ff7, 0x5a42}, {0x3, 0x6f1}, {0x8001, 0x18}, {0x0, 0xfff8}, {0x3ff, 0x20}, {0x9}]}) 07:38:38 executing program 3: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xe7) r1 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000000c0), 0x1e33c0, 0x0) write$nbd(r0, &(0x7f0000000080)={0x67446698, 0x0, 0x4, 0x201, 0x4}, 0x10) r2 = syz_open_dev$tty1(0xc, 0x4, 0x4) ioctl$KDSKBMODE(r2, 0x4b45, 0x0) ioctl$TIOCMSET(r1, 0x5418, &(0x7f0000000000)=0x20) 07:38:38 executing program 4: r0 = syz_open_dev$tty20(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b67, &(0x7f0000000040)={0x4, &(0x7f0000000000)=[{0xfff7, 0x5a42}, {0x3, 0x6f1}, {0x8001}, {}]}) 07:38:38 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc1010000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 07:38:38 executing program 2: r0 = openat$bsg(0xffffffffffffff9c, 0x0, 0xd39b01, 0x0) write$nbd(r0, &(0x7f0000000180)=ANY=[@ANYRES64=r0], 0xe7) [ 2827.560561][T16330] loop5: detected capacity change from 0 to 264192 [ 2827.587691][T16330] FAT-fs (loop5): invalid media value (0xe1) [ 2827.593723][T16330] FAT-fs (loop5): Can't find a valid FAT filesystem 07:38:38 executing program 4: r0 = syz_open_dev$tty20(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b67, &(0x7f0000000040)={0x3, &(0x7f0000000000)=[{0xfff7, 0x5a42}, {0x8001}, {}]}) 07:38:38 executing program 0: syz_open_dev$tty20(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(0xffffffffffffffff, 0x4b67, &(0x7f0000000040)={0x6, &(0x7f0000000000)=[{0xfff7, 0x5a42}, {0x3, 0x6f1}, {0x8001, 0x18}, {0x0, 0xfff8}, {0x3ff, 0x20}, {0x9}]}) 07:38:38 executing program 5: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x0, 0x2, &(0x7f0000000440)=[{0x0, 0x0, 0x119040000}, {&(0x7f0000000400)="b6e4ba5e97a999bfce4e9bf4475031d183cbe1", 0x13, 0x3}], 0x0, &(0x7f0000000000)={[{@fat=@time_offset={'time_offset', 0x3d, 0xfffffffffffffc11}}]}) 07:38:38 executing program 3: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xe7) r1 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000000c0), 0x1e33c0, 0x0) write$nbd(r0, &(0x7f0000000080)={0x67446698, 0x0, 0x4, 0x201, 0x4}, 0x10) r2 = syz_open_dev$tty1(0xc, 0x4, 0x4) ioctl$KDSKBMODE(r2, 0x4b45, 0x0) ioctl$TIOCMSET(r1, 0x5418, &(0x7f0000000000)=0x20) 07:38:38 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc1020000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 07:38:38 executing program 2: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) write$nbd(r0, &(0x7f0000000180)=ANY=[@ANYRES64=r0], 0xe7) 07:38:38 executing program 0: r0 = syz_open_dev$tty20(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b67, 0x0) 07:38:38 executing program 4: r0 = syz_open_dev$tty20(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b67, &(0x7f0000000040)={0x3, &(0x7f0000000000)=[{0xfff7, 0x5a42}, {}, {}]}) [ 2827.676267][T16330] loop5: detected capacity change from 0 to 264192 [ 2827.696086][T16330] FAT-fs (loop5): invalid media value (0xe1) [ 2827.702228][T16330] FAT-fs (loop5): Can't find a valid FAT filesystem 07:38:38 executing program 2: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) write$nbd(r0, &(0x7f0000000180)=ANY=[@ANYRES64=r0], 0xe7) 07:38:38 executing program 4: r0 = syz_open_dev$tty20(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b67, &(0x7f0000000040)={0x2, &(0x7f0000000000)=[{}, {}]}) 07:38:38 executing program 3: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xe7) r1 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000000c0), 0x1e33c0, 0x0) write$nbd(r0, &(0x7f0000000080)={0x67446698, 0x0, 0x4, 0x201, 0x4}, 0x10) r2 = syz_open_dev$tty1(0xc, 0x4, 0x4) ioctl$KDSKBMODE(r2, 0x4b45, 0x0) ioctl$TIOCMSET(r1, 0x5418, &(0x7f0000000000)=0x20) 07:38:38 executing program 0: r0 = syz_open_dev$tty20(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b67, 0x0) 07:38:38 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc1030000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 2827.807950][T16376] loop5: detected capacity change from 0 to 264192 [ 2827.839103][T16376] FAT-fs (loop5): invalid media value (0xe1) [ 2827.845114][T16376] FAT-fs (loop5): Can't find a valid FAT filesystem 07:38:38 executing program 4: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xe7) r1 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000000c0), 0x1e33c0, 0x0) write$nbd(r0, &(0x7f0000000080)={0x67446698, 0x0, 0x4, 0x201, 0x4}, 0x10) r2 = syz_open_dev$tty1(0xc, 0x4, 0x4) ioctl$KDSKBMODE(r2, 0x4b45, 0x0) ioctl$TIOCMSET(r1, 0x5418, &(0x7f0000000000)=0x20) 07:38:38 executing program 5: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x0, 0x2, &(0x7f0000000440)=[{0x0, 0x0, 0x11a040000}, {&(0x7f0000000400)="b6e4ba5e97a999bfce4e9bf4475031d183cbe1", 0x13, 0x3}], 0x0, &(0x7f0000000000)={[{@fat=@time_offset={'time_offset', 0x3d, 0xfffffffffffffc11}}]}) 07:38:38 executing program 2: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) write$nbd(r0, &(0x7f0000000180)=ANY=[@ANYRES64=r0], 0xe7) 07:38:38 executing program 0: r0 = syz_open_dev$tty20(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b67, 0x0) 07:38:38 executing program 3: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xe7) openat$ttyS3(0xffffffffffffff9c, &(0x7f00000000c0), 0x1e33c0, 0x0) write$nbd(r0, &(0x7f0000000080)={0x67446698, 0x0, 0x4, 0x201, 0x4}, 0x10) r1 = syz_open_dev$tty1(0xc, 0x4, 0x4) ioctl$KDSKBMODE(r1, 0x4b45, 0x0) 07:38:38 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc1040000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 07:38:38 executing program 4: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xe7) r1 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000000c0), 0x1e33c0, 0x0) write$nbd(r0, &(0x7f0000000080)={0x67446698, 0x0, 0x4, 0x201, 0x4}, 0x10) r2 = syz_open_dev$tty1(0xc, 0x4, 0x4) ioctl$KDSKBMODE(r2, 0x4b45, 0x0) ioctl$TIOCMSET(r1, 0x5418, &(0x7f0000000000)=0x20) [ 2827.936122][T16376] loop5: detected capacity change from 0 to 264192 [ 2827.956363][T16376] FAT-fs (loop5): invalid media value (0xe1) [ 2827.962404][T16376] FAT-fs (loop5): Can't find a valid FAT filesystem 07:38:38 executing program 2: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000140), 0xd39b01, 0x0) write$nbd(0xffffffffffffffff, &(0x7f0000000180)=ANY=[@ANYRES64=r0], 0xe7) 07:38:38 executing program 4: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xe7) r1 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000000c0), 0x1e33c0, 0x0) write$nbd(r0, &(0x7f0000000080)={0x67446698, 0x0, 0x4, 0x201, 0x4}, 0x10) r2 = syz_open_dev$tty1(0xc, 0x4, 0x4) ioctl$KDSKBMODE(r2, 0x4b45, 0x0) ioctl$TIOCMSET(r1, 0x5418, &(0x7f0000000000)=0x20) 07:38:38 executing program 0: r0 = syz_open_dev$tty20(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b67, &(0x7f0000000040)={0x0, 0x0}) 07:38:38 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc2000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 2828.049035][T16424] loop5: detected capacity change from 0 to 264192 07:38:39 executing program 3: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xe7) openat$ttyS3(0xffffffffffffff9c, &(0x7f00000000c0), 0x1e33c0, 0x0) write$nbd(r0, &(0x7f0000000080)={0x67446698, 0x0, 0x4, 0x201, 0x4}, 0x10) syz_open_dev$tty1(0xc, 0x4, 0x4) 07:38:39 executing program 4: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xe7) openat$ttyS3(0xffffffffffffff9c, &(0x7f00000000c0), 0x1e33c0, 0x0) write$nbd(r0, &(0x7f0000000080)={0x67446698, 0x0, 0x4, 0x201, 0x4}, 0x10) r1 = syz_open_dev$tty1(0xc, 0x4, 0x4) ioctl$KDSKBMODE(r1, 0x4b45, 0x0) [ 2828.098485][T16424] FAT-fs (loop5): invalid media value (0xe1) [ 2828.104596][T16424] FAT-fs (loop5): Can't find a valid FAT filesystem 07:38:39 executing program 5: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x0, 0x2, &(0x7f0000000440)=[{0x0, 0x0, 0x11b040000}, {&(0x7f0000000400)="b6e4ba5e97a999bfce4e9bf4475031d183cbe1", 0x13, 0x3}], 0x0, &(0x7f0000000000)={[{@fat=@time_offset={'time_offset', 0x3d, 0xfffffffffffffc11}}]}) 07:38:39 executing program 2: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000140), 0xd39b01, 0x0) write$nbd(0xffffffffffffffff, &(0x7f0000000180)=ANY=[@ANYRES64=r0], 0xe7) 07:38:39 executing program 0: r0 = syz_open_dev$tty20(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b67, &(0x7f0000000040)={0x0, 0x0}) 07:38:39 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc2010000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 07:38:39 executing program 3: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xe7) openat$ttyS3(0xffffffffffffff9c, &(0x7f00000000c0), 0x1e33c0, 0x0) write$nbd(r0, &(0x7f0000000080)={0x67446698, 0x0, 0x4, 0x201, 0x4}, 0x10) syz_open_dev$tty1(0xc, 0x4, 0x4) 07:38:39 executing program 4: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xe7) openat$ttyS3(0xffffffffffffff9c, &(0x7f00000000c0), 0x1e33c0, 0x0) write$nbd(r0, &(0x7f0000000080)={0x67446698, 0x0, 0x4, 0x201, 0x4}, 0x10) syz_open_dev$tty1(0xc, 0x4, 0x4) 07:38:39 executing program 2: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000140), 0xd39b01, 0x0) write$nbd(0xffffffffffffffff, &(0x7f0000000180)=ANY=[@ANYRES64=r0], 0xe7) 07:38:39 executing program 3: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xe7) openat$ttyS3(0xffffffffffffff9c, &(0x7f00000000c0), 0x1e33c0, 0x0) write$nbd(r0, &(0x7f0000000080)={0x67446698, 0x0, 0x4, 0x201, 0x4}, 0x10) syz_open_dev$tty1(0xc, 0x4, 0x4) 07:38:39 executing program 4: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xe7) openat$ttyS3(0xffffffffffffff9c, &(0x7f00000000c0), 0x1e33c0, 0x0) write$nbd(r0, &(0x7f0000000080)={0x67446698, 0x0, 0x4, 0x201, 0x4}, 0x10) [ 2828.238159][T16455] loop5: detected capacity change from 0 to 54272 [ 2828.271401][T16455] FAT-fs (loop5): invalid media value (0xe1) [ 2828.277432][T16455] FAT-fs (loop5): Can't find a valid FAT filesystem 07:38:39 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc2020000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 07:38:39 executing program 0: r0 = syz_open_dev$tty20(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b67, &(0x7f0000000040)={0x0, 0x0}) 07:38:39 executing program 2: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000140), 0xd39b01, 0x0) write$nbd(r0, 0x0, 0xe7) 07:38:39 executing program 5: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x0, 0x2, &(0x7f0000000440)=[{0x0, 0x0, 0x120000000}, {&(0x7f0000000400)="b6e4ba5e97a999bfce4e9bf4475031d183cbe1", 0x13, 0x3}], 0x0, &(0x7f0000000000)={[{@fat=@time_offset={'time_offset', 0x3d, 0xfffffffffffffc11}}]}) 07:38:39 executing program 4: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xe7) write$nbd(r0, &(0x7f0000000080)={0x67446698, 0x0, 0x4, 0x201, 0x4}, 0x10) 07:38:39 executing program 3: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xe7) openat$ttyS3(0xffffffffffffff9c, &(0x7f00000000c0), 0x1e33c0, 0x0) write$nbd(r0, &(0x7f0000000080)={0x67446698, 0x0, 0x4, 0x201, 0x4}, 0x10) 07:38:39 executing program 0: r0 = syz_open_dev$tty20(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b67, &(0x7f0000000040)={0x5, &(0x7f0000000000)=[{0xfff7, 0x5a42}, {0x3, 0x6f1}, {0x8001, 0x18}, {0x0, 0xfff8}, {0x3ff, 0x20}]}) 07:38:39 executing program 2: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000140), 0xd39b01, 0x0) write$nbd(r0, 0x0, 0xe7) 07:38:39 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc2030000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 07:38:39 executing program 3: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xe7) write$nbd(r0, &(0x7f0000000080)={0x67446698, 0x0, 0x4, 0x201, 0x4}, 0x10) 07:38:39 executing program 4: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000080)={0x67446698, 0x0, 0x4, 0x201, 0x4}, 0x10) 07:38:39 executing program 0: r0 = syz_open_dev$tty20(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b67, &(0x7f0000000040)={0x4, &(0x7f0000000000)=[{0xfff7, 0x5a42}, {0x3, 0x6f1}, {0x8001, 0x18}, {0x0, 0xfff8}]}) 07:38:39 executing program 3: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000080)={0x67446698, 0x0, 0x4, 0x201, 0x4}, 0x10) 07:38:39 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc2040000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 07:38:39 executing program 2: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000140), 0xd39b01, 0x0) write$nbd(r0, 0x0, 0xe7) [ 2828.453445][T16492] loop5: detected capacity change from 0 to 264192 [ 2828.487117][T16492] FAT-fs (loop5): invalid media value (0xe1) [ 2828.493161][T16492] FAT-fs (loop5): Can't find a valid FAT filesystem 07:38:39 executing program 5: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x0, 0x2, &(0x7f0000000440)=[{0x0, 0x0, 0x120100000}, {&(0x7f0000000400)="b6e4ba5e97a999bfce4e9bf4475031d183cbe1", 0x13, 0x3}], 0x0, &(0x7f0000000000)={[{@fat=@time_offset={'time_offset', 0x3d, 0xfffffffffffffc11}}]}) 07:38:39 executing program 4: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000080)={0x67446698, 0x0, 0x4, 0x201, 0x4}, 0x10) 07:38:39 executing program 3: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000080)={0x67446698, 0x0, 0x4, 0x201, 0x4}, 0x10) 07:38:39 executing program 2: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000140), 0xd39b01, 0x0) write$nbd(r0, &(0x7f0000000180)=ANY=[], 0xe7) 07:38:39 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc3000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 07:38:39 executing program 0: r0 = syz_open_dev$tty20(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b67, &(0x7f0000000040)={0x3, &(0x7f0000000000)=[{0xfff7, 0x5a42}, {0x3, 0x6f1}, {0x8001, 0x18}]}) [ 2828.563286][T16492] loop5: detected capacity change from 0 to 264192 [ 2828.581220][T16492] FAT-fs (loop5): invalid media value (0xe1) [ 2828.587222][T16492] FAT-fs (loop5): Can't find a valid FAT filesystem 07:38:39 executing program 3: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000080)={0x67446698, 0x0, 0x4, 0x201, 0x4}, 0x10) 07:38:39 executing program 4: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000080)={0x67446698, 0x0, 0x4, 0x201, 0x4}, 0x10) 07:38:39 executing program 2: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000080)={0x67446698, 0x0, 0x4, 0x201, 0x4}, 0x10) 07:38:39 executing program 0: r0 = syz_open_dev$tty20(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b67, &(0x7f0000000040)={0x2, &(0x7f0000000000)=[{0xfff7, 0x5a42}, {0x3, 0x6f1}]}) 07:38:39 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc3010000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 2828.687264][T16534] loop5: detected capacity change from 0 to 264192 07:38:39 executing program 3: write$nbd(0xffffffffffffffff, &(0x7f0000000480)=ANY=[], 0xe7) write$nbd(0xffffffffffffffff, &(0x7f0000000080)={0x67446698, 0x0, 0x4, 0x201, 0x4}, 0x10) [ 2828.733830][T16534] FAT-fs (loop5): invalid media value (0xe1) [ 2828.739843][T16534] FAT-fs (loop5): Can't find a valid FAT filesystem 07:38:39 executing program 5: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x0, 0x2, &(0x7f0000000440)=[{0x0, 0x0, 0x122000000}, {&(0x7f0000000400)="b6e4ba5e97a999bfce4e9bf4475031d183cbe1", 0x13, 0x3}], 0x0, &(0x7f0000000000)={[{@fat=@time_offset={'time_offset', 0x3d, 0xfffffffffffffc11}}]}) 07:38:39 executing program 4: write$nbd(0xffffffffffffffff, &(0x7f0000000480)=ANY=[], 0xe7) write$nbd(0xffffffffffffffff, &(0x7f0000000080)={0x67446698, 0x0, 0x4, 0x201, 0x4}, 0x10) 07:38:39 executing program 2: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000080)={0x67446698, 0x0, 0x4, 0x201, 0x4}, 0x10) 07:38:39 executing program 0: r0 = syz_open_dev$tty20(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b67, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0xfff7, 0x5a42}]}) 07:38:39 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc3020000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 07:38:39 executing program 3: write$nbd(0xffffffffffffffff, &(0x7f0000000480)=ANY=[], 0xe7) write$nbd(0xffffffffffffffff, &(0x7f0000000080)={0x67446698, 0x0, 0x4, 0x201, 0x4}, 0x10) [ 2828.830485][T16534] loop5: detected capacity change from 0 to 264192 [ 2828.837416][T16534] FAT-fs (loop5): invalid media value (0xe1) [ 2828.843439][T16534] FAT-fs (loop5): Can't find a valid FAT filesystem 07:38:39 executing program 2: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000080)={0x67446698, 0x0, 0x4, 0x201, 0x4}, 0x10) 07:38:39 executing program 4: write$nbd(0xffffffffffffffff, &(0x7f0000000480)=ANY=[], 0xe7) write$nbd(0xffffffffffffffff, &(0x7f0000000080)={0x67446698, 0x0, 0x4, 0x201, 0x4}, 0x10) 07:38:39 executing program 0: r0 = syz_open_dev$tty20(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b67, &(0x7f0000000040)) 07:38:39 executing program 3: write$nbd(0xffffffffffffffff, &(0x7f0000000480)=ANY=[], 0xe7) write$nbd(0xffffffffffffffff, &(0x7f0000000080)={0x67446698, 0x0, 0x4, 0x201, 0x4}, 0x10) 07:38:39 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc3030000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 07:38:39 executing program 2: write$nbd(0xffffffffffffffff, &(0x7f0000000080)={0x67446698, 0x0, 0x4, 0x201, 0x4}, 0x10) [ 2828.957276][T16582] loop5: detected capacity change from 0 to 264192 [ 2828.985270][T16582] FAT-fs (loop5): invalid media value (0xe1) [ 2828.991319][T16582] FAT-fs (loop5): Can't find a valid FAT filesystem 07:38:40 executing program 5: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x0, 0x2, &(0x7f0000000440)=[{0x0, 0x0, 0x125000000}, {&(0x7f0000000400)="b6e4ba5e97a999bfce4e9bf4475031d183cbe1", 0x13, 0x3}], 0x0, &(0x7f0000000000)={[{@fat=@time_offset={'time_offset', 0x3d, 0xfffffffffffffc11}}]}) 07:38:40 executing program 3: r0 = openat$bsg(0xffffffffffffff9c, 0x0, 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xe7) write$nbd(r0, &(0x7f0000000080)={0x67446698, 0x0, 0x4, 0x201, 0x4}, 0x10) 07:38:40 executing program 4: write$nbd(0xffffffffffffffff, &(0x7f0000000480)=ANY=[], 0xe7) write$nbd(0xffffffffffffffff, &(0x7f0000000080)={0x67446698, 0x0, 0x4, 0x201, 0x4}, 0x10) 07:38:40 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc3040000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 07:38:40 executing program 0: r0 = syz_open_dev$tty20(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b67, &(0x7f0000000040)) 07:38:40 executing program 2: write$nbd(0xffffffffffffffff, &(0x7f0000000080)={0x67446698, 0x0, 0x4, 0x201, 0x4}, 0x10) [ 2829.053356][T16582] loop5: detected capacity change from 0 to 264192 [ 2829.060427][T16582] FAT-fs (loop5): invalid media value (0xe1) [ 2829.066448][T16582] FAT-fs (loop5): Can't find a valid FAT filesystem 07:38:40 executing program 2: write$nbd(0xffffffffffffffff, &(0x7f0000000080)={0x67446698, 0x0, 0x4, 0x201, 0x4}, 0x10) 07:38:40 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc4000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 2829.150562][T16613] loop5: detected capacity change from 0 to 180224 07:38:40 executing program 0: r0 = syz_open_dev$tty20(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b67, &(0x7f0000000040)) 07:38:40 executing program 3: r0 = openat$bsg(0xffffffffffffff9c, 0x0, 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xe7) write$nbd(r0, &(0x7f0000000080)={0x67446698, 0x0, 0x4, 0x201, 0x4}, 0x10) 07:38:40 executing program 2: r0 = openat$bsg(0xffffffffffffff9c, 0x0, 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000080)={0x67446698, 0x0, 0x4, 0x201, 0x4}, 0x10) 07:38:40 executing program 4: r0 = openat$bsg(0xffffffffffffff9c, 0x0, 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xe7) write$nbd(r0, &(0x7f0000000080)={0x67446698, 0x0, 0x4, 0x201, 0x4}, 0x10) [ 2829.195947][T16613] FAT-fs (loop5): invalid media value (0xe1) [ 2829.202076][T16613] FAT-fs (loop5): Can't find a valid FAT filesystem 07:38:40 executing program 5: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x0, 0x2, &(0x7f0000000440)=[{0x0, 0x0, 0x13f000000}, {&(0x7f0000000400)="b6e4ba5e97a999bfce4e9bf4475031d183cbe1", 0x13, 0x3}], 0x0, &(0x7f0000000000)={[{@fat=@time_offset={'time_offset', 0x3d, 0xfffffffffffffc11}}]}) 07:38:40 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc4010000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 07:38:40 executing program 3: r0 = openat$bsg(0xffffffffffffff9c, 0x0, 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xe7) write$nbd(r0, &(0x7f0000000080)={0x67446698, 0x0, 0x4, 0x201, 0x4}, 0x10) 07:38:40 executing program 0: r0 = syz_open_dev$tty20(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b67, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x0, 0x5a42}]}) 07:38:40 executing program 4: r0 = openat$bsg(0xffffffffffffff9c, 0x0, 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xe7) write$nbd(r0, &(0x7f0000000080)={0x67446698, 0x0, 0x4, 0x201, 0x4}, 0x10) 07:38:40 executing program 2: r0 = openat$bsg(0xffffffffffffff9c, 0x0, 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000080)={0x67446698, 0x0, 0x4, 0x201, 0x4}, 0x10) 07:38:40 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc4020000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 2829.337868][T16645] loop5: detected capacity change from 0 to 264192 07:38:40 executing program 3: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xe7) write$nbd(r0, &(0x7f0000000080)={0x67446698, 0x0, 0x4, 0x201, 0x4}, 0x10) 07:38:40 executing program 4: r0 = openat$bsg(0xffffffffffffff9c, 0x0, 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xe7) write$nbd(r0, &(0x7f0000000080)={0x67446698, 0x0, 0x4, 0x201, 0x4}, 0x10) 07:38:40 executing program 0: r0 = syz_open_dev$tty20(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b67, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) [ 2829.387214][T16645] FAT-fs (loop5): invalid media value (0xe1) [ 2829.393302][T16645] FAT-fs (loop5): Can't find a valid FAT filesystem 07:38:40 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc4030000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 07:38:40 executing program 2: r0 = openat$bsg(0xffffffffffffff9c, 0x0, 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000080)={0x67446698, 0x0, 0x4, 0x201, 0x4}, 0x10) [ 2829.459884][T16645] loop5: detected capacity change from 0 to 264192 [ 2829.480293][T16645] FAT-fs (loop5): invalid media value (0xe1) [ 2829.486338][T16645] FAT-fs (loop5): Can't find a valid FAT filesystem 07:38:40 executing program 5: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x0, 0x2, &(0x7f0000000440)=[{0x0, 0x0, 0x140000000}, {&(0x7f0000000400)="b6e4ba5e97a999bfce4e9bf4475031d183cbe1", 0x13, 0x3}], 0x0, &(0x7f0000000000)={[{@fat=@time_offset={'time_offset', 0x3d, 0xfffffffffffffc11}}]}) 07:38:40 executing program 4: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xe7) write$nbd(r0, &(0x7f0000000080)={0x67446698, 0x0, 0x4, 0x201, 0x4}, 0x10) 07:38:40 executing program 3: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xe7) write$nbd(r0, &(0x7f0000000080)={0x67446698, 0x0, 0x4, 0x201, 0x4}, 0x10) 07:38:40 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc4040000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 07:38:40 executing program 0: r0 = syz_open_dev$tty20(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b67, &(0x7f0000000040)={0x4, &(0x7f0000000000)=[{0xfff7, 0x5a42}, {0x3, 0x6f1}, {0x8001}, {}]}) 07:38:40 executing program 2: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) write$nbd(r0, &(0x7f0000000080)={0x67446698, 0x0, 0x4, 0x201, 0x4}, 0x10) 07:38:40 executing program 0: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0x7ffff000) 07:38:40 executing program 2: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) write$nbd(r0, &(0x7f0000000080)={0x67446698, 0x0, 0x4, 0x201, 0x4}, 0x10) 07:38:40 executing program 3: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xe7) write$nbd(r0, &(0x7f0000000080)={0x67446698, 0x0, 0x4, 0x201, 0x4}, 0x10) [ 2829.596973][T16692] loop5: detected capacity change from 0 to 264192 [ 2829.624605][T16692] FAT-fs (loop5): invalid media value (0xe1) [ 2829.630615][T16692] FAT-fs (loop5): Can't find a valid FAT filesystem 07:38:40 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc5000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 07:38:40 executing program 4: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xe7) write$nbd(r0, &(0x7f0000000080)={0x67446698, 0x0, 0x4, 0x201, 0x4}, 0x10) [ 2829.674613][T16692] loop5: detected capacity change from 0 to 264192 [ 2829.691422][T16692] FAT-fs (loop5): invalid media value (0xe1) [ 2829.697461][T16692] FAT-fs (loop5): Can't find a valid FAT filesystem 07:38:40 executing program 3: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(0xffffffffffffffff, &(0x7f0000000480)=ANY=[], 0xe7) write$nbd(r0, &(0x7f0000000080)={0x67446698, 0x0, 0x4, 0x201, 0x4}, 0x10) 07:38:40 executing program 5: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x0, 0x2, &(0x7f0000000440)=[{0x0, 0x0, 0x140000800}, {&(0x7f0000000400)="b6e4ba5e97a999bfce4e9bf4475031d183cbe1", 0x13, 0x3}], 0x0, &(0x7f0000000000)={[{@fat=@time_offset={'time_offset', 0x3d, 0xfffffffffffffc11}}]}) 07:38:40 executing program 2: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) write$nbd(r0, &(0x7f0000000080)={0x67446698, 0x0, 0x4, 0x201, 0x4}, 0x10) 07:38:40 executing program 4: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xe7) write$nbd(r0, &(0x7f0000000080)={0x67446698, 0x0, 0x4, 0x201, 0x4}, 0x10) 07:38:40 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc5010000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 07:38:40 executing program 3: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(0xffffffffffffffff, &(0x7f0000000480)=ANY=[], 0xe7) write$nbd(r0, &(0x7f0000000080)={0x67446698, 0x0, 0x4, 0x201, 0x4}, 0x10) 07:38:40 executing program 2: openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(0xffffffffffffffff, &(0x7f0000000080)={0x67446698, 0x0, 0x4, 0x201, 0x4}, 0x10) [ 2829.840611][T16732] loop5: detected capacity change from 0 to 264192 [ 2829.884493][T16732] FAT-fs (loop5): invalid media value (0xe1) [ 2829.890530][T16732] FAT-fs (loop5): Can't find a valid FAT filesystem 07:38:40 executing program 0: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0x7ffff000) 07:38:40 executing program 4: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(0xffffffffffffffff, &(0x7f0000000480)=ANY=[], 0xe7) write$nbd(r0, &(0x7f0000000080)={0x67446698, 0x0, 0x4, 0x201, 0x4}, 0x10) 07:38:40 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc5020000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 07:38:40 executing program 2: openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(0xffffffffffffffff, &(0x7f0000000080)={0x67446698, 0x0, 0x4, 0x201, 0x4}, 0x10) 07:38:40 executing program 3: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(0xffffffffffffffff, &(0x7f0000000480)=ANY=[], 0xe7) write$nbd(r0, &(0x7f0000000080)={0x67446698, 0x0, 0x4, 0x201, 0x4}, 0x10) 07:38:40 executing program 5: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x0, 0x2, &(0x7f0000000440)=[{0x0, 0x0, 0x143020000}, {&(0x7f0000000400)="b6e4ba5e97a999bfce4e9bf4475031d183cbe1", 0x13, 0x3}], 0x0, &(0x7f0000000000)={[{@fat=@time_offset={'time_offset', 0x3d, 0xfffffffffffffc11}}]}) [ 2829.957147][T16732] loop5: detected capacity change from 0 to 264192 [ 2829.964422][T16732] FAT-fs (loop5): invalid media value (0xe1) [ 2829.970521][T16732] FAT-fs (loop5): Can't find a valid FAT filesystem 07:38:40 executing program 3: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, 0x0, 0xe7) write$nbd(r0, &(0x7f0000000080)={0x67446698, 0x0, 0x4, 0x201, 0x4}, 0x10) 07:38:40 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc5030000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 2830.041098][T16757] loop5: detected capacity change from 0 to 33280 [ 2830.079541][T16757] FAT-fs (loop5): invalid media value (0xe1) 07:38:40 executing program 4: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(0xffffffffffffffff, &(0x7f0000000480)=ANY=[], 0xe7) write$nbd(r0, &(0x7f0000000080)={0x67446698, 0x0, 0x4, 0x201, 0x4}, 0x10) 07:38:41 executing program 2: openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(0xffffffffffffffff, &(0x7f0000000080)={0x67446698, 0x0, 0x4, 0x201, 0x4}, 0x10) [ 2830.085721][T16757] FAT-fs (loop5): Can't find a valid FAT filesystem 07:38:41 executing program 3: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, 0x0, 0xe7) write$nbd(r0, &(0x7f0000000080)={0x67446698, 0x0, 0x4, 0x201, 0x4}, 0x10) 07:38:41 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc5040000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 2830.183302][T16757] loop5: detected capacity change from 0 to 33280 [ 2830.201153][T16757] FAT-fs (loop5): invalid media value (0xe1) [ 2830.207208][T16757] FAT-fs (loop5): Can't find a valid FAT filesystem 07:38:41 executing program 0: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0x7ffff000) 07:38:41 executing program 4: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(0xffffffffffffffff, &(0x7f0000000480)=ANY=[], 0xe7) write$nbd(r0, &(0x7f0000000080)={0x67446698, 0x0, 0x4, 0x201, 0x4}, 0x10) 07:38:41 executing program 2: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, 0x0, 0x0) 07:38:41 executing program 3: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, 0x0, 0xe7) write$nbd(r0, &(0x7f0000000080)={0x67446698, 0x0, 0x4, 0x201, 0x4}, 0x10) 07:38:41 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc6000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 07:38:41 executing program 5: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x0, 0x2, &(0x7f0000000440)=[{0x0, 0x0, 0x144020000}, {&(0x7f0000000400)="b6e4ba5e97a999bfce4e9bf4475031d183cbe1", 0x13, 0x3}], 0x0, &(0x7f0000000000)={[{@fat=@time_offset={'time_offset', 0x3d, 0xfffffffffffffc11}}]}) 07:38:41 executing program 4: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, 0x0, 0xe7) write$nbd(r0, &(0x7f0000000080)={0x67446698, 0x0, 0x4, 0x201, 0x4}, 0x10) 07:38:41 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc6010000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 07:38:41 executing program 3: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xe7) write$nbd(0xffffffffffffffff, &(0x7f0000000080)={0x67446698, 0x0, 0x4, 0x201, 0x4}, 0x10) 07:38:41 executing program 2: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, 0x0, 0x0) [ 2830.353918][T16801] loop5: detected capacity change from 0 to 98816 [ 2830.384306][T16801] FAT-fs (loop5): invalid media value (0xe1) [ 2830.390418][T16801] FAT-fs (loop5): Can't find a valid FAT filesystem 07:38:41 executing program 4: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, 0x0, 0xe7) write$nbd(r0, &(0x7f0000000080)={0x67446698, 0x0, 0x4, 0x201, 0x4}, 0x10) 07:38:41 executing program 3: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xe7) write$nbd(0xffffffffffffffff, &(0x7f0000000080)={0x67446698, 0x0, 0x4, 0x201, 0x4}, 0x10) [ 2830.505456][T16801] loop5: detected capacity change from 0 to 98816 [ 2830.523356][T16801] FAT-fs (loop5): invalid media value (0xe1) [ 2830.529379][T16801] FAT-fs (loop5): Can't find a valid FAT filesystem 07:38:41 executing program 0: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, 0x0, 0xe7) write$nbd(r0, &(0x7f0000000080)={0x67446698, 0x0, 0x4, 0x201, 0x4}, 0x10) 07:38:41 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc6020000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 07:38:41 executing program 2: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, 0x0, 0x0) 07:38:41 executing program 4: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, 0x0, 0xe7) write$nbd(r0, &(0x7f0000000080)={0x67446698, 0x0, 0x4, 0x201, 0x4}, 0x10) 07:38:41 executing program 3: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xe7) write$nbd(0xffffffffffffffff, &(0x7f0000000080)={0x67446698, 0x0, 0x4, 0x201, 0x4}, 0x10) 07:38:41 executing program 5: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x0, 0x2, &(0x7f0000000440)=[{0x0, 0x0, 0x145020000}, {&(0x7f0000000400)="b6e4ba5e97a999bfce4e9bf4475031d183cbe1", 0x13, 0x3}], 0x0, &(0x7f0000000000)={[{@fat=@time_offset={'time_offset', 0x3d, 0xfffffffffffffc11}}]}) 07:38:41 executing program 4: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xe7) write$nbd(0xffffffffffffffff, &(0x7f0000000080)={0x67446698, 0x0, 0x4, 0x201, 0x4}, 0x10) 07:38:41 executing program 0: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, 0x0, 0xe7) write$nbd(r0, &(0x7f0000000080)={0x67446698, 0x0, 0x4, 0x201, 0x4}, 0x10) 07:38:41 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc6030000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 2830.675847][T16845] loop5: detected capacity change from 0 to 164352 07:38:41 executing program 2: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000080)={0x67446698, 0x0, 0x0, 0x201, 0x4}, 0x10) 07:38:41 executing program 3: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xe7) write$nbd(r0, 0x0, 0x0) [ 2830.721690][T16845] FAT-fs (loop5): invalid media value (0xe1) [ 2830.727707][T16845] FAT-fs (loop5): Can't find a valid FAT filesystem 07:38:41 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc6040000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 07:38:41 executing program 4: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xe7) write$nbd(0xffffffffffffffff, &(0x7f0000000080)={0x67446698, 0x0, 0x4, 0x201, 0x4}, 0x10) 07:38:41 executing program 0: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, 0x0, 0xe7) write$nbd(r0, &(0x7f0000000080)={0x67446698, 0x0, 0x4, 0x201, 0x4}, 0x10) 07:38:41 executing program 3: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xe7) write$nbd(r0, 0x0, 0x0) 07:38:41 executing program 2: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000080)={0x67446698, 0x0, 0x0, 0x0, 0x4}, 0x10) 07:38:41 executing program 5: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x0, 0x2, &(0x7f0000000440)=[{0x0, 0x0, 0x148000000}, {&(0x7f0000000400)="b6e4ba5e97a999bfce4e9bf4475031d183cbe1", 0x13, 0x3}], 0x0, &(0x7f0000000000)={[{@fat=@time_offset={'time_offset', 0x3d, 0xfffffffffffffc11}}]}) 07:38:41 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc7000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 07:38:41 executing program 4: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xe7) write$nbd(0xffffffffffffffff, &(0x7f0000000080)={0x67446698, 0x0, 0x4, 0x201, 0x4}, 0x10) 07:38:41 executing program 2: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000080), 0x10) 07:38:41 executing program 0: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000080)={0x67446698, 0x0, 0x4, 0x201, 0x4}, 0x10) 07:38:41 executing program 3: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xe7) write$nbd(r0, 0x0, 0x0) [ 2830.898337][T16884] loop5: detected capacity change from 0 to 264192 [ 2830.937720][T16884] FAT-fs (loop5): invalid media value (0xe1) [ 2830.943777][T16884] FAT-fs (loop5): Can't find a valid FAT filesystem 07:38:41 executing program 0: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000080)={0x67446698, 0x0, 0x4, 0x201, 0x4}, 0x10) 07:38:41 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc7010000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 07:38:41 executing program 4: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xe7) write$nbd(r0, 0x0, 0x0) 07:38:41 executing program 2: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(0xffffffffffffffff, &(0x7f0000000480)=ANY=[], 0xe7) write$nbd(r0, &(0x7f0000000080)={0x67446698, 0x0, 0x4, 0x201, 0x4}, 0x10) 07:38:41 executing program 3: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xe7) write$nbd(r0, &(0x7f0000000080)={0x67446698, 0x0, 0x0, 0x201, 0x4}, 0x10) 07:38:41 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc7020000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 2831.007291][T16884] loop5: detected capacity change from 0 to 264192 [ 2831.027552][T16884] FAT-fs (loop5): invalid media value (0xe1) [ 2831.033587][T16884] FAT-fs (loop5): Can't find a valid FAT filesystem 07:38:42 executing program 5: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x0, 0x2, &(0x7f0000000440)=[{0x0, 0x0, 0x14c000000}, {&(0x7f0000000400)="b6e4ba5e97a999bfce4e9bf4475031d183cbe1", 0x13, 0x3}], 0x0, &(0x7f0000000000)={[{@fat=@time_offset={'time_offset', 0x3d, 0xfffffffffffffc11}}]}) 07:38:42 executing program 0: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000080)={0x67446698, 0x0, 0x4, 0x201, 0x4}, 0x10) 07:38:42 executing program 2: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x0, 0x2, &(0x7f0000000440)=[{0x0, 0x0, 0x140000800}, {&(0x7f0000000400)="b6e4ba5e97a999bfce4e9bf4475031d183cbe1", 0x13, 0x3}], 0x0, &(0x7f0000000000)={[{@fat=@time_offset={'time_offset', 0x3d, 0xfffffffffffffc11}}]}) 07:38:42 executing program 4: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xe7) write$nbd(r0, 0x0, 0x0) 07:38:42 executing program 3: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xe7) write$nbd(r0, &(0x7f0000000080)={0x67446698, 0x0, 0x0, 0x0, 0x4}, 0x10) 07:38:42 executing program 0: write$nbd(0xffffffffffffffff, 0x0, 0xe7) write$nbd(0xffffffffffffffff, &(0x7f0000000080)={0x67446698, 0x0, 0x4, 0x201, 0x4}, 0x10) 07:38:42 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc7030000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 07:38:42 executing program 3: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xe7) write$nbd(r0, &(0x7f0000000080), 0x10) 07:38:42 executing program 2: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xfffffdef) ioctl$KDGKBMETA(0xffffffffffffffff, 0x4b62, 0x0) 07:38:42 executing program 4: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xe7) write$nbd(r0, 0x0, 0x0) [ 2831.137707][T16927] loop5: detected capacity change from 0 to 94208 [ 2831.166784][T16927] FAT-fs (loop5): invalid media value (0xe1) [ 2831.172839][T16927] FAT-fs (loop5): Can't find a valid FAT filesystem 07:38:42 executing program 0: write$nbd(0xffffffffffffffff, 0x0, 0xe7) write$nbd(0xffffffffffffffff, &(0x7f0000000080)={0x67446698, 0x0, 0x4, 0x201, 0x4}, 0x10) 07:38:42 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc7040000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 07:38:42 executing program 5: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x0, 0x2, &(0x7f0000000440)=[{0x0, 0x0, 0x160000000}, {&(0x7f0000000400)="b6e4ba5e97a999bfce4e9bf4475031d183cbe1", 0x13, 0x3}], 0x0, &(0x7f0000000000)={[{@fat=@time_offset={'time_offset', 0x3d, 0xfffffffffffffc11}}]}) 07:38:42 executing program 3: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xe7) write$nbd(r0, &(0x7f0000000080), 0x10) 07:38:42 executing program 4: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xe7) write$nbd(r0, &(0x7f0000000080)={0x67446698, 0x0, 0x0, 0x201, 0x4}, 0x10) 07:38:42 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc8000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 2831.234293][T16927] loop5: detected capacity change from 0 to 94208 [ 2831.254523][T16927] FAT-fs (loop5): invalid media value (0xe1) [ 2831.260540][T16927] FAT-fs (loop5): Can't find a valid FAT filesystem 07:38:42 executing program 0: write$nbd(0xffffffffffffffff, 0x0, 0xe7) write$nbd(0xffffffffffffffff, &(0x7f0000000080)={0x67446698, 0x0, 0x4, 0x201, 0x4}, 0x10) 07:38:42 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc8010000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 07:38:42 executing program 4: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xe7) write$nbd(r0, &(0x7f0000000080)={0x67446698, 0x0, 0x0, 0x0, 0x4}, 0x10) 07:38:42 executing program 3: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xe7) write$nbd(r0, &(0x7f0000000080), 0x10) [ 2831.378136][T16965] loop5: detected capacity change from 0 to 264192 [ 2831.413553][T16965] FAT-fs (loop5): invalid media value (0xe1) [ 2831.419622][T16965] FAT-fs (loop5): Can't find a valid FAT filesystem [ 2831.485422][T16965] loop5: detected capacity change from 0 to 264192 [ 2831.516673][T16965] FAT-fs (loop5): invalid media value (0xe1) [ 2831.522706][T16965] FAT-fs (loop5): Can't find a valid FAT filesystem 07:38:42 executing program 2: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xfffffdef) ioctl$KDGKBMETA(0xffffffffffffffff, 0x4b62, 0x0) 07:38:42 executing program 0: r0 = openat$bsg(0xffffffffffffff9c, 0x0, 0x4d0501, 0x0) write$nbd(r0, 0x0, 0xe7) write$nbd(r0, &(0x7f0000000080)={0x67446698, 0x0, 0x4, 0x201, 0x4}, 0x10) 07:38:42 executing program 4: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xe7) write$nbd(r0, &(0x7f0000000080), 0x10) 07:38:42 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc8020000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 07:38:42 executing program 5: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x0, 0x2, &(0x7f0000000440)=[{0x0, 0x0, 0x168000000}, {&(0x7f0000000400)="b6e4ba5e97a999bfce4e9bf4475031d183cbe1", 0x13, 0x3}], 0x0, &(0x7f0000000000)={[{@fat=@time_offset={'time_offset', 0x3d, 0xfffffffffffffc11}}]}) 07:38:42 executing program 3: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) syz_io_uring_setup(0x970, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x1e3}, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000bfe000/0x400000)=nil, &(0x7f0000000200), 0x0) write$nbd(r0, 0x0, 0xe7) r1 = socket$nl_generic(0x10, 0x3, 0x10) getsockname$packet(r0, &(0x7f0000000040)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @random}, &(0x7f0000000080)=0x14) setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r1, 0x10e, 0x1, &(0x7f0000000000)=0x7, 0x4) socket$packet(0x11, 0x2, 0x300) 07:38:42 executing program 4: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, 0x0, 0x7fffffffffffffff) 07:38:42 executing program 0: r0 = openat$bsg(0xffffffffffffff9c, 0x0, 0x4d0501, 0x0) write$nbd(r0, 0x0, 0xe7) write$nbd(r0, &(0x7f0000000080)={0x67446698, 0x0, 0x4, 0x201, 0x4}, 0x10) 07:38:42 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc8030000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 2831.679706][T17005] loop5: detected capacity change from 0 to 264192 07:38:42 executing program 0: r0 = openat$bsg(0xffffffffffffff9c, 0x0, 0x4d0501, 0x0) write$nbd(r0, 0x0, 0xe7) write$nbd(r0, &(0x7f0000000080)={0x67446698, 0x0, 0x4, 0x201, 0x4}, 0x10) 07:38:42 executing program 4: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, 0x0, 0x7fffffffffffffff) 07:38:42 executing program 3 (fault-call:2 fault-nth:0): r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xe7) write$nbd(r0, &(0x7f0000000080), 0x10) [ 2831.727047][T17005] FAT-fs (loop5): invalid media value (0xe1) [ 2831.733090][T17005] FAT-fs (loop5): Can't find a valid FAT filesystem [ 2831.801408][T17024] FAULT_INJECTION: forcing a failure. [ 2831.801408][T17024] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2831.814492][T17024] CPU: 0 PID: 17024 Comm: syz-executor.3 Not tainted 5.14.0-rc4-syzkaller #0 [ 2831.823254][T17024] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2831.833317][T17024] Call Trace: [ 2831.836604][T17024] dump_stack_lvl+0xb7/0x103 [ 2831.841359][T17024] dump_stack+0x11/0x1a [ 2831.845506][T17024] should_fail+0x23c/0x250 [ 2831.849991][T17024] should_fail_usercopy+0x16/0x20 [ 2831.855272][T17024] copy_page_from_iter_atomic+0x2c1/0xba0 [ 2831.861028][T17024] ? shmem_write_begin+0x7e/0x100 [ 2831.866058][T17024] generic_perform_write+0x1df/0x3c0 [ 2831.871407][T17024] __generic_file_write_iter+0x161/0x300 [ 2831.877129][T17024] ? generic_write_checks+0x250/0x290 [ 2831.882623][T17024] generic_file_write_iter+0x75/0x130 [ 2831.887998][T17024] vfs_write+0x69d/0x770 [ 2831.892239][T17024] ksys_write+0xce/0x180 [ 2831.896474][T17024] __x64_sys_write+0x3e/0x50 [ 2831.901123][T17024] do_syscall_64+0x3d/0x90 [ 2831.905536][T17024] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 2831.911441][T17024] RIP: 0033:0x4665e9 [ 2831.915382][T17024] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2831.935064][T17024] RSP: 002b:00007fa6ab5bc188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2831.943523][T17024] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665e9 07:38:42 executing program 2: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xfffffdef) ioctl$KDGKBMETA(0xffffffffffffffff, 0x4b62, 0x0) 07:38:42 executing program 4: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, 0x0, 0x7fffffffffffffff) 07:38:42 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc8040000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 07:38:42 executing program 0: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) write$nbd(r0, 0x0, 0xe7) write$nbd(r0, &(0x7f0000000080)={0x67446698, 0x0, 0x4, 0x201, 0x4}, 0x10) [ 2831.951489][T17024] RDX: 0000000000000010 RSI: 0000000020000080 RDI: 0000000000000003 [ 2831.959505][T17024] RBP: 00007fa6ab5bc1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2831.967478][T17024] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 2831.975508][T17024] R13: 00007ffdb17ae3ff R14: 00007fa6ab5bc300 R15: 0000000000022000 07:38:42 executing program 5: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x0, 0x2, &(0x7f0000000440)=[{0x0, 0x0, 0x16c000000}, {&(0x7f0000000400)="b6e4ba5e97a999bfce4e9bf4475031d183cbe1", 0x13, 0x3}], 0x0, &(0x7f0000000000)={[{@fat=@time_offset={'time_offset', 0x3d, 0xfffffffffffffc11}}]}) 07:38:42 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc9000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 07:38:42 executing program 4: write$nbd(0xffffffffffffffff, 0x0, 0x7fffffffffffffff) 07:38:42 executing program 0: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) write$nbd(r0, 0x0, 0xe7) write$nbd(r0, &(0x7f0000000080)={0x67446698, 0x0, 0x4, 0x201, 0x4}, 0x10) 07:38:42 executing program 3 (fault-call:2 fault-nth:1): r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xe7) write$nbd(r0, &(0x7f0000000080), 0x10) [ 2832.003057][T17005] loop5: detected capacity change from 0 to 264192 [ 2832.017232][T17005] FAT-fs (loop5): invalid media value (0xe1) [ 2832.023363][T17005] FAT-fs (loop5): Can't find a valid FAT filesystem 07:38:43 executing program 0: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) write$nbd(r0, 0x0, 0xe7) write$nbd(r0, &(0x7f0000000080)={0x67446698, 0x0, 0x4, 0x201, 0x4}, 0x10) 07:38:43 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc9010000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 2832.126769][T17059] FAULT_INJECTION: forcing a failure. [ 2832.126769][T17059] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2832.134723][T17060] loop5: detected capacity change from 0 to 77824 [ 2832.139946][T17059] CPU: 0 PID: 17059 Comm: syz-executor.3 Not tainted 5.14.0-rc4-syzkaller #0 [ 2832.155121][T17059] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2832.165203][T17059] Call Trace: [ 2832.168491][T17059] dump_stack_lvl+0xb7/0x103 07:38:43 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc9020000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 2832.173165][T17059] dump_stack+0x11/0x1a [ 2832.177320][T17059] should_fail+0x23c/0x250 [ 2832.181326][T17060] FAT-fs (loop5): invalid media value (0xe1) [ 2832.181735][T17059] should_fail_usercopy+0x16/0x20 [ 2832.187767][T17060] FAT-fs (loop5): Can't find a valid FAT filesystem [ 2832.192772][T17059] _copy_to_user+0x1c/0x90 [ 2832.192793][T17059] simple_read_from_buffer+0xab/0x120 [ 2832.210764][T17059] proc_fail_nth_read+0xf6/0x140 [ 2832.215786][T17059] ? rw_verify_area+0x136/0x250 [ 2832.220688][T17059] ? proc_fault_inject_write+0x200/0x200 [ 2832.226358][T17059] vfs_read+0x154/0x5d0 [ 2832.230510][T17059] ? __fget_light+0x21b/0x260 [ 2832.235186][T17059] ? __cond_resched+0x11/0x40 [ 2832.239866][T17059] ksys_read+0xce/0x180 [ 2832.244020][T17059] __x64_sys_read+0x3e/0x50 [ 2832.248519][T17059] do_syscall_64+0x3d/0x90 [ 2832.252994][T17059] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 2832.258919][T17059] RIP: 0033:0x41936c [ 2832.262852][T17059] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 fc ff ff 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 2f fd ff ff 48 [ 2832.282958][T17059] RSP: 002b:00007fa6ab5bc170 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 2832.291549][T17059] RAX: ffffffffffffffda RBX: 0000000000000010 RCX: 000000000041936c [ 2832.299530][T17059] RDX: 000000000000000f RSI: 00007fa6ab5bc1e0 RDI: 0000000000000004 [ 2832.307516][T17059] RBP: 00007fa6ab5bc1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2832.315540][T17059] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 2832.323512][T17059] R13: 00007ffdb17ae3ff R14: 00007fa6ab5bc300 R15: 0000000000022000 07:38:43 executing program 2: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xfffffdef) 07:38:43 executing program 4: write$nbd(0xffffffffffffffff, 0x0, 0x7fffffffffffffff) 07:38:43 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc9030000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 07:38:43 executing program 0: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0xe7) write$nbd(r0, &(0x7f0000000080)={0x67446698, 0x0, 0x4, 0x201, 0x4}, 0x10) 07:38:43 executing program 5: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x0, 0x2, &(0x7f0000000440)=[{0x0, 0x0, 0x174000000}, {&(0x7f0000000400)="b6e4ba5e97a999bfce4e9bf4475031d183cbe1", 0x13, 0x3}], 0x0, &(0x7f0000000000)={[{@fat=@time_offset={'time_offset', 0x3d, 0xfffffffffffffc11}}]}) 07:38:43 executing program 3: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xe7) write$nbd(r0, &(0x7f0000000080), 0x10) [ 2832.367235][T17060] loop5: detected capacity change from 0 to 77824 [ 2832.382161][T17060] FAT-fs (loop5): invalid media value (0xe1) [ 2832.388257][T17060] FAT-fs (loop5): Can't find a valid FAT filesystem 07:38:43 executing program 4: write$nbd(0xffffffffffffffff, 0x0, 0x7fffffffffffffff) 07:38:43 executing program 0: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0xe7) write$nbd(r0, &(0x7f0000000080)={0x67446698, 0x0, 0x4, 0x201, 0x4}, 0x10) 07:38:43 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc9040000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 2832.477366][T17093] loop5: detected capacity change from 0 to 73728 07:38:43 executing program 4: r0 = openat$bsg(0xffffffffffffff9c, 0x0, 0x4d0501, 0x0) write$nbd(r0, 0x0, 0x7fffffffffffffff) 07:38:43 executing program 3: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xe7) write$nbd(r0, &(0x7f0000000080), 0x10) 07:38:43 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xca000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 2832.528385][T17093] FAT-fs (loop5): invalid media value (0xe1) [ 2832.534551][T17093] FAT-fs (loop5): Can't find a valid FAT filesystem [ 2832.649061][T17093] loop5: detected capacity change from 0 to 73728 [ 2832.661536][T17093] FAT-fs (loop5): invalid media value (0xe1) [ 2832.667556][T17093] FAT-fs (loop5): Can't find a valid FAT filesystem 07:38:43 executing program 2: write$nbd(0xffffffffffffffff, &(0x7f0000000480)=ANY=[], 0xfffffdef) 07:38:43 executing program 0: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0xe7) write$nbd(r0, &(0x7f0000000080)={0x67446698, 0x0, 0x4, 0x201, 0x4}, 0x10) 07:38:43 executing program 4: r0 = openat$bsg(0xffffffffffffff9c, 0x0, 0x4d0501, 0x0) write$nbd(r0, 0x0, 0x7fffffffffffffff) 07:38:43 executing program 3: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xe7) write$nbd(r0, &(0x7f0000000080)={0x67446698, 0x2}, 0x10) 07:38:43 executing program 5: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x0, 0x2, &(0x7f0000000440)=[{0x0, 0x0, 0x17a000000}, {&(0x7f0000000400)="b6e4ba5e97a999bfce4e9bf4475031d183cbe1", 0x13, 0x3}], 0x0, &(0x7f0000000000)={[{@fat=@time_offset={'time_offset', 0x3d, 0xfffffffffffffc11}}]}) 07:38:43 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xca010000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 07:38:43 executing program 0: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, 0x0, 0xe7) write$nbd(0xffffffffffffffff, &(0x7f0000000080)={0x67446698, 0x0, 0x4, 0x201, 0x4}, 0x10) 07:38:43 executing program 2: write$nbd(0xffffffffffffffff, &(0x7f0000000480)=ANY=[], 0xfffffdef) 07:38:43 executing program 3: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xe7) write$nbd(r0, &(0x7f0000000080)={0x67446698, 0x3}, 0x10) 07:38:43 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xca020000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 07:38:43 executing program 0: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, 0x0, 0xe7) write$nbd(0xffffffffffffffff, &(0x7f0000000080)={0x67446698, 0x0, 0x4, 0x201, 0x4}, 0x10) 07:38:43 executing program 4: r0 = openat$bsg(0xffffffffffffff9c, 0x0, 0x4d0501, 0x0) write$nbd(r0, 0x0, 0x7fffffffffffffff) [ 2832.793348][T17141] loop5: detected capacity change from 0 to 264192 [ 2832.816332][T17141] FAT-fs (loop5): invalid media value (0xe1) [ 2832.822359][T17141] FAT-fs (loop5): Can't find a valid FAT filesystem 07:38:43 executing program 2: write$nbd(0xffffffffffffffff, &(0x7f0000000480)=ANY=[], 0xfffffdef) 07:38:43 executing program 3: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xe7) write$nbd(r0, &(0x7f0000000080)={0x67446698, 0x4}, 0x10) 07:38:43 executing program 0: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, 0x0, 0xe7) write$nbd(0xffffffffffffffff, &(0x7f0000000080)={0x67446698, 0x0, 0x4, 0x201, 0x4}, 0x10) 07:38:43 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xca030000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 2832.901246][T17141] loop5: detected capacity change from 0 to 264192 [ 2832.929500][T17141] FAT-fs (loop5): invalid media value (0xe1) [ 2832.935552][T17141] FAT-fs (loop5): Can't find a valid FAT filesystem 07:38:43 executing program 5: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x0, 0x2, &(0x7f0000000440)=[{0x0, 0x0, 0x184030000}, {&(0x7f0000000400)="b6e4ba5e97a999bfce4e9bf4475031d183cbe1", 0x13, 0x3}], 0x0, &(0x7f0000000000)={[{@fat=@time_offset={'time_offset', 0x3d, 0xfffffffffffffc11}}]}) 07:38:43 executing program 4: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) write$nbd(r0, 0x0, 0x7fffffffffffffff) 07:38:43 executing program 2: r0 = openat$bsg(0xffffffffffffff9c, 0x0, 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xfffffdef) 07:38:43 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xca040000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 07:38:43 executing program 3: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xe7) write$nbd(r0, &(0x7f0000000080)={0x67446698, 0x5}, 0x10) 07:38:43 executing program 0: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, 0x0, 0xe7) write$nbd(r0, 0x0, 0x0) 07:38:43 executing program 4: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) write$nbd(r0, 0x0, 0x7fffffffffffffff) 07:38:43 executing program 2: r0 = openat$bsg(0xffffffffffffff9c, 0x0, 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xfffffdef) 07:38:44 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xcb000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 2833.059298][T17190] loop5: detected capacity change from 0 to 66304 07:38:44 executing program 3: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xe7) write$nbd(r0, &(0x7f0000000080)={0x67446698, 0x8}, 0x10) 07:38:44 executing program 0: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, 0x0, 0xe7) write$nbd(r0, 0x0, 0x0) 07:38:44 executing program 4: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) write$nbd(r0, 0x0, 0x7fffffffffffffff) [ 2833.115047][T17190] FAT-fs (loop5): invalid media value (0xe1) [ 2833.121102][T17190] FAT-fs (loop5): Can't find a valid FAT filesystem 07:38:44 executing program 5: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x0, 0x2, &(0x7f0000000440)=[{0x0, 0x0, 0x185ffffff}, {&(0x7f0000000400)="b6e4ba5e97a999bfce4e9bf4475031d183cbe1", 0x13, 0x3}], 0x0, &(0x7f0000000000)={[{@fat=@time_offset={'time_offset', 0x3d, 0xfffffffffffffc11}}]}) 07:38:44 executing program 2: r0 = openat$bsg(0xffffffffffffff9c, 0x0, 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xfffffdef) 07:38:44 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xcb010000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 07:38:44 executing program 3: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xe7) write$nbd(r0, &(0x7f0000000080)={0x67446698, 0x300}, 0x10) 07:38:44 executing program 0: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, 0x0, 0xe7) write$nbd(r0, 0x0, 0x0) 07:38:44 executing program 4: openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x7fffffffffffffff) [ 2833.186127][T17190] loop5: detected capacity change from 0 to 66304 [ 2833.196920][T17190] FAT-fs (loop5): invalid media value (0xe1) [ 2833.202981][T17190] FAT-fs (loop5): Can't find a valid FAT filesystem 07:38:44 executing program 2: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xfffffdef) [ 2833.258513][T17226] loop5: detected capacity change from 0 to 196607 07:38:44 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xcb020000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 07:38:44 executing program 4: openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x7fffffffffffffff) 07:38:44 executing program 3: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xe7) write$nbd(r0, &(0x7f0000000080)={0x67446698, 0x500}, 0x10) 07:38:44 executing program 2: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xfffffdef) 07:38:44 executing program 0: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, 0x0, 0xe7) write$nbd(r0, &(0x7f0000000080)={0x67446698, 0x0, 0x0, 0x201, 0x4}, 0x10) [ 2833.304189][T17226] FAT-fs (loop5): invalid media value (0xe1) [ 2833.310230][T17226] FAT-fs (loop5): Can't find a valid FAT filesystem 07:38:44 executing program 5: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x0, 0x2, &(0x7f0000000440)=[{0x0, 0x0, 0x18cffffff}, {&(0x7f0000000400)="b6e4ba5e97a999bfce4e9bf4475031d183cbe1", 0x13, 0x3}], 0x0, &(0x7f0000000000)={[{@fat=@time_offset={'time_offset', 0x3d, 0xfffffffffffffc11}}]}) 07:38:44 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xcb030000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 07:38:44 executing program 0: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, 0x0, 0xe7) write$nbd(r0, &(0x7f0000000080)={0x67446698, 0x0, 0x0, 0x0, 0x4}, 0x10) 07:38:44 executing program 4: openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x7fffffffffffffff) 07:38:44 executing program 2: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xfffffdef) 07:38:44 executing program 3: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xe7) write$nbd(r0, &(0x7f0000000080)={0x67446698, 0x1000000}, 0x10) [ 2833.395523][T17226] loop5: detected capacity change from 0 to 196607 [ 2833.407222][T17226] FAT-fs (loop5): invalid media value (0xe1) [ 2833.413245][T17226] FAT-fs (loop5): Can't find a valid FAT filesystem 07:38:44 executing program 4 (fault-call:1 fault-nth:0): r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, 0x0, 0x7fffffffffffffff) 07:38:44 executing program 3: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xe7) write$nbd(r0, &(0x7f0000000080)={0x67446698, 0x2000000}, 0x10) 07:38:44 executing program 0: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, 0x0, 0xe7) write$nbd(r0, &(0x7f0000000080), 0x10) 07:38:44 executing program 2: openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(0xffffffffffffffff, &(0x7f0000000480)=ANY=[], 0xfffffdef) 07:38:44 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xcb040000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 2833.551713][T17276] loop5: detected capacity change from 0 to 126975 [ 2833.562401][T17281] FAULT_INJECTION: forcing a failure. [ 2833.562401][T17281] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2833.575457][T17281] CPU: 0 PID: 17281 Comm: syz-executor.4 Not tainted 5.14.0-rc4-syzkaller #0 [ 2833.584223][T17281] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2833.594277][T17281] Call Trace: [ 2833.597553][T17281] dump_stack_lvl+0xb7/0x103 [ 2833.602146][T17281] dump_stack+0x11/0x1a [ 2833.606360][T17281] should_fail+0x23c/0x250 [ 2833.610837][T17281] should_fail_usercopy+0x16/0x20 [ 2833.615906][T17281] _copy_to_user+0x1c/0x90 [ 2833.619703][T17276] FAT-fs (loop5): invalid media value (0xe1) [ 2833.620342][T17281] simple_read_from_buffer+0xab/0x120 [ 2833.626334][T17276] FAT-fs (loop5): Can't find a valid FAT filesystem [ 2833.631662][T17281] proc_fail_nth_read+0xf6/0x140 [ 2833.631687][T17281] ? rw_verify_area+0x136/0x250 07:38:44 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xcc000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 2833.648034][T17281] ? proc_fault_inject_write+0x200/0x200 [ 2833.653675][T17281] vfs_read+0x154/0x5d0 [ 2833.657834][T17281] ? __fget_light+0x21b/0x260 [ 2833.662515][T17281] ? __cond_resched+0x11/0x40 [ 2833.667248][T17281] ksys_read+0xce/0x180 [ 2833.671406][T17281] __x64_sys_read+0x3e/0x50 [ 2833.675927][T17281] do_syscall_64+0x3d/0x90 [ 2833.680356][T17281] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 2833.686254][T17281] RIP: 0033:0x41936c [ 2833.690146][T17281] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 fc ff ff 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 2f fd ff ff 48 [ 2833.709752][T17281] RSP: 002b:00007fe6dc981170 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 2833.718206][T17281] RAX: ffffffffffffffda RBX: ffffffffffffffff RCX: 000000000041936c [ 2833.726178][T17281] RDX: 000000000000000f RSI: 00007fe6dc9811e0 RDI: 0000000000000004 [ 2833.734132][T17281] RBP: 00007fe6dc9811d0 R08: 0000000000000000 R09: 0000000000000000 [ 2833.742211][T17281] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 2833.750171][T17281] R13: 00007ffe9e0603cf R14: 00007fe6dc981300 R15: 0000000000022000 [ 2833.783533][T17276] loop5: detected capacity change from 0 to 126975 [ 2833.790679][T17276] FAT-fs (loop5): invalid media value (0xe1) [ 2833.796776][T17276] FAT-fs (loop5): Can't find a valid FAT filesystem 07:38:44 executing program 5: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x0, 0x2, &(0x7f0000000440)=[{0x0, 0x0, 0x1973b03cf}, {&(0x7f0000000400)="b6e4ba5e97a999bfce4e9bf4475031d183cbe1", 0x13, 0x3}], 0x0, &(0x7f0000000000)={[{@fat=@time_offset={'time_offset', 0x3d, 0xfffffffffffffc11}}]}) 07:38:44 executing program 3: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xe7) write$nbd(r0, &(0x7f0000000080)={0x67446698, 0x3000000}, 0x10) 07:38:44 executing program 2: openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(0xffffffffffffffff, &(0x7f0000000480)=ANY=[], 0xfffffdef) 07:38:44 executing program 0 (fault-call:2 fault-nth:0): r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, 0x0, 0xe7) write$nbd(r0, &(0x7f0000000080), 0x10) 07:38:44 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xcc010000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 07:38:44 executing program 4: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, 0x0, 0x7fffffffffffffff) [ 2833.892326][T17313] loop5: detected capacity change from 0 to 264192 [ 2833.901716][T17315] FAULT_INJECTION: forcing a failure. [ 2833.901716][T17315] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 2833.914963][T17315] CPU: 1 PID: 17315 Comm: syz-executor.0 Not tainted 5.14.0-rc4-syzkaller #0 [ 2833.918192][T17313] FAT-fs (loop5): invalid media value (0xe1) [ 2833.923723][T17315] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2833.923766][T17315] Call Trace: [ 2833.929754][T17313] FAT-fs (loop5): Can't find a valid FAT filesystem [ 2833.939799][T17315] dump_stack_lvl+0xb7/0x103 [ 2833.939823][T17315] dump_stack+0x11/0x1a [ 2833.958386][T17315] should_fail+0x23c/0x250 [ 2833.962806][T17315] __alloc_pages+0x102/0x320 [ 2833.967470][T17315] alloc_pages_vma+0x513/0x680 [ 2833.972248][T17315] shmem_getpage_gfp+0x954/0x13d0 [ 2833.977286][T17315] shmem_write_begin+0x7e/0x100 [ 2833.982142][T17315] generic_perform_write+0x196/0x3c0 [ 2833.987442][T17315] __generic_file_write_iter+0x161/0x300 [ 2833.993083][T17315] ? generic_write_checks+0x250/0x290 [ 2833.998472][T17315] generic_file_write_iter+0x75/0x130 [ 2834.004036][T17315] vfs_write+0x69d/0x770 [ 2834.008356][T17315] ksys_write+0xce/0x180 [ 2834.012607][T17315] __x64_sys_write+0x3e/0x50 [ 2834.017198][T17315] do_syscall_64+0x3d/0x90 [ 2834.021745][T17315] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 2834.027680][T17315] RIP: 0033:0x4665e9 07:38:44 executing program 3: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xe7) write$nbd(r0, &(0x7f0000000080)={0x67446698, 0x4000000}, 0x10) 07:38:44 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xcc020000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 07:38:44 executing program 4: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, 0x0, 0x7ffffffff000) 07:38:44 executing program 2: openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(0xffffffffffffffff, &(0x7f0000000480)=ANY=[], 0xfffffdef) [ 2834.031603][T17315] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2834.051552][T17315] RSP: 002b:00007f7ee2d24188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2834.060040][T17315] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665e9 [ 2834.068037][T17315] RDX: 0000000000000010 RSI: 0000000020000080 RDI: 0000000000000003 [ 2834.076011][T17315] RBP: 00007f7ee2d241d0 R08: 0000000000000000 R09: 0000000000000000 [ 2834.083987][T17315] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 07:38:44 executing program 4: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, 0x0, 0x7fffffffffffffff) r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000700), 0x40000, 0x0) r2 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/module/i2c_algo_bit', 0x2400, 0x0) setsockopt$inet6_icmp_ICMP_FILTER(r2, 0x1, 0x1, &(0x7f00000000c0)={0x2}, 0x4) recvmsg$unix(r1, &(0x7f0000000b80)={&(0x7f0000000740), 0x6e, 0x0}, 0x0) ioctl$SNDRV_SEQ_IOCTL_SUBSCRIBE_PORT(r1, 0x40505330, &(0x7f0000000000)={{0x3, 0x9}, {0x6, 0xb2}, 0x8001, 0x3, 0x6}) 07:38:45 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xcc030000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 2834.091961][T17315] R13: 00007ffca15a228f R14: 00007f7ee2d24300 R15: 0000000000022000 07:38:45 executing program 5: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x0, 0x2, &(0x7f0000000440)=[{0x0, 0x0, 0x197ffffff}, {&(0x7f0000000400)="b6e4ba5e97a999bfce4e9bf4475031d183cbe1", 0x13, 0x3}], 0x0, &(0x7f0000000000)={[{@fat=@time_offset={'time_offset', 0x3d, 0xfffffffffffffc11}}]}) 07:38:45 executing program 3: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xe7) write$nbd(r0, &(0x7f0000000080)={0x67446698, 0x5000000}, 0x10) 07:38:45 executing program 2: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, 0x0, 0xfffffdef) 07:38:45 executing program 0 (fault-call:2 fault-nth:1): r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, 0x0, 0xe7) write$nbd(r0, &(0x7f0000000080), 0x10) 07:38:45 executing program 4: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x904a1, 0x0) r1 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) ioctl$KDSKBMODE(r1, 0x4b45, 0x0) ioctl$KDSKBMODE(r1, 0x4b45, &(0x7f0000000000)) write$nbd(r0, 0x0, 0x7fffffffffffffff) 07:38:45 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xcc040000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 2834.156924][T17313] loop5: detected capacity change from 0 to 264192 [ 2834.181930][T17313] FAT-fs (loop5): invalid media value (0xe1) [ 2834.187947][T17313] FAT-fs (loop5): Can't find a valid FAT filesystem 07:38:45 executing program 2: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, 0x0, 0xfffffdef) 07:38:45 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xcd000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 2834.258476][T17363] FAULT_INJECTION: forcing a failure. [ 2834.258476][T17363] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2834.271629][T17363] CPU: 0 PID: 17363 Comm: syz-executor.0 Not tainted 5.14.0-rc4-syzkaller #0 [ 2834.280398][T17363] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2834.290452][T17363] Call Trace: [ 2834.293735][T17363] dump_stack_lvl+0xb7/0x103 [ 2834.298362][T17363] dump_stack+0x11/0x1a [ 2834.302519][T17363] should_fail+0x23c/0x250 07:38:45 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xcd010000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 07:38:45 executing program 4: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000700), 0x40000, 0x0) r2 = openat$vcsa(0xffffffffffffff9c, &(0x7f0000000000), 0x101002, 0x0) sendmsg$BATADV_CMD_GET_GATEWAYS(r2, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000100)={&(0x7f0000000080)={0x14, 0x0, 0x800, 0x70bd29, 0x25dfdbfb}, 0x14}, 0x1, 0x0, 0x0, 0x44}, 0x4000884) recvmsg$unix(r1, &(0x7f0000000b80)={&(0x7f0000000740), 0x6e, 0x0}, 0x0) io_uring_register$IORING_UNREGISTER_FILES(r1, 0x3, 0x0, 0x0) write$nbd(r0, 0x0, 0x7fffffffffffffff) [ 2834.307027][T17363] should_fail_usercopy+0x16/0x20 [ 2834.312066][T17363] copy_page_from_iter_atomic+0x2c1/0xba0 [ 2834.317797][T17363] ? shmem_write_begin+0x7e/0x100 [ 2834.322825][T17363] generic_perform_write+0x1df/0x3c0 [ 2834.328199][T17363] __generic_file_write_iter+0x161/0x300 [ 2834.333838][T17363] ? generic_write_checks+0x250/0x290 [ 2834.339223][T17363] generic_file_write_iter+0x75/0x130 [ 2834.344692][T17363] vfs_write+0x69d/0x770 [ 2834.348945][T17363] ksys_write+0xce/0x180 [ 2834.353202][T17363] __x64_sys_write+0x3e/0x50 07:38:45 executing program 3: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xe7) write$nbd(r0, &(0x7f0000000080)={0x67446698, 0x8000000}, 0x10) 07:38:45 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xcd020000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 2834.357798][T17363] do_syscall_64+0x3d/0x90 [ 2834.362228][T17363] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 2834.368125][T17363] RIP: 0033:0x4665e9 [ 2834.368141][T17363] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2834.368197][T17363] RSP: 002b:00007f7ee2d24188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2834.368215][T17363] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665e9 [ 2834.368228][T17363] RDX: 0000000000000010 RSI: 0000000020000080 RDI: 0000000000000003 [ 2834.368239][T17363] RBP: 00007f7ee2d241d0 R08: 0000000000000000 R09: 0000000000000000 07:38:45 executing program 5: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x0, 0x2, &(0x7f0000000440)=[{0x0, 0x0, 