff39) 01:16:04 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(0xffffffffffffffff, 0x800c6613, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x800002, 0x12, r0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r1, &(0x7f000099e000)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$inet_tcp_int(r1, 0x6, 0x19, &(0x7f0000000000)=0x20, 0x4) sendto$inet(r1, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) ioctl$LOOP_GET_STATUS(0xffffffffffffffff, 0x125e, &(0x7f0000000080)) sendmsg$NL80211_CMD_TDLS_MGMT(r1, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000180)={0x158, 0x0, 0x100, 0x70bd2b, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xc, 0x2a, [@mesh_chsw={0x76, 0x6, {0x4, 0x26, 0x3d, 0x6}}]}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8}, @NL80211_ATTR_IE={0x11e, 0x2a, [@mesh_id={0x72, 0x6}, @ht={0x2d, 0x1a, {0x8, 0x0, 0x1, 0x0, {0x3, 0x1, 0x0, 0x40, 0x0, 0x0, 0x0, 0x3, 0x1}, 0x8, 0x2, 0x2}}, @random_vendor={0xdd, 0xec, "5d4436042fb01afc776f15e249f78a5aa575849e3f8dfaf15c31ab8e96bc93a802a07f9a061d42824f799da013af85391831c9d4d7763587719e0a866b6530d86eec17b03908316c3b2f349db78ce75136f0513d4f0ded6c486518591507ef48244207ef1a137875c55b2461f29fc321232d421909e2e0b878d23b226b9204813abfd58338df63ec0f3a0aa1df08f6ee238f250e1f1517a9491032c8aeef45e3096f8c60fe39eb45570a9ed2a19c2671080fb03c84672b7a6d0050f45aaa2e93af2224c4b60edddc2d45831dacd11acc362166f47ff0f98148d5eea62845deed5ebbae8bd8bcb5c46cfa91e1"}, @ibss={0x6, 0x2, 0x1}, @supported_rates={0x1, 0x2, [{0x4}, {0xc}]}]}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_TDLS_INITIATOR={0x4}]}, 0x158}, 0x1, 0x0, 0x0, 0x20000004}, 0x4) recvfrom(r1, &(0x7f0000000480)=""/110, 0xfffffe32, 0x734, 0x0, 0xffffffffffffff39) 01:16:04 executing program 0: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="200000004000000003000000301800000f000000000000000200000002000000008000000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000000140)="ed41000000000000dbf4655fdcf4655fdcf4655f0000000000000400080000000000000005000000080000000000000000000000000000000000000000000000bb", 0x41, 0x4200}], 0x0, &(0x7f0000013a00)) 01:16:04 executing program 2: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x48401, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="200000004000000003000000300000000f000000000000000200000002000000008000000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000000140)="ed41000000000000dbf4655fdcf4655fdcf4655f0000000000000400080000000000000005000000080000000000000000000000000000000000000000000000bbb453d966251f49b1ab9b5b4d3c3f8ccc23b5d09ae234926a1e667ee0255913fede62ba578c07a711", 0x69, 0x4200}], 0x0, &(0x7f0000013a00)) 01:16:04 executing program 4: syz_read_part_table(0xd0067170, 0x1, &(0x7f0000000040)=[{&(0x7f0000000000)="020181ffffff0a000000ff45ac0000ffffffa9000800000000000000024000ffffff82000000e10000008877007200300700a6ffffff00000000008000da55aa", 0x40, 0x1c0}]) [ 220.461227][T21333] loop2: detected capacity change from 0 to 578 [ 220.468203][T21332] loop4: detected capacity change from 0 to 264192 [ 220.487295][T21334] FAULT_INJECTION: forcing a failure. [ 220.487295][T21334] name failslab, interval 1, probability 0, space 0, times 0 [ 220.499949][T21334] CPU: 0 PID: 21334 Comm: syz-executor.5 Tainted: G W 5.14.0-syzkaller #0 [ 220.509761][T21334] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 220.520247][T21334] Call Trace: [ 220.523698][T21334] dump_stack_lvl+0xb7/0x103 [ 220.528377][T21334] dump_stack+0x11/0x1a [ 220.532542][T21334] should_fail+0x23c/0x250 [ 220.539214][T21334] ? mempool_alloc_slab+0x16/0x20 [ 220.544244][T21334] __should_failslab+0x81/0x90 [ 220.549269][T21334] should_failslab+0x5/0x20 [ 220.553769][T21334] kmem_cache_alloc+0x46/0x2e0 [ 220.558534][T21334] mempool_alloc_slab+0x16/0x20 [ 220.563653][T21334] ? mempool_free+0x130/0x130 [ 220.568313][T21334] mempool_alloc+0x8c/0x300 [ 220.573078][T21334] sg_pool_alloc+0x74/0x90 [ 220.578138][T21334] __sg_alloc_table+0xce/0x290 [ 220.582884][T21334] sg_alloc_table_chained+0xaf/0x140 [ 220.588153][T21334] ? sg_alloc_table_chained+0x140/0x140 [ 220.593786][T21334] scsi_alloc_sgtables+0x17c/0x500 [ 220.599124][T21334] sd_init_command+0x96a/0x1640 [ 220.603995][T21334] scsi_queue_rq+0x10e0/0x15a0 [ 220.609008][T21334] blk_mq_dispatch_rq_list+0x695/0x1040 [ 220.614540][T21334] ? __sbitmap_queue_get+0x11/0x20 [ 220.619685][T21334] blk_mq_do_dispatch_sched+0x3b5/0x640 [ 220.625391][T21334] __blk_mq_sched_dispatch_requests+0x1eb/0x290 [ 220.631658][T21334] ? rb_insert_color+0x2fa/0x310 [ 220.636589][T21334] blk_mq_sched_dispatch_requests+0x9f/0x110 [ 220.642680][T21334] __blk_mq_run_hw_queue+0xbc/0x140 [ 220.647854][T21334] __blk_mq_delay_run_hw_queue+0x163/0x2f0 [ 220.653659][T21334] blk_mq_run_hw_queue+0x22c/0x250 [ 220.658796][T21334] blk_mq_sched_insert_requests+0x12b/0x1f0 [ 220.664686][T21334] blk_mq_flush_plug_list+0x2f2/0x3c0 [ 220.670039][T21334] blk_flush_plug_list+0x235/0x260 [ 220.675131][T21334] blk_finish_plug+0x44/0x60 [ 220.679716][T21334] __iomap_dio_rw+0x797/0xa60 [ 220.684512][T21334] iomap_dio_rw+0x30/0x70 [ 220.688885][T21334] ext4_file_write_iter+0xa5e/0x11a0 [ 220.694159][T21334] do_iter_readv_writev+0x2cd/0x370 [ 220.704027][T21334] do_iter_write+0x192/0x5c0 [ 220.709642][T21334] ? splice_from_pipe_next+0x34f/0x3b0 [ 220.715155][T21334] ? kmalloc_array+0x2d/0x40 [ 220.719749][T21334] vfs_iter_write+0x4c/0x70 [ 220.724279][T21334] iter_file_splice_write+0x40a/0x750 [ 220.729643][T21334] ? splice_from_pipe+0xc0/0xc0 [ 220.734476][T21334] direct_splice_actor+0x80/0xa0 [ 220.739416][T21334] splice_direct_to_actor+0x345/0x650 [ 220.744785][T21334] ? do_splice_direct+0x170/0x170 [ 220.750034][T21334] do_splice_direct+0xf5/0x170 [ 220.754873][T21334] do_sendfile+0x618/0xb90 [ 220.759323][T21334] __x64_sys_sendfile64+0xf2/0x130 [ 220.764440][T21334] do_syscall_64+0x3d/0x90 [ 220.768851][T21334] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 220.774756][T21334] RIP: 0033:0x4665f9 [ 220.778679][T21334] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 220.798454][T21334] RSP: 002b:00007f439350a188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 01:16:05 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(0xffffffffffffffff, 0x800c6613, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x800002, 0x12, r0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r1, &(0x7f000099e000)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$inet_tcp_int(r1, 0x6, 0x19, &(0x7f0000000000)=0x20, 0x4) sendto$inet(r1, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) ioctl$LOOP_GET_STATUS(0xffffffffffffffff, 0x125e, &(0x7f0000000080)) sendmsg$NL80211_CMD_TDLS_MGMT(r1, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000180)={0x158, 0x0, 0x100, 0x70bd2b, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xc, 0x2a, [@mesh_chsw={0x76, 0x6, {0x4, 0x26, 0x3d, 0x6}}]}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8}, @NL80211_ATTR_IE={0x11e, 0x2a, [@mesh_id={0x72, 0x6}, @ht={0x2d, 0x1a, {0x8, 0x0, 0x1, 0x0, {0x3, 0x1, 0x0, 0x40, 0x0, 0x0, 0x0, 0x3, 0x1}, 0x8, 0x2, 0x2}}, @random_vendor={0xdd, 0xec, "5d4436042fb01afc776f15e249f78a5aa575849e3f8dfaf15c31ab8e96bc93a802a07f9a061d42824f799da013af85391831c9d4d7763587719e0a866b6530d86eec17b03908316c3b2f349db78ce75136f0513d4f0ded6c486518591507ef48244207ef1a137875c55b2461f29fc321232d421909e2e0b878d23b226b9204813abfd58338df63ec0f3a0aa1df08f6ee238f250e1f1517a9491032c8aeef45e3096f8c60fe39eb45570a9ed2a19c2671080fb03c84672b7a6d0050f45aaa2e93af2224c4b60edddc2d45831dacd11acc362166f47ff0f98148d5eea62845deed5ebbae8bd8bcb5c46cfa91e1"}, @ibss={0x6, 0x2, 0x1}, @supported_rates={0x1, 0x2, [{0x4}, {0xc}]}]}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_TDLS_INITIATOR={0x4}]}, 0x158}, 0x1, 0x0, 0x0, 0x20000004}, 0x4) recvfrom(r1, &(0x7f0000000480)=""/110, 0xfffffe32, 0x734, 0x0, 0xffffffffffffff39) 01:16:05 executing program 0: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="200000004000000003000000301c00000f000000000000000200000002000000008000000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000000140)="ed41000000000000dbf4655fdcf4655fdcf4655f0000000000000400080000000000000005000000080000000000000000000000000000000000000000000000bb", 0x41, 0x4200}], 0x0, &(0x7f0000013a00)) 01:16:05 executing program 1: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f000099e000)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$inet_tcp_int(r0, 0x6, 0x19, &(0x7f0000000000)=0x20, 0x4) sendto$inet(r0, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) sendmsg$NL80211_CMD_TDLS_MGMT(r0, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000180)={0x160, 0x0, 0x100, 0x70bd2b, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xc, 0x2a, [@mesh_chsw={0x76, 0x6, {0x4, 0x26, 0x3d, 0x6}}]}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8}, @NL80211_ATTR_IE={0x11d, 0x2a, [@mesh_id={0x72, 0x6}, @ht={0x2d, 0x1a, {0x8, 0x0, 0x1, 0x0, {0x3, 0x1, 0x0, 0x40, 0x0, 0x0, 0x0, 0x3, 0x1}, 0x8, 0x2, 0x2}}, @random_vendor={0xdd, 0xeb, "5d4436042fb01afc776f15e249f78a5aa575849e3f8dfaf15c31ab8e96bc93a802a07f9a061d42824f799da013af85391831c9d4d7763587719e0a866b6530d86eec17b03908316c3b2f349db78ce75136f0513d4f0ded6c486518591507ef48244207ef1a137875c55b2461f29fc321232d421909e2e0b878d23b226b9204813abfd58338df63ec0f3a0aa1df08f6ee238f250e1f1517a9491032c8aeef45e3096f8c60fe39eb45570a9ed2a19c2671080fb03c84672b7a6d0050f45aaa2e93af2224c4b60edddc2d45831dacd11acc362166f47ff0f98148d5eea62845deed5ebbae8bd8bcb5c46cfa91"}, @ibss={0x6, 0x2, 0x1}, @supported_rates={0x1, 0x2, [{0x4}, {0xc}]}]}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8, 0xcb, 0x7fffffff}, @NL80211_ATTR_TDLS_INITIATOR={0x4}]}, 0x160}, 0x1, 0x0, 0x0, 0x20000004}, 0x4) recvfrom(r0, &(0x7f0000000480)=""/110, 0xfffffe32, 0x734, 0x0, 0xffffffffffffff39) [ 220.807088][T21334] RAX: ffffffffffffffda RBX: 000000000056c038 RCX: 00000000004665f9 [ 220.815197][T21334] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000004 [ 220.823159][T21334] RBP: 00007f439350a1d0 R08: 0000000000000000 R09: 0000000000000000 [ 220.831116][T21334] R10: 0008000000000004 R11: 0000000000000246 R12: 0000000000000002 [ 220.839071][T21334] R13: 00007ffeba6dfb3f R14: 00007f439350a300 R15: 0000000000022000 [ 220.857346][T21333] EXT4-fs error (device loop2): __ext4_iget:4846: inode #2: block 3646141627: comm syz-executor.2: invalid block [ 220.869387][T21333] EXT4-fs (loop2): get root inode failed [ 220.875045][T21333] EXT4-fs (loop2): mount failed [ 220.889359][T21332] loop4: p1 p2 p3 p4 [ 220.893818][T21332] loop4: p1 size 11290111 extends beyond EOD, truncated 01:16:05 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(0xffffffffffffffff, 0x800c6613, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x800002, 0x12, r0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r1, &(0x7f000099e000)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$inet_tcp_int(r1, 0x6, 0x19, &(0x7f0000000000)=0x20, 0x4) sendto$inet(r1, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) ioctl$LOOP_GET_STATUS(0xffffffffffffffff, 0x125e, &(0x7f0000000080)) sendmsg$NL80211_CMD_TDLS_MGMT(r1, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000180)={0x160, 0x0, 0x100, 0x70bd2b, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xc, 0x2a, [@mesh_chsw={0x76, 0x6, {0x4, 0x26, 0x3d, 0x6}}]}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8}, @NL80211_ATTR_IE={0x11e, 0x2a, [@mesh_id={0x72, 0x6}, @ht={0x2d, 0x1a, {0x8, 0x0, 0x1, 0x0, {0x3, 0x1, 0x0, 0x40, 0x0, 0x0, 0x0, 0x3, 0x1}, 0x8, 0x2, 0x2}}, @random_vendor={0xdd, 0xec, "5d4436042fb01afc776f15e249f78a5aa575849e3f8dfaf15c31ab8e96bc93a802a07f9a061d42824f799da013af85391831c9d4d7763587719e0a866b6530d86eec17b03908316c3b2f349db78ce75136f0513d4f0ded6c486518591507ef48244207ef1a137875c55b2461f29fc321232d421909e2e0b878d23b226b9204813abfd58338df63ec0f3a0aa1df08f6ee238f250e1f1517a9491032c8aeef45e3096f8c60fe39eb45570a9ed2a19c2671080fb03c84672b7a6d0050f45aaa2e93af2224c4b60edddc2d45831dacd11acc362166f47ff0f98148d5eea62845deed5ebbae8bd8bcb5c46cfa91e1"}, @ibss={0x6, 0x2, 0x1}, @supported_rates={0x1, 0x2, [{0x4}, {0xc}]}]}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8}, @NL80211_ATTR_TDLS_INITIATOR={0x4}]}, 0x160}, 0x1, 0x0, 0x0, 0x20000004}, 0x4) recvfrom(r1, &(0x7f0000000480)=""/110, 0xfffffe32, 0x734, 0x0, 0xffffffffffffff39) 01:16:05 executing program 1: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f000099e000)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$inet_tcp_int(r0, 0x6, 0x19, &(0x7f0000000000)=0x20, 0x4) sendto$inet(r0, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) sendmsg$NL80211_CMD_TDLS_MGMT(r0, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000180)={0x144, 0x0, 0x100, 0x70bd2b, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xc, 0x2a, [@mesh_chsw={0x76, 0x6, {0x4, 0x26, 0x3d, 0x6}}]}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8}, @NL80211_ATTR_IE={0x102, 0x2a, [@mesh_id={0x72, 0x6}, @random_vendor={0xdd, 0xec, "5d4436042fb01afc776f15e249f78a5aa575849e3f8dfaf15c31ab8e96bc93a802a07f9a061d42824f799da013af85391831c9d4d7763587719e0a866b6530d86eec17b03908316c3b2f349db78ce75136f0513d4f0ded6c486518591507ef48244207ef1a137875c55b2461f29fc321232d421909e2e0b878d23b226b9204813abfd58338df63ec0f3a0aa1df08f6ee238f250e1f1517a9491032c8aeef45e3096f8c60fe39eb45570a9ed2a19c2671080fb03c84672b7a6d0050f45aaa2e93af2224c4b60edddc2d45831dacd11acc362166f47ff0f98148d5eea62845deed5ebbae8bd8bcb5c46cfa91e1"}, @ibss={0x6, 0x2, 0x1}, @supported_rates={0x1, 0x2, [{0x4}, {0xc}]}]}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8, 0xcb, 0x7fffffff}, @NL80211_ATTR_TDLS_INITIATOR={0x4}]}, 0x144}, 0x1, 0x0, 0x0, 0x20000004}, 0x4) recvfrom(r0, &(0x7f0000000480)=""/110, 0xfffffe32, 0x734, 0x0, 0xffffffffffffff39) 01:16:05 executing program 0: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="200000004000000003000000302600000f000000000000000200000002000000008000000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000000140)="ed41000000000000dbf4655fdcf4655fdcf4655f0000000000000400080000000000000005000000080000000000000000000000000000000000000000000000bb", 0x41, 0x4200}], 0x0, &(0x7f0000013a00)) [ 220.946106][T21332] loop4: p2 size 1073872896 extends beyond EOD, truncated [ 220.991640][T21332] loop4: p3 size 1912633224 extends beyond EOD, truncated [ 221.014902][T21333] loop2: detected capacity change from 0 to 578 [ 221.036095][T21333] EXT4-fs error (device loop2): __ext4_iget:4846: inode #2: block 3646141627: comm syz-executor.2: invalid block [ 221.048207][T21333] EXT4-fs (loop2): get root inode failed [ 221.053883][T21333] EXT4-fs (loop2): mount failed [ 221.074913][T21332] loop4: p4 size 3657465856 extends beyond EOD, truncated [ 221.157155][T21332] loop4: detected capacity change from 0 to 264192 01:16:05 executing program 5 (fault-call:7 fault-nth:40): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x7a05, 0x1700) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) write$cgroup_int(r2, &(0x7f0000000200), 0xf000) pwrite64(0xffffffffffffffff, 0x0, 0x0, 0x0) sendfile(r2, r3, 0x0, 0xf03b0000) sendfile(r1, r0, 0x0, 0x8000000000004) 01:16:05 executing program 1: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f000099e000)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$inet_tcp_int(r0, 0x6, 0x19, &(0x7f0000000000)=0x20, 0x4) sendto$inet(r0, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) sendmsg$NL80211_CMD_TDLS_MGMT(r0, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000180)={0x144, 0x0, 0x100, 0x70bd2b, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xc, 0x2a, [@mesh_chsw={0x76, 0x6, {0x4, 0x26, 0x3d, 0x6}}]}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8}, @NL80211_ATTR_IE={0x102, 0x2a, [@mesh_id={0x72, 0x6}, @random_vendor={0xdd, 0xec, "5d4436042fb01afc776f15e249f78a5aa575849e3f8dfaf15c31ab8e96bc93a802a07f9a061d42824f799da013af85391831c9d4d7763587719e0a866b6530d86eec17b03908316c3b2f349db78ce75136f0513d4f0ded6c486518591507ef48244207ef1a137875c55b2461f29fc321232d421909e2e0b878d23b226b9204813abfd58338df63ec0f3a0aa1df08f6ee238f250e1f1517a9491032c8aeef45e3096f8c60fe39eb45570a9ed2a19c2671080fb03c84672b7a6d0050f45aaa2e93af2224c4b60edddc2d45831dacd11acc362166f47ff0f98148d5eea62845deed5ebbae8bd8bcb5c46cfa91e1"}, @ibss={0x6, 0x2, 0x1}, @supported_rates={0x1, 0x2, [{0x4}, {0xc}]}]}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8, 0xcb, 0x7fffffff}, @NL80211_ATTR_TDLS_INITIATOR={0x4}]}, 0x144}, 0x1, 0x0, 0x0, 0x20000004}, 0x4) recvfrom(r0, &(0x7f0000000480)=""/110, 0xfffffe32, 0x734, 0x0, 0xffffffffffffff39) 01:16:05 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(0xffffffffffffffff, 0x800c6613, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x800002, 0x12, r0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r1, &(0x7f000099e000)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$inet_tcp_int(r1, 0x6, 0x19, &(0x7f0000000000)=0x20, 0x4) sendto$inet(r1, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) ioctl$LOOP_GET_STATUS(0xffffffffffffffff, 0x125e, &(0x7f0000000080)) sendmsg$NL80211_CMD_TDLS_MGMT(r1, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000180)={0x160, 0x0, 0x100, 0x70bd2b, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xc, 0x2a, [@mesh_chsw={0x76, 0x6, {0x4, 0x26, 0x3d, 0x6}}]}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8}, @NL80211_ATTR_IE={0x11e, 0x2a, [@mesh_id={0x72, 0x6}, @ht={0x2d, 0x1a, {0x8, 0x0, 0x1, 0x0, {0x3, 0x1, 0x0, 0x40, 0x0, 0x0, 0x0, 0x3, 0x1}, 0x8, 0x2, 0x2}}, @random_vendor={0xdd, 0xec, "5d4436042fb01afc776f15e249f78a5aa575849e3f8dfaf15c31ab8e96bc93a802a07f9a061d42824f799da013af85391831c9d4d7763587719e0a866b6530d86eec17b03908316c3b2f349db78ce75136f0513d4f0ded6c486518591507ef48244207ef1a137875c55b2461f29fc321232d421909e2e0b878d23b226b9204813abfd58338df63ec0f3a0aa1df08f6ee238f250e1f1517a9491032c8aeef45e3096f8c60fe39eb45570a9ed2a19c2671080fb03c84672b7a6d0050f45aaa2e93af2224c4b60edddc2d45831dacd11acc362166f47ff0f98148d5eea62845deed5ebbae8bd8bcb5c46cfa91e1"}, @ibss={0x6, 0x2, 0x1}, @supported_rates={0x1, 0x2, [{0x4}, {0xc}]}]}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8}, @NL80211_ATTR_TDLS_INITIATOR={0x4}]}, 0x160}, 0x1, 0x0, 0x0, 0x20000004}, 0x4) recvfrom(r1, &(0x7f0000000480)=""/110, 0xfffffe32, 0x734, 0x0, 0xffffffffffffff39) 01:16:05 executing program 0: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000400000000300000030fe00000f000000000000000200000002000000008000000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000000140)="ed41000000000000dbf4655fdcf4655fdcf4655f0000000000000400080000000000000005000000080000000000000000000000000000000000000000000000bb", 0x41, 0x4200}], 0x0, &(0x7f0000013a00)) 01:16:05 executing program 2: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x48501, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="200000004000000003000000300000000f000000000000000200000002000000008000000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000000140)="ed41000000000000dbf4655fdcf4655fdcf4655f0000000000000400080000000000000005000000080000000000000000000000000000000000000000000000bbb453d966251f49b1ab9b5b4d3c3f8ccc23b5d09ae234926a1e667ee0255913fede62ba578c07a711", 0x69, 0x4200}], 0x0, &(0x7f0000013a00)) [ 221.253768][T21332] loop4: p1 p2 p3 p4 [ 221.283382][T21332] loop4: p1 size 11290111 extends beyond EOD, truncated [ 221.300874][T21395] loop2: detected capacity change from 0 to 578 [ 221.331826][T21398] FAULT_INJECTION: forcing a failure. [ 221.331826][T21398] name failslab, interval 1, probability 0, space 0, times 0 [ 221.344517][T21398] CPU: 0 PID: 21398 Comm: syz-executor.5 Tainted: G W 5.14.0-syzkaller #0 [ 221.354317][T21398] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 221.364364][T21398] Call Trace: [ 221.367639][T21398] dump_stack_lvl+0xb7/0x103 [ 221.372238][T21398] dump_stack+0x11/0x1a [ 221.376439][T21398] should_fail+0x23c/0x250 [ 221.380836][T21398] ? kmalloc_array+0x2d/0x40 [ 221.385552][T21398] __should_failslab+0x81/0x90 [ 221.390298][T21398] should_failslab+0x5/0x20 [ 221.394795][T21398] __kmalloc+0x66/0x340 [ 221.398933][T21398] ? ktime_get_coarse_real_ts64+0x10d/0x120 [ 221.404951][T21398] ? splice_from_pipe+0xc0/0xc0 [ 221.410146][T21398] kmalloc_array+0x2d/0x40 [ 221.414577][T21398] iter_file_splice_write+0xc6/0x750 [ 221.429956][T21398] ? atime_needs_update+0x239/0x390 [ 221.435472][T21398] ? touch_atime+0xcf/0x240 [ 221.439963][T21398] ? generic_file_splice_read+0x286/0x310 [ 221.445669][T21398] ? splice_from_pipe+0xc0/0xc0 [ 221.450588][T21398] direct_splice_actor+0x80/0xa0 [ 221.455688][T21398] splice_direct_to_actor+0x345/0x650 [ 221.461094][T21398] ? do_splice_direct+0x170/0x170 [ 221.466104][T21398] do_splice_direct+0xf5/0x170 [ 221.470878][T21398] do_sendfile+0x618/0xb90 [ 221.475291][T21398] __x64_sys_sendfile64+0xf2/0x130 [ 221.480392][T21398] do_syscall_64+0x3d/0x90 [ 221.484834][T21398] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 221.490720][T21398] RIP: 0033:0x4665f9 [ 221.494664][T21398] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 221.514557][T21398] RSP: 002b:00007f439350a188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 221.522951][T21398] RAX: ffffffffffffffda RBX: 000000000056c038 RCX: 00000000004665f9 [ 221.531006][T21398] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000004 [ 221.539325][T21398] RBP: 00007f439350a1d0 R08: 0000000000000000 R09: 0000000000000000 [ 221.547275][T21398] R10: 0008000000000004 R11: 0000000000000246 R12: 0000000000000002 [ 221.555230][T21398] R13: 00007ffeba6dfb3f R14: 00007f439350a300 R15: 0000000000022000 [ 221.566303][T21332] loop4: p2 size 1073872896 extends beyond EOD, truncated [ 221.587805][T21332] loop4: p3 size 1912633224 extends beyond EOD, truncated [ 221.600304][T21332] loop4: p4 size 3657465856 extends beyond EOD, truncated [ 221.608583][T21395] EXT4-fs error (device loop2): __ext4_iget:4846: inode #2: block 3646141627: comm syz-executor.2: invalid block [ 221.620785][T21395] EXT4-fs (loop2): get root inode failed [ 221.626572][T21395] EXT4-fs (loop2): mount failed 01:16:05 executing program 4: syz_read_part_table(0xd1060000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000000)="020181ffffff0a000000ff45ac0000ffffffa9000800000000000000024000ffffff82000000e10000008877007200300700a6ffffff00000000008000da55aa", 0x40, 0x1c0}]) 01:16:05 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(0xffffffffffffffff, 0x800c6613, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x800002, 0x12, r0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r1, &(0x7f000099e000)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$inet_tcp_int(r1, 0x6, 0x19, &(0x7f0000000000)=0x20, 0x4) sendto$inet(r1, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) ioctl$LOOP_GET_STATUS(0xffffffffffffffff, 0x125e, &(0x7f0000000080)) sendmsg$NL80211_CMD_TDLS_MGMT(r1, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000180)={0x160, 0x0, 0x100, 0x70bd2b, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xc, 0x2a, [@mesh_chsw={0x76, 0x6, {0x4, 0x26, 0x3d, 0x6}}]}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8}, @NL80211_ATTR_IE={0x11e, 0x2a, [@mesh_id={0x72, 0x6}, @ht={0x2d, 0x1a, {0x8, 0x0, 0x1, 0x0, {0x3, 0x1, 0x0, 0x40, 0x0, 0x0, 0x0, 0x3, 0x1}, 0x8, 0x2, 0x2}}, @random_vendor={0xdd, 0xec, "5d4436042fb01afc776f15e249f78a5aa575849e3f8dfaf15c31ab8e96bc93a802a07f9a061d42824f799da013af85391831c9d4d7763587719e0a866b6530d86eec17b03908316c3b2f349db78ce75136f0513d4f0ded6c486518591507ef48244207ef1a137875c55b2461f29fc321232d421909e2e0b878d23b226b9204813abfd58338df63ec0f3a0aa1df08f6ee238f250e1f1517a9491032c8aeef45e3096f8c60fe39eb45570a9ed2a19c2671080fb03c84672b7a6d0050f45aaa2e93af2224c4b60edddc2d45831dacd11acc362166f47ff0f98148d5eea62845deed5ebbae8bd8bcb5c46cfa91e1"}, @ibss={0x6, 0x2, 0x1}, @supported_rates={0x1, 0x2, [{0x4}, {0xc}]}]}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8}, @NL80211_ATTR_TDLS_INITIATOR={0x4}]}, 0x160}, 0x1, 0x0, 0x0, 0x20000004}, 0x4) recvfrom(r1, &(0x7f0000000480)=""/110, 0xfffffe32, 0x734, 0x0, 0xffffffffffffff39) 01:16:05 executing program 1: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f000099e000)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$inet_tcp_int(r0, 0x6, 0x19, &(0x7f0000000000)=0x20, 0x4) sendto$inet(r0, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) sendmsg$NL80211_CMD_TDLS_MGMT(r0, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000180)={0x144, 0x0, 0x100, 0x70bd2b, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xc, 0x2a, [@mesh_chsw={0x76, 0x6, {0x4, 0x26, 0x3d, 0x6}}]}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8}, @NL80211_ATTR_IE={0x102, 0x2a, [@mesh_id={0x72, 0x6}, @random_vendor={0xdd, 0xec, "5d4436042fb01afc776f15e249f78a5aa575849e3f8dfaf15c31ab8e96bc93a802a07f9a061d42824f799da013af85391831c9d4d7763587719e0a866b6530d86eec17b03908316c3b2f349db78ce75136f0513d4f0ded6c486518591507ef48244207ef1a137875c55b2461f29fc321232d421909e2e0b878d23b226b9204813abfd58338df63ec0f3a0aa1df08f6ee238f250e1f1517a9491032c8aeef45e3096f8c60fe39eb45570a9ed2a19c2671080fb03c84672b7a6d0050f45aaa2e93af2224c4b60edddc2d45831dacd11acc362166f47ff0f98148d5eea62845deed5ebbae8bd8bcb5c46cfa91e1"}, @ibss={0x6, 0x2, 0x1}, @supported_rates={0x1, 0x2, [{0x4}, {0xc}]}]}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8, 0xcb, 0x7fffffff}, @NL80211_ATTR_TDLS_INITIATOR={0x4}]}, 0x144}, 0x1, 0x0, 0x0, 0x20000004}, 0x4) recvfrom(r0, &(0x7f0000000480)=""/110, 0xfffffe32, 0x734, 0x0, 0xffffffffffffff39) 01:16:05 executing program 0: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="200000004000000003000000300402000f000000000000000200000002000000008000000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000000140)="ed41000000000000dbf4655fdcf4655fdcf4655f0000000000000400080000000000000005000000080000000000000000000000000000000000000000000000bb", 0x41, 0x4200}], 0x0, &(0x7f0000013a00)) 01:16:06 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(0xffffffffffffffff, 0x800c6613, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x800002, 0x12, r0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r1, &(0x7f000099e000)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$inet_tcp_int(r1, 0x6, 0x19, &(0x7f0000000000)=0x20, 0x4) sendto$inet(r1, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) ioctl$LOOP_GET_STATUS(0xffffffffffffffff, 0x125e, &(0x7f0000000080)) sendmsg$NL80211_CMD_TDLS_MGMT(r1, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000180)={0x154, 0x0, 0x100, 0x70bd2b, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xc, 0x2a, [@mesh_chsw={0x76, 0x6, {0x4, 0x26, 0x3d, 0x6}}]}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8}, @NL80211_ATTR_IE={0x11e, 0x2a, [@mesh_id={0x72, 0x6}, @ht={0x2d, 0x1a, {0x8, 0x0, 0x1, 0x0, {0x3, 0x1, 0x0, 0x40, 0x0, 0x0, 0x0, 0x3, 0x1}, 0x8, 0x2, 0x2}}, @random_vendor={0xdd, 0xec, "5d4436042fb01afc776f15e249f78a5aa575849e3f8dfaf15c31ab8e96bc93a802a07f9a061d42824f799da013af85391831c9d4d7763587719e0a866b6530d86eec17b03908316c3b2f349db78ce75136f0513d4f0ded6c486518591507ef48244207ef1a137875c55b2461f29fc321232d421909e2e0b878d23b226b9204813abfd58338df63ec0f3a0aa1df08f6ee238f250e1f1517a9491032c8aeef45e3096f8c60fe39eb45570a9ed2a19c2671080fb03c84672b7a6d0050f45aaa2e93af2224c4b60edddc2d45831dacd11acc362166f47ff0f98148d5eea62845deed5ebbae8bd8bcb5c46cfa91e1"}, @ibss={0x6, 0x2, 0x1}, @supported_rates={0x1, 0x2, [{0x4}, {0xc}]}]}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8, 0xcb, 0x7fffffff}, @NL80211_ATTR_TDLS_INITIATOR={0x4}]}, 0x154}, 0x1, 0x0, 0x0, 0x20000004}, 0x4) recvfrom(r1, &(0x7f0000000480)=""/110, 0xfffffe32, 0x734, 0x0, 0xffffffffffffff39) 01:16:06 executing program 0: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="200000004000000003000000300003000f000000000000000200000002000000008000000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000000140)="ed41000000000000dbf4655fdcf4655fdcf4655f0000000000000400080000000000000005000000080000000000000000000000000000000000000000000000bb", 0x41, 0x4200}], 0x0, &(0x7f0000013a00)) 01:16:06 executing program 1: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f000099e000)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$inet_tcp_int(r0, 0x6, 0x19, &(0x7f0000000000)=0x20, 0x4) sendto$inet(r0, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) sendmsg$NL80211_CMD_TDLS_MGMT(r0, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000180)={0x160, 0x0, 0x100, 0x70bd2b, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xc, 0x2a, [@mesh_chsw={0x76, 0x6, {0x4, 0x26, 0x3d, 0x6}}]}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8}, @NL80211_ATTR_IE={0x11e, 0x2a, [@mesh_id={0x72, 0x6}, @ht={0x2d, 0x1a, {0x0, 0x0, 0x1, 0x0, {0x3, 0x1, 0x0, 0x40, 0x0, 0x0, 0x0, 0x3, 0x1}, 0x8, 0x2, 0x2}}, @random_vendor={0xdd, 0xec, "5d4436042fb01afc776f15e249f78a5aa575849e3f8dfaf15c31ab8e96bc93a802a07f9a061d42824f799da013af85391831c9d4d7763587719e0a866b6530d86eec17b03908316c3b2f349db78ce75136f0513d4f0ded6c486518591507ef48244207ef1a137875c55b2461f29fc321232d421909e2e0b878d23b226b9204813abfd58338df63ec0f3a0aa1df08f6ee238f250e1f1517a9491032c8aeef45e3096f8c60fe39eb45570a9ed2a19c2671080fb03c84672b7a6d0050f45aaa2e93af2224c4b60edddc2d45831dacd11acc362166f47ff0f98148d5eea62845deed5ebbae8bd8bcb5c46cfa91e1"}, @ibss={0x6, 0x2, 0x1}, @supported_rates={0x1, 0x2, [{0x4}, {0xc}]}]}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8, 0xcb, 0x7fffffff}, @NL80211_ATTR_TDLS_INITIATOR={0x4}]}, 0x160}, 0x1, 0x0, 0x0, 0x20000004}, 0x4) recvfrom(r0, &(0x7f0000000480)=""/110, 0xfffffe32, 0x734, 0x0, 0xffffffffffffff39) [ 221.804624][T21434] loop4: detected capacity change from 0 to 264192 [ 221.816833][T21395] loop2: detected capacity change from 0 to 578 [ 221.844335][T21395] EXT4-fs error (device loop2): __ext4_iget:4846: inode #2: block 3646141627: comm syz-executor.2: invalid block [ 221.856297][T21395] EXT4-fs (loop2): get root inode failed [ 221.861931][T21395] EXT4-fs (loop2): mount failed [ 221.913477][T21034] loop4: p1 p2 p3 p4 [ 221.917848][T21034] loop4: p1 size 11290111 extends beyond EOD, truncated [ 221.947768][T21034] loop4: p2 size 1073872896 extends beyond EOD, truncated [ 221.958269][T21034] loop4: p3 size 1912633224 extends beyond EOD, truncated [ 221.968163][T21034] loop4: p4 size 3657465856 extends beyond EOD, truncated [ 221.978378][T21434] loop4: p1 p2 p3 p4 [ 221.982582][T21434] loop4: p1 size 11290111 extends beyond EOD, truncated [ 221.992732][T21434] loop4: p2 size 1073872896 extends beyond EOD, truncated [ 222.000829][T21434] loop4: p3 size 1912633224 extends beyond EOD, truncated [ 222.008872][T21434] loop4: p4 size 3657465856 extends beyond EOD, truncated 01:16:06 executing program 5 (fault-call:7 fault-nth:41): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x7a05, 0x1700) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) write$cgroup_int(r2, &(0x7f0000000200), 0xf000) pwrite64(0xffffffffffffffff, 0x0, 0x0, 0x0) sendfile(r2, r3, 0x0, 0xf03b0000) sendfile(r1, r0, 0x0, 0x8000000000004) 01:16:06 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(0xffffffffffffffff, 0x800c6613, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x800002, 0x12, r0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r1, &(0x7f000099e000)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$inet_tcp_int(r1, 0x6, 0x19, &(0x7f0000000000)=0x20, 0x4) sendto$inet(r1, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) ioctl$LOOP_GET_STATUS(0xffffffffffffffff, 0x125e, &(0x7f0000000080)) sendmsg$NL80211_CMD_TDLS_MGMT(r1, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000180)={0x154, 0x0, 0x100, 0x70bd2b, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xc, 0x2a, [@mesh_chsw={0x76, 0x6, {0x4, 0x26, 0x3d, 0x6}}]}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8}, @NL80211_ATTR_IE={0x11e, 0x2a, [@mesh_id={0x72, 0x6}, @ht={0x2d, 0x1a, {0x8, 0x0, 0x1, 0x0, {0x3, 0x1, 0x0, 0x40, 0x0, 0x0, 0x0, 0x3, 0x1}, 0x8, 0x2, 0x2}}, @random_vendor={0xdd, 0xec, "5d4436042fb01afc776f15e249f78a5aa575849e3f8dfaf15c31ab8e96bc93a802a07f9a061d42824f799da013af85391831c9d4d7763587719e0a866b6530d86eec17b03908316c3b2f349db78ce75136f0513d4f0ded6c486518591507ef48244207ef1a137875c55b2461f29fc321232d421909e2e0b878d23b226b9204813abfd58338df63ec0f3a0aa1df08f6ee238f250e1f1517a9491032c8aeef45e3096f8c60fe39eb45570a9ed2a19c2671080fb03c84672b7a6d0050f45aaa2e93af2224c4b60edddc2d45831dacd11acc362166f47ff0f98148d5eea62845deed5ebbae8bd8bcb5c46cfa91e1"}, @ibss={0x6, 0x2, 0x1}, @supported_rates={0x1, 0x2, [{0x4}, {0xc}]}]}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8, 0xcb, 0x7fffffff}, @NL80211_ATTR_TDLS_INITIATOR={0x4}]}, 0x154}, 0x1, 0x0, 0x0, 0x20000004}, 0x4) recvfrom(r1, &(0x7f0000000480)=""/110, 0xfffffe32, 0x734, 0x0, 0xffffffffffffff39) 01:16:06 executing program 0: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="200000004000000003000000300204000f000000000000000200000002000000008000000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000000140)="ed41000000000000dbf4655fdcf4655fdcf4655f0000000000000400080000000000000005000000080000000000000000000000000000000000000000000000bb", 0x41, 0x4200}], 0x0, &(0x7f0000013a00)) 01:16:06 executing program 1: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f000099e000)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$inet_tcp_int(r0, 0x6, 0x19, &(0x7f0000000000)=0x20, 0x4) sendto$inet(r0, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) sendmsg$NL80211_CMD_TDLS_MGMT(r0, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000180)={0x160, 0x0, 0x100, 0x70bd2b, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xc, 0x2a, [@mesh_chsw={0x76, 0x6, {0x4, 0x26, 0x3d, 0x6}}]}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8}, @NL80211_ATTR_IE={0x11e, 0x2a, [@mesh_id={0x72, 0x6}, @ht={0x2d, 0x1a, {0x0, 0x0, 0x1, 0x0, {0x3, 0x1, 0x0, 0x40, 0x0, 0x0, 0x0, 0x3, 0x1}, 0x8, 0x2, 0x2}}, @random_vendor={0xdd, 0xec, "5d4436042fb01afc776f15e249f78a5aa575849e3f8dfaf15c31ab8e96bc93a802a07f9a061d42824f799da013af85391831c9d4d7763587719e0a866b6530d86eec17b03908316c3b2f349db78ce75136f0513d4f0ded6c486518591507ef48244207ef1a137875c55b2461f29fc321232d421909e2e0b878d23b226b9204813abfd58338df63ec0f3a0aa1df08f6ee238f250e1f1517a9491032c8aeef45e3096f8c60fe39eb45570a9ed2a19c2671080fb03c84672b7a6d0050f45aaa2e93af2224c4b60edddc2d45831dacd11acc362166f47ff0f98148d5eea62845deed5ebbae8bd8bcb5c46cfa91e1"}, @ibss={0x6, 0x2, 0x1}, @supported_rates={0x1, 0x2, [{0x4}, {0xc}]}]}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8, 0xcb, 0x7fffffff}, @NL80211_ATTR_TDLS_INITIATOR={0x4}]}, 0x160}, 0x1, 0x0, 0x0, 0x20000004}, 0x4) recvfrom(r0, &(0x7f0000000480)=""/110, 0xfffffe32, 0x734, 0x0, 0xffffffffffffff39) 01:16:06 executing program 2: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x48a01, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="200000004000000003000000300000000f000000000000000200000002000000008000000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000000140)="ed41000000000000dbf4655fdcf4655fdcf4655f0000000000000400080000000000000005000000080000000000000000000000000000000000000000000000bbb453d966251f49b1ab9b5b4d3c3f8ccc23b5d09ae234926a1e667ee0255913fede62ba578c07a711", 0x69, 0x4200}], 0x0, &(0x7f0000013a00)) 01:16:06 executing program 4: syz_read_part_table(0xd2060000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000000)="020181ffffff0a000000ff45ac0000ffffffa9000800000000000000024000ffffff82000000e10000008877007200300700a6ffffff00000000008000da55aa", 0x40, 0x1c0}]) [ 222.159377][T21484] loop2: detected capacity change from 0 to 581 [ 222.171565][T21485] loop4: detected capacity change from 0 to 264192 [ 222.191393][T21486] FAULT_INJECTION: forcing a failure. [ 222.191393][T21486] name failslab, interval 1, probability 0, space 0, times 0 [ 222.204043][T21486] CPU: 0 PID: 21486 Comm: syz-executor.5 Tainted: G W 5.14.0-syzkaller #0 [ 222.214407][T21486] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 222.224790][T21486] Call Trace: [ 222.228061][T21486] dump_stack_lvl+0xb7/0x103 [ 222.232641][T21486] dump_stack+0x11/0x1a [ 222.236777][T21486] should_fail+0x23c/0x250 [ 222.241175][T21486] __should_failslab+0x81/0x90 [ 222.246004][T21486] ? __iomap_dio_rw+0xf2/0xa60 [ 222.250952][T21486] should_failslab+0x5/0x20 [ 222.255526][T21486] kmem_cache_alloc_trace+0x49/0x310 [ 222.260991][T21486] __iomap_dio_rw+0xf2/0xa60 [ 222.265567][T21486] ? ext4_es_lookup_extent+0x36b/0x490 [ 222.271042][T21486] ? ktime_get_coarse_real_ts64+0x10d/0x120 [ 222.276949][T21486] ? file_update_time+0x1bd/0x3e0 [ 222.282014][T21486] iomap_dio_rw+0x30/0x70 [ 222.286445][T21486] ext4_file_write_iter+0xa5e/0x11a0 [ 222.291718][T21486] do_iter_readv_writev+0x2cd/0x370 [ 222.296904][T21486] do_iter_write+0x192/0x5c0 [ 222.301495][T21486] ? splice_from_pipe_next+0x34f/0x3b0 [ 222.307294][T21486] ? kmalloc_array+0x2d/0x40 [ 222.312136][T21486] vfs_iter_write+0x4c/0x70 [ 222.316902][T21486] iter_file_splice_write+0x40a/0x750 [ 222.322311][T21486] ? splice_from_pipe+0xc0/0xc0 [ 222.327146][T21486] direct_splice_actor+0x80/0xa0 [ 222.332179][T21486] splice_direct_to_actor+0x345/0x650 [ 222.337632][T21486] ? do_splice_direct+0x170/0x170 [ 222.342742][T21486] do_splice_direct+0xf5/0x170 [ 222.347569][T21486] do_sendfile+0x618/0xb90 [ 222.352020][T21486] __x64_sys_sendfile64+0xf2/0x130 [ 222.357165][T21486] do_syscall_64+0x3d/0x90 [ 222.361564][T21486] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 222.368004][T21486] RIP: 0033:0x4665f9 [ 222.371880][T21486] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 222.391471][T21486] RSP: 002b:00007f439350a188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 222.400210][T21486] RAX: ffffffffffffffda RBX: 000000000056c038 RCX: 00000000004665f9 01:16:06 executing program 1: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f000099e000)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$inet_tcp_int(r0, 0x6, 0x19, &(0x7f0000000000)=0x20, 0x4) sendto$inet(r0, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) sendmsg$NL80211_CMD_TDLS_MGMT(r0, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000180)={0x160, 0x0, 0x100, 0x70bd2b, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xc, 0x2a, [@mesh_chsw={0x76, 0x6, {0x4, 0x26, 0x3d, 0x6}}]}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8}, @NL80211_ATTR_IE={0x11e, 0x2a, [@mesh_id={0x72, 0x6}, @ht={0x2d, 0x1a, {0x0, 0x0, 0x1, 0x0, {0x3, 0x1, 0x0, 0x40, 0x0, 0x0, 0x0, 0x3, 0x1}, 0x8, 0x2, 0x2}}, @random_vendor={0xdd, 0xec, "5d4436042fb01afc776f15e249f78a5aa575849e3f8dfaf15c31ab8e96bc93a802a07f9a061d42824f799da013af85391831c9d4d7763587719e0a866b6530d86eec17b03908316c3b2f349db78ce75136f0513d4f0ded6c486518591507ef48244207ef1a137875c55b2461f29fc321232d421909e2e0b878d23b226b9204813abfd58338df63ec0f3a0aa1df08f6ee238f250e1f1517a9491032c8aeef45e3096f8c60fe39eb45570a9ed2a19c2671080fb03c84672b7a6d0050f45aaa2e93af2224c4b60edddc2d45831dacd11acc362166f47ff0f98148d5eea62845deed5ebbae8bd8bcb5c46cfa91e1"}, @ibss={0x6, 0x2, 0x1}, @supported_rates={0x1, 0x2, [{0x4}, {0xc}]}]}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8, 0xcb, 0x7fffffff}, @NL80211_ATTR_TDLS_INITIATOR={0x4}]}, 0x160}, 0x1, 0x0, 0x0, 0x20000004}, 0x4) recvfrom(r0, &(0x7f0000000480)=""/110, 0xfffffe32, 0x734, 0x0, 0xffffffffffffff39) 01:16:06 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(0xffffffffffffffff, 0x800c6613, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x800002, 0x12, r0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r1, &(0x7f000099e000)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$inet_tcp_int(r1, 0x6, 0x19, &(0x7f0000000000)=0x20, 0x4) sendto$inet(r1, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) ioctl$LOOP_GET_STATUS(0xffffffffffffffff, 0x125e, &(0x7f0000000080)) sendmsg$NL80211_CMD_TDLS_MGMT(r1, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000180)={0x154, 0x0, 0x100, 0x70bd2b, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xc, 0x2a, [@mesh_chsw={0x76, 0x6, {0x4, 0x26, 0x3d, 0x6}}]}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8}, @NL80211_ATTR_IE={0x11e, 0x2a, [@mesh_id={0x72, 0x6}, @ht={0x2d, 0x1a, {0x8, 0x0, 0x1, 0x0, {0x3, 0x1, 0x0, 0x40, 0x0, 0x0, 0x0, 0x3, 0x1}, 0x8, 0x2, 0x2}}, @random_vendor={0xdd, 0xec, "5d4436042fb01afc776f15e249f78a5aa575849e3f8dfaf15c31ab8e96bc93a802a07f9a061d42824f799da013af85391831c9d4d7763587719e0a866b6530d86eec17b03908316c3b2f349db78ce75136f0513d4f0ded6c486518591507ef48244207ef1a137875c55b2461f29fc321232d421909e2e0b878d23b226b9204813abfd58338df63ec0f3a0aa1df08f6ee238f250e1f1517a9491032c8aeef45e3096f8c60fe39eb45570a9ed2a19c2671080fb03c84672b7a6d0050f45aaa2e93af2224c4b60edddc2d45831dacd11acc362166f47ff0f98148d5eea62845deed5ebbae8bd8bcb5c46cfa91e1"}, @ibss={0x6, 0x2, 0x1}, @supported_rates={0x1, 0x2, [{0x4}, {0xc}]}]}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8, 0xcb, 0x7fffffff}, @NL80211_ATTR_TDLS_INITIATOR={0x4}]}, 0x154}, 0x1, 0x0, 0x0, 0x20000004}, 0x4) recvfrom(r1, &(0x7f0000000480)=""/110, 0xfffffe32, 0x734, 0x0, 0xffffffffffffff39) 01:16:06 executing program 0: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="200000004000000003000000300604000f000000000000000200000002000000008000000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000000140)="ed41000000000000dbf4655fdcf4655fdcf4655f0000000000000400080000000000000005000000080000000000000000000000000000000000000000000000bb", 0x41, 0x4200}], 0x0, &(0x7f0000013a00)) [ 222.408500][T21486] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000004 [ 222.417431][T21486] RBP: 00007f439350a1d0 R08: 0000000000000000 R09: 0000000000000000 [ 222.425385][T21486] R10: 0008000000000004 R11: 0000000000000246 R12: 0000000000000002 [ 222.433597][T21486] R13: 00007ffeba6dfb3f R14: 00007f439350a300 R15: 0000000000022000 01:16:06 executing program 1: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f000099e000)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$inet_tcp_int(r0, 0x6, 0x19, &(0x7f0000000000)=0x20, 0x4) sendto$inet(r0, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) sendmsg$NL80211_CMD_TDLS_MGMT(r0, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000180)={0x160, 0x0, 0x100, 0x70bd2b, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xc, 0x2a, [@mesh_chsw={0x76, 0x6, {0x4, 0x26, 0x3d, 0x6}}]}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8}, @NL80211_ATTR_IE={0x11e, 0x2a, [@mesh_id={0x72, 0x6}, @ht={0x2d, 0x1a, {0x8, 0x0, 0x0, 0x0, {0x3, 0x1, 0x0, 0x40, 0x0, 0x0, 0x0, 0x3, 0x1}, 0x8, 0x2, 0x2}}, @random_vendor={0xdd, 0xec, "5d4436042fb01afc776f15e249f78a5aa575849e3f8dfaf15c31ab8e96bc93a802a07f9a061d42824f799da013af85391831c9d4d7763587719e0a866b6530d86eec17b03908316c3b2f349db78ce75136f0513d4f0ded6c486518591507ef48244207ef1a137875c55b2461f29fc321232d421909e2e0b878d23b226b9204813abfd58338df63ec0f3a0aa1df08f6ee238f250e1f1517a9491032c8aeef45e3096f8c60fe39eb45570a9ed2a19c2671080fb03c84672b7a6d0050f45aaa2e93af2224c4b60edddc2d45831dacd11acc362166f47ff0f98148d5eea62845deed5ebbae8bd8bcb5c46cfa91e1"}, @ibss={0x6, 0x2, 0x1}, @supported_rates={0x1, 0x2, [{0x4}, {0xc}]}]}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8, 0xcb, 0x7fffffff}, @NL80211_ATTR_TDLS_INITIATOR={0x4}]}, 0x160}, 0x1, 0x0, 0x0, 0x20000004}, 0x4) recvfrom(r0, &(0x7f0000000480)=""/110, 0xfffffe32, 0x734, 0x0, 0xffffffffffffff39) 01:16:06 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(0xffffffffffffffff, 0x800c6613, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x800002, 0x12, r0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r1, &(0x7f000099e000)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$inet_tcp_int(r1, 0x6, 0x19, &(0x7f0000000000)=0x20, 0x4) sendto$inet(r1, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) ioctl$LOOP_GET_STATUS(0xffffffffffffffff, 0x125e, &(0x7f0000000080)) sendmsg$NL80211_CMD_TDLS_MGMT(r1, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000180)={0x40, 0x0, 0x100, 0x70bd2b, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xc, 0x2a, [@mesh_chsw={0x76, 0x6, {0x4, 0x26, 0x3d, 0x6}}]}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8, 0xcb, 0x7fffffff}, @NL80211_ATTR_TDLS_INITIATOR={0x4}]}, 0x40}, 0x1, 0x0, 0x0, 0x20000004}, 0x4) recvfrom(r1, &(0x7f0000000480)=""/110, 0xfffffe32, 0x734, 0x0, 0xffffffffffffff39) 01:16:06 executing program 0: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="200000004000000003000000308004000f000000000000000200000002000000008000000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000000140)="ed41000000000000dbf4655fdcf4655fdcf4655f0000000000000400080000000000000005000000080000000000000000000000000000000000000000000000bb", 0x41, 0x4200}], 0x0, &(0x7f0000013a00)) [ 222.518732][T21485] loop4: p1 p2 p3 p4 [ 222.523535][T21485] loop4: p1 size 11290111 extends beyond EOD, truncated [ 222.578342][T21485] loop4: p2 size 1073872896 extends beyond EOD, truncated [ 222.623206][T21485] loop4: p3 size 1912633224 extends beyond EOD, truncated [ 222.644460][T21485] loop4: p4 size 3657465856 extends beyond EOD, truncated [ 222.654532][T21484] EXT4-fs error (device loop2): __ext4_iget:4846: inode #2: block 3646141627: comm syz-executor.2: invalid block [ 222.666768][T21484] EXT4-fs (loop2): get root inode failed [ 222.672397][T21484] EXT4-fs (loop2): mount failed [ 222.713478][T21485] loop4: detected capacity change from 0 to 264192 [ 222.732279][T21484] loop2: detected capacity change from 0 to 581 [ 222.764726][T21484] EXT4-fs error (device loop2): __ext4_iget:4846: inode #2: block 3646141627: comm syz-executor.2: invalid block [ 222.776858][T21484] EXT4-fs (loop2): get root inode failed [ 222.782501][T21484] EXT4-fs (loop2): mount failed [ 222.794171][T21485] loop4: p1 p2 p3 p4 [ 222.798896][T21485] loop4: p1 size 11290111 extends beyond EOD, truncated [ 222.806948][T21485] loop4: p2 size 1073872896 extends beyond EOD, truncated [ 222.815345][T21485] loop4: p3 size 1912633224 extends beyond EOD, truncated [ 222.823759][T21485] loop4: p4 size 3657465856 extends beyond EOD, truncated 01:16:07 executing program 5 (fault-call:7 fault-nth:42): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x7a05, 0x1700) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) write$cgroup_int(r2, &(0x7f0000000200), 0xf000) pwrite64(0xffffffffffffffff, 0x0, 0x0, 0x0) sendfile(r2, r3, 0x0, 0xf03b0000) sendfile(r1, r0, 0x0, 0x8000000000004) 01:16:07 executing program 1: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f000099e000)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$inet_tcp_int(r0, 0x6, 0x19, &(0x7f0000000000)=0x20, 0x4) sendto$inet(r0, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) sendmsg$NL80211_CMD_TDLS_MGMT(r0, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000180)={0x160, 0x0, 0x100, 0x70bd2b, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xc, 0x2a, [@mesh_chsw={0x76, 0x6, {0x4, 0x26, 0x3d, 0x6}}]}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8}, @NL80211_ATTR_IE={0x11e, 0x2a, [@mesh_id={0x72, 0x6}, @ht={0x2d, 0x1a, {0x8, 0x0, 0x0, 0x0, {0x3, 0x1, 0x0, 0x40, 0x0, 0x0, 0x0, 0x3, 0x1}, 0x8, 0x2, 0x2}}, @random_vendor={0xdd, 0xec, "5d4436042fb01afc776f15e249f78a5aa575849e3f8dfaf15c31ab8e96bc93a802a07f9a061d42824f799da013af85391831c9d4d7763587719e0a866b6530d86eec17b03908316c3b2f349db78ce75136f0513d4f0ded6c486518591507ef48244207ef1a137875c55b2461f29fc321232d421909e2e0b878d23b226b9204813abfd58338df63ec0f3a0aa1df08f6ee238f250e1f1517a9491032c8aeef45e3096f8c60fe39eb45570a9ed2a19c2671080fb03c84672b7a6d0050f45aaa2e93af2224c4b60edddc2d45831dacd11acc362166f47ff0f98148d5eea62845deed5ebbae8bd8bcb5c46cfa91e1"}, @ibss={0x6, 0x2, 0x1}, @supported_rates={0x1, 0x2, [{0x4}, {0xc}]}]}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8, 0xcb, 0x7fffffff}, @NL80211_ATTR_TDLS_INITIATOR={0x4}]}, 0x160}, 0x1, 0x0, 0x0, 0x20000004}, 0x4) recvfrom(r0, &(0x7f0000000480)=""/110, 0xfffffe32, 0x734, 0x0, 0xffffffffffffff39) 01:16:07 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(0xffffffffffffffff, 0x800c6613, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x800002, 0x12, r0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r1, &(0x7f000099e000)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$inet_tcp_int(r1, 0x6, 0x19, &(0x7f0000000000)=0x20, 0x4) sendto$inet(r1, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) ioctl$LOOP_GET_STATUS(0xffffffffffffffff, 0x125e, &(0x7f0000000080)) sendmsg$NL80211_CMD_TDLS_MGMT(r1, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000180)={0x40, 0x0, 0x100, 0x70bd2b, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xc, 0x2a, [@mesh_chsw={0x76, 0x6, {0x4, 0x26, 0x3d, 0x6}}]}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8, 0xcb, 0x7fffffff}, @NL80211_ATTR_TDLS_INITIATOR={0x4}]}, 0x40}, 0x1, 0x0, 0x0, 0x20000004}, 0x4) recvfrom(r1, &(0x7f0000000480)=""/110, 0xfffffe32, 0x734, 0x0, 0xffffffffffffff39) 01:16:07 executing program 0: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="200000004000000003000000300005000f000000000000000200000002000000008000000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000000140)="ed41000000000000dbf4655fdcf4655fdcf4655f0000000000000400080000000000000005000000080000000000000000000000000000000000000000000000bb", 0x41, 0x4200}], 0x0, &(0x7f0000013a00)) 01:16:07 executing program 2: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x48a02, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="200000004000000003000000300000000f000000000000000200000002000000008000000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000000140)="ed41000000000000dbf4655fdcf4655fdcf4655f0000000000000400080000000000000005000000080000000000000000000000000000000000000000000000bbb453d966251f49b1ab9b5b4d3c3f8ccc23b5d09ae234926a1e667ee0255913fede62ba578c07a711", 0x69, 0x4200}], 0x0, &(0x7f0000013a00)) 01:16:07 executing program 4: syz_read_part_table(0xd3060000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000000)="020181ffffff0a000000ff45ac0000ffffffa9000800000000000000024000ffffff82000000e10000008877007200300700a6ffffff00000000008000da55aa", 0x40, 0x1c0}]) [ 222.979008][T21555] loop2: detected capacity change from 0 to 581 [ 223.033719][T21567] loop4: detected capacity change from 0 to 264192 [ 223.041380][T21566] FAULT_INJECTION: forcing a failure. [ 223.041380][T21566] name failslab, interval 1, probability 0, space 0, times 0 [ 223.054881][T21566] CPU: 0 PID: 21566 Comm: syz-executor.5 Tainted: G W 5.14.0-syzkaller #0 [ 223.064690][T21566] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 223.074915][T21566] Call Trace: [ 223.078192][T21566] dump_stack_lvl+0xb7/0x103 [ 223.082958][T21566] dump_stack+0x11/0x1a [ 223.087293][T21566] should_fail+0x23c/0x250 [ 223.091727][T21566] ? mempool_alloc_slab+0x16/0x20 [ 223.096815][T21566] __should_failslab+0x81/0x90 [ 223.101556][T21566] should_failslab+0x5/0x20 [ 223.106127][T21566] kmem_cache_alloc+0x46/0x2e0 [ 223.110875][T21566] mempool_alloc_slab+0x16/0x20 [ 223.115721][T21566] ? mempool_free+0x130/0x130 [ 223.120375][T21566] mempool_alloc+0x8c/0x300 [ 223.124893][T21566] ? ext4_inode_block_valid+0x1cc/0x210 [ 223.130491][T21566] bio_alloc_bioset+0xcc/0x530 [ 223.135310][T21566] ? iov_iter_alignment+0x34b/0x370 [ 223.140493][T21566] iomap_dio_bio_actor+0x511/0xb50 [ 223.145853][T21566] ? ext4_iomap_begin+0x5d1/0x620 [ 223.150870][T21566] iomap_dio_actor+0x26e/0x3b0 [ 223.155672][T21566] ? ext4_iomap_overwrite_begin+0x5e/0x80 [ 223.161671][T21566] iomap_apply+0x1df/0x400 [ 223.166083][T21566] __iomap_dio_rw+0x62e/0xa60 [ 223.170747][T21566] ? __iomap_dio_rw+0xa60/0xa60 [ 223.175649][T21566] iomap_dio_rw+0x30/0x70 [ 223.180081][T21566] ext4_file_write_iter+0xa5e/0x11a0 [ 223.185411][T21566] do_iter_readv_writev+0x2cd/0x370 [ 223.190750][T21566] do_iter_write+0x192/0x5c0 [ 223.195389][T21566] ? splice_from_pipe_next+0x34f/0x3b0 [ 223.200834][T21566] ? kmalloc_array+0x2d/0x40 [ 223.205402][T21566] vfs_iter_write+0x4c/0x70 [ 223.209956][T21566] iter_file_splice_write+0x40a/0x750 [ 223.215320][T21566] ? splice_from_pipe+0xc0/0xc0 [ 223.220155][T21566] direct_splice_actor+0x80/0xa0 [ 223.225178][T21566] splice_direct_to_actor+0x345/0x650 [ 223.230716][T21566] ? do_splice_direct+0x170/0x170 [ 223.235895][T21566] do_splice_direct+0xf5/0x170 [ 223.240668][T21566] do_sendfile+0x618/0xb90 [ 223.245150][T21566] __x64_sys_sendfile64+0xf2/0x130 [ 223.250294][T21566] do_syscall_64+0x3d/0x90 [ 223.254692][T21566] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 223.260566][T21566] RIP: 0033:0x4665f9 [ 223.264437][T21566] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 01:16:07 executing program 1: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f000099e000)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$inet_tcp_int(r0, 0x6, 0x19, &(0x7f0000000000)=0x20, 0x4) sendto$inet(r0, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) sendmsg$NL80211_CMD_TDLS_MGMT(r0, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000180)={0x160, 0x0, 0x100, 0x70bd2b, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xc, 0x2a, [@mesh_chsw={0x76, 0x6, {0x4, 0x26, 0x3d, 0x6}}]}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8}, @NL80211_ATTR_IE={0x11e, 0x2a, [@mesh_id={0x72, 0x6}, @ht={0x2d, 0x1a, {0x8, 0x0, 0x0, 0x0, {0x3, 0x1, 0x0, 0x40, 0x0, 0x0, 0x0, 0x3, 0x1}, 0x8, 0x2, 0x2}}, @random_vendor={0xdd, 0xec, "5d4436042fb01afc776f15e249f78a5aa575849e3f8dfaf15c31ab8e96bc93a802a07f9a061d42824f799da013af85391831c9d4d7763587719e0a866b6530d86eec17b03908316c3b2f349db78ce75136f0513d4f0ded6c486518591507ef48244207ef1a137875c55b2461f29fc321232d421909e2e0b878d23b226b9204813abfd58338df63ec0f3a0aa1df08f6ee238f250e1f1517a9491032c8aeef45e3096f8c60fe39eb45570a9ed2a19c2671080fb03c84672b7a6d0050f45aaa2e93af2224c4b60edddc2d45831dacd11acc362166f47ff0f98148d5eea62845deed5ebbae8bd8bcb5c46cfa91e1"}, @ibss={0x6, 0x2, 0x1}, @supported_rates={0x1, 0x2, [{0x4}, {0xc}]}]}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8, 0xcb, 0x7fffffff}, @NL80211_ATTR_TDLS_INITIATOR={0x4}]}, 0x160}, 0x1, 0x0, 0x0, 0x20000004}, 0x4) recvfrom(r0, &(0x7f0000000480)=""/110, 0xfffffe32, 0x734, 0x0, 0xffffffffffffff39) [ 223.284026][T21566] RSP: 002b:00007f439350a188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 223.292429][T21566] RAX: ffffffffffffffda RBX: 000000000056c038 RCX: 00000000004665f9 [ 223.300463][T21566] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000004 [ 223.308497][T21566] RBP: 00007f439350a1d0 R08: 0000000000000000 R09: 0000000000000000 [ 223.316569][T21566] R10: 0008000000000004 R11: 0000000000000246 R12: 0000000000000002 [ 223.324590][T21566] R13: 00007ffeba6dfb3f R14: 00007f439350a300 R15: 0000000000022000 01:16:07 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(0xffffffffffffffff, 0x800c6613, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x800002, 0x12, r0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r1, &(0x7f000099e000)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$inet_tcp_int(r1, 0x6, 0x19, &(0x7f0000000000)=0x20, 0x4) sendto$inet(r1, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) ioctl$LOOP_GET_STATUS(0xffffffffffffffff, 0x125e, &(0x7f0000000080)) sendmsg$NL80211_CMD_TDLS_MGMT(r1, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000180)={0x40, 0x0, 0x100, 0x70bd2b, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xc, 0x2a, [@mesh_chsw={0x76, 0x6, {0x4, 0x26, 0x3d, 0x6}}]}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8, 0xcb, 0x7fffffff}, @NL80211_ATTR_TDLS_INITIATOR={0x4}]}, 0x40}, 0x1, 0x0, 0x0, 0x20000004}, 0x4) recvfrom(r1, &(0x7f0000000480)=""/110, 0xfffffe32, 0x734, 0x0, 0xffffffffffffff39) 01:16:07 executing program 0: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="200000004000000003000000302e05000f000000000000000200000002000000008000000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000000140)="ed41000000000000dbf4655fdcf4655fdcf4655f0000000000000400080000000000000005000000080000000000000000000000000000000000000000000000bb", 0x41, 0x4200}], 0x0, &(0x7f0000013a00)) [ 223.348387][T21555] EXT4-fs error (device loop2): __ext4_iget:4846: inode #2: block 3646141627: comm syz-executor.2: invalid block [ 223.360330][T21555] EXT4-fs (loop2): get root inode failed [ 223.365988][T21555] EXT4-fs (loop2): mount failed [ 223.384706][T21567] loop4: p1 p2 p3 p4 [ 223.396951][T21567] loop4: p1 size 11290111 extends beyond EOD, truncated 01:16:07 executing program 1: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f000099e000)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$inet_tcp_int(r0, 0x6, 0x19, &(0x7f0000000000)=0x20, 0x4) sendto$inet(r0, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) sendmsg$NL80211_CMD_TDLS_MGMT(r0, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000180)={0x160, 0x0, 0x100, 0x70bd2b, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xc, 0x2a, [@mesh_chsw={0x76, 0x6, {0x4, 0x26, 0x3d, 0x6}}]}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8}, @NL80211_ATTR_IE={0x11e, 0x2a, [@mesh_id={0x72, 0x6}, @ht={0x2d, 0x1a, {0x8, 0x0, 0x1, 0x0, {0x0, 0x1, 0x0, 0x40, 0x0, 0x0, 0x0, 0x3, 0x1}, 0x8, 0x2, 0x2}}, @random_vendor={0xdd, 0xec, "5d4436042fb01afc776f15e249f78a5aa575849e3f8dfaf15c31ab8e96bc93a802a07f9a061d42824f799da013af85391831c9d4d7763587719e0a866b6530d86eec17b03908316c3b2f349db78ce75136f0513d4f0ded6c486518591507ef48244207ef1a137875c55b2461f29fc321232d421909e2e0b878d23b226b9204813abfd58338df63ec0f3a0aa1df08f6ee238f250e1f1517a9491032c8aeef45e3096f8c60fe39eb45570a9ed2a19c2671080fb03c84672b7a6d0050f45aaa2e93af2224c4b60edddc2d45831dacd11acc362166f47ff0f98148d5eea62845deed5ebbae8bd8bcb5c46cfa91e1"}, @ibss={0x6, 0x2, 0x1}, @supported_rates={0x1, 0x2, [{0x4}, {0xc}]}]}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8, 0xcb, 0x7fffffff}, @NL80211_ATTR_TDLS_INITIATOR={0x4}]}, 0x160}, 0x1, 0x0, 0x0, 0x20000004}, 0x4) recvfrom(r0, &(0x7f0000000480)=""/110, 0xfffffe32, 0x734, 0x0, 0xffffffffffffff39) 01:16:07 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(0xffffffffffffffff, 0x800c6613, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x800002, 0x12, r0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r1, &(0x7f000099e000)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$inet_tcp_int(r1, 0x6, 0x19, &(0x7f0000000000)=0x20, 0x4) sendto$inet(r1, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) ioctl$LOOP_GET_STATUS(0xffffffffffffffff, 0x125e, &(0x7f0000000080)) sendmsg$NL80211_CMD_TDLS_MGMT(r1, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000180)={0x15c, 0x0, 0x100, 0x70bd2b, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xc, 0x2a, [@mesh_chsw={0x76, 0x6, {0x4, 0x26, 0x3d, 0x6}}]}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8}, @NL80211_ATTR_IE={0x11a, 0x2a, [@mesh_id={0x72, 0x6}, @ht={0x2d, 0x1a, {0x8, 0x0, 0x1, 0x0, {0x3, 0x1, 0x0, 0x40, 0x0, 0x0, 0x0, 0x3, 0x1}, 0x8, 0x2, 0x2}}, @random_vendor={0xdd, 0xec, "5d4436042fb01afc776f15e249f78a5aa575849e3f8dfaf15c31ab8e96bc93a802a07f9a061d42824f799da013af85391831c9d4d7763587719e0a866b6530d86eec17b03908316c3b2f349db78ce75136f0513d4f0ded6c486518591507ef48244207ef1a137875c55b2461f29fc321232d421909e2e0b878d23b226b9204813abfd58338df63ec0f3a0aa1df08f6ee238f250e1f1517a9491032c8aeef45e3096f8c60fe39eb45570a9ed2a19c2671080fb03c84672b7a6d0050f45aaa2e93af2224c4b60edddc2d45831dacd11acc362166f47ff0f98148d5eea62845deed5ebbae8bd8bcb5c46cfa91e1"}, @ibss={0x6, 0x2, 0x1}]}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8, 0xcb, 0x7fffffff}, @NL80211_ATTR_TDLS_INITIATOR={0x4}]}, 0x15c}, 0x1, 0x0, 0x0, 0x20000004}, 0x4) recvfrom(r1, &(0x7f0000000480)=""/110, 0xfffffe32, 0x734, 0x0, 0xffffffffffffff39) 01:16:07 executing program 0: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="200000004000000003000000300006000f000000000000000200000002000000008000000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000000140)="ed41000000000000dbf4655fdcf4655fdcf4655f0000000000000400080000000000000005000000080000000000000000000000000000000000000000000000bb", 0x41, 0x4200}], 0x0, &(0x7f0000013a00)) [ 223.443253][T21567] loop4: p2 size 1073872896 extends beyond EOD, truncated [ 223.495021][T21555] loop2: detected capacity change from 0 to 581 [ 223.502196][T21567] loop4: p3 size 1912633224 extends beyond EOD, truncated [ 223.528095][T21555] EXT4-fs error (device loop2): __ext4_iget:4846: inode #2: block 3646141627: comm syz-executor.2: invalid block [ 223.540165][T21555] EXT4-fs (loop2): get root inode failed [ 223.546096][T21555] EXT4-fs (loop2): mount failed [ 223.581676][T21567] loop4: p4 size 3657465856 extends beyond EOD, truncated [ 223.668634][T21567] loop4: detected capacity change from 0 to 264192 01:16:08 executing program 5 (fault-call:7 fault-nth:43): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x7a05, 0x1700) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) write$cgroup_int(r2, &(0x7f0000000200), 0xf000) pwrite64(0xffffffffffffffff, 0x0, 0x0, 0x0) sendfile(r2, r3, 0x0, 0xf03b0000) sendfile(r1, r0, 0x0, 0x8000000000004) 01:16:08 executing program 1: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f000099e000)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$inet_tcp_int(r0, 0x6, 0x19, &(0x7f0000000000)=0x20, 0x4) sendto$inet(r0, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) sendmsg$NL80211_CMD_TDLS_MGMT(r0, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000180)={0x160, 0x0, 0x100, 0x70bd2b, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xc, 0x2a, [@mesh_chsw={0x76, 0x6, {0x4, 0x26, 0x3d, 0x6}}]}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8}, @NL80211_ATTR_IE={0x11e, 0x2a, [@mesh_id={0x72, 0x6}, @ht={0x2d, 0x1a, {0x8, 0x0, 0x1, 0x0, {0x0, 0x1, 0x0, 0x40, 0x0, 0x0, 0x0, 0x3, 0x1}, 0x8, 0x2, 0x2}}, @random_vendor={0xdd, 0xec, "5d4436042fb01afc776f15e249f78a5aa575849e3f8dfaf15c31ab8e96bc93a802a07f9a061d42824f799da013af85391831c9d4d7763587719e0a866b6530d86eec17b03908316c3b2f349db78ce75136f0513d4f0ded6c486518591507ef48244207ef1a137875c55b2461f29fc321232d421909e2e0b878d23b226b9204813abfd58338df63ec0f3a0aa1df08f6ee238f250e1f1517a9491032c8aeef45e3096f8c60fe39eb45570a9ed2a19c2671080fb03c84672b7a6d0050f45aaa2e93af2224c4b60edddc2d45831dacd11acc362166f47ff0f98148d5eea62845deed5ebbae8bd8bcb5c46cfa91e1"}, @ibss={0x6, 0x2, 0x1}, @supported_rates={0x1, 0x2, [{0x4}, {0xc}]}]}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8, 0xcb, 0x7fffffff}, @NL80211_ATTR_TDLS_INITIATOR={0x4}]}, 0x160}, 0x1, 0x0, 0x0, 0x20000004}, 0x4) recvfrom(r0, &(0x7f0000000480)=""/110, 0xfffffe32, 0x734, 0x0, 0xffffffffffffff39) 01:16:08 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(0xffffffffffffffff, 0x800c6613, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x800002, 0x12, r0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r1, &(0x7f000099e000)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$inet_tcp_int(r1, 0x6, 0x19, &(0x7f0000000000)=0x20, 0x4) sendto$inet(r1, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) ioctl$LOOP_GET_STATUS(0xffffffffffffffff, 0x125e, &(0x7f0000000080)) sendmsg$NL80211_CMD_TDLS_MGMT(r1, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000180)={0x15c, 0x0, 0x100, 0x70bd2b, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xc, 0x2a, [@mesh_chsw={0x76, 0x6, {0x4, 0x26, 0x3d, 0x6}}]}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8}, @NL80211_ATTR_IE={0x11a, 0x2a, [@mesh_id={0x72, 0x6}, @ht={0x2d, 0x1a, {0x8, 0x0, 0x1, 0x0, {0x3, 0x1, 0x0, 0x40, 0x0, 0x0, 0x0, 0x3, 0x1}, 0x8, 0x2, 0x2}}, @random_vendor={0xdd, 0xec, "5d4436042fb01afc776f15e249f78a5aa575849e3f8dfaf15c31ab8e96bc93a802a07f9a061d42824f799da013af85391831c9d4d7763587719e0a866b6530d86eec17b03908316c3b2f349db78ce75136f0513d4f0ded6c486518591507ef48244207ef1a137875c55b2461f29fc321232d421909e2e0b878d23b226b9204813abfd58338df63ec0f3a0aa1df08f6ee238f250e1f1517a9491032c8aeef45e3096f8c60fe39eb45570a9ed2a19c2671080fb03c84672b7a6d0050f45aaa2e93af2224c4b60edddc2d45831dacd11acc362166f47ff0f98148d5eea62845deed5ebbae8bd8bcb5c46cfa91e1"}, @ibss={0x6, 0x2, 0x1}]}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8, 0xcb, 0x7fffffff}, @NL80211_ATTR_TDLS_INITIATOR={0x4}]}, 0x15c}, 0x1, 0x0, 0x0, 0x20000004}, 0x4) recvfrom(r1, &(0x7f0000000480)=""/110, 0xfffffe32, 0x734, 0x0, 0xffffffffffffff39) 01:16:08 executing program 0: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="200000004000000003000000300406000f000000000000000200000002000000008000000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000000140)="ed41000000000000dbf4655fdcf4655fdcf4655f0000000000000400080000000000000005000000080000000000000000000000000000000000000000000000bb", 0x41, 0x4200}], 0x0, &(0x7f0000013a00)) 01:16:08 executing program 2: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x48b02, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="200000004000000003000000300000000f000000000000000200000002000000008000000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000000140)="ed41000000000000dbf4655fdcf4655fdcf4655f0000000000000400080000000000000005000000080000000000000000000000000000000000000000000000bbb453d966251f49b1ab9b5b4d3c3f8ccc23b5d09ae234926a1e667ee0255913fede62ba578c07a711", 0x69, 0x4200}], 0x0, &(0x7f0000013a00)) [ 223.741540][T21567] loop4: p1 p2 p3 p4 [ 223.751746][T21567] loop4: p1 size 11290111 extends beyond EOD, truncated [ 223.759957][T21567] loop4: p2 size 1073872896 extends beyond EOD, truncated [ 223.768374][T21567] loop4: p3 size 1912633224 extends beyond EOD, truncated [ 223.776501][T21567] loop4: p4 size 3657465856 extends beyond EOD, truncated [ 223.882066][T21631] FAULT_INJECTION: forcing a failure. [ 223.882066][T21631] name failslab, interval 1, probability 0, space 0, times 0 [ 223.894989][T21631] CPU: 0 PID: 21631 Comm: syz-executor.5 Tainted: G W 5.14.0-syzkaller #0 [ 223.901418][T21634] loop2: detected capacity change from 0 to 581 [ 223.905106][T21631] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 223.905120][T21631] Call Trace: [ 223.905127][T21631] dump_stack_lvl+0xb7/0x103 [ 223.905150][T21631] dump_stack+0x11/0x1a [ 223.933820][T21631] should_fail+0x23c/0x250 [ 223.938260][T21631] ? mempool_alloc_slab+0x16/0x20 [ 223.943289][T21631] __should_failslab+0x81/0x90 [ 223.948224][T21631] should_failslab+0x5/0x20 [ 223.952734][T21631] kmem_cache_alloc+0x46/0x2e0 [ 223.957802][T21631] mempool_alloc_slab+0x16/0x20 [ 223.962657][T21631] ? mempool_free+0x130/0x130 [ 223.967355][T21631] mempool_alloc+0x8c/0x300 [ 223.971953][T21631] ? sysvec_apic_timer_interrupt+0x3e/0x80 [ 223.977763][T21631] sg_pool_alloc+0x74/0x90 [ 223.982266][T21631] __sg_alloc_table+0xce/0x290 [ 223.987011][T21631] sg_alloc_table_chained+0xaf/0x140 [ 223.992418][T21631] ? sg_alloc_table_chained+0x140/0x140 [ 223.998016][T21631] scsi_alloc_sgtables+0x17c/0x500 [ 224.003115][T21631] sd_init_command+0x96a/0x1640 [ 224.007942][T21631] scsi_queue_rq+0x10e0/0x15a0 [ 224.012677][T21631] blk_mq_dispatch_rq_list+0x695/0x1040 [ 224.018429][T21631] ? __sbitmap_queue_get+0x11/0x20 [ 224.023520][T21631] blk_mq_do_dispatch_sched+0x3b5/0x640 [ 224.029216][T21631] __blk_mq_sched_dispatch_requests+0x1eb/0x290 [ 224.035874][T21631] ? rb_insert_color+0x2fa/0x310 [ 224.041128][T21631] blk_mq_sched_dispatch_requests+0x9f/0x110 [ 224.047103][T21631] __blk_mq_run_hw_queue+0xbc/0x140 [ 224.052382][T21631] __blk_mq_delay_run_hw_queue+0x163/0x2f0 [ 224.058168][T21631] blk_mq_run_hw_queue+0x22c/0x250 [ 224.063257][T21631] blk_mq_sched_insert_requests+0x12b/0x1f0 [ 224.069157][T21631] blk_mq_flush_plug_list+0x2f2/0x3c0 [ 224.074526][T21631] blk_flush_plug_list+0x235/0x260 [ 224.079876][T21631] blk_finish_plug+0x44/0x60 [ 224.084446][T21631] __iomap_dio_rw+0x797/0xa60 [ 224.089222][T21631] iomap_dio_rw+0x30/0x70 [ 224.093546][T21631] ext4_file_write_iter+0xa5e/0x11a0 [ 224.098862][T21631] do_iter_readv_writev+0x2cd/0x370 [ 224.104080][T21631] do_iter_write+0x192/0x5c0 [ 224.108658][T21631] ? splice_from_pipe_next+0x34f/0x3b0 [ 224.114274][T21631] ? kmalloc_array+0x2d/0x40 [ 224.118931][T21631] vfs_iter_write+0x4c/0x70 [ 224.124103][T21631] iter_file_splice_write+0x40a/0x750 [ 224.129529][T21631] ? splice_from_pipe+0xc0/0xc0 [ 224.134777][T21631] direct_splice_actor+0x80/0xa0 [ 224.140618][T21631] splice_direct_to_actor+0x345/0x650 [ 224.145974][T21631] ? do_splice_direct+0x170/0x170 [ 224.150992][T21631] do_splice_direct+0xf5/0x170 [ 224.155783][T21631] do_sendfile+0x618/0xb90 [ 224.160267][T21631] __x64_sys_sendfile64+0xf2/0x130 [ 224.165427][T21631] do_syscall_64+0x3d/0x90 [ 224.170017][T21631] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 224.176050][T21631] RIP: 0033:0x4665f9 [ 224.179922][T21631] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 224.199507][T21631] RSP: 002b:00007f439350a188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 224.207998][T21631] RAX: ffffffffffffffda RBX: 000000000056c038 RCX: 00000000004665f9 [ 224.216014][T21631] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000004 [ 224.224355][T21631] RBP: 00007f439350a1d0 R08: 0000000000000000 R09: 0000000000000000 01:16:08 executing program 0: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="200000004000000003000000300007000f000000000000000200000002000000008000000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000000140)="ed41000000000000dbf4655fdcf4655fdcf4655f0000000000000400080000000000000005000000080000000000000000000000000000000000000000000000bb", 0x41, 0x4200}], 0x0, &(0x7f0000013a00)) 01:16:08 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(0xffffffffffffffff, 0x800c6613, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x800002, 0x12, r0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r1, &(0x7f000099e000)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$inet_tcp_int(r1, 0x6, 0x19, &(0x7f0000000000)=0x20, 0x4) sendto$inet(r1, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) ioctl$LOOP_GET_STATUS(0xffffffffffffffff, 0x125e, &(0x7f0000000080)) sendmsg$NL80211_CMD_TDLS_MGMT(r1, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000180)={0x15c, 0x0, 0x100, 0x70bd2b, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xc, 0x2a, [@mesh_chsw={0x76, 0x6, {0x4, 0x26, 0x3d, 0x6}}]}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8}, @NL80211_ATTR_IE={0x11a, 0x2a, [@mesh_id={0x72, 0x6}, @ht={0x2d, 0x1a, {0x8, 0x0, 0x1, 0x0, {0x3, 0x1, 0x0, 0x40, 0x0, 0x0, 0x0, 0x3, 0x1}, 0x8, 0x2, 0x2}}, @random_vendor={0xdd, 0xec, "5d4436042fb01afc776f15e249f78a5aa575849e3f8dfaf15c31ab8e96bc93a802a07f9a061d42824f799da013af85391831c9d4d7763587719e0a866b6530d86eec17b03908316c3b2f349db78ce75136f0513d4f0ded6c486518591507ef48244207ef1a137875c55b2461f29fc321232d421909e2e0b878d23b226b9204813abfd58338df63ec0f3a0aa1df08f6ee238f250e1f1517a9491032c8aeef45e3096f8c60fe39eb45570a9ed2a19c2671080fb03c84672b7a6d0050f45aaa2e93af2224c4b60edddc2d45831dacd11acc362166f47ff0f98148d5eea62845deed5ebbae8bd8bcb5c46cfa91e1"}, @ibss={0x6, 0x2, 0x1}]}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8, 0xcb, 0x7fffffff}, @NL80211_ATTR_TDLS_INITIATOR={0x4}]}, 0x15c}, 0x1, 0x0, 0x0, 0x20000004}, 0x4) recvfrom(r1, &(0x7f0000000480)=""/110, 0xfffffe32, 0x734, 0x0, 0xffffffffffffff39) 01:16:08 executing program 4: syz_read_part_table(0xda030000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000000)="020181ffffff0a000000ff45ac0000ffffffa9000800000000000000024000ffffff82000000e10000008877007200300700a6ffffff00000000008000da55aa", 0x40, 0x1c0}]) 01:16:08 executing program 1: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f000099e000)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$inet_tcp_int(r0, 0x6, 0x19, &(0x7f0000000000)=0x20, 0x4) sendto$inet(r0, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) sendmsg$NL80211_CMD_TDLS_MGMT(r0, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000180)={0x160, 0x0, 0x100, 0x70bd2b, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xc, 0x2a, [@mesh_chsw={0x76, 0x6, {0x4, 0x26, 0x3d, 0x6}}]}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8}, @NL80211_ATTR_IE={0x11e, 0x2a, [@mesh_id={0x72, 0x6}, @ht={0x2d, 0x1a, {0x8, 0x0, 0x1, 0x0, {0x0, 0x1, 0x0, 0x40, 0x0, 0x0, 0x0, 0x3, 0x1}, 0x8, 0x2, 0x2}}, @random_vendor={0xdd, 0xec, "5d4436042fb01afc776f15e249f78a5aa575849e3f8dfaf15c31ab8e96bc93a802a07f9a061d42824f799da013af85391831c9d4d7763587719e0a866b6530d86eec17b03908316c3b2f349db78ce75136f0513d4f0ded6c486518591507ef48244207ef1a137875c55b2461f29fc321232d421909e2e0b878d23b226b9204813abfd58338df63ec0f3a0aa1df08f6ee238f250e1f1517a9491032c8aeef45e3096f8c60fe39eb45570a9ed2a19c2671080fb03c84672b7a6d0050f45aaa2e93af2224c4b60edddc2d45831dacd11acc362166f47ff0f98148d5eea62845deed5ebbae8bd8bcb5c46cfa91e1"}, @ibss={0x6, 0x2, 0x1}, @supported_rates={0x1, 0x2, [{0x4}, {0xc}]}]}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8, 0xcb, 0x7fffffff}, @NL80211_ATTR_TDLS_INITIATOR={0x4}]}, 0x160}, 0x1, 0x0, 0x0, 0x20000004}, 0x4) recvfrom(r0, &(0x7f0000000480)=""/110, 0xfffffe32, 0x734, 0x0, 0xffffffffffffff39) [ 224.232393][T21631] R10: 0008000000000004 R11: 0000000000000246 R12: 0000000000000002 [ 224.240440][T21631] R13: 00007ffeba6dfb3f R14: 00007f439350a300 R15: 0000000000022000 [ 224.259944][T21634] EXT4-fs error (device loop2): __ext4_iget:4846: inode #2: block 3646141627: comm syz-executor.2: invalid block [ 224.272055][T21634] EXT4-fs (loop2): get root inode failed [ 224.277713][T21634] EXT4-fs (loop2): mount failed 01:16:08 executing program 0: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000400000000300000030000a000f000000000000000200000002000000008000000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000000140)="ed41000000000000dbf4655fdcf4655fdcf4655f0000000000000400080000000000000005000000080000000000000000000000000000000000000000000000bb", 0x41, 0x4200}], 0x0, &(0x7f0000013a00)) 01:16:08 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(0xffffffffffffffff, 0x800c6613, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x800002, 0x12, r0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r1, &(0x7f000099e000)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$inet_tcp_int(r1, 0x6, 0x19, &(0x7f0000000000)=0x20, 0x4) sendto$inet(r1, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) ioctl$LOOP_GET_STATUS(0xffffffffffffffff, 0x125e, &(0x7f0000000080)) sendmsg$NL80211_CMD_TDLS_MGMT(r1, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000180)={0x160, 0x0, 0x100, 0x70bd2b, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xc, 0x2a, [@mesh_chsw={0x76, 0x6, {0x4, 0x26, 0x3d, 0x6}}]}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8}, @NL80211_ATTR_IE={0x11d, 0x2a, [@mesh_id={0x72, 0x6}, @ht={0x2d, 0x1a, {0x8, 0x0, 0x1, 0x0, {0x3, 0x1, 0x0, 0x40, 0x0, 0x0, 0x0, 0x3, 0x1}, 0x8, 0x2, 0x2}}, @random_vendor={0xdd, 0xec, "5d4436042fb01afc776f15e249f78a5aa575849e3f8dfaf15c31ab8e96bc93a802a07f9a061d42824f799da013af85391831c9d4d7763587719e0a866b6530d86eec17b03908316c3b2f349db78ce75136f0513d4f0ded6c486518591507ef48244207ef1a137875c55b2461f29fc321232d421909e2e0b878d23b226b9204813abfd58338df63ec0f3a0aa1df08f6ee238f250e1f1517a9491032c8aeef45e3096f8c60fe39eb45570a9ed2a19c2671080fb03c84672b7a6d0050f45aaa2e93af2224c4b60edddc2d45831dacd11acc362166f47ff0f98148d5eea62845deed5ebbae8bd8bcb5c46cfa91e1"}, @ibss={0x6, 0x2, 0x1}, @supported_rates={0x1, 0x1, [{0x4}]}]}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8, 0xcb, 0x7fffffff}, @NL80211_ATTR_TDLS_INITIATOR={0x4}]}, 0x160}, 0x1, 0x0, 0x0, 0x20000004}, 0x4) recvfrom(r1, &(0x7f0000000480)=""/110, 0xfffffe32, 0x734, 0x0, 0xffffffffffffff39) 01:16:08 executing program 1: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f000099e000)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$inet_tcp_int(r0, 0x6, 0x19, &(0x7f0000000000)=0x20, 0x4) sendto$inet(r0, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) sendmsg$NL80211_CMD_TDLS_MGMT(r0, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000180)={0x160, 0x0, 0x100, 0x70bd2b, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xc, 0x2a, [@mesh_chsw={0x76, 0x6, {0x4, 0x26, 0x3d, 0x6}}]}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8}, @NL80211_ATTR_IE={0x11e, 0x2a, [@mesh_id={0x72, 0x6}, @ht={0x2d, 0x1a, {0x8, 0x0, 0x1, 0x0, {0x3, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x3, 0x1}, 0x8, 0x2, 0x2}}, @random_vendor={0xdd, 0xec, "5d4436042fb01afc776f15e249f78a5aa575849e3f8dfaf15c31ab8e96bc93a802a07f9a061d42824f799da013af85391831c9d4d7763587719e0a866b6530d86eec17b03908316c3b2f349db78ce75136f0513d4f0ded6c486518591507ef48244207ef1a137875c55b2461f29fc321232d421909e2e0b878d23b226b9204813abfd58338df63ec0f3a0aa1df08f6ee238f250e1f1517a9491032c8aeef45e3096f8c60fe39eb45570a9ed2a19c2671080fb03c84672b7a6d0050f45aaa2e93af2224c4b60edddc2d45831dacd11acc362166f47ff0f98148d5eea62845deed5ebbae8bd8bcb5c46cfa91e1"}, @ibss={0x6, 0x2, 0x1}, @supported_rates={0x1, 0x2, [{0x4}, {0xc}]}]}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8, 0xcb, 0x7fffffff}, @NL80211_ATTR_TDLS_INITIATOR={0x4}]}, 0x160}, 0x1, 0x0, 0x0, 0x20000004}, 0x4) recvfrom(r0, &(0x7f0000000480)=""/110, 0xfffffe32, 0x734, 0x0, 0xffffffffffffff39) [ 224.365773][T21660] loop4: detected capacity change from 0 to 264192 [ 224.404183][T21634] loop2: detected capacity change from 0 to 581 [ 224.438279][T21634] EXT4-fs error (device loop2): __ext4_iget:4846: inode #2: block 3646141627: comm syz-executor.2: invalid block [ 224.451028][T21634] EXT4-fs (loop2): get root inode failed [ 224.456777][T21634] EXT4-fs (loop2): mount failed [ 224.470009][T21660] loop4: p1 p2 p3 p4 [ 224.497223][T21660] loop4: p1 size 11290111 extends beyond EOD, truncated [ 224.517437][T21660] loop4: p2 size 1073872896 extends beyond EOD, truncated [ 224.541486][T21660] loop4: p3 size 1912633224 extends beyond EOD, truncated [ 224.562532][T21660] loop4: p4 size 3657465856 extends beyond EOD, truncated 01:16:08 executing program 5 (fault-call:7 fault-nth:44): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x7a05, 0x1700) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) write$cgroup_int(r2, &(0x7f0000000200), 0xf000) pwrite64(0xffffffffffffffff, 0x0, 0x0, 0x0) sendfile(r2, r3, 0x0, 0xf03b0000) sendfile(r1, r0, 0x0, 0x8000000000004) 01:16:08 executing program 0: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000400000000300000030000b000f000000000000000200000002000000008000000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000000140)="ed41000000000000dbf4655fdcf4655fdcf4655f0000000000000400080000000000000005000000080000000000000000000000000000000000000000000000bb", 0x41, 0x4200}], 0x0, &(0x7f0000013a00)) 01:16:08 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(0xffffffffffffffff, 0x800c6613, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x800002, 0x12, r0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r1, &(0x7f000099e000)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$inet_tcp_int(r1, 0x6, 0x19, &(0x7f0000000000)=0x20, 0x4) sendto$inet(r1, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) ioctl$LOOP_GET_STATUS(0xffffffffffffffff, 0x125e, &(0x7f0000000080)) sendmsg$NL80211_CMD_TDLS_MGMT(r1, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000180)={0x160, 0x0, 0x100, 0x70bd2b, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xc, 0x2a, [@mesh_chsw={0x76, 0x6, {0x4, 0x26, 0x3d, 0x6}}]}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8}, @NL80211_ATTR_IE={0x11d, 0x2a, [@mesh_id={0x72, 0x6}, @ht={0x2d, 0x1a, {0x8, 0x0, 0x1, 0x0, {0x3, 0x1, 0x0, 0x40, 0x0, 0x0, 0x0, 0x3, 0x1}, 0x8, 0x2, 0x2}}, @random_vendor={0xdd, 0xec, "5d4436042fb01afc776f15e249f78a5aa575849e3f8dfaf15c31ab8e96bc93a802a07f9a061d42824f799da013af85391831c9d4d7763587719e0a866b6530d86eec17b03908316c3b2f349db78ce75136f0513d4f0ded6c486518591507ef48244207ef1a137875c55b2461f29fc321232d421909e2e0b878d23b226b9204813abfd58338df63ec0f3a0aa1df08f6ee238f250e1f1517a9491032c8aeef45e3096f8c60fe39eb45570a9ed2a19c2671080fb03c84672b7a6d0050f45aaa2e93af2224c4b60edddc2d45831dacd11acc362166f47ff0f98148d5eea62845deed5ebbae8bd8bcb5c46cfa91e1"}, @ibss={0x6, 0x2, 0x1}, @supported_rates={0x1, 0x1, [{0x4}]}]}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8, 0xcb, 0x7fffffff}, @NL80211_ATTR_TDLS_INITIATOR={0x4}]}, 0x160}, 0x1, 0x0, 0x0, 0x20000004}, 0x4) recvfrom(r1, &(0x7f0000000480)=""/110, 0xfffffe32, 0x734, 0x0, 0xffffffffffffff39) 01:16:08 executing program 1: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f000099e000)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$inet_tcp_int(r0, 0x6, 0x19, &(0x7f0000000000)=0x20, 0x4) sendto$inet(r0, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) sendmsg$NL80211_CMD_TDLS_MGMT(r0, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000180)={0x160, 0x0, 0x100, 0x70bd2b, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xc, 0x2a, [@mesh_chsw={0x76, 0x6, {0x4, 0x26, 0x3d, 0x6}}]}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8}, @NL80211_ATTR_IE={0x11e, 0x2a, [@mesh_id={0x72, 0x6}, @ht={0x2d, 0x1a, {0x8, 0x0, 0x1, 0x0, {0x3, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x3, 0x1}, 0x8, 0x2, 0x2}}, @random_vendor={0xdd, 0xec, "5d4436042fb01afc776f15e249f78a5aa575849e3f8dfaf15c31ab8e96bc93a802a07f9a061d42824f799da013af85391831c9d4d7763587719e0a866b6530d86eec17b03908316c3b2f349db78ce75136f0513d4f0ded6c486518591507ef48244207ef1a137875c55b2461f29fc321232d421909e2e0b878d23b226b9204813abfd58338df63ec0f3a0aa1df08f6ee238f250e1f1517a9491032c8aeef45e3096f8c60fe39eb45570a9ed2a19c2671080fb03c84672b7a6d0050f45aaa2e93af2224c4b60edddc2d45831dacd11acc362166f47ff0f98148d5eea62845deed5ebbae8bd8bcb5c46cfa91e1"}, @ibss={0x6, 0x2, 0x1}, @supported_rates={0x1, 0x2, [{0x4}, {0xc}]}]}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8, 0xcb, 0x7fffffff}, @NL80211_ATTR_TDLS_INITIATOR={0x4}]}, 0x160}, 0x1, 0x0, 0x0, 0x20000004}, 0x4) recvfrom(r0, &(0x7f0000000480)=""/110, 0xfffffe32, 0x734, 0x0, 0xffffffffffffff39) 01:16:08 executing program 2: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x48e02, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="200000004000000003000000300000000f000000000000000200000002000000008000000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000000140)="ed41000000000000dbf4655fdcf4655fdcf4655f0000000000000400080000000000000005000000080000000000000000000000000000000000000000000000bbb453d966251f49b1ab9b5b4d3c3f8ccc23b5d09ae234926a1e667ee0255913fede62ba578c07a711", 0x69, 0x4200}], 0x0, &(0x7f0000013a00)) 01:16:08 executing program 4: syz_read_part_table(0xde030000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000000)="020181ffffff0a000000ff45ac0000ffffffa9000800000000000000024000ffffff82000000e10000008877007200300700a6ffffff00000000008000da55aa", 0x40, 0x1c0}]) [ 224.725654][T21704] loop4: detected capacity change from 0 to 264192 [ 224.735658][T21705] loop2: detected capacity change from 0 to 583 [ 224.746738][T21708] FAULT_INJECTION: forcing a failure. [ 224.746738][T21708] name failslab, interval 1, probability 0, space 0, times 0 [ 224.759377][T21708] CPU: 0 PID: 21708 Comm: syz-executor.5 Tainted: G W 5.14.0-syzkaller #0 [ 224.769354][T21708] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 224.779409][T21708] Call Trace: [ 224.782685][T21708] dump_stack_lvl+0xb7/0x103 [ 224.791483][T21708] dump_stack+0x11/0x1a [ 224.795674][T21708] should_fail+0x23c/0x250 [ 224.800087][T21708] ? kmalloc_array+0x2d/0x40 [ 224.804674][T21708] __should_failslab+0x81/0x90 [ 224.809428][T21708] should_failslab+0x5/0x20 [ 224.813924][T21708] __kmalloc+0x66/0x340 [ 224.818064][T21708] ? ktime_get_coarse_real_ts64+0x10d/0x120 [ 224.824021][T21708] ? splice_from_pipe+0xc0/0xc0 [ 224.828863][T21708] kmalloc_array+0x2d/0x40 [ 224.833269][T21708] iter_file_splice_write+0xc6/0x750 [ 224.838545][T21708] ? atime_needs_update+0x239/0x390 [ 224.843860][T21708] ? touch_atime+0xcf/0x240 [ 224.848449][T21708] ? generic_file_splice_read+0x286/0x310 [ 224.854167][T21708] ? splice_from_pipe+0xc0/0xc0 [ 224.859007][T21708] direct_splice_actor+0x80/0xa0 [ 224.864025][T21708] splice_direct_to_actor+0x345/0x650 [ 224.869668][T21708] ? do_splice_direct+0x170/0x170 [ 224.874719][T21708] do_splice_direct+0xf5/0x170 [ 224.879493][T21708] do_sendfile+0x618/0xb90 [ 224.883924][T21708] __x64_sys_sendfile64+0xf2/0x130 [ 224.889023][T21708] do_syscall_64+0x3d/0x90 [ 224.893685][T21708] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 224.899570][T21708] RIP: 0033:0x4665f9 [ 224.903446][T21708] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 01:16:09 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(0xffffffffffffffff, 0x800c6613, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x800002, 0x12, r0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r1, &(0x7f000099e000)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$inet_tcp_int(r1, 0x6, 0x19, &(0x7f0000000000)=0x20, 0x4) sendto$inet(r1, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) ioctl$LOOP_GET_STATUS(0xffffffffffffffff, 0x125e, &(0x7f0000000080)) sendmsg$NL80211_CMD_TDLS_MGMT(r1, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000180)={0x160, 0x0, 0x100, 0x70bd2b, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xc, 0x2a, [@mesh_chsw={0x76, 0x6, {0x4, 0x26, 0x3d, 0x6}}]}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8}, @NL80211_ATTR_IE={0x11d, 0x2a, [@mesh_id={0x72, 0x6}, @ht={0x2d, 0x1a, {0x8, 0x0, 0x1, 0x0, {0x3, 0x1, 0x0, 0x40, 0x0, 0x0, 0x0, 0x3, 0x1}, 0x8, 0x2, 0x2}}, @random_vendor={0xdd, 0xec, "5d4436042fb01afc776f15e249f78a5aa575849e3f8dfaf15c31ab8e96bc93a802a07f9a061d42824f799da013af85391831c9d4d7763587719e0a866b6530d86eec17b03908316c3b2f349db78ce75136f0513d4f0ded6c486518591507ef48244207ef1a137875c55b2461f29fc321232d421909e2e0b878d23b226b9204813abfd58338df63ec0f3a0aa1df08f6ee238f250e1f1517a9491032c8aeef45e3096f8c60fe39eb45570a9ed2a19c2671080fb03c84672b7a6d0050f45aaa2e93af2224c4b60edddc2d45831dacd11acc362166f47ff0f98148d5eea62845deed5ebbae8bd8bcb5c46cfa91e1"}, @ibss={0x6, 0x2, 0x1}, @supported_rates={0x1, 0x1, [{0x4}]}]}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8, 0xcb, 0x7fffffff}, @NL80211_ATTR_TDLS_INITIATOR={0x4}]}, 0x160}, 0x1, 0x0, 0x0, 0x20000004}, 0x4) recvfrom(r1, &(0x7f0000000480)=""/110, 0xfffffe32, 0x734, 0x0, 0xffffffffffffff39) 01:16:09 executing program 1: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f000099e000)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$inet_tcp_int(r0, 0x6, 0x19, &(0x7f0000000000)=0x20, 0x4) sendto$inet(r0, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) sendmsg$NL80211_CMD_TDLS_MGMT(r0, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000180)={0x160, 0x0, 0x100, 0x70bd2b, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xc, 0x2a, [@mesh_chsw={0x76, 0x6, {0x4, 0x26, 0x3d, 0x6}}]}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8}, @NL80211_ATTR_IE={0x11e, 0x2a, [@mesh_id={0x72, 0x6}, @ht={0x2d, 0x1a, {0x8, 0x0, 0x1, 0x0, {0x3, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x3, 0x1}, 0x8, 0x2, 0x2}}, @random_vendor={0xdd, 0xec, "5d4436042fb01afc776f15e249f78a5aa575849e3f8dfaf15c31ab8e96bc93a802a07f9a061d42824f799da013af85391831c9d4d7763587719e0a866b6530d86eec17b03908316c3b2f349db78ce75136f0513d4f0ded6c486518591507ef48244207ef1a137875c55b2461f29fc321232d421909e2e0b878d23b226b9204813abfd58338df63ec0f3a0aa1df08f6ee238f250e1f1517a9491032c8aeef45e3096f8c60fe39eb45570a9ed2a19c2671080fb03c84672b7a6d0050f45aaa2e93af2224c4b60edddc2d45831dacd11acc362166f47ff0f98148d5eea62845deed5ebbae8bd8bcb5c46cfa91e1"}, @ibss={0x6, 0x2, 0x1}, @supported_rates={0x1, 0x2, [{0x4}, {0xc}]}]}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8, 0xcb, 0x7fffffff}, @NL80211_ATTR_TDLS_INITIATOR={0x4}]}, 0x160}, 0x1, 0x0, 0x0, 0x20000004}, 0x4) recvfrom(r0, &(0x7f0000000480)=""/110, 0xfffffe32, 0x734, 0x0, 0xffffffffffffff39) 01:16:09 executing program 0: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="200000004000000003000000300018000f000000000000000200000002000000008000000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000000140)="ed41000000000000dbf4655fdcf4655fdcf4655f0000000000000400080000000000000005000000080000000000000000000000000000000000000000000000bb", 0x41, 0x4200}], 0x0, &(0x7f0000013a00)) [ 224.923937][T21708] RSP: 002b:00007f439350a188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 224.932604][T21708] RAX: ffffffffffffffda RBX: 000000000056c038 RCX: 00000000004665f9 [ 224.940829][T21708] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000004 [ 224.948914][T21708] RBP: 00007f439350a1d0 R08: 0000000000000000 R09: 0000000000000000 [ 224.956929][T21708] R10: 0008000000000004 R11: 0000000000000246 R12: 0000000000000002 [ 224.965139][T21708] R13: 00007ffeba6dfb3f R14: 00007f439350a300 R15: 0000000000022000 01:16:09 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(0xffffffffffffffff, 0x800c6613, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x800002, 0x12, r0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r1, &(0x7f000099e000)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$inet_tcp_int(r1, 0x6, 0x19, &(0x7f0000000000)=0x20, 0x4) sendto$inet(r1, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) ioctl$LOOP_GET_STATUS(0xffffffffffffffff, 0x125e, &(0x7f0000000080)) sendmsg$NL80211_CMD_TDLS_MGMT(r1, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000180)={0x160, 0x0, 0x100, 0x70bd2b, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xc, 0x2a, [@mesh_chsw={0x76, 0x6, {0x4, 0x26, 0x3d, 0x6}}]}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8}, @NL80211_ATTR_IE={0x11e, 0x2a, [@mesh_id={0x72, 0x6}, @ht={0x2d, 0x1a, {0x8, 0x0, 0x1, 0x0, {0x3, 0x1, 0x0, 0x40, 0x0, 0x0, 0x0, 0x3, 0x1}, 0x8, 0x2, 0x2}}, @random_vendor={0xdd, 0xec, "5d4436042fb01afc776f15e249f78a5aa575849e3f8dfaf15c31ab8e96bc93a802a07f9a061d42824f799da013af85391831c9d4d7763587719e0a866b6530d86eec17b03908316c3b2f349db78ce75136f0513d4f0ded6c486518591507ef48244207ef1a137875c55b2461f29fc321232d421909e2e0b878d23b226b9204813abfd58338df63ec0f3a0aa1df08f6ee238f250e1f1517a9491032c8aeef45e3096f8c60fe39eb45570a9ed2a19c2671080fb03c84672b7a6d0050f45aaa2e93af2224c4b60edddc2d45831dacd11acc362166f47ff0f98148d5eea62845deed5ebbae8bd8bcb5c46cfa91e1"}, @ibss={0x6, 0x2, 0x1}, @supported_rates={0x1, 0x2, [{0x4}, {}]}]}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8, 0xcb, 0x7fffffff}, @NL80211_ATTR_TDLS_INITIATOR={0x4}]}, 0x160}, 0x1, 0x0, 0x0, 0x20000004}, 0x4) recvfrom(r1, &(0x7f0000000480)=""/110, 0xfffffe32, 0x734, 0x0, 0xffffffffffffff39) 01:16:09 executing program 1: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f000099e000)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$inet_tcp_int(r0, 0x6, 0x19, &(0x7f0000000000)=0x20, 0x4) sendto$inet(r0, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) sendmsg$NL80211_CMD_TDLS_MGMT(r0, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000180)={0x160, 0x0, 0x100, 0x70bd2b, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xc, 0x2a, [@mesh_chsw={0x76, 0x6, {0x4, 0x26, 0x3d, 0x6}}]}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8}, @NL80211_ATTR_IE={0x11e, 0x2a, [@mesh_id={0x72, 0x6}, @ht={0x2d, 0x1a, {0x8, 0x0, 0x1, 0x0, {0x3, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x1}, 0x8, 0x2, 0x2}}, @random_vendor={0xdd, 0xec, "5d4436042fb01afc776f15e249f78a5aa575849e3f8dfaf15c31ab8e96bc93a802a07f9a061d42824f799da013af85391831c9d4d7763587719e0a866b6530d86eec17b03908316c3b2f349db78ce75136f0513d4f0ded6c486518591507ef48244207ef1a137875c55b2461f29fc321232d421909e2e0b878d23b226b9204813abfd58338df63ec0f3a0aa1df08f6ee238f250e1f1517a9491032c8aeef45e3096f8c60fe39eb45570a9ed2a19c2671080fb03c84672b7a6d0050f45aaa2e93af2224c4b60edddc2d45831dacd11acc362166f47ff0f98148d5eea62845deed5ebbae8bd8bcb5c46cfa91e1"}, @ibss={0x6, 0x2, 0x1}, @supported_rates={0x1, 0x2, [{0x4}, {0xc}]}]}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8, 0xcb, 0x7fffffff}, @NL80211_ATTR_TDLS_INITIATOR={0x4}]}, 0x160}, 0x1, 0x0, 0x0, 0x20000004}, 0x4) recvfrom(r0, &(0x7f0000000480)=""/110, 0xfffffe32, 0x734, 0x0, 0xffffffffffffff39) [ 225.007415][T21704] loop4: p1 p2 p3 p4 [ 225.020443][T21704] loop4: p1 size 11290111 extends beyond EOD, truncated 01:16:09 executing program 0: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000400000000300000030001c000f000000000000000200000002000000008000000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000000140)="ed41000000000000dbf4655fdcf4655fdcf4655f0000000000000400080000000000000005000000080000000000000000000000000000000000000000000000bb", 0x41, 0x4200}], 0x0, &(0x7f0000013a00)) [ 225.075149][T21704] loop4: p2 size 1073872896 extends beyond EOD, truncated [ 225.122552][T21704] loop4: p3 size 1912633224 extends beyond EOD, truncated [ 225.163044][T21704] loop4: p4 size 3657465856 extends beyond EOD, truncated [ 225.181892][T21705] EXT4-fs error (device loop2): __ext4_iget:4846: inode #2: block 3646141627: comm syz-executor.2: invalid block [ 225.194197][T21705] EXT4-fs (loop2): get root inode failed [ 225.199838][T21705] EXT4-fs (loop2): mount failed [ 225.273811][T21705] loop2: detected capacity change from 0 to 583 [ 225.308634][T21705] EXT4-fs error (device loop2): __ext4_iget:4846: inode #2: block 3646141627: comm syz-executor.2: invalid block [ 225.321211][T21705] EXT4-fs (loop2): get root inode failed [ 225.326948][T21705] EXT4-fs (loop2): mount failed 01:16:09 executing program 5 (fault-call:7 fault-nth:45): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x7a05, 0x1700) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) write$cgroup_int(r2, &(0x7f0000000200), 0xf000) pwrite64(0xffffffffffffffff, 0x0, 0x0, 0x0) sendfile(r2, r3, 0x0, 0xf03b0000) sendfile(r1, r0, 0x0, 0x8000000000004) 01:16:09 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(0xffffffffffffffff, 0x800c6613, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x800002, 0x12, r0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r1, &(0x7f000099e000)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$inet_tcp_int(r1, 0x6, 0x19, &(0x7f0000000000)=0x20, 0x4) sendto$inet(r1, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) ioctl$LOOP_GET_STATUS(0xffffffffffffffff, 0x125e, &(0x7f0000000080)) sendmsg$NL80211_CMD_TDLS_MGMT(r1, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000180)={0x160, 0x0, 0x100, 0x70bd2b, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xc, 0x2a, [@mesh_chsw={0x76, 0x6, {0x4, 0x26, 0x3d, 0x6}}]}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8}, @NL80211_ATTR_IE={0x11e, 0x2a, [@mesh_id={0x72, 0x6}, @ht={0x2d, 0x1a, {0x8, 0x0, 0x1, 0x0, {0x3, 0x1, 0x0, 0x40, 0x0, 0x0, 0x0, 0x3, 0x1}, 0x8, 0x2, 0x2}}, @random_vendor={0xdd, 0xec, "5d4436042fb01afc776f15e249f78a5aa575849e3f8dfaf15c31ab8e96bc93a802a07f9a061d42824f799da013af85391831c9d4d7763587719e0a866b6530d86eec17b03908316c3b2f349db78ce75136f0513d4f0ded6c486518591507ef48244207ef1a137875c55b2461f29fc321232d421909e2e0b878d23b226b9204813abfd58338df63ec0f3a0aa1df08f6ee238f250e1f1517a9491032c8aeef45e3096f8c60fe39eb45570a9ed2a19c2671080fb03c84672b7a6d0050f45aaa2e93af2224c4b60edddc2d45831dacd11acc362166f47ff0f98148d5eea62845deed5ebbae8bd8bcb5c46cfa91e1"}, @ibss={0x6, 0x2, 0x1}, @supported_rates={0x1, 0x2, [{0x4}, {}]}]}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8, 0xcb, 0x7fffffff}, @NL80211_ATTR_TDLS_INITIATOR={0x4}]}, 0x160}, 0x1, 0x0, 0x0, 0x20000004}, 0x4) recvfrom(r1, &(0x7f0000000480)=""/110, 0xfffffe32, 0x734, 0x0, 0xffffffffffffff39) 01:16:09 executing program 1: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f000099e000)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$inet_tcp_int(r0, 0x6, 0x19, &(0x7f0000000000)=0x20, 0x4) sendto$inet(r0, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) sendmsg$NL80211_CMD_TDLS_MGMT(r0, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000180)={0x160, 0x0, 0x100, 0x70bd2b, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xc, 0x2a, [@mesh_chsw={0x76, 0x6, {0x4, 0x26, 0x3d, 0x6}}]}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8}, @NL80211_ATTR_IE={0x11e, 0x2a, [@mesh_id={0x72, 0x6}, @ht={0x2d, 0x1a, {0x8, 0x0, 0x1, 0x0, {0x3, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x1}, 0x8, 0x2, 0x2}}, @random_vendor={0xdd, 0xec, "5d4436042fb01afc776f15e249f78a5aa575849e3f8dfaf15c31ab8e96bc93a802a07f9a061d42824f799da013af85391831c9d4d7763587719e0a866b6530d86eec17b03908316c3b2f349db78ce75136f0513d4f0ded6c486518591507ef48244207ef1a137875c55b2461f29fc321232d421909e2e0b878d23b226b9204813abfd58338df63ec0f3a0aa1df08f6ee238f250e1f1517a9491032c8aeef45e3096f8c60fe39eb45570a9ed2a19c2671080fb03c84672b7a6d0050f45aaa2e93af2224c4b60edddc2d45831dacd11acc362166f47ff0f98148d5eea62845deed5ebbae8bd8bcb5c46cfa91e1"}, @ibss={0x6, 0x2, 0x1}, @supported_rates={0x1, 0x2, [{0x4}, {0xc}]}]}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8, 0xcb, 0x7fffffff}, @NL80211_ATTR_TDLS_INITIATOR={0x4}]}, 0x160}, 0x1, 0x0, 0x0, 0x20000004}, 0x4) recvfrom(r0, &(0x7f0000000480)=""/110, 0xfffffe32, 0x734, 0x0, 0xffffffffffffff39) 01:16:09 executing program 0: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="200000004000000003000000300020000f000000000000000200000002000000008000000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000000140)="ed41000000000000dbf4655fdcf4655fdcf4655f0000000000000400080000000000000005000000080000000000000000000000000000000000000000000000bb", 0x41, 0x4200}], 0x0, &(0x7f0000013a00)) 01:16:09 executing program 4: syz_read_part_table(0xe4ffffff, 0x1, &(0x7f0000000040)=[{&(0x7f0000000000)="020181ffffff0a000000ff45ac0000ffffffa9000800000000000000024000ffffff82000000e10000008877007200300700a6ffffff00000000008000da55aa", 0x40, 0x1c0}]) 01:16:09 executing program 2: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x4f801, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="200000004000000003000000300000000f000000000000000200000002000000008000000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000000140)="ed41000000000000dbf4655fdcf4655fdcf4655f0000000000000400080000000000000005000000080000000000000000000000000000000000000000000000bbb453d966251f49b1ab9b5b4d3c3f8ccc23b5d09ae234926a1e667ee0255913fede62ba578c07a711", 0x69, 0x4200}], 0x0, &(0x7f0000013a00)) [ 225.558944][T21765] loop4: detected capacity change from 0 to 264192 [ 225.575564][T21768] loop2: detected capacity change from 0 to 636 [ 225.599244][T21771] FAULT_INJECTION: forcing a failure. [ 225.599244][T21771] name failslab, interval 1, probability 0, space 0, times 0 [ 225.611980][T21771] CPU: 0 PID: 21771 