0x1b4270000}, {&(0x7f0000000400)="b6e4ba5e97a999bfce4e9bf4475031d183cbe1", 0x13, 0x3}], 0x0, &(0x7f0000000000)={[{@fat=@time_offset={'time_offset', 0x3d, 0xfffffffffffffc11}}]}) 07:38:45 executing program 2: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, 0x0, 0xfffffdef) 07:38:45 executing program 3: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xe7) write$nbd(r0, &(0x7f0000000080), 0x10) 07:38:45 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xcd030000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 07:38:45 executing program 0 (fault-call:2 fault-nth:2): r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, 0x0, 0xe7) write$nbd(r0, &(0x7f0000000080), 0x10) [ 2834.368250][T17363] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 2834.368261][T17363] R13: 00007ffca15a228f R14: 00007f7ee2d24300 R15: 0000000000022000 [ 2834.413495][T17378] loop5: detected capacity change from 0 to 264192 [ 2834.416553][T17378] FAT-fs (loop5): invalid media value (0xe1) [ 2834.416571][T17378] FAT-fs (loop5): Can't find a valid FAT filesystem [ 2834.457635][T17378] loop5: detected capacity change from 0 to 264192 [ 2834.458091][T17378] FAT-fs (loop5): invalid media value (0xe1) [ 2834.458107][T17378] FAT-fs (loop5): Can't find a valid FAT filesystem [ 2834.558106][T17406] FAULT_INJECTION: forcing a failure. [ 2834.558106][T17406] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2834.561497][T17404] loop5: detected capacity change from 0 to 50944 [ 2834.565362][T17406] CPU: 0 PID: 17406 Comm: syz-executor.0 Not tainted 5.14.0-rc4-syzkaller #0 07:38:45 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xcd040000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 07:38:45 executing program 3: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xe7) write$nbd(r0, &(0x7f0000000080)={0x67446698, 0x0, 0x2}, 0x10) [ 2834.565381][T17406] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2834.610372][T17406] Call Trace: [ 2834.610381][T17406] dump_stack_lvl+0xb7/0x103 [ 2834.610401][T17406] dump_stack+0x11/0x1a [ 2834.610416][T17406] should_fail+0x23c/0x250 07:38:45 executing program 2 (fault-call:1 fault-nth:0): r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xfffffdef) 07:38:45 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xce000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 2834.610439][T17406] should_fail_usercopy+0x16/0x20 [ 2834.610459][T17406] _copy_to_user+0x1c/0x90 [ 2834.610474][T17406] simple_read_from_buffer+0xab/0x120 [ 2834.610492][T17406] proc_fail_nth_read+0xf6/0x140 [ 2834.610515][T17406] ? rw_verify_area+0x136/0x250 [ 2834.610588][T17406] ? proc_fault_inject_write+0x200/0x200 [ 2834.610686][T17406] vfs_read+0x154/0x5d0 [ 2834.610701][T17406] ? __fget_light+0x21b/0x260 [ 2834.610717][T17406] ? __cond_resched+0x11/0x40 [ 2834.610810][T17406] ksys_read+0xce/0x180 [ 2834.610827][T17406] __x64_sys_read+0x3e/0x50 [ 2834.610844][T17406] do_syscall_64+0x3d/0x90 [ 2834.610940][T17406] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 2834.610963][T17406] RIP: 0033:0x41936c 07:38:45 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xce010000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 07:38:45 executing program 3: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xe7) write$nbd(r0, &(0x7f0000000080)={0x67446698, 0x0, 0x3}, 0x10) [ 2834.610975][T17406] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 fc ff ff 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 2f fd ff ff 48 [ 2834.610992][T17406] RSP: 002b:00007f7ee2d24170 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 2834.611008][T17406] RAX: ffffffffffffffda RBX: 0000000000000010 RCX: 000000000041936c [ 2834.611018][T17406] RDX: 000000000000000f RSI: 00007f7ee2d241e0 RDI: 0000000000000004 [ 2834.611029][T17406] RBP: 00007f7ee2d241d0 R08: 0000000000000000 R09: 0000000000000000 [ 2834.611040][T17406] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 07:38:45 executing program 4: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, 0x0, 0x7fffffffffffffff) r1 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/class/drm', 0x80000, 0xc0) sendmsg$BATADV_CMD_SET_HARDIF(r1, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000100)={&(0x7f0000000080)={0x4c, 0x0, 0x0, 0x70bd25, 0x25dfdbfb, {}, [@BATADV_ATTR_BONDING_ENABLED={0x5, 0x2d, 0x1}, @BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5, 0x2e, 0x1}, @BATADV_ATTR_MESH_IFINDEX={0x8}, @BATADV_ATTR_TPMETER_TEST_TIME={0x8, 0xb, 0x42}, @BATADV_ATTR_MESH_IFINDEX={0x8}, @BATADV_ATTR_AGGREGATED_OGMS_ENABLED={0x5}, @BATADV_ATTR_ISOLATION_MASK={0x8, 0x2c, 0xffff2e7c}]}, 0x4c}, 0x1, 0x0, 0x0, 0x4048011}, 0x40088c0) [ 2834.611052][T17406] R13: 00007ffca15a228f R14: 00007f7ee2d24300 R15: 0000000000022000 [ 2834.625535][T17404] FAT-fs (loop5): invalid media value (0xe1) [ 2834.625553][T17404] FAT-fs (loop5): Can't find a valid FAT filesystem [ 2834.692221][T17404] loop5: detected capacity change from 0 to 50944 [ 2834.692512][T17404] FAT-fs (loop5): invalid media value (0xe1) [ 2834.692525][T17404] FAT-fs (loop5): Can't find a valid FAT filesystem [ 2834.703087][T17426] FAULT_INJECTION: forcing a failure. [ 2834.703087][T17426] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 2834.851449][T17426] CPU: 0 PID: 17426 Comm: syz-executor.2 Not tainted 5.14.0-rc4-syzkaller #0 [ 2834.860212][T17426] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2834.870271][T17426] Call Trace: [ 2834.873546][T17426] dump_stack_lvl+0xb7/0x103 [ 2834.878143][T17426] dump_stack+0x11/0x1a [ 2834.882363][T17426] should_fail+0x23c/0x250 [ 2834.886851][T17426] __alloc_pages+0x102/0x320 [ 2834.891529][T17426] alloc_pages_vma+0x513/0x680 [ 2834.896295][T17426] shmem_getpage_gfp+0x954/0x13d0 [ 2834.901362][T17426] shmem_write_begin+0x7e/0x100 [ 2834.906284][T17426] generic_perform_write+0x196/0x3c0 [ 2834.911677][T17426] __generic_file_write_iter+0x161/0x300 [ 2834.917319][T17426] ? generic_write_checks+0x242/0x290 [ 2834.922679][T17426] generic_file_write_iter+0x75/0x130 [ 2834.928073][T17426] vfs_write+0x69d/0x770 [ 2834.932344][T17426] ksys_write+0xce/0x180 [ 2834.936568][T17426] __x64_sys_write+0x3e/0x50 [ 2834.941151][T17426] do_syscall_64+0x3d/0x90 [ 2834.945569][T17426] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 2834.951461][T17426] RIP: 0033:0x4665e9 [ 2834.955333][T17426] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2834.975100][T17426] RSP: 002b:00007fdb39a02188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2834.983624][T17426] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665e9 [ 2834.991644][T17426] RDX: 00000000fffffdef RSI: 0000000020000480 RDI: 0000000000000003 07:38:45 executing program 5: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x0, 0x2, &(0x7f0000000440)=[{0x0, 0x0, 0x1ba010000}, {&(0x7f0000000400)="b6e4ba5e97a999bfce4e9bf4475031d183cbe1", 0x13, 0x3}], 0x0, &(0x7f0000000000)={[{@fat=@time_offset={'time_offset', 0x3d, 0xfffffffffffffc11}}]}) 07:38:45 executing program 0: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, 0x0, 0xe7) write$nbd(r0, &(0x7f0000000080), 0x10) 07:38:45 executing program 4: openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) r0 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000000), 0x98001, 0x0) write$nbd(r0, 0x0, 0x7fffffffffffffff) 07:38:45 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xce020000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 07:38:45 executing program 3: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xe7) write$nbd(r0, &(0x7f0000000080)={0x67446698, 0x0, 0x4}, 0x10) 07:38:45 executing program 2 (fault-call:1 fault-nth:1): r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xfffffdef) [ 2834.999607][T17426] RBP: 00007fdb39a021d0 R08: 0000000000000000 R09: 0000000000000000 [ 2835.007610][T17426] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 2835.015580][T17426] R13: 00007ffca9e2055f R14: 00007fdb39a02300 R15: 0000000000022000 [ 2835.052244][T17443] loop5: detected capacity change from 0 to 264192 [ 2835.079996][T17452] FAULT_INJECTION: forcing a failure. [ 2835.079996][T17452] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2835.093151][T17452] CPU: 1 PID: 17452 Comm: syz-executor.2 Not tainted 5.14.0-rc4-syzkaller #0 [ 2835.101918][T17452] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2835.104948][T17443] FAT-fs (loop5): invalid media value (0xe1) [ 2835.111999][T17452] Call Trace: [ 2835.117993][T17443] FAT-fs (loop5): Can't find a valid FAT filesystem [ 2835.121279][T17452] dump_stack_lvl+0xb7/0x103 [ 2835.121300][T17452] dump_stack+0x11/0x1a [ 2835.136823][T17452] should_fail+0x23c/0x250 [ 2835.141281][T17452] should_fail_usercopy+0x16/0x20 [ 2835.146317][T17452] copy_page_from_iter_atomic+0x2c1/0xba0 [ 2835.152083][T17452] ? shmem_write_begin+0x7e/0x100 [ 2835.157572][T17452] generic_perform_write+0x1df/0x3c0 [ 2835.162925][T17452] __generic_file_write_iter+0x161/0x300 [ 2835.168606][T17452] ? generic_write_checks+0x242/0x290 [ 2835.173988][T17452] generic_file_write_iter+0x75/0x130 [ 2835.179370][T17452] vfs_write+0x69d/0x770 [ 2835.183622][T17452] ksys_write+0xce/0x180 [ 2835.187960][T17452] __x64_sys_write+0x3e/0x50 [ 2835.192558][T17452] do_syscall_64+0x3d/0x90 [ 2835.196984][T17452] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 2835.202966][T17452] RIP: 0033:0x4665e9 [ 2835.206856][T17452] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2835.226464][T17452] RSP: 002b:00007fdb39a02188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2835.234881][T17452] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665e9 [ 2835.242856][T17452] RDX: 00000000fffffdef RSI: 0000000020000480 RDI: 0000000000000003 07:38:46 executing program 4: openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x6f0501, 0x0) r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x40000, 0x0) recvmsg$unix(r0, &(0x7f0000000b80)={&(0x7f0000000740), 0x6e, 0x0}, 0x0) r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000700), 0x40000, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(0xffffffffffffffff, 0xc0a85320, &(0x7f0000000040)={{0x2, 0x20}, 'port1\x00', 0x40, 0x90000, 0x5, 0x5, 0x4, 0x8, 0xe1dc, 0x0, 0x5, 0x4}) recvmsg$unix(r1, &(0x7f0000000b80)={&(0x7f0000000740), 0x6e, 0x0}, 0x0) write$nbd(r1, 0x0, 0x53d50c3d338a7bc8) 07:38:46 executing program 0: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, 0x0, 0xe7) write$nbd(r0, &(0x7f0000000080), 0x10) 07:38:46 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xce030000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 07:38:46 executing program 3: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xe7) write$nbd(r0, &(0x7f0000000080)={0x67446698, 0x0, 0x5}, 0x10) [ 2835.250832][T17452] RBP: 00007fdb39a021d0 R08: 0000000000000000 R09: 0000000000000000 [ 2835.258866][T17452] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 2835.266842][T17452] R13: 00007ffca9e2055f R14: 00007fdb39a02300 R15: 0000000000022000 07:38:46 executing program 4: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000040), 0x321302, 0x0) pidfd_getfd(r0, r1, 0x0) socket$inet6_icmp(0xa, 0x2, 0x3a) write$nbd(r0, 0x0, 0x7fffffffffffffff) 07:38:46 executing program 3: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xe7) write$nbd(r0, &(0x7f0000000080)={0x67446698, 0x0, 0x8}, 0x10) 07:38:46 executing program 5: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x0, 0x2, &(0x7f0000000440)=[{0x0, 0x0, 0x1bb010000}, {&(0x7f0000000400)="b6e4ba5e97a999bfce4e9bf4475031d183cbe1", 0x13, 0x3}], 0x0, &(0x7f0000000000)={[{@fat=@time_offset={'time_offset', 0x3d, 0xfffffffffffffc11}}]}) 07:38:46 executing program 0: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, 0x0, 0xe7) write$nbd(r0, &(0x7f0000000080)={0x67446698, 0x2}, 0x10) 07:38:46 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xce040000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 07:38:46 executing program 4: msgget$private(0x0, 0x0) r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x44240, 0x0) write$nbd(r0, 0x0, 0x7fffffffffffffff) 07:38:46 executing program 3: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xe7) write$nbd(r0, &(0x7f0000000080)={0x67446698, 0x0, 0x300}, 0x10) [ 2835.398464][T17491] loop5: detected capacity change from 0 to 264192 [ 2835.422759][T17491] FAT-fs (loop5): invalid media value (0xe1) [ 2835.428797][T17491] FAT-fs (loop5): Can't find a valid FAT filesystem 07:38:46 executing program 2 (fault-call:1 fault-nth:2): r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xfffffdef) 07:38:46 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xcf000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 07:38:46 executing program 0: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, 0x0, 0xe7) write$nbd(r0, &(0x7f0000000080)={0x67446698, 0x3}, 0x10) 07:38:46 executing program 5: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x0, 0x2, &(0x7f0000000440)=[{0x0, 0x0, 0x1bc010000}, {&(0x7f0000000400)="b6e4ba5e97a999bfce4e9bf4475031d183cbe1", 0x13, 0x3}], 0x0, &(0x7f0000000000)={[{@fat=@time_offset={'time_offset', 0x3d, 0xfffffffffffffc11}}]}) 07:38:46 executing program 4: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000040), 0x6d0500, 0x0) write$nbd(r0, 0x0, 0x7fffffffffffffff) 07:38:46 executing program 3: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xe7) write$nbd(r0, &(0x7f0000000080)={0x67446698, 0x0, 0x500}, 0x10) [ 2835.578159][T17518] FAULT_INJECTION: forcing a failure. [ 2835.578159][T17518] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 2835.591579][T17518] CPU: 0 PID: 17518 Comm: syz-executor.2 Not tainted 5.14.0-rc4-syzkaller #0 [ 2835.600344][T17518] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2835.601081][T17523] loop5: detected capacity change from 0 to 37120 [ 2835.610468][T17518] Call Trace: [ 2835.610478][T17518] dump_stack_lvl+0xb7/0x103 [ 2835.610499][T17518] dump_stack+0x11/0x1a [ 2835.610513][T17518] should_fail+0x23c/0x250 [ 2835.634103][T17518] __alloc_pages+0x102/0x320 [ 2835.638703][T17518] alloc_pages_vma+0x513/0x680 [ 2835.643503][T17518] shmem_getpage_gfp+0x954/0x13d0 [ 2835.648603][T17518] shmem_write_begin+0x7e/0x100 [ 2835.653467][T17518] generic_perform_write+0x196/0x3c0 [ 2835.658775][T17518] ? shmem_write_begin+0x100/0x100 [ 2835.664044][T17518] __generic_file_write_iter+0x161/0x300 [ 2835.669688][T17518] ? generic_write_checks+0x242/0x290 07:38:46 executing program 4: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, 0x0, 0x7fffffffffffffff) write$nbd(r0, &(0x7f0000000000)={0x67446698, 0x0, 0x3, 0x1, 0x2, "e3716a6158df5b9173cfcc894df187a6239352d65670a01beb0d7ec4ad662025fa9a48826c3f46d01889d3d22d268971e37c6bebc8d6b1475678c013d7f0b4696f1efd5d8e2b49b33e38f9ba1e"}, 0x5d) 07:38:46 executing program 3: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xe7) write$nbd(r0, &(0x7f0000000080), 0x10) [ 2835.671912][T17523] FAT-fs (loop5): invalid media value (0xe1) [ 2835.675063][T17518] generic_file_write_iter+0x75/0x130 [ 2835.675096][T17518] vfs_write+0x69d/0x770 [ 2835.681091][T17523] FAT-fs (loop5): Can't find a valid FAT filesystem [ 2835.686411][T17518] ksys_write+0xce/0x180 [ 2835.701441][T17518] __x64_sys_write+0x3e/0x50 [ 2835.706043][T17518] do_syscall_64+0x3d/0x90 [ 2835.710475][T17518] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 2835.716637][T17518] RIP: 0033:0x4665e9 07:38:46 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xcf010000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 2835.720527][T17518] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2835.740157][T17518] RSP: 002b:00007fdb39a02188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2835.748565][T17518] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665e9 [ 2835.756611][T17518] RDX: 00000000fffffdef RSI: 0000000020000480 RDI: 0000000000000003 [ 2835.764589][T17518] RBP: 00007fdb39a021d0 R08: 0000000000000000 R09: 0000000000000000 07:38:46 executing program 0: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, 0x0, 0xe7) write$nbd(r0, &(0x7f0000000080)={0x67446698, 0x4}, 0x10) 07:38:46 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xcf020000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 07:38:46 executing program 3: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xe7) write$nbd(r0, &(0x7f0000000080)={0x67446698, 0x0, 0x0, 0x2}, 0x10) [ 2835.772563][T17518] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 2835.780743][T17518] R13: 00007ffca9e2055f R14: 00007fdb39a02300 R15: 0000000000022000 07:38:46 executing program 2 (fault-call:1 fault-nth:3): r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xfffffdef) 07:38:46 executing program 4: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) r1 = ioctl$TIOCGPTPEER(r0, 0x5441, 0x8) ioctl$TIOCL_UNBLANKSCREEN(r1, 0x541c, &(0x7f0000000080)) write$nbd(r0, 0x0, 0x7fffffffffffffff) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TIMER(r0, 0xc0605345, &(0x7f0000000000)={0x800, 0x2, {0x3, 0x1, 0x0, 0x2, 0xfff}, 0x5}) 07:38:46 executing program 0: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, 0x0, 0xe7) write$nbd(r0, &(0x7f0000000080)={0x67446698, 0x5}, 0x10) [ 2835.835131][T17523] loop5: detected capacity change from 0 to 37120 [ 2835.850689][T17523] FAT-fs (loop5): invalid media value (0xe1) [ 2835.856734][T17523] FAT-fs (loop5): Can't find a valid FAT filesystem [ 2835.920892][T17564] FAULT_INJECTION: forcing a failure. [ 2835.920892][T17564] name failslab, interval 1, probability 0, space 0, times 0 [ 2835.933537][T17564] CPU: 1 PID: 17564 Comm: syz-executor.2 Not tainted 5.14.0-rc4-syzkaller #0 [ 2835.942382][T17564] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2835.952429][T17564] Call Trace: [ 2835.955733][T17564] dump_stack_lvl+0xb7/0x103 [ 2835.960429][T17564] dump_stack+0x11/0x1a [ 2835.964579][T17564] should_fail+0x23c/0x250 [ 2835.968996][T17564] ? xas_create+0x3fb/0xb30 [ 2835.973724][T17564] __should_failslab+0x81/0x90 [ 2835.978540][T17564] should_failslab+0x5/0x20 [ 2835.983093][T17564] kmem_cache_alloc+0x46/0x2e0 [ 2835.987893][T17564] ? should_fail+0x2a/0x250 [ 2835.992376][T17564] xas_create+0x3fb/0xb30 [ 2835.996699][T17564] xas_create_range+0x146/0x360 [ 2836.001527][T17564] shmem_add_to_page_cache+0x3ad/0x650 [ 2836.007051][T17564] shmem_getpage_gfp+0xb8f/0x13d0 [ 2836.012072][T17564] shmem_write_begin+0x7e/0x100 [ 2836.016899][T17564] generic_perform_write+0x196/0x3c0 [ 2836.022190][T17564] ? shmem_write_begin+0x100/0x100 [ 2836.027281][T17564] __generic_file_write_iter+0x161/0x300 [ 2836.032892][T17564] ? generic_write_checks+0x242/0x290 [ 2836.038306][T17564] generic_file_write_iter+0x75/0x130 [ 2836.043665][T17564] vfs_write+0x69d/0x770 [ 2836.048004][T17564] ksys_write+0xce/0x180 [ 2836.052224][T17564] __x64_sys_write+0x3e/0x50 [ 2836.056792][T17564] do_syscall_64+0x3d/0x90 [ 2836.062313][T17564] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 2836.068191][T17564] RIP: 0033:0x4665e9 [ 2836.072112][T17564] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2836.091813][T17564] RSP: 002b:00007fdb39a02188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2836.100208][T17564] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665e9 [ 2836.108161][T17564] RDX: 00000000fffffdef RSI: 0000000020000480 RDI: 0000000000000003 07:38:47 executing program 5: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x0, 0x2, &(0x7f0000000440)=[{0x0, 0x0, 0x1c0ed0000}, {&(0x7f0000000400)="b6e4ba5e97a999bfce4e9bf4475031d183cbe1", 0x13, 0x3}], 0x0, &(0x7f0000000000)={[{@fat=@time_offset={'time_offset', 0x3d, 0xfffffffffffffc11}}]}) 07:38:47 executing program 3: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xe7) write$nbd(r0, &(0x7f0000000080)={0x67446698, 0x0, 0x0, 0x3}, 0x10) 07:38:47 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xcf030000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 07:38:47 executing program 0: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, 0x0, 0xe7) write$nbd(r0, &(0x7f0000000080)={0x67446698, 0x8}, 0x10) 07:38:47 executing program 4: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, 0x0, 0x7fffffffffffffff) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000000), &(0x7f0000000040)=0xc) [ 2836.116117][T17564] RBP: 00007fdb39a021d0 R08: 0000000000000000 R09: 0000000000000000 [ 2836.124181][T17564] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 2836.132142][T17564] R13: 00007ffca9e2055f R14: 00007fdb39a02300 R15: 0000000000022000 07:38:47 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xcf040000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 07:38:47 executing program 3: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xe7) write$nbd(r0, &(0x7f0000000080)={0x67446698, 0x0, 0x0, 0x4}, 0x10) 07:38:47 executing program 0: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, 0x0, 0xe7) write$nbd(r0, &(0x7f0000000080)={0x67446698, 0x10}, 0x10) 07:38:47 executing program 4: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x490503, 0x0) write$nbd(r0, 0x0, 0x7fffffffffffffff) [ 2836.210232][T17585] loop5: detected capacity change from 0 to 264192 [ 2836.240160][T17585] FAT-fs (loop5): invalid media value (0xe1) [ 2836.246180][T17585] FAT-fs (loop5): Can't find a valid FAT filesystem 07:38:47 executing program 2 (fault-call:1 fault-nth:4): r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xfffffdef) 07:38:47 executing program 3: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xe7) write$nbd(r0, &(0x7f0000000080)={0x67446698, 0x0, 0x0, 0x5}, 0x10) 07:38:47 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd0000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 07:38:47 executing program 0: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, 0x0, 0xe7) write$nbd(r0, &(0x7f0000000080)={0x67446698, 0x204}, 0x10) 07:38:47 executing program 4: ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_STATUS(0xffffffffffffffff, 0xc05c5340, &(0x7f0000000040)={0x2, 0x10001, 0x9, {0x1, 0x2}, 0x9, 0x36}) r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) write$nbd(r0, 0x0, 0x7fffffffffffffff) 07:38:47 executing program 5: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x0, 0x2, &(0x7f0000000440)=[{0x0, 0x0, 0x1cf033b97}, {&(0x7f0000000400)="b6e4ba5e97a999bfce4e9bf4475031d183cbe1", 0x13, 0x3}], 0x0, &(0x7f0000000000)={[{@fat=@time_offset={'time_offset', 0x3d, 0xfffffffffffffc11}}]}) 07:38:47 executing program 3: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xe7) write$nbd(r0, &(0x7f0000000080)={0x67446698, 0x0, 0x0, 0x8}, 0x10) [ 2836.429521][T17623] loop5: detected capacity change from 0 to 226107 [ 2836.440589][T17624] FAULT_INJECTION: forcing a failure. [ 2836.440589][T17624] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2836.453673][T17624] CPU: 0 PID: 17624 Comm: syz-executor.2 Not tainted 5.14.0-rc4-syzkaller #0 [ 2836.462446][T17624] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2836.472559][T17624] Call Trace: 07:38:47 executing program 0: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, 0x0, 0xe7) write$nbd(r0, &(0x7f0000000080)={0x67446698, 0x300}, 0x10) 07:38:47 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd0010000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 2836.475832][T17624] dump_stack_lvl+0xb7/0x103 [ 2836.480437][T17624] dump_stack+0x11/0x1a [ 2836.484590][T17624] should_fail+0x23c/0x250 [ 2836.489049][T17624] should_fail_usercopy+0x16/0x20 [ 2836.494083][T17624] copy_page_from_iter_atomic+0x2c1/0xba0 [ 2836.499805][T17624] ? shmem_write_begin+0x7e/0x100 [ 2836.504927][T17624] generic_perform_write+0x1df/0x3c0 [ 2836.510276][T17624] ? shmem_write_begin+0x100/0x100 [ 2836.515642][T17624] __generic_file_write_iter+0x161/0x300 [ 2836.521266][T17624] ? generic_write_checks+0x242/0x290 07:38:47 executing program 4: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) ioctl$GIO_UNISCRNMAP(r0, 0x4b69, &(0x7f0000000000)=""/177) write$nbd(r0, 0x0, 0x7fffffffffffffff) [ 2836.526718][T17624] generic_file_write_iter+0x75/0x130 [ 2836.532110][T17624] vfs_write+0x69d/0x770 [ 2836.536349][T17624] ksys_write+0xce/0x180 [ 2836.540678][T17624] __x64_sys_write+0x3e/0x50 [ 2836.542584][T17623] FAT-fs (loop5): invalid media value (0xe1) [ 2836.545311][T17624] do_syscall_64+0x3d/0x90 [ 2836.551351][T17623] FAT-fs (loop5): Can't find a valid FAT filesystem [ 2836.555704][T17624] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 2836.568131][T17624] RIP: 0033:0x4665e9 [ 2836.572023][T17624] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2836.591661][T17624] RSP: 002b:00007fdb39a02188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2836.600084][T17624] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665e9 [ 2836.608054][T17624] RDX: 00000000fffffdef RSI: 0000000020000480 RDI: 0000000000000003 [ 2836.616017][T17624] RBP: 00007fdb39a021d0 R08: 0000000000000000 R09: 0000000000000000 07:38:47 executing program 3: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xe7) write$nbd(r0, &(0x7f0000000080)={0x67446698, 0x0, 0x0, 0x300}, 0x10) 07:38:47 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd0020000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 2836.623984][T17624] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 2836.631944][T17624] R13: 00007ffca9e2055f R14: 00007fdb39a02300 R15: 0000000000022000 [ 2836.652779][T17623] loop5: detected capacity change from 0 to 226107 [ 2836.659900][T17623] FAT-fs (loop5): invalid media value (0xe1) [ 2836.665991][T17623] FAT-fs (loop5): Can't find a valid FAT filesystem 07:38:47 executing program 2 (fault-call:1 fault-nth:5): r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xfffffdef) 07:38:47 executing program 0: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, 0x0, 0xe7) write$nbd(r0, &(0x7f0000000080)={0x67446698, 0x402}, 0x10) 07:38:47 executing program 3: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xe7) write$nbd(r0, &(0x7f0000000080)={0x67446698, 0x0, 0x0, 0x500}, 0x10) 07:38:47 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd0030000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 07:38:47 executing program 5: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x0, 0x2, &(0x7f0000000440)=[{0x0, 0x0, 0x1d2260000}, {&(0x7f0000000400)="b6e4ba5e97a999bfce4e9bf4475031d183cbe1", 0x13, 0x3}], 0x0, &(0x7f0000000000)={[{@fat=@time_offset={'time_offset', 0x3d, 0xfffffffffffffc11}}]}) 07:38:47 executing program 4: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) newfstatat(0xffffffffffffff9c, &(0x7f0000001500)='./file0\x00', &(0x7f0000001540)={0x0, 0x0, 0x0, 0x0, 0x0}, 0x1000) getresuid(&(0x7f00000015c0)=0x0, &(0x7f0000001600), &(0x7f0000001640)) statx(r0, &(0x7f0000001680)='./file0\x00', 0x1000, 0x200, &(0x7f00000016c0)={0x0, 0x0, 0x0, 0x0, 0x0}) syz_mount_image$msdos(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x7, 0x8, &(0x7f0000001440)=[{&(0x7f00000001c0)="3463d542c2a17ea76956e8106d2ff62aa8d011373733986a80e33671397b0d9979196c79116938a437bf747734eae4ccf0567f8b2db30d7133e86b3d8ecdba7238ebc06a4581fd66a6c2a62471d02165826508fab84acb54aea8c7065043b6bdd08910a5e1ced559d8d1bb738d6195cb2260104fd340bd3e40ec9483047f19f9cc38e4cb31d807ad3975e88183ceae2d395261b06a4f38d23b92a8123ecc6d196359cb880d503cf74f6502b2b3a4596e32efe415312f64caca22271389f9b4a7f716134261e0da9f64d0034bd77589ea43732fd8019f77ab6f6f8ae121cfb552405998c84a682c1fa823d09842eebd175caad54c7d31d98b12da3bd1806b54e3fc79f7a4593b081b37d6f4e03d44c66b73e2c9f668bc3cc729d5952fe185b9c9fcd6f69ba81aaf045549b9e7b890f4ceac510a20e380873601c5eabd2a7322de870f65a3cd6b1704ebed35422b882f3a568b04407debd967ade29db9300e091e684c76a8ece8656ac0f5f27a8466c84bf436f8230fbc01c01b8f1bb2190d259b903780fd15f21b9468e72e10afa223d7b91463e81fc6e8e63c4e6e135c7bb7085fb79460dcbb052fb8a880688e5c8592c2f3405675f18bfc64d08a3e76d97a5ad6000be81c477455177eba8c44fff7b8585e7bd4db61af1131c1ccfebb5be435e3388efc633ad8c44c84fb938ffb457fcb3e9532160c8c1522355c4f4c571b4e23f188ecf9b56d491cdf8a8c860bdc3fa6b756153b6de4137a233e48bf099c151726919718d517bc0b9525fb5d95002a1fb1f332e26363b1ba2edc798a3b3cf7a4948158870332099277b4e34141e64ee4a4c27d1895cc96882b0f8dfa1837649d2bcec6e2fc9242bd96f20ae82738b1ee7a83aedb8553e64df7662cf592ff416460b00a8c476139808f07509cfed916f210c2adb022644e7dd325bddd6a145cc37a7ea96a1d2c8fa8e273e0e37ee1396e67b24daaa70fb3d77fafd1ab441a561cd29921244b4b63ce1f43179f0ca49cbae650df28da85b542ac02be0b5ef9c3f13d29adace30fe987194250cc6a881d8845e8f94b9c0d1456f5973a60fd14a8d896c6a2835304db7a24e810f3a5c54e3d0806ba1c5e80386b44f314863ab2d456b9fab7f5150c48e47e6f16bd49f3df8846ff92369081872c957646ca12e74084b77a3d9a0f820bd48ac71e67485299a179e0fe89608f45e3ce49344e9524e2c7dc491cb921b1046c7c0c4cd2c184ab47672236821fc3bc1853c5d490a1f13587e4152cc88a89a82f07df1fbce961ab926e81948b147e63fe6b4c31c3bfdd602657b38f18c827503bb21550460da46ae7c8bafc944384da71459ca4efec9c4986e50f9f351011d0a9cafa333773900f8c15f6a8dd260c66f3e9d15d25c4a835d33be365d1436fed9c71bcb1602f36b2d85426497395c94c38f52c9fcb8373e7d51ca5c5b451cbc5bcd75d2697e590d69c18ec3c940e5068ab05635fe96e009c4e48f0230190b497b625d137137df30b32d28dd519a5273e09b17c2b71a27ed718174362cd0f54cd0b282906420f92b27e19e9914a2724a44131da13768396758b2a66dab4f6aaac246d5acf402bd5ca9a1ef285899d342b28abc5cc556ed69bd2d9ff3a0c99dbcf513d4e236990cb10e77a17f88f2c3c44d70b816a5af9e0054013c70998bd1d10dab34e8e73aa0dc205e8d4cc25e55fb07c4a4010697e724296b58e9cf927854270645085cc279e8bc40993ea2489f65fc70ff6efc637b5f5703d1f83f03e5f8cf5fa396e5cfedb9a4595e894883692ecc1c12f991b758bf92c57fe9066a025712facd6101eadbde14e87694f6dc305a3456ba9096ab23bada935391187df711e88ef1d026b8e0abb829f2818fe8645f744b8e4dc960c41e4495b7f3ab8298fae574c014995f9bf061c00108effda23abc2a363890456b86a4945bc6ce44e029fc92a42ceb93bd1d47e91e58239352e16f01782e00af2ff2b8494d6e89a96e518aa97c18315494e5fe2d16c36cb8d200864c884193650d14fc861b8b207123811ce9e2ae8b2ac93827f21125069270300de24e79d24978cd59f4f048deed6eacb2d889712d2ed29b9a9b8ec11bcbce49e953638e127bd5d2570da365b75ae312567a62fb3d827e34764f1d1aa976ea15ef8422cfd2e395f01f1f825015db086cd9ed71275a7c0df73c1e75492d3eb7a97b7cb51c5fdbaf643c65e269f607f94ae6d3f9fe07cfbc1c8c29fdd173793466507594d42c714c3def66604fa5c6d73e268006a450bccbf19396fa4f3d08275c8a484eccdcc08e19523c2c5c4e0caa0df8320c9fa6f952d54833581507b34b6aea42c892c3cbad8201d6eb5e613edcce53cc14f955efdfe32fd116aef8ec2d4efc926c3332593206677253439451f5b2c308ecec728c8035069b1f202d92cb67a42a9b2a06c49221eade6fcc74714d3286e39f428c9f96227f491d48e2b22021277f354ec81a989fc93a9f3f8ab978b36dce35aa172f2cd44a087d2c588b2f20930e81089acb92d235b2bfa6a68b57e7c1147d19fa73cfc65eac6c54ae7bc600218dee87bf31902762950844dba592debfc08511ded9b46bb4d59494b2956de5bbe642f651831f03106e122ce5697203c5f41c8a940a2ae0973dffb8d30ef5935a3979a86ba97c6eb7137000b93f6f4a4757b940a7a8ae9301c8d123288e66de54b2c2934adab42d789bd470830ec523f9ec12ef5ba46755bbf4587b36c59e4119d219ee5a29fe2478d7d4c23181d702c3ccb6f582de59a3d6787b4331468ca1ecf9318d31ee0334c96261ed750dccb80a485776cdc3d1da0b0926835fc762bc440f01afe1ac925e6bcca796f24103bacaa38766936d0096bcdffdfbe86cca0f0fe61fc90f2434295a5583adad7c1c3c1a85ad1c336403bad456d7c64916cb65da1f9e4f63634119bb5ef54b320d1888e8aaff1ba691dd3ac2e1561400a9ef8c32135e978db4ac1b69583b5bffa5a7b4602ed17078cfb795423d78cba3cf8f5187f8b3ef6e3a0a4a00199e0583db6bdf70cb60d41469a0b88d2c5cad4f70e8dab70c64091c571cdb08e432d72b11c94db25ea0da62f6f73047767d57e9c77515a98eb03f6097e256bc1c43fe420e03b4d110766aab261b91bb632711ca58ee615b128983c610e7abdff2d4c94feb5484e3e988e87684c35b6821777990b078a70ac2db1b326b45e3a0f65787c23c95b6785908678fc18fb23f826b90732f90005d36d6c9bfd57368090023925dee1f8d07fcd282559f694ac47985b13078e3c066a5afa3d0c595ee9934135c379649425979521aeef995b062d8a7d7fd623e3ff81de9c7264f3196655220e0dd895d4d4a67bd75b6ba98e613e68493d71ed64ac2f1377c4c1b91fd4801d41f570bb75065f502ae532e0058e66c7e3c8149db8d5d6f432005b491034d85713842d25f98ab3c1e42e2d0b2c1b09d88f56c89077533f545025d81fa179e699352b15bcb3b19c61954499b787994abd516fd37915dfe4ac8d2141784d2a53b63e041299335b90453212c64b3e974b1160d47a6c9a937a68cc3b33aa23be74c920a7865e462832db236cfa9b0f1d809718e5d508daf98823752918df6089a0454ad225a3253cd042c5998197949e0844354e8ea9ffc86397a046068c422ad2666fabefd30ee08be2c7d77b29fa0e7cfc76313aa428d516b1943c77158017d0a6faa29011cf8d38f748d2426e5ee76635e194d97886d335a30cc99fae3e34ba784320ff35ae0c0700d6ae04fd676442fc82d361261816ff44466119447bbb7dbb7a03999c2c4385c8af9c1e2ef53f493a971d2326e81bbf9d39bf79eec1c29fbe9789b144d77a41565cdc215174c451735472240ad4323cda5779e43d5889322b158e2691712195f2edd4bc4c0020f01d8a3612a045a422d1d7f88394fbcddb788411f00f47c07e870efcaaa6ae9a264948bc1ed8b8df1435d22cea1f07d1e2bf7b38c61055ec01efcd278ad2fb16bc1161ef610bb8d665697f27a7fb5594cb54d93303d7f73e61f11f09923b43c54249ff7bb37a43ba0e3d95ed8bd9640973f5789afb950bae659c2a90557238793e8aae2c9b9017a2fba493452979eeefe99f5abf75d14805a05ec865c0345a86cd158c4aaf3b3b1967023de20763e6faa577c0fb38f64cafab21f236fb754aa845fb3a50267d9cad22223a148f38954b6257476fb2f8fa8f9696f9a568074f002be8fc097615f1068db81b1d964126f5e29368c52d9911348367c08a59eaccbf5015f3292cde664816c7f2491dcc80d97703a2b85b0b2bf96506ff0503b0af04a56ace4ca268638614ceade61c4b2095345c745e79d2895440a97a6be471b8518e332f4fb1dbf03a988f110fa0d8fc4ecdfa1674899467481c977c4573e693a0a62b28539f9d6a71a62e2d52b3b5fab78f63f186d9faa3759631a990899bf6e4a08cda4da2d58f94d2dac64270b5fbd9be895cd3cfc1cde8e5c13d14ddbe17f7341fede968759aac9d41a4cef1025e2dec3dc17b1dbd1cc7fb2fd9b80c017162f61ca9fa9f60cb62613f5d694c7b8d1a4f3f9dca62f60ad4a56af57d82ee20fb8143ec20e739cc3032a3609853a73c0a786e09fb3e2522f80664671f1afda668f16466caeb46b01178cac8daced4a64a7aca198cc65822ec10c5631177130cca130e20c6de4427ea969fc678f3c5734fc23df4809179e3a4dd70abce38900f710889ce99694d04c62f98225fa93cfaeb7da4c255e023fd852c8663cd5ca0f9ed6b58312915ce388a1af48f00d96eb46e192a3d1963e75ee9f9b52ad7f962502000d720105e92dab7ab685e94b0906dd9a31cc4a15ef8c19084a00251146bcbb7eb2079bddf8898325264e8e4103253e34b0d52f0c060b3fb9ebd4a360a34c8a177ecb975f661782a04911c6492700ae5576fb6a490ab0f30ff8bd0b2db84f4cca5fd6c395b7a98067839b01ff670dd099adc0262f2303f6d8efa0820ccad2e0a2005b8b837793f8afa44476e8301f84ce0b1609ec038f65b326b01c44f197deb45b41b40096206440f4bd9f34a0d5f6e225b7ed3bfd9d3bd818f442f8043c59e37bf466b958280705df98e42105f85f205704efc327a81882def227b4975fb4b0070ceee34476b134d1fcf819add7a70f00e108d3540c79e9019f993b0897359d9e877df82c66e72b8a69c462319f7847c753699e2e8e71a6025d3420569e2fc0cd36b767c4e335a1f95afa32911b999b20195025247d0b5c9cea95bcba3d3fa0e7461f28e2bd15a29cb10feec04ec57046872926f99d70e5cae21a6008955ab7132bc597a1f40e10bc5ce4067d75db35502d13cfa28627dc7b54d8dde0e67112888c56bd78cdddcae33c9fa232bda1a47e180d67553413bb9d3fd536ff563ef688aac00ff8c9a589b90d44d3fdc34cd2be37f7d361436acae05c85ce16a08e0b20e7b650c8b0a0560e22898d6bd4d3e0c41ba8590b87a86d5c419a840b6c877576c3b3a43e28cfa52f6c9f050efc0761519fd944756347cd9b1314795a7a78d7f11d4efd15c2b5e3e5792ed5823d83697cd680959656b4ce36375d4d7338b000d4b0e9fe7e7ae16b282847d7f005460a0ce284c997ad45fe083620c4422fe24f1e42aaad18ad1eaaa59ce83ca7f12ec244c8dc4daec14ca0f54a30a603c25ec2f2479d12549508277ba42d1376d62f8c836d31a513cb0c4820e16e3ab338f49d3cec0b1c4935ab5e2af9a5ebf31f1b31f7b7885cb8b877b9af96ad42eeccd520700577737ee7e45ccd6378fc47adbbb", 0x1000, 0x4}, {&(0x7f0000000080)="99e36c42b0d134a9d9cb971cdaf7cf1aafe55f24bfccbe73a3bcb5706e964bf899006902f54504c76e43c5faf2fed04275cb1c329ca93802a829b70afc72393ebe6553ba1909cedb052b315a07f74d9a43c7b3a47b54f415cae9fde493c9a51aaced838613301ec110f5de38fe8bd9d6c84571a585345d2591705b48411a6970dc06d5fecef37b4b54d06ebd5c93058e217fb005fde9be93ef33027160eb99296204a4ed7e0c3dd9ebd49c2c108b485fcc71ab9bc62358c1a26265bd", 0xbc, 0xa}, {&(0x7f0000000140)="1a696ecc33ac50698496cf5a32b140f564cc414a68d112f8944824838b0b6602922b0027806e07b09de5b147aaf756d81b43d1ba7993c7100ffddb", 0x3b, 0x2}, {&(0x7f00000011c0)="4cee1b78a95bebf1c85fb2acaa882fe7fedb9cd317025a4de16533ec03cd34d09c2b812048fa", 0x26, 0x4}, {&(0x7f0000001200)="21201f0e50c49b70463f0bfb48c970a2910d286b32d5b80a880c91da4f3aa0faf63d9b06e9aa", 0x26, 0xd8}, {&(0x7f0000001240)="e55dd4c8d86563f01ed4aa7b8e161b5dd07e5dce52b063c9b60660ab8d5e1ae53bfcd47dfdac958b24a663c2d3cfc64fbeb3f1616ece0304b3c78167d3b0f79aa4914c120007f142bc16f767b9979146a2e57370b83ca58675f6944330e68072f9af58ceed7105a444672217342cc87c488f7a093df48046ca3de47653bd3ef562f389be26", 0x85, 0x86}, {&(0x7f0000001300)="0fd5e5147f504db54548f3c567f406eab45893fd0873f6344bb8116191749535c0b3a57b12ee83c235c9e50bb073d6759558dd1778bbcd9b4d98aa5d0f2f910091ac34bfe8ef17a407ebd382eec2a0369e", 0x51, 0x6}, {&(0x7f0000001380)="3bd35ec485d7d18059351d6cc9868a6111631945a6754691eb722e9f17679e0585a66036dddfa86d4edc445901917d49d3f93c176dabe4910b616197eca0934ca26299f97b2cc8c0fac41e3ea5fd3408a808c56365c9168ee8cf1d99b91c92c8d5fa524d0b481b772c4c8eba5b3510e49abbe7d6c2e5ea40aac26464f6694ff13b315f4cbfdab5d66cb4d01f40c92a36b21f0db44328ec32fabbf794e34a78fa51134b585e6326", 0xa7, 0x9}], 0x5804, &(0x7f00000017c0)={[{@nodots}, {@nodots}, {@fat=@uid={'uid', 0x3d, r1}}, {@nodots}, {@fat=@tz_utc}], [{@fowner_gt={'fowner>', r2}}, {@smackfshat}, {@uid_eq={'uid', 0x3d, 0xffffffffffffffff}}, {@obj_role={'obj_role', 0x3d, '/dev/bsg\x00'}}, {@appraise_type}, {@defcontext={'defcontext', 0x3d, 'staff_u'}}, {@uid_lt={'uid<', r3}}, {@smackfsroot={'smackfsroot', 0x3d, '/dev/bsg\x00'}}, {@hash}, {@fsmagic={'fsmagic', 0x3d, 0x4}}]}) write$nbd(r0, 0x0, 0x7fffffffffffffff) 07:38:47 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd0040000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 2836.849607][T17674] FAULT_INJECTION: forcing a failure. [ 2836.849607][T17674] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 2836.858360][T17676] loop5: detected capacity change from 0 to 264192 [ 2836.862862][T17674] CPU: 0 PID: 17674 Comm: syz-executor.2 Not tainted 5.14.0-rc4-syzkaller #0 [ 2836.874517][T17676] FAT-fs (loop5): invalid media value (0xe1) [ 2836.878071][T17674] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2836.878083][T17674] Call Trace: [ 2836.878090][T17674] dump_stack_lvl+0xb7/0x103 [ 2836.884072][T17676] FAT-fs (loop5): Can't find a valid FAT filesystem [ 2836.894084][T17674] dump_stack+0x11/0x1a [ 2836.894104][T17674] should_fail+0x23c/0x250 [ 2836.917140][T17674] __alloc_pages+0x102/0x320 [ 2836.921732][T17674] alloc_pages_vma+0x513/0x680 [ 2836.926513][T17674] shmem_getpage_gfp+0x954/0x13d0 [ 2836.931638][T17674] shmem_write_begin+0x7e/0x100 [ 2836.936500][T17674] generic_perform_write+0x196/0x3c0 [ 2836.941872][T17674] ? shmem_write_begin+0x100/0x100 07:38:47 executing program 3: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xe7) write$nbd(r0, &(0x7f0000000080), 0x10) 07:38:47 executing program 0: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, 0x0, 0xe7) write$nbd(r0, &(0x7f0000000080)={0x67446698, 0x406}, 0x10) 07:38:47 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd1000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 2836.947033][T17674] __generic_file_write_iter+0x161/0x300 [ 2836.952672][T17674] ? generic_write_checks+0x242/0x290 [ 2836.958047][T17674] generic_file_write_iter+0x75/0x130 [ 2836.963414][T17674] vfs_write+0x69d/0x770 [ 2836.967688][T17674] ksys_write+0xce/0x180 [ 2836.972099][T17674] __x64_sys_write+0x3e/0x50 [ 2836.976687][T17674] do_syscall_64+0x3d/0x90 [ 2836.981172][T17674] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 2836.987062][T17674] RIP: 0033:0x4665e9 [ 2836.990947][T17674] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2837.010625][T17674] RSP: 002b:00007fdb39a02188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2837.019099][T17674] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665e9 [ 2837.027144][T17674] RDX: 00000000fffffdef RSI: 0000000020000480 RDI: 0000000000000003 [ 2837.035113][T17674] RBP: 00007fdb39a021d0 R08: 0000000000000000 R09: 0000000000000000 07:38:47 executing program 0: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, 0x0, 0xe7) write$nbd(r0, &(0x7f0000000080)={0x67446698, 0x500}, 0x10) 07:38:47 executing program 3: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xe7) write$nbd(r0, &(0x7f0000000080)={0x67446698, 0x0, 0x0, 0x0, 0x2}, 0x10) [ 2837.043084][T17674] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 2837.051137][T17674] R13: 00007ffca9e2055f R14: 00007fdb39a02300 R15: 0000000000022000 [ 2837.076870][T17676] loop5: detected capacity change from 0 to 264192 07:38:48 executing program 2 (fault-call:1 fault-nth:6): r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xfffffdef) 07:38:48 executing program 4: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x393982, 0x0) ioctl$sock_ipv6_tunnel_SIOCGET6RD(r0, 0x89f8, &(0x7f0000000080)={'ip6tnl0\x00', &(0x7f0000000000)={'syztnl0\x00', 0x0, 0x2f, 0x20, 0x5, 0x1000, 0x12, @mcast2, @mcast2, 0x8, 0x10, 0x80000000, 0xfffffff7}}) mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x8, 0x10010, r0, 0x10000000) ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r0, 0x408c5333, &(0x7f00000001c0)={0x1, 0x2a, 0x0, 'queue0\x00', 0x6}) write$nbd(r0, 0x0, 0x7fffffffffffffff) recvmsg$unix(r0, &(0x7f00000006c0)={&(0x7f0000000100)=@abs, 0x6e, &(0x7f00000005c0)=[{&(0x7f0000000280)=""/126, 0x7e}, {&(0x7f0000000300)=""/29, 0x1d}, {&(0x7f0000000340)=""/67, 0x43}, {&(0x7f00000003c0)=""/116, 0x74}, {&(0x7f0000000440)=""/98, 0x62}, {&(0x7f00000004c0)=""/247, 0xf7}], 0x6, &(0x7f0000000640)=ANY=[@ANYBLOB="1c000000000000000100000001000000", @ANYRES32=0xffffffffffffffff, @ANYRES32, @ANYRES32, @ANYBLOB="0000000018000000000000000100000001000000", @ANYRES32=0xffffffffffffffff, @ANYRES32, @ANYBLOB="1c000000000000000100000002000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00'], 0x58}, 0x3) ioctl$TIOCGPGRP(r2, 0x540f, &(0x7f0000000700)) ioctl$PIO_UNIMAP(r1, 0x4b67, &(0x7f0000000780)={0x4, &(0x7f0000000740)=[{0x400, 0x6}, {0x40, 0x1}, {0x4fb7, 0x8}, {0x8, 0x200}]}) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, &(0x7f00000000c0)={'batadv_slave_1\x00'}) r3 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000700), 0x40000, 0x0) r4 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) ioctl$KDSKBMODE(r4, 0x4b45, 0x0) ioctl$TIOCGPGRP(r4, 0x540f, &(0x7f0000000800)) recvmsg$unix(r3, &(0x7f0000000b80)={&(0x7f0000000740), 0x6e, 0x0}, 0x0) setsockopt$inet6_udp_int(r3, 0x11, 0x65, &(0x7f00000007c0)=0x10001, 0x4) 07:38:48 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd1010000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 07:38:48 executing program 3: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xe7) write$nbd(r0, &(0x7f0000000080)={0x67446698, 0x0, 0x0, 0x0, 0x3}, 0x10) [ 2837.097915][T17676] FAT-fs (loop5): invalid media value (0xe1) [ 2837.103940][T17676] FAT-fs (loop5): Can't find a valid FAT filesystem 07:38:48 executing program 5: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x0, 0x2, &(0x7f0000000440)=[{0x0, 0x0, 0x1daffffff}, {&(0x7f0000000400)="b6e4ba5e97a999bfce4e9bf4475031d183cbe1", 0x13, 0x3}], 0x0, &(0x7f0000000000)={[{@fat=@time_offset={'time_offset', 0x3d, 0xfffffffffffffc11}}]}) 07:38:48 executing program 0: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, 0x0, 0xe7) write$nbd(r0, &(0x7f0000000080)={0x67446698, 0x604}, 0x10) [ 2837.180530][T17716] FAULT_INJECTION: forcing a failure. [ 2837.180530][T17716] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2837.193716][T17716] CPU: 0 PID: 17716 Comm: syz-executor.2 Not tainted 5.14.0-rc4-syzkaller #0 [ 2837.202478][T17716] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2837.212534][T17716] Call Trace: [ 2837.215805][T17716] dump_stack_lvl+0xb7/0x103 [ 2837.220399][T17716] dump_stack+0x11/0x1a [ 2837.224617][T17716] should_fail+0x23c/0x250 07:38:48 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd1020000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 2837.229069][T17716] should_fail_usercopy+0x16/0x20 [ 2837.234136][T17716] copy_page_from_iter_atomic+0x2c1/0xba0 [ 2837.239865][T17716] ? shmem_write_begin+0x7e/0x100 [ 2837.244885][T17716] generic_perform_write+0x1df/0x3c0 [ 2837.250165][T17716] ? shmem_write_begin+0x100/0x100 [ 2837.255311][T17716] __generic_file_write_iter+0x161/0x300 [ 2837.260948][T17716] ? generic_write_checks+0x242/0x290 [ 2837.266319][T17716] generic_file_write_iter+0x75/0x130 [ 2837.271694][T17716] vfs_write+0x69d/0x770 [ 2837.275994][T17716] ksys_write+0xce/0x180 07:38:48 executing program 4: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) r1 = syz_genetlink_get_family_id$team(&(0x7f0000000040), r0) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000080)={'team0\x00', 0x0}) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r0, 0x89f1, &(0x7f0000000140)={'syztnl0\x00', &(0x7f00000000c0)={'syztnl1\x00', 0x0, 0x4, 0x9, 0x9, 0x4, 0x46, @empty, @private1={0xfc, 0x1, '\x00', 0x1}, 0x1, 0x7, 0x2887fbde, 0x80000000}}) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r0, 0x89f1, &(0x7f0000000240)={'syztnl2\x00', &(0x7f00000001c0)={'ip6tnl0\x00', 0x0, 0x29, 0x6, 0x1, 0x101, 0x1a, @loopback, @dev={0xfe, 0x80, '\x00', 0x23}, 0xf800, 0x40, 0x0, 0x6}}) getsockname$packet(r0, &(0x7f0000000280)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, &(0x7f00000002c0)=0x14) sendmsg$TEAM_CMD_NOOP(r0, &(0x7f0000000840)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000800)={&(0x7f0000000300)={0x4cc, r1, 0x1, 0x70bd27, 0x25dfdbfc, {}, [{{0x8, 0x1, r2}, {0x174, 0x2, 0x0, 0x1, [{0x38, 0x1, @mcast_rejoin_interval={{0x24}, {0x5}, {0x8, 0x4, 0x20}}}, {0x44, 0x1, @bpf_hash_func={{0x24}, {0x5}, {0x14, 0x4, [{0x800, 0x0, 0x5, 0xfffffffc}, {0x6, 0xff, 0xbe, 0xfffffff9}]}}}, {0x3c, 0x1, @user_linkup={{{0x24}, {0x5}, {0x4}}, {0x8}}}, {0x38, 0x1, @mcast_rejoin_interval={{0x24}, {0x5}, {0x8, 0x4, 0xffffffff}}}, {0x44, 0x1, @bpf_hash_func={{0x24}, {0x5}, {0x14, 0x4, [{0x2, 0x81, 0x7f, 0x8}, {0x200, 0x20, 0x81}]}}}, {0x3c, 0x1, @user_linkup_enabled={{{0x24}, {0x5}, {0x4}}, {0x8}}}]}}, {{0x8}, {0x170, 0x2, 0x0, 0x1, [{0x40, 0x1, @lb_port_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x8000}}, {0x8}}}, {0x38, 0x1, @mcast_rejoin_interval={{0x24}, {0x5}, {0x8, 0x4, 0xffff8000}}}, {0x38, 0x1, @activeport={{0x24}, {0x5}, {0x8}}}, {0x40, 0x1, @lb_tx_hash_to_port_mapping={{{0x24}, {0x5}, {0x8}}, {0x8}}}, {0x3c, 0x1, @name={{0x24}, {0x5}, {0xb, 0x4, 'random\x00'}}}, {0x40, 0x1, @name={{0x24}, {0x5}, {0x10, 0x4, 'loadbalance\x00'}}}]}}, {{0x8, 0x1, r3}, {0x3c, 0x2, 0x0, 0x1, [{0x38, 0x1, @mcast_rejoin_count={{0x24}, {0x5}, {0x8, 0x4, 0x5}}}]}}, {{0x8}, {0x178, 0x2, 0x0, 0x1, [{0x38, 0x1, @notify_peers_interval={{0x24}, {0x5}, {0x8, 0x4, 0xa1}}}, {0x3c, 0x1, @user_linkup_enabled={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r4}}}, {0x3c, 0x1, @user_linkup={{{0x24}, {0x5}, {0x4}}, {0x8}}}, {0x3c, 0x1, @name={{0x24}, {0x5}, {0xb, 0x4, 'random\x00'}}}, {0x4c, 0x1, @lb_tx_method={{0x24}, {0x5}, {0x19, 0x4, 'hash_to_port_mapping\x00'}}}, {0x3c, 0x1, @user_linkup_enabled={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r5}}}]}}]}, 0x4cc}}, 0x800) write$nbd(r0, 0x0, 0x7fffffffffffffff) 07:38:48 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd1030000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 2837.280235][T17716] __x64_sys_write+0x3e/0x50 [ 2837.284825][T17716] do_syscall_64+0x3d/0x90 [ 2837.289240][T17716] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 2837.295127][T17716] RIP: 0033:0x4665e9 [ 2837.299028][T17716] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2837.318649][T17716] RSP: 002b:00007fdb39a02188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 07:38:48 executing program 0: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, 0x0, 0xe7) write$nbd(r0, &(0x7f0000000080)={0x67446698, 0x3f00}, 0x10) 07:38:48 executing program 3: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xe7) write$nbd(r0, &(0x7f0000000080)={0x67446698, 0x0, 0x0, 0x0, 0x4}, 0x10) 07:38:48 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd1040000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 2837.327082][T17716] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665e9 [ 2837.335043][T17716] RDX: 00000000fffffdef RSI: 0000000020000480 RDI: 0000000000000003 [ 2837.343010][T17716] RBP: 00007fdb39a021d0 R08: 0000000000000000 R09: 0000000000000000 [ 2837.350979][T17716] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 2837.359004][T17716] R13: 00007ffca9e2055f R14: 00007fdb39a02300 R15: 0000000000022000 [ 2837.400196][T17741] loop5: detected capacity change from 0 to 264192 [ 2837.439996][T17741] FAT-fs (loop5): invalid media value (0xe1) [ 2837.445999][T17741] FAT-fs (loop5): Can't find a valid FAT filesystem 07:38:48 executing program 2 (fault-call:1 fault-nth:7): r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xfffffdef) 07:38:48 executing program 4: pipe(&(0x7f0000000000)={0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_MODIFY_ATTRIBUTES(r0, 0x4008240b, &(0x7f0000000040)={0x4, 0x80, 0x6, 0x1, 0x5, 0x80, 0x0, 0x7fff, 0x108, 0x3, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x1, @perf_config_ext={0x8, 0xfffffffffffffffb}, 0x200, 0x10001, 0x4, 0x3, 0xc800000000000000, 0x1ff, 0x6, 0x0, 0x7fffffff, 0x0, 0x1}) r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r1, 0x0, 0x7fffffffffffffff) 07:38:48 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd2000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 07:38:48 executing program 3: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xe7) write$nbd(r0, &(0x7f0000000080)={0x67446698, 0x0, 0x0, 0x0, 0x5}, 0x10) 07:38:48 executing program 0: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, 0x0, 0xe7) write$nbd(r0, &(0x7f0000000080)={0x67446698, 0x4000}, 0x10) 07:38:48 executing program 5: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x0, 0x2, &(0x7f0000000440)=[{0x0, 0x0, 0x1f6ffffff}, {&(0x7f0000000400)="b6e4ba5e97a999bfce4e9bf4475031d183cbe1", 0x13, 0x3}], 0x0, &(0x7f0000000000)={[{@fat=@time_offset={'time_offset', 0x3d, 0xfffffffffffffc11}}]}) [ 2837.509162][T17741] loop5: detected capacity change from 0 to 264192 [ 2837.516426][T17741] FAT-fs (loop5): invalid media value (0xe1) [ 2837.522441][T17741] FAT-fs (loop5): Can't find a valid FAT filesystem [ 2837.590659][T17766] loop5: detected capacity change from 0 to 204799 [ 2837.611063][T17772] FAULT_INJECTION: forcing a failure. [ 2837.611063][T17772] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 2837.624386][T17772] CPU: 0 PID: 17772 Comm: syz-executor.2 Not tainted 5.14.0-rc4-syzkaller #0 07:38:48 executing program 4: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, 0x0, 0x7fffffffffffffff) r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000700), 0x40000, 0x0) r2 = pidfd_open(0xffffffffffffffff, 0x0) r3 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/module/pci_hotplug', 0x8002, 0x10) ioctl$PERF_EVENT_IOC_MODIFY_ATTRIBUTES(r3, 0x4008240b, &(0x7f00000001c0)={0x0, 0x80, 0x7, 0x2, 0x1, 0x7f, 0x0, 0x7, 0x280, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0xdaf, 0x4, @perf_bp={&(0x7f0000000100), 0x8}, 0x2000, 0x8, 0x7fffffff, 0x2, 0x2, 0x4, 0x6, 0x0, 0x80000001, 0x0, 0xe2b4}) r4 = openat$thread_pidfd(0xffffffffffffff9c, &(0x7f0000000080), 0x80400, 0x0) pidfd_getfd(r2, r4, 0x0) openat$vcsa(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) recvmsg$unix(r1, &(0x7f0000000b80)={&(0x7f0000000740), 0x6e, 0x0}, 0x0) pipe(&(0x7f0000000140)) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r1, 0x402c5342, &(0x7f0000000000)={0x1, 0x2, 0x10001, {0x3, 0x800}, 0xa0000000, 0x1}) r5 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TEAM_CMD_NOOP(r5, &(0x7f00000031c0)={&(0x7f0000002c40)={0x10, 0x0, 0x0, 0x8800200}, 0xc, &(0x7f0000003180)={&(0x7f0000002e80)={0x14}, 0x14}}, 0x0) setsockopt$netlink_NETLINK_TX_RING(r5, 0x10e, 0x7, &(0x7f0000000240)={0xa, 0x80000001, 0x402, 0x5}, 0x10) 07:38:48 executing program 3: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xe7) write$nbd(r0, &(0x7f0000000080)={0x67446698, 0x0, 0x0, 0x0, 0x8}, 0x10) 07:38:48 executing program 0: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, 0x0, 0xe7) write$nbd(r0, &(0x7f0000000080)={0x67446698, 0x8008}, 0x10) [ 2837.633138][T17772] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2837.643189][T17772] Call Trace: [ 2837.646460][T17772] dump_stack_lvl+0xb7/0x103 [ 2837.651044][T17772] dump_stack+0x11/0x1a [ 2837.655199][T17772] should_fail+0x23c/0x250 [ 2837.658133][T17766] FAT-fs (loop5): invalid media value (0xe1) [ 2837.659610][T17772] __alloc_pages+0x102/0x320 [ 2837.665612][T17766] FAT-fs (loop5): Can't find a valid FAT filesystem [ 2837.670151][T17772] alloc_pages_vma+0x513/0x680 [ 2837.670176][T17772] shmem_getpage_gfp+0x954/0x13d0 [ 2837.686475][T17772] shmem_write_begin+0x7e/0x100 07:38:48 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd2010000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 2837.691350][T17772] generic_perform_write+0x196/0x3c0 [ 2837.696641][T17772] ? shmem_write_begin+0x100/0x100 [ 2837.701780][T17772] __generic_file_write_iter+0x161/0x300 [ 2837.707409][T17772] ? generic_write_checks+0x242/0x290 [ 2837.712780][T17772] generic_file_write_iter+0x75/0x130 [ 2837.718251][T17772] vfs_write+0x69d/0x770 [ 2837.722489][T17772] ksys_write+0xce/0x180 [ 2837.726728][T17772] __x64_sys_write+0x3e/0x50 [ 2837.731308][T17772] do_syscall_64+0x3d/0x90 [ 2837.735778][T17772] entry_SYSCALL_64_after_hwframe+0x44/0xae 07:38:48 executing program 0: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, 0x0, 0xe7) write$nbd(r0, &(0x7f0000000080)={0x67446698, 0x100000}, 0x10) [ 2837.741693][T17772] RIP: 0033:0x4665e9 [ 2837.745605][T17772] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2837.765268][T17772] RSP: 002b:00007fdb39a02188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2837.765291][T17772] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665e9 [ 2837.765303][T17772] RDX: 00000000fffffdef RSI: 0000000020000480 RDI: 0000000000000003 [ 2837.765315][T17772] RBP: 00007fdb39a021d0 R08: 0000000000000000 R09: 0000000000000000 [ 2837.765326][T17772] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 2837.765338][T17772] R13: 00007ffca9e2055f R14: 00007fdb39a02300 R15: 0000000000022000 [ 2837.793976][T17766] loop5: detected capacity change from 0 to 204799 [ 2837.801471][T17766] FAT-fs (loop5): invalid media value (0xe1) 07:38:48 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd2020000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 07:38:48 executing program 2 (fault-call:1 fault-nth:8): r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xfffffdef) 07:38:48 executing program 3: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xe7) write$nbd(r0, &(0x7f0000000080)={0x67446698, 0x0, 0x0, 0x0, 0x300}, 0x10) 07:38:48 executing program 4: ioctl$SNDRV_SEQ_IOCTL_QUERY_SUBS(0xffffffffffffffff, 0xc058534f, &(0x7f0000000000)={{0x0, 0x5}, 0x1, 0x2, 0x6, {0x3, 0x7}, 0x4, 0x10cd}) r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, 0x0, 0x7fffffffffffffff) [ 2837.845096][T17766] FAT-fs (loop5): Can't find a valid FAT filesystem 07:38:48 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd2030000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 07:38:48 executing program 0: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, 0x0, 0xe7) write$nbd(r0, &(0x7f0000000080)={0x67446698, 0x1000000}, 0x10) [ 2837.949990][T17812] FAULT_INJECTION: forcing a failure. [ 2837.949990][T17812] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2837.963079][T17812] CPU: 0 PID: 17812 Comm: syz-executor.2 Not tainted 5.14.0-rc4-syzkaller #0 [ 2837.972019][T17812] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2837.982061][T17812] Call Trace: [ 2837.985323][T17812] dump_stack_lvl+0xb7/0x103 [ 2837.989989][T17812] dump_stack+0x11/0x1a [ 2837.994137][T17812] should_fail+0x23c/0x250 [ 2837.998547][T17812] should_fail_usercopy+0x16/0x20 [ 2838.003559][T17812] copy_page_from_iter_atomic+0x2c1/0xba0 [ 2838.009419][T17812] ? shmem_write_begin+0x7e/0x100 [ 2838.014474][T17812] generic_perform_write+0x1df/0x3c0 [ 2838.019743][T17812] ? shmem_write_begin+0x100/0x100 [ 2838.024893][T17812] __generic_file_write_iter+0x161/0x300 [ 2838.030522][T17812] ? generic_write_checks+0x242/0x290 [ 2838.035877][T17812] generic_file_write_iter+0x75/0x130 [ 2838.041325][T17812] vfs_write+0x69d/0x770 [ 2838.045562][T17812] ksys_write+0xce/0x180 [ 2838.049856][T17812] __x64_sys_write+0x3e/0x50 [ 2838.054432][T17812] do_syscall_64+0x3d/0x90 [ 2838.058897][T17812] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 2838.064775][T17812] RIP: 0033:0x4665e9 [ 2838.068708][T17812] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2838.088745][T17812] RSP: 002b:00007fdb39a02188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2838.097279][T17812] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665e9 [ 2838.105242][T17812] RDX: 00000000fffffdef RSI: 0000000020000480 RDI: 0000000000000003 [ 2838.113212][T17812] RBP: 00007fdb39a021d0 R08: 0000000000000000 R09: 0000000000000000 [ 2838.121263][T17812] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 2838.129227][T17812] R13: 00007ffca9e2055f R14: 00007fdb39a02300 R15: 0000000000022000 07:38:49 executing program 5: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x0, 0x2, &(0x7f0000000440)=[{0x0, 0x0, 0x1f9fdffff}, {&(0x7f0000000400)="b6e4ba5e97a999bfce4e9bf4475031d183cbe1", 0x13, 0x3}], 0x0, &(0x7f0000000000)={[{@fat=@time_offset={'time_offset', 0x3d, 0xfffffffffffffc11}}]}) 07:38:49 executing program 4: openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x608401, 0x0) r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000700), 0x40000, 0x0) recvmsg$unix(r0, &(0x7f0000000b80)={&(0x7f0000000740), 0x6e, 0x0}, 0x0) write$nbd(r0, 0x0, 0x7fffffffffffffff) 07:38:49 executing program 3: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xe7) write$nbd(r0, &(0x7f0000000080)={0x67446698, 0x0, 0x0, 0x0, 0x500}, 0x10) 07:38:49 executing program 0: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, 0x0, 0xe7) write$nbd(r0, &(0x7f0000000080)={0x67446698, 0x2000000}, 0x10) 07:38:49 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd2040000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 07:38:49 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd3000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 07:38:49 executing program 3: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xe7) write$nbd(r0, &(0x7f0000000080)={0x67446698, 0x0, 0x0, 0x0, 0x1000000}, 0x10) [ 2838.232701][T17840] loop5: detected capacity change from 0 to 264192 [ 2838.267202][T17840] FAT-fs (loop5): invalid media value (0xe1) [ 2838.273245][T17840] FAT-fs (loop5): Can't find a valid FAT filesystem 07:38:49 executing program 2 (fault-call:1 fault-nth:9): r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xfffffdef) 07:38:49 executing program 4: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000700), 0x40000, 0x0) recvmsg$unix(r1, &(0x7f0000000b80)={&(0x7f0000000740), 0x6e, 0x0}, 0x0) pidfd_send_signal(r1, 0x8, &(0x7f0000000000)={0x28, 0x2}, 0x0) write$nbd(r0, 0x0, 0x7fffffffffffffff) 07:38:49 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd3010000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 07:38:49 executing program 0: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, 0x0, 0xe7) write$nbd(r0, &(0x7f0000000080)={0x67446698, 0x2040000}, 0x10) 07:38:49 executing program 3: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xe7) write$nbd(r0, &(0x7f0000000080)={0x67446698, 0x0, 0x0, 0x0, 0x2000000}, 0x10) 07:38:49 executing program 5: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x0, 0x2, &(0x7f0000000440)=[{0x0, 0x0, 0x1fdfdffff}, {&(0x7f0000000400)="b6e4ba5e97a999bfce4e9bf4475031d183cbe1", 0x13, 0x3}], 0x0, &(0x7f0000000000)={[{@fat=@time_offset={'time_offset', 0x3d, 0xfffffffffffffc11}}]}) [ 2838.405521][T17862] FAULT_INJECTION: forcing a failure. [ 2838.405521][T17862] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 2838.417459][T17866] loop5: detected capacity change from 0 to 134655 [ 2838.418774][T17862] CPU: 1 PID: 17862 Comm: syz-executor.2 Not tainted 5.14.0-rc4-syzkaller #0 [ 2838.433994][T17862] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2838.442637][T17866] FAT-fs (loop5): invalid media value (0xe1) [ 2838.444039][T17862] Call Trace: 07:38:49 executing program 0: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, 0x0, 0xe7) write$nbd(r0, &(0x7f0000000080)={0x67446698, 0x3000000}, 0x10) 07:38:49 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd3020000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 2838.444048][T17862] dump_stack_lvl+0xb7/0x103 [ 2838.444066][T17862] dump_stack+0x11/0x1a [ 2838.450052][T17866] FAT-fs (loop5): Can't find a valid FAT filesystem [ 2838.453298][T17862] should_fail+0x23c/0x250 [ 2838.472989][T17862] __alloc_pages+0x102/0x320 [ 2838.477629][T17862] alloc_pages_vma+0x513/0x680 [ 2838.482387][T17862] shmem_getpage_gfp+0x954/0x13d0 [ 2838.487412][T17862] shmem_write_begin+0x7e/0x100 [ 2838.492276][T17862] generic_perform_write+0x196/0x3c0 [ 2838.497611][T17862] ? shmem_write_begin+0x100/0x100 07:38:49 executing program 3: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xe7) write$nbd(r0, &(0x7f0000000080)={0x67446698, 0x0, 0x0, 0x0, 0x3000000}, 0x10) 07:38:49 executing program 4: openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000700), 0x40000, 0x0) recvmsg$unix(r0, &(0x7f0000000b80)={&(0x7f0000000740), 0x6e, 0x0}, 0x0) socket(0x35, 0x2, 0x40) r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000700), 0x40000, 0x0) recvmsg$unix(r1, &(0x7f0000000b80)={&(0x7f0000000740), 0x6e, 0x0}, 0x0) write$nbd(r1, 0x0, 0x2d2c2cfff2ae1354) [ 2838.502854][T17862] __generic_file_write_iter+0x161/0x300 [ 2838.508488][T17862] ? generic_write_checks+0x242/0x290 [ 2838.513931][T17862] generic_file_write_iter+0x75/0x130 [ 2838.519299][T17862] vfs_write+0x69d/0x770 [ 2838.523540][T17862] ksys_write+0xce/0x180 [ 2838.527771][T17862] __x64_sys_write+0x3e/0x50 [ 2838.532353][T17862] do_syscall_64+0x3d/0x90 [ 2838.536768][T17862] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 2838.542702][T17862] RIP: 0033:0x4665e9 [ 2838.546583][T17862] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2838.566217][T17862] RSP: 002b:00007fdb39a02188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2838.574632][T17862] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665e9 [ 2838.582603][T17862] RDX: 00000000fffffdef RSI: 0000000020000480 RDI: 0000000000000003 [ 2838.590572][T17862] RBP: 00007fdb39a021d0 R08: 0000000000000000 R09: 0000000000000000 [ 2838.598540][T17862] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 07:38:49 executing program 4: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x23e603, 0x0) write$nbd(r0, 0x0, 0x7fffffffffffffff) [ 2838.606587][T17862] R13: 00007ffca9e2055f R14: 00007fdb39a02300 R15: 0000000000022000 [ 2838.629505][T17866] loop5: detected capacity change from 0 to 134655 07:38:49 executing program 3: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xe7) write$nbd(r0, &(0x7f0000000080)={0x67446698, 0x0, 0x0, 0x0, 0x4000000}, 0x10) 07:38:49 executing program 2 (fault-call:1 fault-nth:10): r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xfffffdef) 07:38:49 executing program 5: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x0, 0x2, &(0x7f0000000440)=[{0x0, 0x0, 0x1fdffffff}, {&(0x7f0000000400)="b6e4ba5e97a999bfce4e9bf4475031d183cbe1", 0x13, 0x3}], 0x0, &(0x7f0000000000)={[{@fat=@time_offset={'time_offset', 0x3d, 0xfffffffffffffc11}}]}) 07:38:49 executing program 0: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, 0x0, 0xe7) write$nbd(r0, &(0x7f0000000080)={0x67446698, 0x4000000}, 0x10) 07:38:49 executing program 4: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0700, 0x0) write$nbd(r0, 0x0, 0x7fffffffffffffff) 07:38:49 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd3030000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 2838.654907][T17866] FAT-fs (loop5): invalid media value (0xe1) [ 2838.660997][T17866] FAT-fs (loop5): Can't find a valid FAT filesystem 07:38:49 executing program 0: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, 0x0, 0xe7) write$nbd(r0, &(0x7f0000000080)={0x67446698, 0x5000000}, 0x10) 07:38:49 executing program 3: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xe7) write$nbd(r0, &(0x7f0000000080)={0x67446698, 0x0, 0x0, 0x0, 0x5000000}, 0x10) [ 2838.737417][T17908] FAULT_INJECTION: forcing a failure. [ 2838.737417][T17908] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2838.744638][T17913] loop5: detected capacity change from 0 to 135167 [ 2838.750529][T17908] CPU: 1 PID: 17908 Comm: syz-executor.2 Not tainted 5.14.0-rc4-syzkaller #0 [ 2838.765730][T17908] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2838.775791][T17908] Call Trace: [ 2838.779070][T17908] dump_stack_lvl+0xb7/0x103 [ 2838.783659][T17908] dump_stack+0x11/0x1a 07:38:49 executing program 4: pipe(&(0x7f0000000000)={0xffffffffffffffff}) setsockopt$netlink_NETLINK_DROP_MEMBERSHIP(r0, 0x10e, 0x2, &(0x7f0000000040)=0x3, 0x4) r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r1, 0x0, 0x7fffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TEAM_CMD_NOOP(r2, &(0x7f00000031c0)={&(0x7f0000002c40)={0x10, 0x0, 0x0, 0x8800200}, 0xc, &(0x7f0000003180)={&(0x7f0000002e80)={0x14}, 0x14}}, 0x0) getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000000080), &(0x7f00000000c0)=0xc) [ 2838.787811][T17908] should_fail+0x23c/0x250 [ 2838.792353][T17908] should_fail_usercopy+0x16/0x20 [ 2838.797380][T17908] copy_page_from_iter_atomic+0x2c1/0xba0 [ 2838.803103][T17908] ? shmem_write_begin+0x7e/0x100 [ 2838.808155][T17908] generic_perform_write+0x1df/0x3c0 [ 2838.813469][T17908] ? shmem_write_begin+0x100/0x100 [ 2838.818571][T17908] __generic_file_write_iter+0x161/0x300 [ 2838.824205][T17908] ? generic_write_checks+0x242/0x290 [ 2838.829571][T17908] generic_file_write_iter+0x75/0x130 07:38:49 executing program 4: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x686201, 0x0) write$nbd(r0, 0x0, 0x7fffffffffffffff) [ 2838.834975][T17908] vfs_write+0x69d/0x770 [ 2838.839212][T17908] ksys_write+0xce/0x180 [ 2838.843454][T17908] __x64_sys_write+0x3e/0x50 [ 2838.848047][T17908] do_syscall_64+0x3d/0x90 [ 2838.852524][T17908] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 2838.858425][T17908] RIP: 0033:0x4665e9 [ 2838.862347][T17908] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2838.879820][T17913] FAT-fs (loop5): invalid media value (0xe1) [ 2838.881976][T17908] RSP: 002b:00007fdb39a02188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2838.887946][T17913] FAT-fs (loop5): Can't find a valid FAT filesystem [ 2838.902952][T17908] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665e9 [ 2838.910920][T17908] RDX: 00000000fffffdef RSI: 0000000020000480 RDI: 0000000000000003 [ 2838.918889][T17908] RBP: 00007fdb39a021d0 R08: 0000000000000000 R09: 0000000000000000 [ 2838.926860][T17908] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 07:38:49 executing program 0: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, 0x0, 0xe7) write$nbd(r0, &(0x7f0000000080)={0x67446698, 0x6040000}, 0x10) 07:38:49 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd3040000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 2838.934917][T17908] R13: 00007ffca9e2055f R14: 00007fdb39a02300 R15: 0000000000022000 07:38:49 executing program 4: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x551f01, 0x0) write$nbd(r0, 0x0, 0x7fffffffffffffff) [ 2838.961484][T17913] loop5: detected capacity change from 0 to 135167 [ 2838.985744][T17913] FAT-fs (loop5): invalid media value (0xe1) [ 2838.991787][T17913] FAT-fs (loop5): Can't find a valid FAT filesystem 07:38:50 executing program 2 (fault-call:1 fault-nth:11): r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xfffffdef) 07:38:50 executing program 3: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xe7) write$nbd(r0, &(0x7f0000000080)={0x67446698, 0x0, 0x0, 0x0, 0x8000000}, 0x10) 07:38:50 executing program 0: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, 0x0, 0xe7) write$nbd(r0, &(0x7f0000000080)={0x67446698, 0x8000000}, 0x10) 07:38:50 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd4000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 07:38:50 executing program 4: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, 0x0, 0x7fffffffffffffff) openat$nvram(0xffffffffffffff9c, &(0x7f0000000200), 0x420002, 0x0) sendmsg$BATADV_CMD_GET_DAT_CACHE(r0, &(0x7f00000001c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000240)={&(0x7f00000000c0)={0x14, 0x0, 0x4, 0x70bd28, 0x25dfdbfe}, 0x67}, 0x1, 0x0, 0x0, 0x20}, 0x800) r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000700), 0x40000, 0x0) recvmsg$unix(r1, &(0x7f0000000b80)={&(0x7f0000000740), 0x6e, 0x0}, 0x0) pidfd_send_signal(r1, 0x2c, &(0x7f0000000000)={0x33, 0x2, 0x80000000}, 0x0) 07:38:50 executing program 5: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x0, 0x2, &(0x7f0000000440)=[{0x0, 0x0, 0x1feffffff}, {&(0x7f0000000400)="b6e4ba5e97a999bfce4e9bf4475031d183cbe1", 0x13, 0x3}], 0x0, &(0x7f0000000000)={[{@fat=@time_offset={'time_offset', 0x3d, 0xfffffffffffffc11}}]}) [ 2839.176270][T17962] FAULT_INJECTION: forcing a failure. [ 2839.176270][T17962] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 2839.182016][T17963] loop5: detected capacity change from 0 to 200703 [ 2839.189513][T17962] CPU: 0 PID: 17962 Comm: syz-executor.2 Not tainted 5.14.0-rc4-syzkaller #0 [ 2839.204936][T17962] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2839.214989][T17962] Call Trace: [ 2839.218265][T17962] dump_stack_lvl+0xb7/0x103 [ 2839.222849][T17962] dump_stack+0x11/0x1a [ 2839.226996][T17962] should_fail+0x23c/0x250 [ 2839.231482][T17962] __alloc_pages+0x102/0x320 [ 2839.236070][T17962] alloc_pages_vma+0x513/0x680 [ 2839.240834][T17962] shmem_getpage_gfp+0x954/0x13d0 [ 2839.245940][T17962] shmem_write_begin+0x7e/0x100 [ 2839.250780][T17962] generic_perform_write+0x196/0x3c0 [ 2839.256063][T17962] ? shmem_write_begin+0x100/0x100 [ 2839.261171][T17962] __generic_file_write_iter+0x161/0x300 [ 2839.266804][T17962] ? generic_write_checks+0x242/0x290 [ 2839.272173][T17962] generic_file_write_iter+0x75/0x130 [ 2839.277542][T17962] vfs_write+0x69d/0x770 [ 2839.281832][T17962] ksys_write+0xce/0x180 [ 2839.286091][T17962] __x64_sys_write+0x3e/0x50 [ 2839.290671][T17962] do_syscall_64+0x3d/0x90 [ 2839.295084][T17962] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 2839.300974][T17962] RIP: 0033:0x4665e9 [ 2839.304890][T17962] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 07:38:50 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd4010000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 07:38:50 executing program 0: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, 0x0, 0xe7) write$nbd(r0, &(0x7f0000000080)={0x67446698, 0x8800000}, 0x10) 07:38:50 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd4020000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 07:38:50 executing program 0: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, 0x0, 0xe7) write$nbd(r0, &(0x7f0000000080)={0x67446698, 0x10000000}, 0x10) 07:38:50 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd4030000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 07:38:50 executing program 0: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, 0x0, 0xe7) write$nbd(r0, &(0x7f0000000080)={0x67446698, 0x3f000000}, 0x10) [ 2839.324682][T17962] RSP: 002b:00007fdb39a02188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2839.333097][T17962] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665e9 [ 2839.341065][T17962] RDX: 00000000fffffdef RSI: 0000000020000480 RDI: 0000000000000003 [ 2839.349029][T17962] RBP: 00007fdb39a021d0 R08: 0000000000000000 R09: 0000000000000000 [ 2839.357028][T17962] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2839.365020][T17962] R13: 00007ffca9e2055f R14: 00007fdb39a02300 R15: 0000000000022000 07:38:50 executing program 2 (fault-call:1 fault-nth:12): r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xfffffdef) 07:38:50 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd4040000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 07:38:50 executing program 5: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x0, 0x2, &(0x7f0000000440)=[{0x0, 0x0, 0x1ff070400}, {&(0x7f0000000400)="b6e4ba5e97a999bfce4e9bf4475031d183cbe1", 0x13, 0x3}], 0x0, &(0x7f0000000000)={[{@fat=@time_offset={'time_offset', 0x3d, 0xfffffffffffffc11}}]}) 07:38:50 executing program 0: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, 0x0, 0xe7) write$nbd(r0, &(0x7f0000000080)={0x67446698, 0x40000000}, 0x10) 07:38:50 executing program 4: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000040), 0x4f0500, 0x0) ioctl$KDSKBMODE(r0, 0x4b45, &(0x7f0000000000)=0x1) write$nbd(r0, 0x0, 0x7fffffffffffffff) 07:38:50 executing program 3: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xe7) write$nbd(r0, &(0x7f0000000080), 0xf7) [ 2839.365112][T17963] FAT-fs (loop5): invalid media value (0xe1) [ 2839.378982][T17963] FAT-fs (loop5): Can't find a valid FAT filesystem [ 2839.468883][T18004] FAULT_INJECTION: forcing a failure. [ 2839.468883][T18004] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2839.474959][T18001] loop5: detected capacity change from 0 to 202500 [ 2839.481981][T18004] CPU: 0 PID: 18004 Comm: syz-executor.2 Not tainted 5.14.0-rc4-syzkaller #0 [ 2839.497191][T18004] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2839.507260][T18004] Call Trace: [ 2839.510562][T18004] dump_stack_lvl+0xb7/0x103 [ 2839.515151][T18004] dump_stack+0x11/0x1a [ 2839.519296][T18004] should_fail+0x23c/0x250 [ 2839.523749][T18004] should_fail_usercopy+0x16/0x20 [ 2839.528766][T18004] copy_page_from_iter_atomic+0x2c1/0xba0 [ 2839.534511][T18004] ? shmem_write_begin+0x7e/0x100 [ 2839.539515][T18004] generic_perform_write+0x1df/0x3c0 [ 2839.544837][T18004] ? shmem_write_begin+0x100/0x100 [ 2839.549995][T18004] __generic_file_write_iter+0x161/0x300 [ 2839.555623][T18004] ? generic_write_checks+0x242/0x290 [ 2839.560975][T18004] generic_file_write_iter+0x75/0x130 [ 2839.566331][T18004] vfs_write+0x69d/0x770 [ 2839.570655][T18004] ksys_write+0xce/0x180 [ 2839.574883][T18004] __x64_sys_write+0x3e/0x50 [ 2839.579478][T18004] do_syscall_64+0x3d/0x90 [ 2839.583876][T18004] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 2839.589766][T18004] RIP: 0033:0x4665e9 [ 2839.593641][T18004] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 07:38:50 executing program 0: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, 0x0, 0xe7) write$nbd(r0, &(0x7f0000000080)={0x67446698, 0xffffffff}, 0x10) 07:38:50 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd5000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 2839.613241][T18004] RSP: 002b:00007fdb39a02188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2839.621641][T18004] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665e9 [ 2839.629594][T18004] RDX: 00000000fffffdef RSI: 0000000020000480 RDI: 0000000000000003 [ 2839.637565][T18004] RBP: 00007fdb39a021d0 R08: 0000000000000000 R09: 0000000000000000 [ 2839.645534][T18004] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2839.653516][T18004] R13: 00007ffca9e2055f R14: 00007fdb39a02300 R15: 0000000000022000 07:38:50 executing program 3: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xe7) write$nbd(r0, &(0x7f0000000080), 0xf19) 07:38:50 executing program 0: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, 0x0, 0xe7) write$nbd(r0, &(0x7f0000000080), 0x10) 07:38:50 executing program 4: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, 0x0, 0x7fffffffffffffff) ioctl$GIO_UNISCRNMAP(r0, 0x4b69, &(0x7f0000000bc0)=""/4096) socket$netlink(0x10, 0x3, 0x0) r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000700), 0x40000, 0x0) recvmsg$unix(r1, &(0x7f0000000b80)={&(0x7f0000000740), 0x6e, 0x0}, 0x0) mlockall(0x6) r2 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000700), 0x40000, 0x0) recvmsg$unix(r2, &(0x7f0000000b80)={&(0x7f0000000740), 0x6e, 0x0}, 0x0) write$sndseq(r2, &(0x7f00000001c0)=[{0x20, 0x6, 0x1d, 0x9, @tick, {0xff, 0x40}, {0x1, 0x6}, @quote={{0x6, 0xd}, 0x5, &(0x7f0000000000)={0x80, 0x8, 0x2, 0x8, @tick=0x5, {0x0, 0x1}, {0x6, 0x9}, @raw8={"372a4110a6f015ed889fc575"}}}}, {0x40, 0x7, 0xd4, 0x3, @time={0x9, 0x4}, {0x7, 0xb}, {0x81, 0x6c}, @note={0x40, 0x8, 0x40, 0x0, 0x9}}, {0x6, 0x6, 0x4, 0x3, @tick=0x4, {0x1, 0x6}, {0x0, 0x4}, @control={0x20, 0x7ff, 0xb065}}, {0x80, 0xa5, 0x3f, 0x3f, @tick=0x1, {0x8, 0x1}, {0x1, 0x8}, @note={0x1, 0x81, 0x8, 0x0, 0x6}}, {0x5, 0x6, 0x7, 0x3, @tick=0x1f, {0x3f, 0xcf}, {0x20, 0x8}, @raw8={"3d689f949f30a38595d8509f"}}, {0x1, 0x5, 0x1c, 0x4, @time={0x31, 0x10000}, {0x15, 0xf7}, {0x2, 0x1}, @connect={{0x0, 0xf9}, {0x5, 0x99}}}, {0x0, 0xff, 0xf9, 0x4, @time={0x8, 0x5}, {0x1, 0x91}, {0x8, 0x2}, @ext={0x92, &(0x7f0000000040)="3fa8ea51643f9810691226c3f35d30ba66fc615b2c36af86699a2b08d01c95002e921076cda1dcd0dc7b885679a9556a96beb2ea11b779ec1f729316160b3f668e15988f1ae0e82ce65a6412c248808065e41cae6438028341a112991ea850b193ab397ef28f4a9f55c9efd69a9e1c43487c26d22f6c36eb47580f0c92da448671b4ca2c0ee80c8f6a951a54ae6e42d72a62"}}, {0x81, 0x51, 0x3, 0xff, @tick=0x8, {0x5, 0x4}, {0x0, 0x7f}, @note={0x0, 0x4c, 0x81, 0xbb, 0x101}}, {0x80, 0x7f, 0x8, 0x2, @time={0x4, 0x3}, {0x8, 0x20}, {0x9, 0x6}, @time=@tick=0x8}], 0xfc) io_uring_register$IORING_UNREGISTER_FILES(r1, 0x3, 0x0, 0x0) r3 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) ioctl$KDSKBMODE(r3, 0x4b45, 0x0) ioctl$VT_RESIZEX(r3, 0x560a, &(0x7f0000000100)={0x81, 0x380, 0x4, 0x0, 0x4, 0x1}) 07:38:50 executing program 3: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xe7) write$nbd(r0, &(0x7f0000000080), 0xfdef) [ 2839.804652][T18001] FAT-fs (loop5): invalid media value (0xe1) [ 2839.810722][T18001] FAT-fs (loop5): Can't find a valid FAT filesystem 07:38:50 executing program 2 (fault-call:1 fault-nth:13): r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xfffffdef) 07:38:50 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd5010000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 2839.866712][T18001] loop5: detected capacity change from 0 to 202500 [ 2839.879764][T18001] FAT-fs (loop5): invalid media value (0xe1) [ 2839.885823][T18001] FAT-fs (loop5): Can't find a valid FAT filesystem 07:38:50 executing program 5: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x0, 0x2, &(0x7f0000000440)=[{0x0, 0x0, 0x1ff0f0000}, {&(0x7f0000000400)="b6e4ba5e97a999bfce4e9bf4475031d183cbe1", 0x13, 0x3}], 0x0, &(0x7f0000000000)={[{@fat=@time_offset={'time_offset', 0x3d, 0xfffffffffffffc11}}]}) 07:38:50 executing program 0: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, 0x0, 0xe7) write$nbd(r0, &(0x7f0000000080)={0x67446698, 0x0, 0x2}, 0x10) 07:38:50 executing program 4: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) write$nbd(r1, 0x0, 0xfffffffffffffc4c) pidfd_send_signal(r0, 0x8, &(0x7f0000000040)={0x20, 0x1ce2, 0x1}, 0x0) 07:38:50 executing program 3: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xe7) write$nbd(r0, &(0x7f0000000080), 0x87fff19) [ 2839.931446][T18047] FAULT_INJECTION: forcing a failure. [ 2839.931446][T18047] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 2839.944705][T18047] CPU: 0 PID: 18047 Comm: syz-executor.2 Not tainted 5.14.0-rc4-syzkaller #0 [ 2839.953463][T18047] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2839.963512][T18047] Call Trace: [ 2839.966787][T18047] dump_stack_lvl+0xb7/0x103 [ 2839.971412][T18047] dump_stack+0x11/0x1a [ 2839.975568][T18047] should_fail+0x23c/0x250 07:38:50 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd5020000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 07:38:50 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd5030000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 2839.980003][T18047] __alloc_pages+0x102/0x320 [ 2839.984589][T18047] alloc_pages_vma+0x513/0x680 [ 2839.989356][T18047] shmem_getpage_gfp+0x954/0x13d0 [ 2839.994388][T18047] shmem_write_begin+0x7e/0x100 [ 2839.999233][T18047] generic_perform_write+0x196/0x3c0 [ 2840.004530][T18047] ? shmem_write_begin+0x100/0x100 [ 2840.009638][T18047] __generic_file_write_iter+0x161/0x300 [ 2840.015289][T18047] ? generic_write_checks+0x242/0x290 [ 2840.020730][T18047] generic_file_write_iter+0x75/0x130 [ 2840.026187][T18047] vfs_write+0x69d/0x770 07:38:50 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd5040000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 2840.030421][T18047] ksys_write+0xce/0x180 [ 2840.034730][T18047] __x64_sys_write+0x3e/0x50 [ 2840.039317][T18047] do_syscall_64+0x3d/0x90 [ 2840.043757][T18047] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 2840.049652][T18047] RIP: 0033:0x4665e9 [ 2840.053532][T18047] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2840.056140][T18054] loop5: detected capacity change from 0 to 204544 07:38:51 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd6000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 2840.073127][T18047] RSP: 002b:00007fdb39a02188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2840.073150][T18047] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665e9 [ 2840.073161][T18047] RDX: 00000000fffffdef RSI: 0000000020000480 RDI: 0000000000000003 [ 2840.073171][T18047] RBP: 00007fdb39a021d0 R08: 0000000000000000 R09: 0000000000000000 [ 2840.073183][T18047] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2840.115371][T18054] FAT-fs (loop5): invalid media value (0xe1) 07:38:51 executing program 0: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, 0x0, 0xe7) write$nbd(r0, &(0x7f0000000080)={0x67446698, 0x0, 0x3}, 0x10) [ 2840.120187][T18047] R13: 00007ffca9e2055f R14: 00007fdb39a02300 R15: 0000000000022000 [ 2840.134174][T18054] FAT-fs (loop5): Can't find a valid FAT filesystem 07:38:51 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd6010000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 07:38:51 executing program 2 (fault-call:1 fault-nth:14): r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xfffffdef) 07:38:51 executing program 0: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, 0x0, 0xe7) write$nbd(r0, &(0x7f0000000080)={0x67446698, 0x0, 0x4}, 0x10) 07:38:51 executing program 5: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x0, 0x2, &(0x7f0000000440)=[{0x0, 0x0, 0x1fffdffff}, {&(0x7f0000000400)="b6e4ba5e97a999bfce4e9bf4475031d183cbe1", 0x13, 0x3}], 0x0, &(0x7f0000000000)={[{@fat=@time_offset={'time_offset', 0x3d, 0xfffffffffffffc11}}]}) 07:38:51 executing program 4: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) r1 = socket(0x25, 0x5, 0x80000000) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000000), &(0x7f0000000040)=0xc) write$nbd(r0, 0x0, 0x7fffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_ipv6_tunnel_SIOCCHGPRL(r0, 0x89f7, &(0x7f00000009c0)={'ip6_vti0\x00', &(0x7f0000000940)={'syztnl1\x00', 0x0, 0x2f, 0x9, 0x3, 0xffffffff, 0x0, @ipv4={'\x00', '\xff\xff', @local}, @empty, 0x8, 0x80, 0x1, 0x80000001}}) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000a00)={'batadv_slave_1\x00', 0x0}) sendmsg$TEAM_CMD_NOOP(r3, &(0x7f00000031c0)={&(0x7f0000000900)={0x10, 0x0, 0x0, 0x8800200}, 0xc, &(0x7f0000003180)={&(0x7f0000000bc0)={0xc, 0x0, 0x100, 0x0, 0x0, {}, [{{0x0, 0x1, r4}, {0x0, 0x2, 0x0, 0x1, [{0x0, 0x1, @mcast_rejoin_count}]}}, {{}, {0x0, 0x2, 0x0, 0x1, [{0x0, 0x1, @name={{}, {}, {0x0, 0x4, 'loadbalance\x00'}}}, {0x0, 0x1, @priority={{}, {0x0, 0x6, r5}}}, {0x0, 0x1, @priority={{{}, {}, {0x0, 0x4, 0x101}}, {0x0, 0x6, r4}}}, {0x0, 0x1, @lb_tx_method={{}, {}, {0x0, 0x4, 'hash_to_port_mapping\x00'}}}, {0x0, 0x1, @user_linkup={{}, {0x0, 0x6, r4}}}, {0x0, 0x1, @lb_tx_hash_to_port_mapping={{{}, {}, {0x0, 0x4, r4}}}}, {0x0, 0x1, @name={{}, {}, {0x0, 0x4, 'random\x00'}}}, {0x0, 0x1, @lb_tx_hash_to_port_mapping={{{}, {}, {0x0, 0x4, r4}}}}]}}]}, 0x14}, 0x1, 0x0, 0x0, 0x4080000}, 0x0) ioctl$sock_ipv6_tunnel_SIOCDELPRL(r0, 0x89f6, &(0x7f0000000140)={'ip6gre0\x00', &(0x7f00000000c0)={'sit0\x00', 0x0, 0x2f, 0x81, 0xb5, 0x2, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @empty, 0x80, 0x40, 0x2, 0xffffffff}}) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r1, 0x89f1, &(0x7f0000000240)={'syztnl0\x00', &(0x7f00000001c0)={'sit0\x00', 0x0, 0x4, 0x1f, 0x79, 0x6, 0x21, @loopback, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x20, 0x700, 0x8, 0x2}}) ioctl$sock_ipv6_tunnel_SIOCCHGPRL(r1, 0x89f7, &(0x7f0000000300)={'syztnl0\x00', &(0x7f0000000280)={'ip6_vti0\x00', 0x0, 0x2f, 0x60, 0x7, 0x101, 0x10, @remote, @empty, 0x700, 0x8049, 0x6, 0x5}}) ioctl$sock_ipv6_tunnel_SIOCGET6RD(r0, 0x89f8, &(0x7f00000003c0)={'ip6_vti0\x00', &(0x7f0000000340)={'syztnl1\x00', 0x0, 0x2f, 0x80, 0xa2, 0x80000000, 0x9, @private1={0xfc, 0x1, '\x00', 0x1}, @local, 0x7, 0x80, 0x63c, 0x1000}}) r9 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000700), 0x40000, 0x0) recvmsg$unix(r9, &(0x7f0000000b80)={&(0x7f0000000740), 0x6e, 0x0}, 0x0) setsockopt$inet6_udp_int(r9, 0x11, 0x1, &(0x7f0000000840)=0x5, 0x4) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x8933, &(0x7f0000000880)={'batadv_slave_1\x00', 0x0}) sendmsg$TEAM_CMD_OPTIONS_SET(r2, &(0x7f0000000800)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f00000007c0)={&(0x7f0000000400)={0x3b4, 0x0, 0x100, 0x70bd28, 0x25dfdbfb, {}, [{{0x8, 0x1, r6}, {0xb4, 0x2, 0x0, 0x1, [{0x40, 0x1, @lb_port_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x2}}, {0x8}}}, {0x38, 0x1, @mcast_rejoin_interval={{0x24}, {0x5}, {0x8, 0x4, 0xe22}}}, {0x38, 0x1, @mcast_rejoin_interval={{0x24}, {0xfffffffffffffe7e}, {0x8, 0x4, 0x2}}}]}}, {{0x8}, {0x1e0, 0x2, 0x0, 0x1, [{0x6c, 0x1, @bpf_hash_func={{0x24}, {0x5}, {0x3c, 0x4, [{0x6, 0x1f, 0x2, 0x2}, {0x1, 0x8, 0x98, 0x40}, {0x200, 0xc0, 0x6, 0xfffffff7}, {0x5253, 0x3, 0x3, 0x1}, {0xd7ea, 0x1f, 0x9, 0x8}, {0x6, 0x81, 0x7f, 0x1}, {0x6, 0x7, 0x7, 0x20}]}}}, {0x44, 0x1, @bpf_hash_func={{0x24}, {0x5}, {0x14, 0x4, [{0x97d, 0x2, 0x28, 0x6}, {0x1, 0x6, 0x9, 0x5}]}}}, {0x38, 0x1, @mcast_rejoin_interval={{0x24}, {0x5}, {0x8, 0x4, 0x9}}}, {0x40, 0x1, @lb_port_stats={{{0x24}, {0x5}, {0x8, 0x4, 0xed8}}, {0x8, 0x6, r10}}}, {0x38, 0x1, @activeport={{0x24}, {0x5}, {0x8}}}, {0x3c, 0x1, @enabled={{{0x24}, {0x5}, {0x4}}, {0x8}}}, {0x40, 0x1, @queue_id={{{0x24}, {0x5}, {0x8, 0x4, 0x3}}, {0x8, 0x6, r7}}}]}}, {{0x8}, {0xf4, 0x2, 0x0, 0x1, [{0x38, 0x1, @lb_stats_refresh_interval={{0x24}, {0x5}, {0x8, 0x4, 0x4d}}}, {0x44, 0x1, @name={{0x24}, {0x5}, {0x11, 0x4, 'activebackup\x00'}}}, {0x3c, 0x1, @user_linkup={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r8}}}, {0x38, 0x1, @notify_peers_interval={{0x24}, {0x5}, {0x8}}}]}}]}, 0x3b4}, 0x1, 0x0, 0x0, 0x50}, 0x44000) 07:38:51 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd6020000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 2840.286641][T18054] loop5: detected capacity change from 0 to 204544 [ 2840.313278][T18054] FAT-fs (loop5): invalid media value (0xe1) [ 2840.319289][T18054] FAT-fs (loop5): Can't find a valid FAT filesystem [ 2840.365482][T18096] FAULT_INJECTION: forcing a failure. [ 2840.365482][T18096] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2840.378551][T18096] CPU: 1 PID: 18096 Comm: syz-executor.2 Not tainted 5.14.0-rc4-syzkaller #0 [ 2840.387311][T18096] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2840.397354][T18096] Call Trace: [ 2840.400627][T18096] dump_stack_lvl+0xb7/0x103 [ 2840.405216][T18096] dump_stack+0x11/0x1a [ 2840.409365][T18096] should_fail+0x23c/0x250 [ 2840.413822][T18096] should_fail_usercopy+0x16/0x20 [ 2840.418890][T18096] copy_page_from_iter_atomic+0x2c1/0xba0 [ 2840.424612][T18096] ? shmem_write_begin+0x7e/0x100 [ 2840.429632][T18096] generic_perform_write+0x1df/0x3c0 [ 2840.434918][T18096] ? shmem_write_begin+0x100/0x100 [ 2840.440019][T18096] __generic_file_write_iter+0x161/0x300 [ 2840.445651][T18096] ? generic_write_checks+0x242/0x290 [ 2840.451015][T18096] generic_file_write_iter+0x75/0x130 [ 2840.456406][T18096] vfs_write+0x69d/0x770 [ 2840.460641][T18096] ksys_write+0xce/0x180 07:38:51 executing program 3: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xe7) write$nbd(r0, &(0x7f0000000080), 0x20000090) 07:38:51 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd6030000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 2840.464871][T18096] __x64_sys_write+0x3e/0x50 [ 2840.469450][T18096] do_syscall_64+0x3d/0x90 [ 2840.473852][T18096] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 2840.479786][T18096] RIP: 0033:0x4665e9 [ 2840.483669][T18096] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2840.503346][T18096] RSP: 002b:00007fdb39a02188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 07:38:51 executing program 0: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, 0x0, 0xe7) write$nbd(r0, &(0x7f0000000080)={0x67446698, 0x0, 0x5}, 0x10) [ 2840.511767][T18096] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665e9 [ 2840.519770][T18096] RDX: 00000000fffffdef RSI: 0000000020000480 RDI: 0000000000000003 [ 2840.527738][T18096] RBP: 00007fdb39a021d0 R08: 0000000000000000 R09: 0000000000000000 [ 2840.535698][T18096] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2840.543716][T18096] R13: 00007ffca9e2055f R14: 00007fdb39a02300 R15: 0000000000022000 07:38:51 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd6040000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 07:38:51 executing program 4: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x468180, 0x0) write$nbd(r0, 0x0, 0x7fffffffffffffff) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_INFO(r0, 0xc08c5334, &(0x7f0000000000)={0x4, 0x2, 0x0, 'queue1\x00', 0x5}) [ 2840.571160][T18097] loop5: detected capacity change from 0 to 264192 [ 2840.611265][T18097] FAT-fs (loop5): invalid media value (0xe1) 07:38:51 executing program 0: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, 0x0, 0xe7) write$nbd(r0, &(0x7f0000000080)={0x67446698, 0x0, 0x8}, 0x10) [ 2840.617350][T18097] FAT-fs (loop5): Can't find a valid FAT filesystem 07:38:51 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd7000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 2840.719170][T18097] loop5: detected capacity change from 0 to 264192 [ 2840.734505][T18097] FAT-fs (loop5): invalid media value (0xe1) [ 2840.740552][T18097] FAT-fs (loop5): Can't find a valid FAT filesystem 07:38:51 executing program 2 (fault-call:1 fault-nth:15): r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xfffffdef) 07:38:51 executing program 4: openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4f0501, 0x0) r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000700), 0x40000, 0x0) recvmsg$unix(r0, &(0x7f0000000b80)={&(0x7f0000000740), 0x6e, 0x0}, 0x0) write$nbd(r0, 0x0, 0x800000000000005e) 07:38:51 executing program 0: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, 0x0, 0xe7) write$nbd(r0, &(0x7f0000000080)={0x67446698, 0x0, 0x10}, 0x10) 07:38:51 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd7010000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 07:38:51 executing program 5: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x0, 0x2, &(0x7f0000000440)=[{0x0, 0x0, 0x1fffffdf9}, {&(0x7f0000000400)="b6e4ba5e97a999bfce4e9bf4475031d183cbe1", 0x13, 0x3}], 0x0, &(0x7f0000000000)={[{@fat=@time_offset={'time_offset', 0x3d, 0xfffffffffffffc11}}]}) [ 2840.928890][T18152] FAULT_INJECTION: forcing a failure. [ 2840.928890][T18152] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 2840.942137][T18152] CPU: 1 PID: 18152 Comm: syz-executor.2 Not tainted 5.14.0-rc4-syzkaller #0 [ 2840.950894][T18152] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2840.960947][T18152] Call Trace: [ 2840.962409][T18155] loop5: detected capacity change from 0 to 264192 [ 2840.964215][T18152] dump_stack_lvl+0xb7/0x103 07:38:51 executing program 3: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xe7) write$nbd(r0, &(0x7f0000000080), 0x7ffff000) 07:38:51 executing program 4: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, 0x0, 0x7fffffffffffffff) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f0000000040)={0x7, &(0x7f0000000000)=[{0x8, 0xff, 0x7, 0x6}, {0x4, 0x3f, 0xe9, 0x81}, {0xff, 0x6, 0x3, 0x5}, {0x80, 0x0, 0x2, 0x8001}, {0xc00, 0x5, 0x20, 0x1}, {0xd6, 0x38, 0x36, 0x8}, {0x100, 0x8, 0x1, 0x100}]}) 07:38:51 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd7020000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 2840.975315][T18152] dump_stack+0x11/0x1a [ 2840.979466][T18152] should_fail+0x23c/0x250 [ 2840.983883][T18152] __alloc_pages+0x102/0x320 [ 2840.988467][T18152] alloc_pages_vma+0x513/0x680 [ 2840.993303][T18152] shmem_getpage_gfp+0x954/0x13d0 [ 2840.998519][T18152] shmem_write_begin+0x7e/0x100 [ 2841.003368][T18152] generic_perform_write+0x196/0x3c0 [ 2841.008652][T18152] ? shmem_write_begin+0x100/0x100 [ 2841.013756][T18152] __generic_file_write_iter+0x161/0x300 [ 2841.019428][T18152] ? generic_write_checks+0x242/0x290 07:38:51 executing program 4: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TEMPO(r0, 0xc02c5341, &(0x7f0000000000)) write$nbd(r0, 0x0, 0x7fffffffffffffff) [ 2841.024851][T18152] generic_file_write_iter+0x75/0x130 [ 2841.030307][T18152] vfs_write+0x69d/0x770 [ 2841.032297][T18155] FAT-fs (loop5): invalid media value (0xe1) [ 2841.034544][T18152] ksys_write+0xce/0x180 [ 2841.040535][T18155] FAT-fs (loop5): Can't find a valid FAT filesystem [ 2841.044735][T18152] __x64_sys_write+0x3e/0x50 [ 2841.055857][T18152] do_syscall_64+0x3d/0x90 [ 2841.060304][T18152] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 2841.066260][T18152] RIP: 0033:0x4665e9 07:38:52 executing program 0: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, 0x0, 0xe7) write$nbd(r0, &(0x7f0000000080)={0x67446698, 0x0, 0x204}, 0x10) [ 2841.070142][T18152] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2841.089785][T18152] RSP: 002b:00007fdb39a02188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2841.098191][T18152] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665e9 [ 2841.106154][T18152] RDX: 00000000fffffdef RSI: 0000000020000480 RDI: 0000000000000003 [ 2841.114244][T18152] RBP: 00007fdb39a021d0 R08: 0000000000000000 R09: 0000000000000000 07:38:52 executing program 4: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, 0x0, 0x7fffffffffffffff) sendmsg$IPCTNL_MSG_TIMEOUT_NEW(r0, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f00000000c0)={&(0x7f0000000040)={0x58, 0x0, 0x8, 0x5, 0x0, 0x0, {0x5, 0x0, 0x8}, [@CTA_TIMEOUT_DATA={0x44, 0x4, 0x0, 0x1, @icmpv6=[@CTA_TIMEOUT_ICMPV6_TIMEOUT={0x8, 0x1, 0x1, 0x0, 0x2}, @CTA_TIMEOUT_ICMPV6_TIMEOUT={0x8, 0x1, 0x1, 0x0, 0x9}, @CTA_TIMEOUT_ICMPV6_TIMEOUT={0x8, 0x1, 0x1, 0x0, 0x1f}, @CTA_TIMEOUT_ICMPV6_TIMEOUT={0x8, 0x1, 0x1, 0x0, 0x3}, @CTA_TIMEOUT_ICMPV6_TIMEOUT={0x8, 0x1, 0x1, 0x0, 0x2}, @CTA_TIMEOUT_ICMPV6_TIMEOUT={0x8, 0x1, 0x1, 0x0, 0x1}, @CTA_TIMEOUT_ICMPV6_TIMEOUT={0x8, 0x1, 0x1, 0x0, 0x6}, @CTA_TIMEOUT_ICMPV6_TIMEOUT={0x8, 0x1, 0x1, 0x0, 0x9}]}]}, 0x58}, 0x1, 0x0, 0x0, 0x4}, 0x800) pipe(&(0x7f0000000200)={0xffffffffffffffff}) ioctl$sock_inet6_udp_SIOCOUTQ(r1, 0x5411, &(0x7f00000001c0)) [ 2841.122209][T18152] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2841.130178][T18152] R13: 00007ffca9e2055f R14: 00007fdb39a02300 R15: 0000000000022000 07:38:52 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd7030000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 2841.173026][T18155] loop5: detected capacity change from 0 to 264192 [ 2841.191309][T18155] FAT-fs (loop5): invalid media value (0xe1) [ 2841.197342][T18155] FAT-fs (loop5): Can't find a valid FAT filesystem 07:38:52 executing program 2 (fault-call:1 fault-nth:16): r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xfffffdef) 07:38:52 executing program 4: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) openat$nvram(0xffffffffffffff9c, &(0x7f0000000000), 0x28242, 0x0) write$nbd(r0, 0x0, 0x7fffffffffffffff) 07:38:52 executing program 0: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, 0x0, 0xe7) write$nbd(r0, &(0x7f0000000080)={0x67446698, 0x0, 0x300}, 0x10) 07:38:52 executing program 5: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x0, 0x2, &(0x7f0000000440)=[{0x0, 0x0, 0x1fffffdfd}, {&(0x7f0000000400)="b6e4ba5e97a999bfce4e9bf4475031d183cbe1", 0x13, 0x3}], 0x0, &(0x7f0000000000)={[{@fat=@time_offset={'time_offset', 0x3d, 0xfffffffffffffc11}}]}) 07:38:52 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd7040000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 07:38:52 executing program 3: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xe7) write$nbd(r0, &(0x7f0000000080), 0xfffffdef) [ 2841.309316][T18204] FAULT_INJECTION: forcing a failure. [ 2841.309316][T18204] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2841.322401][T18204] CPU: 0 PID: 18204 Comm: syz-executor.2 Not tainted 5.14.0-rc4-syzkaller #0 [ 2841.331158][T18204] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2841.341208][T18204] Call Trace: [ 2841.344491][T18204] dump_stack_lvl+0xb7/0x103 [ 2841.349769][T18204] dump_stack+0x11/0x1a [ 2841.353908][T18204] should_fail+0x23c/0x250 [ 2841.358332][T18204] should_fail_usercopy+0x16/0x20 [ 2841.363366][T18204] copy_page_from_iter_atomic+0x2c1/0xba0 [ 2841.369127][T18204] ? shmem_write_begin+0x7e/0x100 [ 2841.374138][T18204] generic_perform_write+0x1df/0x3c0 [ 2841.379500][T18204] ? shmem_write_begin+0x100/0x100 [ 2841.381336][T18207] loop5: detected capacity change from 0 to 264192 [ 2841.384651][T18204] __generic_file_write_iter+0x161/0x300 [ 2841.396803][T18204] ? generic_write_checks+0x242/0x290 [ 2841.402174][T18204] generic_file_write_iter+0x75/0x130 [ 2841.407631][T18204] vfs_write+0x69d/0x770 [ 2841.411900][T18204] ksys_write+0xce/0x180 [ 2841.416180][T18204] __x64_sys_write+0x3e/0x50 [ 2841.420771][T18204] do_syscall_64+0x3d/0x90 [ 2841.425226][T18204] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 2841.431161][T18204] RIP: 0033:0x4665e9 [ 2841.435039][T18204] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 07:38:52 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd8000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 07:38:52 executing program 0: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, 0x0, 0xe7) write$nbd(r0, &(0x7f0000000080)={0x67446698, 0x0, 0x402}, 0x10) [ 2841.454630][T18204] RSP: 002b:00007fdb39a02188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2841.463212][T18204] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665e9 [ 2841.471185][T18204] RDX: 00000000fffffdef RSI: 0000000020000480 RDI: 0000000000000003 [ 2841.479197][T18204] RBP: 00007fdb39a021d0 R08: 0000000000000000 R09: 0000000000000000 [ 2841.487150][T18204] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2841.495101][T18204] R13: 00007ffca9e2055f R14: 00007fdb39a02300 R15: 0000000000022000 07:38:52 executing program 4: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) syz_open_pts(r0, 0x20200) write$nbd(r0, 0x0, 0x7fffffffffffffff) [ 2841.537646][T18207] FAT-fs (loop5): invalid media value (0xe1) [ 2841.543720][T18207] FAT-fs (loop5): Can't find a valid FAT filesystem 07:38:52 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd8010000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 07:38:52 executing program 0: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, 0x0, 0xe7) write$nbd(r0, &(0x7f0000000080)={0x67446698, 0x0, 0x406}, 0x10) 07:38:52 executing program 4: openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x800, 0x0) write$nbd(r0, 0x0, 0x7fffffffffffffff) [ 2841.635154][T18207] loop5: detected capacity change from 0 to 264192 [ 2841.656885][T18207] FAT-fs (loop5): invalid media value (0xe1) [ 2841.662915][T18207] FAT-fs (loop5): Can't find a valid FAT filesystem 07:38:52 executing program 2 (fault-call:1 fault-nth:17): r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xfffffdef) 07:38:52 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd8020000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 07:38:52 executing program 5: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x0, 0x2, &(0x7f0000000440)=[{0x0, 0x0, 0x1fffffdff}, {&(0x7f0000000400)="b6e4ba5e97a999bfce4e9bf4475031d183cbe1", 0x13, 0x3}], 0x0, &(0x7f0000000000)={[{@fat=@time_offset={'time_offset', 0x3d, 0xfffffffffffffc11}}]}) 07:38:52 executing program 0: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, 0x0, 0xe7) write$nbd(r0, &(0x7f0000000080)={0x67446698, 0x0, 0x500}, 0x10) 07:38:52 executing program 3: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xe7) write$nbd(r0, &(0x7f0000000080), 0x7fffffffffffff18) [ 2841.816611][T18249] loop5: detected capacity change from 0 to 264192 [ 2841.821362][T18250] FAULT_INJECTION: forcing a failure. [ 2841.821362][T18250] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 2841.836352][T18250] CPU: 1 PID: 18250 Comm: syz-executor.2 Not tainted 5.14.0-rc4-syzkaller #0 [ 2841.845107][T18250] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2841.855161][T18250] Call Trace: [ 2841.858435][T18250] dump_stack_lvl+0xb7/0x103 07:38:52 executing program 0: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, 0x0, 0xe7) write$nbd(r0, &(0x7f0000000080)={0x67446698, 0x0, 0x604}, 0x10) [ 2841.863137][T18250] dump_stack+0x11/0x1a [ 2841.863652][T18249] FAT-fs (loop5): invalid media value (0xe1) [ 2841.867291][T18250] should_fail+0x23c/0x250 [ 2841.873286][T18249] FAT-fs (loop5): Can't find a valid FAT filesystem [ 2841.877664][T18250] __alloc_pages+0x102/0x320 [ 2841.888830][T18250] alloc_pages_vma+0x513/0x680 [ 2841.893649][T18250] shmem_getpage_gfp+0x954/0x13d0 [ 2841.898689][T18250] shmem_write_begin+0x7e/0x100 [ 2841.903531][T18250] generic_perform_write+0x196/0x3c0 [ 2841.908825][T18250] ? shmem_write_begin+0x100/0x100 07:38:52 executing program 0: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, 0x0, 0xe7) write$nbd(r0, &(0x7f0000000080)={0x67446698, 0x0, 0x3f00}, 0x10) [ 2841.913934][T18250] __generic_file_write_iter+0x161/0x300 [ 2841.919570][T18250] ? generic_write_checks+0x242/0x290 [ 2841.924937][T18250] generic_file_write_iter+0x75/0x130 [ 2841.930343][T18250] vfs_write+0x69d/0x770 [ 2841.934578][T18250] ksys_write+0xce/0x180 [ 2841.938939][T18250] __x64_sys_write+0x3e/0x50 [ 2841.943525][T18250] do_syscall_64+0x3d/0x90 [ 2841.947941][T18250] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 2841.953853][T18250] RIP: 0033:0x4665e9 07:38:52 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd8030000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 2841.957744][T18250] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2841.977353][T18250] RSP: 002b:00007fdb39a02188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2841.985767][T18250] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665e9 [ 2841.993747][T18250] RDX: 00000000fffffdef RSI: 0000000020000480 RDI: 0000000000000003 [ 2842.001715][T18250] RBP: 00007fdb39a021d0 R08: 0000000000000000 R09: 0000000000000000 [ 2842.009711][T18250] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 07:38:52 executing program 0: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, 0x0, 0xe7) write$nbd(r0, &(0x7f0000000080)={0x67446698, 0x0, 0x4000}, 0x10) 07:38:52 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TEAM_CMD_NOOP(r0, &(0x7f00000031c0)={&(0x7f0000002c40)={0x10, 0x0, 0x0, 0x8800200}, 0xc, &(0x7f0000003180)={&(0x7f0000002e80)={0x14}, 0x14}}, 0x0) syz_genetlink_get_family_id$batadv(&(0x7f0000000a40), r0) getsockname$packet(0xffffffffffffffff, &(0x7f0000000080)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @remote}, &(0x7f00000000c0)=0x14) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'batadv0\x00', 0x0}) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f0000000140)={'team0\x00', 0x0}) getsockname$packet(0xffffffffffffffff, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @random}, &(0x7f0000000200)=0x14) ioctl$sock_ipv6_tunnel_SIOCCHGPRL(0xffffffffffffffff, 0x89f7, &(0x7f00000002c0)={'sit0\x00', &(0x7f0000000240)={'syztnl1\x00', 0x0, 0x29, 0x0, 0x4, 0x8, 0x40, @ipv4={'\x00', '\xff\xff', @initdev={0xac, 0x1e, 0x1, 0x0}}, @rand_addr=' \x01\x00', 0x700, 0x1, 0xdb, 0x8000}}) getsockname$packet(0xffffffffffffffff, &(0x7f0000000300)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @random}, &(0x7f0000000340)=0x14) ioctl$sock_ipv6_tunnel_SIOCCHGPRL(0xffffffffffffffff, 0x89f7, &(0x7f0000000400)={'syztnl2\x00', &(0x7f0000000380)={'ip6gre0\x00', 0x0, 0x29, 0x3d, 0x80, 0xffffffff, 0x59, @remote, @empty, 0x1, 0x10, 0x5, 0xf8ed}}) sendmsg$TEAM_CMD_OPTIONS_SET(0xffffffffffffffff, &(0x7f0000000a00)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f00000009c0)={&(0x7f0000000440)={0x570, 0x0, 0x2, 0x70bd2d, 0x25dfdbfb, {}, [{{0x8, 0x1, r1}, {0x44, 0x2, 0x0, 0x1, [{0x40, 0x1, @name={{0x24}, {0x5}, {0xe, 0x4, 'broadcast\x00'}}}]}}, {{0x8}, {0xb0, 0x2, 0x0, 0x1, [{0x3c, 0x1, @user_linkup={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r2}}}, {0x38, 0x1, @notify_peers_interval={{0x24}, {0x5}, {0x8, 0x4, 0x3}}}, {0x38, 0x1, @mcast_rejoin_count={{0x24}, {0x5}, {0x8, 0x4, 0x6}}}]}}, {{0x8, 0x1, r3}, {0x104, 0x2, 0x0, 0x1, [{0x40, 0x1, @priority={{{0x24}, {0x5}, {0x8, 0x4, 0x3f}}, {0x8}}}, {0x3c, 0x1, @user_linkup={{{0x24}, {0x5}, {0x4}}, {0x8}}}, {0x38, 0x1, @mcast_rejoin_interval={{0x24}, {0x5}, {0x8, 0x4, 0x80000000}}}, {0x4c, 0x1, @lb_tx_method={{0x24}, {0x5}, {0x19, 0x4, 'hash_to_port_mapping\x00'}}}]}}, {{0x8}, {0x78, 0x2, 0x0, 0x1, [{0x34, 0x1, @bpf_hash_func={{0x24}, {0x5}, {0x4}}}, {0x40, 0x1, @lb_hash_stats={{{0x24}, {0x5}, {0x8, 0x4, 0xb1}}, {0x8}}}]}}, {{0x8}, {0xb8, 0x2, 0x0, 0x1, [{0x40, 0x1, @lb_tx_hash_to_port_mapping={{{0x24}, {0x5}, {0x8, 0x4, r4}}, {0x8}}}, {0x3c, 0x1, @enabled={{{0x24}, {0x5}, {0x4}}, {0x8}}}, {0x38, 0x1, @activeport={{0x24}, {0x5}, {0x8, 0x4, r5}}}]}}, {{0x8, 0x1, r6}, {0x3c, 0x2, 0x0, 0x1, [{0x38, 0x1, @notify_peers_interval={{0x24}, {0x5}, {0x8, 0x4, 0x4}}}]}}, {{0x8}, {0x128, 0x2, 0x0, 0x1, [{0x38, 0x1, @notify_peers_count={{0x24}, {0x5}, {0x8, 0x4, 0xa04}}}, {0x38, 0x1, @notify_peers_interval={{0x24}, {0x5}, {0x8, 0x4, 0xfffffffc}}}, {0x3c, 0x1, @user_linkup={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r7}}}, {0x3c, 0x1, @name={{0x24}, {0x5}, {0xb, 0x4, 'random\x00'}}}, {0x3c, 0x1, @enabled={{{0x24}, {0x5}, {0x4}}, {0x8}}}]}}, {{0x8}, {0x90, 0x2, 0x0, 0x1, [{0x54, 0x1, @bpf_hash_func={{0x24}, {0x5}, {0x24, 0x4, [{0x80, 0x1, 0x1, 0x3}, {0x4b, 0x4, 0x4, 0x3}, {0xfffa, 0xf7, 0x2, 0x7}, {0x401, 0x1f, 0x0, 0x200000}]}}}, {0x38, 0x1, @activeport={{0x24}, {0x5}, {0x8}}}]}}]}, 0x570}, 0x1, 0x0, 0x0, 0x8800}, 0x400c081) r8 = syz_open_dev$tty20(0xc, 0x4, 0x0) ioctl$TIOCGISO7816(r8, 0x80285442, &(0x7f0000000000)) r9 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r9, 0x0, 0x7fffffffffffffff) [ 2842.017676][T18250] R13: 00007ffca9e2055f R14: 00007fdb39a02300 R15: 0000000000022000 07:38:53 executing program 3: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xe7) write$nbd(r0, &(0x7f0000000080), 0xfffffffffffffdef) [ 2842.077029][T18249] loop5: detected capacity change from 0 to 264192 07:38:53 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd8040000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 07:38:53 executing program 2 (fault-call:1 fault-nth:18): r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xfffffdef) 07:38:53 executing program 3: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xe7) write$nbd(r0, &(0x7f0000000080), 0xffffffffffffffff) [ 2842.117537][T18249] FAT-fs (loop5): invalid media value (0xe1) [ 2842.123599][T18249] FAT-fs (loop5): Can't find a valid FAT filesystem 07:38:53 executing program 5: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x0, 0x2, &(0x7f0000000440)=[{0x0, 0x0, 0x1ffffff7f}, {&(0x7f0000000400)="b6e4ba5e97a999bfce4e9bf4475031d183cbe1", 0x13, 0x3}], 0x0, &(0x7f0000000000)={[{@fat=@time_offset={'time_offset', 0x3d, 0xfffffffffffffc11}}]}) 07:38:53 executing program 0: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, 0x0, 0xe7) write$nbd(r0, &(0x7f0000000080)={0x67446698, 0x0, 0xffff}, 0x10) 07:38:53 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd9000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 2842.221037][T18291] loop5: detected capacity change from 0 to 264192 [ 2842.221701][T18294] FAULT_INJECTION: forcing a failure. [ 2842.221701][T18294] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2842.241142][T18294] CPU: 1 PID: 18294 Comm: syz-executor.2 Not tainted 5.14.0-rc4-syzkaller #0 [ 2842.249898][T18294] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2842.259953][T18294] Call Trace: [ 2842.263231][T18294] dump_stack_lvl+0xb7/0x103 07:38:53 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd9010000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 2842.267825][T18294] dump_stack+0x11/0x1a [ 2842.272096][T18294] should_fail+0x23c/0x250 [ 2842.276548][T18294] should_fail_usercopy+0x16/0x20 [ 2842.281609][T18294] copy_page_from_iter_atomic+0x2c1/0xba0 [ 2842.287395][T18294] ? shmem_write_begin+0x7e/0x100 [ 2842.292421][T18294] generic_perform_write+0x1df/0x3c0 [ 2842.297719][T18294] ? shmem_write_begin+0x100/0x100 [ 2842.302825][T18294] __generic_file_write_iter+0x161/0x300 [ 2842.308505][T18294] ? generic_write_checks+0x242/0x290 [ 2842.313892][T18294] generic_file_write_iter+0x75/0x130 07:38:53 executing program 3: fork() r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xe7) write$nbd(r0, &(0x7f0000000080), 0x10) 07:38:53 executing program 4: r0 = socket(0x25, 0x6, 0x759) ioctl$sock_ipv6_tunnel_SIOCDELPRL(0xffffffffffffffff, 0x89f6, &(0x7f0000000100)={'syztnl2\x00', &(0x7f0000000080)={'syztnl0\x00', 0x0, 0x2f, 0x1, 0x3, 0x3421b2d, 0x48, @private2, @ipv4={'\x00', '\xff\xff', @loopback}, 0x7800, 0x10, 0x8, 0x3}}) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(0xffffffffffffffff, 0x8933, &(0x7f0000000140)={'batadv0\x00', 0x0}) sendmsg$TEAM_CMD_OPTIONS_GET(r0, &(0x7f0000000380)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000340)={&(0x7f0000000180)=ANY=[@ANYBLOB="a8010000", @ANYRES16=0x0, @ANYBLOB="08002bbd7000fddbdf250200000008000100", @ANYRES32=0x0, @ANYBLOB="400002803c00010024000100757365725f6c696e6b75705f656e61626c65640000000000000000000000000005000300060000000400040008000600", @ANYRES32=0x0, @ANYBLOB="08000100", @ANYRES32=0x0, @ANYBLOB="fc00029f3c00010024000100757365725f6c696e6b75705f656e61626c65640000000000000000000000000005000300060000000400040008000600", @ANYRES32=r1, @ANYBLOB="40000100240001006c625f706f72745f737461747300000000000000000000000000000000000000050003000b000000080004000900000008000600", @ANYRES32=0x0, @ANYBLOB="3c00010024000100656e61626c65640000000000000000000000000000000000000000000000000005000300060000000400040008000600", @ANYRES32=r2, @ANYBLOB="40000100240001006c625f74785f686173685f746f5f706f72745f6d617070696e67000000000000050003000300000008000400", @ANYRES32=0x0, @ANYBLOB="080007000000000008000100", @ANYRES32=0x0, @ANYBLOB="400002803c000100240001006d6f64650000000000000000000000000000000000000000000000000000000005000300050000000b00040072616e646f6d0000"], 0x1a8}, 0x1, 0x0, 0x0, 0x800}, 0x20000844) r3 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x400000, 0x0) write$nbd(r3, 0x0, 0x7fffffffffffffff) [ 2842.319271][T18294] vfs_write+0x69d/0x770 [ 2842.323593][T18294] ksys_write+0xce/0x180 [ 2842.327836][T18294] __x64_sys_write+0x3e/0x50 [ 2842.332447][T18294] do_syscall_64+0x3d/0x90 [ 2842.336854][T18294] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 2842.342822][T18294] RIP: 0033:0x4665e9 [ 2842.346762][T18294] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 07:38:53 executing program 0: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, 0x0, 0xe7) write$nbd(r0, &(0x7f0000000080), 0x10) 07:38:53 executing program 0: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, 0x0, 0xe7) write$nbd(r0, &(0x7f0000000080)={0x67446698, 0x0, 0x0, 0x2}, 0x10) [ 2842.366408][T18294] RSP: 002b:00007fdb39a02188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2842.374846][T18294] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665e9 [ 2842.382886][T18294] RDX: 00000000fffffdef RSI: 0000000020000480 RDI: 0000000000000003 [ 2842.390898][T18294] RBP: 00007fdb39a021d0 R08: 0000000000000000 R09: 0000000000000000 [ 2842.398866][T18294] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2842.406831][T18294] R13: 00007ffca9e2055f R14: 00007fdb39a02300 R15: 0000000000022000 07:38:53 executing program 3: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/bus/workqueue', 0xa000, 0xd0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xe7) write$nbd(r0, &(0x7f0000000080), 0x10) [ 2842.420257][T18291] FAT-fs (loop5): invalid media value (0xe1) [ 2842.426373][T18291] FAT-fs (loop5): Can't find a valid FAT filesystem 07:38:53 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd9020000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 2842.515941][T18291] loop5: detected capacity change from 0 to 264192 [ 2842.528344][T18291] FAT-fs (loop5): invalid media value (0xe1) [ 2842.534371][T18291] FAT-fs (loop5): Can't find a valid FAT filesystem 07:38:53 executing program 2 (fault-call:1 fault-nth:19): r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xfffffdef) 07:38:53 executing program 3: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xe7) write$nbd(r0, &(0x7f0000000080), 0x10) write$nbd(r0, &(0x7f0000000000)={0x67446698, 0x1, 0x3, 0x0, 0x2, "61ee29129bd12ee82e06fce01f565789ea646adca3ef9750bff129c8b85c3b43ebdcc56e654d0498929d71524fa0e1d8390c82bbba429151e41dddf8baba115cfc3c6a13c7692d"}, 0x57) perf_event_open(&(0x7f0000000100)={0x0, 0x80, 0x0, 0x4, 0x3f, 0x9, 0x0, 0x10001, 0x1000, 0xb, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x7ff, 0x1, @perf_bp={&(0x7f00000000c0), 0x4}, 0x8606, 0x1, 0x5, 0xb, 0x5, 0x1, 0x44, 0x0, 0x9, 0x0, 0x4}, 0xffffffffffffffff, 0xf, r0, 0x3) 07:38:53 executing program 4: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4c0501, 0x0) write$nbd(r0, 0x0, 0x7fffffffffffffff) 07:38:53 executing program 0: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, 0x0, 0xe7) write$nbd(r0, &(0x7f0000000080)={0x67446698, 0x0, 0x0, 0x3}, 0x10) 07:38:53 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd9030000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 07:38:53 executing program 5: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x0, 0x2, &(0x7f0000000440)=[{0x0, 0x0, 0x1ffffff85}, {&(0x7f0000000400)="b6e4ba5e97a999bfce4e9bf4475031d183cbe1", 0x13, 0x3}], 0x0, &(0x7f0000000000)={[{@fat=@time_offset={'time_offset', 0x3d, 0xfffffffffffffc11}}]}) 07:38:53 executing program 0: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, 0x0, 0xe7) write$nbd(r0, &(0x7f0000000080)={0x67446698, 0x0, 0x0, 0x4}, 0x10) [ 2842.673396][T18351] loop5: detected capacity change from 0 to 264192 [ 2842.692655][T18356] FAULT_INJECTION: forcing a failure. [ 2842.692655][T18356] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 2842.705910][T18356] CPU: 1 PID: 18356 Comm: syz-executor.2 Not tainted 5.14.0-rc4-syzkaller #0 07:38:53 executing program 3: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xe7) io_uring_register$IORING_UNREGISTER_FILES(r0, 0x3, 0x0, 0x0) write$nbd(r0, &(0x7f0000000080), 0x10) [ 2842.714725][T18356] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2842.724776][T18356] Call Trace: [ 2842.728048][T18356] dump_stack_lvl+0xb7/0x103 [ 2842.732740][T18356] dump_stack+0x11/0x1a [ 2842.736963][T18356] should_fail+0x23c/0x250 [ 2842.741527][T18356] __alloc_pages+0x102/0x320 [ 2842.746111][T18356] alloc_pages_vma+0x513/0x680 [ 2842.750874][T18356] shmem_getpage_gfp+0x954/0x13d0 [ 2842.755899][T18356] shmem_write_begin+0x7e/0x100 [ 2842.760737][T18356] generic_perform_write+0x196/0x3c0 [ 2842.766038][T18356] ? shmem_write_begin+0x100/0x100 07:38:53 executing program 3: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) r1 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) ioctl$KDSKBMODE(r1, 0x4b45, 0x0) r2 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000700), 0x40000, 0x0) recvmsg$unix(r2, &(0x7f0000000b80)={&(0x7f0000000740), 0x6e, 0x0}, 0x0) write$nbd(r2, &(0x7f0000000040)=ANY=[@ANYRESHEX], 0xe7) write$nbd(r0, &(0x7f0000000080), 0x10) [ 2842.771145][T18356] __generic_file_write_iter+0x161/0x300 [ 2842.776777][T18356] ? generic_write_checks+0x242/0x290 [ 2842.782180][T18356] generic_file_write_iter+0x75/0x130 [ 2842.787553][T18356] vfs_write+0x69d/0x770 [ 2842.791792][T18356] ksys_write+0xce/0x180 [ 2842.796177][T18356] __x64_sys_write+0x3e/0x50 [ 2842.800768][T18356] do_syscall_64+0x3d/0x90 [ 2842.805180][T18356] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 2842.811074][T18356] RIP: 0033:0x4665e9 07:38:53 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd9040000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 07:38:53 executing program 4: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000040), 0x9c8c0, 0x0) write$nbd(r0, 0x0, 0x7fffffffffffffff) [ 2842.815026][T18356] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2842.834624][T18356] RSP: 002b:00007fdb39a02188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2842.843039][T18356] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665e9 [ 2842.851005][T18356] RDX: 00000000fffffdef RSI: 0000000020000480 RDI: 0000000000000003 [ 2842.859111][T18356] RBP: 00007fdb39a021d0 R08: 0000000000000000 R09: 0000000000000000 07:38:53 executing program 4: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) write$nbd(r0, 0x0, 0x5aa8f623aacdbc19) sendmsg$IPCTNL_MSG_TIMEOUT_NEW(r0, &(0x7f0000000140)={&(0x7f0000000000), 0xc, &(0x7f0000000100)={&(0x7f0000000080)={0x6c, 0x0, 0x8, 0x101, 0x0, 0x0, {0x2}, [@CTA_TIMEOUT_NAME={0x9, 0x1, 'syz1\x00'}, @CTA_TIMEOUT_NAME={0x9, 0x1, 'syz1\x00'}, @CTA_TIMEOUT_NAME={0x9, 0x1, 'syz0\x00'}, @CTA_TIMEOUT_L3PROTO={0x6, 0x2, 0x1, 0x0, 0x9}, @CTA_TIMEOUT_NAME={0x9, 0x1, 'syz0\x00'}, @CTA_TIMEOUT_L3PROTO={0x6, 0x2, 0x1, 0x0, 0x6007}, @CTA_TIMEOUT_DATA={0x4, 0x4, 0x0, 0x1, @icmp}, @CTA_TIMEOUT_L4PROTO={0x5, 0x3, 0x2f}, @CTA_TIMEOUT_DATA={0xc, 0x4, 0x0, 0x1, @tcp=[@CTA_TIMEOUT_TCP_CLOSE={0x8, 0x8, 0x1, 0x0, 0xfffffffe}]}]}, 0x6c}, 0x1, 0x0, 0x0, 0x4008040}, 0xc0c0) [ 2842.867105][T18356] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2842.875075][T18356] R13: 00007ffca9e2055f R14: 00007fdb39a02300 R15: 0000000000022000 [ 2842.877732][T18351] FAT-fs (loop5): invalid media value (0xe1) [ 2842.889203][T18351] FAT-fs (loop5): Can't find a valid FAT filesystem 07:38:53 executing program 2 (fault-call:1 fault-nth:20): r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xfffffdef) 07:38:53 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xda000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 07:38:53 executing program 3: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) write$nbd(r0, &(0x7f0000000100)=ANY=[], 0xe7) bind$netlink(r0, &(0x7f00000000c0)={0x10, 0x0, 0x25dfdbfc, 0x2000}, 0xc) openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x100080, 0x0) ioctl$TIOCGPTPEER(r0, 0x5441, 0x4) sendmsg$TEAM_CMD_NOOP(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x14, 0x0, 0x2, 0x70bd29, 0x25dfdbff}, 0x14}, 0x1, 0x0, 0x0, 0x800}, 0x200048d5) openat$vcsa(0xffffffffffffff9c, &(0x7f0000000040), 0x900, 0x0) r1 = openat$vcsa(0xffffffffffffff9c, &(0x7f0000000080), 0x123280, 0x0) write$nbd(r1, &(0x7f00000004c0)={0x67446698, 0x1, 0x0, 0x0, 0x80001, "f3ac1bbcde912380703d0c54fa7160b228f2f41e72c46d0be8b31fd2873941e9edb0222163bbc31ee382b15a9f3b7f81bd4ffad7709744f0a85c8e635cb4cb237de5977f771a2df6a4833fb2c2d8f6842706000000d088da0280f3c5e05e6bdde33d9d782c24214f34943688bdaef602bd4eb11cad0aebf7b80030659ad0b7f42863a50000000000000000003f441afbf5a9c2de1030c47b4dad7f05b82aa8c5bd91cb6479641f21e5f23fa5f03964e069278eab8e830d6f4735f37930a479ea23d3c56efc2a11ea8214dd0a555426f82ccd5e68f250dcb3dba75a01010000000000003b126fde352f37b1c3b14da7124219ab806c6a0209b23e51fb1c4dcd93816e7ac1b2f01060bc21aa243854ded08e7b6ed75033869e25e04601582ce6157595d2855e898eac7e123ac1dd82c4713c855adfa3d7f25274bbb2d0cd31a70fb535bc72818e0e10299813cbe593831fb06d1c750545a43072b5f3ec867ec8601dfed01dd55d74ccc56b2227dd03149192eb6b12f8e6f1a648530e33e78e44aab78cc0eeb3a3440fa9250bc107a95a01390ce4622a64664e6639426801b8235195a60265e9ee6d681d3e7c853ebc7e471b179f92cb74db03fb86"}, 0x1ca) 07:38:53 executing program 4: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) r1 = pidfd_getfd(r0, r0, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TEAM_CMD_NOOP(r2, &(0x7f00000031c0)={&(0x7f0000002c40)={0x10, 0x0, 0x0, 0x8800200}, 0xc, &(0x7f0000003180)={&(0x7f0000002e80)=ANY=[@ANYBLOB="14000000", @ANYRES16=0x0, @ANYBLOB="04"], 0x14}}, 0x0) setsockopt$netlink_NETLINK_DROP_MEMBERSHIP(r2, 0x10e, 0x2, &(0x7f0000000040)=0x1c, 0x4) setsockopt$inet6_icmp_ICMP_FILTER(r1, 0x1, 0x1, &(0x7f0000000000)={0x7}, 0x4) ioctl$SNDRV_SEQ_IOCTL_GET_PORT_INFO(r1, 0xc0a85322, &(0x7f0000000080)) write$nbd(r1, 0x0, 0x7fffffffffffffff) 07:38:53 executing program 0: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, 0x0, 0xe7) write$nbd(r0, &(0x7f0000000080)={0x67446698, 0x0, 0x0, 0x5}, 0x10) [ 2842.985908][T18351] loop5: detected capacity change from 0 to 264192 [ 2843.001994][T18391] FAULT_INJECTION: forcing a failure. [ 2843.001994][T18391] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2843.015077][T18391] CPU: 1 PID: 18391 Comm: syz-executor.2 Not tainted 5.14.0-rc4-syzkaller #0 [ 2843.023837][T18391] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2843.031981][T18351] FAT-fs (loop5): invalid media value (0xe1) [ 2843.033886][T18391] Call Trace: [ 2843.033895][T18391] dump_stack_lvl+0xb7/0x103 [ 2843.039880][T18351] FAT-fs (loop5): Can't find a valid FAT filesystem [ 2843.043149][T18391] dump_stack+0x11/0x1a [ 2843.058396][T18391] should_fail+0x23c/0x250 [ 2843.062807][T18391] should_fail_usercopy+0x16/0x20 [ 2843.067866][T18391] copy_page_from_iter_atomic+0x2c1/0xba0 [ 2843.073585][T18391] ? shmem_write_begin+0x7e/0x100 [ 2843.078602][T18391] generic_perform_write+0x1df/0x3c0 [ 2843.083889][T18391] ? shmem_write_begin+0x100/0x100 [ 2843.088990][T18391] __generic_file_write_iter+0x161/0x300 [ 2843.094627][T18391] ? generic_write_checks+0x242/0x290 [ 2843.099996][T18391] generic_file_write_iter+0x75/0x130 [ 2843.105376][T18391] vfs_write+0x69d/0x770 [ 2843.109623][T18391] ksys_write+0xce/0x180 [ 2843.113861][T18391] __x64_sys_write+0x3e/0x50 [ 2843.118460][T18391] do_syscall_64+0x3d/0x90 [ 2843.122875][T18391] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 2843.128770][T18391] RIP: 0033:0x4665e9 [ 2843.132654][T18391] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2843.132672][T18391] RSP: 002b:00007fdb39a02188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2843.160746][T18391] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665e9 [ 2843.168713][T18391] RDX: 00000000fffffdef RSI: 0000000020000480 RDI: 0000000000000003 [ 2843.176735][T18391] RBP: 00007fdb39a021d0 R08: 0000000000000000 R09: 0000000000000000 07:38:54 executing program 5: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x0, 0x2, &(0x7f0000000440)=[{0x0, 0x0, 0x1ffffff8c}, {&(0x7f0000000400)="b6e4ba5e97a999bfce4e9bf4475031d183cbe1", 0x13, 0x3}], 0x0, &(0x7f0000000000)={[{@fat=@time_offset={'time_offset', 0x3d, 0xfffffffffffffc11}}]}) 07:38:54 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xda010000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 07:38:54 executing program 0: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, 0x0, 0xe7) write$nbd(r0, &(0x7f0000000080)={0x67446698, 0x0, 0x0, 0x8}, 0x10) 07:38:54 executing program 4: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x200, 0x0) r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000700), 0x40000, 0x0) recvmsg$unix(r1, &(0x7f0000000b80)={&(0x7f0000000740), 0x6e, 0x0}, 0x0) sendmsg$IPCTNL_MSG_TIMEOUT_NEW(r1, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000040)={0x5c, 0x0, 0x8, 0x0, 0x0, 0x0, {0x7, 0x0, 0x1}, [@CTA_TIMEOUT_DATA={0xc, 0x4, 0x0, 0x1, @udp=[@CTA_TIMEOUT_UDP_REPLIED={0x8, 0x2, 0x1, 0x0, 0x100}]}, @CTA_TIMEOUT_NAME={0x9, 0x1, 'syz0\x00'}, @CTA_TIMEOUT_DATA={0x1c, 0x4, 0x0, 0x1, @gre=[@CTA_TIMEOUT_GRE_UNREPLIED={0x8, 0x1, 0x1, 0x0, 0x200}, @CTA_TIMEOUT_GRE_UNREPLIED={0x8, 0x1, 0x1, 0x0, 0x2}, @CTA_TIMEOUT_GRE_UNREPLIED={0x8, 0x1, 0x1, 0x0, 0x4b2dee01}]}, @CTA_TIMEOUT_NAME={0x9, 0x1, 'syz0\x00'}, @CTA_TIMEOUT_L3PROTO={0x6, 0x2, 0x1, 0x0, 0x9000}]}, 0x5c}, 0x1, 0x0, 0x0, 0x840c1}, 0x4) write$nbd(r0, 0x0, 0x7fffffffffffffff) 07:38:54 executing program 3: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xe7) syz_open_dev$ttys(0xc, 0x2, 0x1) write$nbd(r0, &(0x7f0000000080), 0x10) [ 2843.184700][T18391] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2843.192719][T18391] R13: 00007ffca9e2055f R14: 00007fdb39a02300 R15: 0000000000022000 07:38:54 executing program 0: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, 0x0, 0xe7) write$nbd(r0, &(0x7f0000000080)={0x67446698, 0x0, 0x0, 0x10}, 0x10) 07:38:54 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xda020000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 2843.328865][T18429] loop5: detected capacity change from 0 to 264192 [ 2843.341007][T18429] FAT-fs (loop5): invalid media value (0xe1) [ 2843.347089][T18429] FAT-fs (loop5): Can't find a valid FAT filesystem 07:38:54 executing program 2 (fault-call:1 fault-nth:21): r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xfffffdef) 07:38:54 executing program 4: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) openat$vcsa(0xffffffffffffff9c, &(0x7f0000000000), 0x10000, 0x0) write$nbd(r0, 0x0, 0x7fffffffffffffff) 07:38:54 executing program 0: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, 0x0, 0xe7) write$nbd(r0, &(0x7f0000000080)={0x67446698, 0x0, 0x0, 0x204}, 0x10) 07:38:54 executing program 3: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) r1 = syz_mount_image$msdos(&(0x7f00000000c0), &(0x7f0000000100)='./file0\x00', 0xcff9, 0x6, &(0x7f00000032c0)=[{&(0x7f00000001c0)="d97da2fc385650a9066899c5e0bfa30859d2d6087918d782cf74a48da8f0011d5434616a0e5d6f88f703de8eb9f618fee752c75a9ec0f10ad546ee197827252f6eaa3197aa883716b601dc4cde9f3908ea7688a0cf719c03fbbbf0ac8a3ef9725346ae73d8ae477f558d850a89596b16bbd1ce6cb1b6a7ae89906550c5aca274533da41caa3cee34b17f5278eaebf042e01b7a07e58d4cba3951f728b1c44550c1a96f3c70dbc1cdc724af2041940cc36c7eda8a9dd877e6bf034df76d4ecea9a120df7eb0f2e632aa674f4cac65aed1adf18d6b71dd83638b96b064673837d75110d423806684363893701fcaadf99614ef6079977506fc57bb8376bfb0a29ebcf56e0cf316ea7f01fa37da136966a8d7d26493a280aa5fddedf6dd70984c63f70c761a18223de343d71dff8fe1fde57f7f99c7b87496b2f0f8bc02e04f9d1b63d14035c2bbff6d8f14036d61933ec5c1391e0c9ba60e9af7513ad732562da7658fd07e925f016bb750fe0144810482453a469c9b2ab2d12d3ecd92ffb37b50e1eb5ea4dba7aee3484de3944926bce4b29b0b79771998a103c80985a851f52bb8110cb675b1d744f9993523df0a6c0a93ca7e14d1b1de533784e0740be9d41cdfe81f2f752ab7e314bbea280b653434fd89447d47045d632cf66b25c7587344ec2b486e3918dd137d3184046d329f00a3b68e5d70927bd818272df575585e05ee107d27c7e6203e63bba5b394fb354d78f600308070cd5a4a1e160e7150e83a1e3328509a18a64d3358139c3a78eefec4a8cfe8b89f6a05b2d2ff9d3b6deb9bbab17f0d54c2dfcbb79e574ea6aeeebc2bfbf892b51f951ca15596dae79d58184263355663eb4f150291171a97d55e877a3c9849966ae1d1df5cdea7f1469e59b7a6a554fa0bb2aad40ccd878818b162a3a945fc65ccb1842a37675cbb6f552a8ee333b501af304ea3e015e824e15ae0a240b1dc2812b4d3ffe945c062d87cc051423e56c3193133e1bc8f69cd77008fedad54d0e61dd94074790bafd5aed98871a2a6efb936380fe27e6f5610b79b535f67322dfb86d21765755935c8b28361aa12f3fe38326042fcc7486f89811bca84c89a1bff3fcddf42b0b2120262a5d66d5774b12266a277c29a6ac3742021952cac9f9a2d1e7c31e4e4bc7ad471503f0f98cb4f4f3cd5a39922f2c94b3504008a1a2b17825abe36873b1517fe494dabb19a08eba89f9f9617d92faa434d462feba7f7d8d70d4b2d02f96e88b3e3395693f057b06cd44d25a8fd5c6d88ef2c1ed8506e5dc990bda3a2910eadd626331534e3df08b8643941982da4c8effa341664adefce5c104927a0ddb7483e5289c06f72bf443b297d6c23feea8a41675bc1fb97dfd98176ea5f72ae4f8e1d48c7e17a4c5230789501218e580d54d691928c237d1b1d0952d83cd8ec0317a805e253646c1da8dfd2caccb09b99393f35bd172c2827c5b0168697c7dd3c53595e9dfab3a3f81045b623e19a2cd9be783697a360b2d5bcb680cacf6e2ebf321be7640ec0751ad8b30a32f96368e829ad7472f3f69df63ce2ca14eecac6176722a93bf2100841f3fda39922f22defa9133496c6a1b2cb885b76fae9b42ee7a1fa2b88646314f892f17e5b7f851595a800a1e2fdff63d90f4fd6dafff8a89b98da748ae6d0585ec320a85c7541fadfb55cc5e35f102c7594284d80db962f078c664813777a9a0352baac254bb8b7f84e1e9dd903fc07bb56ae1dfb5dc901a5dcd1dfc01268a0ecd9e53420be6b4035d7a7cfab6a8bc049b7fd29192b58f5b4c9c42bbb216f56331dcc39a07b1ceed428f902e58594164845ba93a5c9b6f55bfb12bbf60f596a7feadee14a6754564609cb59ed8ba80874de2e1ef6975ba6dcae6c52be084506a18ef3ef8fac4ddd84d0e9b73bc476f3a3165f8521986ebd9eb1dc31d51c06e99c2e6e420c11b51336a1e93e74bfbbab234132cb82dbd3a440f10cb80b041e1664eeeefeedbd831ff15cc11cc0b41102ae26b06daf4063418f6a1a50e1f196cbb3294c25797322ea72e6cddf741501fb6fe01edfdfe4b05611defeaa7094f919181e34c8e497b4c6d94ad9ac78fe1f7172db6005d927452740ab3257f46cf454b8272bfc42a45b256e2dccfdfe9963d7feb56aa2d7c35079ed0cfedae4e04e6ac9021c366bb258fdbea4c4f8421fce5f248f2d16604158d436137a82c355f7545a846f38ffc9c8a1809c636d7df1a738440160c840bc16a3e56452923b68d8fa38ec742f4085ef68fbb240ffdfe2866124aae0cb2b689951f42cd6cc0b9f30939b82e82952d13307f6dde79a4802452eae4c45f4d9d4eef16790ff87382763b4bc69f755ac1d08ad62b928a35c6cb6f3d31a6eb8cd5ceb43510d43262b812a2cdb6130e36713a94b6b3dde8c44d78f8c0795f36113443a3a52948f08d2851e42ee6d84b701d111a000251295701247c5a174942eb299c59c67d4766111db1217036359bc845e3ddad0414d1455f3cfce6307fe05fc3b4cf6bd49a257e4cef1c19a1f5ec61819bd2f2e4ad1e13af40dc4fff1509c1201e1608924ecd76fbcb9d2b2de3b536219f9502354b05486c05cb3aa08a16b95c8ca6d7d517c2480e592931129358187acfc4c7b8d33fefdc62921b235168d5b987ba332bfddfb204e38b97ef1e4814648566e7aed2fbc519fb579d955158ef308c78e030899ddaaa26cc4188d2e905b2e2a35fb32e9ed12e02fd893ea88eeed07c3e45ccf0ce7aca1725781c60afe651b396f133bc47eeaa174cd423ae7527bd6d047fc486fb4a84bc12cbb75d70073c95870db3cd203c88d31428321380693d57652910cde1e998f28acb3907282eb35b8b6f829f1361622dec13db4d109fce7a0cd45ea912f06ebbe82f7b02c78781f26bedc8b28166de5ca60a2b8fe3eabc970cf0e2df44176340e25e333b93434c7c7bbab62d065d68e2e2cad12e4157aa74139fc55aba4c07b1415dad505e30ff1ee389b4a4f7bbde3bc91497ccc0d44d725ea58796717df4c31f224ce6c8140b4963948f6b7201beeae5d49ab0745c39e1d8c81f570f21149f40ffd498e1557bca9472b677616cf51dbb1c679566f4c72d1109a4ec52555eadb68c5071ac873dc70be969cceebc93202970262913666ff6d2e9be907cf1e1b35104f2a643924afdec725e3e3b8b6ed797079006ab1d462babf00dbc30b2a2b42edab7b76e4239b82d90bbaaf3a8a5082fbc721493fded7790ac33c4f1cb7414eb9226e98381ca6330c0a2377d6069578c618eb1140bcb35979536c94fa9b8b28b8ce2670ff0fbc6970f421c36554bdf9b09a77626bcdfa632f9021c4e241e8a5329007cf6973b782117a4a6a00989049781cd8db011f5ce8ac823da13349aea557b0a842e42701075435295aa20ced1030e3746a7e8322141f5e35ce27ddd5c1603c85fe6a5ebcef40e03149f6b26efc9f189eb424de21292799a88bf6fb61e5eddbfcfadd1c49be4c9dcd4dc3ec7f0c8d9ddb957561ee80a37e7498ee3901ec8189e6e4d77ebc6de71ccaa5596fd3940e6665b95741ec3ee2cfbec18d5a23b292fda790c6dfff97b6f2eac8d5ec5a03d5d8336a63ece77fdfa817a15bdbfda804c1d11faf5b18468c4688ba39be2c0e90f309c1140fedee2f5479d81f22c8c2333bf0eb8509152335b5266f5c88cccdacda062d03d5860ffb7cd23f5df57c6aac400cfa4ea186b15b588157db041fa9e3e76111cc501484c7fc0c7970ec5613402849505420451bc437aa540e19140f4810aee6eeae97d115812a6bd0d61a12f3649da89f454bddbf822f9aa4b50b016e73209a7911a0f5ec968cd60a71c783d6751e82c315cc5ac571e82349dab8f32e69a70a3eb5413416c505e42c0f1d71315b0a5dd529f728c9993594b4dde75f362c912ca7769c48eedc8cbcb7a263e39258f47a1013eb346a4946d490df35d5790b5317dd38b00f3105b8101ec0c7c2c9dcf2fbdd405ca6167b77026a8ede94aa67530786afc846e1764e57d955f33c5ebb5743e5c3edb4131338318f0d9c383b34a6a1c0e7c4d4241078319a88caba782850eb519e585f1ab52c0dc9ad777831ce8a4cd9251a917497a79e0f1c52d8cc517f9a2e7284208feb73e38006641c2b2b3a890d077abe6e31cba5f09942cddd6f80aef6ab1707c6374490bf8ecfcaad6bc6097699a97a6de04711db8d5b3e917642890e3194b17037008d6e9abb3fa0af501fa120fd78dc03121c6df77f10a3d6ac8c3140bc9669401fa7f119204e55a5c689e0f73e1686fe685c71899e489bbb2bfb8a6466dc292026836f259f03fc300c1858323d12cd12d53cd0f2c422b07506313327f6fdadff537bfc9dcd5460a471685cccc1ff248a14663c6c7a5f1d914b2b85421caf63ac1ca7c7adea02a2c374af85d201cf84d1d4c68cb2c02e36e3c46c81bf7f7bc70fd94e1ef58c9f92ac92b4d7381e3708325688e9c6557c3a02ee3aa7f16ba7d7fd52e15c3c2be3ccd61393a91b60b47509c4930549c897581c17c092222baf7494a1282dbd67efa7e49c83837cba12849976a1853cf87c0bb96614aafd4a04d3ef382215fb363f25f3870eda22b65bae7db17179c5aefc68e900a440e73bc2b0875721358107c82052bd9a3ac811d21893abf07d0c2c14b3f24e65cf2bd5fd99b5980c127d8b0dbbbc56a50d2b5a5373b5f730f537a976781ab3d02d258d0383b5361e1789e5f28b577f45e6755c0cc2b2e4808a190ffeb06a02479154f48a99591ec84424cbb18cafbef3a2218b0b8cef69d34a2b907c5a973e85c370066c19caa565a5c288393a89faa2a432cfb0807f1ff70fe5b7557c84a770f433df34b37f34c116c75b00e38e0974e96f384d1e25552b375078899f2319f85696cf73c7ad3b53a1a18103cbffbdd7a757f750c0ecc63bb0f777e017f7cfee22dcdcd4c8b1a6404ffcb5294a96053f3ac58ebf9c7b8d483f68d30391a58eb5815e43454722603277dee2da27a3730eabbaa5a9f47b2c47bb774ee537a000b34551d0d8095c236b7e4dd6d97f79fbc4ff78a643dee0c674996ebc1d84fe4665d6a1dcca8a734265cbb0764926c83a54f02b9e690696d1a416969988c937e3b086a30cc54de25ad59aaa6864a476f3e33fd06b7b8801b69052e26c676cb8aa495708feb42cb373d9f8ea2e8dac67af97b70082d37eee0776576ae438ae41bb2eca9b2f7db0d3fa1b95dd3a18faeded043cb53303bec7e6712d912779922fb98fb6061f9bfa3acd1cd821531b4c13d29fca586654459c74c70661d0b7e6906b3f9726d2bf5f9a3be4313c970a8ca9aba6274013e5061e398f07a478ef2c38d1ad31a66d66bdee5cea846a4c9fd9a43837d1e212b84f0bb5657b3f753af63f630530d76a193e95a359042266f5c9d423842fff64557180fea8a777c9e293e68ea6c24a7c79321703dc6fd0ade1100b0c20888dfd8b473be5bc2b7aacdf32266d7a3b2bee4ef15db807251d5eb9da86d21e7998762459f8d2d7e1c6be1b57f2dcc20f14cd0430200ec90eddf02823c35db774b15c716923e36910a260a6a86037ddbc44040689b50c1eff3c5d708f2e86a2a426a7f22f94538535a5dceb82fc357e593140cc5ddd902a96f843b42850235bb14112ac8b630d1848699daeb28b99960fd1c47f1eeb011a898e9b0a41e133107267d7523e7f924bcae991138f3419a0da0675c6653bdf505663a45c7d36acba1c69f38b8c1219943bfdf4ebc3f39c8fcea055da668a5e5607fc43413ab4160b5d28272b0605d153517c03", 0x1000, 0xe7}, {&(0x7f0000000140)="0617c14da55ca113789926c86b500918f4bf5f424442d33e879fc18e7fcbd344ada76d5c9a0d54d483a53419", 0x2c, 0x8}, {&(0x7f00000011c0)="737f74029659db3a176f497080807d635124b8a03e9553b7db3ab557ace4f795a738cafb752669283459507ce6e5ac89ae1987eb866fe2b428095aae0a9d5b5923b598c526a873df0d45b0ecf4d58a69ed2f9e0a806175df744ec4acc8ce146ee20d035fb06cd3997a64b0f63e5fff3c060276f74a166222519692a4436e266159846ec64a4cfc10feaba2e48726399b272805018b017c3956560d09348e4bad0de27edc36", 0xa5, 0xb1}, {&(0x7f0000001280)="592ff2b58f1941ff969267e835f59a76da5165b8d7b42ad2a5f4ae312fe787c542ea0290e9868f28993ee98673f1db4b40a6c9f21e4ccd4b4a46576ed9b6c60751aae4ad90e2ace3c0d792709283224f630de89c10484b14e7ab65f0a0fb14776d77aa96e66acb6a7d5f6916d49fe1017f260bc8ee9b342423fa7925b72f89c3e7d30477e5ac0c80338ab0c256dcc422ca69b429c6661dacdc5df053f7a99f6855637f401452a0ad7a9158a5bbd445eda7614bb4eeba61733d38ee881cc9dde9dcdd7cc0fe2b8373ca8b0d2cc1225f6142684da8621d9faa4d3fdf969b982ef87b446095e1de5678d29eb4245394141b7abed1cd05f0838736fa928796da66111e75430525320587ae9377a4d3e89151d372775c523ecbcc982ca138adb4138678f4dbf353e2f60c06b5661508812607588db4eb21fc15c3413919effb3a56162b91fd2c967bca04f80463c1626442d921e5e5e1a17ca59f8050a533c66ce9acaeba15e5df5282ff2af2088e18cc021a48c1c926996457642cc3c076eb00a6f8c2cdcb686a0213ce4aec66ca2fd02449222a18474b2433ab42c1097b959a8a6c8f2703c17d9beac3e1f692d229da72bd0dc8e2f343aaab7be79101a2153b55c251f98604552d4fb52b1972a4e0c9aed47e831547bb7352ec9cffe45ea9a7070cebf182d494e88c815f75483a45a5368a529ef9f95b0887ca57dfe4651048699e8568ee70d78651f967ab4957345fa87a8001824665d59fd92029f8289a1247908eda74ee539d542eeeeac333ddf0233ae7d17949ba9d2ef21c046108f990a85fa27fb6baedacfe91fd988f26f92fc8a1c438737b09cd0601ca5bc69fc7502a9c08139b75fbe27b3c31e738db2861e3c3fe1373ed9a0a2527f3d92337769f9144044b51b2ac288cf0a215493467c64ce69e8bbfeab5374d5d14a25b3f81f6d776f306d7a92af707f382d5329bffb7eaed7a78c31409c8afd16e47e633ce3e51e034b75ec95e0f1429db51a8d541f63cd4e85dc2759f8a5273afa53f29d36a8c95a883fbfbf3c7f485774dc13b3a6dcad2759f1a493bb19569df50c93fe3e40d8bedd1df0e4bfbb6015caf85a03956351100d01cdc2a39fa8f315634662012498558fdc18072e84969652e56b94afa7489f9db83d70cf247a26dce805ecc0ce99e7e48675a2810160191d128b49d0dab221e744dbcaa7034358c8f2026015f41e617073e99ae0f55b5954100998858a2fe0e7f70edb3c7ae1368d320e68f3ce75cb8da07c6d090162bdd5aee2cb99ca6e9d2b93672afc2ecce2abb05456ebedd77789cb85565803c46627863bea4c4cff85bd9e87925d09788442809f808e86499a88f5ea3678bc8dac377d6ffffd0589aa2fddef72eb57341ec9cc893d6e7efffa1b4c62c77b3589d60156f6ef9f7b3afc0c1ca46202773364780c956d5c5d95afa796198e42575775f7122f31a56a21b54d0c522b8f7779e935d519adc8f19870a86d4720979ee25a9a4fa142fcee6c8086e447df4c4d5e568498cff6152075f7b7bb017c09874a618b508c50302963c3c7842c262afdb6de1763739fc06ab318a0ce42442fc6a9ce0d6e65586a9dac1e89a4ea36f4de875df8d699baccfe930d9836ec38a07f59dfd2b07fed7b376ce2d3123c164ff83322f3e62e7bc62fc49698873241fad53e967bae2fe743660a1afeb18c1236c8106a229182a0fcf61d70cf64ee35ba00cc96f7c033259ecac63ad1b7df8ad8cb3bcb3e7af4c9e91155ce5f3b08a20bba6155736d02f5a22ce8e8b619f7b64c5116d3fbc55f164d16da7b6986af53e281af50c7a1cc80ec0b253d2bd8e6a6194f6e3bf46a5f0316b36d6d2b2992331cd2053ef3c339391196402e4cdfc74fc5ced9ecae8cece7ebb648f4b04693745e84a4c332984c76d2b247dfe96c4ebc9550253f6e1f5ebaa118e830d1b868dbe18b1371d661670903118ac02a7e90f5d3c8c9cf2143c0767cf2e33bea91bc08cb8b74da33547b3962059e20c5d5a7ab6d2aa626b7e89d40ac051f517958c4cd27a00150458f2fff568841abeb7451d9454e2df7987e0e35eb61d77a8ed85c6d078221747a2c3a083b1ce6f577ce401aa0ab4749d9062936e4148643db4e14d88c3b79116a21468e8457be7161c665f4d0c8ad0d15c7b3eee3799462a43b605fba00b73e6a27af9b533cac9809e1190c5d6b05f1d157225b073595ae33161f5f62a6eba5b9545a4c08906d8d4b1aac8d9a40e0df0b7d0097b811806b7aaf9732755f94db33a56c8c6326b2450164b895eb81e92cdfc805a8c46851ff65f2ea9113ecd62c519d50f414c2ce253d33e3f8536b644956f01f300a9b82333d71af3894c623540ed296cd54e9737a103270f85629e1f973035a8069d7fd45ebc741a132b79c21874448dd7a0fd8d6e5958effbaee8e28b3b92ef06a19a0f26a3db871afff0c3b560dd668d39780511f791f414b9ee01a4b13e6f6f6ce1a7f3c6406f099fa7b29fa48f3a46e51075966176464c0bf6e7cf798ad0cae48fe5708940860da0f6f18ab45af0754ed849324205da727da6ad9dfecd89c8160bd6c0cf826c30d1a01fdb2047cc115dd6067660290f82aae622a10ae1e435d5e6ebcc853cca8380ba6543c0e72a2b490fa46756255d3838c23809092bbb9934d921bcbb0b8ab179ad2b0ce9c48e1b3f9958dc85ca8f3d08228ca96b0a067b7823ff95edf76f0ca68aa680c902930c64ab9df02f4b174f76ea2c1e0ebca82839dde33c0a3a6cf7cfafd1491cf7a2d32b1a7e6a22a73d70167f70a40e5fee9e65240ba9f4e71707ade50549a2ac22211e4d9cb70fb238c4a69be3d7f2674436bc6c37af2cb81eadcb079237eb65d48fc94eed044d40f742b3021331297999fb97db270b22ae48c04d20fb40c2787f394fff4d9cb5a7d5daf08070796b98b9a793c58137b709d6539494ee50609f503b96866353a5d02d76e5453db03eb4b60d59c114bb57adb2d2393bfdc4b572ca2ab0bdfd0833e589d70e518cc2bfffd561c58f3ae81e5c21fe43aba8db8402e1ef63fe5ac0ce4bd16161d8cb407f0e7501759a7c893e7ac1b9acc27d21ef0fcb908151f8b03fb5d1141bb37a5e50d27d14256a6347e9a2726c48c49e6775d682da935e2efa8794992416617ccec97784e9584a11de99cbb87c3d78448a791da03bca4877dee7336d4dbef17b754a95acccda418073d1033b8426dcdbd0015e3c92cef40d3ad63c3d814ceb9ec26d946b710e9dacaa79685322bb761a8775b6503af82549816311aaf6a830ac36d2b17e21d35f25f0773cc1d5cab336d057d226f21f99d778c9ac1d904196399f8ecf0fbd1d3e7a299415dacd1e98e5e23f78fa9c1dcf5876319efabec9210b764e863daeb9952d8649b9f229ceffdc401db07523390ec27dedf8ce9ea4f149a7a80ecbf8fa3abe29423a7ca20181b4ec884b20d2d87c10ddb34dfd6ba0cf648702d345a1776d1d7eec0a3951ce81f73b467bfec723c9d1b96d47daaa2f80cea7933070b7b4b41bea06124613d1416e66925792c383b02696a82809c09eca22af948099195fcadd65d6573f13d865724478dda111777731afbee852b16f53faea8da9867670b130187542330d301d34baba1067968c8c08cf51b7d869a12c1a28e76354b55e03cf3d697a1957dcae794ee3f5d29d6f701635a3b0016770ad8b28389b09e25e56490430e75ae997d4cd2504625ed80c0b43c7698b578ecf32c90f5bd973917745da7b247a5e48dfc461cdefcec08dad0731e32d1e93e2aa3f7947d9d65708e9ba457986c44b63339241a946f949627f5d8d64fa6fb162e83e32f3a03e597994ed37688a652037a69d931afacdfdf65e7475506375e247a35a43b73a1cdcc4575eb1ef168e451e56d85c52aa751fd3b50f74e935d773a7ec9d81ed750859075d003965116ae2b6831beb11bf5f101b6a577a1c1aa86b5ac653c4c317f6f2c67bdbbf1b5231559a760dba6fc10f8419d59fabb8ad0e674a6eadebfe323ff9bfe09e6aa19b0a3316e2e6b69346889e1ffdd5e2b671d6c8d8495823c3e48fc1acdff0e3e838de3527434c7e8c86752ed7d76c901f406d69a6d435963bb970d46c75b8b5bd2fbdad1304e9b93ec5ab136cb7c1c63d8cce7107788bfb347f6ef094edd3f8a91feff45e96e00fd01affc877a2c0330e26a4548df96d32cf7855b666a0f9862179d43dd0face21716c9adb7748ec6369068524e958b214e2a1387bb78c8cfbbf09559fb1477f9b6067af4016d319db9fe8e42dea109f7f0561756d1a0e7339b724b2797429a0890a3895da31836dddecb20ed58385e7a2eee40400888887d5672754f93adcbe8e0b3e16bd15904d942c632ddb841b44b54ea031c639cef089b1caf322398bdc147e56c4027c70073413caa5cbd2e004954a14e0a1fde9db3bb80eb1e9a03ebb9c9ca185a0392411a0a2d08b90a47a3e360b350deb9e8808850662747b9ac409f0514b210661f97e88067408274e3f1e12a1a11a61716f86fe2fb7a6264db6f1dade29520b5f0403099b592057640b2108486c23e227cdebc463f6818deb61c7923632d62ec271e4c1f0add0630c02c3dd7c4be02c52bc236788e364cd03aeba8003b161c529bfbd6f29de9d3849f0c1c77537bfb82ad0189362643448607c5148c6feabd7ed779cd83327d51462b35b942948920f6f1ebbd66852d2457c2119019dbbe2fa5efcfed839dc099b9d951f75c9271bda1474423dabbba84b325c77975fc3bf057c4842dabf883d9b0ed60dca8986afcc607caa6c467dac5b4eedcc1555a924fb0b5564f856607a0cb0f3027fb392934c1c14e32cf2d4252506b135adf71bba27c13d34c03214cabeea47b007229044e1e7ff641f2411a81e0934f5b25929403a5f47513d7006807e6fa6dab5be6eeaffea4fe8eb41798e489ab18aad8fbd9afab9945e0b05d15f276221f8024ca70643a47b27a1f0ad5ae367f6bc02a2285e4ce3138360f457546c458fa9eeff71a1f5b3fdb7678f18d2fbce290092e17400365bea0327b906b8c241ceae21c11cb51277e6febe510864a50e30d4cd00c32309575b8224dced76bc9e2e35fba3d5379a87ebf7bde28e7cbbe31c3180dc796831ad2d4fe22590e8925cd1dc7cf8d431da13f081fafe7102b2c4ae5f17021f61e14fce59971e54522fe03690bbfa59aaad83932bcb1faa5ab4e86e820dbeca4fa9dd6aa90f8f1fafaa414b67834d29e2f3f5b1c7e68b2636034ac75b2e5de693c151ee3377e9c9dc7afe0eca40c639ca3e243a82094b21ef20bd2b427656440f2323fbef8bbccc0a32c2d9e796e39da93883c11a646e794cf9ec6b114a4d6dae673d22042d16f9d4a92386085da4bd89cfbb6a12b2189a7da22337698817527d01fab60653c0b06f3607ef3248fe0557280446af671e3b94a4240860e553984a78845ca8ee6b226b70a8d20e5018e0f076c57ac30b0841bb796a58ae39ad049b6159445a209b80c7c5aba4e3a6b79c319202c6c0b2465ad8490fae1aa27ba4ab1e51afc8b521d385656520428860942ed0000aa4c1e9f19acf50f9382d77dd5409a9826b64a82946f74907e44b35d9a4641d1fa754ca386be206b8e2c6460d2e5e3c378b866fc9c144d95891e5b50db2f33dfc5b7af495242b68cb241feaeb34d5948832d86ac62da014bfaaf608e9912b370728e25fe2f210e4f887dfb19dc46a76b8824c79383836419c7333db914f9566a141283fbe17dedd18396186e4f7e8160ca883b99819ec49fdec28f602526851e2a248", 