Comm: syz-executor.5 Tainted: G W 5.14.0-syzkaller #0 [ 225.622937][T21771] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 225.633018][T21771] Call Trace: [ 225.636353][T21771] dump_stack_lvl+0xb7/0x103 [ 225.640942][T21771] dump_stack+0x11/0x1a [ 225.645093][T21771] should_fail+0x23c/0x250 [ 225.650031][T21771] __should_failslab+0x81/0x90 [ 225.654800][T21771] ? __iomap_dio_rw+0xf2/0xa60 [ 225.666760][T21771] should_failslab+0x5/0x20 [ 225.671250][T21771] kmem_cache_alloc_trace+0x49/0x310 [ 225.676522][T21771] __iomap_dio_rw+0xf2/0xa60 [ 225.681102][T21771] ? ext4_es_lookup_extent+0x36b/0x490 [ 225.686552][T21771] ? ktime_get_coarse_real_ts64+0x10d/0x120 [ 225.692433][T21771] ? file_update_time+0x1bd/0x3e0 [ 225.697455][T21771] iomap_dio_rw+0x30/0x70 [ 225.701769][T21771] ext4_file_write_iter+0xa5e/0x11a0 [ 225.707039][T21771] do_iter_readv_writev+0x2cd/0x370 [ 225.712224][T21771] do_iter_write+0x192/0x5c0 [ 225.716799][T21771] ? splice_from_pipe_next+0x34f/0x3b0 [ 225.722356][T21771] ? kmalloc_array+0x2d/0x40 [ 225.727012][T21771] vfs_iter_write+0x4c/0x70 [ 225.731585][T21771] iter_file_splice_write+0x40a/0x750 [ 225.737017][T21771] ? splice_from_pipe+0xc0/0xc0 [ 225.741940][T21771] direct_splice_actor+0x80/0xa0 [ 225.746929][T21771] splice_direct_to_actor+0x345/0x650 [ 225.752576][T21771] ? do_splice_direct+0x170/0x170 [ 225.757592][T21771] do_splice_direct+0xf5/0x170 [ 225.762392][T21771] do_sendfile+0x618/0xb90 [ 225.766872][T21771] __x64_sys_sendfile64+0xf2/0x130 [ 225.771974][T21771] do_syscall_64+0x3d/0x90 [ 225.776379][T21771] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 225.782417][T21771] RIP: 0033:0x4665f9 [ 225.786294][T21771] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 225.806032][T21771] RSP: 002b:00007f439350a188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 225.814428][T21771] RAX: ffffffffffffffda RBX: 000000000056c038 RCX: 00000000004665f9 [ 225.822384][T21771] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000004 [ 225.830498][T21771] RBP: 00007f439350a1d0 R08: 0000000000000000 R09: 0000000000000000 [ 225.838540][T21771] R10: 0008000000000004 R11: 0000000000000246 R12: 0000000000000002 01:16:10 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(0xffffffffffffffff, 0x800c6613, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x800002, 0x12, r0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r1, &(0x7f000099e000)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$inet_tcp_int(r1, 0x6, 0x19, &(0x7f0000000000)=0x20, 0x4) sendto$inet(r1, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) ioctl$LOOP_GET_STATUS(0xffffffffffffffff, 0x125e, &(0x7f0000000080)) sendmsg$NL80211_CMD_TDLS_MGMT(r1, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000180)={0x160, 0x0, 0x100, 0x70bd2b, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xc, 0x2a, [@mesh_chsw={0x76, 0x6, {0x4, 0x26, 0x3d, 0x6}}]}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8}, @NL80211_ATTR_IE={0x11e, 0x2a, [@mesh_id={0x72, 0x6}, @ht={0x2d, 0x1a, {0x8, 0x0, 0x1, 0x0, {0x3, 0x1, 0x0, 0x40, 0x0, 0x0, 0x0, 0x3, 0x1}, 0x8, 0x2, 0x2}}, @random_vendor={0xdd, 0xec, "5d4436042fb01afc776f15e249f78a5aa575849e3f8dfaf15c31ab8e96bc93a802a07f9a061d42824f799da013af85391831c9d4d7763587719e0a866b6530d86eec17b03908316c3b2f349db78ce75136f0513d4f0ded6c486518591507ef48244207ef1a137875c55b2461f29fc321232d421909e2e0b878d23b226b9204813abfd58338df63ec0f3a0aa1df08f6ee238f250e1f1517a9491032c8aeef45e3096f8c60fe39eb45570a9ed2a19c2671080fb03c84672b7a6d0050f45aaa2e93af2224c4b60edddc2d45831dacd11acc362166f47ff0f98148d5eea62845deed5ebbae8bd8bcb5c46cfa91e1"}, @ibss={0x6, 0x2, 0x1}, @supported_rates={0x1, 0x2, [{0x4}, {}]}]}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8, 0xcb, 0x7fffffff}, @NL80211_ATTR_TDLS_INITIATOR={0x4}]}, 0x160}, 0x1, 0x0, 0x0, 0x20000004}, 0x4) recvfrom(r1, &(0x7f0000000480)=""/110, 0xfffffe32, 0x734, 0x0, 0xffffffffffffff39) 01:16:10 executing program 1: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f000099e000)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$inet_tcp_int(r0, 0x6, 0x19, &(0x7f0000000000)=0x20, 0x4) sendto$inet(r0, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) sendmsg$NL80211_CMD_TDLS_MGMT(r0, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000180)={0x160, 0x0, 0x100, 0x70bd2b, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xc, 0x2a, [@mesh_chsw={0x76, 0x6, {0x4, 0x26, 0x3d, 0x6}}]}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8}, @NL80211_ATTR_IE={0x11e, 0x2a, [@mesh_id={0x72, 0x6}, @ht={0x2d, 0x1a, {0x8, 0x0, 0x1, 0x0, {0x3, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x1}, 0x8, 0x2, 0x2}}, @random_vendor={0xdd, 0xec, "5d4436042fb01afc776f15e249f78a5aa575849e3f8dfaf15c31ab8e96bc93a802a07f9a061d42824f799da013af85391831c9d4d7763587719e0a866b6530d86eec17b03908316c3b2f349db78ce75136f0513d4f0ded6c486518591507ef48244207ef1a137875c55b2461f29fc321232d421909e2e0b878d23b226b9204813abfd58338df63ec0f3a0aa1df08f6ee238f250e1f1517a9491032c8aeef45e3096f8c60fe39eb45570a9ed2a19c2671080fb03c84672b7a6d0050f45aaa2e93af2224c4b60edddc2d45831dacd11acc362166f47ff0f98148d5eea62845deed5ebbae8bd8bcb5c46cfa91e1"}, @ibss={0x6, 0x2, 0x1}, @supported_rates={0x1, 0x2, [{0x4}, {0xc}]}]}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8, 0xcb, 0x7fffffff}, @NL80211_ATTR_TDLS_INITIATOR={0x4}]}, 0x160}, 0x1, 0x0, 0x0, 0x20000004}, 0x4) recvfrom(r0, &(0x7f0000000480)=""/110, 0xfffffe32, 0x734, 0x0, 0xffffffffffffff39) 01:16:10 executing program 0: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="200000004000000003000000300026000f000000000000000200000002000000008000000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000000140)="ed41000000000000dbf4655fdcf4655fdcf4655f0000000000000400080000000000000005000000080000000000000000000000000000000000000000000000bb", 0x41, 0x4200}], 0x0, &(0x7f0000013a00)) [ 225.846508][T21771] R13: 00007ffeba6dfb3f R14: 00007f439350a300 R15: 0000000000022000 01:16:10 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(0xffffffffffffffff, 0x800c6613, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x800002, 0x12, r0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r1, &(0x7f000099e000)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$inet_tcp_int(r1, 0x6, 0x19, &(0x7f0000000000)=0x20, 0x4) sendto$inet(r1, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) ioctl$LOOP_GET_STATUS(0xffffffffffffffff, 0x125e, &(0x7f0000000080)) sendmsg$NL80211_CMD_TDLS_MGMT(r1, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000180)={0x160, 0x0, 0x100, 0x70bd2b, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xc, 0x2a, [@mesh_chsw={0x76, 0x6, {0x4, 0x26, 0x3d, 0x6}}]}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8}, @NL80211_ATTR_IE={0x11d, 0x2a, [@mesh_id={0x72, 0x6}, @ht={0x2d, 0x1a, {0x8, 0x0, 0x1, 0x0, {0x3, 0x1, 0x0, 0x40, 0x0, 0x0, 0x0, 0x3, 0x1}, 0x8, 0x2, 0x2}}, @random_vendor={0xdd, 0xec, "5d4436042fb01afc776f15e249f78a5aa575849e3f8dfaf15c31ab8e96bc93a802a07f9a061d42824f799da013af85391831c9d4d7763587719e0a866b6530d86eec17b03908316c3b2f349db78ce75136f0513d4f0ded6c486518591507ef48244207ef1a137875c55b2461f29fc321232d421909e2e0b878d23b226b9204813abfd58338df63ec0f3a0aa1df08f6ee238f250e1f1517a9491032c8aeef45e3096f8c60fe39eb45570a9ed2a19c2671080fb03c84672b7a6d0050f45aaa2e93af2224c4b60edddc2d45831dacd11acc362166f47ff0f98148d5eea62845deed5ebbae8bd8bcb5c46cfa91e1"}, @ibss={0x6, 0x2, 0x1}, @supported_rates={0x1, 0x1, [{0xc}]}]}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8, 0xcb, 0x7fffffff}, @NL80211_ATTR_TDLS_INITIATOR={0x4}]}, 0x160}, 0x1, 0x0, 0x0, 0x20000004}, 0x4) recvfrom(r1, &(0x7f0000000480)=""/110, 0xfffffe32, 0x734, 0x0, 0xffffffffffffff39) [ 225.896436][T21765] loop4: p1 p2 p3 p4 [ 225.901947][T21765] loop4: p1 size 11290111 extends beyond EOD, truncated 01:16:10 executing program 1: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f000099e000)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$inet_tcp_int(r0, 0x6, 0x19, &(0x7f0000000000)=0x20, 0x4) sendto$inet(r0, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) sendmsg$NL80211_CMD_TDLS_MGMT(r0, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000180)={0x160, 0x0, 0x100, 0x70bd2b, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xc, 0x2a, [@mesh_chsw={0x76, 0x6, {0x4, 0x26, 0x3d, 0x6}}]}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8}, @NL80211_ATTR_IE={0x11e, 0x2a, [@mesh_id={0x72, 0x6}, @ht={0x2d, 0x1a, {0x8, 0x0, 0x1, 0x0, {0x3, 0x1, 0x0, 0x40, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x8, 0x2, 0x2}}, @random_vendor={0xdd, 0xec, "5d4436042fb01afc776f15e249f78a5aa575849e3f8dfaf15c31ab8e96bc93a802a07f9a061d42824f799da013af85391831c9d4d7763587719e0a866b6530d86eec17b03908316c3b2f349db78ce75136f0513d4f0ded6c486518591507ef48244207ef1a137875c55b2461f29fc321232d421909e2e0b878d23b226b9204813abfd58338df63ec0f3a0aa1df08f6ee238f250e1f1517a9491032c8aeef45e3096f8c60fe39eb45570a9ed2a19c2671080fb03c84672b7a6d0050f45aaa2e93af2224c4b60edddc2d45831dacd11acc362166f47ff0f98148d5eea62845deed5ebbae8bd8bcb5c46cfa91e1"}, @ibss={0x6, 0x2, 0x1}, @supported_rates={0x1, 0x2, [{0x4}, {0xc}]}]}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8, 0xcb, 0x7fffffff}, @NL80211_ATTR_TDLS_INITIATOR={0x4}]}, 0x160}, 0x1, 0x0, 0x0, 0x20000004}, 0x4) recvfrom(r0, &(0x7f0000000480)=""/110, 0xfffffe32, 0x734, 0x0, 0xffffffffffffff39) 01:16:10 executing program 0: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000400000000300000030052e000f000000000000000200000002000000008000000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000000140)="ed41000000000000dbf4655fdcf4655fdcf4655f0000000000000400080000000000000005000000080000000000000000000000000000000000000000000000bb", 0x41, 0x4200}], 0x0, &(0x7f0000013a00)) [ 225.953040][T21765] loop4: p2 size 1073872896 extends beyond EOD, truncated [ 226.000276][T21765] loop4: p3 size 1912633224 extends beyond EOD, truncated [ 226.040400][T21765] loop4: p4 size 3657465856 extends beyond EOD, truncated [ 226.082050][T21768] EXT4-fs error (device loop2): __ext4_iget:4846: inode #2: block 3646141627: comm syz-executor.2: invalid block [ 226.093992][T21768] EXT4-fs (loop2): get root inode failed [ 226.099622][T21768] EXT4-fs (loop2): mount failed [ 226.167869][T21768] loop2: detected capacity change from 0 to 636 [ 226.200089][T21768] EXT4-fs error (device loop2): __ext4_iget:4846: inode #2: block 3646141627: comm syz-executor.2: invalid block [ 226.212108][T21768] EXT4-fs (loop2): get root inode failed [ 226.217759][T21768] EXT4-fs (loop2): mount failed 01:16:10 executing program 5 (fault-call:7 fault-nth:46): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x7a05, 0x1700) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) write$cgroup_int(r2, &(0x7f0000000200), 0xf000) pwrite64(0xffffffffffffffff, 0x0, 0x0, 0x0) sendfile(r2, r3, 0x0, 0xf03b0000) sendfile(r1, r0, 0x0, 0x8000000000004) 01:16:10 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(0xffffffffffffffff, 0x800c6613, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x800002, 0x12, r0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r1, &(0x7f000099e000)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$inet_tcp_int(r1, 0x6, 0x19, &(0x7f0000000000)=0x20, 0x4) sendto$inet(r1, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) ioctl$LOOP_GET_STATUS(0xffffffffffffffff, 0x125e, &(0x7f0000000080)) sendmsg$NL80211_CMD_TDLS_MGMT(r1, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000180)={0x160, 0x0, 0x100, 0x70bd2b, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xc, 0x2a, [@mesh_chsw={0x76, 0x6, {0x4, 0x26, 0x3d, 0x6}}]}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8}, @NL80211_ATTR_IE={0x11d, 0x2a, [@mesh_id={0x72, 0x6}, @ht={0x2d, 0x1a, {0x8, 0x0, 0x1, 0x0, {0x3, 0x1, 0x0, 0x40, 0x0, 0x0, 0x0, 0x3, 0x1}, 0x8, 0x2, 0x2}}, @random_vendor={0xdd, 0xec, "5d4436042fb01afc776f15e249f78a5aa575849e3f8dfaf15c31ab8e96bc93a802a07f9a061d42824f799da013af85391831c9d4d7763587719e0a866b6530d86eec17b03908316c3b2f349db78ce75136f0513d4f0ded6c486518591507ef48244207ef1a137875c55b2461f29fc321232d421909e2e0b878d23b226b9204813abfd58338df63ec0f3a0aa1df08f6ee238f250e1f1517a9491032c8aeef45e3096f8c60fe39eb45570a9ed2a19c2671080fb03c84672b7a6d0050f45aaa2e93af2224c4b60edddc2d45831dacd11acc362166f47ff0f98148d5eea62845deed5ebbae8bd8bcb5c46cfa91e1"}, @ibss={0x6, 0x2, 0x1}, @supported_rates={0x1, 0x1, [{0xc}]}]}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8, 0xcb, 0x7fffffff}, @NL80211_ATTR_TDLS_INITIATOR={0x4}]}, 0x160}, 0x1, 0x0, 0x0, 0x20000004}, 0x4) recvfrom(r1, &(0x7f0000000480)=""/110, 0xfffffe32, 0x734, 0x0, 0xffffffffffffff39) 01:16:10 executing program 1: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f000099e000)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$inet_tcp_int(r0, 0x6, 0x19, &(0x7f0000000000)=0x20, 0x4) sendto$inet(r0, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) sendmsg$NL80211_CMD_TDLS_MGMT(r0, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000180)={0x160, 0x0, 0x100, 0x70bd2b, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xc, 0x2a, [@mesh_chsw={0x76, 0x6, {0x4, 0x26, 0x3d, 0x6}}]}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8}, @NL80211_ATTR_IE={0x11e, 0x2a, [@mesh_id={0x72, 0x6}, @ht={0x2d, 0x1a, {0x8, 0x0, 0x1, 0x0, {0x3, 0x1, 0x0, 0x40, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x8, 0x2, 0x2}}, @random_vendor={0xdd, 0xec, "5d4436042fb01afc776f15e249f78a5aa575849e3f8dfaf15c31ab8e96bc93a802a07f9a061d42824f799da013af85391831c9d4d7763587719e0a866b6530d86eec17b03908316c3b2f349db78ce75136f0513d4f0ded6c486518591507ef48244207ef1a137875c55b2461f29fc321232d421909e2e0b878d23b226b9204813abfd58338df63ec0f3a0aa1df08f6ee238f250e1f1517a9491032c8aeef45e3096f8c60fe39eb45570a9ed2a19c2671080fb03c84672b7a6d0050f45aaa2e93af2224c4b60edddc2d45831dacd11acc362166f47ff0f98148d5eea62845deed5ebbae8bd8bcb5c46cfa91e1"}, @ibss={0x6, 0x2, 0x1}, @supported_rates={0x1, 0x2, [{0x4}, {0xc}]}]}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8, 0xcb, 0x7fffffff}, @NL80211_ATTR_TDLS_INITIATOR={0x4}]}, 0x160}, 0x1, 0x0, 0x0, 0x20000004}, 0x4) recvfrom(r0, &(0x7f0000000480)=""/110, 0xfffffe32, 0x734, 0x0, 0xffffffffffffff39) 01:16:10 executing program 0: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000400000000300000030003f000f000000000000000200000002000000008000000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000000140)="ed41000000000000dbf4655fdcf4655fdcf4655f0000000000000400080000000000000005000000080000000000000000000000000000000000000000000000bb", 0x41, 0x4200}], 0x0, &(0x7f0000013a00)) 01:16:10 executing program 4: syz_read_part_table(0xf5040000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000000)="020181ffffff0a000000ff45ac0000ffffffa9000800000000000000024000ffffff82000000e10000008877007200300700a6ffffff00000000008000da55aa", 0x40, 0x1c0}]) 01:16:10 executing program 2: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x4feff, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="200000004000000003000000300000000f000000000000000200000002000000008000000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000000140)="ed41000000000000dbf4655fdcf4655fdcf4655f0000000000000400080000000000000005000000080000000000000000000000000000000000000000000000bbb453d966251f49b1ab9b5b4d3c3f8ccc23b5d09ae234926a1e667ee0255913fede62ba578c07a711", 0x69, 0x4200}], 0x0, &(0x7f0000013a00)) 01:16:10 executing program 1: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f000099e000)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$inet_tcp_int(r0, 0x6, 0x19, &(0x7f0000000000)=0x20, 0x4) sendto$inet(r0, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) sendmsg$NL80211_CMD_TDLS_MGMT(r0, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000180)={0x160, 0x0, 0x100, 0x70bd2b, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xc, 0x2a, [@mesh_chsw={0x76, 0x6, {0x4, 0x26, 0x3d, 0x6}}]}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8}, @NL80211_ATTR_IE={0x11e, 0x2a, [@mesh_id={0x72, 0x6}, @ht={0x2d, 0x1a, {0x8, 0x0, 0x1, 0x0, {0x3, 0x1, 0x0, 0x40, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x8, 0x2, 0x2}}, @random_vendor={0xdd, 0xec, "5d4436042fb01afc776f15e249f78a5aa575849e3f8dfaf15c31ab8e96bc93a802a07f9a061d42824f799da013af85391831c9d4d7763587719e0a866b6530d86eec17b03908316c3b2f349db78ce75136f0513d4f0ded6c486518591507ef48244207ef1a137875c55b2461f29fc321232d421909e2e0b878d23b226b9204813abfd58338df63ec0f3a0aa1df08f6ee238f250e1f1517a9491032c8aeef45e3096f8c60fe39eb45570a9ed2a19c2671080fb03c84672b7a6d0050f45aaa2e93af2224c4b60edddc2d45831dacd11acc362166f47ff0f98148d5eea62845deed5ebbae8bd8bcb5c46cfa91e1"}, @ibss={0x6, 0x2, 0x1}, @supported_rates={0x1, 0x2, [{0x4}, {0xc}]}]}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8, 0xcb, 0x7fffffff}, @NL80211_ATTR_TDLS_INITIATOR={0x4}]}, 0x160}, 0x1, 0x0, 0x0, 0x20000004}, 0x4) recvfrom(r0, &(0x7f0000000480)=""/110, 0xfffffe32, 0x734, 0x0, 0xffffffffffffff39) [ 226.407464][T21834] loop2: detected capacity change from 0 to 639 [ 226.419698][T21835] loop4: detected capacity change from 0 to 264192 [ 226.452835][T21841] FAULT_INJECTION: forcing a failure. [ 226.452835][T21841] name failslab, interval 1, probability 0, space 0, times 0 [ 226.465479][T21841] CPU: 0 PID: 21841 Comm: syz-executor.5 Tainted: G W 5.14.0-syzkaller #0 [ 226.475461][T21841] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 226.486540][T21841] Call Trace: [ 226.489818][T21841] dump_stack_lvl+0xb7/0x103 [ 226.494407][T21841] dump_stack+0x11/0x1a [ 226.498558][T21841] should_fail+0x23c/0x250 [ 226.502966][T21841] ? mempool_alloc_slab+0x16/0x20 [ 226.507989][T21841] __should_failslab+0x81/0x90 [ 226.512745][T21841] should_failslab+0x5/0x20 [ 226.517232][T21841] kmem_cache_alloc+0x46/0x2e0 [ 226.521984][T21841] mempool_alloc_slab+0x16/0x20 [ 226.526950][T21841] ? mempool_free+0x130/0x130 [ 226.531679][T21841] mempool_alloc+0x8c/0x300 [ 226.536169][T21841] ? ext4_inode_block_valid+0x1cc/0x210 [ 226.541802][T21841] bio_alloc_bioset+0xcc/0x530 [ 226.546591][T21841] ? iov_iter_alignment+0x34b/0x370 [ 226.551763][T21841] iomap_dio_bio_actor+0x511/0xb50 [ 226.556857][T21841] ? ext4_iomap_begin+0x5d1/0x620 [ 226.561900][T21841] iomap_dio_actor+0x26e/0x3b0 [ 226.566656][T21841] ? ext4_iomap_overwrite_begin+0x5e/0x80 [ 226.572380][T21841] iomap_apply+0x1df/0x400 [ 226.576797][T21841] __iomap_dio_rw+0x62e/0xa60 [ 226.581453][T21841] ? __iomap_dio_rw+0xa60/0xa60 [ 226.586280][T21841] iomap_dio_rw+0x30/0x70 [ 226.590588][T21841] ext4_file_write_iter+0xa5e/0x11a0 [ 226.595871][T21841] do_iter_readv_writev+0x2cd/0x370 [ 226.601227][T21841] do_iter_write+0x192/0x5c0 [ 226.605799][T21841] ? splice_from_pipe_next+0x34f/0x3b0 [ 226.611337][T21841] ? kmalloc_array+0x2d/0x40 [ 226.615909][T21841] vfs_iter_write+0x4c/0x70 [ 226.620441][T21841] iter_file_splice_write+0x40a/0x750 [ 226.625835][T21841] ? splice_from_pipe+0xc0/0xc0 [ 226.630673][T21841] direct_splice_actor+0x80/0xa0 [ 226.635597][T21841] splice_direct_to_actor+0x345/0x650 [ 226.640954][T21841] ? do_splice_direct+0x170/0x170 [ 226.646026][T21841] do_splice_direct+0xf5/0x170 [ 226.650822][T21841] do_sendfile+0x618/0xb90 [ 226.655269][T21841] __x64_sys_sendfile64+0xf2/0x130 [ 226.660360][T21841] do_syscall_64+0x3d/0x90 [ 226.664784][T21841] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 226.670654][T21841] RIP: 0033:0x4665f9 [ 226.674519][T21841] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 226.694193][T21841] RSP: 002b:00007f439350a188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 01:16:10 executing program 1: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f000099e000)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$inet_tcp_int(r0, 0x6, 0x19, &(0x7f0000000000)=0x20, 0x4) sendto$inet(r0, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) sendmsg$NL80211_CMD_TDLS_MGMT(r0, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000180)={0x160, 0x0, 0x100, 0x70bd2b, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xc, 0x2a, [@mesh_chsw={0x76, 0x6, {0x4, 0x26, 0x3d, 0x6}}]}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8}, @NL80211_ATTR_IE={0x11e, 0x2a, [@mesh_id={0x72, 0x6}, @ht={0x2d, 0x1a, {0x8, 0x0, 0x1, 0x0, {0x3, 0x1, 0x0, 0x40, 0x0, 0x0, 0x0, 0x3}, 0x8, 0x2, 0x2}}, @random_vendor={0xdd, 0xec, "5d4436042fb01afc776f15e249f78a5aa575849e3f8dfaf15c31ab8e96bc93a802a07f9a061d42824f799da013af85391831c9d4d7763587719e0a866b6530d86eec17b03908316c3b2f349db78ce75136f0513d4f0ded6c486518591507ef48244207ef1a137875c55b2461f29fc321232d421909e2e0b878d23b226b9204813abfd58338df63ec0f3a0aa1df08f6ee238f250e1f1517a9491032c8aeef45e3096f8c60fe39eb45570a9ed2a19c2671080fb03c84672b7a6d0050f45aaa2e93af2224c4b60edddc2d45831dacd11acc362166f47ff0f98148d5eea62845deed5ebbae8bd8bcb5c46cfa91e1"}, @ibss={0x6, 0x2, 0x1}, @supported_rates={0x1, 0x2, [{0x4}, {0xc}]}]}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8, 0xcb, 0x7fffffff}, @NL80211_ATTR_TDLS_INITIATOR={0x4}]}, 0x160}, 0x1, 0x0, 0x0, 0x20000004}, 0x4) recvfrom(r0, &(0x7f0000000480)=""/110, 0xfffffe32, 0x734, 0x0, 0xffffffffffffff39) 01:16:10 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(0xffffffffffffffff, 0x800c6613, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x800002, 0x12, r0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r1, &(0x7f000099e000)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$inet_tcp_int(r1, 0x6, 0x19, &(0x7f0000000000)=0x20, 0x4) sendto$inet(r1, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) ioctl$LOOP_GET_STATUS(0xffffffffffffffff, 0x125e, &(0x7f0000000080)) sendmsg$NL80211_CMD_TDLS_MGMT(r1, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000180)={0x160, 0x0, 0x100, 0x70bd2b, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xc, 0x2a, [@mesh_chsw={0x76, 0x6, {0x4, 0x26, 0x3d, 0x6}}]}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8}, @NL80211_ATTR_IE={0x11d, 0x2a, [@mesh_id={0x72, 0x6}, @ht={0x2d, 0x1a, {0x8, 0x0, 0x1, 0x0, {0x3, 0x1, 0x0, 0x40, 0x0, 0x0, 0x0, 0x3, 0x1}, 0x8, 0x2, 0x2}}, @random_vendor={0xdd, 0xec, "5d4436042fb01afc776f15e249f78a5aa575849e3f8dfaf15c31ab8e96bc93a802a07f9a061d42824f799da013af85391831c9d4d7763587719e0a866b6530d86eec17b03908316c3b2f349db78ce75136f0513d4f0ded6c486518591507ef48244207ef1a137875c55b2461f29fc321232d421909e2e0b878d23b226b9204813abfd58338df63ec0f3a0aa1df08f6ee238f250e1f1517a9491032c8aeef45e3096f8c60fe39eb45570a9ed2a19c2671080fb03c84672b7a6d0050f45aaa2e93af2224c4b60edddc2d45831dacd11acc362166f47ff0f98148d5eea62845deed5ebbae8bd8bcb5c46cfa91e1"}, @ibss={0x6, 0x2, 0x1}, @supported_rates={0x1, 0x1, [{0xc}]}]}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8, 0xcb, 0x7fffffff}, @NL80211_ATTR_TDLS_INITIATOR={0x4}]}, 0x160}, 0x1, 0x0, 0x0, 0x20000004}, 0x4) recvfrom(r1, &(0x7f0000000480)=""/110, 0xfffffe32, 0x734, 0x0, 0xffffffffffffff39) 01:16:10 executing program 0: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="200000004000000003000000300040000f000000000000000200000002000000008000000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000000140)="ed41000000000000dbf4655fdcf4655fdcf4655f0000000000000400080000000000000005000000080000000000000000000000000000000000000000000000bb", 0x41, 0x4200}], 0x0, &(0x7f0000013a00)) [ 226.702720][T21841] RAX: ffffffffffffffda RBX: 000000000056c038 RCX: 00000000004665f9 [ 226.710712][T21841] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000004 [ 226.718690][T21841] RBP: 00007f439350a1d0 R08: 0000000000000000 R09: 0000000000000000 [ 226.726637][T21841] R10: 0008000000000004 R11: 0000000000000246 R12: 0000000000000002 [ 226.734588][T21841] R13: 00007ffeba6dfb3f R14: 00007f439350a300 R15: 0000000000022000 [ 226.753028][T21834] EXT4-fs error (device loop2): __ext4_iget:4846: inode #2: block 3646141627: comm syz-executor.2: invalid block [ 226.764986][T21834] EXT4-fs (loop2): get root inode failed [ 226.770675][T21834] EXT4-fs (loop2): mount failed [ 226.787255][T21835] loop4: p1 p2 p3 p4 [ 226.796601][T21835] loop4: p1 size 11290111 extends beyond EOD, truncated 01:16:11 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(0xffffffffffffffff, 0x800c6613, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x800002, 0x12, r0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r1, &(0x7f000099e000)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$inet_tcp_int(r1, 0x6, 0x19, &(0x7f0000000000)=0x20, 0x4) sendto$inet(r1, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) ioctl$LOOP_GET_STATUS(0xffffffffffffffff, 0x125e, &(0x7f0000000080)) sendmsg$NL80211_CMD_TDLS_MGMT(r1, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000180)={0x160, 0x0, 0x100, 0x70bd2b, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xc, 0x2a, [@mesh_chsw={0x76, 0x6, {0x4, 0x26, 0x3d, 0x6}}]}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8}, @NL80211_ATTR_IE={0x11e, 0x2a, [@mesh_id={0x72, 0x6}, @ht={0x2d, 0x1a, {0x8, 0x0, 0x1, 0x0, {0x3, 0x1, 0x0, 0x40, 0x0, 0x0, 0x0, 0x3, 0x1}, 0x8, 0x2, 0x2}}, @random_vendor={0xdd, 0xec, "5d4436042fb01afc776f15e249f78a5aa575849e3f8dfaf15c31ab8e96bc93a802a07f9a061d42824f799da013af85391831c9d4d7763587719e0a866b6530d86eec17b03908316c3b2f349db78ce75136f0513d4f0ded6c486518591507ef48244207ef1a137875c55b2461f29fc321232d421909e2e0b878d23b226b9204813abfd58338df63ec0f3a0aa1df08f6ee238f250e1f1517a9491032c8aeef45e3096f8c60fe39eb45570a9ed2a19c2671080fb03c84672b7a6d0050f45aaa2e93af2224c4b60edddc2d45831dacd11acc362166f47ff0f98148d5eea62845deed5ebbae8bd8bcb5c46cfa91e1"}, @ibss={0x6, 0x2, 0x1}, @supported_rates={0x1, 0x2, [{}, {0xc}]}]}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8, 0xcb, 0x7fffffff}, @NL80211_ATTR_TDLS_INITIATOR={0x4}]}, 0x160}, 0x1, 0x0, 0x0, 0x20000004}, 0x4) recvfrom(r1, &(0x7f0000000480)=""/110, 0xfffffe32, 0x734, 0x0, 0xffffffffffffff39) 01:16:11 executing program 1: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f000099e000)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$inet_tcp_int(r0, 0x6, 0x19, &(0x7f0000000000)=0x20, 0x4) sendto$inet(r0, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) sendmsg$NL80211_CMD_TDLS_MGMT(r0, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000180)={0x160, 0x0, 0x100, 0x70bd2b, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xc, 0x2a, [@mesh_chsw={0x76, 0x6, {0x4, 0x26, 0x3d, 0x6}}]}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8}, @NL80211_ATTR_IE={0x11e, 0x2a, [@mesh_id={0x72, 0x6}, @ht={0x2d, 0x1a, {0x8, 0x0, 0x1, 0x0, {0x3, 0x1, 0x0, 0x40, 0x0, 0x0, 0x0, 0x3}, 0x8, 0x2, 0x2}}, @random_vendor={0xdd, 0xec, "5d4436042fb01afc776f15e249f78a5aa575849e3f8dfaf15c31ab8e96bc93a802a07f9a061d42824f799da013af85391831c9d4d7763587719e0a866b6530d86eec17b03908316c3b2f349db78ce75136f0513d4f0ded6c486518591507ef48244207ef1a137875c55b2461f29fc321232d421909e2e0b878d23b226b9204813abfd58338df63ec0f3a0aa1df08f6ee238f250e1f1517a9491032c8aeef45e3096f8c60fe39eb45570a9ed2a19c2671080fb03c84672b7a6d0050f45aaa2e93af2224c4b60edddc2d45831dacd11acc362166f47ff0f98148d5eea62845deed5ebbae8bd8bcb5c46cfa91e1"}, @ibss={0x6, 0x2, 0x1}, @supported_rates={0x1, 0x2, [{0x4}, {0xc}]}]}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8, 0xcb, 0x7fffffff}, @NL80211_ATTR_TDLS_INITIATOR={0x4}]}, 0x160}, 0x1, 0x0, 0x0, 0x20000004}, 0x4) recvfrom(r0, &(0x7f0000000480)=""/110, 0xfffffe32, 0x734, 0x0, 0xffffffffffffff39) [ 226.831840][T21835] loop4: p2 size 1073872896 extends beyond EOD, truncated [ 226.891447][T21835] loop4: p3 size 1912633224 extends beyond EOD, truncated [ 226.928624][T21835] loop4: p4 size 3657465856 extends beyond EOD, truncated [ 226.955381][T21834] loop2: detected capacity change from 0 to 639 [ 226.982275][T21834] EXT4-fs error (device loop2): __ext4_iget:4846: inode #2: block 3646141627: comm syz-executor.2: invalid block [ 226.994545][T21834] EXT4-fs (loop2): get root inode failed [ 227.000177][T21834] EXT4-fs (loop2): mount failed [ 227.071959][T21835] loop4: detected capacity change from 0 to 264192 01:16:11 executing program 5 (fault-call:7 fault-nth:47): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x7a05, 0x1700) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) write$cgroup_int(r2, &(0x7f0000000200), 0xf000) pwrite64(0xffffffffffffffff, 0x0, 0x0, 0x0) sendfile(r2, r3, 0x0, 0xf03b0000) sendfile(r1, r0, 0x0, 0x8000000000004) 01:16:11 executing program 0: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="200000004000000003000000300480000f000000000000000200000002000000008000000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000000140)="ed41000000000000dbf4655fdcf4655fdcf4655f0000000000000400080000000000000005000000080000000000000000000000000000000000000000000000bb", 0x41, 0x4200}], 0x0, &(0x7f0000013a00)) 01:16:11 executing program 1: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f000099e000)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$inet_tcp_int(r0, 0x6, 0x19, &(0x7f0000000000)=0x20, 0x4) sendto$inet(r0, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) sendmsg$NL80211_CMD_TDLS_MGMT(r0, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000180)={0x160, 0x0, 0x100, 0x70bd2b, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xc, 0x2a, [@mesh_chsw={0x76, 0x6, {0x4, 0x26, 0x3d, 0x6}}]}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8}, @NL80211_ATTR_IE={0x11e, 0x2a, [@mesh_id={0x72, 0x6}, @ht={0x2d, 0x1a, {0x8, 0x0, 0x1, 0x0, {0x3, 0x1, 0x0, 0x40, 0x0, 0x0, 0x0, 0x3}, 0x8, 0x2, 0x2}}, @random_vendor={0xdd, 0xec, "5d4436042fb01afc776f15e249f78a5aa575849e3f8dfaf15c31ab8e96bc93a802a07f9a061d42824f799da013af85391831c9d4d7763587719e0a866b6530d86eec17b03908316c3b2f349db78ce75136f0513d4f0ded6c486518591507ef48244207ef1a137875c55b2461f29fc321232d421909e2e0b878d23b226b9204813abfd58338df63ec0f3a0aa1df08f6ee238f250e1f1517a9491032c8aeef45e3096f8c60fe39eb45570a9ed2a19c2671080fb03c84672b7a6d0050f45aaa2e93af2224c4b60edddc2d45831dacd11acc362166f47ff0f98148d5eea62845deed5ebbae8bd8bcb5c46cfa91e1"}, @ibss={0x6, 0x2, 0x1}, @supported_rates={0x1, 0x2, [{0x4}, {0xc}]}]}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8, 0xcb, 0x7fffffff}, @NL80211_ATTR_TDLS_INITIATOR={0x4}]}, 0x160}, 0x1, 0x0, 0x0, 0x20000004}, 0x4) recvfrom(r0, &(0x7f0000000480)=""/110, 0xfffffe32, 0x734, 0x0, 0xffffffffffffff39) 01:16:11 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(0xffffffffffffffff, 0x800c6613, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x800002, 0x12, r0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r1, &(0x7f000099e000)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$inet_tcp_int(r1, 0x6, 0x19, &(0x7f0000000000)=0x20, 0x4) sendto$inet(r1, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) ioctl$LOOP_GET_STATUS(0xffffffffffffffff, 0x125e, &(0x7f0000000080)) sendmsg$NL80211_CMD_TDLS_MGMT(r1, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000180)={0x160, 0x0, 0x100, 0x70bd2b, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xc, 0x2a, [@mesh_chsw={0x76, 0x6, {0x4, 0x26, 0x3d, 0x6}}]}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8}, @NL80211_ATTR_IE={0x11e, 0x2a, [@mesh_id={0x72, 0x6}, @ht={0x2d, 0x1a, {0x8, 0x0, 0x1, 0x0, {0x3, 0x1, 0x0, 0x40, 0x0, 0x0, 0x0, 0x3, 0x1}, 0x8, 0x2, 0x2}}, @random_vendor={0xdd, 0xec, "5d4436042fb01afc776f15e249f78a5aa575849e3f8dfaf15c31ab8e96bc93a802a07f9a061d42824f799da013af85391831c9d4d7763587719e0a866b6530d86eec17b03908316c3b2f349db78ce75136f0513d4f0ded6c486518591507ef48244207ef1a137875c55b2461f29fc321232d421909e2e0b878d23b226b9204813abfd58338df63ec0f3a0aa1df08f6ee238f250e1f1517a9491032c8aeef45e3096f8c60fe39eb45570a9ed2a19c2671080fb03c84672b7a6d0050f45aaa2e93af2224c4b60edddc2d45831dacd11acc362166f47ff0f98148d5eea62845deed5ebbae8bd8bcb5c46cfa91e1"}, @ibss={0x6, 0x2, 0x1}, @supported_rates={0x1, 0x2, [{}, {0xc}]}]}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8, 0xcb, 0x7fffffff}, @NL80211_ATTR_TDLS_INITIATOR={0x4}]}, 0x160}, 0x1, 0x0, 0x0, 0x20000004}, 0x4) recvfrom(r1, &(0x7f0000000480)=""/110, 0xfffffe32, 0x734, 0x0, 0xffffffffffffff39) [ 227.157495][T21835] loop4: p1 p2 p3 p4 [ 227.161794][T21835] loop4: p1 size 11290111 extends beyond EOD, truncated [ 227.169816][T21835] loop4: p2 size 1073872896 extends beyond EOD, truncated [ 227.177987][T21835] loop4: p3 size 1912633224 extends beyond EOD, truncated [ 227.186336][T21835] loop4: p4 size 3657465856 extends beyond EOD, truncated 01:16:11 executing program 4: syz_read_part_table(0xf6ffffff, 0x1, &(0x7f0000000040)=[{&(0x7f0000000000)="020181ffffff0a000000ff45ac0000ffffffa9000800000000000000024000ffffff82000000e10000008877007200300700a6ffffff00000000008000da55aa", 0x40, 0x1c0}]) 01:16:11 executing program 2: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x4ff0f, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="200000004000000003000000300000000f000000000000000200000002000000008000000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000000140)="ed41000000000000dbf4655fdcf4655fdcf4655f0000000000000400080000000000000005000000080000000000000000000000000000000000000000000000bbb453d966251f49b1ab9b5b4d3c3f8ccc23b5d09ae234926a1e667ee0255913fede62ba578c07a711", 0x69, 0x4200}], 0x0, &(0x7f0000013a00)) 01:16:11 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(0xffffffffffffffff, 0x800c6613, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x800002, 0x12, r0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r1, &(0x7f000099e000)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$inet_tcp_int(r1, 0x6, 0x19, &(0x7f0000000000)=0x20, 0x4) sendto$inet(r1, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) ioctl$LOOP_GET_STATUS(0xffffffffffffffff, 0x125e, &(0x7f0000000080)) sendmsg$NL80211_CMD_TDLS_MGMT(r1, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000180)={0x160, 0x0, 0x100, 0x70bd2b, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xc, 0x2a, [@mesh_chsw={0x76, 0x6, {0x4, 0x26, 0x3d, 0x6}}]}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8}, @NL80211_ATTR_IE={0x11e, 0x2a, [@mesh_id={0x72, 0x6}, @ht={0x2d, 0x1a, {0x8, 0x0, 0x1, 0x0, {0x3, 0x1, 0x0, 0x40, 0x0, 0x0, 0x0, 0x3, 0x1}, 0x8, 0x2, 0x2}}, @random_vendor={0xdd, 0xec, "5d4436042fb01afc776f15e249f78a5aa575849e3f8dfaf15c31ab8e96bc93a802a07f9a061d42824f799da013af85391831c9d4d7763587719e0a866b6530d86eec17b03908316c3b2f349db78ce75136f0513d4f0ded6c486518591507ef48244207ef1a137875c55b2461f29fc321232d421909e2e0b878d23b226b9204813abfd58338df63ec0f3a0aa1df08f6ee238f250e1f1517a9491032c8aeef45e3096f8c60fe39eb45570a9ed2a19c2671080fb03c84672b7a6d0050f45aaa2e93af2224c4b60edddc2d45831dacd11acc362166f47ff0f98148d5eea62845deed5ebbae8bd8bcb5c46cfa91e1"}, @ibss={0x6, 0x2, 0x1}, @supported_rates={0x1, 0x2, [{}, {0xc}]}]}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8, 0xcb, 0x7fffffff}, @NL80211_ATTR_TDLS_INITIATOR={0x4}]}, 0x160}, 0x1, 0x0, 0x0, 0x20000004}, 0x4) recvfrom(r1, &(0x7f0000000480)=""/110, 0xfffffe32, 0x734, 0x0, 0xffffffffffffff39) [ 227.289929][T21909] loop2: detected capacity change from 0 to 639 [ 227.304223][T21907] FAULT_INJECTION: forcing a failure. [ 227.304223][T21907] name failslab, interval 1, probability 0, space 0, times 0 [ 227.316874][T21907] CPU: 0 PID: 21907 Comm: syz-executor.5 Tainted: G W 5.14.0-syzkaller #0 [ 227.326675][T21907] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 227.336890][T21907] Call Trace: [ 227.340170][T21907] dump_stack_lvl+0xb7/0x103 [ 227.344858][T21907] dump_stack+0x11/0x1a [ 227.349016][T21907] should_fail+0x23c/0x250 [ 227.353421][T21907] ? mempool_alloc_slab+0x16/0x20 [ 227.358452][T21907] __should_failslab+0x81/0x90 [ 227.363212][T21907] should_failslab+0x5/0x20 [ 227.367695][T21907] kmem_cache_alloc+0x46/0x2e0 [ 227.372481][T21907] mempool_alloc_slab+0x16/0x20 [ 227.377380][T21907] ? mempool_free+0x130/0x130 [ 227.382137][T21907] mempool_alloc+0x8c/0x300 [ 227.386622][T21907] sg_pool_alloc+0x74/0x90 [ 227.391024][T21907] __sg_alloc_table+0xce/0x290 [ 227.395763][T21907] sg_alloc_table_chained+0xaf/0x140 [ 227.401067][T21907] ? sg_alloc_table_chained+0x140/0x140 [ 227.406588][T21907] scsi_alloc_sgtables+0x17c/0x500 [ 227.411677][T21907] sd_init_command+0x96a/0x1640 [ 227.416503][T21907] scsi_queue_rq+0x10e0/0x15a0 [ 227.421243][T21907] blk_mq_dispatch_rq_list+0x695/0x1040 [ 227.426781][T21907] ? __sbitmap_queue_get+0x11/0x20 [ 227.431910][T21907] blk_mq_do_dispatch_sched+0x3b5/0x640 [ 227.437519][T21907] __blk_mq_sched_dispatch_requests+0x1eb/0x290 [ 227.443785][T21907] ? rb_insert_color+0x2fa/0x310 [ 227.448719][T21907] blk_mq_sched_dispatch_requests+0x9f/0x110 [ 227.454678][T21907] __blk_mq_run_hw_queue+0xbc/0x140 [ 227.459906][T21907] __blk_mq_delay_run_hw_queue+0x163/0x2f0 [ 227.465714][T21907] blk_mq_run_hw_queue+0x22c/0x250 [ 227.470817][T21907] blk_mq_sched_insert_requests+0x12b/0x1f0 [ 227.476816][T21907] blk_mq_flush_plug_list+0x2f2/0x3c0 [ 227.482189][T21907] blk_flush_plug_list+0x235/0x260 [ 227.487287][T21907] blk_finish_plug+0x44/0x60 [ 227.491852][T21907] __iomap_dio_rw+0x797/0xa60 [ 227.496507][T21907] iomap_dio_rw+0x30/0x70 [ 227.500822][T21907] ext4_file_write_iter+0xa5e/0x11a0 [ 227.506188][T21907] do_iter_readv_writev+0x2cd/0x370 [ 227.511401][T21907] do_iter_write+0x192/0x5c0 [ 227.515967][T21907] ? splice_from_pipe_next+0x34f/0x3b0 [ 227.521406][T21907] ? kcsan_setup_watchpoint+0x231/0x3e0 [ 227.526925][T21907] vfs_iter_write+0x4c/0x70 [ 227.531413][T21907] iter_file_splice_write+0x40a/0x750 [ 227.536843][T21907] ? splice_from_pipe+0xc0/0xc0 [ 227.541701][T21907] direct_splice_actor+0x80/0xa0 [ 227.546618][T21907] splice_direct_to_actor+0x345/0x650 [ 227.552178][T21907] ? do_splice_direct+0x170/0x170 [ 227.557234][T21907] do_splice_direct+0xf5/0x170 [ 227.561974][T21907] do_sendfile+0x618/0xb90 [ 227.566366][T21907] __x64_sys_sendfile64+0xf2/0x130 [ 227.571523][T21907] do_syscall_64+0x3d/0x90 [ 227.575915][T21907] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 227.581786][T21907] RIP: 0033:0x4665f9 [ 227.585669][T21907] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 227.605251][T21907] RSP: 002b:00007f439350a188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 227.613647][T21907] RAX: ffffffffffffffda RBX: 000000000056c038 RCX: 00000000004665f9 [ 227.621687][T21907] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000004 [ 227.629641][T21907] RBP: 00007f439350a1d0 R08: 0000000000000000 R09: 0000000000000000 01:16:11 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(0xffffffffffffffff, 0x800c6613, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x800002, 0x12, r0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r1, &(0x7f000099e000)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$inet_tcp_int(r1, 0x6, 0x19, &(0x7f0000000000)=0x20, 0x4) sendto$inet(r1, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) ioctl$LOOP_GET_STATUS(0xffffffffffffffff, 0x125e, &(0x7f0000000080)) sendmsg$NL80211_CMD_TDLS_MGMT(r1, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000180)={0x15c, 0x0, 0x100, 0x70bd2b, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xc, 0x2a, [@mesh_chsw={0x76, 0x6, {0x4, 0x26, 0x3d, 0x6}}]}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8}, @NL80211_ATTR_IE={0x11a, 0x2a, [@mesh_id={0x72, 0x6}, @ht={0x2d, 0x1a, {0x8, 0x0, 0x1, 0x0, {0x3, 0x1, 0x0, 0x40, 0x0, 0x0, 0x0, 0x3, 0x1}, 0x8, 0x2, 0x2}}, @random_vendor={0xdd, 0xec, "5d4436042fb01afc776f15e249f78a5aa575849e3f8dfaf15c31ab8e96bc93a802a07f9a061d42824f799da013af85391831c9d4d7763587719e0a866b6530d86eec17b03908316c3b2f349db78ce75136f0513d4f0ded6c486518591507ef48244207ef1a137875c55b2461f29fc321232d421909e2e0b878d23b226b9204813abfd58338df63ec0f3a0aa1df08f6ee238f250e1f1517a9491032c8aeef45e3096f8c60fe39eb45570a9ed2a19c2671080fb03c84672b7a6d0050f45aaa2e93af2224c4b60edddc2d45831dacd11acc362166f47ff0f98148d5eea62845deed5ebbae8bd8bcb5c46cfa91e1"}, @supported_rates={0x1, 0x2, [{0x4}, {0xc}]}]}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8, 0xcb, 0x7fffffff}, @NL80211_ATTR_TDLS_INITIATOR={0x4}]}, 0x15c}, 0x1, 0x0, 0x0, 0x20000004}, 0x4) recvfrom(r1, &(0x7f0000000480)=""/110, 0xfffffe32, 0x734, 0x0, 0xffffffffffffff39) 01:16:11 executing program 0: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000400000000300000030fffe000f000000000000000200000002000000008000000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000000140)="ed41000000000000dbf4655fdcf4655fdcf4655f0000000000000400080000000000000005000000080000000000000000000000000000000000000000000000bb", 0x41, 0x4200}], 0x0, &(0x7f0000013a00)) 01:16:11 executing program 1: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f000099e000)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$inet_tcp_int(r0, 0x6, 0x19, &(0x7f0000000000)=0x20, 0x4) sendto$inet(r0, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) sendmsg$NL80211_CMD_TDLS_MGMT(r0, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000180)={0x160, 0x0, 0x100, 0x70bd2b, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xc, 0x2a, [@mesh_chsw={0x76, 0x6, {0x4, 0x26, 0x3d, 0x6}}]}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8}, @NL80211_ATTR_IE={0x11e, 0x2a, [@mesh_id={0x72, 0x6}, @ht={0x2d, 0x1a, {0x8, 0x0, 0x1, 0x0, {0x3, 0x1, 0x0, 0x40, 0x0, 0x0, 0x0, 0x3, 0x1}, 0x0, 0x2, 0x2}}, @random_vendor={0xdd, 0xec, "5d4436042fb01afc776f15e249f78a5aa575849e3f8dfaf15c31ab8e96bc93a802a07f9a061d42824f799da013af85391831c9d4d7763587719e0a866b6530d86eec17b03908316c3b2f349db78ce75136f0513d4f0ded6c486518591507ef48244207ef1a137875c55b2461f29fc321232d421909e2e0b878d23b226b9204813abfd58338df63ec0f3a0aa1df08f6ee238f250e1f1517a9491032c8aeef45e3096f8c60fe39eb45570a9ed2a19c2671080fb03c84672b7a6d0050f45aaa2e93af2224c4b60edddc2d45831dacd11acc362166f47ff0f98148d5eea62845deed5ebbae8bd8bcb5c46cfa91e1"}, @ibss={0x6, 0x2, 0x1}, @supported_rates={0x1, 0x2, [{0x4}, {0xc}]}]}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8, 0xcb, 0x7fffffff}, @NL80211_ATTR_TDLS_INITIATOR={0x4}]}, 0x160}, 0x1, 0x0, 0x0, 0x20000004}, 0x4) recvfrom(r0, &(0x7f0000000480)=""/110, 0xfffffe32, 0x734, 0x0, 0xffffffffffffff39) [ 227.637591][T21907] R10: 0008000000000004 R11: 0000000000000246 R12: 0000000000000002 [ 227.645539][T21907] R13: 00007ffeba6dfb3f R14: 00007f439350a300 R15: 0000000000022000 [ 227.663967][T21909] EXT4-fs error (device loop2): __ext4_iget:4846: inode #2: block 3646141627: comm syz-executor.2: invalid block [ 227.676146][T21909] EXT4-fs (loop2): get root inode failed [ 227.681776][T21909] EXT4-fs (loop2): mount failed 01:16:12 executing program 1: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f000099e000)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$inet_tcp_int(r0, 0x6, 0x19, &(0x7f0000000000)=0x20, 0x4) sendto$inet(r0, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) sendmsg$NL80211_CMD_TDLS_MGMT(r0, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000180)={0x160, 0x0, 0x100, 0x70bd2b, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xc, 0x2a, [@mesh_chsw={0x76, 0x6, {0x4, 0x26, 0x3d, 0x6}}]}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8}, @NL80211_ATTR_IE={0x11e, 0x2a, [@mesh_id={0x72, 0x6}, @ht={0x2d, 0x1a, {0x8, 0x0, 0x1, 0x0, {0x3, 0x1, 0x0, 0x40, 0x0, 0x0, 0x0, 0x3, 0x1}, 0x0, 0x2, 0x2}}, @random_vendor={0xdd, 0xec, "5d4436042fb01afc776f15e249f78a5aa575849e3f8dfaf15c31ab8e96bc93a802a07f9a061d42824f799da013af85391831c9d4d7763587719e0a866b6530d86eec17b03908316c3b2f349db78ce75136f0513d4f0ded6c486518591507ef48244207ef1a137875c55b2461f29fc321232d421909e2e0b878d23b226b9204813abfd58338df63ec0f3a0aa1df08f6ee238f250e1f1517a9491032c8aeef45e3096f8c60fe39eb45570a9ed2a19c2671080fb03c84672b7a6d0050f45aaa2e93af2224c4b60edddc2d45831dacd11acc362166f47ff0f98148d5eea62845deed5ebbae8bd8bcb5c46cfa91e1"}, @ibss={0x6, 0x2, 0x1}, @supported_rates={0x1, 0x2, [{0x4}, {0xc}]}]}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8, 0xcb, 0x7fffffff}, @NL80211_ATTR_TDLS_INITIATOR={0x4}]}, 0x160}, 0x1, 0x0, 0x0, 0x20000004}, 0x4) recvfrom(r0, &(0x7f0000000480)=""/110, 0xfffffe32, 0x734, 0x0, 0xffffffffffffff39) 01:16:12 executing program 0: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000400000000300000030feff000f000000000000000200000002000000008000000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000000140)="ed41000000000000dbf4655fdcf4655fdcf4655f0000000000000400080000000000000005000000080000000000000000000000000000000000000000000000bb", 0x41, 0x4200}], 0x0, &(0x7f0000013a00)) [ 227.758218][T21931] loop4: detected capacity change from 0 to 264192 [ 227.878267][T21931] loop4: p1 p2 p3 p4 [ 227.882376][T21931] loop4: p1 size 11290111 extends beyond EOD, truncated [ 227.895592][T21909] loop2: detected capacity change from 0 to 639 [ 227.905486][T21909] EXT4-fs error (device loop2): __ext4_iget:4846: inode #2: block 3646141627: comm syz-executor.2: invalid block [ 227.917492][T21909] EXT4-fs (loop2): get root inode failed [ 227.923539][T21909] EXT4-fs (loop2): mount failed [ 227.942818][T21931] loop4: p2 size 1073872896 extends beyond EOD, truncated [ 227.950664][T21931] loop4: p3 size 1912633224 extends beyond EOD, truncated [ 227.958702][T21931] loop4: p4 size 3657465856 extends beyond EOD, truncated 01:16:12 executing program 5 (fault-call:7 fault-nth:48): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x7a05, 0x1700) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) write$cgroup_int(r2, &(0x7f0000000200), 0xf000) pwrite64(0xffffffffffffffff, 0x0, 0x0, 0x0) sendfile(r2, r3, 0x0, 0xf03b0000) sendfile(r1, r0, 0x0, 0x8000000000004) 01:16:12 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(0xffffffffffffffff, 0x800c6613, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x800002, 0x12, r0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r1, &(0x7f000099e000)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$inet_tcp_int(r1, 0x6, 0x19, &(0x7f0000000000)=0x20, 0x4) sendto$inet(r1, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) ioctl$LOOP_GET_STATUS(0xffffffffffffffff, 0x125e, &(0x7f0000000080)) sendmsg$NL80211_CMD_TDLS_MGMT(r1, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000180)={0x15c, 0x0, 0x100, 0x70bd2b, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xc, 0x2a, [@mesh_chsw={0x76, 0x6, {0x4, 0x26, 0x3d, 0x6}}]}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8}, @NL80211_ATTR_IE={0x11a, 0x2a, [@mesh_id={0x72, 0x6}, @ht={0x2d, 0x1a, {0x8, 0x0, 0x1, 0x0, {0x3, 0x1, 0x0, 0x40, 0x0, 0x0, 0x0, 0x3, 0x1}, 0x8, 0x2, 0x2}}, @random_vendor={0xdd, 0xec, "5d4436042fb01afc776f15e249f78a5aa575849e3f8dfaf15c31ab8e96bc93a802a07f9a061d42824f799da013af85391831c9d4d7763587719e0a866b6530d86eec17b03908316c3b2f349db78ce75136f0513d4f0ded6c486518591507ef48244207ef1a137875c55b2461f29fc321232d421909e2e0b878d23b226b9204813abfd58338df63ec0f3a0aa1df08f6ee238f250e1f1517a9491032c8aeef45e3096f8c60fe39eb45570a9ed2a19c2671080fb03c84672b7a6d0050f45aaa2e93af2224c4b60edddc2d45831dacd11acc362166f47ff0f98148d5eea62845deed5ebbae8bd8bcb5c46cfa91e1"}, @supported_rates={0x1, 0x2, [{0x4}, {0xc}]}]}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8, 0xcb, 0x7fffffff}, @NL80211_ATTR_TDLS_INITIATOR={0x4}]}, 0x15c}, 0x1, 0x0, 0x0, 0x20000004}, 0x4) recvfrom(r1, &(0x7f0000000480)=""/110, 0xfffffe32, 0x734, 0x0, 0xffffffffffffff39) 01:16:12 executing program 0: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="200000004000000003000000300000001f000000000000000200000002000000008000000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000000140)="ed41000000000000dbf4655fdcf4655fdcf4655f0000000000000400080000000000000005000000080000000000000000000000000000000000000000000000bb", 0x41, 0x4200}], 0x0, &(0x7f0000013a00)) 01:16:12 executing program 1: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f000099e000)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$inet_tcp_int(r0, 0x6, 0x19, &(0x7f0000000000)=0x20, 0x4) sendto$inet(r0, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) sendmsg$NL80211_CMD_TDLS_MGMT(r0, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000180)={0x160, 0x0, 0x100, 0x70bd2b, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xc, 0x2a, [@mesh_chsw={0x76, 0x6, {0x4, 0x26, 0x3d, 0x6}}]}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8}, @NL80211_ATTR_IE={0x11e, 0x2a, [@mesh_id={0x72, 0x6}, @ht={0x2d, 0x1a, {0x8, 0x0, 0x1, 0x0, {0x3, 0x1, 0x0, 0x40, 0x0, 0x0, 0x0, 0x3, 0x1}, 0x0, 0x2, 0x2}}, @random_vendor={0xdd, 0xec, "5d4436042fb01afc776f15e249f78a5aa575849e3f8dfaf15c31ab8e96bc93a802a07f9a061d42824f799da013af85391831c9d4d7763587719e0a866b6530d86eec17b03908316c3b2f349db78ce75136f0513d4f0ded6c486518591507ef48244207ef1a137875c55b2461f29fc321232d421909e2e0b878d23b226b9204813abfd58338df63ec0f3a0aa1df08f6ee238f250e1f1517a9491032c8aeef45e3096f8c60fe39eb45570a9ed2a19c2671080fb03c84672b7a6d0050f45aaa2e93af2224c4b60edddc2d45831dacd11acc362166f47ff0f98148d5eea62845deed5ebbae8bd8bcb5c46cfa91e1"}, @ibss={0x6, 0x2, 0x1}, @supported_rates={0x1, 0x2, [{0x4}, {0xc}]}]}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8, 0xcb, 0x7fffffff}, @NL80211_ATTR_TDLS_INITIATOR={0x4}]}, 0x160}, 0x1, 0x0, 0x0, 0x20000004}, 0x4) recvfrom(r0, &(0x7f0000000480)=""/110, 0xfffffe32, 0x734, 0x0, 0xffffffffffffff39) 01:16:12 executing program 4: syz_read_part_table(0xfbffffff, 0x1, &(0x7f0000000040)=[{&(0x7f0000000000)="020181ffffff0a000000ff45ac0000ffffffa9000800000000000000024000ffffff82000000e10000008877007200300700a6ffffff00000000008000da55aa", 0x40, 0x1c0}]) 01:16:12 executing program 2: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x4fffe, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="200000004000000003000000300000000f000000000000000200000002000000008000000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000000140)="ed41000000000000dbf4655fdcf4655fdcf4655f0000000000000400080000000000000005000000080000000000000000000000000000000000000000000000bbb453d966251f49b1ab9b5b4d3c3f8ccc23b5d09ae234926a1e667ee0255913fede62ba578c07a711", 0x69, 0x4200}], 0x0, &(0x7f0000013a00)) 01:16:12 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(0xffffffffffffffff, 0x800c6613, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x800002, 0x12, r0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r1, &(0x7f000099e000)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$inet_tcp_int(r1, 0x6, 0x19, &(0x7f0000000000)=0x20, 0x4) sendto$inet(r1, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) ioctl$LOOP_GET_STATUS(0xffffffffffffffff, 0x125e, &(0x7f0000000080)) sendmsg$NL80211_CMD_TDLS_MGMT(r1, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000180)={0x15c, 0x0, 0x100, 0x70bd2b, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xc, 0x2a, [@mesh_chsw={0x76, 0x6, {0x4, 0x26, 0x3d, 0x6}}]}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8}, @NL80211_ATTR_IE={0x11a, 0x2a, [@mesh_id={0x72, 0x6}, @ht={0x2d, 0x1a, {0x8, 0x0, 0x1, 0x0, {0x3, 0x1, 0x0, 0x40, 0x0, 0x0, 0x0, 0x3, 0x1}, 0x8, 0x2, 0x2}}, @random_vendor={0xdd, 0xec, "5d4436042fb01afc776f15e249f78a5aa575849e3f8dfaf15c31ab8e96bc93a802a07f9a061d42824f799da013af85391831c9d4d7763587719e0a866b6530d86eec17b03908316c3b2f349db78ce75136f0513d4f0ded6c486518591507ef48244207ef1a137875c55b2461f29fc321232d421909e2e0b878d23b226b9204813abfd58338df63ec0f3a0aa1df08f6ee238f250e1f1517a9491032c8aeef45e3096f8c60fe39eb45570a9ed2a19c2671080fb03c84672b7a6d0050f45aaa2e93af2224c4b60edddc2d45831dacd11acc362166f47ff0f98148d5eea62845deed5ebbae8bd8bcb5c46cfa91e1"}, @supported_rates={0x1, 0x2, [{0x4}, {0xc}]}]}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8, 0xcb, 0x7fffffff}, @NL80211_ATTR_TDLS_INITIATOR={0x4}]}, 0x15c}, 0x1, 0x0, 0x0, 0x20000004}, 0x4) recvfrom(r1, &(0x7f0000000480)=""/110, 0xfffffe32, 0x734, 0x0, 0xffffffffffffff39) [ 228.135985][T21976] loop2: detected capacity change from 0 to 639 [ 228.159114][T21977] FAULT_INJECTION: forcing a failure. [ 228.159114][T21977] name failslab, interval 1, probability 0, space 0, times 0 [ 228.169944][T21980] loop4: detected capacity change from 0 to 264192 [ 228.171767][T21977] CPU: 0 PID: 21977 Comm: syz-executor.5 Tainted: G W 5.14.0-syzkaller #0 [ 228.187989][T21977] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 228.198034][T21977] Call Trace: [ 228.201306][T21977] dump_stack_lvl+0xb7/0x103 [ 228.205916][T21977] dump_stack+0x11/0x1a [ 228.210094][T21977] should_fail+0x23c/0x250 [ 228.214512][T21977] ? kmalloc_array+0x2d/0x40 [ 228.219088][T21977] __should_failslab+0x81/0x90 [ 228.223887][T21977] should_failslab+0x5/0x20 [ 228.228440][T21977] __kmalloc+0x66/0x340 [ 228.232637][T21977] ? ktime_get_coarse_real_ts64+0x10d/0x120 [ 228.238573][T21977] ? splice_from_pipe+0xc0/0xc0 [ 228.243409][T21977] kmalloc_array+0x2d/0x40 [ 228.247814][T21977] iter_file_splice_write+0xc6/0x750 [ 228.253111][T21977] ? atime_needs_update+0x239/0x390 [ 228.258365][T21977] ? touch_atime+0xcf/0x240 [ 228.262855][T21977] ? generic_file_splice_read+0x286/0x310 [ 228.268608][T21977] ? splice_from_pipe+0xc0/0xc0 [ 228.273475][T21977] direct_splice_actor+0x80/0xa0 [ 228.278396][T21977] splice_direct_to_actor+0x345/0x650 [ 228.283816][T21977] ? do_splice_direct+0x170/0x170 [ 228.288826][T21977] do_splice_direct+0xf5/0x170 [ 228.293705][T21977] do_sendfile+0x618/0xb90 [ 228.298171][T21977] __x64_sys_sendfile64+0xf2/0x130 [ 228.303268][T21977] do_syscall_64+0x3d/0x90 [ 228.307670][T21977] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 228.313571][T21977] RIP: 0033:0x4665f9 01:16:12 executing program 1: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f000099e000)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$inet_tcp_int(r0, 0x6, 0x19, &(0x7f0000000000)=0x20, 0x4) sendto$inet(r0, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) sendmsg$NL80211_CMD_TDLS_MGMT(r0, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000180)={0x160, 0x0, 0x100, 0x70bd2b, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xc, 0x2a, [@mesh_chsw={0x76, 0x6, {0x4, 0x26, 0x3d, 0x6}}]}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8}, @NL80211_ATTR_IE={0x11e, 0x2a, [@mesh_id={0x72, 0x6}, @ht={0x2d, 0x1a, {0x8, 0x0, 0x1, 0x0, {0x3, 0x1, 0x0, 0x40, 0x0, 0x0, 0x0, 0x3, 0x1}, 0x8, 0x0, 0x2}}, @random_vendor={0xdd, 0xec, "5d4436042fb01afc776f15e249f78a5aa575849e3f8dfaf15c31ab8e96bc93a802a07f9a061d42824f799da013af85391831c9d4d7763587719e0a866b6530d86eec17b03908316c3b2f349db78ce75136f0513d4f0ded6c486518591507ef48244207ef1a137875c55b2461f29fc321232d421909e2e0b878d23b226b9204813abfd58338df63ec0f3a0aa1df08f6ee238f250e1f1517a9491032c8aeef45e3096f8c60fe39eb45570a9ed2a19c2671080fb03c84672b7a6d0050f45aaa2e93af2224c4b60edddc2d45831dacd11acc362166f47ff0f98148d5eea62845deed5ebbae8bd8bcb5c46cfa91e1"}, @ibss={0x6, 0x2, 0x1}, @supported_rates={0x1, 0x2, [{0x4}, {0xc}]}]}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8, 0xcb, 0x7fffffff}, @NL80211_ATTR_TDLS_INITIATOR={0x4}]}, 0x160}, 0x1, 0x0, 0x0, 0x20000004}, 0x4) recvfrom(r0, &(0x7f0000000480)=""/110, 0xfffffe32, 0x734, 0x0, 0xffffffffffffff39) 01:16:12 executing program 0: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="2000000040000000030000003000000040000000000000000200000002000000008000000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000000140)="ed41000000000000dbf4655fdcf4655fdcf4655f0000000000000400080000000000000005000000080000000000000000000000000000000000000000000000bb", 0x41, 0x4200}], 0x0, &(0x7f0000013a00)) [ 228.317448][T21977] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 228.337451][T21977] RSP: 002b:00007f439350a188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 228.345975][T21977] RAX: ffffffffffffffda RBX: 000000000056c038 RCX: 00000000004665f9 [ 228.353945][T21977] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000004 [ 228.361901][T21977] RBP: 00007f439350a1d0 R08: 0000000000000000 R09: 0000000000000000 [ 228.369857][T21977] R10: 0008000000000004 R11: 0000000000000246 R12: 0000000000000002 [ 228.377812][T21977] R13: 00007ffeba6dfb3f R14: 00007f439350a300 R15: 0000000000022000 01:16:12 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(0xffffffffffffffff, 0x800c6613, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x800002, 0x12, r0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r1, &(0x7f000099e000)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$inet_tcp_int(r1, 0x6, 0x19, &(0x7f0000000000)=0x20, 0x4) sendto$inet(r1, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) ioctl$LOOP_GET_STATUS(0xffffffffffffffff, 0x125e, &(0x7f0000000080)) sendmsg$NL80211_CMD_TDLS_MGMT(r1, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000180)={0x160, 0x0, 0x100, 0x70bd2b, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xc, 0x2a, [@mesh_chsw={0x76, 0x6, {0x4, 0x26, 0x3d, 0x6}}]}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8}, @NL80211_ATTR_IE={0x11e, 0x2a, [@mesh_id={0x72, 0x6}, @ht={0x2d, 0x1a, {0x8, 0x0, 0x1, 0x0, {0x3, 0x1, 0x0, 0x40, 0x0, 0x0, 0x0, 0x3, 0x1}, 0x8, 0x2, 0x2}}, @random_vendor={0xdd, 0xec, "5d4436042fb01afc776f15e249f78a5aa575849e3f8dfaf15c31ab8e96bc93a802a07f9a061d42824f799da013af85391831c9d4d7763587719e0a866b6530d86eec17b03908316c3b2f349db78ce75136f0513d4f0ded6c486518591507ef48244207ef1a137875c55b2461f29fc321232d421909e2e0b878d23b226b9204813abfd58338df63ec0f3a0aa1df08f6ee238f250e1f1517a9491032c8aeef45e3096f8c60fe39eb45570a9ed2a19c2671080fb03c84672b7a6d0050f45aaa2e93af2224c4b60edddc2d45831dacd11acc362166f47ff0f98148d5eea62845deed5ebbae8bd8bcb5c46cfa91e1"}, @ibss={0x6, 0x2}, @supported_rates={0x1, 0x2, [{0x4}, {0xc}]}]}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8, 0xcb, 0x7fffffff}, @NL80211_ATTR_TDLS_INITIATOR={0x4}]}, 0x160}, 0x1, 0x0, 0x0, 0x20000004}, 0x4) recvfrom(r1, &(0x7f0000000480)=""/110, 0xfffffe32, 0x734, 0x0, 0xffffffffffffff39) 01:16:12 executing program 1: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f000099e000)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$inet_tcp_int(r0, 0x6, 0x19, &(0x7f0000000000)=0x20, 0x4) sendto$inet(r0, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) sendmsg$NL80211_CMD_TDLS_MGMT(r0, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000180)={0x160, 0x0, 0x100, 0x70bd2b, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xc, 0x2a, [@mesh_chsw={0x76, 0x6, {0x4, 0x26, 0x3d, 0x6}}]}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8}, @NL80211_ATTR_IE={0x11e, 0x2a, [@mesh_id={0x72, 0x6}, @ht={0x2d, 0x1a, {0x8, 0x0, 0x1, 0x0, {0x3, 0x1, 0x0, 0x40, 0x0, 0x0, 0x0, 0x3, 0x1}, 0x8, 0x0, 0x2}}, @random_vendor={0xdd, 0xec, "5d4436042fb01afc776f15e249f78a5aa575849e3f8dfaf15c31ab8e96bc93a802a07f9a061d42824f799da013af85391831c9d4d7763587719e0a866b6530d86eec17b03908316c3b2f349db78ce75136f0513d4f0ded6c486518591507ef48244207ef1a137875c55b2461f29fc321232d421909e2e0b878d23b226b9204813abfd58338df63ec0f3a0aa1df08f6ee238f250e1f1517a9491032c8aeef45e3096f8c60fe39eb45570a9ed2a19c2671080fb03c84672b7a6d0050f45aaa2e93af2224c4b60edddc2d45831dacd11acc362166f47ff0f98148d5eea62845deed5ebbae8bd8bcb5c46cfa91e1"}, @ibss={0x6, 0x2, 0x1}, @supported_rates={0x1, 0x2, [{0x4}, {0xc}]}]}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8, 0xcb, 0x7fffffff}, @NL80211_ATTR_TDLS_INITIATOR={0x4}]}, 0x160}, 0x1, 0x0, 0x0, 0x20000004}, 0x4) recvfrom(r0, &(0x7f0000000480)=""/110, 0xfffffe32, 0x734, 0x0, 0xffffffffffffff39) 01:16:12 executing program 0: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000400000000300000030fffffffe000000000000000200000002000000008000000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000000140)="ed41000000000000dbf4655fdcf4655fdcf4655f0000000000000400080000000000000005000000080000000000000000000000000000000000000000000000bb", 0x41, 0x4200}], 0x0, &(0x7f0000013a00)) [ 228.452628][T21980] loop4: p1 p2 p3 p4 [ 228.457091][T21980] loop4: p1 size 11290111 extends beyond EOD, truncated [ 228.500534][T21980] loop4: p2 size 1073872896 extends beyond EOD, truncated [ 228.539295][T21980] loop4: p3 size 1912633224 extends beyond EOD, truncated [ 228.574994][T21980] loop4: p4 size 3657465856 extends beyond EOD, truncated [ 228.593008][T21976] EXT4-fs error (device loop2): __ext4_iget:4846: inode #2: block 3646141627: comm syz-executor.2: invalid block [ 228.605059][T21976] EXT4-fs (loop2): get root inode failed [ 228.610718][T21976] EXT4-fs (loop2): mount failed [ 228.626566][T21980] loop4: detected capacity change from 0 to 264192 [ 228.690432][T21976] loop2: detected capacity change from 0 to 639 [ 228.699089][T21980] loop4: p1 p2 p3 p4 [ 228.704163][T21980] loop4: p1 size 11290111 extends beyond EOD, truncated [ 228.719552][T21976] EXT4-fs error (device loop2): __ext4_iget:4846: inode #2: block 3646141627: comm syz-executor.2: invalid block [ 228.732103][T21976] EXT4-fs (loop2): get root inode failed [ 228.737762][T21976] EXT4-fs (loop2): mount failed [ 228.743762][T21980] loop4: p2 size 1073872896 extends beyond EOD, truncated [ 228.757266][T21980] loop4: p3 size 1912633224 extends beyond EOD, truncated [ 228.765782][T21980] loop4: p4 size 3657465856 extends beyond EOD, truncated 01:16:13 executing program 5 (fault-call:7 fault-nth:49): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x7a05, 0x1700) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) write$cgroup_int(r2, &(0x7f0000000200), 0xf000) pwrite64(0xffffffffffffffff, 0x0, 0x0, 0x0) sendfile(r2, r3, 0x0, 0xf03b0000) sendfile(r1, r0, 0x0, 0x8000000000004) 01:16:13 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(0xffffffffffffffff, 0x800c6613, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x800002, 0x12, r0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r1, &(0x7f000099e000)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$inet_tcp_int(r1, 0x6, 0x19, &(0x7f0000000000)=0x20, 0x4) sendto$inet(r1, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) ioctl$LOOP_GET_STATUS(0xffffffffffffffff, 0x125e, &(0x7f0000000080)) sendmsg$NL80211_CMD_TDLS_MGMT(r1, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000180)={0x160, 0x0, 0x100, 0x70bd2b, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xc, 0x2a, [@mesh_chsw={0x76, 0x6, {0x4, 0x26, 0x3d, 0x6}}]}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8}, @NL80211_ATTR_IE={0x11e, 0x2a, [@mesh_id={0x72, 0x6}, @ht={0x2d, 0x1a, {0x8, 0x0, 0x1, 0x0, {0x3, 0x1, 0x0, 0x40, 0x0, 0x0, 0x0, 0x3, 0x1}, 0x8, 0x2, 0x2}}, @random_vendor={0xdd, 0xec, "5d4436042fb01afc776f15e249f78a5aa575849e3f8dfaf15c31ab8e96bc93a802a07f9a061d42824f799da013af85391831c9d4d7763587719e0a866b6530d86eec17b03908316c3b2f349db78ce75136f0513d4f0ded6c486518591507ef48244207ef1a137875c55b2461f29fc321232d421909e2e0b878d23b226b9204813abfd58338df63ec0f3a0aa1df08f6ee238f250e1f1517a9491032c8aeef45e3096f8c60fe39eb45570a9ed2a19c2671080fb03c84672b7a6d0050f45aaa2e93af2224c4b60edddc2d45831dacd11acc362166f47ff0f98148d5eea62845deed5ebbae8bd8bcb5c46cfa91e1"}, @ibss={0x6, 0x2}, @supported_rates={0x1, 0x2, [{0x4}, {0xc}]}]}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8, 0xcb, 0x7fffffff}, @NL80211_ATTR_TDLS_INITIATOR={0x4}]}, 0x160}, 0x1, 0x0, 0x0, 0x20000004}, 0x4) recvfrom(r1, &(0x7f0000000480)=""/110, 0xfffffe32, 0x734, 0x0, 0xffffffffffffff39) 01:16:13 executing program 1: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f000099e000)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$inet_tcp_int(r0, 0x6, 0x19, &(0x7f0000000000)=0x20, 0x4) sendto$inet(r0, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) sendmsg$NL80211_CMD_TDLS_MGMT(r0, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000180)={0x160, 0x0, 0x100, 0x70bd2b, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xc, 0x2a, [@mesh_chsw={0x76, 0x6, {0x4, 0x26, 0x3d, 0x6}}]}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8}, @NL80211_ATTR_IE={0x11e, 0x2a, [@mesh_id={0x72, 0x6}, @ht={0x2d, 0x1a, {0x8, 0x0, 0x1, 0x0, {0x3, 0x1, 0x0, 0x40, 0x0, 0x0, 0x0, 0x3, 0x1}, 0x8, 0x0, 0x2}}, @random_vendor={0xdd, 0xec, "5d4436042fb01afc776f15e249f78a5aa575849e3f8dfaf15c31ab8e96bc93a802a07f9a061d42824f799da013af85391831c9d4d7763587719e0a866b6530d86eec17b03908316c3b2f349db78ce75136f0513d4f0ded6c486518591507ef48244207ef1a137875c55b2461f29fc321232d421909e2e0b878d23b226b9204813abfd58338df63ec0f3a0aa1df08f6ee238f250e1f1517a9491032c8aeef45e3096f8c60fe39eb45570a9ed2a19c2671080fb03c84672b7a6d0050f45aaa2e93af2224c4b60edddc2d45831dacd11acc362166f47ff0f98148d5eea62845deed5ebbae8bd8bcb5c46cfa91e1"}, @ibss={0x6, 0x2, 0x1}, @supported_rates={0x1, 0x2, [{0x4}, {0xc}]}]}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8, 0xcb, 0x7fffffff}, @NL80211_ATTR_TDLS_INITIATOR={0x4}]}, 0x160}, 0x1, 0x0, 0x0, 0x20000004}, 0x4) recvfrom(r0, &(0x7f0000000480)=""/110, 0xfffffe32, 0x734, 0x0, 0xffffffffffffff39) 01:16:13 executing program 0: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="200000004000000003000000300002000f000000000000000200000002000000008000000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000000140)="ed41000000000000dbf4655fdcf4655fdcf4655f0000000000000400080000000000000005000000080000000000000000000000000000000000000000000000bb", 0x41, 0x4200}], 0x0, &(0x7f0000013a00)) 01:16:13 executing program 2: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x100000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="200000004000000003000000300000000f000000000000000200000002000000008000000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000000140)="ed41000000000000dbf4655fdcf4655fdcf4655f0000000000000400080000000000000005000000080000000000000000000000000000000000000000000000bbb453d966251f49b1ab9b5b4d3c3f8ccc23b5d09ae234926a1e667ee0255913fede62ba578c07a711", 0x69, 0x4200}], 0x0, &(0x7f0000013a00)) 01:16:13 executing program 4: syz_read_part_table(0xfdfdffff, 0x1, &(0x7f0000000040)=[{&(0x7f0000000000)="020181ffffff0a000000ff45ac0000ffffffa9000800000000000000024000ffffff82000000e10000008877007200300700a6ffffff00000000008000da55aa", 0x40, 0x1c0}]) [ 228.987675][T22049] loop2: detected capacity change from 0 to 2048 [ 228.997846][T22051] loop4: detected capacity change from 0 to 264192 [ 229.028262][T22053] FAULT_INJECTION: forcing a failure. [ 229.028262][T22053] name failslab, interval 1, probability 0, space 0, times 0 [ 229.040901][T22053] CPU: 0 PID: 22053 Comm: syz-executor.5 Tainted: G W 5.14.0-syzkaller #0 [ 229.050710][T22053] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 229.060878][T22053] Call Trace: [ 229.064159][T22053] dump_stack_lvl+0xb7/0x103 [ 229.068848][T22053] dump_stack+0x11/0x1a [ 229.072994][T22053] should_fail+0x23c/0x250 [ 229.077396][T22053] __should_failslab+0x81/0x90 [ 229.082150][T22053] ? __iomap_dio_rw+0xf2/0xa60 [ 229.086925][T22053] should_failslab+0x5/0x20 [ 229.091411][T22053] kmem_cache_alloc_trace+0x49/0x310 [ 229.096681][T22053] __iomap_dio_rw+0xf2/0xa60 [ 229.101259][T22053] ? ext4_es_lookup_extent+0x36b/0x490 [ 229.106703][T22053] ? ktime_get_coarse_real_ts64+0x10d/0x120 [ 229.112590][T22053] ? file_update_time+0x1bd/0x3e0 [ 229.117603][T22053] iomap_dio_rw+0x30/0x70 [ 229.121941][T22053] ext4_file_write_iter+0xa5e/0x11a0 [ 229.127212][T22053] do_iter_readv_writev+0x2cd/0x370 [ 229.132395][T22053] do_iter_write+0x192/0x5c0 [ 229.136995][T22053] ? splice_from_pipe_next+0x34f/0x3b0 [ 229.142442][T22053] ? kmalloc_array+0x2d/0x40 [ 229.147018][T22053] vfs_iter_write+0x4c/0x70 [ 229.151798][T22053] iter_file_splice_write+0x40a/0x750 [ 229.157265][T22053] ? splice_from_pipe+0xc0/0xc0 [ 229.162165][T22053] direct_splice_actor+0x80/0xa0 [ 229.167097][T22053] splice_direct_to_actor+0x345/0x650 [ 229.172477][T22053] ? do_splice_direct+0x170/0x170 [ 229.177520][T22053] do_splice_direct+0xf5/0x170 [ 229.182326][T22053] do_sendfile+0x618/0xb90 [ 229.186725][T22053] __x64_sys_sendfile64+0xf2/0x130 [ 229.191819][T22053] do_syscall_64+0x3d/0x90 [ 229.196297][T22053] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 229.202173][T22053] RIP: 0033:0x4665f9 [ 229.206051][T22053] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 01:16:13 executing program 1: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f000099e000)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$inet_tcp_int(r0, 0x6, 0x19, &(0x7f0000000000)=0x20, 0x4) sendto$inet(r0, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) sendmsg$NL80211_CMD_TDLS_MGMT(r0, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000180)={0x160, 0x0, 0x100, 0x70bd2b, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xc, 0x2a, [@mesh_chsw={0x76, 0x6, {0x4, 0x26, 0x3d, 0x6}}]}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8}, @NL80211_ATTR_IE={0x11e, 0x2a, [@mesh_id={0x72, 0x6}, @ht={0x2d, 0x1a, {0x8, 0x0, 0x1, 0x0, {0x3, 0x1, 0x0, 0x40, 0x0, 0x0, 0x0, 0x3, 0x1}, 0x8, 0x2}}, @random_vendor={0xdd, 0xec, "5d4436042fb01afc776f15e249f78a5aa575849e3f8dfaf15c31ab8e96bc93a802a07f9a061d42824f799da013af85391831c9d4d7763587719e0a866b6530d86eec17b03908316c3b2f349db78ce75136f0513d4f0ded6c486518591507ef48244207ef1a137875c55b2461f29fc321232d421909e2e0b878d23b226b9204813abfd58338df63ec0f3a0aa1df08f6ee238f250e1f1517a9491032c8aeef45e3096f8c60fe39eb45570a9ed2a19c2671080fb03c84672b7a6d0050f45aaa2e93af2224c4b60edddc2d45831dacd11acc362166f47ff0f98148d5eea62845deed5ebbae8bd8bcb5c46cfa91e1"}, @ibss={0x6, 0x2, 0x1}, @supported_rates={0x1, 0x2, [{0x4}, {0xc}]}]}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8, 0xcb, 0x7fffffff}, @NL80211_ATTR_TDLS_INITIATOR={0x4}]}, 0x160}, 0x1, 0x0, 0x0, 0x20000004}, 0x4) recvfrom(r0, &(0x7f0000000480)=""/110, 0xfffffe32, 0x734, 0x0, 0xffffffffffffff39) 01:16:13 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(0xffffffffffffffff, 0x800c6613, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x800002, 0x12, r0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r1, &(0x7f000099e000)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$inet_tcp_int(r1, 0x6, 0x19, &(0x7f0000000000)=0x20, 0x4) sendto$inet(r1, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) ioctl$LOOP_GET_STATUS(0xffffffffffffffff, 0x125e, &(0x7f0000000080)) sendmsg$NL80211_CMD_TDLS_MGMT(r1, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000180)={0x160, 0x0, 0x100, 0x70bd2b, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xc, 0x2a, [@mesh_chsw={0x76, 0x6, {0x4, 0x26, 0x3d, 0x6}}]}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8}, @NL80211_ATTR_IE={0x11e, 0x2a, [@mesh_id={0x72, 0x6}, @ht={0x2d, 0x1a, {0x8, 0x0, 0x1, 0x0, {0x3, 0x1, 0x0, 0x40, 0x0, 0x0, 0x0, 0x3, 0x1}, 0x8, 0x2, 0x2}}, @random_vendor={0xdd, 0xec, "5d4436042fb01afc776f15e249f78a5aa575849e3f8dfaf15c31ab8e96bc93a802a07f9a061d42824f799da013af85391831c9d4d7763587719e0a866b6530d86eec17b03908316c3b2f349db78ce75136f0513d4f0ded6c486518591507ef48244207ef1a137875c55b2461f29fc321232d421909e2e0b878d23b226b9204813abfd58338df63ec0f3a0aa1df08f6ee238f250e1f1517a9491032c8aeef45e3096f8c60fe39eb45570a9ed2a19c2671080fb03c84672b7a6d0050f45aaa2e93af2224c4b60edddc2d45831dacd11acc362166f47ff0f98148d5eea62845deed5ebbae8bd8bcb5c46cfa91e1"}, @ibss={0x6, 0x2}, @supported_rates={0x1, 0x2, [{0x4}, {0xc}]}]}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8, 0xcb, 0x7fffffff}, @NL80211_ATTR_TDLS_INITIATOR={0x4}]}, 0x160}, 0x1, 0x0, 0x0, 0x20000004}, 0x4) recvfrom(r1, &(0x7f0000000480)=""/110, 0xfffffe32, 0x734, 0x0, 0xffffffffffffff39) 01:16:13 executing program 0: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="200000004000000003000000300003000f000000000000000200000002000000008000000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000000140)="ed41000000000000dbf4655fdcf4655fdcf4655f0000000000000400080000000000000005000000080000000000000000000000000000000000000000000000bb", 0x41, 0x4200}], 0x0, &(0x7f0000013a00)) [ 229.225639][T22053] RSP: 002b:00007f439350a188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 229.234073][T22053] RAX: ffffffffffffffda RBX: 000000000056c038 RCX: 00000000004665f9 [ 229.242078][T22053] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000004 [ 229.250032][T22053] RBP: 00007f439350a1d0 R08: 0000000000000000 R09: 0000000000000000 [ 229.257991][T22053] R10: 0008000000000004 R11: 0000000000000246 R12: 0000000000000002 [ 229.265944][T22053] R13: 00007ffeba6dfb3f R14: 00007f439350a300 R15: 0000000000022000 01:16:13 executing program 1: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f000099e000)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$inet_tcp_int(r0, 0x6, 0x19, &(0x7f0000000000)=0x20, 0x4) sendto$inet(r0, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) sendmsg$NL80211_CMD_TDLS_MGMT(r0, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000180)={0x160, 0x0, 0x100, 0x70bd2b, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xc, 0x2a, [@mesh_chsw={0x76, 0x6, {0x4, 0x26, 0x3d, 0x6}}]}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8}, @NL80211_ATTR_IE={0x11e, 0x2a, [@mesh_id={0x72, 0x6}, @ht={0x2d, 0x1a, {0x8, 0x0, 0x1, 0x0, {0x3, 0x1, 0x0, 0x40, 0x0, 0x0, 0x0, 0x3, 0x1}, 0x8, 0x2}}, @random_vendor={0xdd, 0xec, "5d4436042fb01afc776f15e249f78a5aa575849e3f8dfaf15c31ab8e96bc93a802a07f9a061d42824f799da013af85391831c9d4d7763587719e0a866b6530d86eec17b03908316c3b2f349db78ce75136f0513d4f0ded6c486518591507ef48244207ef1a137875c55b2461f29fc321232d421909e2e0b878d23b226b9204813abfd58338df63ec0f3a0aa1df08f6ee238f250e1f1517a9491032c8aeef45e3096f8c60fe39eb45570a9ed2a19c2671080fb03c84672b7a6d0050f45aaa2e93af2224c4b60edddc2d45831dacd11acc362166f47ff0f98148d5eea62845deed5ebbae8bd8bcb5c46cfa91e1"}, @ibss={0x6, 0x2, 0x1}, @supported_rates={0x1, 0x2, [{0x4}, {0xc}]}]}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8, 0xcb, 0x7fffffff}, @NL80211_ATTR_TDLS_INITIATOR={0x4}]}, 0x160}, 0x1, 0x0, 0x0, 0x20000004}, 0x4) recvfrom(r0, &(0x7f0000000480)=""/110, 0xfffffe32, 0x734, 0x0, 0xffffffffffffff39) 01:16:13 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(0xffffffffffffffff, 0x800c6613, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x800002, 0x12, r0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r1, &(0x7f000099e000)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$inet_tcp_int(r1, 0x6, 0x19, &(0x7f0000000000)=0x20, 0x4) sendto$inet(r1, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) ioctl$LOOP_GET_STATUS(0xffffffffffffffff, 0x125e, &(0x7f0000000080)) sendmsg$NL80211_CMD_TDLS_MGMT(r1, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000180)={0x70, 0x0, 0x100, 0x70bd2b, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xc, 0x2a, [@mesh_chsw={0x76, 0x6, {0x4, 0x26, 0x3d, 0x6}}]}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8}, @NL80211_ATTR_IE={0x30, 0x2a, [@mesh_id={0x72, 0x6}, @ht={0x2d, 0x1a, {0x8, 0x0, 0x1, 0x0, {0x3, 0x1, 0x0, 0x40, 0x0, 0x0, 0x0, 0x3, 0x1}, 0x8, 0x2, 0x2}}, @ibss={0x6, 0x2, 0x1}, @supported_rates={0x1, 0x2, [{0x4}, {0xc}]}]}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8, 0xcb, 0x7fffffff}, @NL80211_ATTR_TDLS_INITIATOR={0x4}]}, 0x70}, 0x1, 0x0, 0x0, 0x20000004}, 0x4) recvfrom(r1, &(0x7f0000000480)=""/110, 0xfffffe32, 0x734, 0x0, 0xffffffffffffff39) [ 229.307755][T22051] loop4: p1 p2 p3 p4 [ 229.311899][T22051] loop4: p1 size 11290111 extends beyond EOD, truncated 01:16:13 executing program 0: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="200000004000000003000000300004000f000000000000000200000002000000008000000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000000140)="ed41000000000000dbf4655fdcf4655fdcf4655f0000000000000400080000000000000005000000080000000000000000000000000000000000000000000000bb", 0x41, 0x4200}], 0x0, &(0x7f0000013a00)) [ 229.374705][T22051] loop4: p2 size 1073872896 extends beyond EOD, truncated [ 229.422384][T22051] loop4: p3 size 1912633224 extends beyond EOD, truncated [ 229.462449][T22051] loop4: p4 size 3657465856 extends beyond EOD, truncated [ 229.481136][T22049] EXT4-fs error (device loop2): __ext4_iget:4846: inode #2: block 3646141627: comm syz-executor.2: invalid block [ 229.493193][T22049] EXT4-fs (loop2): get root inode failed [ 229.498833][T22049] EXT4-fs (loop2): mount failed [ 229.542537][T22051] loop4: detected capacity change from 0 to 264192 [ 229.561620][T22049] loop2: detected capacity change from 0 to 2048 [ 229.595723][T22049] EXT4-fs error (device loop2): __ext4_iget:4846: inode #2: block 3646141627: comm syz-executor.2: invalid block [ 229.607745][T22049] EXT4-fs (loop2): get root inode failed [ 229.613404][T22049] EXT4-fs (loop2): mount failed [ 229.634333][T22051] loop4: p1 p2 p3 p4 [ 229.641454][T22051] loop4: p1 size 11290111 extends beyond EOD, truncated [ 229.649517][T22051] loop4: p2 size 1073872896 extends beyond EOD, truncated [ 229.657478][T22051] loop4: p3 size 1912633224 extends beyond EOD, truncated [ 229.692692][T22051] loop4: p4 size 3657465856 extends beyond EOD, truncated 01:16:14 executing program 5 (fault-call:7 fault-nth:50): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x7a05, 0x1700) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) write$cgroup_int(r2, &(0x7f0000000200), 0xf000) pwrite64(0xffffffffffffffff, 0x0, 0x0, 0x0) sendfile(r2, r3, 0x0, 0xf03b0000) sendfile(r1, r0, 0x0, 0x8000000000004) 01:16:14 executing program 1: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f000099e000)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$inet_tcp_int(r0, 0x6, 0x19, &(0x7f0000000000)=0x20, 0x4) sendto$inet(r0, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) sendmsg$NL80211_CMD_TDLS_MGMT(r0, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000180)={0x160, 0x0, 0x100, 0x70bd2b, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xc, 0x2a, [@mesh_chsw={0x76, 0x6, {0x4, 0x26, 0x3d, 0x6}}]}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8}, @NL80211_ATTR_IE={0x11e, 0x2a, [@mesh_id={0x72, 0x6}, @ht={0x2d, 0x1a, {0x8, 0x0, 0x1, 0x0, {0x3, 0x1, 0x0, 0x40, 0x0, 0x0, 0x0, 0x3, 0x1}, 0x8, 0x2}}, @random_vendor={0xdd, 0xec, "5d4436042fb01afc776f15e249f78a5aa575849e3f8dfaf15c31ab8e96bc93a802a07f9a061d42824f799da013af85391831c9d4d7763587719e0a866b6530d86eec17b03908316c3b2f349db78ce75136f0513d4f0ded6c486518591507ef48244207ef1a137875c55b2461f29fc321232d421909e2e0b878d23b226b9204813abfd58338df63ec0f3a0aa1df08f6ee238f250e1f1517a9491032c8aeef45e3096f8c60fe39eb45570a9ed2a19c2671080fb03c84672b7a6d0050f45aaa2e93af2224c4b60edddc2d45831dacd11acc362166f47ff0f98148d5eea62845deed5ebbae8bd8bcb5c46cfa91e1"}, @ibss={0x6, 0x2, 0x1}, @supported_rates={0x1, 0x2, [{0x4}, {0xc}]}]}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8, 0xcb, 0x7fffffff}, @NL80211_ATTR_TDLS_INITIATOR={0x4}]}, 0x160}, 0x1, 0x0, 0x0, 0x20000004}, 0x4) recvfrom(r0, &(0x7f0000000480)=""/110, 0xfffffe32, 0x734, 0x0, 0xffffffffffffff39) 01:16:14 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(0xffffffffffffffff, 0x800c6613, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x800002, 0x12, r0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r1, &(0x7f000099e000)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$inet_tcp_int(r1, 0x6, 0x19, &(0x7f0000000000)=0x20, 0x4) sendto$inet(r1, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) ioctl$LOOP_GET_STATUS(0xffffffffffffffff, 0x125e, &(0x7f0000000080)) sendmsg$NL80211_CMD_TDLS_MGMT(r1, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000180)={0x70, 0x0, 0x100, 0x70bd2b, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xc, 0x2a, [@mesh_chsw={0x76, 0x6, {0x4, 0x26, 0x3d, 0x6}}]}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8}, @NL80211_ATTR_IE={0x30, 0x2a, [@mesh_id={0x72, 0x6}, @ht={0x2d, 0x1a, {0x8, 0x0, 0x1, 0x0, {0x3, 0x1, 0x0, 0x40, 0x0, 0x0, 0x0, 0x3, 0x1}, 0x8, 0x2, 0x2}}, @ibss={0x6, 0x2, 0x1}, @supported_rates={0x1, 0x2, [{0x4}, {0xc}]}]}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8, 0xcb, 0x7fffffff}, @NL80211_ATTR_TDLS_INITIATOR={0x4}]}, 0x70}, 0x1, 0x0, 0x0, 0x20000004}, 0x4) recvfrom(r1, &(0x7f0000000480)=""/110, 0xfffffe32, 0x734, 0x0, 0xffffffffffffff39) 01:16:14 executing program 0: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="200000004000000003000000300005000f000000000000000200000002000000008000000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000000140)="ed41000000000000dbf4655fdcf4655fdcf4655f0000000000000400080000000000000005000000080000000000000000000000000000000000000000000000bb", 0x41, 0x4200}], 0x0, &(0x7f0000013a00)) 01:16:14 executing program 2: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x1000000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="200000004000000003000000300000000f000000000000000200000002000000008000000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000000140)="ed41000000000000dbf4655fdcf4655fdcf4655f0000000000000400080000000000000005000000080000000000000000000000000000000000000000000000bbb453d966251f49b1ab9b5b4d3c3f8ccc23b5d09ae234926a1e667ee0255913fede62ba578c07a711", 0x69, 0x4200}], 0x0, &(0x7f0000013a00)) 01:16:14 executing program 4: syz_read_part_table(0xfdffffff, 0x1, &(0x7f0000000040)=[{&(0x7f0000000000)="020181ffffff0a000000ff45ac0000ffffffa9000800000000000000024000ffffff82000000e10000008877007200300700a6ffffff00000000008000da55aa", 0x40, 0x1c0}]) [ 229.870560][T22126] FAULT_INJECTION: forcing a failure. [ 229.870560][T22126] name failslab, interval 1, probability 0, space 0, times 0 [ 229.879196][T22128] loop2: detected capacity change from 0 to 32768 [ 229.883206][T22126] CPU: 0 PID: 22126 Comm: syz-executor.5 Tainted: G W 5.14.0-syzkaller #0 [ 229.899469][T22126] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 229.906410][T22131] loop4: detected capacity change from 0 to 264192 [ 229.909511][T22126] Call Trace: [ 229.909520][T22126] dump_stack_lvl+0xb7/0x103 [ 229.923865][T22126] dump_stack+0x11/0x1a [ 229.928034][T22126] should_fail+0x23c/0x250 [ 229.932456][T22126] ? mempool_alloc_slab+0x16/0x20 [ 229.937570][T22126] __should_failslab+0x81/0x90 [ 229.942333][T22126] should_failslab+0x5/0x20 [ 229.946892][T22126] kmem_cache_alloc+0x46/0x2e0 [ 229.951659][T22126] mempool_alloc_slab+0x16/0x20 [ 229.956563][T22126] ? mempool_free+0x130/0x130 [ 229.961235][T22126] mempool_alloc+0x8c/0x300 [ 229.965742][T22126] ? ext4_inode_block_valid+0x1cc/0x210 [ 229.971381][T22126] bio_alloc_bioset+0xcc/0x530 [ 229.976394][T22126] ? iov_iter_alignment+0x34b/0x370 [ 229.981573][T22126] iomap_dio_bio_actor+0x511/0xb50 [ 229.986682][T22126] ? ext4_iomap_begin+0x5d1/0x620 [ 229.991687][T22126] iomap_dio_actor+0x26e/0x3b0 [ 229.996456][T22126] ? ext4_iomap_overwrite_begin+0x5e/0x80 [ 230.002371][T22126] iomap_apply+0x1df/0x400 [ 230.006767][T22126] __iomap_dio_rw+0x62e/0xa60 [ 230.011469][T22126] ? __iomap_dio_rw+0xa60/0xa60 [ 230.016335][T22126] iomap_dio_rw+0x30/0x70 [ 230.020681][T22126] ext4_file_write_iter+0xa5e/0x11a0 [ 230.025942][T22126] do_iter_readv_writev+0x2cd/0x370 [ 230.031126][T22126] do_iter_write+0x192/0x5c0 [ 230.035766][T22126] ? splice_from_pipe_next+0x34f/0x3b0 [ 230.041254][T22126] ? kmalloc_array+0x2d/0x40 [ 230.046083][T22126] vfs_iter_write+0x4c/0x70 [ 230.050565][T22126] iter_file_splice_write+0x40a/0x750 [ 230.055914][T22126] ? splice_from_pipe+0xc0/0xc0 [ 230.060745][T22126] direct_splice_actor+0x80/0xa0 [ 230.065664][T22126] splice_direct_to_actor+0x345/0x650 [ 230.071224][T22126] ? do_splice_direct+0x170/0x170 [ 230.076226][T22126] do_splice_direct+0xf5/0x170 [ 230.080999][T22126] do_sendfile+0x618/0xb90 [ 230.085394][T22126] __x64_sys_sendfile64+0xf2/0x130 [ 230.090485][T22126] do_syscall_64+0x3d/0x90 [ 230.094877][T22126] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 230.100747][T22126] RIP: 0033:0x4665f9 [ 230.104633][T22126] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 230.124213][T22126] RSP: 002b:00007f439350a188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 230.132602][T22126] RAX: ffffffffffffffda RBX: 000000000056c038 RCX: 00000000004665f9 [ 230.140611][T22126] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000004 [ 230.148566][T22126] RBP: 00007f439350a1d0 R08: 0000000000000000 R09: 0000000000000000 [ 230.156624][T22126] R10: 0008000000000004 R11: 0000000000000246 R12: 0000000000000002 01:16:14 executing program 0: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="200000004000000003000000300006000f000000000000000200000002000000008000000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000000140)="ed41000000000000dbf4655fdcf4655fdcf4655f0000000000000400080000000000000005000000080000000000000000000000000000000000000000000000bb", 0x41, 0x4200}], 0x0, &(0x7f0000013a00)) 01:16:14 executing program 1: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f000099e000)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$inet_tcp_int(r0, 0x6, 0x19, &(0x7f0000000000)=0x20, 0x4) sendto$inet(r0, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) sendmsg$NL80211_CMD_TDLS_MGMT(r0, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000180)={0x158, 0x0, 0x100, 0x70bd2b, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xc, 0x2a, [@mesh_chsw={0x76, 0x6, {0x4, 0x26, 0x3d, 0x6}}]}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8}, @NL80211_ATTR_IE={0x116, 0x2a, [@ht={0x2d, 0x1a, {0x8, 0x0, 0x1, 0x0, {0x3, 0x1, 0x0, 0x40, 0x0, 0x0, 0x0, 0x3, 0x1}, 0x8, 0x2, 0x2}}, @random_vendor={0xdd, 0xec, "5d4436042fb01afc776f15e249f78a5aa575849e3f8dfaf15c31ab8e96bc93a802a07f9a061d42824f799da013af85391831c9d4d7763587719e0a866b6530d86eec17b03908316c3b2f349db78ce75136f0513d4f0ded6c486518591507ef48244207ef1a137875c55b2461f29fc321232d421909e2e0b878d23b226b9204813abfd58338df63ec0f3a0aa1df08f6ee238f250e1f1517a9491032c8aeef45e3096f8c60fe39eb45570a9ed2a19c2671080fb03c84672b7a6d0050f45aaa2e93af2224c4b60edddc2d45831dacd11acc362166f47ff0f98148d5eea62845deed5ebbae8bd8bcb5c46cfa91e1"}, @ibss={0x6, 0x2, 0x1}, @supported_rates={0x1, 0x2, [{0x4}, {0xc}]}]}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8, 0xcb, 0x7fffffff}, @NL80211_ATTR_TDLS_INITIATOR={0x4}]}, 0x158}, 0x1, 0x0, 0x0, 0x20000004}, 0x4) recvfrom(r0, &(0x7f0000000480)=""/110, 0xfffffe32, 0x734, 0x0, 0xffffffffffffff39) 01:16:14 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(0xffffffffffffffff, 0x800c6613, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x800002, 0x12, r0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r1, &(0x7f000099e000)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$inet_tcp_int(r1, 0x6, 0x19, &(0x7f0000000000)=0x20, 0x4) sendto$inet(r1, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) ioctl$LOOP_GET_STATUS(0xffffffffffffffff, 0x125e, &(0x7f0000000080)) sendmsg$NL80211_CMD_TDLS_MGMT(r1, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000180)={0x70, 0x0, 0x100, 0x70bd2b, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xc, 0x2a, [@mesh_chsw={0x76, 0x6, {0x4, 0x26, 0x3d, 0x6}}]}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8}, @NL80211_ATTR_IE={0x30, 0x2a, [@mesh_id={0x72, 0x6}, @ht={0x2d, 0x1a, {0x8, 0x0, 0x1, 0x0, {0x3, 0x1, 0x0, 0x40, 0x0, 0x0, 0x0, 0x3, 0x1}, 0x8, 0x2, 0x2}}, @ibss={0x6, 0x2, 0x1}, @supported_rates={0x1, 0x2, [{0x4}, {0xc}]}]}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8, 0xcb, 0x7fffffff}, @NL80211_ATTR_TDLS_INITIATOR={0x4}]}, 0x70}, 0x1, 0x0, 0x0, 0x20000004}, 0x4) recvfrom(r1, &(0x7f0000000480)=""/110, 0xfffffe32, 0x734, 0x0, 0xffffffffffffff39) [ 230.164575][T22126] R13: 00007ffeba6dfb3f R14: 00007f439350a300 R15: 0000000000022000 [ 230.188146][T22128] EXT4-fs error (device loop2): __ext4_iget:4846: inode #2: block 3646141627: comm syz-executor.2: invalid block [ 230.200328][T22128] EXT4-fs (loop2): get root inode failed [ 230.206067][T22128] EXT4-fs (loop2): mount failed [ 230.215905][T22131] loop4: p1 p2 p3 p4 [ 230.220115][T22131] loop4: p1 size 11290111 extends beyond EOD, truncated 01:16:14 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(0xffffffffffffffff, 0x800c6613, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x800002, 0x12, r0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r1, &(0x7f000099e000)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$inet_tcp_int(r1, 0x6, 0x19, &(0x7f0000000000)=0x20, 0x4) sendto$inet(r1, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) ioctl$LOOP_GET_STATUS(0xffffffffffffffff, 0x125e, &(0x7f0000000080)) sendmsg$NL80211_CMD_TDLS_MGMT(r1, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000180)={0x78, 0x0, 0x100, 0x70bd2b, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xc, 0x2a, [@mesh_chsw={0x76, 0x6, {0x4, 0x26, 0x3d, 0x6}}]}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8}, @NL80211_ATTR_IE={0x38, 0x2a, [@mesh_id={0x72, 0x6}, @ht={0x2d, 0x1a, {0x8, 0x0, 0x1, 0x0, {0x3, 0x1, 0x0, 0x40, 0x0, 0x0, 0x0, 0x3, 0x1}, 0x8, 0x2, 0x2}}, @random_vendor={0xdd, 0x6, "5d4436042fb0"}, @ibss={0x6, 0x2, 0x1}, @supported_rates={0x1, 0x2, [{0x4}, {0xc}]}]}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8, 0xcb, 0x7fffffff}, @NL80211_ATTR_TDLS_INITIATOR={0x4}]}, 0x78}, 0x1, 0x0, 0x0, 0x20000004}, 0x4) recvfrom(r1, &(0x7f0000000480)=""/110, 0xfffffe32, 0x734, 0x0, 0xffffffffffffff39) 01:16:14 executing program 1: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f000099e000)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$inet_tcp_int(r0, 0x6, 0x19, &(0x7f0000000000)=0x20, 0x4) sendto$inet(r0, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) sendmsg$NL80211_CMD_TDLS_MGMT(r0, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000180)={0x158, 0x0, 0x100, 0x70bd2b, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xc, 0x2a, [@mesh_chsw={0x76, 0x6, {0x4, 0x26, 0x3d, 0x6}}]}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8}, @NL80211_ATTR_IE={0x116, 0x2a, [@ht={0x2d, 0x1a, {0x8, 0x0, 0x1, 0x0, {0x3, 0x1, 0x0, 0x40, 0x0, 0x0, 0x0, 0x3, 0x1}, 0x8, 0x2, 0x2}}, @random_vendor={0xdd, 0xec, "5d4436042fb01afc776f15e249f78a5aa575849e3f8dfaf15c31ab8e96bc93a802a07f9a061d42824f799da013af85391831c9d4d7763587719e0a866b6530d86eec17b03908316c3b2f349db78ce75136f0513d4f0ded6c486518591507ef48244207ef1a137875c55b2461f29fc321232d421909e2e0b878d23b226b9204813abfd58338df63ec0f3a0aa1df08f6ee238f250e1f1517a9491032c8aeef45e3096f8c60fe39eb45570a9ed2a19c2671080fb03c84672b7a6d0050f45aaa2e93af2224c4b60edddc2d45831dacd11acc362166f47ff0f98148d5eea62845deed5ebbae8bd8bcb5c46cfa91e1"}, @ibss={0x6, 0x2, 0x1}, @supported_rates={0x1, 0x2, [{0x4}, {0xc}]}]}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8, 0xcb, 0x7fffffff}, @NL80211_ATTR_TDLS_INITIATOR={0x4}]}, 0x158}, 0x1, 0x0, 0x0, 0x20000004}, 0x4) recvfrom(r0, &(0x7f0000000480)=""/110, 0xfffffe32, 0x734, 0x0, 0xffffffffffffff39) [ 230.251141][T22131] loop4: p2 size 1073872896 extends beyond EOD, truncated 01:16:14 executing program 0: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="200000004000000003000000300007000f000000000000000200000002000000008000000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000000140)="ed41000000000000dbf4655fdcf4655fdcf4655f0000000000000400080000000000000005000000080000000000000000000000000000000000000000000000bb", 0x41, 0x4200}], 0x0, &(0x7f0000013a00)) [ 230.318710][T22131] loop4: p3 size 1912633224 extends beyond EOD, truncated [ 230.344378][T22128] loop2: detected capacity change from 0 to 32768 [ 230.382498][T22128] EXT4-fs error (device loop2): __ext4_iget:4846: inode #2: block 3646141627: comm syz-executor.2: invalid block [ 230.395119][T22128] EXT4-fs (loop2): get root inode failed [ 230.400931][T22128] EXT4-fs (loop2): mount failed [ 230.411393][T22131] loop4: p4 size 3657465856 extends beyond EOD, truncated [ 230.526451][T22131] loop4: detected capacity change from 0 to 264192 01:16:14 executing program 5 (fault-call:7 fault-nth:51): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x7a05, 0x1700) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) write$cgroup_int(r2, &(0x7f0000000200), 0xf000) pwrite64(0xffffffffffffffff, 0x0, 0x0, 0x0) sendfile(r2, r3, 0x0, 0xf03b0000) sendfile(r1, r0, 0x0, 0x8000000000004) 01:16:14 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(0xffffffffffffffff, 0x800c6613, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x800002, 0x12, r0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r1, &(0x7f000099e000)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$inet_tcp_int(r1, 0x6, 0x19, &(0x7f0000000000)=0x20, 0x4) sendto$inet(r1, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) ioctl$LOOP_GET_STATUS(0xffffffffffffffff, 0x125e, &(0x7f0000000080)) sendmsg$NL80211_CMD_TDLS_MGMT(r1, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000180)={0x78, 0x0, 0x100, 0x70bd2b, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xc, 0x2a, [@mesh_chsw={0x76, 0x6, {0x4, 0x26, 0x3d, 0x6}}]}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8}, @NL80211_ATTR_IE={0x38, 0x2a, [@mesh_id={0x72, 0x6}, @ht={0x2d, 0x1a, {0x8, 0x0, 0x1, 0x0, {0x3, 0x1, 0x0, 0x40, 0x0, 0x0, 0x0, 0x3, 0x1}, 0x8, 0x2, 0x2}}, @random_vendor={0xdd, 0x6, "5d4436042fb0"}, @ibss={0x6, 0x2, 0x1}, @supported_rates={0x1, 0x2, [{0x4}, {0xc}]}]}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8, 0xcb, 0x7fffffff}, @NL80211_ATTR_TDLS_INITIATOR={0x4}]}, 0x78}, 0x1, 0x0, 0x0, 0x20000004}, 0x4) recvfrom(r1, &(0x7f0000000480)=""/110, 0xfffffe32, 0x734, 0x0, 0xffffffffffffff39) 01:16:14 executing program 1: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f000099e000)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$inet_tcp_int(r0, 0x6, 0x19, &(0x7f0000000000)=0x20, 0x4) sendto$inet(r0, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) sendmsg$NL80211_CMD_TDLS_MGMT(r0, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000180)={0x158, 0x0, 0x100, 0x70bd2b, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xc, 0x2a, [@mesh_chsw={0x76, 0x6, {0x4, 0x26, 0x3d, 0x6}}]}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8}, @NL80211_ATTR_IE={0x116, 0x2a, [@ht={0x2d, 0x1a, {0x8, 0x0, 0x1, 0x0, {0x3, 0x1, 0x0, 0x40, 0x0, 0x0, 0x0, 0x3, 0x1}, 0x8, 0x2, 0x2}}, @random_vendor={0xdd, 0xec, "5d4436042fb01afc776f15e249f78a5aa575849e3f8dfaf15c31ab8e96bc93a802a07f9a061d42824f799da013af85391831c9d4d7763587719e0a866b6530d86eec17b03908316c3b2f349db78ce75136f0513d4f0ded6c486518591507ef48244207ef1a137875c55b2461f29fc321232d421909e2e0b878d23b226b9204813abfd58338df63ec0f3a0aa1df08f6ee238f250e1f1517a9491032c8aeef45e3096f8c60fe39eb45570a9ed2a19c2671080fb03c84672b7a6d0050f45aaa2e93af2224c4b60edddc2d45831dacd11acc362166f47ff0f98148d5eea62845deed5ebbae8bd8bcb5c46cfa91e1"}, @ibss={0x6, 0x2, 0x1}, @supported_rates={0x1, 0x2, [{0x4}, {0xc}]}]}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8, 0xcb, 0x7fffffff}, @NL80211_ATTR_TDLS_INITIATOR={0x4}]}, 0x158}, 0x1, 0x0, 0x0, 0x20000004}, 0x4) recvfrom(r0, &(0x7f0000000480)=""/110, 0xfffffe32, 0x734, 0x0, 0xffffffffffffff39) 01:16:14 executing program 0: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="200000004000000003000000300008000f000000000000000200000002000000008000000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000000140)="ed41000000000000dbf4655fdcf4655fdcf4655f0000000000000400080000000000000005000000080000000000000000000000000000000000000000000000bb", 0x41, 0x4200}], 0x0, &(0x7f0000013a00)) 01:16:14 executing program 2: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x1100000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="200000004000000003000000300000000f000000000000000200000002000000008000000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000000140)="ed41000000000000dbf4655fdcf4655fdcf4655f0000000000000400080000000000000005000000080000000000000000000000000000000000000000000000bbb453d966251f49b1ab9b5b4d3c3f8ccc23b5d09ae234926a1e667ee0255913fede62ba578c07a711", 0x69, 0x4200}], 0x0, &(0x7f0000013a00)) [ 230.628045][T22131] loop4: p1 p2 p3 p4 [ 230.659658][T22131] loop4: p1 size 11290111 extends beyond EOD, truncated [ 230.690790][T22190] loop2: detected capacity change from 0 to 34816 [ 230.720322][T22131] loop4: p2 size 1073872896 extends beyond EOD, truncated [ 230.732722][T22193] FAULT_INJECTION: forcing a failure. [ 230.732722][T22193] name failslab, interval 1, probability 0, space 0, times 0 [ 230.745413][T22193] CPU: 0 PID: 22193 Comm: syz-executor.5 Tainted: G W 5.14.0-syzkaller #0 [ 230.755330][T22193] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 230.765591][T22193] Call Trace: [ 230.768903][T22193] dump_stack_lvl+0xb7/0x103 [ 230.773491][T22193] dump_stack+0x11/0x1a [ 230.777725][T22193] should_fail+0x23c/0x250 [ 230.782138][T22193] ? mempool_alloc_slab+0x16/0x20 [ 230.787190][T22193] __should_failslab+0x81/0x90 [ 230.792049][T22193] should_failslab+0x5/0x20 [ 230.796585][T22193] kmem_cache_alloc+0x46/0x2e0 [ 230.801356][T22193] mempool_alloc_slab+0x16/0x20 [ 230.806275][T22193] ? mempool_free+0x130/0x130 [ 230.810934][T22193] mempool_alloc+0x8c/0x300 [ 230.815445][T22193] sg_pool_alloc+0x74/0x90 [ 230.819842][T22193] __sg_alloc_table+0xce/0x290 [ 230.824589][T22193] sg_alloc_table_chained+0xaf/0x140 [ 230.829849][T22193] ? sg_alloc_table_chained+0x140/0x140 [ 230.835849][T22193] scsi_alloc_sgtables+0x17c/0x500 [ 230.840960][T22193] sd_init_command+0x96a/0x1640 [ 230.845788][T22193] scsi_queue_rq+0x10e0/0x15a0 [ 230.850526][T22193] blk_mq_dispatch_rq_list+0x695/0x1040 [ 230.856051][T22193] ? __sbitmap_queue_get+0x11/0x20 [ 230.861196][T22193] blk_mq_do_dispatch_sched+0x3b5/0x640 [ 230.866984][T22193] __blk_mq_sched_dispatch_requests+0x1eb/0x290 [ 230.873230][T22193] ? rb_insert_color+0x2fa/0x310 [ 230.878832][T22193] blk_mq_sched_dispatch_requests+0x9f/0x110 [ 230.884799][T22193] __blk_mq_run_hw_queue+0xbc/0x140 [ 230.889977][T22193] __blk_mq_delay_run_hw_queue+0x163/0x2f0 [ 230.895846][T22193] blk_mq_run_hw_queue+0x22c/0x250 [ 230.901009][T22193] blk_mq_sched_insert_requests+0x12b/0x1f0 [ 230.907013][T22193] blk_mq_flush_plug_list+0x2f2/0x3c0 [ 230.912657][T22193] blk_flush_plug_list+0x235/0x260 [ 230.918057][T22193] blk_finish_plug+0x44/0x60 [ 230.923334][T22193] __iomap_dio_rw+0x797/0xa60 [ 230.928037][T22193] iomap_dio_rw+0x30/0x70 [ 230.932915][T22193] ext4_file_write_iter+0xa5e/0x11a0 [ 230.938301][T22193] do_iter_readv_writev+0x2cd/0x370 [ 230.943518][T22193] do_iter_write+0x192/0x5c0 [ 230.948165][T22193] ? splice_from_pipe_next+0x34f/0x3b0 [ 230.953617][T22193] ? kmalloc_array+0x2d/0x40 [ 230.958370][T22193] vfs_iter_write+0x4c/0x70 [ 230.962863][T22193] iter_file_splice_write+0x40a/0x750 [ 230.968383][T22193] ? splice_from_pipe+0xc0/0xc0 [ 230.973285][T22193] direct_splice_actor+0x80/0xa0 [ 230.978204][T22193] splice_direct_to_actor+0x345/0x650 [ 230.983642][T22193] ? do_splice_direct+0x170/0x170 [ 230.989182][T22193] do_splice_direct+0xf5/0x170 [ 230.993994][T22193] do_sendfile+0x618/0xb90 [ 230.998444][T22193] __x64_sys_sendfile64+0xf2/0x130 [ 231.003637][T22193] do_syscall_64+0x3d/0x90 [ 231.008041][T22193] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 