0x1000, 0xac}, {&(0x7f0000002280)="980010bc6252", 0x6, 0x401}, {&(0x7f00000022c0)="8c5adbeef3abfd999cc505d36665d4b179772dd48a48dbb7635dae01081447aeab4ffa4e5f10ace9396d7b96eeab36c51ab8d28d7c06ed7ab9ff1c1917bdcfdbbe30b62305506e19be857994963aee434c849d862c832f80af60ad38fe86f5db03ae77dbf4a13f4ef324e429147a88c0c49d0a51916d01cde4b3cbc8b4e335db9a77e7414ebd328af7717b85f3396f930517ee02c297937acf47c50461f8861e799498b768c0535282c47a160f96cd68c058936e95e016b8020f8c335b4b7bd5089490b91c3d9e0d72b03b83fd9dcbd01a6e53a0849a182af11b3916eca859ff9a51231b239916f3a4a8b9d6178b74436c05257564406d5f15d782bbe3cf28805fafd183d2d6c7c02f85784f61d767581b3bc21910f8d91392706e29596fc2786e0246e83e9dfbf452e0ffd138729c5e012850f40565636d99a8a4828521f334ca71e0d7d42c6d0cb54da4412278a3237309a93a7fad3fd93b2af62267a48b07233dfb6301f08e37c26ada1891adbfa2df9e10d0204ec2dacebbe98fcdf721405df62f0d1852204827bdfdda76ce85b07f469639f11773535d7dd7e1a636c2d02834e8ee0d66597d6b691716fd9926fdfcce9d4239d424fc7cc9bcc41ef3e1024265bcb08d3d35e1f16df193ec3e12c2e236f2ccf1a8c30dd633f515db8e8381decd62919cdf150dc01547a1e110c843ebcf26b8a4567181b9d249ce96c2827c2dfd305d7d8d23cc4207e767b36aafd91d231a483b552340f867bcb9ebd50b42ea6ad029ba522018d2a94f4c4192d1495d66eb5df5e620b48d6ccd48cf249a92605390a1d7a8ae31bc91b28c1423e3facdca829c3926e1a78a18446a5e2d26307e4ff79ce57d46db9f41fd5d873c55047e501185acdda7f194706be32dd85b6af1daed6fe1cd37fb484951d83b04bc3cf83083ac1306ccd94744d7159846aa44e135699b8a5f3031d9d7116d1b94790f55c6ba14713ce709dd19a2159df3742aac73aa91e47923182060f2d03ea6b4a59f4db74d1e8f0a1a95bc35a5762119ac3aca78418a2332bb7f52b9e84e4a228898ccd024283059e4558619a89a672f41d783878f78f8a8f44534e95864632b43d4c06cc63e934525dbcf3b43b22f3fb86eaedd3685da6296f034eaba57b7a526b13d0b55c3d37d11340bc03cf49b926c9a81820ef60cdac55d4742e5d44368079786c9f5e24507c3083e4c965b3ca342a99f4e557300e7102d0268a641c585416b40680895be90d84c0d6a57cc4ab4c306c4395023a7d1fad29441a456c9375d9342cff2d5453ad1a4ecccd7f92f3986aed80757d881128227eb85f98e3c691e4d8a70e949c9386c5bd0f97911a79b9d4c502abc040074a973b83134c25d9554c9bc44cbe0a754f1d309f0c0c760e6119bcf5acfa03ed732d79297ac74fcd299f2d0046a58fe7790385633601e111b4bbc81bbdd8b82adc54e6c9d1742c1642b1075c6c1649df424bd02f8074c46666ea89071fa0474753793cd632782c5f122ef617acedf49e739cae549c549da3884f314cea834d8e03e277baca14cbcde7d3bc1392664688d9497a615d9a857bf9505c8e44682051149caf0a500000b16c166c4e78aaa9641e078e9bc547b4c086fac3c69235bb5d762829c5aacea9e93122af2222f37435c5f66a0dd10c9f05c98b024e3a69a8376f6625778e1fadd2906513074407eba289d9b6b55e326b46ce86e452755668fa5d7ae592d81b566ab1aee5ed6d699acf20819df9b5e0c1ec7872fb62c259818a29c3b24e22cc4849cdf411f7b6ed56d171f77aea830f21e40b4cf5c6c8fc9893051674ac34ff59720701177962c1a738b8bdef1823b0bb7eb109fba07aa3a87b51485b0d237ad00ec06bb5fde8f8a0e8e0bf4c972da499b712bed67a205f21105668b83ce98106c63d150c439f6d88ebd36c5412446097cfeb501c251b21e0d5dd3c980ff7a3cd39a9455718f22dac82bed180533582f40c3846f43fb6c640d2c321463a4130b2172baacb8912df6d8c70b6e42d84f477d0a2e93ac00183c1208b9a6a986b25331f8f41e7919c6eba2467e35afedd41d9d20d3a69f86e84166cb55a0041197a9abf6d828d64dbc14f768f2e518b0facb6a2ab2de27aef97d6ba7c59c5b83f128437b5bcafea8026bd2e9478908fbdc5bfe0b4ab7497754efe7ef3e0bfca7366c5c3d8d3e3f45b55802f58b2161c4d5f790356cc03b349b2d8e1dff430f254598a00bb4cde386e7518e79891e76709a97941287d5162e7ece6241659e8b75e7d61b3564fcf1d1fb0369a13dbcbfe4eca92bb720530ba2c57986530ba2625966076da70e2bc883b64f12311bd5c1884bc0a3424325c66c93974fffbeba7b2db61d2062b2e5ea12dab64b46f6175e29edee44a566ce7a60c606d716ee871ae3240c26fa46f0cdd26581caa6a060bc822e0913c6febd03c09bccfdec116fdab0eedf345f86978d29307e8346443f5c588ce4b11aa31492faa872ec5aea8e40c59b985e7c54a50057e63cd9cb0d657a6b4ce284db2c7faea44385e2c94c9e02e9f6b984045c7a2c8af50f18848baa61e0ceebd944abd26695ac44fedaa4e54ee2793ba3ab23cb9712cd471f9737dede6e31635f283b6afa091efff42bb4ae01a2351f337354a7518404ebe681b81446bc670617d004c068809b8433ba0988800fd984c99cc997e938bc38041131fc259d641ef37e46c93272be3e0527b7cba8f8354caca9fda30356f6a2255bf3882d5576518f4c501a88f004ecbbb2d27ae6f63a595116f62a07713954c30ddb30ac61eca00adbfc084180f072de9d70206036bf02a4a71b704c269a63f7ea0517a333df2fa3b8ceca92fa8d3dabb55aa7e37064ae566cc75ba5c0f0803af8c82d668f0d18a38d1000a51994f8459371b7eb2cbf7edb79faa5987490e6cc60fefb8cd60794d957aafb0114cb5bda6d248fbcf98979e1b16d822023aaa4adf0c0bc9649aee366558a4b79908f39efe4349262d09675dfbaf23913fc74f1e83bb4bda9ddfd332a7d2b9d1ea574ebdb258db4bb7c28c443a50e44061dd99d7abfdb6b4c55066ab9365d05cb84664b55035541216a350529a74c2a4f19c44db78e452d3c4390ca5f347f14d2822558e38bf97ffe142c9287f34941eb83f36d8df96f915ed3a06511716901cccceabfa8cfb03e8912695a481907c48cf8d003a4f97331a9abf66244e7cce2dce0bdea62b6a5814459500091559eb9dc6cb0d984a1cdb9d1d15ea853bd3a41bc6bc6c797297fe3118b9c3313e97dded20b9a5e9fe5f32d3a1a35d244d936fd6633408dd2ddcfd9ab7ab63bf360ef382531934fa21eac81e748dd3b9484c5007cc99696ff987e008231e20c5fbafb8aa25fcd6904fd4aaefdafb21b500b3aa0de578256ba34dab6a6a097823886f8572714b48c7067cfef958a670108ef7875d9b362d7771fa52a4ec591a915dc01f41799cc85e38ce234af53ce952d651246336e19b9786c3c46cf7162c33eb3dbd099d66e0bda9b9f3f3b651b43628bb4b1c2870827279782efa138576a02da09533a8905efd1d9ccd5dced305cd98fe339374b36d52a5cc41b2adff8a20c428bd039d283e245563fd3d7bbabe04de26f26a9e0596c8b561cb3af0b2bb0bf49e842b3f5c08ad473592c44fe2ca70f10f2bf5ec37e78fb0f065364fa1cda7a6049832400973878d7f5730c8ba959f4c12b8132b26f3e05fcc690f24cf734a75be06bc06d4ad08fc8c5e5908f4a859a70bba0a4365712fc75b436dbbd2d8e944bb1d2156e3d4eb7b930668dad3471dae381f96bf3708ffa95f68be81f0349b376719899845810c838db3b74fca9f8ff9f287b84a7d2bb6a171f440445c8ad50209e2643a85f02f52d29e624cda58c416950f9760dc1493167505bbc64295ee871d0bbcf9b2483e70302ce45a7a211a15fe0d4d7a0d55bf3271bed4011f25a0426b93352fc98ee647089005ebba957d68b565d535e2a666d3ed53de8034e32d396235baa9d4ee666fbe87b8650713c21294bb50e9eb5685984b1e23eae5874c116d57eb72ec723716e41afff5a5c61c147422664e1eafaef1e583acc5d8b3baf937a07eee38cf4dfd2b5976151f44af1e29d9cd68634e1f90fabd6702dc25d6f174e8eac3f94f7f8f0a3ef50108f7167ca49170556fc102c8792dce143e927d1c91ba72bfe4212aea616ded4c55b98ce7876ee612f1b57a847385e6d560909b2fa2acadb5110d6b9b5c61df4b76018b98ac17c7ec5ff1a37cfe4d086bb4fdd123ac0780e2b9a32b00056e5e52466324e60e7aa6f32739ca28c2e5194d751b7eea353f76ea426b9e8d65bca410ea720bf176ceda16cb5115ba0b75972c07ee80bb25bef33c16905020c7d11a20347b0be8848e6e2b3c5767ee8eb89b3deba73172a7c863e148d8742255a8dd06f0a3204a44f0ccaee04f17f368a6b8ef8fd69a34d177bf8e7c32f502ef22ff5773dd91d1fba23e8474f184afb8665a28d01b494d924519197100954523bf0d49cd4d16e61d7ad512bb89006fe4407e96dea09d2b14e6d189c8e75e722fa9e678a9ddde9fd4b4d599b3c480f7437092acbf903f4aee3365babffaa1f6d2cc9edb7dca3796e9bcf0133640d4c6deba1da2145f4646a5dd7ebbc14b7d36735727dbb2c29c194332c6b7eba94c7a78c3e05e96d19a8c0f9802ec7433cd47ec8a24d3ecf5057161ed79f406091d0071a5f0f09bcf8415e3eaf96016eaa3f8587db26174dc0515cacd1fdf50a9a6c52673a75cc622f228e4318820737ac7981b7303055f05bd2f8ff5426146f81ae5d139a9fc3ca0f58bed8a20862dd68620937e9263850d4f4faaa6ad9234d316e266bda3343a9106f417a64c1362eb51332770db513c922dddf8e33ef47006a8e06357a9e2d1195e743e08edc194e2aff47ae436245ceac5114d7b24e02967e943f5cc6fbf3c64c7164053a30e68f1c1ac50b995a1f16ebe5924bbabc908df8b9cb439cf6b0154bbbc8fc470e962a5cfef05c3cb26a93adbfad82622de8cc403e654416b567e2fef2dc3b5f2bae90683bde86610460813b921eae5baf4a1feb830ddc35f95647824b81e1f929af17194697240f177022758302dabc75951ba57923550e9775f55ffa12d4bafd9727bb9bc3384d5edcffb0900a38b34bf6a3d939a7d24c08810ddffe25ef6df84dcd5757092754a947e38a26c5ab790ebe7438091962a9aaa5205b864feadd2b43284f3eeb380edd7af46799b8275d1886acad9efebc2aeb7086e14d5965cd477dce428fe89305e9a95f153a374faa7de00acd6089b33d3c5fae71f96890d0991232e7ac866f513e38cce36b2b87ed8280feda18a12aae265bd3aac50ae3dd52cd9ae24bf5bb1838ca8183ac92754e72c626305b42f846a99d74655e0d1a9affbc5db3633904aca15345cbfb3e2a95fb68f69fdd72e7b12dfd6376ea75540a06aff43e58b0d7caedd5fac0f0e650e32c8ebd63873138ff305d6586e0e0d9c578894cef0daf95d3c9c39eb6f42e3f4038b72cef6328013d36cbf5a770898a677a8e327858024a1f8ad7d264f61dfd8fae59de9e5f7269375d654024e86475417b7d68b3be90f588c1f76672b73221e7d336de95a2a625aeda40aa17f6ddd0a9644f32262e552fec7fdccc59d94cad8ce2b6fe7da0a38333c9b3b8b8d312d9580c5b486cd79872d9758c34a36ba4d36af4e744a00d1760a295e7493c25e68f4924b136120d8faee0c1f07eb08a543dd224523728e8816f5a454a6069c68c215167c1f025770a865a8c774ac57a36c0", 0x1000, 0x1}], 0x51004, &(0x7f0000003380)={[{@fat=@nocase}, {@nodots}, {@nodots}, {@nodots}, {@nodots}, {@fat=@nfs_nostale_ro}, {@fat=@check_normal}, {@nodots}, {@nodots}, {@fat=@check_strict}], [{@fowner_eq={'fowner', 0x3d, 0xee01}}, {@euid_lt={'euid<', 0xffffffffffffffff}}, {@obj_type={'obj_type', 0x3d, '@'}}, {@fowner_lt={'fowner<', 0xee00}}, {@appraise_type}, {@rootcontext={'rootcontext', 0x3d, 'sysadm_u'}}]}) statx(r1, &(0x7f0000003480)='./file0\x00', 0x0, 0x200, &(0x7f00000034c0)) set_thread_area(&(0x7f0000000000)={0x4, 0x1000, 0x1000, 0x1, 0x0, 0x1, 0x1, 0x1}) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xe7) write$nbd(r0, &(0x7f0000000080), 0x10) syz_mount_image$msdos(&(0x7f00000035c0), &(0x7f0000003600)='./file0\x00', 0x8, 0x1, &(0x7f0000003680)=[{&(0x7f0000003640)="273fc5722435848181a880dac327c221ead79722e2d613", 0x17, 0x1}], 0x7f0ca88b78d40a19, &(0x7f00000036c0)={[{}], [{@obj_user={'obj_user', 0x3d, 'check=strict'}}, {@measure}, {@measure}]}) r2 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000040), 0x12001, 0x0) ioctl$KDSETLED(r2, 0x4b32, 0x4) 07:38:54 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xda030000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 2843.431705][T18429] loop5: detected capacity change from 0 to 264192 [ 2843.451308][T18453] FAULT_INJECTION: forcing a failure. [ 2843.451308][T18453] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 2843.464563][T18453] CPU: 1 PID: 18453 Comm: syz-executor.2 Not tainted 5.14.0-rc4-syzkaller #0 [ 2843.473319][T18453] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2843.483364][T18453] Call Trace: [ 2843.486634][T18453] dump_stack_lvl+0xb7/0x103 [ 2843.491284][T18453] dump_stack+0x11/0x1a [ 2843.495431][T18453] should_fail+0x23c/0x250 [ 2843.499833][T18453] __alloc_pages+0x102/0x320 [ 2843.504429][T18453] alloc_pages_vma+0x513/0x680 [ 2843.509178][T18453] shmem_getpage_gfp+0x954/0x13d0 [ 2843.514189][T18453] shmem_write_begin+0x7e/0x100 [ 2843.519022][T18453] generic_perform_write+0x196/0x3c0 [ 2843.524362][T18453] ? shmem_write_begin+0x100/0x100 [ 2843.529467][T18453] __generic_file_write_iter+0x161/0x300 [ 2843.535082][T18453] ? generic_write_checks+0x242/0x290 [ 2843.540437][T18453] generic_file_write_iter+0x75/0x130 [ 2843.545806][T18453] vfs_write+0x69d/0x770 [ 2843.550041][T18453] ksys_write+0xce/0x180 [ 2843.554266][T18453] __x64_sys_write+0x3e/0x50 [ 2843.558841][T18453] do_syscall_64+0x3d/0x90 [ 2843.563413][T18453] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 2843.569313][T18453] RIP: 0033:0x4665e9 [ 2843.573196][T18453] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2843.592790][T18453] RSP: 002b:00007fdb39a02188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2843.601284][T18453] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665e9 [ 2843.609257][T18453] RDX: 00000000fffffdef RSI: 0000000020000480 RDI: 0000000000000003 [ 2843.617266][T18453] RBP: 00007fdb39a021d0 R08: 0000000000000000 R09: 0000000000000000 [ 2843.625220][T18453] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2843.633171][T18453] R13: 00007ffca9e2055f R14: 00007fdb39a02300 R15: 0000000000022000 [ 2843.666981][T18429] FAT-fs (loop5): invalid media value (0xe1) [ 2843.673048][T18429] FAT-fs (loop5): Can't find a valid FAT filesystem 07:38:54 executing program 5: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x0, 0x2, &(0x7f0000000440)=[{0x0, 0x0, 0x1ffffff97}, {&(0x7f0000000400)="b6e4ba5e97a999bfce4e9bf4475031d183cbe1", 0x13, 0x3}], 0x0, &(0x7f0000000000)={[{@fat=@time_offset={'time_offset', 0x3d, 0xfffffffffffffc11}}]}) 07:38:54 executing program 4: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) io_uring_setup(0x1d00, &(0x7f00000000c0)={0x0, 0xbd4f, 0x20, 0x2, 0x2e5}) ioctl$SNDRV_SEQ_IOCTL_GET_PORT_INFO(r0, 0xc0a85322, &(0x7f0000000000)) write$nbd(r0, 0x0, 0x7fffffffffffffff) 07:38:54 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xda040000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 07:38:54 executing program 3: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xe7) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'}) write$nbd(r0, &(0x7f0000000080), 0x10) 07:38:54 executing program 0: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, 0x0, 0xe7) write$nbd(r0, &(0x7f0000000080)={0x67446698, 0x0, 0x0, 0x300}, 0x10) 07:38:54 executing program 2 (fault-call:1 fault-nth:22): r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xfffffdef) [ 2843.752810][T18474] FAULT_INJECTION: forcing a failure. [ 2843.752810][T18474] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2843.765923][T18474] CPU: 1 PID: 18474 Comm: syz-executor.2 Not tainted 5.14.0-rc4-syzkaller #0 [ 2843.774676][T18474] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2843.784798][T18474] Call Trace: [ 2843.788075][T18474] dump_stack_lvl+0xb7/0x103 [ 2843.792668][T18474] dump_stack+0x11/0x1a [ 2843.796819][T18474] should_fail+0x23c/0x250 [ 2843.801239][T18474] should_fail_usercopy+0x16/0x20 [ 2843.806320][T18474] copy_page_from_iter_atomic+0x2c1/0xba0 [ 2843.812083][T18474] ? shmem_write_begin+0x7e/0x100 [ 2843.817108][T18474] generic_perform_write+0x1df/0x3c0 [ 2843.822467][T18474] ? shmem_write_begin+0x100/0x100 [ 2843.827656][T18474] __generic_file_write_iter+0x161/0x300 [ 2843.833308][T18474] ? generic_write_checks+0x242/0x290 [ 2843.838695][T18474] generic_file_write_iter+0x75/0x130 [ 2843.844067][T18474] vfs_write+0x69d/0x770 [ 2843.848365][T18474] ksys_write+0xce/0x180 07:38:54 executing program 0: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, 0x0, 0xe7) write$nbd(r0, &(0x7f0000000080)={0x67446698, 0x0, 0x0, 0x402}, 0x10) 07:38:54 executing program 3: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xe7) write$nbd(r0, &(0x7f0000000000)=ANY=[@ANYBLOB="674466980000000000000000e8178193528639411c7f91e7baf3568120000000"], 0x10) 07:38:54 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$BATADV_CMD_GET_NEIGHBORS(r0, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x38, 0x0, 0x10, 0x70bd2b, 0x25dfdbfc, {}, [@BATADV_ATTR_AGGREGATED_OGMS_ENABLED={0x5}, @BATADV_ATTR_ORIG_ADDRESS={0xa, 0x9, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}}, @BATADV_ATTR_HOP_PENALTY={0x5, 0x35, 0x4}, @BATADV_ATTR_GW_SEL_CLASS={0x8, 0x34, 0x4}]}, 0x38}, 0x1, 0x0, 0x0, 0x801}, 0x20000004) r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r1, 0x0, 0x7fffffffffffffff) r2 = syz_genetlink_get_family_id$team(&(0x7f0000000140), r0) ioctl$sock_ipv6_tunnel_SIOCGET6RD(r1, 0x89f8, &(0x7f0000000240)={'ip6_vti0\x00', &(0x7f00000001c0)={'sit0\x00', 0x0, 0x29, 0x1, 0xfa, 0x5, 0x10, @private0, @mcast1, 0x8, 0x80, 0xb0e5, 0x1f}}) getsockname$packet(r1, &(0x7f0000000280)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @remote}, &(0x7f00000002c0)=0x14) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000300)={'team0\x00', 0x0}) sendmsg$TEAM_CMD_OPTIONS_SET(r1, &(0x7f0000000ac0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000a80)={&(0x7f0000000340)={0x714, r2, 0x100, 0x70bd2b, 0x25dfdbff, {}, [{{0x8}, {0x1dc, 0x2, 0x0, 0x1, [{0x38, 0x1, @notify_peers_interval={{0x24}, {0x5}, {0x8, 0x4, 0x9}}}, {0x38, 0x1, @mcast_rejoin_count={{0x24}, {0x5}, {0x8, 0x4, 0xffffffff}}}, {0x3c, 0x1, @user_linkup_enabled={{{0x24}, {0x5}, {0x4}}, {0x8}}}, {0x3c, 0x1, @user_linkup_enabled={{{0x24}, {0x5}, {0x4}}, {0x8}}}, {0x38, 0x1, @lb_stats_refresh_interval={{0x24}, {0x5}, {0x8, 0x4, 0x1f}}}, {0x4c, 0x1, @lb_tx_method={{0x24}, {0x5}, {0x19, 0x4, 'hash_to_port_mapping\x00'}}}, {0x6c, 0x1, @bpf_hash_func={{0x24}, {0x5}, {0x3c, 0x4, [{0xfff, 0x4, 0x4}, {0x7, 0x7, 0x5, 0x10000}, {0x7d, 0x7, 0x8}, {0x3, 0x3, 0x81, 0xc325301}, {0x8000, 0x81, 0x1}, {0x100, 0x0, 0x82, 0x1}, {0x7, 0x1, 0x20, 0x4}]}}}]}}, {{0x8, 0x1, r3}, {0xd0, 0x2, 0x0, 0x1, [{0x40, 0x1, @queue_id={{{0x24}, {0x5}, {0x8, 0x4, 0x7fff}}, {0x8}}}, {0x4c, 0x1, @bpf_hash_func={{0x24}, {0x5}, {0x1c, 0x4, [{0x1, 0x2, 0x6, 0xe88}, {0x1000, 0x40, 0xfd, 0xe1}, {0xfff, 0x2, 0x8}]}}}, {0x40, 0x1, @queue_id={{{0x24}, {0x5}, {0x8, 0x4, 0x5}}, {0x8}}}]}}, {{0x8}, {0xf0, 0x2, 0x0, 0x1, [{0x3c, 0x1, @enabled={{{0x24}, {0x5}, {0x4}}, {0x8}}}, {0x40, 0x1, @queue_id={{{0x24}, {0x5}, {0x8, 0x4, 0x8}}, {0x8, 0x6, r4}}}, {0x38, 0x1, @lb_stats_refresh_interval={{0x24}, {0x5}, {0x8, 0x4, 0x80}}}, {0x38, 0x1, @activeport={{0x24}, {0x5}, {0x8}}}]}}, {{0x8, 0x1, r5}, {0x1b4, 0x2, 0x0, 0x1, [{0x38, 0x1, @mcast_rejoin_count={{0x24}, {0x5}, {0x8, 0x4, 0x7}}}, {0x40, 0x1, @name={{0x24}, {0x5}, {0xe, 0x4, 'broadcast\x00'}}}, {0x84, 0x1, @bpf_hash_func={{0x24}, {0x5}, {0x54, 0x4, [{0x5, 0x3, 0x6, 0x10000}, {0x0, 0x40, 0x9, 0x5}, {0x8000, 0x81, 0x8, 0x4}, {0x8000, 0xf5, 0x3, 0x1866d538}, {0x4, 0x1, 0x40, 0x1}, {0x3, 0x3f, 0x56, 0x2}, {0x9, 0x2, 0x8, 0x5}, {0x4000, 0x20, 0x81, 0x3f}, {0x40, 0x3f, 0x1, 0x7}, {0x6, 0x2, 0x67, 0xffffffff}]}}}, {0x40, 0x1, @lb_hash_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x5}}, {0x8}}}, {0x38, 0x1, @notify_peers_count={{0x24}, {0x5}, {0x8, 0x4, 0xb0cd}}}, {0x3c, 0x1, @name={{0x24}, {0x5}, {0xb, 0x4, 'random\x00'}}}]}}, {{0x8}, {0x188, 0x2, 0x0, 0x1, [{0x4c, 0x1, @lb_tx_method={{0x24}, {0x5}, {0x19, 0x4, 'hash_to_port_mapping\x00'}}}, {0x38, 0x1, @activeport={{0x24}, {0x5}, {0x8}}}, {0x38, 0x1, @notify_peers_count={{0x24}, {0x5}, {0x8, 0x4, 0xdf2e}}}, {0x3c, 0x1, @user_linkup={{{0x24}, {0x5}, {0x4}}, {0x8}}}, {0x40, 0x1, @priority={{{0x24}, {0x5}, {0x8, 0x4, 0xfffffffa}}, {0x8}}}, {0x4c, 0x1, @lb_tx_method={{0x24}, {0x5}, {0x19, 0x4, 'hash_to_port_mapping\x00'}}}]}}]}, 0x714}, 0x1, 0x0, 0x0, 0x40000}, 0x20000014) [ 2843.852664][T18474] __x64_sys_write+0x3e/0x50 [ 2843.857250][T18474] do_syscall_64+0x3d/0x90 [ 2843.861663][T18474] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 2843.867584][T18474] RIP: 0033:0x4665e9 [ 2843.871474][T18474] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2843.891103][T18474] RSP: 002b:00007fdb39a02188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 07:38:54 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xdb000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 2843.899565][T18474] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665e9 [ 2843.907532][T18474] RDX: 00000000fffffdef RSI: 0000000020000480 RDI: 0000000000000003 [ 2843.915583][T18474] RBP: 00007fdb39a021d0 R08: 0000000000000000 R09: 0000000000000000 [ 2843.923635][T18474] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2843.931713][T18474] R13: 00007ffca9e2055f R14: 00007fdb39a02300 R15: 0000000000022000 07:38:54 executing program 3: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) pipe(&(0x7f0000000000)={0xffffffffffffffff}) ioctl$TIOCSSOFTCAR(r0, 0x541a, &(0x7f00000000c0)=0xfffffffc) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xe7) write$nbd(r0, &(0x7f0000000080)={0x67446698, 0x40000000, 0xffff}, 0x10) sendmsg$IPCTNL_MSG_TIMEOUT_NEW(r1, &(0x7f00000001c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000140)={&(0x7f0000000200)={0x50, 0x0, 0x8, 0x5, 0x0, 0x0, {0x7, 0x0, 0x2}, [@CTA_TIMEOUT_L3PROTO={0x6, 0x2, 0x1, 0x0, 0x884c}, @CTA_TIMEOUT_DATA={0xc, 0x4, 0x0, 0x1, @udp=[@CTA_TIMEOUT_UDP_REPLIED={0x8}]}, @CTA_TIMEOUT_NAME={0x9, 0x1, 'syz0\x00'}, @CTA_TIMEOUT_L4PROTO={0x5, 0x3, 0x1}, @CTA_TIMEOUT_L4PROTO={0x5, 0x3, 0x21}, @CTA_TIMEOUT_NAME={0x9, 0x1, 'syz0\x00'}]}, 0x50}, 0x1, 0x0, 0x0, 0x24008004}, 0x40) r2 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000100), 0x400000, 0x0) r3 = syz_genetlink_get_family_id$batadv(&(0x7f00000002c0), r1) sendmsg$BATADV_CMD_SET_HARDIF(r2, &(0x7f0000000380)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x3c, r3, 0x4, 0x70bd28, 0x25dfdbfb, {}, [@BATADV_ATTR_HARD_IFINDEX={0x8}, @BATADV_ATTR_HOP_PENALTY={0x5, 0x35, 0x2}, @BATADV_ATTR_GW_BANDWIDTH_DOWN={0x8, 0x31, 0x80000001}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5}, @BATADV_ATTR_MESH_IFINDEX={0x8}]}, 0x3c}, 0x1, 0x0, 0x0, 0x84}, 0x40001) 07:38:54 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xdb010000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 2843.980768][T18501] loop5: detected capacity change from 0 to 264192 [ 2844.028493][T18501] FAT-fs (loop5): invalid media value (0xe1) [ 2844.034518][T18501] FAT-fs (loop5): Can't find a valid FAT filesystem 07:38:55 executing program 4: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, 0x0, 0x7fffffffffffffff) r1 = syz_open_dev$ttys(0xc, 0x2, 0x1) ioctl$TIOCGSID(r1, 0x5429, &(0x7f0000000000)) 07:38:55 executing program 0: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, 0x0, 0xe7) write$nbd(r0, &(0x7f0000000080)={0x67446698, 0x0, 0x0, 0x406}, 0x10) 07:38:55 executing program 5: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x0, 0x2, &(0x7f0000000440)=[{0x0, 0x0, 0x1ffffffda}, {&(0x7f0000000400)="b6e4ba5e97a999bfce4e9bf4475031d183cbe1", 0x13, 0x3}], 0x0, &(0x7f0000000000)={[{@fat=@time_offset={'time_offset', 0x3d, 0xfffffffffffffc11}}]}) 07:38:55 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xdb020000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 07:38:55 executing program 3: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x775501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xe7) write$nbd(r0, &(0x7f0000000080), 0x10) [ 2844.140666][T18501] loop5: detected capacity change from 0 to 264192 [ 2844.148202][T18501] FAT-fs (loop5): invalid media value (0xe1) [ 2844.154206][T18501] FAT-fs (loop5): Can't find a valid FAT filesystem 07:38:55 executing program 2 (fault-call:1 fault-nth:23): r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xfffffdef) 07:38:55 executing program 0: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, 0x0, 0xe7) write$nbd(r0, &(0x7f0000000080)={0x67446698, 0x0, 0x0, 0x500}, 0x10) [ 2844.229157][T18535] loop5: detected capacity change from 0 to 264192 [ 2844.255118][T18535] FAT-fs (loop5): invalid media value (0xe1) [ 2844.261168][T18535] FAT-fs (loop5): Can't find a valid FAT filesystem [ 2844.268464][T18543] FAULT_INJECTION: forcing a failure. [ 2844.268464][T18543] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 2844.281736][T18543] CPU: 1 PID: 18543 Comm: syz-executor.2 Not tainted 5.14.0-rc4-syzkaller #0 [ 2844.290589][T18543] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2844.300688][T18543] Call Trace: [ 2844.303958][T18543] dump_stack_lvl+0xb7/0x103 [ 2844.308528][T18543] dump_stack+0x11/0x1a [ 2844.312678][T18543] should_fail+0x23c/0x250 [ 2844.317163][T18543] __alloc_pages+0x102/0x320 [ 2844.321747][T18543] alloc_pages_vma+0x513/0x680 [ 2844.326503][T18543] shmem_getpage_gfp+0x954/0x13d0 [ 2844.331529][T18543] shmem_write_begin+0x7e/0x100 [ 2844.336431][T18543] generic_perform_write+0x196/0x3c0 [ 2844.341708][T18543] ? shmem_write_begin+0x100/0x100 [ 2844.346814][T18543] __generic_file_write_iter+0x161/0x300 [ 2844.352600][T18543] ? generic_write_checks+0x242/0x290 [ 2844.357987][T18543] generic_file_write_iter+0x75/0x130 [ 2844.363356][T18543] vfs_write+0x69d/0x770 [ 2844.367609][T18543] ksys_write+0xce/0x180 [ 2844.371843][T18543] __x64_sys_write+0x3e/0x50 07:38:55 executing program 0: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, 0x0, 0xe7) write$nbd(r0, &(0x7f0000000080)={0x67446698, 0x0, 0x0, 0x604}, 0x10) 07:38:55 executing program 3: write$nbd(0xffffffffffffffff, &(0x7f0000000480)=ANY=[], 0xe7) write$nbd(0xffffffffffffffff, &(0x7f0000000080), 0x10) 07:38:55 executing program 5: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x0, 0x2, &(0x7f0000000440)=[{0x0, 0x0, 0x1fffffff6}, {&(0x7f0000000400)="b6e4ba5e97a999bfce4e9bf4475031d183cbe1", 0x13, 0x3}], 0x0, &(0x7f0000000000)={[{@fat=@time_offset={'time_offset', 0x3d, 0xfffffffffffffc11}}]}) 07:38:55 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xdb030000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 07:38:55 executing program 4: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000040)) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) write$nbd(r1, 0x0, 0x7fffffffffffffff) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000000)) 07:38:55 executing program 3: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xe7) ioctl$TIOCGSID(r0, 0x5429, &(0x7f0000000000)) setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0x7, &(0x7f0000000040)={0xfff, 0x7, 0x1f, 0x7}, 0x10) write$nbd(r0, &(0x7f0000000080), 0x10) [ 2844.376428][T18543] do_syscall_64+0x3d/0x90 [ 2844.380841][T18543] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 2844.386737][T18543] RIP: 0033:0x4665e9 [ 2844.390658][T18543] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2844.410358][T18543] RSP: 002b:00007fdb39a02188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2844.419204][T18543] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665e9 07:38:55 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xdb040000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 2844.427180][T18543] RDX: 00000000fffffdef RSI: 0000000020000480 RDI: 0000000000000003 [ 2844.435146][T18543] RBP: 00007fdb39a021d0 R08: 0000000000000000 R09: 0000000000000000 [ 2844.443195][T18543] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2844.451192][T18543] R13: 00007ffca9e2055f R14: 00007fdb39a02300 R15: 0000000000022000 [ 2844.471136][T18561] loop5: detected capacity change from 0 to 264192 07:38:55 executing program 4: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, 0x0, 0x7fffffffffffffff) openat$bsg(0xffffffffffffff9c, &(0x7f0000000080), 0x101000, 0x0) ioctl$TCSETS(r0, 0x5402, &(0x7f0000000040)={0x55, 0x7fff, 0x2, 0x0, 0x10, "ea64b12e11ebba93914cf3c4d0817008d9c5a0"}) ioctl$KDGKBMETA(r0, 0x4b62, &(0x7f0000000000)) 07:38:55 executing program 0: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, 0x0, 0xe7) write$nbd(r0, &(0x7f0000000080)={0x67446698, 0x0, 0x0, 0x3f00}, 0x10) 07:38:55 executing program 3: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) r1 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000380)='/sys/module/e1000', 0x40080, 0x20) syz_genetlink_get_family_id$team(&(0x7f0000000340), r1) ioctl$sock_ipv6_tunnel_SIOCCHGPRL(r1, 0x89f7, &(0x7f00000000c0)={'ip6_vti0\x00', &(0x7f0000000040)={'syztnl1\x00', 0x0, 0x2f, 0x2, 0x3, 0x40, 0x2, @private0={0xfc, 0x0, '\x00', 0x1}, @remote, 0x20, 0x40, 0x2, 0x8001}}) ioctl$sock_ipv6_tunnel_SIOCDELPRL(r0, 0x89f6, &(0x7f0000000300)={'syztnl0\x00', &(0x7f0000000100)={'sit0\x00', r2, 0x29, 0x5, 0x1, 0x9, 0x47, @private2={0xfc, 0x2, '\x00', 0x1}, @private2={0xfc, 0x2, '\x00', 0x1}, 0x40, 0x10, 0x3f, 0x1f}}) rt_sigprocmask(0x2, &(0x7f00000003c0)={[0xfffffffffffffff8]}, &(0x7f0000000400), 0x8) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xe7) write$nbd(r0, &(0x7f00000001c0)={0x67446698, 0x0, 0xfffe, 0x1, 0x0, "2342a686c742be4caa149fe89e3b3bc802effbdf23bad7ba9a4ed788afa78a5af751748c415b6dc46f4b7b6752eb7de3d12b270ab9345eb6ca4e622feab192f3e601515710b78522b7fbd439d634f4cc4f0391e91ddc0341d071ee644a7fc12bd1e0e801aac519e7831d535108d957b1a5ae723f5c5971ff96f0ba3e6491f590904617b042419c6a8b29901375c9e25613a08a3fea2ccc4895e83d079f0134885be432fede5c4ffb73b666d6ff621ada17f03a60218fa5d5b70b98a58b4a0863263a08c97335c3ec6e162319ce6e7f8bcb63779f9b075adcd8ef1d6aca05e097a356d3c048e71607ddf3cdda3adaeba8bcf1429782f5284e84082ca85eb953a09ae1025eab69d8e8e99b386818fac57e0b82f213fa388516"}, 0x128) r3 = socket(0xa, 0x3, 0xffff174a) setsockopt$netlink_NETLINK_DROP_MEMBERSHIP(r3, 0x10e, 0x2, &(0x7f0000000000)=0xa, 0x4) [ 2844.500304][T18561] FAT-fs (loop5): invalid media value (0xe1) [ 2844.506325][T18561] FAT-fs (loop5): Can't find a valid FAT filesystem 07:38:55 executing program 2 (fault-call:1 fault-nth:24): r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xfffffdef) 07:38:55 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xdc000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 07:38:55 executing program 0: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, 0x0, 0xe7) write$nbd(r0, &(0x7f0000000080)={0x67446698, 0x0, 0x0, 0x4000}, 0x10) 07:38:55 executing program 4: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x490e00, 0x0) getsockname$packet(r0, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @remote}, &(0x7f0000000040)=0x14) write$nbd(r0, 0x0, 0x7fffffffffffffff) [ 2844.595154][T18561] loop5: detected capacity change from 0 to 264192 [ 2844.630235][T18561] FAT-fs (loop5): invalid media value (0xe1) [ 2844.636253][T18561] FAT-fs (loop5): Can't find a valid FAT filesystem 07:38:55 executing program 5: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x0, 0x2, &(0x7f0000000440)=[{0x0, 0x0, 0x1fffffffd}, {&(0x7f0000000400)="b6e4ba5e97a999bfce4e9bf4475031d183cbe1", 0x13, 0x3}], 0x0, &(0x7f0000000000)={[{@fat=@time_offset={'time_offset', 0x3d, 0xfffffffffffffc11}}]}) 07:38:55 executing program 0: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, 0x0, 0xe7) write$nbd(r0, &(0x7f0000000080)={0x67446698, 0x0, 0x0, 0xffff}, 0x10) [ 2844.638304][T18593] FAULT_INJECTION: forcing a failure. [ 2844.638304][T18593] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2844.655915][T18593] CPU: 1 PID: 18593 Comm: syz-executor.2 Not tainted 5.14.0-rc4-syzkaller #0 [ 2844.664715][T18593] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2844.674769][T18593] Call Trace: [ 2844.678070][T18593] dump_stack_lvl+0xb7/0x103 [ 2844.682660][T18593] dump_stack+0x11/0x1a [ 2844.686809][T18593] should_fail+0x23c/0x250 07:38:55 executing program 3: rt_sigprocmask(0x1, &(0x7f0000000000)={[0x2]}, &(0x7f0000000040), 0x8) r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xe7) write$nbd(r0, &(0x7f0000000080), 0x10) r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000700), 0x40000, 0x0) ioctl$SNDRV_SEQ_IOCTL_PVERSION(0xffffffffffffffff, 0x80045300, &(0x7f00000000c0)) recvmsg$unix(r1, &(0x7f0000000b80)={&(0x7f0000000740), 0x6e, 0x0}, 0x0) statx(r1, &(0x7f0000000100)='./file0\x00', 0x4000, 0x0, &(0x7f00000002c0)) [ 2844.691385][T18593] should_fail_usercopy+0x16/0x20 [ 2844.696436][T18593] copy_page_from_iter_atomic+0x2c1/0xba0 [ 2844.702173][T18593] ? shmem_write_begin+0x7e/0x100 [ 2844.707208][T18593] generic_perform_write+0x1df/0x3c0 [ 2844.712497][T18593] ? shmem_write_begin+0x100/0x100 [ 2844.717599][T18593] __generic_file_write_iter+0x161/0x300 [ 2844.723293][T18593] ? generic_write_checks+0x242/0x290 [ 2844.728777][T18593] generic_file_write_iter+0x75/0x130 [ 2844.734146][T18593] vfs_write+0x69d/0x770 [ 2844.738427][T18593] ksys_write+0xce/0x180 07:38:55 executing program 4: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, 0x0, 0x7fffffffffffffff) r1 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/class/rfkill', 0x400000, 0x2d) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r1, 0xc0305302, &(0x7f0000000040)={0x3ff, 0x3, 0x2, 0x1fa, 0x80000001, 0x7ff}) [ 2844.742669][T18593] __x64_sys_write+0x3e/0x50 [ 2844.747313][T18593] do_syscall_64+0x3d/0x90 [ 2844.751729][T18593] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 2844.757616][T18593] RIP: 0033:0x4665e9 [ 2844.761500][T18593] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2844.781159][T18593] RSP: 002b:00007fdb39a02188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 07:38:55 executing program 3: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xe7) r1 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) ioctl$KDSKBMODE(r1, 0x4b45, 0x0) ioctl$TIOCGSID(r1, 0x5429, &(0x7f0000000000)) write$nbd(r0, &(0x7f0000000080), 0x10) 07:38:55 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xdc010000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 2844.789564][T18593] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665e9 [ 2844.797524][T18593] RDX: 00000000fffffdef RSI: 0000000020000480 RDI: 0000000000000003 [ 2844.805493][T18593] RBP: 00007fdb39a021d0 R08: 0000000000000000 R09: 0000000000000000 [ 2844.813565][T18593] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2844.821530][T18593] R13: 00007ffca9e2055f R14: 00007fdb39a02300 R15: 0000000000022000 07:38:55 executing program 0: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, 0x0, 0xe7) write$nbd(r0, &(0x7f0000000080), 0x10) 07:38:55 executing program 4: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d05c1, 0x0) write$nbd(r0, 0x0, 0x7fffffffffffffff) r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x200000) ioctl$SNDRV_SEQ_IOCTL_RUNNING_MODE(r1, 0xc0105303, &(0x7f0000000040)={0x20, 0x3, 0x1}) [ 2844.906787][T18620] loop5: detected capacity change from 0 to 264192 [ 2844.920962][T18620] FAT-fs (loop5): invalid media value (0xe1) [ 2844.926980][T18620] FAT-fs (loop5): Can't find a valid FAT filesystem 07:38:55 executing program 2 (fault-call:1 fault-nth:25): r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xfffffdef) 07:38:55 executing program 3: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000700), 0x40000, 0x0) recvmsg$unix(r0, &(0x7f0000000b80)={&(0x7f0000000740), 0x6e, 0x0}, 0x0) ioctl$SNDRV_SEQ_IOCTL_DELETE_PORT(r0, 0x40a85321, &(0x7f00000000c0)={{0x5, 0x1}, 'port1\x00', 0x7, 0x80004, 0x8, 0x5, 0x3696, 0x8, 0x1e6d, 0x0, 0x5, 0x81}) r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r1, &(0x7f0000000480)=ANY=[], 0xe7) write$nbd(r1, &(0x7f0000000080), 0x10) 07:38:55 executing program 5: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x0, 0x2, &(0x7f0000000440)=[{0x0, 0x0, 0x1fffffffe}, {&(0x7f0000000400)="b6e4ba5e97a999bfce4e9bf4475031d183cbe1", 0x13, 0x3}], 0x0, &(0x7f0000000000)={[{@fat=@time_offset={'time_offset', 0x3d, 0xfffffffffffffc11}}]}) 07:38:55 executing program 0: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, 0x0, 0xe7) write$nbd(r0, &(0x7f0000000080)={0x67446698, 0x0, 0x0, 0x0, 0x2}, 0x10) 07:38:55 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xdc020000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 07:38:55 executing program 4: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4c0501, 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_CLIENT(r0, 0x404c534a, &(0x7f0000000000)={0x8000, 0x9}) write$nbd(r0, 0x0, 0x7fffffffffffffff) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TEMPO(r0, 0xc02c5341, &(0x7f00000002c0)) ioctl$SNDRV_SEQ_IOCTL_SET_PORT_INFO(0xffffffffffffffff, 0x40a85323, &(0x7f0000000340)={{0x6}, 'port1\x00', 0xc, 0x80008, 0xfff, 0x7, 0x9, 0x7463, 0x7ff, 0x0, 0x0, 0x3}) r1 = syz_genetlink_get_family_id$batadv(&(0x7f00000001c0), r0) ioctl$SECCOMP_IOCTL_NOTIF_SEND(r0, 0xc0182101, &(0x7f0000000400)={0x0, 0x7, 0x20}) r2 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) ioctl$KDSKBMODE(r2, 0x4b45, 0x0) ioctl$TIOCSTI(r2, 0x5412, &(0x7f0000000440)=0x5) sendmsg$BATADV_CMD_GET_TRANSTABLE_GLOBAL(r0, &(0x7f0000000280)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000240)={&(0x7f0000000200)={0x3c, r1, 0x100, 0x70bd2d, 0x25dfdbfd, {}, [@BATADV_ATTR_BONDING_ENABLED={0x5}, @BATADV_ATTR_AGGREGATED_OGMS_ENABLED={0x5, 0x29, 0x1}, @BATADV_ATTR_MESH_IFINDEX={0x8}, @BATADV_ATTR_AGGREGATED_OGMS_ENABLED={0x5}, @BATADV_ATTR_ELP_INTERVAL={0x8, 0x3a, 0x81}]}, 0x3c}, 0x1, 0x0, 0x0, 0x40000}, 0x50) ioctl$SNDRV_SEQ_IOCTL_GET_CLIENT_INFO(r0, 0xc0bc5310, &(0x7f0000000080)) [ 2845.067745][T18644] loop5: detected capacity change from 0 to 264192 [ 2845.090150][T18644] FAT-fs (loop5): invalid media value (0xe1) [ 2845.096220][T18644] FAT-fs (loop5): Can't find a valid FAT filesystem [ 2845.097568][T18653] FAULT_INJECTION: forcing a failure. [ 2845.097568][T18653] name fail_page_alloc, interval 1, probability 0, space 0, times 0 07:38:56 executing program 3: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000080), 0x10) 07:38:56 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xdc030000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 2845.116038][T18653] CPU: 1 PID: 18653 Comm: syz-executor.2 Not tainted 5.14.0-rc4-syzkaller #0 [ 2845.124829][T18653] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2845.134976][T18653] Call Trace: [ 2845.138252][T18653] dump_stack_lvl+0xb7/0x103 [ 2845.142849][T18653] dump_stack+0x11/0x1a [ 2845.146994][T18653] should_fail+0x23c/0x250 [ 2845.151438][T18653] __alloc_pages+0x102/0x320 [ 2845.156064][T18653] alloc_pages_vma+0x513/0x680 [ 2845.160897][T18653] shmem_getpage_gfp+0x954/0x13d0 07:38:56 executing program 3: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xe7) pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000700), 0x40000, 0x0) recvmsg$unix(r3, &(0x7f0000000b80)={&(0x7f0000000740), 0x6e, 0x0}, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_CLIENT_POOL(r3, 0xc058534b, &(0x7f0000000300)={0x1, 0x0, 0x5, 0xff, 0x1, 0x87f4}) ioctl$PIO_UNIMAP(r2, 0x4b67, &(0x7f0000000140)={0x9, &(0x7f0000000100)=[{0x9}, {0xfff, 0x1}, {0x1ff, 0x9c}, {0x3, 0x81}, {0x3a4c, 0xd40d}, {0x6, 0x8001}, {0x7fff, 0x6}, {0x8, 0x17c1}, {0x6, 0x2}]}) r4 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000280), 0x6cbf6ab0c5a19857, 0x0) ioctl$SNDRV_SEQ_IOCTL_QUERY_NEXT_PORT(r4, 0xc0a85352, &(0x7f0000000380)={{0x7, 0x9c}, 'port0\x00', 0xa, 0x40000, 0x4, 0x7fffffff, 0x4, 0x3, 0x20, 0x0, 0x4, 0x40}) write$nbd(r1, &(0x7f00000001c0)={0x67446698, 0x0, 0x2, 0x4, 0x3, "f0f5a2b660f8b551bfda346ffc7824d33f8b1ce4d7e6ef14e5659f39070b218ba37692fe0f44630e2e6f6305ac480c09c80b6b4740a80ca97fc254d5f05926f962e8e550d41d3b7c2e4ec5195fadb7cc9f9b3f89f8dad6fb2b9931718004993ea7cc508058ce38ce5bc316c961a9c4a4cc5b6f2a28f4f11213dcf89566bdef124abc91c48abbbb45ec74b84b8474a4a466cb1ccce552f0d6da28ad49f1d233"}, 0xaf) r5 = pidfd_open(0x0, 0x0) r6 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) ioctl$KDSKBMODE(r6, 0x4b45, 0x0) ioctl$PIO_UNIMAP(r6, 0x4b67, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x20, 0xffff}]}) pidfd_getfd(r5, r6, 0x0) write$nbd(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="674466a0000000160000ff0000e1"], 0x10) 07:38:56 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xdc040000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 2845.165920][T18653] shmem_write_begin+0x7e/0x100 [ 2845.170770][T18653] generic_perform_write+0x196/0x3c0 [ 2845.176078][T18653] ? shmem_write_begin+0x100/0x100 [ 2845.181185][T18653] __generic_file_write_iter+0x161/0x300 [ 2845.186964][T18653] ? generic_write_checks+0x242/0x290 [ 2845.192497][T18653] generic_file_write_iter+0x75/0x130 [ 2845.197871][T18653] vfs_write+0x69d/0x770 [ 2845.202116][T18653] ksys_write+0xce/0x180 [ 2845.206355][T18653] __x64_sys_write+0x3e/0x50 [ 2845.211065][T18653] do_syscall_64+0x3d/0x90 [ 2845.215478][T18653] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 2845.221402][T18653] RIP: 0033:0x4665e9 [ 2845.225337][T18653] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2845.244942][T18653] RSP: 002b:00007fdb39a02188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2845.253355][T18653] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665e9 07:38:56 executing program 3: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xe7) write$nbd(r0, &(0x7f0000000080), 0x10) ioctl$KDGKBMETA(r0, 0x4b62, &(0x7f0000000000)) [ 2845.261328][T18653] RDX: 00000000fffffdef RSI: 0000000020000480 RDI: 0000000000000003 [ 2845.269326][T18653] RBP: 00007fdb39a021d0 R08: 0000000000000000 R09: 0000000000000000 [ 2845.277355][T18653] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2845.285325][T18653] R13: 00007ffca9e2055f R14: 00007fdb39a02300 R15: 0000000000022000 07:38:56 executing program 0: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, 0x0, 0xe7) write$nbd(r0, &(0x7f0000000080)={0x67446698, 0x0, 0x0, 0x0, 0x3}, 0x10) [ 2845.320840][T18644] loop5: detected capacity change from 0 to 264192 07:38:56 executing program 2 (fault-call:1 fault-nth:26): r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xfffffdef) 07:38:56 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xdd000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 2845.362209][T18644] FAT-fs (loop5): invalid media value (0xe1) [ 2845.368254][T18644] FAT-fs (loop5): Can't find a valid FAT filesystem [ 2845.415921][T18688] FAULT_INJECTION: forcing a failure. [ 2845.415921][T18688] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2845.428997][T18688] CPU: 1 PID: 18688 Comm: syz-executor.2 Not tainted 5.14.0-rc4-syzkaller #0 [ 2845.437776][T18688] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2845.447826][T18688] Call Trace: [ 2845.451102][T18688] dump_stack_lvl+0xb7/0x103 [ 2845.455691][T18688] dump_stack+0x11/0x1a [ 2845.459838][T18688] should_fail+0x23c/0x250 [ 2845.464254][T18688] should_fail_usercopy+0x16/0x20 [ 2845.469326][T18688] copy_page_from_iter_atomic+0x2c1/0xba0 [ 2845.475054][T18688] ? shmem_write_begin+0x7e/0x100 [ 2845.480072][T18688] generic_perform_write+0x1df/0x3c0 [ 2845.485479][T18688] ? shmem_write_begin+0x100/0x100 [ 2845.490653][T18688] __generic_file_write_iter+0x161/0x300 [ 2845.496377][T18688] ? generic_write_checks+0x242/0x290 [ 2845.501787][T18688] generic_file_write_iter+0x75/0x130 [ 2845.507159][T18688] vfs_write+0x69d/0x770 [ 2845.511391][T18688] ksys_write+0xce/0x180 [ 2845.515729][T18688] __x64_sys_write+0x3e/0x50 [ 2845.520494][T18688] do_syscall_64+0x3d/0x90 [ 2845.524926][T18688] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 2845.530805][T18688] RIP: 0033:0x4665e9 [ 2845.534801][T18688] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2845.554406][T18688] RSP: 002b:00007fdb39a02188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 07:38:56 executing program 5: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x0, 0x2, &(0x7f0000000440)=[{0x0, 0x0, 0x100000000}, {&(0x7f0000000400)="b6e4ba5e97a999bfce259bf4475031d183cbe1", 0x13, 0x3}], 0x0, &(0x7f0000000000)={[{@fat=@time_offset={'time_offset', 0x3d, 0xfffffffffffffc11}}]}) 07:38:56 executing program 3: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xe7) write$nbd(r0, &(0x7f0000000000)=ANY=[@ANYBLOB="674403980000000000000000008105148ef32e017a909a16f500fa00"], 0x10) 07:38:56 executing program 0: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, 0x0, 0xe7) write$nbd(r0, &(0x7f0000000080)={0x67446698, 0x0, 0x0, 0x0, 0x4}, 0x10) 07:38:56 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xdd010000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 07:38:56 executing program 4: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000140), 0x80000, 0x0) ioctl$sock_ipv6_tunnel_SIOCCHGPRL(r0, 0x89f7, &(0x7f0000000200)={'ip6gre0\x00', &(0x7f0000000180)={'ip6tnl0\x00', 0x0, 0x4, 0x40, 0x20, 0x9a0b, 0x42, @ipv4={'\x00', '\xff\xff', @remote}, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0x700, 0x1, 0x4, 0x10001}}) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000000680), r2) sendmsg$NLBL_MGMT_C_LISTALL(r2, &(0x7f0000000500)={&(0x7f0000000400), 0xc, &(0x7f00000004c0)={&(0x7f0000000440)=ANY=[], 0x50}}, 0x80) sendmsg$NLBL_MGMT_C_REMOVE(r2, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000840)=ANY=[@ANYBLOB="34000000bd93778f5672deedafc216a5e42f1cf1dc577bf38b352d4474ee77cd160bc03e5a930032e8b55473e0ad9256a31eee15a2e4f5710d809af756d1741cb0deb80f8be40a4a45ae788257adcd2cb0737cb005654e3b704d043e357b04aa9034", @ANYRES16=0x0, @ANYBLOB="20002dbd7000fcdbdf2502000000080007000a01010108000c00020000000800040001000000080008000a010102"], 0x34}, 0x1, 0x0, 0x0, 0x40080}, 0x1c11) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TEAM_CMD_NOOP(r3, &(0x7f00000031c0)={&(0x7f0000002c40)={0x10, 0x0, 0x0, 0x8800200}, 0xc, &(0x7f0000003180)={&(0x7f0000002e80)={0x14}, 0x14}}, 0x0) ioctl$sock_ipv6_tunnel_SIOCCHGPRL(r0, 0x89f7, &(0x7f0000000300)={'sit0\x00', &(0x7f0000000280)={'syztnl0\x00', r1, 0x4, 0x4, 0x20, 0x9, 0xc, @initdev={0xfe, 0x88, '\x00', 0x2, 0x0}, @mcast1, 0x40, 0x700, 0x7ff, 0x8}}) ioctl$sock_ipv6_tunnel_SIOCCHGPRL(r0, 0x89f7, &(0x7f0000000080)={'syztnl2\x00', &(0x7f0000000600)={'ip6tnl0\x00', r1, 0x2f, 0x6, 0x9, 0x3f, 0x22, @private1={0xfc, 0x1, '\x00', 0x1}, @private2={0xfc, 0x2, '\x00', 0x1}, 0x8000, 0x7, 0x4, 0xff}}) getsockname$packet(r0, &(0x7f0000000340)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f00000003c0)={'team0\x00', 0x0}) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f00000005c0)={'ip6gre0\x00', &(0x7f0000000540)={'syztnl0\x00', r1, 0x2, 0x40, 0x1, 0x3f, 0x50, @mcast1, @empty, 0x40, 0x40, 0x80000001, 0xff}}) sendmsg$TEAM_CMD_NOOP(r3, &(0x7f0000000480)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000440)={&(0x7f00000006c0)={0x164, 0x0, 0x400, 0x70bd2a, 0x25dfdbfc, {}, [{{0x8, 0x1, r4}, {0x4}}, {{0x8, 0x1, r5}, {0xf4, 0x2, 0x0, 0x1, [{0x38, 0x1, @mcast_rejoin_interval={{0x24}, {0x5}, {0x8, 0x4, 0x1e1c}}}, {0x40, 0x1, @lb_port_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x2}}, {0x8, 0x6, r1}}}, {0x38, 0x1, @lb_stats_refresh_interval={{0x24}, {0x5}, {0x8, 0x4, 0x6aa}}}, {0x40, 0x1, @name={{0x24}, {0x5}, {0x10, 0x4, 'loadbalance\x00'}}}]}}, {{0x8, 0x1, r6}, {0x40, 0x2, 0x0, 0x1, [{0x3c, 0x1, @lb_tx_method={{0x24}, {0x5}, {0x9, 0x4, 'hash\x00'}}}]}}]}, 0x164}, 0x1, 0x0, 0x0, 0x4000}, 0x4004000) r7 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x4d0501, 0x0) write$nbd(r7, 0x0, 0x7fffffffffffffff) [ 2845.562801][T18688] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665e9 [ 2845.570831][T18688] RDX: 00000000fffffdef RSI: 0000000020000480 RDI: 0000000000000003 [ 2845.578857][T18688] RBP: 00007fdb39a021d0 R08: 0000000000000000 R09: 0000000000000000 [ 2845.586824][T18688] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2845.594775][T18688] R13: 00007ffca9e2055f R14: 00007fdb39a02300 R15: 0000000000022000 07:38:56 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xdd020000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 07:38:56 executing program 0: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, 0x0, 0xe7) write$nbd(r0, &(0x7f0000000080)={0x67446698, 0x0, 0x0, 0x0, 0x5}, 0x10) [ 2845.679909][T18711] loop5: detected capacity change from 0 to 264192 07:38:56 executing program 3: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="9137e4cab14d845ba775c6951be943ae12f044c4e74e49f63f39bf08fa76f9045e7e21d298683ee11c525fd22dc7af163f23937ea452fe8334300093f00b4dc80ac8b7b1de12bde3bf84b8dac8874336dfb6a5d6c08abb84e3fed134bac8e3b6354c5f26f61330242794509fb90e7c19b0c8e8c23190d40640d51e2b6c195f1faf01b4e4"], 0xe7) socket$inet6_icmp(0xa, 0x2, 0x3a) 07:38:56 executing program 4: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4e0701, 0x0) write$nbd(r0, 0x0, 0x7fffffffffffffff) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000040)) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'}) [ 2845.731993][T18711] FAT-fs (loop5): invalid media value (0xe1) [ 2845.738013][T18711] FAT-fs (loop5): Can't find a valid FAT filesystem 07:38:56 executing program 0: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, 0x0, 0xe7) write$nbd(r0, &(0x7f0000000080)={0x67446698, 0x0, 0x0, 0x0, 0x8}, 0x10) 07:38:56 executing program 2 (fault-call:1 fault-nth:27): r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xfffffdef) 07:38:56 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xdd030000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 2845.836112][T18711] loop5: detected capacity change from 0 to 264192 [ 2845.852065][T18711] FAT-fs (loop5): invalid media value (0xe1) [ 2845.858081][T18711] FAT-fs (loop5): Can't find a valid FAT filesystem [ 2845.928752][T18747] FAULT_INJECTION: forcing a failure. [ 2845.928752][T18747] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 2845.942034][T18747] CPU: 0 PID: 18747 Comm: syz-executor.2 Not tainted 5.14.0-rc4-syzkaller #0 [ 2845.950782][T18747] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2845.960830][T18747] Call Trace: [ 2845.964099][T18747] dump_stack_lvl+0xb7/0x103 [ 2845.968673][T18747] dump_stack+0x11/0x1a [ 2845.972816][T18747] should_fail+0x23c/0x250 [ 2845.977250][T18747] __alloc_pages+0x102/0x320 [ 2845.981826][T18747] alloc_pages_vma+0x513/0x680 [ 2845.986574][T18747] shmem_getpage_gfp+0x954/0x13d0 [ 2845.991686][T18747] shmem_write_begin+0x7e/0x100 [ 2845.996566][T18747] generic_perform_write+0x196/0x3c0 [ 2846.001837][T18747] ? shmem_write_begin+0x100/0x100 [ 2846.006928][T18747] __generic_file_write_iter+0x161/0x300 [ 2846.012566][T18747] ? generic_write_checks+0x242/0x290 [ 2846.017924][T18747] generic_file_write_iter+0x75/0x130 [ 2846.023284][T18747] vfs_write+0x69d/0x770 [ 2846.027523][T18747] ksys_write+0xce/0x180 [ 2846.031774][T18747] __x64_sys_write+0x3e/0x50 [ 2846.036362][T18747] do_syscall_64+0x3d/0x90 [ 2846.040762][T18747] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 2846.046640][T18747] RIP: 0033:0x4665e9 [ 2846.050523][T18747] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2846.070131][T18747] RSP: 002b:00007fdb39a02188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 07:38:57 executing program 4: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r0, 0xc0502100, &(0x7f0000000000)) write$nbd(r0, 0x0, 0x7fffffffffffffff) pidfd_open(0xffffffffffffffff, 0x0) 07:38:57 executing program 3: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xe7) write$nbd(r0, &(0x7f00000001c0)={0x67446698, 0x0, 0x0, 0x0, 0x0, "3ae4cb0dff8edd40b903e5f1a9ebd38015127e6b3615dd96a6d1fd26729c446f196d10e21f3123df2a5cfe887e1a5216e5883fca89fc3f21c803fb48d308f9ac043c47f3a2c7fef007f8a9cfbe294d3d9f38c7f4cd0bb739e6e052ca06d39ef16b6ca7a95212350fd29f540ab36ea46fbc50369dd2864eab554f9775114bf9bfc3c55cf22ca1f998a36f914fe7409c178144c18415878449910b6a55d87b8b5a9a14b323d967a7dbc22100"/180}, 0xc4) 07:38:57 executing program 0: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, 0x0, 0xe7) write$nbd(r0, &(0x7f0000000080)={0x67446698, 0x0, 0x0, 0x0, 0x10}, 0x10) 07:38:57 executing program 5: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x0, 0x2, &(0x7f0000000440)=[{0x0, 0x0, 0x100000000}, {&(0x7f0000000400)="b6e4ba5e97a999bfce4e9bf4472531d183cbe1", 0x13, 0x3}], 0x0, &(0x7f0000000000)={[{@fat=@time_offset={'time_offset', 0x3d, 0xfffffffffffffc11}}]}) 07:38:57 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xdd040000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 07:38:57 executing program 2 (fault-call:1 fault-nth:28): r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xfffffdef) [ 2846.078531][T18747] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665e9 [ 2846.086516][T18747] RDX: 00000000fffffdef RSI: 0000000020000480 RDI: 0000000000000003 [ 2846.094552][T18747] RBP: 00007fdb39a021d0 R08: 0000000000000000 R09: 0000000000000000 [ 2846.102504][T18747] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2846.110542][T18747] R13: 00007ffca9e2055f R14: 00007fdb39a02300 R15: 0000000000022000 [ 2846.202760][T18760] loop5: detected capacity change from 0 to 264192 [ 2846.215391][T18762] FAULT_INJECTION: forcing a failure. [ 2846.215391][T18762] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2846.228457][T18762] CPU: 0 PID: 18762 Comm: syz-executor.2 Not tainted 5.14.0-rc4-syzkaller #0 [ 2846.237212][T18762] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2846.247276][T18762] Call Trace: [ 2846.250544][T18762] dump_stack_lvl+0xb7/0x103 [ 2846.255132][T18762] dump_stack+0x11/0x1a [ 2846.259440][T18762] should_fail+0x23c/0x250 [ 2846.263939][T18762] should_fail_usercopy+0x16/0x20 [ 2846.268975][T18762] copy_page_from_iter_atomic+0x2c1/0xba0 [ 2846.274695][T18762] ? shmem_write_begin+0x7e/0x100 [ 2846.279816][T18762] generic_perform_write+0x1df/0x3c0 [ 2846.285181][T18762] ? shmem_write_begin+0x100/0x100 [ 2846.290293][T18762] __generic_file_write_iter+0x161/0x300 [ 2846.295926][T18762] ? generic_write_checks+0x242/0x290 [ 2846.301302][T18762] generic_file_write_iter+0x75/0x130 [ 2846.306722][T18762] vfs_write+0x69d/0x770 [ 2846.310964][T18762] ksys_write+0xce/0x180 [ 2846.315205][T18762] __x64_sys_write+0x3e/0x50 [ 2846.319791][T18762] do_syscall_64+0x3d/0x90 [ 2846.324215][T18762] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 2846.327895][T18760] FAT-fs (loop5): invalid media value (0xe1) [ 2846.330190][T18762] RIP: 0033:0x4665e9 07:38:57 executing program 3: r0 = syz_open_dev$tty1(0xc, 0x4, 0x4) ioctl$VT_SETMODE(r0, 0x5602, &(0x7f0000000000)={0x13, 0x2, 0x505, 0x8, 0xfff}) r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r1, &(0x7f0000000480)=ANY=[], 0xe7) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000040)) write$nbd(r1, &(0x7f0000000080), 0x10) 07:38:57 executing program 0: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, 0x0, 0xe7) write$nbd(r0, &(0x7f0000000080)={0x67446698, 0x0, 0x0, 0x0, 0x204}, 0x10) [ 2846.330206][T18762] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2846.330221][T18762] RSP: 002b:00007fdb39a02188 EFLAGS: 00000246 [ 2846.336198][T18760] FAT-fs (loop5): Can't find a valid FAT filesystem [ 2846.340070][T18762] ORIG_RAX: 0000000000000001 [ 2846.340080][T18762] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665e9 [ 2846.340091][T18762] RDX: 00000000fffffdef RSI: 0000000020000480 RDI: 0000000000000003 [ 2846.340101][T18762] RBP: 00007fdb39a021d0 R08: 0000000000000000 R09: 0000000000000000 07:38:57 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xde000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 07:38:57 executing program 4: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SNDRV_SEQ_IOCTL_GET_CLIENT_INFO(r1, 0xc0bc5310, &(0x7f0000000040)) r2 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000700), 0x40000, 0x0) recvmsg$unix(r2, &(0x7f0000000b80)={&(0x7f0000000740), 0x6e, 0x0}, 0x0) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r2, 0x89f1, &(0x7f00000001c0)={'ip6_vti0\x00', &(0x7f0000000100)={'syztnl0\x00', 0x0, 0x29, 0x69, 0x7, 0x6, 0x12, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @private0, 0x1, 0x700, 0x6, 0xffff0000}}) write$nbd(r0, 0x0, 0x7fffffffffffffff) socket$unix(0x1, 0x2, 0x0) 07:38:57 executing program 0: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, 0x0, 0xe7) write$nbd(r0, &(0x7f0000000080)={0x67446698, 0x0, 0x0, 0x0, 0x300}, 0x10) [ 2846.340112][T18762] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2846.408931][T18762] R13: 00007ffca9e2055f R14: 00007fdb39a02300 R15: 0000000000022000 [ 2846.439569][T18760] loop5: detected capacity change from 0 to 264192 07:38:57 executing program 3: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xe7) write$nbd(r0, &(0x7f0000000080)={0x67446698, 0x0, 0x0, 0x2}, 0x10) 07:38:57 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xde010000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 2846.465883][T18760] FAT-fs (loop5): invalid media value (0xe1) [ 2846.472028][T18760] FAT-fs (loop5): Can't find a valid FAT filesystem 07:38:57 executing program 5: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x0, 0x2, &(0x7f0000000440)=[{0x0, 0x0, 0x100000000}, {&(0x7f0000000400)="b6e4ba5e97a999bfce4e9bf447500ad183cbe1", 0x13, 0x3}], 0x0, &(0x7f0000000000)={[{@fat=@time_offset={'time_offset', 0x3d, 0xfffffffffffffc11}}]}) 07:38:57 executing program 4: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x4d8700, 0x0) write$nbd(r0, 0x0, 0x7fffffffffffffff) 07:38:57 executing program 0: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, 0x0, 0xe7) write$nbd(r0, &(0x7f0000000080)={0x67446698, 0x0, 0x0, 0x0, 0x402}, 0x10) 07:38:57 executing program 3: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xe7) write$nbd(r0, &(0x7f0000000080)={0x67446698, 0x1}, 0x10) [ 2846.584902][T18809] loop5: detected capacity change from 0 to 264192 [ 2846.617966][T18809] FAT-fs (loop5): invalid media value (0xe1) [ 2846.623995][T18809] FAT-fs (loop5): Can't find a valid FAT filesystem [ 2846.673739][T18809] loop5: detected capacity change from 0 to 264192 [ 2846.680974][T18809] FAT-fs (loop5): invalid media value (0xe1) [ 2846.686961][T18809] FAT-fs (loop5): Can't find a valid FAT filesystem 07:38:57 executing program 2 (fault-call:1 fault-nth:29): r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xfffffdef) 07:38:57 executing program 4: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, 0x0, 0x7fffffffffffffff) r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000700), 0x40000, 0x0) recvmsg$unix(r1, &(0x7f0000000b80)={&(0x7f0000000740), 0x6e, 0x0}, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TIMER(r1, 0xc0605345, &(0x7f0000000000)={0x400, 0x0, {0x2, 0x1, 0x20, 0x1, 0x6}, 0x2}) 07:38:57 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xde020000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 07:38:57 executing program 0: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, 0x0, 0xe7) write$nbd(r0, &(0x7f0000000080)={0x67446698, 0x0, 0x0, 0x0, 0x406}, 0x10) 07:38:57 executing program 3: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xe7) write$nbd(r0, &(0x7f0000000080), 0x10) r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000700), 0x40000, 0x0) recvmsg$unix(r1, &(0x7f0000000b80)={&(0x7f0000000740), 0x6e, 0x0}, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000000)={'batadv0\x00', 0x0}) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r1, 0x89f1, &(0x7f0000000040)={'ip6gre0\x00', &(0x7f00000000c0)={'syztnl2\x00', r2, 0x4, 0x7, 0x99, 0xfff, 0x1, @ipv4={'\x00', '\xff\xff', @multicast2}, @private1, 0x1, 0x1, 0x2, 0x7fffffff}}) 07:38:57 executing program 5: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x0, 0x2, &(0x7f0000000440)=[{0x0, 0x0, 0x100000000}, {&(0x7f0000000400)="b6e4ba5e97a999bfce4e9bf4475022d183cbe1", 0x13, 0x3}], 0x0, &(0x7f0000000000)={[{@fat=@time_offset={'time_offset', 0x3d, 0xfffffffffffffc11}}]}) [ 2846.780280][T18838] FAULT_INJECTION: forcing a failure. [ 2846.780280][T18838] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 2846.790988][T18835] loop5: detected capacity change from 0 to 264192 [ 2846.793643][T18838] CPU: 0 PID: 18838 Comm: syz-executor.2 Not tainted 5.14.0-rc4-syzkaller #0 [ 2846.808868][T18838] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2846.818956][T18838] Call Trace: [ 2846.822227][T18838] dump_stack_lvl+0xb7/0x103 [ 2846.822538][T18835] FAT-fs (loop5): invalid media value (0xe1) [ 2846.826835][T18838] dump_stack+0x11/0x1a [ 2846.826854][T18838] should_fail+0x23c/0x250 [ 2846.832918][T18835] FAT-fs (loop5): Can't find a valid FAT filesystem [ 2846.837031][T18838] __alloc_pages+0x102/0x320 [ 2846.852562][T18838] alloc_pages_vma+0x513/0x680 [ 2846.857330][T18838] shmem_getpage_gfp+0x954/0x13d0 [ 2846.862363][T18838] shmem_write_begin+0x7e/0x100 [ 2846.867232][T18838] generic_perform_write+0x196/0x3c0 [ 2846.872513][T18838] ? shmem_write_begin+0x100/0x100 07:38:57 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xde030000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 07:38:57 executing program 4: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x10bc41, 0x0) write$nbd(r0, 0x0, 0x7fffffffffffffff) r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000040), 0x10000, 0x0) syz_open_pts(r1, 0x8040) 07:38:57 executing program 0: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, 0x0, 0xe7) write$nbd(r0, &(0x7f0000000080)={0x67446698, 0x0, 0x0, 0x0, 0x500}, 0x10) [ 2846.877613][T18838] __generic_file_write_iter+0x161/0x300 [ 2846.883284][T18838] ? generic_write_checks+0x242/0x290 [ 2846.888662][T18838] generic_file_write_iter+0x75/0x130 [ 2846.894144][T18838] vfs_write+0x69d/0x770 [ 2846.898376][T18838] ksys_write+0xce/0x180 [ 2846.902626][T18838] __x64_sys_write+0x3e/0x50 [ 2846.907275][T18838] do_syscall_64+0x3d/0x90 [ 2846.911685][T18838] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 2846.917613][T18838] RIP: 0033:0x4665e9 07:38:57 executing program 3: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xe7) write$nbd(r0, &(0x7f0000000200)=ANY=[@ANYBLOB="00040000001d040000000000000047519a514af9e77fd567fb13688e19a0cf80dcbe1cd28c502b116ae823d78dff4f21a4c7f65fbb548eafc15b53c9e0e102e91201338b27672fc80b2b0180d60be78555281d78d6aa5af636cc3baf5b99a7043e16752b948c006183a2ae67f1710359299e74acba69e0b58f0dcae1435efa93b4aea3781eac5dc800eb3d618bde9b6d298e380c5df2e82fa09ecd52a7910c22d1c9da8524af41207590900cc927687fd9ebc17c3941073950e79c691d271a409f0eda1122318c64c625159376ebc7aa7eba9751ad01b4d8b6c29863aa4d5cb96d5676d3f5ccb1b4721032c866604ae7e713541caef93bf360f262c1ff60cf14cfdd21ee047e924df35603e6014ff1381a8bb0a71b05f196cf28f6488e7df87e9081b28d847044e6f00b25009bb03173f405070ffd2f77587c213c14ad9f2f5e67228c6356ec156948f344fbbba58ffd3bc14b2d6a49da"], 0x10) [ 2846.921600][T18838] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2846.941209][T18838] RSP: 002b:00007fdb39a02188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2846.949649][T18838] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665e9 [ 2846.957632][T18838] RDX: 00000000fffffdef RSI: 0000000020000480 RDI: 0000000000000003 [ 2846.965601][T18838] RBP: 00007fdb39a021d0 R08: 0000000000000000 R09: 0000000000000000 07:38:57 executing program 3: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xe7) pipe(&(0x7f0000000000)={0xffffffffffffffff}) write$nbd(r1, &(0x7f00000001c0)={0x67446698, 0x80, 0x4, 0x4, 0x6, "d0b02781d806fcb869697214dca45b9541da58f849e6719c9ecccdc1be62663004e6af5d6f37d7f7000000000000786a8ead56a4bc596c6d83eb67a5d08badfc1e7f6f222f4244f3b8f0f080783e3b978258ae6dd1431b909f568b71f485e47057050000000000000079aefb15fbb153900557aee6cdbb82ee344c668e3029d3f4f32ea7ef396aac8a4be26a630902bc2f62f7565e8037451700000000080000000000c387b2deb222e75b1d5707ac9d51cc2d477463e143121dda334f7162ecba9a30ffdff48c36b7e6b076eca03ed45df739bf2b7d744792548782432fb142a4d3d500811858ff510afd14bb99b6a7212b68c13c72494b046317cf3ec22bba6d960a195ac0da9b8aa466a41ab73ada9ac3bf7a6ceae2b35863be847d1a51de99c2479d00000000fb58a4ac7bdf53b243b44bf1150c4b10f19138e12aa7d868"}, 0x150) 07:38:57 executing program 3: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xe7) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000000), &(0x7f0000000040)=0xc) write$nbd(r0, &(0x7f0000000080), 0x10) [ 2846.973569][T18838] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2846.981599][T18838] R13: 00007ffca9e2055f R14: 00007fdb39a02300 R15: 0000000000022000 07:38:57 executing program 2 (fault-call:1 fault-nth:30): r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xfffffdef) 07:38:57 executing program 4: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(r0, 0x4058534c, &(0x7f0000000000)={0x9, 0x5c, 0x1, 0x3, 0x1}) sendmsg$TEAM_CMD_OPTIONS_SET(r0, &(0x7f0000000100)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f00000000c0)={&(0x7f00000001c0)={0x17c, 0x0, 0x200, 0x70bd29, 0x25dfdbfd, {}, [{{0x8}, {0x160, 0x2, 0x0, 0x1, [{0x3c, 0x1, @user_linkup_enabled={{{0x24}, {0x5}, {0x4}}, {0x8}}}, {0x3c, 0x1, @user_linkup={{{0x24}, {0x5}, {0x4}}, {0x8}}}, {0x3c, 0x1, @user_linkup={{{0x24}, {0x5}, {0x4}}, {0x8}}}, {0x38, 0x1, @mcast_rejoin_interval={{0x24}, {0x5}, {0x8, 0x4, 0x7}}}, {0x38, 0x1, @mcast_rejoin_count={{0x24}, {0x5}, {0x8, 0x4, 0x7fffffff}}}, {0x38, 0x1, @mcast_rejoin_interval={{0x24}, {0x5}, {0x8, 0x4, 0x80}}}]}}]}, 0x17c}, 0x1, 0x0, 0x0, 0x4000000}, 0x40000) write$nbd(r0, 0x0, 0x7fffffffffffffff) 07:38:57 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xde040000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 07:38:58 executing program 0: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, 0x0, 0xe7) write$nbd(r0, &(0x7f0000000080)={0x67446698, 0x0, 0x0, 0x0, 0x604}, 0x10) [ 2847.058545][T18835] loop5: detected capacity change from 0 to 264192 [ 2847.083552][T18835] FAT-fs (loop5): invalid media value (0xe1) [ 2847.089588][T18835] FAT-fs (loop5): Can't find a valid FAT filesystem 07:38:58 executing program 3: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) r1 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) ioctl$KDSKBMODE(r1, 0x4b45, 0x0) write$nbd(r0, &(0x7f0000000000)=ANY=[], 0xe7) pidfd_open(0xffffffffffffffff, 0x0) pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) waitid$P_PIDFD(0x3, r2, &(0x7f0000000040), 0x2, &(0x7f00000001c0)) write$nbd(r0, &(0x7f00000000c0)={0x67446698, 0x4, 0x10, 0x200, 0x3, "804e4a5d5a36a686daf3b6ecae2913fa218e8efb70d3e2b7635be3900bb2c713c4e0ad24994253356a096f52fe4c4e8e0cf1ebb5438ee7006816dbda6cc5ebd0b982be7b0200007cdaad0be9200a234e3213f53314fabf7493460746aee191bb6d6055823ef49f4994238d7a218e00c2072493dbfc5be8b1977e9bd496211f71a04d"}, 0x92) [ 2847.154344][T18886] FAULT_INJECTION: forcing a failure. [ 2847.154344][T18886] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2847.167440][T18886] CPU: 0 PID: 18886 Comm: syz-executor.2 Not tainted 5.14.0-rc4-syzkaller #0 [ 2847.176202][T18886] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2847.186364][T18886] Call Trace: [ 2847.189638][T18886] dump_stack_lvl+0xb7/0x103 [ 2847.194251][T18886] dump_stack+0x11/0x1a [ 2847.198411][T18886] should_fail+0x23c/0x250 [ 2847.202828][T18886] should_fail_usercopy+0x16/0x20 [ 2847.207908][T18886] copy_page_from_iter_atomic+0x2c1/0xba0 [ 2847.213634][T18886] ? shmem_write_begin+0x7e/0x100 [ 2847.218725][T18886] generic_perform_write+0x1df/0x3c0 [ 2847.224015][T18886] ? shmem_write_begin+0x100/0x100 [ 2847.229134][T18886] __generic_file_write_iter+0x161/0x300 [ 2847.234771][T18886] ? generic_write_checks+0x242/0x290 [ 2847.240131][T18886] generic_file_write_iter+0x75/0x130 [ 2847.245491][T18886] vfs_write+0x69d/0x770 [ 2847.249772][T18886] ksys_write+0xce/0x180 [ 2847.254062][T18886] __x64_sys_write+0x3e/0x50 [ 2847.258629][T18886] do_syscall_64+0x3d/0x90 [ 2847.263027][T18886] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 2847.268903][T18886] RIP: 0033:0x4665e9 [ 2847.272772][T18886] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2847.292398][T18886] RSP: 002b:00007fdb39a02188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 07:38:58 executing program 5: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x0, 0x2, &(0x7f0000000440)=[{0x0, 0x0, 0x100000000}, {&(0x7f0000000400)="b6e4ba5e97a999bfce4e9bf447502cd183cbe1", 0x13, 0x3}], 0x0, &(0x7f0000000000)={[{@fat=@time_offset={'time_offset', 0x3d, 0xfffffffffffffc11}}]}) 07:38:58 executing program 0: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, 0x0, 0xe7) write$nbd(r0, &(0x7f0000000080)={0x67446698, 0x0, 0x0, 0x0, 0x3f00}, 0x10) 07:38:58 executing program 4: openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0xd2503, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x7fffffffffffffff) r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000700), 0x40000, 0x0) recvmsg$unix(r0, &(0x7f0000000b80)={&(0x7f0000000740), 0x6e, 0x0}, 0x0) io_uring_register$IORING_REGISTER_EVENTFD_ASYNC(0xffffffffffffffff, 0x7, &(0x7f0000000040)=r0, 0x1) 07:38:58 executing program 3: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xe7) r1 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) ioctl$KDSKBMODE(r1, 0x4b45, 0x0) ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000000)=0x88) write$nbd(r0, &(0x7f0000000080), 0x10) 07:38:58 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xdf000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 2847.300792][T18886] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665e9 [ 2847.308744][T18886] RDX: 00000000fffffdef RSI: 0000000020000480 RDI: 0000000000000003 [ 2847.316695][T18886] RBP: 00007fdb39a021d0 R08: 0000000000000000 R09: 0000000000000000 [ 2847.324648][T18886] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2847.332614][T18886] R13: 00007ffca9e2055f R14: 00007fdb39a02300 R15: 0000000000022000 07:38:58 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xdf010000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 07:38:58 executing program 4: ioctl$TIOCSSOFTCAR(0xffffffffffffffff, 0x541a, &(0x7f0000000000)=0x2) write$nbd(0xffffffffffffffff, 0x0, 0x7fffffffffffffff) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000040)) ioctl$KDGKBMETA(0xffffffffffffffff, 0x4b62, &(0x7f00000000c0)) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000080)) r0 = syz_open_pts(0xffffffffffffffff, 0x8a00) syz_open_pts(r0, 0x400400) syz_open_dev$tty20(0xc, 0x4, 0x1) [ 2847.412829][T18911] loop5: detected capacity change from 0 to 264192 [ 2847.422645][T18911] FAT-fs (loop5): invalid media value (0xe1) [ 2847.428734][T18911] FAT-fs (loop5): Can't find a valid FAT filesystem 07:38:58 executing program 2 (fault-call:1 fault-nth:31): r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xfffffdef) 07:38:58 executing program 5: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x0, 0x2, &(0x7f0000000440)=[{0x0, 0x0, 0x100000000}, {&(0x7f0000000400)="b6e4ba5e97a999bfce4e9bf4475031d183cb10", 0x13, 0x3}], 0x0, &(0x7f0000000000)={[{@fat=@time_offset={'time_offset', 0x3d, 0xfffffffffffffc11}}]}) 07:38:58 executing program 3: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) r1 = fork() r2 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000700), 0x40000, 0x0) recvmsg$unix(r2, &(0x7f0000000b80)={&(0x7f0000000740), 0x6e, 0x0}, 0x0) perf_event_open(&(0x7f0000000000)={0x4, 0xc2, 0x81, 0x81, 0xf7, 0x0, 0x0, 0x4, 0x10000, 0x8, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x2, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x6, 0x7, @perf_config_ext={0x4, 0x6}, 0x1000, 0x4, 0xae, 0x9, 0x3, 0xe56b, 0x1, 0x0, 0x6, 0x0, 0x6}, r1, 0x1, r2, 0x1) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xe7) 07:38:58 executing program 0: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, 0x0, 0xe7) write$nbd(r0, &(0x7f0000000080)={0x67446698, 0x0, 0x0, 0x0, 0x4000}, 0x10) 07:38:58 executing program 4: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, 0x0, 0x7fffffffffffffff) ioctl$SECCOMP_IOCTL_NOTIF_ID_VALID(r0, 0x40082102, &(0x7f0000000000)) 07:38:58 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xdf020000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 07:38:58 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xdf030000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 07:38:58 executing program 4: openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x4d0501, 0x0) r0 = socket(0x18, 0x80b, 0x81) r1 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000040), 0x40, 0x0) write$nbd(r0, 0x0, 0x7fffffffffffffff) recvmsg$unix(r1, &(0x7f0000002400)={&(0x7f0000000080), 0x6e, &(0x7f0000002200)=[{&(0x7f0000000100)=""/56, 0x38}, {&(0x7f0000000140)=""/4096, 0x1000}, {&(0x7f0000001140)=""/100, 0x64}, {&(0x7f00000011c0)=""/4096, 0x1000}, {&(0x7f00000021c0)=""/7, 0x7}], 0x5, &(0x7f0000002280)=[@rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}, @rights={{0x38, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}, @cred={{0x1c}}, @rights={{0x38, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x30, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @cred={{0x1c}}, @rights={{0x1c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x20, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}], 0x170}, 0x40000000) ioctl$SNDRV_SEQ_IOCTL_GET_CLIENT_INFO(r2, 0xc0bc5310, &(0x7f0000002440)) [ 2847.605226][T18939] FAULT_INJECTION: forcing a failure. [ 2847.605226][T18939] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 2847.618605][T18939] CPU: 0 PID: 18939 Comm: syz-executor.2 Not tainted 5.14.0-rc4-syzkaller #0 [ 2847.627366][T18939] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2847.637486][T18939] Call Trace: [ 2847.640758][T18939] dump_stack_lvl+0xb7/0x103 [ 2847.645351][T18939] dump_stack+0x11/0x1a [ 2847.649506][T18939] should_fail+0x23c/0x250 07:38:58 executing program 4: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, 0x0, 0x7fffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TEAM_CMD_NOOP(r1, &(0x7f00000031c0)={&(0x7f0000002c40)={0x10, 0x0, 0x0, 0x8800200}, 0xc, &(0x7f0000003180)={&(0x7f0000000240)=ANY=[@ANYBLOB="1400003cc256287c0033575b4ac0b74a2bc18d58c0f028b73080eff6e3956c5cb3c5", @ANYRES16=0x0, @ANYBLOB="0000000000000000000000000500"], 0x14}}, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc) setsockopt$netlink_NETLINK_TX_RING(0xffffffffffffffff, 0x10e, 0x7, &(0x7f0000000040)={0x3, 0x8, 0x10001, 0x297c5b80}, 0x10) r2 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000200), 0x58004, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TEMPO(r2, 0xc02c5341, &(0x7f0000000080)) setsockopt$netlink_NETLINK_DROP_MEMBERSHIP(r0, 0x10e, 0x2, &(0x7f0000000000)=0xd, 0x4) [ 2847.653945][T18939] __alloc_pages+0x102/0x320 [ 2847.658528][T18939] alloc_pages_vma+0x513/0x680 [ 2847.663288][T18939] shmem_getpage_gfp+0x954/0x13d0 [ 2847.668374][T18939] shmem_write_begin+0x7e/0x100 [ 2847.673219][T18939] generic_perform_write+0x196/0x3c0 [ 2847.678497][T18939] ? shmem_write_begin+0x100/0x100 [ 2847.683604][T18939] __generic_file_write_iter+0x161/0x300 [ 2847.689271][T18939] ? generic_write_checks+0x242/0x290 [ 2847.691574][T18942] loop5: detected capacity change from 0 to 264192 07:38:58 executing program 3: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xe7) r1 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000002c0), 0x4f8f41, 0x0) ioctl$KDSKBMODE(r1, 0x4b45, 0x0) ioctl$TIOCMBIC(r1, 0x5417, &(0x7f0000000000)=0x80000000) pipe(&(0x7f00000000c0)={0xffffffffffffffff}) ioctl$TIOCL_UNBLANKSCREEN(r2, 0x541c, &(0x7f0000000100)) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000040), 0x20000, 0x0) write$nbd(r0, &(0x7f0000000080), 0x10) [ 2847.694637][T18939] generic_file_write_iter+0x75/0x130 [ 2847.694664][T18939] vfs_write+0x69d/0x770 [ 2847.710726][T18939] ksys_write+0xce/0x180 [ 2847.715049][T18939] __x64_sys_write+0x3e/0x50 [ 2847.715871][T18942] FAT-fs (loop5): invalid media value (0x10) [ 2847.719639][T18939] do_syscall_64+0x3d/0x90 [ 2847.719669][T18939] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 2847.719691][T18939] RIP: 0033:0x4665e9 [ 2847.725653][T18942] FAT-fs (loop5): Can't find a valid FAT filesystem 07:38:58 executing program 0: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, 0x0, 0xe7) write$nbd(r0, &(0x7f0000000080)={0x67446698, 0x0, 0x0, 0x0, 0x8008}, 0x10) [ 2847.730042][T18939] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2847.730060][T18939] RSP: 002b:00007fdb39a02188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2847.774509][T18939] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665e9 [ 2847.782533][T18939] RDX: 00000000fffffdef RSI: 0000000020000480 RDI: 0000000000000003 [ 2847.790502][T18939] RBP: 00007fdb39a021d0 R08: 0000000000000000 R09: 0000000000000000 [ 2847.798469][T18939] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 07:38:58 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xdf040000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 07:38:58 executing program 2 (fault-call:1 fault-nth:32): r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xfffffdef) [ 2847.806437][T18939] R13: 00007ffca9e2055f R14: 00007fdb39a02300 R15: 0000000000022000 [ 2847.851896][T18942] loop5: detected capacity change from 0 to 264192 [ 2847.868225][T18942] FAT-fs (loop5): invalid media value (0x10) [ 2847.874284][T18942] FAT-fs (loop5): Can't find a valid FAT filesystem [ 2847.919441][T18977] FAULT_INJECTION: forcing a failure. [ 2847.919441][T18977] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2847.932512][T18977] CPU: 0 PID: 18977 Comm: syz-executor.2 Not tainted 5.14.0-rc4-syzkaller #0 [ 2847.941304][T18977] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2847.951453][T18977] Call Trace: [ 2847.954783][T18977] dump_stack_lvl+0xb7/0x103 [ 2847.959355][T18977] dump_stack+0x11/0x1a [ 2847.963523][T18977] should_fail+0x23c/0x250 [ 2847.967923][T18977] should_fail_usercopy+0x16/0x20 [ 2847.972986][T18977] copy_page_from_iter_atomic+0x2c1/0xba0 [ 2847.978735][T18977] ? shmem_write_begin+0x7e/0x100 [ 2847.983735][T18977] generic_perform_write+0x1df/0x3c0 [ 2847.989000][T18977] ? shmem_write_begin+0x100/0x100 [ 2847.994160][T18977] __generic_file_write_iter+0x161/0x300 [ 2847.999823][T18977] ? generic_write_checks+0x242/0x290 [ 2848.005172][T18977] generic_file_write_iter+0x75/0x130 [ 2848.010535][T18977] vfs_write+0x69d/0x770 [ 2848.014760][T18977] ksys_write+0xce/0x180 [ 2848.018983][T18977] __x64_sys_write+0x3e/0x50 [ 2848.023548][T18977] do_syscall_64+0x3d/0x90 [ 2848.027960][T18977] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 2848.033884][T18977] RIP: 0033:0x4665e9 [ 2848.037777][T18977] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2848.057360][T18977] RSP: 002b:00007fdb39a02188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 07:38:59 executing program 5: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x0, 0x2, &(0x7f0000000440)=[{0x0, 0x0, 0x100000000}, {&(0x7f0000000400)="b6e4ba5e97a999bfce4e9bf4475031d183cbe1", 0x13, 0x2}], 0x0, &(0x7f0000000000)={[{@fat=@time_offset={'time_offset', 0x3d, 0xfffffffffffffc11}}]}) 07:38:59 executing program 3: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xe7) openat$vcsa(0xffffffffffffff9c, &(0x7f0000000000), 0x400, 0x0) write$nbd(r0, &(0x7f0000000080), 0x10) 07:38:59 executing program 4: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x4f2602, 0x0) ioctl$TIOCGPGRP(r0, 0x540f, &(0x7f0000000040)=0x0) getpgrp(r1) write$nbd(r0, 0x0, 0x7fffffffffffffff) 07:38:59 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe0000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 07:38:59 executing program 0: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, 0x0, 0xe7) write$nbd(r0, &(0x7f0000000080)={0x67446698, 0x0, 0x0, 0x0, 0x100000}, 0x10) [ 2848.065753][T18977] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665e9 [ 2848.073796][T18977] RDX: 00000000fffffdef RSI: 0000000020000480 RDI: 0000000000000003 [ 2848.081752][T18977] RBP: 00007fdb39a021d0 R08: 0000000000000000 R09: 0000000000000000 [ 2848.089734][T18977] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2848.097686][T18977] R13: 00007ffca9e2055f R14: 00007fdb39a02300 R15: 0000000000022000 07:38:59 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe0010000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 07:38:59 executing program 4: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000040), 0x22002, 0x0) sendmsg$BATADV_CMD_GET_DAT_CACHE(r0, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x34, 0x0, 0x300, 0x70bd27, 0x25dfdbff, {}, [@BATADV_ATTR_MULTICAST_FORCEFLOOD_ENABLED={0x5, 0x37, 0x1}, @BATADV_ATTR_FRAGMENTATION_ENABLED={0x5, 0x30, 0x1}, @BATADV_ATTR_AGGREGATED_OGMS_ENABLED={0x5}, @BATADV_ATTR_FRAGMENTATION_ENABLED={0x5}]}, 0x34}, 0x1, 0x0, 0x0, 0x8802}, 0x40000) write$nbd(r0, 0x0, 0x7fffffffffffffff) 07:38:59 executing program 3: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xe7) write$nbd(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="6744629800"/16], 0x10) [ 2848.161788][T18989] loop5: detected capacity change from 0 to 264192 [ 2848.190941][T18989] FAT-fs (loop5): invalid media value (0x00) [ 2848.196957][T18989] FAT-fs (loop5): Can't find a valid FAT filesystem 07:38:59 executing program 0: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, 0x0, 0xe7) write$nbd(r0, &(0x7f0000000080)={0x67446698, 0x0, 0x0, 0x0, 0x1000000}, 0x10) 07:38:59 executing program 5: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x0, 0x2, &(0x7f0000000440)=[{0x0, 0x0, 0x100000000}, {&(0x7f0000000400)="b6e4ba5e97a999bfce4e9bf4475031d183cbe1", 0x13, 0x4}], 0x0, &(0x7f0000000000)={[{@fat=@time_offset={'time_offset', 0x3d, 0xfffffffffffffc11}}]}) 07:38:59 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe0020000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 07:38:59 executing program 2 (fault-call:1 fault-nth:33): r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xfffffdef) 07:38:59 executing program 4: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, 0x0, 0x7fffffffffffffff) statx(r0, &(0x7f0000000000)='./file0\x00', 0x2000, 0x400, &(0x7f0000000040)) 07:38:59 executing program 0: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, 0x0, 0xe7) write$nbd(r0, &(0x7f0000000080)={0x67446698, 0x0, 0x0, 0x0, 0x2000000}, 0x10) 07:38:59 executing program 3: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xe7) ioctl$SNDRV_SEQ_IOCTL_DELETE_PORT(r0, 0x40a85321, &(0x7f00000000c0)={{0x1, 0x4}, 'port0\x00', 0x10, 0x60802, 0x9, 0x9, 0x4fb, 0x1, 0xcf6, 0x0, 0x0, 0x8}) write$nbd(r0, &(0x7f0000000080), 0x10) [ 2848.332329][T19015] loop5: detected capacity change from 0 to 264192 [ 2848.368279][T19015] FAT-fs (loop5): invalid media value (0xcb) [ 2848.374420][T19015] FAT-fs (loop5): Can't find a valid FAT filesystem 07:38:59 executing program 4: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, 0x0, 0x7fffffffffffffff) getresuid(&(0x7f0000000000), &(0x7f0000000040), &(0x7f0000000080)) [ 2848.413337][T19034] FAULT_INJECTION: forcing a failure. [ 2848.413337][T19034] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 2848.426599][T19034] CPU: 1 PID: 19034 Comm: syz-executor.2 Not tainted 5.14.0-rc4-syzkaller #0 [ 2848.435353][T19034] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2848.445412][T19034] Call Trace: [ 2848.448681][T19034] dump_stack_lvl+0xb7/0x103 [ 2848.453705][T19034] dump_stack+0x11/0x1a [ 2848.457924][T19034] should_fail+0x23c/0x250 [ 2848.462348][T19034] __alloc_pages+0x102/0x320 [ 2848.466932][T19034] alloc_pages_vma+0x513/0x680 [ 2848.471707][T19034] shmem_getpage_gfp+0x954/0x13d0 [ 2848.476813][T19034] shmem_write_begin+0x7e/0x100 [ 2848.481663][T19034] generic_perform_write+0x196/0x3c0 [ 2848.486962][T19034] ? shmem_write_begin+0x100/0x100 [ 2848.492202][T19034] __generic_file_write_iter+0x161/0x300 [ 2848.497874][T19034] ? generic_write_checks+0x242/0x290 [ 2848.503257][T19034] generic_file_write_iter+0x75/0x130 [ 2848.508633][T19034] vfs_write+0x69d/0x770 07:38:59 executing program 5: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x0, 0x2, &(0x7f0000000440)=[{0x0, 0x0, 0x100000000}, {&(0x7f0000000400)="b6e4ba5e97a999bfce4e9bf4475031d183cbe1", 0x13, 0x5}], 0x0, &(0x7f0000000000)={[{@fat=@time_offset={'time_offset', 0x3d, 0xfffffffffffffc11}}]}) 07:38:59 executing program 0: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, 0x0, 0xe7) write$nbd(r0, &(0x7f0000000080)={0x67446698, 0x0, 0x0, 0x0, 0x2040000}, 0x10) [ 2848.512869][T19034] ksys_write+0xce/0x180 [ 2848.517101][T19034] __x64_sys_write+0x3e/0x50 [ 2848.521690][T19034] do_syscall_64+0x3d/0x90 [ 2848.526099][T19034] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 2848.531992][T19034] RIP: 0033:0x4665e9 [ 2848.535877][T19034] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2848.555502][T19034] RSP: 002b:00007fdb39a02188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 07:38:59 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe0030000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 07:38:59 executing program 3: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000700), 0x40000, 0x0) recvmsg$unix(r1, &(0x7f0000000b80)={&(0x7f0000000740), 0x6e, 0x0}, 0x0) r2 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) ioctl$KDSKBMODE(r2, 0x4b45, 0x0) r3 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000700), 0x40000, 0x0) recvmsg$unix(r3, &(0x7f0000000b80)={&(0x7f0000000740), 0x6e, 0x0}, 0x0) r4 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) ioctl$KDSKBMODE(r4, 0x4b45, 0x0) r5 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) ioctl$KDSKBMODE(r5, 0x4b45, 0x0) write$nbd(r3, &(0x7f0000000000)=ANY=[@ANYRESHEX=r3, @ANYRES32, @ANYRES16=r4, @ANYRES16=r2, @ANYRES64=r2, @ANYRES16=r5], 0xe7) write$nbd(r0, &(0x7f0000000080), 0x10) [ 2848.563914][T19034] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665e9 [ 2848.571903][T19034] RDX: 00000000fffffdef RSI: 0000000020000480 RDI: 0000000000000003 [ 2848.579912][T19034] RBP: 00007fdb39a021d0 R08: 0000000000000000 R09: 0000000000000000 [ 2848.587880][T19034] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2848.595847][T19034] R13: 00007ffca9e2055f R14: 00007fdb39a02300 R15: 0000000000022000 07:38:59 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe0040000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 07:38:59 executing program 0: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, 0x0, 0xe7) write$nbd(r0, &(0x7f0000000080)={0x67446698, 0x0, 0x0, 0x0, 0x3000000}, 0x10) 07:38:59 executing program 3: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xe7) write$nbd(r0, &(0x7f0000000080), 0x10) r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000700), 0x40000, 0x0) recvmsg$unix(r1, &(0x7f0000000b80)={&(0x7f0000000740), 0x6e, 0x0}, 0x0) recvmsg$unix(r1, &(0x7f0000000140)={&(0x7f0000000000), 0x6e, &(0x7f00000000c0)=[{&(0x7f00000001c0)=""/249, 0xf9}], 0x1, &(0x7f0000000100)=[@rights={{0x20, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}], 0x20}, 0x40000000) [ 2848.623460][T19048] loop5: detected capacity change from 0 to 264192 [ 2848.658729][T19048] FAT-fs (loop5): invalid media value (0x83) [ 2848.664833][T19048] FAT-fs (loop5): Can't find a valid FAT filesystem 07:38:59 executing program 2 (fault-call:1 fault-nth:34): r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xfffffdef) 07:38:59 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe1000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 07:38:59 executing program 0: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, 0x0, 0xe7) write$nbd(r0, &(0x7f0000000080)={0x67446698, 0x0, 0x0, 0x0, 0x4000000}, 0x10) 07:38:59 executing program 5: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x0, 0x2, &(0x7f0000000440)=[{0x0, 0x0, 0x100000000}, {&(0x7f0000000400)="b6e4ba5e97a999bfce4e9bf4475031d183cbe1", 0x13, 0x6}], 0x0, &(0x7f0000000000)={[{@fat=@time_offset={'time_offset', 0x3d, 0xfffffffffffffc11}}]}) 07:38:59 executing program 3: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xe7) write$nbd(r0, &(0x7f0000000000)={0x67446698, 0x0, 0x0, 0x0, 0x0, "e984341897e791563a1cf0386348b9d9634d3f8272b1ec35ae29b67a2dd44ad0889c36a0f7226640def3166e17524b0448b62a6241c0cb7f2268213fa613d41e429d91ea5b23afedb3195e109e601d8f982500243ffd61d1a7b8169cf606c09fe98582fdeac696cb3bf7a4ed72ffa5f3fb6b4ece3b"}, 0x85) ioctl$KDGKBMETA(r0, 0x4b62, &(0x7f00000000c0)) 07:38:59 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TEAM_CMD_NOOP(r0, &(0x7f00000031c0)={&(0x7f0000002c40)={0x10, 0x0, 0x0, 0x8800200}, 0xc, &(0x7f0000003180)={&(0x7f0000000200)={0x14}, 0x14}}, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f0000000040)) ioctl$sock_ipv6_tunnel_SIOCCHGPRL(0xffffffffffffffff, 0x89f7, &(0x7f0000000100)={'sit0\x00', &(0x7f0000000080)={'syztnl2\x00', 0x0, 0x29, 0x7f, 0x1, 0x1, 0x2, @dev={0xfe, 0x80, '\x00', 0x3e}, @mcast2, 0x20, 0x700, 0x8000, 0x5}}) sendmsg$TEAM_CMD_PORT_LIST_GET(r0, &(0x7f0000000840)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000140)={&(0x7f00000001c0)={0x66c, 0x0, 0x20, 0x70bd23, 0x25dfdbfd}, 0x66c}, 0x1, 0x0, 0x0, 0xc080}, 0x20000050) r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r1, 0x0, 0x7fffffffffffffff) r2 = pidfd_getfd(r1, r1, 0x0) r3 = syz_genetlink_get_family_id$batadv(&(0x7f00000008c0), r0) ioctl$SNDRV_SEQ_IOCTL_QUERY_NEXT_PORT(r1, 0xc0a85352, &(0x7f0000000240)={{0x2}, 'port1\x00', 0x4, 0x21000, 0x0, 0x277, 0x5c, 0x8, 0x8, 0x0, 0x2, 0x8}) sendmsg$BATADV_CMD_GET_MESH(r2, &(0x7f0000000980)={&(0x7f0000000880)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000940)={&(0x7f0000000900)={0x1c, r3, 0x100, 0x70bd2b, 0x25dfdbfb, {}, [@BATADV_ATTR_NETWORK_CODING_ENABLED={0x5}]}, 0x1c}, 0x1, 0x0, 0x0, 0x8004}, 0x0) 07:38:59 executing program 3: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xe7) write$nbd(r0, &(0x7f0000000080), 0x10) [ 2848.810419][T19079] loop5: detected capacity change from 0 to 264192 [ 2848.839026][T19079] FAT-fs (loop5): invalid media value (0xd1) [ 2848.845043][T19079] FAT-fs (loop5): Can't find a valid FAT filesystem [ 2848.852779][T19090] FAULT_INJECTION: forcing a failure. 07:38:59 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe1010000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 2848.852779][T19090] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2848.865992][T19090] CPU: 1 PID: 19090 Comm: syz-executor.2 Not tainted 5.14.0-rc4-syzkaller #0 [ 2848.874749][T19090] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2848.884822][T19090] Call Trace: [ 2848.888150][T19090] dump_stack_lvl+0xb7/0x103 [ 2848.892735][T19090] dump_stack+0x11/0x1a [ 2848.896963][T19090] should_fail+0x23c/0x250 [ 2848.901374][T19090] should_fail_usercopy+0x16/0x20 07:38:59 executing program 0: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, 0x0, 0xe7) write$nbd(r0, &(0x7f0000000080)={0x67446698, 0x0, 0x0, 0x0, 0x5000000}, 0x10) [ 2848.906399][T19090] copy_page_from_iter_atomic+0x2c1/0xba0 [ 2848.912121][T19090] ? shmem_write_begin+0x7e/0x100 [ 2848.917187][T19090] generic_perform_write+0x1df/0x3c0 [ 2848.922466][T19090] ? shmem_write_begin+0x100/0x100 [ 2848.927572][T19090] __generic_file_write_iter+0x161/0x300 [ 2848.933202][T19090] ? generic_write_checks+0x242/0x290 [ 2848.938568][T19090] generic_file_write_iter+0x75/0x130 [ 2848.943938][T19090] vfs_write+0x69d/0x770 [ 2848.948178][T19090] ksys_write+0xce/0x180 [ 2848.952416][T19090] __x64_sys_write+0x3e/0x50 07:38:59 executing program 3: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xe7) write$nbd(r0, &(0x7f0000000080), 0x10) r1 = syz_genetlink_get_family_id$batadv(&(0x7f0000000040), r0) sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x24, r1, 0x200, 0x70bd27, 0x25dfdbfd, {}, [@BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5, 0x2e, 0x1}, @BATADV_ATTR_MULTICAST_FANOUT={0x8, 0x3c, 0x4}]}, 0x24}, 0x1, 0x0, 0x0, 0x4000}, 0x1) 07:38:59 executing program 0: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, 0x0, 0xe7) write$nbd(r0, &(0x7f0000000080)={0x67446698, 0x0, 0x0, 0x0, 0x6040000}, 0x10) [ 2848.957157][T19090] do_syscall_64+0x3d/0x90 [ 2848.961568][T19090] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 2848.967533][T19090] RIP: 0033:0x4665e9 [ 2848.971450][T19090] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2848.991093][T19090] RSP: 002b:00007fdb39a02188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2848.999531][T19090] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665e9 [ 2849.007568][T19090] RDX: 00000000fffffdef RSI: 0000000020000480 RDI: 0000000000000003 [ 2849.015532][T19090] RBP: 00007fdb39a021d0 R08: 0000000000000000 R09: 0000000000000000 [ 2849.023499][T19090] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2849.031464][T19090] R13: 00007ffca9e2055f R14: 00007fdb39a02300 R15: 0000000000022000 07:38:59 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe1020000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 2849.060559][T19079] loop5: detected capacity change from 0 to 264192 [ 2849.073393][T19079] FAT-fs (loop5): invalid media value (0xd1) [ 2849.079423][T19079] FAT-fs (loop5): Can't find a valid FAT filesystem 07:39:00 executing program 2 (fault-call:1 fault-nth:35): r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xfffffdef) 07:39:00 executing program 0: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, 0x0, 0xe7) write$nbd(r0, &(0x7f0000000080)={0x67446698, 0x0, 0x0, 0x0, 0x8000000}, 0x10) 07:39:00 executing program 4: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) r1 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000040), 0x6400, 0x0) syz_open_pts(r1, 0x240000) ioctl$TIOCMBIC(r1, 0x5417, &(0x7f0000000080)) r2 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) ioctl$KDSKBMODE(r2, 0x4b45, 0x0) r3 = syz_open_dev$tty20(0xc, 0x4, 0x1) ioctl$KDGKBMETA(r3, 0x4b62, &(0x7f00000000c0)) write$nbd(r0, 0x0, 0x7fffffffffffffff) 07:39:00 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe1030000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 07:39:00 executing program 3: recvmsg$unix(0xffffffffffffffff, &(0x7f0000000b80)={&(0x7f0000000740), 0x6e, 0x0}, 0x0) getsockname$packet(0xffffffffffffffff, &(0x7f0000000500)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @multicast}, &(0x7f0000000540)=0x14) r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r1, &(0x7f0000000480)=ANY=[], 0xe7) write$nbd(r1, &(0x7f0000000080), 0x10) r2 = ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x9) ioctl$TIOCL_UNBLANKSCREEN(r2, 0x541c, &(0x7f0000000040)) pipe(&(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$TIOCMSET(r4, 0x5418, &(0x7f0000000440)=0x1fb) r5 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TEAM_CMD_NOOP(r5, &(0x7f00000031c0)={&(0x7f0000002c40)={0x10, 0x0, 0x0, 0x8800200}, 0xc, &(0x7f0000003180)={&(0x7f0000002e80)=ANY=[@ANYBLOB="14000000", @ANYRES16=0x0, @ANYBLOB="0000000600"/14], 0x14}}, 0x0) r6 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f00000004c0), r6) write$nbd(r3, &(0x7f0000000480)={0x67446698, 0x0, 0x0, 0x2, 0x1}, 0x10) ioctl$ifreq_SIOCGIFINDEX_team(r5, 0x8933, &(0x7f0000000000)={'team0\x00', 0x0}) pipe(&(0x7f00000000c0)={0xffffffffffffffff}) r9 = openat$vcsa(0xffffffffffffff9c, &(0x7f0000001740), 0x420081, 0x0) r10 = syz_genetlink_get_family_id$team(&(0x7f0000000140), r9) ioctl$sock_ipv6_tunnel_SIOCCHGPRL(r1, 0x89f7, &(0x7f0000000240)={'ip6tnl0\x00', &(0x7f00000001c0)={'ip6_vti0\x00', r7, 0x29, 0x41, 0x4, 0x5, 0x2d, @private2, @local, 0x8, 0x1, 0xffffe000, 0x59}}) sendmsg$TEAM_CMD_NOOP(r8, &(0x7f00000003c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000380)={&(0x7f0000000580)={0xd0, r10, 0x4, 0x70bd29, 0x25dfdbfe, {}, [{{0x8, 0x1, r7}, {0xb4, 0x2, 0x0, 0x1, [{0x38, 0x1, @notify_peers_count={{0x24}, {0x5}, {0x8, 0x4, 0x9}}}, {0x40, 0x1, @queue_id={{{0x24}, {0x5}, {0x30, 0x4, 0x3f}}, {0x8, 0x6, r0}}}, {0x38, 0x1, @queue_id={{{}, {}, {0x0, 0x4, 0x2}}, {0x0, 0x6, r11}}}]}}]}, 0xd0}, 0x1, 0x0, 0x0, 0x4090}, 0x4090) 07:39:00 executing program 5: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x0, 0x2, &(0x7f0000000440)=[{0x0, 0x0, 0x100000000}, {&(0x7f0000000400)="b6e4ba5e97a999bfce4e9bf4475031d183cbe1", 0x13, 0x7}], 0x0, &(0x7f0000000000)={[{@fat=@time_offset={'time_offset', 0x3d, 0xfffffffffffffc11}}]}) 07:39:00 executing program 4: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x2003) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r1, 0xc0305302, &(0x7f0000000040)={0x28, 0x2, 0x6, 0xb0, 0x0, 0x1000}) write$nbd(r0, 0x0, 0x7fffffffffffffff) 07:39:00 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe1040000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 2849.297856][T19138] loop5: detected capacity change from 0 to 264192 [ 2849.302698][T19141] FAULT_INJECTION: forcing a failure. [ 2849.302698][T19141] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 2849.317701][T19141] CPU: 1 PID: 19141 Comm: syz-executor.2 Not tainted 5.14.0-rc4-syzkaller #0 [ 2849.326454][T19141] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2849.326789][T19138] FAT-fs (loop5): invalid media value (0x31) [ 2849.336510][T19141] Call Trace: 07:39:00 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe2000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 2849.336520][T19141] dump_stack_lvl+0xb7/0x103 [ 2849.342525][T19138] FAT-fs (loop5): Can't find a valid FAT filesystem [ 2849.345767][T19141] dump_stack+0x11/0x1a [ 2849.361072][T19141] should_fail+0x23c/0x250 [ 2849.365584][T19141] __alloc_pages+0x102/0x320 [ 2849.370229][T19141] alloc_pages_vma+0x513/0x680 [ 2849.375023][T19141] shmem_getpage_gfp+0x954/0x13d0 [ 2849.380101][T19141] shmem_write_begin+0x7e/0x100 [ 2849.384947][T19141] generic_perform_write+0x196/0x3c0 [ 2849.390242][T19141] ? shmem_write_begin+0x100/0x100 07:39:00 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe2010000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 07:39:00 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe2020000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 2849.395358][T19141] __generic_file_write_iter+0x161/0x300 [ 2849.401083][T19141] ? generic_write_checks+0x242/0x290 [ 2849.406452][T19141] generic_file_write_iter+0x75/0x130 [ 2849.411828][T19141] vfs_write+0x69d/0x770 [ 2849.416070][T19141] ksys_write+0xce/0x180 [ 2849.420308][T19141] __x64_sys_write+0x3e/0x50 [ 2849.424969][T19141] do_syscall_64+0x3d/0x90 [ 2849.429378][T19141] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 2849.435436][T19141] RIP: 0033:0x4665e9 07:39:00 executing program 0: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, 0x0, 0xe7) write$nbd(r0, &(0x7f0000000080)={0x67446698, 0x0, 0x0, 0x0, 0x8800000}, 0x10) [ 2849.439318][T19141] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2849.458974][T19141] RSP: 002b:00007fdb39a02188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2849.467381][T19141] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665e9 [ 2849.475345][T19141] RDX: 00000000fffffdef RSI: 0000000020000480 RDI: 0000000000000003 [ 2849.483315][T19141] RBP: 00007fdb39a021d0 R08: 0000000000000000 R09: 0000000000000000 [ 2849.491286][T19141] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2849.499269][T19141] R13: 00007ffca9e2055f R14: 00007fdb39a02300 R15: 0000000000022000 07:39:00 executing program 2 (fault-call:1 fault-nth:36): r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xfffffdef) 07:39:00 executing program 4: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000700), 0x40000, 0x0) recvmsg$unix(r1, &(0x7f0000000b80)={&(0x7f0000000740), 0x6e, 0x0}, 0x0) ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(r1, 0x80045301, &(0x7f0000000000)) write$nbd(r0, 0x0, 0x7fffffffffffffff) 07:39:00 executing program 3: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xe7) r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000700), 0xb0201, 0x0) recvmsg$unix(r1, &(0x7f0000000b80)={&(0x7f0000000740), 0x6e, 0x0}, 0x0) io_uring_register$IORING_UNREGISTER_FILES(r1, 0x3, 0x0, 0x0) write$nbd(r0, &(0x7f0000000000)={0x67446698, 0x3, 0x0, 0x0, 0x0, "4280dab3f846da5ac8ea6446a1b0001341cb1caf8778ba"}, 0x27) 07:39:00 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe2030000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 07:39:00 executing program 0: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, 0x0, 0xe7) write$nbd(r0, &(0x7f0000000080)={0x67446698, 0x0, 0x0, 0x0, 0x10000000}, 0x10) [ 2849.547131][T19138] loop5: detected capacity change from 0 to 264192 [ 2849.554227][T19138] FAT-fs (loop5): invalid media value (0x31) [ 2849.560253][T19138] FAT-fs (loop5): Can't find a valid FAT filesystem [ 2849.599471][T19191] FAULT_INJECTION: forcing a failure. [ 2849.599471][T19191] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2849.612759][T19191] CPU: 0 PID: 19191 Comm: syz-executor.2 Not tainted 5.14.0-rc4-syzkaller #0 [ 2849.621591][T19191] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2849.631643][T19191] Call Trace: [ 2849.634923][T19191] dump_stack_lvl+0xb7/0x103 [ 2849.639512][T19191] dump_stack+0x11/0x1a [ 2849.643667][T19191] should_fail+0x23c/0x250 [ 2849.648097][T19191] should_fail_usercopy+0x16/0x20 [ 2849.653137][T19191] copy_page_from_iter_atomic+0x2c1/0xba0 [ 2849.658889][T19191] ? shmem_write_begin+0x7e/0x100 [ 2849.663908][T19191] generic_perform_write+0x1df/0x3c0 [ 2849.669246][T19191] ? shmem_write_begin+0x100/0x100 [ 2849.674353][T19191] __generic_file_write_iter+0x161/0x300 [ 2849.680062][T19191] ? generic_write_checks+0x242/0x290 [ 2849.685434][T19191] generic_file_write_iter+0x75/0x130 [ 2849.690850][T19191] vfs_write+0x69d/0x770 [ 2849.695234][T19191] ksys_write+0xce/0x180 [ 2849.699475][T19191] __x64_sys_write+0x3e/0x50 [ 2849.704152][T19191] do_syscall_64+0x3d/0x90 [ 2849.708591][T19191] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 2849.714468][T19191] RIP: 0033:0x4665e9 [ 2849.718472][T19191] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2849.738487][T19191] RSP: 002b:00007fdb39a02188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 07:39:00 executing program 5: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x0, 0x2, &(0x7f0000000440)=[{0x0, 0x0, 0x100000000}, {&(0x7f0000000400)="b6e4ba5e97a999bfce4e9bf4475031d183cbe1", 0x13, 0x8}], 0x0, &(0x7f0000000000)={[{@fat=@time_offset={'time_offset', 0x3d, 0xfffffffffffffc11}}]}) 07:39:00 executing program 3: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xe7) r1 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) ioctl$TCSETSW2(r1, 0x402c542c, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, "d9ec0d70e8f47617362ad8767f42bccdba5b33"}) write$nbd(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="e3a0a054674466980000000000000000"], 0x10) 07:39:00 executing program 0: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, 0x0, 0xe7) write$nbd(r0, &(0x7f0000000080)={0x67446698, 0x0, 0x0, 0x0, 0x3f000000}, 0x10) 07:39:00 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe2040000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 07:39:00 executing program 4: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0xc0141, 0x0) write$nbd(r0, 0x0, 0x7fffffffffffffff) [ 2849.746901][T19191] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665e9 [ 2849.754868][T19191] RDX: 00000000fffffdef RSI: 0000000020000480 RDI: 0000000000000003 [ 2849.762819][T19191] RBP: 00007fdb39a021d0 R08: 0000000000000000 R09: 0000000000000000 [ 2849.770770][T19191] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2849.778724][T19191] R13: 00007ffca9e2055f R14: 00007fdb39a02300 R15: 0000000000022000 07:39:00 executing program 3: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) r1 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) ioctl$KDSKBMODE(r1, 0x4b45, 0x0) write$nbd(r0, &(0x7f0000000040)=ANY=[@ANYRES16=r0, @ANYRESDEC=r0, @ANYRESHEX=r1], 0xe7) write$nbd(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="674466980000000048bb7ff117327400"], 0x10) 07:39:00 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe3000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 2849.860997][T19213] loop5: detected capacity change from 0 to 264192 [ 2849.891619][T19213] FAT-fs (loop5): invalid media value (0x50) [ 2849.897638][T19213] FAT-fs (loop5): Can't find a valid FAT filesystem 07:39:00 executing program 2 (fault-call:1 fault-nth:37): r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xfffffdef) 07:39:00 executing program 4: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000040), 0x60e503, 0x0) write$nbd(r0, 0x0, 0x7fffffffffffffff) 07:39:00 executing program 0: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, 0x0, 0xe7) write$nbd(r0, &(0x7f0000000080)={0x67446698, 0x0, 0x0, 0x0, 0x40000000}, 0x10) 07:39:00 executing program 3: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xe7) write$nbd(r0, &(0x7f0000000000)={0x67446698, 0x0, 0x0, 0x0, 0x0, "e73ba9"}, 0x13) 07:39:00 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe3010000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 2849.997862][T19213] loop5: detected capacity change from 0 to 264192 [ 2850.004934][T19213] FAT-fs (loop5): invalid media value (0x50) [ 2850.010965][T19213] FAT-fs (loop5): Can't find a valid FAT filesystem [ 2850.067918][T19252] FAULT_INJECTION: forcing a failure. [ 2850.067918][T19252] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 2850.081171][T19252] CPU: 0 PID: 19252 Comm: syz-executor.2 Not tainted 5.14.0-rc4-syzkaller #0 [ 2850.089935][T19252] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2850.099984][T19252] Call Trace: [ 2850.103303][T19252] dump_stack_lvl+0xb7/0x103 [ 2850.108018][T19252] dump_stack+0x11/0x1a [ 2850.112155][T19252] should_fail+0x23c/0x250 07:39:01 executing program 5: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x0, 0x2, &(0x7f0000000440)=[{0x0, 0x0, 0x100000000}, {&(0x7f0000000400)="b6e4ba5e97a999bfce4e9bf4475031d183cbe1", 0x13, 0x9}], 0x0, &(0x7f0000000000)={[{@fat=@time_offset={'time_offset', 0x3d, 0xfffffffffffffc11}}]}) 07:39:01 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe3020000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 07:39:01 executing program 4: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x4d8d01, 0x0) write$nbd(r0, 0x0, 0x7fffffffffffffff) r1 = socket$netlink(0x10, 0x3, 0x2) setsockopt$inet6_udp_int(r0, 0x11, 0xa, &(0x7f0000000040)=0x1ff, 0x4) r2 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000700), 0x40000, 0x0) r3 = gettid() pidfd_open(r3, 0x0) recvmsg$unix(r2, &(0x7f0000000b80)={&(0x7f0000000740), 0x6e, 0x0}, 0x0) pidfd_send_signal(r2, 0x8, &(0x7f00000001c0)={0x16, 0x3, 0x9}, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(r1, 0x8933, &(0x7f00000000c0)={'team0\x00', 0x0}) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r2, 0x8933, &(0x7f0000000280)={'batadv_slave_1\x00', 0x0}) r6 = pidfd_getfd(r0, r2, 0x0) pidfd_send_signal(r6, 0x18, &(0x7f0000000480)={0x3a, 0x5, 0x3ff}, 0x0) sendmsg$BATADV_CMD_GET_NEIGHBORS(r0, &(0x7f0000000340)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000300)={&(0x7f00000002c0)={0x2c, 0x0, 0x200, 0x70bd2b, 0x25dfdbfd, {}, [@BATADV_ATTR_HARD_IFINDEX={0x8, 0x6, r5}, @BATADV_ATTR_NETWORK_CODING_ENABLED={0x5}, @BATADV_ATTR_ISOLATION_MASK={0x8, 0x2c, 0x81}]}, 0x2c}}, 0x40001) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r0, 0x89f1, &(0x7f0000000180)={'ip6tnl0\x00', &(0x7f0000000100)={'ip6gre0\x00', r4, 0x4, 0x1f, 0x59, 0x10001, 0x4, @ipv4={'\x00', '\xff\xff', @multicast1}, @private1, 0xff01, 0x7, 0x4, 0x3}}) r7 = fork() clone3(&(0x7f0000000b40)={0x20a00000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000b00)=[r7], 0x1}, 0x58) sched_setattr(r7, &(0x7f0000000080)={0x38, 0x0, 0x12, 0x4, 0xffffffff, 0x100, 0xfffffffffffffffb, 0x7, 0x512, 0x383}, 0x0) sendmsg$BATADV_CMD_GET_GATEWAYS(r0, &(0x7f0000000440)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000400)={&(0x7f00000003c0)={0x24, 0x0, 0x200, 0x70bd25, 0x25dfdbfb, {}, [@BATADV_ATTR_MULTICAST_FANOUT={0x8, 0x3c, 0x8}, @BATADV_ATTR_BONDING_ENABLED={0x5, 0x2d, 0x1}]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x80010) 07:39:01 executing program 0: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, 0x0, 0xe7) write$nbd(r0, &(0x7f0000000080)={0x67446698, 0x0, 0x0, 0x0, 0xffffffff}, 0x10) [ 2850.116572][T19252] __alloc_pages+0x102/0x320 [ 2850.121169][T19252] alloc_pages_vma+0x513/0x680 [ 2850.125933][T19252] shmem_getpage_gfp+0x954/0x13d0 [ 2850.130982][T19252] shmem_write_begin+0x7e/0x100 [ 2850.135883][T19252] generic_perform_write+0x196/0x3c0 [ 2850.141175][T19252] ? shmem_write_begin+0x100/0x100 [ 2850.146345][T19252] __generic_file_write_iter+0x161/0x300 [ 2850.152091][T19252] ? generic_write_checks+0x242/0x290 [ 2850.157478][T19252] generic_file_write_iter+0x75/0x130 [ 2850.162851][T19252] vfs_write+0x69d/0x770 07:39:01 executing program 3: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xe7) socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$batadv(&(0x7f0000000040), r0) r2 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TEAM_CMD_NOOP(r2, &(0x7f00000031c0)={&(0x7f0000002c40)={0x10, 0x0, 0x0, 0x8800200}, 0xc, &(0x7f0000003180)={&(0x7f0000002e80)={0x14}, 0x14}}, 0x0) ioctl$sock_ipv6_tunnel_SIOCCHGPRL(r0, 0x89f7, &(0x7f0000000340)={'syztnl1\x00', &(0x7f00000002c0)={'sit0\x00', 0x0, 0x4, 0x80, 0x40, 0x0, 0x1, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', @local, 0x700, 0x7, 0x9, 0x2}}) sendmsg$BATADV_CMD_SET_HARDIF(r2, &(0x7f0000000400)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f00000003c0)={&(0x7f0000000380)={0x34, r1, 0x384, 0x70bd27, 0x25dfdbfb, {}, [@BATADV_ATTR_THROUGHPUT_OVERRIDE={0x8, 0x3b, 0x200}, @BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r3}, @BATADV_ATTR_HARD_IFINDEX={0x8}, @BATADV_ATTR_BONDING_ENABLED={0x5}]}, 0x34}, 0x1, 0x0, 0x0, 0x80}, 0xc0) write$nbd(r0, &(0x7f0000000080), 0x10) ioctl$SNDRV_SEQ_IOCTL_GET_PORT_INFO(r0, 0xc0a85322, &(0x7f00000000c0)) 07:39:01 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe3030000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 2850.167194][T19252] ksys_write+0xce/0x180 [ 2850.171436][T19252] __x64_sys_write+0x3e/0x50 [ 2850.176025][T19252] do_syscall_64+0x3d/0x90 [ 2850.180452][T19252] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 2850.186347][T19252] RIP: 0033:0x4665e9 [ 2850.190301][T19252] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2850.209905][T19252] RSP: 002b:00007fdb39a02188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 07:39:01 executing program 0: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, 0x0, 0xe7) write$nbd(r0, &(0x7f0000000080), 0x1001) 07:39:01 executing program 2 (fault-call:1 fault-nth:38): r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xfffffdef) 07:39:01 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe3040000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 2850.218339][T19252] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665e9 [ 2850.226330][T19252] RDX: 00000000fffffdef RSI: 0000000020000480 RDI: 0000000000000003 [ 2850.234294][T19252] RBP: 00007fdb39a021d0 R08: 0000000000000000 R09: 0000000000000000 [ 2850.242262][T19252] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2850.250222][T19252] R13: 00007ffca9e2055f R14: 00007fdb39a02300 R15: 0000000000022000 07:39:01 executing program 3: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xe7) r1 = syz_genetlink_get_family_id$batadv(&(0x7f0000000000), r0) pipe(&(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r2, 0x402c5342, &(0x7f0000000100)={0x1, 0x0, 0x81, {0xfffffffe, 0xfe17}, 0x9787, 0xfffff801}) sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r2, &(0x7f0000000480)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000440)={&(0x7f0000000400)=ANY=[@ANYBLOB="01008000", @ANYRES16=r1, @ANYBLOB="08002bbd7000ffdbdf250e00000005003000000000000500370000000000"], 0x24}, 0x1, 0x0, 0x0, 0x24004000}, 0x10000) write$nbd(r0, &(0x7f00000000c0), 0x10) 07:39:01 executing program 0: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, 0x0, 0xe7) write$nbd(r0, &(0x7f0000000080), 0xfdef) [ 2850.343404][T19285] FAULT_INJECTION: forcing a failure. [ 2850.343404][T19285] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2850.356469][T19285] CPU: 0 PID: 19285 Comm: syz-executor.2 Not tainted 5.14.0-rc4-syzkaller #0 [ 2850.365227][T19285] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2850.366842][T19293] loop5: detected capacity change from 0 to 264192 [ 2850.375271][T19285] Call Trace: [ 2850.375281][T19285] dump_stack_lvl+0xb7/0x103 [ 2850.375303][T19285] dump_stack+0x11/0x1a 07:39:01 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe4000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 2850.375317][T19285] should_fail+0x23c/0x250 [ 2850.398192][T19285] should_fail_usercopy+0x16/0x20 [ 2850.403218][T19285] copy_page_from_iter_atomic+0x2c1/0xba0 [ 2850.408942][T19285] ? shmem_write_begin+0x7e/0x100 [ 2850.413978][T19285] generic_perform_write+0x1df/0x3c0 [ 2850.419270][T19285] ? shmem_write_begin+0x100/0x100 [ 2850.424375][T19285] __generic_file_write_iter+0x161/0x300 [ 2850.430015][T19285] ? generic_write_checks+0x242/0x290 [ 2850.435391][T19285] generic_file_write_iter+0x75/0x130 [ 2850.438152][T19293] FAT-fs (loop5): invalid media value (0x47) [ 2850.440755][T19285] vfs_write+0x69d/0x770 [ 2850.440776][T19285] ksys_write+0xce/0x180 [ 2850.440792][T19285] __x64_sys_write+0x3e/0x50 [ 2850.446775][T19293] FAT-fs (loop5): Can't find a valid FAT filesystem [ 2850.450980][T19285] do_syscall_64+0x3d/0x90 [ 2850.451001][T19285] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 2850.476815][T19285] RIP: 0033:0x4665e9 [ 2850.480703][T19285] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2850.500313][T19285] RSP: 002b:00007fdb39a02188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2850.508722][T19285] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665e9 [ 2850.516698][T19285] RDX: 00000000fffffdef RSI: 0000000020000480 RDI: 0000000000000003 [ 2850.524660][T19285] RBP: 00007fdb39a021d0 R08: 0000000000000000 R09: 0000000000000000 [ 2850.532627][T19285] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2850.540587][T19285] R13: 00007ffca9e2055f R14: 00007fdb39a02300 R15: 0000000000022000 07:39:01 executing program 5: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x0, 0x2, &(0x7f0000000440)=[{0x0, 0x0, 0x100000000}, {&(0x7f0000000400)="b6e4ba5e97a999bfce4e9bf4475031d183cbe1", 0x13, 0xa}], 0x0, &(0x7f0000000000)={[{@fat=@time_offset={'time_offset', 0x3d, 0xfffffffffffffc11}}]}) 07:39:01 executing program 3: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xe7) r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000700), 0x40000, 0x0) recvmsg$unix(r1, &(0x7f0000000b80)={&(0x7f0000000740), 0x6e, 0x0}, 0x0) ioctl$sock_inet6_udp_SIOCINQ(r1, 0x541b, &(0x7f0000000000)) write$nbd(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="980000000000000000008abf4d"], 0x10) 07:39:01 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe4010000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 07:39:01 executing program 0: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, 0x0, 0xe7) write$nbd(r0, &(0x7f0000000080), 0x8800000) 07:39:01 executing program 4: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x8002, 0x0) syz_io_uring_setup(0x42ed, &(0x7f0000000040)={0x0, 0x68be, 0x4, 0x2, 0x74}, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000ff9000/0x2000)=nil, &(0x7f00000000c0), &(0x7f0000000100)) recvmsg$unix(r1, &(0x7f0000000b80)={&(0x7f0000000740), 0x6e, 0x0}, 0x10100) write$nbd(r1, 0x0, 0x7fffffffffffffff) r2 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000600), 0x101081, 0x0) io_uring_register$IORING_REGISTER_EVENTFD_ASYNC(r2, 0x7, &(0x7f0000000640)=r1, 0x1) r3 = syz_genetlink_get_family_id$team(&(0x7f00000001c0), r0) getsockname$packet(r0, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000280)={'team0\x00', 0x0}) ioctl$sock_ipv6_tunnel_SIOCDELPRL(r1, 0x89f6, &(0x7f0000000340)={'ip6_vti0\x00', &(0x7f00000002c0)={'syztnl1\x00', 0x0, 0x29, 0x8, 0x81, 0xdfc, 0x0, @private1={0xfc, 0x1, '\x00', 0x1}, @dev={0xfe, 0x80, '\x00', 0x27}, 0x8, 0x700, 0x9, 0x4}}) sendmsg$TEAM_CMD_OPTIONS_SET(r1, &(0x7f00000005c0)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000580)={&(0x7f0000000380)={0x1fc, r3, 0x800, 0x70bd27, 0x25dfdbfb, {}, [{{0x8}, {0x1e0, 0x2, 0x0, 0x1, [{0x40, 0x1, @lb_hash_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x7}}, {0x8}}}, {0x3c, 0x1, @user_linkup_enabled={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r4}}}, {0x3c, 0x1, @enabled={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r5}}}, {0x38, 0x1, @lb_stats_refresh_interval={{0x24}, {0x5}, {0x8, 0x4, 0x9}}}, {0x3c, 0x1, @user_linkup={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r6}}}, {0x40, 0x1, @queue_id={{{0x24}, {0x5}, {0x8}}, {0x8}}}, {0x38, 0x1, @notify_peers_count={{0x24}, {0x5}, {0x8}}}, {0x38, 0x1, @notify_peers_count={{0x24}, {0x5}, {0x8, 0x4, 0x8}}}]}}]}, 0x1fc}, 0x1, 0x0, 0x0, 0x50}, 0x40080) [ 2850.585759][T19293] loop5: detected capacity change from 0 to 264192 [ 2850.594143][T19293] FAT-fs (loop5): invalid media value (0x47) [ 2850.600163][T19293] FAT-fs (loop5): Can't find a valid FAT filesystem 07:39:01 executing program 3: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xe7) write$nbd(r0, &(0x7f0000000080)={0x67446698, 0x1, 0xfffd, 0x0, 0xfffffffc}, 0xfffffffffffffe0d) 07:39:01 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe4020000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 2850.725411][T19332] loop5: detected capacity change from 0 to 264192 [ 2850.736864][T19332] FAT-fs (loop5): invalid media value (0xf4) [ 2850.742918][T19332] FAT-fs (loop5): Can't find a valid FAT filesystem 07:39:01 executing program 2 (fault-call:1 fault-nth:39): r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xfffffdef) 07:39:01 executing program 4: write$nbd(0xffffffffffffffff, 0x0, 0x7fffffffffffffff) syz_genetlink_get_family_id$batadv(&(0x7f00000000c0), 0xffffffffffffffff) pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) prctl$PR_GET_UNALIGN(0x5, &(0x7f0000000100)) setsockopt$netlink_NETLINK_RX_RING(r0, 0x10e, 0x6, &(0x7f0000000040)={0x6, 0x6, 0x400, 0xfffffc18}, 0x10) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000080)={0x9, 0x6, 0x3, 0x5, 0x9, "6058d6dd8a13cfc349d93e4c61f5930255d81f"}) 07:39:01 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe4030000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 07:39:01 executing program 5: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x0, 0x2, &(0x7f0000000440)=[{0x0, 0x0, 0x100000000}, {&(0x7f0000000400)="b6e4ba5e97a999bfce4e9bf4475031d183cbe1", 0x13, 0xb}], 0x0, &(0x7f0000000000)={[{@fat=@time_offset={'time_offset', 0x3d, 0xfffffffffffffc11}}]}) 07:39:01 executing program 3: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xe7) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000000)={'batadv_slave_1\x00'}) write$nbd(r0, &(0x7f00000000c0)={0x67446698, 0x0, 0x0, 0x0, 0x0, "9b184f6f1cc86982ea6a537446343def1cb837f8eba1e28433b02cbaac2f1e3eedc8d7289cd13a71f5c4a0c7b7e8147d6c67aa7b004f3551f032335041fbc0e3cb204efbd631a6664991d152b6effe3a279a06ebea315c452b7f79fbc0c4f429afff5d7486374bcb27e63e9fc1a46f8c39d9b403eadfb56cd0d78ec184e1d81c07bf84132e00022d5ea2217834007dfb00760000000040000000000000"}, 0xad) [ 2850.879245][T19349] FAULT_INJECTION: forcing a failure. [ 2850.879245][T19349] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 2850.891979][T19352] loop5: detected capacity change from 0 to 264192 [ 2850.892485][T19349] CPU: 0 PID: 19349 Comm: syz-executor.2 Not tainted 5.14.0-rc4-syzkaller #0 [ 2850.907809][T19349] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2850.917863][T19349] Call Trace: [ 2850.921132][T19349] dump_stack_lvl+0xb7/0x103 [ 2850.922173][T19352] FAT-fs (loop5): invalid media value (0x9b) [ 2850.925719][T19349] dump_stack+0x11/0x1a [ 2850.925739][T19349] should_fail+0x23c/0x250 [ 2850.931738][T19352] FAT-fs (loop5): Can't find a valid FAT filesystem [ 2850.935831][T19349] __alloc_pages+0x102/0x320 [ 2850.951347][T19349] alloc_pages_vma+0x513/0x680 [ 2850.956156][T19349] shmem_getpage_gfp+0x954/0x13d0 [ 2850.961272][T19349] shmem_write_begin+0x7e/0x100 [ 2850.966159][T19349] generic_perform_write+0x196/0x3c0 [ 2850.971463][T19349] ? shmem_write_begin+0x100/0x100 [ 2850.976566][T19349] __generic_file_write_iter+0x161/0x300 [ 2850.982200][T19349] ? generic_write_checks+0x242/0x290 [ 2850.987566][T19349] generic_file_write_iter+0x75/0x130 [ 2850.992931][T19349] vfs_write+0x69d/0x770 [ 2850.997167][T19349] ksys_write+0xce/0x180 [ 2851.001402][T19349] __x64_sys_write+0x3e/0x50 [ 2851.006010][T19349] do_syscall_64+0x3d/0x90 [ 2851.010441][T19349] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 2851.016328][T19349] RIP: 0033:0x4665e9 07:39:01 executing program 0: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, 0x0, 0xe7) write$nbd(r0, &(0x7f0000000080), 0x20000090) 07:39:01 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe4040000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 07:39:01 executing program 3: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000000)=ANY=[], 0xe7) socket$netlink(0x10, 0x3, 0x8) write$nbd(r0, &(0x7f0000000080), 0x10) [ 2851.020211][T19349] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2851.039815][T19349] RSP: 002b:00007fdb39a02188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2851.048225][T19349] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665e9 [ 2851.056223][T19349] RDX: 00000000fffffdef RSI: 0000000020000480 RDI: 0000000000000003 [ 2851.064191][T19349] RBP: 00007fdb39a021d0 R08: 0000000000000000 R09: 0000000000000000 [ 2851.072155][T19349] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2851.080141][T19349] R13: 00007ffca9e2055f R14: 00007fdb39a02300 R15: 0000000000022000 07:39:02 executing program 3: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0xc000, 0x0) setsockopt$netlink_NETLINK_RX_RING(r1, 0x10e, 0x6, &(0x7f0000000040)={0x1, 0xa7, 0x2, 0x8}, 0x10) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xe7) write$nbd(r0, &(0x7f0000000080), 0x10) 07:39:02 executing program 4: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) recvmsg$unix(r0, &(0x7f0000000600)={&(0x7f0000000100)=@abs, 0x6e, &(0x7f0000000480)=[{&(0x7f0000000280)=""/199, 0xc7}, {&(0x7f0000000380)=""/239, 0xef}], 0x2, &(0x7f00000004c0)=[@cred={{0x1c}}, @rights={{0x2c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x34, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @rights={{0x20, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x24, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}], 0x108}, 0x2102) write$nbd(r0, 0x0, 0x7fffffffffffffff) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)) ioctl$SNDRV_SEQ_IOCTL_GET_CLIENT_INFO(r0, 0xc0bc5310, &(0x7f00000001c0)) write$nbd(r0, &(0x7f0000000040)={0x67446698, 0x0, 0x0, 0x0, 0x1, "931abf824b2f0e6bc62edf673dd690189b3075ca21e040d5a94de961c2dd9ded7b0c37e792cb3b56e19c05bf130da8014dd540c5aeecd7a359e788f6ced1f11580bd87ad144a801daff0df3f21baa4ee885a229953af7f78a9936d280d927ea0d69ee2683c288256fa37825654d30d175c62df967c"}, 0x85) 07:39:02 executing program 2 (fault-call:1 fault-nth:40): r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xfffffdef) 07:39:02 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe5000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 2851.131830][T19352] loop5: detected capacity change from 0 to 264192 [ 2851.177025][T19352] FAT-fs (loop5): invalid media value (0x9b) [ 2851.183065][T19352] FAT-fs (loop5): Can't find a valid FAT filesystem [ 2851.214505][T19391] FAULT_INJECTION: forcing a failure. 07:39:02 executing program 3: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xe7) r1 = syz_genetlink_get_family_id$batadv(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$BATADV_CMD_GET_NEIGHBORS(r0, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x1c, r1, 0x400, 0x70bd25, 0x25dfdbfb, {}, [@BATADV_ATTR_GW_BANDWIDTH_DOWN={0x8, 0x31, 0xfffffe41}]}, 0x1c}, 0x1, 0x0, 0x0, 0x8000}, 0x840) write$nbd(r0, &(0x7f0000000080), 0x10) 07:39:02 executing program 4: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x400040, 0x0) ioctl$SNDRV_SEQ_IOCTL_UNSUBSCRIBE_PORT(r0, 0x40505331, &(0x7f0000000000)={{0x3}, {0x8, 0x40}, 0x6, 0x1, 0x40}) write$nbd(r0, 0x0, 0x7fffffffffffffff) [ 2851.214505][T19391] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2851.227629][T19391] CPU: 0 PID: 19391 Comm: syz-executor.2 Not tainted 5.14.0-rc4-syzkaller #0 [ 2851.236433][T19391] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2851.246515][T19391] Call Trace: [ 2851.249797][T19391] dump_stack_lvl+0xb7/0x103 [ 2851.254393][T19391] dump_stack+0x11/0x1a [ 2851.258539][T19391] should_fail+0x23c/0x250 [ 2851.262952][T19391] should_fail_usercopy+0x16/0x20 [ 2851.267981][T19391] copy_page_from_iter_atomic+0x2c1/0xba0 07:39:02 executing program 5: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x0, 0x2, &(0x7f0000000440)=[{0x0, 0x0, 0x100000000}, {&(0x7f0000000400)="b6e4ba5e97a999bfce4e9bf4475031d183cbe1", 0x13, 0xc}], 0x0, &(0x7f0000000000)={[{@fat=@time_offset={'time_offset', 0x3d, 0xfffffffffffffc11}}]}) [ 2851.273709][T19391] ? shmem_write_begin+0x7e/0x100 [ 2851.278767][T19391] generic_perform_write+0x1df/0x3c0 [ 2851.284075][T19391] ? shmem_write_begin+0x100/0x100 [ 2851.289182][T19391] __generic_file_write_iter+0x161/0x300 [ 2851.294811][T19391] ? generic_write_checks+0x242/0x290 [ 2851.300220][T19391] generic_file_write_iter+0x75/0x130 [ 2851.305609][T19391] vfs_write+0x69d/0x770 [ 2851.309923][T19391] ksys_write+0xce/0x180 [ 2851.314193][T19391] __x64_sys_write+0x3e/0x50 [ 2851.318773][T19391] do_syscall_64+0x3d/0x90 07:39:02 executing program 5: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x0, 0x2, &(0x7f0000000440)=[{0x0, 0x0, 0x100000000}, {&(0x7f0000000400)="b6e4ba5e97a999bfce4e9bf4475031d183cbe1", 0x13, 0xd}], 0x0, &(0x7f0000000000)={[{@fat=@time_offset={'time_offset', 0x3d, 0xfffffffffffffc11}}]}) 07:39:02 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe5010000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 2851.323253][T19391] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 2851.329209][T19391] RIP: 0033:0x4665e9 [ 2851.333098][T19391] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2851.352695][T19391] RSP: 002b:00007fdb39a02188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2851.361107][T19391] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665e9 [ 2851.369074][T19391] RDX: 00000000fffffdef RSI: 0000000020000480 RDI: 0000000000000003 [ 2851.377045][T19391] RBP: 00007fdb39a021d0 R08: 0000000000000000 R09: 0000000000000000 [ 2851.385012][T19391] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2851.393001][T19391] R13: 00007ffca9e2055f R14: 00007fdb39a02300 R15: 0000000000022000 [ 2851.451884][T19414] loop5: detected capacity change from 0 to 264192 [ 2851.469242][T19414] FAT-fs (loop5): invalid media value (0xce) [ 2851.475245][T19414] FAT-fs (loop5): Can't find a valid FAT filesystem 07:39:02 executing program 0: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, 0x0, 0xe7) write$nbd(r0, &(0x7f0000000080), 0x7ffff000) 07:39:02 executing program 4: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x430e02, 0x0) r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000700), 0x40000, 0x0) recvmsg$unix(r1, &(0x7f0000000b80)={&(0x7f0000000740), 0x6e, 0x0}, 0x0) recvmsg$unix(r1, &(0x7f0000000580)={&(0x7f00000000c0)=@abs, 0x6e, &(0x7f00000003c0)=[{&(0x7f0000000140)=""/166, 0xa6}, {&(0x7f0000000200)=""/232, 0xe8}, {&(0x7f0000000640)=""/171, 0xab}], 0x3, &(0x7f0000000400)=[@cred={{0x1c}}, @rights={{0x2c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x2c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x10}}, @cred={{0x1c}}, @cred={{0x1c}}, @rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @cred={{0x1c}}, @cred={{0x1c}}], 0x148}, 0x10000) r2 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) ioctl$KDSKBMODE(r2, 0x4b45, 0x0) ioctl$TIOCMBIC(r2, 0x5417, &(0x7f0000000600)=0x4) r3 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000700), 0x40000, 0x0) recvmsg$unix(r3, &(0x7f0000000b80)={&(0x7f0000000740), 0x6e, 0x0}, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TEMPO(r3, 0xc02c5341, &(0x7f0000000040)) r4 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$inet6_udp_encap(r4, 0x11, 0x64, &(0x7f00000005c0)=0x4, 0x4) write$nbd(r0, 0x0, 0x7fffffffffffffff) 07:39:02 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe5020000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 07:39:02 executing program 3: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xe7) r1 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) ioctl$KDSKBMODE(r1, 0x4b45, 0x0) ioctl$TIOCL_GETMOUSEREPORTING(r1, 0x541c, &(0x7f0000000080)) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_CLIENT(r0, 0x404c534a, &(0x7f0000000000)={0xf, 0x86, 0xe}) write$nbd(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="67446698000000000000efd9c85e0000ab71caee2da9d90dfaf8ea2840f2c86d5823e4bddb0ffaadbbe30a"], 0x10) 07:39:02 executing program 5: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x0, 0x2, &(0x7f0000000440)=[{0x0, 0x0, 0x100000000}, {&(0x7f0000000400)="b6e4ba5e97a999bfce4e9bf4475031d183cbe1", 0x13, 0xe}], 0x0, &(0x7f0000000000)={[{@fat=@time_offset={'time_offset', 0x3d, 0xfffffffffffffc11}}]}) 07:39:02 executing program 2 (fault-call:1 fault-nth:41): r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xfffffdef) 07:39:02 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe5030000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 07:39:02 executing program 4: openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000700), 0x40000, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) recvmsg$unix(r2, &(0x7f0000000200)={&(0x7f0000000280), 0x87, 0x0, 0x0, 0x0, 0x52}, 0x2100) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TIMER(r1, 0xc0605345, &(0x7f0000000040)={0x8, 0x2, {0xffffffffffffffff, 0x0, 0x8, 0x0, 0xffff}, 0x2}) write$nbd(r0, 0x0, 0x7fffffffffffffff) r3 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000700), 0x40000, 0x0) recvmsg$unix(r3, &(0x7f0000000b80)={&(0x7f0000000740), 0x6e, 0x0}, 0x0) openat$nvram(0xffffffffffffff9c, &(0x7f0000000240), 0x40, 0x0) r4 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000700), 0x40000, 0x0) recvmsg$unix(r4, &(0x7f0000000b80)={&(0x7f0000000740), 0x6e, 0x0}, 0x0) r5 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000700), 0x40000, 0x0) recvmsg$unix(r5, &(0x7f0000000b80)={&(0x7f0000000740), 0x6e, 0x0}, 0x0) r6 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000700), 0x40000, 0x0) recvmsg$unix(r6, &(0x7f0000000b80)={&(0x7f0000000740), 0x6e, 0x0}, 0x0) r7 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000700), 0x40000, 0x0) recvmsg$unix(r7, &(0x7f0000000b80)={&(0x7f0000000740), 0x6e, 0x0}, 0x0) io_uring_register$IORING_REGISTER_EVENTFD_ASYNC(r7, 0x7, &(0x7f0000000300)=r6, 0x1) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f00000000c0), &(0x7f0000000100)=0xc) [ 2851.664045][T19442] loop5: detected capacity change from 0 to 264192 [ 2851.674608][T19443] FAULT_INJECTION: forcing a failure. [ 2851.674608][T19443] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 2851.687922][T19443] CPU: 0 PID: 19443 Comm: syz-executor.2 Not tainted 5.14.0-rc4-syzkaller #0 [ 2851.696675][T19443] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2851.706728][T19443] Call Trace: 07:39:02 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe5040000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 2851.710006][T19443] dump_stack_lvl+0xb7/0x103 [ 2851.714591][T19443] dump_stack+0x11/0x1a [ 2851.718740][T19443] should_fail+0x23c/0x250 [ 2851.723232][T19443] __alloc_pages+0x102/0x320 [ 2851.727911][T19443] alloc_pages_vma+0x513/0x680 [ 2851.732677][T19443] shmem_getpage_gfp+0x954/0x13d0 [ 2851.737807][T19443] shmem_write_begin+0x7e/0x100 [ 2851.742652][T19443] generic_perform_write+0x196/0x3c0 [ 2851.747940][T19443] ? shmem_write_begin+0x100/0x100 [ 2851.753052][T19443] __generic_file_write_iter+0x161/0x300 [ 2851.758806][T19443] ? generic_write_checks+0x242/0x290 [ 2851.764201][T19443] generic_file_write_iter+0x75/0x130 [ 2851.769618][T19443] vfs_write+0x69d/0x770 [ 2851.773858][T19443] ksys_write+0xce/0x180 [ 2851.778096][T19443] __x64_sys_write+0x3e/0x50 [ 2851.782728][T19443] do_syscall_64+0x3d/0x90 [ 2851.787173][T19443] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 2851.793061][T19443] RIP: 0033:0x4665e9 [ 2851.796943][T19443] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2851.816618][T19443] RSP: 002b:00007fdb39a02188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2851.825105][T19443] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665e9 [ 2851.828556][T19442] FAT-fs (loop5): invalid media value (0xbf) [ 2851.833078][T19443] RDX: 00000000fffffdef RSI: 0000000020000480 RDI: 0000000000000003 [ 2851.833093][T19443] RBP: 00007fdb39a021d0 R08: 0000000000000000 R09: 0000000000000000 [ 2851.833104][T19443] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 07:39:02 executing program 3: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xe7) write$nbd(r0, &(0x7f0000000080), 0x10) 07:39:02 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe6000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 2851.833116][T19443] R13: 00007ffca9e2055f R14: 00007fdb39a02300 R15: 0000000000022000 [ 2851.870993][T19442] FAT-fs (loop5): Can't find a valid FAT filesystem 07:39:02 executing program 2 (fault-call:1 fault-nth:42): r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xfffffdef) [ 2851.959885][T19472] FAULT_INJECTION: forcing a failure. [ 2851.959885][T19472] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2851.973134][T19472] CPU: 1 PID: 19472 Comm: syz-executor.2 Not tainted 5.14.0-rc4-syzkaller #0 [ 2851.981967][T19472] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2851.992043][T19472] Call Trace: [ 2851.995348][T19472] dump_stack_lvl+0xb7/0x103 [ 2851.999940][T19472] dump_stack+0x11/0x1a [ 2852.004096][T19472] should_fail+0x23c/0x250 [ 2852.008512][T19472] should_fail_usercopy+0x16/0x20 [ 2852.013534][T19472] copy_page_from_iter_atomic+0x2c1/0xba0 [ 2852.019256][T19472] ? shmem_write_begin+0x7e/0x100 [ 2852.024292][T19472] generic_perform_write+0x1df/0x3c0 [ 2852.029574][T19472] ? shmem_write_begin+0x100/0x100 [ 2852.034672][T19472] __generic_file_write_iter+0x161/0x300 [ 2852.040297][T19472] ? generic_write_checks+0x242/0x290 [ 2852.045667][T19472] generic_file_write_iter+0x75/0x130 [ 2852.051115][T19472] vfs_write+0x69d/0x770 [ 2852.055428][T19472] ksys_write+0xce/0x180 [ 2852.059681][T19472] __x64_sys_write+0x3e/0x50 [ 2852.064261][T19472] do_syscall_64+0x3d/0x90 [ 2852.068856][T19472] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 2852.074752][T19472] RIP: 0033:0x4665e9 [ 2852.078626][T19472] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2852.098230][T19472] RSP: 002b:00007fdb39a02188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 07:39:03 executing program 0: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, 0x0, 0xe7) write$nbd(r0, &(0x7f0000000080), 0xfffffdef) 07:39:03 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe6010000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 07:39:03 executing program 3: keyctl$dh_compute(0x17, &(0x7f0000000000), &(0x7f00000000c0)=""/122, 0x7a, &(0x7f0000000140)={&(0x7f0000000040)={'crc32c\x00'}, &(0x7f00000001c0)="36859a703c135c1afd08dbc91cd53bf98b2a793441fe7b8b832bb645228d6e56bf35032ebf6e113865052bdf40b00b2b5a30d28092c401abbbb4cab0c80c4b6207c8dcd6a7b608aa9042c961164dfbb347049292285978d09cc6c8fc8f51a55c25642932d0022e9b59893a3faca6e18ecf58478c725aff2662f029abe94fe635eb1bda767c3881f363c01569391117bff6e5370b7c6f6f0f8fb8df443cc49570b3faf9d5e4b499ab1fd3f42a4b5733ca3b88d04ab4f1698b7d274990193554dee7dcb9a7eef6135bf030a216e4f586dc117f5059dedbbffa7f09a7662b79879728f3b17f27a9dc825f65243c8b673159792fc63dab4b9de850ba49638848a3bd5ceaf96372c480fb08c74bc578ef4a1e74def9092633b508afdcd023518d9a7eda25e339cee52e5cae72c55b83537150ab1e86d6545aa5dea62a0e169c268fb2298194276ca9572571906755c82cd07c5a3afeff60f73b5f51a4ca1de6ee2126d9f76a7e94fd37e8a57001b21d4bc75a20abdec88045da95cbae8e896e3e30e7bed1aa2a00d27f92711b8be4548e7acb75f4289c24dad919fd60d0c73030f3054ded2abf272dcb32d3a2f6f52a3ed0e2b5bfd37edefe9b0260a385d3fc6af86af22d2c0cc3b606920dfcefeada76cd7d0d8058567a009c672e2d6a285924449b47db3275644cb9279f71cf449a98b5ce9fa5d6d25038bc54bb3ac1a54aad5e9e16ad9e196456f0308a0a80603ef81b93ef7d2e11761d4b8058cae6879ec7899df0b2a1b74b9530e81bf11ec4e47536ff9e8ce210d53e35707055e6443bbf1b781e19a192141115b0c8b9ab886490451eb6e92b661421234b18c677a2fd275f0701f4ab3b12bc1139682c6ee7f322e7ac50532cab7c0f89bb145cb624408ba2879024da9e36927d3f9bf78dce3a7a6a8b1791523dee017e3a473bcc53f0a0f1819352cacf522c84695bc7c1e7152be43a0adf8052189ffd67f89b9f8647cf9bf646dff1a3810d9af48b9ae2317addf8c7c23aba9f66c2dd688237a7d939c0abb998e8f7d48efcf400274397a33971e43a817fe6afe5d35b49e07fb60c082f0968c9987abb87e9e3dc27af640cfc7e789926e6f8520acde26d57d39a9a9693d6026fa8241c078a783bb1fae1ca7d25a39a1d400c7f930b90b0f2c358493e6b0c5ef34f0c0ab9b2c094d6959172ac6d1894a7e4574cddb2fa666b121c33d1084ea109af4d9d2a951d2c13648cef914845d3e6fbfed26fc8c4c115394fbf758da1c2d2348cfa91aa6b382ed9b73a77b1dc4ea617fa2ef9dc702469a90e2af5ca2d940cabb9bfe74626efcaae919580c11c4cbc92512bc68e8cd50e26e5a8d53652be32745d14505088a3d8fa4ebcd20f2abba224a772e95ba266a21a245170aac4b7996d64ba71e6554e840d1bfc67b38c21adc0841cae6816f260f80ac7d42c763128ab3e0edcb0052eebd774e04ad911be279c1759ba23eb447fac836077f4e86ac753f3bb09105ff06a47be74106410e483c8ff9e1da4f1a7691c223befc1c1ea764fb670cb4d332f21c207f2e2f33aab04ca225c4276067bcf983adc1f0a0b2f4146fdbba3cde28570eb725b2cec9b3d1e37c0c3bb751576f7faeb2bb61be5358687b34967a0b1e0b334fe3434ac8d3f4eb4456139c71bdc8d141ef3f99329fa6747a90e400e8c38de153273bb3ae9e37e3712cee10a923fb641518ebcdfc81d4068ce64e7d8c8f5017c0ed8cabde2a2115e20d923d90b9cff8e1f8e487496bbe07cc3de04679a3d5e30e95fccdb35dc49ebaa53bbef209c8a50610c9c59351f747890d64833d272b922e020f3b9678011a8fe56adda17feca8b5dbcafe5d0579d19409866541777de61ddfd3e6fbcaaa481f25a7de679e2271220f735bc1da9cc7a9c8e9a11a419ea00bf5cacd3fc43695dff9b44279713aed7ce1022eb5c03447f85aa4526522d2b33a5375b97a4321539990889853b3a590b8609ef03ee0be64354c84e33b0c670d9c469505ab6037692064655f750a3a30b7d3ca0410b818f5abefe13f95cf1711f86ca601227d1debe9487c03a74f84afa49037b09dcf292cbd53c63fe37a6a44331e2d601b3af193f3a3d2cac9ade2e513c84666b80b4d79e59b2848f113976b7c9974024c23dd2daaabcba758c04e76c5bde29f970428802aa919ae2dfea4b1be6e1ceb9a5f2b2c6a35665d508e0999ecab65645779af56ebc4ea6367eeff918482fcbdaa1727c448c29f308baba9103b24ea703275617093c6340d334fdf0430f88abc1deca6950974bf6b1030512f5c89489230425efa86bdc4c4a5683ea23b819ea33a984a05bd83fcd316ad1d9ae941c2c43016b8508f4a218e975a6821780966dffe771d3e6e1716c40db1ae29315b42a12442d532c02d29488277266abfe5f2fdaed0f4bb2b7007519752b89acfca6d56b426918dc7a3755a3bfe5e4bd5675f01647fa2a538f90b178742fa0906ee7febc373936cc89a1dede8c4d122c867130f3abcf681cff92799f6b9f4e94aac32a6a1f2a847be9ebcb47ae6a1a1adf161812dcee7a9ad18b9c2d21962c9ca9a2c196d7e65a802a8b2f2dca0a5da776957438e889f81648e027b2d27d7e19a790a4629581ee3f2390918e4618eb7a627e2adddf7041c25df753606fbf4e5150ace1e1e15243fa27df7ec823bc27f215bb4df0a316cdedff19b76449200e48df68ffba8b479de0f33e94e5a84933b7acd28ce9eea6ed7762728892cb9db9a20eb5538ba8b4ec70747c831159c61aa2f0c2872755ae8b52c847f92b9cd54a35bc204a8cde328ed15cfd27c847a05f2fe3573d799d57a2b1e403bd91dd19f16ac74579de222e3d7e1bdec4623fe50864f9bf42b5bfadcb3d13de992e8230588f6926b33c753a2a271b138cd591ddbfd55f0ad5513bfde81803aa253f3ff965631d5a20f4056eba4fd6348ad4d3c6d95d7e80a47446f02594be5737c90bf85b9a2cdc01f4edc02752c8cd7039ec483448b0e7b5669f675c99fbdd061d932e8546588c789a1f6872ec54f7d9334bbada34321e6586d39318e7508cb487a9bc5bf2a96c01c58b99858a3ba64f355442395678ab42a02d078c290ae7474fa03a4ce60553d5b33f06b029dba246bd8fbce1c82bba773156120484bb6b2d87166bbce33779e58c4c4557f72e14914fae87f9024ea654f3107e8d66112a2e919a204ff34b0f9b3fe5235f9753fded33385f30720035456050f5141fef881e9f7c22791d1824d186e312dace10a767c0a1e8dc57ee9900a14bc1ede128912d02011b89bb7c347617ba53da6350584ee52524b6bbd80d7168ef2fc14adf88adff03735647457d3cdcae7cbcae369c36c4161d25e10c5dd0adc456dd27e5426cdbd83bdddf0bda51d49023e34685c625b488ad48655d719f54889a034478f124fbc9775683d7f3b53c6c2e13437280b97f910764d1881da4ea4f84afce6a635822b3d25be0e71c0dd7221b47afba9b768d688bb4af652f31b52380c80d212f03b57cdd0d31750c9b5883990c2c633a3450433e5ed19f856a88a21a325610e678da70bcd0d86a4d60df3bae5e81a4a50fd7dacdd7fbc5d7f889e6d29ac20adc8fb9d0f1023f2854c0ed153d66899c7399776597c469dfa04b27356e65a21509d20396ec1d98773825ded3d99249de4f5974a3604a6d12b9ad146f5d05be660dea2cfe168e7e0051ec94972daddd28a3eaede40bd84f068733fc897ab9d08ccfcbb8f56fac8e08bf9945e7ee7df93b7118feb998103ce9e12c8dd2793ce7f1aa0665aded1066c07e66a5c243e9da7902c5f7c1a3d4d5047c68fb2d92c3d29baa49c577eca290ae8a1292ab76d6779bda9d456be81a0cc89d83ad3f7fb5438dc0b909bbedd20d3cddca511d966d1d05fb624e705712404fdb936feb9c815db818c1dd0d9f30073ea04af52227a46efc601bcc1ca9134884adee8de7c7d86969ebf5af1127b3dd4f9a8a388f97fc7665509a1f75b1ba2ef99f85170019c122f4cafaafe3217afbe3c42c986d8c6694b7a759818b8fee6c3ecb2c355d6040a4730de0f395f253957caef99237cff558bc5440228b2f888fb445b23d8aab4d9d654643670f5d29f073d80e170f6449c977f3906ca0d1c69b270861e407d4d0a58a6874191942538c7060f9e6e1acdc8c403f902b8964a8e97432e755d5848dc9622701c96b18ea1a5340581777ea40f96ed16e60e29dceaeed7e37d6e8889ebbba08b6768049c725e61a7114d123c63a0ab27541b70452307edc3153eb21dae50e2af72cc5c6dbe9340418009dffe0f3de729852e57170b925e38b9a7ad1f50fd25583ce9f788afa64918511a92e769205df795d3bc5d7180d814faeb958a41ea5680617fd83e22f3b95f708b00d46255c291a3eee41f319804e4dcfb39fe3777a2f81ca3e5b6859ba9eaa67e3bbe2e54a83e4bbc06cee196d7537e065d291ff354b0d11138e6eb0e37433c77af035e911febea8fed4c70991bf00448674065fd34af72759be693ed34de734be9a1eaef4e3dd177a63af66461d756844e66b439a2a6b8f4218e2a93b60c67e838261b66d4d14e5d44367f1a1873de29131baccc9398a63cf8f2bd76e86c41ec56581d92dd2066f0e9185b10712a8438d0d0ab7e51018222ec76a12aee482f396d4fb53e7d322b8cf9a9cdf669cff459261d17c9e27380f3f87011e4337753610504991ea6f9aefb6ba845397e73ec4905f710453bee9354b0ed214f5d7d26d442675aa1908b7766e0fc3310ace04e3a5326bff3e1e0627dd1e4931bacb446ff6580edfd896fc9e7351a3ec07a82c922fbb254bd13f33f6e3744a3eb4f8aec7776248f750cf6b82c2cdbd6850688c34e13c122ab30baea1ca79cfaacdbd586dd0ec08bd062dcc83b6482aa70900834495fe3e92bcd4d7730acdf92c1440b0ac37393f2797da4cf7becba796eeed9e5029d020c6fdb0b42343fe34dbcab09e4c46dafb32c05aa62b35962a53dfcf6bcbf3950a0b42a1eb1fb2611df51100f98af06a9a4af7763ca286d7b0de4495395778249e5e7ae99c8dd1b9b4ef20beb47630d25b404d0c871aac0e35ef9d7a0e5dbfae0c0399a0e51b387ee06b6e09fb10e7579a7bb7c800a0399d3e51f1272abd8f1e0b83d410347c3d49f9f73622cfa2e385254971d671eb994ed86e144565be41ec67e0345b649c17fe4c087d8cbad6c0a64e2a2a4a9c6fbcba8d57bf04a6671f1c80ee5f57e66805a5fdf8fd47713d4127626f53ce499ce3bd9250f81b8c0b0db46383ed88f70ade1ea1e446b468660077e48816a09098e0f8e767a24c21157fc9397472a5eb60862d7b8b0b22b519415fb932c5bb59b3f80a07c59acaf424c04d3acf7db881ffe99ed4fea0c70429651244ffef20b9658362c7641386683d705bae347562057eba6980eb3f0b13bcdad9da0bab8fcf71d038ab56765da145a8ea9f2579d77057aad8e5a3766199d4c3408839d59f10f3acbd2fe77d164d891df20e808ccfeb2f67a3b0ed35731bc1928a72f357f6c90317d9285f9435686103b401c470a9e6b1739a6c1ba68a7c760e8a7e514fce4b1b569c51e4f0bc504b3532aaa2e91380e77d8fcf832f9172ea8d95c699f616ce5477c9d707c6022b166fad26a18e5af627bb2cef4c1c3c8b83641b933b19ea266b5b820aa88d7346972225c3b5c74996730d2a379b5f50139878c8c08943dd27ae2e4395cbf39756965553896d3d735d232cc7b5d583f338c510c90b40fc493b38471446defe230c9928a3a400d4c793c3337d8fdca5c4339f76b0", 