231.013918][T22193] RIP: 0033:0x4665f9 [ 231.017800][T22193] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 231.037384][T22193] RSP: 002b:00007f439350a188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 231.045771][T22193] RAX: ffffffffffffffda RBX: 000000000056c038 RCX: 00000000004665f9 [ 231.053728][T22193] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000004 [ 231.061795][T22193] RBP: 00007f439350a1d0 R08: 0000000000000000 R09: 0000000000000000 [ 231.069909][T22193] R10: 0008000000000004 R11: 0000000000000246 R12: 0000000000000002 [ 231.077989][T22193] R13: 00007ffeba6dfb3f R14: 00007f439350a300 R15: 0000000000022000 [ 231.087453][T22131] loop4: p3 size 1912633224 extends beyond EOD, truncated [ 231.095688][T22131] loop4: p4 size 3657465856 extends beyond EOD, truncated [ 231.102977][T22190] EXT4-fs error (device loop2): __ext4_iget:4846: inode #2: block 3646141627: comm syz-executor.2: invalid block [ 231.115294][T22190] EXT4-fs (loop2): get root inode failed 01:16:15 executing program 4: syz_read_part_table(0xfeffffff, 0x1, &(0x7f0000000040)=[{&(0x7f0000000000)="020181ffffff0a000000ff45ac0000ffffffa9000800000000000000024000ffffff82000000e10000008877007200300700a6ffffff00000000008000da55aa", 0x40, 0x1c0}]) 01:16:15 executing program 0: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000400000000300000030000a000f000000000000000200000002000000008000000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000000140)="ed41000000000000dbf4655fdcf4655fdcf4655f0000000000000400080000000000000005000000080000000000000000000000000000000000000000000000bb", 0x41, 0x4200}], 0x0, &(0x7f0000013a00)) 01:16:15 executing program 1: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f000099e000)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$inet_tcp_int(r0, 0x6, 0x19, &(0x7f0000000000)=0x20, 0x4) sendto$inet(r0, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) sendmsg$NL80211_CMD_TDLS_MGMT(r0, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000180)={0x158, 0x0, 0x100, 0x70bd2b, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xc, 0x2a, [@mesh_chsw={0x76, 0x6, {0x4, 0x26, 0x3d, 0x6}}]}, @NL80211_ATTR_IE={0x11e, 0x2a, [@mesh_id={0x72, 0x6}, @ht={0x2d, 0x1a, {0x8, 0x0, 0x1, 0x0, {0x3, 0x1, 0x0, 0x40, 0x0, 0x0, 0x0, 0x3, 0x1}, 0x8, 0x2, 0x2}}, @random_vendor={0xdd, 0xec, "5d4436042fb01afc776f15e249f78a5aa575849e3f8dfaf15c31ab8e96bc93a802a07f9a061d42824f799da013af85391831c9d4d7763587719e0a866b6530d86eec17b03908316c3b2f349db78ce75136f0513d4f0ded6c486518591507ef48244207ef1a137875c55b2461f29fc321232d421909e2e0b878d23b226b9204813abfd58338df63ec0f3a0aa1df08f6ee238f250e1f1517a9491032c8aeef45e3096f8c60fe39eb45570a9ed2a19c2671080fb03c84672b7a6d0050f45aaa2e93af2224c4b60edddc2d45831dacd11acc362166f47ff0f98148d5eea62845deed5ebbae8bd8bcb5c46cfa91e1"}, @ibss={0x6, 0x2, 0x1}, @supported_rates={0x1, 0x2, [{0x4}, {0xc}]}]}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8, 0xcb, 0x7fffffff}, @NL80211_ATTR_TDLS_INITIATOR={0x4}]}, 0x158}, 0x1, 0x0, 0x0, 0x20000004}, 0x4) recvfrom(r0, &(0x7f0000000480)=""/110, 0xfffffe32, 0x734, 0x0, 0xffffffffffffff39) 01:16:15 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(0xffffffffffffffff, 0x800c6613, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x800002, 0x12, r0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r1, &(0x7f000099e000)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$inet_tcp_int(r1, 0x6, 0x19, &(0x7f0000000000)=0x20, 0x4) sendto$inet(r1, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) ioctl$LOOP_GET_STATUS(0xffffffffffffffff, 0x125e, &(0x7f0000000080)) sendmsg$NL80211_CMD_TDLS_MGMT(r1, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000180)={0x78, 0x0, 0x100, 0x70bd2b, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xc, 0x2a, [@mesh_chsw={0x76, 0x6, {0x4, 0x26, 0x3d, 0x6}}]}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8}, @NL80211_ATTR_IE={0x38, 0x2a, [@mesh_id={0x72, 0x6}, @ht={0x2d, 0x1a, {0x8, 0x0, 0x1, 0x0, {0x3, 0x1, 0x0, 0x40, 0x0, 0x0, 0x0, 0x3, 0x1}, 0x8, 0x2, 0x2}}, @random_vendor={0xdd, 0x6, "5d4436042fb0"}, @ibss={0x6, 0x2, 0x1}, @supported_rates={0x1, 0x2, [{0x4}, {0xc}]}]}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8, 0xcb, 0x7fffffff}, @NL80211_ATTR_TDLS_INITIATOR={0x4}]}, 0x78}, 0x1, 0x0, 0x0, 0x20000004}, 0x4) recvfrom(r1, &(0x7f0000000480)=""/110, 0xfffffe32, 0x734, 0x0, 0xffffffffffffff39) [ 231.121075][T22190] EXT4-fs (loop2): mount failed [ 231.177647][T22190] loop2: detected capacity change from 0 to 34816 01:16:15 executing program 0: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000400000000300000030000b000f000000000000000200000002000000008000000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000000140)="ed41000000000000dbf4655fdcf4655fdcf4655f0000000000000400080000000000000005000000080000000000000000000000000000000000000000000000bb", 0x41, 0x4200}], 0x0, &(0x7f0000013a00)) 01:16:15 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(0xffffffffffffffff, 0x800c6613, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x800002, 0x12, r0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r1, &(0x7f000099e000)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$inet_tcp_int(r1, 0x6, 0x19, &(0x7f0000000000)=0x20, 0x4) sendto$inet(r1, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) ioctl$LOOP_GET_STATUS(0xffffffffffffffff, 0x125e, &(0x7f0000000080)) sendmsg$NL80211_CMD_TDLS_MGMT(r1, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000180)={0xec, 0x0, 0x100, 0x70bd2b, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xc, 0x2a, [@mesh_chsw={0x76, 0x6, {0x4, 0x26, 0x3d, 0x6}}]}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8}, @NL80211_ATTR_IE={0xab, 0x2a, [@mesh_id={0x72, 0x6}, @ht={0x2d, 0x1a, {0x8, 0x0, 0x1, 0x0, {0x3, 0x1, 0x0, 0x40, 0x0, 0x0, 0x0, 0x3, 0x1}, 0x8, 0x2, 0x2}}, @random_vendor={0xdd, 0x79, "5d4436042fb01afc776f15e249f78a5aa575849e3f8dfaf15c31ab8e96bc93a802a07f9a061d42824f799da013af85391831c9d4d7763587719e0a866b6530d86eec17b03908316c3b2f349db78ce75136f0513d4f0ded6c486518591507ef48244207ef1a137875c55b2461f29fc321232d421909e2e0b878"}, @ibss={0x6, 0x2, 0x1}, @supported_rates={0x1, 0x2, [{0x4}, {0xc}]}]}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8, 0xcb, 0x7fffffff}, @NL80211_ATTR_TDLS_INITIATOR={0x4}]}, 0xec}, 0x1, 0x0, 0x0, 0x20000004}, 0x4) recvfrom(r1, &(0x7f0000000480)=""/110, 0xfffffe32, 0x734, 0x0, 0xffffffffffffff39) [ 231.223400][T22190] EXT4-fs error (device loop2): __ext4_iget:4846: inode #2: block 3646141627: comm syz-executor.2: invalid block [ 231.235354][T22190] EXT4-fs (loop2): get root inode failed [ 231.240985][T22190] EXT4-fs (loop2): mount failed 01:16:15 executing program 1: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f000099e000)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$inet_tcp_int(r0, 0x6, 0x19, &(0x7f0000000000)=0x20, 0x4) sendto$inet(r0, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) sendmsg$NL80211_CMD_TDLS_MGMT(r0, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000180)={0x158, 0x0, 0x100, 0x70bd2b, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xc, 0x2a, [@mesh_chsw={0x76, 0x6, {0x4, 0x26, 0x3d, 0x6}}]}, @NL80211_ATTR_IE={0x11e, 0x2a, [@mesh_id={0x72, 0x6}, @ht={0x2d, 0x1a, {0x8, 0x0, 0x1, 0x0, {0x3, 0x1, 0x0, 0x40, 0x0, 0x0, 0x0, 0x3, 0x1}, 0x8, 0x2, 0x2}}, @random_vendor={0xdd, 0xec, "5d4436042fb01afc776f15e249f78a5aa575849e3f8dfaf15c31ab8e96bc93a802a07f9a061d42824f799da013af85391831c9d4d7763587719e0a866b6530d86eec17b03908316c3b2f349db78ce75136f0513d4f0ded6c486518591507ef48244207ef1a137875c55b2461f29fc321232d421909e2e0b878d23b226b9204813abfd58338df63ec0f3a0aa1df08f6ee238f250e1f1517a9491032c8aeef45e3096f8c60fe39eb45570a9ed2a19c2671080fb03c84672b7a6d0050f45aaa2e93af2224c4b60edddc2d45831dacd11acc362166f47ff0f98148d5eea62845deed5ebbae8bd8bcb5c46cfa91e1"}, @ibss={0x6, 0x2, 0x1}, @supported_rates={0x1, 0x2, [{0x4}, {0xc}]}]}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8, 0xcb, 0x7fffffff}, @NL80211_ATTR_TDLS_INITIATOR={0x4}]}, 0x158}, 0x1, 0x0, 0x0, 0x20000004}, 0x4) recvfrom(r0, &(0x7f0000000480)=""/110, 0xfffffe32, 0x734, 0x0, 0xffffffffffffff39) [ 231.305342][T22229] loop4: detected capacity change from 0 to 264192 [ 231.382191][T21839] loop4: p1 p2 p3 p4 [ 231.386265][T21839] loop4: p1 size 11290111 extends beyond EOD, truncated [ 231.394961][T21839] loop4: p2 size 1073872896 extends beyond EOD, truncated [ 231.418249][T21839] loop4: p3 size 1912633224 extends beyond EOD, truncated [ 231.426613][T21839] loop4: p4 size 3657465856 extends beyond EOD, truncated [ 231.436451][T22229] loop4: p1 p2 p3 p4 [ 231.440690][T22229] loop4: p1 size 11290111 extends beyond EOD, truncated [ 231.450843][T22229] loop4: p2 size 1073872896 extends beyond EOD, truncated [ 231.459311][T22229] loop4: p3 size 1912633224 extends beyond EOD, truncated 01:16:15 executing program 5 (fault-call:7 fault-nth:52): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x7a05, 0x1700) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) write$cgroup_int(r2, &(0x7f0000000200), 0xf000) pwrite64(0xffffffffffffffff, 0x0, 0x0, 0x0) sendfile(r2, r3, 0x0, 0xf03b0000) sendfile(r1, r0, 0x0, 0x8000000000004) 01:16:15 executing program 0: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="200000004000000003000000300010000f000000000000000200000002000000008000000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000000140)="ed41000000000000dbf4655fdcf4655fdcf4655f0000000000000400080000000000000005000000080000000000000000000000000000000000000000000000bb", 0x41, 0x4200}], 0x0, &(0x7f0000013a00)) 01:16:15 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(0xffffffffffffffff, 0x800c6613, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x800002, 0x12, r0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r1, &(0x7f000099e000)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$inet_tcp_int(r1, 0x6, 0x19, &(0x7f0000000000)=0x20, 0x4) sendto$inet(r1, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) ioctl$LOOP_GET_STATUS(0xffffffffffffffff, 0x125e, &(0x7f0000000080)) sendmsg$NL80211_CMD_TDLS_MGMT(r1, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000180)={0xec, 0x0, 0x100, 0x70bd2b, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xc, 0x2a, [@mesh_chsw={0x76, 0x6, {0x4, 0x26, 0x3d, 0x6}}]}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8}, @NL80211_ATTR_IE={0xab, 0x2a, [@mesh_id={0x72, 0x6}, @ht={0x2d, 0x1a, {0x8, 0x0, 0x1, 0x0, {0x3, 0x1, 0x0, 0x40, 0x0, 0x0, 0x0, 0x3, 0x1}, 0x8, 0x2, 0x2}}, @random_vendor={0xdd, 0x79, "5d4436042fb01afc776f15e249f78a5aa575849e3f8dfaf15c31ab8e96bc93a802a07f9a061d42824f799da013af85391831c9d4d7763587719e0a866b6530d86eec17b03908316c3b2f349db78ce75136f0513d4f0ded6c486518591507ef48244207ef1a137875c55b2461f29fc321232d421909e2e0b878"}, @ibss={0x6, 0x2, 0x1}, @supported_rates={0x1, 0x2, [{0x4}, {0xc}]}]}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8, 0xcb, 0x7fffffff}, @NL80211_ATTR_TDLS_INITIATOR={0x4}]}, 0xec}, 0x1, 0x0, 0x0, 0x20000004}, 0x4) recvfrom(r1, &(0x7f0000000480)=""/110, 0xfffffe32, 0x734, 0x0, 0xffffffffffffff39) 01:16:15 executing program 1: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f000099e000)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$inet_tcp_int(r0, 0x6, 0x19, &(0x7f0000000000)=0x20, 0x4) sendto$inet(r0, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) sendmsg$NL80211_CMD_TDLS_MGMT(r0, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000180)={0x158, 0x0, 0x100, 0x70bd2b, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xc, 0x2a, [@mesh_chsw={0x76, 0x6, {0x4, 0x26, 0x3d, 0x6}}]}, @NL80211_ATTR_IE={0x11e, 0x2a, [@mesh_id={0x72, 0x6}, @ht={0x2d, 0x1a, {0x8, 0x0, 0x1, 0x0, {0x3, 0x1, 0x0, 0x40, 0x0, 0x0, 0x0, 0x3, 0x1}, 0x8, 0x2, 0x2}}, @random_vendor={0xdd, 0xec, "5d4436042fb01afc776f15e249f78a5aa575849e3f8dfaf15c31ab8e96bc93a802a07f9a061d42824f799da013af85391831c9d4d7763587719e0a866b6530d86eec17b03908316c3b2f349db78ce75136f0513d4f0ded6c486518591507ef48244207ef1a137875c55b2461f29fc321232d421909e2e0b878d23b226b9204813abfd58338df63ec0f3a0aa1df08f6ee238f250e1f1517a9491032c8aeef45e3096f8c60fe39eb45570a9ed2a19c2671080fb03c84672b7a6d0050f45aaa2e93af2224c4b60edddc2d45831dacd11acc362166f47ff0f98148d5eea62845deed5ebbae8bd8bcb5c46cfa91e1"}, @ibss={0x6, 0x2, 0x1}, @supported_rates={0x1, 0x2, [{0x4}, {0xc}]}]}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8, 0xcb, 0x7fffffff}, @NL80211_ATTR_TDLS_INITIATOR={0x4}]}, 0x158}, 0x1, 0x0, 0x0, 0x20000004}, 0x4) recvfrom(r0, &(0x7f0000000480)=""/110, 0xfffffe32, 0x734, 0x0, 0xffffffffffffff39) 01:16:15 executing program 2: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x170ffff, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="200000004000000003000000300000000f000000000000000200000002000000008000000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000000140)="ed41000000000000dbf4655fdcf4655fdcf4655f0000000000000400080000000000000005000000080000000000000000000000000000000000000000000000bbb453d966251f49b1ab9b5b4d3c3f8ccc23b5d09ae234926a1e667ee0255913fede62ba578c07a711", 0x69, 0x4200}], 0x0, &(0x7f0000013a00)) [ 231.477327][T22229] loop4: p4 size 3657465856 extends beyond EOD, truncated [ 231.563228][T22264] loop2: detected capacity change from 0 to 47231 [ 231.581737][T22266] FAULT_INJECTION: forcing a failure. [ 231.581737][T22266] name failslab, interval 1, probability 0, space 0, times 0 [ 231.594413][T22266] CPU: 0 PID: 22266 Comm: syz-executor.5 Tainted: G W 5.14.0-syzkaller #0 [ 231.604207][T22266] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 231.614262][T22266] Call Trace: [ 231.617535][T22266] dump_stack_lvl+0xb7/0x103 [ 231.622143][T22266] dump_stack+0x11/0x1a [ 231.626373][T22266] should_fail+0x23c/0x250 [ 231.630805][T22266] ? kmalloc_array+0x2d/0x40 [ 231.635382][T22266] __should_failslab+0x81/0x90 [ 231.640126][T22266] should_failslab+0x5/0x20 [ 231.644611][T22266] __kmalloc+0x66/0x340 [ 231.648747][T22266] ? ktime_get_coarse_real_ts64+0x10d/0x120 [ 231.654647][T22266] ? splice_from_pipe+0xc0/0xc0 [ 231.659604][T22266] kmalloc_array+0x2d/0x40 [ 231.664048][T22266] iter_file_splice_write+0xc6/0x750 [ 231.669384][T22266] ? atime_needs_update+0x239/0x390 [ 231.674654][T22266] ? touch_atime+0xcf/0x240 [ 231.679141][T22266] ? generic_file_splice_read+0x286/0x310 [ 231.684846][T22266] ? splice_from_pipe+0xc0/0xc0 [ 231.689718][T22266] direct_splice_actor+0x80/0xa0 [ 231.694680][T22266] splice_direct_to_actor+0x345/0x650 [ 231.700068][T22266] ? do_splice_direct+0x170/0x170 [ 231.705075][T22266] do_splice_direct+0xf5/0x170 [ 231.709844][T22266] do_sendfile+0x618/0xb90 [ 231.714256][T22266] __x64_sys_sendfile64+0xf2/0x130 [ 231.719438][T22266] do_syscall_64+0x3d/0x90 [ 231.723864][T22266] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 231.729770][T22266] RIP: 0033:0x4665f9 [ 231.733644][T22266] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 231.753241][T22266] RSP: 002b:00007f439350a188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 231.761637][T22266] RAX: ffffffffffffffda RBX: 000000000056c038 RCX: 00000000004665f9 [ 231.769602][T22266] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000004 [ 231.777691][T22266] RBP: 00007f439350a1d0 R08: 0000000000000000 R09: 0000000000000000 [ 231.785683][T22266] R10: 0008000000000004 R11: 0000000000000246 R12: 0000000000000002 [ 231.793658][T22266] R13: 00007ffeba6dfb3f R14: 00007f439350a300 R15: 0000000000022000 [ 231.808590][T22264] EXT4-fs error (device loop2): __ext4_iget:4846: inode #2: block 3646141627: comm syz-executor.2: invalid block [ 231.820673][T22264] EXT4-fs (loop2): get root inode failed [ 231.826332][T22264] EXT4-fs (loop2): mount failed [ 231.846145][T22229] loop4: detected capacity change from 0 to 264192 [ 231.874726][T22264] loop2: detected capacity change from 0 to 47231 [ 231.898171][T22264] EXT4-fs error (device loop2): __ext4_iget:4846: inode #2: block 3646141627: comm syz-executor.2: invalid block [ 231.910130][T22264] EXT4-fs (loop2): get root inode failed [ 231.915873][T22264] EXT4-fs (loop2): mount failed [ 231.933345][T22229] loop4: p1 p2 p3 p4 [ 231.942250][T22229] loop4: p1 size 11290111 extends beyond EOD, truncated [ 231.957027][T22229] loop4: p2 size 1073872896 extends beyond EOD, truncated [ 231.965642][T22229] loop4: p3 size 1912633224 extends beyond EOD, truncated [ 231.973761][T22229] loop4: p4 size 3657465856 extends beyond EOD, truncated 01:16:16 executing program 4: syz_read_part_table(0xff0f0000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000000)="020181ffffff0a000000ff45ac0000ffffffa9000800000000000000024000ffffff82000000e10000008877007200300700a6ffffff00000000008000da55aa", 0x40, 0x1c0}]) 01:16:16 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(0xffffffffffffffff, 0x800c6613, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x800002, 0x12, r0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r1, &(0x7f000099e000)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$inet_tcp_int(r1, 0x6, 0x19, &(0x7f0000000000)=0x20, 0x4) sendto$inet(r1, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) ioctl$LOOP_GET_STATUS(0xffffffffffffffff, 0x125e, &(0x7f0000000080)) sendmsg$NL80211_CMD_TDLS_MGMT(r1, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000180)={0xec, 0x0, 0x100, 0x70bd2b, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xc, 0x2a, [@mesh_chsw={0x76, 0x6, {0x4, 0x26, 0x3d, 0x6}}]}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8}, @NL80211_ATTR_IE={0xab, 0x2a, [@mesh_id={0x72, 0x6}, @ht={0x2d, 0x1a, {0x8, 0x0, 0x1, 0x0, {0x3, 0x1, 0x0, 0x40, 0x0, 0x0, 0x0, 0x3, 0x1}, 0x8, 0x2, 0x2}}, @random_vendor={0xdd, 0x79, "5d4436042fb01afc776f15e249f78a5aa575849e3f8dfaf15c31ab8e96bc93a802a07f9a061d42824f799da013af85391831c9d4d7763587719e0a866b6530d86eec17b03908316c3b2f349db78ce75136f0513d4f0ded6c486518591507ef48244207ef1a137875c55b2461f29fc321232d421909e2e0b878"}, @ibss={0x6, 0x2, 0x1}, @supported_rates={0x1, 0x2, [{0x4}, {0xc}]}]}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8, 0xcb, 0x7fffffff}, @NL80211_ATTR_TDLS_INITIATOR={0x4}]}, 0xec}, 0x1, 0x0, 0x0, 0x20000004}, 0x4) recvfrom(r1, &(0x7f0000000480)=""/110, 0xfffffe32, 0x734, 0x0, 0xffffffffffffff39) 01:16:16 executing program 1: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f000099e000)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$inet_tcp_int(r0, 0x6, 0x19, &(0x7f0000000000)=0x20, 0x4) sendto$inet(r0, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) sendmsg$NL80211_CMD_TDLS_MGMT(r0, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000180)={0x154, 0x0, 0x100, 0x70bd2b, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8}, @NL80211_ATTR_IE={0x11e, 0x2a, [@mesh_id={0x72, 0x6}, @ht={0x2d, 0x1a, {0x8, 0x0, 0x1, 0x0, {0x3, 0x1, 0x0, 0x40, 0x0, 0x0, 0x0, 0x3, 0x1}, 0x8, 0x2, 0x2}}, @random_vendor={0xdd, 0xec, "5d4436042fb01afc776f15e249f78a5aa575849e3f8dfaf15c31ab8e96bc93a802a07f9a061d42824f799da013af85391831c9d4d7763587719e0a866b6530d86eec17b03908316c3b2f349db78ce75136f0513d4f0ded6c486518591507ef48244207ef1a137875c55b2461f29fc321232d421909e2e0b878d23b226b9204813abfd58338df63ec0f3a0aa1df08f6ee238f250e1f1517a9491032c8aeef45e3096f8c60fe39eb45570a9ed2a19c2671080fb03c84672b7a6d0050f45aaa2e93af2224c4b60edddc2d45831dacd11acc362166f47ff0f98148d5eea62845deed5ebbae8bd8bcb5c46cfa91e1"}, @ibss={0x6, 0x2, 0x1}, @supported_rates={0x1, 0x2, [{0x4}, {0xc}]}]}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8, 0xcb, 0x7fffffff}, @NL80211_ATTR_TDLS_INITIATOR={0x4}]}, 0x154}, 0x1, 0x0, 0x0, 0x20000004}, 0x4) recvfrom(r0, &(0x7f0000000480)=""/110, 0xfffffe32, 0x734, 0x0, 0xffffffffffffff39) 01:16:16 executing program 0: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="200000004000000003000000300018000f000000000000000200000002000000008000000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000000140)="ed41000000000000dbf4655fdcf4655fdcf4655f0000000000000400080000000000000005000000080000000000000000000000000000000000000000000000bb", 0x41, 0x4200}], 0x0, &(0x7f0000013a00)) 01:16:16 executing program 2: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x270ffff, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="200000004000000003000000300000000f000000000000000200000002000000008000000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000000140)="ed41000000000000dbf4655fdcf4655fdcf4655f0000000000000400080000000000000005000000080000000000000000000000000000000000000000000000bbb453d966251f49b1ab9b5b4d3c3f8ccc23b5d09ae234926a1e667ee0255913fede62ba578c07a711", 0x69, 0x4200}], 0x0, &(0x7f0000013a00)) [ 232.064728][T22300] loop2: detected capacity change from 0 to 79999 01:16:16 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(0xffffffffffffffff, 0x800c6613, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x800002, 0x12, r0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r1, &(0x7f000099e000)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$inet_tcp_int(r1, 0x6, 0x19, &(0x7f0000000000)=0x20, 0x4) sendto$inet(r1, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) ioctl$LOOP_GET_STATUS(0xffffffffffffffff, 0x125e, &(0x7f0000000080)) sendmsg$NL80211_CMD_TDLS_MGMT(r1, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000180)={0x128, 0x0, 0x100, 0x70bd2b, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xc, 0x2a, [@mesh_chsw={0x76, 0x6, {0x4, 0x26, 0x3d, 0x6}}]}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8}, @NL80211_ATTR_IE={0xe5, 0x2a, [@mesh_id={0x72, 0x6}, @ht={0x2d, 0x1a, {0x8, 0x0, 0x1, 0x0, {0x3, 0x1, 0x0, 0x40, 0x0, 0x0, 0x0, 0x3, 0x1}, 0x8, 0x2, 0x2}}, @random_vendor={0xdd, 0xb3, "5d4436042fb01afc776f15e249f78a5aa575849e3f8dfaf15c31ab8e96bc93a802a07f9a061d42824f799da013af85391831c9d4d7763587719e0a866b6530d86eec17b03908316c3b2f349db78ce75136f0513d4f0ded6c486518591507ef48244207ef1a137875c55b2461f29fc321232d421909e2e0b878d23b226b9204813abfd58338df63ec0f3a0aa1df08f6ee238f250e1f1517a9491032c8aeef45e3096f8c60fe39eb45570a9ed2a19c2671080fb0"}, @ibss={0x6, 0x2, 0x1}, @supported_rates={0x1, 0x2, [{0x4}, {0xc}]}]}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8, 0xcb, 0x7fffffff}, @NL80211_ATTR_TDLS_INITIATOR={0x4}]}, 0x128}, 0x1, 0x0, 0x0, 0x20000004}, 0x4) recvfrom(r1, &(0x7f0000000480)=""/110, 0xfffffe32, 0x734, 0x0, 0xffffffffffffff39) 01:16:16 executing program 0: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000400000000300000030001c000f000000000000000200000002000000008000000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000000140)="ed41000000000000dbf4655fdcf4655fdcf4655f0000000000000400080000000000000005000000080000000000000000000000000000000000000000000000bb", 0x41, 0x4200}], 0x0, &(0x7f0000013a00)) [ 232.149777][T22315] loop4: detected capacity change from 0 to 264192 [ 232.169258][T22300] EXT4-fs error (device loop2): __ext4_iget:4846: inode #2: block 3646141627: comm syz-executor.2: invalid block [ 232.181255][T22300] EXT4-fs (loop2): get root inode failed [ 232.186905][T22300] EXT4-fs (loop2): mount failed [ 232.266773][T22315] loop4: p1 p2 p3 p4 [ 232.273016][T22315] loop4: p1 size 11290111 extends beyond EOD, truncated [ 232.280667][T22315] loop4: p2 size 1073872896 extends beyond EOD, truncated [ 232.289184][T22315] loop4: p3 size 1912633224 extends beyond EOD, truncated [ 232.297306][T22315] loop4: p4 size 3657465856 extends beyond EOD, truncated 01:16:16 executing program 5 (fault-call:7 fault-nth:53): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x7a05, 0x1700) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) write$cgroup_int(r2, &(0x7f0000000200), 0xf000) pwrite64(0xffffffffffffffff, 0x0, 0x0, 0x0) sendfile(r2, r3, 0x0, 0xf03b0000) sendfile(r1, r0, 0x0, 0x8000000000004) 01:16:16 executing program 1: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f000099e000)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$inet_tcp_int(r0, 0x6, 0x19, &(0x7f0000000000)=0x20, 0x4) sendto$inet(r0, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) sendmsg$NL80211_CMD_TDLS_MGMT(r0, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000180)={0x154, 0x0, 0x100, 0x70bd2b, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8}, @NL80211_ATTR_IE={0x11e, 0x2a, [@mesh_id={0x72, 0x6}, @ht={0x2d, 0x1a, {0x8, 0x0, 0x1, 0x0, {0x3, 0x1, 0x0, 0x40, 0x0, 0x0, 0x0, 0x3, 0x1}, 0x8, 0x2, 0x2}}, @random_vendor={0xdd, 0xec, "5d4436042fb01afc776f15e249f78a5aa575849e3f8dfaf15c31ab8e96bc93a802a07f9a061d42824f799da013af85391831c9d4d7763587719e0a866b6530d86eec17b03908316c3b2f349db78ce75136f0513d4f0ded6c486518591507ef48244207ef1a137875c55b2461f29fc321232d421909e2e0b878d23b226b9204813abfd58338df63ec0f3a0aa1df08f6ee238f250e1f1517a9491032c8aeef45e3096f8c60fe39eb45570a9ed2a19c2671080fb03c84672b7a6d0050f45aaa2e93af2224c4b60edddc2d45831dacd11acc362166f47ff0f98148d5eea62845deed5ebbae8bd8bcb5c46cfa91e1"}, @ibss={0x6, 0x2, 0x1}, @supported_rates={0x1, 0x2, [{0x4}, {0xc}]}]}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8, 0xcb, 0x7fffffff}, @NL80211_ATTR_TDLS_INITIATOR={0x4}]}, 0x154}, 0x1, 0x0, 0x0, 0x20000004}, 0x4) recvfrom(r0, &(0x7f0000000480)=""/110, 0xfffffe32, 0x734, 0x0, 0xffffffffffffff39) [ 232.313083][T22300] loop2: detected capacity change from 0 to 79999 01:16:16 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(0xffffffffffffffff, 0x800c6613, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x800002, 0x12, r0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r1, &(0x7f000099e000)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$inet_tcp_int(r1, 0x6, 0x19, &(0x7f0000000000)=0x20, 0x4) sendto$inet(r1, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) ioctl$LOOP_GET_STATUS(0xffffffffffffffff, 0x125e, &(0x7f0000000080)) sendmsg$NL80211_CMD_TDLS_MGMT(r1, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000180)={0x128, 0x0, 0x100, 0x70bd2b, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xc, 0x2a, [@mesh_chsw={0x76, 0x6, {0x4, 0x26, 0x3d, 0x6}}]}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8}, @NL80211_ATTR_IE={0xe5, 0x2a, [@mesh_id={0x72, 0x6}, @ht={0x2d, 0x1a, {0x8, 0x0, 0x1, 0x0, {0x3, 0x1, 0x0, 0x40, 0x0, 0x0, 0x0, 0x3, 0x1}, 0x8, 0x2, 0x2}}, @random_vendor={0xdd, 0xb3, "5d4436042fb01afc776f15e249f78a5aa575849e3f8dfaf15c31ab8e96bc93a802a07f9a061d42824f799da013af85391831c9d4d7763587719e0a866b6530d86eec17b03908316c3b2f349db78ce75136f0513d4f0ded6c486518591507ef48244207ef1a137875c55b2461f29fc321232d421909e2e0b878d23b226b9204813abfd58338df63ec0f3a0aa1df08f6ee238f250e1f1517a9491032c8aeef45e3096f8c60fe39eb45570a9ed2a19c2671080fb0"}, @ibss={0x6, 0x2, 0x1}, @supported_rates={0x1, 0x2, [{0x4}, {0xc}]}]}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8, 0xcb, 0x7fffffff}, @NL80211_ATTR_TDLS_INITIATOR={0x4}]}, 0x128}, 0x1, 0x0, 0x0, 0x20000004}, 0x4) recvfrom(r1, &(0x7f0000000480)=""/110, 0xfffffe32, 0x734, 0x0, 0xffffffffffffff39) 01:16:16 executing program 0: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="200000004000000003000000300026000f000000000000000200000002000000008000000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000000140)="ed41000000000000dbf4655fdcf4655fdcf4655f0000000000000400080000000000000005000000080000000000000000000000000000000000000000000000bb", 0x41, 0x4200}], 0x0, &(0x7f0000013a00)) [ 232.348882][T22300] EXT4-fs error (device loop2): __ext4_iget:4846: inode #2: block 3646141627: comm syz-executor.2: invalid block [ 232.360955][T22300] EXT4-fs (loop2): get root inode failed [ 232.366611][T22300] EXT4-fs (loop2): mount failed [ 232.454745][T22345] FAULT_INJECTION: forcing a failure. [ 232.454745][T22345] name failslab, interval 1, probability 0, space 0, times 0 [ 232.467402][T22345] CPU: 0 PID: 22345 Comm: syz-executor.5 Tainted: G W 5.14.0-syzkaller #0 [ 232.477243][T22345] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 232.487293][T22345] Call Trace: [ 232.490562][T22345] dump_stack_lvl+0xb7/0x103 [ 232.495153][T22345] dump_stack+0x11/0x1a [ 232.499300][T22345] should_fail+0x23c/0x250 [ 232.503709][T22345] __should_failslab+0x81/0x90 [ 232.508499][T22345] ? __iomap_dio_rw+0xf2/0xa60 [ 232.513262][T22345] should_failslab+0x5/0x20 [ 232.517759][T22345] kmem_cache_alloc_trace+0x49/0x310 [ 232.523044][T22345] __iomap_dio_rw+0xf2/0xa60 [ 232.527638][T22345] ? ext4_es_lookup_extent+0x36b/0x490 [ 232.533102][T22345] ? ktime_get_coarse_real_ts64+0x10d/0x120 [ 232.539062][T22345] ? file_update_time+0x1bd/0x3e0 [ 232.544070][T22345] iomap_dio_rw+0x30/0x70 [ 232.548385][T22345] ext4_file_write_iter+0xa5e/0x11a0 [ 232.553812][T22345] do_iter_readv_writev+0x2cd/0x370 [ 232.558992][T22345] do_iter_write+0x192/0x5c0 [ 232.563600][T22345] ? splice_from_pipe_next+0x34f/0x3b0 [ 232.569036][T22345] ? kmalloc_array+0x2d/0x40 [ 232.573676][T22345] vfs_iter_write+0x4c/0x70 [ 232.578233][T22345] iter_file_splice_write+0x40a/0x750 [ 232.583583][T22345] ? splice_from_pipe+0xc0/0xc0 [ 232.588466][T22345] direct_splice_actor+0x80/0xa0 [ 232.593392][T22345] splice_direct_to_actor+0x345/0x650 [ 232.598815][T22345] ? do_splice_direct+0x170/0x170 [ 232.603822][T22345] do_splice_direct+0xf5/0x170 [ 232.608684][T22345] do_sendfile+0x618/0xb90 [ 232.613085][T22345] __x64_sys_sendfile64+0xf2/0x130 [ 232.618187][T22345] do_syscall_64+0x3d/0x90 [ 232.622652][T22345] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 232.628526][T22345] RIP: 0033:0x4665f9 [ 232.632414][T22345] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 01:16:16 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(0xffffffffffffffff, 0x800c6613, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x800002, 0x12, r0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r1, &(0x7f000099e000)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$inet_tcp_int(r1, 0x6, 0x19, &(0x7f0000000000)=0x20, 0x4) sendto$inet(r1, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) ioctl$LOOP_GET_STATUS(0xffffffffffffffff, 0x125e, &(0x7f0000000080)) sendmsg$NL80211_CMD_TDLS_MGMT(r1, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000180)={0x128, 0x0, 0x100, 0x70bd2b, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xc, 0x2a, [@mesh_chsw={0x76, 0x6, {0x4, 0x26, 0x3d, 0x6}}]}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8}, @NL80211_ATTR_IE={0xe5, 0x2a, [@mesh_id={0x72, 0x6}, @ht={0x2d, 0x1a, {0x8, 0x0, 0x1, 0x0, {0x3, 0x1, 0x0, 0x40, 0x0, 0x0, 0x0, 0x3, 0x1}, 0x8, 0x2, 0x2}}, @random_vendor={0xdd, 0xb3, "5d4436042fb01afc776f15e249f78a5aa575849e3f8dfaf15c31ab8e96bc93a802a07f9a061d42824f799da013af85391831c9d4d7763587719e0a866b6530d86eec17b03908316c3b2f349db78ce75136f0513d4f0ded6c486518591507ef48244207ef1a137875c55b2461f29fc321232d421909e2e0b878d23b226b9204813abfd58338df63ec0f3a0aa1df08f6ee238f250e1f1517a9491032c8aeef45e3096f8c60fe39eb45570a9ed2a19c2671080fb0"}, @ibss={0x6, 0x2, 0x1}, @supported_rates={0x1, 0x2, [{0x4}, {0xc}]}]}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8, 0xcb, 0x7fffffff}, @NL80211_ATTR_TDLS_INITIATOR={0x4}]}, 0x128}, 0x1, 0x0, 0x0, 0x20000004}, 0x4) recvfrom(r1, &(0x7f0000000480)=""/110, 0xfffffe32, 0x734, 0x0, 0xffffffffffffff39) 01:16:16 executing program 4: syz_read_part_table(0xffefffff, 0x1, &(0x7f0000000040)=[{&(0x7f0000000000)="020181ffffff0a000000ff45ac0000ffffffa9000800000000000000024000ffffff82000000e10000008877007200300700a6ffffff00000000008000da55aa", 0x40, 0x1c0}]) 01:16:16 executing program 1: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f000099e000)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$inet_tcp_int(r0, 0x6, 0x19, &(0x7f0000000000)=0x20, 0x4) sendto$inet(r0, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) sendmsg$NL80211_CMD_TDLS_MGMT(r0, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000180)={0x154, 0x0, 0x100, 0x70bd2b, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8}, @NL80211_ATTR_IE={0x11e, 0x2a, [@mesh_id={0x72, 0x6}, @ht={0x2d, 0x1a, {0x8, 0x0, 0x1, 0x0, {0x3, 0x1, 0x0, 0x40, 0x0, 0x0, 0x0, 0x3, 0x1}, 0x8, 0x2, 0x2}}, @random_vendor={0xdd, 0xec, "5d4436042fb01afc776f15e249f78a5aa575849e3f8dfaf15c31ab8e96bc93a802a07f9a061d42824f799da013af85391831c9d4d7763587719e0a866b6530d86eec17b03908316c3b2f349db78ce75136f0513d4f0ded6c486518591507ef48244207ef1a137875c55b2461f29fc321232d421909e2e0b878d23b226b9204813abfd58338df63ec0f3a0aa1df08f6ee238f250e1f1517a9491032c8aeef45e3096f8c60fe39eb45570a9ed2a19c2671080fb03c84672b7a6d0050f45aaa2e93af2224c4b60edddc2d45831dacd11acc362166f47ff0f98148d5eea62845deed5ebbae8bd8bcb5c46cfa91e1"}, @ibss={0x6, 0x2, 0x1}, @supported_rates={0x1, 0x2, [{0x4}, {0xc}]}]}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8, 0xcb, 0x7fffffff}, @NL80211_ATTR_TDLS_INITIATOR={0x4}]}, 0x154}, 0x1, 0x0, 0x0, 0x20000004}, 0x4) recvfrom(r0, &(0x7f0000000480)=""/110, 0xfffffe32, 0x734, 0x0, 0xffffffffffffff39) 01:16:16 executing program 0: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="2000000040000000030000003000fe000f000000000000000200000002000000008000000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000000140)="ed41000000000000dbf4655fdcf4655fdcf4655f0000000000000400080000000000000005000000080000000000000000000000000000000000000000000000bb", 0x41, 0x4200}], 0x0, &(0x7f0000013a00)) [ 232.652085][T22345] RSP: 002b:00007f439350a188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 232.660473][T22345] RAX: ffffffffffffffda RBX: 000000000056c038 RCX: 00000000004665f9 [ 232.668452][T22345] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000004 [ 232.676443][T22345] RBP: 00007f439350a1d0 R08: 0000000000000000 R09: 0000000000000000 [ 232.684415][T22345] R10: 0008000000000004 R11: 0000000000000246 R12: 0000000000000002 [ 232.692362][T22345] R13: 00007ffeba6dfb3f R14: 00007f439350a300 R15: 0000000000022000 01:16:17 executing program 2: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x1d000000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="200000004000000003000000300000000f000000000000000200000002000000008000000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000000140)="ed41000000000000dbf4655fdcf4655fdcf4655f0000000000000400080000000000000005000000080000000000000000000000000000000000000000000000bbb453d966251f49b1ab9b5b4d3c3f8ccc23b5d09ae234926a1e667ee0255913fede62ba578c07a711", 0x69, 0x4200}], 0x0, &(0x7f0000013a00)) 01:16:17 executing program 1: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f000099e000)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$inet_tcp_int(r0, 0x6, 0x19, &(0x7f0000000000)=0x20, 0x4) sendto$inet(r0, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) sendmsg$NL80211_CMD_TDLS_MGMT(r0, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000180)={0x158, 0x0, 0x100, 0x70bd2b, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0x4}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8}, @NL80211_ATTR_IE={0x11e, 0x2a, [@mesh_id={0x72, 0x6}, @ht={0x2d, 0x1a, {0x8, 0x0, 0x1, 0x0, {0x3, 0x1, 0x0, 0x40, 0x0, 0x0, 0x0, 0x3, 0x1}, 0x8, 0x2, 0x2}}, @random_vendor={0xdd, 0xec, "5d4436042fb01afc776f15e249f78a5aa575849e3f8dfaf15c31ab8e96bc93a802a07f9a061d42824f799da013af85391831c9d4d7763587719e0a866b6530d86eec17b03908316c3b2f349db78ce75136f0513d4f0ded6c486518591507ef48244207ef1a137875c55b2461f29fc321232d421909e2e0b878d23b226b9204813abfd58338df63ec0f3a0aa1df08f6ee238f250e1f1517a9491032c8aeef45e3096f8c60fe39eb45570a9ed2a19c2671080fb03c84672b7a6d0050f45aaa2e93af2224c4b60edddc2d45831dacd11acc362166f47ff0f98148d5eea62845deed5ebbae8bd8bcb5c46cfa91e1"}, @ibss={0x6, 0x2, 0x1}, @supported_rates={0x1, 0x2, [{0x4}, {0xc}]}]}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8, 0xcb, 0x7fffffff}, @NL80211_ATTR_TDLS_INITIATOR={0x4}]}, 0x158}, 0x1, 0x0, 0x0, 0x20000004}, 0x4) recvfrom(r0, &(0x7f0000000480)=""/110, 0xfffffe32, 0x734, 0x0, 0xffffffffffffff39) 01:16:17 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(0xffffffffffffffff, 0x800c6613, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x800002, 0x12, r0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r1, &(0x7f000099e000)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$inet_tcp_int(r1, 0x6, 0x19, &(0x7f0000000000)=0x20, 0x4) sendto$inet(r1, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) ioctl$LOOP_GET_STATUS(0xffffffffffffffff, 0x125e, &(0x7f0000000080)) sendmsg$NL80211_CMD_TDLS_MGMT(r1, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000180)={0x144, 0x0, 0x100, 0x70bd2b, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xc, 0x2a, [@mesh_chsw={0x76, 0x6, {0x4, 0x26, 0x3d, 0x6}}]}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8}, @NL80211_ATTR_IE={0x102, 0x2a, [@mesh_id={0x72, 0x6}, @ht={0x2d, 0x1a, {0x8, 0x0, 0x1, 0x0, {0x3, 0x1, 0x0, 0x40, 0x0, 0x0, 0x0, 0x3, 0x1}, 0x8, 0x2, 0x2}}, @random_vendor={0xdd, 0xd0, "5d4436042fb01afc776f15e249f78a5aa575849e3f8dfaf15c31ab8e96bc93a802a07f9a061d42824f799da013af85391831c9d4d7763587719e0a866b6530d86eec17b03908316c3b2f349db78ce75136f0513d4f0ded6c486518591507ef48244207ef1a137875c55b2461f29fc321232d421909e2e0b878d23b226b9204813abfd58338df63ec0f3a0aa1df08f6ee238f250e1f1517a9491032c8aeef45e3096f8c60fe39eb45570a9ed2a19c2671080fb03c84672b7a6d0050f45aaa2e93af2224c4b60edddc2d45831dacd11acc"}, @ibss={0x6, 0x2, 0x1}, @supported_rates={0x1, 0x2, [{0x4}, {0xc}]}]}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8, 0xcb, 0x7fffffff}, @NL80211_ATTR_TDLS_INITIATOR={0x4}]}, 0x144}, 0x1, 0x0, 0x0, 0x20000004}, 0x4) recvfrom(r1, &(0x7f0000000480)=""/110, 0xfffffe32, 0x734, 0x0, 0xffffffffffffff39) 01:16:17 executing program 0: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="200000004000000003000000300004020f000000000000000200000002000000008000000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000000140)="ed41000000000000dbf4655fdcf4655fdcf4655f0000000000000400080000000000000005000000080000000000000000000000000000000000000000000000bb", 0x41, 0x4200}], 0x0, &(0x7f0000013a00)) [ 232.791919][T22365] loop4: detected capacity change from 0 to 264192 [ 232.861522][T22376] loop2: detected capacity change from 0 to 264192 [ 232.903654][T22365] loop4: p1 p2 p3 p4 [ 232.908971][T22365] loop4: p1 size 11290111 extends beyond EOD, truncated [ 232.922090][T22376] EXT4-fs error (device loop2): __ext4_iget:4846: inode #2: block 3646141627: comm syz-executor.2: invalid block [ 232.934093][T22376] EXT4-fs (loop2): get root inode failed [ 232.939733][T22376] EXT4-fs (loop2): mount failed [ 232.966570][T22365] loop4: p2 size 1073872896 extends beyond EOD, truncated [ 233.000863][T22365] loop4: p3 size 1912633224 extends beyond EOD, truncated [ 233.014336][T22365] loop4: p4 size 3657465856 extends beyond EOD, truncated [ 233.064023][T22376] loop2: detected capacity change from 0 to 264192 [ 233.126437][T22376] EXT4-fs error (device loop2): __ext4_iget:4846: inode #2: block 3646141627: comm syz-executor.2: invalid block [ 233.138408][T22376] EXT4-fs (loop2): get root inode failed [ 233.144084][T22376] EXT4-fs (loop2): mount failed 01:16:17 executing program 5 (fault-call:7 fault-nth:54): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x7a05, 0x1700) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) write$cgroup_int(r2, &(0x7f0000000200), 0xf000) pwrite64(0xffffffffffffffff, 0x0, 0x0, 0x0) sendfile(r2, r3, 0x0, 0xf03b0000) sendfile(r1, r0, 0x0, 0x8000000000004) 01:16:17 executing program 1: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f000099e000)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$inet_tcp_int(r0, 0x6, 0x19, &(0x7f0000000000)=0x20, 0x4) sendto$inet(r0, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) sendmsg$NL80211_CMD_TDLS_MGMT(r0, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000180)={0x158, 0x0, 0x100, 0x70bd2b, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0x4}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8}, @NL80211_ATTR_IE={0x11e, 0x2a, [@mesh_id={0x72, 0x6}, @ht={0x2d, 0x1a, {0x8, 0x0, 0x1, 0x0, {0x3, 0x1, 0x0, 0x40, 0x0, 0x0, 0x0, 0x3, 0x1}, 0x8, 0x2, 0x2}}, @random_vendor={0xdd, 0xec, "5d4436042fb01afc776f15e249f78a5aa575849e3f8dfaf15c31ab8e96bc93a802a07f9a061d42824f799da013af85391831c9d4d7763587719e0a866b6530d86eec17b03908316c3b2f349db78ce75136f0513d4f0ded6c486518591507ef48244207ef1a137875c55b2461f29fc321232d421909e2e0b878d23b226b9204813abfd58338df63ec0f3a0aa1df08f6ee238f250e1f1517a9491032c8aeef45e3096f8c60fe39eb45570a9ed2a19c2671080fb03c84672b7a6d0050f45aaa2e93af2224c4b60edddc2d45831dacd11acc362166f47ff0f98148d5eea62845deed5ebbae8bd8bcb5c46cfa91e1"}, @ibss={0x6, 0x2, 0x1}, @supported_rates={0x1, 0x2, [{0x4}, {0xc}]}]}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8, 0xcb, 0x7fffffff}, @NL80211_ATTR_TDLS_INITIATOR={0x4}]}, 0x158}, 0x1, 0x0, 0x0, 0x20000004}, 0x4) recvfrom(r0, &(0x7f0000000480)=""/110, 0xfffffe32, 0x734, 0x0, 0xffffffffffffff39) 01:16:17 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(0xffffffffffffffff, 0x800c6613, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x800002, 0x12, r0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r1, &(0x7f000099e000)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$inet_tcp_int(r1, 0x6, 0x19, &(0x7f0000000000)=0x20, 0x4) sendto$inet(r1, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) ioctl$LOOP_GET_STATUS(0xffffffffffffffff, 0x125e, &(0x7f0000000080)) sendmsg$NL80211_CMD_TDLS_MGMT(r1, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000180)={0x144, 0x0, 0x100, 0x70bd2b, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xc, 0x2a, [@mesh_chsw={0x76, 0x6, {0x4, 0x26, 0x3d, 0x6}}]}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8}, @NL80211_ATTR_IE={0x102, 0x2a, [@mesh_id={0x72, 0x6}, @ht={0x2d, 0x1a, {0x8, 0x0, 0x1, 0x0, {0x3, 0x1, 0x0, 0x40, 0x0, 0x0, 0x0, 0x3, 0x1}, 0x8, 0x2, 0x2}}, @random_vendor={0xdd, 0xd0, "5d4436042fb01afc776f15e249f78a5aa575849e3f8dfaf15c31ab8e96bc93a802a07f9a061d42824f799da013af85391831c9d4d7763587719e0a866b6530d86eec17b03908316c3b2f349db78ce75136f0513d4f0ded6c486518591507ef48244207ef1a137875c55b2461f29fc321232d421909e2e0b878d23b226b9204813abfd58338df63ec0f3a0aa1df08f6ee238f250e1f1517a9491032c8aeef45e3096f8c60fe39eb45570a9ed2a19c2671080fb03c84672b7a6d0050f45aaa2e93af2224c4b60edddc2d45831dacd11acc"}, @ibss={0x6, 0x2, 0x1}, @supported_rates={0x1, 0x2, [{0x4}, {0xc}]}]}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8, 0xcb, 0x7fffffff}, @NL80211_ATTR_TDLS_INITIATOR={0x4}]}, 0x144}, 0x1, 0x0, 0x0, 0x20000004}, 0x4) recvfrom(r1, &(0x7f0000000480)=""/110, 0xfffffe32, 0x734, 0x0, 0xffffffffffffff39) 01:16:17 executing program 0: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="200000004000000003000000300000030f000000000000000200000002000000008000000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000000140)="ed41000000000000dbf4655fdcf4655fdcf4655f0000000000000400080000000000000005000000080000000000000000000000000000000000000000000000bb", 0x41, 0x4200}], 0x0, &(0x7f0000013a00)) 01:16:17 executing program 4: syz_read_part_table(0xffffe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000000)="020181ffffff0a000000ff45ac0000ffffffa9000800000000000000024000ffffff82000000e10000008877007200300700a6ffffff00000000008000da55aa", 0x40, 0x1c0}]) [ 233.284831][T22417] loop4: detected capacity change from 0 to 264192 [ 233.301284][T22418] FAULT_INJECTION: forcing a failure. [ 233.301284][T22418] name failslab, interval 1, probability 0, space 0, times 0 [ 233.314114][T22418] CPU: 0 PID: 22418 Comm: syz-executor.5 Tainted: G W 5.14.0-syzkaller #0 [ 233.323929][T22418] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 233.333979][T22418] Call Trace: [ 233.337251][T22418] dump_stack_lvl+0xb7/0x103 [ 233.341937][T22418] dump_stack+0x11/0x1a [ 233.346086][T22418] should_fail+0x23c/0x250 [ 233.350680][T22418] ? mempool_alloc_slab+0x16/0x20 [ 233.355695][T22418] __should_failslab+0x81/0x90 [ 233.360435][T22418] should_failslab+0x5/0x20 [ 233.364918][T22418] kmem_cache_alloc+0x46/0x2e0 [ 233.369714][T22418] mempool_alloc_slab+0x16/0x20 [ 233.374540][T22418] ? mempool_free+0x130/0x130 [ 233.379195][T22418] mempool_alloc+0x8c/0x300 [ 233.383759][T22418] ? ext4_inode_block_valid+0x1cc/0x210 [ 233.389302][T22418] bio_alloc_bioset+0xcc/0x530 [ 233.394051][T22418] ? iov_iter_alignment+0x34b/0x370 [ 233.399239][T22418] iomap_dio_bio_actor+0x511/0xb50 [ 233.404403][T22418] ? ext4_iomap_begin+0x5d1/0x620 [ 233.409422][T22418] iomap_dio_actor+0x26e/0x3b0 [ 233.414165][T22418] ? ext4_iomap_overwrite_begin+0x5e/0x80 [ 233.419893][T22418] iomap_apply+0x1df/0x400 [ 233.424287][T22418] __iomap_dio_rw+0x62e/0xa60 [ 233.428953][T22418] ? __iomap_dio_rw+0xa60/0xa60 [ 233.433823][T22418] iomap_dio_rw+0x30/0x70 [ 233.438150][T22418] ext4_file_write_iter+0xa5e/0x11a0 [ 233.443412][T22418] do_iter_readv_writev+0x2cd/0x370 [ 233.448630][T22418] do_iter_write+0x192/0x5c0 [ 233.453223][T22418] ? splice_from_pipe_next+0x34f/0x3b0 [ 233.458662][T22418] ? kmalloc_array+0x2d/0x40 [ 233.463228][T22418] vfs_iter_write+0x4c/0x70 [ 233.467733][T22418] iter_file_splice_write+0x40a/0x750 [ 233.473081][T22418] ? splice_from_pipe+0xc0/0xc0 [ 233.477926][T22418] direct_splice_actor+0x80/0xa0 [ 233.482860][T22418] splice_direct_to_actor+0x345/0x650 [ 233.488273][T22418] ? do_splice_direct+0x170/0x170 [ 233.493289][T22418] do_splice_direct+0xf5/0x170 [ 233.498104][T22418] do_sendfile+0x618/0xb90 [ 233.502502][T22418] __x64_sys_sendfile64+0xf2/0x130 [ 233.507673][T22418] do_syscall_64+0x3d/0x90 [ 233.512065][T22418] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 233.517948][T22418] RIP: 0033:0x4665f9 [ 233.521898][T22418] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 233.541484][T22418] RSP: 002b:00007f439350a188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 233.549883][T22418] RAX: ffffffffffffffda RBX: 000000000056c038 RCX: 00000000004665f9 [ 233.557842][T22418] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000004 [ 233.565850][T22418] RBP: 00007f439350a1d0 R08: 0000000000000000 R09: 0000000000000000 [ 233.573888][T22418] R10: 0008000000000004 R11: 0000000000000246 R12: 0000000000000002 01:16:17 executing program 0: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="200000004000000003000000300002040f000000000000000200000002000000008000000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000000140)="ed41000000000000dbf4655fdcf4655fdcf4655f0000000000000400080000000000000005000000080000000000000000000000000000000000000000000000bb", 0x41, 0x4200}], 0x0, &(0x7f0000013a00)) 01:16:17 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(0xffffffffffffffff, 0x800c6613, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x800002, 0x12, r0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r1, &(0x7f000099e000)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$inet_tcp_int(r1, 0x6, 0x19, &(0x7f0000000000)=0x20, 0x4) sendto$inet(r1, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) ioctl$LOOP_GET_STATUS(0xffffffffffffffff, 0x125e, &(0x7f0000000080)) sendmsg$NL80211_CMD_TDLS_MGMT(r1, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000180)={0x144, 0x0, 0x100, 0x70bd2b, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xc, 0x2a, [@mesh_chsw={0x76, 0x6, {0x4, 0x26, 0x3d, 0x6}}]}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8}, @NL80211_ATTR_IE={0x102, 0x2a, [@mesh_id={0x72, 0x6}, @ht={0x2d, 0x1a, {0x8, 0x0, 0x1, 0x0, {0x3, 0x1, 0x0, 0x40, 0x0, 0x0, 0x0, 0x3, 0x1}, 0x8, 0x2, 0x2}}, @random_vendor={0xdd, 0xd0, "5d4436042fb01afc776f15e249f78a5aa575849e3f8dfaf15c31ab8e96bc93a802a07f9a061d42824f799da013af85391831c9d4d7763587719e0a866b6530d86eec17b03908316c3b2f349db78ce75136f0513d4f0ded6c486518591507ef48244207ef1a137875c55b2461f29fc321232d421909e2e0b878d23b226b9204813abfd58338df63ec0f3a0aa1df08f6ee238f250e1f1517a9491032c8aeef45e3096f8c60fe39eb45570a9ed2a19c2671080fb03c84672b7a6d0050f45aaa2e93af2224c4b60edddc2d45831dacd11acc"}, @ibss={0x6, 0x2, 0x1}, @supported_rates={0x1, 0x2, [{0x4}, {0xc}]}]}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8, 0xcb, 0x7fffffff}, @NL80211_ATTR_TDLS_INITIATOR={0x4}]}, 0x144}, 0x1, 0x0, 0x0, 0x20000004}, 0x4) recvfrom(r1, &(0x7f0000000480)=""/110, 0xfffffe32, 0x734, 0x0, 0xffffffffffffff39) 01:16:17 executing program 1: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f000099e000)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$inet_tcp_int(r0, 0x6, 0x19, &(0x7f0000000000)=0x20, 0x4) sendto$inet(r0, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) sendmsg$NL80211_CMD_TDLS_MGMT(r0, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000180)={0x158, 0x0, 0x100, 0x70bd2b, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0x4}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8}, @NL80211_ATTR_IE={0x11e, 0x2a, [@mesh_id={0x72, 0x6}, @ht={0x2d, 0x1a, {0x8, 0x0, 0x1, 0x0, {0x3, 0x1, 0x0, 0x40, 0x0, 0x0, 0x0, 0x3, 0x1}, 0x8, 0x2, 0x2}}, @random_vendor={0xdd, 0xec, "5d4436042fb01afc776f15e249f78a5aa575849e3f8dfaf15c31ab8e96bc93a802a07f9a061d42824f799da013af85391831c9d4d7763587719e0a866b6530d86eec17b03908316c3b2f349db78ce75136f0513d4f0ded6c486518591507ef48244207ef1a137875c55b2461f29fc321232d421909e2e0b878d23b226b9204813abfd58338df63ec0f3a0aa1df08f6ee238f250e1f1517a9491032c8aeef45e3096f8c60fe39eb45570a9ed2a19c2671080fb03c84672b7a6d0050f45aaa2e93af2224c4b60edddc2d45831dacd11acc362166f47ff0f98148d5eea62845deed5ebbae8bd8bcb5c46cfa91e1"}, @ibss={0x6, 0x2, 0x1}, @supported_rates={0x1, 0x2, [{0x4}, {0xc}]}]}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8, 0xcb, 0x7fffffff}, @NL80211_ATTR_TDLS_INITIATOR={0x4}]}, 0x158}, 0x1, 0x0, 0x0, 0x20000004}, 0x4) recvfrom(r0, &(0x7f0000000480)=""/110, 0xfffffe32, 0x734, 0x0, 0xffffffffffffff39) 01:16:17 executing program 2: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x26000000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="200000004000000003000000300000000f000000000000000200000002000000008000000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000000140)="ed41000000000000dbf4655fdcf4655fdcf4655f0000000000000400080000000000000005000000080000000000000000000000000000000000000000000000bbb453d966251f49b1ab9b5b4d3c3f8ccc23b5d09ae234926a1e667ee0255913fede62ba578c07a711", 0x69, 0x4200}], 0x0, &(0x7f0000013a00)) [ 233.581873][T22418] R13: 00007ffeba6dfb3f R14: 00007f439350a300 R15: 0000000000022000 [ 233.629122][T22417] loop4: p1 p2 p3 p4 [ 233.633611][T22417] loop4: p1 size 11290111 extends beyond EOD, truncated 01:16:17 executing program 0: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="200000004000000003000000300006040f000000000000000200000002000000008000000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000000140)="ed41000000000000dbf4655fdcf4655fdcf4655f0000000000000400080000000000000005000000080000000000000000000000000000000000000000000000bb", 0x41, 0x4200}], 0x0, &(0x7f0000013a00)) 01:16:17 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(0xffffffffffffffff, 0x800c6613, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x800002, 0x12, r0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r1, &(0x7f000099e000)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$inet_tcp_int(r1, 0x6, 0x19, &(0x7f0000000000)=0x20, 0x4) sendto$inet(r1, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) ioctl$LOOP_GET_STATUS(0xffffffffffffffff, 0x125e, &(0x7f0000000080)) sendmsg$NL80211_CMD_TDLS_MGMT(r1, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000180)={0x150, 0x0, 0x100, 0x70bd2b, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xc, 0x2a, [@mesh_chsw={0x76, 0x6, {0x4, 0x26, 0x3d, 0x6}}]}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8}, @NL80211_ATTR_IE={0x110, 0x2a, [@mesh_id={0x72, 0x6}, @ht={0x2d, 0x1a, {0x8, 0x0, 0x1, 0x0, {0x3, 0x1, 0x0, 0x40, 0x0, 0x0, 0x0, 0x3, 0x1}, 0x8, 0x2, 0x2}}, @random_vendor={0xdd, 0xde, "5d4436042fb01afc776f15e249f78a5aa575849e3f8dfaf15c31ab8e96bc93a802a07f9a061d42824f799da013af85391831c9d4d7763587719e0a866b6530d86eec17b03908316c3b2f349db78ce75136f0513d4f0ded6c486518591507ef48244207ef1a137875c55b2461f29fc321232d421909e2e0b878d23b226b9204813abfd58338df63ec0f3a0aa1df08f6ee238f250e1f1517a9491032c8aeef45e3096f8c60fe39eb45570a9ed2a19c2671080fb03c84672b7a6d0050f45aaa2e93af2224c4b60edddc2d45831dacd11acc362166f47ff0f98148d5eea62845"}, @ibss={0x6, 0x2, 0x1}, @supported_rates={0x1, 0x2, [{0x4}, {0xc}]}]}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8, 0xcb, 0x7fffffff}, @NL80211_ATTR_TDLS_INITIATOR={0x4}]}, 0x150}, 0x1, 0x0, 0x0, 0x20000004}, 0x4) recvfrom(r1, &(0x7f0000000480)=""/110, 0xfffffe32, 0x734, 0x0, 0xffffffffffffff39) 01:16:17 executing program 1: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f000099e000)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$inet_tcp_int(r0, 0x6, 0x19, &(0x7f0000000000)=0x20, 0x4) sendto$inet(r0, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) sendmsg$NL80211_CMD_TDLS_MGMT(r0, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000180)={0x160, 0x0, 0x100, 0x70bd2b, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xc, 0x2a, [@mesh_chsw={0x76, 0x6, {0x0, 0x26, 0x3d, 0x6}}]}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8}, @NL80211_ATTR_IE={0x11e, 0x2a, [@mesh_id={0x72, 0x6}, @ht={0x2d, 0x1a, {0x8, 0x0, 0x1, 0x0, {0x3, 0x1, 0x0, 0x40, 0x0, 0x0, 0x0, 0x3, 0x1}, 0x8, 0x2, 0x2}}, @random_vendor={0xdd, 0xec, "5d4436042fb01afc776f15e249f78a5aa575849e3f8dfaf15c31ab8e96bc93a802a07f9a061d42824f799da013af85391831c9d4d7763587719e0a866b6530d86eec17b03908316c3b2f349db78ce75136f0513d4f0ded6c486518591507ef48244207ef1a137875c55b2461f29fc321232d421909e2e0b878d23b226b9204813abfd58338df63ec0f3a0aa1df08f6ee238f250e1f1517a9491032c8aeef45e3096f8c60fe39eb45570a9ed2a19c2671080fb03c84672b7a6d0050f45aaa2e93af2224c4b60edddc2d45831dacd11acc362166f47ff0f98148d5eea62845deed5ebbae8bd8bcb5c46cfa91e1"}, @ibss={0x6, 0x2, 0x1}, @supported_rates={0x1, 0x2, [{0x4}, {0xc}]}]}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8, 0xcb, 0x7fffffff}, @NL80211_ATTR_TDLS_INITIATOR={0x4}]}, 0x160}, 0x1, 0x0, 0x0, 0x20000004}, 0x4) recvfrom(r0, &(0x7f0000000480)=""/110, 0xfffffe32, 0x734, 0x0, 0xffffffffffffff39) [ 233.691345][T22437] loop2: detected capacity change from 0 to 264192 [ 233.701694][T22417] loop4: p2 size 1073872896 extends beyond EOD, truncated [ 233.790638][T22417] loop4: p3 size 1912633224 extends beyond EOD, truncated [ 233.818679][T22437] EXT4-fs error (device loop2): __ext4_iget:4846: inode #2: block 3646141627: comm syz-executor.2: invalid block [ 233.830663][T22437] EXT4-fs (loop2): get root inode failed [ 233.836338][T22437] EXT4-fs (loop2): mount failed [ 233.872020][T22417] loop4: p4 size 3657465856 extends beyond EOD, truncated 01:16:18 executing program 5 (fault-call:7 fault-nth:55): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x7a05, 0x1700) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) write$cgroup_int(r2, &(0x7f0000000200), 0xf000) pwrite64(0xffffffffffffffff, 0x0, 0x0, 0x0) sendfile(r2, r3, 0x0, 0xf03b0000) sendfile(r1, r0, 0x0, 0x8000000000004) 01:16:18 executing program 0: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="200000004000000003000000300080040f000000000000000200000002000000008000000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000000140)="ed41000000000000dbf4655fdcf4655fdcf4655f0000000000000400080000000000000005000000080000000000000000000000000000000000000000000000bb", 0x41, 0x4200}], 0x0, &(0x7f0000013a00)) 01:16:18 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(0xffffffffffffffff, 0x800c6613, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x800002, 0x12, r0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r1, &(0x7f000099e000)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$inet_tcp_int(r1, 0x6, 0x19, &(0x7f0000000000)=0x20, 0x4) sendto$inet(r1, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) ioctl$LOOP_GET_STATUS(0xffffffffffffffff, 0x125e, &(0x7f0000000080)) sendmsg$NL80211_CMD_TDLS_MGMT(r1, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000180)={0x150, 0x0, 0x100, 0x70bd2b, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xc, 0x2a, [@mesh_chsw={0x76, 0x6, {0x4, 0x26, 0x3d, 0x6}}]}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8}, @NL80211_ATTR_IE={0x110, 0x2a, [@mesh_id={0x72, 0x6}, @ht={0x2d, 0x1a, {0x8, 0x0, 0x1, 0x0, {0x3, 0x1, 0x0, 0x40, 0x0, 0x0, 0x0, 0x3, 0x1}, 0x8, 0x2, 0x2}}, @random_vendor={0xdd, 0xde, "5d4436042fb01afc776f15e249f78a5aa575849e3f8dfaf15c31ab8e96bc93a802a07f9a061d42824f799da013af85391831c9d4d7763587719e0a866b6530d86eec17b03908316c3b2f349db78ce75136f0513d4f0ded6c486518591507ef48244207ef1a137875c55b2461f29fc321232d421909e2e0b878d23b226b9204813abfd58338df63ec0f3a0aa1df08f6ee238f250e1f1517a9491032c8aeef45e3096f8c60fe39eb45570a9ed2a19c2671080fb03c84672b7a6d0050f45aaa2e93af2224c4b60edddc2d45831dacd11acc362166f47ff0f98148d5eea62845"}, @ibss={0x6, 0x2, 0x1}, @supported_rates={0x1, 0x2, [{0x4}, {0xc}]}]}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8, 0xcb, 0x7fffffff}, @NL80211_ATTR_TDLS_INITIATOR={0x4}]}, 0x150}, 0x1, 0x0, 0x0, 0x20000004}, 0x4) recvfrom(r1, &(0x7f0000000480)=""/110, 0xfffffe32, 0x734, 0x0, 0xffffffffffffff39) 01:16:18 executing program 1: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f000099e000)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$inet_tcp_int(r0, 0x6, 0x19, &(0x7f0000000000)=0x20, 0x4) sendto$inet(r0, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) sendmsg$NL80211_CMD_TDLS_MGMT(r0, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000180)={0x160, 0x0, 0x100, 0x70bd2b, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xc, 0x2a, [@mesh_chsw={0x76, 0x6, {0x0, 0x26, 0x3d, 0x6}}]}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8}, @NL80211_ATTR_IE={0x11e, 0x2a, [@mesh_id={0x72, 0x6}, @ht={0x2d, 0x1a, {0x8, 0x0, 0x1, 0x0, {0x3, 0x1, 0x0, 0x40, 0x0, 0x0, 0x0, 0x3, 0x1}, 0x8, 0x2, 0x2}}, @random_vendor={0xdd, 0xec, "5d4436042fb01afc776f15e249f78a5aa575849e3f8dfaf15c31ab8e96bc93a802a07f9a061d42824f799da013af85391831c9d4d7763587719e0a866b6530d86eec17b03908316c3b2f349db78ce75136f0513d4f0ded6c486518591507ef48244207ef1a137875c55b2461f29fc321232d421909e2e0b878d23b226b9204813abfd58338df63ec0f3a0aa1df08f6ee238f250e1f1517a9491032c8aeef45e3096f8c60fe39eb45570a9ed2a19c2671080fb03c84672b7a6d0050f45aaa2e93af2224c4b60edddc2d45831dacd11acc362166f47ff0f98148d5eea62845deed5ebbae8bd8bcb5c46cfa91e1"}, @ibss={0x6, 0x2, 0x1}, @supported_rates={0x1, 0x2, [{0x4}, {0xc}]}]}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8, 0xcb, 0x7fffffff}, @NL80211_ATTR_TDLS_INITIATOR={0x4}]}, 0x160}, 0x1, 0x0, 0x0, 0x20000004}, 0x4) recvfrom(r0, &(0x7f0000000480)=""/110, 0xfffffe32, 0x734, 0x0, 0xffffffffffffff39) 01:16:18 executing program 4: syz_read_part_table(0xffffefff, 0x1, &(0x7f0000000040)=[{&(0x7f0000000000)="020181ffffff0a000000ff45ac0000ffffffa9000800000000000000024000ffffff82000000e10000008877007200300700a6ffffff00000000008000da55aa", 0x40, 0x1c0}]) [ 233.996600][T22437] loop2: detected capacity change from 0 to 264192 [ 234.004592][T22437] EXT4-fs error (device loop2): __ext4_iget:4846: inode #2: block 3646141627: comm syz-executor.2: invalid block [ 234.016646][T22437] EXT4-fs (loop2): get root inode failed [ 234.022296][T22437] EXT4-fs (loop2): mount failed 01:16:18 executing program 1: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f000099e000)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$inet_tcp_int(r0, 0x6, 0x19, &(0x7f0000000000)=0x20, 0x4) sendto$inet(r0, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) sendmsg$NL80211_CMD_TDLS_MGMT(r0, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000180)={0x160, 0x0, 0x100, 0x70bd2b, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xc, 0x2a, [@mesh_chsw={0x76, 0x6, {0x0, 0x26, 0x3d, 0x6}}]}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8}, @NL80211_ATTR_IE={0x11e, 0x2a, [@mesh_id={0x72, 0x6}, @ht={0x2d, 0x1a, {0x8, 0x0, 0x1, 0x0, {0x3, 0x1, 0x0, 0x40, 0x0, 0x0, 0x0, 0x3, 0x1}, 0x8, 0x2, 0x2}}, @random_vendor={0xdd, 0xec, "5d4436042fb01afc776f15e249f78a5aa575849e3f8dfaf15c31ab8e96bc93a802a07f9a061d42824f799da013af85391831c9d4d7763587719e0a866b6530d86eec17b03908316c3b2f349db78ce75136f0513d4f0ded6c486518591507ef48244207ef1a137875c55b2461f29fc321232d421909e2e0b878d23b226b9204813abfd58338df63ec0f3a0aa1df08f6ee238f250e1f1517a9491032c8aeef45e3096f8c60fe39eb45570a9ed2a19c2671080fb03c84672b7a6d0050f45aaa2e93af2224c4b60edddc2d45831dacd11acc362166f47ff0f98148d5eea62845deed5ebbae8bd8bcb5c46cfa91e1"}, @ibss={0x6, 0x2, 0x1}, @supported_rates={0x1, 0x2, [{0x4}, {0xc}]}]}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8, 0xcb, 0x7fffffff}, @NL80211_ATTR_TDLS_INITIATOR={0x4}]}, 0x160}, 0x1, 0x0, 0x0, 0x20000004}, 0x4) recvfrom(r0, &(0x7f0000000480)=""/110, 0xfffffe32, 0x734, 0x0, 0xffffffffffffff39) [ 234.115040][T22484] loop4: detected capacity change from 0 to 264192 [ 234.152016][T22487] FAULT_INJECTION: forcing a failure. [ 234.152016][T22487] name failslab, interval 1, probability 0, space 0, times 0 [ 234.164736][T22487] CPU: 0 PID: 22487 Comm: syz-executor.5 Tainted: G W 5.14.0-syzkaller #0 [ 234.174551][T22487] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 234.184604][T22487] Call Trace: [ 234.187884][T22487] dump_stack_lvl+0xb7/0x103 [ 234.192472][T22487] dump_stack+0x11/0x1a [ 234.196811][T22487] should_fail+0x23c/0x250 [ 234.201315][T22487] ? mempool_alloc_slab+0x16/0x20 [ 234.206350][T22487] __should_failslab+0x81/0x90 [ 234.211313][T22487] should_failslab+0x5/0x20 [ 234.215799][T22487] kmem_cache_alloc+0x46/0x2e0 [ 234.220558][T22487] mempool_alloc_slab+0x16/0x20 [ 234.225397][T22487] ? mempool_free+0x130/0x130 [ 234.230059][T22487] mempool_alloc+0x8c/0x300 [ 234.234609][T22487] sg_pool_alloc+0x74/0x90 [ 234.239045][T22487] __sg_alloc_table+0xce/0x290 [ 234.244116][T22487] sg_alloc_table_chained+0xaf/0x140 [ 234.249414][T22487] ? sg_alloc_table_chained+0x140/0x140 [ 234.254956][T22487] scsi_alloc_sgtables+0x17c/0x500 [ 234.260137][T22487] sd_init_command+0x96a/0x1640 [ 234.264969][T22487] scsi_queue_rq+0x10e0/0x15a0 [ 234.269748][T22487] blk_mq_dispatch_rq_list+0x695/0x1040 [ 234.275298][T22487] ? __sbitmap_queue_get+0x11/0x20 [ 234.280475][T22487] blk_mq_do_dispatch_sched+0x3b5/0x640 [ 234.286069][T22487] __blk_mq_sched_dispatch_requests+0x1eb/0x290 [ 234.292291][T22487] ? rb_insert_color+0x2fa/0x310 [ 234.297257][T22487] blk_mq_sched_dispatch_requests+0x9f/0x110 [ 234.303263][T22487] __blk_mq_run_hw_queue+0xbc/0x140 [ 234.308506][T22487] __blk_mq_delay_run_hw_queue+0x163/0x2f0 [ 234.314331][T22487] blk_mq_run_hw_queue+0x22c/0x250 [ 234.319486][T22487] blk_mq_sched_insert_requests+0x12b/0x1f0 [ 234.325411][T22487] blk_mq_flush_plug_list+0x2f2/0x3c0 [ 234.330840][T22487] blk_flush_plug_list+0x235/0x260 [ 234.335978][T22487] blk_finish_plug+0x44/0x60 [ 234.340575][T22487] __iomap_dio_rw+0x797/0xa60 [ 234.345289][T22487] iomap_dio_rw+0x30/0x70 [ 234.349598][T22487] ext4_file_write_iter+0xa5e/0x11a0 [ 234.354867][T22487] do_iter_readv_writev+0x2cd/0x370 [ 234.360103][T22487] do_iter_write+0x192/0x5c0 [ 234.364722][T22487] ? splice_from_pipe_next+0x34f/0x3b0 [ 234.370188][T22487] ? kmalloc_array+0x2d/0x40 [ 234.374813][T22487] vfs_iter_write+0x4c/0x70 [ 234.379292][T22487] iter_file_splice_write+0x40a/0x750 [ 234.384731][T22487] ? splice_from_pipe+0xc0/0xc0 [ 234.389710][T22487] direct_splice_actor+0x80/0xa0 [ 234.394631][T22487] splice_direct_to_actor+0x345/0x650 [ 234.400030][T22487] ? do_splice_direct+0x170/0x170 [ 234.405044][T22487] do_splice_direct+0xf5/0x170 [ 234.409821][T22487] do_sendfile+0x618/0xb90 [ 234.414214][T22487] __x64_sys_sendfile64+0xf2/0x130 [ 234.419315][T22487] do_syscall_64+0x3d/0x90 [ 234.423714][T22487] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 234.429666][T22487] RIP: 0033:0x4665f9 [ 234.433535][T22487] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 234.453153][T22487] RSP: 002b:00007f439350a188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 01:16:18 executing program 1: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f000099e000)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$inet_tcp_int(r0, 0x6, 0x19, &(0x7f0000000000)=0x20, 0x4) sendto$inet(r0, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) sendmsg$NL80211_CMD_TDLS_MGMT(r0, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000180)={0x160, 0x0, 0x100, 0x70bd2b, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xc, 0x2a, [@mesh_chsw={0x76, 0x6, {0x4, 0x0, 0x3d, 0x6}}]}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8}, @NL80211_ATTR_IE={0x11e, 0x2a, [@mesh_id={0x72, 0x6}, @ht={0x2d, 0x1a, {0x8, 0x0, 0x1, 0x0, {0x3, 0x1, 0x0, 0x40, 0x0, 0x0, 0x0, 0x3, 0x1}, 0x8, 0x2, 0x2}}, @random_vendor={0xdd, 0xec, "5d4436042fb01afc776f15e249f78a5aa575849e3f8dfaf15c31ab8e96bc93a802a07f9a061d42824f799da013af85391831c9d4d7763587719e0a866b6530d86eec17b03908316c3b2f349db78ce75136f0513d4f0ded6c486518591507ef48244207ef1a137875c55b2461f29fc321232d421909e2e0b878d23b226b9204813abfd58338df63ec0f3a0aa1df08f6ee238f250e1f1517a9491032c8aeef45e3096f8c60fe39eb45570a9ed2a19c2671080fb03c84672b7a6d0050f45aaa2e93af2224c4b60edddc2d45831dacd11acc362166f47ff0f98148d5eea62845deed5ebbae8bd8bcb5c46cfa91e1"}, @ibss={0x6, 0x2, 0x1}, @supported_rates={0x1, 0x2, [{0x4}, {0xc}]}]}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8, 0xcb, 0x7fffffff}, @NL80211_ATTR_TDLS_INITIATOR={0x4}]}, 0x160}, 0x1, 0x0, 0x0, 0x20000004}, 0x4) recvfrom(r0, &(0x7f0000000480)=""/110, 0xfffffe32, 0x734, 0x0, 0xffffffffffffff39) 01:16:18 executing program 0: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="200000004000000003000000300000050f000000000000000200000002000000008000000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000000140)="ed41000000000000dbf4655fdcf4655fdcf4655f0000000000000400080000000000000005000000080000000000000000000000000000000000000000000000bb", 0x41, 0x4200}], 0x0, &(0x7f0000013a00)) 01:16:18 executing program 2: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x36000000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="200000004000000003000000300000000f000000000000000200000002000000008000000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000000140)="ed41000000000000dbf4655fdcf4655fdcf4655f0000000000000400080000000000000005000000080000000000000000000000000000000000000000000000bbb453d966251f49b1ab9b5b4d3c3f8ccc23b5d09ae234926a1e667ee0255913fede62ba578c07a711", 0x69, 0x4200}], 0x0, &(0x7f0000013a00)) 01:16:18 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(0xffffffffffffffff, 0x800c6613, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x800002, 0x12, r0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r1, &(0x7f000099e000)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$inet_tcp_int(r1, 0x6, 0x19, &(0x7f0000000000)=0x20, 0x4) sendto$inet(r1, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) ioctl$LOOP_GET_STATUS(0xffffffffffffffff, 0x125e, &(0x7f0000000080)) sendmsg$NL80211_CMD_TDLS_MGMT(r1, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000180)={0x150, 0x0, 0x100, 0x70bd2b, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xc, 0x2a, [@mesh_chsw={0x76, 0x6, {0x4, 0x26, 0x3d, 0x6}}]}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8}, @NL80211_ATTR_IE={0x110, 0x2a, [@mesh_id={0x72, 0x6}, @ht={0x2d, 0x1a, {0x8, 0x0, 0x1, 0x0, {0x3, 0x1, 0x0, 0x40, 0x0, 0x0, 0x0, 0x3, 0x1}, 0x8, 0x2, 0x2}}, @random_vendor={0xdd, 0xde, "5d4436042fb01afc776f15e249f78a5aa575849e3f8dfaf15c31ab8e96bc93a802a07f9a061d42824f799da013af85391831c9d4d7763587719e0a866b6530d86eec17b03908316c3b2f349db78ce75136f0513d4f0ded6c486518591507ef48244207ef1a137875c55b2461f29fc321232d421909e2e0b878d23b226b9204813abfd58338df63ec0f3a0aa1df08f6ee238f250e1f1517a9491032c8aeef45e3096f8c60fe39eb45570a9ed2a19c2671080fb03c84672b7a6d0050f45aaa2e93af2224c4b60edddc2d45831dacd11acc362166f47ff0f98148d5eea62845"}, @ibss={0x6, 0x2, 0x1}, @supported_rates={0x1, 0x2, [{0x4}, {0xc}]}]}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8, 0xcb, 0x7fffffff}, @NL80211_ATTR_TDLS_INITIATOR={0x4}]}, 0x150}, 0x1, 0x0, 0x0, 0x20000004}, 0x4) recvfrom(r1, &(0x7f0000000480)=""/110, 0xfffffe32, 0x734, 0x0, 0xffffffffffffff39) [ 234.461559][T22487] RAX: ffffffffffffffda RBX: 000000000056c038 RCX: 00000000004665f9 [ 234.469517][T22487] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000004 [ 234.477470][T22487] RBP: 00007f439350a1d0 R08: 0000000000000000 R09: 0000000000000000 [ 234.485535][T22487] R10: 0008000000000004 R11: 0000000000000246 R12: 0000000000000002 [ 234.493482][T22487] R13: 00007ffeba6dfb3f R14: 00007f439350a300 R15: 0000000000022000 [ 234.532009][T21839] loop4: p1 p2 p3 p4 [ 234.536285][T21839] loop4: p1 size 11290111 extends beyond EOD, truncated 01:16:18 executing program 1: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f000099e000)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$inet_tcp_int(r0, 0x6, 0x19, &(0x7f0000000000)=0x20, 0x4) sendto$inet(r0, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) sendmsg$NL80211_CMD_TDLS_MGMT(r0, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000180)={0x160, 0x0, 0x100, 0x70bd2b, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xc, 0x2a, [@mesh_chsw={0x76, 0x6, {0x4, 0x0, 0x3d, 0x6}}]}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8}, @NL80211_ATTR_IE={0x11e, 0x2a, [@mesh_id={0x72, 0x6}, @ht={0x2d, 0x1a, {0x8, 0x0, 0x1, 0x0, {0x3, 0x1, 0x0, 0x40, 0x0, 0x0, 0x0, 0x3, 0x1}, 0x8, 0x2, 0x2}}, @random_vendor={0xdd, 0xec, "5d4436042fb01afc776f15e249f78a5aa575849e3f8dfaf15c31ab8e96bc93a802a07f9a061d42824f799da013af85391831c9d4d7763587719e0a866b6530d86eec17b03908316c3b2f349db78ce75136f0513d4f0ded6c486518591507ef48244207ef1a137875c55b2461f29fc321232d421909e2e0b878d23b226b9204813abfd58338df63ec0f3a0aa1df08f6ee238f250e1f1517a9491032c8aeef45e3096f8c60fe39eb45570a9ed2a19c2671080fb03c84672b7a6d0050f45aaa2e93af2224c4b60edddc2d45831dacd11acc362166f47ff0f98148d5eea62845deed5ebbae8bd8bcb5c46cfa91e1"}, @ibss={0x6, 0x2, 0x1}, @supported_rates={0x1, 0x2, [{0x4}, {0xc}]}]}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8, 0xcb, 0x7fffffff}, @NL80211_ATTR_TDLS_INITIATOR={0x4}]}, 0x160}, 0x1, 0x0, 0x0, 0x20000004}, 0x4) recvfrom(r0, &(0x7f0000000480)=""/110, 0xfffffe32, 0x734, 0x0, 0xffffffffffffff39) 01:16:18 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(0xffffffffffffffff, 0x800c6613, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x800002, 0x12, r0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r1, &(0x7f000099e000)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$inet_tcp_int(r1, 0x6, 0x19, &(0x7f0000000000)=0x20, 0x4) sendto$inet(r1, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) ioctl$LOOP_GET_STATUS(0xffffffffffffffff, 0x125e, &(0x7f0000000080)) sendmsg$NL80211_CMD_TDLS_MGMT(r1, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000180)={0x158, 0x0, 0x100, 0x70bd2b, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xc, 0x2a, [@mesh_chsw={0x76, 0x6, {0x4, 0x26, 0x3d, 0x6}}]}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8}, @NL80211_ATTR_IE={0x117, 0x2a, [@mesh_id={0x72, 0x6}, @ht={0x2d, 0x1a, {0x8, 0x0, 0x1, 0x0, {0x3, 0x1, 0x0, 0x40, 0x0, 0x0, 0x0, 0x3, 0x1}, 0x8, 0x2, 0x2}}, @random_vendor={0xdd, 0xe5, "5d4436042fb01afc776f15e249f78a5aa575849e3f8dfaf15c31ab8e96bc93a802a07f9a061d42824f799da013af85391831c9d4d7763587719e0a866b6530d86eec17b03908316c3b2f349db78ce75136f0513d4f0ded6c486518591507ef48244207ef1a137875c55b2461f29fc321232d421909e2e0b878d23b226b9204813abfd58338df63ec0f3a0aa1df08f6ee238f250e1f1517a9491032c8aeef45e3096f8c60fe39eb45570a9ed2a19c2671080fb03c84672b7a6d0050f45aaa2e93af2224c4b60edddc2d45831dacd11acc362166f47ff0f98148d5eea62845deed5ebbae8bd8"}, @ibss={0x6, 0x2, 0x1}, @supported_rates={0x1, 0x2, [{0x4}, {0xc}]}]}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8, 0xcb, 0x7fffffff}, @NL80211_ATTR_TDLS_INITIATOR={0x4}]}, 0x158}, 0x1, 0x0, 0x0, 0x20000004}, 0x4) recvfrom(r1, &(0x7f0000000480)=""/110, 0xfffffe32, 0x734, 0x0, 0xffffffffffffff39) [ 234.579715][T21839] loop4: p2 size 1073872896 extends beyond EOD, truncated [ 234.604385][T22503] loop2: detected capacity change from 0 to 264192 [ 234.646592][T21839] loop4: p3 size 1912633224 extends beyond EOD, truncated [ 234.690649][T22503] EXT4-fs error (device loop2): __ext4_iget:4846: inode #2: block 3646141627: comm syz-executor.2: invalid block [ 234.702797][T22503] EXT4-fs (loop2): get root inode failed [ 234.708432][T22503] EXT4-fs (loop2): mount failed [ 234.736499][T21839] loop4: p4 size 3657465856 extends beyond EOD, truncated [ 234.774974][T22484] loop4: p1 p2 p3 p4 [ 234.779474][T22484] loop4: p1 size 11290111 extends beyond EOD, truncated [ 234.792813][T22484] loop4: p2 size 1073872896 extends beyond EOD, truncated [ 234.801009][T22484] loop4: p3 size 1912633224 extends beyond EOD, truncated [ 234.809272][T22484] loop4: p4 size 3657465856 extends beyond EOD, truncated [ 234.843343][T22503] loop2: detected capacity change from 0 to 264192 01:16:19 executing program 5 (fault-call:7 fault-nth:56): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x7a05, 0x1700) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) write$cgroup_int(r2, &(0x7f0000000200), 0xf000) pwrite64(0xffffffffffffffff, 0x0, 0x0, 0x0) sendfile(r2, r3, 0x0, 0xf03b0000) sendfile(r1, r0, 0x0, 0x8000000000004) 01:16:19 executing program 0: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000400000000300000030002e050f000000000000000200000002000000008000000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000000140)="ed41000000000000dbf4655fdcf4655fdcf4655f0000000000000400080000000000000005000000080000000000000000000000000000000000000000000000bb", 0x41, 0x4200}], 0x0, &(0x7f0000013a00)) 01:16:19 executing program 1: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f000099e000)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$inet_tcp_int(r0, 0x6, 0x19, &(0x7f0000000000)=0x20, 0x4) sendto$inet(r0, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) sendmsg$NL80211_CMD_TDLS_MGMT(r0, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000180)={0x160, 0x0, 0x100, 0x70bd2b, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xc, 0x2a, [@mesh_chsw={0x76, 0x6, {0x4, 0x0, 0x3d, 0x6}}]}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8}, @NL80211_ATTR_IE={0x11e, 0x2a, [@mesh_id={0x72, 0x6}, @ht={0x2d, 0x1a, {0x8, 0x0, 0x1, 0x0, {0x3, 0x1, 0x0, 0x40, 0x0, 0x0, 0x0, 0x3, 0x1}, 0x8, 0x2, 0x2}}, @random_vendor={0xdd, 0xec, "5d4436042fb01afc776f15e249f78a5aa575849e3f8dfaf15c31ab8e96bc93a802a07f9a061d42824f799da013af85391831c9d4d7763587719e0a866b6530d86eec17b03908316c3b2f349db78ce75136f0513d4f0ded6c486518591507ef48244207ef1a137875c55b2461f29fc321232d421909e2e0b878d23b226b9204813abfd58338df63ec0f3a0aa1df08f6ee238f250e1f1517a9491032c8aeef45e3096f8c60fe39eb45570a9ed2a19c2671080fb03c84672b7a6d0050f45aaa2e93af2224c4b60edddc2d45831dacd11acc362166f47ff0f98148d5eea62845deed5ebbae8bd8bcb5c46cfa91e1"}, @ibss={0x6, 0x2, 0x1}, @supported_rates={0x1, 0x2, [{0x4}, {0xc}]}]}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8, 0xcb, 0x7fffffff}, @NL80211_ATTR_TDLS_INITIATOR={0x4}]}, 0x160}, 0x1, 0x0, 0x0, 0x20000004}, 0x4) recvfrom(r0, &(0x7f0000000480)=""/110, 0xfffffe32, 0x734, 0x0, 0xffffffffffffff39) 01:16:19 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(0xffffffffffffffff, 0x800c6613, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x800002, 0x12, r0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r1, &(0x7f000099e000)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$inet_tcp_int(r1, 0x6, 0x19, &(0x7f0000000000)=0x20, 0x4) sendto$inet(r1, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) ioctl$LOOP_GET_STATUS(0xffffffffffffffff, 0x125e, &(0x7f0000000080)) sendmsg$NL80211_CMD_TDLS_MGMT(r1, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000180)={0x158, 0x0, 0x100, 0x70bd2b, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xc, 0x2a, [@mesh_chsw={0x76, 0x6, {0x4, 0x26, 0x3d, 0x6}}]}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8}, @NL80211_ATTR_IE={0x117, 0x2a, [@mesh_id={0x72, 0x6}, @ht={0x2d, 0x1a, {0x8, 0x0, 0x1, 0x0, {0x3, 0x1, 0x0, 0x40, 0x0, 0x0, 0x0, 0x3, 0x1}, 0x8, 0x2, 0x2}}, @random_vendor={0xdd, 0xe5, "5d4436042fb01afc776f15e249f78a5aa575849e3f8dfaf15c31ab8e96bc93a802a07f9a061d42824f799da013af85391831c9d4d7763587719e0a866b6530d86eec17b03908316c3b2f349db78ce75136f0513d4f0ded6c486518591507ef48244207ef1a137875c55b2461f29fc321232d421909e2e0b878d23b226b9204813abfd58338df63ec0f3a0aa1df08f6ee238f250e1f1517a9491032c8aeef45e3096f8c60fe39eb45570a9ed2a19c2671080fb03c84672b7a6d0050f45aaa2e93af2224c4b60edddc2d45831dacd11acc362166f47ff0f98148d5eea62845deed5ebbae8bd8"}, @ibss={0x6, 0x2, 0x1}, @supported_rates={0x1, 0x2, [{0x4}, {0xc}]}]}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8, 0xcb, 0x7fffffff}, @NL80211_ATTR_TDLS_INITIATOR={0x4}]}, 0x158}, 0x1, 0x0, 0x0, 0x20000004}, 0x4) recvfrom(r1, &(0x7f0000000480)=""/110, 0xfffffe32, 0x734, 0x0, 0xffffffffffffff39) 01:16:19 executing program 4: syz_read_part_table(0xfffffdfd, 0x1, &(0x7f0000000040)=[{&(0x7f0000000000)="020181ffffff0a000000ff45ac0000ffffffa9000800000000000000024000ffffff82000000e10000008877007200300700a6ffffff00000000008000da55aa", 0x40, 0x1c0}]) [ 234.883490][T22503] EXT4-fs error (device loop2): __ext4_iget:4846: inode #2: block 3646141627: comm syz-executor.2: invalid block [ 234.895460][T22503] EXT4-fs (loop2): get root inode failed [ 234.901164][T22503] EXT4-fs (loop2): mount failed [ 235.008842][T22550] FAULT_INJECTION: forcing a failure. [ 235.008842][T22550] name failslab, interval 1, probability 0, space 0, times 0 [ 235.021484][T22550] CPU: 0 PID: 22550 Comm: syz-executor.5 Tainted: G W 5.14.0-syzkaller #0 [ 235.022837][T22555] loop4: detected capacity change from 0 to 264192 [ 235.031282][T22550] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 235.031296][T22550] Call Trace: [ 235.031302][T22550] dump_stack_lvl+0xb7/0x103 [ 235.055694][T22550] dump_stack+0x11/0x1a [ 235.059864][T22550] should_fail+0x23c/0x250 [ 235.064318][T22550] ? kmalloc_array+0x2d/0x40 [ 235.068907][T22550] __should_failslab+0x81/0x90 [ 235.073664][T22550] should_failslab+0x5/0x20 [ 235.078169][T22550] __kmalloc+0x66/0x340 [ 235.082319][T22550] ? ktime_get_coarse_real_ts64+0x10d/0x120 [ 235.088277][T22550] ? splice_from_pipe+0xc0/0xc0 [ 235.093171][T22550] kmalloc_array+0x2d/0x40 [ 235.097621][T22550] iter_file_splice_write+0xc6/0x750 [ 235.102930][T22550] ? atime_needs_update+0x239/0x390 [ 235.108102][T22550] ? touch_atime+0xcf/0x240 [ 235.112579][T22550] ? generic_file_splice_read+0x286/0x310 [ 235.118329][T22550] ? splice_from_pipe+0xc0/0xc0 [ 235.123249][T22550] direct_splice_actor+0x80/0xa0 [ 235.128191][T22550] splice_direct_to_actor+0x345/0x650 [ 235.133538][T22550] ? do_splice_direct+0x170/0x170 [ 235.138616][T22550] do_splice_direct+0xf5/0x170 [ 235.143416][T22550] do_sendfile+0x618/0xb90 [ 235.147819][T22550] __x64_sys_sendfile64+0xf2/0x130 [ 235.152978][T22550] do_syscall_64+0x3d/0x90 [ 235.157373][T22550] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 235.163338][T22550] RIP: 0033:0x4665f9 [ 235.167226][T22550] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 235.186863][T22550] RSP: 002b:00007f439350a188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 235.195251][T22550] RAX: ffffffffffffffda RBX: 000000000056c038 RCX: 00000000004665f9 01:16:19 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(0xffffffffffffffff, 0x800c6613, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x800002, 0x12, r0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r1, &(0x7f000099e000)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$inet_tcp_int(r1, 0x6, 0x19, &(0x7f0000000000)=0x20, 0x4) sendto$inet(r1, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) ioctl$LOOP_GET_STATUS(0xffffffffffffffff, 0x125e, &(0x7f0000000080)) sendmsg$NL80211_CMD_TDLS_MGMT(r1, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000180)={0x158, 0x0, 0x100, 0x70bd2b, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xc, 0x2a, [@mesh_chsw={0x76, 0x6, {0x4, 0x26, 0x3d, 0x6}}]}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8}, @NL80211_ATTR_IE={0x117, 0x2a, [@mesh_id={0x72, 0x6}, @ht={0x2d, 0x1a, {0x8, 0x0, 0x1, 0x0, {0x3, 0x1, 0x0, 0x40, 0x0, 0x0, 0x0, 0x3, 0x1}, 0x8, 0x2, 0x2}}, @random_vendor={0xdd, 0xe5, "5d4436042fb01afc776f15e249f78a5aa575849e3f8dfaf15c31ab8e96bc93a802a07f9a061d42824f799da013af85391831c9d4d7763587719e0a866b6530d86eec17b03908316c3b2f349db78ce75136f0513d4f0ded6c486518591507ef48244207ef1a137875c55b2461f29fc321232d421909e2e0b878d23b226b9204813abfd58338df63ec0f3a0aa1df08f6ee238f250e1f1517a9491032c8aeef45e3096f8c60fe39eb45570a9ed2a19c2671080fb03c84672b7a6d0050f45aaa2e93af2224c4b60edddc2d45831dacd11acc362166f47ff0f98148d5eea62845deed5ebbae8bd8"}, @ibss={0x6, 0x2, 0x1}, @supported_rates={0x1, 0x2, [{0x4}, {0xc}]}]}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8, 0xcb, 0x7fffffff}, @NL80211_ATTR_TDLS_INITIATOR={0x4}]}, 0x158}, 0x1, 0x0, 0x0, 0x20000004}, 0x4) recvfrom(r1, &(0x7f0000000480)=""/110, 0xfffffe32, 0x734, 0x0, 0xffffffffffffff39) 01:16:19 executing program 1: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f000099e000)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$inet_tcp_int(r0, 0x6, 0x19, &(0x7f0000000000)=0x20, 0x4) sendto$inet(r0, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) sendmsg$NL80211_CMD_TDLS_MGMT(r0, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000180)={0x160, 0x0, 0x100, 0x70bd2b, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xc, 0x2a, [@mesh_chsw={0x76, 0x6, {0x4, 0x26, 0x0, 0x6}}]}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8}, @NL80211_ATTR_IE={0x11e, 0x2a, [@mesh_id={0x72, 0x6}, @ht={0x2d, 0x1a, {0x8, 0x0, 0x1, 0x0, {0x3, 0x1, 0x0, 0x40, 0x0, 0x0, 0x0, 0x3, 0x1}, 0x8, 0x2, 0x2}}, @random_vendor={0xdd, 0xec, "5d4436042fb01afc776f15e249f78a5aa575849e3f8dfaf15c31ab8e96bc93a802a07f9a061d42824f799da013af85391831c9d4d7763587719e0a866b6530d86eec17b03908316c3b2f349db78ce75136f0513d4f0ded6c486518591507ef48244207ef1a137875c55b2461f29fc321232d421909e2e0b878d23b226b9204813abfd58338df63ec0f3a0aa1df08f6ee238f250e1f1517a9491032c8aeef45e3096f8c60fe39eb45570a9ed2a19c2671080fb03c84672b7a6d0050f45aaa2e93af2224c4b60edddc2d45831dacd11acc362166f47ff0f98148d5eea62845deed5ebbae8bd8bcb5c46cfa91e1"}, @ibss={0x6, 0x2, 0x1}, @supported_rates={0x1, 0x2, [{0x4}, {0xc}]}]}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8, 0xcb, 0x7fffffff}, @NL80211_ATTR_TDLS_INITIATOR={0x4}]}, 0x160}, 0x1, 0x0, 0x0, 0x20000004}, 0x4) recvfrom(r0, &(0x7f0000000480)=""/110, 0xfffffe32, 0x734, 0x0, 0xffffffffffffff39) 01:16:19 executing program 0: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="200000004000000003000000300000060f000000000000000200000002000000008000000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000000140)="ed41000000000000dbf4655fdcf4655fdcf4655f0000000000000400080000000000000005000000080000000000000000000000000000000000000000000000bb", 0x41, 0x4200}], 0x0, &(0x7f0000013a00)) 01:16:19 executing program 2: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x3f000000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="200000004000000003000000300000000f000000000000000200000002000000008000000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000000140)="ed41000000000000dbf4655fdcf4655fdcf4655f0000000000000400080000000000000005000000080000000000000000000000000000000000000000000000bbb453d966251f49b1ab9b5b4d3c3f8ccc23b5d09ae234926a1e667ee0255913fede62ba578c07a711", 0x69, 0x4200}], 0x0, &(0x7f0000013a00)) [ 235.203196][T22550] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000004 [ 235.211157][T22550] RBP: 00007f439350a1d0 R08: 0000000000000000 R09: 0000000000000000 [ 235.219108][T22550] R10: 0008000000000004 R11: 0000000000000246 R12: 0000000000000002 [ 235.227076][T22550] R13: 00007ffeba6dfb3f R14: 00007f439350a300 R15: 0000000000022000 [ 235.275323][T22555] loop4: p1 p2 p3 p4 [ 235.282825][T22555] loop4: p1 size 11290111 extends beyond EOD, truncated 01:16:19 executing program 0: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="200000004000000003000000300004060f000000000000000200000002000000008000000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000000140)="ed41000000000000dbf4655fdcf4655fdcf4655f0000000000000400080000000000000005000000080000000000000000000000000000000000000000000000bb", 0x41, 0x4200}], 0x0, &(0x7f0000013a00)) 01:16:19 executing program 1: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f000099e000)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$inet_tcp_int(r0, 0x6, 0x19, &(0x7f0000000000)=0x20, 0x4) sendto$inet(r0, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) sendmsg$NL80211_CMD_TDLS_MGMT(r0, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000180)={0x160, 0x0, 0x100, 0x70bd2b, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xc, 0x2a, [@mesh_chsw={0x76, 0x6, {0x4, 0x26, 0x0, 0x6}}]}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8}, @NL80211_ATTR_IE={0x11e, 0x2a, [@mesh_id={0x72, 0x6}, @ht={0x2d, 0x1a, {0x8, 0x0, 0x1, 0x0, {0x3, 0x1, 0x0, 0x40, 0x0, 0x0, 0x0, 0x3, 0x1}, 0x8, 0x2, 0x2}}, @random_vendor={0xdd, 0xec, "5d4436042fb01afc776f15e249f78a5aa575849e3f8dfaf15c31ab8e96bc93a802a07f9a061d42824f799da013af85391831c9d4d7763587719e0a866b6530d86eec17b03908316c3b2f349db78ce75136f0513d4f0ded6c486518591507ef48244207ef1a137875c55b2461f29fc321232d421909e2e0b878d23b226b9204813abfd58338df63ec0f3a0aa1df08f6ee238f250e1f1517a9491032c8aeef45e3096f8c60fe39eb45570a9ed2a19c2671080fb03c84672b7a6d0050f45aaa2e93af2224c4b60edddc2d45831dacd11acc362166f47ff0f98148d5eea62845deed5ebbae8bd8bcb5c46cfa91e1"}, @ibss={0x6, 0x2, 0x1}, @supported_rates={0x1, 0x2, [{0x4}, {0xc}]}]}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8, 0xcb, 0x7fffffff}, @NL80211_ATTR_TDLS_INITIATOR={0x4}]}, 0x160}, 0x1, 0x0, 0x0, 0x20000004}, 0x4) recvfrom(r0, &(0x7f0000000480)=""/110, 0xfffffe32, 0x734, 0x0, 0xffffffffffffff39) 01:16:19 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(0xffffffffffffffff, 0x800c6613, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x800002, 0x12, r0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r1, &(0x7f000099e000)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$inet_tcp_int(r1, 0x6, 0x19, &(0x7f0000000000)=0x20, 0x4) sendto$inet(r1, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) ioctl$LOOP_GET_STATUS(0xffffffffffffffff, 0x125e, &(0x7f0000000080)) sendmsg$NL80211_CMD_TDLS_MGMT(r1, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000180)={0x15c, 0x0, 0x100, 0x70bd2b, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xc, 0x2a, [@mesh_chsw={0x76, 0x6, {0x4, 0x26, 0x3d, 0x6}}]}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8}, @NL80211_ATTR_IE={0x11b, 0x2a, [@mesh_id={0x72, 0x6}, @ht={0x2d, 0x1a, {0x8, 0x0, 0x1, 0x0, {0x3, 0x1, 0x0, 0x40, 0x0, 0x0, 0x0, 0x3, 0x1}, 0x8, 0x2, 0x2}}, @random_vendor={0xdd, 0xe9, "5d4436042fb01afc776f15e249f78a5aa575849e3f8dfaf15c31ab8e96bc93a802a07f9a061d42824f799da013af85391831c9d4d7763587719e0a866b6530d86eec17b03908316c3b2f349db78ce75136f0513d4f0ded6c486518591507ef48244207ef1a137875c55b2461f29fc321232d421909e2e0b878d23b226b9204813abfd58338df63ec0f3a0aa1df08f6ee238f250e1f1517a9491032c8aeef45e3096f8c60fe39eb45570a9ed2a19c2671080fb03c84672b7a6d0050f45aaa2e93af2224c4b60edddc2d45831dacd11acc362166f47ff0f98148d5eea62845deed5ebbae8bd8bcb5c46c"}, @ibss={0x6, 0x2, 0x1}, @supported_rates={0x1, 0x2, [{0x4}, {0xc}]}]}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8, 0xcb, 0x7fffffff}, @NL80211_ATTR_TDLS_INITIATOR={0x4}]}, 0x15c}, 0x1, 0x0, 0x0, 0x20000004}, 0x4) recvfrom(r1, &(0x7f0000000480)=""/110, 0xfffffe32, 0x734, 0x0, 0xffffffffffffff39) [ 235.340066][T22555] loop4: p2 size 1073872896 extends beyond EOD, truncated [ 235.356460][T22574] loop2: detected capacity change from 0 to 264192 [ 235.400252][T22555] loop4: p3 size 1912633224 extends beyond EOD, truncated [ 235.465542][T22574] EXT4-fs error (device loop2): __ext4_iget:4846: inode #2: block 3646141627: comm syz-executor.2: invalid block [ 235.477846][T22574] EXT4-fs (loop2): get root inode failed [ 235.483526][T22574] EXT4-fs (loop2): mount failed [ 235.491953][T22555] loop4: p4 size 3657465856 extends beyond EOD, truncated [ 235.642709][T22574] loop2: detected capacity change from 0 to 264192 [ 235.688213][T22574] EXT4-fs error (device loop2): __ext4_iget:4846: inode #2: block 3646141627: comm syz-executor.2: invalid block [ 235.700178][T22574] EXT4-fs (loop2): get root inode failed [ 235.705903][T22574] EXT4-fs (loop2): mount failed 01:16:20 executing program 5 (fault-call:7 fault-nth:57): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x7a05, 0x1700) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) write$cgroup_int(r2, &(0x7f0000000200), 0xf000) pwrite64(0xffffffffffffffff, 0x0, 0x0, 0x0) sendfile(r2, r3, 0x0, 0xf03b0000) sendfile(r1, r0, 0x0, 0x8000000000004) 01:16:20 executing program 0: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="200000004000000003000000300000070f000000000000000200000002000000008000000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000000140)="ed41000000000000dbf4655fdcf4655fdcf4655f0000000000000400080000000000000005000000080000000000000000000000000000000000000000000000bb", 0x41, 0x4200}], 0x0, &(0x7f0000013a00)) 01:16:20 executing program 1: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f000099e000)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$inet_tcp_int(r0, 0x6, 0x19, &(0x7f0000000000)=0x20, 0x4) sendto$inet(r0, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) sendmsg$NL80211_CMD_TDLS_MGMT(r0, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000180)={0x160, 0x0, 0x100, 0x70bd2b, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xc, 0x2a, [@mesh_chsw={0x76, 0x6, {0x4, 0x26, 0x0, 0x6}}]}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8}, @NL80211_ATTR_IE={0x11e, 0x2a, [@mesh_id={0x72, 0x6}, @ht={0x2d, 0x1a, {0x8, 0x0, 0x1, 0x0, {0x3, 0x1, 0x0, 0x40, 0x0, 0x0, 0x0, 0x3, 0x1}, 0x8, 0x2, 0x2}}, @random_vendor={0xdd, 0xec, "5d4436042fb01afc776f15e249f78a5aa575849e3f8dfaf15c31ab8e96bc93a802a07f9a061d42824f799da013af85391831c9d4d7763587719e0a866b6530d86eec17b03908316c3b2f349db78ce75136f0513d4f0ded6c486518591507ef48244207ef1a137875c55b2461f29fc321232d421909e2e0b878d23b226b9204813abfd58338df63ec0f3a0aa1df08f6ee238f250e1f1517a9491032c8aeef45e3096f8c60fe39eb45570a9ed2a19c2671080fb03c84672b7a6d0050f45aaa2e93af2224c4b60edddc2d45831dacd11acc362166f47ff0f98148d5eea62845deed5ebbae8bd8bcb5c46cfa91e1"}, @ibss={0x6, 0x2, 0x1}, @supported_rates={0x1, 0x2, [{0x4}, {0xc}]}]}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8, 0xcb, 0x7fffffff}, @NL80211_ATTR_TDLS_INITIATOR={0x4}]}, 0x160}, 0x1, 0x0, 0x0, 0x20000004}, 0x4) recvfrom(r0, &(0x7f0000000480)=""/110, 0xfffffe32, 0x734, 0x0, 0xffffffffffffff39) 01:16:20 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(0xffffffffffffffff, 0x800c6613, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x800002, 0x12, r0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r1, &(0x7f000099e000)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$inet_tcp_int(r1, 0x6, 0x19, &(0x7f0000000000)=0x20, 0x4) sendto$inet(r1, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) ioctl$LOOP_GET_STATUS(0xffffffffffffffff, 0x125e, &(0x7f0000000080)) sendmsg$NL80211_CMD_TDLS_MGMT(r1, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000180)={0x15c, 0x0, 0x100, 0x70bd2b, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xc, 0x2a, [@mesh_chsw={0x76, 0x6, {0x4, 0x26, 0x3d, 0x6}}]}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8}, @NL80211_ATTR_IE={0x11b, 0x2a, [@mesh_id={0x72, 0x6}, @ht={0x2d, 0x1a, {0x8, 0x0, 0x1, 0x0, {0x3, 0x1, 0x0, 0x40, 0x0, 0x0, 0x0, 0x3, 0x1}, 0x8, 0x2, 0x2}}, @random_vendor={0xdd, 0xe9, "5d4436042fb01afc776f15e249f78a5aa575849e3f8dfaf15c31ab8e96bc93a802a07f9a061d42824f799da013af85391831c9d4d7763587719e0a866b6530d86eec17b03908316c3b2f349db78ce75136f0513d4f0ded6c486518591507ef48244207ef1a137875c55b2461f29fc321232d421909e2e0b878d23b226b9204813abfd58338df63ec0f3a0aa1df08f6ee238f250e1f1517a9491032c8aeef45e3096f8c60fe39eb45570a9ed2a19c2671080fb03c84672b7a6d0050f45aaa2e93af2224c4b60edddc2d45831dacd11acc362166f47ff0f98148d5eea62845deed5ebbae8bd8bcb5c46c"}, @ibss={0x6, 0x2, 0x1}, @supported_rates={0x1, 0x2, [{0x4}, {0xc}]}]}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8, 0xcb, 0x7fffffff}, @NL80211_ATTR_TDLS_INITIATOR={0x4}]}, 0x15c}, 0x1, 0x0, 0x0, 0x20000004}, 0x4) recvfrom(r1, &(0x7f0000000480)=""/110, 0xfffffe32, 0x734, 0x0, 0xffffffffffffff39) 01:16:20 executing program 4: syz_read_part_table(0xffffff7f, 0x1, &(0x7f0000000040)=[{&(0x7f0000000000)="020181ffffff0a000000ff45ac0000ffffffa9000800000000000000024000ffffff82000000e10000008877007200300700a6ffffff00000000008000da55aa", 0x40, 0x1c0}]) 01:16:20 executing program 2: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x6e000000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="200000004000000003000000300000000f000000000000000200000002000000008000000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000000140)="ed41000000000000dbf4655fdcf4655fdcf4655f0000000000000400080000000000000005000000080000000000000000000000000000000000000000000000bbb453d966251f49b1ab9b5b4d3c3f8ccc23b5d09ae234926a1e667ee0255913fede62ba578c07a711", 0x69, 0x4200}], 0x0, &(0x7f0000013a00)) [ 235.860108][T22616] loop4: detected capacity change from 0 to 264192 [ 235.881896][T22614] FAULT_INJECTION: forcing a failure. [ 235.881896][T22614] name failslab, interval 1, probability 0, space 0, times 0 [ 235.895087][T22614] CPU: 0 PID: 22614 Comm: syz-executor.5 Tainted: G W 5.14.0-syzkaller #0 [ 235.904920][T22614] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 235.915024][T22614] Call Trace: [ 235.918334][T22614] dump_stack_lvl+0xb7/0x103 [ 235.923230][T22614] dump_stack+0x11/0x1a [ 235.927505][T22614] should_fail+0x23c/0x250 [ 235.931924][T22614] __should_failslab+0x81/0x90 [ 235.936698][T22614] ? __iomap_dio_rw+0xf2/0xa60 [ 235.941558][T22614] should_failslab+0x5/0x20 [ 235.946063][T22614] kmem_cache_alloc_trace+0x49/0x310 [ 235.951702][T22614] __iomap_dio_rw+0xf2/0xa60 [ 235.952787][T22624] loop2: detected capacity change from 0 to 264192 [ 235.956309][T22614] ? inode_io_list_move_locked+0x17b/0x260 [ 235.968588][T22614] ? __mnt_drop_write_file+0x5a/0x60 [ 235.973877][T22614] ? file_update_time+0x3ae/0x3e0 [ 235.978987][T22614] iomap_dio_rw+0x30/0x70 [ 235.983424][T22614] ext4_file_write_iter+0xa5e/0x11a0 [ 235.988726][T22614] do_iter_readv_writev+0x2cd/0x370 [ 235.994044][T22614] do_iter_write+0x192/0x5c0 [ 235.998669][T22614] ? splice_from_pipe_next+0x34f/0x3b0 [ 236.004184][T22614] ? kcsan_setup_watchpoint+0x231/0x3e0 [ 236.009712][T22614] vfs_iter_write+0x4c/0x70 [ 236.014198][T22614] iter_file_splice_write+0x40a/0x750 [ 236.019556][T22614] ? splice_from_pipe+0xc0/0xc0 [ 236.024390][T22614] direct_splice_actor+0x80/0xa0 [ 236.029314][T22614] splice_direct_to_actor+0x345/0x650 [ 236.034850][T22614] ? do_splice_direct+0x170/0x170 [ 236.039939][T22614] do_splice_direct+0xf5/0x170 [ 236.044779][T22614] do_sendfile+0x618/0xb90 [ 236.049180][T22614] __x64_sys_sendfile64+0xf2/0x130 [ 236.054274][T22614] do_syscall_64+0x3d/0x90 [ 236.058683][T22614] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 236.064573][T22614] RIP: 0033:0x4665f9 [ 236.068448][T22614] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 236.088128][T22614] RSP: 002b:00007f439350a188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 236.096616][T22614] RAX: ffffffffffffffda RBX: 000000000056c038 RCX: 00000000004665f9 01:16:20 executing program 0: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="2000000040000000030000003000000a0f000000000000000200000002000000008000000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000000140)="ed41000000000000dbf4655fdcf4655fdcf4655f0000000000000400080000000000000005000000080000000000000000000000000000000000000000000000bb", 0x41, 0x4200}], 0x0, &(0x7f0000013a00)) 01:16:20 executing program 1: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f000099e000)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$inet_tcp_int(r0, 0x6, 0x19, &(0x7f0000000000)=0x20, 0x4) sendto$inet(r0, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) sendmsg$NL80211_CMD_TDLS_MGMT(r0, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000180)={0x160, 0x0, 0x100, 0x70bd2b, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xc, 0x2a, [@mesh_chsw={0x76, 0x6, {0x4, 0x26, 0x3d}}]}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8}, @NL80211_ATTR_IE={0x11e, 0x2a, [@mesh_id={0x72, 0x6}, @ht={0x2d, 0x1a, {0x8, 0x0, 0x1, 0x0, {0x3, 0x1, 0x0, 0x40, 0x0, 0x0, 0x0, 0x3, 0x1}, 0x8, 0x2, 0x2}}, @random_vendor={0xdd, 0xec, "5d4436042fb01afc776f15e249f78a5aa575849e3f8dfaf15c31ab8e96bc93a802a07f9a061d42824f799da013af85391831c9d4d7763587719e0a866b6530d86eec17b03908316c3b2f349db78ce75136f0513d4f0ded6c486518591507ef48244207ef1a137875c55b2461f29fc321232d421909e2e0b878d23b226b9204813abfd58338df63ec0f3a0aa1df08f6ee238f250e1f1517a9491032c8aeef45e3096f8c60fe39eb45570a9ed2a19c2671080fb03c84672b7a6d0050f45aaa2e93af2224c4b60edddc2d45831dacd11acc362166f47ff0f98148d5eea62845deed5ebbae8bd8bcb5c46cfa91e1"}, @ibss={0x6, 0x2, 0x1}, @supported_rates={0x1, 0x2, [{0x4}, {0xc}]}]}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8, 0xcb, 0x7fffffff}, @NL80211_ATTR_TDLS_INITIATOR={0x4}]}, 0x160}, 0x1, 0x0, 0x0, 0x20000004}, 0x4) recvfrom(r0, &(0x7f0000000480)=""/110, 0xfffffe32, 0x734, 0x0, 0xffffffffffffff39) 01:16:20 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(0xffffffffffffffff, 0x800c6613, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x800002, 0x12, r0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r1, &(0x7f000099e000)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$inet_tcp_int(r1, 0x6, 0x19, &(0x7f0000000000)=0x20, 0x4) sendto$inet(r1, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) ioctl$LOOP_GET_STATUS(0xffffffffffffffff, 0x125e, &(0x7f0000000080)) sendmsg$NL80211_CMD_TDLS_MGMT(r1, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000180)={0x15c, 0x0, 0x100, 0x70bd2b, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xc, 0x2a, [@mesh_chsw={0x76, 0x6, {0x4, 0x26, 0x3d, 0x6}}]}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8}, @NL80211_ATTR_IE={0x11b, 0x2a, [@mesh_id={0x72, 0x6}, @ht={0x2d, 0x1a, {0x8, 0x0, 0x1, 0x0, {0x3, 0x1, 0x0, 0x40, 0x0, 0x0, 0x0, 0x3, 0x1}, 0x8, 0x2, 0x2}}, @random_vendor={0xdd, 