0x1000}) r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xe7) write$nbd(r0, &(0x7f0000001240)=ANY=[@ANYBLOB="67446698ffffffff00000200000000000614aae820a41d607f2002a6edd52cc573e12c8d7ace4ccadbe777a03df4b83c05f6c87171061882f5826fca93e530e9eddcf4849abdccc9491e48ac98345ff44fd1f8c493c0a8890a96b5e73b251a8e17f2a92a930b9d71c10d2a34ea83993607c0edeccc38a2d0ae616b"], 0x72) [ 2852.106647][T19472] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665e9 [ 2852.114615][T19472] RDX: 00000000fffffdef RSI: 0000000020000480 RDI: 0000000000000003 [ 2852.122582][T19472] RBP: 00007fdb39a021d0 R08: 0000000000000000 R09: 0000000000000000 [ 2852.130576][T19472] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2852.138546][T19472] R13: 00007ffca9e2055f R14: 00007fdb39a02300 R15: 0000000000022000 07:39:03 executing program 3: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000240), 0x492d01, 0x0) r1 = syz_open_pts(0xffffffffffffffff, 0x640002) r2 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000700), 0x40000, 0x0) recvmsg$unix(r2, &(0x7f0000000b80)={&(0x7f0000000740), 0x6e, 0x0}, 0x0) r3 = pidfd_getfd(0xffffffffffffffff, r1, 0x0) io_uring_register$IORING_REGISTER_EVENTFD_ASYNC(r2, 0x7, &(0x7f0000000080)=r3, 0x1) ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000200)=0x40) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xe7) ioctl$sock_ipv6_tunnel_SIOCCHGPRL(r0, 0x89f7, &(0x7f00000000c0)={'syztnl1\x00', &(0x7f0000000000)={'syztnl2\x00', 0x0, 0x29, 0x7f, 0x0, 0x2, 0x1, @empty, @mcast1, 0x80, 0x20, 0x401, 0x400}}) ioctl$sock_ipv6_tunnel_SIOCCHGPRL(r0, 0x89f7, &(0x7f00000001c0)={'syztnl0\x00', &(0x7f0000000100)={'ip6tnl0\x00', r4, 0x2f, 0x4, 0x7f, 0xfffffc42, 0x48, @empty, @remote, 0x8000, 0x8, 0x3, 0x200}}) write$nbd(r0, &(0x7f0000000280)={0x67446698, 0x0, 0x4, 0xfffe, 0x0, "1533c51be18b7b8c7091732eaae5c6d1554292f7a8c39e5967425eb1b92ae2af418d0ff80957ee1d4b96e299dcdabc8c7a4585927f3ae8143901804d35e2fd1db18811f045c87b92ac36af7ebef72b3302953e7b4445e559513732aecb6ed00b35eb7c9463600caf65e3ef60af9d619287ffd9fead32d4c2f40438d86d9e833c5f527b293969d312be354fe84a7f24b63ad213aa50248791e0a3e8254cf027b46bd9f13a4073d34c4da278c04934419b70e3543968018aa0d2f19911333544afa1047d5859c0b5f9d48cfbf6de9f5dd4b99f0d97f9f52fbed658e7de295450a8aff8a03404c0e197bcf379c977302477c77c60f50905fc77796aa367b64603a2c72034e02c2b85fe59001275686964150deb77ae10f09eee2b2b08b8ed2a6006f17162b4ec45f6754b1e"}, 0x13a) [ 2852.164149][T19442] loop5: detected capacity change from 0 to 264192 [ 2852.193095][T19442] FAT-fs (loop5): invalid media value (0xbf) [ 2852.199197][T19442] FAT-fs (loop5): Can't find a valid FAT filesystem 07:39:03 executing program 5: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x0, 0x2, &(0x7f0000000440)=[{0x0, 0x0, 0x100000000}, {&(0x7f0000000400)="b6e4ba5e97a999bfce4e9bf4475031d183cbe1", 0x13, 0x10}], 0x0, &(0x7f0000000000)={[{@fat=@time_offset={'time_offset', 0x3d, 0xfffffffffffffc11}}]}) 07:39:03 executing program 3: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xe7) write$nbd(r0, &(0x7f0000000000)={0x67446698, 0x0, 0x0, 0x0, 0x0, "5e278f34573b323b9d950f04936bc867ac9f2cacf5986eda6dc3819731191bbf9c159293ada8c6eba84d3639f75bfb39967f024a2430af44cde8b3178b3cbadc59f6b22cf3e152b04d3f7d27f5ce3a53663716ea49414eb8f9bd91f11a66bcc092760000000000000000"}, 0x7a) 07:39:03 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe6020000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 2852.379188][T19503] loop5: detected capacity change from 0 to 264192 [ 2852.418131][T19503] FAT-fs (loop5): bogus number of reserved sectors [ 2852.424717][T19503] FAT-fs (loop5): Can't find a valid FAT filesystem 07:39:03 executing program 4: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, 0x0, 0x7fffffffffffffff) ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r0, 0xc0a85320, &(0x7f0000000000)={{0x4, 0x4}, 'port0\x00', 0xc, 0x41000, 0x6, 0x7fff, 0xfb, 0x57, 0x6, 0x0, 0x5, 0x1f}) 07:39:03 executing program 3: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) r1 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) ioctl$KDSKBMODE(r1, 0x4b45, 0x0) write$nbd(r0, &(0x7f0000000000)=ANY=[], 0xe7) write$nbd(r0, &(0x7f0000000080), 0x10) 07:39:03 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe6030000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 07:39:03 executing program 2 (fault-call:1 fault-nth:43): r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xfffffdef) 07:39:03 executing program 0: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, 0x0, 0xe7) write$nbd(r0, &(0x7f0000000080), 0x7fffffffffffffff) 07:39:03 executing program 5: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x0, 0x2, &(0x7f0000000440)=[{0x0, 0x0, 0x100000000}, {&(0x7f0000000400)="b6e4ba5e97a999bfce4e9bf4475031d183cbe1", 0x13, 0x11}], 0x0, &(0x7f0000000000)={[{@fat=@time_offset={'time_offset', 0x3d, 0xfffffffffffffc11}}]}) [ 2852.612276][T19531] FAULT_INJECTION: forcing a failure. [ 2852.612276][T19531] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 2852.612987][T19527] loop5: detected capacity change from 0 to 264192 [ 2852.625535][T19531] CPU: 0 PID: 19531 Comm: syz-executor.2 Not tainted 5.14.0-rc4-syzkaller #0 [ 2852.640759][T19531] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2852.650839][T19531] Call Trace: [ 2852.653446][T19527] FAT-fs (loop5): bogus number of reserved sectors 07:39:03 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe6040000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 2852.654132][T19531] dump_stack_lvl+0xb7/0x103 [ 2852.660639][T19527] FAT-fs (loop5): Can't find a valid FAT filesystem [ 2852.665183][T19531] dump_stack+0x11/0x1a [ 2852.665203][T19531] should_fail+0x23c/0x250 [ 2852.680323][T19531] __alloc_pages+0x102/0x320 [ 2852.684909][T19531] alloc_pages_vma+0x513/0x680 [ 2852.689702][T19531] shmem_getpage_gfp+0x954/0x13d0 [ 2852.694807][T19531] shmem_write_begin+0x7e/0x100 [ 2852.699653][T19531] generic_perform_write+0x196/0x3c0 [ 2852.705040][T19531] ? shmem_write_begin+0x100/0x100 07:39:03 executing program 0: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, 0x0, 0xe7) write$nbd(r0, &(0x7f0000000080), 0xfffffffffffffdef) [ 2852.710143][T19531] __generic_file_write_iter+0x161/0x300 [ 2852.715775][T19531] ? generic_write_checks+0x242/0x290 [ 2852.721141][T19531] generic_file_write_iter+0x75/0x130 [ 2852.726512][T19531] vfs_write+0x69d/0x770 [ 2852.730773][T19531] ksys_write+0xce/0x180 [ 2852.735021][T19531] __x64_sys_write+0x3e/0x50 [ 2852.739604][T19531] do_syscall_64+0x3d/0x90 [ 2852.744016][T19531] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 2852.749981][T19531] RIP: 0033:0x4665e9 07:39:03 executing program 4: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000080), 0x4d2d82, 0x0) r1 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0xc18600, 0x0) syz_open_dev$tty1(0xc, 0x4, 0x2) syz_open_dev$ttys(0xc, 0x2, 0x1) r2 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) ioctl$KDSKBMODE(r2, 0x4b45, 0x0) ioctl$TIOCGPTPEER(r1, 0x5441, 0xea91) syz_open_dev$ttys(0xc, 0x2, 0x0) r3 = syz_open_dev$ttys(0xc, 0x2, 0x0) ioctl$TIOCGSID(r3, 0x5429, &(0x7f00000000c0)) write$nbd(r0, 0x0, 0x7fffffffffffffff) 07:39:03 executing program 3: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xe7) write$nbd(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="67446698000000000000000000000000b9f48a66e91fb453aeae76784e7c6a2fccf365c45ce1acb2bb335ff6382a7d4d1eb6f1ce8f550ea2dff28a4141"], 0x10) ioctl$KDGKBMETA(r0, 0x4b62, &(0x7f0000000000)) r1 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) ioctl$KDSKBMODE(r1, 0x4b45, 0x0) ioctl$TCSETS(r1, 0x5402, &(0x7f0000000040)={0x8, 0x8, 0x1, 0x3, 0xf, "d438411db84904725a4d29ef5c8845816ee1a4"}) [ 2852.753861][T19531] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2852.773458][T19531] RSP: 002b:00007fdb39a02188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2852.781875][T19531] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665e9 [ 2852.789948][T19531] RDX: 00000000fffffdef RSI: 0000000020000480 RDI: 0000000000000003 [ 2852.797923][T19531] RBP: 00007fdb39a021d0 R08: 0000000000000000 R09: 0000000000000000 [ 2852.805959][T19531] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2852.813926][T19531] R13: 00007ffca9e2055f R14: 00007fdb39a02300 R15: 0000000000022000 07:39:03 executing program 0: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, 0x0, 0xe7) write$nbd(r0, &(0x7f0000000080), 0xffffffffffffffff) 07:39:03 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe7000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 07:39:03 executing program 3: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xe7) write$nbd(r0, &(0x7f00000001c0)={0x67446698, 0x0, 0x4, 0x0, 0x4, "a40731b8b9ab144923842bdb58925b13d4598df93c3c55f4eef5a06d49c4aa3cd3065b089a255365c012dc056f49cfaa70b6b236b0e0cc1730d979f43888b51f7cd852a4f282129940cbdde9c983f78f3fc7f764db919dc3e7c7810f2a95a8f1d8c4934dc6c916d66a422605a20f63356d85a1a9e9fd5a675a401d470b2457dfab127111925d6f12697d36f75168e2f28ae684048f48bb7979af63db232e7007812ce9"}, 0xb3) [ 2852.856759][T19527] loop5: detected capacity change from 0 to 264192 [ 2852.870543][T19527] FAT-fs (loop5): bogus number of reserved sectors [ 2852.877072][T19527] FAT-fs (loop5): Can't find a valid FAT filesystem 07:39:03 executing program 2 (fault-call:1 fault-nth:44): r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xfffffdef) 07:39:03 executing program 4: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TEAM_CMD_NOOP(r1, &(0x7f00000031c0)={&(0x7f0000002c40)={0x10, 0x0, 0x0, 0x8800200}, 0xc, &(0x7f0000003180)={&(0x7f0000002e80)={0x14}, 0x14}}, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'batadv_slave_1\x00', 0x0}) sendmsg$BATADV_CMD_GET_TRANSTABLE_GLOBAL(r1, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x24, 0x0, 0x204, 0x70bd2a, 0x25dfdbfe, {}, [@BATADV_ATTR_HARD_IFINDEX={0x8, 0x6, r2}, @BATADV_ATTR_ORIG_INTERVAL={0x8, 0x39, 0x9}]}, 0x24}, 0x1, 0x0, 0x0, 0x24000000}, 0x81) write$nbd(r0, 0x0, 0x7fffffffffffffff) [ 2852.973975][T19571] FAULT_INJECTION: forcing a failure. [ 2852.973975][T19571] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2852.987076][T19571] CPU: 1 PID: 19571 Comm: syz-executor.2 Not tainted 5.14.0-rc4-syzkaller #0 [ 2852.995831][T19571] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2853.005882][T19571] Call Trace: [ 2853.009178][T19571] dump_stack_lvl+0xb7/0x103 [ 2853.013769][T19571] dump_stack+0x11/0x1a [ 2853.018146][T19571] should_fail+0x23c/0x250 07:39:03 executing program 0: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, 0x0, 0xe7) write$nbd(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="67446698000000000000008b73000000"], 0x10) socket$nl_netfilter(0x10, 0x3, 0xc) 07:39:03 executing program 3: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xe7) r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000700), 0x40000, 0x0) recvmsg$unix(r1, &(0x7f0000000b80)={&(0x7f0000000740), 0x6e, 0x0, 0xfffffffffffffea9}, 0x3) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000040), 0x20040, 0x0) ioctl$TIOCL_GETMOUSEREPORTING(r3, 0x541c, &(0x7f00000000c0)) sendmsg$TEAM_CMD_NOOP(r2, &(0x7f00000031c0)={&(0x7f0000002c40)={0x10, 0x0, 0x0, 0x8800200}, 0xc, &(0x7f0000003180)={&(0x7f0000002e80)={0x14}, 0x14}}, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(r2, 0x8933, &(0x7f0000000000)) write$nbd(r1, &(0x7f0000000080)={0x67446698, 0x0, 0x0, 0x0, 0xfffffffd}, 0x10) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000100)) [ 2853.022559][T19571] should_fail_usercopy+0x16/0x20 [ 2853.027674][T19571] copy_page_from_iter_atomic+0x2c1/0xba0 [ 2853.033394][T19571] ? shmem_write_begin+0x7e/0x100 [ 2853.038413][T19571] generic_perform_write+0x1df/0x3c0 [ 2853.043774][T19571] ? shmem_write_begin+0x100/0x100 [ 2853.048934][T19571] __generic_file_write_iter+0x161/0x300 [ 2853.054564][T19571] ? generic_write_checks+0x242/0x290 [ 2853.060021][T19571] generic_file_write_iter+0x75/0x130 [ 2853.065398][T19571] vfs_write+0x69d/0x770 [ 2853.069632][T19571] ksys_write+0xce/0x180 [ 2853.073877][T19571] __x64_sys_write+0x3e/0x50 [ 2853.078486][T19571] do_syscall_64+0x3d/0x90 [ 2853.082972][T19571] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 2853.088871][T19571] RIP: 0033:0x4665e9 [ 2853.092751][T19571] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2853.112463][T19571] RSP: 002b:00007fdb39a02188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2853.120882][T19571] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665e9 [ 2853.128854][T19571] RDX: 00000000fffffdef RSI: 0000000020000480 RDI: 0000000000000003 [ 2853.136997][T19571] RBP: 00007fdb39a021d0 R08: 0000000000000000 R09: 0000000000000000 [ 2853.144970][T19571] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2853.152936][T19571] R13: 00007ffca9e2055f R14: 00007fdb39a02300 R15: 0000000000022000 07:39:04 executing program 5: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x0, 0x2, &(0x7f0000000440)=[{0x0, 0x0, 0x100000000}, {&(0x7f0000000400)="b6e4ba5e97a999bfce4e9bf4475031d183cbe1", 0x13, 0x12}], 0x0, &(0x7f0000000000)={[{@fat=@time_offset={'time_offset', 0x3d, 0xfffffffffffffc11}}]}) 07:39:04 executing program 0: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, 0x0, 0xe7) write$nbd(r0, &(0x7f0000000080)={0x67446698, 0x0, 0x1}, 0x10) 07:39:04 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe7010000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 07:39:04 executing program 4: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x40000, 0x0) write$nbd(r0, 0x0, 0x7fffffffffffffff) r1 = pidfd_getfd(r0, r0, 0x0) ioctl$KDGKBMETA(r1, 0x4b62, &(0x7f0000000040)) 07:39:04 executing program 3: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TEAM_CMD_NOOP(r1, &(0x7f00000031c0)={&(0x7f0000002c40)={0x10, 0x0, 0x0, 0x8800200}, 0xc, &(0x7f0000003180)={&(0x7f0000002e80)={0x14}, 0x14}}, 0x0) r2 = syz_genetlink_get_family_id$team(&(0x7f0000000040), r0) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f00000000c0)={'batadv0\x00', 0x0}) getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @local}, &(0x7f0000000140)=0x14) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f00000001c0)={'team0\x00', 0x0}) sendmsg$TEAM_CMD_NOOP(r1, &(0x7f0000000980)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000940)={&(0x7f0000000200)={0x70c, r2, 0x1, 0x70bd2c, 0x25dfdbff, {}, [{{0x8}, {0x40, 0x2, 0x0, 0x1, [{0x3c, 0x1, @bpf_hash_func={{0x24}, {0x5}, {0xc, 0x4, [{0x8, 0xff, 0x7, 0x927}]}}}]}}, {{0x8}, {0x248, 0x2, 0x0, 0x1, [{0x38, 0x1, @lb_stats_refresh_interval={{0x24}, {0x5}, {0x8, 0x4, 0x8}}}, {0x38, 0x1, @mcast_rejoin_interval={{0x24}, {0x5}, {0x8, 0x4, 0xbe7}}}, {0x38, 0x1, @mcast_rejoin_interval={{0x24}, {0x5}, {0x8, 0x4, 0xe9}}}, {0x38, 0x1, @mcast_rejoin_count={{0x24}, {0x5}, {0x8, 0x4, 0x81}}}, {0x3c, 0x1, @user_linkup={{{0x24}, {0x5}, {0x4}}, {0x8}}}, {0x38, 0x1, @notify_peers_count={{0x24}, {0x5}, {0x8, 0x4, 0x2}}}, {0x40, 0x1, @lb_hash_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x200}}, {0x8}}}, {0x38, 0x1, @mcast_rejoin_interval={{0x24}, {0x5}, {0x8, 0x4, 0x7ff}}}, {0x38, 0x1, @mcast_rejoin_interval={{0x24}, {0x5}, {0x8, 0x4, 0xffffffc1}}}, {0x40, 0x1, @lb_hash_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x80000001}}, {0x8}}}]}}, {{0x8}, {0x168, 0x2, 0x0, 0x1, [{0x3c, 0x1, @enabled={{{0x24}, {0x5}, {0x4}}, {0x8}}}, {0x38, 0x1, @notify_peers_count={{0x24}, {0x5}, {0x8, 0x4, 0x4}}}, {0x38, 0x1, @mcast_rejoin_count={{0x24}, {0x5}, {0x8}}}, {0x38, 0x1, @activeport={{0x24}, {0x5}, {0x8, 0x4, r3}}}, {0x40, 0x1, @priority={{{0x24}, {0x5}, {0x8, 0x4, 0x2}}, {0x8, 0x6, r4}}}, {0x40, 0x1, @lb_port_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x1ff}}, {0x8}}}]}}, {{0x8}, {0x38, 0x2, 0x0, 0x1, [{0x34, 0x1, @bpf_hash_func={{0x24}, {0x5}, {0x4}}}]}}, {{0x8}, {0x3c, 0x2, 0x0, 0x1, [{0x38, 0x1, @lb_stats_refresh_interval={{0x24}, {0x5}, {0x8, 0x4, 0x7ff}}}]}}, {{0x8}, {0x220, 0x2, 0x0, 0x1, [{0x38, 0x1, @notify_peers_interval={{0x24}, {0x5}, {0x8, 0x4, 0x6}}}, {0x40, 0x1, @lb_tx_hash_to_port_mapping={{{0x24}, {0x5}, {0x8}}, {0x8}}}, {0x3c, 0x1, @enabled={{{0x24}, {0x5}, {0x4}}, {0x8}}}, {0x3c, 0x1, @lb_tx_method={{0x24}, {0x5}, {0x9, 0x4, 'hash\x00'}}}, {0x38, 0x1, @lb_stats_refresh_interval={{0x24}, {0x5}, {0x8}}}, {0x38, 0x1, @notify_peers_count={{0x24}, {0x5}, {0x8, 0x4, 0x1}}}, {0x38, 0x1, @lb_stats_refresh_interval={{0x24}, {0x5}, {0x8, 0x4, 0xa4}}}, {0x40, 0x1, @lb_hash_stats={{{0x24}, {0x5}, {0x8, 0x4, 0xfff}}, {0x8}}}, {0x44, 0x1, @name={{0x24}, {0x5}, {0x11, 0x4, 'activebackup\x00'}}}]}}, {{0x8, 0x1, r5}, {0x3c, 0x2, 0x0, 0x1, [{0x38, 0x1, @activeport={{0x24}, {0x5}, {0x8}}}]}}]}, 0x70c}, 0x1, 0x0, 0x0, 0x8a0}, 0x4c809) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xe7) write$nbd(r0, &(0x7f0000000080), 0x10) [ 2853.270517][T19604] loop5: detected capacity change from 0 to 264192 [ 2853.281393][T19604] FAT-fs (loop5): bogus number of reserved sectors [ 2853.287916][T19604] FAT-fs (loop5): Can't find a valid FAT filesystem 07:39:04 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe7020000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 07:39:04 executing program 0: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, 0x0, 0xe7) write$nbd(r0, &(0x7f00000000c0)={0x67446698, 0x0, 0x0, 0x3, 0x0, "b4c207edef68719e9ea8349f1a85856516f8b3183ffe3b41e04508a4c58f9ff2f200e4cfb0fa363bbbd70bff7ea1ef5efd21ea870531ce1130946b6300c9a7b4d50532853e6defb9eeba8586d4530c73c412297eaf94ae22e22d13a93af376f119ad058b1870aeb11e9f373bd323c9705c75cb2e0c94411dab"}, 0x89) 07:39:04 executing program 3: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) openat$nvram(0xffffffffffffff9c, &(0x7f0000000040), 0x400000, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xe7) r1 = syz_open_dev$ttys(0xc, 0x2, 0x0) ioctl$PIO_FONTX(r1, 0x4b6c, &(0x7f0000000000)={0x51, 0x14, &(0x7f00000001c0)="e8107f7d801279a594167a65a99b98f085cdaed5f99355695928c3daa334f6c71d589c18edf3a619978992e267e9dbb96109b436e0e4ed852df558783fce5f10344aa59a09f8dc9cc240d878c1de2345d35834510f9df24a7f7fcf18d977f4cd481c06ed0b65f406921fa8e3631e6ba58fa002c58396da62b10ae19e12ccf492a7d96ff41111127e94f3e7f289159894cc755aff4a0db89f75a313924f00e28ea5694359c2103406b7ab43022adac01acccbcb69b813eb8b426014084bf93d5a849e4aff863f9abd6ce80106ca5a8a8956da56fd026eef3dd8c42fc36fa1564cdcda605e270ceaae1e5960dd8d3b865daf8e540c3e253997e7103c7f1144981834e45312114b55653de3fe91d627715e84bd4c344f0c604067fb954ed2a4c7f5e76e8e0a46b551c78d1f8ae11b4c0ae4fd0793c7dd80052320ace8b9f6f72aa21a2ca07f748ecc571e642c166931c9823370f271d94be4e926c37a442dcd2d84a1b5d87f356e735d99bc8ae5d3c099783f3ca1c9c4247adfd89c6b2be3c899718bab3461ce8efb795631019e23c9424472194ca8f492f58620211e05cd9b9bffe2ebb0ee71f533180492bf65b59ce8fadbb48e05889d654ac9be17c1f47c9603b1da1f699dc6cf5b04d286e363603e7423097f0e4918cbf79e8f953eb52c78f2bf1e15902c82bf514f6dcdd1f50bc26c9d05eaa6162e96ed1765339935710e7c0455e3ebab146acd33e822e953425d32bd5643e1a16b801252b5468cb5b4d34ded6c0c8f0c156b8ea01df2852b484f2fb1cb5094c500e64eb0f458cffcb0fc4e10b82409e930e769828d2aaadbd1fa240fecdf7aabc63734483b66d43c56c8b292b3ee728353f07800a12923dfc6bdb352508bd1138ad8cd855d962d19ca87b7d0dc558fbc6a3e12686b7ed214bf82fa7a40e21545bc13296faeaa406d83d9768f17b356a0d12eb8c7f99ae0e4f0e16e57173cc08b6340b397d3ab99dda9693016e1a2996b7da3f76a71a17ae05f2126a4b3a0a3ff78288065e67099b058f3e64e93fe901f5b9760eb86821f544dc045681a1e5f9ee42234f563ff1dd1d89a67d6e05facb74b354e995b685e73f58bda48cfbe9bfe97a0ac2e48f16de3919ce1d10756c9203c28ecfb54bc10e6403e292743690efefc534353d0e0612681942b0a112a78a0afae04a710d1e60a820eacdd64c5622e23c8ce79bf0d3cef74e92e0862fff0c6012b751746cc3cfbadb44d70dfe83d7fe393577495effcc8a6bca521e05ad187645265ed0f3fb27a24af85bf64a3320fc28e5ebe502574c93e629c271bbf56a31114318d9cc4137237050de781888da185bb557b423dc8ae117583243097712fffc0da6f21b97e597722a86db8ab67bee65d7c94d59c854379d0add2d8146f31fbf17fb267849462f29d65ff9a3bf22215e2b882098b4fbaf04da3"}) write$nbd(r0, &(0x7f0000000080), 0x10) 07:39:04 executing program 2 (fault-call:1 fault-nth:45): r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xfffffdef) 07:39:04 executing program 4: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000040), 0x464781, 0x0) ioctl$TIOCMSET(r0, 0x5418, &(0x7f0000000000)=0x2) 07:39:04 executing program 5: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x0, 0x2, &(0x7f0000000440)=[{0x0, 0x0, 0x100000000}, {&(0x7f0000000400)="b6e4ba5e97a999bfce4e9bf4475031d183cbe1", 0x13, 0x26}], 0x0, &(0x7f0000000000)={[{@fat=@time_offset={'time_offset', 0x3d, 0xfffffffffffffc11}}]}) 07:39:04 executing program 0: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, 0x0, 0xe7) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TEAM_CMD_NOOP(r1, &(0x7f00000031c0)={&(0x7f0000002c40)={0x10, 0x0, 0x0, 0x8800200}, 0xc, &(0x7f0000003180)={&(0x7f0000002e80)={0x14}, 0x14}}, 0x0) ioctl$sock_ipv6_tunnel_SIOCGET6RD(r0, 0x89f8, &(0x7f0000000040)={'syztnl2\x00', &(0x7f00000000c0)={'ip6_vti0\x00', 0x0, 0x0, 0x7e, 0x8, 0x8, 0x0, @private1={0xfc, 0x1, '\x00', 0x1}, @local, 0x80, 0x10, 0x7, 0x7}}) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r0, 0x89f1, &(0x7f0000000140)={'syztnl0\x00', &(0x7f00000001c0)={'sit0\x00', 0x0, 0x29, 0x2, 0x3f, 0x1000, 0x0, @mcast1, @ipv4={'\x00', '\xff\xff', @broadcast}, 0x8026, 0x7, 0x81, 0x7}}) sendmsg$TEAM_CMD_PORT_LIST_GET(r1, &(0x7f0000000280)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000240)={&(0x7f0000000480)={0x284, 0x0, 0x400, 0x70bd2b, 0x25dfdbff, {}, [{{0x8, 0x1, r2}, {0x150, 0x2, 0x0, 0x1, [{0x40, 0x1, @lb_port_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x7}}, {0x8}}}, {0x40, 0x1, @lb_hash_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x81}}, {0x8}}}, {0x40, 0x1, @queue_id={{{0x24}, {0x5}, {0x8, 0x4, 0x1000}}, {0x8}}}, {0x40, 0x1, @lb_tx_hash_to_port_mapping={{{0x24}, {0x5}, {0x8}}, {0x8}}}, {0x4c, 0x1, @lb_tx_method={{0x24}, {0x5}, {0x19, 0x4, 'hash_to_port_mapping\x00'}}}]}}, {{0x8}, {0x44, 0x2, 0x0, 0x1, [{0x40, 0x1, @lb_tx_hash_to_port_mapping={{{0x24}, {0x5}, {0x8, 0x4, r3}}, {0x8}}}]}}, {{0x8}, {0xc4, 0x2, 0x0, 0x1, [{0x40, 0x1, @lb_tx_hash_to_port_mapping={{{0x24}, {0x5}, {0x8}}, {0x8}}}, {0x40, 0x1, @priority={{{0x24}, {0x5}, {0x8, 0x4, 0x6}}, {0x8}}}, {0x40, 0x1, @priority={{{0x24}, {0x5}, {0x8, 0x4, 0x1000}}, {0x8}}}]}}]}, 0x284}, 0x1, 0x0, 0x0, 0x4000}, 0x4040) r4 = openat$bsg(0xffffffffffffff9c, &(0x7f00000003c0), 0x8280, 0x0) getsockname$packet(r4, &(0x7f0000000400)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @multicast}, &(0x7f0000000440)=0x14) write$nbd(r0, &(0x7f0000000080), 0x10) ioctl$TIOCGPTPEER(r0, 0x5441, 0x3a02) [ 2853.414021][T19627] FAULT_INJECTION: forcing a failure. [ 2853.414021][T19627] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 2853.427273][T19627] CPU: 0 PID: 19627 Comm: syz-executor.2 Not tainted 5.14.0-rc4-syzkaller #0 [ 2853.436039][T19627] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2853.446187][T19627] Call Trace: [ 2853.449460][T19627] dump_stack_lvl+0xb7/0x103 [ 2853.454046][T19627] dump_stack+0x11/0x1a [ 2853.458192][T19627] should_fail+0x23c/0x250 07:39:04 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe7030000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 2853.462639][T19627] __alloc_pages+0x102/0x320 [ 2853.467271][T19627] alloc_pages_vma+0x513/0x680 [ 2853.472075][T19627] shmem_getpage_gfp+0x954/0x13d0 [ 2853.477103][T19627] shmem_write_begin+0x7e/0x100 [ 2853.482005][T19627] generic_perform_write+0x196/0x3c0 [ 2853.487285][T19627] ? shmem_write_begin+0x100/0x100 [ 2853.492393][T19627] __generic_file_write_iter+0x161/0x300 [ 2853.498118][T19627] ? generic_write_checks+0x242/0x290 [ 2853.503562][T19627] generic_file_write_iter+0x75/0x130 [ 2853.508933][T19627] vfs_write+0x69d/0x770 [ 2853.513243][T19627] ksys_write+0xce/0x180 [ 2853.517503][T19627] __x64_sys_write+0x3e/0x50 [ 2853.522091][T19627] do_syscall_64+0x3d/0x90 [ 2853.523496][T19631] loop5: detected capacity change from 0 to 264192 [ 2853.526507][T19627] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 2853.538874][T19627] RIP: 0033:0x4665e9 [ 2853.542791][T19627] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 07:39:04 executing program 4: ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000100)={0x1ff, 0xab, 0x81, 0x8001, 0x6, "e1ac908fdd6e816341f0b1460cfb7a4494d36c"}) r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) pipe(&(0x7f00000000c0)) ioctl$sock_ipv6_tunnel_SIOCDELPRL(0xffffffffffffffff, 0x89f6, &(0x7f0000000080)={'ip6tnl0\x00', &(0x7f0000000000)={'syztnl1\x00', 0x0, 0x29, 0xe5, 0x1, 0x0, 0x31, @empty, @loopback, 0x8000, 0x10, 0x2, 0xe201}}) write$nbd(r0, 0x0, 0x7fffffffffffffff) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$inet6_udp_int(r1, 0x11, 0xb, &(0x7f00000001c0)=0x3, 0x4) [ 2853.562620][T19631] FAT-fs (loop5): bogus number of reserved sectors [ 2853.564562][T19627] RSP: 002b:00007fdb39a02188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2853.564583][T19627] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665e9 [ 2853.571084][T19631] FAT-fs (loop5): Can't find a valid FAT filesystem [ 2853.579446][T19627] RDX: 00000000fffffdef RSI: 0000000020000480 RDI: 0000000000000003 [ 2853.579460][T19627] RBP: 00007fdb39a021d0 R08: 0000000000000000 R09: 0000000000000000 07:39:04 executing program 3: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x40, 0x0) ioctl$sock_ipv6_tunnel_SIOCCHGPRL(r0, 0x89f7, &(0x7f0000000040)={'syztnl2\x00', &(0x7f00000000c0)={'ip6_vti0\x00', 0x0, 0x4, 0x2c, 0x91, 0x3, 0x45, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', @loopback, 0x8000, 0x700, 0x9, 0x9}}) r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r1, &(0x7f0000000480)=ANY=[], 0xe7) write$nbd(r1, &(0x7f0000000080), 0x10) 07:39:04 executing program 0: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, 0x0, 0xe7) write$nbd(r0, &(0x7f0000000080)={0x67446698, 0x0, 0x4}, 0x10) 07:39:04 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe7040000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 2853.579479][T19627] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2853.579489][T19627] R13: 00007ffca9e2055f R14: 00007fdb39a02300 R15: 0000000000022000 [ 2853.637467][T19631] loop5: detected capacity change from 0 to 264192 [ 2853.650089][T19631] FAT-fs (loop5): bogus number of reserved sectors [ 2853.656607][T19631] FAT-fs (loop5): Can't find a valid FAT filesystem 07:39:04 executing program 4: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x2f4f41, 0x0) write$nbd(r0, 0x0, 0x7fffffffffffffff) 07:39:04 executing program 3: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000000)=ANY=[@ANYRES16=r0, @ANYRESDEC=r0, @ANYRESDEC=r0, @ANYRES16=r0, @ANYRES64=r0, @ANYRES32=r0], 0xe7) write$nbd(r0, &(0x7f0000000080), 0x10) 07:39:04 executing program 5: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x0, 0x2, &(0x7f0000000440)=[{0x0, 0x0, 0x100000000}, {&(0x7f0000000400)="b6e4ba5e97a999bfce4e9bf4475031d183cbe1", 0x13, 0x4200}], 0x0, &(0x7f0000000000)={[{@fat=@time_offset={'time_offset', 0x3d, 0xfffffffffffffc11}}]}) 07:39:04 executing program 2 (fault-call:1 fault-nth:46): r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xfffffdef) 07:39:04 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 2853.751776][T19665] loop5: detected capacity change from 0 to 264192 [ 2853.768401][T19674] FAULT_INJECTION: forcing a failure. [ 2853.768401][T19674] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2853.781654][T19674] CPU: 0 PID: 19674 Comm: syz-executor.2 Not tainted 5.14.0-rc4-syzkaller #0 [ 2853.790426][T19674] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 07:39:04 executing program 4: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) ioctl$TIOCL_BLANKSCREEN(r0, 0x541c, &(0x7f0000000000)) write$nbd(r0, 0x0, 0x7fffffffffffffff) 07:39:04 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8010000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 2853.800481][T19674] Call Trace: [ 2853.803803][T19674] dump_stack_lvl+0xb7/0x103 [ 2853.808391][T19674] dump_stack+0x11/0x1a [ 2853.812542][T19674] should_fail+0x23c/0x250 [ 2853.816959][T19674] should_fail_usercopy+0x16/0x20 [ 2853.822025][T19674] copy_page_from_iter_atomic+0x2c1/0xba0 [ 2853.827800][T19674] ? shmem_write_begin+0x7e/0x100 [ 2853.832820][T19674] generic_perform_write+0x1df/0x3c0 [ 2853.838137][T19674] ? shmem_write_begin+0x100/0x100 [ 2853.843242][T19674] __generic_file_write_iter+0x161/0x300 [ 2853.848949][T19674] ? generic_write_checks+0x242/0x290 [ 2853.854318][T19674] generic_file_write_iter+0x75/0x130 [ 2853.859698][T19674] vfs_write+0x69d/0x770 [ 2853.863943][T19674] ksys_write+0xce/0x180 [ 2853.868176][T19674] __x64_sys_write+0x3e/0x50 [ 2853.872765][T19674] do_syscall_64+0x3d/0x90 [ 2853.877239][T19674] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 2853.883138][T19674] RIP: 0033:0x4665e9 07:39:04 executing program 3: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xe7) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000040)={'team0\x00', 0x0}) getsockname$packet(r0, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000100)=0x14) ioctl$sock_ipv6_tunnel_SIOCGET6RD(0xffffffffffffffff, 0x89f8, &(0x7f0000000140)={'ip6_vti0\x00', &(0x7f00000001c0)={'syztnl0\x00', 0x0, 0x29, 0x5, 0x9, 0x80000001, 0x65, @mcast2, @rand_addr=' \x01\x00', 0x7800, 0x10, 0x1, 0x8}}) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r0, 0x89f1, &(0x7f0000000380)={'sit0\x00', &(0x7f0000000300)={'ip6_vti0\x00', 0x0, 0x29, 0x7e, 0x3, 0x8000, 0x11, @private1={0xfc, 0x1, '\x00', 0x1}, @mcast2, 0x1, 0x20, 0x80000001, 0x3f}}) sendmsg$TEAM_CMD_OPTIONS_SET(r0, &(0x7f0000000800)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f00000007c0)={&(0x7f00000003c0)={0x3d4, 0x0, 0x8, 0x70bd2d, 0x25dfdbfb, {}, [{{0x8, 0x1, r1}, {0xfc, 0x2, 0x0, 0x1, [{0x40, 0x1, @queue_id={{{0x24}, {0x5}, {0x8, 0x4, 0x7}}, {0x8}}}, {0x40, 0x1, @priority={{{0x24}, {0x5}, {0x8, 0x4, 0x1}}, {0xffffffffffffffd3}}}, {0x3c, 0x1, @user_linkup={{{0x24}, {0x5}, {0x4}}, {0x8}}}, {0x3c, 0x1, @enabled={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r2}}}]}}, {{0x8, 0x1, r3}, {0xfc, 0x2, 0x0, 0x1, [{0x3c, 0x1, @lb_tx_method={{0x24}, {0x5}, {0x9, 0x4, 'hash\x00'}}}, {0x3c, 0x1, @user_linkup={{{0x24}, {0x5}, {0x4}}, {0x8}}}, {0x40, 0x1, @lb_hash_stats={{{0x24}, {0x5}, {0x8, 0x4, 0xfffffffa}}, {0x8}}}, {0x40, 0x1, @lb_port_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x9}}, {0x8, 0x6, r4}}}]}}, {{0x8}, {0x16c, 0x2, 0x0, 0x1, [{0x4c, 0x1, @lb_tx_method={{0x24}, {0x5}, {0x19, 0x4, 'hash_to_port_mapping\x00'}}}, {0x3c, 0x1, @user_linkup_enabled={{{0x24}, {0x5}, {0x4}}, {0x8}}}, {0x38, 0x1, @activeport={{0x24}, {0x5}, {0x8}}}, {0x38, 0x1, @mcast_rejoin_count={{0x24}, {0x5}, {0x8, 0x4, 0x4}}}, {0xfffffd28, 0x1, @activeport={{0x24}, {0x5}, {0x8}}}, {0x38, 0x1, @notify_peers_interval={{0x24}, {0x5}, {0x8, 0x4, 0x5}}}]}}, {{0x8}, {0x3c, 0x2, 0x0, 0x1, [{0x38, 0x1, @lb_stats_refresh_interval={{0x24}, {0x5}, {0x8, 0x4, 0x7}}}]}}]}, 0x3d4}, 0x1, 0x0, 0x0, 0x2000c080}, 0x880) write$nbd(r0, &(0x7f0000000080), 0x10) r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f00000002c0), r5) sendmsg$NLBL_MGMT_C_REMOVE(r5, &(0x7f0000000380)={&(0x7f0000000280), 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x30, r6, 0x423, 0x0, 0x0, {}, [@NLBL_MGMT_A_IPV6ADDR={0x14, 0x5, @mcast1}, @NLBL_MGMT_A_CLPDOI={0x8}]}, 0x30}}, 0x0) sendmsg$NLBL_MGMT_C_REMOVEDEF(0xffffffffffffffff, &(0x7f0000000940)={&(0x7f0000000840)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000900)={&(0x7f0000000880)={0x44, r6, 0x10, 0x70bd27, 0x25dfdbfe, {}, [@NLBL_MGMT_A_IPV6ADDR={0x14, 0x5, @mcast2}, @NLBL_MGMT_A_IPV6ADDR={0x14, 0x5, @ipv4={'\x00', '\xff\xff', @loopback}}, @NLBL_MGMT_A_IPV4ADDR={0x8, 0x7, @multicast2}]}, 0x44}, 0x1, 0x0, 0x0, 0x8000}, 0x4000) 07:39:04 executing program 4: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, 0x0, 0x7fffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000380)={'batadv_slave_0\x00'}) ioctl$SNDRV_SEQ_IOCTL_GET_CLIENT_INFO(r0, 0xc0bc5310, &(0x7f00000003c0)) sendmsg$TEAM_CMD_NOOP(r1, &(0x7f00000031c0)={&(0x7f0000002c40)={0x10, 0x0, 0x0, 0x8800200}, 0xc, &(0x7f0000003180)={&(0x7f0000002e80)={0x14}, 0x14}}, 0x0) sendmsg$BATADV_CMD_SET_VLAN(r1, &(0x7f0000000340)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000300)={&(0x7f00000002c0)={0x24, 0x0, 0x100, 0x70bd28, 0x25dfdbfb, {}, [@BATADV_ATTR_AGGREGATED_OGMS_ENABLED={0x5}, @BATADV_ATTR_GW_SEL_CLASS={0x8, 0x34, 0xab000000}]}, 0x24}, 0x1, 0x0, 0x0, 0x80000}, 0x0) r2 = fork() clone3(&(0x7f0000000b40)={0x20a00000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000b00)=[r2], 0x1}, 0x58) clone3(&(0x7f0000000240)={0xe004d800, &(0x7f0000000000), &(0x7f0000000040), &(0x7f0000000080), {0x24}, &(0x7f00000000c0)=""/179, 0xb3, &(0x7f00000001c0), &(0x7f0000000200)=[r2], 0x1, {r0}}, 0x58) getpgrp(0xffffffffffffffff) 07:39:04 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8020000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 2853.887028][T19674] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2853.906652][T19674] RSP: 002b:00007fdb39a02188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2853.915062][T19674] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665e9 [ 2853.923041][T19674] RDX: 00000000fffffdef RSI: 0000000020000480 RDI: 0000000000000003 [ 2853.931008][T19674] RBP: 00007fdb39a021d0 R08: 0000000000000000 R09: 0000000000000000 [ 2853.938975][T19674] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2853.946955][T19674] R13: 00007ffca9e2055f R14: 00007fdb39a02300 R15: 0000000000022000 07:39:04 executing program 3: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000000)=ANY=[], 0xe7) write$nbd(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="674c6698005c81f85dd2100000000000"], 0x10) r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000700), 0x40000, 0x0) recvmsg$unix(r1, &(0x7f0000000b80)={&(0x7f0000000740), 0x6e, 0x0}, 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_PORT_INFO(r1, 0x40a85323, &(0x7f00000000c0)={{0xa4, 0x9}, 'port0\x00', 0x82, 0x51817, 0x80000000, 0x20, 0x5, 0x800, 0x6, 0x0, 0x7, 0x3}) 07:39:04 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8030000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 2853.973973][T19665] FAT-fs (loop5): bogus number of reserved sectors [ 2853.980509][T19665] FAT-fs (loop5): Can't find a valid FAT filesystem 07:39:05 executing program 3: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xe7) write$nbd(r0, &(0x7f0000000000)=ANY=[@ANYBLOB="67446698000000000000000000000000441f8d96622ab5dfba09403b808327cd5ff5e3bf8603f07077f8"], 0x10) 07:39:05 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8040000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 2854.060139][T19665] loop5: detected capacity change from 0 to 264192 [ 2854.071479][T19665] FAT-fs (loop5): bogus number of reserved sectors [ 2854.078005][T19665] FAT-fs (loop5): Can't find a valid FAT filesystem 07:39:05 executing program 5: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x0, 0x2, &(0x7f0000000440)=[{0x0, 0x0, 0x100000000}, {&(0x7f0000000400)="b6e4ba5e97a999bfce4e9bf4475031d183cbe1", 0x13, 0x40800}], 0x0, &(0x7f0000000000)={[{@fat=@time_offset={'time_offset', 0x3d, 0xfffffffffffffc11}}]}) [ 2854.235999][T19721] loop5: detected capacity change from 0 to 264192 [ 2854.244612][T19721] FAT-fs (loop5): bogus number of reserved sectors [ 2854.251146][T19721] FAT-fs (loop5): Can't find a valid FAT filesystem 07:39:05 executing program 2 (fault-call:1 fault-nth:47): r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xfffffdef) 07:39:05 executing program 4: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, 0x0, 0x7fffffffffffffff) setsockopt$netlink_NETLINK_DROP_MEMBERSHIP(r0, 0x10e, 0x2, &(0x7f0000000000)=0x13, 0x4) 07:39:05 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe9000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 07:39:05 executing program 3: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xe7) write$nbd(r0, &(0x7f0000000000)=ANY=[@ANYRES64=r0, @ANYRES64, @ANYRES16=r0], 0x10) 07:39:05 executing program 0: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, 0x0, 0xe7) write$nbd(r0, &(0x7f0000000080), 0x10) ioctl$sock_ipv6_tunnel_SIOCDELPRL(r0, 0x89f6, &(0x7f0000000040)={'ip6_vti0\x00', &(0x7f00000000c0)={'sit0\x00', 0x0, 0x2f, 0x0, 0x1, 0xffffa0e7, 0xa, @private2={0xfc, 0x2, '\x00', 0x1}, @empty, 0x8, 0x1, 0xd5, 0x400}}) ioctl$sock_ipv6_tunnel_SIOCDELPRL(0xffffffffffffffff, 0x89f6, &(0x7f0000000140)={'ip6tnl0\x00', &(0x7f00000001c0)={'syztnl0\x00', 0x0, 0x2f, 0x7f, 0x2, 0x20, 0x20, @empty, @loopback, 0x20, 0x80, 0x81, 0x6}}) ioctl$sock_ipv6_tunnel_SIOCGET6RD(r0, 0x89f8, &(0x7f00000002c0)={'ip6gre0\x00', &(0x7f0000000240)={'syztnl2\x00', 0x0, 0x4, 0x0, 0x0, 0x5, 0x5, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @private0={0xfc, 0x0, '\x00', 0x1}, 0x10, 0x10, 0x400, 0xffffffff}}) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000800)={0x10, @time={0x3, 0x8000}, 0x8, {0x29, 0x60}, 0x6, 0x2, 0xf9}) sendmsg$TEAM_CMD_OPTIONS_SET(r0, &(0x7f00000007c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000780)={&(0x7f0000000300)={0x47c, 0x0, 0x400, 0x70bd28, 0x25dfdbff, {}, [{{0x8, 0x1, r1}, {0x1b0, 0x2, 0x0, 0x1, [{0x38, 0x1, @notify_peers_interval={{0x24}, {0x5}, {0x8, 0x4, 0x3ff}}}, {0x40, 0x1, @lb_hash_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x5}}, {0x8}}}, {0x40, 0x1, @lb_port_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x7ff}}, {0x8}}}, {0x3c, 0x1, @enabled={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r2}}}, {0x38, 0x1, @notify_peers_interval={{0x24}, {0x5}, {0x8, 0x4, 0x860}}}, {0x40, 0x1, @queue_id={{{0x24}, {0x5}, {0x8, 0x4, 0x2}}, {0x8}}}, {0x40, 0x1, @lb_port_stats={{{0x24}, {0x5}, {0x8, 0x4, 0xfffffff8}}, {0x8}}}]}}, {{0x8, 0x1, r3}, {0xf8, 0x2, 0x0, 0x1, [{0x44, 0x1, @bpf_hash_func={{0x24}, {0x5}, {0x14, 0x4, [{0x3, 0x4, 0x5, 0x1ff}, {0x40, 0x6, 0x3f, 0x2}]}}}, {0x40, 0x1, @lb_tx_hash_to_port_mapping={{{0x24}, {0x5}, {0x8}}, {0x8}}}, {0x38, 0x1, @notify_peers_interval={{0x24}, {0x5}, {0x8, 0x4, 0x3}}}, {0x38, 0x1, @notify_peers_count={{0x24}, {0x5}, {0x8}}}]}}, {{0x8}, {0xb4, 0x2, 0x0, 0x1, [{0x40, 0x1, @queue_id={{{0x24}, {0x5}, {0x8, 0x4, 0xfffffff9}}, {0x8}}}, {0x38, 0x1, @mcast_rejoin_count={{0x24}, {0x5}, {0x8, 0x4, 0x459}}}, {0x38, 0x1, @notify_peers_interval={{0x24}, {0x5}, {0x8, 0x4, 0x6160}}}]}}, {{0x8}, {0xec, 0x2, 0x0, 0x1, [{0x40, 0x1, @lb_port_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x2}}, {0x8}}}, {0x38, 0x1, @lb_stats_refresh_interval={{0x24}, {0x5}, {0x8, 0x4, 0x1}}}, {0x38, 0x1, @notify_peers_count={{0x24}, {0x5}, {0x8, 0x4, 0x7f}}}, {0x38, 0x1, @activeport={{0x24}, {0x5}, {0x8}}}]}}]}, 0x47c}, 0x1, 0x0, 0x0, 0x90}, 0x880) 07:39:05 executing program 5: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x0, 0x2, &(0x7f0000000440)=[{0x0, 0x0, 0x100000000}, {&(0x7f0000000400)="b6e4ba5e97a999bfce4e9bf4475031d183cbe1", 0x13, 0x3}], 0x2, &(0x7f0000000000)={[{@fat=@time_offset={'time_offset', 0x3d, 0xfffffffffffffc11}}]}) 07:39:05 executing program 4: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x49a701, 0x0) write$nbd(r0, 0x0, 0x7fffffffffffffff) [ 2854.326367][T19729] FAULT_INJECTION: forcing a failure. [ 2854.326367][T19729] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 2854.339717][T19729] CPU: 0 PID: 19729 Comm: syz-executor.2 Not tainted 5.14.0-rc4-syzkaller #0 [ 2854.348475][T19729] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2854.358520][T19729] Call Trace: [ 2854.361794][T19729] dump_stack_lvl+0xb7/0x103 [ 2854.366379][T19729] dump_stack+0x11/0x1a [ 2854.370570][T19729] should_fail+0x23c/0x250 [ 2854.374986][T19729] __alloc_pages+0x102/0x320 [ 2854.379580][T19729] alloc_pages_vma+0x513/0x680 [ 2854.384340][T19729] shmem_getpage_gfp+0x954/0x13d0 [ 2854.389373][T19729] shmem_write_begin+0x7e/0x100 [ 2854.394223][T19729] generic_perform_write+0x196/0x3c0 [ 2854.399510][T19729] ? shmem_write_begin+0x100/0x100 [ 2854.404646][T19729] __generic_file_write_iter+0x161/0x300 [ 2854.410274][T19729] ? generic_write_checks+0x242/0x290 [ 2854.415646][T19729] generic_file_write_iter+0x75/0x130 [ 2854.421020][T19729] vfs_write+0x69d/0x770 07:39:05 executing program 4: openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000700), 0x40000, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) recvmsg$unix(r2, &(0x7f0000000200)={&(0x7f0000000280), 0x87, 0x0, 0x0, 0x0, 0x52}, 0x2100) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TIMER(r1, 0xc0605345, &(0x7f0000000040)={0x8, 0x2, {0xffffffffffffffff, 0x0, 0x8, 0x0, 0xffff}, 0x2}) write$nbd(r0, 0x0, 0x7fffffffffffffff) r3 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000700), 0x40000, 0x0) recvmsg$unix(r3, &(0x7f0000000b80)={&(0x7f0000000740), 0x6e, 0x0}, 0x0) openat$nvram(0xffffffffffffff9c, &(0x7f0000000240), 0x40, 0x0) r4 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000700), 0x40000, 0x0) recvmsg$unix(r4, &(0x7f0000000b80)={&(0x7f0000000740), 0x6e, 0x0}, 0x0) r5 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000700), 0x40000, 0x0) recvmsg$unix(r5, &(0x7f0000000b80)={&(0x7f0000000740), 0x6e, 0x0}, 0x0) r6 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000700), 0x40000, 0x0) recvmsg$unix(r6, &(0x7f0000000b80)={&(0x7f0000000740), 0x6e, 0x0}, 0x0) r7 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000700), 0x40000, 0x0) recvmsg$unix(r7, &(0x7f0000000b80)={&(0x7f0000000740), 0x6e, 0x0}, 0x0) io_uring_register$IORING_REGISTER_EVENTFD_ASYNC(r7, 0x7, &(0x7f0000000300)=r6, 0x1) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f00000000c0), &(0x7f0000000100)=0xc) 07:39:05 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe9010000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 2854.425261][T19729] ksys_write+0xce/0x180 [ 2854.429601][T19729] __x64_sys_write+0x3e/0x50 [ 2854.434186][T19729] do_syscall_64+0x3d/0x90 [ 2854.438619][T19729] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 2854.444506][T19729] RIP: 0033:0x4665e9 [ 2854.448384][T19729] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2854.467992][T19729] RSP: 002b:00007fdb39a02188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 07:39:05 executing program 0: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f00000002c0), r0) sendmsg$NLBL_MGMT_C_REMOVE(r0, &(0x7f0000000380)={&(0x7f0000000280), 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x30, r1, 0x423, 0x0, 0x0, {}, [@NLBL_MGMT_A_IPV6ADDR={0x14, 0x5, @mcast1}, @NLBL_MGMT_A_CLPDOI={0x8}]}, 0x30}}, 0x0) sendmsg$NLBL_MGMT_C_LISTALL(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000000), 0xc, &(0x7f0000000040)={&(0x7f00000000c0)={0x4c, r1, 0x4, 0x70bd28, 0x25dfdbfe, {}, [@NLBL_MGMT_A_FAMILY={0x6, 0xb, 0x1e}, @NLBL_MGMT_A_PROTOCOL={0x8, 0x2, 0x5}, @NLBL_MGMT_A_FAMILY={0x6, 0xb, 0x18}, @NLBL_MGMT_A_PROTOCOL={0x8, 0x2, 0x7}, @NLBL_MGMT_A_PROTOCOL={0x8, 0x2, 0x7}, @NLBL_MGMT_A_CV4DOI={0x8, 0x4, 0x2}, @NLBL_MGMT_A_FAMILY={0x6, 0xb, 0x27}]}, 0x4c}, 0x1, 0x0, 0x0, 0x4068000}, 0x0) r2 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) r3 = syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000000200), r0) r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000000780), r0) sendmsg$NLBL_MGMT_C_REMOVEDEF(r4, &(0x7f0000000880)={&(0x7f0000000740)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000840)={&(0x7f00000007c0)={0x44, r5, 0x100, 0x70bd2d, 0x25dfdbfc, {}, [@NLBL_MGMT_A_FAMILY={0x6, 0xb, 0x10}, @NLBL_MGMT_A_IPV6ADDR={0x14, 0x5, @dev={0xfe, 0x80, '\x00', 0x2e}}, @NLBL_MGMT_A_IPV6ADDR={0x14, 0x5, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}]}, 0x44}, 0x1, 0x0, 0x0, 0x4000040}, 0x40) sendmsg$NLBL_MGMT_C_PROTOCOLS(r0, &(0x7f0000000400)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000240)={0x28, r3, 0x1, 0x70bd25, 0x25dfdbfd, {}, [@NLBL_MGMT_A_IPV6ADDR={0x14, 0x5, @private2={0xfc, 0x2, '\x00', 0x1}}]}, 0x28}, 0x1, 0x0, 0x0, 0x10}, 0x200008a0) write$nbd(r2, 0x0, 0xe7) r6 = clone3(&(0x7f00000006c0)={0x20100, &(0x7f0000000440), &(0x7f0000000480), &(0x7f00000004c0), {0x1d}, &(0x7f0000000500)=""/233, 0xe9, &(0x7f0000000600)=""/110, &(0x7f0000000680)=[0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0x0], 0x5, {r2}}, 0x58) getpgid(r6) write$nbd(r2, &(0x7f0000000080), 0x10) 07:39:05 executing program 3: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000040)=ANY=[], 0xe7) write$nbd(r0, &(0x7f0000000000)=ANY=[@ANYBLOB="6740669816d00080305192218bfabb982d000000140068f5763e"], 0x10) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, &(0x7f0000000080)={0x0}) ioctl$SECCOMP_IOCTL_NOTIF_ID_VALID(r1, 0x40082102, &(0x7f0000000100)=r2) [ 2854.476415][T19729] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665e9 [ 2854.484387][T19729] RDX: 00000000fffffdef RSI: 0000000020000480 RDI: 0000000000000003 [ 2854.492356][T19729] RBP: 00007fdb39a021d0 R08: 0000000000000000 R09: 0000000000000000 [ 2854.500417][T19729] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2854.508380][T19729] R13: 00007ffca9e2055f R14: 00007fdb39a02300 R15: 0000000000022000 07:39:05 executing program 2 (fault-call:1 fault-nth:48): r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xfffffdef) 07:39:05 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe9020000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 2854.549137][T19756] loop5: detected capacity change from 0 to 264192 [ 2854.558061][T19756] FAT-fs (loop5): invalid media value (0xe1) [ 2854.564070][T19756] FAT-fs (loop5): Can't find a valid FAT filesystem [ 2854.605576][T19769] FAULT_INJECTION: forcing a failure. [ 2854.605576][T19769] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2854.618680][T19769] CPU: 1 PID: 19769 Comm: syz-executor.2 Not tainted 5.14.0-rc4-syzkaller #0 [ 2854.627442][T19769] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2854.637498][T19769] Call Trace: [ 2854.640775][T19769] dump_stack_lvl+0xb7/0x103 [ 2854.645358][T19769] dump_stack+0x11/0x1a [ 2854.649508][T19769] should_fail+0x23c/0x250 07:39:05 executing program 5: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x0, 0x2, &(0x7f0000000440)=[{0x0, 0x0, 0x100000000}, {&(0x7f0000000400)="b6e4ba5e97a999bfce4e9bf4475031d183cbe1", 0x13, 0x3}], 0x3, &(0x7f0000000000)={[{@fat=@time_offset={'time_offset', 0x3d, 0xfffffffffffffc11}}]}) 07:39:05 executing program 0: syz_mount_image$msdos(&(0x7f0000000600), &(0x7f0000000640)='./file0\x00', 0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="8b2a9c1cd7e19a529346358b50d3dd74d9e22551a76a3ae76a68e9f8412579f5f257dac21523f1894c5daf3d6dad4ad4c603156f8eec857542b9739724cc397c66940206f60d6f50e740aaaaab52328c235aa889b27d569023f5f373dfdb63e9fda4f900fa8f527c71f3829dadcaa840d30f8eda3d56980618c079a597a28dc6d393543e3fdadb360b900dff7aaada2b54e7b06a0ec6444ac9502449b5accfbb118dcc35", 0xa4, 0x6}], 0x0, &(0x7f0000001180)=ANY=[]) r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, 0x0, 0xe7) write$nbd(r0, &(0x7f0000000080), 0x10) 07:39:05 executing program 3: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000700), 0x40000, 0x0) r2 = openat$vcsa(0xffffffffffffff9c, &(0x7f0000000140), 0x400100, 0x0) write$nbd(r2, &(0x7f00000001c0)={0x67446698, 0x0, 0x0, 0x2, 0x2, "a5c5"}, 0x12) nanosleep(&(0x7f0000000040), &(0x7f00000000c0)) set_thread_area(&(0x7f0000000100)={0x5, 0x20000800, 0x0, 0x1, 0x2, 0x0, 0x0, 0x0, 0x0, 0x1}) recvmsg$unix(r1, &(0x7f0000000b80)={&(0x7f0000000740), 0x6e, 0x0}, 0x0) ioctl$SECCOMP_IOCTL_NOTIF_ID_VALID(r1, 0x40082102, &(0x7f0000000000)) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xe7) write$nbd(r0, &(0x7f0000000080), 0x10) [ 2854.653951][T19769] should_fail_usercopy+0x16/0x20 [ 2854.658969][T19769] copy_page_from_iter_atomic+0x2c1/0xba0 [ 2854.664772][T19769] ? shmem_write_begin+0x7e/0x100 [ 2854.669854][T19769] generic_perform_write+0x1df/0x3c0 [ 2854.675140][T19769] ? shmem_write_begin+0x100/0x100 [ 2854.680250][T19769] __generic_file_write_iter+0x161/0x300 [ 2854.685884][T19769] ? generic_write_checks+0x242/0x290 [ 2854.691255][T19769] generic_file_write_iter+0x75/0x130 [ 2854.696683][T19769] vfs_write+0x69d/0x770 [ 2854.700921][T19769] ksys_write+0xce/0x180 07:39:05 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe9030000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 07:39:05 executing program 0: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TEAM_CMD_NOOP(r1, &(0x7f00000031c0)={&(0x7f0000002c40)={0x10, 0x0, 0x0, 0x8800200}, 0xc, &(0x7f0000003180)={&(0x7f0000002e80)={0x14}, 0x14}}, 0x0) sendmsg$BATADV_CMD_SET_HARDIF(r1, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x1c, 0x0, 0x400, 0x5, 0x25dfdbfb, {}, [@BATADV_ATTR_DISTRIBUTED_ARP_TABLE_ENABLED={0x5, 0x2f, 0x1}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000}, 0x24000000) write$nbd(r0, 0x0, 0xe7) ioctl$GIO_UNISCRNMAP(r0, 0x4b69, &(0x7f0000000000)=""/59) write$nbd(r0, &(0x7f0000000080), 0x10) [ 2854.705184][T19769] __x64_sys_write+0x3e/0x50 [ 2854.709767][T19769] do_syscall_64+0x3d/0x90 [ 2854.714226][T19769] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 2854.720115][T19769] RIP: 0033:0x4665e9 [ 2854.724005][T19769] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2854.743605][T19769] RSP: 002b:00007fdb39a02188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 07:39:05 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe9040000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 2854.752013][T19769] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665e9 [ 2854.759982][T19769] RDX: 00000000fffffdef RSI: 0000000020000480 RDI: 0000000000000003 [ 2854.767979][T19769] RBP: 00007fdb39a021d0 R08: 0000000000000000 R09: 0000000000000000 [ 2854.775970][T19769] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2854.783943][T19769] R13: 00007ffca9e2055f R14: 00007fdb39a02300 R15: 0000000000022000 [ 2854.835788][T19798] loop5: detected capacity change from 0 to 264192 [ 2854.856619][T19798] FAT-fs (loop5): invalid media value (0xe1) [ 2854.862660][T19798] FAT-fs (loop5): Can't find a valid FAT filesystem 07:39:06 executing program 4: openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000700), 0x40000, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) recvmsg$unix(r2, &(0x7f0000000200)={&(0x7f0000000280), 0x87, 0x0, 0x0, 0x0, 0x52}, 0x2100) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TIMER(r1, 0xc0605345, &(0x7f0000000040)={0x8, 0x2, {0xffffffffffffffff, 0x0, 0x8, 0x0, 0xffff}, 0x2}) write$nbd(r0, 0x0, 0x7fffffffffffffff) r3 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000700), 0x40000, 0x0) recvmsg$unix(r3, &(0x7f0000000b80)={&(0x7f0000000740), 0x6e, 0x0}, 0x0) openat$nvram(0xffffffffffffff9c, &(0x7f0000000240), 0x40, 0x0) r4 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000700), 0x40000, 0x0) recvmsg$unix(r4, &(0x7f0000000b80)={&(0x7f0000000740), 0x6e, 0x0}, 0x0) r5 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000700), 0x40000, 0x0) recvmsg$unix(r5, &(0x7f0000000b80)={&(0x7f0000000740), 0x6e, 0x0}, 0x0) r6 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000700), 0x40000, 0x0) recvmsg$unix(r6, &(0x7f0000000b80)={&(0x7f0000000740), 0x6e, 0x0}, 0x0) r7 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000700), 0x40000, 0x0) recvmsg$unix(r7, &(0x7f0000000b80)={&(0x7f0000000740), 0x6e, 0x0}, 0x0) io_uring_register$IORING_REGISTER_EVENTFD_ASYNC(r7, 0x7, &(0x7f0000000300)=r6, 0x1) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f00000000c0), &(0x7f0000000100)=0xc) 07:39:06 executing program 3: pidfd_send_signal(0xffffffffffffffff, 0x1c, &(0x7f0000000000)={0x2a, 0x8, 0x1f}, 0x0) r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) ioctl$SNDRV_SEQ_IOCTL_UNSUBSCRIBE_PORT(r0, 0x40505331, &(0x7f00000000c0)={{0x1, 0xea}, {0x6, 0x2}, 0xfff, 0x6, 0x2e}) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xe7) write$nbd(r0, &(0x7f0000000080), 0x10) r1 = fork() pidfd_open(r1, 0x0) r2 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000140)='/sys/module/button', 0x40, 0x10) ioctl$TIOCMSET(r2, 0x5418, &(0x7f00000001c0)=0x18000000) 07:39:06 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xea000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 07:39:06 executing program 0: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) write$nbd(r0, 0x0, 0xe7) write$nbd(r0, &(0x7f0000000080), 0x10) r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000700), 0x40000, 0x0) recvmsg$unix(r1, &(0x7f0000000b80)={&(0x7f0000000740), 0x6e, 0x0}, 0x0) setsockopt$inet6_icmp_ICMP_FILTER(r1, 0x1, 0x1, &(0x7f0000000000), 0x4) io_uring_register$IORING_UNREGISTER_FILES(r0, 0x3, 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_DELETE_PORT(r0, 0x40a85321, &(0x7f00000000c0)={{0x5, 0x3}, 'port0\x00', 0x4e, 0x40800, 0x7, 0x2, 0x9, 0x8, 0x4, 0x0, 0x2, 0x9}) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000040)={'batadv_slave_1\x00'}) 07:39:06 executing program 5: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x0, 0x2, &(0x7f0000000440)=[{0x0, 0x0, 0x100000000}, {&(0x7f0000000400)="b6e4ba5e97a999bfce4e9bf4475031d183cbe1", 0x13, 0x3}], 0x4, &(0x7f0000000000)={[{@fat=@time_offset={'time_offset', 0x3d, 0xfffffffffffffc11}}]}) 07:39:06 executing program 2 (fault-call:1 fault-nth:49): r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xfffffdef) [ 2855.407981][T19818] FAULT_INJECTION: forcing a failure. [ 2855.407981][T19818] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 2855.413778][T19820] loop5: detected capacity change from 0 to 264192 [ 2855.421234][T19818] CPU: 1 PID: 19818 Comm: syz-executor.2 Not tainted 5.14.0-rc4-syzkaller #0 [ 2855.436571][T19818] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2855.446640][T19818] Call Trace: [ 2855.449905][T19818] dump_stack_lvl+0xb7/0x103 07:39:06 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xea010000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 2855.454540][T19818] dump_stack+0x11/0x1a [ 2855.458688][T19818] should_fail+0x23c/0x250 [ 2855.463099][T19818] __alloc_pages+0x102/0x320 [ 2855.464990][T19820] FAT-fs (loop5): invalid media value (0xe1) [ 2855.467692][T19818] alloc_pages_vma+0x513/0x680 [ 2855.473712][T19820] FAT-fs (loop5): Can't find a valid FAT filesystem [ 2855.485036][T19818] shmem_getpage_gfp+0x954/0x13d0 [ 2855.490271][T19818] shmem_write_begin+0x7e/0x100 [ 2855.495113][T19818] generic_perform_write+0x196/0x3c0 [ 2855.500473][T19818] ? shmem_write_begin+0x100/0x100 07:39:06 executing program 3: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xe7) r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f00000000c0)={0xa, &(0x7f0000000000)=[{0x3f, 0xd4, 0x46, 0x100}, {0x4, 0x9, 0x1, 0xa45e}, {0x0, 0x7f, 0x9, 0x5}, {0x7, 0x0, 0x7, 0xfffffffc}, {0x6, 0xff, 0x3}, {0x40, 0x1, 0x7f, 0x7f}, {0x9, 0x96, 0x83, 0x7}, {0x7, 0x9, 0x2, 0x1}, {0xe0d8, 0x0, 0x4, 0x9}, {0x4, 0x1, 0x6, 0x8}]}) write$nbd(r0, &(0x7f0000000080), 0x10) r2 = pidfd_getfd(r0, r1, 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r2, 0x402c5342, &(0x7f0000000100)={0x5d9, 0x641, 0x1, {0x800, 0x10001}, 0xfff, 0x865}) set_thread_area(&(0x7f00000001c0)={0x80000001, 0x20001000, 0x400, 0x1, 0x2, 0x1, 0x0, 0x0, 0x0, 0x1}) 07:39:06 executing program 0: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, 0x0, 0xe7) r1 = openat$vcsa(0xffffffffffffff9c, &(0x7f0000000000), 0x800, 0x0) write$nbd(r1, &(0x7f0000000100)=ANY=[@ANYBLOB="674466980000002000000000010000003b0ad191bb3f42ce4fb73104696f5f2af96be89407a2787f17ef413b11ef0dfb170f70abdda8eed3c24f8cb762cac646ef76348045e479a49f74910e03eecebd6953a37915651b12e00ef74d6421eeb656a0bffce153e8951a556144f39a27349d23d1077a7837d4"], 0x6a) [ 2855.505583][T19818] __generic_file_write_iter+0x161/0x300 [ 2855.511278][T19818] ? generic_write_checks+0x242/0x290 [ 2855.516642][T19818] generic_file_write_iter+0x75/0x130 [ 2855.522015][T19818] vfs_write+0x69d/0x770 [ 2855.526258][T19818] ksys_write+0xce/0x180 [ 2855.530496][T19818] __x64_sys_write+0x3e/0x50 [ 2855.535086][T19818] do_syscall_64+0x3d/0x90 [ 2855.539506][T19818] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 2855.545506][T19818] RIP: 0033:0x4665e9 [ 2855.549397][T19818] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2855.569127][T19818] RSP: 002b:00007fdb39a02188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2855.577609][T19818] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665e9 [ 2855.585577][T19818] RDX: 00000000fffffdef RSI: 0000000020000480 RDI: 0000000000000003 [ 2855.593544][T19818] RBP: 00007fdb39a021d0 R08: 0000000000000000 R09: 0000000000000000 07:39:06 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xea020000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 07:39:06 executing program 0: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, 0x0, 0xe7) r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000280), 0x60081, 0x0) recvmsg$unix(r1, &(0x7f0000000b80)={&(0x7f0000000740), 0x6e, 0x0}, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'batadv_slave_1\x00'}) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_INFO(r1, 0xc08c5334, &(0x7f00000000c0)={0x2, 0x3ff, 0x1, 'queue1\x00', 0x1}) ioctl$SNDRV_SEQ_IOCTL_GET_CLIENT_INFO(r0, 0xc0bc5310, &(0x7f00000001c0)) write$nbd(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="ff7c370000002c23300a00000000000010000000"], 0x10) ioctl$TIOCMSET(r1, 0x5418, &(0x7f0000000080)=0xe5) [ 2855.601520][T19818] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2855.609484][T19818] R13: 00007ffca9e2055f R14: 00007fdb39a02300 R15: 0000000000022000 07:39:06 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xea030000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 2855.656172][T19820] loop5: detected capacity change from 0 to 264192 [ 2855.688387][T19820] FAT-fs (loop5): invalid media value (0xe1) [ 2855.694446][T19820] FAT-fs (loop5): Can't find a valid FAT filesystem 07:39:07 executing program 4: openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000700), 0x40000, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) recvmsg$unix(r2, &(0x7f0000000200)={&(0x7f0000000280), 0x87, 0x0, 0x0, 0x0, 0x52}, 0x2100) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TIMER(r1, 0xc0605345, &(0x7f0000000040)={0x8, 0x2, {0xffffffffffffffff, 0x0, 0x8, 0x0, 0xffff}, 0x2}) write$nbd(r0, 0x0, 0x7fffffffffffffff) r3 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000700), 0x40000, 0x0) recvmsg$unix(r3, &(0x7f0000000b80)={&(0x7f0000000740), 0x6e, 0x0}, 0x0) openat$nvram(0xffffffffffffff9c, &(0x7f0000000240), 0x40, 0x0) r4 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000700), 0x40000, 0x0) recvmsg$unix(r4, &(0x7f0000000b80)={&(0x7f0000000740), 0x6e, 0x0}, 0x0) r5 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000700), 0x40000, 0x0) recvmsg$unix(r5, &(0x7f0000000b80)={&(0x7f0000000740), 0x6e, 0x0}, 0x0) r6 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000700), 0x40000, 0x0) recvmsg$unix(r6, &(0x7f0000000b80)={&(0x7f0000000740), 0x6e, 0x0}, 0x0) r7 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000700), 0x40000, 0x0) recvmsg$unix(r7, &(0x7f0000000b80)={&(0x7f0000000740), 0x6e, 0x0}, 0x0) io_uring_register$IORING_REGISTER_EVENTFD_ASYNC(r7, 0x7, &(0x7f0000000300)=r6, 0x1) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f00000000c0), &(0x7f0000000100)=0xc) 07:39:07 executing program 3: seccomp$SECCOMP_SET_MODE_FILTER(0x1, 0x0, &(0x7f0000000640)={0x1, &(0x7f0000000600)=[{0x30}]}) r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, &(0x7f0000000480)) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xe7) 07:39:07 executing program 2 (fault-call:1 fault-nth:50): r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xfffffdef) 07:39:07 executing program 5: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x0, 0x2, &(0x7f0000000440)=[{0x0, 0x0, 0x100000000}, {&(0x7f0000000400)="b6e4ba5e97a999bfce4e9bf4475031d183cbe1", 0x13, 0x3}], 0x5, &(0x7f0000000000)={[{@fat=@time_offset={'time_offset', 0x3d, 0xfffffffffffffc11}}]}) 07:39:07 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xea040000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 07:39:07 executing program 0: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, 0x0, 0xe7) write$nbd(r0, &(0x7f0000000080), 0x10) ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_INFO(r0, 0x40bc5311, &(0x7f00000000c0)={0x1, 0x0, 'client1\x00', 0x2, "4d57d63e2592f7a8", "6e7fdb2575abf6f0626a111d2e888e1078014ed3bcd1c05926340e373e2515b9", 0x80000001, 0x5}) [ 2856.268175][T19874] FAULT_INJECTION: forcing a failure. [ 2856.268175][T19874] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2856.274403][T19876] loop5: detected capacity change from 0 to 264192 [ 2856.281261][T19874] CPU: 0 PID: 19874 Comm: syz-executor.2 Not tainted 5.14.0-rc4-syzkaller #0 [ 2856.296489][T19874] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2856.306669][T19874] Call Trace: [ 2856.309945][T19874] dump_stack_lvl+0xb7/0x103 [ 2856.314537][T19874] dump_stack+0x11/0x1a [ 2856.318692][T19874] should_fail+0x23c/0x250 [ 2856.323112][T19874] should_fail_usercopy+0x16/0x20 [ 2856.328135][T19874] copy_page_from_iter_atomic+0x2c1/0xba0 [ 2856.333856][T19874] ? shmem_write_begin+0x7e/0x100 [ 2856.338922][T19874] generic_perform_write+0x1df/0x3c0 [ 2856.344214][T19874] ? shmem_write_begin+0x100/0x100 [ 2856.349380][T19874] __generic_file_write_iter+0x161/0x300 [ 2856.355053][T19874] ? generic_write_checks+0x242/0x290 [ 2856.360496][T19874] generic_file_write_iter+0x75/0x130 [ 2856.365866][T19874] vfs_write+0x69d/0x770 [ 2856.370129][T19874] ksys_write+0xce/0x180 [ 2856.374361][T19874] __x64_sys_write+0x3e/0x50 [ 2856.379032][T19874] do_syscall_64+0x3d/0x90 [ 2856.383507][T19874] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 2856.389404][T19874] RIP: 0033:0x4665e9 [ 2856.393378][T19874] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 07:39:07 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xeb000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 07:39:07 executing program 3: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xe7) write$nbd(r0, &(0x7f0000000000)=ANY=[@ANYBLOB="67da5a9f4546a8e4c4aaaa27cd1dd6f2e2c5953f3e524641e7fdf1c5aea19a81e9ab379f223252d6bb318d473303d7cd678633ce767159e6797ad4f3b629c722e6bea8b8e5ff85fdc7237d8cf5a414db7c4b6d14c09c5b32ff6b0834c028e8765df2a405b99dd571672b31dcd5f5a15f10cd816032ca938de205f94c"], 0x10) 07:39:07 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xeb010000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 07:39:07 executing program 0: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, 0x0, 0xe7) write$nbd(r0, &(0x7f0000000000)=ANY=[@ANYBLOB="673266980000000000000600000000000000baf2508b"], 0x10) 07:39:07 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xeb020000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 07:39:07 executing program 0: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d8003, 0x0) write$nbd(r0, 0x0, 0xe7) write$nbd(r0, &(0x7f0000000080), 0x10) [ 2856.412980][T19874] RSP: 002b:00007fdb39a02188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2856.421469][T19874] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665e9 [ 2856.429436][T19874] RDX: 00000000fffffdef RSI: 0000000020000480 RDI: 0000000000000003 [ 2856.437404][T19874] RBP: 00007fdb39a021d0 R08: 0000000000000000 R09: 0000000000000000 [ 2856.445375][T19874] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2856.453340][T19874] R13: 00007ffca9e2055f R14: 00007fdb39a02300 R15: 0000000000022000 [ 2856.466013][T19876] FAT-fs (loop5): invalid media value (0xe1) [ 2856.472045][T19876] FAT-fs (loop5): Can't find a valid FAT filesystem [ 2856.588844][T19876] loop5: detected capacity change from 0 to 264192 [ 2856.598303][T19876] FAT-fs (loop5): invalid media value (0xe1) [ 2856.604342][T19876] FAT-fs (loop5): Can't find a valid FAT filesystem 07:39:08 executing program 4: openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000700), 0x40000, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) recvmsg$unix(r2, &(0x7f0000000200)={&(0x7f0000000280), 0x87, 0x0, 0x0, 0x0, 0x52}, 0x2100) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TIMER(r1, 0xc0605345, &(0x7f0000000040)={0x8, 0x2, {0xffffffffffffffff, 0x0, 0x8, 0x0, 0xffff}, 0x2}) write$nbd(r0, 0x0, 0x7fffffffffffffff) r3 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000700), 0x40000, 0x0) recvmsg$unix(r3, &(0x7f0000000b80)={&(0x7f0000000740), 0x6e, 0x0}, 0x0) openat$nvram(0xffffffffffffff9c, &(0x7f0000000240), 0x40, 0x0) r4 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000700), 0x40000, 0x0) recvmsg$unix(r4, &(0x7f0000000b80)={&(0x7f0000000740), 0x6e, 0x0}, 0x0) r5 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000700), 0x40000, 0x0) recvmsg$unix(r5, &(0x7f0000000b80)={&(0x7f0000000740), 0x6e, 0x0}, 0x0) r6 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000700), 0x40000, 0x0) recvmsg$unix(r6, &(0x7f0000000b80)={&(0x7f0000000740), 0x6e, 0x0}, 0x0) r7 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000700), 0x40000, 0x0) recvmsg$unix(r7, &(0x7f0000000b80)={&(0x7f0000000740), 0x6e, 0x0}, 0x0) io_uring_register$IORING_REGISTER_EVENTFD_ASYNC(r7, 0x7, &(0x7f0000000300)=r6, 0x1) 07:39:08 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xeb030000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 07:39:08 executing program 3: r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) ioctl$KDSKBMODE(r0, 0x4b45, 0x0) ioctl$TIOCSTI(r0, 0x5412, &(0x7f00000002c0)=0x8e) r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000280), 0x490501, 0x0) write$nbd(r1, &(0x7f0000000480)=ANY=[], 0xe7) r2 = socket$nl_generic(0x10, 0x3, 0x10) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000180)) sendmsg$TEAM_CMD_NOOP(r2, &(0x7f00000031c0)={&(0x7f0000002c40)={0x10, 0x0, 0x0, 0x8800200}, 0xc, &(0x7f0000003180)={&(0x7f0000002e80)={0x14}, 0x14}}, 0x0) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r1, 0x89f1, &(0x7f0000000040)={'ip6tnl0\x00', &(0x7f00000000c0)={'ip6tnl0\x00', 0x0, 0x2f, 0x40, 0x7, 0x9, 0x41, @mcast1, @loopback, 0x8, 0x80, 0x0, 0x7}}) sendmsg$BATADV_CMD_GET_NEIGHBORS(r2, &(0x7f0000000240)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000140)={&(0x7f00000001c0)={0x4c, 0x0, 0x100, 0x70bd2d, 0x25dfdbfe, {}, [@BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r3}, @BATADV_ATTR_DISTRIBUTED_ARP_TABLE_ENABLED={0x5}, @BATADV_ATTR_TPMETER_TEST_TIME={0x8, 0xb, 0x3}, @BATADV_ATTR_GW_BANDWIDTH_DOWN={0x8, 0x31, 0x9}, @BATADV_ATTR_THROUGHPUT_OVERRIDE={0x8, 0x3b, 0x6}, @BATADV_ATTR_GW_MODE={0x5, 0x33, 0x1}, @BATADV_ATTR_VLANID={0x6, 0x28, 0x4}]}, 0x4c}, 0x1, 0x0, 0x0, 0x4000}, 0x10) write$nbd(r1, &(0x7f0000000080)={0x67446698, 0x0, 0xd812, 0x2, 0x4}, 0x10) setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r2, 0x10e, 0x1, &(0x7f0000000300)=0x9, 0x4) 07:39:08 executing program 0: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, 0x0, 0xe7) r1 = openat$vcsa(0xffffffffffffff9c, &(0x7f0000000000), 0x462a00, 0x0) sendmsg$BATADV_CMD_GET_TRANSTABLE_GLOBAL(r1, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x40, 0x0, 0x400, 0x70bd25, 0x25dfdbfd, {}, [@BATADV_ATTR_FRAGMENTATION_ENABLED={0x5, 0x30, 0x1}, @BATADV_ATTR_ORIG_ADDRESS={0xa, 0x9, @broadcast}, @BATADV_ATTR_THROUGHPUT_OVERRIDE={0x8, 0x3b, 0x8cd4}, @BATADV_ATTR_HARD_IFINDEX={0x8}, @BATADV_ATTR_FRAGMENTATION_ENABLED={0x5}]}, 0x40}, 0x1, 0x0, 0x0, 0x4000001}, 0x20044000) write$nbd(r0, &(0x7f0000000080), 0x10) 07:39:08 executing program 5: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x0, 0x2, &(0x7f0000000440)=[{0x0, 0x0, 0x100000000}, {&(0x7f0000000400)="b6e4ba5e97a999bfce4e9bf4475031d183cbe1", 0x13, 0x3}], 0x6, &(0x7f0000000000)={[{@fat=@time_offset={'time_offset', 0x3d, 0xfffffffffffffc11}}]}) 07:39:08 executing program 2 (fault-call:1 fault-nth:51): r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xfffffdef) [ 2857.243297][T19921] loop5: detected capacity change from 0 to 264192 [ 2857.257663][T19921] FAT-fs (loop5): invalid media value (0xe1) [ 2857.257903][T19922] FAULT_INJECTION: forcing a failure. [ 2857.257903][T19922] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 2857.263779][T19921] FAT-fs (loop5): Can't find a valid FAT filesystem [ 2857.276963][T19922] CPU: 1 PID: 19922 Comm: syz-executor.2 Not tainted 5.14.0-rc4-syzkaller #0 07:39:08 executing program 0: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000040), 0x14000, 0x0) write$nbd(r0, 0x0, 0xe7) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$IPCTNL_MSG_TIMEOUT_NEW(r0, &(0x7f0000000180)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x1c, 0x0, 0x8, 0x101, 0x0, 0x0, {}, [@CTA_TIMEOUT_L4PROTO={0x5, 0x3, 0x6}]}, 0x1c}, 0x1, 0x0, 0x0, 0x8088}, 0x4000050) write$nbd(r1, &(0x7f0000000080)={0x67446698, 0x0, 0xffff}, 0xfec3) 07:39:08 executing program 3: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xe7) r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000700), 0x40000, 0x0) recvmsg$unix(r1, &(0x7f0000000b80)={&(0x7f0000000740), 0x6e, 0x0}, 0x0) io_uring_setup(0x99c, &(0x7f0000000000)={0x0, 0xf56a, 0x8, 0x0, 0x34a, 0x0, r1}) write$nbd(r0, &(0x7f0000000080), 0x10) syz_open_pts(r0, 0x501200) [ 2857.276986][T19922] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2857.302332][T19922] Call Trace: [ 2857.305630][T19922] dump_stack_lvl+0xb7/0x103 [ 2857.310367][T19922] dump_stack+0x11/0x1a [ 2857.314516][T19922] should_fail+0x23c/0x250 [ 2857.318930][T19922] __alloc_pages+0x102/0x320 [ 2857.323516][T19922] alloc_pages_vma+0x513/0x680 [ 2857.328275][T19922] shmem_getpage_gfp+0x954/0x13d0 [ 2857.333295][T19922] shmem_write_begin+0x7e/0x100 [ 2857.338213][T19922] generic_perform_write+0x196/0x3c0 07:39:08 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xeb040000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 2857.343500][T19922] ? shmem_write_begin+0x100/0x100 [ 2857.348606][T19922] __generic_file_write_iter+0x161/0x300 [ 2857.354259][T19922] ? generic_write_checks+0x242/0x290 [ 2857.359631][T19922] generic_file_write_iter+0x75/0x130 [ 2857.364996][T19922] vfs_write+0x69d/0x770 [ 2857.369234][T19922] ksys_write+0xce/0x180 [ 2857.373643][T19922] __x64_sys_write+0x3e/0x50 [ 2857.378305][T19922] do_syscall_64+0x3d/0x90 [ 2857.382719][T19922] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 2857.388617][T19922] RIP: 0033:0x4665e9 [ 2857.392502][T19922] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2857.412107][T19922] RSP: 002b:00007fdb39a02188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2857.420517][T19922] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665e9 [ 2857.428485][T19922] RDX: 00000000fffffdef RSI: 0000000020000480 RDI: 0000000000000003 07:39:08 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xec000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 07:39:08 executing program 3: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xe7) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000000), &(0x7f0000000040)=0xc) write$nbd(r0, &(0x7f0000000080), 0x10) [ 2857.436446][T19922] RBP: 00007fdb39a021d0 R08: 0000000000000000 R09: 0000000000000000 [ 2857.444481][T19922] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2857.452446][T19922] R13: 00007ffca9e2055f R14: 00007fdb39a02300 R15: 0000000000022000 07:39:08 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xec010000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 2857.525760][T19921] loop5: detected capacity change from 0 to 264192 [ 2857.540543][T19921] FAT-fs (loop5): invalid media value (0xe1) [ 2857.546594][T19921] FAT-fs (loop5): Can't find a valid FAT filesystem 07:39:09 executing program 4: openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000700), 0x40000, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) recvmsg$unix(r2, &(0x7f0000000200)={&(0x7f0000000280), 0x87, 0x0, 0x0, 0x0, 0x52}, 0x2100) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TIMER(r1, 0xc0605345, &(0x7f0000000040)={0x8, 0x2, {0xffffffffffffffff, 0x0, 0x8, 0x0, 0xffff}, 0x2}) write$nbd(r0, 0x0, 0x7fffffffffffffff) r3 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000700), 0x40000, 0x0) recvmsg$unix(r3, &(0x7f0000000b80)={&(0x7f0000000740), 0x6e, 0x0}, 0x0) openat$nvram(0xffffffffffffff9c, &(0x7f0000000240), 0x40, 0x0) r4 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000700), 0x40000, 0x0) recvmsg$unix(r4, &(0x7f0000000b80)={&(0x7f0000000740), 0x6e, 0x0}, 0x0) r5 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000700), 0x40000, 0x0) recvmsg$unix(r5, &(0x7f0000000b80)={&(0x7f0000000740), 0x6e, 0x0}, 0x0) r6 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000700), 0x40000, 0x0) recvmsg$unix(r6, &(0x7f0000000b80)={&(0x7f0000000740), 0x6e, 0x0}, 0x0) r7 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000700), 0x40000, 0x0) recvmsg$unix(r7, &(0x7f0000000b80)={&(0x7f0000000740), 0x6e, 0x0}, 0x0) 07:39:09 executing program 0: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r0, 0xc0502100, &(0x7f0000000000)={0x0}) ioctl$SECCOMP_IOCTL_NOTIF_ID_VALID(r0, 0x40082102, &(0x7f00000000c0)=r1) write$nbd(r0, 0x0, 0xe7) write$nbd(r0, &(0x7f0000000080)={0x67446698, 0x0, 0x0, 0x4}, 0x10) 07:39:09 executing program 2 (fault-call:1 fault-nth:52): r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xfffffdef) 07:39:09 executing program 3: getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000000), &(0x7f0000000040)=0xc) r0 = pidfd_getfd(0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_genetlink_get_family_id$batadv(&(0x7f0000000100), 0xffffffffffffffff) sendmsg$BATADV_CMD_SET_HARDIF(r0, &(0x7f0000000200)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x280400}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x38, r1, 0x300, 0x70bd25, 0x25dfdbff, {}, [@BATADV_ATTR_FRAGMENTATION_ENABLED={0x5, 0x30, 0x1}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5, 0x2a, 0x1}, @BATADV_ATTR_ORIG_INTERVAL={0x8, 0x39, 0x10000}, @BATADV_ATTR_ORIG_ADDRESS={0xa, 0x9, @local}]}, 0x38}, 0x1, 0x0, 0x0, 0x4008001}, 0x44000) r2 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r2, &(0x7f0000000480)=ANY=[], 0xe7) write$nbd(r2, &(0x7f0000000080), 0x10) 07:39:09 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xec020000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 07:39:09 executing program 5: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x0, 0x2, &(0x7f0000000440)=[{0x0, 0x0, 0x100000000}, {&(0x7f0000000400)="b6e4ba5e97a999bfce4e9bf4475031d183cbe1", 0x13, 0x3}], 0x7, &(0x7f0000000000)={[{@fat=@time_offset={'time_offset', 0x3d, 0xfffffffffffffc11}}]}) [ 2858.133969][T19973] loop5: detected capacity change from 0 to 264192 [ 2858.136239][T19967] FAULT_INJECTION: forcing a failure. [ 2858.136239][T19967] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2858.153554][T19967] CPU: 1 PID: 19967 Comm: syz-executor.2 Not tainted 5.14.0-rc4-syzkaller #0 [ 2858.155369][T19973] FAT-fs (loop5): invalid media value (0xe1) [ 2858.162384][T19967] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2858.162397][T19967] Call Trace: 07:39:09 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xec030000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 07:39:09 executing program 0: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, 0x0, 0xe7) write$nbd(r0, &(0x7f0000000080), 0x10) [ 2858.162404][T19967] dump_stack_lvl+0xb7/0x103 [ 2858.168372][T19973] FAT-fs (loop5): Can't find a valid FAT filesystem [ 2858.178436][T19967] dump_stack+0x11/0x1a [ 2858.178455][T19967] should_fail+0x23c/0x250 [ 2858.201364][T19967] should_fail_usercopy+0x16/0x20 [ 2858.206439][T19967] copy_page_from_iter_atomic+0x2c1/0xba0 [ 2858.212277][T19967] ? shmem_write_begin+0x7e/0x100 [ 2858.217292][T19967] generic_perform_write+0x1df/0x3c0 [ 2858.222573][T19967] ? shmem_write_begin+0x100/0x100 [ 2858.227824][T19967] __generic_file_write_iter+0x161/0x300 07:39:09 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xec040000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 2858.233459][T19967] ? generic_write_checks+0x242/0x290 [ 2858.238828][T19967] generic_file_write_iter+0x75/0x130 [ 2858.244205][T19967] vfs_write+0x69d/0x770 [ 2858.248482][T19967] ksys_write+0xce/0x180 [ 2858.252715][T19967] __x64_sys_write+0x3e/0x50 [ 2858.257300][T19967] do_syscall_64+0x3d/0x90 [ 2858.261787][T19967] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 2858.267678][T19967] RIP: 0033:0x4665e9 07:39:09 executing program 3: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xe7) r1 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) ioctl$KDSKBMODE(r1, 0x4b45, 0x0) ioctl$TIOCL_UNBLANKSCREEN(r1, 0x541c, &(0x7f0000000000)) r2 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000700), 0x40000, 0x0) recvmsg$unix(r2, &(0x7f0000000b80)={&(0x7f0000000740), 0x6e, 0x0}, 0x0) write$nbd(r2, &(0x7f00000001c0)=ANY=[], 0xfffffffffffffdbc) r3 = syz_open_dev$ttys(0xc, 0x2, 0x1) ioctl$GIO_UNISCRNMAP(r3, 0x4b69, &(0x7f0000000040)=""/178) [ 2858.271571][T19967] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2858.291168][T19967] RSP: 002b:00007fdb39a02188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2858.299661][T19967] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665e9 [ 2858.307633][T19967] RDX: 00000000fffffdef RSI: 0000000020000480 RDI: 0000000000000003 [ 2858.315603][T19967] RBP: 00007fdb39a021d0 R08: 0000000000000000 R09: 0000000000000000 [ 2858.323579][T19967] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 07:39:09 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xed000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 2858.331545][T19967] R13: 00007ffca9e2055f R14: 00007fdb39a02300 R15: 0000000000022000 07:39:09 executing program 0: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, 0x0, 0xe7) write$nbd(r0, &(0x7f0000000000)={0x67446698, 0xfffffffe, 0x1, 0x0, 0x0, "4fe087bc000000000000000304558cac7c315689ada6a2c37957283b8691293db9179c73ca0f00849e43e225b8cd1e10d115bf1bed99d77ff037e493f11d4af52b937d03000000000100000000000000fe7b726ee4ec315d88b9"}, 0x6a) [ 2858.359689][T19973] loop5: detected capacity change from 0 to 264192 [ 2858.401302][T19973] FAT-fs (loop5): invalid media value (0xe1) [ 2858.407380][T19973] FAT-fs (loop5): Can't find a valid FAT filesystem 07:39:09 executing program 4: openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000700), 0x40000, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) recvmsg$unix(r2, &(0x7f0000000200)={&(0x7f0000000280), 0x87, 0x0, 0x0, 0x0, 0x52}, 0x2100) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TIMER(r1, 0xc0605345, &(0x7f0000000040)={0x8, 0x2, {0xffffffffffffffff, 0x0, 0x8, 0x0, 0xffff}, 0x2}) write$nbd(r0, 0x0, 0x7fffffffffffffff) r3 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000700), 0x40000, 0x0) recvmsg$unix(r3, &(0x7f0000000b80)={&(0x7f0000000740), 0x6e, 0x0}, 0x0) openat$nvram(0xffffffffffffff9c, &(0x7f0000000240), 0x40, 0x0) r4 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000700), 0x40000, 0x0) recvmsg$unix(r4, &(0x7f0000000b80)={&(0x7f0000000740), 0x6e, 0x0}, 0x0) r5 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000700), 0x40000, 0x0) recvmsg$unix(r5, &(0x7f0000000b80)={&(0x7f0000000740), 0x6e, 0x0}, 0x0) r6 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000700), 0x40000, 0x0) recvmsg$unix(r6, &(0x7f0000000b80)={&(0x7f0000000740), 0x6e, 0x0}, 0x0) openat$bsg(0xffffffffffffff9c, &(0x7f0000000700), 0x40000, 0x0) 07:39:09 executing program 3: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000700), 0x40000, 0x0) recvmsg$unix(r1, &(0x7f0000000b80)={&(0x7f0000000740), 0x6e, 0x0}, 0x0) r2 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000700), 0x40000, 0x0) recvmsg$unix(r2, &(0x7f0000000b80)={&(0x7f0000000740), 0x6e, 0x0}, 0x0) r3 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) ioctl$KDSKBMODE(r3, 0x4b45, 0x0) r4 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) ioctl$KDSKBMODE(r4, 0x4b45, 0x0) write$nbd(r2, &(0x7f0000000000)=ANY=[@ANYRES32, @ANYRESOCT=r3, @ANYRESHEX=r4], 0xe7) write$nbd(r0, &(0x7f0000000080), 0x10) r5 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_UNSUBSCRIBE_PORT(r5, 0x40505331, &(0x7f00000000c0)={{0x20, 0x80}, {0x3f, 0x20}, 0x7fffffff, 0x0, 0x5}) 07:39:09 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xed010000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 07:39:09 executing program 0: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0701, 0x0) write$nbd(r0, 0x0, 0xe7) write$nbd(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="674466980000000000000000000000e8"], 0x10) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000000)) 07:39:09 executing program 5: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x0, 0x2, &(0x7f0000000440)=[{0x0, 0x0, 0x100000000}, {&(0x7f0000000400)="b6e4ba5e97a999bfce4e9bf4475031d183cbe1", 0x13, 0x3}], 0x8, &(0x7f0000000000)={[{@fat=@time_offset={'time_offset', 0x3d, 0xfffffffffffffc11}}]}) 07:39:09 executing program 2 (fault-call:1 fault-nth:53): r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xfffffdef) 07:39:09 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xed020000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 07:39:09 executing program 3: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xe7) write$nbd(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="674466980000000000662d214f0b357d"], 0x10) [ 2858.989195][T20027] loop5: detected capacity change from 0 to 264192 [ 2858.993990][T20029] FAULT_INJECTION: forcing a failure. [ 2858.993990][T20029] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 2859.008990][T20029] CPU: 1 PID: 20029 Comm: syz-executor.2 Not tainted 5.14.0-rc4-syzkaller #0 [ 2859.017786][T20029] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2859.027831][T20029] Call Trace: [ 2859.031099][T20029] dump_stack_lvl+0xb7/0x103 [ 2859.035687][T20029] dump_stack+0x11/0x1a [ 2859.039833][T20029] should_fail+0x23c/0x250 [ 2859.044330][T20029] __alloc_pages+0x102/0x320 [ 2859.048914][T20029] alloc_pages_vma+0x513/0x680 [ 2859.053671][T20029] shmem_getpage_gfp+0x954/0x13d0 [ 2859.058724][T20029] shmem_write_begin+0x7e/0x100 [ 2859.060846][T20027] FAT-fs (loop5): invalid media value (0xe1) [ 2859.063571][T20029] generic_perform_write+0x196/0x3c0 [ 2859.069633][T20027] FAT-fs (loop5): Can't find a valid FAT filesystem [ 2859.074852][T20029] ? shmem_write_begin+0x100/0x100 07:39:10 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xed030000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 2859.086587][T20029] __generic_file_write_iter+0x161/0x300 [ 2859.092273][T20029] ? generic_write_checks+0x242/0x290 [ 2859.097660][T20029] generic_file_write_iter+0x75/0x130 [ 2859.103037][T20029] vfs_write+0x69d/0x770 [ 2859.107356][T20029] ksys_write+0xce/0x180 [ 2859.111600][T20029] __x64_sys_write+0x3e/0x50 [ 2859.116217][T20029] do_syscall_64+0x3d/0x90 [ 2859.120625][T20029] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 2859.126508][T20029] RIP: 0033:0x4665e9 07:39:10 executing program 3: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x429c1, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xe7) write$nbd(r0, &(0x7f0000000080), 0x10) 07:39:10 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xed040000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 2859.130394][T20029] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2859.150044][T20029] RSP: 002b:00007fdb39a02188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2859.158468][T20029] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665e9 [ 2859.166433][T20029] RDX: 00000000fffffdef RSI: 0000000020000480 RDI: 0000000000000003 [ 2859.174396][T20029] RBP: 00007fdb39a021d0 R08: 0000000000000000 R09: 0000000000000000 07:39:10 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 2859.182420][T20029] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2859.190380][T20029] R13: 00007ffca9e2055f R14: 00007fdb39a02300 R15: 0000000000022000 [ 2859.244258][T20027] loop5: detected capacity change from 0 to 264192 [ 2859.256629][T20027] FAT-fs (loop5): invalid media value (0xe1) [ 2859.262645][T20027] FAT-fs (loop5): Can't find a valid FAT filesystem 07:39:10 executing program 0: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) r1 = pidfd_open(0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) pidfd_getfd(r1, r2, 0x0) write$nbd(r0, 0x0, 0xe7) write$nbd(r0, &(0x7f0000000080), 0x10) 07:39:10 executing program 3: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xe7) r1 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/mem_sleep', 0x4002, 0x2) r2 = syz_genetlink_get_family_id$team(&(0x7f00000000c0), r0) io_uring_register$IORING_REGISTER_EVENTFD_ASYNC(r1, 0x7, &(0x7f0000000dc0)=r0, 0x1) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000100)) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000140)={'team0\x00', 0x0}) ioctl$sock_ipv6_tunnel_SIOCCHGPRL(r0, 0x89f7, &(0x7f0000000240)={'syztnl1\x00', &(0x7f00000001c0)={'ip6gre0\x00', 0x0, 0x29, 0xab, 0x9, 0x100, 0x55, @empty, @mcast1, 0x40, 0x8, 0xfffffff7, 0x18}}) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r0, 0x89f1, &(0x7f0000000300)={'syztnl2\x00', &(0x7f0000000280)={'sit0\x00', 0x0, 0x29, 0x1f, 0x0, 0x3, 0x20, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', @ipv4={'\x00', '\xff\xff', @loopback}, 0x20, 0x8060, 0x8, 0x6}}) getsockname$packet(r0, &(0x7f0000000340)={0x11, 0x0, 0x0}, &(0x7f0000000380)=0x14) ioctl$sock_ipv6_tunnel_SIOCDELPRL(r0, 0x89f6, &(0x7f0000000440)={'ip6_vti0\x00', &(0x7f00000003c0)={'ip6gre0\x00', 0x0, 0x4, 0x9, 0x92, 0xfff, 0x5, @loopback, @remote, 0x40, 0x700, 0x39c}}) getsockname$packet(r0, &(0x7f0000000480)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f00000004c0)=0x14) getsockname$packet(r0, &(0x7f0000000500)={0x11, 0x0, 0x0}, &(0x7f0000000580)=0x14) sendmsg$TEAM_CMD_NOOP(r1, &(0x7f0000000d00)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000cc0)={&(0x7f0000000e00)={0x688, r2, 0x200, 0x70bd2a, 0x25dfdbfe, {}, [{{0x8}, {0x4}}, {{0x8}, {0x4}}, {{0x8}, {0x4}}, {{0x8}, {0x80, 0x2, 0x0, 0x1, [{0x40, 0x1, @lb_port_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x200}}, {0x8}}}, {0x3c, 0x1, @user_linkup={{{0x24}, {0x5}, {0x4}}, {0x8}}}]}}, {{0x8, 0x1, r3}, {0x16c, 0x2, 0x0, 0x1, [{0x4c, 0x1, @lb_tx_method={{0x24}, {0x5}, {0x19, 0x4, 'hash_to_port_mapping\x00'}}}, {0x38, 0x1, @notify_peers_count={{0x24}, {0x5}, {0x8, 0x4, 0x9a4}}}, {0x38, 0x1, @mcast_rejoin_count={{0x24}, {0x5}, {0x8, 0x4, 0x81}}}, {0x38, 0x1, @activeport={{0x24}, {0x5}, {0x8}}}, {0x3c, 0x1, @user_linkup={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r4}}}, {0x38, 0x1, @mcast_rejoin_interval={{0x24}, {0x5}, {0x8, 0x4, 0x5}}}]}}, {{0x8, 0x1, r5}, {0xbc, 0x2, 0x0, 0x1, [{0x40, 0x1, @lb_tx_hash_to_port_mapping={{{0x24}, {0x5}, {0x8, 0x4, r6}}, {0x8}}}, {0x40, 0x1, @queue_id={{{0x24}, {0x5}, {0x8, 0x4, 0x7}}, {0x8}}}, {0x38, 0x1, @lb_stats_refresh_interval={{0x24}, {0x5}, {0x8}}}]}}, {{0x8, 0x1, r7}, {0xec, 0x2, 0x0, 0x1, [{0x38, 0x1, @notify_peers_interval={{0x24}, {0x5}, {0x8, 0x4, 0x3}}}, {0x40, 0x1, @lb_tx_hash_to_port_mapping={{{0x24}, {0x5}, {0x8}}, {0x8}}}, {0x38, 0x1, @mcast_rejoin_count={{0x24}, {0x5}, {0x8, 0x4, 0xffff7387}}}, {0x38, 0x1, @mcast_rejoin_count={{0x24}, {0x5}, {0x8, 0x4, 0x2}}}]}}, {{0x8, 0x1, r8}, {0x294, 0x2, 0x0, 0x1, [{0x38, 0x1, @activeport={{0x24}, {0x5}, {0x8, 0x4, r5}}}, {0x40, 0x1, @priority={{{0x24}, {0x5}, {0x8, 0x4, 0x91d8}}, {0x8, 0x6, r3}}}, {0x38, 0x1, @notify_peers_count={{0x24}, {0x5}, {0x8, 0x4, 0x2}}}, {0x3c, 0x1, @enabled={{{0x24}, {0x5}, {0x4}}, {0x8}}}, {0x54, 0x1, @bpf_hash_func={{0x24}, {0x5}, {0x24, 0x4, [{0x5, 0x6, 0x5, 0x40}, {0x83, 0x1, 0x86, 0x1}, {0x6, 0x9, 0x3, 0x4}, {0x40, 0x9, 0x6, 0xffffffbe}]}}}, {0x4c, 0x1, @lb_tx_method={{0x24}, {0x5}, {0x19, 0x4, 'hash_to_port_mapping\x00'}}}, {0x44, 0x1, @name={{0x24}, {0x5}, {0x11, 0x4, 'activebackup\x00'}}}, {0x40, 0x1, @priority={{{0x24}, {0x5}, {0x8, 0x4, 0x1}}, {0x8}}}, {0x40, 0x1, @priority={{{0x24}, {0x5}, {0x8, 0x4, 0x2}}, {0x8}}}, {0x40, 0x1, @queue_id={{{0x24}, {0x5}, {0x8, 0x4, 0x401}}, {0x8, 0x6, r9}}}]}}]}, 0x688}, 0x1, 0x0, 0x0, 0x2000c050}, 0x4001) write$nbd(r0, &(0x7f0000000080), 0x10) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TEMPO(r1, 0xc02c5341, &(0x7f0000000d40)) 07:39:10 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee010000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 07:39:10 executing program 5: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x0, 0x2, &(0x7f0000000440)=[{0x0, 0x0, 0x100000000}, {&(0x7f0000000400)="b6e4ba5e97a999bfce4e9bf4475031d183cbe1", 0x13, 0x3}], 0x9, &(0x7f0000000000)={[{@fat=@time_offset={'time_offset', 0x3d, 0xfffffffffffffc11}}]}) 07:39:10 executing program 2 (fault-call:1 fault-nth:54): r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xfffffdef) 07:39:10 executing program 4: openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000700), 0x40000, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) recvmsg$unix(r2, &(0x7f0000000200)={&(0x7f0000000280), 0x87, 0x0, 0x0, 0x0, 0x52}, 0x2100) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TIMER(r1, 0xc0605345, &(0x7f0000000040)={0x8, 0x2, {0xffffffffffffffff, 0x0, 0x8, 0x0, 0xffff}, 0x2}) write$nbd(r0, 0x0, 0x7fffffffffffffff) r3 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000700), 0x40000, 0x0) recvmsg$unix(r3, &(0x7f0000000b80)={&(0x7f0000000740), 0x6e, 0x0}, 0x0) openat$nvram(0xffffffffffffff9c, &(0x7f0000000240), 0x40, 0x0) r4 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000700), 0x40000, 0x0) recvmsg$unix(r4, &(0x7f0000000b80)={&(0x7f0000000740), 0x6e, 0x0}, 0x0) r5 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000700), 0x40000, 0x0) recvmsg$unix(r5, &(0x7f0000000b80)={&(0x7f0000000740), 0x6e, 0x0}, 0x0) r6 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000700), 0x40000, 0x0) recvmsg$unix(r6, &(0x7f0000000b80)={&(0x7f0000000740), 0x6e, 0x0}, 0x0) [ 2859.964740][T20071] FAULT_INJECTION: forcing a failure. [ 2859.964740][T20071] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2859.967712][T20077] loop5: detected capacity change from 0 to 264192 [ 2859.977832][T20071] CPU: 0 PID: 20071 Comm: syz-executor.2 Not tainted 5.14.0-rc4-syzkaller #0 [ 2859.993057][T20071] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2860.003107][T20071] Call Trace: [ 2860.006384][T20071] dump_stack_lvl+0xb7/0x103 [ 2860.010973][T20071] dump_stack+0x11/0x1a 07:39:10 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee020000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 07:39:10 executing program 3: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xe7) r1 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000040), 0x215000, 0x0) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r1, 0xc0502100, &(0x7f0000000080)) r2 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) ioctl$KDSKBMODE(r2, 0x4b45, 0x0) syz_open_pts(r2, 0xc0440) write$nbd(r0, &(0x7f0000000000)=ANY=[@ANYBLOB="674466983f0000000000000000000000a7e3de8c84852b21d496a5044ff2fb9ad816"], 0x10) [ 2860.015119][T20071] should_fail+0x23c/0x250 [ 2860.019559][T20071] should_fail_usercopy+0x16/0x20 [ 2860.024589][T20071] copy_page_from_iter_atomic+0x2c1/0xba0 [ 2860.030310][T20071] ? shmem_write_begin+0x7e/0x100 [ 2860.035350][T20071] generic_perform_write+0x1df/0x3c0 [ 2860.040639][T20071] ? shmem_write_begin+0x100/0x100 [ 2860.045750][T20071] __generic_file_write_iter+0x161/0x300 [ 2860.051382][T20071] ? generic_write_checks+0x242/0x290 [ 2860.052242][T20077] FAT-fs (loop5): invalid media value (0xe1) 07:39:11 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee030000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 2860.056816][T20071] generic_file_write_iter+0x75/0x130 [ 2860.062827][T20077] FAT-fs (loop5): Can't find a valid FAT filesystem [ 2860.068143][T20071] vfs_write+0x69d/0x770 [ 2860.078924][T20071] ksys_write+0xce/0x180 [ 2860.083181][T20071] __x64_sys_write+0x3e/0x50 [ 2860.087843][T20071] do_syscall_64+0x3d/0x90 [ 2860.092273][T20071] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 2860.098285][T20071] RIP: 0033:0x4665e9 07:39:11 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee040000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 2860.102192][T20071] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2860.121914][T20071] RSP: 002b:00007fdb39a02188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2860.130326][T20071] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665e9 [ 2860.138337][T20071] RDX: 00000000fffffdef RSI: 0000000020000480 RDI: 0000000000000003 [ 2860.146302][T20071] RBP: 00007fdb39a021d0 R08: 0000000000000000 R09: 0000000000000000 [ 2860.154317][T20071] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 07:39:11 executing program 3: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xe7) write$nbd(r0, &(0x7f00000000c0)={0x67446698, 0x0, 0x0, 0x0, 0x0, "56649db42af60e31e1b32879efb210dca56b26ee4d5eb32d16e25a744e907e4c582184dfe23e5828527cb6ccfe9f76589d71de4d1c5f2929ce1652a8e1887e6d635d742bcf2428f94cd23d41a7ffac57b4a5ce8ac13f71eebdabf5f187163052029c67134fdf40661cd0c502f25bdeba7d318ec2ff3c05"}, 0x87) [ 2860.162282][T20071] R13: 00007ffca9e2055f R14: 00007fdb39a02300 R15: 0000000000022000 07:39:11 executing program 0: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, 0x0, 0xe7) r1 = pidfd_getfd(0xffffffffffffffff, r0, 0x0) sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r1, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x24, 0x0, 0x2, 0x70bd2b, 0x25dfdbff, {}, [@BATADV_ATTR_MULTICAST_FANOUT={0x8, 0x3c, 0x7}, @BATADV_ATTR_BONDING_ENABLED={0x5}]}, 0x24}}, 0x40) write$nbd(r0, &(0x7f00000001c0)=ANY=[@ANYBLOB="67446698d283894700000200000000009345680d05bc03b4876d1f9cfe6137ce08d331e94285cfee93018cebae98547e34db610131efb29719d3df51153c363ca0872cd2b8fa777f4402ad8db0aa6c6b3645de42ecae970e691f27de718f8ae7d73d737e29409891fbd569cb2fb4e908001b40994bfc92e25513c3fcf050700b6e93acc9d7c7f852978e6d5e368688449c1766225d4e54682efa5a83da1b080fac3a78a2f037"], 0x10) socket$packet(0x11, 0x2, 0x300) 07:39:11 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xef000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 2860.212560][T20077] loop5: detected capacity change from 0 to 264192 [ 2860.244896][T20077] FAT-fs (loop5): invalid media value (0xe1) [ 2860.250970][T20077] FAT-fs (loop5): Can't find a valid FAT filesystem 07:39:11 executing program 4: openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000700), 0x40000, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) recvmsg$unix(r2, &(0x7f0000000200)={&(0x7f0000000280), 0x87, 0x0, 0x0, 0x0, 0x52}, 0x2100) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TIMER(r1, 0xc0605345, &(0x7f0000000040)={0x8, 0x2, {0xffffffffffffffff, 0x0, 0x8, 0x0, 0xffff}, 0x2}) write$nbd(r0, 0x0, 0x7fffffffffffffff) r3 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000700), 0x40000, 0x0) recvmsg$unix(r3, &(0x7f0000000b80)={&(0x7f0000000740), 0x6e, 0x0}, 0x0) openat$nvram(0xffffffffffffff9c, &(0x7f0000000240), 0x40, 0x0) r4 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000700), 0x40000, 0x0) recvmsg$unix(r4, &(0x7f0000000b80)={&(0x7f0000000740), 0x6e, 0x0}, 0x0) r5 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000700), 0x40000, 0x0) recvmsg$unix(r5, &(0x7f0000000b80)={&(0x7f0000000740), 0x6e, 0x0}, 0x0) openat$bsg(0xffffffffffffff9c, &(0x7f0000000700), 0x40000, 0x0) 07:39:11 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xef010000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 07:39:11 executing program 0: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, 0x0, 0xe7) write$nbd(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="6744669800ff000bbf695397981300000000000000020000007bd3dca4686ee4fe1a1d208419984e97eeaa8382c94fffc5667ac266c4405421291fff549d8a7183bc6902925947fe0d28be96bfc4257841a82eae27ef7cb9ba6c8bd19aca8d0ae4e3"], 0x59) 07:39:11 executing program 3: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000080), 0x20000, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_PORT_INFO(r0, 0xc0a85322, &(0x7f00000000c0)) r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r1, &(0x7f0000000480)=ANY=[], 0xe7) write$nbd(r1, &(0x7f0000000000)={0x67446698, 0x0, 0x3, 0xfffd, 0x0, "185e39518b15dc1652a0206bd7d047f6f0a21ddc8e63d88771bc4475ee8dd8713086e54768d2a6e6db7052b8c41e71f0f93f01cc5c7b6aa3"}, 0x48) 07:39:11 executing program 5: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x0, 0x2, &(0x7f0000000440)=[{0x0, 0x0, 0x100000000}, {&(0x7f0000000400)="b6e4ba5e97a999bfce4e9bf4475031d183cbe1", 0x13, 0x3}], 0xa, &(0x7f0000000000)={[{@fat=@time_offset={'time_offset', 0x3d, 0xfffffffffffffc11}}]}) 07:39:11 executing program 2 (fault-call:1 fault-nth:55): r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xfffffdef) 07:39:11 executing program 0: r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) ioctl$KDSKBMODE(r0, 0x4b45, 0x0) ioctl$GIO_UNISCRNMAP(r0, 0x4b69, &(0x7f00000001c0)=""/4096) r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) r2 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) ioctl$KDSKBMODE(r2, 0x4b45, 0x0) ioctl$TIOCL_BLANKSCREEN(r2, 0x541c, &(0x7f0000000000)) write$nbd(r1, 0x0, 0xe7) write$nbd(r1, &(0x7f0000000080), 0x10) [ 2861.052249][T20131] FAULT_INJECTION: forcing a failure. [ 2861.052249][T20131] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 2861.053277][T20135] loop5: detected capacity change from 0 to 264192 [ 2861.065511][T20131] CPU: 0 PID: 20131 Comm: syz-executor.2 Not tainted 5.14.0-rc4-syzkaller #0 [ 2861.080817][T20131] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2861.090861][T20131] Call Trace: [ 2861.094222][T20131] dump_stack_lvl+0xb7/0x103 [ 2861.098810][T20131] dump_stack+0x11/0x1a [ 2861.102964][T20131] should_fail+0x23c/0x250 [ 2861.107383][T20131] __alloc_pages+0x102/0x320 [ 2861.111980][T20131] alloc_pages_vma+0x513/0x680 [ 2861.116743][T20131] shmem_getpage_gfp+0x954/0x13d0 [ 2861.120446][T20135] FAT-fs (loop5): invalid media value (0xe1) [ 2861.121850][T20131] shmem_write_begin+0x7e/0x100 [ 2861.121868][T20131] generic_perform_write+0x196/0x3c0 [ 2861.127835][T20135] FAT-fs (loop5): Can't find a valid FAT filesystem [ 2861.132657][T20131] ? shmem_write_begin+0x100/0x100 [ 2861.132676][T20131] __generic_file_write_iter+0x161/0x300 [ 2861.155206][T20131] ? generic_write_checks+0x242/0x290 [ 2861.160580][T20131] generic_file_write_iter+0x75/0x130 [ 2861.166116][T20131] vfs_write+0x69d/0x770 [ 2861.170353][T20131] ksys_write+0xce/0x180 [ 2861.174591][T20131] __x64_sys_write+0x3e/0x50 [ 2861.179172][T20131] do_syscall_64+0x3d/0x90 [ 2861.183676][T20131] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 2861.189600][T20131] RIP: 0033:0x4665e9 07:39:12 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xef020000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 2861.193490][T20131] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2861.213160][T20131] RSP: 002b:00007fdb39a02188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2861.221566][T20131] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665e9 [ 2861.229537][T20131] RDX: 00000000fffffdef RSI: 0000000020000480 RDI: 0000000000000003 [ 2861.237506][T20131] RBP: 00007fdb39a021d0 R08: 0000000000000000 R09: 0000000000000000 07:39:12 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xef030000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 2861.245473][T20131] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2861.253517][T20131] R13: 00007ffca9e2055f R14: 00007fdb39a02300 R15: 0000000000022000 [ 2861.279005][T20135] loop5: detected capacity change from 0 to 264192 07:39:12 executing program 2 (fault-call:1 fault-nth:56): r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xfffffdef) [ 2861.303183][T20135] FAT-fs (loop5): invalid media value (0xe1) [ 2861.309213][T20135] FAT-fs (loop5): Can't find a valid FAT filesystem 07:39:12 executing program 5: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x0, 0x2, &(0x7f0000000440)=[{0x0, 0x0, 0x100000000}, {&(0x7f0000000400)="b6e4ba5e97a999bfce4e9bf4475031d183cbe1", 0x13, 0x3}], 0xb, &(0x7f0000000000)={[{@fat=@time_offset={'time_offset', 0x3d, 0xfffffffffffffc11}}]}) 07:39:12 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xef040000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 2861.378551][T20166] FAULT_INJECTION: forcing a failure. [ 2861.378551][T20166] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2861.391644][T20166] CPU: 0 PID: 20166 Comm: syz-executor.2 Not tainted 5.14.0-rc4-syzkaller #0 [ 2861.400488][T20166] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2861.410590][T20166] Call Trace: [ 2861.413861][T20166] dump_stack_lvl+0xb7/0x103 [ 2861.418543][T20166] dump_stack+0x11/0x1a [ 2861.422701][T20166] should_fail+0x23c/0x250 [ 2861.427113][T20166] should_fail_usercopy+0x16/0x20 [ 2861.432155][T20166] copy_page_from_iter_atomic+0x2c1/0xba0 [ 2861.437875][T20166] ? shmem_write_begin+0x7e/0x100 [ 2861.442924][T20166] generic_perform_write+0x1df/0x3c0 [ 2861.448243][T20166] ? shmem_write_begin+0x100/0x100 [ 2861.453339][T20166] __generic_file_write_iter+0x161/0x300 [ 2861.458947][T20166] ? generic_write_checks+0x242/0x290 [ 2861.464304][T20166] generic_file_write_iter+0x75/0x130 [ 2861.469723][T20166] vfs_write+0x69d/0x770 [ 2861.473941][T20166] ksys_write+0xce/0x180 [ 2861.478197][T20166] __x64_sys_write+0x3e/0x50 [ 2861.482783][T20166] do_syscall_64+0x3d/0x90 [ 2861.487261][T20166] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 2861.493147][T20166] RIP: 0033:0x4665e9 [ 2861.497018][T20166] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2861.516603][T20166] RSP: 002b:00007fdb39a02188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2861.524991][T20166] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665e9 [ 2861.532950][T20166] RDX: 00000000fffffdef RSI: 0000000020000480 RDI: 0000000000000003 [ 2861.540930][T20166] RBP: 00007fdb39a021d0 R08: 0000000000000000 R09: 0000000000000000 [ 2861.548941][T20166] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2861.556888][T20166] R13: 00007ffca9e2055f R14: 00007fdb39a02300 R15: 0000000000022000 [ 2861.629993][T20173] loop5: detected capacity change from 0 to 264192 [ 2861.638860][T20173] FAT-fs (loop5): invalid media value (0xe1) [ 2861.644889][T20173] FAT-fs (loop5): Can't find a valid FAT filesystem 07:39:12 executing program 4: openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000700), 0x40000, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) recvmsg$unix(r2, &(0x7f0000000200)={&(0x7f0000000280), 0x87, 0x0, 0x0, 0x0, 0x52}, 0x2100) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TIMER(r1, 0xc0605345, &(0x7f0000000040)={0x8, 0x2, {0xffffffffffffffff, 0x0, 0x8, 0x0, 0xffff}, 0x2}) write$nbd(r0, 0x0, 0x7fffffffffffffff) r3 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000700), 0x40000, 0x0) recvmsg$unix(r3, &(0x7f0000000b80)={&(0x7f0000000740), 0x6e, 0x0}, 0x0) openat$nvram(0xffffffffffffff9c, &(0x7f0000000240), 0x40, 0x0) r4 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000700), 0x40000, 0x0) recvmsg$unix(r4, &(0x7f0000000b80)={&(0x7f0000000740), 0x6e, 0x0}, 0x0) r5 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000700), 0x40000, 0x0) recvmsg$unix(r5, &(0x7f0000000b80)={&(0x7f0000000740), 0x6e, 0x0}, 0x0) 07:39:12 executing program 3: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xe7) syz_mount_image$msdos(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x6, 0x8, &(0x7f0000001600)=[{&(0x7f00000000c0)="fd2ba78d6ea80591e17b9d7229b2ff84dc993d2328d2126c9044d7426cbf4f805cd56515e35a5badce", 0x29, 0x73}, {&(0x7f00000001c0)="57cd98dd6a3cba91d32166969ad439c7013917783543bb757a0e0e75e17a009f8226b486e36fccce48e79cc7e9be9f81c94cc1ec7da32c9832c50aad911e19e6193840cfce4597c1ab1ea88a88513069754b16bcf243900a130f15e0d118b0a6ad10a31d048639b3442528a5633d3ccf103bb075e8122a3149f34928dcc78ac3ea7de1689d080d25451156235acfecc898d7ad5bf9705c7d69bee813105f76b68039a697371498e69e08a64cfd255db3daf8a2f039329c07165fe8c7eb43a1f6c27e9ec328c9deeec5365e4ec83fc3c517b41560a12fee9148f9847c48ef0410b89477dba7356f4723617c0c", 0xec, 0x32}, {&(0x7f0000000100)="fe74a1abf3f10cec41e8cb398d0b5966541bcdc3bc2a9c538bf650e9f362c7000000000000", 0x25, 0x7f}, {&(0x7f00000002c0)="b586a176cc42080105aa2ba2570420dbde7df1a0ad8170618c7afa9b45ecf03a0f4a31d1437a8c3a583d106b72079e18230d276eea3d62eba62afeaaceda5398321b1b6d5f2065b7f76850851404213b72412c8086868167d0a50f95f174dec572b55a01e7dd3ee5d13f0c1a8d5f51903147dd6f29f60b14497f39896afa269aad97fef7c4f1c6e9449b3a4fcc2acf13202b34796509fe2004854ff07290f04a4211a50a6c4e0c508ae5c7d105ce4aef5b089db86bc63766e4340fa8966bfd8f85", 0xc1, 0x22}, {&(0x7f00000003c0)="154c7f7b5b770d2fce6e7a53cf999302ae0d8d2bd70cf3ad83b674137b7f3b1eea63a6f7d4a361b92d9e1711d4011e5d75e876a52a86138e970d2abbdf6d94a95c862216a2852f5d8b335848df7a2ab7aaaf7ff0414403b18f5d31f158b2ce4cc97bf81b52051d69a6dea041b6f1da80fdfcc33fa07b825fc8b9420ba4f8", 0x7e, 0x10001}, {&(0x7f0000000440)="75d791e76e2fdb997169f0073ab8a81fe20dfbc86e2349518e45915f3d36ca4216e2f233ade7ec76ef58f333c5a0205f76df9e1a489f959c9aafa2ffb510e38cf128090ad307a6ba5c4ce1fcdccdec17a665e7be8b32a38342c11e00ad416633553bd6536098352c51708bbb83b0b38d6316c3fe7d1d5ac1b321d8416e195988f50fd75dcbeb4c0324f5cbccb921f3ae22c8b40c82f91b97b85f62e786cdc74626498accd3fc436a7ec0e125259598cc2a971c634d6f23c95e213bff2bbb8b27427d285624405bb583ad6d3eb78d", 0xce, 0xeef}, {&(0x7f0000000540)="a212a718d0a4a0690125310824e3659e0fe7410f55990aeee9a334eaf9a80b0da844ba2660932c72d249bb1c092e2942e2a04fc0a3c9a7526feca4d3ef703485c414c1f4281597251083ba7c38cfafc44b298a7e4f77451473e8256dbfe73f2a865bcafbd2dec42e86e4cadc7c3446bf9a457e7d524e43fea85e882a708bfe0f0ae160e51e18402d4426eb6d3ff2024893d8b292df72b31b8e5623b39245", 0x9e, 0xffffffff}, {&(0x7f0000000600)="fa6ad240ba099166d9fa3d8bd26808c7f087edd3c823b52fe83e73c2f59ccc421ee39c2dbe0aa3fea1e6a9d2f2d7d010d9eb30b6d9d92487283250c6af7014f0a06ae203e39ab45358d906b8a7fdba403e81368a2b8f1705dacad02de89a2f9bacfbd34726265458ee4dafa0d2efdd984decb89a4584a31f8489738e38e3f8fac41c87ba45bffbc6698391bb5f51e6a6ba0ae07477fb76c2d29f69c3656229f905dda344edb3699bec2f7493b1356c1948b56eb4acd5eb9efb8dc621a6d05595afbb52886623b1c2c028821f0a9b4e6023f74027d68175bac22360f086701f1cb9d63945f6594b247079fae99b9ec637223a3fef59908943908e2437f0c9a9b5cafd808ad09a7ebb59cd2c9fc38c2d7357da09ed895a9e2e00899d3c40e34b95b81990f7a7cfca6f8c341f709ec388e3e883cb5ab8f0ae26416304aa7f333e046515c18416710e50d998bd0b495f23a154b72ee08000f5750779b24726c05643364e59935617dc1a29d0959ce60a8ddebe75afdfca1f42eb104eaf97269fb723be9777856e41c70d9d446a98b3ce7bc5255c38ea08b4e2c5248abe91e61bdd0ee837323698b8562b46800ca87af3e0565ed3b0fafeb29f083dfed68c6456d5d61b6ee677d8903b8aade3cfd6763fdb447e52ef3c820e2ebf6b05e2a97f9dc8c0336db35c3004aab79d627221945018728ca57b0d35668dd1e9843aee12b035eb48a5f5bc2829404d8fba19a287670ebe29b223ee49b7d9a842b5982872a1505cfa3ca5e56abda05ec846081a8f8f264a3d16a1bb6832cdda7a6d95058fb703b5280f6f389aabf2f7b919169789f2e75a92bc3974165bdb838a4596a8185d411e0c27f8e8ea1166cf70450485b02e8747cb242121b70b46c4589c928b38b24cacc15aa26dea6d1ee3d2ba20a16ff7af910fef4d515e92c9ef40ee0b1a09c7bf1c2f075f1b85bc083a9f2b42658ea15c1c901fc15ec6afbd31f616adf442a98e8d51311ad720520a8e55ed9ea87b41ee23c3d3082bfb7cafbf13207108b96f3a9f60050d35fb7dd59742fcc042fb654382ca14e12a57a6c67d560625d884be491e4f2fea68c19f027a005d18ec247eca7ea0b65aa19213c73cdb56dbbf73ddfdbd797b3b8a11fb799ad0c5d4a2c4c00274543a637b66df78628229378f8baeabdf20775c9814b4573d53755730a355ee26f067fec8c923ef8385de51066032a7b2571346090f95173450b7e5593446d099f915158142893f67590d824568fbc33f605c1cc8f1827ad2f9780d314fc19635308cb55b5e98945f47d664a0d5adfb15a6d07464c26de2a288fdf9547a2c6914d45de8df1c7b3210b351736826e5e4926ae9b21875a2cae6018bb394ffd0874d020110e5f7623e1bdd0584c5483265adbb3a58766dc38a4d047eb924d735345ffb99f016e9de43fa22018da65dd8732cb9fd4a7ae3aed20cfd63aea0cb6414a7f10029e81b61a83f78d7e97c43f955e5ec862e3231cd9d751faa2c52fe4e217b1069b8bd9940bae49fb26e533f8c8136e107969480119715c5f54bccdfa32037859b8492fea28540c28e6369e1d84036cce52427f20a717e3d9e80d86e6ff1d0647b0190c1e83d59e9e8df57fb85a3cbd69efb7f3fe3e708ad612811d58f450156021784fbbe5cf5408e7d9ce85376be459fc54f0750904d795d6eed92bd078ed2df458bc09ef06de81ea612b2bb4a763ccc45d3f1824aa255b8d72397ae2cb0b68b0b6a23bc6623839417eb474b7c49a7a56ffb52154610d6fea6f3bcf8c4749c098bb70837b2ca3b0f99c3ec965263675ab575d3f219e22565661c48b9f4034b7b5c1029a0dfc823ab57f14a5af265d80cd7493b26effd2d178065be311d18b8f4b229aee18cb19691b2e6c139ed81811e9eb43a6ed8fde160f469b8830e4b4ac332ed3b478eee1cebcdcf8a28c170676f044631011c869eda7b87e8ab56e1ed2686b63ab9464cd4185ef3b66b2c6a4c9f05138b3b830e1ebd8ba318fdf9f7063a1a625fb7456a32e4f0b3c0806f6678b39a2b3953fcb06a98bf20f2d679672644688e73f6d3162bca64ce203a6f5fa219e95420d7d24124cd78db598354438c514d885c30eaa4afd7fe3f1f5bee8d0cd354fcec9e8f609b90c566adde81add55d00cd94e7758de73a9e7ca1b80e6b44116d4e24ebd93bc7356413ef56ab26c1503ad1f10502cd3499ce8d012d4c5eecfe93d1b3f486e154d64057c2d2a7f466e9f1cfac7a42cd02b2dcc89823ded853116b20ec382e903050b5891bf698e91b713488927d68fafe6e0652422cb0c849953d159c0d548c51cb8b99349ed0b371905820a7d940955d8757be813d9143681b59b884d82e66f7016b5d42d7e63dd4045d9e53462022c18d11cb2f9933dbff9cce9b74f6cd0a5f7db0cf56e1b8f502fd4599cebe94be3ece02a1f9320d464c4b6b5a98e47511b5aca3d23d110bd4daa3a9aa3d5e31bc2a03257460fd4e2be288d08d6b44399705d8e9d3cf645c4490235750ba4993d0ef192dadb9239dc64c9bac071d2434eeea55283039a846e04b899c2dec1559c25a6e4816cf3acce7f206232b543ba758850bbd653b2edd03eaf769b78e1a1709756bc287a23f1b4f99d5e544e4f28a18cba9a698c15c977be1dfc874579f0369a0c913a2206d5a0044d0e7077aab608e60658b4e0b3630fc44a5a667b57bd67738a9bdd5f32603a9bf49da944697d76eacdeed15ef9f5649371a450899108ac4f7a9e72d963059675b72b9970d2b440182b6f7ca4f3de57d9e318a09e203e5e9f62c4d3af818521f640643769aea453299ba56ea4c4f13fb6cd302a514df314a2913a0593d6a7c5774e0b735e5c06d4f79b5a73d715af45465fcea2f44b1ae6b7cf68ba9543ecad5f82a4f90a3b7f9fe68ae391f84338ac30ab52920fef13b60b94e23496ba908e8f934debc05bf577d8fd349a19a247d5938408f7f5b3ee05730844adcc129bce9d63ef456551e7ab39a3ad16f6524ecf1ac9aa27a2b5a7f715269264750cfc7dc8c4f2eec6031dbca9f05dc02f8cb931b507ea1d80c7d7894282ef28c7b57951dfad777595b3c5c2a4d78007fa79b1b6a93b118860e8864da2088a68538ce77a95aa33b3241c8a1ba14ac3302232f1974d98ffb4b1575264370890839f6ff062e13db472617368f36b581c581d9c9cbc4b0bd26eb50db7fa3baf078d828dd927b16c58b867e4245284b9570e23124a7505cd17f0a7c05e22edd8b81d6d6a535f4f133975e2612bc0de92dc6e28b0c33ccd33dc41d4f377638cc6b5032529179d70f750fc2057402f00d5d21615a767de38ca3df1b1a367b8181b447aa9ee94f60e109cdfbc395d6e52f19571a411e6e4c0d2e8fae9fe8ee69ccc7e78b9202ea398c59a1c09e60496ac67b9a60f097b01266287d1a01b9f33538e71cac3dc5b3862273a9f514b4d6fe9fe5942dba595a7f15638e06737346d2960f00a3bec3ebb44079f5fd7899a13083c62167e1cf4a5988231793d244324283274e53707e2f5e44c09775f7750487a8fbd8136f26fb4ad4b943fda2edaec8e07257b9a8dd738b0e8a526d82274a2c81a70668777e27ca965bce259708073dd233c206128a8c03c315698c36c10765e5d455d014bb23d3267c3d7a620bfcb2393768bffbdd2b98d317b45f08946a0ff223559d82658de5aa111b24a236be2c03adb75ecbd7cef2c343d9c5db8786f53728f1b904933db45ccc3812ac710152dcbbc3ab580cf466775cbe326698e7571806e76cbe1dc6f5eeb679a0b2d9c102b9eac40609f880aa4744e582da583683098288b6d0ba1eebc6b1f20533f40b0682eac25557764230be09b9e424ed27e00c677e65c7aab4984ee2f32157f80bf49aa90d7237a8acd7a8b60f77c4ad0ed147602a471f03997fdce698a4f3700a2cb69b87546b0444f6224b129e39ff17fc40e1f1ff54c347063c261061f6e7016ab4272c3e37ee27826ed28e0fee39c21ce90535e6362cfe6592be617e015d0477eeed0d4ccf1ae936af6da354b0f142b133ffb94188c6a2dc56fa02043a883724006afb7e7b15e1a3ab36979a67e75e0ac17390e88373282ac3424e55cbbeb66380b8ffc85e39872fe8f42b5f25687feb7fa29d4fb88cd8c7a33c7a0e6adcd1b3c2683939fe37f5d66afe797f14b5c9ce60da4b1f7c86dc0d4d265f00b956dab837502c279f1f1a00f494acb69a09da3b20da040373c5c3505e4db859cd1257f4a8f4f31168b2e441f1f0a39282a062d16f350afe09e7bb120025d11130b8e347b8640c670cd28abbf285dbad58c96fa9124ac942adc584595ab15185127fd1ad0b4184b0c23f788780322489fa97178531d68f0e0e8148b0a586656053207b46443859a564658a43252a3458f406e4ad73c7017d73cb65bdeff26a46415fba22238bb8611efc52b066a867852b85b4b8cb07d272fca2e078ff795c2ea26e24303d847aa3720f76eb3f2cce8517d2239b38d6891483820dadac256e8d6b211ab922e761982de424acdf579b82a3d4ecc3d71805bb9e8b1d9fe786221bb5d3e1cd7c173916f64a799f5127eb3b88404b12e1290931baddd477cc2da758279c5cb6f6e4865d10682c3aac1d801ef2b46a70fa8f61b12f2fa7d2f76b90556b43a31cbc333b13f78a920256e5a8ab6a673becca411add222bbe516de58b0fa164d0f293d5a020b9f0f64262149575733960de158aa74c5a76d7c76a73547c81058bb12f3f48c7b7bb59f166b5fd2a0d62f2c3a66f8078a9fde56729bece28c9ff329a49fb1c6d81b7c187090291a445585bfb04158a0d2566038ed6770a5e6c2def69e0f8460a6124254e4a8d894a67658b0e36736ab0d0717409aaa0abd0e21b4a12894522582f6db8bd1b4f791e7fadd24eb8db28ea5fcfc07ba6e25cd60adaf9ed2ed29681d0802ec9d67e20890314dda3400dffbc891e753ce29f7cb6f93ea4cccbe1f1686a420dbc6bf88dccc1a787dc5894343fe9e92fcf76272beafbc3682cd933c85fe8240512d170eaa40a351204f60753b89ad397df28b6e56202451f733cf768bafc3d2bb2e51a9b26197c9ff1cd98d814e67c4055901a6d6288cb2e08d3089c10fe3fb8c9b70e05d61de4d7fae6393d52af72cd591737c62ee2f0a9ab27b3d78d4b34b9d8ed046b27f238a845e5123dc93205101b385b87a4241706663c88c54c4d9dee83c0fb0105f583b2213f7006558ca9d4cad4b0eddc6be3abd0478f19ce165bb49a33dff9a0d6c7c9beda8bc29624942ba8b08695ba7e39d0f6d9713d47e6b17f27240e67875bbe93c4f401449223b1f92e4232adc3f828451b27bbb072ccff0ab469b12493891cdadca354f575ea78efb9e2d985f8eddb60a9c3ba2d61230e950f2711a9cebee7863f45dfef67ea05c4ed98f38ca078ec038e1b301e49021373e80614f16da24e57019d46282397d1b5f8e08d73c3c2753296d653f5e87c12b6ed7210385f16f33b289734b9cc3fa611af354864711ac000932e214c34dc4175233fbfe331961edd74ec4290f9b8098527bd78140d8bc22a3c1a8533f6ba2948722fcdd0fbde85f61cf1e3d520c3256559f61477820b8135e2608737bd10e59b3a80d2dafb3e5da7523fc708c2ccfbc2dd580207c29f096212b9f6f8444de61c34aa412adb13d934d40b637e62aee940569e2e6dd3b54b2874bd3a0ba6b749ff43bccc7d152884377b8e926b81e34008b455158207afd32f6422c6ad25e2a2350b085bf804a5c0291984eca48d30e3893cf183e8b4a9b8d4b411db60c0e719ce9a", 0x1000, 0x8}], 0x102000, &(0x7f00000016c0)={[{@dots}, {@dots}, {@nodots}, {@nodots}, {@fat=@gid}, {@fat=@tz_utc}]}) r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000700), 0x40000, 0x0) recvmsg$unix(r1, &(0x7f0000000b80)={&(0x7f0000000740), 0x6e, 0x0}, 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(r1, 0x4058534c, &(0x7f0000001700)={0x7fffffff, 0xfff, 0x1, 0x7ff, 0x3, 0x3a6f}) write$nbd(r0, &(0x7f0000000080), 0x10) r2 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TEAM_CMD_NOOP(r2, &(0x7f00000031c0)={&(0x7f0000002c40)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000003180)={&(0x7f0000001840)={0x94, 0x0, 0x0, 0x0, 0x0, {}, [{{0x8}, {0x78, 0x2, 0x0, 0x1, [{0x3c, 0x1, @enabled={{{0x24}, {0x5}, {0x4}}, {0x8}}}, {0x38, 0x1, @mcast_rejoin_interval={{0x24}, {0x5}, {0x8}}}]}}]}, 0x94}}, 0x0) bind$netlink(r2, &(0x7f0000000140)={0x10, 0x0, 0x25dfdbfb, 0x800000}, 0xc) 07:39:12 executing program 0: setitimer(0x2, &(0x7f00000001c0)={{}, {0x0, 0xea60}}, &(0x7f00000000c0)) io_uring_setup(0x584a, &(0x7f0000000100)={0x0, 0x164c, 0x10, 0x2, 0x1d7}) write$nbd(0xffffffffffffffff, 0x0, 0xe7) setsockopt$netlink_NETLINK_DROP_MEMBERSHIP(0xffffffffffffffff, 0x10e, 0x2, &(0x7f0000000000)=0xb, 0x4) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000180)={'ip6_vti0\x00', &(0x7f0000000200)={'ip6tnl0\x00', 0x0, 0x2f, 0x1, 0x2, 0x9, 0x2, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', @mcast2, 0x700, 0x8000, 0x4, 0x8001}}) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(0xffffffffffffffff, 0x8933, &(0x7f0000000280)={'batadv0\x00', 0x0}) ioctl$sock_ipv6_tunnel_SIOCCHGPRL(0xffffffffffffffff, 0x89f7, &(0x7f0000000340)={'syztnl0\x00', &(0x7f00000002c0)={'syztnl0\x00', 0x0, 0x2f, 0x17, 0x8, 0x0, 0x1e, @local, @empty, 0x8000, 0x80, 0x8, 0x4}}) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, &(0x7f0000000380)={'batadv_slave_0\x00', 0x0}) ioctl$sock_ipv6_tunnel_SIOCCHGPRL(0xffffffffffffffff, 0x89f7, &(0x7f0000000440)={'syztnl2\x00', &(0x7f00000003c0)={'syztnl2\x00', 0x0, 0x4, 0x3, 0xfd, 0xffffff7f, 0x10, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', @private2, 0x20, 0x8010, 0x8, 0x800}}) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(0xffffffffffffffff, 0x8933, &(0x7f0000000480)={'batadv0\x00', 0x0}) getsockname$packet(0xffffffffffffffff, &(0x7f00000004c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, &(0x7f0000000500)=0x14) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f00000005c0)={'syztnl1\x00', &(0x7f0000000540)={'sit0\x00', 0x0, 0x4, 0x9, 0x3, 0x10001, 0x1a, @remote, @private2={0xfc, 0x2, '\x00', 0x1}, 0x40, 0x40, 0x5}}) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, &(0x7f0000000600)={'batadv_slave_0\x00', 0x0}) sendmsg$TEAM_CMD_OPTIONS_SET(0xffffffffffffffff, &(0x7f0000000dc0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000d80)={&(0x7f0000000640)={0x714, 0x0, 0x100, 0x70bd28, 0x25dfdbfd, {}, [{{0x8}, {0x1c0, 0x2, 0x0, 0x1, [{0x3c, 0x1, @user_linkup={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r0}}}, {0x4c, 0x1, @lb_tx_method={{0x24}, {0x5}, {0x19, 0x4, 'hash_to_port_mapping\x00'}}}, {0x3c, 0x1, @name={{0x24}, {0x5}, {0xb, 0x4, 'random\x00'}}}, {0x40, 0x1, @lb_port_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x5}}, {0x8}}}, {0x40, 0x1, @lb_tx_hash_to_port_mapping={{{0x24}, {0x5}, {0x8}}, {0x8}}}, {0x40, 0x1, @priority={{{0x24}, {0x5}, {0x8, 0x4, 0x81}}, {0x8, 0x6, r1}}}, {0x38, 0x1, @lb_stats_refresh_interval={{0x24}, {0x5}, {0x8, 0x4, 0x3c}}}]}}, {{0x8}, {0x78, 0x2, 0x0, 0x1, [{0x3c, 0x1, @bpf_hash_func={{0x24}, {0x5}, {0xc, 0x4, [{0xb73, 0x7, 0x5, 0x10001}]}}}, {0x38, 0x1, @notify_peers_interval={{0x24}, {0x5}, {0x8, 0x4, 0xfffffffe}}}]}}, {{0x8, 0x1, r2}, {0x150, 0x2, 0x0, 0x1, [{0x6c, 0x1, @bpf_hash_func={{0x24}, {0x5}, {0x3c, 0x4, [{0x8, 0x1, 0x20, 0xffffffff}, {0x9, 0x80, 0x6, 0xfffffffa}, {0xd0d1, 0x7, 0x80, 0x3}, {0x4, 0x9, 0x4d, 0xf0}, {0x0, 0x3, 0x4b, 0x80000000}, {0xfff, 0x81, 0x7c, 0x8}, {0x73e, 0x1f, 0x1f, 0x8}]}}}, {0x40, 0x1, @lb_port_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x7f}}, {0x8}}}, {0x64, 0x1, @bpf_hash_func={{0x24}, {0x5}, {0x34, 0x4, [{0x8, 0x3f, 0x8, 0x3}, {0x3, 0x3, 0x66, 0x1}, {0x0, 0x1f, 0x2, 0x1}, {0x101, 0x7f, 0xf0, 0xa0}, {0x401, 0x0, 0xe0, 0x8}, {0x6, 0x8, 0x0, 0x3f}]}}}, {0x3c, 0x1, @enabled={{{0x24}, {0x5}, {0x4}}, {0x8}}}]}}, {{0x8}, {0xec, 0x2, 0x0, 0x1, [{0x3c, 0x1, @user_linkup={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r3}}}, {0x38, 0x1, @mcast_rejoin_count={{0x24}, {0x5}, {0x8, 0x4, 0x5}}}, {0x38, 0x1, @activeport={{0x24}, {0x5}, {0x8}}}, {0x3c, 0x1, @user_linkup_enabled={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r4}}}]}}, {{0x8}, {0x264, 0x2, 0x0, 0x1, [{0x38, 0x1, @mcast_rejoin_interval={{0x24}, {0x5}, {0x8, 0x4, 0x81}}}, {0x38, 0x1, @notify_peers_interval={{0x24}, {0x5}, {0x8, 0x4, 0x3f}}}, {0x3c, 0x1, @name={{0x24}, {0x5}, {0xb, 0x4, 'random\x00'}}}, {0x3c, 0x1, @user_linkup={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r5}}}, {0x40, 0x1, @lb_tx_hash_to_port_mapping={{{0x24}, {0x5}, {0x8, 0x4, r6}}, {0x8}}}, {0x40, 0x1, @lb_tx_hash_to_port_mapping={{{0x24}, {0x5}, {0x8}}, {0x8}}}, {0x40, 0x1, @queue_id={{{0x24}, {0x5}, {0x8, 0x4, 0x3}}, {0x8, 0x6, r7}}}, {0x3c, 0x1, @user_linkup={{{0x24}, {0x5}, {0x4}}, {0x8}}}, {0x3c, 0x1, @name={{0x24}, {0x5}, {0xb, 0x4, 'random\x00'}}}, {0x40, 0x1, @priority={{{0x24}, {0x5}, {0x8, 0x4, 0x1fcc}}, {0x8, 0x6, r8}}}]}}]}, 0x714}, 0x1, 0x0, 0x0, 0x90}, 0x801) write$nbd(0xffffffffffffffff, &(0x7f0000000080)=ANY=[@ANYBLOB="6700000000000000e9c820e57c7c665a"], 0x10) 07:39:12 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf0000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 07:39:13 executing program 5: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x0, 0x2, &(0x7f0000000440)=[{0x0, 0x0, 0x100000000}, {&(0x7f0000000400)="b6e4ba5e97a999bfce4e9bf4475031d183cbe1", 0x13, 0x3}], 0xc, &(0x7f0000000000)={[{@fat=@time_offset={'time_offset', 0x3d, 0xfffffffffffffc11}}]}) 07:39:13 executing program 2 (fault-call:1 fault-nth:57): r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xfffffdef) [ 2862.128886][T20187] loop5: detected capacity change from 0 to 264192 [ 2862.132587][T20190] FAULT_INJECTION: forcing a failure. [ 2862.132587][T20190] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 2862.145016][T20187] FAT-fs (loop5): invalid media value (0xe1) [ 2862.148626][T20190] CPU: 1 PID: 20190 Comm: syz-executor.2 Not tainted 5.14.0-rc4-syzkaller #0 [ 2862.154575][T20187] FAT-fs (loop5): Can't find a valid FAT filesystem [ 2862.163309][T20190] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2862.179935][T20190] Call Trace: [ 2862.183206][T20190] dump_stack_lvl+0xb7/0x103 [ 2862.187792][T20190] dump_stack+0x11/0x1a [ 2862.191967][T20190] should_fail+0x23c/0x250 [ 2862.196399][T20190] __alloc_pages+0x102/0x320 [ 2862.200994][T20190] alloc_pages_vma+0x513/0x680 [ 2862.205746][T20190] shmem_getpage_gfp+0x954/0x13d0 [ 2862.210850][T20190] shmem_write_begin+0x7e/0x100 [ 2862.215769][T20190] generic_perform_write+0x196/0x3c0 [ 2862.221047][T20190] ? shmem_write_begin+0x100/0x100 [ 2862.226144][T20190] __generic_file_write_iter+0x161/0x300 [ 2862.231782][T20190] ? generic_write_checks+0x242/0x290 [ 2862.237151][T20190] generic_file_write_iter+0x75/0x130 [ 2862.242574][T20190] vfs_write+0x69d/0x770 [ 2862.246814][T20190] ksys_write+0xce/0x180 [ 2862.251059][T20190] __x64_sys_write+0x3e/0x50 [ 2862.255681][T20190] do_syscall_64+0x3d/0x90 [ 2862.260094][T20190] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 2862.265980][T20190] RIP: 0033:0x4665e9 [ 2862.269953][T20190] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2862.289552][T20190] RSP: 002b:00007fdb39a02188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2862.297960][T20190] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665e9 [ 2862.305959][T20190] RDX: 00000000fffffdef RSI: 0000000020000480 RDI: 0000000000000003 [ 2862.313985][T20190] RBP: 00007fdb39a021d0 R08: 0000000000000000 R09: 0000000000000000 [ 2862.321954][T20190] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 07:39:13 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf0010000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 07:39:13 executing program 0: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, 0x0, 0xe7) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f0000000040)={0x4, &(0x7f0000000000)=[{0x40, 0x29, 0x3f}, {0x62c, 0x1, 0x1, 0xffffffc0}, {0x200, 0x1, 0x6, 0xff}, {0x2, 0x1f, 0x80, 0x7e3}]}) write$nbd(r0, &(0x7f0000000100)=ANY=[@ANYBLOB="6744f059c5ec0ce1da81469d2a2f8e1f695535e84ab298000000000000000000d7fc0f6273b00aba3dac571373f61f3838013f09250e4d996200000800ce103e3143786b46ab5c1d72f029810c3172edae603c1e12d73fee30d8bb57161e76faabc109fa5dacba2682c998"], 0x10) [ 2862.329927][T20190] R13: 00007ffca9e2055f R14: 00007fdb39a02300 R15: 0000000000022000 07:39:13 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf0020000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 07:39:13 executing program 3: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) r1 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$KDSKBMODE(r1, 0x4b45, 0x0) write$nbd(r0, &(0x7f0000000000)=ANY=[], 0xe7) r2 = syz_genetlink_get_family_id$team(&(0x7f00000000c0), r0) getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @local}, &(0x7f0000000140)=0x14) r4 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) ioctl$KDSKBMODE(r4, 0x4b45, 0x0) ioctl$sock_ipv6_tunnel_SIOCGET6RD(r0, 0x89f8, &(0x7f0000000240)={'syztnl2\x00', &(0x7f00000001c0)={'ip6gre0\x00', 0x0, 0x4, 0x7, 0x1, 0x1, 0x24, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', @ipv4={'\x00', '\xff\xff', @empty}, 0x8000, 0x7800, 0x20, 0x8}}) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r0, 0x89f1, &(0x7f0000000300)={'sit0\x00', &(0x7f0000000280)={'syztnl2\x00', 0x0, 0x29, 0x4, 0x4, 0x4, 0x56, @private0, @mcast2, 0x0, 0x80, 0x279f, 0x20}}) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000340)={'team0\x00', 0x0}) ioctl$sock_ipv6_tunnel_SIOCDELPRL(r0, 0x89f6, &(0x7f0000000400)={'ip6tnl0\x00', &(0x7f0000000380)={'syztnl2\x00', 0x0, 0x29, 0x6, 0x3f, 0x5, 0x2, @mcast2, @local, 0x1, 0x8, 0x6f2, 0x1}}) getsockname$packet(r0, &(0x7f0000000440)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @multicast}, &(0x7f0000000480)=0x14) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r0, 0x89f1, &(0x7f0000000540)={'syztnl1\x00', &(0x7f00000004c0)={'syztnl0\x00', 0x0, 0x4, 0x40, 0x1, 0x3f000000, 0x13, @ipv4={'\x00', '\xff\xff', @private=0xa010101}, @private0, 0x8, 0x8, 0x1f}}) getsockname$packet(r0, &(0x7f0000000580)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @remote}, &(0x7f00000005c0)=0x14) sendmsg$TEAM_CMD_PORT_LIST_GET(r0, &(0x7f0000000ac0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000a80)={&(0x7f0000000600)={0x46c, r2, 0x10, 0x70bd27, 0x25dfdbfd, {}, [{{0x8}, {0x80, 0x2, 0x0, 0x1, [{0x40, 0x1, @lb_port_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x6}}, {0x8}}}, {0x3c, 0x1, @user_linkup={{{0x24}, {0x5}, {0x4}}, {0x8}}}]}}, {{0x8, 0x1, r3}, {0x7c, 0x2, 0x0, 0x1, [{0x38, 0x1, @activeport={{0x24}, {0x5}, {0x8}}}, {0x40, 0x1, @lb_tx_hash_to_port_mapping={{{0x24}, {0x5}, {0x8, 0x4, r5}}, {0x8}}}]}}, {{0x8, 0x1, r6}, {0x144, 0x2, 0x0, 0x1, [{0x40, 0x1, @lb_port_stats={{{0x24}, {0x5}, {0x8, 0x4, 0xfffffffd}}, {0x8, 0x6, r7}}}, {0x40, 0x1, @priority={{{0x24}, {0x5}, {0x8, 0x4, 0xfa}}, {0x8}}}, {0x44, 0x1, @name={{0x24}, {0x5}, {0x11, 0x4, 'activebackup\x00'}}}, {0x40, 0x1, @queue_id={{{0x24}, {0x5}, {0x8, 0x4, 0x8}}, {0x8}}}, {0x3c, 0x1, @user_linkup_enabled={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r8}}}]}}, {{0x8, 0x1, r9}, {0x44, 0x2, 0x0, 0x1, [{0x40, 0x1, @lb_hash_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x3a}}, {0x8}}}]}}, {{0x8, 0x1, r10}, {0x128, 0x2, 0x0, 0x1, [{0x40, 0x1, @name={{0x24}, {0x5}, {0xf, 0x4, 'roundrobin\x00'}}}, {0x38, 0x1, @activeport={{0x24}, {0x5}, {0x8}}}, {0x3c, 0x1, @lb_tx_method={{0x24}, {0x5}, {0x9, 0x4, 'hash\x00'}}}, {0x38, 0x1, @mcast_rejoin_interval={{0x24}, {0x5}, {0x8, 0x4, 0x4}}}, {0x38, 0x1, @lb_stats_refresh_interval={{0x24}, {0x5}, {0x8, 0x4, 0x6}}}]}}, {{0x8, 0x1, r11}, {0x7c, 0x2, 0x0, 0x1, [{0x40, 0x1, @priority={{{0x24}, {0x5}, {0x8, 0x4, 0x5}}, {0x8}}}, {0x38, 0x1, @notify_peers_count={{0x24}, {0x5}, {0x8, 0x4, 0x2}}}]}}]}, 0x46c}, 0x1, 0x0, 0x0, 0x20000010}, 0x40004084) write$nbd(r0, &(0x7f0000000080), 0x10) 07:39:13 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf0030000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 07:39:13 executing program 5: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x0, 0x2, &(0x7f0000000440)=[{0x0, 0x0, 0x100000000}, {&(0x7f0000000400)="b6e4ba5e97a999bfce4e9bf4475031d183cbe1", 0x13, 0x3}], 0xd, &(0x7f0000000000)={[{@fat=@time_offset={'time_offset', 0x3d, 0xfffffffffffffc11}}]}) [ 2862.385251][T20187] loop5: detected capacity change from 0 to 264192 [ 2862.398200][T20187] FAT-fs (loop5): invalid media value (0xe1) [ 2862.404238][T20187] FAT-fs (loop5): Can't find a valid FAT filesystem [ 2862.511190][T20227] loop5: detected capacity change from 0 to 264192 [ 2862.520365][T20227] FAT-fs (loop5): invalid media value (0xe1) [ 2862.526390][T20227] FAT-fs (loop5): Can't find a valid FAT filesystem 07:39:13 executing program 4: openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000700), 0x40000, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) recvmsg$unix(r2, &(0x7f0000000200)={&(0x7f0000000280), 0x87, 0x0, 0x0, 0x0, 0x52}, 0x2100) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TIMER(r1, 0xc0605345, &(0x7f0000000040)={0x8, 0x2, {0xffffffffffffffff, 0x0, 0x8, 0x0, 0xffff}, 0x2}) write$nbd(r0, 0x0, 0x7fffffffffffffff) r3 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000700), 0x40000, 0x0) recvmsg$unix(r3, &(0x7f0000000b80)={&(0x7f0000000740), 0x6e, 0x0}, 0x0) openat$nvram(0xffffffffffffff9c, &(0x7f0000000240), 0x40, 0x0) r4 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000700), 0x40000, 0x0) recvmsg$unix(r4, &(0x7f0000000b80)={&(0x7f0000000740), 0x6e, 0x0}, 0x0) openat$bsg(0xffffffffffffff9c, &(0x7f0000000700), 0x40000, 0x0) 07:39:13 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf0040000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 07:39:13 executing program 3: ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_INFO(0xffffffffffffffff, 0x40bc5311, &(0x7f00000000c0)={0xfffffffd, 0x0, 'client0\x00', 0x8, "5b2d92befe34f033", "836c4af8d86660bea950e4b3cf79c82bbd2a5e29936db5a606a6b4311b71983a", 0x6, 0x3}) r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xe7) write$nbd(r0, &(0x7f0000000080), 0x10) r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000700), 0x40000, 0x0) openat$bsg(0xffffffffffffff9c, &(0x7f00000001c0), 0xc4083, 0x0) recvmsg$unix(r1, &(0x7f0000000b80)={&(0x7f0000000740), 0x6e, 0x0}, 0x0) ioctl$PERF_EVENT_IOC_MODIFY_ATTRIBUTES(r1, 0x4008240b, &(0x7f0000000000)={0x2, 0xfffffffffffffd36, 0x0, 0x8, 0x5, 0x7, 0x0, 0x5, 0x3042f, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x80000000, 0x2, @perf_config_ext={0x2, 0x101}, 0x1241, 0x3, 0x10, 0x9, 0x2, 0x400, 0x7f, 0x0, 0x6, 0x0, 0x4}) 07:39:13 executing program 2 (fault-call:1 fault-nth:58): r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xfffffdef) 07:39:13 executing program 5: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x0, 0x2, &(0x7f0000000440)=[{0x0, 0x0, 0x100000000}, {&(0x7f0000000400)="b6e4ba5e97a999bfce4e9bf4475031d183cbe1", 0x13, 0x3}], 0xe, &(0x7f0000000000)={[{@fat=@time_offset={'time_offset', 0x3d, 0xfffffffffffffc11}}]}) 07:39:13 executing program 0: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000040)={'team0\x00', 0x0}) r2 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000700), 0x40000, 0x0) recvmsg$unix(r2, &(0x7f0000000b80)={&(0x7f0000000740), 0x6e, 0x0}, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f00000006c0)={'batadv_slave_1\x00', 0x0}) ioctl$sock_ipv6_tunnel_SIOCCHGPRL(r2, 0x89f7, &(0x7f0000000780)={'sit0\x00', &(0x7f0000000700)={'sit0\x00', r3, 0x4, 0x9, 0x1, 0x3, 0x50, @private2={0xfc, 0x2, '\x00', 0x1}, @empty, 0x80, 0x20, 0xd64c, 0xfff}}) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000080)={'batadv0\x00', 0x0}) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f00000000c0)={'batadv0\x00', 0x0}) sendmsg$TEAM_CMD_PORT_LIST_GET(r0, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000100)={&(0x7f0000000340)={0x350, 0x0, 0x200, 0x70bd27, 0x25dfdbff, {}, [{{0x8}, {0x40, 0x2, 0x0, 0x1, [{0x3c, 0x1, @enabled={{{0x24}, {0x5}, {0x4}}, {0x8}}}]}}, {{0x8}, {0x1b8, 0x2, 0x0, 0x1, [{0x38, 0x1, @notify_peers_count={{0x24}, {0x5}, {0x8, 0x4, 0x4}}}, {0x40, 0x1, @queue_id={{{0x24}, {0x5}, {0x8, 0x4, 0x7}}, {0x8}}}, {0x40, 0x1, @lb_port_stats={{{0x24}, {0x5}, {0x8, 0x4, 0xfffffff9}}, {0x8}}}, {0x40, 0x1, @lb_tx_hash_to_port_mapping={{{0x24}, {0x5}, {0x8}}, {0x8}}}, {0x4c, 0x1, @lb_tx_method={{0x24}, {0x5}, {0x19, 0x4, 'hash_to_port_mapping\x00'}}}, {0x38, 0x1, @mcast_rejoin_count={{0x24}, {0x5}, {0x8, 0x4, 0x9}}}, {0x38, 0x1, @mcast_rejoin_count={{0x24}, {0x5}, {0x8, 0x4, 0x1}}}]}}, {{0x8, 0x1, r1}, {0x12c, 0x2, 0x0, 0x1, [{0x38, 0x1, @mcast_rejoin_interval={{0x24}, {0x5}, {0x8, 0x4, 0x8}}}, {0x38, 0x1, @lb_stats_refresh_interval={{0x24}, {0x5}, {0x8, 0x4, 0x7}}}, {0x40, 0x1, @lb_tx_hash_to_port_mapping={{{0x24}, {0x5}, {0x8}}, {0x8}}}, {0x3c, 0x1, @enabled={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r4}}}, {0x3c, 0x1, @enabled={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r5}}}]}}]}, 0x350}, 0x1, 0x0, 0x0, 0x24008000}, 0x24008080) write$nbd(r0, 0x0, 0xe7) write$nbd(r0, &(0x7f00000001c0)={0x67446698, 0x0, 0x40, 0x0, 0x0, "e2a7408a1f579402ef0cc130e5f09f96c495332eb4e2126087ac947b6db0a4fffc70ff169f8efe1979c9a58b5bf9b5fb55aca9afbc5bc3c9b80cfdeec4ef3f62191089d9afbcdf38877c650bdd06dd15c3d57c5fd94c47e31f9d26da023fc2e9f264fc5a25aea66fe3b7eb08cb719227145aee941d9fab4eb5ace4c33cd03fca1d50517f8638c52c607c29b0896f53042b71346ce14592a0dc8065cba7585ced5818ce4fe6070509c0ba46a91485165bb1056efa873529db019b42effbf290dab230a0044fa4e06b45e2233854971e84c6cc7cf2689bc88eac3b4c58750fdf9fc59feeab1206c088d7acecd3d669472916ff8b46c80229c0e0e6f378c8b9e73b1b1aaf02fddeb91d5c99fafa2469728c7781517bdd59f146c63631ed9ffc4f4068dbaa09dc7171aaf451a693435d56c8034dd54c6b9882fa3accf380000000000000000000"}, 0x155) [ 2862.996160][T20237] FAULT_INJECTION: forcing a failure. [ 2862.996160][T20237] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2863.009284][T20237] CPU: 1 PID: 20237 Comm: syz-executor.2 Not tainted 5.14.0-rc4-syzkaller #0 [ 2863.018045][T20237] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2863.028104][T20237] Call Trace: [ 2863.031387][T20237] dump_stack_lvl+0xb7/0x103 [ 2863.035979][T20237] dump_stack+0x11/0x1a [ 2863.040129][T20237] should_fail+0x23c/0x250 [ 2863.044568][T20237] should_fail_usercopy+0x16/0x20 [ 2863.049615][T20237] copy_page_from_iter_atomic+0x2c1/0xba0 [ 2863.055345][T20237] ? shmem_write_begin+0x7e/0x100 [ 2863.060371][T20237] generic_perform_write+0x1df/0x3c0 [ 2863.065740][T20237] ? shmem_write_begin+0x100/0x100 [ 2863.070895][T20237] __generic_file_write_iter+0x161/0x300 [ 2863.076529][T20237] ? generic_write_checks+0x242/0x290 [ 2863.081959][T20237] generic_file_write_iter+0x75/0x130 [ 2863.087411][T20237] vfs_write+0x69d/0x770 [ 2863.091656][T20237] ksys_write+0xce/0x180 [ 2863.095913][T20237] __x64_sys_write+0x3e/0x50 [ 2863.100583][T20237] do_syscall_64+0x3d/0x90 [ 2863.105002][T20237] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 2863.110899][T20237] RIP: 0033:0x4665e9 [ 2863.114783][T20237] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2863.115552][T20248] loop5: detected capacity change from 0 to 264192 [ 2863.134399][T20237] RSP: 002b:00007fdb39a02188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2863.134430][T20237] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665e9 [ 2863.134440][T20237] RDX: 00000000fffffdef RSI: 0000000020000480 RDI: 0000000000000003 [ 2863.134451][T20237] RBP: 00007fdb39a021d0 R08: 0000000000000000 R09: 0000000000000000 [ 2863.173336][T20237] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2863.181390][T20237] R13: 00007ffca9e2055f R14: 00007fdb39a02300 R15: 0000000000022000 [ 2863.184334][T20248] FAT-fs (loop5): invalid media value (0xe1) 07:39:14 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf1000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 07:39:14 executing program 3: ioctl$VT_SETMODE(0xffffffffffffffff, 0x5602, &(0x7f0000000040)={0x8, 0x14, 0x3, 0x7, 0x5}) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) setsockopt$netlink_NETLINK_RX_RING(r0, 0x10e, 0x6, &(0x7f0000000000)={0x3f, 0x5e, 0x1, 0x1f}, 0x10) socket$nl_netfilter(0x10, 0x3, 0xc) r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r1, &(0x7f0000000480)=ANY=[], 0xe7) setsockopt$inet6_udp_encap(r1, 0x11, 0x64, &(0x7f00000000c0)=0x5, 0x4) write$nbd(r1, &(0x7f0000000080)={0x67446698, 0x0, 0x0, 0x0, 0xffffffff}, 0x10) 07:39:14 executing program 0: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, 0x0, 0xe7) r1 = syz_open_dev$ttys(0xc, 0x2, 0x0) ioctl$TIOCL_PASTESEL(r1, 0x541c, &(0x7f0000000000)) write$nbd(r0, &(0x7f0000000080), 0x10) 07:39:14 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf1010000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 07:39:14 executing program 3: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x478501, 0x0) r1 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) ioctl$KDSKBMODE(r1, 0x4b45, 0x0) r2 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) ioctl$KDSKBMODE(r2, 0x4b45, 0x0) write$nbd(r0, &(0x7f0000000200)=ANY=[@ANYRES64=0x0, @ANYRESDEC=r1, @ANYRES64=r2, @ANYRESDEC=r0, @ANYBLOB="34403433adb72b005113806bf21cc0c102eed68609d925a4572cf6dabca7a0c725aa15bdfb36e73afb82b7c6ed3832563abf6e1c8b230e6ef6"], 0xe7) setsockopt$netlink_NETLINK_DROP_MEMBERSHIP(r0, 0x10e, 0x2, &(0x7f0000000000)=0x5, 0x4) r3 = openat$vcsa(0xffffffffffffff9c, &(0x7f0000000040), 0x4000, 0x0) ioctl$SNDRV_SEQ_IOCTL_DELETE_PORT(r3, 0x40a85321, &(0x7f00000000c0)={{0x4, 0x89}, 'port0\x00', 0x4, 0x10081, 0x400, 0x5, 0xfffff000, 0x5, 0x12, 0x0, 0x6, 0xf7}) setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r3, 0x10e, 0x1, &(0x7f00000001c0)=0x10, 0x4) write$nbd(r0, &(0x7f0000000080), 0x10) [ 2863.195427][T20248] FAT-fs (loop5): Can't find a valid FAT filesystem 07:39:14 executing program 0: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, 0x0, 0xe7) write$nbd(r0, &(0x7f0000000080)={0x67446698, 0x0, 0x1, 0x4}, 0x10) 07:39:14 executing program 4: openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000700), 0x40000, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) recvmsg$unix(r2, &(0x7f0000000200)={&(0x7f0000000280), 0x87, 0x0, 0x0, 0x0, 0x52}, 0x2100) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TIMER(r1, 0xc0605345, &(0x7f0000000040)={0x8, 0x2, {0xffffffffffffffff, 0x0, 0x8, 0x0, 0xffff}, 0x2}) write$nbd(r0, 0x0, 0x7fffffffffffffff) r3 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000700), 0x40000, 0x0) recvmsg$unix(r3, &(0x7f0000000b80)={&(0x7f0000000740), 0x6e, 0x0}, 0x0) openat$nvram(0xffffffffffffff9c, &(0x7f0000000240), 0x40, 0x0) r4 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000700), 0x40000, 0x0) recvmsg$unix(r4, &(0x7f0000000b80)={&(0x7f0000000740), 0x6e, 0x0}, 0x0) 07:39:14 executing program 3: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) r1 = openat$vcsa(0xffffffffffffff9c, &(0x7f00000000c0), 0x2a0000, 0x0) syz_open_pts(r1, 0x440001) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xe7) r2 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000700), 0x40000, 0x0) recvmsg$unix(r2, &(0x7f0000000b80)={&(0x7f0000000740), 0x6e, 0x0}, 0x0) ioctl$VT_RESIZEX(r1, 0x560a, &(0x7f0000000100)={0x1000, 