0xe9, "5d4436042fb01afc776f15e249f78a5aa575849e3f8dfaf15c31ab8e96bc93a802a07f9a061d42824f799da013af85391831c9d4d7763587719e0a866b6530d86eec17b03908316c3b2f349db78ce75136f0513d4f0ded6c486518591507ef48244207ef1a137875c55b2461f29fc321232d421909e2e0b878d23b226b9204813abfd58338df63ec0f3a0aa1df08f6ee238f250e1f1517a9491032c8aeef45e3096f8c60fe39eb45570a9ed2a19c2671080fb03c84672b7a6d0050f45aaa2e93af2224c4b60edddc2d45831dacd11acc362166f47ff0f98148d5eea62845deed5ebbae8bd8bcb5c46c"}, @ibss={0x6, 0x2, 0x1}, @supported_rates={0x1, 0x2, [{0x4}, {0xc}]}]}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8, 0xcb, 0x7fffffff}, @NL80211_ATTR_TDLS_INITIATOR={0x4}]}, 0x15c}, 0x1, 0x0, 0x0, 0x20000004}, 0x4) recvfrom(r1, &(0x7f0000000480)=""/110, 0xfffffe32, 0x734, 0x0, 0xffffffffffffff39) [ 236.104580][T22614] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000004 [ 236.112531][T22614] RBP: 00007f439350a1d0 R08: 0000000000000000 R09: 0000000000000000 [ 236.120504][T22614] R10: 0008000000000004 R11: 0000000000000246 R12: 0000000000000002 [ 236.128506][T22614] R13: 00007ffeba6dfb3f R14: 00007f439350a300 R15: 0000000000022000 [ 236.177150][T22616] loop4: p1 p2 p3 p4 [ 236.181879][T22616] loop4: p1 size 11290111 extends beyond EOD, truncated 01:16:20 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(0xffffffffffffffff, 0x800c6613, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x800002, 0x12, r0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r1, &(0x7f000099e000)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$inet_tcp_int(r1, 0x6, 0x19, &(0x7f0000000000)=0x20, 0x4) sendto$inet(r1, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) ioctl$LOOP_GET_STATUS(0xffffffffffffffff, 0x125e, &(0x7f0000000080)) sendmsg$NL80211_CMD_TDLS_MGMT(r1, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000180)={0x160, 0x0, 0x100, 0x70bd2b, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xc, 0x2a, [@mesh_chsw={0x76, 0x6, {0x4, 0x26, 0x3d, 0x6}}]}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8}, @NL80211_ATTR_IE={0x11d, 0x2a, [@mesh_id={0x72, 0x6}, @ht={0x2d, 0x1a, {0x8, 0x0, 0x1, 0x0, {0x3, 0x1, 0x0, 0x40, 0x0, 0x0, 0x0, 0x3, 0x1}, 0x8, 0x2, 0x2}}, @random_vendor={0xdd, 0xeb, "5d4436042fb01afc776f15e249f78a5aa575849e3f8dfaf15c31ab8e96bc93a802a07f9a061d42824f799da013af85391831c9d4d7763587719e0a866b6530d86eec17b03908316c3b2f349db78ce75136f0513d4f0ded6c486518591507ef48244207ef1a137875c55b2461f29fc321232d421909e2e0b878d23b226b9204813abfd58338df63ec0f3a0aa1df08f6ee238f250e1f1517a9491032c8aeef45e3096f8c60fe39eb45570a9ed2a19c2671080fb03c84672b7a6d0050f45aaa2e93af2224c4b60edddc2d45831dacd11acc362166f47ff0f98148d5eea62845deed5ebbae8bd8bcb5c46cfa91"}, @ibss={0x6, 0x2, 0x1}, @supported_rates={0x1, 0x2, [{0x4}, {0xc}]}]}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8, 0xcb, 0x7fffffff}, @NL80211_ATTR_TDLS_INITIATOR={0x4}]}, 0x160}, 0x1, 0x0, 0x0, 0x20000004}, 0x4) recvfrom(r1, &(0x7f0000000480)=""/110, 0xfffffe32, 0x734, 0x0, 0xffffffffffffff39) 01:16:20 executing program 0: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="2000000040000000030000003000000b0f000000000000000200000002000000008000000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000000140)="ed41000000000000dbf4655fdcf4655fdcf4655f0000000000000400080000000000000005000000080000000000000000000000000000000000000000000000bb", 0x41, 0x4200}], 0x0, &(0x7f0000013a00)) 01:16:20 executing program 1: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f000099e000)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$inet_tcp_int(r0, 0x6, 0x19, &(0x7f0000000000)=0x20, 0x4) sendto$inet(r0, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) sendmsg$NL80211_CMD_TDLS_MGMT(r0, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000180)={0x160, 0x0, 0x100, 0x70bd2b, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xc, 0x2a, [@mesh_chsw={0x76, 0x6, {0x4, 0x26, 0x3d}}]}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8}, @NL80211_ATTR_IE={0x11e, 0x2a, [@mesh_id={0x72, 0x6}, @ht={0x2d, 0x1a, {0x8, 0x0, 0x1, 0x0, {0x3, 0x1, 0x0, 0x40, 0x0, 0x0, 0x0, 0x3, 0x1}, 0x8, 0x2, 0x2}}, @random_vendor={0xdd, 0xec, "5d4436042fb01afc776f15e249f78a5aa575849e3f8dfaf15c31ab8e96bc93a802a07f9a061d42824f799da013af85391831c9d4d7763587719e0a866b6530d86eec17b03908316c3b2f349db78ce75136f0513d4f0ded6c486518591507ef48244207ef1a137875c55b2461f29fc321232d421909e2e0b878d23b226b9204813abfd58338df63ec0f3a0aa1df08f6ee238f250e1f1517a9491032c8aeef45e3096f8c60fe39eb45570a9ed2a19c2671080fb03c84672b7a6d0050f45aaa2e93af2224c4b60edddc2d45831dacd11acc362166f47ff0f98148d5eea62845deed5ebbae8bd8bcb5c46cfa91e1"}, @ibss={0x6, 0x2, 0x1}, @supported_rates={0x1, 0x2, [{0x4}, {0xc}]}]}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8, 0xcb, 0x7fffffff}, @NL80211_ATTR_TDLS_INITIATOR={0x4}]}, 0x160}, 0x1, 0x0, 0x0, 0x20000004}, 0x4) recvfrom(r0, &(0x7f0000000480)=""/110, 0xfffffe32, 0x734, 0x0, 0xffffffffffffff39) [ 236.227432][T22616] loop4: p2 size 1073872896 extends beyond EOD, truncated [ 236.287120][T22616] loop4: p3 size 1912633224 extends beyond EOD, truncated [ 236.336945][T22616] loop4: p4 size 3657465856 extends beyond EOD, truncated [ 236.377819][T22624] EXT4-fs error (device loop2): __ext4_iget:4846: inode #2: block 3646141627: comm syz-executor.2: invalid block [ 236.389931][T22624] EXT4-fs (loop2): get root inode failed [ 236.395616][T22624] EXT4-fs (loop2): mount failed [ 236.423790][T22616] loop4: detected capacity change from 0 to 264192 [ 236.464979][T22624] loop2: detected capacity change from 0 to 264192 [ 236.503368][T22624] EXT4-fs error (device loop2): __ext4_iget:4846: inode #2: block 3646141627: comm syz-executor.2: invalid block [ 236.515330][T22624] EXT4-fs (loop2): get root inode failed [ 236.521027][T22624] EXT4-fs (loop2): mount failed 01:16:20 executing program 5 (fault-call:7 fault-nth:58): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x7a05, 0x1700) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) write$cgroup_int(r2, &(0x7f0000000200), 0xf000) pwrite64(0xffffffffffffffff, 0x0, 0x0, 0x0) sendfile(r2, r3, 0x0, 0xf03b0000) sendfile(r1, r0, 0x0, 0x8000000000004) 01:16:20 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(0xffffffffffffffff, 0x800c6613, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x800002, 0x12, r0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r1, &(0x7f000099e000)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$inet_tcp_int(r1, 0x6, 0x19, &(0x7f0000000000)=0x20, 0x4) sendto$inet(r1, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) ioctl$LOOP_GET_STATUS(0xffffffffffffffff, 0x125e, &(0x7f0000000080)) sendmsg$NL80211_CMD_TDLS_MGMT(r1, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000180)={0x160, 0x0, 0x100, 0x70bd2b, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xc, 0x2a, [@mesh_chsw={0x76, 0x6, {0x4, 0x26, 0x3d, 0x6}}]}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8}, @NL80211_ATTR_IE={0x11d, 0x2a, [@mesh_id={0x72, 0x6}, @ht={0x2d, 0x1a, {0x8, 0x0, 0x1, 0x0, {0x3, 0x1, 0x0, 0x40, 0x0, 0x0, 0x0, 0x3, 0x1}, 0x8, 0x2, 0x2}}, @random_vendor={0xdd, 0xeb, "5d4436042fb01afc776f15e249f78a5aa575849e3f8dfaf15c31ab8e96bc93a802a07f9a061d42824f799da013af85391831c9d4d7763587719e0a866b6530d86eec17b03908316c3b2f349db78ce75136f0513d4f0ded6c486518591507ef48244207ef1a137875c55b2461f29fc321232d421909e2e0b878d23b226b9204813abfd58338df63ec0f3a0aa1df08f6ee238f250e1f1517a9491032c8aeef45e3096f8c60fe39eb45570a9ed2a19c2671080fb03c84672b7a6d0050f45aaa2e93af2224c4b60edddc2d45831dacd11acc362166f47ff0f98148d5eea62845deed5ebbae8bd8bcb5c46cfa91"}, @ibss={0x6, 0x2, 0x1}, @supported_rates={0x1, 0x2, [{0x4}, {0xc}]}]}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8, 0xcb, 0x7fffffff}, @NL80211_ATTR_TDLS_INITIATOR={0x4}]}, 0x160}, 0x1, 0x0, 0x0, 0x20000004}, 0x4) recvfrom(r1, &(0x7f0000000480)=""/110, 0xfffffe32, 0x734, 0x0, 0xffffffffffffff39) 01:16:20 executing program 1: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f000099e000)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$inet_tcp_int(r0, 0x6, 0x19, &(0x7f0000000000)=0x20, 0x4) sendto$inet(r0, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) sendmsg$NL80211_CMD_TDLS_MGMT(r0, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000180)={0x160, 0x0, 0x100, 0x70bd2b, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xc, 0x2a, [@mesh_chsw={0x76, 0x6, {0x4, 0x26, 0x3d}}]}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8}, @NL80211_ATTR_IE={0x11e, 0x2a, [@mesh_id={0x72, 0x6}, @ht={0x2d, 0x1a, {0x8, 0x0, 0x1, 0x0, {0x3, 0x1, 0x0, 0x40, 0x0, 0x0, 0x0, 0x3, 0x1}, 0x8, 0x2, 0x2}}, @random_vendor={0xdd, 0xec, "5d4436042fb01afc776f15e249f78a5aa575849e3f8dfaf15c31ab8e96bc93a802a07f9a061d42824f799da013af85391831c9d4d7763587719e0a866b6530d86eec17b03908316c3b2f349db78ce75136f0513d4f0ded6c486518591507ef48244207ef1a137875c55b2461f29fc321232d421909e2e0b878d23b226b9204813abfd58338df63ec0f3a0aa1df08f6ee238f250e1f1517a9491032c8aeef45e3096f8c60fe39eb45570a9ed2a19c2671080fb03c84672b7a6d0050f45aaa2e93af2224c4b60edddc2d45831dacd11acc362166f47ff0f98148d5eea62845deed5ebbae8bd8bcb5c46cfa91e1"}, @ibss={0x6, 0x2, 0x1}, @supported_rates={0x1, 0x2, [{0x4}, {0xc}]}]}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8, 0xcb, 0x7fffffff}, @NL80211_ATTR_TDLS_INITIATOR={0x4}]}, 0x160}, 0x1, 0x0, 0x0, 0x20000004}, 0x4) recvfrom(r0, &(0x7f0000000480)=""/110, 0xfffffe32, 0x734, 0x0, 0xffffffffffffff39) 01:16:20 executing program 0: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="200000004000000003000000300000180f000000000000000200000002000000008000000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000000140)="ed41000000000000dbf4655fdcf4655fdcf4655f0000000000000400080000000000000005000000080000000000000000000000000000000000000000000000bb", 0x41, 0x4200}], 0x0, &(0x7f0000013a00)) 01:16:20 executing program 4: syz_read_part_table(0xffffff80, 0x1, &(0x7f0000000040)=[{&(0x7f0000000000)="020181ffffff0a000000ff45ac0000ffffffa9000800000000000000024000ffffff82000000e10000008877007200300700a6ffffff00000000008000da55aa", 0x40, 0x1c0}]) 01:16:20 executing program 2: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x72010000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="200000004000000003000000300000000f000000000000000200000002000000008000000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000000140)="ed41000000000000dbf4655fdcf4655fdcf4655f0000000000000400080000000000000005000000080000000000000000000000000000000000000000000000bbb453d966251f49b1ab9b5b4d3c3f8ccc23b5d09ae234926a1e667ee0255913fede62ba578c07a711", 0x69, 0x4200}], 0x0, &(0x7f0000013a00)) [ 236.701833][T22689] loop4: detected capacity change from 0 to 264192 [ 236.733671][T22694] loop2: detected capacity change from 0 to 264192 [ 236.742657][T22691] FAULT_INJECTION: forcing a failure. [ 236.742657][T22691] name failslab, interval 1, probability 0, space 0, times 0 [ 236.755432][T22691] CPU: 0 PID: 22691 Comm: syz-executor.5 Tainted: G W 5.14.0-syzkaller #0 [ 236.765336][T22691] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 236.775393][T22691] Call Trace: [ 236.778668][T22691] dump_stack_lvl+0xb7/0x103 [ 236.783268][T22691] dump_stack+0x11/0x1a [ 236.787429][T22691] should_fail+0x23c/0x250 [ 236.791964][T22691] ? mempool_alloc_slab+0x16/0x20 [ 236.796997][T22691] __should_failslab+0x81/0x90 [ 236.801766][T22691] should_failslab+0x5/0x20 [ 236.806279][T22691] kmem_cache_alloc+0x46/0x2e0 [ 236.811054][T22691] mempool_alloc_slab+0x16/0x20 [ 236.816087][T22691] ? mempool_free+0x130/0x130 [ 236.820810][T22691] mempool_alloc+0x8c/0x300 [ 236.825297][T22691] ? ext4_inode_block_valid+0x1cc/0x210 [ 236.830887][T22691] bio_alloc_bioset+0xcc/0x530 [ 236.835700][T22691] ? iov_iter_alignment+0x34b/0x370 [ 236.840871][T22691] iomap_dio_bio_actor+0x511/0xb50 [ 236.846026][T22691] ? ext4_iomap_begin+0x5d1/0x620 [ 236.851031][T22691] iomap_dio_actor+0x26e/0x3b0 [ 236.855873][T22691] ? ext4_iomap_overwrite_begin+0x5e/0x80 [ 236.861679][T22691] iomap_apply+0x1df/0x400 [ 236.866171][T22691] __iomap_dio_rw+0x62e/0xa60 [ 236.870875][T22691] ? __iomap_dio_rw+0xa60/0xa60 [ 236.875761][T22691] iomap_dio_rw+0x30/0x70 [ 236.880122][T22691] ext4_file_write_iter+0xa5e/0x11a0 [ 236.885432][T22691] do_iter_readv_writev+0x2cd/0x370 [ 236.890652][T22691] do_iter_write+0x192/0x5c0 [ 236.895226][T22691] ? splice_from_pipe_next+0x34f/0x3b0 [ 236.900684][T22691] ? kmalloc_array+0x2d/0x40 [ 236.905314][T22691] vfs_iter_write+0x4c/0x70 [ 236.909875][T22691] iter_file_splice_write+0x40a/0x750 [ 236.915369][T22691] ? splice_from_pipe+0xc0/0xc0 [ 236.920317][T22691] direct_splice_actor+0x80/0xa0 [ 236.925323][T22691] splice_direct_to_actor+0x345/0x650 [ 236.930675][T22691] ? do_splice_direct+0x170/0x170 [ 236.935814][T22691] do_splice_direct+0xf5/0x170 [ 236.940560][T22691] do_sendfile+0x618/0xb90 [ 236.945016][T22691] __x64_sys_sendfile64+0xf2/0x130 [ 236.950128][T22691] do_syscall_64+0x3d/0x90 [ 236.954562][T22691] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 236.960510][T22691] RIP: 0033:0x4665f9 [ 236.964397][T22691] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 236.984052][T22691] RSP: 002b:00007f439350a188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 236.992450][T22691] RAX: ffffffffffffffda RBX: 000000000056c038 RCX: 00000000004665f9 01:16:21 executing program 0: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="2000000040000000030000003000001c0f000000000000000200000002000000008000000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000000140)="ed41000000000000dbf4655fdcf4655fdcf4655f0000000000000400080000000000000005000000080000000000000000000000000000000000000000000000bb", 0x41, 0x4200}], 0x0, &(0x7f0000013a00)) 01:16:21 executing program 1: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f000099e000)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$inet_tcp_int(r0, 0x6, 0x19, &(0x7f0000000000)=0x20, 0x4) sendto$inet(r0, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) sendmsg$NL80211_CMD_TDLS_MGMT(r0, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000180)={0x160, 0x0, 0x100, 0x70bd2b, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xc, 0x2a, [@mesh_chsw={0x76, 0x6, {0x4, 0x26, 0x3d, 0x6}}]}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8}, @NL80211_ATTR_IE={0x11e, 0x2a, [@mesh_id={0x72, 0x6}, @ht={0x2d, 0x1a, {0x8, 0x0, 0x1, 0x0, {0x3, 0x1, 0x0, 0x40, 0x0, 0x0, 0x0, 0x3, 0x1}, 0x8, 0x2, 0x2}}, @random_vendor={0xdd, 0xec, "5d4436042fb01afc776f15e249f78a5aa575849e3f8dfaf15c31ab8e96bc93a802a07f9a061d42824f799da013af85391831c9d4d7763587719e0a866b6530d86eec17b03908316c3b2f349db78ce75136f0513d4f0ded6c486518591507ef48244207ef1a137875c55b2461f29fc321232d421909e2e0b878d23b226b9204813abfd58338df63ec0f3a0aa1df08f6ee238f250e1f1517a9491032c8aeef45e3096f8c60fe39eb45570a9ed2a19c2671080fb03c84672b7a6d0050f45aaa2e93af2224c4b60edddc2d45831dacd11acc362166f47ff0f98148d5eea62845deed5ebbae8bd8bcb5c46cfa91e1"}, @ibss={0x6, 0x2, 0x1}, @supported_rates={0x1, 0x2, [{0x4}, {0xc}]}]}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8, 0xcb, 0x7fffffff}, @NL80211_ATTR_TDLS_INITIATOR={0x4}]}, 0x160}}, 0x4) recvfrom(r0, &(0x7f0000000480)=""/110, 0xfffffe32, 0x734, 0x0, 0xffffffffffffff39) 01:16:21 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(0xffffffffffffffff, 0x800c6613, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x800002, 0x12, r0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r1, &(0x7f000099e000)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$inet_tcp_int(r1, 0x6, 0x19, &(0x7f0000000000)=0x20, 0x4) sendto$inet(r1, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) ioctl$LOOP_GET_STATUS(0xffffffffffffffff, 0x125e, &(0x7f0000000080)) sendmsg$NL80211_CMD_TDLS_MGMT(r1, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000180)={0x160, 0x0, 0x100, 0x70bd2b, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xc, 0x2a, [@mesh_chsw={0x76, 0x6, {0x4, 0x26, 0x3d, 0x6}}]}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8}, @NL80211_ATTR_IE={0x11d, 0x2a, [@mesh_id={0x72, 0x6}, @ht={0x2d, 0x1a, {0x8, 0x0, 0x1, 0x0, {0x3, 0x1, 0x0, 0x40, 0x0, 0x0, 0x0, 0x3, 0x1}, 0x8, 0x2, 0x2}}, @random_vendor={0xdd, 0xeb, "5d4436042fb01afc776f15e249f78a5aa575849e3f8dfaf15c31ab8e96bc93a802a07f9a061d42824f799da013af85391831c9d4d7763587719e0a866b6530d86eec17b03908316c3b2f349db78ce75136f0513d4f0ded6c486518591507ef48244207ef1a137875c55b2461f29fc321232d421909e2e0b878d23b226b9204813abfd58338df63ec0f3a0aa1df08f6ee238f250e1f1517a9491032c8aeef45e3096f8c60fe39eb45570a9ed2a19c2671080fb03c84672b7a6d0050f45aaa2e93af2224c4b60edddc2d45831dacd11acc362166f47ff0f98148d5eea62845deed5ebbae8bd8bcb5c46cfa91"}, @ibss={0x6, 0x2, 0x1}, @supported_rates={0x1, 0x2, [{0x4}, {0xc}]}]}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8, 0xcb, 0x7fffffff}, @NL80211_ATTR_TDLS_INITIATOR={0x4}]}, 0x160}, 0x1, 0x0, 0x0, 0x20000004}, 0x4) recvfrom(r1, &(0x7f0000000480)=""/110, 0xfffffe32, 0x734, 0x0, 0xffffffffffffff39) [ 237.000442][T22691] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000004 [ 237.008390][T22691] RBP: 00007f439350a1d0 R08: 0000000000000000 R09: 0000000000000000 [ 237.016335][T22691] R10: 0008000000000004 R11: 0000000000000246 R12: 0000000000000002 [ 237.024283][T22691] R13: 00007ffeba6dfb3f R14: 00007f439350a300 R15: 0000000000022000 [ 237.041632][T22694] EXT4-fs error (device loop2): __ext4_iget:4846: inode #2: block 3646141627: comm syz-executor.2: invalid block [ 237.053587][T22694] EXT4-fs (loop2): get root inode failed [ 237.059231][T22694] EXT4-fs (loop2): mount failed [ 237.078339][T22689] loop4: p1 p2 p3 p4 [ 237.082846][T22689] loop4: p1 size 11290111 extends beyond EOD, truncated 01:16:21 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(0xffffffffffffffff, 0x800c6613, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x800002, 0x12, r0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r1, &(0x7f000099e000)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$inet_tcp_int(r1, 0x6, 0x19, &(0x7f0000000000)=0x20, 0x4) sendto$inet(r1, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) ioctl$LOOP_GET_STATUS(0xffffffffffffffff, 0x125e, &(0x7f0000000080)) sendmsg$NL80211_CMD_TDLS_MGMT(r1, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000180)={0x144, 0x0, 0x100, 0x70bd2b, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xc, 0x2a, [@mesh_chsw={0x76, 0x6, {0x4, 0x26, 0x3d, 0x6}}]}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8}, @NL80211_ATTR_IE={0x102, 0x2a, [@mesh_id={0x72, 0x6}, @random_vendor={0xdd, 0xec, "5d4436042fb01afc776f15e249f78a5aa575849e3f8dfaf15c31ab8e96bc93a802a07f9a061d42824f799da013af85391831c9d4d7763587719e0a866b6530d86eec17b03908316c3b2f349db78ce75136f0513d4f0ded6c486518591507ef48244207ef1a137875c55b2461f29fc321232d421909e2e0b878d23b226b9204813abfd58338df63ec0f3a0aa1df08f6ee238f250e1f1517a9491032c8aeef45e3096f8c60fe39eb45570a9ed2a19c2671080fb03c84672b7a6d0050f45aaa2e93af2224c4b60edddc2d45831dacd11acc362166f47ff0f98148d5eea62845deed5ebbae8bd8bcb5c46cfa91e1"}, @ibss={0x6, 0x2, 0x1}, @supported_rates={0x1, 0x2, [{0x4}, {0xc}]}]}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8, 0xcb, 0x7fffffff}, @NL80211_ATTR_TDLS_INITIATOR={0x4}]}, 0x144}, 0x1, 0x0, 0x0, 0x20000004}, 0x4) recvfrom(r1, &(0x7f0000000480)=""/110, 0xfffffe32, 0x734, 0x0, 0xffffffffffffff39) 01:16:21 executing program 0: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="200000004000000003000000300000200f000000000000000200000002000000008000000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000000140)="ed41000000000000dbf4655fdcf4655fdcf4655f0000000000000400080000000000000005000000080000000000000000000000000000000000000000000000bb", 0x41, 0x4200}], 0x0, &(0x7f0000013a00)) 01:16:21 executing program 1: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f000099e000)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$inet_tcp_int(r0, 0x6, 0x19, &(0x7f0000000000)=0x20, 0x4) sendto$inet(r0, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) sendmsg$NL80211_CMD_TDLS_MGMT(r0, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000180)={0x160, 0x0, 0x100, 0x70bd2b, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xc, 0x2a, [@mesh_chsw={0x76, 0x6, {0x4, 0x26, 0x3d, 0x6}}]}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8}, @NL80211_ATTR_IE={0x11e, 0x2a, [@mesh_id={0x72, 0x6}, @ht={0x2d, 0x1a, {0x8, 0x0, 0x1, 0x0, {0x3, 0x1, 0x0, 0x40, 0x0, 0x0, 0x0, 0x3, 0x1}, 0x8, 0x2, 0x2}}, @random_vendor={0xdd, 0xec, "5d4436042fb01afc776f15e249f78a5aa575849e3f8dfaf15c31ab8e96bc93a802a07f9a061d42824f799da013af85391831c9d4d7763587719e0a866b6530d86eec17b03908316c3b2f349db78ce75136f0513d4f0ded6c486518591507ef48244207ef1a137875c55b2461f29fc321232d421909e2e0b878d23b226b9204813abfd58338df63ec0f3a0aa1df08f6ee238f250e1f1517a9491032c8aeef45e3096f8c60fe39eb45570a9ed2a19c2671080fb03c84672b7a6d0050f45aaa2e93af2224c4b60edddc2d45831dacd11acc362166f47ff0f98148d5eea62845deed5ebbae8bd8bcb5c46cfa91e1"}, @ibss={0x6, 0x2, 0x1}, @supported_rates={0x1, 0x2, [{0x4}, {0xc}]}]}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8, 0xcb, 0x7fffffff}, @NL80211_ATTR_TDLS_INITIATOR={0x4}]}, 0x160}}, 0x4) recvfrom(r0, &(0x7f0000000480)=""/110, 0xfffffe32, 0x734, 0x0, 0xffffffffffffff39) [ 237.128322][T22689] loop4: p2 size 1073872896 extends beyond EOD, truncated [ 237.188359][T22689] loop4: p3 size 1912633224 extends beyond EOD, truncated [ 237.226241][T22689] loop4: p4 size 3657465856 extends beyond EOD, truncated [ 237.238963][T22694] loop2: detected capacity change from 0 to 264192 [ 237.285971][T22694] EXT4-fs error (device loop2): __ext4_iget:4846: inode #2: block 3646141627: comm syz-executor.2: invalid block [ 237.297980][T22694] EXT4-fs (loop2): get root inode failed [ 237.303654][T22694] EXT4-fs (loop2): mount failed [ 237.395406][T22689] loop4: detected capacity change from 0 to 264192 [ 237.436567][T22689] loop4: p1 p2 p3 p4 [ 237.441952][T22689] loop4: p1 size 11290111 extends beyond EOD, truncated [ 237.449756][T22689] loop4: p2 size 1073872896 extends beyond EOD, truncated [ 237.471973][T22689] loop4: p3 size 1912633224 extends beyond EOD, truncated 01:16:21 executing program 5 (fault-call:7 fault-nth:59): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x7a05, 0x1700) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) write$cgroup_int(r2, &(0x7f0000000200), 0xf000) pwrite64(0xffffffffffffffff, 0x0, 0x0, 0x0) sendfile(r2, r3, 0x0, 0xf03b0000) sendfile(r1, r0, 0x0, 0x8000000000004) 01:16:21 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(0xffffffffffffffff, 0x800c6613, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x800002, 0x12, r0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r1, &(0x7f000099e000)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$inet_tcp_int(r1, 0x6, 0x19, &(0x7f0000000000)=0x20, 0x4) sendto$inet(r1, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) ioctl$LOOP_GET_STATUS(0xffffffffffffffff, 0x125e, &(0x7f0000000080)) sendmsg$NL80211_CMD_TDLS_MGMT(r1, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000180)={0x144, 0x0, 0x100, 0x70bd2b, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xc, 0x2a, [@mesh_chsw={0x76, 0x6, {0x4, 0x26, 0x3d, 0x6}}]}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8}, @NL80211_ATTR_IE={0x102, 0x2a, [@mesh_id={0x72, 0x6}, @random_vendor={0xdd, 0xec, "5d4436042fb01afc776f15e249f78a5aa575849e3f8dfaf15c31ab8e96bc93a802a07f9a061d42824f799da013af85391831c9d4d7763587719e0a866b6530d86eec17b03908316c3b2f349db78ce75136f0513d4f0ded6c486518591507ef48244207ef1a137875c55b2461f29fc321232d421909e2e0b878d23b226b9204813abfd58338df63ec0f3a0aa1df08f6ee238f250e1f1517a9491032c8aeef45e3096f8c60fe39eb45570a9ed2a19c2671080fb03c84672b7a6d0050f45aaa2e93af2224c4b60edddc2d45831dacd11acc362166f47ff0f98148d5eea62845deed5ebbae8bd8bcb5c46cfa91e1"}, @ibss={0x6, 0x2, 0x1}, @supported_rates={0x1, 0x2, [{0x4}, {0xc}]}]}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8, 0xcb, 0x7fffffff}, @NL80211_ATTR_TDLS_INITIATOR={0x4}]}, 0x144}, 0x1, 0x0, 0x0, 0x20000004}, 0x4) recvfrom(r1, &(0x7f0000000480)=""/110, 0xfffffe32, 0x734, 0x0, 0xffffffffffffff39) 01:16:21 executing program 0: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="200000004000000003000000300000260f000000000000000200000002000000008000000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000000140)="ed41000000000000dbf4655fdcf4655fdcf4655f0000000000000400080000000000000005000000080000000000000000000000000000000000000000000000bb", 0x41, 0x4200}], 0x0, &(0x7f0000013a00)) 01:16:21 executing program 1: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f000099e000)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$inet_tcp_int(r0, 0x6, 0x19, &(0x7f0000000000)=0x20, 0x4) sendto$inet(r0, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) sendmsg$NL80211_CMD_TDLS_MGMT(r0, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000180)={0x160, 0x0, 0x100, 0x70bd2b, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xc, 0x2a, [@mesh_chsw={0x76, 0x6, {0x4, 0x26, 0x3d, 0x6}}]}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8}, @NL80211_ATTR_IE={0x11e, 0x2a, [@mesh_id={0x72, 0x6}, @ht={0x2d, 0x1a, {0x8, 0x0, 0x1, 0x0, {0x3, 0x1, 0x0, 0x40, 0x0, 0x0, 0x0, 0x3, 0x1}, 0x8, 0x2, 0x2}}, @random_vendor={0xdd, 0xec, "5d4436042fb01afc776f15e249f78a5aa575849e3f8dfaf15c31ab8e96bc93a802a07f9a061d42824f799da013af85391831c9d4d7763587719e0a866b6530d86eec17b03908316c3b2f349db78ce75136f0513d4f0ded6c486518591507ef48244207ef1a137875c55b2461f29fc321232d421909e2e0b878d23b226b9204813abfd58338df63ec0f3a0aa1df08f6ee238f250e1f1517a9491032c8aeef45e3096f8c60fe39eb45570a9ed2a19c2671080fb03c84672b7a6d0050f45aaa2e93af2224c4b60edddc2d45831dacd11acc362166f47ff0f98148d5eea62845deed5ebbae8bd8bcb5c46cfa91e1"}, @ibss={0x6, 0x2, 0x1}, @supported_rates={0x1, 0x2, [{0x4}, {0xc}]}]}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8, 0xcb, 0x7fffffff}, @NL80211_ATTR_TDLS_INITIATOR={0x4}]}, 0x160}}, 0x4) recvfrom(r0, &(0x7f0000000480)=""/110, 0xfffffe32, 0x734, 0x0, 0xffffffffffffff39) [ 237.480086][T22689] loop4: p4 size 3657465856 extends beyond EOD, truncated [ 237.582080][T22757] FAULT_INJECTION: forcing a failure. [ 237.582080][T22757] name failslab, interval 1, probability 0, space 0, times 0 [ 237.594727][T22757] CPU: 0 PID: 22757 Comm: syz-executor.5 Tainted: G W 5.14.0-syzkaller #0 [ 237.604640][T22757] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 237.614740][T22757] Call Trace: [ 237.618004][T22757] dump_stack_lvl+0xb7/0x103 [ 237.622633][T22757] dump_stack+0x11/0x1a [ 237.626793][T22757] should_fail+0x23c/0x250 [ 237.631192][T22757] ? mempool_alloc_slab+0x16/0x20 [ 237.636214][T22757] __should_failslab+0x81/0x90 [ 237.640956][T22757] should_failslab+0x5/0x20 [ 237.645455][T22757] kmem_cache_alloc+0x46/0x2e0 [ 237.650211][T22757] mempool_alloc_slab+0x16/0x20 [ 237.655064][T22757] ? mempool_free+0x130/0x130 [ 237.659723][T22757] mempool_alloc+0x8c/0x300 [ 237.664231][T22757] sg_pool_alloc+0x74/0x90 [ 237.668721][T22757] __sg_alloc_table+0xce/0x290 [ 237.673586][T22757] sg_alloc_table_chained+0xaf/0x140 [ 237.678858][T22757] ? sg_alloc_table_chained+0x140/0x140 [ 237.684483][T22757] scsi_alloc_sgtables+0x17c/0x500 [ 237.689651][T22757] sd_init_command+0x96a/0x1640 [ 237.694483][T22757] scsi_queue_rq+0x10e0/0x15a0 [ 237.699226][T22757] blk_mq_dispatch_rq_list+0x695/0x1040 [ 237.704757][T22757] ? __sbitmap_queue_get+0x11/0x20 [ 237.709843][T22757] blk_mq_do_dispatch_sched+0x3b5/0x640 [ 237.715367][T22757] __blk_mq_sched_dispatch_requests+0x1eb/0x290 [ 237.721659][T22757] ? rb_insert_color+0x2fa/0x310 [ 237.726622][T22757] blk_mq_sched_dispatch_requests+0x9f/0x110 [ 237.732602][T22757] __blk_mq_run_hw_queue+0xbc/0x140 [ 237.737904][T22757] __blk_mq_delay_run_hw_queue+0x163/0x2f0 [ 237.743697][T22757] blk_mq_run_hw_queue+0x22c/0x250 [ 237.748790][T22757] blk_mq_sched_insert_requests+0x12b/0x1f0 [ 237.754685][T22757] blk_mq_flush_plug_list+0x2f2/0x3c0 [ 237.760048][T22757] blk_flush_plug_list+0x235/0x260 [ 237.765133][T22757] blk_finish_plug+0x44/0x60 [ 237.769701][T22757] __iomap_dio_rw+0x797/0xa60 [ 237.774428][T22757] iomap_dio_rw+0x30/0x70 [ 237.778859][T22757] ext4_file_write_iter+0xa5e/0x11a0 [ 237.784170][T22757] do_iter_readv_writev+0x2cd/0x370 [ 237.789396][T22757] do_iter_write+0x192/0x5c0 [ 237.793971][T22757] ? splice_from_pipe_next+0x34f/0x3b0 [ 237.799417][T22757] ? kmalloc_array+0x2d/0x40 [ 237.804046][T22757] vfs_iter_write+0x4c/0x70 [ 237.808529][T22757] iter_file_splice_write+0x40a/0x750 [ 237.813959][T22757] ? splice_from_pipe+0xc0/0xc0 [ 237.818848][T22757] direct_splice_actor+0x80/0xa0 [ 237.823783][T22757] splice_direct_to_actor+0x345/0x650 [ 237.829177][T22757] ? do_splice_direct+0x170/0x170 [ 237.834203][T22757] do_splice_direct+0xf5/0x170 [ 237.839204][T22757] do_sendfile+0x618/0xb90 [ 237.843607][T22757] __x64_sys_sendfile64+0xf2/0x130 [ 237.848700][T22757] do_syscall_64+0x3d/0x90 [ 237.853192][T22757] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 237.859071][T22757] RIP: 0033:0x4665f9 [ 237.862946][T22757] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 01:16:22 executing program 4: syz_read_part_table(0xffffff8c, 0x1, &(0x7f0000000040)=[{&(0x7f0000000000)="020181ffffff0a000000ff45ac0000ffffffa9000800000000000000024000ffffff82000000e10000008877007200300700a6ffffff00000000008000da55aa", 0x40, 0x1c0}]) 01:16:22 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(0xffffffffffffffff, 0x800c6613, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x800002, 0x12, r0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r1, &(0x7f000099e000)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$inet_tcp_int(r1, 0x6, 0x19, &(0x7f0000000000)=0x20, 0x4) sendto$inet(r1, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) ioctl$LOOP_GET_STATUS(0xffffffffffffffff, 0x125e, &(0x7f0000000080)) sendmsg$NL80211_CMD_TDLS_MGMT(r1, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000180)={0x144, 0x0, 0x100, 0x70bd2b, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xc, 0x2a, [@mesh_chsw={0x76, 0x6, {0x4, 0x26, 0x3d, 0x6}}]}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8}, @NL80211_ATTR_IE={0x102, 0x2a, [@mesh_id={0x72, 0x6}, @random_vendor={0xdd, 0xec, "5d4436042fb01afc776f15e249f78a5aa575849e3f8dfaf15c31ab8e96bc93a802a07f9a061d42824f799da013af85391831c9d4d7763587719e0a866b6530d86eec17b03908316c3b2f349db78ce75136f0513d4f0ded6c486518591507ef48244207ef1a137875c55b2461f29fc321232d421909e2e0b878d23b226b9204813abfd58338df63ec0f3a0aa1df08f6ee238f250e1f1517a9491032c8aeef45e3096f8c60fe39eb45570a9ed2a19c2671080fb03c84672b7a6d0050f45aaa2e93af2224c4b60edddc2d45831dacd11acc362166f47ff0f98148d5eea62845deed5ebbae8bd8bcb5c46cfa91e1"}, @ibss={0x6, 0x2, 0x1}, @supported_rates={0x1, 0x2, [{0x4}, {0xc}]}]}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8, 0xcb, 0x7fffffff}, @NL80211_ATTR_TDLS_INITIATOR={0x4}]}, 0x144}, 0x1, 0x0, 0x0, 0x20000004}, 0x4) recvfrom(r1, &(0x7f0000000480)=""/110, 0xfffffe32, 0x734, 0x0, 0xffffffffffffff39) 01:16:22 executing program 2: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x74010000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="200000004000000003000000300000000f000000000000000200000002000000008000000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000000140)="ed41000000000000dbf4655fdcf4655fdcf4655f0000000000000400080000000000000005000000080000000000000000000000000000000000000000000000bbb453d966251f49b1ab9b5b4d3c3f8ccc23b5d09ae234926a1e667ee0255913fede62ba578c07a711", 0x69, 0x4200}], 0x0, &(0x7f0000013a00)) 01:16:22 executing program 0: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="2000000040000000030000003000052e0f000000000000000200000002000000008000000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000000140)="ed41000000000000dbf4655fdcf4655fdcf4655f0000000000000400080000000000000005000000080000000000000000000000000000000000000000000000bb", 0x41, 0x4200}], 0x0, &(0x7f0000013a00)) 01:16:22 executing program 1: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f000099e000)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$inet_tcp_int(r0, 0x6, 0x19, &(0x7f0000000000)=0x20, 0x4) sendto$inet(r0, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) sendmsg$NL80211_CMD_TDLS_MGMT(r0, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000180)={0x160, 0x0, 0x100, 0x70bd2b, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xc, 0x2a, [@mesh_chsw={0x76, 0x6, {0x4, 0x26, 0x3d, 0x6}}]}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8}, @NL80211_ATTR_IE={0x11e, 0x2a, [@mesh_id={0x72, 0x6}, @ht={0x2d, 0x1a, {0x8, 0x0, 0x1, 0x0, {0x3, 0x1, 0x0, 0x40, 0x0, 0x0, 0x0, 0x3, 0x1}, 0x8, 0x2, 0x2}}, @random_vendor={0xdd, 0xec, "5d4436042fb01afc776f15e249f78a5aa575849e3f8dfaf15c31ab8e96bc93a802a07f9a061d42824f799da013af85391831c9d4d7763587719e0a866b6530d86eec17b03908316c3b2f349db78ce75136f0513d4f0ded6c486518591507ef48244207ef1a137875c55b2461f29fc321232d421909e2e0b878d23b226b9204813abfd58338df63ec0f3a0aa1df08f6ee238f250e1f1517a9491032c8aeef45e3096f8c60fe39eb45570a9ed2a19c2671080fb03c84672b7a6d0050f45aaa2e93af2224c4b60edddc2d45831dacd11acc362166f47ff0f98148d5eea62845deed5ebbae8bd8bcb5c46cfa91e1"}, @ibss={0x6, 0x2, 0x1}, @supported_rates={0x1, 0x2, [{0x4}, {0xc}]}]}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8, 0xcb, 0x7fffffff}, @NL80211_ATTR_TDLS_INITIATOR={0x4}]}, 0x160}, 0x1, 0x0, 0x0, 0x20000004}, 0x0) recvfrom(r0, &(0x7f0000000480)=""/110, 0xfffffe32, 0x734, 0x0, 0xffffffffffffff39) [ 237.882657][T22757] RSP: 002b:00007f439350a188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 237.891055][T22757] RAX: ffffffffffffffda RBX: 000000000056c038 RCX: 00000000004665f9 [ 237.899013][T22757] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000004 [ 237.906974][T22757] RBP: 00007f439350a1d0 R08: 0000000000000000 R09: 0000000000000000 [ 237.915043][T22757] R10: 0008000000000004 R11: 0000000000000246 R12: 0000000000000002 [ 237.923086][T22757] R13: 00007ffeba6dfb3f R14: 00007f439350a300 R15: 0000000000022000 [ 237.992147][T22767] loop2: detected capacity change from 0 to 264192 01:16:22 executing program 1: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f000099e000)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$inet_tcp_int(r0, 0x6, 0x19, &(0x7f0000000000)=0x20, 0x4) sendto$inet(r0, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) sendmsg$NL80211_CMD_TDLS_MGMT(r0, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000180)={0x160, 0x0, 0x100, 0x70bd2b, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xc, 0x2a, [@mesh_chsw={0x76, 0x6, {0x4, 0x26, 0x3d, 0x6}}]}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8}, @NL80211_ATTR_IE={0x11e, 0x2a, [@mesh_id={0x72, 0x6}, @ht={0x2d, 0x1a, {0x8, 0x0, 0x1, 0x0, {0x3, 0x1, 0x0, 0x40, 0x0, 0x0, 0x0, 0x3, 0x1}, 0x8, 0x2, 0x2}}, @random_vendor={0xdd, 0xec, "5d4436042fb01afc776f15e249f78a5aa575849e3f8dfaf15c31ab8e96bc93a802a07f9a061d42824f799da013af85391831c9d4d7763587719e0a866b6530d86eec17b03908316c3b2f349db78ce75136f0513d4f0ded6c486518591507ef48244207ef1a137875c55b2461f29fc321232d421909e2e0b878d23b226b9204813abfd58338df63ec0f3a0aa1df08f6ee238f250e1f1517a9491032c8aeef45e3096f8c60fe39eb45570a9ed2a19c2671080fb03c84672b7a6d0050f45aaa2e93af2224c4b60edddc2d45831dacd11acc362166f47ff0f98148d5eea62845deed5ebbae8bd8bcb5c46cfa91e1"}, @ibss={0x6, 0x2, 0x1}, @supported_rates={0x1, 0x2, [{0x4}, {0xc}]}]}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8, 0xcb, 0x7fffffff}, @NL80211_ATTR_TDLS_INITIATOR={0x4}]}, 0x160}, 0x1, 0x0, 0x0, 0x20000004}, 0x0) recvfrom(r0, &(0x7f0000000480)=""/110, 0xfffffe32, 0x734, 0x0, 0xffffffffffffff39) 01:16:22 executing program 0: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="2000000040000000030000003000003f0f000000000000000200000002000000008000000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000000140)="ed41000000000000dbf4655fdcf4655fdcf4655f0000000000000400080000000000000005000000080000000000000000000000000000000000000000000000bb", 0x41, 0x4200}], 0x0, &(0x7f0000013a00)) 01:16:22 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(0xffffffffffffffff, 0x800c6613, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x800002, 0x12, r0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r1, &(0x7f000099e000)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$inet_tcp_int(r1, 0x6, 0x19, &(0x7f0000000000)=0x20, 0x4) sendto$inet(r1, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) ioctl$LOOP_GET_STATUS(0xffffffffffffffff, 0x125e, &(0x7f0000000080)) sendmsg$NL80211_CMD_TDLS_MGMT(r1, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000180)={0x160, 0x0, 0x100, 0x70bd2b, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xc, 0x2a, [@mesh_chsw={0x76, 0x6, {0x4, 0x26, 0x3d, 0x6}}]}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8}, @NL80211_ATTR_IE={0x11e, 0x2a, [@mesh_id={0x72, 0x6}, @ht={0x2d, 0x1a, {0x0, 0x0, 0x1, 0x0, {0x3, 0x1, 0x0, 0x40, 0x0, 0x0, 0x0, 0x3, 0x1}, 0x8, 0x2, 0x2}}, @random_vendor={0xdd, 0xec, "5d4436042fb01afc776f15e249f78a5aa575849e3f8dfaf15c31ab8e96bc93a802a07f9a061d42824f799da013af85391831c9d4d7763587719e0a866b6530d86eec17b03908316c3b2f349db78ce75136f0513d4f0ded6c486518591507ef48244207ef1a137875c55b2461f29fc321232d421909e2e0b878d23b226b9204813abfd58338df63ec0f3a0aa1df08f6ee238f250e1f1517a9491032c8aeef45e3096f8c60fe39eb45570a9ed2a19c2671080fb03c84672b7a6d0050f45aaa2e93af2224c4b60edddc2d45831dacd11acc362166f47ff0f98148d5eea62845deed5ebbae8bd8bcb5c46cfa91e1"}, @ibss={0x6, 0x2, 0x1}, @supported_rates={0x1, 0x2, [{0x4}, {0xc}]}]}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8, 0xcb, 0x7fffffff}, @NL80211_ATTR_TDLS_INITIATOR={0x4}]}, 0x160}, 0x1, 0x0, 0x0, 0x20000004}, 0x4) recvfrom(r1, &(0x7f0000000480)=""/110, 0xfffffe32, 0x734, 0x0, 0xffffffffffffff39) [ 238.034983][T22779] loop4: detected capacity change from 0 to 264192 [ 238.080985][T22767] EXT4-fs error (device loop2): __ext4_iget:4846: inode #2: block 3646141627: comm syz-executor.2: invalid block [ 238.092969][T22767] EXT4-fs (loop2): get root inode failed [ 238.098683][T22767] EXT4-fs (loop2): mount failed [ 238.171495][T22779] loop4: p1 p2 p3 p4 [ 238.175840][T22779] loop4: p1 size 11290111 extends beyond EOD, truncated [ 238.205658][T22779] loop4: p2 size 1073872896 extends beyond EOD, truncated [ 238.226809][T22779] loop4: p3 size 1912633224 extends beyond EOD, truncated [ 238.235334][T22779] loop4: p4 size 3657465856 extends beyond EOD, truncated 01:16:22 executing program 5 (fault-call:7 fault-nth:60): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x7a05, 0x1700) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) write$cgroup_int(r2, &(0x7f0000000200), 0xf000) pwrite64(0xffffffffffffffff, 0x0, 0x0, 0x0) sendfile(r2, r3, 0x0, 0xf03b0000) sendfile(r1, r0, 0x0, 0x8000000000004) 01:16:22 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(0xffffffffffffffff, 0x800c6613, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x800002, 0x12, r0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r1, &(0x7f000099e000)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$inet_tcp_int(r1, 0x6, 0x19, &(0x7f0000000000)=0x20, 0x4) sendto$inet(r1, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) ioctl$LOOP_GET_STATUS(0xffffffffffffffff, 0x125e, &(0x7f0000000080)) sendmsg$NL80211_CMD_TDLS_MGMT(r1, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000180)={0x160, 0x0, 0x100, 0x70bd2b, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xc, 0x2a, [@mesh_chsw={0x76, 0x6, {0x4, 0x26, 0x3d, 0x6}}]}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8}, @NL80211_ATTR_IE={0x11e, 0x2a, [@mesh_id={0x72, 0x6}, @ht={0x2d, 0x1a, {0x0, 0x0, 0x1, 0x0, {0x3, 0x1, 0x0, 0x40, 0x0, 0x0, 0x0, 0x3, 0x1}, 0x8, 0x2, 0x2}}, @random_vendor={0xdd, 0xec, "5d4436042fb01afc776f15e249f78a5aa575849e3f8dfaf15c31ab8e96bc93a802a07f9a061d42824f799da013af85391831c9d4d7763587719e0a866b6530d86eec17b03908316c3b2f349db78ce75136f0513d4f0ded6c486518591507ef48244207ef1a137875c55b2461f29fc321232d421909e2e0b878d23b226b9204813abfd58338df63ec0f3a0aa1df08f6ee238f250e1f1517a9491032c8aeef45e3096f8c60fe39eb45570a9ed2a19c2671080fb03c84672b7a6d0050f45aaa2e93af2224c4b60edddc2d45831dacd11acc362166f47ff0f98148d5eea62845deed5ebbae8bd8bcb5c46cfa91e1"}, @ibss={0x6, 0x2, 0x1}, @supported_rates={0x1, 0x2, [{0x4}, {0xc}]}]}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8, 0xcb, 0x7fffffff}, @NL80211_ATTR_TDLS_INITIATOR={0x4}]}, 0x160}, 0x1, 0x0, 0x0, 0x20000004}, 0x4) recvfrom(r1, &(0x7f0000000480)=""/110, 0xfffffe32, 0x734, 0x0, 0xffffffffffffff39) 01:16:22 executing program 0: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="200000004000000003000000300000400f000000000000000200000002000000008000000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000000140)="ed41000000000000dbf4655fdcf4655fdcf4655f0000000000000400080000000000000005000000080000000000000000000000000000000000000000000000bb", 0x41, 0x4200}], 0x0, &(0x7f0000013a00)) 01:16:22 executing program 1: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f000099e000)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$inet_tcp_int(r0, 0x6, 0x19, &(0x7f0000000000)=0x20, 0x4) sendto$inet(r0, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) sendmsg$NL80211_CMD_TDLS_MGMT(r0, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000180)={0x160, 0x0, 0x100, 0x70bd2b, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xc, 0x2a, [@mesh_chsw={0x76, 0x6, {0x4, 0x26, 0x3d, 0x6}}]}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8}, @NL80211_ATTR_IE={0x11e, 0x2a, [@mesh_id={0x72, 0x6}, @ht={0x2d, 0x1a, {0x8, 0x0, 0x1, 0x0, {0x3, 0x1, 0x0, 0x40, 0x0, 0x0, 0x0, 0x3, 0x1}, 0x8, 0x2, 0x2}}, @random_vendor={0xdd, 0xec, "5d4436042fb01afc776f15e249f78a5aa575849e3f8dfaf15c31ab8e96bc93a802a07f9a061d42824f799da013af85391831c9d4d7763587719e0a866b6530d86eec17b03908316c3b2f349db78ce75136f0513d4f0ded6c486518591507ef48244207ef1a137875c55b2461f29fc321232d421909e2e0b878d23b226b9204813abfd58338df63ec0f3a0aa1df08f6ee238f250e1f1517a9491032c8aeef45e3096f8c60fe39eb45570a9ed2a19c2671080fb03c84672b7a6d0050f45aaa2e93af2224c4b60edddc2d45831dacd11acc362166f47ff0f98148d5eea62845deed5ebbae8bd8bcb5c46cfa91e1"}, @ibss={0x6, 0x2, 0x1}, @supported_rates={0x1, 0x2, [{0x4}, {0xc}]}]}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8, 0xcb, 0x7fffffff}, @NL80211_ATTR_TDLS_INITIATOR={0x4}]}, 0x160}, 0x1, 0x0, 0x0, 0x20000004}, 0x0) recvfrom(r0, &(0x7f0000000480)=""/110, 0xfffffe32, 0x734, 0x0, 0xffffffffffffff39) 01:16:22 executing program 4: syz_read_part_table(0xffffff97, 0x1, &(0x7f0000000040)=[{&(0x7f0000000000)="020181ffffff0a000000ff45ac0000ffffffa9000800000000000000024000ffffff82000000e10000008877007200300700a6ffffff00000000008000da55aa", 0x40, 0x1c0}]) [ 238.292312][T22767] loop2: detected capacity change from 0 to 264192 [ 238.367043][T22767] EXT4-fs error (device loop2): __ext4_iget:4846: inode #2: block 3646141627: comm syz-executor.2: invalid block [ 238.379008][T22767] EXT4-fs (loop2): get root inode failed [ 238.384689][T22767] EXT4-fs (loop2): mount failed [ 238.436959][T22821] loop4: detected capacity change from 0 to 264192 [ 238.443807][T22819] FAULT_INJECTION: forcing a failure. [ 238.443807][T22819] name failslab, interval 1, probability 0, space 0, times 0 [ 238.456435][T22819] CPU: 0 PID: 22819 Comm: syz-executor.5 Tainted: G W 5.14.0-syzkaller #0 [ 238.466231][T22819] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 238.476278][T22819] Call Trace: [ 238.479551][T22819] dump_stack_lvl+0xb7/0x103 [ 238.484140][T22819] dump_stack+0x11/0x1a [ 238.488293][T22819] should_fail+0x23c/0x250 [ 238.492702][T22819] ? kmalloc_array+0x2d/0x40 [ 238.497287][T22819] __should_failslab+0x81/0x90 [ 238.502074][T22819] should_failslab+0x5/0x20 [ 238.506824][T22819] __kmalloc+0x66/0x340 [ 238.511026][T22819] ? ktime_get_coarse_real_ts64+0x10d/0x120 [ 238.516919][T22819] ? splice_from_pipe+0xc0/0xc0 [ 238.521748][T22819] kmalloc_array+0x2d/0x40 [ 238.526180][T22819] iter_file_splice_write+0xc6/0x750 [ 238.531508][T22819] ? atime_needs_update+0x239/0x390 [ 238.536704][T22819] ? touch_atime+0xcf/0x240 [ 238.541196][T22819] ? generic_file_splice_read+0x286/0x310 [ 238.546999][T22819] ? splice_from_pipe+0xc0/0xc0 [ 238.551831][T22819] direct_splice_actor+0x80/0xa0 [ 238.556749][T22819] splice_direct_to_actor+0x345/0x650 [ 238.562184][T22819] ? do_splice_direct+0x170/0x170 [ 238.567197][T22819] do_splice_direct+0xf5/0x170 [ 238.571992][T22819] do_sendfile+0x618/0xb90 [ 238.576443][T22819] __x64_sys_sendfile64+0xf2/0x130 [ 238.581580][T22819] do_syscall_64+0x3d/0x90 [ 238.585973][T22819] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 238.591876][T22819] RIP: 0033:0x4665f9 [ 238.595745][T22819] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 238.615323][T22819] RSP: 002b:00007f439350a188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 238.623717][T22819] RAX: ffffffffffffffda RBX: 000000000056c038 RCX: 00000000004665f9 01:16:22 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(0xffffffffffffffff, 0x800c6613, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x800002, 0x12, r0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r1, &(0x7f000099e000)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$inet_tcp_int(r1, 0x6, 0x19, &(0x7f0000000000)=0x20, 0x4) sendto$inet(r1, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) ioctl$LOOP_GET_STATUS(0xffffffffffffffff, 0x125e, &(0x7f0000000080)) sendmsg$NL80211_CMD_TDLS_MGMT(r1, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000180)={0x160, 0x0, 0x100, 0x70bd2b, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xc, 0x2a, [@mesh_chsw={0x76, 0x6, {0x4, 0x26, 0x3d, 0x6}}]}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8}, @NL80211_ATTR_IE={0x11e, 0x2a, [@mesh_id={0x72, 0x6}, @ht={0x2d, 0x1a, {0x0, 0x0, 0x1, 0x0, {0x3, 0x1, 0x0, 0x40, 0x0, 0x0, 0x0, 0x3, 0x1}, 0x8, 0x2, 0x2}}, @random_vendor={0xdd, 0xec, "5d4436042fb01afc776f15e249f78a5aa575849e3f8dfaf15c31ab8e96bc93a802a07f9a061d42824f799da013af85391831c9d4d7763587719e0a866b6530d86eec17b03908316c3b2f349db78ce75136f0513d4f0ded6c486518591507ef48244207ef1a137875c55b2461f29fc321232d421909e2e0b878d23b226b9204813abfd58338df63ec0f3a0aa1df08f6ee238f250e1f1517a9491032c8aeef45e3096f8c60fe39eb45570a9ed2a19c2671080fb03c84672b7a6d0050f45aaa2e93af2224c4b60edddc2d45831dacd11acc362166f47ff0f98148d5eea62845deed5ebbae8bd8bcb5c46cfa91e1"}, @ibss={0x6, 0x2, 0x1}, @supported_rates={0x1, 0x2, [{0x4}, {0xc}]}]}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8, 0xcb, 0x7fffffff}, @NL80211_ATTR_TDLS_INITIATOR={0x4}]}, 0x160}, 0x1, 0x0, 0x0, 0x20000004}, 0x4) recvfrom(r1, &(0x7f0000000480)=""/110, 0xfffffe32, 0x734, 0x0, 0xffffffffffffff39) [ 238.631664][T22819] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000004 [ 238.639614][T22819] RBP: 00007f439350a1d0 R08: 0000000000000000 R09: 0000000000000000 [ 238.647606][T22819] R10: 0008000000000004 R11: 0000000000000246 R12: 0000000000000002 [ 238.655552][T22819] R13: 00007ffeba6dfb3f R14: 00007f439350a300 R15: 0000000000022000 01:16:22 executing program 2: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x75010000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="200000004000000003000000300000000f000000000000000200000002000000008000000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000000140)="ed41000000000000dbf4655fdcf4655fdcf4655f0000000000000400080000000000000005000000080000000000000000000000000000000000000000000000bbb453d966251f49b1ab9b5b4d3c3f8ccc23b5d09ae234926a1e667ee0255913fede62ba578c07a711", 0x69, 0x4200}], 0x0, &(0x7f0000013a00)) 01:16:22 executing program 0: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="200000004000000003000000300004800f000000000000000200000002000000008000000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000000140)="ed41000000000000dbf4655fdcf4655fdcf4655f0000000000000400080000000000000005000000080000000000000000000000000000000000000000000000bb", 0x41, 0x4200}], 0x0, &(0x7f0000013a00)) 01:16:22 executing program 1: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f000099e000)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$inet_tcp_int(r0, 0x6, 0x19, &(0x7f0000000000)=0x20, 0x4) sendto$inet(r0, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) sendmsg$NL80211_CMD_TDLS_MGMT(r0, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000180)={0x160, 0x0, 0x100, 0x70bd2b, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xc, 0x2a, [@mesh_chsw={0x76, 0x6, {0x4, 0x26, 0x3d, 0x6}}]}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8}, @NL80211_ATTR_IE={0x11e, 0x2a, [@mesh_id={0x72, 0x6}, @ht={0x2d, 0x1a, {0x8, 0x0, 0x1, 0x0, {0x3, 0x1, 0x0, 0x40, 0x0, 0x0, 0x0, 0x3, 0x1}, 0x8, 0x2, 0x2}}, @random_vendor={0xdd, 0xec, "5d4436042fb01afc776f15e249f78a5aa575849e3f8dfaf15c31ab8e96bc93a802a07f9a061d42824f799da013af85391831c9d4d7763587719e0a866b6530d86eec17b03908316c3b2f349db78ce75136f0513d4f0ded6c486518591507ef48244207ef1a137875c55b2461f29fc321232d421909e2e0b878d23b226b9204813abfd58338df63ec0f3a0aa1df08f6ee238f250e1f1517a9491032c8aeef45e3096f8c60fe39eb45570a9ed2a19c2671080fb03c84672b7a6d0050f45aaa2e93af2224c4b60edddc2d45831dacd11acc362166f47ff0f98148d5eea62845deed5ebbae8bd8bcb5c46cfa91e1"}, @ibss={0x6, 0x2, 0x1}, @supported_rates={0x1, 0x2, [{0x4}, {0xc}]}]}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8, 0xcb, 0x7fffffff}, @NL80211_ATTR_TDLS_INITIATOR={0x4}]}, 0x160}, 0x1, 0x0, 0x0, 0x20000004}, 0x4) recvfrom(0xffffffffffffffff, &(0x7f0000000480)=""/110, 0xfffffe32, 0x734, 0x0, 0xffffffffffffff39) 01:16:22 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(0xffffffffffffffff, 0x800c6613, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x800002, 0x12, r0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r1, &(0x7f000099e000)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$inet_tcp_int(r1, 0x6, 0x19, &(0x7f0000000000)=0x20, 0x4) sendto$inet(r1, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) ioctl$LOOP_GET_STATUS(0xffffffffffffffff, 0x125e, &(0x7f0000000080)) sendmsg$NL80211_CMD_TDLS_MGMT(r1, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000180)={0x160, 0x0, 0x100, 0x70bd2b, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xc, 0x2a, [@mesh_chsw={0x76, 0x6, {0x4, 0x26, 0x3d, 0x6}}]}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8}, @NL80211_ATTR_IE={0x11e, 0x2a, [@mesh_id={0x72, 0x6}, @ht={0x2d, 0x1a, {0x8, 0x0, 0x0, 0x0, {0x3, 0x1, 0x0, 0x40, 0x0, 0x0, 0x0, 0x3, 0x1}, 0x8, 0x2, 0x2}}, @random_vendor={0xdd, 0xec, "5d4436042fb01afc776f15e249f78a5aa575849e3f8dfaf15c31ab8e96bc93a802a07f9a061d42824f799da013af85391831c9d4d7763587719e0a866b6530d86eec17b03908316c3b2f349db78ce75136f0513d4f0ded6c486518591507ef48244207ef1a137875c55b2461f29fc321232d421909e2e0b878d23b226b9204813abfd58338df63ec0f3a0aa1df08f6ee238f250e1f1517a9491032c8aeef45e3096f8c60fe39eb45570a9ed2a19c2671080fb03c84672b7a6d0050f45aaa2e93af2224c4b60edddc2d45831dacd11acc362166f47ff0f98148d5eea62845deed5ebbae8bd8bcb5c46cfa91e1"}, @ibss={0x6, 0x2, 0x1}, @supported_rates={0x1, 0x2, [{0x4}, {0xc}]}]}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8, 0xcb, 0x7fffffff}, @NL80211_ATTR_TDLS_INITIATOR={0x4}]}, 0x160}, 0x1, 0x0, 0x0, 0x20000004}, 0x4) recvfrom(r1, &(0x7f0000000480)=""/110, 0xfffffe32, 0x734, 0x0, 0xffffffffffffff39) [ 238.699318][T22821] loop4: p1 p2 p3 p4 [ 238.707337][T22821] loop4: p1 size 11290111 extends beyond EOD, truncated [ 238.733152][T22821] loop4: p2 size 1073872896 extends beyond EOD, truncated [ 238.761459][T22821] loop4: p3 size 1912633224 extends beyond EOD, truncated 01:16:23 executing program 0: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="2000000040000000030000003000fffe0f000000000000000200000002000000008000000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000000140)="ed41000000000000dbf4655fdcf4655fdcf4655f0000000000000400080000000000000005000000080000000000000000000000000000000000000000000000bb", 0x41, 0x4200}], 0x0, &(0x7f0000013a00)) 01:16:23 executing program 1: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f000099e000)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$inet_tcp_int(r0, 0x6, 0x19, &(0x7f0000000000)=0x20, 0x4) sendto$inet(r0, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) sendmsg$NL80211_CMD_TDLS_MGMT(r0, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000180)={0x160, 0x0, 0x100, 0x70bd2b, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xc, 0x2a, [@mesh_chsw={0x76, 0x6, {0x4, 0x26, 0x3d, 0x6}}]}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8}, @NL80211_ATTR_IE={0x11e, 0x2a, [@mesh_id={0x72, 0x6}, @ht={0x2d, 0x1a, {0x8, 0x0, 0x1, 0x0, {0x3, 0x1, 0x0, 0x40, 0x0, 0x0, 0x0, 0x3, 0x1}, 0x8, 0x2, 0x2}}, @random_vendor={0xdd, 0xec, "5d4436042fb01afc776f15e249f78a5aa575849e3f8dfaf15c31ab8e96bc93a802a07f9a061d42824f799da013af85391831c9d4d7763587719e0a866b6530d86eec17b03908316c3b2f349db78ce75136f0513d4f0ded6c486518591507ef48244207ef1a137875c55b2461f29fc321232d421909e2e0b878d23b226b9204813abfd58338df63ec0f3a0aa1df08f6ee238f250e1f1517a9491032c8aeef45e3096f8c60fe39eb45570a9ed2a19c2671080fb03c84672b7a6d0050f45aaa2e93af2224c4b60edddc2d45831dacd11acc362166f47ff0f98148d5eea62845deed5ebbae8bd8bcb5c46cfa91e1"}, @ibss={0x6, 0x2, 0x1}, @supported_rates={0x1, 0x2, [{0x4}, {0xc}]}]}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8, 0xcb, 0x7fffffff}, @NL80211_ATTR_TDLS_INITIATOR={0x4}]}, 0x160}, 0x1, 0x0, 0x0, 0x20000004}, 0x4) recvfrom(0xffffffffffffffff, &(0x7f0000000480)=""/110, 0xfffffe32, 0x734, 0x0, 0xffffffffffffff39) [ 238.839257][T22848] loop2: detected capacity change from 0 to 264192 [ 238.846043][T22821] loop4: p4 size 3657465856 extends beyond EOD, truncated [ 238.933912][T22848] EXT4-fs error (device loop2): __ext4_iget:4846: inode #2: block 3646141627: comm syz-executor.2: invalid block [ 238.945863][T22848] EXT4-fs (loop2): get root inode failed [ 238.951525][T22848] EXT4-fs (loop2): mount failed [ 239.095627][T22848] loop2: detected capacity change from 0 to 264192 [ 239.114145][T22848] EXT4-fs error (device loop2): __ext4_iget:4846: inode #2: block 3646141627: comm syz-executor.2: invalid block [ 239.126111][T22848] EXT4-fs (loop2): get root inode failed [ 239.131838][T22848] EXT4-fs (loop2): mount failed 01:16:23 executing program 5 (fault-call:7 fault-nth:61): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x7a05, 0x1700) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) write$cgroup_int(r2, &(0x7f0000000200), 0xf000) pwrite64(0xffffffffffffffff, 0x0, 0x0, 0x0) sendfile(r2, r3, 0x0, 0xf03b0000) sendfile(r1, r0, 0x0, 0x8000000000004) 01:16:23 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(0xffffffffffffffff, 0x800c6613, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x800002, 0x12, r0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r1, &(0x7f000099e000)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$inet_tcp_int(r1, 0x6, 0x19, &(0x7f0000000000)=0x20, 0x4) sendto$inet(r1, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) ioctl$LOOP_GET_STATUS(0xffffffffffffffff, 0x125e, &(0x7f0000000080)) sendmsg$NL80211_CMD_TDLS_MGMT(r1, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000180)={0x160, 0x0, 0x100, 0x70bd2b, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xc, 0x2a, [@mesh_chsw={0x76, 0x6, {0x4, 0x26, 0x3d, 0x6}}]}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8}, @NL80211_ATTR_IE={0x11e, 0x2a, [@mesh_id={0x72, 0x6}, @ht={0x2d, 0x1a, {0x8, 0x0, 0x0, 0x0, {0x3, 0x1, 0x0, 0x40, 0x0, 0x0, 0x0, 0x3, 0x1}, 0x8, 0x2, 0x2}}, @random_vendor={0xdd, 0xec, "5d4436042fb01afc776f15e249f78a5aa575849e3f8dfaf15c31ab8e96bc93a802a07f9a061d42824f799da013af85391831c9d4d7763587719e0a866b6530d86eec17b03908316c3b2f349db78ce75136f0513d4f0ded6c486518591507ef48244207ef1a137875c55b2461f29fc321232d421909e2e0b878d23b226b9204813abfd58338df63ec0f3a0aa1df08f6ee238f250e1f1517a9491032c8aeef45e3096f8c60fe39eb45570a9ed2a19c2671080fb03c84672b7a6d0050f45aaa2e93af2224c4b60edddc2d45831dacd11acc362166f47ff0f98148d5eea62845deed5ebbae8bd8bcb5c46cfa91e1"}, @ibss={0x6, 0x2, 0x1}, @supported_rates={0x1, 0x2, [{0x4}, {0xc}]}]}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8, 0xcb, 0x7fffffff}, @NL80211_ATTR_TDLS_INITIATOR={0x4}]}, 0x160}, 0x1, 0x0, 0x0, 0x20000004}, 0x4) recvfrom(r1, &(0x7f0000000480)=""/110, 0xfffffe32, 0x734, 0x0, 0xffffffffffffff39) 01:16:23 executing program 0: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="2000000040000000030000003000feff0f000000000000000200000002000000008000000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000000140)="ed41000000000000dbf4655fdcf4655fdcf4655f0000000000000400080000000000000005000000080000000000000000000000000000000000000000000000bb", 0x41, 0x4200}], 0x0, &(0x7f0000013a00)) 01:16:23 executing program 1: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f000099e000)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$inet_tcp_int(r0, 0x6, 0x19, &(0x7f0000000000)=0x20, 0x4) sendto$inet(r0, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) sendmsg$NL80211_CMD_TDLS_MGMT(r0, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000180)={0x160, 0x0, 0x100, 0x70bd2b, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xc, 0x2a, [@mesh_chsw={0x76, 0x6, {0x4, 0x26, 0x3d, 0x6}}]}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8}, @NL80211_ATTR_IE={0x11e, 0x2a, [@mesh_id={0x72, 0x6}, @ht={0x2d, 0x1a, {0x8, 0x0, 0x1, 0x0, {0x3, 0x1, 0x0, 0x40, 0x0, 0x0, 0x0, 0x3, 0x1}, 0x8, 0x2, 0x2}}, @random_vendor={0xdd, 0xec, "5d4436042fb01afc776f15e249f78a5aa575849e3f8dfaf15c31ab8e96bc93a802a07f9a061d42824f799da013af85391831c9d4d7763587719e0a866b6530d86eec17b03908316c3b2f349db78ce75136f0513d4f0ded6c486518591507ef48244207ef1a137875c55b2461f29fc321232d421909e2e0b878d23b226b9204813abfd58338df63ec0f3a0aa1df08f6ee238f250e1f1517a9491032c8aeef45e3096f8c60fe39eb45570a9ed2a19c2671080fb03c84672b7a6d0050f45aaa2e93af2224c4b60edddc2d45831dacd11acc362166f47ff0f98148d5eea62845deed5ebbae8bd8bcb5c46cfa91e1"}, @ibss={0x6, 0x2, 0x1}, @supported_rates={0x1, 0x2, [{0x4}, {0xc}]}]}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8, 0xcb, 0x7fffffff}, @NL80211_ATTR_TDLS_INITIATOR={0x4}]}, 0x160}, 0x1, 0x0, 0x0, 0x20000004}, 0x4) recvfrom(0xffffffffffffffff, &(0x7f0000000480)=""/110, 0xfffffe32, 0x734, 0x0, 0xffffffffffffff39) 01:16:23 executing program 4: syz_read_part_table(0xffffffa1, 0x1, &(0x7f0000000040)=[{&(0x7f0000000000)="020181ffffff0a000000ff45ac0000ffffffa9000800000000000000024000ffffff82000000e10000008877007200300700a6ffffff00000000008000da55aa", 0x40, 0x1c0}]) [ 239.285329][T22895] loop4: detected capacity change from 0 to 264192 [ 239.298854][T22893] FAULT_INJECTION: forcing a failure. [ 239.298854][T22893] name failslab, interval 1, probability 0, space 0, times 0 [ 239.311584][T22893] CPU: 0 PID: 22893 Comm: syz-executor.5 Tainted: G W 5.14.0-syzkaller #0 [ 239.321421][T22893] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 239.331464][T22893] Call Trace: [ 239.334729][T22893] dump_stack_lvl+0xb7/0x103 [ 239.339358][T22893] dump_stack+0x11/0x1a [ 239.343636][T22893] should_fail+0x23c/0x250 [ 239.348044][T22893] __should_failslab+0x81/0x90 [ 239.352804][T22893] ? __iomap_dio_rw+0xf2/0xa60 [ 239.357686][T22893] should_failslab+0x5/0x20 [ 239.362171][T22893] kmem_cache_alloc_trace+0x49/0x310 [ 239.367434][T22893] __iomap_dio_rw+0xf2/0xa60 [ 239.372009][T22893] ? ext4_es_lookup_extent+0x36b/0x490 [ 239.377490][T22893] ? ktime_get_coarse_real_ts64+0x10d/0x120 [ 239.383384][T22893] ? file_update_time+0x1bd/0x3e0 [ 239.388566][T22893] iomap_dio_rw+0x30/0x70 [ 239.392871][T22893] ext4_file_write_iter+0xa5e/0x11a0 [ 239.398130][T22893] do_iter_readv_writev+0x2cd/0x370 [ 239.403308][T22893] do_iter_write+0x192/0x5c0 [ 239.407889][T22893] ? splice_from_pipe_next+0x34f/0x3b0 [ 239.413326][T22893] ? kmalloc_array+0x2d/0x40 [ 239.417897][T22893] vfs_iter_write+0x4c/0x70 [ 239.422385][T22893] iter_file_splice_write+0x40a/0x750 [ 239.427734][T22893] ? splice_from_pipe+0xc0/0xc0 [ 239.432561][T22893] direct_splice_actor+0x80/0xa0 [ 239.437550][T22893] splice_direct_to_actor+0x345/0x650 [ 239.442905][T22893] ? do_splice_direct+0x170/0x170 [ 239.447905][T22893] do_splice_direct+0xf5/0x170 [ 239.452667][T22893] do_sendfile+0x618/0xb90 [ 239.457137][T22893] __x64_sys_sendfile64+0xf2/0x130 [ 239.462232][T22893] do_syscall_64+0x3d/0x90 [ 239.466633][T22893] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 239.472503][T22893] RIP: 0033:0x4665f9 [ 239.476374][T22893] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 239.495965][T22893] RSP: 002b:00007f439350a188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 239.504353][T22893] RAX: ffffffffffffffda RBX: 000000000056c038 RCX: 00000000004665f9 [ 239.512312][T22893] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000004 [ 239.520259][T22893] RBP: 00007f439350a1d0 R08: 0000000000000000 R09: 0000000000000000 [ 239.528205][T22893] R10: 0008000000000004 R11: 0000000000000246 R12: 0000000000000002 01:16:23 executing program 0: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="200000004000000003000000300000020f000000000000000200000002000000008000000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000000140)="ed41000000000000dbf4655fdcf4655fdcf4655f0000000000000400080000000000000005000000080000000000000000000000000000000000000000000000bb", 0x41, 0x4200}], 0x0, &(0x7f0000013a00)) 01:16:23 executing program 2: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x76010000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="200000004000000003000000300000000f000000000000000200000002000000008000000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000000140)="ed41000000000000dbf4655fdcf4655fdcf4655f0000000000000400080000000000000005000000080000000000000000000000000000000000000000000000bbb453d966251f49b1ab9b5b4d3c3f8ccc23b5d09ae234926a1e667ee0255913fede62ba578c07a711", 0x69, 0x4200}], 0x0, &(0x7f0000013a00)) 01:16:23 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(0xffffffffffffffff, 0x800c6613, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x800002, 0x12, r0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r1, &(0x7f000099e000)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$inet_tcp_int(r1, 0x6, 0x19, &(0x7f0000000000)=0x20, 0x4) sendto$inet(r1, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) ioctl$LOOP_GET_STATUS(0xffffffffffffffff, 0x125e, &(0x7f0000000080)) sendmsg$NL80211_CMD_TDLS_MGMT(r1, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000180)={0x160, 0x0, 0x100, 0x70bd2b, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xc, 0x2a, [@mesh_chsw={0x76, 0x6, {0x4, 0x26, 0x3d, 0x6}}]}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8}, @NL80211_ATTR_IE={0x11e, 0x2a, [@mesh_id={0x72, 0x6}, @ht={0x2d, 0x1a, {0x8, 0x0, 0x0, 0x0, {0x3, 0x1, 0x0, 0x40, 0x0, 0x0, 0x0, 0x3, 0x1}, 0x8, 0x2, 0x2}}, @random_vendor={0xdd, 0xec, "5d4436042fb01afc776f15e249f78a5aa575849e3f8dfaf15c31ab8e96bc93a802a07f9a061d42824f799da013af85391831c9d4d7763587719e0a866b6530d86eec17b03908316c3b2f349db78ce75136f0513d4f0ded6c486518591507ef48244207ef1a137875c55b2461f29fc321232d421909e2e0b878d23b226b9204813abfd58338df63ec0f3a0aa1df08f6ee238f250e1f1517a9491032c8aeef45e3096f8c60fe39eb45570a9ed2a19c2671080fb03c84672b7a6d0050f45aaa2e93af2224c4b60edddc2d45831dacd11acc362166f47ff0f98148d5eea62845deed5ebbae8bd8bcb5c46cfa91e1"}, @ibss={0x6, 0x2, 0x1}, @supported_rates={0x1, 0x2, [{0x4}, {0xc}]}]}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8, 0xcb, 0x7fffffff}, @NL80211_ATTR_TDLS_INITIATOR={0x4}]}, 0x160}, 0x1, 0x0, 0x0, 0x20000004}, 0x4) recvfrom(r1, &(0x7f0000000480)=""/110, 0xfffffe32, 0x734, 0x0, 0xffffffffffffff39) 01:16:23 executing program 1: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f000099e000)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$inet_tcp_int(r0, 0x6, 0x19, &(0x7f0000000000)=0x20, 0x4) sendto$inet(r0, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) sendmsg$NL80211_CMD_TDLS_MGMT(r0, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000180)={0x160, 0x0, 0x100, 0x70bd2b, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xc, 0x2a, [@mesh_chsw={0x76, 0x6, {0x4, 0x26, 0x3d, 0x6}}]}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8}, @NL80211_ATTR_IE={0x11e, 0x2a, [@mesh_id={0x72, 0x6}, @ht={0x2d, 0x1a, {0x8, 0x0, 0x1, 0x0, {0x3, 0x1, 0x0, 0x40, 0x0, 0x0, 0x0, 0x3, 0x1}, 0x8, 0x2, 0x2}}, @random_vendor={0xdd, 0xec, "5d4436042fb01afc776f15e249f78a5aa575849e3f8dfaf15c31ab8e96bc93a802a07f9a061d42824f799da013af85391831c9d4d7763587719e0a866b6530d86eec17b03908316c3b2f349db78ce75136f0513d4f0ded6c486518591507ef48244207ef1a137875c55b2461f29fc321232d421909e2e0b878d23b226b9204813abfd58338df63ec0f3a0aa1df08f6ee238f250e1f1517a9491032c8aeef45e3096f8c60fe39eb45570a9ed2a19c2671080fb03c84672b7a6d0050f45aaa2e93af2224c4b60edddc2d45831dacd11acc362166f47ff0f98148d5eea62845deed5ebbae8bd8bcb5c46cfa91e1"}, @ibss={0x6, 0x2, 0x1}, @supported_rates={0x1, 0x2, [{0x4}, {0xc}]}]}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8, 0xcb, 0x7fffffff}, @NL80211_ATTR_TDLS_INITIATOR={0x4}]}, 0x160}, 0x1, 0x0, 0x0, 0x20000004}, 0x4) recvfrom(r0, 0x0, 0x0, 0x734, 0x0, 0x0) [ 239.536180][T22893] R13: 00007ffeba6dfb3f R14: 00007f439350a300 R15: 0000000000022000 01:16:23 executing program 1: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f000099e000)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$inet_tcp_int(r0, 0x6, 0x19, &(0x7f0000000000)=0x20, 0x4) sendto$inet(r0, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) sendmsg$NL80211_CMD_TDLS_MGMT(r0, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000180)={0x160, 0x0, 0x100, 0x70bd2b, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xc, 0x2a, [@mesh_chsw={0x76, 0x6, {0x4, 0x26, 0x3d, 0x6}}]}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8}, @NL80211_ATTR_IE={0x11e, 0x2a, [@mesh_id={0x72, 0x6}, @ht={0x2d, 0x1a, {0x8, 0x0, 0x1, 0x0, {0x3, 0x1, 0x0, 0x40, 0x0, 0x0, 0x0, 0x3, 0x1}, 0x8, 0x2, 0x2}}, @random_vendor={0xdd, 0xec, "5d4436042fb01afc776f15e249f78a5aa575849e3f8dfaf15c31ab8e96bc93a802a07f9a061d42824f799da013af85391831c9d4d7763587719e0a866b6530d86eec17b03908316c3b2f349db78ce75136f0513d4f0ded6c486518591507ef48244207ef1a137875c55b2461f29fc321232d421909e2e0b878d23b226b9204813abfd58338df63ec0f3a0aa1df08f6ee238f250e1f1517a9491032c8aeef45e3096f8c60fe39eb45570a9ed2a19c2671080fb03c84672b7a6d0050f45aaa2e93af2224c4b60edddc2d45831dacd11acc362166f47ff0f98148d5eea62845deed5ebbae8bd8bcb5c46cfa91e1"}, @ibss={0x6, 0x2, 0x1}, @supported_rates={0x1, 0x2, [{0x4}, {0xc}]}]}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8, 0xcb, 0x7fffffff}, @NL80211_ATTR_TDLS_INITIATOR={0x4}]}, 0x160}, 0x1, 0x0, 0x0, 0x20000004}, 0x4) recvfrom(r0, 0x0, 0x0, 0x734, 0x0, 0x0) 01:16:23 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(0xffffffffffffffff, 0x800c6613, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x800002, 0x12, r0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r1, &(0x7f000099e000)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$inet_tcp_int(r1, 0x6, 0x19, &(0x7f0000000000)=0x20, 0x4) sendto$inet(r1, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) ioctl$LOOP_GET_STATUS(0xffffffffffffffff, 0x125e, &(0x7f0000000080)) sendmsg$NL80211_CMD_TDLS_MGMT(r1, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000180)={0x160, 0x0, 0x100, 0x70bd2b, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xc, 0x2a, [@mesh_chsw={0x76, 0x6, {0x4, 0x26, 0x3d, 0x6}}]}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8}, @NL80211_ATTR_IE={0x11e, 0x2a, [@mesh_id={0x72, 0x6}, @ht={0x2d, 0x1a, {0x8, 0x0, 0x1, 0x0, {0x0, 0x1, 0x0, 0x40, 0x0, 0x0, 0x0, 0x3, 0x1}, 0x8, 0x2, 0x2}}, @random_vendor={0xdd, 0xec, "5d4436042fb01afc776f15e249f78a5aa575849e3f8dfaf15c31ab8e96bc93a802a07f9a061d42824f799da013af85391831c9d4d7763587719e0a866b6530d86eec17b03908316c3b2f349db78ce75136f0513d4f0ded6c486518591507ef48244207ef1a137875c55b2461f29fc321232d421909e2e0b878d23b226b9204813abfd58338df63ec0f3a0aa1df08f6ee238f250e1f1517a9491032c8aeef45e3096f8c60fe39eb45570a9ed2a19c2671080fb03c84672b7a6d0050f45aaa2e93af2224c4b60edddc2d45831dacd11acc362166f47ff0f98148d5eea62845deed5ebbae8bd8bcb5c46cfa91e1"}, @ibss={0x6, 0x2, 0x1}, @supported_rates={0x1, 0x2, [{0x4}, {0xc}]}]}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8, 0xcb, 0x7fffffff}, @NL80211_ATTR_TDLS_INITIATOR={0x4}]}, 0x160}, 0x1, 0x0, 0x0, 0x20000004}, 0x4) recvfrom(r1, &(0x7f0000000480)=""/110, 0xfffffe32, 0x734, 0x0, 0xffffffffffffff39) [ 239.582623][T22906] loop2: detected capacity change from 0 to 264192 [ 239.599380][T22895] loop4: p1 p2 p3 p4 [ 239.603810][T22895] loop4: p1 size 11290111 extends beyond EOD, truncated [ 239.676394][T22895] loop4: p2 size 1073872896 extends beyond EOD, truncated [ 239.713095][T22906] EXT4-fs error (device loop2): __ext4_iget:4846: inode #2: block 3646141627: comm syz-executor.2: invalid block 01:16:23 executing program 0: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="200000004000000003000000300000030f000000000000000200000002000000008000000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000000140)="ed41000000000000dbf4655fdcf4655fdcf4655f0000000000000400080000000000000005000000080000000000000000000000000000000000000000000000bb", 0x41, 0x4200}], 0x0, &(0x7f0000013a00)) [ 239.725068][T22906] EXT4-fs (loop2): get root inode failed [ 239.730749][T22906] EXT4-fs (loop2): mount failed [ 239.764100][T22895] loop4: p3 size 1912633224 extends beyond EOD, truncated [ 239.806583][T22895] loop4: p4 size 3657465856 extends beyond EOD, truncated [ 239.925802][T22906] loop2: detected capacity change from 0 to 264192 [ 239.945644][T22906] EXT4-fs error (device loop2): __ext4_iget:4846: inode #2: block 3646141627: comm syz-executor.2: invalid block [ 239.957633][T22906] EXT4-fs (loop2): get root inode failed [ 239.963289][T22906] EXT4-fs (loop2): mount failed 01:16:24 executing program 5 (fault-call:7 fault-nth:62): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x7a05, 0x1700) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) write$cgroup_int(r2, &(0x7f0000000200), 0xf000) pwrite64(0xffffffffffffffff, 0x0, 0x0, 0x0) sendfile(r2, r3, 0x0, 0xf03b0000) sendfile(r1, r0, 0x0, 0x8000000000004) 01:16:24 executing program 1: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f000099e000)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$inet_tcp_int(r0, 0x6, 0x19, &(0x7f0000000000)=0x20, 0x4) sendto$inet(r0, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) sendmsg$NL80211_CMD_TDLS_MGMT(r0, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000180)={0x160, 0x0, 0x100, 0x70bd2b, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xc, 0x2a, [@mesh_chsw={0x76, 0x6, {0x4, 0x26, 0x3d, 0x6}}]}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8}, @NL80211_ATTR_IE={0x11e, 0x2a, [@mesh_id={0x72, 0x6}, @ht={0x2d, 0x1a, {0x8, 0x0, 0x1, 0x0, {0x3, 0x1, 0x0, 0x40, 0x0, 0x0, 0x0, 0x3, 0x1}, 0x8, 0x2, 0x2}}, @random_vendor={0xdd, 0xec, "5d4436042fb01afc776f15e249f78a5aa575849e3f8dfaf15c31ab8e96bc93a802a07f9a061d42824f799da013af85391831c9d4d7763587719e0a866b6530d86eec17b03908316c3b2f349db78ce75136f0513d4f0ded6c486518591507ef48244207ef1a137875c55b2461f29fc321232d421909e2e0b878d23b226b9204813abfd58338df63ec0f3a0aa1df08f6ee238f250e1f1517a9491032c8aeef45e3096f8c60fe39eb45570a9ed2a19c2671080fb03c84672b7a6d0050f45aaa2e93af2224c4b60edddc2d45831dacd11acc362166f47ff0f98148d5eea62845deed5ebbae8bd8bcb5c46cfa91e1"}, @ibss={0x6, 0x2, 0x1}, @supported_rates={0x1, 0x2, [{0x4}, {0xc}]}]}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8, 0xcb, 0x7fffffff}, @NL80211_ATTR_TDLS_INITIATOR={0x4}]}, 0x160}, 0x1, 0x0, 0x0, 0x20000004}, 0x4) recvfrom(r0, 0x0, 0x0, 0x734, 0x0, 0x0) 01:16:24 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(0xffffffffffffffff, 0x800c6613, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x800002, 0x12, r0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r1, &(0x7f000099e000)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$inet_tcp_int(r1, 0x6, 0x19, &(0x7f0000000000)=0x20, 0x4) sendto$inet(r1, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) ioctl$LOOP_GET_STATUS(0xffffffffffffffff, 0x125e, &(0x7f0000000080)) sendmsg$NL80211_CMD_TDLS_MGMT(r1, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000180)={0x160, 0x0, 0x100, 0x70bd2b, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xc, 0x2a, [@mesh_chsw={0x76, 0x6, {0x4, 0x26, 0x3d, 0x6}}]}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8}, @NL80211_ATTR_IE={0x11e, 0x2a, [@mesh_id={0x72, 0x6}, @ht={0x2d, 0x1a, {0x8, 0x0, 0x1, 0x0, {0x0, 0x1, 0x0, 0x40, 0x0, 0x0, 0x0, 0x3, 0x1}, 0x8, 0x2, 0x2}}, @random_vendor={0xdd, 0xec, "5d4436042fb01afc776f15e249f78a5aa575849e3f8dfaf15c31ab8e96bc93a802a07f9a061d42824f799da013af85391831c9d4d7763587719e0a866b6530d86eec17b03908316c3b2f349db78ce75136f0513d4f0ded6c486518591507ef48244207ef1a137875c55b2461f29fc321232d421909e2e0b878d23b226b9204813abfd58338df63ec0f3a0aa1df08f6ee238f250e1f1517a9491032c8aeef45e3096f8c60fe39eb45570a9ed2a19c2671080fb03c84672b7a6d0050f45aaa2e93af2224c4b60edddc2d45831dacd11acc362166f47ff0f98148d5eea62845deed5ebbae8bd8bcb5c46cfa91e1"}, @ibss={0x6, 0x2, 0x1}, @supported_rates={0x1, 0x2, [{0x4}, {0xc}]}]}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8, 0xcb, 0x7fffffff}, @NL80211_ATTR_TDLS_INITIATOR={0x4}]}, 0x160}, 0x1, 0x0, 0x0, 0x20000004}, 0x4) recvfrom(r1, &(0x7f0000000480)=""/110, 0xfffffe32, 0x734, 0x0, 0xffffffffffffff39) 01:16:24 executing program 0: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="200000004000000003000000300000040f000000000000000200000002000000008000000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000000140)="ed41000000000000dbf4655fdcf4655fdcf4655f0000000000000400080000000000000005000000080000000000000000000000000000000000000000000000bb", 0x41, 0x4200}], 0x0, &(0x7f0000013a00)) 01:16:24 executing program 4: syz_read_part_table(0xffffffc9, 0x1, &(0x7f0000000040)=[{&(0x7f0000000000)="020181ffffff0a000000ff45ac0000ffffffa9000800000000000000024000ffffff82000000e10000008877007200300700a6ffffff00000000008000da55aa", 0x40, 0x1c0}]) 01:16:24 executing program 2: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x80010000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="200000004000000003000000300000000f000000000000000200000002000000008000000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000000140)="ed41000000000000dbf4655fdcf4655fdcf4655f0000000000000400080000000000000005000000080000000000000000000000000000000000000000000000bbb453d966251f49b1ab9b5b4d3c3f8ccc23b5d09ae234926a1e667ee0255913fede62ba578c07a711", 0x69, 0x4200}], 0x0, &(0x7f0000013a00)) [ 240.137765][T22963] loop4: detected capacity change from 0 to 264192 [ 240.162659][T22965] FAULT_INJECTION: forcing a failure. [ 240.162659][T22965] name failslab, interval 1, probability 0, space 0, times 0 [ 240.171486][T22971] loop2: detected capacity change from 0 to 264192 [ 240.175359][T22965] CPU: 0 PID: 22965 Comm: syz-executor.5 Tainted: G W 5.14.0-syzkaller #0 [ 240.191610][T22965] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 240.201660][T22965] Call Trace: [ 240.204933][T22965] dump_stack_lvl+0xb7/0x103 [ 240.209524][T22965] dump_stack+0x11/0x1a [ 240.213672][T22965] should_fail+0x23c/0x250 [ 240.218166][T22965] ? mempool_alloc_slab+0x16/0x20 [ 240.223192][T22965] __should_failslab+0x81/0x90 [ 240.227958][T22965] should_failslab+0x5/0x20 [ 240.232476][T22965] kmem_cache_alloc+0x46/0x2e0 [ 240.237243][T22965] mempool_alloc_slab+0x16/0x20 [ 240.242147][T22965] ? mempool_free+0x130/0x130 [ 240.246828][T22965] mempool_alloc+0x8c/0x300 [ 240.251373][T22965] ? ext4_inode_block_valid+0x1cc/0x210 [ 240.256931][T22965] bio_alloc_bioset+0xcc/0x530 [ 240.261723][T22965] ? iov_iter_alignment+0x34b/0x370 [ 240.266914][T22965] iomap_dio_bio_actor+0x511/0xb50 [ 240.272045][T22965] ? ext4_iomap_begin+0x5d1/0x620 [ 240.277102][T22965] iomap_dio_actor+0x26e/0x3b0 [ 240.282046][T22965] ? ext4_iomap_overwrite_begin+0x5e/0x80 [ 240.287750][T22965] iomap_apply+0x1df/0x400 [ 240.292145][T22965] __iomap_dio_rw+0x62e/0xa60 [ 240.296818][T22965] ? __iomap_dio_rw+0xa60/0xa60 [ 240.301671][T22965] iomap_dio_rw+0x30/0x70 [ 240.305985][T22965] ext4_file_write_iter+0xa5e/0x11a0 [ 240.311285][T22965] do_iter_readv_writev+0x2cd/0x370 [ 240.316459][T22965] do_iter_write+0x192/0x5c0 [ 240.321044][T22965] ? splice_from_pipe_next+0x34f/0x3b0 [ 240.326577][T22965] ? kmalloc_array+0x2d/0x40 [ 240.331154][T22965] vfs_iter_write+0x4c/0x70 [ 240.335634][T22965] iter_file_splice_write+0x40a/0x750 [ 240.340986][T22965] ? splice_from_pipe+0xc0/0xc0 [ 240.345874][T22965] direct_splice_actor+0x80/0xa0 [ 240.350846][T22965] splice_direct_to_actor+0x345/0x650 [ 240.356224][T22965] ? do_splice_direct+0x170/0x170 [ 240.361224][T22965] do_splice_direct+0xf5/0x170 [ 240.365965][T22965] do_sendfile+0x618/0xb90 [ 240.370359][T22965] __x64_sys_sendfile64+0xf2/0x130 [ 240.375448][T22965] do_syscall_64+0x3d/0x90 [ 240.379856][T22965] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 240.385726][T22965] RIP: 0033:0x4665f9 [ 240.389616][T22965] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 240.409207][T22965] RSP: 002b:00007f439350a188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 240.417593][T22965] RAX: ffffffffffffffda RBX: 000000000056c038 RCX: 00000000004665f9 [ 240.425554][T22965] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000004 01:16:24 executing program 0: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="200000004000000003000000300000050f000000000000000200000002000000008000000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000000140)="ed41000000000000dbf4655fdcf4655fdcf4655f0000000000000400080000000000000005000000080000000000000000000000000000000000000000000000bb", 0x41, 0x4200}], 0x0, &(0x7f0000013a00)) 01:16:24 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(0xffffffffffffffff, 0x800c6613, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x800002, 0x12, r0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r1, &(0x7f000099e000)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$inet_tcp_int(r1, 0x6, 0x19, &(0x7f0000000000)=0x20, 0x4) sendto$inet(r1, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) ioctl$LOOP_GET_STATUS(0xffffffffffffffff, 0x125e, &(0x7f0000000080)) sendmsg$NL80211_CMD_TDLS_MGMT(r1, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000180)={0x160, 0x0, 0x100, 0x70bd2b, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xc, 0x2a, [@mesh_chsw={0x76, 0x6, {0x4, 0x26, 0x3d, 0x6}}]}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8}, @NL80211_ATTR_IE={0x11e, 0x2a, [@mesh_id={0x72, 0x6}, @ht={0x2d, 0x1a, {0x8, 0x0, 0x1, 0x0, {0x0, 0x1, 0x0, 0x40, 0x0, 0x0, 0x0, 0x3, 0x1}, 0x8, 0x2, 0x2}}, @random_vendor={0xdd, 0xec, "5d4436042fb01afc776f15e249f78a5aa575849e3f8dfaf15c31ab8e96bc93a802a07f9a061d42824f799da013af85391831c9d4d7763587719e0a866b6530d86eec17b03908316c3b2f349db78ce75136f0513d4f0ded6c486518591507ef48244207ef1a137875c55b2461f29fc321232d421909e2e0b878d23b226b9204813abfd58338df63ec0f3a0aa1df08f6ee238f250e1f1517a9491032c8aeef45e3096f8c60fe39eb45570a9ed2a19c2671080fb03c84672b7a6d0050f45aaa2e93af2224c4b60edddc2d45831dacd11acc362166f47ff0f98148d5eea62845deed5ebbae8bd8bcb5c46cfa91e1"}, @ibss={0x6, 0x2, 0x1}, @supported_rates={0x1, 0x2, [{0x4}, {0xc}]}]}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8, 0xcb, 0x7fffffff}, @NL80211_ATTR_TDLS_INITIATOR={0x4}]}, 0x160}, 0x1, 0x0, 0x0, 0x20000004}, 0x4) recvfrom(r1, &(0x7f0000000480)=""/110, 0xfffffe32, 0x734, 0x0, 0xffffffffffffff39) 01:16:24 executing program 1: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f000099e000)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$inet_tcp_int(r0, 0x6, 0x19, &(0x7f0000000000)=0x20, 0x4) sendto$inet(r0, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) sendmsg$NL80211_CMD_TDLS_MGMT(r0, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000180)={0x160, 0x0, 0x100, 0x70bd2b, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xc, 0x2a, [@mesh_chsw={0x76, 0x6, {0x4, 0x26, 0x3d, 0x6}}]}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8}, @NL80211_ATTR_IE={0x11e, 0x2a, [@mesh_id={0x72, 0x6}, @ht={0x2d, 0x1a, {0x8, 0x0, 0x1, 0x0, {0x3, 0x1, 0x0, 0x40, 0x0, 0x0, 0x0, 0x3, 0x1}, 0x8, 0x2, 0x2}}, @random_vendor={0xdd, 0xec, "5d4436042fb01afc776f15e249f78a5aa575849e3f8dfaf15c31ab8e96bc93a802a07f9a061d42824f799da013af85391831c9d4d7763587719e0a866b6530d86eec17b03908316c3b2f349db78ce75136f0513d4f0ded6c486518591507ef48244207ef1a137875c55b2461f29fc321232d421909e2e0b878d23b226b9204813abfd58338df63ec0f3a0aa1df08f6ee238f250e1f1517a9491032c8aeef45e3096f8c60fe39eb45570a9ed2a19c2671080fb03c84672b7a6d0050f45aaa2e93af2224c4b60edddc2d45831dacd11acc362166f47ff0f98148d5eea62845deed5ebbae8bd8bcb5c46cfa91e1"}, @ibss={0x6, 0x2, 0x1}, @supported_rates={0x1, 0x2, [{0x4}, {0xc}]}]}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8, 0xcb, 0x7fffffff}, @NL80211_ATTR_TDLS_INITIATOR={0x4}]}, 0x160}, 0x1, 0x0, 0x0, 0x20000004}, 0x4) recvfrom(r0, &(0x7f0000000480)=""/110, 0xfffffe32, 0x0, 0x0, 0xffffffffffffff39) [ 240.433503][T22965] RBP: 00007f439350a1d0 R08: 0000000000000000 R09: 0000000000000000 [ 240.441461][T22965] R10: 0008000000000004 R11: 0000000000000246 R12: 0000000000000002 [ 240.449418][T22965] R13: 00007ffeba6dfb3f R14: 00007f439350a300 R15: 0000000000022000 [ 240.466826][T22971] EXT4-fs error (device loop2): __ext4_iget:4846: inode #2: block 3646141627: comm syz-executor.2: invalid block [ 240.478772][T22971] EXT4-fs (loop2): get root inode failed [ 240.484541][T22971] EXT4-fs (loop2): mount failed [ 240.518345][T22963] loop4: p1 p2 p3 p4 [ 240.528443][T22963] loop4: p1 size 11290111 extends beyond EOD, truncated 01:16:24 executing program 0: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="200000004000000003000000300000060f000000000000000200000002000000008000000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000000140)="ed41000000000000dbf4655fdcf4655fdcf4655f0000000000000400080000000000000005000000080000000000000000000000000000000000000000000000bb", 0x41, 0x4200}], 0x0, &(0x7f0000013a00)) 01:16:24 executing program 1: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f000099e000)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$inet_tcp_int(r0, 0x6, 0x19, &(0x7f0000000000)=0x20, 0x4) sendto$inet(r0, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) sendmsg$NL80211_CMD_TDLS_MGMT(r0, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000180)={0x160, 0x0, 0x100, 0x70bd2b, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xc, 0x2a, [@mesh_chsw={0x76, 0x6, {0x4, 0x26, 0x3d, 0x6}}]}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8}, @NL80211_ATTR_IE={0x11e, 0x2a, [@mesh_id={0x72, 0x6}, @ht={0x2d, 0x1a, {0x8, 0x0, 0x1, 0x0, {0x3, 0x1, 0x0, 0x40, 0x0, 0x0, 0x0, 0x3, 0x1}, 0x8, 0x2, 0x2}}, @random_vendor={0xdd, 0xec, "5d4436042fb01afc776f15e249f78a5aa575849e3f8dfaf15c31ab8e96bc93a802a07f9a061d42824f799da013af85391831c9d4d7763587719e0a866b6530d86eec17b03908316c3b2f349db78ce75136f0513d4f0ded6c486518591507ef48244207ef1a137875c55b2461f29fc321232d421909e2e0b878d23b226b9204813abfd58338df63ec0f3a0aa1df08f6ee238f250e1f1517a9491032c8aeef45e3096f8c60fe39eb45570a9ed2a19c2671080fb03c84672b7a6d0050f45aaa2e93af2224c4b60edddc2d45831dacd11acc362166f47ff0f98148d5eea62845deed5ebbae8bd8bcb5c46cfa91e1"}, @ibss={0x6, 0x2, 0x1}, @supported_rates={0x1, 0x2, [{0x4}, {0xc}]}]}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8, 0xcb, 0x7fffffff}, @NL80211_ATTR_TDLS_INITIATOR={0x4}]}, 0x160}, 0x1, 0x0, 0x0, 0x20000004}, 0x4) recvfrom(r0, &(0x7f0000000480)=""/110, 0xfffffe32, 0x0, 0x0, 0xffffffffffffff39) 01:16:24 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(0xffffffffffffffff, 0x800c6613, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x800002, 0x12, r0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r1, &(0x7f000099e000)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$inet_tcp_int(r1, 0x6, 0x19, &(0x7f0000000000)=0x20, 0x4) sendto$inet(r1, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) ioctl$LOOP_GET_STATUS(0xffffffffffffffff, 0x125e, &(0x7f0000000080)) sendmsg$NL80211_CMD_TDLS_MGMT(r1, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000180)={0x160, 0x0, 0x100, 0x70bd2b, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xc, 0x2a, [@mesh_chsw={0x76, 0x6, {0x4, 0x26, 0x3d, 0x6}}]}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8}, @NL80211_ATTR_IE={0x11e, 0x2a, [@mesh_id={0x72, 0x6}, @ht={0x2d, 0x1a, {0x8, 0x0, 0x1, 0x0, {0x3, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x3, 0x1}, 0x8, 0x2, 0x2}}, @random_vendor={0xdd, 0xec, "5d4436042fb01afc776f15e249f78a5aa575849e3f8dfaf15c31ab8e96bc93a802a07f9a061d42824f799da013af85391831c9d4d7763587719e0a866b6530d86eec17b03908316c3b2f349db78ce75136f0513d4f0ded6c486518591507ef48244207ef1a137875c55b2461f29fc321232d421909e2e0b878d23b226b9204813abfd58338df63ec0f3a0aa1df08f6ee238f250e1f1517a9491032c8aeef45e3096f8c60fe39eb45570a9ed2a19c2671080fb03c84672b7a6d0050f45aaa2e93af2224c4b60edddc2d45831dacd11acc362166f47ff0f98148d5eea62845deed5ebbae8bd8bcb5c46cfa91e1"}, @ibss={0x6, 0x2, 0x1}, @supported_rates={0x1, 0x2, [{0x4}, {0xc}]}]}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8, 0xcb, 0x7fffffff}, @NL80211_ATTR_TDLS_INITIATOR={0x4}]}, 0x160}, 0x1, 0x0, 0x0, 0x20000004}, 0x4) recvfrom(r1, &(0x7f0000000480)=""/110, 0xfffffe32, 0x734, 0x0, 0xffffffffffffff39) [ 240.567748][T22963] loop4: p2 size 1073872896 extends beyond EOD, truncated [ 240.616058][T22971] loop2: detected capacity change from 0 to 264192 [ 240.651075][T22963] loop4: p3 size 1912633224 extends beyond EOD, truncated [ 240.681901][T22971] EXT4-fs error (device loop2): __ext4_iget:4846: inode #2: block 3646141627: comm syz-executor.2: invalid block [ 240.693969][T22971] EXT4-fs (loop2): get root inode failed [ 240.699639][T22971] EXT4-fs (loop2): mount failed [ 240.732649][T22963] loop4: p4 size 3657465856 extends beyond EOD, truncated [ 240.830592][T22963] loop4: detected capacity change from 0 to 264192 01:16:25 executing program 5 (fault-call:7 fault-nth:63): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x7a05, 0x1700) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) write$cgroup_int(r2, &(0x7f0000000200), 0xf000) pwrite64(0xffffffffffffffff, 0x0, 0x0, 0x0) sendfile(r2, r3, 0x0, 0xf03b0000) sendfile(r1, r0, 0x0, 0x8000000000004) 01:16:25 executing program 1: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f000099e000)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$inet_tcp_int(r0, 0x6, 0x19, &(0x7f0000000000)=0x20, 0x4) sendto$inet(r0, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) sendmsg$NL80211_CMD_TDLS_MGMT(r0, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000180)={0x160, 0x0, 0x100, 0x70bd2b, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xc, 0x2a, [@mesh_chsw={0x76, 0x6, {0x4, 0x26, 0x3d, 0x6}}]}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8}, @NL80211_ATTR_IE={0x11e, 0x2a, [@mesh_id={0x72, 0x6}, @ht={0x2d, 0x1a, {0x8, 0x0, 0x1, 0x0, {0x3, 0x1, 0x0, 0x40, 0x0, 0x0, 0x0, 0x3, 0x1}, 0x8, 0x2, 0x2}}, @random_vendor={0xdd, 0xec, "5d4436042fb01afc776f15e249f78a5aa575849e3f8dfaf15c31ab8e96bc93a802a07f9a061d42824f799da013af85391831c9d4d7763587719e0a866b6530d86eec17b03908316c3b2f349db78ce75136f0513d4f0ded6c486518591507ef48244207ef1a137875c55b2461f29fc321232d421909e2e0b878d23b226b9204813abfd58338df63ec0f3a0aa1df08f6ee238f250e1f1517a9491032c8aeef45e3096f8c60fe39eb45570a9ed2a19c2671080fb03c84672b7a6d0050f45aaa2e93af2224c4b60edddc2d45831dacd11acc362166f47ff0f98148d5eea62845deed5ebbae8bd8bcb5c46cfa91e1"}, @ibss={0x6, 0x2, 0x1}, @supported_rates={0x1, 0x2, [{0x4}, {0xc}]}]}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8, 0xcb, 0x7fffffff}, @NL80211_ATTR_TDLS_INITIATOR={0x4}]}, 0x160}, 0x1, 0x0, 0x0, 0x20000004}, 0x4) recvfrom(r0, &(0x7f0000000480)=""/110, 0xfffffe32, 0x0, 0x0, 0xffffffffffffff39) 01:16:25 executing program 0: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="200000004000000003000000300000070f000000000000000200000002000000008000000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000000140)="ed41000000000000dbf4655fdcf4655fdcf4655f0000000000000400080000000000000005000000080000000000000000000000000000000000000000000000bb", 0x41, 0x4200}], 0x0, &(0x7f0000013a00)) 01:16:25 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(0xffffffffffffffff, 0x800c6613, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x800002, 0x12, r0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r1, &(0x7f000099e000)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$inet_tcp_int(r1, 0x6, 0x19, &(0x7f0000000000)=0x20, 0x4) sendto$inet(r1, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) ioctl$LOOP_GET_STATUS(0xffffffffffffffff, 0x125e, &(0x7f0000000080)) sendmsg$NL80211_CMD_TDLS_MGMT(r1, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000180)={0x160, 0x0, 0x100, 0x70bd2b, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xc, 0x2a, [@mesh_chsw={0x76, 0x6, {0x4, 0x26, 0x3d, 0x6}}]}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8}, @NL80211_ATTR_IE={0x11e, 0x2a, [@mesh_id={0x72, 0x6}, @ht={0x2d, 0x1a, {0x8, 0x0, 0x1, 0x0, {0x3, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x3, 0x1}, 0x8, 0x2, 0x2}}, @random_vendor={0xdd, 0xec, "5d4436042fb01afc776f15e249f78a5aa575849e3f8dfaf15c31ab8e96bc93a802a07f9a061d42824f799da013af85391831c9d4d7763587719e0a866b6530d86eec17b03908316c3b2f349db78ce75136f0513d4f0ded6c486518591507ef48244207ef1a137875c55b2461f29fc321232d421909e2e0b878d23b226b9204813abfd58338df63ec0f3a0aa1df08f6ee238f250e1f1517a9491032c8aeef45e3096f8c60fe39eb45570a9ed2a19c2671080fb03c84672b7a6d0050f45aaa2e93af2224c4b60edddc2d45831dacd11acc362166f47ff0f98148d5eea62845deed5ebbae8bd8bcb5c46cfa91e1"}, @ibss={0x6, 0x2, 0x1}, @supported_rates={0x1, 0x2, [{0x4}, {0xc}]}]}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8, 0xcb, 0x7fffffff}, @NL80211_ATTR_TDLS_INITIATOR={0x4}]}, 0x160}, 0x1, 0x0, 0x0, 0x20000004}, 0x4) recvfrom(r1, &(0x7f0000000480)=""/110, 0xfffffe32, 0x734, 0x0, 0xffffffffffffff39) [ 240.923142][T22963] loop4: p1 p2 p3 p4 [ 240.952635][T22963] loop4: p1 size 11290111 extends beyond EOD, truncated [ 240.990690][T22963] loop4: p2 size 1073872896 extends beyond EOD, truncated [ 241.011873][T23032] FAULT_INJECTION: forcing a failure. [ 241.011873][T23032] name failslab, interval 1, probability 0, space 0, times 0 [ 241.024604][T23032] CPU: 0 PID: 23032 Comm: syz-executor.5 Tainted: G W 5.14.0-syzkaller #0 [ 241.034436][T23032] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 241.044488][T23032] Call Trace: [ 241.047764][T23032] dump_stack_lvl+0xb7/0x103 [ 241.052404][T23032] dump_stack+0x11/0x1a [ 241.056572][T23032] should_fail+0x23c/0x250 [ 241.060976][T23032] ? mempool_alloc_slab+0x16/0x20 [ 241.065977][T23032] __should_failslab+0x81/0x90 [ 241.070712][T23032] should_failslab+0x5/0x20 [ 241.075189][T23032] kmem_cache_alloc+0x46/0x2e0 [ 241.079933][T23032] mempool_alloc_slab+0x16/0x20 [ 241.084795][T23032] ? mempool_free+0x130/0x130 [ 241.089499][T23032] mempool_alloc+0x8c/0x300 [ 241.093987][T23032] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 241.100118][T23032] sg_pool_alloc+0x74/0x90 [ 241.104583][T23032] __sg_alloc_table+0xce/0x290 [ 241.109323][T23032] sg_alloc_table_chained+0xaf/0x140 [ 241.114599][T23032] ? sg_alloc_table_chained+0x140/0x140 [ 241.120133][T23032] scsi_alloc_sgtables+0x17c/0x500 [ 241.125337][T23032] sd_init_command+0x96a/0x1640 [ 241.130177][T23032] scsi_queue_rq+0x10e0/0x15a0 [ 241.135413][T23032] blk_mq_dispatch_rq_list+0x695/0x1040 [ 241.140950][T23032] ? __sbitmap_queue_get+0x11/0x20 [ 241.146044][T23032] blk_mq_do_dispatch_sched+0x3b5/0x640 [ 241.151644][T23032] __blk_mq_sched_dispatch_requests+0x1eb/0x290 [ 241.157919][T23032] ? rb_insert_color+0x2fa/0x310 [ 241.162861][T23032] blk_mq_sched_dispatch_requests+0x9f/0x110 [ 241.168824][T23032] __blk_mq_run_hw_queue+0xbc/0x140 [ 241.174089][T23032] __blk_mq_delay_run_hw_queue+0x163/0x2f0 [ 241.179925][T23032] blk_mq_run_hw_queue+0x22c/0x250 [ 241.185053][T23032] blk_mq_sched_insert_requests+0x12b/0x1f0 [ 241.190922][T23032] blk_mq_flush_plug_list+0x2f2/0x3c0 [ 241.196272][T23032] blk_flush_plug_list+0x235/0x260 [ 241.201459][T23032] blk_finish_plug+0x44/0x60 [ 241.206035][T23032] __iomap_dio_rw+0x797/0xa60 [ 241.210721][T23032] iomap_dio_rw+0x30/0x70 [ 241.215028][T23032] ext4_file_write_iter+0xa5e/0x11a0 [ 241.220289][T23032] do_iter_readv_writev+0x2cd/0x370 [ 241.225462][T23032] do_iter_write+0x192/0x5c0 [ 241.230040][T23032] ? splice_from_pipe_next+0x34f/0x3b0 [ 241.235546][T23032] ? kmalloc_array+0x2d/0x40 [ 241.240185][T23032] vfs_iter_write+0x4c/0x70 [ 241.244676][T23032] iter_file_splice_write+0x40a/0x750 [ 241.250044][T23032] ? splice_from_pipe+0xc0/0xc0 [ 241.254956][T23032] direct_splice_actor+0x80/0xa0 [ 241.259928][T23032] splice_direct_to_actor+0x345/0x650 [ 241.265278][T23032] ? do_splice_direct+0x170/0x170 [ 241.270282][T23032] do_splice_direct+0xf5/0x170 [ 241.275083][T23032] do_sendfile+0x618/0xb90 [ 241.279540][T23032] __x64_sys_sendfile64+0xf2/0x130 [ 241.284714][T23032] do_syscall_64+0x3d/0x90 [ 241.289114][T23032] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 241.294986][T23032] RIP: 0033:0x4665f9 [ 241.298860][T23032] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 241.318468][T23032] RSP: 002b:00007f439350a188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 241.326869][T23032] RAX: ffffffffffffffda RBX: 000000000056c038 RCX: 00000000004665f9 [ 241.334815][T23032] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000004 [ 241.343068][T23032] RBP: 00007f439350a1d0 R08: 0000000000000000 R09: 0000000000000000 [ 241.351090][T23032] R10: 0008000000000004 R11: 0000000000000246 R12: 0000000000000002 01:16:25 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(0xffffffffffffffff, 0x800c6613, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x800002, 0x12, r0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r1, &(0x7f000099e000)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$inet_tcp_int(r1, 0x6, 0x19, &(0x7f0000000000)=0x20, 0x4) sendto$inet(r1, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) ioctl$LOOP_GET_STATUS(0xffffffffffffffff, 0x125e, &(0x7f0000000080)) sendmsg$NL80211_CMD_TDLS_MGMT(r1, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000180)={0x160, 0x0, 0x100, 0x70bd2b, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xc, 0x2a, [@mesh_chsw={0x76, 0x6, {0x4, 0x26, 0x3d, 0x6}}]}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8}, @NL80211_ATTR_IE={0x11e, 0x2a, [@mesh_id={0x72, 0x6}, @ht={0x2d, 0x1a, {0x8, 0x0, 0x1, 0x0, {0x3, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x3, 0x1}, 0x8, 0x2, 0x2}}, @random_vendor={0xdd, 0xec, "5d4436042fb01afc776f15e249f78a5aa575849e3f8dfaf15c31ab8e96bc93a802a07f9a061d42824f799da013af85391831c9d4d7763587719e0a866b6530d86eec17b03908316c3b2f349db78ce75136f0513d4f0ded6c486518591507ef48244207ef1a137875c55b2461f29fc321232d421909e2e0b878d23b226b9204813abfd58338df63ec0f3a0aa1df08f6ee238f250e1f1517a9491032c8aeef45e3096f8c60fe39eb45570a9ed2a19c2671080fb03c84672b7a6d0050f45aaa2e93af2224c4b60edddc2d45831dacd11acc362166f47ff0f98148d5eea62845deed5ebbae8bd8bcb5c46cfa91e1"}, @ibss={0x6, 0x2, 0x1}, @supported_rates={0x1, 0x2, [{0x4}, {0xc}]}]}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8, 0xcb, 0x7fffffff}, @NL80211_ATTR_TDLS_INITIATOR={0x4}]}, 0x160}, 0x1, 0x0, 0x0, 0x20000004}, 0x4) recvfrom(r1, &(0x7f0000000480)=""/110, 0xfffffe32, 0x734, 0x0, 0xffffffffffffff39) 01:16:25 executing program 2: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x82010000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="200000004000000003000000300000000f000000000000000200000002000000008000000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000000140)="ed41000000000000dbf4655fdcf4655fdcf4655f0000000000000400080000000000000005000000080000000000000000000000000000000000000000000000bbb453d966251f49b1ab9b5b4d3c3f8ccc23b5d09ae234926a1e667ee0255913fede62ba578c07a711", 0x69, 0x4200}], 0x0, &(0x7f0000013a00)) 01:16:25 executing program 4: syz_read_part_table(0xffffffe4, 0x1, &(0x7f0000000040)=[{&(0x7f0000000000)="020181ffffff0a000000ff45ac0000ffffffa9000800000000000000024000ffffff82000000e10000008877007200300700a6ffffff00000000008000da55aa", 0x40, 0x1c0}]) 01:16:25 executing program 1: r0 = fsopen(&(0x7f0000000000)='jffs2\x00', 0x0) fsconfig$FSCONFIG_SET_FD(r0, 0x5, &(0x7f00000001c0)='%!^]^\x00', 0x0, r0) 01:16:25 executing program 0: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="200000004000000003000000300000080f000000000000000200000002000000008000000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000000140)="ed41000000000000dbf4655fdcf4655fdcf4655f0000000000000400080000000000000005000000080000000000000000000000000000000000000000000000bb", 0x41, 0x4200}], 0x0, &(0x7f0000013a00)) [ 241.359036][T23032] R13: 00007ffeba6dfb3f R14: 00007f439350a300 R15: 0000000000022000 [ 241.370471][T22963] loop4: p3 size 1912633224 extends beyond EOD, truncated [ 241.379172][T22963] loop4: p4 size 3657465856 extends beyond EOD, truncated [ 241.448098][T23049] loop2: detected capacity change from 0 to 264192 01:16:25 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) recvmsg(r0, &(0x7f0000001c00)={0x0, 0x0, 0x0}, 0x0) 01:16:25 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(0xffffffffffffffff, 0x800c6613, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x800002, 0x12, r0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r1, &(0x7f000099e000)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$inet_tcp_int(r1, 0x6, 0x19, &(0x7f0000000000)=0x20, 0x4) sendto$inet(r1, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) ioctl$LOOP_GET_STATUS(0xffffffffffffffff, 0x125e, &(0x7f0000000080)) sendmsg$NL80211_CMD_TDLS_MGMT(r1, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000180)={0x160, 0x0, 0x100, 0x70bd2b, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xc, 0x2a, [@mesh_chsw={0x76, 0x6, {0x4, 0x26, 0x3d, 0x6}}]}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8}, @NL80211_ATTR_IE={0x11e, 0x2a, [@mesh_id={0x72, 0x6}, @ht={0x2d, 0x1a, {0x8, 0x0, 0x1, 0x0, {0x3, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x1}, 0x8, 0x2, 0x2}}, @random_vendor={0xdd, 0xec, "5d4436042fb01afc776f15e249f78a5aa575849e3f8dfaf15c31ab8e96bc93a802a07f9a061d42824f799da013af85391831c9d4d7763587719e0a866b6530d86eec17b03908316c3b2f349db78ce75136f0513d4f0ded6c486518591507ef48244207ef1a137875c55b2461f29fc321232d421909e2e0b878d23b226b9204813abfd58338df63ec0f3a0aa1df08f6ee238f250e1f1517a9491032c8aeef45e3096f8c60fe39eb45570a9ed2a19c2671080fb03c84672b7a6d0050f45aaa2e93af2224c4b60edddc2d45831dacd11acc362166f47ff0f98148d5eea62845deed5ebbae8bd8bcb5c46cfa91e1"}, @ibss={0x6, 0x2, 0x1}, @supported_rates={0x1, 0x2, [{0x4}, {0xc}]}]}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8, 0xcb, 0x7fffffff}, @NL80211_ATTR_TDLS_INITIATOR={0x4}]}, 0x160}, 0x1, 0x0, 0x0, 0x20000004}, 0x4) recvfrom(r1, &(0x7f0000000480)=""/110, 0xfffffe32, 0x734, 0x0, 0xffffffffffffff39) 01:16:25 executing program 0: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="2000000040000000030000003000000a0f000000000000000200000002000000008000000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000000140)="ed41000000000000dbf4655fdcf4655fdcf4655f0000000000000400080000000000000005000000080000000000000000000000000000000000000000000000bb", 0x41, 0x4200}], 0x0, &(0x7f0000013a00)) [ 241.544371][T23065] loop4: detected capacity change from 0 to 264192 [ 241.612353][T23049] EXT4-fs error (device loop2): __ext4_iget:4846: inode #2: block 3646141627: comm syz-executor.2: invalid block [ 241.624313][T23049] EXT4-fs (loop2): get root inode failed [ 241.630006][T23049] EXT4-fs (loop2): mount failed 01:16:26 executing program 5 (fault-call:7 fault-nth:64): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x7a05, 0x1700) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) write$cgroup_int(r2, &(0x7f0000000200), 0xf000) pwrite64(0xffffffffffffffff, 0x0, 0x0, 0x0) sendfile(r2, r3, 0x0, 0xf03b0000) sendfile(r1, r0, 0x0, 0x8000000000004) 01:16:26 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(0xffffffffffffffff, 0x800c6613, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x800002, 0x12, r0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r1, &(0x7f000099e000)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$inet_tcp_int(r1, 0x6, 0x19, &(0x7f0000000000)=0x20, 0x4) sendto$inet(r1, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) ioctl$LOOP_GET_STATUS(0xffffffffffffffff, 0x125e, &(0x7f0000000080)) sendmsg$NL80211_CMD_TDLS_MGMT(r1, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000180)={0x160, 0x0, 0x100, 0x70bd2b, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xc, 0x2a, [@mesh_chsw={0x76, 0x6, {0x4, 0x26, 0x3d, 0x6}}]}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8}, @NL80211_ATTR_IE={0x11e, 0x2a, [@mesh_id={0x72, 0x6}, @ht={0x2d, 0x1a, {0x8, 0x0, 0x1, 0x0, {0x3, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x1}, 0x8, 0x2, 0x2}}, @random_vendor={0xdd, 0xec, "5d4436042fb01afc776f15e249f78a5aa575849e3f8dfaf15c31ab8e96bc93a802a07f9a061d42824f799da013af85391831c9d4d7763587719e0a866b6530d86eec17b03908316c3b2f349db78ce75136f0513d4f0ded6c486518591507ef48244207ef1a137875c55b2461f29fc321232d421909e2e0b878d23b226b9204813abfd58338df63ec0f3a0aa1df08f6ee238f250e1f1517a9491032c8aeef45e3096f8c60fe39eb45570a9ed2a19c2671080fb03c84672b7a6d0050f45aaa2e93af2224c4b60edddc2d45831dacd11acc362166f47ff0f98148d5eea62845deed5ebbae8bd8bcb5c46cfa91e1"}, @ibss={0x6, 0x2, 0x1}, @supported_rates={0x1, 0x2, [{0x4}, {0xc}]}]}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8, 0xcb, 0x7fffffff}, @NL80211_ATTR_TDLS_INITIATOR={0x4}]}, 0x160}, 0x1, 0x0, 0x0, 0x20000004}, 0x4) recvfrom(r1, &(0x7f0000000480)=""/110, 0xfffffe32, 0x734, 0x0, 0xffffffffffffff39) 01:16:26 executing program 0: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="2000000040000000030000003000000b0f000000000000000200000002000000008000000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000000140)="ed41000000000000dbf4655fdcf4655fdcf4655f0000000000000400080000000000000005000000080000000000000000000000000000000000000000000000bb", 0x41, 0x4200}], 0x0, &(0x7f0000013a00)) [ 241.706117][T23065] loop4: p1 p2 p3 p4 [ 241.710408][T23065] loop4: p1 size 11290111 extends beyond EOD, truncated [ 241.723367][T23065] loop4: p2 size 1073872896 extends beyond EOD, truncated [ 241.731729][T23065] loop4: p3 size 1912633224 extends beyond EOD, truncated [ 241.739775][T23065] loop4: p4 size 3657465856 extends beyond EOD, truncated [ 241.776329][T23049] loop2: detected capacity change from 0 to 264192 [ 241.828037][T23049] EXT4-fs error (device loop2): __ext4_iget:4846: inode #2: block 3646141627: comm syz-executor.2: invalid block [ 241.840067][T23049] EXT4-fs (loop2): get root inode failed [ 241.845723][T23049] EXT4-fs (loop2): mount failed [ 241.877771][T23065] loop4: detected capacity change from 0 to 264192 [ 241.896445][T23098] FAULT_INJECTION: forcing a failure. [ 241.896445][T23098] name failslab, interval 1, probability 0, space 0, times 0 [ 241.909131][T23098] CPU: 0 PID: 23098 Comm: syz-executor.5 Tainted: G W 5.14.0-syzkaller #0 [ 241.918932][T23098] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 241.928987][T23098] Call Trace: [ 241.932259][T23098] dump_stack_lvl+0xb7/0x103 [ 241.936855][T23098] dump_stack+0x11/0x1a [ 241.941047][T23098] should_fail+0x23c/0x250 [ 241.945448][T23098] ? kmalloc_array+0x2d/0x40 [ 241.950056][T23098] __should_failslab+0x81/0x90 [ 241.954812][T23098] should_failslab+0x5/0x20 [ 241.959307][T23098] __kmalloc+0x66/0x340 [ 241.963466][T23098] ? ktime_get_coarse_real_ts64+0x10d/0x120 [ 241.969422][T23098] ? splice_from_pipe+0xc0/0xc0 [ 241.974258][T23098] kmalloc_array+0x2d/0x40 [ 241.978739][T23098] iter_file_splice_write+0xc6/0x750 [ 241.984008][T23098] ? atime_needs_update+0x239/0x390 [ 241.989193][T23098] ? touch_atime+0xcf/0x240 [ 241.993751][T23098] ? generic_file_splice_read+0x286/0x310 [ 241.999458][T23098] ? splice_from_pipe+0xc0/0xc0 [ 242.004317][T23098] direct_splice_actor+0x80/0xa0 [ 242.009253][T23098] splice_direct_to_actor+0x345/0x650 [ 242.014613][T23098] ? do_splice_direct+0x170/0x170 [ 242.019673][T23098] do_splice_direct+0xf5/0x170 [ 242.024426][T23098] do_sendfile+0x618/0xb90 [ 242.028825][T23098] __x64_sys_sendfile64+0xf2/0x130 [ 242.033930][T23098] do_syscall_64+0x3d/0x90 [ 242.038372][T23098] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 242.044249][T23098] RIP: 0033:0x4665f9 [ 242.048120][T23098] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 242.067725][T23098] RSP: 002b:00007f439350a188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 01:16:26 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(0xffffffffffffffff, 0x800c6613, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x800002, 0x12, r0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r1, &(0x7f000099e000)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$inet_tcp_int(r1, 0x6, 0x19, &(0x7f0000000000)=0x20, 0x4) sendto$inet(r1, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) ioctl$LOOP_GET_STATUS(0xffffffffffffffff, 0x125e, &(0x7f0000000080)) sendmsg$NL80211_CMD_TDLS_MGMT(r1, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000180)={0x160, 0x0, 0x100, 0x70bd2b, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xc, 0x2a, [@mesh_chsw={0x76, 0x6, {0x4, 0x26, 0x3d, 0x6}}]}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8}, @NL80211_ATTR_IE={0x11e, 0x2a, [@mesh_id={0x72, 0x6}, @ht={0x2d, 0x1a, {0x8, 0x0, 0x1, 0x0, {0x3, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x1}, 0x8, 0x2, 0x2}}, @random_vendor={0xdd, 0xec, "5d4436042fb01afc776f15e249f78a5aa575849e3f8dfaf15c31ab8e96bc93a802a07f9a061d42824f799da013af85391831c9d4d7763587719e0a866b6530d86eec17b03908316c3b2f349db78ce75136f0513d4f0ded6c486518591507ef48244207ef1a137875c55b2461f29fc321232d421909e2e0b878d23b226b9204813abfd58338df63ec0f3a0aa1df08f6ee238f250e1f1517a9491032c8aeef45e3096f8c60fe39eb45570a9ed2a19c2671080fb03c84672b7a6d0050f45aaa2e93af2224c4b60edddc2d45831dacd11acc362166f47ff0f98148d5eea62845deed5ebbae8bd8bcb5c46cfa91e1"}, @ibss={0x6, 0x2, 0x1}, @supported_rates={0x1, 0x2, [{0x4}, {0xc}]}]}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8, 0xcb, 0x7fffffff}, @NL80211_ATTR_TDLS_INITIATOR={0x4}]}, 0x160}, 0x1, 0x0, 0x0, 0x20000004}, 0x4) recvfrom(r1, &(0x7f0000000480)=""/110, 0xfffffe32, 0x734, 0x0, 0xffffffffffffff39) 01:16:26 executing program 0: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="200000004000000003000000300000180f000000000000000200000002000000008000000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000000140)="ed41000000000000dbf4655fdcf4655fdcf4655f0000000000000400080000000000000005000000080000000000000000000000000000000000000000000000bb", 0x41, 0x4200}], 0x0, &(0x7f0000013a00)) [ 242.076163][T23098] RAX: ffffffffffffffda RBX: 000000000056c038 RCX: 00000000004665f9 [ 242.084134][T23098] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000004 [ 242.092095][T23098] RBP: 00007f439350a1d0 R08: 0000000000000000 R09: 0000000000000000 [ 242.100101][T23098] R10: 0008000000000004 R11: 0000000000000246 R12: 0000000000000002 [ 242.108056][T23098] R13: 00007ffeba6dfb3f R14: 00007f439350a300 R15: 0000000000022000 01:16:26 executing program 2: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x83010000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="200000004000000003000000300000000f000000000000000200000002000000008000000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000000140)="ed41000000000000dbf4655fdcf4655fdcf4655f0000000000000400080000000000000005000000080000000000000000000000000000000000000000000000bbb453d966251f49b1ab9b5b4d3c3f8ccc23b5d09ae234926a1e667ee0255913fede62ba578c07a711", 0x69, 0x4200}], 0x0, &(0x7f0000013a00)) 01:16:26 executing program 4: syz_read_part_table(0xfffffff6, 0x1, &(0x7f0000000040)=[{&(0x7f0000000000)="020181ffffff0a000000ff45ac0000ffffffa9000800000000000000024000ffffff82000000e10000008877007200300700a6ffffff00000000008000da55aa", 0x40, 0x1c0}]) 01:16:26 executing program 0: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="2000000040000000030000003000001c0f000000000000000200000002000000008000000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000000140)="ed41000000000000dbf4655fdcf4655fdcf4655f0000000000000400080000000000000005000000080000000000000000000000000000000000000000000000bb", 0x41, 0x4200}], 0x0, &(0x7f0000013a00)) 01:16:26 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(0xffffffffffffffff, 0x800c6613, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x800002, 0x12, r0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r1, &(0x7f000099e000)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$inet_tcp_int(r1, 0x6, 0x19, &(0x7f0000000000)=0x20, 0x4) sendto$inet(r1, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) ioctl$LOOP_GET_STATUS(0xffffffffffffffff, 0x125e, &(0x7f0000000080)) sendmsg$NL80211_CMD_TDLS_MGMT(r1, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000180)={0x160, 0x0, 0x100, 0x70bd2b, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xc, 0x2a, [@mesh_chsw={0x76, 0x6, {0x4, 0x26, 0x3d, 0x6}}]}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8}, @NL80211_ATTR_IE={0x11e, 0x2a, [@mesh_id={0x72, 0x6}, @ht={0x2d, 0x1a, {0x8, 0x0, 0x1, 0x0, {0x3, 0x1, 0x0, 0x40, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x8, 0x2, 0x2}}, @random_vendor={0xdd, 0xec, "5d4436042fb01afc776f15e249f78a5aa575849e3f8dfaf15c31ab8e96bc93a802a07f9a061d42824f799da013af85391831c9d4d7763587719e0a866b6530d86eec17b03908316c3b2f349db78ce75136f0513d4f0ded6c486518591507ef48244207ef1a137875c55b2461f29fc321232d421909e2e0b878d23b226b9204813abfd58338df63ec0f3a0aa1df08f6ee238f250e1f1517a9491032c8aeef45e3096f8c60fe39eb45570a9ed2a19c2671080fb03c84672b7a6d0050f45aaa2e93af2224c4b60edddc2d45831dacd11acc362166f47ff0f98148d5eea62845deed5ebbae8bd8bcb5c46cfa91e1"}, @ibss={0x6, 0x2, 0x1}, @supported_rates={0x1, 0x2, [{0x4}, {0xc}]}]}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8, 0xcb, 0x7fffffff}, @NL80211_ATTR_TDLS_INITIATOR={0x4}]}, 0x160}, 0x1, 0x0, 0x0, 0x20000004}, 0x4) recvfrom(r1, &(0x7f0000000480)=""/110, 0xfffffe32, 0x734, 0x0, 0xffffffffffffff39) [ 242.274047][T23123] loop2: detected capacity change from 0 to 264192 [ 242.321281][T23129] loop4: detected capacity change from 0 to 264192 [ 242.330422][T23123] EXT4-fs error (device loop2): __ext4_iget:4846: inode #2: block 3646141627: comm syz-executor.2: invalid block [ 242.342372][T23123] EXT4-fs (loop2): get root inode failed [ 242.348022][T23123] EXT4-fs (loop2): mount failed 01:16:26 executing program 1: mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mkdir(&(0x7f0000000300)='./file0/file0\x00', 0x0) mount(&(0x7f0000000380)=ANY=[@ANYBLOB='./file0'], &(0x7f00000001c0)='./file0/file0\x00', 0x0, 0x201000, 0x0) mount(0x0, &(0x7f00000000c0)='./file0/file0\x00', 0x0, 0x2104020, 0x0) move_mount(0xffffffffffffff9c, &(0x7f0000000040)='./file0/file0\x00', 0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0) 01:16:26 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(0xffffffffffffffff, 0x800c6613, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x800002, 0x12, r0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r1, &(0x7f000099e000)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$inet_tcp_int(r1, 0x6, 0x19, &(0x7f0000000000)=0x20, 0x4) sendto$inet(r1, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) ioctl$LOOP_GET_STATUS(0xffffffffffffffff, 0x125e, &(0x7f0000000080)) sendmsg$NL80211_CMD_TDLS_MGMT(r1, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000180)={0x160, 0x0, 0x100, 0x70bd2b, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xc, 0x2a, [@mesh_chsw={0x76, 0x6, {0x4, 0x26, 0x3d, 0x6}}]}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8}, @NL80211_ATTR_IE={0x11e, 0x2a, [@mesh_id={0x72, 0x6}, @ht={0x2d, 0x1a, {0x8, 0x0, 0x1, 0x0, {0x3, 0x1, 0x0, 0x40, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x8, 0x2, 0x2}}, @random_vendor={0xdd, 0xec, "5d4436042fb01afc776f15e249f78a5aa575849e3f8dfaf15c31ab8e96bc93a802a07f9a061d42824f799da013af85391831c9d4d7763587719e0a866b6530d86eec17b03908316c3b2f349db78ce75136f0513d4f0ded6c486518591507ef48244207ef1a137875c55b2461f29fc321232d421909e2e0b878d23b226b9204813abfd58338df63ec0f3a0aa1df08f6ee238f250e1f1517a9491032c8aeef45e3096f8c60fe39eb45570a9ed2a19c2671080fb03c84672b7a6d0050f45aaa2e93af2224c4b60edddc2d45831dacd11acc362166f47ff0f98148d5eea62845deed5ebbae8bd8bcb5c46cfa91e1"}, @ibss={0x6, 0x2, 0x1}, @supported_rates={0x1, 0x2, [{0x4}, {0xc}]}]}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8, 0xcb, 0x7fffffff}, @NL80211_ATTR_TDLS_INITIATOR={0x4}]}, 0x160}, 0x1, 0x0, 0x0, 0x20000004}, 0x4) recvfrom(r1, &(0x7f0000000480)=""/110, 0xfffffe32, 0x734, 0x0, 0xffffffffffffff39) 01:16:26 executing program 0: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="200000004000000003000000300000260f000000000000000200000002000000008000000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000000140)="ed41000000000000dbf4655fdcf4655fdcf4655f0000000000000400080000000000000005000000080000000000000000000000000000000000000000000000bb", 0x41, 0x4200}], 0x0, &(0x7f0000013a00)) [ 242.455442][T23129] loop4: p1 p2 p3 p4 [ 242.463726][T23123] loop2: detected capacity change from 0 to 264192 [ 242.470749][T23129] loop4: p1 size 11290111 extends beyond EOD, truncated [ 242.528413][T23123] EXT4-fs error (device loop2): __ext4_iget:4846: inode #2: block 3646141627: comm syz-executor.2: invalid block [ 242.540410][T23123] EXT4-fs (loop2): get root inode failed [ 242.546075][T23123] EXT4-fs (loop2): mount failed [ 242.566651][T23129] loop4: p2 size 1073872896 extends beyond EOD, truncated 01:16:26 executing program 5 (fault-call:7 fault-nth:65): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x7a05, 0x1700) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) write$cgroup_int(r2, &(0x7f0000000200), 0xf000) pwrite64(0xffffffffffffffff, 0x0, 0x0, 0x0) sendfile(r2, r3, 0x0, 0xf03b0000) sendfile(r1, r0, 0x0, 0x8000000000004) 01:16:26 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(0xffffffffffffffff, 0x800c6613, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x800002, 0x12, r0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r1, &(0x7f000099e000)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$inet_tcp_int(r1, 0x6, 0x19, &(0x7f0000000000)=0x20, 0x4) sendto$inet(r1, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) ioctl$LOOP_GET_STATUS(0xffffffffffffffff, 0x125e, &(0x7f0000000080)) sendmsg$NL80211_CMD_TDLS_MGMT(r1, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000180)={0x160, 0x0, 0x100, 0x70bd2b, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xc, 0x2a, [@mesh_chsw={0x76, 0x6, {0x4, 0x26, 0x3d, 0x6}}]}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8}, @NL80211_ATTR_IE={0x11e, 0x2a, [@mesh_id={0x72, 0x6}, @ht={0x2d, 0x1a, {0x8, 0x0, 0x1, 0x0, {0x3, 0x1, 0x0, 0x40, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x8, 0x2, 0x2}}, @random_vendor={0xdd, 0xec, "5d4436042fb01afc776f15e249f78a5aa575849e3f8dfaf15c31ab8e96bc93a802a07f9a061d42824f799da013af85391831c9d4d7763587719e0a866b6530d86eec17b03908316c3b2f349db78ce75136f0513d4f0ded6c486518591507ef48244207ef1a137875c55b2461f29fc321232d421909e2e0b878d23b226b9204813abfd58338df63ec0f3a0aa1df08f6ee238f250e1f1517a9491032c8aeef45e3096f8c60fe39eb45570a9ed2a19c2671080fb03c84672b7a6d0050f45aaa2e93af2224c4b60edddc2d45831dacd11acc362166f47ff0f98148d5eea62845deed5ebbae8bd8bcb5c46cfa91e1"}, @ibss={0x6, 0x2, 0x1}, @supported_rates={0x1, 0x2, [{0x4}, {0xc}]}]}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8, 0xcb, 0x7fffffff}, @NL80211_ATTR_TDLS_INITIATOR={0x4}]}, 0x160}, 0x1, 0x0, 0x0, 0x20000004}, 0x4) recvfrom(r1, &(0x7f0000000480)=""/110, 0xfffffe32, 0x734, 0x0, 0xffffffffffffff39) 01:16:26 executing program 0: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="200000004000000003000000300000fe0f000000000000000200000002000000008000000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000000140)="ed41000000000000dbf4655fdcf4655fdcf4655f0000000000000400080000000000000005000000080000000000000000000000000000000000000000000000bb", 0x41, 0x4200}], 0x0, &(0x7f0000013a00)) [ 242.615252][T23129] loop4: p3 size 1912633224 extends beyond EOD, truncated 01:16:26 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(0xffffffffffffffff, 0x800c6613, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x800002, 0x12, r0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r1, &(0x7f000099e000)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$inet_tcp_int(r1, 0x6, 0x19, &(0x7f0000000000)=0x20, 0x4) sendto$inet(r1, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) ioctl$LOOP_GET_STATUS(0xffffffffffffffff, 0x125e, &(0x7f0000000080)) sendmsg$NL80211_CMD_TDLS_MGMT(r1, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000180)={0x160, 0x0, 0x100, 0x70bd2b, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xc, 0x2a, [@mesh_chsw={0x76, 0x6, {0x4, 0x26, 0x3d, 0x6}}]}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8}, @NL80211_ATTR_IE={0x11e, 0x2a, [@mesh_id={0x72, 0x6}, @ht={0x2d, 0x1a, {0x8, 0x0, 0x1, 0x0, {0x3, 0x1, 0x0, 0x40, 0x0, 0x0, 0x0, 0x3}, 0x8, 0x2, 0x2}}, @random_vendor={0xdd, 0xec, "5d4436042fb01afc776f15e249f78a5aa575849e3f8dfaf15c31ab8e96bc93a802a07f9a061d42824f799da013af85391831c9d4d7763587719e0a866b6530d86eec17b03908316c3b2f349db78ce75136f0513d4f0ded6c486518591507ef48244207ef1a137875c55b2461f29fc321232d421909e2e0b878d23b226b9204813abfd58338df63ec0f3a0aa1df08f6ee238f250e1f1517a9491032c8aeef45e3096f8c60fe39eb45570a9ed2a19c2671080fb03c84672b7a6d0050f45aaa2e93af2224c4b60edddc2d45831dacd11acc362166f47ff0f98148d5eea62845deed5ebbae8bd8bcb5c46cfa91e1"}, @ibss={0x6, 0x2, 0x1}, @supported_rates={0x1, 0x2, [{0x4}, {0xc}]}]}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8, 0xcb, 0x7fffffff}, @NL80211_ATTR_TDLS_INITIATOR={0x4}]}, 0x160}, 0x1, 0x0, 0x0, 0x20000004}, 0x4) recvfrom(r1, &(0x7f0000000480)=""/110, 0xfffffe32, 0x734, 0x0, 0xffffffffffffff39) [ 242.659002][T23147] EXT4-fs (sda1): re-mounted. Opts: (null). Quota mode: none. [ 242.672347][T23129] loop4: p4 size 3657465856 extends beyond EOD, truncated 01:16:26 executing program 0: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="200000004000000003000000300000001f000000000000000200000002000000008000000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000000140)="ed41000000000000dbf4655fdcf4655fdcf4655f0000000000000400080000000000000005000000080000000000000000000000000000000000000000000000bb", 0x41, 0x4200}], 0x0, &(0x7f0000013a00)) [ 242.707699][T23152] EXT4-fs (sda1): re-mounted. Opts: (null). Quota mode: none. [ 242.739334][T23166] FAULT_INJECTION: forcing a failure. [ 242.739334][T23166] name failslab, interval 1, probability 0, space 0, times 0 [ 242.752045][T23166] CPU: 0 PID: 23166 Comm: syz-executor.5 Tainted: G W 5.14.0-syzkaller #0 [ 242.761897][T23166] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 242.771952][T23166] Call Trace: [ 242.775271][T23166] dump_stack_lvl+0xb7/0x103 [ 242.779888][T23166] dump_stack+0x11/0x1a [ 242.784040][T23166] should_fail+0x23c/0x250 [ 242.788471][T23166] __should_failslab+0x81/0x90 [ 242.793225][T23166] ? __iomap_dio_rw+0xf2/0xa60 [ 242.797996][T23166] should_failslab+0x5/0x20 [ 242.802501][T23166] kmem_cache_alloc_trace+0x49/0x310 [ 242.807778][T23166] __iomap_dio_rw+0xf2/0xa60 [ 242.812400][T23166] ? ext4_es_lookup_extent+0x36b/0x490 [ 242.817859][T23166] ? ktime_get_coarse_real_ts64+0x10d/0x120 [ 242.823830][T23166] ? file_update_time+0x1bd/0x3e0 [ 242.828910][T23166] iomap_dio_rw+0x30/0x70 [ 242.833219][T23166] ext4_file_write_iter+0xa5e/0x11a0 [ 242.838487][T23166] do_iter_readv_writev+0x2cd/0x370 [ 242.843720][T23166] do_iter_write+0x192/0x5c0 [ 242.848297][T23166] ? kcsan_setup_watchpoint+0x231/0x3e0 [ 242.853819][T23166] vfs_iter_write+0x4c/0x70 [ 242.858298][T23166] iter_file_splice_write+0x40a/0x750 [ 242.863778][T23166] ? splice_from_pipe+0xc0/0xc0 [ 242.868660][T23166] direct_splice_actor+0x80/0xa0 [ 242.873697][T23166] splice_direct_to_actor+0x345/0x650 [ 242.879068][T23166] ? do_splice_direct+0x170/0x170 [ 242.884113][T23166] do_splice_direct+0xf5/0x170 [ 242.888995][T23166] do_sendfile+0x618/0xb90 [ 242.893393][T23166] __x64_sys_sendfile64+0xf2/0x130 [ 242.898589][T23166] do_syscall_64+0x3d/0x90 [ 242.902986][T23166] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 242.908904][T23166] RIP: 0033:0x4665f9 [ 242.912867][T23166] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 242.932451][T23166] RSP: 002b:00007f439350a188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 242.941058][T23166] RAX: ffffffffffffffda RBX: 000000000056c038 RCX: 00000000004665f9 [ 242.949020][T23166] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000004 01:16:27 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(0xffffffffffffffff, 0x800c6613, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x800002, 0x12, r0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r1, &(0x7f000099e000)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$inet_tcp_int(r1, 0x6, 0x19, &(0x7f0000000000)=0x20, 0x4) sendto$inet(r1, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) ioctl$LOOP_GET_STATUS(0xffffffffffffffff, 0x125e, &(0x7f0000000080)) sendmsg$NL80211_CMD_TDLS_MGMT(r1, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000180)={0x160, 0x0, 0x100, 0x70bd2b, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xc, 0x2a, [@mesh_chsw={0x76, 0x6, {0x4, 0x26, 0x3d, 0x6}}]}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8}, @NL80211_ATTR_IE={0x11e, 0x2a, [@mesh_id={0x72, 0x6}, @ht={0x2d, 0x1a, {0x8, 0x0, 0x1, 0x0, {0x3, 0x1, 0x0, 0x40, 0x0, 0x0, 0x0, 0x3}, 0x8, 0x2, 0x2}}, @random_vendor={0xdd, 0xec, "5d4436042fb01afc776f15e249f78a5aa575849e3f8dfaf15c31ab8e96bc93a802a07f9a061d42824f799da013af85391831c9d4d7763587719e0a866b6530d86eec17b03908316c3b2f349db78ce75136f0513d4f0ded6c486518591507ef48244207ef1a137875c55b2461f29fc321232d421909e2e0b878d23b226b9204813abfd58338df63ec0f3a0aa1df08f6ee238f250e1f1517a9491032c8aeef45e3096f8c60fe39eb45570a9ed2a19c2671080fb03c84672b7a6d0050f45aaa2e93af2224c4b60edddc2d45831dacd11acc362166f47ff0f98148d5eea62845deed5ebbae8bd8bcb5c46cfa91e1"}, @ibss={0x6, 0x2, 0x1}, @supported_rates={0x1, 0x2, [{0x4}, {0xc}]}]}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8, 0xcb, 0x7fffffff}, @NL80211_ATTR_TDLS_INITIATOR={0x4}]}, 0x160}, 0x1, 0x0, 0x0, 0x20000004}, 0x4) recvfrom(r1, &(0x7f0000000480)=""/110, 0xfffffe32, 0x734, 0x0, 0xffffffffffffff39) [ 242.956982][T23166] RBP: 00007f439350a1d0 R08: 0000000000000000 R09: 0000000000000000 [ 242.964976][T23166] R10: 0008000000000004 R11: 0000000000000246 R12: 0000000000000002 [ 242.973048][T23166] R13: 00007ffeba6dfb3f R14: 00007f439350a300 R15: 0000000000022000 [ 243.039604][T23129] loop4: detected capacity change from 0 to 264192 01:16:27 executing program 4: syz_read_part_table(0xfffffffb, 0x1, &(0x7f0000000040)=[{&(0x7f0000000000)="020181ffffff0a000000ff45ac0000ffffffa9000800000000000000024000ffffff82000000e10000008877007200300700a6ffffff00000000008000da55aa", 0x40, 0x1c0}]) 01:16:27 executing program 2: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x84010000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="200000004000000003000000300000000f000000000000000200000002000000008000000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000000140)="ed41000000000000dbf4655fdcf4655fdcf4655f0000000000000400080000000000000005000000080000000000000000000000000000000000000000000000bbb453d966251f49b1ab9b5b4d3c3f8ccc23b5d09ae234926a1e667ee0255913fede62ba578c07a711", 0x69, 0x4200}], 0x0, &(0x7f0000013a00)) 01:16:27 executing program 1: r0 = perf_event_open$cgroup(&(0x7f0000000100)={0x8, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_REFRESH(r0, 0x2402, 0x0) 01:16:27 executing program 0: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="2000000040000000030000003000000040000000000000000200000002000000008000000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000000140)="ed41000000000000dbf4655fdcf4655fdcf4655f0000000000000400080000000000000005000000080000000000000000000000000000000000000000000000bb", 0x41, 0x4200}], 0x0, &(0x7f0000013a00)) 01:16:27 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(0xffffffffffffffff, 0x800c6613, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x800002, 0x12, r0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r1, &(0x7f000099e000)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$inet_tcp_int(r1, 0x6, 0x19, &(0x7f0000000000)=0x20, 0x4) sendto$inet(r1, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) ioctl$LOOP_GET_STATUS(0xffffffffffffffff, 0x125e, &(0x7f0000000080)) sendmsg$NL80211_CMD_TDLS_MGMT(r1, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000180)={0x160, 0x0, 0x100, 0x70bd2b, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xc, 0x2a, [@mesh_chsw={0x76, 0x6, {0x4, 0x26, 0x3d, 0x6}}]}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8}, @NL80211_ATTR_IE={0x11e, 0x2a, [@mesh_id={0x72, 0x6}, @ht={0x2d, 0x1a, {0x8, 0x0, 0x1, 0x0, {0x3, 0x1, 0x0, 0x40, 0x0, 0x0, 0x0, 0x3}, 0x8, 0x2, 0x2}}, @random_vendor={0xdd, 0xec, "5d4436042fb01afc776f15e249f78a5aa575849e3f8dfaf15c31ab8e96bc93a802a07f9a061d42824f799da013af85391831c9d4d7763587719e0a866b6530d86eec17b03908316c3b2f349db78ce75136f0513d4f0ded6c486518591507ef48244207ef1a137875c55b2461f29fc321232d421909e2e0b878d23b226b9204813abfd58338df63ec0f3a0aa1df08f6ee238f250e1f1517a9491032c8aeef45e3096f8c60fe39eb45570a9ed2a19c2671080fb03c84672b7a6d0050f45aaa2e93af2224c4b60edddc2d45831dacd11acc362166f47ff0f98148d5eea62845deed5ebbae8bd8bcb5c46cfa91e1"}, @ibss={0x6, 0x2, 0x1}, @supported_rates={0x1, 0x2, [{0x4}, {0xc}]}]}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8, 0xcb, 0x7fffffff}, @NL80211_ATTR_TDLS_INITIATOR={0x4}]}, 0x160}, 0x1, 0x0, 0x0, 0x20000004}, 0x4) recvfrom(r1, &(0x7f0000000480)=""/110, 0xfffffe32, 0x734, 0x0, 0xffffffffffffff39) [ 243.115536][T23129] loop4: p1 p2 p3 p4 [ 243.119985][T23129] loop4: p1 size 11290111 extends beyond EOD, truncated [ 243.128010][T23129] loop4: p2 size 1073872896 extends beyond EOD, truncated [ 243.136145][T23129] loop4: p3 size 1912633224 extends beyond EOD, truncated [ 243.144278][T23129] loop4: p4 size 3657465856 extends beyond EOD, truncated 01:16:27 executing program 0: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="200000004000000003000000300000fffe000000000000000200000002000000008000000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000000140)="ed41000000000000dbf4655fdcf4655fdcf4655f0000000000000400080000000000000005000000080000000000000000000000000000000000000000000000bb", 0x41, 0x4200}], 0x0, &(0x7f0000013a00)) [ 243.225664][T23204] loop2: detected capacity change from 0 to 264192 [ 243.321912][T23204] EXT4-fs error (device loop2): __ext4_iget:4846: inode #2: block 3646141627: comm syz-executor.2: invalid block [ 243.338912][T23204] EXT4-fs (loop2): get root inode failed [ 243.344685][T23204] EXT4-fs (loop2): mount failed [ 243.355123][T23221] loop4: detected capacity change from 0 to 264192 01:16:27 executing program 5 (fault-call:7 fault-nth:66): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x7a05, 0x1700) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) write$cgroup_int(r2, &(0x7f0000000200), 0xf000) pwrite64(0xffffffffffffffff, 0x0, 0x0, 0x0) sendfile(r2, r3, 0x0, 0xf03b0000) sendfile(r1, r0, 0x0, 0x8000000000004) 01:16:27 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(0xffffffffffffffff, 0x800c6613, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x800002, 0x12, r0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r1, &(0x7f000099e000)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$inet_tcp_int(r1, 0x6, 0x19, &(0x7f0000000000)=0x20, 0x4) sendto$inet(r1, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) ioctl$LOOP_GET_STATUS(0xffffffffffffffff, 0x125e, &(0x7f0000000080)) sendmsg$NL80211_CMD_TDLS_MGMT(r1, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000180)={0x160, 0x0, 0x100, 0x70bd2b, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xc, 0x2a, [@mesh_chsw={0x76, 0x6, {0x4, 0x26, 0x3d, 0x6}}]}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8}, @NL80211_ATTR_IE={0x11e, 0x2a, [@mesh_id={0x72, 0x6}, @ht={0x2d, 0x1a, {0x8, 0x0, 0x1, 0x0, {0x3, 0x1, 0x0, 0x40, 0x0, 0x0, 0x0, 0x3, 0x1}, 0x0, 0x2, 0x2}}, @random_vendor={0xdd, 0xec, "5d4436042fb01afc776f15e249f78a5aa575849e3f8dfaf15c31ab8e96bc93a802a07f9a061d42824f799da013af85391831c9d4d7763587719e0a866b6530d86eec17b03908316c3b2f349db78ce75136f0513d4f0ded6c486518591507ef48244207ef1a137875c55b2461f29fc321232d421909e2e0b878d23b226b9204813abfd58338df63ec0f3a0aa1df08f6ee238f250e1f1517a9491032c8aeef45e3096f8c60fe39eb45570a9ed2a19c2671080fb03c84672b7a6d0050f45aaa2e93af2224c4b60edddc2d45831dacd11acc362166f47ff0f98148d5eea62845deed5ebbae8bd8bcb5c46cfa91e1"}, @ibss={0x6, 0x2, 0x1}, @supported_rates={0x1, 0x2, [{0x4}, {0xc}]}]}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8, 0xcb, 0x7fffffff}, @NL80211_ATTR_TDLS_INITIATOR={0x4}]}, 0x160}, 0x1, 0x0, 0x0, 0x20000004}, 0x4) recvfrom(r1, &(0x7f0000000480)=""/110, 0xfffffe32, 0x734, 0x0, 0xffffffffffffff39) 01:16:27 executing program 1: perf_event_open$cgroup(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x84031, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) 01:16:27 executing program 0: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000400000000300000030000000fe000000000000000200000002000000008000000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000000140)="ed41000000000000dbf4655fdcf4655fdcf4655f0000000000000400080000000000000005000000080000000000000000000000000000000000000000000000bb", 0x41, 0x4200}], 0x0, &(0x7f0000013a00)) [ 243.437152][T23221] loop4: p1 p2 p3 p4 [ 243.441965][T23221] loop4: p1 size 11290111 extends beyond EOD, truncated [ 243.449684][T23221] loop4: p2 size 1073872896 extends beyond EOD, truncated [ 243.470585][T23204] loop2: detected capacity change from 0 to 264192 [ 243.525000][T23204] EXT4-fs error (device loop2): __ext4_iget:4846: inode #2: block 3646141627: comm syz-executor.2: invalid block [ 243.537020][T23204] EXT4-fs (loop2): get root inode failed [ 243.542841][T23204] EXT4-fs (loop2): mount failed [ 243.551702][T23221] loop4: p3 size 1912633224 extends beyond EOD, truncated 01:16:27 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(0xffffffffffffffff, 0x800c6613, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x800002, 0x12, r0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r1, &(0x7f000099e000)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$inet_tcp_int(r1, 0x6, 0x19, &(0x7f0000000000)=0x20, 0x4) sendto$inet(r1, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) ioctl$LOOP_GET_STATUS(0xffffffffffffffff, 0x125e, &(0x7f0000000080)) sendmsg$NL80211_CMD_TDLS_MGMT(r1, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000180)={0x160, 0x0, 0x100, 0x70bd2b, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xc, 0x2a, [@mesh_chsw={0x76, 0x6, {0x4, 0x26, 0x3d, 0x6}}]}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8}, @NL80211_ATTR_IE={0x11e, 0x2a, [@mesh_id={0x72, 0x6}, @ht={0x2d, 0x1a, {0x8, 0x0, 0x1, 0x0, {0x3, 0x1, 0x0, 0x40, 0x0, 0x0, 0x0, 0x3, 0x1}, 0x0, 0x2, 0x2}}, @random_vendor={0xdd, 0xec, "5d4436042fb01afc776f15e249f78a5aa575849e3f8dfaf15c31ab8e96bc93a802a07f9a061d42824f799da013af85391831c9d4d7763587719e0a866b6530d86eec17b03908316c3b2f349db78ce75136f0513d4f0ded6c486518591507ef48244207ef1a137875c55b2461f29fc321232d421909e2e0b878d23b226b9204813abfd58338df63ec0f3a0aa1df08f6ee238f250e1f1517a9491032c8aeef45e3096f8c60fe39eb45570a9ed2a19c2671080fb03c84672b7a6d0050f45aaa2e93af2224c4b60edddc2d45831dacd11acc362166f47ff0f98148d5eea62845deed5ebbae8bd8bcb5c46cfa91e1"}, @ibss={0x6, 0x2, 0x1}, @supported_rates={0x1, 0x2, [{0x4}, {0xc}]}]}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8, 0xcb, 0x7fffffff}, @NL80211_ATTR_TDLS_INITIATOR={0x4}]}, 0x160}, 0x1, 0x0, 0x0, 0x20000004}, 0x4) recvfrom(r1, &(0x7f0000000480)=""/110, 0xfffffe32, 0x734, 0x0, 0xffffffffffffff39) 01:16:27 executing program 0: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000400000000300000030000000feff0000000000000200000002000000008000000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000000140)="ed41000000000000dbf4655fdcf4655fdcf4655f0000000000000400080000000000000005000000080000000000000000000000000000000000000000000000bb", 0x41, 0x4200}], 0x0, &(0x7f0000013a00)) [ 243.598149][T23242] FAULT_INJECTION: forcing a failure. [ 243.598149][T23242] name failslab, interval 1, probability 0, space 0, times 0 [ 243.610908][T23242] CPU: 0 PID: 23242 Comm: syz-executor.5 Tainted: G W 5.14.0-syzkaller #0 [ 243.620787][T23242] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 243.630873][T23242] Call Trace: [ 243.634179][T23242] dump_stack_lvl+0xb7/0x103 [ 243.638786][T23242] dump_stack+0x11/0x1a [ 243.643113][T23242] should_fail+0x23c/0x250 [ 243.647583][T23242] ? mempool_alloc_slab+0x16/0x20 [ 243.652671][T23242] __should_failslab+0x81/0x90 [ 243.657430][T23242] should_failslab+0x5/0x20 [ 243.661932][T23242] kmem_cache_alloc+0x46/0x2e0 [ 243.666795][T23242] mempool_alloc_slab+0x16/0x20 [ 243.671728][T23242] ? mempool_free+0x130/0x130 [ 243.676412][T23242] mempool_alloc+0x8c/0x300 [ 243.680952][T23242] ? ext4_inode_block_valid+0x1cc/0x210 [ 243.686581][T23242] bio_alloc_bioset+0xcc/0x530 [ 243.691623][T23242] ? iov_iter_alignment+0x34b/0x370 [ 243.696879][T23242] iomap_dio_bio_actor+0x511/0xb50 [ 243.701994][T23242] ? ext4_iomap_begin+0x5d1/0x620 [ 243.707021][T23242] iomap_dio_actor+0x26e/0x3b0 [ 243.711778][T23242] ? ext4_iomap_overwrite_begin+0x5e/0x80 [ 243.717483][T23242] iomap_apply+0x1df/0x400 [ 243.721875][T23242] __iomap_dio_rw+0x62e/0xa60 [ 243.726601][T23242] ? __iomap_dio_rw+0xa60/0xa60 [ 243.731431][T23242] iomap_dio_rw+0x30/0x70 [ 243.735753][T23242] ext4_file_write_iter+0xa5e/0x11a0 [ 243.741066][T23242] do_iter_readv_writev+0x2cd/0x370 [ 243.746242][T23242] do_iter_write+0x192/0x5c0 [ 243.750826][T23242] ? splice_from_pipe_next+0x34f/0x3b0 [ 243.756263][T23242] ? kcsan_setup_watchpoint+0x231/0x3e0 [ 243.761781][T23242] vfs_iter_write+0x4c/0x70 [ 243.766258][T23242] iter_file_splice_write+0x40a/0x750 [ 243.771606][T23242] ? splice_from_pipe+0xc0/0xc0 [ 243.776434][T23242] direct_splice_actor+0x80/0xa0 [ 243.781380][T23242] splice_direct_to_actor+0x345/0x650 [ 243.786769][T23242] ? do_splice_direct+0x170/0x170 [ 243.791807][T23242] do_splice_direct+0xf5/0x170 [ 243.796641][T23242] do_sendfile+0x618/0xb90 [ 243.801055][T23242] __x64_sys_sendfile64+0xf2/0x130 [ 243.806151][T23242] do_syscall_64+0x3d/0x90 [ 243.810598][T23242] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 243.816496][T23242] RIP: 0033:0x4665f9 [ 243.820491][T23242] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 243.840074][T23242] RSP: 002b:00007f439350a188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 243.848486][T23242] RAX: ffffffffffffffda RBX: 000000000056c038 RCX: 00000000004665f9 [ 243.856472][T23242] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000004 [ 243.864431][T23242] RBP: 00007f439350a1d0 R08: 0000000000000000 R09: 0000000000000000 [ 243.872394][T23242] R10: 0008000000000004 R11: 0000000000000246 R12: 0000000000000002 [ 243.880397][T23242] R13: 00007ffeba6dfb3f R14: 00007f439350a300 R15: 0000000000022000 [ 243.889268][T23221] loop4: p4 size 3657465856 extends beyond EOD, truncated 01:16:28 executing program 4: syz_read_part_table(0xfffffffd, 0x1, &(0x7f0000000040)=[{&(0x7f0000000000)="020181ffffff0a000000ff45ac0000ffffffa9000800000000000000024000ffffff82000000e10000008877007200300700a6ffffff00000000008000da55aa", 0x40, 0x1c0}]) 01:16:28 executing program 1: r0 = gettid() perf_event_open(&(0x7f00000001c0)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, r0, 0x0, 0xffffffffffffffff, 0x0) 01:16:28 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(0xffffffffffffffff, 0x800c6613, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x800002, 0x12, r0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r1, &(0x7f000099e000)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$inet_tcp_int(r1, 0x6, 0x19, &(0x7f0000000000)=0x20, 0x4) sendto$inet(r1, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) ioctl$LOOP_GET_STATUS(0xffffffffffffffff, 0x125e, &(0x7f0000000080)) sendmsg$NL80211_CMD_TDLS_MGMT(r1, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000180)={0x160, 0x0, 0x100, 0x70bd2b, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xc, 0x2a, [@mesh_chsw={0x76, 0x6, {0x4, 0x26, 0x3d, 0x6}}]}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8}, @NL80211_ATTR_IE={0x11e, 0x2a, [@mesh_id={0x72, 0x6}, @ht={0x2d, 0x1a, {0x8, 0x0, 0x1, 0x0, {0x3, 0x1, 0x0, 0x40, 0x0, 0x0, 0x0, 0x3, 0x1}, 0x0, 0x2, 0x2}}, @random_vendor={0xdd, 0xec, "5d4436042fb01afc776f15e249f78a5aa575849e3f8dfaf15c31ab8e96bc93a802a07f9a061d42824f799da013af85391831c9d4d7763587719e0a866b6530d86eec17b03908316c3b2f349db78ce75136f0513d4f0ded6c486518591507ef48244207ef1a137875c55b2461f29fc321232d421909e2e0b878d23b226b9204813abfd58338df63ec0f3a0aa1df08f6ee238f250e1f1517a9491032c8aeef45e3096f8c60fe39eb45570a9ed2a19c2671080fb03c84672b7a6d0050f45aaa2e93af2224c4b60edddc2d45831dacd11acc362166f47ff0f98148d5eea62845deed5ebbae8bd8bcb5c46cfa91e1"}, @ibss={0x6, 0x2, 0x1}, @supported_rates={0x1, 0x2, [{0x4}, {0xc}]}]}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8, 0xcb, 0x7fffffff}, @NL80211_ATTR_TDLS_INITIATOR={0x4}]}, 0x160}, 0x1, 0x0, 0x0, 0x20000004}, 0x4) recvfrom(r1, &(0x7f0000000480)=""/110, 0xfffffe32, 0x734, 0x0, 0xffffffffffffff39) 01:16:28 executing program 0: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000400000000300000030000000feffffff000000000200000002000000008000000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000000140)="ed41000000000000dbf4655fdcf4655fdcf4655f0000000000000400080000000000000005000000080000000000000000000000000000000000000000000000bb", 0x41, 0x4200}], 0x0, &(0x7f0000013a00)) 01:16:28 executing program 2: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x85010000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="200000004000000003000000300000000f000000000000000200000002000000008000000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000000140)="ed41000000000000dbf4655fdcf4655fdcf4655f0000000000000400080000000000000005000000080000000000000000000000000000000000000000000000bbb453d966251f49b1ab9b5b4d3c3f8ccc23b5d09ae234926a1e667ee0255913fede62ba578c07a711", 0x69, 0x4200}], 0x0, &(0x7f0000013a00)) [ 243.983620][T23221] loop4: detected capacity change from 0 to 264192 [ 244.051163][T23275] loop2: detected capacity change from 0 to 264192 01:16:28 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(0xffffffffffffffff, 0x800c6613, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x800002, 0x12, r0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r1, &(0x7f000099e000)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$inet_tcp_int(r1, 0x6, 0x19, &(0x7f0000000000)=0x20, 0x4) sendto$inet(r1, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) ioctl$LOOP_GET_STATUS(0xffffffffffffffff, 0x125e, &(0x7f0000000080)) sendmsg$NL80211_CMD_TDLS_MGMT(r1, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000180)={0x160, 0x0, 0x100, 0x70bd2b, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xc, 0x2a, [@mesh_chsw={0x76, 0x6, {0x4, 0x26, 0x3d, 0x6}}]}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8}, @NL80211_ATTR_IE={0x11e, 0x2a, [@mesh_id={0x72, 0x6}, @ht={0x2d, 0x1a, {0x8, 0x0, 0x1, 0x0, {0x3, 0x1, 0x0, 0x40, 0x0, 0x0, 0x0, 0x3, 0x1}, 0x8, 0x0, 0x2}}, @random_vendor={0xdd, 0xec, "5d4436042fb01afc776f15e249f78a5aa575849e3f8dfaf15c31ab8e96bc93a802a07f9a061d42824f799da013af85391831c9d4d7763587719e0a866b6530d86eec17b03908316c3b2f349db78ce75136f0513d4f0ded6c486518591507ef48244207ef1a137875c55b2461f29fc321232d421909e2e0b878d23b226b9204813abfd58338df63ec0f3a0aa1df08f6ee238f250e1f1517a9491032c8aeef45e3096f8c60fe39eb45570a9ed2a19c2671080fb03c84672b7a6d0050f45aaa2e93af2224c4b60edddc2d45831dacd11acc362166f47ff0f98148d5eea62845deed5ebbae8bd8bcb5c46cfa91e1"}, @ibss={0x6, 0x2, 0x1}, @supported_rates={0x1, 0x2, [{0x4}, {0xc}]}]}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8, 0xcb, 0x7fffffff}, @NL80211_ATTR_TDLS_INITIATOR={0x4}]}, 0x160}, 0x1, 0x0, 0x0, 0x20000004}, 0x4) recvfrom(r1, &(0x7f0000000480)=""/110, 0xfffffe32, 0x734, 0x0, 0xffffffffffffff39) [ 244.181080][T23285] loop4: detected capacity change from 0 to 264192 [ 244.209262][T23275] EXT4-fs error (device loop2): __ext4_iget:4846: inode #2: block 3646141627: comm syz-executor.2: invalid block [ 244.221225][T23275] EXT4-fs (loop2): get root inode failed [ 244.226851][T23275] EXT4-fs (loop2): mount failed [ 244.303925][T23285] loop4: p1 p2 p3 p4 [ 244.318289][T23285] loop4: p1 size 11290111 extends beyond EOD, truncated [ 244.328272][T23275] loop2: detected capacity change from 0 to 264192 01:16:28 executing program 5 (fault-call:7 fault-nth:67): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x7a05, 0x1700) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) write$cgroup_int(r2, &(0x7f0000000200), 0xf000) pwrite64(0xffffffffffffffff, 0x0, 0x0, 0x0) sendfile(r2, r3, 0x0, 0xf03b0000) sendfile(r1, r0, 0x0, 0x8000000000004) 01:16:28 executing program 1: r0 = socket$inet6_udp(0xa, 0x2, 0x0) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x8933, &(0x7f0000000040)={'batadv_slave_0\x00', 0x0}) ioctl$RTC_WIE_ON(0xffffffffffffffff, 0x700f) ioctl$sock_inet6_SIOCDIFADDR(r1, 0x8936, &(0x7f0000000000)={@empty, 0x0, r2}) ioctl$sock_inet6_SIOCSIFADDR(r0, 0x8916, &(0x7f0000000080)={@private2={0xfc, 0x2, '\x00', 0x1}, 0x18, r2}) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @multicast2}}, 0x1c) setsockopt$inet6_IPV6_RTHDR(r0, 0x29, 0x39, &(0x7f0000000040)={0x11, 0x2, 0x1, 0x47, 0x0, [@empty]}, 0x18) setsockopt$IP6T_SO_SET_ADD_COUNTERS(r0, 0x29, 0x41, &(0x7f0000000140)=ANY=[@ANYBLOB="66696c746572000000000000000000000000feffffffffffffff00000000000004000000000000000000000000000000000000000000000000000000000000e083400000000000fd44c8d0c929fcaca8d66132d00000000000000000000000000000000000000020a99fd400000000deff0000000000"], 0x68) 01:16:28 executing program 0: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000400000000300000030000000feffffffffffffff0200000002000000008000000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000000140)="ed41000000000000dbf4655fdcf4655fdcf4655f0000000000000400080000000000000005000000080000000000000000000000000000000000000000000000bb", 0x41, 0x4200}], 0x0, &(0x7f0000013a00)) 01:16:28 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(0xffffffffffffffff, 0x800c6613, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x800002, 0x12, r0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r1, &(0x7f000099e000)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$inet_tcp_int(r1, 0x6, 0x19, &(0x7f0000000000)=0x20, 0x4) sendto$inet(r1, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) ioctl$LOOP_GET_STATUS(0xffffffffffffffff, 0x125e, &(0x7f0000000080)) sendmsg$NL80211_CMD_TDLS_MGMT(r1, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000180)={0x160, 0x0, 0x100, 0x70bd2b, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xc, 0x2a, [@mesh_chsw={0x76, 0x6, {0x4, 0x26, 0x3d, 0x6}}]}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8}, @NL80211_ATTR_IE={0x11e, 0x2a, [@mesh_id={0x72, 0x6}, @ht={0x2d, 0x1a, {0x8, 0x0, 0x1, 0x0, {0x3, 0x1, 0x0, 0x40, 0x0, 0x0, 0x0, 0x3, 0x1}, 0x8, 0x0, 0x2}}, @random_vendor={0xdd, 0xec, "5d4436042fb01afc776f15e249f78a5aa575849e3f8dfaf15c31ab8e96bc93a802a07f9a061d42824f799da013af85391831c9d4d7763587719e0a866b6530d86eec17b03908316c3b2f349db78ce75136f0513d4f0ded6c486518591507ef48244207ef1a137875c55b2461f29fc321232d421909e2e0b878d23b226b9204813abfd58338df63ec0f3a0aa1df08f6ee238f250e1f1517a9491032c8aeef45e3096f8c60fe39eb45570a9ed2a19c2671080fb03c84672b7a6d0050f45aaa2e93af2224c4b60edddc2d45831dacd11acc362166f47ff0f98148d5eea62845deed5ebbae8bd8bcb5c46cfa91e1"}, @ibss={0x6, 0x2, 0x1}, @supported_rates={0x1, 0x2, [{0x4}, {0xc}]}]}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8, 0xcb, 0x7fffffff}, @NL80211_ATTR_TDLS_INITIATOR={0x4}]}, 0x160}, 0x1, 0x0, 0x0, 0x20000004}, 0x4) recvfrom(r1, &(0x7f0000000480)=""/110, 0xfffffe32, 0x734, 0x0, 0xffffffffffffff39) [ 244.349942][T23285] loop4: p2 size 1073872896 extends beyond EOD, truncated [ 244.384828][T23275] EXT4-fs error (device loop2): __ext4_iget:4846: inode #2: block 3646141627: comm syz-executor.2: invalid block [ 244.396926][T23275] EXT4-fs (loop2): get root inode failed [ 244.402707][T23275] EXT4-fs (loop2): mount failed [ 244.443089][T23285] loop4: p3 size 1912633224 extends beyond EOD, truncated [ 244.461674][T23309] FAULT_INJECTION: forcing a failure. [ 244.461674][T23309] name failslab, interval 1, probability 0, space 0, times 0 [ 244.474324][T23309] CPU: 0 PID: 23309 Comm: syz-executor.5 Tainted: G W 5.14.0-syzkaller #0 [ 244.484125][T23309] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 244.494183][T23309] Call Trace: [ 244.497455][T23309] dump_stack_lvl+0xb7/0x103 [ 244.502124][T23309] dump_stack+0x11/0x1a [ 244.506280][T23309] should_fail+0x23c/0x250 [ 244.510766][T23309] ? mempool_alloc_slab+0x16/0x20 [ 244.515890][T23309] __should_failslab+0x81/0x90 [ 244.520646][T23309] should_failslab+0x5/0x20 [ 244.525125][T23309] kmem_cache_alloc+0x46/0x2e0 [ 244.530062][T23309] mempool_alloc_slab+0x16/0x20 [ 244.534971][T23309] ? mempool_free+0x130/0x130 [ 244.539651][T23309] mempool_alloc+0x8c/0x300 [ 244.544140][T23309] sg_pool_alloc+0x74/0x90 [ 244.548606][T23309] __sg_alloc_table+0xce/0x290 [ 244.553355][T23309] sg_alloc_table_chained+0xaf/0x140 [ 244.558619][T23309] ? sg_alloc_table_chained+0x140/0x140 [ 244.564142][T23309] scsi_alloc_sgtables+0x17c/0x500 [ 244.569256][T23309] sd_init_command+0x96a/0x1640 [ 244.574083][T23309] scsi_queue_rq+0x10e0/0x15a0 [ 244.578907][T23309] blk_mq_dispatch_rq_list+0x695/0x1040 [ 244.584465][T23309] ? __sbitmap_queue_get+0x11/0x20 [ 244.592243][T23309] blk_mq_do_dispatch_sched+0x3b5/0x640 [ 244.597807][T23309] __blk_mq_sched_dispatch_requests+0x1eb/0x290 [ 244.604037][T23309] ? rb_insert_color+0x2fa/0x310 [ 244.608957][T23309] blk_mq_sched_dispatch_requests+0x9f/0x110 [ 244.614918][T23309] __blk_mq_run_hw_queue+0xbc/0x140 [ 244.620132][T23309] __blk_mq_delay_run_hw_queue+0x163/0x2f0 [ 244.625916][T23309] blk_mq_run_hw_queue+0x22c/0x250 [ 244.631075][T23309] blk_mq_sched_insert_requests+0x12b/0x1f0 [ 244.637014][T23309] blk_mq_flush_plug_list+0x2f2/0x3c0 [ 244.642362][T23309] blk_flush_plug_list+0x235/0x260 [ 244.647447][T23309] blk_finish_plug+0x44/0x60 [ 244.652015][T23309] __iomap_dio_rw+0x797/0xa60 [ 244.656705][T23309] iomap_dio_rw+0x30/0x70 [ 244.661056][T23309] ext4_file_write_iter+0xa5e/0x11a0 [ 244.666386][T23309] do_iter_readv_writev+0x2cd/0x370 [ 244.671565][T23309] do_iter_write+0x192/0x5c0 [ 244.676231][T23309] ? splice_from_pipe_next+0x34f/0x3b0 [ 244.681665][T23309] ? kmalloc_array+0x2d/0x40 [ 244.686231][T23309] vfs_iter_write+0x4c/0x70 [ 244.690718][T23309] iter_file_splice_write+0x40a/0x750 [ 244.696120][T23309] ? splice_from_pipe+0xc0/0xc0 [ 244.700948][T23309] direct_splice_actor+0x80/0xa0 [ 244.705957][T23309] splice_direct_to_actor+0x345/0x650 [ 244.711325][T23309] ? do_splice_direct+0x170/0x170 [ 244.716366][T23309] do_splice_direct+0xf5/0x170 [ 244.721172][T23309] do_sendfile+0x618/0xb90 [ 244.725569][T23309] __x64_sys_sendfile64+0xf2/0x130 [ 244.730687][T23309] do_syscall_64+0x3d/0x90 [ 244.735082][T23309] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 244.741045][T23309] RIP: 0033:0x4665f9 [ 244.744935][T23309] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 244.764517][T23309] RSP: 002b:00007f439350a188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 244.772943][T23309] RAX: ffffffffffffffda RBX: 000000000056c038 RCX: 00000000004665f9 [ 244.780898][T23309] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000004 01:16:29 executing program 1: r0 = syz_io_uring_setup(0x3f86, &(0x7f0000002d00), &(0x7f00007fd000/0x800000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000002d80), &(0x7f0000002dc0)) mmap$IORING_OFF_SQ_RING(&(0x7f000089a000/0x3000)=nil, 0x3000, 0x0, 0x10, r0, 0x0) 01:16:29 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(0xffffffffffffffff, 0x800c6613, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x800002, 0x12, r0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r1, &(0x7f000099e000)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$inet_tcp_int(r1, 0x6, 0x19, &(0x7f0000000000)=0x20, 0x4) sendto$inet(r1, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) ioctl$LOOP_GET_STATUS(0xffffffffffffffff, 0x125e, &(0x7f0000000080)) sendmsg$NL80211_CMD_TDLS_MGMT(r1, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000180)={0x160, 0x0, 0x100, 0x70bd2b, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xc, 0x2a, [@mesh_chsw={0x76, 0x6, {0x4, 0x26, 0x3d, 0x6}}]}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8}, @NL80211_ATTR_IE={0x11e, 0x2a, [@mesh_id={0x72, 0x6}, @ht={0x2d, 0x1a, {0x8, 0x0, 0x1, 0x0, {0x3, 0x1, 0x0, 0x40, 0x0, 0x0, 0x0, 0x3, 0x1}, 0x8, 0x0, 0x2}}, @random_vendor={0xdd, 0xec, "5d4436042fb01afc776f15e249f78a5aa575849e3f8dfaf15c31ab8e96bc93a802a07f9a061d42824f799da013af85391831c9d4d7763587719e0a866b6530d86eec17b03908316c3b2f349db78ce75136f0513d4f0ded6c486518591507ef48244207ef1a137875c55b2461f29fc321232d421909e2e0b878d23b226b9204813abfd58338df63ec0f3a0aa1df08f6ee238f250e1f1517a9491032c8aeef45e3096f8c60fe39eb45570a9ed2a19c2671080fb03c84672b7a6d0050f45aaa2e93af2224c4b60edddc2d45831dacd11acc362166f47ff0f98148d5eea62845deed5ebbae8bd8bcb5c46cfa91e1"}, @ibss={0x6, 0x2, 0x1}, @supported_rates={0x1, 0x2, [{0x4}, {0xc}]}]}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8, 0xcb, 0x7fffffff}, @NL80211_ATTR_TDLS_INITIATOR={0x4}]}, 0x160}, 0x1, 0x0, 0x0, 0x20000004}, 0x4) recvfrom(r1, &(0x7f0000000480)=""/110, 0xfffffe32, 0x734, 0x0, 0xffffffffffffff39) [ 244.788865][T23309] RBP: 00007f439350a1d0 R08: 0000000000000000 R09: 0000000000000000 [ 244.796822][T23309] R10: 0008000000000004 R11: 0000000000000246 R12: 0000000000000002 [ 244.804883][T23309] R13: 00007ffeba6dfb3f R14: 00007f439350a300 R15: 0000000000022000 [ 244.817680][T23285] loop4: p4 size 3657465856 extends beyond EOD, truncated 01:16:29 executing program 4: syz_read_part_table(0xfffffffe, 0x1, &(0x7f0000000040)=[{&(0x7f0000000000)="020181ffffff0a000000ff45ac0000ffffffa9000800000000000000024000ffffff82000000e10000008877007200300700a6ffffff00000000008000da55aa", 0x40, 0x1c0}]) 01:16:29 executing program 0: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000400000000300000030000000ffffffffffffffff0200000002000000008000000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000000140)="ed41000000000000dbf4655fdcf4655fdcf4655f0000000000000400080000000000000005000000080000000000000000000000000000000000000000000000bb", 0x41, 0x4200}], 0x0, &(0x7f0000013a00)) 01:16:29 executing program 2: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x86010000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="200000004000000003000000300000000f000000000000000200000002000000008000000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000000140)="ed41000000000000dbf4655fdcf4655fdcf4655f0000000000000400080000000000000005000000080000000000000000000000000000000000000000000000bbb453d966251f49b1ab9b5b4d3c3f8ccc23b5d09ae234926a1e667ee0255913fede62ba578c07a711", 0x69, 0x4200}], 0x0, &(0x7f0000013a00)) 01:16:29 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(0xffffffffffffffff, 0x800c6613, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x800002, 0x12, r0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r1, &(0x7f000099e000)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$inet_tcp_int(r1, 0x6, 0x19, &(0x7f0000000000)=0x20, 0x4) sendto$inet(r1, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) ioctl$LOOP_GET_STATUS(0xffffffffffffffff, 0x125e, &(0x7f0000000080)) sendmsg$NL80211_CMD_TDLS_MGMT(r1, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000180)={0x160, 0x0, 0x100, 0x70bd2b, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xc, 0x2a, [@mesh_chsw={0x76, 0x6, {0x4, 0x26, 0x3d, 0x6}}]}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8}, @NL80211_ATTR_IE={0x11e, 0x2a, [@mesh_id={0x72, 0x6}, @ht={0x2d, 0x1a, {0x8, 0x0, 0x1, 0x0, {0x3, 0x1, 0x0, 0x40, 0x0, 0x0, 0x0, 0x3, 0x1}, 0x8, 0x2}}, @random_vendor={0xdd, 0xec, "5d4436042fb01afc776f15e249f78a5aa575849e3f8dfaf15c31ab8e96bc93a802a07f9a061d42824f799da013af85391831c9d4d7763587719e0a866b6530d86eec17b03908316c3b2f349db78ce75136f0513d4f0ded6c486518591507ef48244207ef1a137875c55b2461f29fc321232d421909e2e0b878d23b226b9204813abfd58338df63ec0f3a0aa1df08f6ee238f250e1f1517a9491032c8aeef45e3096f8c60fe39eb45570a9ed2a19c2671080fb03c84672b7a6d0050f45aaa2e93af2224c4b60edddc2d45831dacd11acc362166f47ff0f98148d5eea62845deed5ebbae8bd8bcb5c46cfa91e1"}, @ibss={0x6, 0x2, 0x1}, @supported_rates={0x1, 0x2, [{0x4}, {0xc}]}]}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8, 0xcb, 0x7fffffff}, @NL80211_ATTR_TDLS_INITIATOR={0x4}]}, 0x160}, 0x1, 0x0, 0x0, 0x20000004}, 0x4) recvfrom(r1, &(0x7f0000000480)=""/110, 0xfffffe32, 0x734, 0x0, 0xffffffffffffff39) 01:16:29 executing program 1: r0 = fsopen(&(0x7f0000000000)='jffs2\x00', 0x0) fsconfig$FSCONFIG_SET_BINARY(r0, 0x2, &(0x7f0000000080)='/dev/vcsu#\x00', &(0x7f00000000c0)="f3", 0x1) 01:16:29 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(0xffffffffffffffff, 0x800c6613, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x800002, 0x12, r0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r1, &(0x7f000099e000)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$inet_tcp_int(r1, 0x6, 0x19, &(0x7f0000000000)=0x20, 0x4) sendto$inet(r1, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) ioctl$LOOP_GET_STATUS(0xffffffffffffffff, 0x125e, &(0x7f0000000080)) sendmsg$NL80211_CMD_TDLS_MGMT(r1, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000180)={0x160, 0x0, 0x100, 0x70bd2b, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xc, 0x2a, [@mesh_chsw={0x76, 0x6, {0x4, 0x26, 0x3d, 0x6}}]}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8}, @NL80211_ATTR_IE={0x11e, 0x2a, [@mesh_id={0x72, 0x6}, @ht={0x2d, 0x1a, {0x8, 0x0, 0x1, 0x0, {0x3, 0x1, 0x0, 0x40, 0x0, 0x0, 0x0, 0x3, 0x1}, 0x8, 0x2}}, @random_vendor={0xdd, 0xec, "5d4436042fb01afc776f15e249f78a5aa575849e3f8dfaf15c31ab8e96bc93a802a07f9a061d42824f799da013af85391831c9d4d7763587719e0a866b6530d86eec17b03908316c3b2f349db78ce75136f0513d4f0ded6c486518591507ef48244207ef1a137875c55b2461f29fc321232d421909e2e0b878d23b226b9204813abfd58338df63ec0f3a0aa1df08f6ee238f250e1f1517a9491032c8aeef45e3096f8c60fe39eb45570a9ed2a19c2671080fb03c84672b7a6d0050f45aaa2e93af2224c4b60edddc2d45831dacd11acc362166f47ff0f98148d5eea62845deed5ebbae8bd8bcb5c46cfa91e1"}, @ibss={0x6, 0x2, 0x1}, @supported_rates={0x1, 0x2, [{0x4}, {0xc}]}]}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8, 0xcb, 0x7fffffff}, @NL80211_ATTR_TDLS_INITIATOR={0x4}]}, 0x160}, 0x1, 0x0, 0x0, 0x20000004}, 0x4) recvfrom(r1, &(0x7f0000000480)=""/110, 0xfffffe32, 0x734, 0x0, 0xffffffffffffff39) [ 245.018677][T23345] loop4: detected capacity change from 0 to 264192 [ 245.033537][T23347] loop2: detected capacity change from 0 to 264192 [ 245.122099][T23347] EXT4-fs error (device loop2): __ext4_iget:4846: inode #2: block 3646141627: comm syz-executor.2: invalid block [ 245.134107][T23347] EXT4-fs (loop2): get root inode failed [ 245.139738][T23347] EXT4-fs (loop2): mount failed [ 245.145331][T22970] loop4: p1 p2 p3 p4 [ 245.149648][T22970] loop4: p1 size 11290111 extends beyond EOD, truncated 01:16:29 executing program 5 (fault-call:7 fault-nth:68): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x7a05, 0x1700) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) write$cgroup_int(r2, &(0x7f0000000200), 0xf000) pwrite64(0xffffffffffffffff, 0x0, 0x0, 0x0) sendfile(r2, r3, 0x0, 0xf03b0000) sendfile(r1, r0, 0x0, 0x8000000000004) 01:16:29 executing program 0: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="200000004000000003000000300000000f000000000000000100000002000000008000000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000000140)="ed41000000000000dbf4655fdcf4655fdcf4655f0000000000000400080000000000000005000000080000000000000000000000000000000000000000000000bb", 0x41, 0x4200}], 0x0, &(0x7f0000013a00)) 01:16:29 executing program 1: perf_event_open$cgroup(&(0x7f0000000100)={0x8, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) 01:16:29 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(0xffffffffffffffff, 0x800c6613, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x800002, 0x12, r0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r1, &(0x7f000099e000)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$inet_tcp_int(r1, 0x6, 0x19, &(0x7f0000000000)=0x20, 0x4) sendto$inet(r1, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) ioctl$LOOP_GET_STATUS(0xffffffffffffffff, 0x125e, &(0x7f0000000080)) sendmsg$NL80211_CMD_TDLS_MGMT(r1, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000180)={0x160, 0x0, 0x100, 0x70bd2b, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xc, 0x2a, [@mesh_chsw={0x76, 0x6, {0x4, 0x26, 0x3d, 0x6}}]}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8}, @NL80211_ATTR_IE={0x11e, 0x2a, [@mesh_id={0x72, 0x6}, @ht={0x2d, 0x1a, {0x8, 0x0, 0x1, 0x0, {0x3, 0x1, 0x0, 0x40, 0x0, 0x0, 0x0, 0x3, 0x1}, 0x8, 0x2}}, @random_vendor={0xdd, 0xec, "5d4436042fb01afc776f15e249f78a5aa575849e3f8dfaf15c31ab8e96bc93a802a07f9a061d42824f799da013af85391831c9d4d7763587719e0a866b6530d86eec17b03908316c3b2f349db78ce75136f0513d4f0ded6c486518591507ef48244207ef1a137875c55b2461f29fc321232d421909e2e0b878d23b226b9204813abfd58338df63ec0f3a0aa1df08f6ee238f250e1f1517a9491032c8aeef45e3096f8c60fe39eb45570a9ed2a19c2671080fb03c84672b7a6d0050f45aaa2e93af2224c4b60edddc2d45831dacd11acc362166f47ff0f98148d5eea62845deed5ebbae8bd8bcb5c46cfa91e1"}, @ibss={0x6, 0x2, 0x1}, @supported_rates={0x1, 0x2, [{0x4}, {0xc}]}]}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8, 0xcb, 0x7fffffff}, @NL80211_ATTR_TDLS_INITIATOR={0x4}]}, 0x160}, 0x1, 0x0, 0x0, 0x20000004}, 0x4) recvfrom(r1, &(0x7f0000000480)=""/110, 0xfffffe32, 0x734, 0x0, 0xffffffffffffff39) [ 245.173125][T22970] loop4: p2 size 1073872896 extends beyond EOD, truncated [ 245.184394][T22970] loop4: p3 size 1912633224 extends beyond EOD, truncated [ 245.202768][T22970] loop4: p4 size 3657465856 extends beyond EOD, truncated [ 245.254411][T23347] loop2: detected capacity change from 0 to 264192 [ 245.264182][T23345] loop4: p1 p2 p3 p4 [ 245.268362][T23345] loop4: p1 size 11290111 extends beyond EOD, truncated [ 245.313769][T23386] FAULT_INJECTION: forcing a failure. [ 245.313769][T23386] name failslab, interval 1, probability 0, space 0, times 0 [ 245.326408][T23386] CPU: 0 PID: 23386 Comm: syz-executor.5 Tainted: G W 5.14.0-syzkaller #0 [ 245.336206][T23386] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 245.346251][T23386] Call Trace: [ 245.349523][T23386] dump_stack_lvl+0xb7/0x103 [ 245.354185][T23386] dump_stack+0x11/0x1a [ 245.357781][T23347] EXT4-fs: failed to create workqueue [ 245.358335][T23386] should_fail+0x23c/0x250 [ 245.363714][T23347] EXT4-fs (loop2): mount failed [ 245.368079][T23386] ? kmalloc_array+0x2d/0x40 [ 245.377496][T23386] __should_failslab+0x81/0x90 [ 245.382305][T23386] should_failslab+0x5/0x20 [ 245.386805][T23386] __kmalloc+0x66/0x340 [ 245.390948][T23386] ? ktime_get_coarse_real_ts64+0x10d/0x120 [ 245.396899][T23386] ? splice_from_pipe+0xc0/0xc0 [ 245.401831][T23386] kmalloc_array+0x2d/0x40 [ 245.406257][T23386] iter_file_splice_write+0xc6/0x750 [ 245.411655][T23386] ? atime_needs_update+0x239/0x390 [ 245.416909][T23386] ? touch_atime+0xcf/0x240 [ 245.421390][T23386] ? generic_file_splice_read+0x286/0x310 [ 245.427086][T23386] ? splice_from_pipe+0xc0/0xc0 [ 245.431925][T23386] direct_splice_actor+0x80/0xa0 [ 245.436899][T23386] splice_direct_to_actor+0x345/0x650 [ 245.442248][T23386] ? do_splice_direct+0x170/0x170 [ 245.447381][T23386] do_splice_direct+0xf5/0x170 [ 245.452122][T23386] do_sendfile+0x618/0xb90 [ 245.456618][T23386] __x64_sys_sendfile64+0xf2/0x130 [ 245.461906][T23386] do_syscall_64+0x3d/0x90 [ 245.466301][T23386] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 245.472184][T23386] RIP: 0033:0x4665f9 [ 245.476052][T23386] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 245.495635][T23386] RSP: 002b:00007f439350a188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 245.504043][T23386] RAX: ffffffffffffffda RBX: 000000000056c038 RCX: 00000000004665f9 01:16:29 executing program 1: syz_io_uring_setup(0x3f86, &(0x7f0000002d00), &(0x7f00007fd000/0x800000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000002d80), &(0x7f0000002dc0)) 01:16:29 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(0xffffffffffffffff, 0x800c6613, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x800002, 0x12, r0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r1, &(0x7f000099e000)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$inet_tcp_int(r1, 0x6, 0x19, &(0x7f0000000000)=0x20, 0x4) sendto$inet(r1, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) ioctl$LOOP_GET_STATUS(0xffffffffffffffff, 0x125e, &(0x7f0000000080)) sendmsg$NL80211_CMD_TDLS_MGMT(r1, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000180)={0x158, 0x0, 0x100, 0x70bd2b, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xc, 0x2a, [@mesh_chsw={0x76, 0x6, {0x4, 0x26, 0x3d, 0x6}}]}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8}, @NL80211_ATTR_IE={0x116, 0x2a, [@ht={0x2d, 0x1a, {0x8, 0x0, 0x1, 0x0, {0x3, 0x1, 0x0, 0x40, 0x0, 0x0, 0x0, 0x3, 0x1}, 0x8, 0x2, 0x2}}, @random_vendor={0xdd, 0xec, "5d4436042fb01afc776f15e249f78a5aa575849e3f8dfaf15c31ab8e96bc93a802a07f9a061d42824f799da013af85391831c9d4d7763587719e0a866b6530d86eec17b03908316c3b2f349db78ce75136f0513d4f0ded6c486518591507ef48244207ef1a137875c55b2461f29fc321232d421909e2e0b878d23b226b9204813abfd58338df63ec0f3a0aa1df08f6ee238f250e1f1517a9491032c8aeef45e3096f8c60fe39eb45570a9ed2a19c2671080fb03c84672b7a6d0050f45aaa2e93af2224c4b60edddc2d45831dacd11acc362166f47ff0f98148d5eea62845deed5ebbae8bd8bcb5c46cfa91e1"}, @ibss={0x6, 0x2, 0x1}, @supported_rates={0x1, 0x2, [{0x4}, {0xc}]}]}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8, 0xcb, 0x7fffffff}, @NL80211_ATTR_TDLS_INITIATOR={0x4}]}, 0x158}, 0x1, 0x0, 0x0, 0x20000004}, 0x4) recvfrom(r1, &(0x7f0000000480)=""/110, 0xfffffe32, 0x734, 0x0, 0xffffffffffffff39) [ 245.511991][T23386] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000004 [ 245.519936][T23386] RBP: 00007f439350a1d0 R08: 0000000000000000 R09: 0000000000000000 [ 245.527912][T23386] R10: 0008000000000004 R11: 0000000000000246 R12: 0000000000000002 [ 245.535882][T23386] R13: 00007ffeba6dfb3f R14: 00007f439350a300 R15: 0000000000022000 [ 245.550546][T23345] loop4: p2 size 1073872896 extends beyond EOD, truncated [ 245.561005][T23345] loop4: p3 size 1912633224 extends beyond EOD, truncated [ 245.599620][T23345] loop4: p4 size 3657465856 extends beyond EOD, truncated 01:16:29 executing program 4: syz_read_part_table(0x1000000000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000000)="020181ffffff0a000000ff45ac0000ffffffa9000800000000000000024000ffffff82000000e10000008877007200300700a6ffffff00000000008000da55aa", 0x40, 0x1c0}]) 01:16:29 executing program 0: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="200000004000000003000000300000000f020000000000000200000002000000008000000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000000140)="ed41000000000000dbf4655fdcf4655fdcf4655f0000000000000400080000000000000005000000080000000000000000000000000000000000000000000000bb", 0x41, 0x4200}], 0x0, &(0x7f0000013a00)) 01:16:29 executing program 2: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x87000000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="200000004000000003000000300000000f000000000000000200000002000000008000000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000000140)="ed41000000000000dbf4655fdcf4655fdcf4655f0000000000000400080000000000000005000000080000000000000000000000000000000000000000000000bbb453d966251f49b1ab9b5b4d3c3f8ccc23b5d09ae234926a1e667ee0255913fede62ba578c07a711", 0x69, 0x4200}], 0x0, &(0x7f0000013a00)) 01:16:29 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(0xffffffffffffffff, 0x800c6613, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x800002, 0x12, r0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r1, &(0x7f000099e000)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$inet_tcp_int(r1, 0x6, 0x19, &(0x7f0000000000)=0x20, 0x4) sendto$inet(r1, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) ioctl$LOOP_GET_STATUS(0xffffffffffffffff, 0x125e, &(0x7f0000000080)) sendmsg$NL80211_CMD_TDLS_MGMT(r1, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000180)={0x158, 0x0, 0x100, 0x70bd2b, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xc, 0x2a, [@mesh_chsw={0x76, 0x6, {0x4, 0x26, 0x3d, 0x6}}]}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8}, @NL80211_ATTR_IE={0x116, 0x2a, [@ht={0x2d, 0x1a, {0x8, 0x0, 0x1, 0x0, {0x3, 0x1, 0x0, 0x40, 0x0, 0x0, 0x0, 0x3, 0x1}, 0x8, 0x2, 0x2}}, @random_vendor={0xdd, 0xec, "5d4436042fb01afc776f15e249f78a5aa575849e3f8dfaf15c31ab8e96bc93a802a07f9a061d42824f799da013af85391831c9d4d7763587719e0a866b6530d86eec17b03908316c3b2f349db78ce75136f0513d4f0ded6c486518591507ef48244207ef1a137875c55b2461f29fc321232d421909e2e0b878d23b226b9204813abfd58338df63ec0f3a0aa1df08f6ee238f250e1f1517a9491032c8aeef45e3096f8c60fe39eb45570a9ed2a19c2671080fb03c84672b7a6d0050f45aaa2e93af2224c4b60edddc2d45831dacd11acc362166f47ff0f98148d5eea62845deed5ebbae8bd8bcb5c46cfa91e1"}, @ibss={0x6, 0x2, 0x1}, @supported_rates={0x1, 0x2, [{0x4}, {0xc}]}]}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8, 0xcb, 0x7fffffff}, @NL80211_ATTR_TDLS_INITIATOR={0x4}]}, 0x158}, 0x1, 0x0, 0x0, 0x20000004}, 0x4) recvfrom(r1, &(0x7f0000000480)=""/110, 0xfffffe32, 0x734, 0x0, 0xffffffffffffff39) 01:16:29 executing program 1: r0 = perf_event_open$cgroup(&(0x7f0000000100)={0x8, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_DISABLE(r0, 0x2401, 0x1) [ 245.718323][T23411] loop2: detected capacity change from 0 to 264192 01:16:30 executing program 1: perf_event_open(&(0x7f0000000180)={0x5, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0x0, 0x8}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe3bc}, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 245.807754][T23423] loop4: detected capacity change from 0 to 264192 [ 245.872353][T23411] EXT4-fs error (device loop2): __ext4_iget:4846: inode #2: block 3646141627: comm syz-executor.2: invalid block [ 245.884321][T23411] EXT4-fs (loop2): get root inode failed [ 245.889982][T23411] EXT4-fs (loop2): mount failed [ 245.945666][T23423] loop4: p1 p2 p3 p4 [ 245.950002][T23423] loop4: p1 size 11290111 extends beyond EOD, truncated [ 245.958345][T23423] loop4: p2 size 1073872896 extends beyond EOD, truncated [ 245.977933][T23411] loop2: detected capacity change from 0 to 264192 01:16:30 executing program 5 (fault-call:7 fault-nth:69): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x7a05, 0x1700) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) write$cgroup_int(r2, &(0x7f0000000200), 0xf000) pwrite64(0xffffffffffffffff, 0x0, 0x0, 0x0) sendfile(r2, r3, 0x0, 0xf03b0000) sendfile(r1, r0, 0x0, 0x8000000000004) 01:16:30 executing program 0: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="200000004000000003000000300000000f030000000000000200000002000000008000000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000000140)="ed41000000000000dbf4655fdcf4655fdcf4655f0000000000000400080000000000000005000000080000000000000000000000000000000000000000000000bb", 0x41, 0x4200}], 0x0, &(0x7f0000013a00)) 01:16:30 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(0xffffffffffffffff, 0x800c6613, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x800002, 0x12, r0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r1, &(0x7f000099e000)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$inet_tcp_int(r1, 0x6, 0x19, &(0x7f0000000000)=0x20, 0x4) sendto$inet(r1, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) ioctl$LOOP_GET_STATUS(0xffffffffffffffff, 0x125e, &(0x7f0000000080)) sendmsg$NL80211_CMD_TDLS_MGMT(r1, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000180)={0x158, 0x0, 0x100, 0x70bd2b, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xc, 0x2a, [@mesh_chsw={0x76, 0x6, {0x4, 0x26, 0x3d, 0x6}}]}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8}, @NL80211_ATTR_IE={0x116, 0x2a, [@ht={0x2d, 0x1a, {0x8, 0x0, 0x1, 0x0, {0x3, 0x1, 0x0, 0x40, 0x0, 0x0, 0x0, 0x3, 0x1}, 0x8, 0x2, 0x2}}, @random_vendor={0xdd, 0xec, "5d4436042fb01afc776f15e249f78a5aa575849e3f8dfaf15c31ab8e96bc93a802a07f9a061d42824f799da013af85391831c9d4d7763587719e0a866b6530d86eec17b03908316c3b2f349db78ce75136f0513d4f0ded6c486518591507ef48244207ef1a137875c55b2461f29fc321232d421909e2e0b878d23b226b9204813abfd58338df63ec0f3a0aa1df08f6ee238f250e1f1517a9491032c8aeef45e3096f8c60fe39eb45570a9ed2a19c2671080fb03c84672b7a6d0050f45aaa2e93af2224c4b60edddc2d45831dacd11acc362166f47ff0f98148d5eea62845deed5ebbae8bd8bcb5c46cfa91e1"}, @ibss={0x6, 0x2, 0x1}, @supported_rates={0x1, 0x2, [{0x4}, {0xc}]}]}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8, 0xcb, 0x7fffffff}, @NL80211_ATTR_TDLS_INITIATOR={0x4}]}, 0x158}, 0x1, 0x0, 0x0, 0x20000004}, 0x4) recvfrom(r1, &(0x7f0000000480)=""/110, 0xfffffe32, 0x734, 0x0, 0xffffffffffffff39) 01:16:30 executing program 1: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x3, &(0x7f0000000080)=[{}, {0x2}, {0x5}]}) [ 246.006580][T23411] EXT4-fs error (device loop2): __ext4_iget:4846: inode #2: block 3646141627: comm syz-executor.2: invalid block [ 246.018565][T23411] EXT4-fs (loop2): get root inode failed [ 246.024250][T23411] EXT4-fs (loop2): mount failed [ 246.033825][T23423] loop4: p3 size 1912633224 extends beyond EOD, truncated [ 246.046309][T23423] loop4: p4 size 3657465856 extends beyond EOD, truncated [ 246.174769][T23452] FAULT_INJECTION: forcing a failure. [ 246.174769][T23452] name failslab, interval 1, probability 0, space 0, times 0 [ 246.187436][T23452] CPU: 0 PID: 23452 Comm: syz-executor.5 Tainted: G W 5.14.0-syzkaller #0 [ 246.197319][T23452] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 246.207370][T23452] Call Trace: [ 246.210656][T23452] dump_stack_lvl+0xb7/0x103 [ 246.215248][T23452] dump_stack+0x11/0x1a [ 246.219399][T23452] should_fail+0x23c/0x250 [ 246.223808][T23452] __should_failslab+0x81/0x90 [ 246.228566][T23452] ? __iomap_dio_rw+0xf2/0xa60 [ 246.233405][T23452] should_failslab+0x5/0x20 [ 246.237905][T23452] kmem_cache_alloc_trace+0x49/0x310 [ 246.243188][T23452] __iomap_dio_rw+0xf2/0xa60 [ 246.247847][T23452] ? ext4_es_lookup_extent+0x36b/0x490 [ 246.253396][T23452] ? ktime_get_coarse_real_ts64+0x10d/0x120 [ 246.259292][T23452] ? file_update_time+0x1bd/0x3e0 [ 246.264356][T23452] iomap_dio_rw+0x30/0x70 [ 246.268718][T23452] ext4_file_write_iter+0xa5e/0x11a0 [ 246.273979][T23452] do_iter_readv_writev+0x2cd/0x370 [ 246.279152][T23452] do_iter_write+0x192/0x5c0 [ 246.283728][T23452] ? splice_from_pipe_next+0x34f/0x3b0 [ 246.289164][T23452] ? kmalloc_array+0x2d/0x40 [ 246.293795][T23452] vfs_iter_write+0x4c/0x70 [ 246.298304][T23452] iter_file_splice_write+0x40a/0x750 [ 246.303691][T23452] ? splice_from_pipe+0xc0/0xc0 [ 246.308517][T23452] direct_splice_actor+0x80/0xa0 [ 246.313478][T23452] splice_direct_to_actor+0x345/0x650 [ 246.318911][T23452] ? do_splice_direct+0x170/0x170 [ 246.323924][T23452] do_splice_direct+0xf5/0x170 [ 246.328715][T23452] do_sendfile+0x618/0xb90 [ 246.333107][T23452] __x64_sys_sendfile64+0xf2/0x130 [ 246.338213][T23452] do_syscall_64+0x3d/0x90 [ 246.342608][T23452] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 246.348516][T23452] RIP: 0033:0x4665f9 [ 246.352415][T23452] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 246.372091][T23452] RSP: 002b:00007f439350a188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 246.380666][T23452] RAX: ffffffffffffffda RBX: 000000000056c038 RCX: 00000000004665f9 [ 246.388623][T23452] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000004 [ 246.403790][T23452] RBP: 00007f439350a1d0 R08: 0000000000000000 R09: 0000000000000000 [ 246.411755][T23452] R10: 0008000000000004 R11: 0000000000000246 R12: 0000000000000002 01:16:30 executing program 1: r0 = perf_event_open$cgroup(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r0, 0x40082404, &(0x7f0000000080)) 01:16:30 executing program 0: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="200000004000000003000000300000000f040000000000000200000002000000008000000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000000140)="ed41000000000000dbf4655fdcf4655fdcf4655f0000000000000400080000000000000005000000080000000000000000000000000000000000000000000000bb", 0x41, 0x4200}], 0x0, &(0x7f0000013a00)) 01:16:30 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(0xffffffffffffffff, 0x800c6613, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x800002, 0x12, r0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r1, &(0x7f000099e000)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$inet_tcp_int(r1, 0x6, 0x19, &(0x7f0000000000)=0x20, 0x4) sendto$inet(r1, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) ioctl$LOOP_GET_STATUS(0xffffffffffffffff, 0x125e, &(0x7f0000000080)) sendmsg$NL80211_CMD_TDLS_MGMT(r1, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000180)={0x158, 0x0, 0x100, 0x70bd2b, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xc, 0x2a, [@mesh_chsw={0x76, 0x6, {0x4, 0x26, 0x3d, 0x6}}]}, @NL80211_ATTR_IE={0x11e, 0x2a, [@mesh_id={0x72, 0x6}, @ht={0x2d, 0x1a, {0x8, 0x0, 0x1, 0x0, {0x3, 0x1, 0x0, 0x40, 0x0, 0x0, 0x0, 0x3, 0x1}, 0x8, 0x2, 0x2}}, @random_vendor={0xdd, 0xec, "5d4436042fb01afc776f15e249f78a5aa575849e3f8dfaf15c31ab8e96bc93a802a07f9a061d42824f799da013af85391831c9d4d7763587719e0a866b6530d86eec17b03908316c3b2f349db78ce75136f0513d4f0ded6c486518591507ef48244207ef1a137875c55b2461f29fc321232d421909e2e0b878d23b226b9204813abfd58338df63ec0f3a0aa1df08f6ee238f250e1f1517a9491032c8aeef45e3096f8c60fe39eb45570a9ed2a19c2671080fb03c84672b7a6d0050f45aaa2e93af2224c4b60edddc2d45831dacd11acc362166f47ff0f98148d5eea62845deed5ebbae8bd8bcb5c46cfa91e1"}, @ibss={0x6, 0x2, 0x1}, @supported_rates={0x1, 0x2, [{0x4}, {0xc}]}]}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8, 0xcb, 0x7fffffff}, @NL80211_ATTR_TDLS_INITIATOR={0x4}]}, 0x158}, 0x1, 0x0, 0x0, 0x20000004}, 0x4) recvfrom(r1, &(0x7f0000000480)=""/110, 0xfffffe32, 0x734, 0x0, 0xffffffffffffff39) 01:16:30 executing program 4: syz_read_part_table(0x80000000000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000000)="020181ffffff0a000000ff45ac0000ffffffa9000800000000000000024000ffffff82000000e10000008877007200300700a6ffffff00000000008000da55aa", 0x40, 0x1c0}]) 01:16:30 executing program 2: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x8a010000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="200000004000000003000000300000000f000000000000000200000002000000008000000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000000140)="ed41000000000000dbf4655fdcf4655fdcf4655f0000000000000400080000000000000005000000080000000000000000000000000000000000000000000000bbb453d966251f49b1ab9b5b4d3c3f8ccc23b5d09ae234926a1e667ee0255913fede62ba578c07a711", 0x69, 0x4200}], 0x0, &(0x7f0000013a00)) [ 246.419883][T23452] R13: 00007ffeba6dfb3f R14: 00007f439350a300 R15: 0000000000022000 01:16:30 executing program 1: waitid(0x0, 0x0, &(0x7f0000000ac0), 0x0, 0x0) 01:16:30 executing program 0: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="200000004000000003000000300000000f050000000000000200000002000000008000000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000000140)="ed41000000000000dbf4655fdcf4655fdcf4655f0000000000000400080000000000000005000000080000000000000000000000000000000000000000000000bb", 0x41, 0x4200}], 0x0, &(0x7f0000013a00)) [ 246.489311][T23474] loop2: detected capacity change from 0 to 264192 [ 246.496161][T23473] loop4: detected capacity change from 0 to 264192 01:16:30 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(0xffffffffffffffff, 0x800c6613, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x800002, 0x12, r0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r1, &(0x7f000099e000)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$inet_tcp_int(r1, 0x6, 0x19, &(0x7f0000000000)=0x20, 0x4) sendto$inet(r1, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) ioctl$LOOP_GET_STATUS(0xffffffffffffffff, 0x125e, &(0x7f0000000080)) sendmsg$NL80211_CMD_TDLS_MGMT(r1, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000180)={0x158, 0x0, 0x100, 0x70bd2b, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xc, 0x2a, [@mesh_chsw={0x76, 0x6, {0x4, 0x26, 0x3d, 0x6}}]}, @NL80211_ATTR_IE={0x11e, 0x2a, [@mesh_id={0x72, 0x6}, @ht={0x2d, 0x1a, {0x8, 0x0, 0x1, 0x0, {0x3, 0x1, 0x0, 0x40, 0x0, 0x0, 0x0, 0x3, 0x1}, 0x8, 0x2, 0x2}}, @random_vendor={0xdd, 0xec, "5d4436042fb01afc776f15e249f78a5aa575849e3f8dfaf15c31ab8e96bc93a802a07f9a061d42824f799da013af85391831c9d4d7763587719e0a866b6530d86eec17b03908316c3b2f349db78ce75136f0513d4f0ded6c486518591507ef48244207ef1a137875c55b2461f29fc321232d421909e2e0b878d23b226b9204813abfd58338df63ec0f3a0aa1df08f6ee238f250e1f1517a9491032c8aeef45e3096f8c60fe39eb45570a9ed2a19c2671080fb03c84672b7a6d0050f45aaa2e93af2224c4b60edddc2d45831dacd11acc362166f47ff0f98148d5eea62845deed5ebbae8bd8bcb5c46cfa91e1"}, @ibss={0x6, 0x2, 0x1}, @supported_rates={0x1, 0x2, [{0x4}, {0xc}]}]}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8, 0xcb, 0x7fffffff}, @NL80211_ATTR_TDLS_INITIATOR={0x4}]}, 0x158}, 0x1, 0x0, 0x0, 0x20000004}, 0x4) recvfrom(r1, &(0x7f0000000480)=""/110, 0xfffffe32, 0x734, 0x0, 0xffffffffffffff39) [ 246.555085][T23474] EXT4-fs error (device loop2): __ext4_iget:4846: inode #2: block 3646141627: comm syz-executor.2: invalid block [ 246.567120][T23474] EXT4-fs (loop2): get root inode failed [ 246.572851][T23474] EXT4-fs (loop2): mount failed [ 246.591990][ T1038] loop4: p1 p2 p3 p4 [ 246.606251][ T1038] loop4: p1 size 11290111 extends beyond EOD, truncated [ 246.645641][ T1038] loop4: p2 size 1073872896 extends beyond EOD, truncated [ 246.653697][ T1038] loop4: p3 size 1912633224 extends beyond EOD, truncated [ 246.662061][ T1038] loop4: p4 size 3657465856 extends beyond EOD, truncated [ 246.671932][T23473] loop4: p1 p2 p3 p4 [ 246.676078][T23473] loop4: p1 size 11290111 extends beyond EOD, truncated [ 246.684989][T23473] loop4: p2 size 1073872896 extends beyond EOD, truncated [ 246.693025][T23473] loop4: p3 size 1912633224 extends beyond EOD, truncated [ 246.701974][T23474] loop2: detected capacity change from 0 to 264192 [ 246.710003][T23474] EXT4-fs error (device loop2): __ext4_iget:4846: inode #2: block 3646141627: comm syz-executor.2: invalid block [ 246.722031][T23474] EXT4-fs (loop2): get root inode failed [ 246.727679][T23474] EXT4-fs (loop2): mount failed [ 246.734160][T23473] loop4: p4 size 3657465856 extends beyond EOD, truncated [ 246.807472][T23473] loop4: detected capacity change from 0 to 264192 01:16:31 executing program 5 (fault-call:7 fault-nth:70): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x7a05, 0x1700) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) write$cgroup_int(r2, &(0x7f0000000200), 0xf000) pwrite64(0xffffffffffffffff, 0x0, 0x0, 0x0) sendfile(r2, r3, 0x0, 0xf03b0000) sendfile(r1, r0, 0x0, 0x8000000000004) 01:16:31 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(0xffffffffffffffff, 0x800c6613, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x800002, 0x12, r0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r1, &(0x7f000099e000)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$inet_tcp_int(r1, 0x6, 0x19, &(0x7f0000000000)=0x20, 0x4) sendto$inet(r1, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) ioctl$LOOP_GET_STATUS(0xffffffffffffffff, 0x125e, &(0x7f0000000080)) sendmsg$NL80211_CMD_TDLS_MGMT(r1, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000180)={0x158, 0x0, 0x100, 0x70bd2b, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xc, 0x2a, [@mesh_chsw={0x76, 0x6, {0x4, 0x26, 0x3d, 0x6}}]}, @NL80211_ATTR_IE={0x11e, 0x2a, [@mesh_id={0x72, 0x6}, @ht={0x2d, 0x1a, {0x8, 0x0, 0x1, 0x0, {0x3, 0x1, 0x0, 0x40, 0x0, 0x0, 0x0, 0x3, 0x1}, 0x8, 0x2, 0x2}}, @random_vendor={0xdd, 0xec, "5d4436042fb01afc776f15e249f78a5aa575849e3f8dfaf15c31ab8e96bc93a802a07f9a061d42824f799da013af85391831c9d4d7763587719e0a866b6530d86eec17b03908316c3b2f349db78ce75136f0513d4f0ded6c486518591507ef48244207ef1a137875c55b2461f29fc321232d421909e2e0b878d23b226b9204813abfd58338df63ec0f3a0aa1df08f6ee238f250e1f1517a9491032c8aeef45e3096f8c60fe39eb45570a9ed2a19c2671080fb03c84672b7a6d0050f45aaa2e93af2224c4b60edddc2d45831dacd11acc362166f47ff0f98148d5eea62845deed5ebbae8bd8bcb5c46cfa91e1"}, @ibss={0x6, 0x2, 0x1}, @supported_rates={0x1, 0x2, [{0x4}, {0xc}]}]}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8, 0xcb, 0x7fffffff}, @NL80211_ATTR_TDLS_INITIATOR={0x4}]}, 0x158}, 0x1, 0x0, 0x0, 0x20000004}, 0x4) recvfrom(r1, &(0x7f0000000480)=""/110, 0xfffffe32, 0x734, 0x0, 0xffffffffffffff39) 01:16:31 executing program 1: perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) 01:16:31 executing program 0: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="200000004000000003000000300000000f060000000000000200000002000000008000000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000000140)="ed41000000000000dbf4655fdcf4655fdcf4655f0000000000000400080000000000000005000000080000000000000000000000000000000000000000000000bb", 0x41, 0x4200}], 0x0, &(0x7f0000013a00)) 01:16:31 executing program 2: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x8b010000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="200000004000000003000000300000000f000000000000000200000002000000008000000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000000140)="ed41000000000000dbf4655fdcf4655fdcf4655f0000000000000400080000000000000005000000080000000000000000000000000000000000000000000000bbb453d966251f49b1ab9b5b4d3c3f8ccc23b5d09ae234926a1e667ee0255913fede62ba578c07a711", 0x69, 0x4200}], 0x0, &(0x7f0000013a00)) 01:16:31 executing program 4: syz_read_part_table(0x100000000000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000000)="020181ffffff0a000000ff45ac0000ffffffa9000800000000000000024000ffffff82000000e10000008877007200300700a6ffffff00000000008000da55aa", 0x40, 0x1c0}]) [ 246.861796][T23473] loop4: p1 p2 p3 p4 [ 246.873942][T23473] loop4: p1 size 11290111 extends beyond EOD, truncated [ 246.882484][T23473] loop4: p2 size 1073872896 extends beyond EOD, truncated [ 246.890684][T23473] loop4: p3 size 1912633224 extends beyond EOD, truncated [ 246.898509][T23473] loop4: p4 size 3657465856 extends beyond EOD, truncated [ 246.972211][T23540] loop2: detected capacity change from 0 to 264192 [ 247.041658][T23546] FAULT_INJECTION: forcing a failure. [ 247.041658][T23546] name failslab, interval 1, probability 0, space 0, times 0 [ 247.054402][T23546] CPU: 0 PID: 23546 Comm: syz-executor.5 Tainted: G W 5.14.0-syzkaller #0 [ 247.064234][T23546] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 247.074377][T23546] Call Trace: [ 247.077672][T23546] dump_stack_lvl+0xb7/0x103 [ 247.082264][T23546] dump_stack+0x11/0x1a [ 247.086432][T23546] should_fail+0x23c/0x250 [ 247.090872][T23546] ? mempool_alloc_slab+0x16/0x20 [ 247.095964][T23546] __should_failslab+0x81/0x90 [ 247.098902][T23554] loop4: detected capacity change from 0 to 264192 [ 247.100760][T23546] should_failslab+0x5/0x20 [ 247.100783][T23546] kmem_cache_alloc+0x46/0x2e0 [ 247.116480][T23546] mempool_alloc_slab+0x16/0x20 [ 247.121420][T23546] ? mempool_free+0x130/0x130 [ 247.126096][T23546] mempool_alloc+0x8c/0x300 [ 247.130600][T23546] ? ext4_inode_block_valid+0x1cc/0x210 [ 247.136303][T23546] bio_alloc_bioset+0xcc/0x530 [ 247.141245][T23546] ? iov_iter_alignment+0x34b/0x370 [ 247.146491][T23546] iomap_dio_bio_actor+0x511/0xb50 [ 247.151659][T23546] ? ext4_iomap_begin+0x5d1/0x620 [ 247.156690][T23546] iomap_dio_actor+0x26e/0x3b0 [ 247.161443][T23546] ? ext4_iomap_overwrite_begin+0x5e/0x80 [ 247.167208][T23546] iomap_apply+0x1df/0x400 [ 247.171724][T23546] __iomap_dio_rw+0x62e/0xa60 [ 247.176386][T23546] ? __iomap_dio_rw+0xa60/0xa60 [ 247.181268][T23546] iomap_dio_rw+0x30/0x70 [ 247.185631][T23546] ext4_file_write_iter+0xa5e/0x11a0 [ 247.190942][T23546] do_iter_readv_writev+0x2cd/0x370 [ 247.196188][T23546] do_iter_write+0x192/0x5c0 [ 247.200757][T23546] ? splice_from_pipe_next+0x34f/0x3b0 [ 247.206244][T23546] ? kmalloc_array+0x2d/0x40 [ 247.210814][T23546] vfs_iter_write+0x4c/0x70 [ 247.215364][T23546] iter_file_splice_write+0x40a/0x750 [ 247.220720][T23546] ? splice_from_pipe+0xc0/0xc0 [ 247.225549][T23546] direct_splice_actor+0x80/0xa0 [ 247.230464][T23546] splice_direct_to_actor+0x345/0x650 [ 247.235904][T23546] ? do_splice_direct+0x170/0x170 [ 247.240917][T23546] do_splice_direct+0xf5/0x170 [ 247.245667][T23546] do_sendfile+0x618/0xb90 [ 247.250061][T23546] __x64_sys_sendfile64+0xf2/0x130 [ 247.255165][T23546] do_syscall_64+0x3d/0x90 [ 247.259581][T23546] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 247.265452][T23546] RIP: 0033:0x4665f9 [ 247.269323][T23546] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 01:16:31 executing program 1: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000100)={0x2, &(0x7f00000000c0)=[{}, {0x8}]}) [ 247.288907][T23546] RSP: 002b:00007f439350a188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 247.297373][T23546] RAX: ffffffffffffffda RBX: 000000000056c038 RCX: 00000000004665f9 [ 247.305320][T23546] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000004 [ 247.313267][T23546] RBP: 00007f439350a1d0 R08: 0000000000000000 R09: 0000000000000000 [ 247.321213][T23546] R10: 0008000000000004 R11: 0000000000000246 R12: 0000000000000002 [ 247.329158][T23546] R13: 00007ffeba6dfb3f R14: 00007f439350a300 R15: 0000000000022000 01:16:31 executing program 0: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="200000004000000003000000300000000f070000000000000200000002000000008000000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000000140)="ed41000000000000dbf4655fdcf4655fdcf4655f0000000000000400080000000000000005000000080000000000000000000000000000000000000000000000bb", 0x41, 0x4200}], 0x0, &(0x7f0000013a00)) 01:16:31 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(0xffffffffffffffff, 0x800c6613, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x800002, 0x12, r0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r1, &(0x7f000099e000)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$inet_tcp_int(r1, 0x6, 0x19, &(0x7f0000000000)=0x20, 0x4) sendto$inet(r1, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) ioctl$LOOP_GET_STATUS(0xffffffffffffffff, 0x125e, &(0x7f0000000080)) sendmsg$NL80211_CMD_TDLS_MGMT(r1, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000180)={0x154, 0x0, 0x100, 0x70bd2b, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8}, @NL80211_ATTR_IE={0x11e, 0x2a, [@mesh_id={0x72, 0x6}, @ht={0x2d, 0x1a, {0x8, 0x0, 0x1, 0x0, {0x3, 0x1, 0x0, 0x40, 0x0, 0x0, 0x0, 0x3, 0x1}, 0x8, 0x2, 0x2}}, @random_vendor={0xdd, 0xec, "5d4436042fb01afc776f15e249f78a5aa575849e3f8dfaf15c31ab8e96bc93a802a07f9a061d42824f799da013af85391831c9d4d7763587719e0a866b6530d86eec17b03908316c3b2f349db78ce75136f0513d4f0ded6c486518591507ef48244207ef1a137875c55b2461f29fc321232d421909e2e0b878d23b226b9204813abfd58338df63ec0f3a0aa1df08f6ee238f250e1f1517a9491032c8aeef45e3096f8c60fe39eb45570a9ed2a19c2671080fb03c84672b7a6d0050f45aaa2e93af2224c4b60edddc2d45831dacd11acc362166f47ff0f98148d5eea62845deed5ebbae8bd8bcb5c46cfa91e1"}, @ibss={0x6, 0x2, 0x1}, @supported_rates={0x1, 0x2, [{0x4}, {0xc}]}]}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8, 0xcb, 0x7fffffff}, @NL80211_ATTR_TDLS_INITIATOR={0x4}]}, 0x154}, 0x1, 0x0, 0x0, 0x20000004}, 0x4) recvfrom(r1, &(0x7f0000000480)=""/110, 0xfffffe32, 0x734, 0x0, 0xffffffffffffff39) [ 247.349141][T23540] EXT4-fs error (device loop2): __ext4_iget:4846: inode #2: block 3646141627: comm syz-executor.2: invalid block [ 247.361199][T23540] EXT4-fs (loop2): get root inode failed [ 247.366837][T23540] EXT4-fs (loop2): mount failed [ 247.385815][T23554] loop4: p1 p2 p3 p4 [ 247.390501][T23554] loop4: p1 size 11290111 extends beyond EOD, truncated 01:16:31 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(0xffffffffffffffff, 0x800c6613, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x800002, 0x12, r0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r1, &(0x7f000099e000)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$inet_tcp_int(r1, 0x6, 0x19, &(0x7f0000000000)=0x20, 0x4) sendto$inet(r1, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) ioctl$LOOP_GET_STATUS(0xffffffffffffffff, 0x125e, &(0x7f0000000080)) sendmsg$NL80211_CMD_TDLS_MGMT(r1, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000180)={0x154, 0x0, 0x100, 0x70bd2b, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8}, @NL80211_ATTR_IE={0x11e, 0x2a, [@mesh_id={0x72, 0x6}, @ht={0x2d, 0x1a, {0x8, 0x0, 0x1, 0x0, {0x3, 0x1, 0x0, 0x40, 0x0, 0x0, 0x0, 0x3, 0x1}, 0x8, 0x2, 0x2}}, @random_vendor={0xdd, 0xec, "5d4436042fb01afc776f15e249f78a5aa575849e3f8dfaf15c31ab8e96bc93a802a07f9a061d42824f799da013af85391831c9d4d7763587719e0a866b6530d86eec17b03908316c3b2f349db78ce75136f0513d4f0ded6c486518591507ef48244207ef1a137875c55b2461f29fc321232d421909e2e0b878d23b226b9204813abfd58338df63ec0f3a0aa1df08f6ee238f250e1f1517a9491032c8aeef45e3096f8c60fe39eb45570a9ed2a19c2671080fb03c84672b7a6d0050f45aaa2e93af2224c4b60edddc2d45831dacd11acc362166f47ff0f98148d5eea62845deed5ebbae8bd8bcb5c46cfa91e1"}, @ibss={0x6, 0x2, 0x1}, @supported_rates={0x1, 0x2, [{0x4}, {0xc}]}]}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8, 0xcb, 0x7fffffff}, @NL80211_ATTR_TDLS_INITIATOR={0x4}]}, 0x154}, 0x1, 0x0, 0x0, 0x20000004}, 0x4) recvfrom(r1, &(0x7f0000000480)=""/110, 0xfffffe32, 0x734, 0x0, 0xffffffffffffff39) 01:16:31 executing program 0: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="200000004000000003000000300000000f080000000000000200000002000000008000000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000000140)="ed41000000000000dbf4655fdcf4655fdcf4655f0000000000000400080000000000000005000000080000000000000000000000000000000000000000000000bb", 0x41, 0x4200}], 0x0, &(0x7f0000013a00)) 01:16:31 executing program 1: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000340)={0x1, &(0x7f00000002c0)=[{0x5}]}) [ 247.436608][T23554] loop4: p2 size 1073872896 extends beyond EOD, truncated [ 247.491852][T23554] loop4: p3 size 1912633224 extends beyond EOD, truncated [ 247.535039][T23540] loop2: detected capacity change from 0 to 264192 [ 247.555312][T23554] loop4: p4 size 3657465856 extends beyond EOD, truncated [ 247.588415][T23540] EXT4-fs error (device loop2): __ext4_iget:4846: inode #2: block 3646141627: comm syz-executor.2: invalid block [ 247.600390][T23540] EXT4-fs (loop2): get root inode failed [ 247.606293][T23540] EXT4-fs (loop2): mount failed [ 247.713030][T23554] loop4: detected capacity change from 0 to 264192 01:16:32 executing program 5 (fault-call:7 fault-nth:71): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x7a05, 0x1700) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) write$cgroup_int(r2, &(0x7f0000000200), 0xf000) pwrite64(0xffffffffffffffff, 0x0, 0x0, 0x0) sendfile(r2, r3, 0x0, 0xf03b0000) sendfile(r1, r0, 0x0, 0x8000000000004) 01:16:32 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(0xffffffffffffffff, 0x800c6613, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x800002, 0x12, r0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r1, &(0x7f000099e000)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$inet_tcp_int(r1, 0x6, 0x19, &(0x7f0000000000)=0x20, 0x4) sendto$inet(r1, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) ioctl$LOOP_GET_STATUS(0xffffffffffffffff, 0x125e, &(0x7f0000000080)) sendmsg$NL80211_CMD_TDLS_MGMT(r1, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000180)={0x154, 0x0, 0x100, 0x70bd2b, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8}, @NL80211_ATTR_IE={0x11e, 0x2a, [@mesh_id={0x72, 0x6}, @ht={0x2d, 0x1a, {0x8, 0x0, 0x1, 0x0, {0x3, 0x1, 0x0, 0x40, 0x0, 0x0, 0x0, 0x3, 0x1}, 0x8, 0x2, 0x2}}, @random_vendor={0xdd, 0xec, "5d4436042fb01afc776f15e249f78a5aa575849e3f8dfaf15c31ab8e96bc93a802a07f9a061d42824f799da013af85391831c9d4d7763587719e0a866b6530d86eec17b03908316c3b2f349db78ce75136f0513d4f0ded6c486518591507ef48244207ef1a137875c55b2461f29fc321232d421909e2e0b878d23b226b9204813abfd58338df63ec0f3a0aa1df08f6ee238f250e1f1517a9491032c8aeef45e3096f8c60fe39eb45570a9ed2a19c2671080fb03c84672b7a6d0050f45aaa2e93af2224c4b60edddc2d45831dacd11acc362166f47ff0f98148d5eea62845deed5ebbae8bd8bcb5c46cfa91e1"}, @ibss={0x6, 0x2, 0x1}, @supported_rates={0x1, 0x2, [{0x4}, {0xc}]}]}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8, 0xcb, 0x7fffffff}, @NL80211_ATTR_TDLS_INITIATOR={0x4}]}, 0x154}, 0x1, 0x0, 0x0, 0x20000004}, 0x4) recvfrom(r1, &(0x7f0000000480)=""/110, 0xfffffe32, 0x734, 0x0, 0xffffffffffffff39) 01:16:32 executing program 0: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="200000004000000003000000300000000f0a0000000000000200000002000000008000000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000000140)="ed41000000000000dbf4655fdcf4655fdcf4655f0000000000000400080000000000000005000000080000000000000000000000000000000000000000000000bb", 0x41, 0x4200}], 0x0, &(0x7f0000013a00)) 01:16:32 executing program 1: perf_event_open$cgroup(&(0x7f0000000100)={0x8, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x200000000}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) 01:16:32 executing program 2: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0xff010000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="200000004000000003000000300000000f000000000000000200000002000000008000000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000000140)="ed41000000000000dbf4655fdcf4655fdcf4655f0000000000000400080000000000000005000000080000000000000000000000000000000000000000000000bbb453d966251f49b1ab9b5b4d3c3f8ccc23b5d09ae234926a1e667ee0255913fede62ba578c07a711", 0x69, 0x4200}], 0x0, &(0x7f0000013a00)) [ 247.799990][T23554] loop4: p1 p2 p3 p4 [ 247.828787][T23554] loop4: p1 size 11290111 extends beyond EOD, truncated [ 247.870583][T23612] loop2: detected capacity change from 0 to 264192 [ 247.884637][T23554] loop4: p2 size 1073872896 extends beyond EOD, truncated [ 247.898910][T23611] FAULT_INJECTION: forcing a failure. [ 247.898910][T23611] name failslab, interval 1, probability 0, space 0, times 0 [ 247.911952][T23611] CPU: 0 PID: 23611 Comm: syz-executor.5 Tainted: G W 5.14.0-syzkaller #0 [ 247.921940][T23611] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 247.932066][T23611] Call Trace: [ 247.935338][T23611] dump_stack_lvl+0xb7/0x103 [ 247.939930][T23611] dump_stack+0x11/0x1a [ 247.944085][T23611] should_fail+0x23c/0x250 [ 247.948500][T23611] ? mempool_alloc_slab+0x16/0x20 [ 247.953589][T23611] __should_failslab+0x81/0x90 [ 247.958410][T23611] should_failslab+0x5/0x20 [ 247.962932][T23611] kmem_cache_alloc+0x46/0x2e0 [ 247.967699][T23611] mempool_alloc_slab+0x16/0x20 [ 247.972527][T23611] ? mempool_free+0x130/0x130 [ 247.977181][T23611] mempool_alloc+0x8c/0x300 [ 247.981660][T23611] sg_pool_alloc+0x74/0x90 [ 247.986054][T23611] __sg_alloc_table+0xce/0x290 [ 247.990837][T23611] sg_alloc_table_chained+0xaf/0x140 [ 247.996171][T23611] ? sg_alloc_table_chained+0x140/0x140 [ 248.001692][T23611] scsi_alloc_sgtables+0x17c/0x500 [ 248.006815][T23611] sd_init_command+0x96a/0x1640 [ 248.011701][T23611] scsi_queue_rq+0x10e0/0x15a0 [ 248.016743][T23611] blk_mq_dispatch_rq_list+0x695/0x1040 [ 248.022291][T23611] ? __sbitmap_queue_get+0x11/0x20 [ 248.027390][T23611] blk_mq_do_dispatch_sched+0x3b5/0x640 [ 248.032928][T23611] __blk_mq_sched_dispatch_requests+0x1eb/0x290 [ 248.039161][T23611] ? rb_insert_color+0x2fa/0x310 [ 248.044139][T23611] blk_mq_sched_dispatch_requests+0x9f/0x110 [ 248.050213][T23611] __blk_mq_run_hw_queue+0xbc/0x140 [ 248.055428][T23611] __blk_mq_delay_run_hw_queue+0x163/0x2f0 [ 248.061233][T23611] blk_mq_run_hw_queue+0x22c/0x250 [ 248.066325][T23611] blk_mq_sched_insert_requests+0x12b/0x1f0 [ 248.072333][T23611] blk_mq_flush_plug_list+0x2f2/0x3c0 [ 248.077700][T23611] blk_flush_plug_list+0x235/0x260 [ 248.082812][T23611] blk_finish_plug+0x44/0x60 [ 248.087392][T23611] __iomap_dio_rw+0x797/0xa60 [ 248.092116][T23611] iomap_dio_rw+0x30/0x70 [ 248.096468][T23611] ext4_file_write_iter+0xa5e/0x11a0 [ 248.101808][T23611] do_iter_readv_writev+0x2cd/0x370 [ 248.106985][T23611] do_iter_write+0x192/0x5c0 [ 248.111566][T23611] ? splice_from_pipe_next+0x34f/0x3b0 [ 248.117001][T23611] ? kmalloc_array+0x2d/0x40 [ 248.121568][T23611] vfs_iter_write+0x4c/0x70 [ 248.126048][T23611] iter_file_splice_write+0x40a/0x750 [ 248.131410][T23611] ? splice_from_pipe+0xc0/0xc0 [ 248.136238][T23611] direct_splice_actor+0x80/0xa0 [ 248.141151][T23611] splice_direct_to_actor+0x345/0x650 [ 248.146500][T23611] ? do_splice_direct+0x170/0x170 [ 248.151509][T23611] do_splice_direct+0xf5/0x170 [ 248.156428][T23611] do_sendfile+0x618/0xb90 [ 248.160840][T23611] __x64_sys_sendfile64+0xf2/0x130 [ 248.166230][T23611] do_syscall_64+0x3d/0x90 [ 248.170636][T23611] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 248.176510][T23611] RIP: 0033:0x4665f9 [ 248.180391][T23611] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 248.200098][T23611] RSP: 002b:00007f439350a188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 248.208512][T23611] RAX: ffffffffffffffda RBX: 000000000056c038 RCX: 00000000004665f9 [ 248.216500][T23611] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000004 [ 248.224537][T23611] RBP: 00007f439350a1d0 R08: 0000000000000000 R09: 0000000000000000 [ 248.232487][T23611] R10: 0008000000000004 R11: 0000000000000246 R12: 0000000000000002 [ 248.240479][T23611] R13: 00007ffeba6dfb3f R14: 00007f439350a300 R15: 0000000000022000 [ 248.251144][T23554] loop4: p3 size 1912633224 extends beyond EOD, truncated [ 248.258610][T23612] EXT4-fs error (device loop2): __ext4_iget:4846: inode #2: block 3646141627: comm syz-executor.2: invalid block 01:16:32 executing program 4: syz_read_part_table(0x1000000000000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000000)="020181ffffff0a000000ff45ac0000ffffffa9000800000000000000024000ffffff82000000e10000008877007200300700a6ffffff00000000008000da55aa", 0x40, 0x1c0}]) 01:16:32 executing program 1: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000800)={0x2, &(0x7f00000007c0)=[{0x3}, {}]}) 01:16:32 executing program 0: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="200000004000000003000000300000000f0b0000000000000200000002000000008000000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000000140)="ed41000000000000dbf4655fdcf4655fdcf4655f0000000000000400080000000000000005000000080000000000000000000000000000000000000000000000bb", 0x41, 0x4200}], 0x0, &(0x7f0000013a00)) 01:16:32 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(0xffffffffffffffff, 0x800c6613, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x800002, 0x12, r0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r1, &(0x7f000099e000)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$inet_tcp_int(r1, 0x6, 0x19, &(0x7f0000000000)=0x20, 0x4) sendto$inet(r1, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) ioctl$LOOP_GET_STATUS(0xffffffffffffffff, 0x125e, &(0x7f0000000080)) sendmsg$NL80211_CMD_TDLS_MGMT(r1, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000180)={0x158, 0x0, 0x100, 0x70bd2b, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0x4}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8}, @NL80211_ATTR_IE={0x11e, 0x2a, [@mesh_id={0x72, 0x6}, @ht={0x2d, 0x1a, {0x8, 0x0, 0x1, 0x0, {0x3, 0x1, 0x0, 0x40, 0x0, 0x0, 0x0, 0x3, 0x1}, 0x8, 0x2, 0x2}}, @random_vendor={0xdd, 0xec, "5d4436042fb01afc776f15e249f78a5aa575849e3f8dfaf15c31ab8e96bc93a802a07f9a061d42824f799da013af85391831c9d4d7763587719e0a866b6530d86eec17b03908316c3b2f349db78ce75136f0513d4f0ded6c486518591507ef48244207ef1a137875c55b2461f29fc321232d421909e2e0b878d23b226b9204813abfd58338df63ec0f3a0aa1df08f6ee238f250e1f1517a9491032c8aeef45e3096f8c60fe39eb45570a9ed2a19c2671080fb03c84672b7a6d0050f45aaa2e93af2224c4b60edddc2d45831dacd11acc362166f47ff0f98148d5eea62845deed5ebbae8bd8bcb5c46cfa91e1"}, @ibss={0x6, 0x2, 0x1}, @supported_rates={0x1, 0x2, [{0x4}, {0xc}]}]}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8, 0xcb, 0x7fffffff}, @NL80211_ATTR_TDLS_INITIATOR={0x4}]}, 0x158}, 0x1, 0x0, 0x0, 0x20000004}, 0x4) recvfrom(r1, &(0x7f0000000480)=""/110, 0xfffffe32, 0x734, 0x0, 0xffffffffffffff39) [ 248.271627][T23612] EXT4-fs (loop2): get root inode failed [ 248.277280][T23612] EXT4-fs (loop2): mount failed [ 248.283370][T23554] loop4: p4 size 3657465856 extends beyond EOD, truncated [ 248.312259][ T1038] loop4: p1 p2 p3 p4 [ 248.316418][ T1038] loop4: p1 size 11290111 extends beyond EOD, truncated [ 248.346868][ T1038] loop4: p2 size 1073872896 extends beyond EOD, truncated [ 248.365082][T23612] loop2: detected capacity change from 0 to 264192 01:16:32 executing program 1: r0 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) perf_event_open$cgroup(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, r0, 0x0, 0xffffffffffffffff, 0x6) 01:16:32 executing program 0: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="200000004000000003000000300000000f100000000000000200000002000000008000000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000000140)="ed41000000000000dbf4655fdcf4655fdcf4655f0000000000000400080000000000000005000000080000000000000000000000000000000000000000000000bb", 0x41, 0x4200}], 0x0, &(0x7f0000013a00)) 01:16:32 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(0xffffffffffffffff, 0x800c6613, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x800002, 0x12, r0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r1, &(0x7f000099e000)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$inet_tcp_int(r1, 0x6, 0x19, &(0x7f0000000000)=0x20, 0x4) sendto$inet(r1, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) ioctl$LOOP_GET_STATUS(0xffffffffffffffff, 0x125e, &(0x7f0000000080)) sendmsg$NL80211_CMD_TDLS_MGMT(r1, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000180)={0x158, 0x0, 0x100, 0x70bd2b, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0x4}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8}, @NL80211_ATTR_IE={0x11e, 0x2a, [@mesh_id={0x72, 0x6}, @ht={0x2d, 0x1a, {0x8, 0x0, 0x1, 0x0, {0x3, 0x1, 0x0, 0x40, 0x0, 0x0, 0x0, 0x3, 0x1}, 0x8, 0x2, 0x2}}, @random_vendor={0xdd, 0xec, "5d4436042fb01afc776f15e249f78a5aa575849e3f8dfaf15c31ab8e96bc93a802a07f9a061d42824f799da013af85391831c9d4d7763587719e0a866b6530d86eec17b03908316c3b2f349db78ce75136f0513d4f0ded6c486518591507ef48244207ef1a137875c55b2461f29fc321232d421909e2e0b878d23b226b9204813abfd58338df63ec0f3a0aa1df08f6ee238f250e1f1517a9491032c8aeef45e3096f8c60fe39eb45570a9ed2a19c2671080fb03c84672b7a6d0050f45aaa2e93af2224c4b60edddc2d45831dacd11acc362166f47ff0f98148d5eea62845deed5ebbae8bd8bcb5c46cfa91e1"}, @ibss={0x6, 0x2, 0x1}, @supported_rates={0x1, 0x2, [{0x4}, {0xc}]}]}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8, 0xcb, 0x7fffffff}, @NL80211_ATTR_TDLS_INITIATOR={0x4}]}, 0x158}, 0x1, 0x0, 0x0, 0x20000004}, 0x4) recvfrom(r1, &(0x7f0000000480)=""/110, 0xfffffe32, 0x734, 0x0, 0xffffffffffffff39) [ 248.389730][T23612] EXT4-fs error (device loop2): __ext4_iget:4846: inode #2: block 3646141627: comm syz-executor.2: invalid block [ 248.401812][T23612] EXT4-fs (loop2): get root inode failed [ 248.407477][T23612] EXT4-fs (loop2): mount failed [ 248.425006][ T1038] loop4: p3 size 1912633224 extends beyond EOD, truncated [ 248.458523][ T1038] loop4: p4 size 3657465856 extends beyond EOD, truncated [ 248.555745][T23651] loop4: detected capacity change from 0 to 264192 01:16:32 executing program 5 (fault-call:7 fault-nth:72): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x7a05, 0x1700) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) write$cgroup_int(r2, &(0x7f0000000200), 0xf000) pwrite64(0xffffffffffffffff, 0x0, 0x0, 0x0) sendfile(r2, r3, 0x0, 0xf03b0000) sendfile(r1, r0, 0x0, 0x8000000000004) 01:16:32 executing program 1: r0 = perf_event_open$cgroup(&(0x7f0000000100)={0x8, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, r0, 0x0) 01:16:32 executing program 0: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="200000004000000003000000300000000f180000000000000200000002000000008000000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000000140)="ed41000000000000dbf4655fdcf4655fdcf4655f0000000000000400080000000000000005000000080000000000000000000000000000000000000000000000bb", 0x41, 0x4200}], 0x0, &(0x7f0000013a00)) 01:16:32 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(0xffffffffffffffff, 0x800c6613, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x800002, 0x12, r0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r1, &(0x7f000099e000)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$inet_tcp_int(r1, 0x6, 0x19, &(0x7f0000000000)=0x20, 0x4) sendto$inet(r1, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) ioctl$LOOP_GET_STATUS(0xffffffffffffffff, 0x125e, &(0x7f0000000080)) sendmsg$NL80211_CMD_TDLS_MGMT(r1, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000180)={0x158, 0x0, 0x100, 0x70bd2b, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0x4}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8}, @NL80211_ATTR_IE={0x11e, 0x2a, [@mesh_id={0x72, 0x6}, @ht={0x2d, 0x1a, {0x8, 0x0, 0x1, 0x0, {0x3, 0x1, 0x0, 0x40, 0x0, 0x0, 0x0, 0x3, 0x1}, 0x8, 0x2, 0x2}}, @random_vendor={0xdd, 0xec, "5d4436042fb01afc776f15e249f78a5aa575849e3f8dfaf15c31ab8e96bc93a802a07f9a061d42824f799da013af85391831c9d4d7763587719e0a866b6530d86eec17b03908316c3b2f349db78ce75136f0513d4f0ded6c486518591507ef48244207ef1a137875c55b2461f29fc321232d421909e2e0b878d23b226b9204813abfd58338df63ec0f3a0aa1df08f6ee238f250e1f1517a9491032c8aeef45e3096f8c60fe39eb45570a9ed2a19c2671080fb03c84672b7a6d0050f45aaa2e93af2224c4b60edddc2d45831dacd11acc362166f47ff0f98148d5eea62845deed5ebbae8bd8bcb5c46cfa91e1"}, @ibss={0x6, 0x2, 0x1}, @supported_rates={0x1, 0x2, [{0x4}, {0xc}]}]}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8, 0xcb, 0x7fffffff}, @NL80211_ATTR_TDLS_INITIATOR={0x4}]}, 0x158}, 0x1, 0x0, 0x0, 0x20000004}, 0x4) recvfrom(r1, &(0x7f0000000480)=""/110, 0xfffffe32, 0x734, 0x0, 0xffffffffffffff39) 01:16:32 executing program 2: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0xff0f0000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="200000004000000003000000300000000f000000000000000200000002000000008000000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000000140)="ed41000000000000dbf4655fdcf4655fdcf4655f0000000000000400080000000000000005000000080000000000000000000000000000000000000000000000bbb453d966251f49b1ab9b5b4d3c3f8ccc23b5d09ae234926a1e667ee0255913fede62ba578c07a711", 0x69, 0x4200}], 0x0, &(0x7f0000013a00)) [ 248.612202][T23651] loop4: p1 p2 p3 p4 [ 248.616372][T23651] loop4: p1 size 11290111 extends beyond EOD, truncated [ 248.631397][T23651] loop4: p2 size 1073872896 extends beyond EOD, truncated [ 248.682793][T23678] loop2: detected capacity change from 0 to 264192 [ 248.701085][T23651] loop4: p3 size 1912633224 extends beyond EOD, truncated [ 248.752364][T23684] FAULT_INJECTION: forcing a failure. [ 248.752364][T23684] name failslab, interval 1, probability 0, space 0, times 0 [ 248.765045][T23684] CPU: 0 PID: 23684 Comm: syz-executor.5 Tainted: G W 5.14.0-syzkaller #0 [ 248.774844][T23684] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 248.784925][T23684] Call Trace: [ 248.788213][T23684] dump_stack_lvl+0xb7/0x103 [ 248.792802][T23684] dump_stack+0x11/0x1a [ 248.797082][T23684] should_fail+0x23c/0x250 [ 248.801492][T23684] ? kmalloc_array+0x2d/0x40 [ 248.806093][T23684] __should_failslab+0x81/0x90 [ 248.810863][T23684] should_failslab+0x5/0x20 [ 248.815381][T23684] __kmalloc+0x66/0x340 [ 248.819577][T23684] ? ktime_get_coarse_real_ts64+0x10d/0x120 [ 248.825484][T23684] ? splice_from_pipe+0xc0/0xc0 [ 248.830339][T23684] kmalloc_array+0x2d/0x40 [ 248.834757][T23684] iter_file_splice_write+0xc6/0x750 [ 248.840071][T23684] ? atime_needs_update+0x239/0x390 [ 248.845307][T23684] ? touch_atime+0xcf/0x240 [ 248.849880][T23684] ? generic_file_splice_read+0x286/0x310 [ 248.855637][T23684] ? splice_from_pipe+0xc0/0xc0 [ 248.860517][T23684] direct_splice_actor+0x80/0xa0 [ 248.865441][T23684] splice_direct_to_actor+0x345/0x650 [ 248.870804][T23684] ? do_splice_direct+0x170/0x170 [ 248.875923][T23684] do_splice_direct+0xf5/0x170 [ 248.880692][T23684] do_sendfile+0x618/0xb90 [ 248.885134][T23684] __x64_sys_sendfile64+0xf2/0x130 [ 248.890225][T23684] do_syscall_64+0x3d/0x90 [ 248.894619][T23684] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 248.900628][T23684] RIP: 0033:0x4665f9 [ 248.904495][T23684] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 248.924155][T23684] RSP: 002b:00007f439350a188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 248.932650][T23684] RAX: ffffffffffffffda RBX: 000000000056c038 RCX: 00000000004665f9 [ 248.940605][T23684] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000004 [ 248.948554][T23684] RBP: 00007f439350a1d0 R08: 0000000000000000 R09: 0000000000000000 [ 248.956555][T23684] R10: 0008000000000004 R11: 0000000000000246 R12: 0000000000000002 [ 248.964502][T23684] R13: 00007ffeba6dfb3f R14: 00007f439350a300 R15: 0000000000022000 [ 248.973536][T23651] loop4: p4 size 3657465856 extends beyond EOD, truncated [ 248.980748][T23678] EXT4-fs error (device loop2): __ext4_iget:4846: inode #2: block 3646141627: comm syz-executor.2: invalid block [ 248.992689][T23678] EXT4-fs (loop2): get root inode failed [ 248.998443][T23678] EXT4-fs (loop2): mount failed 01:16:33 executing program 4: syz_read_part_table(0x2000000000000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000000)="020181ffffff0a000000ff45ac0000ffffffa9000800000000000000024000ffffff82000000e10000008877007200300700a6ffffff00000000008000da55aa", 0x40, 0x1c0}]) 01:16:33 executing program 1: socketpair(0x10, 0x2, 0x0, &(0x7f0000000180)) 01:16:33 executing program 0: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="200000004000000003000000300000000f1c0000000000000200000002000000008000000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000000140)="ed41000000000000dbf4655fdcf4655fdcf4655f0000000000000400080000000000000005000000080000000000000000000000000000000000000000000000bb", 0x41, 0x4200}], 0x0, &(0x7f0000013a00)) 01:16:33 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(0xffffffffffffffff, 0x800c6613, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x800002, 0x12, r0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r1, &(0x7f000099e000)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$inet_tcp_int(r1, 0x6, 0x19, &(0x7f0000000000)=0x20, 0x4) sendto$inet(r1, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) ioctl$LOOP_GET_STATUS(0xffffffffffffffff, 0x125e, &(0x7f0000000080)) sendmsg$NL80211_CMD_TDLS_MGMT(r1, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000180)={0x160, 0x0, 0x100, 0x70bd2b, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xc, 0x2a, [@mesh_chsw={0x76, 0x6, {0x0, 0x26, 0x3d, 0x6}}]}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8}, @NL80211_ATTR_IE={0x11e, 0x2a, [@mesh_id={0x72, 0x6}, @ht={0x2d, 0x1a, {0x8, 0x0, 0x1, 0x0, {0x3, 0x1, 0x0, 0x40, 0x0, 0x0, 0x0, 0x3, 0x1}, 0x8, 0x2, 0x2}}, @random_vendor={0xdd, 0xec, "5d4436042fb01afc776f15e249f78a5aa575849e3f8dfaf15c31ab8e96bc93a802a07f9a061d42824f799da013af85391831c9d4d7763587719e0a866b6530d86eec17b03908316c3b2f349db78ce75136f0513d4f0ded6c486518591507ef48244207ef1a137875c55b2461f29fc321232d421909e2e0b878d23b226b9204813abfd58338df63ec0f3a0aa1df08f6ee238f250e1f1517a9491032c8aeef45e3096f8c60fe39eb45570a9ed2a19c2671080fb03c84672b7a6d0050f45aaa2e93af2224c4b60edddc2d45831dacd11acc362166f47ff0f98148d5eea62845deed5ebbae8bd8bcb5c46cfa91e1"}, @ibss={0x6, 0x2, 0x1}, @supported_rates={0x1, 0x2, [{0x4}, {0xc}]}]}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8, 0xcb, 0x7fffffff}, @NL80211_ATTR_TDLS_INITIATOR={0x4}]}, 0x160}, 0x1, 0x0, 0x0, 0x20000004}, 0x4) recvfrom(r1, &(0x7f0000000480)=""/110, 0xfffffe32, 0x734, 0x0, 0xffffffffffffff39) [ 249.093030][T23678] loop2: detected capacity change from 0 to 264192 01:16:33 executing program 0: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="200000004000000003000000300000000f260000000000000200000002000000008000000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000000140)="ed41000000000000dbf4655fdcf4655fdcf4655f0000000000000400080000000000000005000000080000000000000000000000000000000000000000000000bb", 0x41, 0x4200}], 0x0, &(0x7f0000013a00)) 01:16:33 executing program 1: r0 = perf_event_open$cgroup(&(0x7f0000000100)={0x8, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_DISABLE(r0, 0x2401, 0x0) 01:16:33 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(0xffffffffffffffff, 0x800c6613, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x800002, 0x12, r0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r1, &(0x7f000099e000)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$inet_tcp_int(r1, 0x6, 0x19, &(0x7f0000000000)=0x20, 0x4) sendto$inet(r1, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) ioctl$LOOP_GET_STATUS(0xffffffffffffffff, 0x125e, &(0x7f0000000080)) sendmsg$NL80211_CMD_TDLS_MGMT(r1, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000180)={0x160, 0x0, 0x100, 0x70bd2b, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xc, 0x2a, [@mesh_chsw={0x76, 0x6, {0x0, 0x26, 0x3d, 0x6}}]}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8}, @NL80211_ATTR_IE={0x11e, 0x2a, [@mesh_id={0x72, 0x6}, @ht={0x2d, 0x1a, {0x8, 0x0, 0x1, 0x0, {0x3, 0x1, 0x0, 0x40, 0x0, 0x0, 0x0, 0x3, 0x1}, 0x8, 0x2, 0x2}}, @random_vendor={0xdd, 0xec, "5d4436042fb01afc776f15e249f78a5aa575849e3f8dfaf15c31ab8e96bc93a802a07f9a061d42824f799da013af85391831c9d4d7763587719e0a866b6530d86eec17b03908316c3b2f349db78ce75136f0513d4f0ded6c486518591507ef48244207ef1a137875c55b2461f29fc321232d421909e2e0b878d23b226b9204813abfd58338df63ec0f3a0aa1df08f6ee238f250e1f1517a9491032c8aeef45e3096f8c60fe39eb45570a9ed2a19c2671080fb03c84672b7a6d0050f45aaa2e93af2224c4b60edddc2d45831dacd11acc362166f47ff0f98148d5eea62845deed5ebbae8bd8bcb5c46cfa91e1"}, @ibss={0x6, 0x2, 0x1}, @supported_rates={0x1, 0x2, [{0x4}, {0xc}]}]}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8, 0xcb, 0x7fffffff}, @NL80211_ATTR_TDLS_INITIATOR={0x4}]}, 0x160}, 0x1, 0x0, 0x0, 0x20000004}, 0x4) recvfrom(r1, &(0x7f0000000480)=""/110, 0xfffffe32, 0x734, 0x0, 0xffffffffffffff39) [ 249.156513][T23710] loop4: detected capacity change from 0 to 264192 [ 249.168058][T23678] EXT4-fs error (device loop2): __ext4_iget:4846: inode #2: block 3646141627: comm syz-executor.2: invalid block [ 249.180164][T23678] EXT4-fs (loop2): get root inode failed [ 249.185836][T23678] EXT4-fs (loop2): mount failed [ 249.305078][T23710] loop4: p1 p2 p3 p4 [ 249.309294][T23710] loop4: p1 size 11290111 extends beyond EOD, truncated [ 249.335496][T23710] loop4: p2 size 1073872896 extends beyond EOD, truncated [ 249.343935][T23710] loop4: p3 size 1912633224 extends beyond EOD, truncated [ 249.352086][T23710] loop4: p4 size 3657465856 extends beyond EOD, truncated 01:16:33 executing program 5 (fault-call:7 fault-nth:73): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x7a05, 0x1700) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) write$cgroup_int(r2, &(0x7f0000000200), 0xf000) pwrite64(0xffffffffffffffff, 0x0, 0x0, 0x0) sendfile(r2, r3, 0x0, 0xf03b0000) sendfile(r1, r0, 0x0, 0x8000000000004) 01:16:33 executing program 1: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x20, 0x0, 0x0, 0xfffffff8}]}) 01:16:33 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(0xffffffffffffffff, 0x800c6613, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x800002, 0x12, r0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r1, &(0x7f000099e000)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$inet_tcp_int(r1, 0x6, 0x19, &(0x7f0000000000)=0x20, 0x4) sendto$inet(r1, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) ioctl$LOOP_GET_STATUS(0xffffffffffffffff, 0x125e, &(0x7f0000000080)) sendmsg$NL80211_CMD_TDLS_MGMT(r1, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000180)={0x160, 0x0, 0x100, 0x70bd2b, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xc, 0x2a, [@mesh_chsw={0x76, 0x6, {0x0, 0x26, 0x3d, 0x6}}]}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8}, @NL80211_ATTR_IE={0x11e, 0x2a, [@mesh_id={0x72, 0x6}, @ht={0x2d, 0x1a, {0x8, 0x0, 0x1, 0x0, {0x3, 0x1, 0x0, 0x40, 0x0, 0x0, 0x0, 0x3, 0x1}, 0x8, 0x2, 0x2}}, @random_vendor={0xdd, 0xec, "5d4436042fb01afc776f15e249f78a5aa575849e3f8dfaf15c31ab8e96bc93a802a07f9a061d42824f799da013af85391831c9d4d7763587719e0a866b6530d86eec17b03908316c3b2f349db78ce75136f0513d4f0ded6c486518591507ef48244207ef1a137875c55b2461f29fc321232d421909e2e0b878d23b226b9204813abfd58338df63ec0f3a0aa1df08f6ee238f250e1f1517a9491032c8aeef45e3096f8c60fe39eb45570a9ed2a19c2671080fb03c84672b7a6d0050f45aaa2e93af2224c4b60edddc2d45831dacd11acc362166f47ff0f98148d5eea62845deed5ebbae8bd8bcb5c46cfa91e1"}, @ibss={0x6, 0x2, 0x1}, @supported_rates={0x1, 0x2, [{0x4}, {0xc}]}]}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8, 0xcb, 0x7fffffff}, @NL80211_ATTR_TDLS_INITIATOR={0x4}]}, 0x160}, 0x1, 0x0, 0x0, 0x20000004}, 0x4) recvfrom(r1, &(0x7f0000000480)=""/110, 0xfffffe32, 0x734, 0x0, 0xffffffffffffff39) 01:16:33 executing program 0: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="200000004000000003000000300000000ffe0000000000000200000002000000008000000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000000140)="ed41000000000000dbf4655fdcf4655fdcf4655f0000000000000400080000000000000005000000080000000000000000000000000000000000000000000000bb", 0x41, 0x4200}], 0x0, &(0x7f0000013a00)) 01:16:33 executing program 2: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="200000004000000003000000300000000f000000000000000200000002000000008000000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000000140)="ed41000000000000dbf4655fdcf4655fdcf4655f0000000000000400080000000000000005000000080000000000000000000000000000000000000000000000bbb453d966251f49b1ab9b5b4d3c3f8ccc23b5d09ae234926a1e667ee0255913fede62ba578c07a711", 0x69, 0x4200}], 0x0, &(0x7f0000013a00)) [ 249.464900][T23710] loop4: detected capacity change from 0 to 264192 [ 249.524371][T23710] loop4: p1 p2 p3 p4 [ 249.549652][T23710] loop4: p1 size 11290111 extends beyond EOD, truncated [ 249.558249][T23752] loop2: detected capacity change from 0 to 512 [ 249.608946][T23710] loop4: p2 size 1073872896 extends beyond EOD, truncated [ 249.620843][T23758] FAULT_INJECTION: forcing a failure. [ 249.620843][T23758] name failslab, interval 1, probability 0, space 0, times 0 [ 249.633556][T23758] CPU: 0 PID: 23758 Comm: syz-executor.5 Tainted: G W 5.14.0-syzkaller #0 [ 249.643387][T23758] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 249.653436][T23758] Call Trace: [ 249.656710][T23758] dump_stack_lvl+0xb7/0x103 [ 249.661303][T23758] dump_stack+0x11/0x1a [ 249.665434][T23758] should_fail+0x23c/0x250 [ 249.669826][T23758] __should_failslab+0x81/0x90 [ 249.674737][T23758] ? __iomap_dio_rw+0xf2/0xa60 [ 249.679481][T23758] should_failslab+0x5/0x20 [ 249.683972][T23758] kmem_cache_alloc_trace+0x49/0x310 [ 249.689234][T23758] ? enqueue_entity+0x45b/0x630 [ 249.694071][T23758] __iomap_dio_rw+0xf2/0xa60 [ 249.698680][T23758] ? ext4_es_lookup_extent+0x36b/0x490 [ 249.704126][T23758] ? ktime_get_coarse_real_ts64+0x10d/0x120 [ 249.710191][T23758] ? file_update_time+0x1bd/0x3e0 [ 249.715198][T23758] iomap_dio_rw+0x30/0x70 [ 249.719569][T23758] ext4_file_write_iter+0xa5e/0x11a0 [ 249.724911][T23758] do_iter_readv_writev+0x2cd/0x370 [ 249.730135][T23758] do_iter_write+0x192/0x5c0 [ 249.734777][T23758] ? splice_from_pipe_next+0x34f/0x3b0 [ 249.740444][T23758] ? kmalloc_array+0x2d/0x40 [ 249.745043][T23758] vfs_iter_write+0x4c/0x70 [ 249.749531][T23758] iter_file_splice_write+0x40a/0x750 [ 249.754973][T23758] ? splice_from_pipe+0xc0/0xc0 [ 249.759811][T23758] direct_splice_actor+0x80/0xa0 [ 249.764808][T23758] splice_direct_to_actor+0x345/0x650 [ 249.770240][T23758] ? do_splice_direct+0x170/0x170 [ 249.775241][T23758] do_splice_direct+0xf5/0x170 [ 249.779985][T23758] do_sendfile+0x618/0xb90 [ 249.784381][T23758] __x64_sys_sendfile64+0xf2/0x130 [ 249.789510][T23758] do_syscall_64+0x3d/0x90 [ 249.793901][T23758] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 249.799841][T23758] RIP: 0033:0x4665f9 [ 249.803708][T23758] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 249.823344][T23758] RSP: 002b:00007f439350a188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 249.831746][T23758] RAX: ffffffffffffffda RBX: 000000000056c038 RCX: 00000000004665f9 [ 249.839711][T23758] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000004 [ 249.847747][T23758] RBP: 00007f439350a1d0 R08: 0000000000000000 R09: 0000000000000000 [ 249.855698][T23758] R10: 0008000000000004 R11: 0000000000000246 R12: 0000000000000002 [ 249.863679][T23758] R13: 00007ffeba6dfb3f R14: 00007f439350a300 R15: 0000000000022000 [ 249.872662][T23710] loop4: p3 size 1912633224 extends beyond EOD, truncated [ 249.880219][T23752] EXT4-fs error (device loop2): ext4_fill_super:4953: inode #2: comm syz-executor.2: iget: root inode unallocated [ 249.892261][T23752] EXT4-fs (loop2): get root inode failed [ 249.897907][T23752] EXT4-fs (loop2): mount failed 01:16:34 executing program 4: syz_read_part_table(0x4000000000000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000000)="020181ffffff0a000000ff45ac0000ffffffa9000800000000000000024000ffffff82000000e10000008877007200300700a6ffffff00000000008000da55aa", 0x40, 0x1c0}]) 01:16:34 executing program 0: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="200000004000000003000000300000000f040200000000000200000002000000008000000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000000140)="ed41000000000000dbf4655fdcf4655fdcf4655f0000000000000400080000000000000005000000080000000000000000000000000000000000000000000000bb", 0x41, 0x4200}], 0x0, &(0x7f0000013a00)) 01:16:34 executing program 1: perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 01:16:34 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(0xffffffffffffffff, 0x800c6613, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x800002, 0x12, r0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r1, &(0x7f000099e000)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$inet_tcp_int(r1, 0x6, 0x19, &(0x7f0000000000)=0x20, 0x4) sendto$inet(r1, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) ioctl$LOOP_GET_STATUS(0xffffffffffffffff, 0x125e, &(0x7f0000000080)) sendmsg$NL80211_CMD_TDLS_MGMT(r1, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000180)={0x160, 0x0, 0x100, 0x70bd2b, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xc, 0x2a, [@mesh_chsw={0x76, 0x6, {0x4, 0x0, 0x3d, 0x6}}]}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8}, @NL80211_ATTR_IE={0x11e, 0x2a, [@mesh_id={0x72, 0x6}, @ht={0x2d, 0x1a, {0x8, 0x0, 0x1, 0x0, {0x3, 0x1, 0x0, 0x40, 0x0, 0x0, 0x0, 0x3, 0x1}, 0x8, 0x2, 0x2}}, @random_vendor={0xdd, 0xec, "5d4436042fb01afc776f15e249f78a5aa575849e3f8dfaf15c31ab8e96bc93a802a07f9a061d42824f799da013af85391831c9d4d7763587719e0a866b6530d86eec17b03908316c3b2f349db78ce75136f0513d4f0ded6c486518591507ef48244207ef1a137875c55b2461f29fc321232d421909e2e0b878d23b226b9204813abfd58338df63ec0f3a0aa1df08f6ee238f250e1f1517a9491032c8aeef45e3096f8c60fe39eb45570a9ed2a19c2671080fb03c84672b7a6d0050f45aaa2e93af2224c4b60edddc2d45831dacd11acc362166f47ff0f98148d5eea62845deed5ebbae8bd8bcb5c46cfa91e1"}, @ibss={0x6, 0x2, 0x1}, @supported_rates={0x1, 0x2, [{0x4}, {0xc}]}]}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8, 0xcb, 0x7fffffff}, @NL80211_ATTR_TDLS_INITIATOR={0x4}]}, 0x160}, 0x1, 0x0, 0x0, 0x20000004}, 0x4) recvfrom(r1, &(0x7f0000000480)=""/110, 0xfffffe32, 0x734, 0x0, 0xffffffffffffff39) [ 249.904316][T23710] loop4: p4 size 3657465856 extends beyond EOD, truncated [ 249.960648][T23752] loop2: detected capacity change from 0 to 512 [ 249.981105][T23752] EXT4-fs error (device loop2): ext4_fill_super:4953: inode #2: comm syz-executor.2: iget: root inode unallocated [ 249.993340][T23752] EXT4-fs (loop2): get root inode failed [ 249.998966][T23752] EXT4-fs (loop2): mount failed 01:16:34 executing program 0: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="200000004000000003000000300000000f000300000000000200000002000000008000000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000000140)="ed41000000000000dbf4655fdcf4655fdcf4655f0000000000000400080000000000000005000000080000000000000000000000000000000000000000000000bb", 0x41, 0x4200}], 0x0, &(0x7f0000013a00)) 01:16:34 executing program 1: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000340)={0x1, &(0x7f00000002c0)=[{0x1d}]}) 01:16:34 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(0xffffffffffffffff, 0x800c6613, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x800002, 0x12, r0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r1, &(0x7f000099e000)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$inet_tcp_int(r1, 0x6, 0x19, &(0x7f0000000000)=0x20, 0x4) sendto$inet(r1, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) ioctl$LOOP_GET_STATUS(0xffffffffffffffff, 0x125e, &(0x7f0000000080)) sendmsg$NL80211_CMD_TDLS_MGMT(r1, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000180)={0x160, 0x0, 0x100, 0x70bd2b, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xc, 0x2a, [@mesh_chsw={0x76, 0x6, {0x4, 0x0, 0x3d, 0x6}}]}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8}, @NL80211_ATTR_IE={0x11e, 0x2a, [@mesh_id={0x72, 0x6}, @ht={0x2d, 0x1a, {0x8, 0x0, 0x1, 0x0, {0x3, 0x1, 0x0, 0x40, 0x0, 0x0, 0x0, 0x3, 0x1}, 0x8, 0x2, 0x2}}, @random_vendor={0xdd, 0xec, "5d4436042fb01afc776f15e249f78a5aa575849e3f8dfaf15c31ab8e96bc93a802a07f9a061d42824f799da013af85391831c9d4d7763587719e0a866b6530d86eec17b03908316c3b2f349db78ce75136f0513d4f0ded6c486518591507ef48244207ef1a137875c55b2461f29fc321232d421909e2e0b878d23b226b9204813abfd58338df63ec0f3a0aa1df08f6ee238f250e1f1517a9491032c8aeef45e3096f8c60fe39eb45570a9ed2a19c2671080fb03c84672b7a6d0050f45aaa2e93af2224c4b60edddc2d45831dacd11acc362166f47ff0f98148d5eea62845deed5ebbae8bd8bcb5c46cfa91e1"}, @ibss={0x6, 0x2, 0x1}, @supported_rates={0x1, 0x2, [{0x4}, {0xc}]}]}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8, 0xcb, 0x7fffffff}, @NL80211_ATTR_TDLS_INITIATOR={0x4}]}, 0x160}, 0x1, 0x0, 0x0, 0x20000004}, 0x4) recvfrom(r1, &(0x7f0000000480)=""/110, 0xfffffe32, 0x734, 0x0, 0xffffffffffffff39) [ 250.115689][T23798] loop4: detected capacity change from 0 to 264192 [ 250.206201][T22970] loop4: p1 p2 p3 p4 [ 250.211811][T22970] loop4: p1 size 11290111 extends beyond EOD, truncated [ 250.219827][T22970] loop4: p2 size 1073872896 extends beyond EOD, truncated [ 250.228068][T22970] loop4: p3 size 1912633224 extends beyond EOD, truncated [ 250.236250][T22970] loop4: p4 size 3657465856 extends beyond EOD, truncated [ 250.246501][T23798] loop4: p1 p2 p3 p4 [ 250.255647][T23798] loop4: p1 size 11290111 extends beyond EOD, truncated [ 250.266347][T23798] loop4: p2 size 1073872896 extends beyond EOD, truncated [ 250.274392][T23798] loop4: p3 size 1912633224 extends beyond EOD, truncated [ 250.282466][T23798] loop4: p4 size 3657465856 extends beyond EOD, truncated 01:16:34 executing program 5 (fault-call:7 fault-nth:74): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x7a05, 0x1700) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) write$cgroup_int(r2, &(0x7f0000000200), 0xf000) pwrite64(0xffffffffffffffff, 0x0, 0x0, 0x0) sendfile(r2, r3, 0x0, 0xf03b0000) sendfile(r1, r0, 0x0, 0x8000000000004) 01:16:34 executing program 0: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="200000004000000003000000300000000f020400000000000200000002000000008000000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000000140)="ed41000000000000dbf4655fdcf4655fdcf4655f0000000000000400080000000000000005000000080000000000000000000000000000000000000000000000bb", 0x41, 0x4200}], 0x0, &(0x7f0000013a00)) 01:16:34 executing program 1: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000080)={0x2, &(0x7f0000000000)=[{0x28}, {0x3, 0x0, 0x0, 0x7ff}]}) 01:16:34 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(0xffffffffffffffff, 0x800c6613, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x800002, 0x12, r0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r1, &(0x7f000099e000)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$inet_tcp_int(r1, 0x6, 0x19, &(0x7f0000000000)=0x20, 0x4) sendto$inet(r1, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) ioctl$LOOP_GET_STATUS(0xffffffffffffffff, 0x125e, &(0x7f0000000080)) sendmsg$NL80211_CMD_TDLS_MGMT(r1, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000180)={0x160, 0x0, 0x100, 0x70bd2b, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xc, 0x2a, [@mesh_chsw={0x76, 0x6, {0x4, 0x0, 0x3d, 0x6}}]}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8}, @NL80211_ATTR_IE={0x11e, 0x2a, [@mesh_id={0x72, 0x6}, @ht={0x2d, 0x1a, {0x8, 0x0, 0x1, 0x0, {0x3, 0x1, 0x0, 0x40, 0x0, 0x0, 0x0, 0x3, 0x1}, 0x8, 0x2, 0x2}}, @random_vendor={0xdd, 0xec, "5d4436042fb01afc776f15e249f78a5aa575849e3f8dfaf15c31ab8e96bc93a802a07f9a061d42824f799da013af85391831c9d4d7763587719e0a866b6530d86eec17b03908316c3b2f349db78ce75136f0513d4f0ded6c486518591507ef48244207ef1a137875c55b2461f29fc321232d421909e2e0b878d23b226b9204813abfd58338df63ec0f3a0aa1df08f6ee238f250e1f1517a9491032c8aeef45e3096f8c60fe39eb45570a9ed2a19c2671080fb03c84672b7a6d0050f45aaa2e93af2224c4b60edddc2d45831dacd11acc362166f47ff0f98148d5eea62845deed5ebbae8bd8bcb5c46cfa91e1"}, @ibss={0x6, 0x2, 0x1}, @supported_rates={0x1, 0x2, [{0x4}, {0xc}]}]}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8, 0xcb, 0x7fffffff}, @NL80211_ATTR_TDLS_INITIATOR={0x4}]}, 0x160}, 0x1, 0x0, 0x0, 0x20000004}, 0x4) recvfrom(r1, &(0x7f0000000480)=""/110, 0xfffffe32, 0x734, 0x0, 0xffffffffffffff39) 01:16:34 executing program 2: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="200000004000000003000000300000000f000000000000000200000002000000008000000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000000140)="ed41000000000000dbf4655fdcf4655fdcf4655f0000000000000400080000000000000005000000080000000000000000000000000000000000000000000000bbb453d966251f49b1ab9b5b4d3c3f8ccc23b5d09ae234926a1e667ee0255913fede62ba578c07a711", 0x69, 0x4200}], 0x0, &(0x7f0000013a00)) 01:16:34 executing program 4: syz_read_part_table(0x20000000000000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000000)="020181ffffff0a000000ff45ac0000ffffffa9000800000000000000024000ffffff82000000e10000008877007200300700a6ffffff00000000008000da55aa", 0x40, 0x1c0}]) 01:16:34 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(0xffffffffffffffff, 0x800c6613, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x800002, 0x12, r0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r1, &(0x7f000099e000)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$inet_tcp_int(r1, 0x6, 0x19, &(0x7f0000000000)=0x20, 0x4) sendto$inet(r1, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) ioctl$LOOP_GET_STATUS(0xffffffffffffffff, 0x125e, &(0x7f0000000080)) sendmsg$NL80211_CMD_TDLS_MGMT(r1, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000180)={0x160, 0x0, 0x100, 0x70bd2b, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xc, 0x2a, [@mesh_chsw={0x76, 0x6, {0x4, 0x26, 0x0, 0x6}}]}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8}, @NL80211_ATTR_IE={0x11e, 0x2a, [@mesh_id={0x72, 0x6}, @ht={0x2d, 0x1a, {0x8, 0x0, 0x1, 0x0, {0x3, 0x1, 0x0, 0x40, 0x0, 0x0, 0x0, 0x3, 0x1}, 0x8, 0x2, 0x2}}, @random_vendor={0xdd, 0xec, "5d4436042fb01afc776f15e249f78a5aa575849e3f8dfaf15c31ab8e96bc93a802a07f9a061d42824f799da013af85391831c9d4d7763587719e0a866b6530d86eec17b03908316c3b2f349db78ce75136f0513d4f0ded6c486518591507ef48244207ef1a137875c55b2461f29fc321232d421909e2e0b878d23b226b9204813abfd58338df63ec0f3a0aa1df08f6ee238f250e1f1517a9491032c8aeef45e3096f8c60fe39eb45570a9ed2a19c2671080fb03c84672b7a6d0050f45aaa2e93af2224c4b60edddc2d45831dacd11acc362166f47ff0f98148d5eea62845deed5ebbae8bd8bcb5c46cfa91e1"}, @ibss={0x6, 0x2, 0x1}, @supported_rates={0x1, 0x2, [{0x4}, {0xc}]}]}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8, 0xcb, 0x7fffffff}, @NL80211_ATTR_TDLS_INITIATOR={0x4}]}, 0x160}, 0x1, 0x0, 0x0, 0x20000004}, 0x4) recvfrom(r1, &(0x7f0000000480)=""/110, 0xfffffe32, 0x734, 0x0, 0xffffffffffffff39) [ 250.425005][T23839] loop2: detected capacity change from 0 to 512 [ 250.474368][T23840] FAULT_INJECTION: forcing a failure. [ 250.474368][T23840] name failslab, interval 1, probability 0, space 0, times 0 [ 250.487036][T23840] CPU: 0 PID: 23840 Comm: syz-executor.5 Tainted: G W 5.14.0-syzkaller #0 [ 250.487700][T23852] loop4: detected capacity change from 0 to 264192 [ 250.496827][T23840] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 250.496840][T23840] Call Trace: [ 250.496847][T23840] dump_stack_lvl+0xb7/0x103 [ 250.521229][T23840] dump_stack+0x11/0x1a [ 250.525383][T23840] should_fail+0x23c/0x250 [ 250.529790][T23840] ? mempool_alloc_slab+0x16/0x20 [ 250.534817][T23840] __should_failslab+0x81/0x90 [ 250.539580][T23840] should_failslab+0x5/0x20 [ 250.544178][T23840] kmem_cache_alloc+0x46/0x2e0 [ 250.548997][T23840] ? kcsan_setup_watchpoint+0x231/0x3e0 [ 250.554538][T23840] mempool_alloc_slab+0x16/0x20 [ 250.559409][T23840] ? mempool_free+0x130/0x130 [ 250.564218][T23840] mempool_alloc+0x8c/0x300 [ 250.568746][T23840] ? ext4_inode_block_valid+0x1cc/0x210 [ 250.574303][T23840] bio_alloc_bioset+0xcc/0x530 [ 250.579109][T23840] ? iov_iter_alignment+0x34b/0x370 [ 250.584320][T23840] iomap_dio_bio_actor+0x511/0xb50 [ 250.589558][T23840] ? ext4_iomap_begin+0x5d1/0x620 [ 250.594571][T23840] iomap_dio_actor+0x26e/0x3b0 [ 250.599417][T23840] ? ext4_iomap_overwrite_begin+0x5e/0x80 [ 250.605200][T23840] iomap_apply+0x1df/0x400 [ 250.609600][T23840] __iomap_dio_rw+0x62e/0xa60 [ 250.614423][T23840] ? __iomap_dio_rw+0xa60/0xa60 [ 250.619300][T23840] iomap_dio_rw+0x30/0x70 [ 250.623690][T23840] ext4_file_write_iter+0xa5e/0x11a0 [ 250.628965][T23840] do_iter_readv_writev+0x2cd/0x370 [ 250.634190][T23840] do_iter_write+0x192/0x5c0 [ 250.638844][T23840] ? splice_from_pipe_next+0x34f/0x3b0 [ 250.644285][T23840] ? kmalloc_array+0x2d/0x40 [ 250.648857][T23840] vfs_iter_write+0x4c/0x70 [ 250.653398][T23840] iter_file_splice_write+0x40a/0x750 [ 250.658746][T23840] ? splice_from_pipe+0xc0/0xc0 [ 250.663658][T23840] direct_splice_actor+0x80/0xa0 [ 250.668574][T23840] splice_direct_to_actor+0x345/0x650 [ 250.673921][T23840] ? do_splice_direct+0x170/0x170 [ 250.678920][T23840] do_splice_direct+0xf5/0x170 [ 250.683658][T23840] do_sendfile+0x618/0xb90 [ 250.688101][T23840] __x64_sys_sendfile64+0xf2/0x130 [ 250.693260][T23840] do_syscall_64+0x3d/0x90 [ 250.697725][T23840] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 250.703639][T23840] RIP: 0033:0x4665f9 01:16:35 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(0xffffffffffffffff, 0x800c6613, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x800002, 0x12, r0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r1, &(0x7f000099e000)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$inet_tcp_int(r1, 0x6, 0x19, &(0x7f0000000000)=0x20, 0x4) sendto$inet(r1, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) ioctl$LOOP_GET_STATUS(0xffffffffffffffff, 0x125e, &(0x7f0000000080)) sendmsg$NL80211_CMD_TDLS_MGMT(r1, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000180)={0x160, 0x0, 0x100, 0x70bd2b, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xc, 0x2a, [@mesh_chsw={0x76, 0x6, {0x4, 0x26, 0x0, 0x6}}]}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8}, @NL80211_ATTR_IE={0x11e, 0x2a, [@mesh_id={0x72, 0x6}, @ht={0x2d, 0x1a, {0x8, 0x0, 0x1, 0x0, {0x3, 0x1, 0x0, 0x40, 0x0, 0x0, 0x0, 0x3, 0x1}, 0x8, 0x2, 0x2}}, @random_vendor={0xdd, 0xec, "5d4436042fb01afc776f15e249f78a5aa575849e3f8dfaf15c31ab8e96bc93a802a07f9a061d42824f799da013af85391831c9d4d7763587719e0a866b6530d86eec17b03908316c3b2f349db78ce75136f0513d4f0ded6c486518591507ef48244207ef1a137875c55b2461f29fc321232d421909e2e0b878d23b226b9204813abfd58338df63ec0f3a0aa1df08f6ee238f250e1f1517a9491032c8aeef45e3096f8c60fe39eb45570a9ed2a19c2671080fb03c84672b7a6d0050f45aaa2e93af2224c4b60edddc2d45831dacd11acc362166f47ff0f98148d5eea62845deed5ebbae8bd8bcb5c46cfa91e1"}, @ibss={0x6, 0x2, 0x1}, @supported_rates={0x1, 0x2, [{0x4}, {0xc}]}]}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8, 0xcb, 0x7fffffff}, @NL80211_ATTR_TDLS_INITIATOR={0x4}]}, 0x160}, 0x1, 0x0, 0x0, 0x20000004}, 0x4) recvfrom(r1, &(0x7f0000000480)=""/110, 0xfffffe32, 0x734, 0x0, 0xffffffffffffff39) 01:16:35 executing program 1: r0 = perf_event_open$cgroup(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_MODIFY_ATTRIBUTES(r0, 0x4008240b, &(0x7f0000000000)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}) 01:16:35 executing program 0: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="200000004000000003000000300000000f060400000000000200000002000000008000000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000000140)="ed41000000000000dbf4655fdcf4655fdcf4655f0000000000000400080000000000000005000000080000000000000000000000000000000000000000000000bb", 0x41, 0x4200}], 0x0, &(0x7f0000013a00)) [ 250.707565][T23840] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 250.727241][T23840] RSP: 002b:00007f439350a188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 250.735676][T23840] RAX: ffffffffffffffda RBX: 000000000056c038 RCX: 00000000004665f9 [ 250.743718][T23840] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000004 [ 250.751726][T23840] RBP: 00007f439350a1d0 R08: 0000000000000000 R09: 0000000000000000 [ 250.759690][T23840] R10: 0008000000000004 R11: 0000000000000246 R12: 0000000000000002 [ 250.767666][T23840] R13: 00007ffeba6dfb3f R14: 00007f439350a300 R15: 0000000000022000 [ 250.786425][T23839] EXT4-fs error (device loop2): __ext4_iget:4846: inode #2: block 3646141627: comm syz-executor.2: invalid block [ 250.798378][T23839] EXT4-fs (loop2): get root inode failed [ 250.804025][T23839] EXT4-fs (loop2): mount failed 01:16:35 executing program 1: clock_gettime(0x0, 0x0) timer_settime(0x0, 0x0, 0x0, 0x0) timer_create(0x3, &(0x7f0000000300)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000380)) timer_settime(0x0, 0x0, &(0x7f00000003c0)={{}, {0x0, 0x3938700}}, 0x0) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x100000f, 0x4ca31, 0xffffffffffffffff, 0x2000) [ 250.837283][T23852] loop4: p1 p2 p3 p4 [ 250.842165][T23852] loop4: p1 size 11290111 extends beyond EOD, truncated 01:16:35 executing program 0: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="200000004000000003000000300000000f800400000000000200000002000000008000000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000000140)="ed41000000000000dbf4655fdcf4655fdcf4655f0000000000000400080000000000000005000000080000000000000000000000000000000000000000000000bb", 0x41, 0x4200}], 0x0, &(0x7f0000013a00)) [ 250.894912][T23852] loop4: p2 size 1073872896 extends beyond EOD, truncated [ 250.923379][T23839] loop2: detected capacity change from 0 to 512 [ 250.946236][T23839] EXT4-fs error (device loop2): __ext4_iget:4846: inode #2: block 3646141627: comm syz-executor.2: invalid block [ 250.958315][T23839] EXT4-fs (loop2): get root inode failed [ 250.964007][T23839] EXT4-fs (loop2): mount failed [ 250.972653][T23852] loop4: p3 size 1912633224 extends beyond EOD, truncated [ 251.014412][T23852] loop4: p4 size 3657465856 extends beyond EOD, truncated 01:16:35 executing program 5 (fault-call:7 fault-nth:75): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x7a05, 0x1700) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) write$cgroup_int(r2, &(0x7f0000000200), 0xf000) pwrite64(0xffffffffffffffff, 0x0, 0x0, 0x0) sendfile(r2, r3, 0x0, 0xf03b0000) sendfile(r1, r0, 0x0, 0x8000000000004) 01:16:35 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(0xffffffffffffffff, 0x800c6613, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x800002, 0x12, r0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r1, &(0x7f000099e000)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$inet_tcp_int(r1, 0x6, 0x19, &(0x7f0000000000)=0x20, 0x4) sendto$inet(r1, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) ioctl$LOOP_GET_STATUS(0xffffffffffffffff, 0x125e, &(0x7f0000000080)) sendmsg$NL80211_CMD_TDLS_MGMT(r1, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000180)={0x160, 0x0, 0x100, 0x70bd2b, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xc, 0x2a, [@mesh_chsw={0x76, 0x6, {0x4, 0x26, 0x0, 0x6}}]}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8}, @NL80211_ATTR_IE={0x11e, 0x2a, [@mesh_id={0x72, 0x6}, @ht={0x2d, 0x1a, {0x8, 0x0, 0x1, 0x0, {0x3, 0x1, 0x0, 0x40, 0x0, 0x0, 0x0, 0x3, 0x1}, 0x8, 0x2, 0x2}}, @random_vendor={0xdd, 0xec, "5d4436042fb01afc776f15e249f78a5aa575849e3f8dfaf15c31ab8e96bc93a802a07f9a061d42824f799da013af85391831c9d4d7763587719e0a866b6530d86eec17b03908316c3b2f349db78ce75136f0513d4f0ded6c486518591507ef48244207ef1a137875c55b2461f29fc321232d421909e2e0b878d23b226b9204813abfd58338df63ec0f3a0aa1df08f6ee238f250e1f1517a9491032c8aeef45e3096f8c60fe39eb45570a9ed2a19c2671080fb03c84672b7a6d0050f45aaa2e93af2224c4b60edddc2d45831dacd11acc362166f47ff0f98148d5eea62845deed5ebbae8bd8bcb5c46cfa91e1"}, @ibss={0x6, 0x2, 0x1}, @supported_rates={0x1, 0x2, [{0x4}, {0xc}]}]}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8, 0xcb, 0x7fffffff}, @NL80211_ATTR_TDLS_INITIATOR={0x4}]}, 0x160}, 0x1, 0x0, 0x0, 0x20000004}, 0x4) recvfrom(r1, &(0x7f0000000480)=""/110, 0xfffffe32, 0x734, 0x0, 0xffffffffffffff39) 01:16:35 executing program 0: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="200000004000000003000000300000000f000500000000000200000002000000008000000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000000140)="ed41000000000000dbf4655fdcf4655fdcf4655f0000000000000400080000000000000005000000080000000000000000000000000000000000000000000000bb", 0x41, 0x4200}], 0x0, &(0x7f0000013a00)) 01:16:35 executing program 1: r0 = openat$ptp0(0xffffffffffffff9c, &(0x7f00000003c0), 0x0, 0x0) ioctl$PTP_SYS_OFFSET_EXTENDED(r0, 0xc4c03d09, 0x0) 01:16:35 executing program 4: syz_read_part_table(0x40000000000000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000000)="020181ffffff0a000000ff45ac0000ffffffa9000800000000000000024000ffffff82000000e10000008877007200300700a6ffffff00000000008000da55aa", 0x40, 0x1c0}]) 01:16:35 executing program 2: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x5, &(0x7f0000000200)=[{&(0x7f0000010000)="200000004000000003000000300000000f000000000000000200000002000000008000000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000000140)="ed41000000000000dbf4655fdcf4655fdcf4655f0000000000000400080000000000000005000000080000000000000000000000000000000000000000000000bbb453d966251f49b1ab9b5b4d3c3f8ccc23b5d09ae234926a1e667ee0255913fede62ba578c07a711", 0x69, 0x4200}], 0x0, &(0x7f0000013a00)) [ 251.298193][T23910] loop4: detected capacity change from 0 to 264192 [ 251.312929][T23913] loop2: detected capacity change from 0 to 512 [ 251.340434][T23909] FAULT_INJECTION: forcing a failure. [ 251.340434][T23909] name failslab, interval 1, probability 0, space 0, times 0 [ 251.353136][T23909] CPU: 0 PID: 23909 Comm: syz-executor.5 Tainted: G W 5.14.0-syzkaller #0 [ 251.363032][T23909] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 251.373197][T23909] Call Trace: [ 251.376476][T23909] dump_stack_lvl+0xb7/0x103 [ 251.381093][T23909] dump_stack+0x11/0x1a [ 251.385364][T23909] should_fail+0x23c/0x250 [ 251.389917][T23909] ? mempool_alloc_slab+0x16/0x20 [ 251.394945][T23909] __should_failslab+0x81/0x90 [ 251.399714][T23909] should_failslab+0x5/0x20 [ 251.404218][T23909] kmem_cache_alloc+0x46/0x2e0 [ 251.409045][T23909] mempool_alloc_slab+0x16/0x20 [ 251.413915][T23909] ? mempool_free+0x130/0x130 [ 251.418699][T23909] mempool_alloc+0x8c/0x300 [ 251.423191][T23909] sg_pool_alloc+0x74/0x90 [ 251.427605][T23909] __sg_alloc_table+0xce/0x290 [ 251.432397][T23909] sg_alloc_table_chained+0xaf/0x140 [ 251.437668][T23909] ? sg_alloc_table_chained+0x140/0x140 [ 251.443204][T23909] scsi_alloc_sgtables+0x17c/0x500 [ 251.448303][T23909] sd_init_command+0x96a/0x1640 [ 251.453148][T23909] scsi_queue_rq+0x10e0/0x15a0 [ 251.457909][T23909] blk_mq_dispatch_rq_list+0x695/0x1040 [ 251.463521][T23909] ? __sbitmap_queue_get+0x11/0x20 [ 251.468630][T23909] blk_mq_do_dispatch_sched+0x3b5/0x640 [ 251.474163][T23909] __blk_mq_sched_dispatch_requests+0x1eb/0x290 [ 251.480410][T23909] ? rb_insert_color+0x2fa/0x310 [ 251.485401][T23909] blk_mq_sched_dispatch_requests+0x9f/0x110 [ 251.491441][T23909] __blk_mq_run_hw_queue+0xbc/0x140 [ 251.496625][T23909] __blk_mq_delay_run_hw_queue+0x163/0x2f0 [ 251.502415][T23909] blk_mq_run_hw_queue+0x22c/0x250 [ 251.507518][T23909] blk_mq_sched_insert_requests+0x12b/0x1f0 [ 251.513404][T23909] blk_mq_flush_plug_list+0x2f2/0x3c0 [ 251.518760][T23909] blk_flush_plug_list+0x235/0x260 [ 251.523909][T23909] blk_finish_plug+0x44/0x60 [ 251.528491][T23909] __iomap_dio_rw+0x797/0xa60 [ 251.533236][T23909] iomap_dio_rw+0x30/0x70 [ 251.537607][T23909] ext4_file_write_iter+0xa5e/0x11a0 [ 251.542873][T23909] do_iter_readv_writev+0x2cd/0x370 [ 251.548072][T23909] do_iter_write+0x192/0x5c0 [ 251.552708][T23909] ? splice_from_pipe_next+0x34f/0x3b0 [ 251.558201][T23909] ? kmalloc_array+0x2d/0x40 [ 251.562775][T23909] vfs_iter_write+0x4c/0x70 [ 251.567274][T23909] iter_file_splice_write+0x40a/0x750 [ 251.572638][T23909] ? splice_from_pipe+0xc0/0xc0 [ 251.577479][T23909] direct_splice_actor+0x80/0xa0 [ 251.582455][T23909] splice_direct_to_actor+0x345/0x650 [ 251.587862][T23909] ? do_splice_direct+0x170/0x170 [ 251.592948][T23909] do_splice_direct+0xf5/0x170 [ 251.597799][T23909] do_sendfile+0x618/0xb90 [ 251.602318][T23909] __x64_sys_sendfile64+0xf2/0x130 [ 251.607478][T23909] do_syscall_64+0x3d/0x90 [ 251.611933][T23909] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 251.617831][T23909] RIP: 0033:0x4665f9 [ 251.621772][T23909] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 01:16:35 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(0xffffffffffffffff, 0x800c6613, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x800002, 0x12, r0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r1, &(0x7f000099e000)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$inet_tcp_int(r1, 0x6, 0x19, &(0x7f0000000000)=0x20, 0x4) sendto$inet(r1, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) ioctl$LOOP_GET_STATUS(0xffffffffffffffff, 0x125e, &(0x7f0000000080)) sendmsg$NL80211_CMD_TDLS_MGMT(r1, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000180)={0x160, 0x0, 0x100, 0x70bd2b, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xc, 0x2a, [@mesh_chsw={0x76, 0x6, {0x4, 0x26, 0x3d}}]}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8}, @NL80211_ATTR_IE={0x11e, 0x2a, [@mesh_id={0x72, 0x6}, @ht={0x2d, 0x1a, {0x8, 0x0, 0x1, 0x0, {0x3, 0x1, 0x0, 0x40, 0x0, 0x0, 0x0, 0x3, 0x1}, 0x8, 0x2, 0x2}}, @random_vendor={0xdd, 0xec, "5d4436042fb01afc776f15e249f78a5aa575849e3f8dfaf15c31ab8e96bc93a802a07f9a061d42824f799da013af85391831c9d4d7763587719e0a866b6530d86eec17b03908316c3b2f349db78ce75136f0513d4f0ded6c486518591507ef48244207ef1a137875c55b2461f29fc321232d421909e2e0b878d23b226b9204813abfd58338df63ec0f3a0aa1df08f6ee238f250e1f1517a9491032c8aeef45e3096f8c60fe39eb45570a9ed2a19c2671080fb03c84672b7a6d0050f45aaa2e93af2224c4b60edddc2d45831dacd11acc362166f47ff0f98148d5eea62845deed5ebbae8bd8bcb5c46cfa91e1"}, @ibss={0x6, 0x2, 0x1}, @supported_rates={0x1, 0x2, [{0x4}, {0xc}]}]}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8, 0xcb, 0x7fffffff}, @NL80211_ATTR_TDLS_INITIATOR={0x4}]}, 0x160}, 0x1, 0x0, 0x0, 0x20000004}, 0x4) recvfrom(r1, &(0x7f0000000480)=""/110, 0xfffffe32, 0x734, 0x0, 0xffffffffffffff39) 01:16:35 executing program 1: r0 = perf_event_open$cgroup(&(0x7f0000000100)={0x8, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x120000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc0bcd78}, 0x0, 0xffffffffffffffff, r0, 0x9) [ 251.641455][T23909] RSP: 002b:00007f439350a188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 251.649872][T23909] RAX: ffffffffffffffda RBX: 000000000056c038 RCX: 00000000004665f9 [ 251.657827][T23909] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000004 [ 251.665776][T23909] RBP: 00007f439350a1d0 R08: 0000000000000000 R09: 0000000000000000 [ 251.673735][T23909] R10: 0008000000000004 R11: 0000000000000246 R12: 0000000000000002 [ 251.681722][T23909] R13: 00007ffeba6dfb3f R14: 00007f439350a300 R15: 0000000000022000 01:16:35 executing program 0: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="200000004000000003000000300000000f2e0500000000000200000002000000008000000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000000140)="ed41000000000000dbf4655fdcf4655fdcf4655f0000000000000400080000000000000005000000080000000000000000000000000000000000000000000000bb", 0x41, 0x4200}], 0x0, &(0x7f0000013a00)) [ 251.709164][T23913] EXT4-fs error (device loop2): __ext4_iget:4846: inode #2: block 3646141627: comm syz-executor.2: invalid block [ 251.721227][T23913] EXT4-fs (loop2): get root inode failed [ 251.726977][T23913] EXT4-fs (loop2): mount failed [ 251.744724][T23910] loop4: p1 p2 p3 p4 [ 251.749307][T23910] loop4: p1 size 11290111 extends beyond EOD, truncated 01:16:36 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(0xffffffffffffffff, 0x800c6613, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x800002, 0x12, r0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r1, &(0x7f000099e000)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$inet_tcp_int(r1, 0x6, 0x19, &(0x7f0000000000)=0x20, 0x4) sendto$inet(r1, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) ioctl$LOOP_GET_STATUS(0xffffffffffffffff, 0x125e, &(0x7f0000000080)) sendmsg$NL80211_CMD_TDLS_MGMT(r1, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000180)={0x160, 0x0, 0x100, 0x70bd2b, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xc, 0x2a, [@mesh_chsw={0x76, 0x6, {0x4, 0x26, 0x3d}}]}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8}, @NL80211_ATTR_IE={0x11e, 0x2a, [@mesh_id={0x72, 0x6}, @ht={0x2d, 0x1a, {0x8, 0x0, 0x1, 0x0, {0x3, 0x1, 0x0, 0x40, 0x0, 0x0, 0x0, 0x3, 0x1}, 0x8, 0x2, 0x2}}, @random_vendor={0xdd, 0xec, "5d4436042fb01afc776f15e249f78a5aa575849e3f8dfaf15c31ab8e96bc93a802a07f9a061d42824f799da013af85391831c9d4d7763587719e0a866b6530d86eec17b03908316c3b2f349db78ce75136f0513d4f0ded6c486518591507ef48244207ef1a137875c55b2461f29fc321232d421909e2e0b878d23b226b9204813abfd58338df63ec0f3a0aa1df08f6ee238f250e1f1517a9491032c8aeef45e3096f8c60fe39eb45570a9ed2a19c2671080fb03c84672b7a6d0050f45aaa2e93af2224c4b60edddc2d45831dacd11acc362166f47ff0f98148d5eea62845deed5ebbae8bd8bcb5c46cfa91e1"}, @ibss={0x6, 0x2, 0x1}, @supported_rates={0x1, 0x2, [{0x4}, {0xc}]}]}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8, 0xcb, 0x7fffffff}, @NL80211_ATTR_TDLS_INITIATOR={0x4}]}, 0x160}, 0x1, 0x0, 0x0, 0x20000004}, 0x4) recvfrom(r1, &(0x7f0000000480)=""/110, 0xfffffe32, 0x734, 0x0, 0xffffffffffffff39) 01:16:36 executing program 0: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="200000004000000003000000300000000f000600000000000200000002000000008000000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000000140)="ed41000000000000dbf4655fdcf4655fdcf4655f0000000000000400080000000000000005000000080000000000000000000000000000000000000000000000bb", 0x41, 0x4200}], 0x0, &(0x7f0000013a00)) 01:16:36 executing program 1: socketpair(0xa, 0x3, 0x1, &(0x7f00000001c0)) [ 251.809995][T23910] loop4: p2 size 1073872896 extends beyond EOD, truncated [ 251.854866][T23910] loop4: p3 size 1912633224 extends beyond EOD, truncated [ 251.890885][T23913] loop2: detected capacity change from 0 to 512 [ 251.898069][T23910] loop4: p4 size 3657465856 extends beyond EOD, truncated [ 251.910944][T23913] EXT4-fs error (device loop2): __ext4_iget:4846: inode #2: block 3646141627: comm syz-executor.2: invalid block [ 251.922903][T23913] EXT4-fs (loop2): get root inode failed [ 251.928618][T23913] EXT4-fs (loop2): mount failed [ 251.995787][T23910] loop4: detected capacity change from 0 to 264192 01:16:36 executing program 5 (fault-call:7 fault-nth:76): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x7a05, 0x1700) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) write$cgroup_int(r2, &(0x7f0000000200), 0xf000) pwrite64(0xffffffffffffffff, 0x0, 0x0, 0x0) sendfile(r2, r3, 0x0, 0xf03b0000) sendfile(r1, r0, 0x0, 0x8000000000004) 01:16:36 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(0xffffffffffffffff, 0x800c6613, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x800002, 0x12, r0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r1, &(0x7f000099e000)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$inet_tcp_int(r1, 0x6, 0x19, &(0x7f0000000000)=0x20, 0x4) sendto$inet(r1, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) ioctl$LOOP_GET_STATUS(0xffffffffffffffff, 0x125e, &(0x7f0000000080)) sendmsg$NL80211_CMD_TDLS_MGMT(r1, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000180)={0x160, 0x0, 0x100, 0x70bd2b, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xc, 0x2a, [@mesh_chsw={0x76, 0x6, {0x4, 0x26, 0x3d}}]}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8}, @NL80211_ATTR_IE={0x11e, 0x2a, [@mesh_id={0x72, 0x6}, @ht={0x2d, 0x1a, {0x8, 0x0, 0x1, 0x0, {0x3, 0x1, 0x0, 0x40, 0x0, 0x0, 0x0, 0x3, 0x1}, 0x8, 0x2, 0x2}}, @random_vendor={0xdd, 0xec, "5d4436042fb01afc776f15e249f78a5aa575849e3f8dfaf15c31ab8e96bc93a802a07f9a061d42824f799da013af85391831c9d4d7763587719e0a866b6530d86eec17b03908316c3b2f349db78ce75136f0513d4f0ded6c486518591507ef48244207ef1a137875c55b2461f29fc321232d421909e2e0b878d23b226b9204813abfd58338df63ec0f3a0aa1df08f6ee238f250e1f1517a9491032c8aeef45e3096f8c60fe39eb45570a9ed2a19c2671080fb03c84672b7a6d0050f45aaa2e93af2224c4b60edddc2d45831dacd11acc362166f47ff0f98148d5eea62845deed5ebbae8bd8bcb5c46cfa91e1"}, @ibss={0x6, 0x2, 0x1}, @supported_rates={0x1, 0x2, [{0x4}, {0xc}]}]}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8, 0xcb, 0x7fffffff}, @NL80211_ATTR_TDLS_INITIATOR={0x4}]}, 0x160}, 0x1, 0x0, 0x0, 0x20000004}, 0x4) recvfrom(r1, &(0x7f0000000480)=""/110, 0xfffffe32, 0x734, 0x0, 0xffffffffffffff39) 01:16:36 executing program 0: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="200000004000000003000000300000000f040600000000000200000002000000008000000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000000140)="ed41000000000000dbf4655fdcf4655fdcf4655f0000000000000400080000000000000005000000080000000000000000000000000000000000000000000000bb", 0x41, 0x4200}], 0x0, &(0x7f0000013a00)) 01:16:36 executing program 1: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000340)={0x1, &(0x7f00000002c0)=[{0x60}]}) [ 252.070215][T23910] loop4: p1 p2 p3 p4 [ 252.092319][T23910] loop4: p1 size 11290111 extends beyond EOD, truncated [ 252.135048][T23910] loop4: p2 size 1073872896 extends beyond EOD, truncated [ 252.165797][T23910] loop4: p3 size 1912633224 extends beyond EOD, truncated [ 252.174611][T23910] loop4: p4 size 3657465856 extends beyond EOD, truncated [ 252.202337][T23975] FAULT_INJECTION: forcing a failure. [ 252.202337][T23975] name failslab, interval 1, probability 0, space 0, times 0 [ 252.214972][T23975] CPU: 0 PID: 23975 Comm: syz-executor.5 Tainted: G W 5.14.0-syzkaller #0 [ 252.224750][T23975] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 252.234857][T23975] Call Trace: [ 252.238123][T23975] dump_stack_lvl+0xb7/0x103 [ 252.242690][T23975] dump_stack+0x11/0x1a [ 252.246841][T23975] should_fail+0x23c/0x250 [ 252.251229][T23975] ? kmalloc_array+0x2d/0x40 [ 252.255888][T23975] __should_failslab+0x81/0x90 [ 252.260650][T23975] should_failslab+0x5/0x20 [ 252.265135][T23975] __kmalloc+0x66/0x340 [ 252.269281][T23975] ? ktime_get_coarse_real_ts64+0x10d/0x120 [ 252.275235][T23975] ? splice_from_pipe+0xc0/0xc0 [ 252.280065][T23975] kmalloc_array+0x2d/0x40 [ 252.284475][T23975] iter_file_splice_write+0xc6/0x750 [ 252.289757][T23975] ? atime_needs_update+0x239/0x390 [ 252.294956][T23975] ? touch_atime+0xcf/0x240 [ 252.299481][T23975] ? generic_file_splice_read+0x286/0x310 [ 252.305181][T23975] ? splice_from_pipe+0xc0/0xc0 [ 252.310071][T23975] direct_splice_actor+0x80/0xa0 [ 252.315024][T23975] splice_direct_to_actor+0x345/0x650 [ 252.320519][T23975] ? do_splice_direct+0x170/0x170 [ 252.325537][T23975] do_splice_direct+0xf5/0x170 [ 252.330356][T23975] do_sendfile+0x618/0xb90 [ 252.334749][T23975] __x64_sys_sendfile64+0xf2/0x130 [ 252.339837][T23975] do_syscall_64+0x3d/0x90 [ 252.344229][T23975] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 252.350098][T23975] RIP: 0033:0x4665f9 [ 252.354043][T23975] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 252.373637][T23975] RSP: 002b:00007f439350a188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 252.382021][T23975] RAX: ffffffffffffffda RBX: 000000000056c038 RCX: 00000000004665f9 [ 252.389979][T23975] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000004 01:16:36 executing program 4: syz_read_part_table(0x90000000000000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000000)="020181ffffff0a000000ff45ac0000ffffffa9000800000000000000024000ffffff82000000e10000008877007200300700a6ffffff00000000008000da55aa", 0x40, 0x1c0}]) 01:16:36 executing program 2: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x6, &(0x7f0000000200)=[{&(0x7f0000010000)="200000004000000003000000300000000f000000000000000200000002000000008000000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000000140)="ed41000000000000dbf4655fdcf4655fdcf4655f0000000000000400080000000000000005000000080000000000000000000000000000000000000000000000bbb453d966251f49b1ab9b5b4d3c3f8ccc23b5d09ae234926a1e667ee0255913fede62ba578c07a711", 0x69, 0x4200}], 0x0, &(0x7f0000013a00)) 01:16:36 executing program 1: prctl$PR_SET_NAME(0xf, &(0x7f0000000040)=']$$-{./[\x00') 01:16:36 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(0xffffffffffffffff, 0x800c6613, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x800002, 0x12, r0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r1, &(0x7f000099e000)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$inet_tcp_int(r1, 0x6, 0x19, &(0x7f0000000000)=0x20, 0x4) sendto$inet(r1, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) ioctl$LOOP_GET_STATUS(0xffffffffffffffff, 0x125e, &(0x7f0000000080)) sendmsg$NL80211_CMD_TDLS_MGMT(r1, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000180)={0x160, 0x0, 0x100, 0x70bd2b, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xc, 0x2a, [@mesh_chsw={0x76, 0x6, {0x4, 0x26, 0x3d, 0x6}}]}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8}, @NL80211_ATTR_IE={0x11e, 0x2a, [@mesh_id={0x72, 0x6}, @ht={0x2d, 0x1a, {0x8, 0x0, 0x1, 0x0, {0x3, 0x1, 0x0, 0x40, 0x0, 0x0, 0x0, 0x3, 0x1}, 0x8, 0x2, 0x2}}, @random_vendor={0xdd, 0xec, "5d4436042fb01afc776f15e249f78a5aa575849e3f8dfaf15c31ab8e96bc93a802a07f9a061d42824f799da013af85391831c9d4d7763587719e0a866b6530d86eec17b03908316c3b2f349db78ce75136f0513d4f0ded6c486518591507ef48244207ef1a137875c55b2461f29fc321232d421909e2e0b878d23b226b9204813abfd58338df63ec0f3a0aa1df08f6ee238f250e1f1517a9491032c8aeef45e3096f8c60fe39eb45570a9ed2a19c2671080fb03c84672b7a6d0050f45aaa2e93af2224c4b60edddc2d45831dacd11acc362166f47ff0f98148d5eea62845deed5ebbae8bd8bcb5c46cfa91e1"}, @ibss={0x6, 0x2, 0x1}, @supported_rates={0x1, 0x2, [{0x4}, {0xc}]}]}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8, 0xcb, 0x7fffffff}, @NL80211_ATTR_TDLS_INITIATOR={0x4}]}, 0x160}}, 0x4) recvfrom(r1, &(0x7f0000000480)=""/110, 0xfffffe32, 0x734, 0x0, 0xffffffffffffff39) 01:16:36 executing program 0: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="200000004000000003000000300000000f000700000000000200000002000000008000000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000000140)="ed41000000000000dbf4655fdcf4655fdcf4655f0000000000000400080000000000000005000000080000000000000000000000000000000000000000000000bb", 0x41, 0x4200}], 0x0, &(0x7f0000013a00)) [ 252.397927][T23975] RBP: 00007f439350a1d0 R08: 0000000000000000 R09: 0000000000000000 [ 252.405872][T23975] R10: 0008000000000004 R11: 0000000000000246 R12: 0000000000000002 [ 252.413827][T23975] R13: 00007ffeba6dfb3f R14: 00007f439350a300 R15: 0000000000022000 01:16:36 executing program 0: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="200000004000000003000000300000000f000a00000000000200000002000000008000000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000000140)="ed41000000000000dbf4655fdcf4655fdcf4655f0000000000000400080000000000000005000000080000000000000000000000000000000000000000000000bb", 0x41, 0x4200}], 0x0, &(0x7f0000013a00)) 01:16:36 executing program 1: fsopen(&(0x7f00000001c0)='nfs\x00', 0x0) 01:16:36 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(0xffffffffffffffff, 0x800c6613, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x800002, 0x12, r0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r1, &(0x7f000099e000)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$inet_tcp_int(r1, 0x6, 0x19, &(0x7f0000000000)=0x20, 0x4) sendto$inet(r1, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) ioctl$LOOP_GET_STATUS(0xffffffffffffffff, 0x125e, &(0x7f0000000080)) sendmsg$NL80211_CMD_TDLS_MGMT(r1, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000180)={0x160, 0x0, 0x100, 0x70bd2b, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xc, 0x2a, [@mesh_chsw={0x76, 0x6, {0x4, 0x26, 0x3d, 0x6}}]}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8}, @NL80211_ATTR_IE={0x11e, 0x2a, [@mesh_id={0x72, 0x6}, @ht={0x2d, 0x1a, {0x8, 0x0, 0x1, 0x0, {0x3, 0x1, 0x0, 0x40, 0x0, 0x0, 0x0, 0x3, 0x1}, 0x8, 0x2, 0x2}}, @random_vendor={0xdd, 0xec, "5d4436042fb01afc776f15e249f78a5aa575849e3f8dfaf15c31ab8e96bc93a802a07f9a061d42824f799da013af85391831c9d4d7763587719e0a866b6530d86eec17b03908316c3b2f349db78ce75136f0513d4f0ded6c486518591507ef48244207ef1a137875c55b2461f29fc321232d421909e2e0b878d23b226b9204813abfd58338df63ec0f3a0aa1df08f6ee238f250e1f1517a9491032c8aeef45e3096f8c60fe39eb45570a9ed2a19c2671080fb03c84672b7a6d0050f45aaa2e93af2224c4b60edddc2d45831dacd11acc362166f47ff0f98148d5eea62845deed5ebbae8bd8bcb5c46cfa91e1"}, @ibss={0x6, 0x2, 0x1}, @supported_rates={0x1, 0x2, [{0x4}, {0xc}]}]}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8, 0xcb, 0x7fffffff}, @NL80211_ATTR_TDLS_INITIATOR={0x4}]}, 0x160}}, 0x4) recvfrom(r1, &(0x7f0000000480)=""/110, 0xfffffe32, 0x734, 0x0, 0xffffffffffffff39) [ 252.464135][T23989] loop2: detected capacity change from 0 to 512 [ 252.533607][T23989] EXT4-fs error (device loop2): __ext4_iget:4846: inode #2: block 3646141627: comm syz-executor.2: invalid block [ 252.545596][T23989] EXT4-fs (loop2): get root inode failed [ 252.551248][T23989] EXT4-fs (loop2): mount failed [ 252.575301][T24009] loop4: detected capacity change from 0 to 264192 [ 252.661371][T24009] loop4: p1 p2 p3 p4 [ 252.673214][T24009] loop4: p1 size 11290111 extends beyond EOD, truncated [ 252.682254][T23989] loop2: detected capacity change from 0 to 512 [ 252.703741][T23989] EXT4-fs error (device loop2): __ext4_iget:4846: inode #2: block 3646141627: comm syz-executor.2: invalid block [ 252.715688][T23989] EXT4-fs (loop2): get root inode failed [ 252.721368][T23989] EXT4-fs (loop2): mount failed [ 252.728627][T24009] loop4: p2 size 1073872896 extends beyond EOD, truncated [ 252.740246][T24009] loop4: p3 size 1912633224 extends beyond EOD, truncated [ 252.748247][T24009] loop4: p4 size 3657465856 extends beyond EOD, truncated [ 252.822567][T24009] loop4: detected capacity change from 0 to 264192 01:16:37 executing program 5 (fault-call:7 fault-nth:77): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x7a05, 0x1700) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) write$cgroup_int(r2, &(0x7f0000000200), 0xf000) pwrite64(0xffffffffffffffff, 0x0, 0x0, 0x0) sendfile(r2, r3, 0x0, 0xf03b0000) sendfile(r1, r0, 0x0, 0x8000000000004) 01:16:37 executing program 1: perf_event_open$cgroup(&(0x7f0000000100)={0x8, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) 01:16:37 executing program 0: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="200000004000000003000000300000000f000b00000000000200000002000000008000000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000000140)="ed41000000000000dbf4655fdcf4655fdcf4655f0000000000000400080000000000000005000000080000000000000000000000000000000000000000000000bb", 0x41, 0x4200}], 0x0, &(0x7f0000013a00)) 01:16:37 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(0xffffffffffffffff, 0x800c6613, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x800002, 0x12, r0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r1, &(0x7f000099e000)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$inet_tcp_int(r1, 0x6, 0x19, &(0x7f0000000000)=0x20, 0x4) sendto$inet(r1, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) ioctl$LOOP_GET_STATUS(0xffffffffffffffff, 0x125e, &(0x7f0000000080)) sendmsg$NL80211_CMD_TDLS_MGMT(r1, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000180)={0x160, 0x0, 0x100, 0x70bd2b, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xc, 0x2a, [@mesh_chsw={0x76, 0x6, {0x4, 0x26, 0x3d, 0x6}}]}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8}, @NL80211_ATTR_IE={0x11e, 0x2a, [@mesh_id={0x72, 0x6}, @ht={0x2d, 0x1a, {0x8, 0x0, 0x1, 0x0, {0x3, 0x1, 0x0, 0x40, 0x0, 0x0, 0x0, 0x3, 0x1}, 0x8, 0x2, 0x2}}, @random_vendor={0xdd, 0xec, "5d4436042fb01afc776f15e249f78a5aa575849e3f8dfaf15c31ab8e96bc93a802a07f9a061d42824f799da013af85391831c9d4d7763587719e0a866b6530d86eec17b03908316c3b2f349db78ce75136f0513d4f0ded6c486518591507ef48244207ef1a137875c55b2461f29fc321232d421909e2e0b878d23b226b9204813abfd58338df63ec0f3a0aa1df08f6ee238f250e1f1517a9491032c8aeef45e3096f8c60fe39eb45570a9ed2a19c2671080fb03c84672b7a6d0050f45aaa2e93af2224c4b60edddc2d45831dacd11acc362166f47ff0f98148d5eea62845deed5ebbae8bd8bcb5c46cfa91e1"}, @ibss={0x6, 0x2, 0x1}, @supported_rates={0x1, 0x2, [{0x4}, {0xc}]}]}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8, 0xcb, 0x7fffffff}, @NL80211_ATTR_TDLS_INITIATOR={0x4}]}, 0x160}}, 0x4) recvfrom(r1, &(0x7f0000000480)=""/110, 0xfffffe32, 0x734, 0x0, 0xffffffffffffff39) [ 252.892250][T24009] loop4: p1 p2 p3 p4 [ 252.897001][T24009] loop4: p1 size 11290111 extends beyond EOD, truncated [ 252.905585][T24009] loop4: p2 size 1073872896 extends beyond EOD, truncated [ 252.915074][T24009] loop4: p3 size 1912633224 extends beyond EOD, truncated [ 252.944246][T24009] loop4: p4 size 3657465856 extends beyond EOD, truncated [ 253.037265][T24056] FAULT_INJECTION: forcing a failure. [ 253.037265][T24056] name failslab, interval 1, probability 0, space 0, times 0 [ 253.049909][T24056] CPU: 0 PID: 24056 Comm: syz-executor.5 Tainted: G W 5.14.0-syzkaller #0 [ 253.059768][T24056] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 253.069813][T24056] Call Trace: [ 253.073109][T24056] dump_stack_lvl+0xb7/0x103 [ 253.077702][T24056] dump_stack+0x11/0x1a [ 253.081858][T24056] should_fail+0x23c/0x250 [ 253.086276][T24056] __should_failslab+0x81/0x90 [ 253.091066][T24056] ? __iomap_dio_rw+0xf2/0xa60 [ 253.095865][T24056] should_failslab+0x5/0x20 [ 253.100370][T24056] kmem_cache_alloc_trace+0x49/0x310 [ 253.105649][T24056] ? enqueue_entity+0x45b/0x630 [ 253.110495][T24056] __iomap_dio_rw+0xf2/0xa60 [ 253.115082][T24056] ? ext4_es_lookup_extent+0x36b/0x490 [ 253.120621][T24056] ? ktime_get_coarse_real_ts64+0x10d/0x120 [ 253.126524][T24056] ? file_update_time+0x1bd/0x3e0 [ 253.131529][T24056] iomap_dio_rw+0x30/0x70 [ 253.135850][T24056] ext4_file_write_iter+0xa5e/0x11a0 [ 253.141116][T24056] do_iter_readv_writev+0x2cd/0x370 [ 253.146298][T24056] do_iter_write+0x192/0x5c0 [ 253.150866][T24056] ? splice_from_pipe_next+0x34f/0x3b0 [ 253.156336][T24056] ? kmalloc_array+0x2d/0x40 [ 253.160973][T24056] vfs_iter_write+0x4c/0x70 [ 253.165537][T24056] iter_file_splice_write+0x40a/0x750 [ 253.170965][T24056] ? splice_from_pipe+0xc0/0xc0 [ 253.175843][T24056] direct_splice_actor+0x80/0xa0 [ 253.180768][T24056] splice_direct_to_actor+0x345/0x650 [ 253.186166][T24056] ? do_splice_direct+0x170/0x170 [ 253.191169][T24056] do_splice_direct+0xf5/0x170 [ 253.195916][T24056] do_sendfile+0x618/0xb90 [ 253.200306][T24056] __x64_sys_sendfile64+0xf2/0x130 [ 253.205393][T24056] do_syscall_64+0x3d/0x90 [ 253.209844][T24056] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 253.215765][T24056] RIP: 0033:0x4665f9 01:16:37 executing program 4: syz_read_part_table(0xc0000000000000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000000)="020181ffffff0a000000ff45ac0000ffffffa9000800000000000000024000ffffff82000000e10000008877007200300700a6ffffff00000000008000da55aa", 0x40, 0x1c0}]) 01:16:37 executing program 2: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x7, &(0x7f0000000200)=[{&(0x7f0000010000)="200000004000000003000000300000000f000000000000000200000002000000008000000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000000140)="ed41000000000000dbf4655fdcf4655fdcf4655f0000000000000400080000000000000005000000080000000000000000000000000000000000000000000000bbb453d966251f49b1ab9b5b4d3c3f8ccc23b5d09ae234926a1e667ee0255913fede62ba578c07a711", 0x69, 0x4200}], 0x0, &(0x7f0000013a00)) 01:16:37 executing program 1: perf_event_open$cgroup(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100, 0x400, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) openat$nvram(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$PTP_PEROUT_REQUEST2(0xffffffffffffffff, 0x40383d0c, &(0x7f0000000040)={{0x49dd, 0x3}, {0x1, 0x5}, 0x6}) socket$nl_generic(0x10, 0x3, 0x10) 01:16:37 executing program 0: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="200000004000000003000000300000000f001800000000000200000002000000008000000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000000140)="ed41000000000000dbf4655fdcf4655fdcf4655f0000000000000400080000000000000005000000080000000000000000000000000000000000000000000000bb", 0x41, 0x4200}], 0x0, &(0x7f0000013a00)) 01:16:37 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(0xffffffffffffffff, 0x800c6613, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x800002, 0x12, r0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r1, &(0x7f000099e000)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$inet_tcp_int(r1, 0x6, 0x19, &(0x7f0000000000)=0x20, 0x4) sendto$inet(r1, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) ioctl$LOOP_GET_STATUS(0xffffffffffffffff, 0x125e, &(0x7f0000000080)) sendmsg$NL80211_CMD_TDLS_MGMT(r1, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000180)={0x160, 0x0, 0x100, 0x70bd2b, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xc, 0x2a, [@mesh_chsw={0x76, 0x6, {0x4, 0x26, 0x3d, 0x6}}]}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8}, @NL80211_ATTR_IE={0x11e, 0x2a, [@mesh_id={0x72, 0x6}, @ht={0x2d, 0x1a, {0x8, 0x0, 0x1, 0x0, {0x3, 0x1, 0x0, 0x40, 0x0, 0x0, 0x0, 0x3, 0x1}, 0x8, 0x2, 0x2}}, @random_vendor={0xdd, 0xec, "5d4436042fb01afc776f15e249f78a5aa575849e3f8dfaf15c31ab8e96bc93a802a07f9a061d42824f799da013af85391831c9d4d7763587719e0a866b6530d86eec17b03908316c3b2f349db78ce75136f0513d4f0ded6c486518591507ef48244207ef1a137875c55b2461f29fc321232d421909e2e0b878d23b226b9204813abfd58338df63ec0f3a0aa1df08f6ee238f250e1f1517a9491032c8aeef45e3096f8c60fe39eb45570a9ed2a19c2671080fb03c84672b7a6d0050f45aaa2e93af2224c4b60edddc2d45831dacd11acc362166f47ff0f98148d5eea62845deed5ebbae8bd8bcb5c46cfa91e1"}, @ibss={0x6, 0x2, 0x1}, @supported_rates={0x1, 0x2, [{0x4}, {0xc}]}]}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8, 0xcb, 0x7fffffff}, @NL80211_ATTR_TDLS_INITIATOR={0x4}]}, 0x160}, 0x1, 0x0, 0x0, 0x20000004}, 0x0) recvfrom(r1, &(0x7f0000000480)=""/110, 0xfffffe32, 0x734, 0x0, 0xffffffffffffff39) [ 253.219637][T24056] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 253.239222][T24056] RSP: 002b:00007f439350a188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 253.247620][T24056] RAX: ffffffffffffffda RBX: 000000000056c038 RCX: 00000000004665f9 [ 253.255581][T24056] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000004 [ 253.263533][T24056] RBP: 00007f439350a1d0 R08: 0000000000000000 R09: 0000000000000000 [ 253.271530][T24056] R10: 0008000000000004 R11: 0000000000000246 R12: 0000000000000002 [ 253.279475][T24056] R13: 00007ffeba6dfb3f R14: 00007f439350a300 R15: 0000000000022000 01:16:37 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(0xffffffffffffffff, 0x800c6613, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x800002, 0x12, r0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r1, &(0x7f000099e000)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$inet_tcp_int(r1, 0x6, 0x19, &(0x7f0000000000)=0x20, 0x4) sendto$inet(r1, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) ioctl$LOOP_GET_STATUS(0xffffffffffffffff, 0x125e, &(0x7f0000000080)) sendmsg$NL80211_CMD_TDLS_MGMT(r1, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000180)={0x160, 0x0, 0x100, 0x70bd2b, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xc, 0x2a, [@mesh_chsw={0x76, 0x6, {0x4, 0x26, 0x3d, 0x6}}]}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8}, @NL80211_ATTR_IE={0x11e, 0x2a, [@mesh_id={0x72, 0x6}, @ht={0x2d, 0x1a, {0x8, 0x0, 0x1, 0x0, {0x3, 0x1, 0x0, 0x40, 0x0, 0x0, 0x0, 0x3, 0x1}, 0x8, 0x2, 0x2}}, @random_vendor={0xdd, 0xec, "5d4436042fb01afc776f15e249f78a5aa575849e3f8dfaf15c31ab8e96bc93a802a07f9a061d42824f799da013af85391831c9d4d7763587719e0a866b6530d86eec17b03908316c3b2f349db78ce75136f0513d4f0ded6c486518591507ef48244207ef1a137875c55b2461f29fc321232d421909e2e0b878d23b226b9204813abfd58338df63ec0f3a0aa1df08f6ee238f250e1f1517a9491032c8aeef45e3096f8c60fe39eb45570a9ed2a19c2671080fb03c84672b7a6d0050f45aaa2e93af2224c4b60edddc2d45831dacd11acc362166f47ff0f98148d5eea62845deed5ebbae8bd8bcb5c46cfa91e1"}, @ibss={0x6, 0x2, 0x1}, @supported_rates={0x1, 0x2, [{0x4}, {0xc}]}]}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8, 0xcb, 0x7fffffff}, @NL80211_ATTR_TDLS_INITIATOR={0x4}]}, 0x160}, 0x1, 0x0, 0x0, 0x20000004}, 0x0) recvfrom(r1, &(0x7f0000000480)=""/110, 0xfffffe32, 0x734, 0x0, 0xffffffffffffff39) [ 253.313710][T24069] loop2: detected capacity change from 0 to 512 [ 253.342803][T24073] loop4: detected capacity change from 0 to 264192 01:16:37 executing program 0: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="200000004000000003000000300000000f001c00000000000200000002000000008000000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000000140)="ed41000000000000dbf4655fdcf4655fdcf4655f0000000000000400080000000000000005000000080000000000000000000000000000000000000000000000bb", 0x41, 0x4200}], 0x0, &(0x7f0000013a00)) 01:16:37 executing program 1: perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x120000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc0bcd78}, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 253.384473][T24069] EXT4-fs error (device loop2): __ext4_iget:4846: inode #2: block 3646141627: comm syz-executor.2: invalid block [ 253.396496][T24069] EXT4-fs (loop2): get root inode failed [ 253.402306][T24069] EXT4-fs (loop2): mount failed [ 253.433605][T24073] loop4: p1 p2 p3 p4 [ 253.437891][T24073] loop4: p1 size 11290111 extends beyond EOD, truncated [ 253.489512][T24073] loop4: p2 size 1073872896 extends beyond EOD, truncated [ 253.517508][T24073] loop4: p3 size 1912633224 extends beyond EOD, truncated [ 253.526150][T24073] loop4: p4 size 3657465856 extends beyond EOD, truncated [ 253.557284][T24069] loop2: detected capacity change from 0 to 512 [ 253.573599][T24069] EXT4-fs error (device loop2): __ext4_iget:4846: inode #2: block 3646141627: comm syz-executor.2: invalid block [ 253.585652][T24069] EXT4-fs (loop2): get root inode failed [ 253.591316][T24069] EXT4-fs (loop2): mount failed 01:16:38 executing program 5 (fault-call:7 fault-nth:78): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x7a05, 0x1700) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) write$cgroup_int(r2, &(0x7f0000000200), 0xf000) pwrite64(0xffffffffffffffff, 0x0, 0x0, 0x0) sendfile(r2, r3, 0x0, 0xf03b0000) sendfile(r1, r0, 0x0, 0x8000000000004) 01:16:38 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(0xffffffffffffffff, 0x800c6613, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x800002, 0x12, r0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r1, &(0x7f000099e000)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$inet_tcp_int(r1, 0x6, 0x19, &(0x7f0000000000)=0x20, 0x4) sendto$inet(r1, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) ioctl$LOOP_GET_STATUS(0xffffffffffffffff, 0x125e, &(0x7f0000000080)) sendmsg$NL80211_CMD_TDLS_MGMT(r1, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000180)={0x160, 0x0, 0x100, 0x70bd2b, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xc, 0x2a, [@mesh_chsw={0x76, 0x6, {0x4, 0x26, 0x3d, 0x6}}]}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8}, @NL80211_ATTR_IE={0x11e, 0x2a, [@mesh_id={0x72, 0x6}, @ht={0x2d, 0x1a, {0x8, 0x0, 0x1, 0x0, {0x3, 0x1, 0x0, 0x40, 0x0, 0x0, 0x0, 0x3, 0x1}, 0x8, 0x2, 0x2}}, @random_vendor={0xdd, 0xec, "5d4436042fb01afc776f15e249f78a5aa575849e3f8dfaf15c31ab8e96bc93a802a07f9a061d42824f799da013af85391831c9d4d7763587719e0a866b6530d86eec17b03908316c3b2f349db78ce75136f0513d4f0ded6c486518591507ef48244207ef1a137875c55b2461f29fc321232d421909e2e0b878d23b226b9204813abfd58338df63ec0f3a0aa1df08f6ee238f250e1f1517a9491032c8aeef45e3096f8c60fe39eb45570a9ed2a19c2671080fb03c84672b7a6d0050f45aaa2e93af2224c4b60edddc2d45831dacd11acc362166f47ff0f98148d5eea62845deed5ebbae8bd8bcb5c46cfa91e1"}, @ibss={0x6, 0x2, 0x1}, @supported_rates={0x1, 0x2, [{0x4}, {0xc}]}]}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8, 0xcb, 0x7fffffff}, @NL80211_ATTR_TDLS_INITIATOR={0x4}]}, 0x160}, 0x1, 0x0, 0x0, 0x20000004}, 0x0) recvfrom(r1, &(0x7f0000000480)=""/110, 0xfffffe32, 0x734, 0x0, 0xffffffffffffff39) 01:16:38 executing program 1: openat$autofs(0xffffffffffffff9c, &(0x7f00000011c0), 0x0, 0x0) 01:16:38 executing program 0: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="200000004000000003000000300000000f002000000000000200000002000000008000000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000000140)="ed41000000000000dbf4655fdcf4655fdcf4655f0000000000000400080000000000000005000000080000000000000000000000000000000000000000000000bb", 0x41, 0x4200}], 0x0, &(0x7f0000013a00)) 01:16:38 executing program 4: syz_read_part_table(0xe0ffff00000000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000000)="020181ffffff0a000000ff45ac0000ffffffa9000800000000000000024000ffffff82000000e10000008877007200300700a6ffffff00000000008000da55aa", 0x40, 0x1c0}]) 01:16:38 executing program 2: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x8, &(0x7f0000000200)=[{&(0x7f0000010000)="200000004000000003000000300000000f000000000000000200000002000000008000000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000000140)="ed41000000000000dbf4655fdcf4655fdcf4655f0000000000000400080000000000000005000000080000000000000000000000000000000000000000000000bbb453d966251f49b1ab9b5b4d3c3f8ccc23b5d09ae234926a1e667ee0255913fede62ba578c07a711", 0x69, 0x4200}], 0x0, &(0x7f0000013a00)) [ 253.830616][T24128] loop2: detected capacity change from 0 to 512 [ 253.840946][T24127] loop4: detected capacity change from 0 to 264192 01:16:38 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(0xffffffffffffffff, 0x800c6613, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x800002, 0x12, r0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r1, &(0x7f000099e000)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$inet_tcp_int(r1, 0x6, 0x19, &(0x7f0000000000)=0x20, 0x4) sendto$inet(r1, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) ioctl$LOOP_GET_STATUS(0xffffffffffffffff, 0x125e, &(0x7f0000000080)) sendmsg$NL80211_CMD_TDLS_MGMT(r1, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000180)={0x160, 0x0, 0x100, 0x70bd2b, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xc, 0x2a, [@mesh_chsw={0x76, 0x6, {0x4, 0x26, 0x3d, 0x6}}]}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8}, @NL80211_ATTR_IE={0x11e, 0x2a, [@mesh_id={0x72, 0x6}, @ht={0x2d, 0x1a, {0x8, 0x0, 0x1, 0x0, {0x3, 0x1, 0x0, 0x40, 0x0, 0x0, 0x0, 0x3, 0x1}, 0x8, 0x2, 0x2}}, @random_vendor={0xdd, 0xec, "5d4436042fb01afc776f15e249f78a5aa575849e3f8dfaf15c31ab8e96bc93a802a07f9a061d42824f799da013af85391831c9d4d7763587719e0a866b6530d86eec17b03908316c3b2f349db78ce75136f0513d4f0ded6c486518591507ef48244207ef1a137875c55b2461f29fc321232d421909e2e0b878d23b226b9204813abfd58338df63ec0f3a0aa1df08f6ee238f250e1f1517a9491032c8aeef45e3096f8c60fe39eb45570a9ed2a19c2671080fb03c84672b7a6d0050f45aaa2e93af2224c4b60edddc2d45831dacd11acc362166f47ff0f98148d5eea62845deed5ebbae8bd8bcb5c46cfa91e1"}, @ibss={0x6, 0x2, 0x1}, @supported_rates={0x1, 0x2, [{0x4}, {0xc}]}]}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8, 0xcb, 0x7fffffff}, @NL80211_ATTR_TDLS_INITIATOR={0x4}]}, 0x160}, 0x1, 0x0, 0x0, 0x20000004}, 0x4) recvfrom(0xffffffffffffffff, &(0x7f0000000480)=""/110, 0xfffffe32, 0x734, 0x0, 0xffffffffffffff39) [ 253.900371][T24133] FAULT_INJECTION: forcing a failure. [ 253.900371][T24133] name failslab, interval 1, probability 0, space 0, times 0 [ 253.913012][T24133] CPU: 0 PID: 24133 Comm: syz-executor.5 Tainted: G W 5.14.0-syzkaller #0 [ 253.920023][T24128] EXT4-fs error (device loop2): __ext4_iget:4846: inode #2: block 3646141627: comm syz-executor.2: invalid block [ 253.922811][T24133] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 253.922824][T24133] Call Trace: [ 253.922831][T24133] dump_stack_lvl+0xb7/0x103 [ 253.922851][T24133] dump_stack+0x11/0x1a [ 253.934793][T24128] EXT4-fs (loop2): get root inode failed [ 253.944779][T24133] should_fail+0x23c/0x250 [ 253.944802][T24133] ? mempool_alloc_slab+0x16/0x20 [ 253.944823][T24133] __should_failslab+0x81/0x90 [ 253.948183][T24128] EXT4-fs (loop2): mount failed [ 253.952741][T24133] should_failslab+0x5/0x20 [ 253.952760][T24133] kmem_cache_alloc+0x46/0x2e0 [ 253.990767][T24133] mempool_alloc_slab+0x16/0x20 [ 253.995629][T24133] ? mempool_free+0x130/0x130 [ 254.000302][T24133] mempool_alloc+0x8c/0x300 [ 254.005067][T24133] ? ext4_inode_block_valid+0x1cc/0x210 [ 254.010760][T24133] bio_alloc_bioset+0xcc/0x530 [ 254.015755][T24133] ? iov_iter_alignment+0x34b/0x370 [ 254.021002][T24133] iomap_dio_bio_actor+0x511/0xb50 [ 254.026204][T24133] ? ext4_iomap_begin+0x5d1/0x620 [ 254.031309][T24133] iomap_dio_actor+0x26e/0x3b0 [ 254.036110][T24133] ? ext4_iomap_overwrite_begin+0x5e/0x80 [ 254.041883][T24133] iomap_apply+0x1df/0x400 [ 254.046302][T24133] __iomap_dio_rw+0x62e/0xa60 [ 254.051024][T24133] ? __iomap_dio_rw+0xa60/0xa60 [ 254.055910][T24133] iomap_dio_rw+0x30/0x70 [ 254.060230][T24133] ext4_file_write_iter+0xa5e/0x11a0 [ 254.065505][T24133] do_iter_readv_writev+0x2cd/0x370 [ 254.071181][T24133] do_iter_write+0x192/0x5c0 [ 254.075758][T24133] ? splice_from_pipe_next+0x34f/0x3b0 [ 254.081535][T24133] ? kmalloc_array+0x2d/0x40 [ 254.086531][T24133] vfs_iter_write+0x4c/0x70 [ 254.091053][T24133] iter_file_splice_write+0x40a/0x750 [ 254.096463][T24133] ? splice_from_pipe+0xc0/0xc0 [ 254.101446][T24133] direct_splice_actor+0x80/0xa0 [ 254.106378][T24133] splice_direct_to_actor+0x345/0x650 [ 254.111806][T24133] ? do_splice_direct+0x170/0x170 [ 254.116957][T24133] do_splice_direct+0xf5/0x170 [ 254.121790][T24133] do_sendfile+0x618/0xb90 [ 254.126290][T24133] __x64_sys_sendfile64+0xf2/0x130 [ 254.131425][T24133] do_syscall_64+0x3d/0x90 [ 254.135887][T24133] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 254.141789][T24133] RIP: 0033:0x4665f9 [ 254.145668][T24133] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 254.165598][T24133] RSP: 002b:00007f439350a188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 254.174156][T24133] RAX: ffffffffffffffda RBX: 000000000056c038 RCX: 00000000004665f9 [ 254.182260][T24133] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000004 [ 254.190311][T24133] RBP: 00007f439350a1d0 R08: 0000000000000000 R09: 0000000000000000 01:16:38 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(0xffffffffffffffff, 0x800c6613, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x800002, 0x12, r0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r1, &(0x7f000099e000)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$inet_tcp_int(r1, 0x6, 0x19, &(0x7f0000000000)=0x20, 0x4) sendto$inet(r1, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) ioctl$LOOP_GET_STATUS(0xffffffffffffffff, 0x125e, &(0x7f0000000080)) sendmsg$NL80211_CMD_TDLS_MGMT(r1, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000180)={0x160, 0x0, 0x100, 0x70bd2b, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xc, 0x2a, [@mesh_chsw={0x76, 0x6, {0x4, 0x26, 0x3d, 0x6}}]}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8}, @NL80211_ATTR_IE={0x11e, 0x2a, [@mesh_id={0x72, 0x6}, @ht={0x2d, 0x1a, {0x8, 0x0, 0x1, 0x0, {0x3, 0x1, 0x0, 0x40, 0x0, 0x0, 0x0, 0x3, 0x1}, 0x8, 0x2, 0x2}}, @random_vendor={0xdd, 0xec, "5d4436042fb01afc776f15e249f78a5aa575849e3f8dfaf15c31ab8e96bc93a802a07f9a061d42824f799da013af85391831c9d4d7763587719e0a866b6530d86eec17b03908316c3b2f349db78ce75136f0513d4f0ded6c486518591507ef48244207ef1a137875c55b2461f29fc321232d421909e2e0b878d23b226b9204813abfd58338df63ec0f3a0aa1df08f6ee238f250e1f1517a9491032c8aeef45e3096f8c60fe39eb45570a9ed2a19c2671080fb03c84672b7a6d0050f45aaa2e93af2224c4b60edddc2d45831dacd11acc362166f47ff0f98148d5eea62845deed5ebbae8bd8bcb5c46cfa91e1"}, @ibss={0x6, 0x2, 0x1}, @supported_rates={0x1, 0x2, [{0x4}, {0xc}]}]}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8, 0xcb, 0x7fffffff}, @NL80211_ATTR_TDLS_INITIATOR={0x4}]}, 0x160}, 0x1, 0x0, 0x0, 0x20000004}, 0x4) recvfrom(0xffffffffffffffff, &(0x7f0000000480)=""/110, 0xfffffe32, 0x734, 0x0, 0xffffffffffffff39) 01:16:38 executing program 0: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="200000004000000003000000300000000f002600000000000200000002000000008000000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000000140)="ed41000000000000dbf4655fdcf4655fdcf4655f0000000000000400080000000000000005000000080000000000000000000000000000000000000000000000bb", 0x41, 0x4200}], 0x0, &(0x7f0000013a00)) 01:16:38 executing program 1: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000340)={0x1, &(0x7f00000002c0)=[{0x61}]}) [ 254.198266][T24133] R10: 0008000000000004 R11: 0000000000000246 R12: 0000000000000002 [ 254.206222][T24133] R13: 00007ffeba6dfb3f R14: 00007f439350a300 R15: 0000000000022000 [ 254.255002][T24127] loop4: p1 p2 p3 p4 [ 254.259208][T24127] loop4: p1 size 11290111 extends beyond EOD, truncated [ 254.272689][T24128] loop2: detected capacity change from 0 to 512 [ 254.290883][T24128] EXT4-fs error (device loop2): __ext4_iget:4846: inode #2: block 3646141627: comm syz-executor.2: invalid block 01:16:38 executing program 0: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="200000004000000003000000300000000f052e00000000000200000002000000008000000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000000140)="ed41000000000000dbf4655fdcf4655fdcf4655f0000000000000400080000000000000005000000080000000000000000000000000000000000000000000000bb", 0x41, 0x4200}], 0x0, &(0x7f0000013a00)) 01:16:38 executing program 1: perf_event_open(&(0x7f0000000180)={0x5, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x21, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0x0, 0x8}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 254.303220][T24128] EXT4-fs (loop2): get root inode failed [ 254.309345][T24128] EXT4-fs (loop2): mount failed [ 254.356120][T24127] loop4: p2 size 1073872896 extends beyond EOD, truncated [ 254.394183][T24127] loop4: p3 size 1912633224 extends beyond EOD, truncated [ 254.420941][T24127] loop4: p4 size 3657465856 extends beyond EOD, truncated 01:16:38 executing program 5 (fault-call:7 fault-nth:79): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x7a05, 0x1700) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) write$cgroup_int(r2, &(0x7f0000000200), 0xf000) pwrite64(0xffffffffffffffff, 0x0, 0x0, 0x0) sendfile(r2, r3, 0x0, 0xf03b0000) sendfile(r1, r0, 0x0, 0x8000000000004) 01:16:38 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(0xffffffffffffffff, 0x800c6613, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x800002, 0x12, r0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r1, &(0x7f000099e000)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$inet_tcp_int(r1, 0x6, 0x19, &(0x7f0000000000)=0x20, 0x4) sendto$inet(r1, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) ioctl$LOOP_GET_STATUS(0xffffffffffffffff, 0x125e, &(0x7f0000000080)) sendmsg$NL80211_CMD_TDLS_MGMT(r1, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000180)={0x160, 0x0, 0x100, 0x70bd2b, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xc, 0x2a, [@mesh_chsw={0x76, 0x6, {0x4, 0x26, 0x3d, 0x6}}]}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8}, @NL80211_ATTR_IE={0x11e, 0x2a, [@mesh_id={0x72, 0x6}, @ht={0x2d, 0x1a, {0x8, 0x0, 0x1, 0x0, {0x3, 0x1, 0x0, 0x40, 0x0, 0x0, 0x0, 0x3, 0x1}, 0x8, 0x2, 0x2}}, @random_vendor={0xdd, 0xec, "5d4436042fb01afc776f15e249f78a5aa575849e3f8dfaf15c31ab8e96bc93a802a07f9a061d42824f799da013af85391831c9d4d7763587719e0a866b6530d86eec17b03908316c3b2f349db78ce75136f0513d4f0ded6c486518591507ef48244207ef1a137875c55b2461f29fc321232d421909e2e0b878d23b226b9204813abfd58338df63ec0f3a0aa1df08f6ee238f250e1f1517a9491032c8aeef45e3096f8c60fe39eb45570a9ed2a19c2671080fb03c84672b7a6d0050f45aaa2e93af2224c4b60edddc2d45831dacd11acc362166f47ff0f98148d5eea62845deed5ebbae8bd8bcb5c46cfa91e1"}, @ibss={0x6, 0x2, 0x1}, @supported_rates={0x1, 0x2, [{0x4}, {0xc}]}]}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8, 0xcb, 0x7fffffff}, @NL80211_ATTR_TDLS_INITIATOR={0x4}]}, 0x160}, 0x1, 0x0, 0x0, 0x20000004}, 0x4) recvfrom(0xffffffffffffffff, &(0x7f0000000480)=""/110, 0xfffffe32, 0x734, 0x0, 0xffffffffffffff39) 01:16:38 executing program 1: perf_event_open(&(0x7f0000000040)={0x5, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0, 0x9}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) 01:16:38 executing program 0: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="200000004000000003000000300000000f003f00000000000200000002000000008000000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000000140)="ed41000000000000dbf4655fdcf4655fdcf4655f0000000000000400080000000000000005000000080000000000000000000000000000000000000000000000bb", 0x41, 0x4200}], 0x0, &(0x7f0000013a00)) 01:16:38 executing program 2: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x9, &(0x7f0000000200)=[{&(0x7f0000010000)="200000004000000003000000300000000f000000000000000200000002000000008000000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000000140)="ed41000000000000dbf4655fdcf4655fdcf4655f0000000000000400080000000000000005000000080000000000000000000000000000000000000000000000bbb453d966251f49b1ab9b5b4d3c3f8ccc23b5d09ae234926a1e667ee0255913fede62ba578c07a711", 0x69, 0x4200}], 0x0, &(0x7f0000013a00)) 01:16:38 executing program 4: syz_read_part_table(0x100000000000000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000000)="020181ffffff0a000000ff45ac0000ffffffa9000800000000000000024000ffffff82000000e10000008877007200300700a6ffffff00000000008000da55aa", 0x40, 0x1c0}]) 01:16:38 executing program 1: perf_event_open$cgroup(&(0x7f0000000100)={0x8, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) [ 254.671173][T24195] loop2: detected capacity change from 0 to 512 [ 254.682286][T24196] loop4: detected capacity change from 0 to 264192 [ 254.742338][T24203] FAULT_INJECTION: forcing a failure. [ 254.742338][T24203] name failslab, interval 1, probability 0, space 0, times 0 [ 254.753709][T24195] EXT4-fs error (device loop2): __ext4_iget:4846: inode #2: block 3646141627: comm syz-executor.2: invalid block [ 254.754998][T24203] CPU: 0 PID: 24203 Comm: syz-executor.5 Tainted: G W 5.14.0-syzkaller #0 [ 254.766951][T24195] EXT4-fs (loop2): get root inode failed [ 254.776626][T24203] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 254.776640][T24203] Call Trace: [ 254.776646][T24203] dump_stack_lvl+0xb7/0x103 [ 254.776668][T24203] dump_stack+0x11/0x1a [ 254.782297][T24195] EXT4-fs (loop2): mount failed [ 254.792495][T24203] should_fail+0x23c/0x250 [ 254.814099][T24203] ? mempool_alloc_slab+0x16/0x20 [ 254.819121][T24203] __should_failslab+0x81/0x90 [ 254.823945][T24203] should_failslab+0x5/0x20 [ 254.828519][T24203] kmem_cache_alloc+0x46/0x2e0 [ 254.833286][T24203] mempool_alloc_slab+0x16/0x20 [ 254.838124][T24203] ? mempool_free+0x130/0x130 [ 254.842798][T24203] mempool_alloc+0x8c/0x300 [ 254.847424][T24203] sg_pool_alloc+0x74/0x90 [ 254.851824][T24203] __sg_alloc_table+0xce/0x290 [ 254.856636][T24203] sg_alloc_table_chained+0xaf/0x140 [ 254.861984][T24203] ? sg_alloc_table_chained+0x140/0x140 [ 254.867515][T24203] scsi_alloc_sgtables+0x17c/0x500 [ 254.872616][T24203] sd_init_command+0x96a/0x1640 [ 254.877527][T24203] scsi_queue_rq+0x10e0/0x15a0 [ 254.882285][T24203] blk_mq_dispatch_rq_list+0x695/0x1040 [ 254.887813][T24203] ? __sbitmap_queue_get+0x11/0x20 [ 254.892980][T24203] blk_mq_do_dispatch_sched+0x3b5/0x640 [ 254.898572][T24203] __blk_mq_sched_dispatch_requests+0x1eb/0x290 [ 254.904794][T24203] ? rb_insert_color+0x2fa/0x310 [ 254.909713][T24203] blk_mq_sched_dispatch_requests+0x9f/0x110 [ 254.915740][T24203] __blk_mq_run_hw_queue+0xbc/0x140 [ 254.920918][T24203] __blk_mq_delay_run_hw_queue+0x163/0x2f0 [ 254.926704][T24203] blk_mq_run_hw_queue+0x22c/0x250 [ 254.931790][T24203] blk_mq_sched_insert_requests+0x12b/0x1f0 [ 254.937672][T24203] blk_mq_flush_plug_list+0x2f2/0x3c0 [ 254.943021][T24203] blk_flush_plug_list+0x235/0x260 [ 254.948111][T24203] blk_finish_plug+0x44/0x60 [ 254.952675][T24203] __iomap_dio_rw+0x797/0xa60 [ 254.957430][T24203] iomap_dio_rw+0x30/0x70 [ 254.961825][T24203] ext4_file_write_iter+0xa5e/0x11a0 [ 254.967180][T24203] do_iter_readv_writev+0x2cd/0x370 [ 254.972369][T24203] do_iter_write+0x192/0x5c0 [ 254.976943][T24203] ? splice_from_pipe_next+0x34f/0x3b0 [ 254.982380][T24203] ? kmalloc_array+0x2d/0x40 [ 254.986947][T24203] vfs_iter_write+0x4c/0x70 [ 254.991441][T24203] iter_file_splice_write+0x40a/0x750 [ 254.996818][T24203] ? splice_from_pipe+0xc0/0xc0 [ 255.001719][T24203] direct_splice_actor+0x80/0xa0 [ 255.006689][T24203] splice_direct_to_actor+0x345/0x650 [ 255.012052][T24203] ? do_splice_direct+0x170/0x170 [ 255.017109][T24203] do_splice_direct+0xf5/0x170 [ 255.021894][T24203] do_sendfile+0x618/0xb90 [ 255.026442][T24203] __x64_sys_sendfile64+0xf2/0x130 [ 255.031603][T24203] do_syscall_64+0x3d/0x90 [ 255.035999][T24203] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 255.041908][T24203] RIP: 0033:0x4665f9 [ 255.045827][T24203] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 255.065507][T24203] RSP: 002b:00007f439350a188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 255.073922][T24203] RAX: ffffffffffffffda RBX: 000000000056c038 RCX: 00000000004665f9 [ 255.081884][T24203] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000004 01:16:39 executing program 1: io_uring_setup(0x73ea, &(0x7f0000002f40)) 01:16:39 executing program 0: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="200000004000000003000000300000000f004000000000000200000002000000008000000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000000140)="ed41000000000000dbf4655fdcf4655fdcf4655f0000000000000400080000000000000005000000080000000000000000000000000000000000000000000000bb", 0x41, 0x4200}], 0x0, &(0x7f0000013a00)) 01:16:39 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(0xffffffffffffffff, 0x800c6613, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x800002, 0x12, r0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r1, &(0x7f000099e000)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$inet_tcp_int(r1, 0x6, 0x19, &(0x7f0000000000)=0x20, 0x4) sendto$inet(r1, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) ioctl$LOOP_GET_STATUS(0xffffffffffffffff, 0x125e, &(0x7f0000000080)) sendmsg$NL80211_CMD_TDLS_MGMT(r1, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000180)={0x160, 0x0, 0x100, 0x70bd2b, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xc, 0x2a, [@mesh_chsw={0x76, 0x6, {0x4, 0x26, 0x3d, 0x6}}]}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8}, @NL80211_ATTR_IE={0x11e, 0x2a, [@mesh_id={0x72, 0x6}, @ht={0x2d, 0x1a, {0x8, 0x0, 0x1, 0x0, {0x3, 0x1, 0x0, 0x40, 0x0, 0x0, 0x0, 0x3, 0x1}, 0x8, 0x2, 0x2}}, @random_vendor={0xdd, 0xec, "5d4436042fb01afc776f15e249f78a5aa575849e3f8dfaf15c31ab8e96bc93a802a07f9a061d42824f799da013af85391831c9d4d7763587719e0a866b6530d86eec17b03908316c3b2f349db78ce75136f0513d4f0ded6c486518591507ef48244207ef1a137875c55b2461f29fc321232d421909e2e0b878d23b226b9204813abfd58338df63ec0f3a0aa1df08f6ee238f250e1f1517a9491032c8aeef45e3096f8c60fe39eb45570a9ed2a19c2671080fb03c84672b7a6d0050f45aaa2e93af2224c4b60edddc2d45831dacd11acc362166f47ff0f98148d5eea62845deed5ebbae8bd8bcb5c46cfa91e1"}, @ibss={0x6, 0x2, 0x1}, @supported_rates={0x1, 0x2, [{0x4}, {0xc}]}]}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8, 0xcb, 0x7fffffff}, @NL80211_ATTR_TDLS_INITIATOR={0x4}]}, 0x160}, 0x1, 0x0, 0x0, 0x20000004}, 0x4) recvfrom(r1, 0x0, 0x0, 0x734, 0x0, 0x0) [ 255.089862][T24203] RBP: 00007f439350a1d0 R08: 0000000000000000 R09: 0000000000000000 [ 255.097819][T24203] R10: 0008000000000004 R11: 0000000000000246 R12: 0000000000000002 [ 255.105776][T24203] R13: 00007ffeba6dfb3f R14: 00007f439350a300 R15: 0000000000022000 [ 255.134192][T24196] loop4: p1 p2 p3 p4 [ 255.138840][T24196] loop4: p1 size 11290111 extends beyond EOD, truncated [ 255.172406][T24195] loop2: detected capacity change from 0 to 512 [ 255.191141][T24196] loop4: p2 size 1073872896 extends beyond EOD, truncated [ 255.200199][T24195] EXT4-fs error (device loop2): __ext4_iget:4846: inode #2: block 3646141627: comm syz-executor.2: invalid block [ 255.212346][T24195] EXT4-fs (loop2): get root inode failed 01:16:39 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(0xffffffffffffffff, 0x800c6613, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x800002, 0x12, r0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r1, &(0x7f000099e000)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$inet_tcp_int(r1, 0x6, 0x19, &(0x7f0000000000)=0x20, 0x4) sendto$inet(r1, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) ioctl$LOOP_GET_STATUS(0xffffffffffffffff, 0x125e, &(0x7f0000000080)) sendmsg$NL80211_CMD_TDLS_MGMT(r1, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000180)={0x160, 0x0, 0x100, 0x70bd2b, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xc, 0x2a, [@mesh_chsw={0x76, 0x6, {0x4, 0x26, 0x3d, 0x6}}]}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8}, @NL80211_ATTR_IE={0x11e, 0x2a, [@mesh_id={0x72, 0x6}, @ht={0x2d, 0x1a, {0x8, 0x0, 0x1, 0x0, {0x3, 0x1, 0x0, 0x40, 0x0, 0x0, 0x0, 0x3, 0x1}, 0x8, 0x2, 0x2}}, @random_vendor={0xdd, 0xec, "5d4436042fb01afc776f15e249f78a5aa575849e3f8dfaf15c31ab8e96bc93a802a07f9a061d42824f799da013af85391831c9d4d7763587719e0a866b6530d86eec17b03908316c3b2f349db78ce75136f0513d4f0ded6c486518591507ef48244207ef1a137875c55b2461f29fc321232d421909e2e0b878d23b226b9204813abfd58338df63ec0f3a0aa1df08f6ee238f250e1f1517a9491032c8aeef45e3096f8c60fe39eb45570a9ed2a19c2671080fb03c84672b7a6d0050f45aaa2e93af2224c4b60edddc2d45831dacd11acc362166f47ff0f98148d5eea62845deed5ebbae8bd8bcb5c46cfa91e1"}, @ibss={0x6, 0x2, 0x1}, @supported_rates={0x1, 0x2, [{0x4}, {0xc}]}]}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8, 0xcb, 0x7fffffff}, @NL80211_ATTR_TDLS_INITIATOR={0x4}]}, 0x160}, 0x1, 0x0, 0x0, 0x20000004}, 0x4) recvfrom(r1, 0x0, 0x0, 0x734, 0x0, 0x0) 01:16:39 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_buf(r0, 0x6, 0x0, &(0x7f0000000600)="d13ac735", 0x4) [ 255.218018][T24195] EXT4-fs (loop2): mount failed [ 255.268331][T24196] loop4: p3 size 1912633224 extends beyond EOD, truncated [ 255.313923][T24196] loop4: p4 size 3657465856 extends beyond EOD, truncated 01:16:39 executing program 5 (fault-call:7 fault-nth:80): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x7a05, 0x1700) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) write$cgroup_int(r2, &(0x7f0000000200), 0xf000) pwrite64(0xffffffffffffffff, 0x0, 0x0, 0x0) sendfile(r2, r3, 0x0, 0xf03b0000) sendfile(r1, r0, 0x0, 0x8000000000004) 01:16:39 executing program 0: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="200000004000000003000000300000000f048000000000000200000002000000008000000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000000140)="ed41000000000000dbf4655fdcf4655fdcf4655f0000000000000400080000000000000005000000080000000000000000000000000000000000000000000000bb", 0x41, 0x4200}], 0x0, &(0x7f0000013a00)) 01:16:39 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(0xffffffffffffffff, 0x800c6613, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x800002, 0x12, r0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r1, &(0x7f000099e000)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$inet_tcp_int(r1, 0x6, 0x19, &(0x7f0000000000)=0x20, 0x4) sendto$inet(r1, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) ioctl$LOOP_GET_STATUS(0xffffffffffffffff, 0x125e, &(0x7f0000000080)) sendmsg$NL80211_CMD_TDLS_MGMT(r1, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000180)={0x160, 0x0, 0x100, 0x70bd2b, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xc, 0x2a, [@mesh_chsw={0x76, 0x6, {0x4, 0x26, 0x3d, 0x6}}]}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8}, @NL80211_ATTR_IE={0x11e, 0x2a, [@mesh_id={0x72, 0x6}, @ht={0x2d, 0x1a, {0x8, 0x0, 0x1, 0x0, {0x3, 0x1, 0x0, 0x40, 0x0, 0x0, 0x0, 0x3, 0x1}, 0x8, 0x2, 0x2}}, @random_vendor={0xdd, 0xec, "5d4436042fb01afc776f15e249f78a5aa575849e3f8dfaf15c31ab8e96bc93a802a07f9a061d42824f799da013af85391831c9d4d7763587719e0a866b6530d86eec17b03908316c3b2f349db78ce75136f0513d4f0ded6c486518591507ef48244207ef1a137875c55b2461f29fc321232d421909e2e0b878d23b226b9204813abfd58338df63ec0f3a0aa1df08f6ee238f250e1f1517a9491032c8aeef45e3096f8c60fe39eb45570a9ed2a19c2671080fb03c84672b7a6d0050f45aaa2e93af2224c4b60edddc2d45831dacd11acc362166f47ff0f98148d5eea62845deed5ebbae8bd8bcb5c46cfa91e1"}, @ibss={0x6, 0x2, 0x1}, @supported_rates={0x1, 0x2, [{0x4}, {0xc}]}]}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8, 0xcb, 0x7fffffff}, @NL80211_ATTR_TDLS_INITIATOR={0x4}]}, 0x160}, 0x1, 0x0, 0x0, 0x20000004}, 0x4) recvfrom(r1, 0x0, 0x0, 0x734, 0x0, 0x0) 01:16:39 executing program 1: socket$inet(0x2, 0x0, 0x200) 01:16:39 executing program 2: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0xa, &(0x7f0000000200)=[{&(0x7f0000010000)="200000004000000003000000300000000f000000000000000200000002000000008000000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000000140)="ed41000000000000dbf4655fdcf4655fdcf4655f0000000000000400080000000000000005000000080000000000000000000000000000000000000000000000bbb453d966251f49b1ab9b5b4d3c3f8ccc23b5d09ae234926a1e667ee0255913fede62ba578c07a711", 0x69, 0x4200}], 0x0, &(0x7f0000013a00)) 01:16:39 executing program 4: syz_read_part_table(0x200000000000000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000000)="020181ffffff0a000000ff45ac0000ffffffa9000800000000000000024000ffffff82000000e10000008877007200300700a6ffffff00000000008000da55aa", 0x40, 0x1c0}]) 01:16:39 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(0xffffffffffffffff, 0x800c6613, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x800002, 0x12, r0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r1, &(0x7f000099e000)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$inet_tcp_int(r1, 0x6, 0x19, &(0x7f0000000000)=0x20, 0x4) sendto$inet(r1, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) ioctl$LOOP_GET_STATUS(0xffffffffffffffff, 0x125e, &(0x7f0000000080)) sendmsg$NL80211_CMD_TDLS_MGMT(r1, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000180)={0x160, 0x0, 0x100, 0x70bd2b, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xc, 0x2a, [@mesh_chsw={0x76, 0x6, {0x4, 0x26, 0x3d, 0x6}}]}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8}, @NL80211_ATTR_IE={0x11e, 0x2a, [@mesh_id={0x72, 0x6}, @ht={0x2d, 0x1a, {0x8, 0x0, 0x1, 0x0, {0x3, 0x1, 0x0, 0x40, 0x0, 0x0, 0x0, 0x3, 0x1}, 0x8, 0x2, 0x2}}, @random_vendor={0xdd, 0xec, "5d4436042fb01afc776f15e249f78a5aa575849e3f8dfaf15c31ab8e96bc93a802a07f9a061d42824f799da013af85391831c9d4d7763587719e0a866b6530d86eec17b03908316c3b2f349db78ce75136f0513d4f0ded6c486518591507ef48244207ef1a137875c55b2461f29fc321232d421909e2e0b878d23b226b9204813abfd58338df63ec0f3a0aa1df08f6ee238f250e1f1517a9491032c8aeef45e3096f8c60fe39eb45570a9ed2a19c2671080fb03c84672b7a6d0050f45aaa2e93af2224c4b60edddc2d45831dacd11acc362166f47ff0f98148d5eea62845deed5ebbae8bd8bcb5c46cfa91e1"}, @ibss={0x6, 0x2, 0x1}, @supported_rates={0x1, 0x2, [{0x4}, {0xc}]}]}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8, 0xcb, 0x7fffffff}, @NL80211_ATTR_TDLS_INITIATOR={0x4}]}, 0x160}, 0x1, 0x0, 0x0, 0x20000004}, 0x4) recvfrom(r1, &(0x7f0000000480)=""/110, 0xfffffe32, 0x0, 0x0, 0xffffffffffffff39) [ 255.548864][T24261] loop2: detected capacity change from 0 to 512 [ 255.555715][T24262] loop4: detected capacity change from 0 to 264192 [ 255.606831][T24268] FAULT_INJECTION: forcing a failure. [ 255.606831][T24268] name failslab, interval 1, probability 0, space 0, times 0 [ 255.619471][T24268] CPU: 0 PID: 24268 Comm: syz-executor.5 Tainted: G W 5.14.0-syzkaller #0 [ 255.620870][T24261] EXT4-fs error (device loop2): __ext4_iget:4846: inode #2: block 3646141627: comm syz-executor.2: invalid block [ 255.629377][T24268] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 255.629390][T24268] Call Trace: [ 255.629397][T24268] dump_stack_lvl+0xb7/0x103 [ 255.629419][T24268] dump_stack+0x11/0x1a [ 255.629433][T24268] should_fail+0x23c/0x250 [ 255.629449][T24268] ? kmalloc_array+0x2d/0x40 [ 255.641394][T24261] EXT4-fs (loop2): get root inode failed [ 255.651393][T24268] __should_failslab+0x81/0x90 [ 255.651414][T24268] should_failslab+0x5/0x20 [ 255.654774][T24261] EXT4-fs (loop2): mount failed [ 255.659329][T24268] __kmalloc+0x66/0x340 [ 255.659346][T24268] ? ktime_get_coarse_real_ts64+0x10d/0x120 [ 255.702198][T24268] ? splice_from_pipe+0xc0/0xc0 [ 255.707041][T24268] kmalloc_array+0x2d/0x40 [ 255.711621][T24268] iter_file_splice_write+0xc6/0x750 [ 255.717023][T24268] ? atime_needs_update+0x239/0x390 [ 255.722211][T24268] ? touch_atime+0xcf/0x240 [ 255.726798][T24268] ? generic_file_splice_read+0x286/0x310 [ 255.732511][T24268] ? splice_from_pipe+0xc0/0xc0 [ 255.737356][T24268] direct_splice_actor+0x80/0xa0 [ 255.742280][T24268] splice_direct_to_actor+0x345/0x650 [ 255.747685][T24268] ? do_splice_direct+0x170/0x170 [ 255.752791][T24268] do_splice_direct+0xf5/0x170 [ 255.757578][T24268] do_sendfile+0x618/0xb90 [ 255.761992][T24268] __x64_sys_sendfile64+0xf2/0x130 [ 255.767101][T24268] do_syscall_64+0x3d/0x90 [ 255.771496][T24268] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 255.777430][T24268] RIP: 0033:0x4665f9 [ 255.781304][T24268] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 01:16:40 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(0xffffffffffffffff, 0x800c6613, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x800002, 0x12, r0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r1, &(0x7f000099e000)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$inet_tcp_int(r1, 0x6, 0x19, &(0x7f0000000000)=0x20, 0x4) sendto$inet(r1, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) ioctl$LOOP_GET_STATUS(0xffffffffffffffff, 0x125e, &(0x7f0000000080)) sendmsg$NL80211_CMD_TDLS_MGMT(r1, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000180)={0x160, 0x0, 0x100, 0x70bd2b, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xc, 0x2a, [@mesh_chsw={0x76, 0x6, {0x4, 0x26, 0x3d, 0x6}}]}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8}, @NL80211_ATTR_IE={0x11e, 0x2a, [@mesh_id={0x72, 0x6}, @ht={0x2d, 0x1a, {0x8, 0x0, 0x1, 0x0, {0x3, 0x1, 0x0, 0x40, 0x0, 0x0, 0x0, 0x3, 0x1}, 0x8, 0x2, 0x2}}, @random_vendor={0xdd, 0xec, "5d4436042fb01afc776f15e249f78a5aa575849e3f8dfaf15c31ab8e96bc93a802a07f9a061d42824f799da013af85391831c9d4d7763587719e0a866b6530d86eec17b03908316c3b2f349db78ce75136f0513d4f0ded6c486518591507ef48244207ef1a137875c55b2461f29fc321232d421909e2e0b878d23b226b9204813abfd58338df63ec0f3a0aa1df08f6ee238f250e1f1517a9491032c8aeef45e3096f8c60fe39eb45570a9ed2a19c2671080fb03c84672b7a6d0050f45aaa2e93af2224c4b60edddc2d45831dacd11acc362166f47ff0f98148d5eea62845deed5ebbae8bd8bcb5c46cfa91e1"}, @ibss={0x6, 0x2, 0x1}, @supported_rates={0x1, 0x2, [{0x4}, {0xc}]}]}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8, 0xcb, 0x7fffffff}, @NL80211_ATTR_TDLS_INITIATOR={0x4}]}, 0x160}, 0x1, 0x0, 0x0, 0x20000004}, 0x4) recvfrom(r1, &(0x7f0000000480)=""/110, 0xfffffe32, 0x0, 0x0, 0xffffffffffffff39) 01:16:40 executing program 1: perf_event_open$cgroup(&(0x7f0000000100)={0x2, 0x80, 0xb1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) 01:16:40 executing program 0: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="200000004000000003000000300000000ffffe00000000000200000002000000008000000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000000140)="ed41000000000000dbf4655fdcf4655fdcf4655f0000000000000400080000000000000005000000080000000000000000000000000000000000000000000000bb", 0x41, 0x4200}], 0x0, &(0x7f0000013a00)) [ 255.801033][T24268] RSP: 002b:00007f439350a188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 255.809500][T24268] RAX: ffffffffffffffda RBX: 000000000056c038 RCX: 00000000004665f9 [ 255.817499][T24268] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000004 [ 255.825453][T24268] RBP: 00007f439350a1d0 R08: 0000000000000000 R09: 0000000000000000 [ 255.833529][T24268] R10: 0008000000000004 R11: 0000000000000246 R12: 0000000000000002 [ 255.841567][T24268] R13: 00007ffeba6dfb3f R14: 00007f439350a300 R15: 0000000000022000 [ 255.894764][T24262] loop4: p1 p2 p3 p4 [ 255.899949][T24262] loop4: p1 size 11290111 extends beyond EOD, truncated [ 255.913097][T24261] loop2: detected capacity change from 0 to 512 [ 255.931106][T24261] EXT4-fs error (device loop2): __ext4_iget:4846: inode #2: block 3646141627: comm syz-executor.2: invalid block 01:16:40 executing program 0: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="200000004000000003000000300000000ffeff00000000000200000002000000008000000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000000140)="ed41000000000000dbf4655fdcf4655fdcf4655f0000000000000400080000000000000005000000080000000000000000000000000000000000000000000000bb", 0x41, 0x4200}], 0x0, &(0x7f0000013a00)) 01:16:40 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(0xffffffffffffffff, 0x800c6613, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x800002, 0x12, r0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r1, &(0x7f000099e000)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$inet_tcp_int(r1, 0x6, 0x19, &(0x7f0000000000)=0x20, 0x4) sendto$inet(r1, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) ioctl$LOOP_GET_STATUS(0xffffffffffffffff, 0x125e, &(0x7f0000000080)) sendmsg$NL80211_CMD_TDLS_MGMT(r1, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000180)={0x160, 0x0, 0x100, 0x70bd2b, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xc, 0x2a, [@mesh_chsw={0x76, 0x6, {0x4, 0x26, 0x3d, 0x6}}]}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8}, @NL80211_ATTR_IE={0x11e, 0x2a, [@mesh_id={0x72, 0x6}, @ht={0x2d, 0x1a, {0x8, 0x0, 0x1, 0x0, {0x3, 0x1, 0x0, 0x40, 0x0, 0x0, 0x0, 0x3, 0x1}, 0x8, 0x2, 0x2}}, @random_vendor={0xdd, 0xec, "5d4436042fb01afc776f15e249f78a5aa575849e3f8dfaf15c31ab8e96bc93a802a07f9a061d42824f799da013af85391831c9d4d7763587719e0a866b6530d86eec17b03908316c3b2f349db78ce75136f0513d4f0ded6c486518591507ef48244207ef1a137875c55b2461f29fc321232d421909e2e0b878d23b226b9204813abfd58338df63ec0f3a0aa1df08f6ee238f250e1f1517a9491032c8aeef45e3096f8c60fe39eb45570a9ed2a19c2671080fb03c84672b7a6d0050f45aaa2e93af2224c4b60edddc2d45831dacd11acc362166f47ff0f98148d5eea62845deed5ebbae8bd8bcb5c46cfa91e1"}, @ibss={0x6, 0x2, 0x1}, @supported_rates={0x1, 0x2, [{0x4}, {0xc}]}]}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8, 0xcb, 0x7fffffff}, @NL80211_ATTR_TDLS_INITIATOR={0x4}]}, 0x160}, 0x1, 0x0, 0x0, 0x20000004}, 0x4) recvfrom(r1, &(0x7f0000000480)=""/110, 0xfffffe32, 0x0, 0x0, 0xffffffffffffff39) [ 255.943149][T24261] EXT4-fs (loop2): get root inode failed [ 255.948779][T24261] EXT4-fs (loop2): mount failed [ 255.995223][T24262] loop4: p2 size 1073872896 extends beyond EOD, truncated [ 256.036547][T24262] loop4: p3 size 1912633224 extends beyond EOD, truncated [ 256.069683][T24262] loop4: p4 size 3657465856 extends beyond EOD, truncated 01:16:40 executing program 5 (fault-call:7 fault-nth:81): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x7a05, 0x1700) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) write$cgroup_int(r2, &(0x7f0000000200), 0xf000) pwrite64(0xffffffffffffffff, 0x0, 0x0, 0x0) sendfile(r2, r3, 0x0, 0xf03b0000) sendfile(r1, r0, 0x0, 0x8000000000004) 01:16:40 executing program 1: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x8, 0x79, 0x2}]}) 01:16:40 executing program 0: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="200000004000000003000000300000000f000004000000000200000002000000008000000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000000140)="ed41000000000000dbf4655fdcf4655fdcf4655f0000000000000400080000000000000005000000080000000000000000000000000000000000000000000000bb", 0x41, 0x4200}], 0x0, &(0x7f0000013a00)) 01:16:40 executing program 3: perf_event_open(&(0x7f0000000180)={0x5, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0x0, 0x8}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe3bc}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 01:16:40 executing program 2: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0xb, &(0x7f0000000200)=[{&(0x7f0000010000)="200000004000000003000000300000000f000000000000000200000002000000008000000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000000140)="ed41000000000000dbf4655fdcf4655fdcf4655f0000000000000400080000000000000005000000080000000000000000000000000000000000000000000000bbb453d966251f49b1ab9b5b4d3c3f8ccc23b5d09ae234926a1e667ee0255913fede62ba578c07a711", 0x69, 0x4200}], 0x0, &(0x7f0000013a00)) 01:16:40 executing program 4: syz_read_part_table(0x204000000000000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000000)="020181ffffff0a000000ff45ac0000ffffffa9000800000000000000024000ffffff82000000e10000008877007200300700a6ffffff00000000008000da55aa", 0x40, 0x1c0}]) 01:16:40 executing program 3: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000340)={0x1, &(0x7f00000002c0)=[{0x25}]}) [ 256.402849][T24333] loop2: detected capacity change from 0 to 512 [ 256.415017][T24335] loop4: detected capacity change from 0 to 264192 01:16:40 executing program 0: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="200000004000000003000000300000000f000008000000000200000002000000008000000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000000140)="ed41000000000000dbf4655fdcf4655fdcf4655f0000000000000400080000000000000005000000080000000000000000000000000000000000000000000000bb", 0x41, 0x4200}], 0x0, &(0x7f0000013a00)) [ 256.465010][T24339] FAULT_INJECTION: forcing a failure. [ 256.465010][T24339] name failslab, interval 1, probability 0, space 0, times 0 [ 256.477170][T24333] EXT4-fs error (device loop2): __ext4_iget:4846: inode #2: block 3646141627: comm syz-executor.2: invalid block [ 256.477790][T24339] CPU: 0 PID: 24339 Comm: syz-executor.5 Tainted: G W 5.14.0-syzkaller #0 [ 256.489692][T24333] EXT4-fs (loop2): get root inode failed [ 256.499428][T24339] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 256.499443][T24339] Call Trace: [ 256.499451][T24339] dump_stack_lvl+0xb7/0x103 [ 256.499472][T24339] dump_stack+0x11/0x1a [ 256.505102][T24333] EXT4-fs (loop2): mount failed [ 256.515142][T24339] should_fail+0x23c/0x250 [ 256.515160][T24339] __should_failslab+0x81/0x90 [ 256.541223][T24339] ? __iomap_dio_rw+0xf2/0xa60 [ 256.546005][T24339] should_failslab+0x5/0x20 [ 256.550595][T24339] kmem_cache_alloc_trace+0x49/0x310 [ 256.555876][T24339] ? enqueue_entity+0x45b/0x630 [ 256.560811][T24339] __iomap_dio_rw+0xf2/0xa60 [ 256.565478][T24339] ? ext4_es_lookup_extent+0x36b/0x490 [ 256.570996][T24339] ? ktime_get_coarse_real_ts64+0x10d/0x120 [ 256.576985][T24339] ? file_update_time+0x1bd/0x3e0 [ 256.582078][T24339] iomap_dio_rw+0x30/0x70 [ 256.586478][T24339] ext4_file_write_iter+0xa5e/0x11a0 [ 256.591762][T24339] do_iter_readv_writev+0x2cd/0x370 [ 256.597000][T24339] do_iter_write+0x192/0x5c0 [ 256.601576][T24339] ? splice_from_pipe_next+0x34f/0x3b0 [ 256.607120][T24339] ? kmalloc_array+0x2d/0x40 [ 256.611942][T24339] vfs_iter_write+0x4c/0x70 [ 256.616442][T24339] iter_file_splice_write+0x40a/0x750 [ 256.622318][T24339] ? splice_from_pipe+0xc0/0xc0 [ 256.627163][T24339] direct_splice_actor+0x80/0xa0 [ 256.632116][T24339] splice_direct_to_actor+0x345/0x650 [ 256.637468][T24339] ? do_splice_direct+0x170/0x170 [ 256.642471][T24339] do_splice_direct+0xf5/0x170 [ 256.647292][T24339] do_sendfile+0x618/0xb90 [ 256.651764][T24339] __x64_sys_sendfile64+0xf2/0x130 [ 256.657121][T24339] do_syscall_64+0x3d/0x90 [ 256.661825][T24339] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 256.667700][T24339] RIP: 0033:0x4665f9 [ 256.671594][T24339] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 256.691287][T24339] RSP: 002b:00007f439350a188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 256.699937][T24339] RAX: ffffffffffffffda RBX: 000000000056c038 RCX: 00000000004665f9 [ 256.707900][T24339] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000004 01:16:40 executing program 0: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="200000004000000003000000300000000f400008000000000200000002000000008000000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000000140)="ed41000000000000dbf4655fdcf4655fdcf4655f0000000000000400080000000000000005000000080000000000000000000000000000000000000000000000bb", 0x41, 0x4200}], 0x0, &(0x7f0000013a00)) 01:16:40 executing program 3: r0 = perf_event_open$cgroup(&(0x7f0000000100)={0x8, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r1 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r0, 0x2405, r1) 01:16:40 executing program 1: r0 = add_key$user(&(0x7f0000000980), &(0x7f00000009c0)={'syz', 0x2}, &(0x7f0000000140)="72c196feb2c32158870972b6", 0xc, 0xfffffffffffffffe) r1 = add_key$user(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x3}, &(0x7f0000000080)="95b688effc8c7ccac0a82d412df4a93411071cecfa6f8cb042919f4a9e259e09e245499abc3de68241365e062946c769efc412d2933db18e83e3ed8c37e2a6b9cd01249acbc6523391347d67b2888bb1cc7346cf72797d88357e52653a22f81d4ea85c9d579b70c54cb8b5d717f548f4906f7cb9f9853a68b982b042ae8650d2b0a101ef28b2deb32ad8e1ff9e0459117baeb5952941fd59be83e3997c982390af53095da777a55882d510c0be5a44ae54acfdf5530deff4b9564cbe094d9552", 0xc0, 0xfffffffffffffffe) keyctl$dh_compute(0x17, &(0x7f0000000180)={r0, r1, r0}, 0x0, 0x0, 0x0) [ 256.715950][T24339] RBP: 00007f439350a1d0 R08: 0000000000000000 R09: 0000000000000000 [ 256.723986][T24339] R10: 0008000000000004 R11: 0000000000000246 R12: 0000000000000002 [ 256.731959][T24339] R13: 00007ffeba6dfb3f R14: 00007f439350a300 R15: 0000000000022000 [ 256.767622][T24335] loop4: p1 p2 p3 p4 [ 256.780792][T24335] loop4: p1 size 11290111 extends beyond EOD, truncated [ 256.792198][T24333] loop2: detected capacity change from 0 to 512 01:16:41 executing program 0: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="200000004000000003000000300000000f000010000000000200000002000000008000000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000000140)="ed41000000000000dbf4655fdcf4655fdcf4655f0000000000000400080000000000000005000000080000000000000000000000000000000000000000000000bb", 0x41, 0x4200}], 0x0, &(0x7f0000013a00)) [ 256.810992][T24333] EXT4-fs error (device loop2): __ext4_iget:4846: inode #2: block 3646141627: comm syz-executor.2: invalid block [ 256.822984][T24333] EXT4-fs (loop2): get root inode failed [ 256.829712][T24333] EXT4-fs (loop2): mount failed [ 256.869275][T24335] loop4: p2 size 1073872896 extends beyond EOD, truncated [ 256.900283][T24335] loop4: p3 size 1912633224 extends beyond EOD, truncated [ 256.924558][T24335] loop4: p4 size 3657465856 extends beyond EOD, truncated 01:16:41 executing program 5 (fault-call:7 fault-nth:82): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x7a05, 0x1700) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) write$cgroup_int(r2, &(0x7f0000000200), 0xf000) pwrite64(0xffffffffffffffff, 0x0, 0x0, 0x0) sendfile(r2, r3, 0x0, 0xf03b0000) sendfile(r1, r0, 0x0, 0x8000000000004) 01:16:41 executing program 1: perf_event_open(&(0x7f0000000180)={0x5, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x21, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0x0, 0x8}, 0x0, 0x0, 0x0, 0x9}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 01:16:41 executing program 3: perf_event_open$cgroup(&(0x7f0000000100)={0x8, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) 01:16:41 executing program 0: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="200000004000000003000000300000000f000020000000000200000002000000008000000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000000140)="ed41000000000000dbf4655fdcf4655fdcf4655f0000000000000400080000000000000005000000080000000000000000000000000000000000000000000000bb", 0x41, 0x4200}], 0x0, &(0x7f0000013a00)) 01:16:41 executing program 4: syz_read_part_table(0x300000000000000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000000)="020181ffffff0a000000ff45ac0000ffffffa9000800000000000000024000ffffff82000000e10000008877007200300700a6ffffff00000000008000da55aa", 0x40, 0x1c0}]) 01:16:41 executing program 2: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0xc, &(0x7f0000000200)=[{&(0x7f0000010000)="200000004000000003000000300000000f000000000000000200000002000000008000000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000000140)="ed41000000000000dbf4655fdcf4655fdcf4655f0000000000000400080000000000000005000000080000000000000000000000000000000000000000000000bbb453d966251f49b1ab9b5b4d3c3f8ccc23b5d09ae234926a1e667ee0255913fede62ba578c07a711", 0x69, 0x4200}], 0x0, &(0x7f0000013a00)) [ 257.238466][T24404] loop4: detected capacity change from 0 to 264192 [ 257.248982][T24405] loop2: detected capacity change from 0 to 512 01:16:41 executing program 3: r0 = perf_event_open$cgroup(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r0, 0x40082404, &(0x7f0000000080)=0x7) 01:16:41 executing program 0: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="200000004000000003000000300000000f000040000000000200000002000000008000000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000000140)="ed41000000000000dbf4655fdcf4655fdcf4655f0000000000000400080000000000000005000000080000000000000000000000000000000000000000000000bb", 0x41, 0x4200}], 0x0, &(0x7f0000013a00)) [ 257.316590][T24410] FAULT_INJECTION: forcing a failure. [ 257.316590][T24410] name failslab, interval 1, probability 0, space 0, times 0 [ 257.329316][T24410] CPU: 0 PID: 24410 Comm: syz-executor.5 Tainted: G W 5.14.0-syzkaller #0 [ 257.339137][T24410] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 257.349190][T24410] Call Trace: [ 257.352461][T24410] dump_stack_lvl+0xb7/0x103 [ 257.357071][T24410] dump_stack+0x11/0x1a [ 257.361221][T24410] should_fail+0x23c/0x250 [ 257.365615][T24410] ? mempool_alloc_slab+0x16/0x20 [ 257.370632][T24410] __should_failslab+0x81/0x90 [ 257.375479][T24410] should_failslab+0x5/0x20 [ 257.380052][T24410] kmem_cache_alloc+0x46/0x2e0 [ 257.384862][T24410] mempool_alloc_slab+0x16/0x20 [ 257.389776][T24410] ? mempool_free+0x130/0x130 [ 257.394439][T24410] mempool_alloc+0x8c/0x300 [ 257.398946][T24410] ? ext4_inode_block_valid+0x1cc/0x210 [ 257.404532][T24410] bio_alloc_bioset+0xcc/0x530 [ 257.409299][T24410] ? iov_iter_alignment+0x34b/0x370 [ 257.414478][T24410] iomap_dio_bio_actor+0x511/0xb50 [ 257.419573][T24410] ? ext4_iomap_begin+0x5d1/0x620 [ 257.424597][T24410] iomap_dio_actor+0x26e/0x3b0 [ 257.429378][T24410] ? ext4_iomap_overwrite_begin+0x5e/0x80 [ 257.435086][T24410] iomap_apply+0x1df/0x400 [ 257.439490][T24410] __iomap_dio_rw+0x62e/0xa60 [ 257.444172][T24410] ? __iomap_dio_rw+0xa60/0xa60 [ 257.449009][T24410] iomap_dio_rw+0x30/0x70 [ 257.453335][T24410] ext4_file_write_iter+0xa5e/0x11a0 [ 257.458606][T24410] do_iter_readv_writev+0x2cd/0x370 [ 257.463836][T24410] do_iter_write+0x192/0x5c0 [ 257.468435][T24410] ? splice_from_pipe_next+0x34f/0x3b0 [ 257.473882][T24410] ? kmalloc_array+0x2d/0x40 [ 257.478527][T24410] vfs_iter_write+0x4c/0x70 [ 257.483018][T24410] iter_file_splice_write+0x40a/0x750 [ 257.488395][T24410] ? splice_from_pipe+0xc0/0xc0 [ 257.493281][T24410] direct_splice_actor+0x80/0xa0 [ 257.498203][T24410] splice_direct_to_actor+0x345/0x650 [ 257.503562][T24410] ? do_splice_direct+0x170/0x170 [ 257.508654][T24410] do_splice_direct+0xf5/0x170 [ 257.513486][T24410] do_sendfile+0x618/0xb90 [ 257.517889][T24410] __x64_sys_sendfile64+0xf2/0x130 [ 257.522996][T24410] do_syscall_64+0x3d/0x90 [ 257.527412][T24410] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 257.533342][T24410] RIP: 0033:0x4665f9 [ 257.537222][T24410] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 257.556999][T24410] RSP: 002b:00007f439350a188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 01:16:41 executing program 1: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_mreq(r0, 0x0, 0x20, &(0x7f0000000000)={@initdev={0xac, 0x1e, 0x0, 0x0}, @empty}, 0x8) [ 257.565885][T24410] RAX: ffffffffffffffda RBX: 000000000056c038 RCX: 00000000004665f9 [ 257.574583][T24410] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000004 [ 257.582535][T24410] RBP: 00007f439350a1d0 R08: 0000000000000000 R09: 0000000000000000 [ 257.590590][T24410] R10: 0008000000000004 R11: 0000000000000246 R12: 0000000000000002 [ 257.598719][T24410] R13: 00007ffeba6dfb3f R14: 00007f439350a300 R15: 0000000000022000 [ 257.622026][T24405] EXT4-fs error (device loop2): __ext4_iget:4846: inode #2: block 3646141627: comm syz-executor.2: invalid block [ 257.634654][T24405] EXT4-fs (loop2): get root inode failed [ 257.640288][T24405] EXT4-fs (loop2): mount failed [ 257.648365][T24404] loop4: p1 p2 p3 p4 [ 257.653568][T24404] loop4: p1 size 11290111 extends beyond EOD, truncated 01:16:41 executing program 0: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="200000004000000003000000300000000f000000010000000200000002000000008000000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000000140)="ed41000000000000dbf4655fdcf4655fdcf4655f0000000000000400080000000000000005000000080000000000000000000000000000000000000000000000bb", 0x41, 0x4200}], 0x0, &(0x7f0000013a00)) 01:16:41 executing program 1: perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xde, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0, 0x12, r0, 0x4000) close(0xffffffffffffffff) [ 257.682143][T24404] loop4: p2 size 1073872896 extends beyond EOD, truncated 01:16:42 executing program 0: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="200000004000000003000000300000000f000000020000000200000002000000008000000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000000140)="ed41000000000000dbf4655fdcf4655fdcf4655f0000000000000400080000000000000005000000080000000000000000000000000000000000000000000000bb", 0x41, 0x4200}], 0x0, &(0x7f0000013a00)) [ 257.727725][T24404] loop4: p3 size 1912633224 extends beyond EOD, truncated [ 257.750565][T24405] loop2: detected capacity change from 0 to 512 [ 257.776128][T24405] EXT4-fs error (device loop2): __ext4_iget:4846: inode #2: block 3646141627: comm syz-executor.2: invalid block [ 257.788341][T24405] EXT4-fs (loop2): get root inode failed [ 257.794469][T24405] EXT4-fs (loop2): mount failed [ 257.806115][T24404] loop4: p4 size 3657465856 extends beyond EOD, truncated 01:16:42 executing program 5 (fault-call:7 fault-nth:83): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x7a05, 0x1700) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) write$cgroup_int(r2, &(0x7f0000000200), 0xf000) pwrite64(0xffffffffffffffff, 0x0, 0x0, 0x0) sendfile(r2, r3, 0x0, 0xf03b0000) sendfile(r1, r0, 0x0, 0x8000000000004) 01:16:42 executing program 1: perf_event_open$cgroup(&(0x7f0000000100)={0x2, 0x80, 0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) 01:16:42 executing program 0: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="200000004000000003000000300000000f000004020000000200000002000000008000000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000000140)="ed41000000000000dbf4655fdcf4655fdcf4655f0000000000000400080000000000000005000000080000000000000000000000000000000000000000000000bb", 0x41, 0x4200}], 0x0, &(0x7f0000013a00)) 01:16:42 executing program 4: syz_read_part_table(0x400000000000000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000000)="020181ffffff0a000000ff45ac0000ffffffa9000800000000000000024000ffffff82000000e10000008877007200300700a6ffffff00000000008000da55aa", 0x40, 0x1c0}]) 01:16:42 executing program 3: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ieee802154(&(0x7f00000001c0), r0) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_802154(r2, 0x8933, &(0x7f0000000080)={'wpan0\x00', 0x0}) sendmsg$IEEE802154_LLSEC_ADD_DEVKEY(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000000)={0x38, r1, 0x7213052b799036e5, 0x0, 0x0, {}, [@IEEE802154_ATTR_DEV_INDEX={0x8, 0x2, r3}, @IEEE802154_ATTR_LLSEC_FRAME_COUNTER={0x8}, @IEEE802154_ATTR_LLSEC_KEY_MODE={0x5}, @IEEE802154_ATTR_HW_ADDR={0xc}]}, 0x38}}, 0x0) 01:16:42 executing program 2: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0xd, &(0x7f0000000200)=[{&(0x7f0000010000)="200000004000000003000000300000000f000000000000000200000002000000008000000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000000140)="ed41000000000000dbf4655fdcf4655fdcf4655f0000000000000400080000000000000005000000080000000000000000000000000000000000000000000000bbb453d966251f49b1ab9b5b4d3c3f8ccc23b5d09ae234926a1e667ee0255913fede62ba578c07a711", 0x69, 0x4200}], 0x0, &(0x7f0000013a00)) 01:16:42 executing program 1: perf_event_open$cgroup(&(0x7f0000000100)={0x2, 0x80, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) [ 258.086585][T24470] loop4: detected capacity change from 0 to 264192 [ 258.094288][T24472] loop2: detected capacity change from 0 to 512 01:16:42 executing program 0: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="200000004000000003000000300000000f000000030000000200000002000000008000000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000000140)="ed41000000000000dbf4655fdcf4655fdcf4655f0000000000000400080000000000000005000000080000000000000000000000000000000000000000000000bb", 0x41, 0x4200}], 0x0, &(0x7f0000013a00)) [ 258.166817][T24478] FAULT_INJECTION: forcing a failure. [ 258.166817][T24478] name failslab, interval 1, probability 0, space 0, times 0 [ 258.179497][T24478] CPU: 0 PID: 24478 Comm: syz-executor.5 Tainted: G W 5.14.0-syzkaller #0 [ 258.189303][T24478] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 258.199349][T24478] Call Trace: [ 258.202624][T24478] dump_stack_lvl+0xb7/0x103 [ 258.207211][T24478] dump_stack+0x11/0x1a [ 258.211393][T24478] should_fail+0x23c/0x250 [ 258.215823][T24478] ? mempool_alloc_slab+0x16/0x20 [ 258.220869][T24478] __should_failslab+0x81/0x90 [ 258.225614][T24478] should_failslab+0x5/0x20 [ 258.230100][T24478] kmem_cache_alloc+0x46/0x2e0 [ 258.234852][T24478] mempool_alloc_slab+0x16/0x20 [ 258.239764][T24478] ? mempool_free+0x130/0x130 [ 258.244429][T24478] mempool_alloc+0x8c/0x300 [ 258.248920][T24478] sg_pool_alloc+0x74/0x90 [ 258.253955][T24478] __sg_alloc_table+0xce/0x290 [ 258.258710][T24478] sg_alloc_table_chained+0xaf/0x140 [ 258.263983][T24478] ? sg_alloc_table_chained+0x140/0x140 [ 258.269518][T24478] scsi_alloc_sgtables+0x17c/0x500 [ 258.274685][T24478] sd_init_command+0x96a/0x1640 [ 258.279557][T24478] scsi_queue_rq+0x10e0/0x15a0 [ 258.284311][T24478] blk_mq_dispatch_rq_list+0x695/0x1040 [ 258.289901][T24478] ? __sbitmap_queue_get+0x11/0x20 [ 258.295069][T24478] blk_mq_do_dispatch_sched+0x3b5/0x640 [ 258.300700][T24478] __blk_mq_sched_dispatch_requests+0x1eb/0x290 [ 258.306929][T24478] ? rb_insert_color+0x2fa/0x310 [ 258.311855][T24478] blk_mq_sched_dispatch_requests+0x9f/0x110 [ 258.317823][T24478] __blk_mq_run_hw_queue+0xbc/0x140 [ 258.323149][T24478] __blk_mq_delay_run_hw_queue+0x163/0x2f0 [ 258.328990][T24478] blk_mq_run_hw_queue+0x22c/0x250 [ 258.334174][T24478] blk_mq_sched_insert_requests+0x12b/0x1f0 [ 258.340053][T24478] blk_mq_flush_plug_list+0x2f2/0x3c0 [ 258.345587][T24478] blk_flush_plug_list+0x235/0x260 [ 258.350726][T24478] blk_finish_plug+0x44/0x60 [ 258.355302][T24478] __iomap_dio_rw+0x797/0xa60 [ 258.359977][T24478] iomap_dio_rw+0x30/0x70 [ 258.365437][T24478] ext4_file_write_iter+0xa5e/0x11a0 [ 258.370727][T24478] do_iter_readv_writev+0x2cd/0x370 [ 258.375943][T24478] do_iter_write+0x192/0x5c0 [ 258.380697][T24478] ? splice_from_pipe_next+0x34f/0x3b0 [ 258.386146][T24478] ? kmalloc_array+0x2d/0x40 [ 258.390879][T24478] vfs_iter_write+0x4c/0x70 [ 258.395458][T24478] iter_file_splice_write+0x40a/0x750 [ 258.400997][T24478] ? splice_from_pipe+0xc0/0xc0 [ 258.405878][T24478] direct_splice_actor+0x80/0xa0 [ 258.410802][T24478] splice_direct_to_actor+0x345/0x650 [ 258.416164][T24478] ? do_splice_direct+0x170/0x170 [ 258.421180][T24478] do_splice_direct+0xf5/0x170 [ 258.426091][T24478] do_sendfile+0x618/0xb90 [ 258.430497][T24478] __x64_sys_sendfile64+0xf2/0x130 [ 258.435599][T24478] do_syscall_64+0x3d/0x90 [ 258.440097][T24478] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 258.446305][T24478] RIP: 0033:0x4665f9 [ 258.450182][T24478] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 258.470050][T24478] RSP: 002b:00007f439350a188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 258.478881][T24478] RAX: ffffffffffffffda RBX: 000000000056c038 RCX: 00000000004665f9 [ 258.486832][T24478] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000004 [ 258.494802][T24478] RBP: 00007f439350a1d0 R08: 0000000000000000 R09: 0000000000000000 [ 258.502865][T24478] R10: 0008000000000004 R11: 0000000000000246 R12: 0000000000000002 [ 258.511081][T24478] R13: 00007ffeba6dfb3f R14: 00007f439350a300 R15: 0000000000022000 [ 258.530205][T24470] loop4: p1 p2 p3 p4 [ 258.535924][T24472] EXT4-fs error (device loop2): __ext4_iget:4846: inode #2: block 3646141627: comm syz-executor.2: invalid block [ 258.548443][T24472] EXT4-fs (loop2): get root inode failed [ 258.554205][T24472] EXT4-fs (loop2): mount failed 01:16:42 executing program 0: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="200000004000000003000000300000000f000000040000000200000002000000008000000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000000140)="ed41000000000000dbf4655fdcf4655fdcf4655f0000000000000400080000000000000005000000080000000000000000000000000000000000000000000000bb", 0x41, 0x4200}], 0x0, &(0x7f0000013a00)) 01:16:42 executing program 3: perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x120000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) [ 258.562973][T24470] loop4: p1 size 11290111 extends beyond EOD, truncated 01:16:42 executing program 0: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="200000004000000003000000300000000f000000050000000200000002000000008000000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000000140)="ed41000000000000dbf4655fdcf4655fdcf4655f0000000000000400080000000000000005000000080000000000000000000000000000000000000000000000bb", 0x41, 0x4200}], 0x0, &(0x7f0000013a00)) 01:16:42 executing program 3: perf_event_open(&(0x7f0000000180)={0x5, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 258.614356][T24470] loop4: p2 size 1073872896 extends beyond EOD, truncated [ 258.644461][T24470] loop4: p3 size 1912633224 extends beyond EOD, truncated [ 258.688942][T24470] loop4: p4 size 3657465856 extends beyond EOD, truncated [ 258.698558][T24472] loop2: detected capacity change from 0 to 512 [ 258.715867][T24472] EXT4-fs error (device loop2): __ext4_iget:4846: inode #2: block 3646141627: comm syz-executor.2: invalid block [ 258.728456][T24472] EXT4-fs (loop2): get root inode failed [ 258.734149][T24472] EXT4-fs (loop2): mount failed [ 258.834005][T24470] loop4: detected capacity change from 0 to 264192 01:16:43 executing program 5 (fault-call:7 fault-nth:84): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x7a05, 0x1700) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) write$cgroup_int(r2, &(0x7f0000000200), 0xf000) pwrite64(0xffffffffffffffff, 0x0, 0x0, 0x0) sendfile(r2, r3, 0x0, 0xf03b0000) sendfile(r1, r0, 0x0, 0x8000000000004) 01:16:43 executing program 0: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="200000004000000003000000300000000f000000060000000200000002000000008000000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000000140)="ed41000000000000dbf4655fdcf4655fdcf4655f0000000000000400080000000000000005000000080000000000000000000000000000000000000000000000bb", 0x41, 0x4200}], 0x0, &(0x7f0000013a00)) 01:16:43 executing program 3: perf_event_open$cgroup(&(0x7f0000000100)={0x7, 0x80, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) [ 258.920245][T24470] loop4: p1 p2 p3 p4 [ 258.928457][T24470] loop4: p1 size 11290111 extends beyond EOD, truncated [ 258.964944][T24470] loop4: p2 size 1073872896 extends beyond EOD, truncated [ 258.999165][T24470] loop4: p3 size 1912633224 extends beyond EOD, truncated [ 259.007995][T24470] loop4: p4 size 3657465856 extends beyond EOD, truncated [ 259.037899][T24545] FAULT_INJECTION: forcing a failure. [ 259.037899][T24545] name failslab, interval 1, probability 0, space 0, times 0 [ 259.050568][T24545] CPU: 0 PID: 24545 Comm: syz-executor.5 Tainted: G W 5.14.0-syzkaller #0 [ 259.060391][T24545] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 259.070439][T24545] Call Trace: [ 259.073696][T24545] dump_stack_lvl+0xb7/0x103 [ 259.078785][T24545] dump_stack+0x11/0x1a [ 259.083026][T24545] should_fail+0x23c/0x250 [ 259.087417][T24545] ? kmalloc_array+0x2d/0x40 [ 259.091989][T24545] __should_failslab+0x81/0x90 [ 259.096727][T24545] should_failslab+0x5/0x20 [ 259.101207][T24545] __kmalloc+0x66/0x340 [ 259.105370][T24545] ? ktime_get_coarse_real_ts64+0x10d/0x120 [ 259.111243][T24545] ? splice_from_pipe+0xc0/0xc0 [ 259.116072][T24545] kmalloc_array+0x2d/0x40 [ 259.120491][T24545] iter_file_splice_write+0xc6/0x750 [ 259.125754][T24545] ? atime_needs_update+0x239/0x390 [ 259.131333][T24545] ? touch_atime+0xcf/0x240 [ 259.135851][T24545] ? generic_file_splice_read+0x286/0x310 [ 259.141550][T24545] ? splice_from_pipe+0xc0/0xc0 [ 259.146439][T24545] direct_splice_actor+0x80/0xa0 [ 259.152120][T24545] splice_direct_to_actor+0x345/0x650 [ 259.157573][T24545] ? do_splice_direct+0x170/0x170 [ 259.162577][T24545] do_splice_direct+0xf5/0x170 [ 259.167467][T24545] do_sendfile+0x618/0xb90 [ 259.172152][T24545] __x64_sys_sendfile64+0xf2/0x130 [ 259.177287][T24545] do_syscall_64+0x3d/0x90 [ 259.181698][T24545] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 259.187575][T24545] RIP: 0033:0x4665f9 [ 259.191463][T24545] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 259.211228][T24545] RSP: 002b:00007f439350a188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 259.224347][T24545] RAX: ffffffffffffffda RBX: 000000000056c038 RCX: 00000000004665f9 01:16:43 executing program 4: syz_read_part_table(0x500000000000000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000000)="020181ffffff0a000000ff45ac0000ffffffa9000800000000000000024000ffffff82000000e10000008877007200300700a6ffffff00000000008000da55aa", 0x40, 0x1c0}]) 01:16:43 executing program 2: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0xe, &(0x7f0000000200)=[{&(0x7f0000010000)="200000004000000003000000300000000f000000000000000200000002000000008000000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000000140)="ed41000000000000dbf4655fdcf4655fdcf4655f0000000000000400080000000000000005000000080000000000000000000000000000000000000000000000bbb453d966251f49b1ab9b5b4d3c3f8ccc23b5d09ae234926a1e667ee0255913fede62ba578c07a711", 0x69, 0x4200}], 0x0, &(0x7f0000013a00)) 01:16:43 executing program 1: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000340)={0x1, &(0x7f00000002c0)=[{0x35}]}) 01:16:43 executing program 0: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="200000004000000003000000300000000f000004060000000200000002000000008000000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000000140)="ed41000000000000dbf4655fdcf4655fdcf4655f0000000000000400080000000000000005000000080000000000000000000000000000000000000000000000bb", 0x41, 0x4200}], 0x0, &(0x7f0000013a00)) 01:16:43 executing program 3: r0 = openat$nvram(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0) perf_event_open$cgroup(&(0x7f0000000440)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x3}, r0, 0x0, 0xffffffffffffffff, 0x7) [ 259.232299][T24545] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000004 [ 259.240248][T24545] RBP: 00007f439350a1d0 R08: 0000000000000000 R09: 0000000000000000 [ 259.248553][T24545] R10: 0008000000000004 R11: 0000000000000246 R12: 0000000000000002 [ 259.256505][T24545] R13: 00007ffeba6dfb3f R14: 00007f439350a300 R15: 0000000000022000 [ 259.287204][T24558] loop2: detected capacity change from 0 to 512 01:16:43 executing program 1: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000340)={0x1, &(0x7f00000002c0)=[{0x2d}]}) 01:16:43 executing program 3: perf_event_open(&(0x7f0000000180)={0x5, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0x0, 0x8}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe3bc}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 01:16:43 executing program 0: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="200000004000000003000000300000000f000000070000000200000002000000008000000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000000140)="ed41000000000000dbf4655fdcf4655fdcf4655f0000000000000400080000000000000005000000080000000000000000000000000000000000000000000000bb", 0x41, 0x4200}], 0x0, &(0x7f0000013a00)) 01:16:43 executing program 3: r0 = socket(0x10, 0x2, 0x0) sendmsg$MPTCP_PM_CMD_DEL_ADDR(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={0x0}}, 0x0) [ 259.372433][T24558] EXT4-fs error (device loop2): __ext4_iget:4846: inode #2: block 3646141627: comm syz-executor.2: invalid block [ 259.384410][T24558] EXT4-fs (loop2): get root inode failed [ 259.390099][T24558] EXT4-fs (loop2): mount failed [ 259.408345][T24577] loop4: detected capacity change from 0 to 264192 [ 259.499343][T24477] loop4: p1 p2 p3 p4 [ 259.503427][T24477] loop4: p1 size 11290111 extends beyond EOD, truncated [ 259.513280][T24477] loop4: p2 size 1073872896 extends beyond EOD, truncated [ 259.529473][T24558] loop2: detected capacity change from 0 to 512 [ 259.548606][T24558] EXT4-fs error (device loop2): __ext4_iget:4846: inode #2: block 3646141627: comm syz-executor.2: invalid block [ 259.561941][T24558] EXT4-fs (loop2): get root inode failed [ 259.567582][T24558] EXT4-fs (loop2): mount failed [ 259.576784][T24477] loop4: p3 size 1912633224 extends beyond EOD, truncated [ 259.584912][T24477] loop4: p4 size 3657465856 extends beyond EOD, truncated [ 259.596196][T24577] loop_reread_partitions: partition scan of loop4 () failed (rc=-16) 01:16:44 executing program 5 (fault-call:7 fault-nth:85): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x7a05, 0x1700) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) write$cgroup_int(r2, &(0x7f0000000200), 0xf000) pwrite64(0xffffffffffffffff, 0x0, 0x0, 0x0) sendfile(r2, r3, 0x0, 0xf03b0000) sendfile(r1, r0, 0x0, 0x8000000000004) 01:16:44 executing program 1: perf_event_open$cgroup(&(0x7f0000000100)={0x2, 0x80, 0x8a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) 01:16:44 executing program 0: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="200000004000000003000000300000000f000000080000000200000002000000008000000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000000140)="ed41000000000000dbf4655fdcf4655fdcf4655f0000000000000400080000000000000005000000080000000000000000000000000000000000000000000000bb", 0x41, 0x4200}], 0x0, &(0x7f0000013a00)) 01:16:44 executing program 3: perf_event_open$cgroup(&(0x7f0000000100)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) 01:16:44 executing program 2: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0xf, &(0x7f0000000200)=[{&(0x7f0000010000)="200000004000000003000000300000000f000000000000000200000002000000008000000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000000140)="ed41000000000000dbf4655fdcf4655fdcf4655f0000000000000400080000000000000005000000080000000000000000000000000000000000000000000000bbb453d966251f49b1ab9b5b4d3c3f8ccc23b5d09ae234926a1e667ee0255913fede62ba578c07a711", 0x69, 0x4200}], 0x0, &(0x7f0000013a00)) 01:16:44 executing program 4: syz_read_part_table(0x600000000000000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000000)="020181ffffff0a000000ff45ac0000ffffffa9000800000000000000024000ffffff82000000e10000008877007200300700a6ffffff00000000008000da55aa", 0x40, 0x1c0}]) 01:16:44 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) recvmsg(r0, 0x0, 0x0) [ 259.840393][T24629] loop2: detected capacity change from 0 to 512 [ 259.846932][T24631] loop4: detected capacity change from 0 to 264192 [ 259.890462][T24627] FAULT_INJECTION: forcing a failure. [ 259.890462][T24627] name failslab, interval 1, probability 0, space 0, times 0 [ 259.903292][T24627] CPU: 0 PID: 24627 Comm: syz-executor.5 Tainted: G W 5.14.0-syzkaller #0 [ 259.913148][T24627] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 259.923292][T24627] Call Trace: [ 259.926563][T24627] dump_stack_lvl+0xb7/0x103 [ 259.931153][T24627] dump_stack+0x11/0x1a [ 259.935318][T24627] should_fail+0x23c/0x250 [ 259.939720][T24627] __should_failslab+0x81/0x90 [ 259.944469][T24627] ? __iomap_dio_rw+0xf2/0xa60 [ 259.949350][T24627] should_failslab+0x5/0x20 [ 259.954076][T24627] kmem_cache_alloc_trace+0x49/0x310 [ 259.959356][T24627] __iomap_dio_rw+0xf2/0xa60 [ 259.964182][T24627] ? inode_io_list_move_locked+0x19a/0x260 [ 259.969981][T24627] ? __mnt_drop_write_file+0x5a/0x60 [ 259.975248][T24627] ? file_update_time+0x3ae/0x3e0 [ 259.980353][T24627] iomap_dio_rw+0x30/0x70 [ 259.984670][T24627] ext4_file_write_iter+0xa5e/0x11a0 [ 259.989948][T24627] do_iter_readv_writev+0x2cd/0x370 [ 259.995147][T24627] do_iter_write+0x192/0x5c0 [ 259.999740][T24627] ? splice_from_pipe_next+0x34f/0x3b0 [ 260.005291][T24627] ? kmalloc_array+0x2d/0x40 [ 260.009867][T24627] vfs_iter_write+0x4c/0x70 [ 260.014353][T24627] iter_file_splice_write+0x40a/0x750 [ 260.019792][T24627] ? splice_from_pipe+0xc0/0xc0 [ 260.024627][T24627] direct_splice_actor+0x80/0xa0 [ 260.029561][T24627] splice_direct_to_actor+0x345/0x650 [ 260.034919][T24627] ? do_splice_direct+0x170/0x170 [ 260.040579][T24627] do_splice_direct+0xf5/0x170 [ 260.045470][T24627] do_sendfile+0x618/0xb90 [ 260.049951][T24627] __x64_sys_sendfile64+0xf2/0x130 [ 260.055078][T24627] do_syscall_64+0x3d/0x90 [ 260.059481][T24627] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 260.065362][T24627] RIP: 0033:0x4665f9 [ 260.069240][T24627] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 01:16:44 executing program 0: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="200000004000000003000000300000000f0000000a0000000200000002000000008000000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000000140)="ed41000000000000dbf4655fdcf4655fdcf4655f0000000000000400080000000000000005000000080000000000000000000000000000000000000000000000bb", 0x41, 0x4200}], 0x0, &(0x7f0000013a00)) 01:16:44 executing program 3: perf_event_open(&(0x7f0000000180)={0x5, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0x0, 0x8}, 0x0, 0x0, 0x0, 0x9}, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 260.089115][T24627] RSP: 002b:00007f439350a188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 260.097509][T24627] RAX: ffffffffffffffda RBX: 000000000056c038 RCX: 00000000004665f9 [ 260.105550][T24627] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000004 [ 260.113523][T24627] RBP: 00007f439350a1d0 R08: 0000000000000000 R09: 0000000000000000 [ 260.121480][T24627] R10: 0008000000000004 R11: 0000000000000246 R12: 0000000000000002 [ 260.129540][T24627] R13: 00007ffeba6dfb3f R14: 00007f439350a300 R15: 0000000000022000 01:16:44 executing program 1: r0 = socket(0x10, 0x2, 0x2) sendmsg$MPTCP_PM_CMD_DEL_ADDR(r0, &(0x7f00000004c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000480)={0x0}}, 0x0) 01:16:44 executing program 3: r0 = perf_event_open$cgroup(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r0, 0x40082404, 0x0) [ 260.174636][T24631] loop4: p1 p2 p3 p4 [ 260.184571][T24631] loop4: p1 size 11290111 extends beyond EOD, truncated 01:16:44 executing program 0: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="200000004000000003000000300000000f0000000b0000000200000002000000008000000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000000140)="ed41000000000000dbf4655fdcf4655fdcf4655f0000000000000400080000000000000005000000080000000000000000000000000000000000000000000000bb", 0x41, 0x4200}], 0x0, &(0x7f0000013a00)) [ 260.235902][T24631] loop4: p2 size 1073872896 extends beyond EOD, truncated [ 260.279198][T24631] loop4: p3 size 1912633224 extends beyond EOD, truncated [ 260.325651][T24631] loop4: p4 size 3657465856 extends beyond EOD, truncated [ 260.384094][T24629] EXT4-fs error (device loop2): __ext4_iget:4846: inode #2: block 3646141627: comm syz-executor.2: invalid block [ 260.396079][T24629] EXT4-fs (loop2): get root inode failed [ 260.401771][T24629] EXT4-fs (loop2): mount failed [ 260.457043][T24629] loop2: detected capacity change from 0 to 512 [ 260.473992][T24629] EXT4-fs error (device loop2): __ext4_iget:4846: inode #2: block 3646141627: comm syz-executor.2: invalid block [ 260.486004][T24629] EXT4-fs (loop2): get root inode failed [ 260.491652][T24629] EXT4-fs (loop2): mount failed 01:16:44 executing program 5 (fault-call:7 fault-nth:86): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x7a05, 0x1700) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) write$cgroup_int(r2, &(0x7f0000000200), 0xf000) pwrite64(0xffffffffffffffff, 0x0, 0x0, 0x0) sendfile(r2, r3, 0x0, 0xf03b0000) sendfile(r1, r0, 0x0, 0x8000000000004) 01:16:44 executing program 1: perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc0bcd78}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 01:16:44 executing program 3: perf_event_open(&(0x7f0000000180)={0x5, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x21, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0x0, 0x8}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 01:16:44 executing program 0: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="200000004000000003000000300000000f000000180000000200000002000000008000000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000000140)="ed41000000000000dbf4655fdcf4655fdcf4655f0000000000000400080000000000000005000000080000000000000000000000000000000000000000000000bb", 0x41, 0x4200}], 0x0, &(0x7f0000013a00)) 01:16:44 executing program 4: syz_read_part_table(0x604000000000000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000000)="020181ffffff0a000000ff45ac0000ffffffa9000800000000000000024000ffffff82000000e10000008877007200300700a6ffffff00000000008000da55aa", 0x40, 0x1c0}]) 01:16:44 executing program 2: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x10, &(0x7f0000000200)=[{&(0x7f0000010000)="200000004000000003000000300000000f000000000000000200000002000000008000000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000000140)="ed41000000000000dbf4655fdcf4655fdcf4655f0000000000000400080000000000000005000000080000000000000000000000000000000000000000000000bbb453d966251f49b1ab9b5b4d3c3f8ccc23b5d09ae234926a1e667ee0255913fede62ba578c07a711", 0x69, 0x4200}], 0x0, &(0x7f0000013a00)) 01:16:44 executing program 3: r0 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = fsopen(&(0x7f00000001c0)='nfs\x00', 0x0) fsconfig$FSCONFIG_SET_PATH_EMPTY(r1, 0x4, &(0x7f0000000200)='!\xd4*\'\x00', &(0x7f0000000240)='./file0\x00', r0) [ 260.663730][T24691] loop2: detected capacity change from 0 to 512 [ 260.686310][T24695] loop4: detected capacity change from 0 to 264192 [ 260.733543][T24698] FAULT_INJECTION: forcing a failure. [ 260.733543][T24698] name failslab, interval 1, probability 0, space 0, times 0 [ 260.746174][T24698] CPU: 0 PID: 24698 Comm: syz-executor.5 Tainted: G W 5.14.0-syzkaller #0 [ 260.755044][T24691] EXT4-fs error (device loop2): __ext4_iget:4846: inode #2: block 3646141627: comm syz-executor.2: invalid block [ 260.755971][T24698] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 260.768068][T24691] EXT4-fs (loop2): get root inode failed [ 260.778057][T24698] Call Trace: [ 260.778068][T24698] dump_stack_lvl+0xb7/0x103 [ 260.778091][T24698] dump_stack+0x11/0x1a [ 260.783709][T24691] EXT4-fs (loop2): mount failed [ 260.800560][T24698] should_fail+0x23c/0x250 [ 260.804974][T24698] ? mempool_alloc_slab+0x16/0x20 [ 260.809998][T24698] __should_failslab+0x81/0x90 [ 260.814766][T24698] should_failslab+0x5/0x20 [ 260.819271][T24698] kmem_cache_alloc+0x46/0x2e0 [ 260.824034][T24698] mempool_alloc_slab+0x16/0x20 [ 260.828866][T24698] ? mempool_free+0x130/0x130 [ 260.833533][T24698] mempool_alloc+0x8c/0x300 [ 260.838028][T24698] ? ext4_inode_block_valid+0x1cc/0x210 [ 260.843550][T24698] bio_alloc_bioset+0xcc/0x530 [ 260.848313][T24698] ? iov_iter_alignment+0x34b/0x370 [ 260.853488][T24698] iomap_dio_bio_actor+0x511/0xb50 [ 260.858594][T24698] ? ext4_iomap_begin+0x5d1/0x620 [ 260.863599][T24698] iomap_dio_actor+0x26e/0x3b0 [ 260.868371][T24698] ? ext4_iomap_overwrite_begin+0x5e/0x80 [ 260.874158][T24698] iomap_apply+0x1df/0x400 [ 260.878559][T24698] __iomap_dio_rw+0x62e/0xa60 [ 260.883302][T24698] ? __iomap_dio_rw+0xa60/0xa60 [ 260.888130][T24698] iomap_dio_rw+0x30/0x70 [ 260.892451][T24698] ext4_file_write_iter+0xa5e/0x11a0 [ 260.897751][T24698] do_iter_readv_writev+0x2cd/0x370 [ 260.903000][T24698] do_iter_write+0x192/0x5c0 [ 260.907563][T24698] ? splice_from_pipe_next+0x34f/0x3b0 [ 260.913081][T24698] ? kmalloc_array+0x2d/0x40 [ 260.917756][T24698] vfs_iter_write+0x4c/0x70 [ 260.922238][T24698] iter_file_splice_write+0x40a/0x750 [ 260.927619][T24698] ? splice_from_pipe+0xc0/0xc0 [ 260.932461][T24698] direct_splice_actor+0x80/0xa0 [ 260.937385][T24698] splice_direct_to_actor+0x345/0x650 [ 260.942740][T24698] ? do_splice_direct+0x170/0x170 [ 260.947750][T24698] do_splice_direct+0xf5/0x170 [ 260.952489][T24698] do_sendfile+0x618/0xb90 [ 260.956882][T24698] __x64_sys_sendfile64+0xf2/0x130 [ 260.961973][T24698] do_syscall_64+0x3d/0x90 [ 260.966371][T24698] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 260.972247][T24698] RIP: 0033:0x4665f9 [ 260.976128][T24698] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 260.995724][T24698] RSP: 002b:00007f439350a188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 261.004115][T24698] RAX: ffffffffffffffda RBX: 000000000056c038 RCX: 00000000004665f9 [ 261.012065][T24698] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000004 [ 261.020030][T24698] RBP: 00007f439350a1d0 R08: 0000000000000000 R09: 0000000000000000 01:16:45 executing program 3: syz_genetlink_get_family_id$l2tp(&(0x7f0000002fc0), 0xffffffffffffffff) 01:16:45 executing program 0: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="200000004000000003000000300000000f0000001c0000000200000002000000008000000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000000140)="ed41000000000000dbf4655fdcf4655fdcf4655f0000000000000400080000000000000005000000080000000000000000000000000000000000000000000000bb", 0x41, 0x4200}], 0x0, &(0x7f0000013a00)) 01:16:45 executing program 1: perf_event_open$cgroup(&(0x7f0000000100)={0x8, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) [ 261.027993][T24698] R10: 0008000000000004 R11: 0000000000000246 R12: 0000000000000002 [ 261.035987][T24698] R13: 00007ffeba6dfb3f R14: 00007f439350a300 R15: 0000000000022000 [ 261.084182][T24695] loop4: p1 p2 p3 p4 [ 261.093824][T24695] loop4: p1 size 11290111 extends beyond EOD, truncated [ 261.104394][T24691] loop2: detected capacity change from 0 to 512 01:16:45 executing program 1: perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc0bcd78}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 01:16:45 executing program 3: perf_event_open$cgroup(&(0x7f0000000100)={0x8, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) [ 261.131143][T24691] EXT4-fs error (device loop2): __ext4_iget:4846: inode #2: block 3646141627: comm syz-executor.2: invalid block [ 261.143086][T24691] EXT4-fs (loop2): get root inode failed [ 261.148799][T24691] EXT4-fs (loop2): mount failed [ 261.188839][T24695] loop4: p2 size 1073872896 extends beyond EOD, truncated [ 261.223422][T24695] loop4: p3 size 1912633224 extends beyond EOD, truncated [ 261.272590][T24695] loop4: p4 size 3657465856 extends beyond EOD, truncated 01:16:45 executing program 5 (fault-call:7 fault-nth:87): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x7a05, 0x1700) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) write$cgroup_int(r2, &(0x7f0000000200), 0xf000) pwrite64(0xffffffffffffffff, 0x0, 0x0, 0x0) sendfile(r2, r3, 0x0, 0xf03b0000) sendfile(r1, r0, 0x0, 0x8000000000004) 01:16:45 executing program 0: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="200000004000000003000000300000000f000000260000000200000002000000008000000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000000140)="ed41000000000000dbf4655fdcf4655fdcf4655f0000000000000400080000000000000005000000080000000000000000000000000000000000000000000000bb", 0x41, 0x4200}], 0x0, &(0x7f0000013a00)) 01:16:45 executing program 1: r0 = socket$inet_udp(0x2, 0x2, 0x0) getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, 0x0, 0x0) setsockopt$EBT_SO_SET_COUNTERS(r0, 0x0, 0x81, &(0x7f0000000140)={'filter\x00', 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x1], 0x4, &(0x7f0000000100)=[{}], 0x0, [{}, {}, {}, {}]}, 0xb8) 01:16:45 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) recvmsg(r0, &(0x7f0000001c00)={&(0x7f0000001800)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @private2}}}, 0x80, &(0x7f0000001ac0)=[{0x0}, {0x0}, {0x0}], 0x3}, 0x40000102) 01:16:45 executing program 2: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x11, &(0x7f0000000200)=[{&(0x7f0000010000)="200000004000000003000000300000000f000000000000000200000002000000008000000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000000140)="ed41000000000000dbf4655fdcf4655fdcf4655f0000000000000400080000000000000005000000080000000000000000000000000000000000000000000000bbb453d966251f49b1ab9b5b4d3c3f8ccc23b5d09ae234926a1e667ee0255913fede62ba578c07a711", 0x69, 0x4200}], 0x0, &(0x7f0000013a00)) 01:16:45 executing program 4: syz_read_part_table(0x700000000000000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000000)="020181ffffff0a000000ff45ac0000ffffffa9000800000000000000024000ffffff82000000e10000008877007200300700a6ffffff00000000008000da55aa", 0x40, 0x1c0}]) [ 261.528101][T24769] loop4: detected capacity change from 0 to 264192 [ 261.540438][T24771] loop2: detected capacity change from 0 to 512 01:16:45 executing program 0: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="200000004000000003000000300000000f0000052e0000000200000002000000008000000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000000140)="ed41000000000000dbf4655fdcf4655fdcf4655f0000000000000400080000000000000005000000080000000000000000000000000000000000000000000000bb", 0x41, 0x4200}], 0x0, &(0x7f0000013a00)) [ 261.595180][T24775] FAULT_INJECTION: forcing a failure. [ 261.595180][T24775] name failslab, interval 1, probability 0, space 0, times 0 [ 261.607904][T24775] CPU: 0 PID: 24775 Comm: syz-executor.5 Tainted: G W 5.14.0-syzkaller #0 [ 261.617711][T24775] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 261.627764][T24775] Call Trace: [ 261.631124][T24775] dump_stack_lvl+0xb7/0x103 [ 261.635715][T24775] dump_stack+0x11/0x1a [ 261.639926][T24775] should_fail+0x23c/0x250 [ 261.644338][T24775] ? mempool_alloc_slab+0x16/0x20 [ 261.649445][T24775] __should_failslab+0x81/0x90 [ 261.654204][T24775] should_failslab+0x5/0x20 [ 261.658759][T24775] kmem_cache_alloc+0x46/0x2e0 [ 261.663553][T24775] mempool_alloc_slab+0x16/0x20 [ 261.668384][T24775] ? mempool_free+0x130/0x130 [ 261.673040][T24775] mempool_alloc+0x8c/0x300 [ 261.677562][T24775] sg_pool_alloc+0x74/0x90 [ 261.681970][T24775] __sg_alloc_table+0xce/0x290 [ 261.686731][T24775] sg_alloc_table_chained+0xaf/0x140 [ 261.691995][T24775] ? sg_alloc_table_chained+0x140/0x140 [ 261.697551][T24775] scsi_alloc_sgtables+0x17c/0x500 [ 261.702642][T24775] sd_init_command+0x96a/0x1640 [ 261.707470][T24775] scsi_queue_rq+0x10e0/0x15a0 [ 261.712207][T24775] blk_mq_dispatch_rq_list+0x695/0x1040 [ 261.717739][T24775] ? __sbitmap_queue_get+0x11/0x20 [ 261.722828][T24775] blk_mq_do_dispatch_sched+0x3b5/0x640 [ 261.728360][T24775] __blk_mq_sched_dispatch_requests+0x1eb/0x290 [ 261.734595][T24775] ? rb_insert_color+0x2fa/0x310 [ 261.739520][T24775] blk_mq_sched_dispatch_requests+0x9f/0x110 [ 261.745546][T24775] __blk_mq_run_hw_queue+0xbc/0x140 [ 261.750790][T24775] __blk_mq_delay_run_hw_queue+0x163/0x2f0 [ 261.756573][T24775] blk_mq_run_hw_queue+0x22c/0x250 [ 261.761662][T24775] blk_mq_sched_insert_requests+0x12b/0x1f0 [ 261.767544][T24775] blk_mq_flush_plug_list+0x2f2/0x3c0 [ 261.772971][T24775] blk_flush_plug_list+0x235/0x260 [ 261.778059][T24775] blk_finish_plug+0x44/0x60 [ 261.782629][T24775] __iomap_dio_rw+0x797/0xa60 [ 261.787421][T24775] iomap_dio_rw+0x30/0x70 [ 261.791738][T24775] ext4_file_write_iter+0xa5e/0x11a0 [ 261.797040][T24775] do_iter_readv_writev+0x2cd/0x370 [ 261.802233][T24775] do_iter_write+0x192/0x5c0 [ 261.806829][T24775] ? splice_from_pipe_next+0x34f/0x3b0 [ 261.812282][T24775] ? kmalloc_array+0x2d/0x40 [ 261.816859][T24775] vfs_iter_write+0x4c/0x70 [ 261.821423][T24775] iter_file_splice_write+0x40a/0x750 [ 261.826781][T24775] ? splice_from_pipe+0xc0/0xc0 [ 261.831628][T24775] direct_splice_actor+0x80/0xa0 [ 261.836555][T24775] splice_direct_to_actor+0x345/0x650 [ 261.841950][T24775] ? do_splice_direct+0x170/0x170 [ 261.846953][T24775] do_splice_direct+0xf5/0x170 [ 261.852279][T24775] do_sendfile+0x618/0xb90 [ 261.856745][T24775] __x64_sys_sendfile64+0xf2/0x130 [ 261.861961][T24775] do_syscall_64+0x3d/0x90 [ 261.866356][T24775] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 261.872242][T24775] RIP: 0033:0x4665f9 [ 261.876118][T24775] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 01:16:46 executing program 0: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="200000004000000003000000300000000f0000003f0000000200000002000000008000000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000000140)="ed41000000000000dbf4655fdcf4655fdcf4655f0000000000000400080000000000000005000000080000000000000000000000000000000000000000000000bb", 0x41, 0x4200}], 0x0, &(0x7f0000013a00)) 01:16:46 executing program 1: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x8}]}) getsockopt$EBT_SO_GET_ENTRIES(0xffffffffffffffff, 0x0, 0x81, &(0x7f0000000280)={'nat\x00', 0x0, 0x3, 0xb5, [0x2, 0x8, 0x1, 0x1, 0x7fff, 0x7], 0x5, &(0x7f0000000140)=[{}, {}, {}, {}, {}], &(0x7f00000001c0)=""/181}, &(0x7f0000000300)=0x78) [ 261.895823][T24775] RSP: 002b:00007f439350a188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 261.904310][T24775] RAX: ffffffffffffffda RBX: 000000000056c038 RCX: 00000000004665f9 [ 261.912262][T24775] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000004 [ 261.920216][T24775] RBP: 00007f439350a1d0 R08: 0000000000000000 R09: 0000000000000000 [ 261.928296][T24775] R10: 0008000000000004 R11: 0000000000000246 R12: 0000000000000002 [ 261.936248][T24775] R13: 00007ffeba6dfb3f R14: 00007f439350a300 R15: 0000000000022000 [ 261.954759][T24771] EXT4-fs error (device loop2): __ext4_iget:4846: inode #2: block 3646141627: comm syz-executor.2: invalid block [ 261.966704][T24771] EXT4-fs (loop2): get root inode failed [ 261.972356][T24771] EXT4-fs (loop2): mount failed [ 261.982735][T24769] loop4: p1 p2 p3 p4 [ 261.997019][T24769] loop4: p1 size 11290111 extends beyond EOD, truncated 01:16:46 executing program 1: perf_event_open$cgroup(&(0x7f0000000100)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) openat$nvram(0xffffffffffffff9c, 0x0, 0x0, 0x0) 01:16:46 executing program 0: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="200000004000000003000000300000000f000000400000000200000002000000008000000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000000140)="ed41000000000000dbf4655fdcf4655fdcf4655f0000000000000400080000000000000005000000080000000000000000000000000000000000000000000000bb", 0x41, 0x4200}], 0x0, &(0x7f0000013a00)) [ 262.033260][T24769] loop4: p2 size 1073872896 extends beyond EOD, truncated [ 262.078368][T24769] loop4: p3 size 1912633224 extends beyond EOD, truncated [ 262.101057][T24771] loop2: detected capacity change from 0 to 512 01:16:46 executing program 1: perf_event_open$cgroup(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$nvram(0xffffffffffffff9c, 0x0, 0x0, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x378e2acee67eeac0) syz_genetlink_get_family_id$tipc(0x0, r0) [ 262.118251][T24771] EXT4-fs error (device loop2): __ext4_iget:4846: inode #2: block 3646141627: comm syz-executor.2: invalid block [ 262.130318][T24771] EXT4-fs (loop2): get root inode failed [ 262.136259][T24771] EXT4-fs (loop2): mount failed [ 262.153409][T24769] loop4: p4 size 3657465856 extends beyond EOD, truncated 01:16:46 executing program 5 (fault-call:7 fault-nth:88): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x7a05, 0x1700) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) write$cgroup_int(r2, &(0x7f0000000200), 0xf000) pwrite64(0xffffffffffffffff, 0x0, 0x0, 0x0) sendfile(r2, r3, 0x0, 0xf03b0000) sendfile(r1, r0, 0x0, 0x8000000000004) 01:16:46 executing program 0: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="200000004000000003000000300000000f000800400000000200000002000000008000000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000000140)="ed41000000000000dbf4655fdcf4655fdcf4655f0000000000000400080000000000000005000000080000000000000000000000000000000000000000000000bb", 0x41, 0x4200}], 0x0, &(0x7f0000013a00)) 01:16:46 executing program 1: perf_event_open$cgroup(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) [ 262.289117][T24769] loop4: detected capacity change from 0 to 264192 01:16:46 executing program 3: perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x120000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) 01:16:46 executing program 2: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x12, &(0x7f0000000200)=[{&(0x7f0000010000)="200000004000000003000000300000000f000000000000000200000002000000008000000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000000140)="ed41000000000000dbf4655fdcf4655fdcf4655f0000000000000400080000000000000005000000080000000000000000000000000000000000000000000000bbb453d966251f49b1ab9b5b4d3c3f8ccc23b5d09ae234926a1e667ee0255913fede62ba578c07a711", 0x69, 0x4200}], 0x0, &(0x7f0000013a00)) [ 262.363153][T24769] loop4: p1 p2 p3 p4 [ 262.369633][T24769] loop4: p1 size 11290111 extends beyond EOD, truncated [ 262.435947][T24769] loop4: p2 size 1073872896 extends beyond EOD, truncated [ 262.446620][T24841] FAULT_INJECTION: forcing a failure. [ 262.446620][T24841] name failslab, interval 1, probability 0, space 0, times 0 [ 262.448028][T24845] loop2: detected capacity change from 0 to 512 [ 262.459612][T24841] CPU: 0 PID: 24841 Comm: syz-executor.5 Tainted: G W 5.14.0-syzkaller #0 [ 262.475640][T24841] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 262.485693][T24841] Call Trace: [ 262.488969][T24841] dump_stack_lvl+0xb7/0x103 [ 262.493571][T24841] dump_stack+0x11/0x1a [ 262.497721][T24841] should_fail+0x23c/0x250 [ 262.502131][T24841] ? kmalloc_array+0x2d/0x40 [ 262.506726][T24841] __should_failslab+0x81/0x90 [ 262.511481][T24841] should_failslab+0x5/0x20 [ 262.515974][T24841] __kmalloc+0x66/0x340 [ 262.520117][T24841] ? ktime_get_coarse_real_ts64+0x10d/0x120 [ 262.526059][T24841] ? splice_from_pipe+0xc0/0xc0 [ 262.530900][T24841] kmalloc_array+0x2d/0x40 [ 262.535304][T24841] iter_file_splice_write+0xc6/0x750 [ 262.540575][T24841] ? atime_needs_update+0x239/0x390 [ 262.545806][T24841] ? touch_atime+0xcf/0x240 [ 262.550318][T24841] ? generic_file_splice_read+0x286/0x310 [ 262.556074][T24841] ? splice_from_pipe+0xc0/0xc0 [ 262.561461][T24841] direct_splice_actor+0x80/0xa0 [ 262.566680][T24841] splice_direct_to_actor+0x345/0x650 [ 262.572068][T24841] ? do_splice_direct+0x170/0x170 [ 262.577081][T24841] do_splice_direct+0xf5/0x170 [ 262.581833][T24841] do_sendfile+0x618/0xb90 [ 262.586305][T24841] __x64_sys_sendfile64+0xf2/0x130 [ 262.591433][T24841] do_syscall_64+0x3d/0x90 [ 262.595836][T24841] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 262.601808][T24841] RIP: 0033:0x4665f9 [ 262.605841][T24841] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 262.625699][T24841] RSP: 002b:00007f439350a188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 262.634145][T24841] RAX: ffffffffffffffda RBX: 000000000056c038 RCX: 00000000004665f9 [ 262.642144][T24841] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000004 [ 262.650359][T24841] RBP: 00007f439350a1d0 R08: 0000000000000000 R09: 0000000000000000 [ 262.658491][T24841] R10: 0008000000000004 R11: 0000000000000246 R12: 0000000000000002 [ 262.666460][T24841] R13: 00007ffeba6dfb3f R14: 00007f439350a300 R15: 0000000000022000 [ 262.679521][T24769] loop4: p3 size 1912633224 extends beyond EOD, truncated 01:16:46 executing program 0: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="200000004000000003000000300000000f000004800000000200000002000000008000000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000000140)="ed41000000000000dbf4655fdcf4655fdcf4655f0000000000000400080000000000000005000000080000000000000000000000000000000000000000000000bb", 0x41, 0x4200}], 0x0, &(0x7f0000013a00)) 01:16:46 executing program 3: perf_event_open$cgroup(&(0x7f0000000440)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x3}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x7) 01:16:46 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$sock_inet6_tcp_SIOCATMARK(r0, 0x8905, &(0x7f0000000340)) 01:16:46 executing program 4: syz_read_part_table(0x800000000000000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000000)="020181ffffff0a000000ff45ac0000ffffffa9000800000000000000024000ffffff82000000e10000008877007200300700a6ffffff00000000008000da55aa", 0x40, 0x1c0}]) [ 262.687488][T24845] EXT4-fs error (device loop2): __ext4_iget:4846: inode #2: block 3646141627: comm syz-executor.2: invalid block [ 262.700254][T24845] EXT4-fs (loop2): get root inode failed [ 262.705891][T24845] EXT4-fs (loop2): mount failed [ 262.712155][T24769] loop4: p4 size 3657465856 extends beyond EOD, truncated [ 262.782515][T24845] loop2: detected capacity change from 0 to 512 [ 262.813375][T24845] EXT4-fs error (device loop2): __ext4_iget:4846: inode #2: block 3646141627: comm syz-executor.2: invalid block [ 262.825424][T24845] EXT4-fs (loop2): get root inode failed 01:16:47 executing program 0: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="200000004000000003000000300000000fffffff850000000200000002000000008000000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000000140)="ed41000000000000dbf4655fdcf4655fdcf4655f0000000000000400080000000000000005000000080000000000000000000000000000000000000000000000bb", 0x41, 0x4200}], 0x0, &(0x7f0000013a00)) 01:16:47 executing program 1: r0 = socket(0x2a, 0x2, 0x0) ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8914, &(0x7f0000000000)={'veth1_virt_wifi\x00'}) 01:16:47 executing program 3: r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='mounts\x00') readv(r0, &(0x7f0000000200)=[{&(0x7f00000002c0)=""/4096, 0x1000}], 0x1) [ 262.831118][T24845] EXT4-fs (loop2): mount failed [ 262.880557][T24881] loop4: detected capacity change from 0 to 264192 [ 262.948945][T24818] loop4: p1 p2 p3 p4 [ 262.953105][T24818] loop4: p1 size 11290111 extends beyond EOD, truncated [ 262.967029][T24818] loop4: p2 size 1073872896 extends beyond EOD, truncated [ 262.988104][T24818] loop4: p3 size 1912633224 extends beyond EOD, truncated [ 262.996944][T24818] loop4: p4 size 3657465856 extends beyond EOD, truncated [ 263.006986][T24881] loop4: p1 p2 p3 p4 [ 263.022621][T24881] loop4: p1 size 11290111 extends beyond EOD, truncated [ 263.035957][T24881] loop4: p2 size 1073872896 extends beyond EOD, truncated [ 263.044219][T24881] loop4: p3 size 1912633224 extends beyond EOD, truncated [ 263.052719][T24881] loop4: p4 size 3657465856 extends beyond EOD, truncated 01:16:47 executing program 5 (fault-call:7 fault-nth:89): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x7a05, 0x1700) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) write$cgroup_int(r2, &(0x7f0000000200), 0xf000) pwrite64(0xffffffffffffffff, 0x0, 0x0, 0x0) sendfile(r2, r3, 0x0, 0xf03b0000) sendfile(r1, r0, 0x0, 0x8000000000004) 01:16:47 executing program 0: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="200000004000000003000000300000000ffffffff60000000200000002000000008000000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000000140)="ed41000000000000dbf4655fdcf4655fdcf4655f0000000000000400080000000000000005000000080000000000000000000000000000000000000000000000bb", 0x41, 0x4200}], 0x0, &(0x7f0000013a00)) 01:16:47 executing program 3: mount$9p_fd(0x0, &(0x7f00000001c0)='\x00', 0x0, 0x0, 0x0) 01:16:47 executing program 1: r0 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000355000/0x1000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f0000000180)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x5) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x4}, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000002f80)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000240)={0x0, 0x3938700}}, 0x10000007) io_uring_enter(r0, 0x45f5, 0x0, 0x0, 0x0, 0x0) 01:16:47 executing program 2: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x1a, &(0x7f0000000200)=[{&(0x7f0000010000)="200000004000000003000000300000000f000000000000000200000002000000008000000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000000140)="ed41000000000000dbf4655fdcf4655fdcf4655f0000000000000400080000000000000005000000080000000000000000000000000000000000000000000000bbb453d966251f49b1ab9b5b4d3c3f8ccc23b5d09ae234926a1e667ee0255913fede62ba578c07a711", 0x69, 0x4200}], 0x0, &(0x7f0000013a00)) 01:16:47 executing program 4: syz_read_part_table(0x900000000000000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000000)="020181ffffff0a000000ff45ac0000ffffffa9000800000000000000024000ffffff82000000e10000008877007200300700a6ffffff00000000008000da55aa", 0x40, 0x1c0}]) [ 263.269357][T24932] loop2: detected capacity change from 0 to 512 [ 263.286466][T24934] loop4: detected capacity change from 0 to 264192 [ 263.319310][T24930] FAULT_INJECTION: forcing a failure. [ 263.319310][T24930] name failslab, interval 1, probability 0, space 0, times 0 [ 263.332482][T24930] CPU: 0 PID: 24930 Comm: syz-executor.5 Tainted: G W 5.14.0-syzkaller #0 [ 263.342288][T24930] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 263.352342][T24930] Call Trace: [ 263.355636][T24930] dump_stack_lvl+0xb7/0x103 [ 263.360292][T24930] dump_stack+0x11/0x1a [ 263.364448][T24930] should_fail+0x23c/0x250 [ 263.368849][T24930] __should_failslab+0x81/0x90 [ 263.373620][T24930] ? __iomap_dio_rw+0xf2/0xa60 [ 263.378372][T24930] should_failslab+0x5/0x20 [ 263.382927][T24930] kmem_cache_alloc_trace+0x49/0x310 [ 263.388279][T24930] __iomap_dio_rw+0xf2/0xa60 [ 263.392857][T24930] ? inode_io_list_move_locked+0x19a/0x260 [ 263.398653][T24930] ? __mnt_drop_write_file+0x5a/0x60 [ 263.404443][T24930] ? file_update_time+0x3ae/0x3e0 [ 263.409463][T24930] iomap_dio_rw+0x30/0x70 [ 263.413834][T24930] ext4_file_write_iter+0xa5e/0x11a0 [ 263.419114][T24930] do_iter_readv_writev+0x2cd/0x370 [ 263.424309][T24930] do_iter_write+0x192/0x5c0 [ 263.428882][T24930] ? splice_from_pipe_next+0x34f/0x3b0 [ 263.434332][T24930] ? kmalloc_array+0x2d/0x40 [ 263.438980][T24930] vfs_iter_write+0x4c/0x70 [ 263.443463][T24930] iter_file_splice_write+0x40a/0x750 [ 263.448919][T24930] ? splice_from_pipe+0xc0/0xc0 [ 263.453788][T24930] direct_splice_actor+0x80/0xa0 [ 263.458774][T24930] splice_direct_to_actor+0x345/0x650 [ 263.464131][T24930] ? do_splice_direct+0x170/0x170 [ 263.469261][T24930] do_splice_direct+0xf5/0x170 [ 263.474010][T24930] do_sendfile+0x618/0xb90 [ 263.478433][T24930] __x64_sys_sendfile64+0xf2/0x130 [ 263.483527][T24930] do_syscall_64+0x3d/0x90 [ 263.487945][T24930] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 263.493823][T24930] RIP: 0033:0x4665f9 [ 263.497693][T24930] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 01:16:47 executing program 0: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="200000004000000003000000300000000ffffffdfc0000000200000002000000008000000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000000140)="ed41000000000000dbf4655fdcf4655fdcf4655f0000000000000400080000000000000005000000080000000000000000000000000000000000000000000000bb", 0x41, 0x4200}], 0x0, &(0x7f0000013a00)) 01:16:47 executing program 3: add_key$keyring(&(0x7f00000000c0), 0x0, 0x401000, 0xfffff, 0x0) 01:16:47 executing program 1: keyctl$restrict_keyring(0xc, 0xfffffffffffffffd, 0x0, 0x0) [ 263.517314][T24930] RSP: 002b:00007f439350a188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 263.525706][T24930] RAX: ffffffffffffffda RBX: 000000000056c038 RCX: 00000000004665f9 [ 263.533736][T24930] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000004 [ 263.541704][T24930] RBP: 00007f439350a1d0 R08: 0000000000000000 R09: 0000000000000000 [ 263.549656][T24930] R10: 0008000000000004 R11: 0000000000000246 R12: 0000000000000002 [ 263.557631][T24930] R13: 00007ffeba6dfb3f R14: 00007f439350a300 R15: 0000000000022000 [ 263.622009][T24934] loop4: p1 p2 p3 p4 [ 263.628087][T24934] loop4: p1 size 11290111 extends beyond EOD, truncated 01:16:47 executing program 3: add_key$keyring(&(0x7f0000000340), 0x0, 0x0, 0x0, 0xfffffffffffffffe) clone3(&(0x7f0000001b80)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) 01:16:47 executing program 1: r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffe) r1 = add_key$keyring(&(0x7f0000000100), &(0x7f0000000140)={'syz', 0x2}, 0x0, 0x0, r0) keyctl$link(0x8, r1, r0) 01:16:47 executing program 0: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="200000004000000003000000300000000ffffffdfd0000000200000002000000008000000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000000140)="ed41000000000000dbf4655fdcf4655fdcf4655f0000000000000400080000000000000005000000080000000000000000000000000000000000000000000000bb", 0x41, 0x4200}], 0x0, &(0x7f0000013a00)) [ 263.666418][T24934] loop4: p2 size 1073872896 extends beyond EOD, truncated [ 263.728217][T24934] loop4: p3 size 1912633224 extends beyond EOD, truncated [ 263.773908][T24934] loop4: p4 size 3657465856 extends beyond EOD, truncated [ 263.829188][T24932] EXT4-fs error (device loop2): __ext4_iget:4846: inode #2: block 3646141627: comm syz-executor.2: invalid block [ 263.841227][T24932] EXT4-fs (loop2): get root inode failed [ 263.846973][T24932] EXT4-fs (loop2): mount failed [ 263.893047][T24934] loop4: detected capacity change from 0 to 264192 [ 263.913556][T24932] loop2: detected capacity change from 0 to 512 [ 263.948252][T24932] EXT4-fs error (device loop2): __ext4_iget:4846: inode #2: block 3646141627: comm syz-executor.2: invalid block [ 263.960234][T24932] EXT4-fs (loop2): get root inode failed [ 263.965869][T24932] EXT4-fs (loop2): mount failed 01:16:48 executing program 5 (fault-call:7 fault-nth:90): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x7a05, 0x1700) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) write$cgroup_int(r2, &(0x7f0000000200), 0xf000) pwrite64(0xffffffffffffffff, 0x0, 0x0, 0x0) sendfile(r2, r3, 0x0, 0xf03b0000) sendfile(r1, r0, 0x0, 0x8000000000004) 01:16:48 executing program 1: clone3(&(0x7f0000000280)={0x180123480, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) 01:16:48 executing program 0: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="200000004000000003000000300000000ffffffffe0000000200000002000000008000000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000000140)="ed41000000000000dbf4655fdcf4655fdcf4655f0000000000000400080000000000000005000000080000000000000000000000000000000000000000000000bb", 0x41, 0x4200}], 0x0, &(0x7f0000013a00)) 01:16:48 executing program 3: r0 = add_key$keyring(&(0x7f0000000340), &(0x7f0000000240)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffe) r1 = add_key$keyring(&(0x7f0000000080), &(0x7f00000000c0)={'syz', 0x1}, 0x0, 0x0, r0) keyctl$search(0xa, r0, &(0x7f0000000000)='keyring\x00', &(0x7f0000000040)={'syz', 0x1}, r1) [ 263.990463][T24934] loop4: p1 p2 p3 p4 [ 263.999697][T24934] loop4: p1 size 11290111 extends beyond EOD, truncated [ 264.007451][T24934] loop4: p2 size 1073872896 extends beyond EOD, truncated 01:16:48 executing program 2: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x2e, &(0x7f0000000200)=[{&(0x7f0000010000)="200000004000000003000000300000000f000000000000000200000002000000008000000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000000140)="ed41000000000000dbf4655fdcf4655fdcf4655f0000000000000400080000000000000005000000080000000000000000000000000000000000000000000000bbb453d966251f49b1ab9b5b4d3c3f8ccc23b5d09ae234926a1e667ee0255913fede62ba578c07a711", 0x69, 0x4200}], 0x0, &(0x7f0000013a00)) [ 264.063490][T24934] loop4: p3 size 1912633224 extends beyond EOD, truncated [ 264.096710][T24999] loop2: detected capacity change from 0 to 512 [ 264.105124][T24934] loop4: p4 size 3657465856 extends beyond EOD, truncated [ 264.158439][T25005] FAULT_INJECTION: forcing a failure. [ 264.158439][T25005] name failslab, interval 1, probability 0, space 0, times 0 [ 264.166338][T24999] EXT4-fs error (device loop2): __ext4_iget:4846: inode #2: block 3646141627: comm syz-executor.2: invalid block [ 264.171071][T25005] CPU: 0 PID: 25005 Comm: syz-executor.5 Tainted: G W 5.14.0-syzkaller #0 [ 264.182990][T24999] EXT4-fs (loop2): get root inode failed [ 264.192733][T25005] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 264.192747][T25005] Call Trace: [ 264.192754][T25005] dump_stack_lvl+0xb7/0x103 [ 264.192776][T25005] dump_stack+0x11/0x1a [ 264.198373][T24999] EXT4-fs (loop2): mount failed [ 264.208395][T25005] should_fail+0x23c/0x250 [ 264.208413][T25005] ? mempool_alloc_slab+0x16/0x20 [ 264.234765][T25005] __should_failslab+0x81/0x90 [ 264.239508][T25005] should_failslab+0x5/0x20 [ 264.244026][T25005] kmem_cache_alloc+0x46/0x2e0 [ 264.248926][T25005] mempool_alloc_slab+0x16/0x20 [ 264.253820][T25005] ? mempool_free+0x130/0x130 [ 264.258476][T25005] mempool_alloc+0x8c/0x300 [ 264.263037][T25005] ? ext4_inode_block_valid+0x1cc/0x210 [ 264.268559][T25005] bio_alloc_bioset+0xcc/0x530 [ 264.273312][T25005] ? iov_iter_alignment+0x34b/0x370 [ 264.278496][T25005] iomap_dio_bio_actor+0x511/0xb50 [ 264.283585][T25005] ? ext4_iomap_begin+0x5d1/0x620 [ 264.288587][T25005] iomap_dio_actor+0x26e/0x3b0 [ 264.293445][T25005] ? ext4_iomap_overwrite_begin+0x5e/0x80 [ 264.299141][T25005] iomap_apply+0x1df/0x400 [ 264.303539][T25005] __iomap_dio_rw+0x62e/0xa60 [ 264.308229][T25005] ? __iomap_dio_rw+0xa60/0xa60 [ 264.313067][T25005] iomap_dio_rw+0x30/0x70 [ 264.317380][T25005] ext4_file_write_iter+0xa5e/0x11a0 [ 264.322709][T25005] do_iter_readv_writev+0x2cd/0x370 [ 264.327885][T25005] do_iter_write+0x192/0x5c0 [ 264.332453][T25005] ? splice_from_pipe_next+0x34f/0x3b0 [ 264.337951][T25005] ? kmalloc_array+0x2d/0x40 [ 264.342516][T25005] vfs_iter_write+0x4c/0x70 [ 264.346992][T25005] iter_file_splice_write+0x40a/0x750 [ 264.352414][T25005] ? splice_from_pipe+0xc0/0xc0 [ 264.357239][T25005] direct_splice_actor+0x80/0xa0 [ 264.362151][T25005] splice_direct_to_actor+0x345/0x650 [ 264.367524][T25005] ? do_splice_direct+0x170/0x170 [ 264.372524][T25005] do_splice_direct+0xf5/0x170 [ 264.377298][T25005] do_sendfile+0x618/0xb90 [ 264.381735][T25005] __x64_sys_sendfile64+0xf2/0x130 [ 264.386881][T25005] do_syscall_64+0x3d/0x90 [ 264.391370][T25005] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 264.397267][T25005] RIP: 0033:0x4665f9 [ 264.401185][T25005] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 264.420761][T25005] RSP: 002b:00007f439350a188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 264.429177][T25005] RAX: ffffffffffffffda RBX: 000000000056c038 RCX: 00000000004665f9 [ 264.437126][T25005] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000004 [ 264.445073][T25005] RBP: 00007f439350a1d0 R08: 0000000000000000 R09: 0000000000000000 01:16:48 executing program 0: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="200000004000000003000000300000000ffcfdffff0000000200000002000000008000000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000000140)="ed41000000000000dbf4655fdcf4655fdcf4655f0000000000000400080000000000000005000000080000000000000000000000000000000000000000000000bb", 0x41, 0x4200}], 0x0, &(0x7f0000013a00)) 01:16:48 executing program 3: perf_event_open(&(0x7f0000000340)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xa, 0x80000004}, 0x0, 0x10}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x3, 0xffffffffffffffff, 0x0) r0 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADDIR(r0, &(0x7f00000005c0)=ANY=[@ANYRES32, @ANYRESDEC, @ANYRESHEX, @ANYRESHEX], 0xbf) 01:16:48 executing program 4: syz_read_part_table(0xa00000000000000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000000)="020181ffffff0a000000ff45ac0000ffffffa9000800000000000000024000ffffff82000000e10000008877007200300700a6ffffff00000000008000da55aa", 0x40, 0x1c0}]) 01:16:48 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$WG_CMD_GET_DEVICE(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000440)={0xec4, 0x0, 0x0, 0x0, 0x0, {}, [@WGDEVICE_A_IFNAME={0x14, 0x2, 'wg0\x00'}, @WGDEVICE_A_FLAGS={0x8, 0x5, 0x1}, @WGDEVICE_A_PEERS={0xe94, 0x8, 0x0, 0x1, [{0x4c, 0x0, 0x0, 0x1, [@WGPEER_A_PUBLIC_KEY={0x24, 0x1, @neg}, @WGPEER_A_PUBLIC_KEY={0x24, 0x1, @b_g}]}, {0x28, 0x0, 0x0, 0x1, [@WGPEER_A_PRESHARED_KEY={0x24, 0x2, "a2143c29fdbd8824302433cad086f0b1fd4d00a4bf13c6d011b5361bef6acb44"}]}, {0x848, 0x0, 0x0, 0x1, [@WGPEER_A_ENDPOINT4={0x14, 0x4, {0x2, 0x0, @multicast1}}, @WGPEER_A_ALLOWEDIPS={0x608, 0x9, 0x0, 0x1, [{0x124, 0x0, 0x0, 0x1, [@ipv4={{0x6}, {0x8, 0x2, @local}, {0x5}}, @ipv6={{0x6}, {0x14, 0x2, @empty}, {0x5}}, @ipv4={{0x6}, {0x8, 0x2, @remote}, {0x5}}, @ipv6={{0x6}, {0x14, 0x2, @local}, {0x5}}, @ipv4={{0x6}, {0x8, 0x2, @remote}, {0x5}}, @ipv4={{0x6}, {0x8, 0x2, @dev}, {0x5}}, @ipv4={{0x6}, {0x8, 0x2, @multicast2}, {0x5}}, @ipv6={{0x6}, {0x14, 0x2, @loopback}, {0x5}}, @ipv6={{0x6}, {0x14, 0x2, @local}, {0x5}}, @ipv4={{0x6}, {0x8, 0x2, @multicast2}, {0x5}}]}, {0xdc, 0x0, 0x0, 0x1, [@ipv4={{0x6}, {0x8, 0x2, @dev}, {0x5}}, @ipv6={{0x6}, {0x14, 0x2, @remote}, {0x5}}, @ipv4={{0x6}, {0x8, 0x2, @local}, {0x5}}, @ipv6={{0x6}, {0x14, 0x2, @dev}, {0x5, 0x3, 0x2}}, @ipv6={{0x6}, {0x14, 0x2, @mcast1}, {0x5}}, @ipv4={{0x6}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}, {0x5}}, @ipv6={{0x6}, {0x14, 0x2, @mcast1}, {0x5}}]}, {0x40, 0x0, 0x0, 0x1, [@ipv6={{0x6}, {0x14, 0x2, @private2}, {0x5}}, @ipv4={{0x6}, {0x8, 0x2, @loopback}, {0x5}}]}, {0x64, 0x0, 0x0, 0x1, [@ipv6={{0x6}, {0x14, 0x2, @loopback}, {0x5}}, @ipv4={{0x6}, {0x8, 0x2, @local}, {0x5}}, @ipv6={{0x6}, {0x14, 0x2, @mcast2}, {0x5}}]}, {0x130, 0x0, 0x0, 0x1, [@ipv6={{0x6}, {0x14, 0x2, @empty}, {0x5}}, @ipv6={{0x6}, {0x14, 0x2, @empty}, {0x5}}, @ipv6={{0x6}, {0x14, 0x2, @private0}, {0x5}}, @ipv6={{0x6}, {0x14, 0x2, @private0}, {0x5}}, @ipv6={{0x6}, {0x14, 0x2, @remote}, {0x5}}, @ipv4={{0x6}, {0x8, 0x2, @remote}, {0x5}}, @ipv6={{0x6}, {0x14, 0x2, @private2}, {0x5}}, @ipv4={{0x6}, {0x8, 0x2, @multicast1}, {0x5}}, @ipv6={{0x6}, {0x14, 0x2, @private2}, {0x5}}]}, {0x4c, 0x0, 0x0, 0x1, [@ipv4={{0x6}, {0x8, 0x2, @multicast1}, {0x5}}, @ipv4={{0x6}, {0x8, 0x2, @private=0xa010100}, {0x5}}, @ipv4={{0x6}, {0x8, 0x2, @local}, {0x5}}]}, {0xf4, 0x0, 0x0, 0x1, [@ipv4={{0x6}, {0x8, 0x2, @multicast1}, {0x5, 0x3, 0x3}}, @ipv4={{0x6}, {0x8, 0x2, @empty}, {0x5}}, @ipv6={{0x6}, {0x14, 0x2, @remote}, {0x5}}, @ipv6={{0x6}, {0x14, 0x2, @empty}, {0x5}}, @ipv4={{0x6}, {0x8, 0x2, @remote}, {0x5}}, @ipv4={{0x6}, {0x8, 0x2, @broadcast}, {0x5}}, @ipv4={{0x6}, {0x8, 0x2, @dev}, {0x5}}, @ipv4={{0x6}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}, {0x5}}, @ipv4={{0x6}, {0x8, 0x2, @loopback}, {0x5}}]}, {0x40, 0x0, 0x0, 0x1, [@ipv4={{0x6}, {0x8, 0x2, @dev}, {0x5}}, @ipv6={{0x6}, {0x14, 0x2, @dev}, {0x5}}]}, {0x28, 0x0, 0x0, 0x1, [@ipv6={{0x6}, {0x14, 0x2, @local}, {0x5}}]}, {0x88, 0x0, 0x0, 0x1, [@ipv6={{0x6}, {0x14, 0x2, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}, {0x5}}, @ipv4={{0x6}, {0x8, 0x2, @loopback}, {0x5}}, @ipv4={{0x6}, {0x8, 0x2, @multicast1}, {0x5}}, @ipv4={{0x6}, {0x8, 0x2, @remote}, {0x5, 0x3, 0x2}}, @ipv4={{0x6}, {0x8, 0x2, @broadcast}, {0x5}}]}]}, @WGPEER_A_ALLOWEDIPS={0x118, 0x9, 0x0, 0x1, [{0x1c, 0x0, 0x0, 0x1, [@ipv4={{0x6}, {0x8, 0x2, @remote}, {0x5, 0x3, 0x2}}]}, {0x58, 0x0, 0x0, 0x1, [@ipv6={{0x6}, {0x14, 0x2, @mcast2}, {0x5}}, @ipv4={{0x6}, {0x8, 0x2, @loopback}, {0x5}}, @ipv4={{0x6}, {0x8, 0x2, @remote}, {0x5}}]}, {0xa0, 0x0, 0x0, 0x1, [@ipv6={{0x6}, {0x14, 0x2, @ipv4={'\x00', '\xff\xff', @broadcast}}, {0x5}}, @ipv6={{0x6}, {0x14, 0x2, @remote}, {0x5}}, @ipv4={{0x6}, {0x8, 0x2, @remote}, {0x5}}, @ipv6={{0x6}, {0x14, 0x2, @ipv4={'\x00', '\xff\xff', @multicast2}}, {0x5}}, @ipv4={{0x6}, {0x8, 0x2, @multicast1}, {0x5}}]}]}, @WGPEER_A_ALLOWEDIPS={0x110, 0x9, 0x0, 0x1, [{0x1c, 0x0, 0x0, 0x1, [@ipv4={{0x6}, {0x8, 0x2, @dev}, {0x5}}]}, {0x94, 0x0, 0x0, 0x1, [@ipv4={{0x6}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}, {0x5}}, @ipv6={{0x6}, {0x14, 0x2, @private0}, {0x5}}, @ipv6={{0x6}, {0x14, 0x2, @remote}, {0x5}}, @ipv4={{0x6}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x1, 0x0}}, {0x5}}, @ipv4={{0x6}, {0x8, 0x2, @remote}, {0x5}}]}, {0x40, 0x0, 0x0, 0x1, [@ipv4={{0x6}, {0x8, 0x2, @remote}, {0x5}}, @ipv6={{0x6}, {0x14, 0x2, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}}, {0x5}}]}, {0x1c, 0x0, 0x0, 0x1, [@ipv4={{0x6}, {0x8, 0x2, @empty}, {0x5}}]}]}]}, {0x58, 0x0, 0x0, 0x1, [@WGPEER_A_ENDPOINT6={0x20, 0x4, {0xa, 0x4e23, 0x0, @private1, 0x7}}, @WGPEER_A_PROTOCOL_VERSION={0x8}, @WGPEER_A_PUBLIC_KEY={0x24}, @WGPEER_A_FLAGS={0x8}]}, {0xc8, 0x0, 0x0, 0x1, [@WGPEER_A_PROTOCOL_VERSION={0x8}, @WGPEER_A_PUBLIC_KEY={0x24, 0x1, @c_g}, @WGPEER_A_PROTOCOL_VERSION={0x8}, @WGPEER_A_PUBLIC_KEY={0x24}, @WGPEER_A_PUBLIC_KEY={0x24}, @WGPEER_A_PROTOCOL_VERSION={0x8}, @WGPEER_A_ENDPOINT6={0x20, 0x4, {0xa, 0x0, 0x7ff, @private2}}, @WGPEER_A_ALLOWEDIPS={0x20, 0x9, 0x0, 0x1, [{0x1c, 0x0, 0x0, 0x1, [@ipv4={{0x6}, {0x8, 0x2, @loopback}, {0x5, 0x3, 0x2}}]}]}]}, {0x49c, 0x0, 0x0, 0x1, [@WGPEER_A_PRESHARED_KEY={0x24, 0x2, "fea67b2057ea485012ffd72756502ea2779af41e09d9fe014da91042fca911a8"}, @WGPEER_A_PERSISTENT_KEEPALIVE_INTERVAL={0x6}, @WGPEER_A_PERSISTENT_KEEPALIVE_INTERVAL={0x6, 0x5, 0x2}, @WGPEER_A_FLAGS={0x8}, @WGPEER_A_ENDPOINT4={0x14, 0x4, {0x2, 0x0, @dev}}, @WGPEER_A_ENDPOINT6={0x20, 0x4, {0xa, 0x0, 0x0, @remote, 0x3}}, @WGPEER_A_PROTOCOL_VERSION={0x8}, @WGPEER_A_ALLOWEDIPS={0x420, 0x9, 0x0, 0x1, [{0x64, 0x0, 0x0, 0x1, [@ipv6={{0x6}, {0x14, 0x2, @remote}, {0x5}}, @ipv6={{0x6}, {0x14, 0x2, @private1}, {0x5}}, @ipv4={{0x6}, {0x8, 0x2, @multicast2}, {0x5}}]}, {0x28, 0x0, 0x0, 0x1, [@ipv6={{0x6}, {0x14, 0x2, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}, {0x5, 0x3, 0x1}}]}, {0x124, 0x0, 0x0, 0x1, [@ipv6={{0x6}, {0x14, 0x2, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}, {0x5, 0x3, 0x1}}, @ipv6={{0x6}, {0x14, 0x2, @private0}, {0x5}}, @ipv6={{0x6}, {0x14, 0x2, @private2}, {0x5}}, @ipv4={{0x6}, {0x8, 0x2, @dev={0xac, 0x14, 0x14, 0x3a}}, {0x5}}, @ipv6={{0x6}, {0x14, 0x2, @dev={0xfe, 0x80, '\x00', 0x15}}, {0x5}}, @ipv6={{0x6}, {0x14, 0x2, @remote}, {0x5}}, @ipv4={{0x6}, {0x8, 0x2, @multicast2}, {0x5}}, @ipv4={{0x6}, {0x8, 0x2, @rand_addr=0x64010101}, {0x5}}, @ipv6={{0x6}, {0x14, 0x2, @dev={0xfe, 0x80, '\x00', 0x22}}, {0x5}}]}, {0x100, 0x0, 0x0, 0x1, [@ipv6={{0x6}, {0x14, 0x2, @mcast1}, {0x5}}, @ipv4={{0x6}, {0x8, 0x2, @private=0xa010102}, {0x5}}, @ipv4={{0x6}, {0x8}, {0x5}}, @ipv4={{0x6}, {0x8, 0x2, @local}, {0x5}}, @ipv6={{0x6}, {0x14, 0x2, @empty}, {0x5}}, @ipv6={{0x6}, {0x14, 0x2, @private1}, {0x5}}, @ipv6={{0x6}, {0x14, 0x2, @mcast1}, {0x5}}, @ipv6={{0x6}, {0x14, 0x2, @remote}, {0x5}}]}, {0x28, 0x0, 0x0, 0x1, [@ipv6={{0x6}, {0x14, 0x2, @loopback}, {0x5}}]}, {0x28, 0x0, 0x0, 0x1, [@ipv6={{0x6}, {0x14, 0x2, @private2}, {0x5}}]}, {0xf4, 0x0, 0x0, 0x1, [@ipv6={{0x6}, {0x14, 0x2, @private0}, {0x5}}, @ipv4={{0x6}, {0x8, 0x2, @local}, {0x5}}, @ipv6={{0x6}, {0x14, 0x2, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}, {0x5, 0x3, 0x1}}, @ipv4={{0x6}, {0x8, 0x2, @multicast1}, {0x5}}, @ipv6={{0x6}, {0x14, 0x2, @private2}, {0x5}}, @ipv6={{0x6}, {0x14, 0x2, @mcast1}, {0x5}}, @ipv4={{0x6}, {0x8, 0x2, @multicast2}, {0x5}}, @ipv4={{0x6}, {0x8, 0x2, @broadcast}, {0x5, 0x3, 0x2}}]}, {0x28, 0x0, 0x0, 0x1, [@ipv6={{0x6}, {0x14, 0x2, @dev={0xfe, 0x80, '\x00', 0x2e}}, {0x5}}]}]}]}, {0x18, 0x0, 0x0, 0x1, [@WGPEER_A_ENDPOINT4={0x14, 0x4, {0x2, 0x0, @dev}}]}]}]}, 0xec4}}, 0x0) [ 264.453191][T25005] R10: 0008000000000004 R11: 0000000000000246 R12: 0000000000000002 [ 264.461169][T25005] R13: 00007ffeba6dfb3f R14: 00007f439350a300 R15: 0000000000022000 [ 264.528443][T24999] loop2: detected capacity change from 0 to 512 [ 264.553135][T24999] EXT4-fs error (device loop2): __ext4_iget:4846: inode #2: block 3646141627: comm syz-executor.2: invalid block [ 264.565165][T24999] EXT4-fs (loop2): get root inode failed [ 264.570965][T24999] EXT4-fs (loop2): mount failed 01:16:48 executing program 1: keyctl$restrict_keyring(0x1c, 0xfffffffffffffffd, 0x0, 0x0) 01:16:48 executing program 3: r0 = getpid() waitid(0x1, r0, 0x0, 0x8, 0x0) 01:16:48 executing program 0: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="200000004000000003000000300000000ffdfdffff0000000200000002000000008000000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000000140)="ed41000000000000dbf4655fdcf4655fdcf4655f0000000000000400080000000000000005000000080000000000000000000000000000000000000000000000bb", 0x41, 0x4200}], 0x0, &(0x7f0000013a00)) [ 264.649457][T25038] loop4: detected capacity change from 0 to 264192 [ 264.743942][T25038] loop4: p1 p2 p3 p4 [ 264.748344][T25038] loop4: p1 size 11290111 extends beyond EOD, truncated [ 264.756252][T25038] loop4: p2 size 1073872896 extends beyond EOD, truncated [ 264.776555][T25038] loop4: p3 size 1912633224 extends beyond EOD, truncated [ 264.784726][T25038] loop4: p4 size 3657465856 extends beyond EOD, truncated 01:16:49 executing program 5 (fault-call:7 fault-nth:91): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x7a05, 0x1700) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) write$cgroup_int(r2, &(0x7f0000000200), 0xf000) pwrite64(0xffffffffffffffff, 0x0, 0x0, 0x0) sendfile(r2, r3, 0x0, 0xf03b0000) sendfile(r1, r0, 0x0, 0x8000000000004) 01:16:49 executing program 1: add_key$keyring(&(0x7f00000000c0), 0x0, 0x550000, 0xfffff, 0x0) 01:16:49 executing program 3: waitid(0xae4331afa95e88a9, 0xffffffffffffffff, 0x0, 0x8, 0x0) 01:16:49 executing program 0: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="200000004000000003000000300000000f85ffffff0000000200000002000000008000000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000000140)="ed41000000000000dbf4655fdcf4655fdcf4655f0000000000000400080000000000000005000000080000000000000000000000000000000000000000000000bb", 0x41, 0x4200}], 0x0, &(0x7f0000013a00)) 01:16:49 executing program 2: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x55, &(0x7f0000000200)=[{&(0x7f0000010000)="200000004000000003000000300000000f000000000000000200000002000000008000000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000000140)="ed41000000000000dbf4655fdcf4655fdcf4655f0000000000000400080000000000000005000000080000000000000000000000000000000000000000000000bbb453d966251f49b1ab9b5b4d3c3f8ccc23b5d09ae234926a1e667ee0255913fede62ba578c07a711", 0x69, 0x4200}], 0x0, &(0x7f0000013a00)) 01:16:49 executing program 4: syz_read_part_table(0xb00000000000000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000000)="020181ffffff0a000000ff45ac0000ffffffa9000800000000000000024000ffffff82000000e10000008877007200300700a6ffffff00000000008000da55aa", 0x40, 0x1c0}]) [ 264.963802][T25077] loop2: detected capacity change from 0 to 512 [ 264.989202][T25082] loop4: detected capacity change from 0 to 264192 01:16:49 executing program 3: keyctl$restrict_keyring(0x1d, 0xfffffffffffffffd, 0x0, 0x0) keyctl$link(0x8, 0x0, 0xffffffffffffffff) 01:16:49 executing program 0: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="200000004000000003000000300000000ff6ffffff0000000200000002000000008000000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000000140)="ed41000000000000dbf4655fdcf4655fdcf4655f0000000000000400080000000000000005000000080000000000000000000000000000000000000000000000bb", 0x41, 0x4200}], 0x0, &(0x7f0000013a00)) 01:16:49 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$WG_CMD_GET_DEVICE(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000440)={0xec8, 0x0, 0x0, 0x0, 0x0, {}, [@WGDEVICE_A_IFNAME={0x14, 0x2, 'wg0\x00'}, @WGDEVICE_A_FLAGS={0x8}, @WGDEVICE_A_PEERS={0xe98, 0x8, 0x0, 0x1, [{0x4c, 0x0, 0x0, 0x1, [@WGPEER_A_PUBLIC_KEY={0x24, 0x1, @neg}, @WGPEER_A_PUBLIC_KEY={0x24, 0x1, @b_g}]}, {0x28, 0x0, 0x0, 0x1, [@WGPEER_A_PRESHARED_KEY={0x24, 0x2, "a2143c29fdbd8824302433cad086f0b1fd4d00a4bf13c6d011b5361bef6acb44"}]}, {0x848, 0x0, 0x0, 0x1, [@WGPEER_A_ENDPOINT4={0x14, 0x4, {0x2, 0x4e21, @multicast1}}, @WGPEER_A_ALLOWEDIPS={0x608, 0x9, 0x0, 0x1, [{0x124, 0x0, 0x0, 0x1, [@ipv4={{0x6}, {0x8, 0x2, @local}, {0x5, 0x3, 0x2}}, @ipv6={{0x6}, {0x14, 0x2, @empty}, {0x5}}, @ipv4={{0x6}, {0x8, 0x2, @remote}, {0x5}}, @ipv6={{0x6}, {0x14, 0x2, @local}, {0x5}}, @ipv4={{0x6}, {0x8, 0x2, @remote}, {0x5}}, @ipv4={{0x6}, {0x8, 0x2, @dev}, {0x5}}, @ipv4={{0x6}, {0x8, 0x2, @multicast2}, {0x5}}, @ipv6={{0x6}, {0x14, 0x2, @loopback}, {0x5}}, @ipv6={{0x6}, {0x14, 0x2, @local}, {0x5}}, @ipv4={{0x6}, {0x8, 0x2, @multicast2}, {0x5}}]}, {0xdc, 0x0, 0x0, 0x1, [@ipv4={{0x6}, {0x8, 0x2, @dev={0xac, 0x14, 0x14, 0x22}}, {0x5}}, @ipv6={{0x6}, {0x14, 0x2, @remote}, {0x5, 0x3, 0x1}}, @ipv4={{0x6}, {0x8, 0x2, @local}, {0x5}}, @ipv6={{0x6}, {0x14, 0x2, @dev={0xfe, 0x80, '\x00', 0x3e}}, {0x5, 0x3, 0x2}}, @ipv6={{0x6}, {0x14, 0x2, @mcast1}, {0x5}}, @ipv4={{0x6}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x1, 0x0}}, {0x5, 0x3, 0x3}}, @ipv6={{0x6}, {0x14, 0x2, @mcast1}, {0x5}}]}, {0x40, 0x0, 0x0, 0x1, [@ipv6={{0x6}, {0x14, 0x2, @private2}, {0x5}}, @ipv4={{0x6}, {0x8, 0x2, @loopback}, {0x5, 0x3, 0x3}}]}, {0x64, 0x0, 0x0, 0x1, [@ipv6={{0x6}, {0x14, 0x2, @loopback}, {0x5, 0x3, 0x1}}, @ipv4={{0x6}, {0x8, 0x2, @local}, {0x5, 0x3, 0x2}}, @ipv6={{0x6}, {0x14, 0x2, @mcast2}, {0x5}}]}, {0x130, 0x0, 0x0, 0x1, [@ipv6={{0x6}, {0x14, 0x2, @empty}, {0x5}}, @ipv6={{0x6}, {0x14, 0x2, @empty}, {0x5, 0x3, 0x2}}, @ipv6={{0x6}, {0x14, 0x2, @private0={0xfc, 0x0, '\x00', 0x1}}, {0x5}}, @ipv6={{0x6}, {0x14, 0x2, @private0}, {0x5}}, @ipv6={{0x6}, {0x14, 0x2, @remote}, {0x5, 0x3, 0x3}}, @ipv4={{0x6}, {0x8, 0x2, @remote}, {0x5}}, @ipv6={{0x6}, {0x14, 0x2, @private2}, {0x5, 0x3, 0x1}}, @ipv4={{0x6}, {0x8, 0x2, @multicast1}, {0x5, 0x3, 0x3}}, @ipv6={{0x6}, {0x14, 0x2, @private2={0xfc, 0x2, '\x00', 0x1}}, {0x5}}]}, {0x4c, 0x0, 0x0, 0x1, [@ipv4={{0x6}, {0x8, 0x2, @multicast1}, {0x5}}, @ipv4={{0x6}, {0x8, 0x2, @private=0xa010100}, {0x5, 0x3, 0x2}}, @ipv4={{0x6}, {0x8, 0x2, @local}, {0x5, 0x3, 0x3}}]}, {0xf4, 0x0, 0x0, 0x1, [@ipv4={{0x6}, {0x8, 0x2, @multicast1}, {0x5}}, @ipv4={{0x6}, {0x8, 0x2, @empty}, {0x5}}, @ipv6={{0x6}, {0x14, 0x2, @remote}, {0x5}}, @ipv6={{0x6}, {0x14, 0x2, @empty}, {0x5}}, @ipv4={{0x6}, {0x8, 0x2, @remote}, {0x5, 0x3, 0x1}}, @ipv4={{0x6}, {0x8, 0x2, @broadcast}, {0x5, 0x3, 0x2}}, @ipv4={{0x6}, {0x8, 0x2, @dev}, {0x5}}, @ipv4={{0x6}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}, {0x5, 0x3, 0x1}}, @ipv4={{0x6}, {0x8, 0x2, @loopback}, {0x5}}]}, {0x40, 0x0, 0x0, 0x1, [@ipv4={{0x6}, {0x8, 0x2, @dev={0xac, 0x14, 0x14, 0x13}}, {0x5}}, @ipv6={{0x6}, {0x14, 0x2, @dev={0xfe, 0x80, '\x00', 0x14}}, {0x5, 0x3, 0x3}}]}, {0x28, 0x0, 0x0, 0x1, [@ipv6={{0x6}, {0x14, 0x2, @local}, {0x5, 0x3, 0x1}}]}, {0x88, 0x0, 0x0, 0x1, [@ipv6={{0x6}, {0x14, 0x2, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}, {0x5, 0x3, 0x3}}, @ipv4={{0x6}, {0x8, 0x2, @loopback}, {0x5, 0x3, 0x2}}, @ipv4={{0x6}, {0x8, 0x2, @multicast1}, {0x5, 0x3, 0x1}}, @ipv4={{0x6}, {0x8, 0x2, @remote}, {0x5, 0x3, 0x2}}, @ipv4={{0x6}, {0x8, 0x2, @broadcast}, {0x5, 0x3, 0x3}}]}]}, @WGPEER_A_ALLOWEDIPS={0x118, 0x9, 0x0, 0x1, [{0x1c, 0x0, 0x0, 0x1, [@ipv4={{0x6}, {0x8, 0x2, @remote}, {0x5, 0x3, 0x2}}]}, {0x58, 0x0, 0x0, 0x1, [@ipv6={{0x6}, {0x14, 0x2, @mcast2}, {0x5}}, @ipv4={{0x6}, {0x8, 0x2, @loopback}, {0x5}}, @ipv4={{0x6}, {0x8, 0x2, @remote}, {0x5, 0x3, 0x2}}]}, {0xa0, 0x0, 0x0, 0x1, [@ipv6={{0x6}, {0x14, 0x2, @ipv4={'\x00', '\xff\xff', @broadcast}}, {0x5}}, @ipv6={{0x6}, {0x14, 0x2, @remote}, {0x5}}, @ipv4={{0x6}, {0x8, 0x2, @remote}, {0x5}}, @ipv6={{0x6}, {0x14, 0x2, @ipv4={'\x00', '\xff\xff', @multicast2}}, {0x5}}, @ipv4={{0x6}, {0x8, 0x2, @multicast1}, {0x5}}]}]}, @WGPEER_A_ALLOWEDIPS={0x110, 0x9, 0x0, 0x1, [{0x1c, 0x0, 0x0, 0x1, [@ipv4={{0x6}, {0x8, 0x2, @dev}, {0x5}}]}, {0x94, 0x0, 0x0, 0x1, [@ipv4={{0x6}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}, {0x5}}, @ipv6={{0x6}, {0x14, 0x2, @private0}, {0x5}}, @ipv6={{0x6}, {0x14, 0x2, @remote}, {0x5}}, @ipv4={{0x6}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}, {0x5}}, @ipv4={{0x6}, {0x8, 0x2, @remote}, {0x5}}]}, {0x40, 0x0, 0x0, 0x1, [@ipv4={{0x6}, {0x8, 0x2, @remote}, {0x5}}, @ipv6={{0x6}, {0x14, 0x2, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, {0x5}}]}, {0x1c, 0x0, 0x0, 0x1, [@ipv4={{0x6}, {0x8, 0x2, @empty}, {0x5}}]}]}]}, {0x58, 0x0, 0x0, 0x1, [@WGPEER_A_ENDPOINT6={0x20, 0x4, {0xa, 0x0, 0x40, @private1={0xfc, 0x1, '\x00', 0x1}, 0x7}}, @WGPEER_A_PROTOCOL_VERSION={0x8}, @WGPEER_A_PUBLIC_KEY={0x24}, @WGPEER_A_FLAGS={0x8}]}, {0xcc, 0x0, 0x0, 0x1, [@WGPEER_A_PROTOCOL_VERSION={0x8}, @WGPEER_A_PUBLIC_KEY={0x24, 0x1, @c_g}, @WGPEER_A_PROTOCOL_VERSION={0x8}, @WGPEER_A_PUBLIC_KEY={0x24}, @WGPEER_A_ALLOWEDIPS={0x4}, @WGPEER_A_PUBLIC_KEY={0x24}, @WGPEER_A_PROTOCOL_VERSION={0x8}, @WGPEER_A_ENDPOINT6={0x20, 0x4, {0xa, 0x4e22, 0x7ff, @private2, 0x4}}, @WGPEER_A_ALLOWEDIPS={0x20, 0x9, 0x0, 0x1, [{0x1c, 0x0, 0x0, 0x1, [@ipv4={{0x6}, {0x8, 0x2, @loopback}, {0x5, 0x3, 0x2}}]}]}]}, {0x49c, 0x0, 0x0, 0x1, [@WGPEER_A_PRESHARED_KEY={0x24, 0x2, "fea67b2057ea485012ffd72756502ea2779af41e09d9fe014da91042fca911a8"}, @WGPEER_A_PERSISTENT_KEEPALIVE_INTERVAL={0x6}, @WGPEER_A_PERSISTENT_KEEPALIVE_INTERVAL={0x6}, @WGPEER_A_FLAGS={0x8}, @WGPEER_A_ENDPOINT4={0x14, 0x4, {0x2, 0x4e21, @dev}}, @WGPEER_A_ENDPOINT6={0x20, 0x4, {0xa, 0x0, 0x1, @remote}}, @WGPEER_A_PROTOCOL_VERSION={0x8}, @WGPEER_A_ALLOWEDIPS={0x420, 0x9, 0x0, 0x1, [{0x64, 0x0, 0x0, 0x1, [@ipv6={{0x6}, {0x14, 0x2, @remote}, {0x5, 0x3, 0x1}}, @ipv6={{0x6}, {0x14, 0x2, @private1={0xfc, 0x1, '\x00', 0x1}}, {0x5, 0x3, 0x1}}, @ipv4={{0x6}, {0x8, 0x2, @multicast2}, {0x5, 0x3, 0x3}}]}, {0x28, 0x0, 0x0, 0x1, [@ipv6={{0x6}, {0x14, 0x2, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}, {0x5}}]}, {0x124, 0x0, 0x0, 0x1, [@ipv6={{0x6}, {0x14, 0x2, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}, {0x5, 0x3, 0x1}}, @ipv6={{0x6}, {0x14, 0x2, @private0}, {0x5, 0x3, 0x2}}, @ipv6={{0x6}, {0x14, 0x2, @private2}, {0x5}}, @ipv4={{0x6}, {0x8, 0x2, @dev={0xac, 0x14, 0x14, 0x3a}}, {0x5, 0x3, 0x1}}, @ipv6={{0x6}, {0x14, 0x2, @dev}, {0x5, 0x3, 0x2}}, @ipv6={{0x6}, {0x14, 0x2, @remote}, {0x5}}, @ipv4={{0x6}, {0x8, 0x2, @multicast2}, {0x5, 0x3, 0x3}}, @ipv4={{0x6}, {0x8, 0x2, @rand_addr=0x64010101}, {0x5}}, @ipv6={{0x6}, {0x14, 0x2, @dev={0xfe, 0x80, '\x00', 0x22}}, {0x5}}]}, {0x100, 0x0, 0x0, 0x1, [@ipv6={{0x6}, {0x14, 0x2, @mcast1}, {0x5}}, @ipv4={{0x6}, {0x8, 0x2, @private=0xa010102}, {0x5, 0x3, 0x1}}, @ipv4={{0x6}, {0x8, 0x2, @rand_addr=0x64010101}, {0x5, 0x3, 0x3}}, @ipv4={{0x6}, {0x8, 0x2, @local}, {0x5}}, @ipv6={{0x6}, {0x14, 0x2, @empty}, {0x5}}, @ipv6={{0x6}, {0x14, 0x2, @private1}, {0x5, 0x3, 0x3}}, @ipv6={{0x6}, {0x14, 0x2, @mcast1}, {0x5}}, @ipv6={{0x6}, {0x14, 0x2, @remote}, {0x5}}]}, {0x28, 0x0, 0x0, 0x1, [@ipv6={{0x6}, {0x14, 0x2, @loopback}, {0x5}}]}, {0x28, 0x0, 0x0, 0x1, [@ipv6={{0x6}, {0x14, 0x2, @private2}, {0x5}}]}, {0xf4, 0x0, 0x0, 0x1, [@ipv6={{0x6}, {0x14, 0x2, @private0}, {0x5}}, @ipv4={{0x6}, {0x8, 0x2, @local}, {0x5}}, @ipv6={{0x6}, {0x14, 0x2, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}, {0x5}}, @ipv4={{0x6}, {0x8, 0x2, @multicast1}, {0x5}}, @ipv6={{0x6}, {0x14, 0x2, @private2}, {0x5}}, @ipv6={{0x6}, {0x14, 0x2, @mcast1}, {0x5}}, @ipv4={{0x6}, {0x8, 0x2, @multicast2}, {0x5}}, @ipv4={{0x6}, {0x8, 0x2, @broadcast}, {0x5}}]}, {0x28, 0x0, 0x0, 0x1, [@ipv6={{0x6}, {0x14, 0x2, @dev}, {0x5}}]}]}]}, {0x18, 0x0, 0x0, 0x1, [@WGPEER_A_ENDPOINT4={0x14, 0x4, {0x2, 0x0, @private=0xa010102}}]}]}]}, 0xec8}}, 0xc0c0) [ 265.021541][T25078] FAULT_INJECTION: forcing a failure. [ 265.021541][T25078] name failslab, interval 1, probability 0, space 0, times 0 [ 265.034184][T25078] CPU: 0 PID: 25078 Comm: syz-executor.5 Tainted: G W 5.14.0-syzkaller #0 [ 265.044071][T25078] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 265.053744][T25077] EXT4-fs error (device loop2): __ext4_iget:4846: inode #2: block 3646141627: comm syz-executor.2: invalid block [ 265.054130][T25078] Call Trace: [ 265.054138][T25078] dump_stack_lvl+0xb7/0x103 [ 265.066056][T25077] EXT4-fs (loop2): get root inode failed [ 265.069278][T25078] dump_stack+0x11/0x1a [ 265.069301][T25078] should_fail+0x23c/0x250 [ 265.073862][T25077] EXT4-fs (loop2): mount failed [ 265.079465][T25078] ? mempool_alloc_slab+0x16/0x20 [ 265.097887][T25078] __should_failslab+0x81/0x90 [ 265.102666][T25078] should_failslab+0x5/0x20 [ 265.107165][T25078] kmem_cache_alloc+0x46/0x2e0 [ 265.111945][T25078] mempool_alloc_slab+0x16/0x20 [ 265.116799][T25078] ? mempool_free+0x130/0x130 01:16:49 executing program 3: keyctl$restrict_keyring(0x16, 0xfffffffffffffffd, 0x0, 0x0) [ 265.121491][T25078] mempool_alloc+0x8c/0x300 [ 265.126037][T25078] ? sysvec_apic_timer_interrupt+0x3e/0x80 [ 265.131900][T25078] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 265.138084][T25078] sg_pool_alloc+0x74/0x90 [ 265.142564][T25078] __sg_alloc_table+0xce/0x290 [ 265.147393][T25078] sg_alloc_table_chained+0xaf/0x140 [ 265.152702][T25078] ? sg_alloc_table_chained+0x140/0x140 [ 265.158311][T25078] scsi_alloc_sgtables+0x17c/0x500 [ 265.163435][T25078] sd_init_command+0x96a/0x1640 01:16:49 executing program 1: r0 = getpid() clone3(&(0x7f0000000600)={0x1100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f00000005c0)=[r0], 0x1}, 0x58) [ 265.168315][T25078] scsi_queue_rq+0x10e0/0x15a0 [ 265.173075][T25078] blk_mq_dispatch_rq_list+0x695/0x1040 [ 265.178617][T25078] ? __sbitmap_queue_get+0x11/0x20 [ 265.183776][T25078] blk_mq_do_dispatch_sched+0x3b5/0x640 [ 265.189393][T25078] __blk_mq_sched_dispatch_requests+0x1eb/0x290 [ 265.195722][T25078] ? rb_insert_color+0x2fa/0x310 [ 265.200725][T25078] blk_mq_sched_dispatch_requests+0x9f/0x110 [ 265.206813][T25078] __blk_mq_run_hw_queue+0xbc/0x140 [ 265.212012][T25078] __blk_mq_delay_run_hw_queue+0x163/0x2f0 [ 265.217822][T25078] blk_mq_run_hw_queue+0x22c/0x250 [ 265.222985][T25078] blk_mq_sched_insert_requests+0x12b/0x1f0 [ 265.228870][T25078] blk_mq_flush_plug_list+0x2f2/0x3c0 [ 265.234246][T25078] blk_flush_plug_list+0x235/0x260 [ 265.239383][T25078] blk_finish_plug+0x44/0x60 [ 265.243965][T25078] __iomap_dio_rw+0x797/0xa60 [ 265.248640][T25078] iomap_dio_rw+0x30/0x70 [ 265.252976][T25078] ext4_file_write_iter+0xa5e/0x11a0 [ 265.258321][T25078] do_iter_readv_writev+0x2cd/0x370 [ 265.263659][T25078] do_iter_write+0x192/0x5c0 [ 265.268298][T25078] ? splice_from_pipe_next+0x34f/0x3b0 [ 265.273779][T25078] ? kmalloc_array+0x2d/0x40 [ 265.278428][T25078] vfs_iter_write+0x4c/0x70 [ 265.282931][T25078] iter_file_splice_write+0x40a/0x750 [ 265.288320][T25078] ? splice_from_pipe+0xc0/0xc0 [ 265.293150][T25078] direct_splice_actor+0x80/0xa0 [ 265.298065][T25078] splice_direct_to_actor+0x345/0x650 [ 265.303421][T25078] ? do_splice_direct+0x170/0x170 [ 265.308456][T25078] do_splice_direct+0xf5/0x170 [ 265.313201][T25078] do_sendfile+0x618/0xb90 [ 265.317592][T25078] __x64_sys_sendfile64+0xf2/0x130 [ 265.322701][T25078] do_syscall_64+0x3d/0x90 [ 265.327105][T25078] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 265.333082][T25078] RIP: 0033:0x4665f9 [ 265.336952][T25078] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 265.356572][T25078] RSP: 002b:00007f439350a188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 265.365158][T25078] RAX: ffffffffffffffda RBX: 000000000056c038 RCX: 00000000004665f9 01:16:49 executing program 0: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="200000004000000003000000300000000ffeffffff0000000200000002000000008000000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000000140)="ed41000000000000dbf4655fdcf4655fdcf4655f0000000000000400080000000000000005000000080000000000000000000000000000000000000000000000bb", 0x41, 0x4200}], 0x0, &(0x7f0000013a00)) [ 265.373110][T25078] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000004 [ 265.381147][T25078] RBP: 00007f439350a1d0 R08: 0000000000000000 R09: 0000000000000000 [ 265.389103][T25078] R10: 0008000000000004 R11: 0000000000000246 R12: 0000000000000002 [ 265.397112][T25078] R13: 00007ffeba6dfb3f R14: 00007f439350a300 R15: 0000000000022000 [ 265.444216][T25082] loop4: p1 p2 p3 p4 [ 265.449005][T25082] loop4: p1 size 11290111 extends beyond EOD, truncated [ 265.456777][T25082] loop4: p2 size 1073872896 extends beyond EOD, truncated [ 265.473239][T25077] loop2: detected capacity change from 0 to 512 [ 265.492608][T25077] EXT4-fs error (device loop2): __ext4_iget:4846: inode #2: block 3646141627: comm syz-executor.2: invalid block [ 265.504801][T25077] EXT4-fs (loop2): get root inode failed [ 265.510477][T25077] EXT4-fs (loop2): mount failed [ 265.519320][T25082] loop4: p3 size 1912633224 extends beyond EOD, truncated [ 265.527260][T25082] loop4: p4 size 3657465856 extends beyond EOD, truncated 01:16:50 executing program 5 (fault-call:7 fault-nth:92): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x7a05, 0x1700) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) write$cgroup_int(r2, &(0x7f0000000200), 0xf000) pwrite64(0xffffffffffffffff, 0x0, 0x0, 0x0) sendfile(r2, r3, 0x0, 0xf03b0000) sendfile(r1, r0, 0x0, 0x8000000000004) 01:16:50 executing program 3: r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000080)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffd) keyctl$restrict_keyring(0x1d, r0, 0x0, 0x0) add_key$keyring(&(0x7f0000000200), &(0x7f0000000240)={'syz', 0x0}, 0x0, 0x0, r0) 01:16:50 executing program 1: perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x402, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x3b, 0x2ada}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TCSETS2(r0, 0x402c542b, &(0x7f00000003c0)={0x46e3, 0x5f3, 0x6b7897ab, 0x85ab, 0x0, "ec4b2cf4dd291ac55a0cde0c254d6c6cb5a8c4"}) ioctl$TCSETS2(r0, 0x402c542b, &(0x7f0000000180)={0x8000, 0x0, 0x0, 0x1, 0x0, "522035de5fdc1c30dd8c1fb8754ef7c044d5c8", 0x0, 0x7}) ioctl$PIO_UNIMAPCLR(r0, 0x4b68, &(0x7f00000000c0)={0x8, 0x6c60, 0x7}) ioctl$int_in(0xffffffffffffffff, 0x0, 0x0) pipe2(0x0, 0x0) openat$cgroup_freezer_state(0xffffffffffffffff, 0x0, 0x2, 0x0) ioctl$TIOCL_PASTESEL(r0, 0x541c, &(0x7f0000000240)) mmap(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) ioctl$TIOCL_PASTESEL(0xffffffffffffffff, 0x541c, 0x0) msgctl$IPC_STAT(0x0, 0x2, 0x0) write$binfmt_misc(0xffffffffffffffff, 0x0, 0x25) ioctl$TIOCL_PASTESEL(0xffffffffffffffff, 0x541c, 0x0) msgctl$IPC_STAT(0x0, 0x2, 0x0) getdents(0xffffffffffffffff, 0x0, 0x0) 01:16:50 executing program 0: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="200000004000000003000000300000000f000000000000000300000002000000008000000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000000140)="ed41000000000000dbf4655fdcf4655fdcf4655f0000000000000400080000000000000005000000080000000000000000000000000000000000000000000000bb", 0x41, 0x4200}], 0x0, &(0x7f0000013a00)) 01:16:50 executing program 2: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0xfe, &(0x7f0000000200)=[{&(0x7f0000010000)="200000004000000003000000300000000f000000000000000200000002000000008000000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000000140)="ed41000000000000dbf4655fdcf4655fdcf4655f0000000000000400080000000000000005000000080000000000000000000000000000000000000000000000bbb453d966251f49b1ab9b5b4d3c3f8ccc23b5d09ae234926a1e667ee0255913fede62ba578c07a711", 0x69, 0x4200}], 0x0, &(0x7f0000013a00)) 01:16:50 executing program 4: syz_read_part_table(0xc00000000000000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000000)="020181ffffff0a000000ff45ac0000ffffffa9000800000000000000024000ffffff82000000e10000008877007200300700a6ffffff00000000008000da55aa", 0x40, 0x1c0}]) [ 265.834613][T25146] loop4: detected capacity change from 0 to 264192 [ 265.849427][T25143] loop2: detected capacity change from 0 to 512 01:16:50 executing program 3: r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffe) keyctl$KEYCTL_MOVE(0x1e, r0, r0, 0xfffffffffffffffa, 0x0) 01:16:50 executing program 0: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="200000004000000003000000300000000f000000000000000400000002000000008000000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000000140)="ed41000000000000dbf4655fdcf4655fdcf4655f0000000000000400080000000000000005000000080000000000000000000000000000000000000000000000bb", 0x41, 0x4200}], 0x0, &(0x7f0000013a00)) 01:16:50 executing program 1: perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x402, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x3b, 0x2ada}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TCSETS2(r0, 0x402c542b, &(0x7f00000003c0)={0x46e3, 0x5f3, 0x6b7897ab, 0x85ab, 0x0, "ec4b2cf4dd291ac55a0cde0c254d6c6cb5a8c4"}) ioctl$TCSETS2(r0, 0x402c542b, &(0x7f0000000180)={0x8000, 0x0, 0x0, 0x1, 0x0, "522035de5fdc1c30dd8c1fb8754ef7c044d5c8", 0x0, 0x7}) ioctl$PIO_UNIMAPCLR(r0, 0x4b68, &(0x7f00000000c0)={0x8, 0x6c60, 0x7}) ioctl$int_in(0xffffffffffffffff, 0x0, 0x0) pipe2(0x0, 0x0) openat$cgroup_freezer_state(0xffffffffffffffff, 0x0, 0x2, 0x0) ioctl$TIOCL_PASTESEL(r0, 0x541c, &(0x7f0000000240)) mmap(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) ioctl$TIOCL_PASTESEL(0xffffffffffffffff, 0x541c, 0x0) msgctl$IPC_STAT(0x0, 0x2, 0x0) write$binfmt_misc(0xffffffffffffffff, 0x0, 0x25) ioctl$TIOCL_PASTESEL(0xffffffffffffffff, 0x541c, 0x0) msgctl$IPC_STAT(0x0, 0x2, 0x0) getdents(0xffffffffffffffff, 0x0, 0x0) [ 265.899303][T25144] FAULT_INJECTION: forcing a failure. [ 265.899303][T25144] name failslab, interval 1, probability 0, space 0, times 0 [ 265.912272][T25144] CPU: 0 PID: 25144 Comm: syz-executor.5 Tainted: G W 5.14.0-syzkaller #0 01:16:50 executing program 0: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="200000004000000003000000300000000f000000000000000600000002000000008000000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000000140)="ed41000000000000dbf4655fdcf4655fdcf4655f0000000000000400080000000000000005000000080000000000000000000000000000000000000000000000bb", 0x41, 0x4200}], 0x0, &(0x7f0000013a00)) 01:16:50 executing program 3: clone3(&(0x7f00000003c0)={0x0, 0x0, 0x0, 0x0, {}, &(0x7f0000000200), 0x0, 0x0, 0x0}, 0x58) [ 265.912334][T25144] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 01:16:50 executing program 2: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x3000, &(0x7f0000000200)=[{&(0x7f0000010000)="200000004000000003000000300000000f000000000000000200000002000000008000000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000000140)="ed41000000000000dbf4655fdcf4655fdcf4655f0000000000000400080000000000000005000000080000000000000000000000000000000000000000000000bbb453d966251f49b1ab9b5b4d3c3f8ccc23b5d09ae234926a1e667ee0255913fede62ba578c07a711", 0x69, 0x4200}], 0x0, &(0x7f0000013a00)) [ 265.912345][T25144] Call Trace: [ 265.912353][T25144] dump_stack_lvl+0xb7/0x103 [ 265.912376][T25144] dump_stack+0x11/0x1a [ 265.912395][T25144] should_fail+0x23c/0x250 [ 265.912408][T25144] ? kmalloc_array+0x2d/0x40 [ 265.912428][T25144] __should_failslab+0x81/0x90 [ 265.912443][T25144] should_failslab+0x5/0x20 [ 265.912460][T25144] __kmalloc+0x66/0x340 [ 265.912475][T25144] ? ktime_get_coarse_real_ts64+0x10d/0x120 [ 265.912515][T25144] ? splice_from_pipe+0xc0/0xc0 [ 265.912536][T25144] kmalloc_array+0x2d/0x40 [ 265.912555][T25144] iter_file_splice_write+0xc6/0x750 [ 265.912575][T25144] ? atime_needs_update+0x239/0x390 [ 265.912614][T25144] ? touch_atime+0xcf/0x240 [ 265.912702][T25144] ? generic_file_splice_read+0x286/0x310 [ 265.912723][T25144] ? splice_from_pipe+0xc0/0xc0 [ 265.912744][T25144] direct_splice_actor+0x80/0xa0 [ 265.912780][T25144] splice_direct_to_actor+0x345/0x650 [ 265.912802][T25144] ? do_splice_direct+0x170/0x170 [ 265.912824][T25144] do_splice_direct+0xf5/0x170 [ 265.912946][T25144] do_sendfile+0x618/0xb90 [ 265.913020][T25144] __x64_sys_sendfile64+0xf2/0x130 [ 265.913077][T25144] do_syscall_64+0x3d/0x90 [ 265.913096][T25144] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 265.913142][T25144] RIP: 0033:0x4665f9 [ 265.913203][T25144] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 265.913217][T25144] RSP: 002b:00007f439350a188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 265.913235][T25144] RAX: ffffffffffffffda RBX: 000000000056c038 RCX: 00000000004665f9 [ 265.913247][T25144] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000004 [ 265.913259][T25144] RBP: 00007f439350a1d0 R08: 0000000000000000 R09: 0000000000000000 [ 265.913270][T25144] R10: 0008000000000004 R11: 0000000000000246 R12: 0000000000000002 [ 265.913282][T25144] R13: 00007ffeba6dfb3f R14: 00007f439350a300 R15: 0000000000022000 01:16:50 executing program 5 (fault-call:7 fault-nth:93): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x7a05, 0x1700) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) write$cgroup_int(r2, &(0x7f0000000200), 0xf000) pwrite64(0xffffffffffffffff, 0x0, 0x0, 0x0) sendfile(r2, r3, 0x0, 0xf03b0000) sendfile(r1, r0, 0x0, 0x8000000000004) 01:16:50 executing program 4: syz_read_part_table(0xd00000000000000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000000)="020181ffffff0a000000ff45ac0000ffffffa9000800000000000000024000ffffff82000000e10000008877007200300700a6ffffff00000000008000da55aa", 0x40, 0x1c0}]) 01:16:50 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000300)='fS\a\x00', 0x4}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x34) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r0, 0x0, 0x3) 01:16:50 executing program 0: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="200000004000000003000000300000000f000000000000000700000002000000008000000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000000140)="ed41000000000000dbf4655fdcf4655fdcf4655f0000000000000400080000000000000005000000080000000000000000000000000000000000000000000000bb", 0x41, 0x4200}], 0x0, &(0x7f0000013a00)) 01:16:50 executing program 2: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0xfffe, &(0x7f0000000200)=[{&(0x7f0000010000)="200000004000000003000000300000000f000000000000000200000002000000008000000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000000140)="ed41000000000000dbf4655fdcf4655fdcf4655f0000000000000400080000000000000005000000080000000000000000000000000000000000000000000000bbb453d966251f49b1ab9b5b4d3c3f8ccc23b5d09ae234926a1e667ee0255913fede62ba578c07a711", 0x69, 0x4200}], 0x0, &(0x7f0000013a00)) [ 265.946923][T25143] ================================================================== [ 265.946942][T25143] BUG: KCSAN: data-race in __ext4_update_other_inode_time / writeback_single_inode [ 265.946961][T25143] [ 265.946964][T25143] write to 0xffff888105b98660 of 8 bytes by task 25137 on cpu 0: [ 265.946972][T25143] writeback_single_inode+0x148/0x3e0 [ 265.946984][T25143] sync_inode_metadata+0x57/0x80 [ 265.946995][T25143] ext4_sync_file+0x359/0x670 [ 265.947005][T25143] vfs_fsync_range+0x107/0x120 [ 265.947017][T25143] iomap_dio_complete+0x2d5/0x3c0 01:16:51 executing program 0: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="200000004000000003000000300000000f000000000000000f00000002000000008000000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000000140)="ed41000000000000dbf4655fdcf4655fdcf4655f0000000000000400080000000000000005000000080000000000000000000000000000000000000000000000bb", 0x41, 0x4200}], 0x0, &(0x7f0000013a00)) 01:16:51 executing program 4: syz_read_part_table(0xe00000000000000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000000)="020181ffffff0a000000ff45ac0000ffffffa9000800000000000000024000ffffff82000000e10000008877007200300700a6ffffff00000000008000da55aa", 0x40, 0x1c0}]) [ 265.947030][T25143] iomap_dio_rw+0x4e/0x70 01:16:51 executing program 0: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="200000004000000003000000300000000f000000000000002000000002000000008000000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000000140)="ed41000000000000dbf4655fdcf4655fdcf4655f0000000000000400080000000000000005000000080000000000000000000000000000000000000000000000bb", 0x41, 0x4200}], 0x0, &(0x7f0000013a00)) [ 265.947041][T25143] ext4_file_write_iter+0xa5e/0x11a0 [ 265.947052][T25143] do_iter_readv_writev+0x2cd/0x370 [ 265.947064][T25143] do_iter_write+0x192/0x5c0 [ 265.947074][T25143] vfs_iter_write+0x4c/0x70 [ 265.947084][T25143] iter_file_splice_write+0x40a/0x750 [ 265.947097][T25143] direct_splice_actor+0x80/0xa0 [ 265.947114][T25143] splice_direct_to_actor+0x345/0x650 [ 265.947126][T25143] do_splice_direct+0xf5/0x170 [ 265.947139][T25143] do_sendfile+0x618/0xb90 [ 265.947150][T25143] __x64_sys_sendfile64+0xf2/0x130 [ 265.947163][T25143] do_syscall_64+0x3d/0x90 [ 265.947175][T25143] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 265.947188][T25143] [ 265.947190][T25143] read to 0xffff888105b98660 of 8 bytes by task 25143 on cpu 1: [ 265.947198][T25143] __ext4_update_other_inode_time+0x48/0x5c0 [ 265.947212][T25143] ext4_mark_iloc_dirty+0x12b6/0x1750 [ 265.947225][T25143] __ext4_mark_inode_dirty+0x4db/0x5b0 [ 265.947240][T25143] ext4_dirty_inode+0x86/0xa0 [ 265.947252][T25143] __mark_inode_dirty+0x77/0x6a0 [ 265.947263][T25143] ext4_mb_new_blocks+0x116b/0x1f90 [ 265.947271][T25143] ext4_ext_map_blocks+0x1569/0x1f00 [ 265.947280][T25143] ext4_map_blocks+0x70d/0xef0 [ 265.947291][T25143] ext4_getblk+0xb1/0x3d0 [ 265.947301][T25143] ext4_bread+0x28/0x100 [ 265.947311][T25143] ext4_append+0xd1/0x1c0 [ 265.947325][T25143] ext4_init_new_dir+0x177/0x500 [ 265.947341][T25143] ext4_mkdir+0x329/0x760 [ 265.947357][T25143] vfs_mkdir+0x2c3/0x3e0 [ 265.947369][T25143] do_mkdirat+0x12e/0x2e0 [ 265.947380][T25143] __x64_sys_mkdir+0x40/0x50 [ 265.947391][T25143] do_syscall_64+0x3d/0x90 [ 265.947402][T25143] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 265.947414][T25143] [ 265.947416][T25143] value changed: 0x0000000000000007 -> 0x0000000000000080 [ 265.947422][T25143] [ 265.947423][T25143] Reported by Kernel Concurrency Sanitizer on: [ 265.947427][T25143] CPU: 1 PID: 25143 Comm: syz-executor.2 Tainted: G W 5.14.0-syzkaller #0 [ 265.947438][T25143] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 265.947444][T25143] ================================================================== [ 265.959295][T25146] loop4: p1 p2 p3 p4 [ 265.959423][T25146] loop4: p1 size 11290111 extends beyond EOD, truncated [ 265.959821][T25146] loop4: p2 size 1073872896 extends beyond EOD, truncated [ 265.960276][T25146] loop4: p3 size 1912633224 extends beyond EOD, truncated [ 265.960652][T25146] loop4: p4 size 3657465856 extends beyond EOD, truncated [ 265.971831][T25143] EXT4-fs error (device loop2): __ext4_iget:4846: inode #2: block 3646141627: comm syz-executor.2: invalid block [ 265.971923][T25143] EXT4-fs (loop2): get root inode failed [ 265.971929][T25143] EXT4-fs (loop2): mount failed [ 266.001338][T25143] loop2: detected capacity change from 0 to 512 [ 266.002114][T25143] EXT4-fs error (device loop2): __ext4_iget:4846: inode #2: block 3646141627: comm syz-executor.2: invalid block [ 266.002137][T25143] EXT4-fs (loop2): get root inode failed [ 266.002153][T25143] EXT4-fs (loop2): mount failed [ 266.032599][T25146] loop4: detected capacity change from 0 to 264192 [ 266.068667][T24818] loop4: p1 p2 p3 p4 [ 266.068737][T24818] loop4: p1 size 11290111 extends beyond EOD, truncated [ 266.069034][T24818] loop4: p2 size 1073872896 extends beyond EOD, truncated [ 266.069352][T24818] loop4: p3 size 1912633224 extends beyond EOD, truncated [ 266.069722][T24818] loop4: p4 size 3657465856 extends beyond EOD, truncated [ 266.073675][T25146] loop4: p1 p2 p3 p4 [ 266.073715][T25146] loop4: p1 size 11290111 extends beyond EOD, truncated [ 266.074560][T25146] loop4: p2 size 1073872896 extends beyond EOD, truncated [ 266.075079][T25146] loop4: p3 size 1912633224 extends beyond EOD, truncated [ 266.076720][T25146] loop4: p4 size 3657465856 extends beyond EOD, truncated [ 266.362653][T25208] loop2: detected capacity change from 0 to 512 [ 266.370199][T25208] EXT4-fs (loop2): VFS: Can't find ext4 filesystem [ 266.688404][T25234] loop4: detected capacity change from 0 to 264192 [ 266.728521][T25238] loop4: p1 p2 p3 p4 [ 266.728618][T25238] loop4: p1 size 11290111 extends beyond EOD, truncated [ 266.729105][T25238] loop4: p2 size 1073872896 extends beyond EOD, truncated [ 266.729629][T25238] loop4: p3 size 1912633224 extends beyond EOD, truncated [ 266.730227][T25238] loop4: p4 size 3657465856 extends beyond EOD, truncated [ 266.732549][T25234] loop4: p1 p2 p3 p4 [ 266.732594][T25234] loop4: p1 size 11290111 extends beyond EOD, truncated [ 266.733290][T25234] loop4: p2 size 1073872896 extends beyond EOD, truncated [ 266.734337][T25234] loop4: p3 size 1912633224 extends beyond EOD, truncated [ 266.734796][T25234] loop4: p4 size 3657465856 extends beyond EOD, truncated [ 266.761365][T25241] FAULT_INJECTION: forcing a failure. [ 266.761365][T25241] name failslab, interval 1, probability 0, space 0, times 0 [ 266.761455][T25241] CPU: 0 PID: 25241 Comm: syz-executor.5 Tainted: G W 5.14.0-syzkaller #0 [ 266.761477][T25241] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 266.761623][T25241] Call Trace: [ 266.761630][T25241] dump_stack_lvl+0xb7/0x103 [ 266.761652][T25241] dump_stack+0x11/0x1a [ 266.761670][T25241] should_fail+0x23c/0x250 [ 266.761688][T25241] __should_failslab+0x81/0x90 [ 266.761706][T25241] ? __iomap_dio_rw+0xf2/0xa60 [ 266.761767][T25241] should_failslab+0x5/0x20 [ 266.761785][T25241] kmem_cache_alloc_trace+0x49/0x310 [ 266.761858][T25241] __iomap_dio_rw+0xf2/0xa60 [ 266.761878][T25241] ? ext4_es_lookup_extent+0x36b/0x490 [ 266.761896][T25241] ? ktime_get_coarse_real_ts64+0x10d/0x120 [ 266.761917][T25241] ? file_update_time+0x1bd/0x3e0 [ 266.761959][T25241] iomap_dio_rw+0x30/0x70 [ 266.761982][T25241] ext4_file_write_iter+0xa5e/0x11a0 [ 266.762037][T25241] do_iter_readv_writev+0x2cd/0x370 [ 266.762058][T25241] do_iter_write+0x192/0x5c0 [ 266.762074][T25241] ? splice_from_pipe_next+0x34f/0x3b0 [ 266.762283][T25241] ? kcsan_setup_watchpoint+0x231/0x3e0 [ 266.762299][T25241] vfs_iter_write+0x4c/0x70 [ 266.762316][T25241] iter_file_splice_write+0x40a/0x750 [ 266.762352][T25241] ? splice_from_pipe+0xc0/0xc0 [ 266.762372][T25241] direct_splice_actor+0x80/0xa0 [ 266.762450][T25241] splice_direct_to_actor+0x345/0x650 [ 266.762474][T25241] ? do_splice_direct+0x170/0x170 [ 266.762497][T25241] do_splice_direct+0xf5/0x170 [ 266.762533][T25241] do_sendfile+0x618/0xb90 [ 266.762555][T25241] __x64_sys_sendfile64+0xf2/0x130 [ 266.762580][T25241] do_syscall_64+0x3d/0x90 [ 266.762600][T25241] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 266.762621][T25241] RIP: 0033:0x4665f9 [ 266.762703][T25241] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 266.762718][T25241] RSP: 002b:00007f439350a188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 266.762737][T25241] RAX: ffffffffffffffda RBX: 000000000056c038 RCX: 00000000004665f9 [ 266.762750][T25241] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000004 [ 266.762762][T25241] RBP: 00007f439350a1d0 R08: 0000000000000000 R09: 0000000000000000 [ 266.762775][T25241] R10: 0008000000000004 R11: 0000000000000246 R12: 0000000000000002 [ 266.762786][T25241] R13: 00007ffeba6dfb3f R14: 00007f439350a300 R15: 0000000000022000 [ 266.868456][T25267] loop4: detected capacity change from 0 to 264192 [ 266.909933][T25275] loop4: p1 p2 p3 p4 [ 266.909972][T25275] loop4: p1 size 11290111 extends beyond EOD, truncated [ 266.910305][T25275] loop4: p2 size 1073872896 extends beyond EOD, truncated [ 266.910639][T25275] loop4: p3 size 1912633224 extends beyond EOD, truncated 01:16:52 executing program 1: perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x402, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x3b, 0x2ada}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TCSETS2(r0, 0x402c542b, &(0x7f00000003c0)={0x46e3, 0x5f3, 0x6b7897ab, 0x85ab, 0x0, "ec4b2cf4dd291ac55a0cde0c254d6c6cb5a8c4"}) ioctl$TCSETS2(r0, 0x402c542b, &(0x7f0000000180)={0x8000, 0x0, 0x0, 0x1, 0x0, "522035de5fdc1c30dd8c1fb8754ef7c044d5c8", 0x0, 0x7}) ioctl$PIO_UNIMAPCLR(r0, 0x4b68, &(0x7f00000000c0)={0x8, 0x6c60, 0x7}) ioctl$int_in(0xffffffffffffffff, 0x0, 0x0) pipe2(0x0, 0x0) openat$cgroup_freezer_state(0xffffffffffffffff, 0x0, 0x2, 0x0) ioctl$TIOCL_PASTESEL(r0, 0x541c, &(0x7f0000000240)) mmap(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) ioctl$TIOCL_PASTESEL(0xffffffffffffffff, 0x541c, 0x0) msgctl$IPC_STAT(0x0, 0x2, 0x0) write$binfmt_misc(0xffffffffffffffff, 0x0, 0x25) ioctl$TIOCL_PASTESEL(0xffffffffffffffff, 0x541c, 0x0) msgctl$IPC_STAT(0x0, 0x2, 0x0) getdents(0xffffffffffffffff, 0x0, 0x0) 01:16:52 executing program 4: syz_read_part_table(0xf00000000000000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000000)="020181ffffff0a000000ff45ac0000ffffffa9000800000000000000024000ffffff82000000e10000008877007200300700a6ffffff00000000008000da55aa", 0x40, 0x1c0}]) 01:16:52 executing program 0: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="200000004000000003000000300000000f000000000000004000000002000000008000000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000000140)="ed41000000000000dbf4655fdcf4655fdcf4655f0000000000000400080000000000000005000000080000000000000000000000000000000000000000000000bb", 0x41, 0x4200}], 0x0, &(0x7f0000013a00)) 01:16:52 executing program 5 (fault-call:7 fault-nth:94): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x7a05, 0x1700) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) write$cgroup_int(r2, &(0x7f0000000200), 0xf000) pwrite64(0xffffffffffffffff, 0x0, 0x0, 0x0) sendfile(r2, r3, 0x0, 0xf03b0000) sendfile(r1, r0, 0x0, 0x8000000000004) 01:16:52 executing program 2: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0xfffffffe, &(0x7f0000000200)=[{&(0x7f0000010000)="200000004000000003000000300000000f000000000000000200000002000000008000000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000000140)="ed41000000000000dbf4655fdcf4655fdcf4655f0000000000000400080000000000000005000000080000000000000000000000000000000000000000000000bbb453d966251f49b1ab9b5b4d3c3f8ccc23b5d09ae234926a1e667ee0255913fede62ba578c07a711", 0x69, 0x4200}], 0x0, &(0x7f0000013a00)) [ 266.911077][T25275] loop4: p4 size 3657465856 extends beyond EOD, truncated [ 266.914393][T25267] loop_reread_partitions: partition scan of loop4 () failed (rc=-16) [ 267.511389][T25235] loop2: detected capacity change from 0 to 512 [ 267.523979][T25235] EXT4-fs (loop2): VFS: Can't find ext4 filesystem [ 268.197068][T25318] loop4: detected capacity change from 0 to 264192 [ 268.265159][T25325] FAULT_INJECTION: forcing a failure. [ 268.265159][T25325] name failslab, interval 1, probability 0, space 0, times 0 [ 268.277906][T25325] CPU: 0 PID: 25325 Comm: syz-executor.5 Tainted: G W 5.14.0-syzkaller #0 [ 268.287771][T25325] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 268.297820][T25325] Call Trace: [ 268.301095][T25325] dump_stack_lvl+0xb7/0x103 [ 268.305694][T25325] dump_stack+0x11/0x1a [ 268.309857][T25325] should_fail+0x23c/0x250 [ 268.309875][T25325] ? mempool_alloc_slab+0x16/0x20 [ 268.319338][T25325] __should_failslab+0x81/0x90 [ 268.319361][T25325] should_failslab+0x5/0x20 [ 268.319379][T25325] kmem_cache_alloc+0x46/0x2e0 [ 268.319403][T25325] mempool_alloc_slab+0x16/0x20 [ 268.338175][T25325] ? mempool_free+0x130/0x130 [ 268.338255][T25325] mempool_alloc+0x8c/0x300 [ 268.338275][T25325] ? ext4_inode_block_valid+0x1cc/0x210 [ 268.338298][T25325] bio_alloc_bioset+0xcc/0x530 [ 268.338321][T25325] ? iov_iter_alignment+0x34b/0x370 [ 268.362933][T25325] iomap_dio_bio_actor+0x511/0xb50 [ 268.368064][T25325] ? ext4_iomap_begin+0x5d1/0x620 [ 268.368166][T25325] iomap_dio_actor+0x26e/0x3b0 [ 268.377900][T25325] ? ext4_iomap_overwrite_begin+0x5e/0x80 [ 268.377979][T25325] iomap_apply+0x1df/0x400 [ 268.388165][T25325] __iomap_dio_rw+0x62e/0xa60 [ 268.388186][T25325] ? __iomap_dio_rw+0xa60/0xa60 [ 268.388234][T25325] iomap_dio_rw+0x30/0x70 [ 268.388255][T25325] ext4_file_write_iter+0xa5e/0x11a0 [ 268.388274][T25325] do_iter_readv_writev+0x2cd/0x370 [ 268.388297][T25325] do_iter_write+0x192/0x5c0 [ 268.417680][T25325] ? splice_from_pipe_next+0x34f/0x3b0 [ 268.423144][T25325] ? kmalloc_array+0x2d/0x40 [ 268.423166][T25325] vfs_iter_write+0x4c/0x70 [ 268.423184][T25325] iter_file_splice_write+0x40a/0x750 [ 268.437760][T25325] ? splice_from_pipe+0xc0/0xc0 [ 268.437782][T25325] direct_splice_actor+0x80/0xa0 [ 268.437803][T25325] splice_direct_to_actor+0x345/0x650 [ 268.452898][T25325] ? do_splice_direct+0x170/0x170 [ 268.457925][T25325] do_splice_direct+0xf5/0x170 [ 268.457948][T25325] do_sendfile+0x618/0xb90 [ 268.467115][T25325] __x64_sys_sendfile64+0xf2/0x130 [ 268.467136][T25325] do_syscall_64+0x3d/0x90 [ 268.467155][T25325] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 268.467228][T25325] RIP: 0033:0x4665f9 [ 268.486455][T25325] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 268.486473][T25325] RSP: 002b:00007f439350a188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 01:16:52 executing program 0: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="200000004000000003000000300000000ffffffffffffffffe00000002000000008000000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000000140)="ed41000000000000dbf4655fdcf4655fdcf4655f0000000000000400080000000000000005000000080000000000000000000000000000000000000000000000bb", 0x41, 0x4200}], 0x0, &(0x7f0000013a00)) [ 268.486491][T25325] RAX: ffffffffffffffda RBX: 000000000056c038 RCX: 00000000004665f9 [ 268.523396][T25325] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000004 [ 268.523408][T25325] RBP: 00007f439350a1d0 R08: 0000000000000000 R09: 0000000000000000 [ 268.523418][T25325] R10: 0008000000000004 R11: 0000000000000246 R12: 0000000000000002 [ 268.523432][T25325] R13: 00007ffeba6dfb3f R14: 00007f439350a300 R15: 0000000000022000 [ 268.564688][T25318] loop4: p1 p2 p3 p4 [ 268.564798][T25318] loop4: p1 size 11290111 extends beyond EOD, truncated [ 268.565130][T25318] loop4: p2 size 1073872896 extends beyond EOD, truncated [ 268.565554][T25318] loop4: p3 size 1912633224 extends beyond EOD, truncated [ 268.566130][T25318] loop4: p4 size 3657465856 extends beyond EOD, truncated 01:16:53 executing program 3: keyctl$link(0x8, 0x0, 0xffffffffffffffff) keyctl$restrict_keyring(0x4, 0xfffffffffffffffd, 0x0, 0x0) 01:16:53 executing program 1: perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x402, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x3b, 0x2ada}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TCSETS2(r0, 0x402c542b, &(0x7f00000003c0)={0x46e3, 0x5f3, 0x6b7897ab, 0x85ab, 0x0, "ec4b2cf4dd291ac55a0cde0c254d6c6cb5a8c4"}) ioctl$TCSETS2(r0, 0x402c542b, &(0x7f0000000180)={0x8000, 0x0, 0x0, 0x1, 0x0, "522035de5fdc1c30dd8c1fb8754ef7c044d5c8", 0x0, 0x7}) ioctl$PIO_UNIMAPCLR(r0, 0x4b68, &(0x7f00000000c0)={0x8, 0x6c60, 0x7}) ioctl$int_in(0xffffffffffffffff, 0x0, 0x0) pipe2(0x0, 0x0) openat$cgroup_freezer_state(0xffffffffffffffff, 0x0, 0x2, 0x0) ioctl$TIOCL_PASTESEL(r0, 0x541c, &(0x7f0000000240)) mmap(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) ioctl$TIOCL_PASTESEL(0xffffffffffffffff, 0x541c, 0x0) msgctl$IPC_STAT(0x0, 0x2, 0x0) write$binfmt_misc(0xffffffffffffffff, 0x0, 0x25) ioctl$TIOCL_PASTESEL(0xffffffffffffffff, 0x541c, 0x0) msgctl$IPC_STAT(0x0, 0x2, 0x0) getdents(0xffffffffffffffff, 0x0, 0x0) 01:16:53 executing program 0: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="200000004000000003000000300000000f000200000000000200000002000000008000000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000000140)="ed41000000000000dbf4655fdcf4655fdcf4655f0000000000000400080000000000000005000000080000000000000000000000000000000000000000000000bb", 0x41, 0x4200}], 0x0, &(0x7f0000013a00)) 01:16:53 executing program 5 (fault-call:7 fault-nth:95): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x7a05, 0x1700) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) write$cgroup_int(r2, &(0x7f0000000200), 0xf000) pwrite64(0xffffffffffffffff, 0x0, 0x0, 0x0) sendfile(r2, r3, 0x0, 0xf03b0000) sendfile(r1, r0, 0x0, 0x8000000000004) 01:16:53 executing program 2: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0xfffffffffffffffe, &(0x7f0000000200)=[{&(0x7f0000010000)="200000004000000003000000300000000f000000000000000200000002000000008000000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000000140)="ed41000000000000dbf4655fdcf4655fdcf4655f0000000000000400080000000000000005000000080000000000000000000000000000000000000000000000bbb453d966251f49b1ab9b5b4d3c3f8ccc23b5d09ae234926a1e667ee0255913fede62ba578c07a711", 0x69, 0x4200}], 0x0, &(0x7f0000013a00)) 01:16:53 executing program 4: syz_read_part_table(0x1000000000000000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000000)="020181ffffff0a000000ff45ac0000ffffffa9000800000000000000024000ffffff82000000e10000008877007200300700a6ffffff00000000008000da55aa", 0x40, 0x1c0}]) [ 269.708281][T25364] loop4: detected capacity change from 0 to 264192 01:16:54 executing program 0: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="200000004000000003000000300000000f000300000000000200000002000000008000000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000000140)="ed41000000000000dbf4655fdcf4655fdcf4655f0000000000000400080000000000000005000000080000000000000000000000000000000000000000000000bb", 0x41, 0x4200}], 0x0, &(0x7f0000013a00)) 01:16:54 executing program 1: perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x402, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x3b, 0x2ada}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TCSETS2(r0, 0x402c542b, &(0x7f00000003c0)={0x46e3, 0x5f3, 0x6b7897ab, 0x85ab, 0x0, "ec4b2cf4dd291ac55a0cde0c254d6c6cb5a8c4"}) ioctl$TCSETS2(r0, 0x402c542b, &(0x7f0000000180)={0x8000, 0x0, 0x0, 0x1, 0x0, "522035de5fdc1c30dd8c1fb8754ef7c044d5c8", 0x0, 0x7}) ioctl$PIO_UNIMAPCLR(r0, 0x4b68, &(0x7f00000000c0)={0x8, 0x6c60, 0x7}) ioctl$int_in(0xffffffffffffffff, 0x0, 0x0) pipe2(0x0, 0x0) openat$cgroup_freezer_state(0xffffffffffffffff, 0x0, 0x2, 0x0) ioctl$TIOCL_PASTESEL(r0, 0x541c, &(0x7f0000000240)) mmap(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) ioctl$TIOCL_PASTESEL(0xffffffffffffffff, 0x541c, 0x0) msgctl$IPC_STAT(0x0, 0x2, 0x0) write$binfmt_misc(0xffffffffffffffff, 0x0, 0x25) ioctl$TIOCL_PASTESEL(0xffffffffffffffff, 0x541c, 0x0) msgctl$IPC_STAT(0x0, 0x2, 0x0) 01:16:54 executing program 3: r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffe) keyctl$KEYCTL_MOVE(0x1e, r0, r0, r0, 0x0) [ 269.774194][T25370] FAULT_INJECTION: forcing a failure. [ 269.774194][T25370] name failslab, interval 1, probability 0, space 0, times 0 [ 269.786973][T25370] CPU: 0 PID: 25370 Comm: syz-executor.5 Tainted: G W 5.14.0-syzkaller #0 [ 269.796901][T25370] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 269.806952][T25370] Call Trace: [ 269.810356][T25370] dump_stack_lvl+0xb7/0x103 [ 269.815398][T25370] dump_stack+0x11/0x1a [ 269.819682][T25370] should_fail+0x23c/0x250 [ 269.824175][T25370] ? mempool_alloc_slab+0x16/0x20 [ 269.829277][T25370] __should_failslab+0x81/0x90 [ 269.834050][T25370] should_failslab+0x5/0x20 [ 269.838551][T25370] kmem_cache_alloc+0x46/0x2e0 [ 269.843379][T25370] mempool_alloc_slab+0x16/0x20 [ 269.843410][T25370] ? mempool_free+0x130/0x130 01:16:54 executing program 0: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="200000004000000003000000300000000f000400000000000200000002000000008000000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000000140)="ed41000000000000dbf4655fdcf4655fdcf4655f0000000000000400080000000000000005000000080000000000000000000000000000000000000000000000bb", 0x41, 0x4200}], 0x0, &(0x7f0000013a00)) 01:16:54 executing program 3: socket(0x25, 0x5, 0x101) [ 269.843494][T25370] mempool_alloc+0x8c/0x300 [ 269.843515][T25370] sg_pool_alloc+0x74/0x90 01:16:54 executing program 4: syz_read_part_table(0x1100000000000000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000000)="020181ffffff0a000000ff45ac0000ffffffa9000800000000000000024000ffffff82000000e10000008877007200300700a6ffffff00000000008000da55aa", 0x40, 0x1c0}]) [ 269.843537][T25370] __sg_alloc_table+0xce/0x290 01:16:54 executing program 0: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="200000004000000003000000300000000f000500000000000200000002000000008000000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000000140)="ed41000000000000dbf4655fdcf4655fdcf4655f0000000000000400080000000000000005000000080000000000000000000000000000000000000000000000bb", 0x41, 0x4200}], 0x0, &(0x7f0000013a00)) 01:16:54 executing program 3: msgget(0x0, 0xa0) mkdirat$cgroup_root(0xffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz1\x00', 0x1ff) r0 = msgget$private(0x0, 0x228) r1 = getuid() getuid() getgroups(0x3, &(0x7f0000000040)=[0xee00, 0xee00, 0xee00]) msgctl$IPC_SET(r0, 0x1, &(0x7f0000000080)={{0x3, r1, 0x0, 0x0, r2, 0x82, 0x16f3}, 0x0, 0x0, 0x4, 0x3, 0x8, 0x0, 0x2, 0x5, 0x1f, 0xffff}) [ 269.843558][T25370] sg_alloc_table_chained+0xaf/0x140 01:16:54 executing program 0: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="200000004000000003000000300000000f000600000000000200000002000000008000000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000000140)="ed41000000000000dbf4655fdcf4655fdcf4655f0000000000000400080000000000000005000000080000000000000000000000000000000000000000000000bb", 0x41, 0x4200}], 0x0, &(0x7f0000013a00)) [ 269.843580][T25370] ? sg_alloc_table_chained+0x140/0x140 [ 269.843638][T25370] scsi_alloc_sgtables+0x17c/0x500 [ 269.843660][T25370] sd_init_command+0x96a/0x1640 01:16:54 executing program 3: r0 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) pidfd_send_signal(r0, 0x0, &(0x7f0000000040)={0x0, 0x0, 0x7fff}, 0x0) [ 269.843738][T25370] scsi_queue_rq+0x10e0/0x15a0 [ 269.843754][T25370] blk_mq_dispatch_rq_list+0x695/0x1040 [ 269.843774][T25370] ? __sbitmap_queue_get+0x11/0x20 [ 269.843795][T25370] blk_mq_do_dispatch_sched+0x3b5/0x640 [ 269.843849][T25370] __blk_mq_sched_dispatch_requests+0x1eb/0x290 [ 269.843872][T25370] ? rb_insert_color+0x2fa/0x310 [ 269.843931][T25370] blk_mq_sched_dispatch_requests+0x9f/0x110 [ 269.843964][T25370] __blk_mq_run_hw_queue+0xbc/0x140 01:16:54 executing program 5 (fault-call:7 fault-nth:96): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x7a05, 0x1700) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) write$cgroup_int(r2, &(0x7f0000000200), 0xf000) pwrite64(0xffffffffffffffff, 0x0, 0x0, 0x0) sendfile(r2, r3, 0x0, 0xf03b0000) sendfile(r1, r0, 0x0, 0x8000000000004) [ 269.843983][T25370] __blk_mq_delay_run_hw_queue+0x163/0x2f0 [ 269.844006][T25370] blk_mq_run_hw_queue+0x22c/0x250 [ 269.844042][T25370] blk_mq_sched_insert_requests+0x12b/0x1f0 [ 269.844066][T25370] blk_mq_flush_plug_list+0x2f2/0x3c0 [ 269.844085][T25370] blk_flush_plug_list+0x235/0x260 01:16:54 executing program 2: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0xffffffffffffffff, &(0x7f0000000200)=[{&(0x7f0000010000)="200000004000000003000000300000000f000000000000000200000002000000008000000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000000140)="ed41000000000000dbf4655fdcf4655fdcf4655f0000000000000400080000000000000005000000080000000000000000000000000000000000000000000000bbb453d966251f49b1ab9b5b4d3c3f8ccc23b5d09ae234926a1e667ee0255913fede62ba578c07a711", 0x69, 0x4200}], 0x0, &(0x7f0000013a00)) 01:16:54 executing program 0: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="200000004000000003000000300000000f000700000000000200000002000000008000000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000000140)="ed41000000000000dbf4655fdcf4655fdcf4655f0000000000000400080000000000000005000000080000000000000000000000000000000000000000000000bb", 0x41, 0x4200}], 0x0, &(0x7f0000013a00)) [ 269.844128][T25370] blk_finish_plug+0x44/0x60 [ 269.844223][T25370] __iomap_dio_rw+0x797/0xa60 [ 269.844244][T25370] iomap_dio_rw+0x30/0x70 [ 269.844263][T25370] ext4_file_write_iter+0xa5e/0x11a0 [ 269.844290][T25370] do_iter_readv_writev+0x2cd/0x370 [ 269.844385][T25370] do_iter_write+0x192/0x5c0 [ 269.844403][T25370] ? splice_from_pipe_next+0x34f/0x3b0 [ 269.844424][T25370] ? kmalloc_array+0x2d/0x40 [ 269.844443][T25370] vfs_iter_write+0x4c/0x70 [ 269.844461][T25370] iter_file_splice_write+0x40a/0x750 [ 269.844499][T25370] ? splice_from_pipe+0xc0/0xc0 [ 269.844520][T25370] direct_splice_actor+0x80/0xa0 [ 269.844540][T25370] splice_direct_to_actor+0x345/0x650 [ 269.844615][T25370] ? do_splice_direct+0x170/0x170 [ 269.844635][T25370] do_splice_direct+0xf5/0x170 [ 269.844655][T25370] do_sendfile+0x618/0xb90 [ 269.844673][T25370] __x64_sys_sendfile64+0xf2/0x130 [ 269.844695][T25370] do_syscall_64+0x3d/0x90 [ 269.844757][T25370] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 269.844778][T25370] RIP: 0033:0x4665f9 [ 269.844789][T25370] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 269.844806][T25370] RSP: 002b:00007f439350a188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 269.844822][T25370] RAX: ffffffffffffffda RBX: 000000000056c038 RCX: 00000000004665f9 [ 269.844832][T25370] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000004 [ 269.844891][T25370] RBP: 00007f439350a1d0 R08: 0000000000000000 R09: 0000000000000000 [ 269.844905][T25370] R10: 0008000000000004 R11: 0000000000000246 R12: 0000000000000002 [ 269.844918][T25370] R13: 00007ffeba6dfb3f R14: 00007f439350a300 R15: 0000000000022000 [ 269.883594][T25364] loop4: p1 p2 p3 p4 [ 269.883690][T25364] loop4: p1 size 11290111 extends beyond EOD, truncated [ 269.884251][T25364] loop4: p2 size 1073872896 extends beyond EOD, truncated [ 269.884653][T25364] loop4: p3 size 1912633224 extends beyond EOD, truncated [ 269.885213][T25364] loop4: p4 size 3657465856 extends beyond EOD, truncated [ 269.945288][T25364] loop4: detected capacity change from 0 to 264192 [ 269.988359][T25367] loop4: p1 p2 p3 p4 [ 269.988404][T25367] loop4: p1 size 11290111 extends beyond EOD, truncated [ 269.988800][T25367] loop4: p2 size 1073872896 extends beyond EOD, truncated [ 269.989346][T25367] loop4: p3 size 1912633224 extends beyond EOD, truncated [ 269.989812][T25367] loop4: p4 size 3657465856 extends beyond EOD, truncated [ 270.001067][T25364] loop4: p1 p2 p3 p4 [ 270.001185][T25364] loop4: p1 size 11290111 extends beyond EOD, truncated [ 270.001547][T25364] loop4: p2 size 1073872896 extends beyond EOD, truncated [ 270.001924][T25364] loop4: p3 size 1912633224 extends beyond EOD, truncated [ 270.002405][T25364] loop4: p4 size 3657465856 extends beyond EOD, truncated [ 270.144647][T25439] loop4: detected capacity change from 0 to 264192 [ 270.193840][ T1038] loop4: p1 p2 p3 p4 [ 270.193949][ T1038] loop4: p1 size 11290111 extends beyond EOD, truncated [ 270.194484][ T1038] loop4: p2 size 1073872896 extends beyond EOD, truncated [ 270.195161][ T1038] loop4: p3 size 1912633224 extends beyond EOD, truncated [ 270.208249][ T1038] loop4: p4 size 3657465856 extends beyond EOD, truncated [ 270.210536][T25439] loop4: p1 p2 p3 p4 [ 270.210565][T25439] loop4: p1 size 11290111 extends beyond EOD, truncated [ 270.210977][T25439] loop4: p2 size 1073872896 extends beyond EOD, truncated [ 270.211399][T25439] loop4: p3 size 1912633224 extends beyond EOD, truncated [ 270.211706][T25439] loop4: p4 size 3657465856 extends beyond EOD, truncated [ 270.275847][T25439] loop4: detected capacity change from 0 to 264192 [ 270.326282][T25439] loop4: p1 p2 p3 p4 [ 270.326404][T25439] loop4: p1 size 11290111 extends beyond EOD, truncated [ 270.326773][T25439] loop4: p2 size 1073872896 extends beyond EOD, truncated [ 270.327045][T25439] loop4: p3 size 1912633224 extends beyond EOD, truncated [ 270.327356][T25439] loop4: p4 size 3657465856 extends beyond EOD, truncated [ 270.650142][T25502] FAULT_INJECTION: forcing a failure. [ 270.650142][T25502] name failslab, interval 1, probability 0, space 0, times 0 [ 270.650166][T25502] CPU: 0 PID: 25502 Comm: syz-executor.5 Tainted: G W 5.14.0-syzkaller #0 [ 270.650186][T25502] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 270.650208][T25502] Call Trace: [ 270.650215][T25502] dump_stack_lvl+0xb7/0x103 [ 270.650237][T25502] dump_stack+0x11/0x1a [ 270.650253][T25502] should_fail+0x23c/0x250 [ 270.650268][T25502] ? kmalloc_array+0x2d/0x40 [ 270.650289][T25502] __should_failslab+0x81/0x90 [ 270.650306][T25502] should_failslab+0x5/0x20 [ 270.650322][T25502] __kmalloc+0x66/0x340 [ 270.650336][T25502] ? ktime_get_coarse_real_ts64+0x10d/0x120 [ 270.650393][T25502] ? splice_from_pipe+0xc0/0xc0 [ 270.650455][T25502] kmalloc_array+0x2d/0x40 [ 270.650522][T25502] iter_file_splice_write+0xc6/0x750 [ 270.650545][T25502] ? atime_needs_update+0x2ba/0x390 [ 270.650594][T25502] ? touch_atime+0xcf/0x240 [ 270.650612][T25502] ? generic_file_splice_read+0x286/0x310 [ 270.650684][T25502] ? splice_from_pipe+0xc0/0xc0 [ 270.650705][T25502] direct_splice_actor+0x80/0xa0 [ 270.650725][T25502] splice_direct_to_actor+0x345/0x650 [ 270.650802][T25502] ? do_splice_direct+0x170/0x170 [ 270.650824][T25502] do_splice_direct+0xf5/0x170 [ 270.650844][T25502] do_sendfile+0x618/0xb90 [ 270.650880][T25502] __x64_sys_sendfile64+0xf2/0x130 [ 270.650900][T25502] do_syscall_64+0x3d/0x90 [ 270.650944][T25502] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 270.650999][T25502] RIP: 0033:0x4665f9 [ 270.651012][T25502] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 01:16:56 executing program 1: perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x402, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x3b, 0x2ada}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TCSETS2(r0, 0x402c542b, &(0x7f00000003c0)={0x46e3, 0x5f3, 0x6b7897ab, 0x85ab, 0x0, "ec4b2cf4dd291ac55a0cde0c254d6c6cb5a8c4"}) ioctl$TCSETS2(r0, 0x402c542b, &(0x7f0000000180)={0x8000, 0x0, 0x0, 0x1, 0x0, "522035de5fdc1c30dd8c1fb8754ef7c044d5c8", 0x0, 0x7}) ioctl$PIO_UNIMAPCLR(r0, 0x4b68, &(0x7f00000000c0)={0x8, 0x6c60, 0x7}) ioctl$int_in(0xffffffffffffffff, 0x0, 0x0) pipe2(0x0, 0x0) openat$cgroup_freezer_state(0xffffffffffffffff, 0x0, 0x2, 0x0) ioctl$TIOCL_PASTESEL(r0, 0x541c, &(0x7f0000000240)) mmap(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) ioctl$TIOCL_PASTESEL(0xffffffffffffffff, 0x541c, 0x0) msgctl$IPC_STAT(0x0, 0x2, 0x0) write$binfmt_misc(0xffffffffffffffff, 0x0, 0x25) ioctl$TIOCL_PASTESEL(0xffffffffffffffff, 0x541c, 0x0) msgctl$IPC_STAT(0x0, 0x2, 0x0) 01:16:56 executing program 3: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_PASTESEL(r0, 0x541c, &(0x7f0000000240)) mmap(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) ioctl$TIOCL_PASTESEL(0xffffffffffffffff, 0x541c, &(0x7f0000000040)) msgctl$IPC_STAT(0x0, 0x2, 0x0) ioctl$TIOCL_PASTESEL(0xffffffffffffffff, 0x541c, &(0x7f0000000100)) 01:16:56 executing program 4: syz_read_part_table(0x1200000000000000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000000)="020181ffffff0a000000ff45ac0000ffffffa9000800000000000000024000ffffff82000000e10000008877007200300700a6ffffff00000000008000da55aa", 0x40, 0x1c0}]) 01:16:56 executing program 0: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="200000004000000003000000300000000f000800000000000200000002000000008000000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000000140)="ed41000000000000dbf4655fdcf4655fdcf4655f0000000000000400080000000000000005000000080000000000000000000000000000000000000000000000bb", 0x41, 0x4200}], 0x0, &(0x7f0000013a00)) 01:16:56 executing program 5 (fault-call:7 fault-nth:97): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x7a05, 0x1700) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) write$cgroup_int(r2, &(0x7f0000000200), 0xf000) pwrite64(0xffffffffffffffff, 0x0, 0x0, 0x0) sendfile(r2, r3, 0x0, 0xf03b0000) sendfile(r1, r0, 0x0, 0x8000000000004) 01:16:56 executing program 2: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="020000004000000003000000300000000f000000000000000200000002000000008000000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000000140)="ed41000000000000dbf4655fdcf4655fdcf4655f0000000000000400080000000000000005000000080000000000000000000000000000000000000000000000bbb453d966251f49b1ab9b5b4d3c3f8ccc23b5d09ae234926a1e667ee0255913fede62ba578c07a711", 0x69, 0x4200}], 0x0, &(0x7f0000013a00)) [ 270.651027][T25502] RSP: 002b:00007f439350a188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 270.651043][T25502] RAX: ffffffffffffffda RBX: 000000000056c038 RCX: 00000000004665f9 [ 270.651056][T25502] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000004 [ 270.651068][T25502] RBP: 00007f439350a1d0 R08: 0000000000000000 R09: 0000000000000000 [ 270.651079][T25502] R10: 0008000000000004 R11: 0000000000000246 R12: 0000000000000002 [ 270.651092][T25502] R13: 00007ffeba6dfb3f R14: 00007f439350a300 R15: 0000000000022000 [ 271.971296][T25523] loop4: detected capacity change from 0 to 264192 [ 271.978595][T25524] loop2: detected capacity change from 0 to 512 01:16:56 executing program 0: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="200000004000000003000000300000000f000a00000000000200000002000000008000000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000000140)="ed41000000000000dbf4655fdcf4655fdcf4655f0000000000000400080000000000000005000000080000000000000000000000000000000000000000000000bb", 0x41, 0x4200}], 0x0, &(0x7f0000013a00)) [ 272.051048][T25532] FAULT_INJECTION: forcing a failure. [ 272.051048][T25532] name failslab, interval 1, probability 0, space 0, times 0 [ 272.063799][T25532] CPU: 0 PID: 25532 Comm: syz-executor.5 Tainted: G W 5.14.0-syzkaller #0 [ 272.063968][T25524] EXT4-fs (loop2): inodes count not valid: 2 vs 32 [ 272.073723][T25532] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 272.073753][T25532] Call Trace: [ 272.073761][T25532] dump_stack_lvl+0xb7/0x103 01:16:56 executing program 1: perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x402, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x3b, 0x2ada}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TCSETS2(r0, 0x402c542b, &(0x7f00000003c0)={0x46e3, 0x5f3, 0x6b7897ab, 0x85ab, 0x0, "ec4b2cf4dd291ac55a0cde0c254d6c6cb5a8c4"}) ioctl$TCSETS2(r0, 0x402c542b, &(0x7f0000000180)={0x8000, 0x0, 0x0, 0x1, 0x0, "522035de5fdc1c30dd8c1fb8754ef7c044d5c8", 0x0, 0x7}) ioctl$PIO_UNIMAPCLR(r0, 0x4b68, &(0x7f00000000c0)={0x8, 0x6c60, 0x7}) ioctl$int_in(0xffffffffffffffff, 0x0, 0x0) pipe2(0x0, 0x0) openat$cgroup_freezer_state(0xffffffffffffffff, 0x0, 0x2, 0x0) ioctl$TIOCL_PASTESEL(r0, 0x541c, &(0x7f0000000240)) mmap(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) ioctl$TIOCL_PASTESEL(0xffffffffffffffff, 0x541c, 0x0) msgctl$IPC_STAT(0x0, 0x2, 0x0) write$binfmt_misc(0xffffffffffffffff, 0x0, 0x25) ioctl$TIOCL_PASTESEL(0xffffffffffffffff, 0x541c, 0x0) [ 272.073783][T25532] dump_stack+0x11/0x1a [ 272.103018][T25532] should_fail+0x23c/0x250 01:16:56 executing program 3: r0 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @ipv4={'\x00', '\xff\xff', @empty}}, 0x1c) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x4e21, 0x0, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x38}}}, 0x1c) sendto$inet6(r0, &(0x7f0000000100)="91", 0x1, 0x0, &(0x7f0000000000)={0xa, 0x0, 0x0, @private2}, 0x1c) [ 272.103079][T25532] __should_failslab+0x81/0x90 01:16:56 executing program 4: syz_read_part_table(0x1300000000000000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000000)="020181ffffff0a000000ff45ac0000ffffffa9000800000000000000024000ffffff82000000e10000008877007200300700a6ffffff00000000008000da55aa", 0x40, 0x1c0}]) 01:16:56 executing program 0: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="200000004000000003000000300000000f000b00000000000200000002000000008000000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000000140)="ed41000000000000dbf4655fdcf4655fdcf4655f0000000000000400080000000000000005000000080000000000000000000000000000000000000000000000bb", 0x41, 0x4200}], 0x0, &(0x7f0000013a00)) [ 272.103096][T25532] ? __iomap_dio_rw+0xf2/0xa60 01:16:56 executing program 0: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="200000004000000003000000300000000f001000000000000200000002000000008000000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000000140)="ed41000000000000dbf4655fdcf4655fdcf4655f0000000000000400080000000000000005000000080000000000000000000000000000000000000000000000bb", 0x41, 0x4200}], 0x0, &(0x7f0000013a00)) [ 272.103119][T25532] should_failslab+0x5/0x20 [ 272.103146][T25532] kmem_cache_alloc_trace+0x49/0x310 01:16:56 executing program 2: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="070000004000000003000000300000000f000000000000000200000002000000008000000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000000140)="ed41000000000000dbf4655fdcf4655fdcf4655f0000000000000400080000000000000005000000080000000000000000000000000000000000000000000000bbb453d966251f49b1ab9b5b4d3c3f8ccc23b5d09ae234926a1e667ee0255913fede62ba578c07a711", 0x69, 0x4200}], 0x0, &(0x7f0000013a00)) 01:16:56 executing program 4: syz_read_part_table(0x2000000000000000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000000)="020181ffffff0a000000ff45ac0000ffffffa9000800000000000000024000ffffff82000000e10000008877007200300700a6ffffff00000000008000da55aa", 0x40, 0x1c0}]) [ 272.103161][T25532] __iomap_dio_rw+0xf2/0xa60 01:16:56 executing program 3: keyctl$link(0x8, 0x0, 0xffffffffffffffff) 01:16:56 executing program 0: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="200000004000000003000000300000000f001800000000000200000002000000008000000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000000140)="ed41000000000000dbf4655fdcf4655fdcf4655f0000000000000400080000000000000005000000080000000000000000000000000000000000000000000000bb", 0x41, 0x4200}], 0x0, &(0x7f0000013a00)) [ 272.103181][T25532] ? ext4_es_lookup_extent+0x36b/0x490 [ 272.103200][T25532] ? ktime_get_coarse_real_ts64+0x10d/0x120 [ 272.103274][T25532] ? file_update_time+0x1bd/0x3e0 [ 272.103299][T25532] iomap_dio_rw+0x30/0x70 [ 272.103322][T25532] ext4_file_write_iter+0xa5e/0x11a0 [ 272.103345][T25532] do_iter_readv_writev+0x2cd/0x370 [ 272.103440][T25532] do_iter_write+0x192/0x5c0 [ 272.103459][T25532] ? splice_from_pipe_next+0x34f/0x3b0 [ 272.103510][T25532] ? kmalloc_array+0x2d/0x40 [ 272.103529][T25532] vfs_iter_write+0x4c/0x70 [ 272.103547][T25532] iter_file_splice_write+0x40a/0x750 [ 272.103570][T25532] ? splice_from_pipe+0xc0/0xc0 [ 272.103659][T25532] direct_splice_actor+0x80/0xa0 [ 272.103678][T25532] splice_direct_to_actor+0x345/0x650 [ 272.103773][T25532] ? do_splice_direct+0x170/0x170 [ 272.103795][T25532] do_splice_direct+0xf5/0x170 [ 272.103815][T25532] do_sendfile+0x618/0xb90 [ 272.103835][T25532] __x64_sys_sendfile64+0xf2/0x130 [ 272.103871][T25532] do_syscall_64+0x3d/0x90 01:16:57 executing program 5 (fault-call:7 fault-nth:98): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x7a05, 0x1700) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) write$cgroup_int(r2, &(0x7f0000000200), 0xf000) pwrite64(0xffffffffffffffff, 0x0, 0x0, 0x0) sendfile(r2, r3, 0x0, 0xf03b0000) sendfile(r1, r0, 0x0, 0x8000000000004) 01:16:57 executing program 2: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="080000004000000003000000300000000f000000000000000200000002000000008000000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000000140)="ed41000000000000dbf4655fdcf4655fdcf4655f0000000000000400080000000000000005000000080000000000000000000000000000000000000000000000bbb453d966251f49b1ab9b5b4d3c3f8ccc23b5d09ae234926a1e667ee0255913fede62ba578c07a711", 0x69, 0x4200}], 0x0, &(0x7f0000013a00)) 01:16:57 executing program 3: r0 = add_key$keyring(&(0x7f0000000100), &(0x7f0000000140)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffe) keyctl$restrict_keyring(0x1d, r0, &(0x7f0000000180)='.dead\x00', &(0x7f00000001c0)='syz') [ 272.103891][T25532] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 272.103917][T25532] RIP: 0033:0x4665f9 [ 272.103930][T25532] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 272.103945][T25532] RSP: 002b:00007f439350a188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 272.104008][T25532] RAX: ffffffffffffffda RBX: 000000000056c038 RCX: 00000000004665f9 [ 272.104020][T25532] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000004 [ 272.104032][T25532] RBP: 00007f439350a1d0 R08: 0000000000000000 R09: 0000000000000000 [ 272.104076][T25532] R10: 0008000000000004 R11: 0000000000000246 R12: 0000000000000002 [ 272.104142][T25532] R13: 00007ffeba6dfb3f R14: 00007f439350a300 R15: 0000000000022000 [ 272.122841][T25523] loop4: p1 p2 p3 p4 [ 272.122884][T25523] loop4: p1 size 11290111 extends beyond EOD, truncated [ 272.124448][T25523] loop4: p2 size 1073872896 extends beyond EOD, truncated [ 272.125858][T25523] loop4: p3 size 1912633224 extends beyond EOD, truncated [ 272.127870][T25523] loop4: p4 size 3657465856 extends beyond EOD, truncated [ 272.232914][T25566] loop4: detected capacity change from 0 to 264192 [ 272.268406][T25529] loop4: p1 p2 p3 p4 [ 272.268451][T25529] loop4: p1 size 11290111 extends beyond EOD, truncated [ 272.271217][T25524] loop2: detected capacity change from 0 to 512 [ 272.271626][T25529] loop4: p2 size 1073872896 extends beyond EOD, truncated [ 272.272116][T25529] loop4: p3 size 1912633224 extends beyond EOD, truncated [ 272.272471][T25524] EXT4-fs (loop2): inodes count not valid: 2 vs 32 [ 272.272570][T25529] loop4: p4 size 3657465856 extends beyond EOD, truncated [ 272.275344][T25566] loop4: p1 p2 p3 p4 [ 272.275386][T25566] loop4: p1 size 11290111 extends beyond EOD, truncated [ 272.275930][T25566] loop4: p2 size 1073872896 extends beyond EOD, truncated [ 272.276340][T25566] loop4: p3 size 1912633224 extends beyond EOD, truncated [ 272.276715][T25566] loop4: p4 size 3657465856 extends beyond EOD, truncated [ 272.344344][T25599] loop2: detected capacity change from 0 to 512 [ 272.345251][T25599] EXT4-fs (loop2): inodes count not valid: 7 vs 32 [ 272.388516][T25599] loop2: detected capacity change from 0 to 512 [ 272.388999][T25599] EXT4-fs (loop2): inodes count not valid: 7 vs 32 [ 272.415430][T25618] loop4: detected capacity change from 0 to 264192 [ 272.458199][T25529] loop4: p1 p2 p3 p4 [ 272.458355][T25529] loop4: p1 size 11290111 extends beyond EOD, truncated [ 272.458753][T25529] loop4: p2 size 1073872896 extends beyond EOD, truncated [ 272.459091][T25529] loop4: p3 size 1912633224 extends beyond EOD, truncated [ 272.459398][T25529] loop4: p4 size 3657465856 extends beyond EOD, truncated [ 272.462881][T25618] loop_reread_partitions: partition scan of loop4 () failed (rc=-16) [ 272.819770][T25654] loop2: detected capacity change from 0 to 512 [ 272.842967][T25654] EXT4-fs (loop2): inodes count not valid: 8 vs 32 [ 272.896853][T25654] loop2: detected capacity change from 0 to 512 [ 272.897394][T25654] EXT4-fs (loop2): inodes count not valid: 8 vs 32 [ 273.115555][T25657] FAULT_INJECTION: forcing a failure. [ 273.115555][T25657] name failslab, interval 1, probability 0, space 0, times 0 [ 273.206557][T25657] CPU: 0 PID: 25657 Comm: syz-executor.5 Tainted: G W 5.14.0-syzkaller #0 [ 273.216425][T25657] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 273.216437][T25657] Call Trace: [ 273.216444][T25657] dump_stack_lvl+0xb7/0x103 [ 273.234324][T25657] dump_stack+0x11/0x1a [ 273.238546][T25657] should_fail+0x23c/0x250 [ 273.242953][T25657] ? mempool_alloc_slab+0x16/0x20 [ 273.242977][T25657] __should_failslab+0x81/0x90 [ 273.242993][T25657] should_failslab+0x5/0x20 [ 273.257238][T25657] kmem_cache_alloc+0x46/0x2e0 [ 273.257262][T25657] mempool_alloc_slab+0x16/0x20 [ 273.257355][T25657] ? mempool_free+0x130/0x130 [ 273.257375][T25657] mempool_alloc+0x8c/0x300 [ 273.257460][T25657] ? ext4_inode_block_valid+0x1cc/0x210 [ 273.281726][T25657] bio_alloc_bioset+0xcc/0x530 [ 273.286578][T25657] ? iov_iter_alignment+0x34b/0x370 [ 273.286600][T25657] iomap_dio_bio_actor+0x511/0xb50 [ 273.286622][T25657] ? ext4_iomap_begin+0x5d1/0x620 [ 273.301896][T25657] iomap_dio_actor+0x26e/0x3b0 [ 273.306682][T25657] ? ext4_iomap_overwrite_begin+0x5e/0x80 [ 273.312476][T25657] iomap_apply+0x1df/0x400 [ 273.316895][T25657] __iomap_dio_rw+0x62e/0xa60 [ 273.316919][T25657] ? __iomap_dio_rw+0xa60/0xa60 [ 273.316939][T25657] iomap_dio_rw+0x30/0x70 [ 273.330824][T25657] ext4_file_write_iter+0xa5e/0x11a0 [ 273.330851][T25657] do_iter_readv_writev+0x2cd/0x370 [ 273.341354][T25657] do_iter_write+0x192/0x5c0 [ 273.341379][T25657] ? splice_from_pipe_next+0x34f/0x3b0 [ 273.351419][T25657] ? kmalloc_array+0x2d/0x40 [ 273.351441][T25657] vfs_iter_write+0x4c/0x70 [ 273.351459][T25657] iter_file_splice_write+0x40a/0x750 [ 273.351485][T25657] ? splice_from_pipe+0xc0/0xc0 [ 273.351504][T25657] direct_splice_actor+0x80/0xa0 [ 273.351524][T25657] splice_direct_to_actor+0x345/0x650 [ 273.381078][T25657] ? do_splice_direct+0x170/0x170 [ 273.381104][T25657] do_splice_direct+0xf5/0x170 [ 273.390867][T25657] do_sendfile+0x618/0xb90 [ 273.390889][T25657] __x64_sys_sendfile64+0xf2/0x130 [ 273.390910][T25657] do_syscall_64+0x3d/0x90 01:16:57 executing program 1: perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x402, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x3b, 0x2ada}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TCSETS2(r0, 0x402c542b, &(0x7f00000003c0)={0x46e3, 0x5f3, 0x6b7897ab, 0x85ab, 0x0, "ec4b2cf4dd291ac55a0cde0c254d6c6cb5a8c4"}) ioctl$TCSETS2(r0, 0x402c542b, &(0x7f0000000180)={0x8000, 0x0, 0x0, 0x1, 0x0, "522035de5fdc1c30dd8c1fb8754ef7c044d5c8", 0x0, 0x7}) ioctl$PIO_UNIMAPCLR(r0, 0x4b68, &(0x7f00000000c0)={0x8, 0x6c60, 0x7}) ioctl$int_in(0xffffffffffffffff, 0x0, 0x0) pipe2(0x0, 0x0) openat$cgroup_freezer_state(0xffffffffffffffff, 0x0, 0x2, 0x0) ioctl$TIOCL_PASTESEL(r0, 0x541c, &(0x7f0000000240)) mmap(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) ioctl$TIOCL_PASTESEL(0xffffffffffffffff, 0x541c, 0x0) msgctl$IPC_STAT(0x0, 0x2, 0x0) write$binfmt_misc(0xffffffffffffffff, 0x0, 0x25) ioctl$TIOCL_PASTESEL(0xffffffffffffffff, 0x541c, 0x0) 01:16:57 executing program 0: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="200000004000000003000000300000000f001c00000000000200000002000000008000000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000000140)="ed41000000000000dbf4655fdcf4655fdcf4655f0000000000000400080000000000000005000000080000000000000000000000000000000000000000000000bb", 0x41, 0x4200}], 0x0, &(0x7f0000013a00)) 01:16:57 executing program 4: syz_read_part_table(0x2200000000000000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000000)="020181ffffff0a000000ff45ac0000ffffffa9000800000000000000024000ffffff82000000e10000008877007200300700a6ffffff00000000008000da55aa", 0x40, 0x1c0}]) 01:16:57 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000001440)="66530700ae897094e7b126b05f00000000000000273ed348f17d114b654b4908cc914fdf92a78be9e57737dd49b9ffe619071af915a186a07f61f9751e73954266e5ff4c56445a5db132d04417d5c93f5b2ae488becc30f3cb39a705bc5df07c39c24a332c257eab5f0c8d216996f8afd49ed8e6155fa122a0daa420315675fcb9bdccbed45a96cb1d688dc3371b055e0c620b91aa3b134c64fc372dc1184606f90e986826d06f20cd3f0dbbcfcd61671491a39fc7bf3c85a80fb1b44627d2d17b1a14d3a88a155d0437ffd313908785f5", 0xd1}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x34) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r0, 0x0, 0x6) 01:16:57 executing program 2: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="0a0000004000000003000000300000000f000000000000000200000002000000008000000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000000140)="ed41000000000000dbf4655fdcf4655fdcf4655f0000000000000400080000000000000005000000080000000000000000000000000000000000000000000000bbb453d966251f49b1ab9b5b4d3c3f8ccc23b5d09ae234926a1e667ee0255913fede62ba578c07a711", 0x69, 0x4200}], 0x0, &(0x7f0000013a00)) [ 273.404884][T25657] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 273.404923][T25657] RIP: 0033:0x4665f9 [ 273.404937][T25657] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 273.434257][T25657] RSP: 002b:00007f439350a188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 273.434277][T25657] RAX: ffffffffffffffda RBX: 000000000056c038 RCX: 00000000004665f9 [ 273.434288][T25657] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000004 [ 273.458789][T25657] RBP: 00007f439350a1d0 R08: 0000000000000000 R09: 0000000000000000 01:16:57 executing program 0: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="200000004000000003000000300000000f002600000000000200000002000000008000000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000000140)="ed41000000000000dbf4655fdcf4655fdcf4655f0000000000000400080000000000000005000000080000000000000000000000000000000000000000000000bb", 0x41, 0x4200}], 0x0, &(0x7f0000013a00)) [ 273.458802][T25657] R10: 0008000000000004 R11: 0000000000000246 R12: 0000000000000002 01:16:57 executing program 2: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="0b0000004000000003000000300000000f000000000000000200000002000000008000000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000000140)="ed41000000000000dbf4655fdcf4655fdcf4655f0000000000000400080000000000000005000000080000000000000000000000000000000000000000000000bbb453d966251f49b1ab9b5b4d3c3f8ccc23b5d09ae234926a1e667ee0255913fede62ba578c07a711", 0x69, 0x4200}], 0x0, &(0x7f0000013a00)) 01:16:57 executing program 4: syz_read_part_table(0x2400000000000000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000000)="020181ffffff0a000000ff45ac0000ffffffa9000800000000000000024000ffffff82000000e10000008877007200300700a6ffffff00000000008000da55aa", 0x40, 0x1c0}]) 01:16:57 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x7a05, 0x1700) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) write$cgroup_int(r2, &(0x7f0000000200), 0xf000) pwrite64(0xffffffffffffffff, 0x0, 0x0, 0x0) sendfile(r2, r3, 0x0, 0xf03b0000) sendfile(r1, r0, 0x0, 0x8000000000004) 01:16:57 executing program 0: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="200000004000000003000000300000000f00fe00000000000200000002000000008000000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000000140)="ed41000000000000dbf4655fdcf4655fdcf4655f0000000000000400080000000000000005000000080000000000000000000000000000000000000000000000bb", 0x41, 0x4200}], 0x0, &(0x7f0000013a00)) [ 273.458812][T25657] R13: 00007ffeba6dfb3f R14: 00007f439350a300 R15: 0000000000022000 [ 273.500128][T25675] loop4: detected capacity change from 0 to 264192 01:16:57 executing program 0: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="200000004000000003000000300000000f000402000000000200000002000000008000000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000000140)="ed41000000000000dbf4655fdcf4655fdcf4655f0000000000000400080000000000000005000000080000000000000000000000000000000000000000000000bb", 0x41, 0x4200}], 0x0, &(0x7f0000013a00)) 01:16:57 executing program 2: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="0d0000004000000003000000300000000f000000000000000200000002000000008000000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000000140)="ed41000000000000dbf4655fdcf4655fdcf4655f0000000000000400080000000000000005000000080000000000000000000000000000000000000000000000bbb453d966251f49b1ab9b5b4d3c3f8ccc23b5d09ae234926a1e667ee0255913fede62ba578c07a711", 0x69, 0x4200}], 0x0, &(0x7f0000013a00)) [ 273.500970][T25673] loop2: detected capacity change from 0 to 512 [ 273.502992][T25673] EXT4-fs (loop2): inodes count not valid: 10 vs 32 [ 273.541458][T25673] loop2: detected capacity change from 0 to 512 [ 273.542926][T25673] EXT4-fs (loop2): inodes count not valid: 10 vs 32 [ 273.543051][T25679] loop4: p1 p2 p3 p4 [ 273.543093][T25679] loop4: p1 size 11290111 extends beyond EOD, truncated [ 273.543529][T25679] loop4: p2 size 1073872896 extends beyond EOD, truncated [ 273.543948][T25679] loop4: p3 size 1912633224 extends beyond EOD, truncated [ 273.544307][T25679] loop4: p4 size 3657465856 extends beyond EOD, truncated [ 273.547651][T25675] loop4: p1 p2 p3 p4 [ 273.547811][T25675] loop4: p1 size 11290111 extends beyond EOD, truncated [ 273.549622][T25675] loop4: p2 size 1073872896 extends beyond EOD, truncated [ 273.549986][T25675] loop4: p3 size 1912633224 extends beyond EOD, truncated [ 273.550285][T25675] loop4: p4 size 3657465856 extends beyond EOD, truncated [ 273.625543][T25715] loop2: detected capacity change from 0 to 512 [ 273.627400][T25715] EXT4-fs (loop2): inodes count not valid: 11 vs 32 [ 273.671171][T25715] loop2: detected capacity change from 0 to 512 [ 273.671780][T25715] EXT4-fs (loop2): inodes count not valid: 11 vs 32 [ 273.683338][T25736] loop4: detected capacity change from 0 to 264192 [ 273.728046][ T1038] loop4: p1 p2 p3 p4 [ 273.728102][ T1038] loop4: p1 size 11290111 extends beyond EOD, truncated [ 273.728593][ T1038] loop4: p2 size 1073872896 extends beyond EOD, truncated [ 273.729092][ T1038] loop4: p3 size 1912633224 extends beyond EOD, truncated [ 273.729366][ T1038] loop4: p4 size 3657465856 extends beyond EOD, truncated [ 273.731724][ T1038] loop4: p1 p2 p3 p4 [ 273.731753][ T1038] loop4: p1 size 11290111 extends beyond EOD, truncated [ 273.732599][ T1038] loop4: p2 size 1073872896 extends beyond EOD, truncated [ 273.733133][ T1038] loop4: p3 size 1912633224 extends beyond EOD, truncated [ 273.733681][ T1038] loop4: p4 size 3657465856 extends beyond EOD, truncated [ 273.743830][T25736] loop4: p1 p2 p3 p4 [ 273.743919][T25736] loop4: p1 size 11290111 extends beyond EOD, truncated [ 273.744487][T25736] loop4: p2 size 1073872896 extends beyond EOD, truncated [ 273.744894][T25736] loop4: p3 size 1912633224 extends beyond EOD, truncated [ 273.745146][T25736] loop4: p4 size 3657465856 extends beyond EOD, truncated [ 273.781969][T25772] loop2: detected capacity change from 0 to 512 [ 273.786664][T25772] EXT4-fs (loop2): inodes count not valid: 13 vs 32 [ 273.790968][T25736] loop4: detected capacity change from 0 to 264192 [ 273.821420][T25772] loop2: detected capacity change from 0 to 512 [ 273.821886][T25772] EXT4-fs (loop2): inodes count not valid: 13 vs 32 [ 273.844368][T25679] loop4: p1 p2 p3 p4 [ 273.844410][T25679] loop4: p1 size 11290111 extends beyond EOD, truncated [ 273.852089][T25679] loop4: p2 size 1073872896 extends beyond EOD, truncated [ 273.852748][T25679] loop4: p3 size 1912633224 extends beyond EOD, truncated [ 273.853024][T25679] loop4: p4 size 3657465856 extends beyond EOD, truncated [ 273.869889][T25736] loop4: p1 p2 p3 p4 [ 273.869935][T25736] loop4: p1 size 11290111 extends beyond EOD, truncated [ 273.870341][T25736] loop4: p2 size 1073872896 extends beyond EOD, truncated 01:16:58 executing program 1: perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x402, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x3b, 0x2ada}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TCSETS2(r0, 0x402c542b, &(0x7f00000003c0)={0x46e3, 0x5f3, 0x6b7897ab, 0x85ab, 0x0, "ec4b2cf4dd291ac55a0cde0c254d6c6cb5a8c4"}) ioctl$TCSETS2(r0, 0x402c542b, &(0x7f0000000180)={0x8000, 0x0, 0x0, 0x1, 0x0, "522035de5fdc1c30dd8c1fb8754ef7c044d5c8", 0x0, 0x7}) ioctl$PIO_UNIMAPCLR(r0, 0x4b68, &(0x7f00000000c0)={0x8, 0x6c60, 0x7}) ioctl$int_in(0xffffffffffffffff, 0x0, 0x0) pipe2(0x0, 0x0) openat$cgroup_freezer_state(0xffffffffffffffff, 0x0, 0x2, 0x0) ioctl$TIOCL_PASTESEL(r0, 0x541c, &(0x7f0000000240)) mmap(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) ioctl$TIOCL_PASTESEL(0xffffffffffffffff, 0x541c, 0x0) msgctl$IPC_STAT(0x0, 0x2, 0x0) write$binfmt_misc(0xffffffffffffffff, 0x0, 0x25) ioctl$TIOCL_PASTESEL(0xffffffffffffffff, 0x541c, 0x0) 01:16:58 executing program 0: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="200000004000000003000000300000000f000003000000000200000002000000008000000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000000140)="ed41000000000000dbf4655fdcf4655fdcf4655f0000000000000400080000000000000005000000080000000000000000000000000000000000000000000000bb", 0x41, 0x4200}], 0x0, &(0x7f0000013a00)) 01:16:58 executing program 2: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="0e0000004000000003000000300000000f000000000000000200000002000000008000000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000000140)="ed41000000000000dbf4655fdcf4655fdcf4655f0000000000000400080000000000000005000000080000000000000000000000000000000000000000000000bbb453d966251f49b1ab9b5b4d3c3f8ccc23b5d09ae234926a1e667ee0255913fede62ba578c07a711", 0x69, 0x4200}], 0x0, &(0x7f0000013a00)) [ 273.870618][T25736] loop4: p3 size 1912633224 extends beyond EOD, truncated [ 273.871147][T25736] loop4: p4 size 3657465856 extends beyond EOD, truncated [ 274.474960][T25824] loop2: detected capacity change from 0 to 512 [ 274.532874][T25824] EXT4-fs (loop2): inodes count not valid: 14 vs 32 [ 274.599094][T25824] loop2: detected capacity change from 0 to 512 [ 274.615434][T25824] EXT4-fs (loop2): inodes count not valid: 14 vs 32 01:17:00 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x7a05, 0x1700) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) write$cgroup_int(r2, &(0x7f0000000200), 0xf000) pwrite64(0xffffffffffffffff, 0x0, 0x0, 0x0) sendfile(r2, r3, 0x0, 0xf03b0000) sendfile(r1, r0, 0x0, 0x7ffff000) 01:17:00 executing program 4: syz_read_part_table(0x2500000000000000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000000)="020181ffffff0a000000ff45ac0000ffffffa9000800000000000000024000ffffff82000000e10000008877007200300700a6ffffff00000000008000da55aa", 0x40, 0x1c0}]) 01:17:00 executing program 0: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="200000004000000003000000300000000f000204000000000200000002000000008000000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000000140)="ed41000000000000dbf4655fdcf4655fdcf4655f0000000000000400080000000000000005000000080000000000000000000000000000000000000000000000bb", 0x41, 0x4200}], 0x0, &(0x7f0000013a00)) 01:17:00 executing program 1: perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x402, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x3b, 0x2ada}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TCSETS2(r0, 0x402c542b, &(0x7f00000003c0)={0x46e3, 0x5f3, 0x6b7897ab, 0x85ab, 0x0, "ec4b2cf4dd291ac55a0cde0c254d6c6cb5a8c4"}) ioctl$TCSETS2(r0, 0x402c542b, &(0x7f0000000180)={0x8000, 0x0, 0x0, 0x1, 0x0, "522035de5fdc1c30dd8c1fb8754ef7c044d5c8", 0x0, 0x7}) ioctl$PIO_UNIMAPCLR(r0, 0x4b68, &(0x7f00000000c0)={0x8, 0x6c60, 0x7}) ioctl$int_in(0xffffffffffffffff, 0x0, 0x0) pipe2(0x0, 0x0) openat$cgroup_freezer_state(0xffffffffffffffff, 0x0, 0x2, 0x0) ioctl$TIOCL_PASTESEL(r0, 0x541c, &(0x7f0000000240)) mmap(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) ioctl$TIOCL_PASTESEL(0xffffffffffffffff, 0x541c, 0x0) msgctl$IPC_STAT(0x0, 0x2, 0x0) write$binfmt_misc(0xffffffffffffffff, 0x0, 0x25) 01:17:00 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$WG_CMD_GET_DEVICE(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000440)={0xec4, 0x0, 0x0, 0x0, 0x0, {}, [@WGDEVICE_A_IFNAME={0x14, 0x2, 'wg0\x00'}, @WGDEVICE_A_FLAGS={0x8}, @WGDEVICE_A_PEERS={0xe94, 0x8, 0x0, 0x1, [{0x4c, 0x0, 0x0, 0x1, [@WGPEER_A_PUBLIC_KEY={0x24, 0x1, @neg}, @WGPEER_A_PUBLIC_KEY={0x24, 0x1, @b_g}]}, {0x28, 0x0, 0x0, 0x1, [@WGPEER_A_PRESHARED_KEY={0x24, 0x2, "a2143c29fdbd8824302433cad086f0b1fd4d00a4bf13c6d011b5361bef6acb44"}]}, {0x848, 0x0, 0x0, 0x1, [@WGPEER_A_ENDPOINT4={0x14, 0x4, {0x2, 0x0, @multicast1}}, @WGPEER_A_ALLOWEDIPS={0x608, 0x9, 0x0, 0x1, [{0x124, 0x0, 0x0, 0x1, [@ipv4={{0x6}, {0x8, 0x2, @local}, {0x5, 0x3, 0x2}}, @ipv6={{0x6}, {0x14, 0x2, @empty}, {0x5}}, @ipv4={{0x6}, {0x8, 0x2, @remote}, {0x5, 0x3, 0x3}}, @ipv6={{0x6}, {0x14, 0x2, @local}, {0x5}}, @ipv4={{0x6}, {0x8, 0x2, @remote}, {0x5}}, @ipv4={{0x6}, {0x8, 0x2, @dev={0xac, 0x14, 0x14, 0x2b}}, {0x5, 0x3, 0x1}}, @ipv4={{0x6}, {0x8, 0x2, @multicast2}, {0x5}}, @ipv6={{0x6}, {0x14, 0x2, @loopback}, {0x5}}, @ipv6={{0x6}, {0x14, 0x2, @local}, {0x5}}, @ipv4={{0x6}, {0x8, 0x2, @multicast2}, {0x5}}]}, {0xdc, 0x0, 0x0, 0x1, [@ipv4={{0x6}, {0x8, 0x2, @dev={0xac, 0x14, 0x14, 0x22}}, {0x5}}, @ipv6={{0x6}, {0x14, 0x2, @remote}, {0x5, 0x3, 0x1}}, @ipv4={{0x6}, {0x8, 0x2, @local}, {0x5}}, @ipv6={{0x6}, {0x14, 0x2, @dev={0xfe, 0x80, '\x00', 0x3e}}, {0x5, 0x3, 0x2}}, @ipv6={{0x6}, {0x14, 0x2, @mcast1}, {0x5}}, @ipv4={{0x6}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}, {0x5, 0x3, 0x3}}, @ipv6={{0x6}, {0x14, 0x2, @mcast1}, {0x5}}]}, {0x40, 0x0, 0x0, 0x1, [@ipv6={{0x6}, {0x14, 0x2, @private2}, {0x5}}, @ipv4={{0x6}, {0x8, 0x2, @loopback}, {0x5, 0x3, 0x3}}]}, {0x64, 0x0, 0x0, 0x1, [@ipv6={{0x6}, {0x14, 0x2, @loopback}, {0x5, 0x3, 0x1}}, @ipv4={{0x6}, {0x8, 0x2, @local}, {0x5, 0x3, 0x2}}, @ipv6={{0x6}, {0x14, 0x2, @mcast2}, {0x5, 0x3, 0x3}}]}, {0x130, 0x0, 0x0, 0x1, [@ipv6={{0x6}, {0x14, 0x2, @empty}, {0x5}}, @ipv6={{0x6}, {0x14, 0x2, @empty}, {0x5, 0x3, 0x2}}, @ipv6={{0x6}, {0x14, 0x2, @private0={0xfc, 0x0, '\x00', 0x1}}, {0x5, 0x3, 0x1}}, @ipv6={{0x6}, {0x14, 0x2, @private0={0xfc, 0x0, '\x00', 0x1}}, {0x5}}, @ipv6={{0x6}, {0x14, 0x2, @remote}, {0x5, 0x3, 0x3}}, @ipv4={{0x6}, {0x8, 0x2, @remote}, {0x5}}, @ipv6={{0x6}, {0x14, 0x2, @private2}, {0x5, 0x3, 0x1}}, @ipv4={{0x6}, {0x8, 0x2, @multicast1}, {0x5}}, @ipv6={{0x6}, {0x14, 0x2, @private2={0xfc, 0x2, '\x00', 0x1}}, {0x5}}]}, {0x4c, 0x0, 0x0, 0x1, [@ipv4={{0x6}, {0x8, 0x2, @multicast1}, {0x5}}, @ipv4={{0x6}, {0x8, 0x2, @private=0xa010100}, {0x5, 0x3, 0x2}}, @ipv4={{0x6}, {0x8, 0x2, @local}, {0x5}}]}, {0xf4, 0x0, 0x0, 0x1, [@ipv4={{0x6}, {0x8, 0x2, @multicast1}, {0x5, 0x3, 0x3}}, @ipv4={{0x6}, {0x8, 0x2, @empty}, {0x5}}, @ipv6={{0x6}, {0x14, 0x2, @remote}, {0x5}}, @ipv6={{0x6}, {0x14, 0x2, @empty}, {0x5, 0x3, 0x2}}, @ipv4={{0x6}, {0x8, 0x2, @remote}, {0x5, 0x3, 0x1}}, @ipv4={{0x6}, {0x8, 0x2, @broadcast}, {0x5, 0x3, 0x2}}, @ipv4={{0x6}, {0x8, 0x2, @dev={0xac, 0x14, 0x14, 0x15}}, {0x5}}, @ipv4={{0x6}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}, {0x5, 0x3, 0x1}}, @ipv4={{0x6}, {0x8, 0x2, @loopback}, {0x5}}]}, {0x40, 0x0, 0x0, 0x1, [@ipv4={{0x6}, {0x8, 0x2, @dev}, {0x5, 0x3, 0x2}}, @ipv6={{0x6}, {0x14, 0x2, @dev={0xfe, 0x80, '\x00', 0x14}}, {0x5, 0x3, 0x3}}]}, {0x28, 0x0, 0x0, 0x1, [@ipv6={{0x6}, {0x14, 0x2, @local}, {0x5, 0x3, 0x1}}]}, {0x88, 0x0, 0x0, 0x1, [@ipv6={{0x6}, {0x14, 0x2, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}, {0x5, 0x3, 0x3}}, @ipv4={{0x6}, {0x8, 0x2, @loopback}, {0x5}}, @ipv4={{0x6}, {0x8, 0x2, @multicast1}, {0x5}}, @ipv4={{0x6}, {0x8, 0x2, @remote}, {0x5}}, @ipv4={{0x6}, {0x8, 0x2, @broadcast}, {0x5}}]}]}, @WGPEER_A_ALLOWEDIPS={0x118, 0x9, 0x0, 0x1, [{0x1c, 0x0, 0x0, 0x1, [@ipv4={{0x6}, {0x8, 0x2, @remote}, {0x5}}]}, {0x58, 0x0, 0x0, 0x1, [@ipv6={{0x6}, {0x14, 0x2, @mcast2}, {0x5}}, @ipv4={{0x6}, {0x8, 0x2, @loopback}, {0x5}}, @ipv4={{0x6}, {0x8, 0x2, @remote}, {0x5}}]}, {0xa0, 0x0, 0x0, 0x1, [@ipv6={{0x6}, {0x14, 0x2, @ipv4={'\x00', '\xff\xff', @broadcast}}, {0x5}}, @ipv6={{0x6}, {0x14, 0x2, @remote}, {0x5}}, @ipv4={{0x6}, {0x8, 0x2, @remote}, {0x5}}, @ipv6={{0x6}, {0x14, 0x2, @ipv4={'\x00', '\xff\xff', @multicast2}}, {0x5}}, @ipv4={{0x6}, {0x8, 0x2, @multicast1}, {0x5}}]}]}, @WGPEER_A_ALLOWEDIPS={0x110, 0x9, 0x0, 0x1, [{0x1c, 0x0, 0x0, 0x1, [@ipv4={{0x6}, {0x8, 0x2, @dev}, {0x5}}]}, {0x94, 0x0, 0x0, 0x1, [@ipv4={{0x6}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}, {0x5}}, @ipv6={{0x6}, {0x14, 0x2, @private0}, {0x5}}, @ipv6={{0x6}, {0x14, 0x2, @remote}, {0x5, 0x3, 0x3}}, @ipv4={{0x6}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x1, 0x0}}, {0x5}}, @ipv4={{0x6}, {0x8, 0x2, @remote}, {0x5}}]}, {0x40, 0x0, 0x0, 0x1, [@ipv4={{0x6}, {0x8, 0x2, @remote}, {0x5}}, @ipv6={{0x6}, {0x14, 0x2, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, {0x5}}]}, {0x1c, 0x0, 0x0, 0x1, [@ipv4={{0x6}, {0x8, 0x2, @empty}, {0x5}}]}]}]}, {0x58, 0x0, 0x0, 0x1, [@WGPEER_A_ENDPOINT6={0x20, 0x4, {0xa, 0x4e23, 0x40, @private1={0xfc, 0x1, '\x00', 0x1}, 0x7}}, @WGPEER_A_PROTOCOL_VERSION={0x8}, @WGPEER_A_PUBLIC_KEY={0x24}, @WGPEER_A_FLAGS={0x8}]}, {0xc8, 0x0, 0x0, 0x1, [@WGPEER_A_PROTOCOL_VERSION={0x8}, @WGPEER_A_PUBLIC_KEY={0x24, 0x1, @c_g}, @WGPEER_A_PROTOCOL_VERSION={0x8}, @WGPEER_A_PUBLIC_KEY={0x24}, @WGPEER_A_PUBLIC_KEY={0x24}, @WGPEER_A_PROTOCOL_VERSION={0x8}, @WGPEER_A_ENDPOINT6={0x20, 0x4, {0xa, 0x0, 0x0, @private2}}, @WGPEER_A_ALLOWEDIPS={0x20, 0x9, 0x0, 0x1, [{0x1c, 0x0, 0x0, 0x1, [@ipv4={{0x6}, {0x8, 0x2, @loopback}, {0x5, 0x3, 0x2}}]}]}]}, {0x49c, 0x0, 0x0, 0x1, [@WGPEER_A_PRESHARED_KEY={0x24, 0x2, "fea67b2057ea485012ffd72756502ea2779af41e09d9fe014da91042fca911a8"}, @WGPEER_A_PERSISTENT_KEEPALIVE_INTERVAL={0x6}, @WGPEER_A_PERSISTENT_KEEPALIVE_INTERVAL={0x6, 0x5, 0x2}, @WGPEER_A_FLAGS={0x8, 0x3, 0x1}, @WGPEER_A_ENDPOINT4={0x14, 0x4, {0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x40}}}, @WGPEER_A_ENDPOINT6={0x20, 0x4, {0xa, 0x4e21, 0x1, @remote, 0x3}}, @WGPEER_A_PROTOCOL_VERSION={0x8}, @WGPEER_A_ALLOWEDIPS={0x420, 0x9, 0x0, 0x1, [{0x64, 0x0, 0x0, 0x1, [@ipv6={{0x6}, {0x14, 0x2, @remote}, {0x5, 0x3, 0x1}}, @ipv6={{0x6}, {0x14, 0x2, @private1}, {0x5, 0x3, 0x1}}, @ipv4={{0x6}, {0x8, 0x2, @multicast2}, {0x5, 0x3, 0x3}}]}, {0x28, 0x0, 0x0, 0x1, [@ipv6={{0x6}, {0x14, 0x2, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}, {0x5}}]}, {0x124, 0x0, 0x0, 0x1, [@ipv6={{0x6}, {0x14, 0x2, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}, {0x5}}, @ipv6={{0x6}, {0x14, 0x2, @private0}, {0x5}}, @ipv6={{0x6}, {0x14, 0x2, @private2}, {0x5}}, @ipv4={{0x6}, {0x8, 0x2, @dev}, {0x5, 0x3, 0x1}}, @ipv6={{0x6}, {0x14, 0x2, @dev}, {0x5}}, @ipv6={{0x6}, {0x14, 0x2, @remote}, {0x5}}, @ipv4={{0x6}, {0x8, 0x2, @multicast2}, {0x5, 0x3, 0x3}}, @ipv4={{0x6}, {0x8, 0x2, @rand_addr=0x64010101}, {0x5}}, @ipv6={{0x6}, {0x14, 0x2, @dev}, {0x5}}]}, {0x100, 0x0, 0x0, 0x1, [@ipv6={{0x6}, {0x14, 0x2, @mcast1}, {0x5}}, @ipv4={{0x6}, {0x8, 0x2, @private}, {0x5}}, @ipv4={{0x6}, {0x8, 0x2, @rand_addr=0x64010101}, {0x5, 0x3, 0x3}}, @ipv4={{0x6}, {0x8, 0x2, @local}, {0x5}}, @ipv6={{0x6}, {0x14, 0x2, @empty}, {0x5}}, @ipv6={{0x6}, {0x14, 0x2, @private1}, {0x5}}, @ipv6={{0x6}, {0x14, 0x2, @mcast1}, {0x5}}, @ipv6={{0x6}, {0x14, 0x2, @remote}, {0x5}}]}, {0x28, 0x0, 0x0, 0x1, [@ipv6={{0x6}, {0x14, 0x2, @loopback}, {0x5}}]}, {0x28, 0x0, 0x0, 0x1, [@ipv6={{0x6}, {0x14, 0x2, @private2}, {0x5}}]}, {0xf4, 0x0, 0x0, 0x1, [@ipv6={{0x6}, {0x14, 0x2, @private0}, {0x5}}, @ipv4={{0x6}, {0x8, 0x2, @local}, {0x5}}, @ipv6={{0x6}, {0x14, 0x2, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}, {0x5}}, @ipv4={{0x6}, {0x8, 0x2, @multicast1}, {0x5}}, @ipv6={{0x6}, {0x14, 0x2, @private2}, {0x5}}, @ipv6={{0x6}, {0x14, 0x2, @mcast1}, {0x5}}, @ipv4={{0x6}, {0x8, 0x2, @multicast2}, {0x5}}, @ipv4={{0x6}, {0x8, 0x2, @broadcast}, {0x5}}]}, {0x28, 0x0, 0x0, 0x1, [@ipv6={{0x6}, {0x14, 0x2, @dev}, {0x5}}]}]}]}, {0x18, 0x0, 0x0, 0x1, [@WGPEER_A_ENDPOINT4={0x14, 0x4, {0x2, 0x0, @dev}}]}]}]}, 0xec4}}, 0xc0c0) 01:17:00 executing program 2: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="0f0000004000000003000000300000000f000000000000000200000002000000008000000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000000140)="ed41000000000000dbf4655fdcf4655fdcf4655f0000000000000400080000000000000005000000080000000000000000000000000000000000000000000000bbb453d966251f49b1ab9b5b4d3c3f8ccc23b5d09ae234926a1e667ee0255913fede62ba578c07a711", 0x69, 0x4200}], 0x0, &(0x7f0000013a00)) 01:17:00 executing program 0: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="200000004000000003000000300000000f000604000000000200000002000000008000000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000000140)="ed41000000000000dbf4655fdcf4655fdcf4655f0000000000000400080000000000000005000000080000000000000000000000000000000000000000000000bb", 0x41, 0x4200}], 0x0, &(0x7f0000013a00)) [ 276.522996][T25853] loop4: detected capacity change from 0 to 264192 [ 276.543512][T25856] loop2: detected capacity change from 0 to 512 01:17:00 executing program 1: perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x402, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x3b, 0x2ada}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TCSETS2(r0, 0x402c542b, &(0x7f00000003c0)={0x46e3, 0x5f3, 0x6b7897ab, 0x85ab, 0x0, "ec4b2cf4dd291ac55a0cde0c254d6c6cb5a8c4"}) ioctl$TCSETS2(r0, 0x402c542b, &(0x7f0000000180)={0x8000, 0x0, 0x0, 0x1, 0x0, "522035de5fdc1c30dd8c1fb8754ef7c044d5c8", 0x0, 0x7}) ioctl$PIO_UNIMAPCLR(r0, 0x4b68, &(0x7f00000000c0)={0x8, 0x6c60, 0x7}) ioctl$int_in(0xffffffffffffffff, 0x0, 0x0) pipe2(0x0, 0x0) openat$cgroup_freezer_state(0xffffffffffffffff, 0x0, 0x2, 0x0) ioctl$TIOCL_PASTESEL(r0, 0x541c, &(0x7f0000000240)) mmap(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) ioctl$TIOCL_PASTESEL(0xffffffffffffffff, 0x541c, 0x0) msgctl$IPC_STAT(0x0, 0x2, 0x0)