0x2, 0x100, 0x9, 0x6, 0x13c8}) pidfd_send_signal(r2, 0x36, &(0x7f0000000000)={0x0, 0x2}, 0x0) write$nbd(r0, &(0x7f0000000080), 0x10) socket$packet(0x11, 0x2, 0x300) 07:39:14 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf1020000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 07:39:14 executing program 5: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x0, 0x2, &(0x7f0000000440)=[{0x0, 0x0, 0x100000000}, {&(0x7f0000000400)="b6e4ba5e97a999bfce4e9bf4475031d183cbe1", 0x13, 0x3}], 0xf, &(0x7f0000000000)={[{@fat=@time_offset={'time_offset', 0x3d, 0xfffffffffffffc11}}]}) 07:39:14 executing program 0: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r0, 0x89f1, &(0x7f0000000000)={'sit0\x00', &(0x7f0000000080)={'ip6gre0\x00', 0x0, 0x4, 0xfa, 0x3f, 0x40, 0x62, @private1={0xfc, 0x1, '\x00', 0x1}, @empty, 0x20, 0x80, 0x1, 0x9}}) write$nbd(r0, 0x0, 0xe7) write$nbd(r0, &(0x7f0000000040)={0x67446698, 0x10001, 0x1, 0x0, 0x0, "7efce30712898dd89ba447710be1b34da8d2f3184eaca4b3fc57f9415141eef135"}, 0x31) 07:39:14 executing program 2 (fault-call:1 fault-nth:59): r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xfffffdef) [ 2863.973840][T20292] loop5: detected capacity change from 0 to 264192 [ 2863.990352][T20297] FAULT_INJECTION: forcing a failure. [ 2863.990352][T20297] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 2864.003598][T20297] CPU: 0 PID: 20297 Comm: syz-executor.2 Not tainted 5.14.0-rc4-syzkaller #0 [ 2864.012354][T20297] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2864.022446][T20297] Call Trace: [ 2864.025721][T20297] dump_stack_lvl+0xb7/0x103 [ 2864.030306][T20297] dump_stack+0x11/0x1a [ 2864.034483][T20297] should_fail+0x23c/0x250 [ 2864.037037][T20292] FAT-fs (loop5): invalid media value (0xe1) [ 2864.038973][T20297] __alloc_pages+0x102/0x320 [ 2864.038996][T20297] alloc_pages_vma+0x513/0x680 [ 2864.044959][T20292] FAT-fs (loop5): Can't find a valid FAT filesystem [ 2864.049525][T20297] shmem_getpage_gfp+0x954/0x13d0 [ 2864.049555][T20297] shmem_write_begin+0x7e/0x100 [ 2864.049572][T20297] generic_perform_write+0x196/0x3c0 [ 2864.076159][T20297] ? shmem_write_begin+0x100/0x100 [ 2864.081381][T20297] __generic_file_write_iter+0x161/0x300 [ 2864.087110][T20297] ? generic_write_checks+0x242/0x290 [ 2864.092484][T20297] generic_file_write_iter+0x75/0x130 [ 2864.097863][T20297] vfs_write+0x69d/0x770 [ 2864.102271][T20297] ksys_write+0xce/0x180 [ 2864.106572][T20297] __x64_sys_write+0x3e/0x50 [ 2864.111242][T20297] do_syscall_64+0x3d/0x90 [ 2864.115670][T20297] entry_SYSCALL_64_after_hwframe+0x44/0xae 07:39:14 executing program 3: ioctl$SNDRV_SEQ_IOCTL_UNSUBSCRIBE_PORT(0xffffffffffffffff, 0x40505331, &(0x7f0000000000)={{0x2, 0xd0}, {0x80, 0x1}, 0x3, 0x1, 0x5}) r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TEAM_CMD_NOOP(r1, &(0x7f00000031c0)={&(0x7f0000002c40)={0x10, 0x0, 0x0, 0x8800200}, 0xc, &(0x7f0000003180)={&(0x7f0000002e80)={0x14}, 0x14}}, 0x0) ioctl$sock_inet6_udp_SIOCOUTQ(0xffffffffffffffff, 0x5411, &(0x7f00000002c0)) sendmsg$BATADV_CMD_GET_NEIGHBORS(r1, &(0x7f0000000280)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000240)={&(0x7f00000001c0)={0x50, 0x0, 0x1, 0x70bd2c, 0x25dfdbfc, {}, [@BATADV_ATTR_NETWORK_CODING_ENABLED={0x5}, @BATADV_ATTR_VLANID={0x6, 0x28, 0x2}, @BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5}, @BATADV_ATTR_GW_BANDWIDTH_UP={0x8}, @BATADV_ATTR_THROUGHPUT_OVERRIDE={0x8, 0x3b, 0x8b10}, @BATADV_ATTR_ELP_INTERVAL={0x8, 0x3a, 0x7}, @BATADV_ATTR_ORIG_ADDRESS={0xa, 0x9, @random="2e4a4120519c"}]}, 0x50}, 0x1, 0x0, 0x0, 0x41}, 0x4c801) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xe7) write$nbd(r0, &(0x7f0000000080), 0x10) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TIMER(r0, 0x40605346, &(0x7f00000000c0)={0x52d7, 0x1, {0x0, 0x0, 0xffff0001, 0x3, 0x2}, 0x3}) 07:39:15 executing program 0: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, 0x0, 0xe7) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f00000000c0)={0x5, 0xfffffff9, 0x1, 'queue0\x00', 0x800}) write$nbd(r0, &(0x7f0000000080), 0x6) 07:39:15 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf1030000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 07:39:15 executing program 0: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(r0, 0x4058534c, &(0x7f0000000000)={0x95, 0x8, 0x1, 0x6, 0x10000, 0x40}) write$nbd(r0, 0x0, 0xe7) write$nbd(r0, &(0x7f0000000080), 0x10) [ 2864.121560][T20297] RIP: 0033:0x4665e9 [ 2864.125474][T20297] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2864.145178][T20297] RSP: 002b:00007fdb39a02188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2864.153587][T20297] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665e9 [ 2864.161552][T20297] RDX: 00000000fffffdef RSI: 0000000020000480 RDI: 0000000000000003 07:39:15 executing program 3: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000700), 0x40000, 0x0) recvmsg$unix(r1, &(0x7f0000000b80)={&(0x7f0000000740), 0x6e, 0x0}, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x2000000, 0x50, r1, 0x10000000) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xe7) write$nbd(r0, &(0x7f0000000080), 0x10) 07:39:15 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf1040000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 2864.169534][T20297] RBP: 00007fdb39a021d0 R08: 0000000000000000 R09: 0000000000000000 [ 2864.177507][T20297] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2864.185480][T20297] R13: 00007ffca9e2055f R14: 00007fdb39a02300 R15: 0000000000022000 [ 2864.237192][T20292] loop5: detected capacity change from 0 to 264192 [ 2864.257274][T20292] FAT-fs (loop5): invalid media value (0xe1) [ 2864.263317][T20292] FAT-fs (loop5): Can't find a valid FAT filesystem 07:39:15 executing program 4: openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000700), 0x40000, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) recvmsg$unix(r2, &(0x7f0000000200)={&(0x7f0000000280), 0x87, 0x0, 0x0, 0x0, 0x52}, 0x2100) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TIMER(r1, 0xc0605345, &(0x7f0000000040)={0x8, 0x2, {0xffffffffffffffff, 0x0, 0x8, 0x0, 0xffff}, 0x2}) write$nbd(r0, 0x0, 0x7fffffffffffffff) r3 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000700), 0x40000, 0x0) recvmsg$unix(r3, &(0x7f0000000b80)={&(0x7f0000000740), 0x6e, 0x0}, 0x0) openat$nvram(0xffffffffffffff9c, &(0x7f0000000240), 0x40, 0x0) openat$bsg(0xffffffffffffff9c, &(0x7f0000000700), 0x40000, 0x0) 07:39:15 executing program 0: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x10800, 0x0) openat$nvram(0xffffffffffffff9c, &(0x7f0000000040), 0x4000, 0x0) socket(0x11, 0x1, 0x7) pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$nbd(r1, 0x0, 0xe7) write$nbd(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="676ed5000000000000b2123c00b62d40"], 0x10) 07:39:15 executing program 3: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000000)) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xe7) write$nbd(r0, &(0x7f0000000080), 0x10) 07:39:15 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf2000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 07:39:15 executing program 5: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x0, 0x2, &(0x7f0000000440)=[{0x0, 0x0, 0x100000000}, {&(0x7f0000000400)="b6e4ba5e97a999bfce4e9bf4475031d183cbe1", 0x13, 0x3}], 0x10, &(0x7f0000000000)={[{@fat=@time_offset={'time_offset', 0x3d, 0xfffffffffffffc11}}]}) 07:39:15 executing program 2 (fault-call:1 fault-nth:60): r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xfffffdef) 07:39:15 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf2010000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 2864.892379][T20346] FAULT_INJECTION: forcing a failure. [ 2864.892379][T20346] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2864.905554][T20346] CPU: 0 PID: 20346 Comm: syz-executor.2 Not tainted 5.14.0-rc4-syzkaller #0 [ 2864.914346][T20346] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2864.924394][T20346] Call Trace: [ 2864.927666][T20346] dump_stack_lvl+0xb7/0x103 [ 2864.932253][T20346] dump_stack+0x11/0x1a [ 2864.936402][T20346] should_fail+0x23c/0x250 07:39:15 executing program 0: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x140b80, 0x0) write$nbd(r0, 0x0, 0xe7) write$nbd(r0, &(0x7f0000000080), 0x10) [ 2864.940820][T20346] should_fail_usercopy+0x16/0x20 [ 2864.945893][T20346] copy_page_from_iter_atomic+0x2c1/0xba0 [ 2864.951685][T20346] ? shmem_write_begin+0x7e/0x100 [ 2864.956703][T20346] generic_perform_write+0x1df/0x3c0 [ 2864.962083][T20346] ? shmem_write_begin+0x100/0x100 [ 2864.967191][T20346] __generic_file_write_iter+0x161/0x300 [ 2864.972838][T20346] ? generic_write_checks+0x242/0x290 [ 2864.978253][T20346] generic_file_write_iter+0x75/0x130 [ 2864.982571][T20347] loop5: detected capacity change from 0 to 264192 [ 2864.983632][T20346] vfs_write+0x69d/0x770 [ 2864.994362][T20346] ksys_write+0xce/0x180 [ 2864.998678][T20346] __x64_sys_write+0x3e/0x50 [ 2865.003318][T20346] do_syscall_64+0x3d/0x90 [ 2865.007779][T20346] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 2865.010230][T20347] FAT-fs (loop5): invalid media value (0xe1) [ 2865.013672][T20346] RIP: 0033:0x4665e9 [ 2865.013689][T20346] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 07:39:15 executing program 3: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x10800, 0x0) openat$nvram(0xffffffffffffff9c, &(0x7f0000000040), 0x4000, 0x0) socket(0x11, 0x1, 0x7) pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$nbd(r1, 0x0, 0xe7) write$nbd(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="676ed5000000000000b2123c00b62d40"], 0x10) [ 2865.019693][T20347] FAT-fs (loop5): Can't find a valid FAT filesystem [ 2865.023543][T20346] RSP: 002b:00007fdb39a02188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2865.058110][T20346] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665e9 [ 2865.066081][T20346] RDX: 00000000fffffdef RSI: 0000000020000480 RDI: 0000000000000003 [ 2865.074081][T20346] RBP: 00007fdb39a021d0 R08: 0000000000000000 R09: 0000000000000000 [ 2865.082046][T20346] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 07:39:16 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf2020000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 07:39:16 executing program 0: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, 0x0, 0xe7) write$nbd(r0, &(0x7f0000000080)={0x67446698, 0x0, 0x0, 0x0, 0x1}, 0x10) 07:39:16 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf2030000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 2865.090021][T20346] R13: 00007ffca9e2055f R14: 00007fdb39a02300 R15: 0000000000022000 [ 2865.136349][T20347] loop5: detected capacity change from 0 to 264192 [ 2865.150259][T20347] FAT-fs (loop5): invalid media value (0xe1) [ 2865.156266][T20347] FAT-fs (loop5): Can't find a valid FAT filesystem 07:39:16 executing program 4: openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000700), 0x40000, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) recvmsg$unix(r2, &(0x7f0000000200)={&(0x7f0000000280), 0x87, 0x0, 0x0, 0x0, 0x52}, 0x2100) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TIMER(r1, 0xc0605345, &(0x7f0000000040)={0x8, 0x2, {0xffffffffffffffff, 0x0, 0x8, 0x0, 0xffff}, 0x2}) write$nbd(r0, 0x0, 0x7fffffffffffffff) r3 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000700), 0x40000, 0x0) recvmsg$unix(r3, &(0x7f0000000b80)={&(0x7f0000000740), 0x6e, 0x0}, 0x0) openat$nvram(0xffffffffffffff9c, &(0x7f0000000240), 0x40, 0x0) 07:39:16 executing program 0: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) recvmsg$unix(r0, &(0x7f0000000480)={&(0x7f0000000000)=@abs, 0x6e, &(0x7f00000003c0)=[{&(0x7f00000000c0)=""/147, 0x93}, {&(0x7f00000001c0)=""/203, 0xcb}, {&(0x7f00000002c0)=""/102, 0x66}, {&(0x7f0000000340)=""/81, 0x51}], 0x4, &(0x7f0000000400)=[@rights={{0x1c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x1c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c, 0x1, 0x2, {0x0}}}], 0x78}, 0x2005) pidfd_getfd(r1, r0, 0x0) r3 = perf_event_open(&(0x7f00000005c0)={0x4, 0x80, 0x7, 0x1, 0x40, 0x20, 0x0, 0x101, 0x1006, 0x2, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x7fff, 0x4, @perf_bp={&(0x7f0000000580), 0x8}, 0x8, 0x9, 0x1c, 0x8, 0x9, 0x9, 0x9, 0x0, 0x0, 0x0, 0x40}, r2, 0xe, 0xffffffffffffffff, 0xb) perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x1, 0x80, 0x9, 0x3, 0x0, 0xffffffffffffffbd, 0x80182, 0x45bc840d9134d26b, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x3, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x10000, 0x1, @perf_bp={&(0x7f00000004c0), 0xd}, 0x51b9, 0x2, 0x8, 0x9, 0x8000, 0x80, 0x0, 0x0, 0x10001, 0x0, 0x2}, 0xffffffffffffffff, 0xffffffffffffffff, r3, 0x8) write$nbd(r0, 0x0, 0xe7) write$nbd(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="67446600000000000000000010"], 0x10) 07:39:16 executing program 3: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x10800, 0x0) openat$nvram(0xffffffffffffff9c, &(0x7f0000000040), 0x4000, 0x0) socket(0x11, 0x1, 0x7) pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$nbd(r1, 0x0, 0xe7) write$nbd(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="676ed5000000000000b2123c00b62d40"], 0x10) 07:39:16 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf2040000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 07:39:16 executing program 5: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x0, 0x2, &(0x7f0000000440)=[{0x0, 0x0, 0x100000000}, {&(0x7f0000000400)="b6e4ba5e97a999bfce4e9bf4475031d183cbe1", 0x13, 0x3}], 0x11, &(0x7f0000000000)={[{@fat=@time_offset={'time_offset', 0x3d, 0xfffffffffffffc11}}]}) 07:39:16 executing program 2 (fault-call:1 fault-nth:61): r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xfffffdef) [ 2865.854765][T20395] FAULT_INJECTION: forcing a failure. [ 2865.854765][T20395] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 2865.856946][T20401] loop5: detected capacity change from 0 to 264192 [ 2865.868025][T20395] CPU: 1 PID: 20395 Comm: syz-executor.2 Not tainted 5.14.0-rc4-syzkaller #0 [ 2865.883259][T20395] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2865.893312][T20395] Call Trace: [ 2865.896609][T20395] dump_stack_lvl+0xb7/0x103 [ 2865.899280][T20401] FAT-fs (loop5): invalid media value (0xe1) [ 2865.901200][T20395] dump_stack+0x11/0x1a [ 2865.907183][T20401] FAT-fs (loop5): Can't find a valid FAT filesystem [ 2865.911309][T20395] should_fail+0x23c/0x250 [ 2865.911336][T20395] __alloc_pages+0x102/0x320 [ 2865.926855][T20395] alloc_pages_vma+0x513/0x680 [ 2865.931623][T20395] shmem_getpage_gfp+0x954/0x13d0 [ 2865.936655][T20395] shmem_write_begin+0x7e/0x100 [ 2865.941496][T20395] generic_perform_write+0x196/0x3c0 [ 2865.946867][T20395] ? shmem_write_begin+0x100/0x100 07:39:16 executing program 0: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r0, 0x89f1, &(0x7f0000000140)={'syztnl0\x00', &(0x7f00000000c0)={'syztnl2\x00', 0x0, 0x4, 0x7, 0xa1, 0x6, 0x18, @mcast2, @empty, 0x1, 0x0, 0xf4, 0x3}}) sendmsg$TEAM_CMD_PORT_LIST_GET(r0, &(0x7f0000000440)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000000400)={&(0x7f00000001c0)={0x210, 0x0, 0x100, 0x70bd2d, 0x25dfdbff, {}, [{{0x8}, {0x1f4, 0x2, 0x0, 0x1, [{0x40, 0x1, @lb_tx_hash_to_port_mapping={{{0x24}, {0x5}, {0x8}}, {0x8}}}, {0x38, 0x1, @mcast_rejoin_count={{0x24}, {0x5}, {0x8}}}, {0x40, 0x1, @lb_hash_stats={{{0x24}, {0x5}, {0x8, 0x4, 0xfffffffc}}, {0x8}}}, {0x38, 0x1, @lb_stats_refresh_interval={{0x24}, {0x5}, {0x8, 0x4, 0x28}}}, {0x38, 0x1, @notify_peers_count={{0x24}, {0x5}, {0x8, 0x4, 0x81}}}, {0x3c, 0x1, @lb_tx_method={{0x24}, {0x5}, {0x9, 0x4, 'hash\x00'}}}, {0x4c, 0x1, @lb_tx_method={{0x24}, {0x5}, {0x19, 0x4, 'hash_to_port_mapping\x00'}}}, {0x40, 0x1, @priority={{{0x24}, {0x5}, {0x8}}, {0x8, 0x6, r1}}}]}}]}, 0x210}, 0x1, 0x0, 0x0, 0x20000000}, 0x200080a0) write$nbd(r0, 0x0, 0xe7) write$nbd(r0, &(0x7f0000000080), 0x10) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000000)) 07:39:16 executing program 0: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) recvmsg$unix(0xffffffffffffffff, &(0x7f0000001640)={&(0x7f0000000100)=@abs, 0x6e, &(0x7f0000001480)=[{&(0x7f00000001c0)=""/122, 0x7a}, {&(0x7f0000000240)=""/232, 0xe8}, {&(0x7f0000000340)=""/106, 0x6a}, {&(0x7f00000003c0)=""/171, 0xab}, {&(0x7f0000000480)=""/4096, 0x1000}], 0x5, &(0x7f0000001500)=[@rights={{0x34, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @rights={{0x1c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}, @cred={{0x1c}}, @rights={{0x1c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x30, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}], 0x120}, 0x40002042) r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000700), 0x40000, 0x0) recvmsg$unix(r1, &(0x7f0000000b80)={&(0x7f0000000740), 0x6e, 0x0}, 0x0) r2 = openat$nvram(0xffffffffffffff9c, &(0x7f0000001680), 0x20a201, 0x0) write$nbd(r2, 0x0, 0xe7) setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r0, 0x10e, 0x1, &(0x7f0000000000)=0x12, 0x4) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000040), &(0x7f00000000c0)=0xc) write$nbd(r0, &(0x7f0000000080)={0x67446698, 0x3, 0x807, 0x1}, 0x10) 07:39:16 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf3000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 07:39:16 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf3010000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 2865.952010][T20395] __generic_file_write_iter+0x161/0x300 [ 2865.957656][T20395] ? generic_write_checks+0x242/0x290 [ 2865.963029][T20395] generic_file_write_iter+0x75/0x130 [ 2865.968406][T20395] vfs_write+0x69d/0x770 [ 2865.972647][T20395] ksys_write+0xce/0x180 [ 2865.976884][T20395] __x64_sys_write+0x3e/0x50 [ 2865.981471][T20395] do_syscall_64+0x3d/0x90 [ 2865.985880][T20395] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 2865.991807][T20395] RIP: 0033:0x4665e9 07:39:16 executing program 3: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x10800, 0x0) openat$nvram(0xffffffffffffff9c, &(0x7f0000000040), 0x4000, 0x0) socket(0x11, 0x1, 0x7) pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$nbd(r1, 0x0, 0xe7) write$nbd(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="676ed5000000000000b2123c00b62d40"], 0x10) [ 2865.995693][T20395] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2866.015387][T20395] RSP: 002b:00007fdb39a02188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2866.023792][T20395] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665e9 [ 2866.031760][T20395] RDX: 00000000fffffdef RSI: 0000000020000480 RDI: 0000000000000003 [ 2866.039730][T20395] RBP: 00007fdb39a021d0 R08: 0000000000000000 R09: 0000000000000000 [ 2866.047729][T20395] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 07:39:16 executing program 3: openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x10800, 0x0) openat$nvram(0xffffffffffffff9c, &(0x7f0000000040), 0x4000, 0x0) socket(0x11, 0x1, 0x7) pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$nbd(r0, 0x0, 0xe7) [ 2866.055766][T20395] R13: 00007ffca9e2055f R14: 00007fdb39a02300 R15: 0000000000022000 [ 2866.106676][T20401] loop5: detected capacity change from 0 to 264192 [ 2866.121768][T20401] FAT-fs (loop5): invalid media value (0xe1) [ 2866.127783][T20401] FAT-fs (loop5): Can't find a valid FAT filesystem 07:39:17 executing program 4: openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000700), 0x40000, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) recvmsg$unix(r2, &(0x7f0000000200)={&(0x7f0000000280), 0x87, 0x0, 0x0, 0x0, 0x52}, 0x2100) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TIMER(r1, 0xc0605345, &(0x7f0000000040)={0x8, 0x2, {0xffffffffffffffff, 0x0, 0x8, 0x0, 0xffff}, 0x2}) write$nbd(r0, 0x0, 0x7fffffffffffffff) r3 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000700), 0x40000, 0x0) recvmsg$unix(r3, &(0x7f0000000b80)={&(0x7f0000000740), 0x6e, 0x0}, 0x0) 07:39:17 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf3020000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 07:39:17 executing program 2 (fault-call:1 fault-nth:62): r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xfffffdef) 07:39:17 executing program 0: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, 0x0, 0xe7) ioctl$TIOCGPTPEER(r0, 0x5441, 0x0) r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000700), 0x40000, 0x0) recvmsg$unix(r1, &(0x7f0000000b80)={&(0x7f0000000740), 0x6e, 0x0}, 0x0) write$cgroup_devices(r1, &(0x7f0000000000)={'c', ' *:* ', 'r\x00'}, 0x8) write$nbd(r0, &(0x7f0000000080), 0x10) 07:39:17 executing program 3: openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x10800, 0x0) openat$nvram(0xffffffffffffff9c, &(0x7f0000000040), 0x4000, 0x0) socket(0x11, 0x1, 0x7) write$nbd(0xffffffffffffffff, 0x0, 0xe7) 07:39:17 executing program 5: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x0, 0x2, &(0x7f0000000440)=[{0x0, 0x0, 0x100000000}, {&(0x7f0000000400)="b6e4ba5e97a999bfce4e9bf4475031d183cbe1", 0x13, 0x3}], 0x12, &(0x7f0000000000)={[{@fat=@time_offset={'time_offset', 0x3d, 0xfffffffffffffc11}}]}) [ 2866.810489][T20441] loop5: detected capacity change from 0 to 264192 [ 2866.827705][T20446] FAULT_INJECTION: forcing a failure. [ 2866.827705][T20446] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2866.840789][T20446] CPU: 1 PID: 20446 Comm: syz-executor.2 Not tainted 5.14.0-rc4-syzkaller #0 [ 2866.842208][T20441] FAT-fs (loop5): invalid media value (0xe1) [ 2866.849544][T20446] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2866.849558][T20446] Call Trace: [ 2866.849565][T20446] dump_stack_lvl+0xb7/0x103 [ 2866.849618][T20446] dump_stack+0x11/0x1a [ 2866.849646][T20446] should_fail+0x23c/0x250 [ 2866.855753][T20441] FAT-fs (loop5): Can't find a valid FAT filesystem [ 2866.865788][T20446] should_fail_usercopy+0x16/0x20 [ 2866.865816][T20446] copy_page_from_iter_atomic+0x2c1/0xba0 [ 2866.899419][T20446] ? shmem_write_begin+0x7e/0x100 [ 2866.904449][T20446] generic_perform_write+0x1df/0x3c0 07:39:17 executing program 0: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, 0x0, 0xe7) write$nbd(r0, &(0x7f0000000000)=ANY=[@ANYBLOB="67446698feffffff000000000000000097a753852ea83542637955dae0671713b6efb388269a970f359901000100000000001ca13faa3698df7944f03aaa40a2a43dc7464bab5ee7e03b854208ace1093bb94f8d0921fe7440c577d933fdfde072503135696abedf6251767fe324"], 0xfec8) 07:39:17 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf3030000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 07:39:17 executing program 3: openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x10800, 0x0) openat$nvram(0xffffffffffffff9c, &(0x7f0000000040), 0x4000, 0x0) socket(0x11, 0x1, 0x7) write$nbd(0xffffffffffffffff, 0x0, 0xe7) [ 2866.909756][T20446] ? shmem_write_begin+0x100/0x100 [ 2866.914861][T20446] __generic_file_write_iter+0x161/0x300 [ 2866.920489][T20446] ? generic_write_checks+0x242/0x290 [ 2866.925860][T20446] generic_file_write_iter+0x75/0x130 [ 2866.931244][T20446] vfs_write+0x69d/0x770 [ 2866.935491][T20446] ksys_write+0xce/0x180 [ 2866.939750][T20446] __x64_sys_write+0x3e/0x50 [ 2866.944350][T20446] do_syscall_64+0x3d/0x90 [ 2866.948810][T20446] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 2866.954806][T20446] RIP: 0033:0x4665e9 [ 2866.958692][T20446] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2866.978319][T20446] RSP: 002b:00007fdb39a02188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2866.986751][T20446] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665e9 [ 2866.994721][T20446] RDX: 00000000fffffdef RSI: 0000000020000480 RDI: 0000000000000003 [ 2867.002764][T20446] RBP: 00007fdb39a021d0 R08: 0000000000000000 R09: 0000000000000000 07:39:17 executing program 3: openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x10800, 0x0) openat$nvram(0xffffffffffffff9c, &(0x7f0000000040), 0x4000, 0x0) socket(0x11, 0x1, 0x7) write$nbd(0xffffffffffffffff, 0x0, 0xe7) 07:39:17 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf3040000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 07:39:17 executing program 0: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, 0x0, 0xe7) write$nbd(r0, &(0x7f0000000080), 0x10) socket$inet6_udplite(0xa, 0x2, 0x88) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000000), &(0x7f0000000040)=0xc) [ 2867.010731][T20446] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2867.018696][T20446] R13: 00007ffca9e2055f R14: 00007fdb39a02300 R15: 0000000000022000 [ 2867.042942][T20441] loop5: detected capacity change from 0 to 264192 [ 2867.094096][T20441] FAT-fs (loop5): invalid media value (0xe1) [ 2867.100152][T20441] FAT-fs (loop5): Can't find a valid FAT filesystem 07:39:18 executing program 4: openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000700), 0x40000, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) recvmsg$unix(r2, &(0x7f0000000200)={&(0x7f0000000280), 0x87, 0x0, 0x0, 0x0, 0x52}, 0x2100) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TIMER(r1, 0xc0605345, &(0x7f0000000040)={0x8, 0x2, {0xffffffffffffffff, 0x0, 0x8, 0x0, 0xffff}, 0x2}) write$nbd(r0, 0x0, 0x7fffffffffffffff) openat$bsg(0xffffffffffffff9c, &(0x7f0000000700), 0x40000, 0x0) 07:39:18 executing program 3: openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x10800, 0x0) openat$nvram(0xffffffffffffff9c, &(0x7f0000000040), 0x4000, 0x0) pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$nbd(r0, 0x0, 0xe7) 07:39:18 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf4000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 07:39:18 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TEAM_CMD_NOOP(r0, &(0x7f00000031c0)={&(0x7f0000002c40)={0x10, 0x0, 0x0, 0x8800200}, 0xc, &(0x7f0000003180)={&(0x7f0000002e80)={0x14}, 0x14}}, 0x0) sendmsg$BATADV_CMD_SET_VLAN(r0, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x802000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x34, 0x0, 0x300, 0x70bd2d, 0x25dfdbfc, {}, [@BATADV_ATTR_GW_MODE={0x5, 0x33, 0x1}, @BATADV_ATTR_MULTICAST_FORCEFLOOD_ENABLED={0x5}, @BATADV_ATTR_ISOLATION_MARK={0x8, 0x2b, 0x5}, @BATADV_ATTR_ISOLATION_MASK={0x8, 0x2c, 0x1000}]}, 0x34}, 0x1, 0x0, 0x0, 0x10004}, 0x800) r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r1, 0x0, 0xe7) write$nbd(r1, &(0x7f0000000080), 0x10) r2 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) ioctl$KDSKBMODE(r2, 0x4b45, 0x0) ioctl$TIOCSSOFTCAR(r2, 0x541a, &(0x7f0000000000)=0xfffffffb) 07:39:18 executing program 5: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x0, 0x2, &(0x7f0000000440)=[{0x0, 0x0, 0x100000000}, {&(0x7f0000000400)="b6e4ba5e97a999bfce4e9bf4475031d183cbe1", 0x13, 0x3}], 0x22, &(0x7f0000000000)={[{@fat=@time_offset={'time_offset', 0x3d, 0xfffffffffffffc11}}]}) 07:39:18 executing program 2 (fault-call:1 fault-nth:63): r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xfffffdef) 07:39:18 executing program 3: openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x10800, 0x0) pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$nbd(r0, 0x0, 0xe7) [ 2867.772118][T20503] loop5: detected capacity change from 0 to 264192 [ 2867.772784][T20502] FAULT_INJECTION: forcing a failure. [ 2867.772784][T20502] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 2867.791936][T20502] CPU: 1 PID: 20502 Comm: syz-executor.2 Not tainted 5.14.0-rc4-syzkaller #0 [ 2867.800797][T20502] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2867.810849][T20502] Call Trace: [ 2867.814121][T20502] dump_stack_lvl+0xb7/0x103 [ 2867.818710][T20502] dump_stack+0x11/0x1a [ 2867.822879][T20502] should_fail+0x23c/0x250 [ 2867.827303][T20502] __alloc_pages+0x102/0x320 [ 2867.831900][T20502] alloc_pages_vma+0x513/0x680 [ 2867.836686][T20502] shmem_getpage_gfp+0x954/0x13d0 [ 2867.841724][T20502] shmem_write_begin+0x7e/0x100 [ 2867.846573][T20502] generic_perform_write+0x196/0x3c0 [ 2867.851964][T20502] ? shmem_write_begin+0x100/0x100 [ 2867.857102][T20502] __generic_file_write_iter+0x161/0x300 [ 2867.862733][T20502] ? generic_write_checks+0x242/0x290 07:39:18 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf4010000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 2867.868107][T20502] generic_file_write_iter+0x75/0x130 [ 2867.873482][T20502] vfs_write+0x69d/0x770 [ 2867.877722][T20502] ksys_write+0xce/0x180 [ 2867.881957][T20502] __x64_sys_write+0x3e/0x50 [ 2867.886587][T20502] do_syscall_64+0x3d/0x90 [ 2867.891019][T20502] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 2867.896988][T20502] RIP: 0033:0x4665e9 [ 2867.900940][T20502] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 07:39:18 executing program 0: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TEAM_CMD_NOOP(r1, &(0x7f00000031c0)={&(0x7f0000002c40)={0x10, 0x0, 0x0, 0x8800200}, 0xc, &(0x7f0000003180)={&(0x7f0000002e80)={0x14}, 0x14}}, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(r1, 0x8933, &(0x7f0000000380)) write$nbd(r0, 0x0, 0xe7) write$nbd(r0, &(0x7f0000000080), 0x10) ioctl$KDSETLED(r0, 0x4b32, 0x17e3) r2 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TEAM_CMD_NOOP(r2, &(0x7f00000031c0)={&(0x7f0000002c40)={0x10, 0x0, 0x0, 0x8800200}, 0xc, &(0x7f0000003180)={&(0x7f0000002e80)=ANY=[@ANYBLOB='\x00\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB='\x00'/14], 0x14}}, 0x0) r3 = pidfd_getfd(r0, r2, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$ifreq_SIOCGIFINDEX_team(r4, 0x8933, &(0x7f0000000140)={'team0\x00', 0x0}) sendmsg$TEAM_CMD_OPTIONS_GET(r5, &(0x7f0000000240)={&(0x7f0000000100), 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0x20, 0x0, 0x200, 0x70bd2c, 0x25dfdbfd, {}, [{{0x8, 0x1, r6}, {0x4}}]}, 0x20}, 0x1, 0x0, 0x0, 0x20008880}, 0x4) sendmsg$TEAM_CMD_NOOP(r4, &(0x7f00000031c0)={&(0x7f0000002c40)={0x10, 0x0, 0x0, 0x8800200}, 0xc, &(0x7f0000003180)={&(0x7f0000002e80)={0x14}, 0x14}}, 0x0) getsockopt$sock_cred(r4, 0x1, 0x11, &(0x7f0000000000), &(0x7f00000000c0)=0xc) sendmsg$NLBL_MGMT_C_ADDDEF(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000300)={&(0x7f00000002c0)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000427bd7000ffdbdf2504000000080004800100000008000c00020000000500010000000000"], 0x2c}, 0x1, 0x0, 0x0, 0x20000001}, 0x1) syz_genetlink_get_family_id$team(&(0x7f0000000040), r3) 07:39:18 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf4020000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 2867.920581][T20502] RSP: 002b:00007fdb39a02188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2867.929042][T20502] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665e9 [ 2867.937012][T20502] RDX: 00000000fffffdef RSI: 0000000020000480 RDI: 0000000000000003 [ 2867.944979][T20502] RBP: 00007fdb39a021d0 R08: 0000000000000000 R09: 0000000000000000 [ 2867.952983][T20502] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2867.960994][T20502] R13: 00007ffca9e2055f R14: 00007fdb39a02300 R15: 0000000000022000 07:39:18 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf4030000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 07:39:18 executing program 3: pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$nbd(r0, 0x0, 0xe7) [ 2867.985689][T20503] loop5: detected capacity change from 0 to 264192 07:39:19 executing program 4: openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000700), 0x40000, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) recvmsg$unix(r2, &(0x7f0000000200)={&(0x7f0000000280), 0x87, 0x0, 0x0, 0x0, 0x52}, 0x2100) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TIMER(r1, 0xc0605345, &(0x7f0000000040)={0x8, 0x2, {0xffffffffffffffff, 0x0, 0x8, 0x0, 0xffff}, 0x2}) write$nbd(r0, 0x0, 0x7fffffffffffffff) 07:39:19 executing program 5: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x0, 0x2, &(0x7f0000000440)=[{0x0, 0x0, 0x100000000}, {&(0x7f0000000400)="b6e4ba5e97a999bfce4e9bf4475031d183cbe1", 0x13, 0x3}], 0x25, &(0x7f0000000000)={[{@fat=@time_offset={'time_offset', 0x3d, 0xfffffffffffffc11}}]}) 07:39:19 executing program 2 (fault-call:1 fault-nth:64): r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xfffffdef) 07:39:19 executing program 0: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000700), 0x40000, 0x0) recvmsg$unix(r1, &(0x7f0000000b80)={&(0x7f0000000740), 0x6e, 0x0}, 0x0) recvmsg$unix(r0, &(0x7f0000000580)={&(0x7f0000000100)=@abs, 0x6e, &(0x7f0000000400)=[{&(0x7f0000000bc0)=""/4096, 0x1000}, {&(0x7f00000001c0)=""/226, 0xe2}, {&(0x7f0000001bc0)=""/4096, 0x1000}, {&(0x7f0000000300)=""/16, 0x10}, {&(0x7f0000002bc0)=""/4096, 0x1000}, {&(0x7f0000000340)=""/129, 0x81}], 0x6, &(0x7f0000000480)=[@rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x30, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x24, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @cred={{0x1c}}, @cred={{0x1c}}, @rights={{0x10}}], 0xf8}, 0x20) r3 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) ioctl$KDSKBMODE(r3, 0x4b45, 0x0) ioctl$TIOCMSET(r3, 0x5418, &(0x7f00000000c0)) ioctl$TIOCL_SETSEL(r2, 0x541c, &(0x7f00000005c0)={0x2, {0x2, 0x6, 0x7f, 0x1800, 0x9, 0x10}}) openat$cgroup_devices(r1, &(0x7f0000000040)='devices.deny\x00', 0x2, 0x0) pidfd_getfd(r0, r0, 0x0) r4 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/bus/event_source', 0x101000, 0x24) write$nbd(r4, 0x0, 0xe7) write$nbd(r0, &(0x7f0000000080), 0x10) 07:39:19 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf4040000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 07:39:19 executing program 3: pipe(0x0) write$nbd(0xffffffffffffffff, 0x0, 0xe7) [ 2868.634569][T20551] loop5: detected capacity change from 0 to 264192 [ 2868.642372][T20553] FAULT_INJECTION: forcing a failure. [ 2868.642372][T20553] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2868.655429][T20553] CPU: 0 PID: 20553 Comm: syz-executor.2 Not tainted 5.14.0-rc4-syzkaller #0 [ 2868.664194][T20553] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2868.674244][T20553] Call Trace: [ 2868.677518][T20553] dump_stack_lvl+0xb7/0x103 07:39:19 executing program 0: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, 0x0, 0xe7) openat$nvram(0xffffffffffffff9c, &(0x7f0000000000), 0x80, 0x0) r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000700), 0x40000, 0x0) recvmsg$unix(r1, &(0x7f0000000b80)={&(0x7f0000000740), 0x6e, 0x0}, 0x0) r2 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000700), 0x40000, 0x0) recvmsg$unix(r2, &(0x7f0000000b80)={&(0x7f0000000740), 0x6e, 0x0}, 0x0) io_uring_setup(0x6398, &(0x7f00000000c0)={0x0, 0xbb31, 0x0, 0x1, 0xb8, 0x0, r2}) write$nbd(r1, &(0x7f0000000080), 0x10) 07:39:19 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf5000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 07:39:19 executing program 3: pipe(0x0) write$nbd(0xffffffffffffffff, 0x0, 0xe7) [ 2868.682129][T20553] dump_stack+0x11/0x1a [ 2868.686283][T20553] should_fail+0x23c/0x250 [ 2868.690715][T20553] should_fail_usercopy+0x16/0x20 [ 2868.695805][T20553] copy_page_from_iter_atomic+0x2c1/0xba0 [ 2868.701526][T20553] ? shmem_write_begin+0x7e/0x100 [ 2868.706580][T20553] generic_perform_write+0x1df/0x3c0 [ 2868.711864][T20553] ? shmem_write_begin+0x100/0x100 [ 2868.716967][T20553] __generic_file_write_iter+0x161/0x300 [ 2868.722631][T20553] ? generic_write_checks+0x242/0x290 [ 2868.728077][T20553] generic_file_write_iter+0x75/0x130 07:39:19 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf5010000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 2868.733477][T20553] vfs_write+0x69d/0x770 [ 2868.737723][T20553] ksys_write+0xce/0x180 [ 2868.742032][T20553] __x64_sys_write+0x3e/0x50 [ 2868.746634][T20553] do_syscall_64+0x3d/0x90 [ 2868.751133][T20553] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 2868.757036][T20553] RIP: 0033:0x4665e9 [ 2868.760923][T20553] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 07:39:19 executing program 0: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, 0x0, 0xe7) write$nbd(r0, &(0x7f0000000080), 0x10) r1 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000000), 0x200000, 0x0) getsockname$packet(r1, &(0x7f0000000040)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @remote}, &(0x7f00000000c0)=0x14) 07:39:19 executing program 3: pipe(0x0) write$nbd(0xffffffffffffffff, 0x0, 0xe7) [ 2868.780530][T20553] RSP: 002b:00007fdb39a02188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2868.788941][T20553] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665e9 [ 2868.796908][T20553] RDX: 00000000fffffdef RSI: 0000000020000480 RDI: 0000000000000003 [ 2868.804877][T20553] RBP: 00007fdb39a021d0 R08: 0000000000000000 R09: 0000000000000000 [ 2868.812839][T20553] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2868.820806][T20553] R13: 00007ffca9e2055f R14: 00007fdb39a02300 R15: 0000000000022000 [ 2868.845276][T20551] loop5: detected capacity change from 0 to 264192 07:39:20 executing program 4: openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)) r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000700), 0x40000, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) recvmsg$unix(r1, &(0x7f0000000200)={&(0x7f0000000280), 0x87, 0x0, 0x0, 0x0, 0x52}, 0x2100) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TIMER(r0, 0xc0605345, &(0x7f0000000040)={0x8, 0x2, {0xffffffffffffffff, 0x0, 0x8, 0x0, 0xffff}, 0x2}) 07:39:20 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf5020000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 07:39:20 executing program 0: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, 0x0, 0xe7) r1 = pidfd_getfd(r0, r0, 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_INFO(r1, 0x40bc5311, &(0x7f00000000c0)={0x3b0, 0x0, 'client0\x00', 0xffffffff80000000, "97256a76129cfc40", "07a8ddf8ed271d20981a4fc48ad2afad11a7c288efd8d4a3c6827d641df8294a", 0x10000, 0xf01}) write$nbd(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="6744669800"/16], 0x10) ioctl$KDGKBMETA(r0, 0x4b62, &(0x7f0000000000)) 07:39:20 executing program 5: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x0, 0x2, &(0x7f0000000440)=[{0x0, 0x0, 0x100000000}, {&(0x7f0000000400)="b6e4ba5e97a999bfce4e9bf4475031d183cbe1", 0x13, 0x3}], 0x48, &(0x7f0000000000)={[{@fat=@time_offset={'time_offset', 0x3d, 0xfffffffffffffc11}}]}) 07:39:20 executing program 3: pipe(&(0x7f00000000c0)) write$nbd(0xffffffffffffffff, 0x0, 0xe7) 07:39:20 executing program 2 (fault-call:1 fault-nth:65): r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xfffffdef) [ 2869.513679][T20597] loop5: detected capacity change from 0 to 264192 [ 2869.527684][T20597] FAT-fs (loop5): invalid media value (0xe1) [ 2869.532930][T20603] FAULT_INJECTION: forcing a failure. [ 2869.532930][T20603] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 2869.533711][T20597] FAT-fs (loop5): Can't find a valid FAT filesystem [ 2869.546937][T20603] CPU: 1 PID: 20603 Comm: syz-executor.2 Not tainted 5.14.0-rc4-syzkaller #0 [ 2869.562271][T20603] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2869.572373][T20603] Call Trace: [ 2869.575645][T20603] dump_stack_lvl+0xb7/0x103 [ 2869.580228][T20603] dump_stack+0x11/0x1a [ 2869.584377][T20603] should_fail+0x23c/0x250 [ 2869.588790][T20603] __alloc_pages+0x102/0x320 [ 2869.593437][T20603] alloc_pages_vma+0x513/0x680 [ 2869.598244][T20603] shmem_getpage_gfp+0x954/0x13d0 [ 2869.603272][T20603] shmem_write_begin+0x7e/0x100 [ 2869.608118][T20603] generic_perform_write+0x196/0x3c0 [ 2869.613404][T20603] ? shmem_write_begin+0x100/0x100 [ 2869.618513][T20603] __generic_file_write_iter+0x161/0x300 [ 2869.624220][T20603] ? generic_write_checks+0x242/0x290 [ 2869.629595][T20603] generic_file_write_iter+0x75/0x130 [ 2869.634977][T20603] vfs_write+0x69d/0x770 [ 2869.639277][T20603] ksys_write+0xce/0x180 [ 2869.643516][T20603] __x64_sys_write+0x3e/0x50 [ 2869.648101][T20603] do_syscall_64+0x3d/0x90 [ 2869.652576][T20603] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 2869.658500][T20603] RIP: 0033:0x4665e9 07:39:20 executing program 5: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x0, 0x2, &(0x7f0000000440)=[{0x0, 0x0, 0x100000000}, {&(0x7f0000000400)="b6e4ba5e97a999bfce4e9bf4475031d183cbe1", 0x13, 0x3}], 0x4c, &(0x7f0000000000)={[{@fat=@time_offset={'time_offset', 0x3d, 0xfffffffffffffc11}}]}) 07:39:20 executing program 3: pipe(&(0x7f00000000c0)) write$nbd(0xffffffffffffffff, 0x0, 0xe7) 07:39:20 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf5030000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 07:39:20 executing program 5: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x0, 0x2, &(0x7f0000000440)=[{0x0, 0x0, 0x100000000}, {&(0x7f0000000400)="b6e4ba5e97a999bfce4e9bf4475031d183cbe1", 0x13, 0x3}], 0x60, &(0x7f0000000000)={[{@fat=@time_offset={'time_offset', 0x3d, 0xfffffffffffffc11}}]}) 07:39:20 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf5040000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 2869.662385][T20603] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2869.682039][T20603] RSP: 002b:00007fdb39a02188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2869.690453][T20603] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665e9 [ 2869.698623][T20603] RDX: 00000000fffffdef RSI: 0000000020000480 RDI: 0000000000000003 [ 2869.706590][T20603] RBP: 00007fdb39a021d0 R08: 0000000000000000 R09: 0000000000000000 07:39:20 executing program 0: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) io_uring_setup(0x73d4, &(0x7f0000000000)={0x0, 0x3396, 0x8, 0x1, 0x2fb, 0x0, r0}) write$nbd(r0, 0x0, 0xe7) write$nbd(r0, &(0x7f0000000100)=ANY=[@ANYBLOB="674466980000000000000200000000008ad9d4277eef2743f0ab4865c4843ed2fab2166172d5b014a67c30f18ef053a59e039938e7ede5afb6e69a213570aea719b12f931e8e2f071952628fc1000036133d00000000"], 0x10) [ 2869.714625][T20603] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2869.722598][T20603] R13: 00007ffca9e2055f R14: 00007fdb39a02300 R15: 0000000000022000 [ 2869.791024][T20624] loop5: detected capacity change from 0 to 264192 [ 2869.821588][T20624] loop5: detected capacity change from 0 to 264192 07:39:21 executing program 4: openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)) openat$bsg(0xffffffffffffff9c, &(0x7f0000000700), 0x40000, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) recvmsg$unix(r0, &(0x7f0000000200)={&(0x7f0000000280), 0x87, 0x0, 0x0, 0x0, 0x52}, 0x2100) 07:39:21 executing program 3: pipe(&(0x7f00000000c0)) write$nbd(0xffffffffffffffff, 0x0, 0xe7) 07:39:21 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf6000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 07:39:21 executing program 0: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, 0x0, 0xe7) r1 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) ioctl$KDSKBMODE(r1, 0x4b45, 0x0) r2 = fork() perf_event_open(&(0x7f0000000080)={0x5, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, @perf_bp={0x0, 0xf}}, r2, 0x0, 0xffffffffffffffff, 0x0) ioctl$PIO_FONTX(r1, 0x4b6c, &(0x7f0000000900)={0x138, 0x0, &(0x7f0000000500)="06b8923fac30423e5dfb1b201b986df4d4b1d7b85e9a4f0ba21ab9e64e9cc30d94e83de237601c32e861afb69ac53ad48b8be644d50ed6a04fd72a1dc83fd4ac578ab2508b461093fa53f6c4c468d9f2d11bcc7b425571895a55a6ec3782a84738df95852f565407f75c4a65951f54b987568f9d4150b651c14ccb82e8182fd8ea2c485e1d74a5924827ad5a5c8c67b7eff03e038c8cc6c6e23806aaf5e174f931c375e4ee6f5937e4dc7c070bb1708f385d8e5d1fd4b7e1effad7efcf746e19de70a1b2b24ea937af65907ae712883ec36e5c7f6f6eb9e27472aca1263b63344f60a1a0d365fd8fb1d9410c4497e18d910e7a28de4371b02290d4f4aeb953848755b84eeeda762b996d266369144ea87f0876bf8751cbec35f21a6231be613f855e98a7935e1f7bbc45d939560620f0711301921f53dbf90c213a94343ee28db9e40be7bffce01365baad450437d643684000a1887bc64e5bdc1c8036f1112982990f9b53e55004b5b719a4892655a9d420446c3ab0643a2bac9429ae8a6032f4cc180d330b70c2a5598977c6c50881ebf9fbe4f17c65f4b8e6be6428bc2cade11f318798c060bb59862d25a1f37d7fe96b4085cc71b9c47a09d30b0c7f3066bbdc324024940b043e502a821345912a7e1b877ff1a4417043012caf5c847f061e378f67730c9330ff379836d838aecc6ef5113554f8d2fdc01ea6c6f37d340e78d0db3b89808bee8b55f37d2aaba077dcd824b59c9164375042263dd2a91f28e4551dcbffedbf3befc64beb276068cd4428723f35f6bd60d0afdae801cce380976c4926a69813815691640ff81b426f9509cd437132cda31534624155163bddfbfb80add1cab9244a76fd3718a4e5e6da59526e36a3f1f21f6e9d68414c33e99211037ccd57e24d9cda622feee95eebbddb11ee1b09acc099d07751b79b715f0b9e4a862b01106047aeab82cd02affdc8ae9a73dc0a49bb10007265a74a3ab55e7ef16fdc2079b020c46f682b6138b7bd4a7a7491dae5cd5109d2129a431d7c56c67aa5f396378997f15b893cc33c6ff75d3a1bf43ad3766906e18e184c31e090e3d9ffa4ae2fb6da3c25b277640d6d6b072dfb0f40617be86344c2f298c57ee87e8bd70446c9139ce0bc0e4f5ae8e39641d48c39b8d034ad9b6771278b94b72ee6c845a432866f3a12bb1e7fe35a758f1295286a174935112b8512c84ba0c9c54d58bb1ee75d67113b98cc55a3bebbe571bb07ff9db7ef1664d92ff57ae46b447301e5cc551ead38f9a8f46e613da4fd93a323cfa850ef6ed66f976ed17618d0c9c2d0ebfc1c117a47157b888ddedaa00c3fd302f2506c3c632fe274de2b3196d749ee592c0fff722aa4fc8cfdf40fd6a3eb2c20415ba45cb5ee1df38c932d84d658ad80029c8b26da8199d8a2c4097651aa6b22598bef705656844668701e"}) write$nbd(r0, &(0x7f0000000940)=ANY=[@ANYBLOB="000000000000000000000089d7000000ad483231a8cac9499e4852901b13e5570783c343996ffd7c7c45b60d14c9901893cfe9cf6b46d23faad55703ad3f1ba38cf744468ee1d9ae9cb4f1d2466b4d1fa9f506d48a04a9b0be68c37da1ea03f44d821eaea938786b7675cba310023dbaf5bed9a6b5614f018f5e482993b7b236dc8ab5ef5c12e1aac052e2d400"/151], 0x10) syz_open_dev$tty20(0xc, 0x4, 0x0) r3 = fork() clone3(&(0x7f0000000b40)={0x20a00000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000b00)=[r3], 0x1}, 0x58) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000100)={0x0}, &(0x7f0000000140)=0xc) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f00000003c0)=0x0) getresgid(&(0x7f0000000000), &(0x7f0000000040), 0x0) r6 = openat$vcsa(0xffffffffffffff9c, &(0x7f0000000440), 0x40000, 0x0) clone3(&(0x7f0000000480)={0x10000500, &(0x7f0000000000), &(0x7f0000000040), &(0x7f00000000c0), {0x17}, &(0x7f00000001c0)=""/229, 0xe5, &(0x7f00000002c0)=""/197, &(0x7f0000000400)=[r3, 0xffffffffffffffff, r4, r5, 0xffffffffffffffff, 0xffffffffffffffff], 0x6, {r6}}, 0x58) 07:39:21 executing program 2 (fault-call:1 fault-nth:66): r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xfffffdef) 07:39:21 executing program 5: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x0, 0x2, &(0x7f0000000440)=[{0x0, 0x0, 0x100000000}, {&(0x7f0000000400)="b6e4ba5e97a999bfce4e9bf4475031d183cbe1", 0x13, 0x3}], 0x68, &(0x7f0000000000)={[{@fat=@time_offset={'time_offset', 0x3d, 0xfffffffffffffc11}}]}) [ 2870.395970][T20643] loop5: detected capacity change from 0 to 264192 [ 2870.406074][T20644] FAULT_INJECTION: forcing a failure. [ 2870.406074][T20644] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2870.419255][T20644] CPU: 0 PID: 20644 Comm: syz-executor.2 Not tainted 5.14.0-rc4-syzkaller #0 [ 2870.428012][T20644] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2870.438084][T20644] Call Trace: [ 2870.441360][T20644] dump_stack_lvl+0xb7/0x103 [ 2870.441386][T20644] dump_stack+0x11/0x1a [ 2870.441551][T20644] should_fail+0x23c/0x250 [ 2870.441572][T20644] should_fail_usercopy+0x16/0x20 [ 2870.441594][T20644] copy_page_from_iter_atomic+0x2c1/0xba0 [ 2870.441617][T20644] ? shmem_write_begin+0x7e/0x100 [ 2870.441634][T20644] generic_perform_write+0x1df/0x3c0 [ 2870.441655][T20644] ? shmem_write_begin+0x100/0x100 [ 2870.441741][T20644] __generic_file_write_iter+0x161/0x300 [ 2870.441768][T20644] ? generic_write_checks+0x242/0x290 07:39:21 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf6010000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 07:39:21 executing program 3: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, 0x0, 0xe7) write$nbd(r0, &(0x7f0000000000)=ANY=[@ANYBLOB="67446698feffffff000000000000000097a753852ea83542637955dae0671713b6efb388269a970f359901000100000000001ca13faa3698df7944f03aaa40a2a43dc7464bab5ee7e03b854208ace1093bb94f8d0921fe7440c577d933fdfde072503135696abedf6251767fe324"], 0xfec8) [ 2870.441790][T20644] generic_file_write_iter+0x75/0x130 [ 2870.441813][T20644] vfs_write+0x69d/0x770 [ 2870.441828][T20644] ksys_write+0xce/0x180 [ 2870.441844][T20644] __x64_sys_write+0x3e/0x50 [ 2870.510288][T20644] do_syscall_64+0x3d/0x90 [ 2870.514709][T20644] entry_SYSCALL_64_after_hwframe+0x44/0xae 07:39:21 executing program 3: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, 0x0, 0xe7) write$nbd(r0, &(0x7f0000000000)=ANY=[@ANYBLOB="67446698feffffff000000000000000097a753852ea83542637955dae0671713b6efb388269a970f359901000100000000001ca13faa3698df7944f03aaa40a2a43dc7464bab5ee7e03b854208ace1093bb94f8d0921fe7440c577d933fdfde072503135696abedf6251767fe324"], 0xfec8) 07:39:21 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf6020000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 2870.514738][T20644] RIP: 0033:0x4665e9 [ 2870.514750][T20644] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 07:39:21 executing program 5: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x0, 0x2, &(0x7f0000000440)=[{0x0, 0x0, 0x100000000}, {&(0x7f0000000400)="b6e4ba5e97a999bfce4e9bf4475031d183cbe1", 0x13, 0x3}], 0x6c, &(0x7f0000000000)={[{@fat=@time_offset={'time_offset', 0x3d, 0xfffffffffffffc11}}]}) [ 2870.514817][T20644] RSP: 002b:00007fdb39a02188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2870.514835][T20644] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665e9 07:39:21 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf6030000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 2870.514880][T20644] RDX: 00000000fffffdef RSI: 0000000020000480 RDI: 0000000000000003 [ 2870.514889][T20644] RBP: 00007fdb39a021d0 R08: 0000000000000000 R09: 0000000000000000 [ 2870.514904][T20644] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2870.514914][T20644] R13: 00007ffca9e2055f R14: 00007fdb39a02300 R15: 0000000000022000 [ 2870.536701][T20643] loop5: detected capacity change from 0 to 264192 [ 2870.646622][T20673] loop5: detected capacity change from 0 to 264192 07:39:22 executing program 4: openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)) openat$bsg(0xffffffffffffff9c, &(0x7f0000000700), 0x40000, 0x0) recvmsg$unix(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000280), 0x87, 0x0, 0x0, 0x0, 0x52}, 0x2100) 07:39:22 executing program 3: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, 0x0, 0xe7) write$nbd(r0, &(0x7f0000000000)=ANY=[@ANYBLOB="67446698feffffff000000000000000097a753852ea83542637955dae0671713b6efb388269a970f359901000100000000001ca13faa3698df7944f03aaa40a2a43dc7464bab5ee7e03b854208ace1093bb94f8d0921fe7440c577d933fdfde072503135696abedf6251767fe324"], 0xfec8) 07:39:22 executing program 5: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x0, 0x2, &(0x7f0000000440)=[{0x0, 0x0, 0x100000000}, {&(0x7f0000000400)="b6e4ba5e97a999bfce4e9bf4475031d183cbe1", 0x13, 0x3}], 0x74, &(0x7f0000000000)={[{@fat=@time_offset={'time_offset', 0x3d, 0xfffffffffffffc11}}]}) 07:39:22 executing program 2 (fault-call:1 fault-nth:67): r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xfffffdef) 07:39:22 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf6040000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 07:39:22 executing program 0: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, 0x0, 0xe7) write$nbd(r0, &(0x7f00000001c0)=ANY=[@ANYBLOB="004466980000000000000000c413da2c75e897a99e25809a25ff19091315f013b3cf4efe7052cddbd03e596455419d826c4352d64dd4ea8cdbb5e7e7863fbfcb6d2d0a82b3935013aa21"], 0x10) sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)=ANY=[@ANYBLOB="2c00c8c55f5862e4003b", @ANYRES16=0x0, @ANYBLOB="080028bd7000ffdbdf250e00000008003a000500000008003b006147000005002f0000000000"], 0x2c}, 0x1, 0x0, 0x0, 0x20000000}, 0x22048800) setsockopt$inet6_udp_int(r0, 0x11, 0x66, &(0x7f0000000040)=0x9, 0x4) [ 2871.276421][T20689] FAULT_INJECTION: forcing a failure. [ 2871.276421][T20689] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 2871.289749][T20689] CPU: 0 PID: 20689 Comm: syz-executor.2 Not tainted 5.14.0-rc4-syzkaller #0 [ 2871.298506][T20689] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2871.308551][T20689] Call Trace: [ 2871.311831][T20689] dump_stack_lvl+0xb7/0x103 [ 2871.316423][T20689] dump_stack+0x11/0x1a [ 2871.320662][T20689] should_fail+0x23c/0x250 [ 2871.325089][T20689] __alloc_pages+0x102/0x320 [ 2871.329705][T20689] alloc_pages_vma+0x513/0x680 [ 2871.334470][T20689] shmem_getpage_gfp+0x954/0x13d0 [ 2871.339507][T20689] shmem_write_begin+0x7e/0x100 [ 2871.344435][T20689] generic_perform_write+0x196/0x3c0 [ 2871.349720][T20689] ? shmem_write_begin+0x100/0x100 [ 2871.354843][T20689] __generic_file_write_iter+0x161/0x300 [ 2871.360472][T20689] ? generic_write_checks+0x242/0x290 [ 2871.365849][T20689] generic_file_write_iter+0x75/0x130 [ 2871.371228][T20689] vfs_write+0x69d/0x770 [ 2871.375473][T20689] ksys_write+0xce/0x180 [ 2871.379726][T20689] __x64_sys_write+0x3e/0x50 [ 2871.384310][T20689] do_syscall_64+0x3d/0x90 [ 2871.388727][T20689] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 2871.394630][T20689] RIP: 0033:0x4665e9 [ 2871.398539][T20689] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2871.418449][T20689] RSP: 002b:00007fdb39a02188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 07:39:22 executing program 3: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000000)=ANY=[@ANYBLOB="67446698feffffff000000000000000097a753852ea83542637955dae0671713b6efb388269a970f359901000100000000001ca13faa3698df7944f03aaa40a2a43dc7464bab5ee7e03b854208ace1093bb94f8d0921fe7440c577d933fdfde072503135696abedf6251767fe324"], 0xfec8) 07:39:22 executing program 4: openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)) openat$bsg(0xffffffffffffff9c, &(0x7f0000000700), 0x40000, 0x0) recvmsg$unix(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000280), 0x87, 0x0, 0x0, 0x0, 0x52}, 0x2100) 07:39:22 executing program 3: write$nbd(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="67446698feffffff000000000000000097a753852ea83542637955dae0671713b6efb388269a970f359901000100000000001ca13faa3698df7944f03aaa40a2a43dc7464bab5ee7e03b854208ace1093bb94f8d0921fe7440c577d933fdfde072503135696abedf6251767fe324"], 0xfec8) 07:39:22 executing program 4: openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)) openat$bsg(0xffffffffffffff9c, &(0x7f0000000700), 0x40000, 0x0) recvmsg$unix(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000280), 0x87, 0x0, 0x0, 0x0, 0x52}, 0x2100) 07:39:22 executing program 3: write$nbd(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="67446698feffffff000000000000000097a753852ea83542637955dae0671713b6efb388269a970f359901000100000000001ca13faa3698df7944f03aaa40a2a43dc7464bab5ee7e03b854208ace1093bb94f8d0921fe7440c577d933fdfde072503135696abedf6251767fe324"], 0xfec8) [ 2871.426943][T20689] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665e9 [ 2871.434921][T20689] RDX: 00000000fffffdef RSI: 0000000020000480 RDI: 0000000000000003 [ 2871.442895][T20689] RBP: 00007fdb39a021d0 R08: 0000000000000000 R09: 0000000000000000 [ 2871.450881][T20689] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2871.458852][T20689] R13: 00007ffca9e2055f R14: 00007fdb39a02300 R15: 0000000000022000 07:39:22 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf7000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 07:39:22 executing program 4: openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) recvmsg$unix(r0, &(0x7f0000000200)={&(0x7f0000000280), 0x87, 0x0, 0x0, 0x0, 0x52}, 0x2100) 07:39:22 executing program 0: ioctl$SNDRV_SEQ_IOCTL_PVERSION(0xffffffffffffffff, 0x80045300, &(0x7f0000000000)) r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, 0x0, 0xe7) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TEMPO(r0, 0xc02c5341, &(0x7f00000000c0)) write$nbd(r0, &(0x7f0000000080), 0x10) [ 2871.483078][T20691] loop5: detected capacity change from 0 to 264192 07:39:22 executing program 5: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x0, 0x2, &(0x7f0000000440)=[{0x0, 0x0, 0x100000000}, {&(0x7f0000000400)="b6e4ba5e97a999bfce4e9bf4475031d183cbe1", 0x13, 0x3}], 0x7a, &(0x7f0000000000)={[{@fat=@time_offset={'time_offset', 0x3d, 0xfffffffffffffc11}}]}) 07:39:22 executing program 2 (fault-call:1 fault-nth:68): r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xfffffdef) 07:39:22 executing program 3: write$nbd(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="67446698feffffff000000000000000097a753852ea83542637955dae0671713b6efb388269a970f359901000100000000001ca13faa3698df7944f03aaa40a2a43dc7464bab5ee7e03b854208ace1093bb94f8d0921fe7440c577d933fdfde072503135696abedf6251767fe324"], 0xfec8) 07:39:22 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf7010000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 2871.559610][T20691] loop5: detected capacity change from 0 to 264192 07:39:22 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf7020000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 2871.645795][T20738] FAULT_INJECTION: forcing a failure. [ 2871.645795][T20738] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2871.658904][T20738] CPU: 0 PID: 20738 Comm: syz-executor.2 Not tainted 5.14.0-rc4-syzkaller #0 [ 2871.660511][T20740] loop5: detected capacity change from 0 to 264192 [ 2871.667658][T20738] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2871.667671][T20738] Call Trace: [ 2871.687470][T20738] dump_stack_lvl+0xb7/0x103 07:39:22 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf7030000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 2871.692065][T20738] dump_stack+0x11/0x1a [ 2871.696309][T20738] should_fail+0x23c/0x250 [ 2871.700773][T20738] should_fail_usercopy+0x16/0x20 [ 2871.705791][T20738] copy_page_from_iter_atomic+0x2c1/0xba0 [ 2871.711629][T20738] ? shmem_write_begin+0x7e/0x100 [ 2871.716645][T20738] generic_perform_write+0x1df/0x3c0 [ 2871.721951][T20738] ? shmem_write_begin+0x100/0x100 [ 2871.727058][T20738] __generic_file_write_iter+0x161/0x300 [ 2871.732687][T20738] ? generic_write_checks+0x242/0x290 [ 2871.738098][T20738] generic_file_write_iter+0x75/0x130 07:39:22 executing program 3: r0 = openat$bsg(0xffffffffffffff9c, 0x0, 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000000)=ANY=[@ANYBLOB="67446698feffffff000000000000000097a753852ea83542637955dae0671713b6efb388269a970f359901000100000000001ca13faa3698df7944f03aaa40a2a43dc7464bab5ee7e03b854208ace1093bb94f8d0921fe7440c577d933fdfde072503135696abedf6251767fe324"], 0xfec8) [ 2871.743476][T20738] vfs_write+0x69d/0x770 [ 2871.747715][T20738] ksys_write+0xce/0x180 [ 2871.751951][T20738] __x64_sys_write+0x3e/0x50 [ 2871.756614][T20738] do_syscall_64+0x3d/0x90 [ 2871.761073][T20738] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 2871.766991][T20738] RIP: 0033:0x4665e9 [ 2871.770884][T20738] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 07:39:22 executing program 0: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) ioctl$sock_ipv6_tunnel_SIOCCHGPRL(r0, 0x89f7, &(0x7f0000000040)={'sit0\x00', &(0x7f00000000c0)={'ip6gre0\x00', 0x0, 0x29, 0x62, 0xff, 0x8001, 0x24, @loopback, @private0={0xfc, 0x0, '\x00', 0x1}, 0x7800, 0x20, 0x8, 0x5}}) ioctl$sock_ipv6_tunnel_SIOCGET6RD(0xffffffffffffffff, 0x89f8, &(0x7f0000000140)={'ip6gre0\x00', &(0x7f00000001c0)={'syztnl2\x00', 0x0, 0x2f, 0x3, 0xe9, 0xffffffff, 0x24, @empty, @empty, 0x1, 0x700, 0x6, 0x4}}) ioctl$sock_ipv6_tunnel_SIOCGET6RD(r0, 0x89f8, &(0x7f00000002c0)={'syztnl1\x00', &(0x7f0000000240)={'syztnl0\x00', 0x0, 0x29, 0xff, 0x7, 0x9, 0x24, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', @private1, 0x700, 0x10, 0xd0, 0x2}}) ioctl$sock_ipv6_tunnel_SIOCGET6RD(r0, 0x89f8, &(0x7f0000000380)={'ip6tnl0\x00', &(0x7f0000000300)={'ip6tnl0\x00', 0x0, 0x29, 0x6, 0x6, 0x0, 0x40, @dev={0xfe, 0x80, '\x00', 0xa}, @dev={0xfe, 0x80, '\x00', 0x21}, 0x1, 0x7, 0x53c6, 0x5}}) ioctl$sock_ipv6_tunnel_SIOCGET6RD(r0, 0x89f8, &(0x7f0000000440)={'sit0\x00', &(0x7f00000003c0)={'syztnl1\x00', 0x0, 0x29, 0x4e, 0x5, 0x2, 0x4, @mcast1, @ipv4={'\x00', '\xff\xff', @multicast1}, 0x40, 0x7800, 0xffffffff, 0x7}}) ioctl$sock_ipv6_tunnel_SIOCCHGPRL(r0, 0x89f7, &(0x7f0000000500)={'ip6_vti0\x00', &(0x7f0000000480)={'syztnl0\x00', 0x0, 0x0, 0x2, 0x3, 0xab, 0x60, @ipv4={'\x00', '\xff\xff', @empty}, @private1, 0x20, 0x80, 0x3ff, 0x9}}) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000540)={'team0\x00', 0x0}) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000580)={'team0\x00', 0x0}) sendmsg$TEAM_CMD_PORT_LIST_GET(r0, &(0x7f0000000e40)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000000e00)={&(0x7f00000005c0)={0x810, 0x0, 0x200, 0x70bd29, 0x25dfdbfb, {}, [{{0x8}, {0xd0, 0x2, 0x0, 0x1, [{0x3c, 0x1, @name={{0x24}, {0x5}, {0xb, 0x4, 'random\x00'}}}, {0x3c, 0x1, @user_linkup={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r1}}}, {0x54, 0x1, @bpf_hash_func={{0x24}, {0x5}, {0x24, 0x4, [{0x7, 0xb0, 0xb2, 0x5}, {0x40, 0x4, 0xff, 0x1}, {0xffff, 0xc5, 0x5, 0x9a}, {0x3, 0x1f, 0x0, 0x8f4}]}}}]}}, {{0x8}, {0x78, 0x2, 0x0, 0x1, [{0x38, 0x1, @mcast_rejoin_interval={{0x24}, {0x5}, {0x8, 0x4, 0xffffffc1}}}, {0x3c, 0x1, @enabled={{{0x24}, {0x5}, {0x4}}, {0x8}}}]}}, {{0x8}, {0x1a8, 0x2, 0x0, 0x1, [{0x38, 0x1, @notify_peers_interval={{0x24}, {0x5}, {0x8, 0x4, 0x80}}}, {0x40, 0x1, @priority={{{0x24}, {0x5}, {0x8, 0x4, 0x7ff}}, {0x8}}}, {0x3c, 0x1, @enabled={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r2}}}, {0x40, 0x1, @priority={{{0x24}, {0x5}, {0x8, 0x4, 0x3}}, {0x8}}}, {0x38, 0x1, @activeport={{0x24}, {0x5}, {0x8, 0x4, r3}}}, {0x3c, 0x1, @user_linkup_enabled={{{0x24}, {0x5}, {0x4}}, {0x8}}}, {0x3c, 0x1, @user_linkup={{{0x24}, {0x5}, {0x4}}, {0x8}}}]}}, {{0x8}, {0x94, 0x2, 0x0, 0x1, [{0x54, 0x1, @bpf_hash_func={{0x24}, {0x5}, {0x24, 0x4, [{0x2, 0x1, 0x3, 0x794}, {0x8, 0x0, 0x6, 0x7ff}, {0x7f, 0x5, 0x7f, 0x5}, {0xff, 0x5, 0xff, 0x4}]}}}, {0x3c, 0x1, @bpf_hash_func={{0x24}, {0x5}, {0xc, 0x4, [{0x0, 0x80, 0x8, 0x8}]}}}]}}, {{0x8, 0x1, r4}, {0x168, 0x2, 0x0, 0x1, [{0x3c, 0x1, @user_linkup={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r5}}}, {0x38, 0x1, @notify_peers_interval={{0x24}, {0x5}, {0x8, 0x4, 0x4}}}, {0x40, 0x1, @lb_port_stats={{{0x24}, {0x5}, {0x8, 0x4, 0xffffff0c}}, {0x8}}}, {0x3c, 0x1, @user_linkup={{{0x24}, {0x5}, {0x4}}, {0x8}}}, {0x3c, 0x1, @user_linkup={{{0x24}, {0x5}, {0x4}}, {0x8}}}, {0x38, 0x1, @activeport={{0x24}, {0x5}, {0x8}}}]}}, {{0x8}, {0x250, 0x2, 0x0, 0x1, [{0x3c, 0x1, @user_linkup_enabled={{{0x24}, {0x5}, {0x4}}, {0x8}}}, {0x40, 0x1, @priority={{{0x24}, {0x5}, {0x8, 0x4, 0x1}}, {0x8, 0x6, r6}}}, {0x38, 0x1, @notify_peers_interval={{0x24}, {0x5}, {0x8, 0x4, 0x8}}}, {0x40, 0x1, @lb_port_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x800}}, {0x8}}}, {0x54, 0x1, @bpf_hash_func={{0x24}, {0x5}, {0x24, 0x4, [{0x8001, 0xc8, 0x8, 0x9}, {0x0, 0x1, 0x80, 0x8}, {0x1, 0x1f, 0x3f, 0x77e}, {0x20, 0x5, 0x1, 0x2c}]}}}, {0x40, 0x1, @lb_tx_hash_to_port_mapping={{{0x24}, {0x5}, {0x8}}, {0x8}}}, {0x38, 0x1, @activeport={{0x24}, {0x5}, {0x8}}}, {0x4c, 0x1, @lb_tx_method={{0x24}, {0x5}, {0x19, 0x4, 'hash_to_port_mapping\x00'}}}, {0x40, 0x1, @lb_tx_hash_to_port_mapping={{{0x24}, {0x5}, {0x8}}, {0x8}}}]}}, {{0x8, 0x1, r7}, {0x44, 0x2, 0x0, 0x1, [{0x40, 0x1, @name={{0x24}, {0x5}, {0xe, 0x4, 'broadcast\x00'}}}]}}, {{0x8, 0x1, r8}, {0x3c, 0x2, 0x0, 0x1, [{0x38, 0x1, @notify_peers_interval={{0x24}, {0x5}, {0x8, 0x4, 0x38a}}}]}}]}, 0x810}, 0x1, 0x0, 0x0, 0x11}, 0x8000) write$nbd(r0, &(0x7f0000000080), 0x10) [ 2871.790489][T20738] RSP: 002b:00007fdb39a02188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2871.798900][T20738] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665e9 [ 2871.806873][T20738] RDX: 00000000fffffdef RSI: 0000000020000480 RDI: 0000000000000003 [ 2871.814897][T20738] RBP: 00007fdb39a021d0 R08: 0000000000000000 R09: 0000000000000000 [ 2871.822871][T20738] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2871.830850][T20738] R13: 00007ffca9e2055f R14: 00007fdb39a02300 R15: 0000000000022000 07:39:22 executing program 3: r0 = openat$bsg(0xffffffffffffff9c, 0x0, 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000000)=ANY=[@ANYBLOB="67446698feffffff000000000000000097a753852ea83542637955dae0671713b6efb388269a970f359901000100000000001ca13faa3698df7944f03aaa40a2a43dc7464bab5ee7e03b854208ace1093bb94f8d0921fe7440c577d933fdfde072503135696abedf6251767fe324"], 0xfec8) 07:39:22 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf7040000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 2871.867613][T20740] loop5: detected capacity change from 0 to 264192 07:39:23 executing program 4: openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) recvmsg$unix(r0, &(0x7f0000000200)={&(0x7f0000000280), 0x87, 0x0, 0x0, 0x0, 0x52}, 0x2100) 07:39:23 executing program 0: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) setsockopt$inet6_udp_encap(0xffffffffffffffff, 0x11, 0x64, &(0x7f0000000000)=0x4, 0x4) write$nbd(r0, 0x0, 0xe7) write$nbd(r0, &(0x7f0000000080), 0x10) 07:39:23 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf8000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 07:39:23 executing program 3: r0 = openat$bsg(0xffffffffffffff9c, 0x0, 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000000)=ANY=[@ANYBLOB="67446698feffffff000000000000000097a753852ea83542637955dae0671713b6efb388269a970f359901000100000000001ca13faa3698df7944f03aaa40a2a43dc7464bab5ee7e03b854208ace1093bb94f8d0921fe7440c577d933fdfde072503135696abedf6251767fe324"], 0xfec8) 07:39:23 executing program 5: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x0, 0x2, &(0x7f0000000440)=[{0x0, 0x0, 0x100000000}, {&(0x7f0000000400)="b6e4ba5e97a999bfce4e9bf4475031d183cbe1", 0x13, 0x3}], 0xfe, &(0x7f0000000000)={[{@fat=@time_offset={'time_offset', 0x3d, 0xfffffffffffffc11}}]}) 07:39:23 executing program 2 (fault-call:1 fault-nth:69): r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xfffffdef) 07:39:23 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf8010000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 2872.418767][T20777] loop5: detected capacity change from 0 to 264192 [ 2872.429952][T20781] FAULT_INJECTION: forcing a failure. [ 2872.429952][T20781] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 2872.443179][T20781] CPU: 0 PID: 20781 Comm: syz-executor.2 Not tainted 5.14.0-rc4-syzkaller #0 [ 2872.452027][T20781] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2872.462085][T20781] Call Trace: 07:39:23 executing program 0: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, 0x0, 0xe7) write$nbd(r0, &(0x7f0000000080), 0x10) r1 = syz_genetlink_get_family_id$batadv(&(0x7f0000000040), r0) sendmsg$BATADV_CMD_GET_GATEWAYS(r0, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x30, r1, 0x200, 0x70bd2b, 0x25dfdbfb, {}, [@BATADV_ATTR_BONDING_ENABLED={0x5}, @BATADV_ATTR_ORIG_ADDRESS={0xa, 0x9, @broadcast}, @BATADV_ATTR_GW_BANDWIDTH_DOWN={0x8, 0x31, 0xff}]}, 0x30}, 0x1, 0x0, 0x0, 0x4}, 0x800) [ 2872.465365][T20781] dump_stack_lvl+0xb7/0x103 [ 2872.469960][T20781] dump_stack+0x11/0x1a [ 2872.474117][T20781] should_fail+0x23c/0x250 [ 2872.478566][T20781] __alloc_pages+0x102/0x320 [ 2872.483154][T20781] alloc_pages_vma+0x513/0x680 [ 2872.487920][T20781] shmem_getpage_gfp+0x954/0x13d0 [ 2872.492976][T20781] shmem_write_begin+0x7e/0x100 [ 2872.497820][T20781] generic_perform_write+0x196/0x3c0 [ 2872.503123][T20781] ? shmem_write_begin+0x100/0x100 [ 2872.508233][T20781] __generic_file_write_iter+0x161/0x300 [ 2872.513871][T20781] ? generic_write_checks+0x242/0x290 07:39:23 executing program 0: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) r1 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) ioctl$KDSKBMODE(r1, 0x4b45, 0x0) ioctl$TIOCL_BLANKSCREEN(r1, 0x541c, &(0x7f0000000000)) write$nbd(r0, 0x0, 0xe7) write$nbd(r0, &(0x7f00000000c0)={0x67446698, 0x2, 0x0, 0x0, 0x0, "c407fbd33f7c47426914e3cd3deba5e2df803f963a7e84af59244cf8adf5656549a7249f38fb018f178525ed586f01a90f4c12e69ea2eea46ab6253d8a207db59610c3ac8b7808a8f11f4ff681da15fde8ed21a386705f1100000012c7796ab09011eaa00a3b6c49d0f773c4bdd42b65c4cd29246420f327cb4d47e9fe5c5ffa414f1e0265b5fe7a5648918dd5a00632233a1f5c92d9b998e4e999"}, 0xab) 07:39:23 executing program 3: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) write$nbd(r0, &(0x7f0000000000)=ANY=[@ANYBLOB="67446698feffffff000000000000000097a753852ea83542637955dae0671713b6efb388269a970f359901000100000000001ca13faa3698df7944f03aaa40a2a43dc7464bab5ee7e03b854208ace1093bb94f8d0921fe7440c577d933fdfde072503135696abedf6251767fe324"], 0xfec8) [ 2872.519238][T20781] generic_file_write_iter+0x75/0x130 [ 2872.524606][T20781] vfs_write+0x69d/0x770 [ 2872.528843][T20781] ksys_write+0xce/0x180 [ 2872.533085][T20781] __x64_sys_write+0x3e/0x50 [ 2872.537707][T20781] do_syscall_64+0x3d/0x90 [ 2872.542202][T20781] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 2872.548169][T20781] RIP: 0033:0x4665e9 07:39:23 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf8020000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 2872.552049][T20781] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2872.571922][T20781] RSP: 002b:00007fdb39a02188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2872.580342][T20781] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665e9 [ 2872.588314][T20781] RDX: 00000000fffffdef RSI: 0000000020000480 RDI: 0000000000000003 [ 2872.596296][T20781] RBP: 00007fdb39a021d0 R08: 0000000000000000 R09: 0000000000000000 [ 2872.604310][T20781] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 07:39:23 executing program 3: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) write$nbd(r0, &(0x7f0000000000)=ANY=[@ANYBLOB="67446698feffffff000000000000000097a753852ea83542637955dae0671713b6efb388269a970f359901000100000000001ca13faa3698df7944f03aaa40a2a43dc7464bab5ee7e03b854208ace1093bb94f8d0921fe7440c577d933fdfde072503135696abedf6251767fe324"], 0xfec8) [ 2872.612413][T20781] R13: 00007ffca9e2055f R14: 00007fdb39a02300 R15: 0000000000022000 [ 2872.670765][T20777] loop5: detected capacity change from 0 to 264192 07:39:24 executing program 4: socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) recvmsg$unix(r0, &(0x7f0000000200)={&(0x7f0000000280), 0x87, 0x0, 0x0, 0x0, 0x52}, 0x2100) 07:39:24 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf8030000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 07:39:24 executing program 0: write$nbd(0xffffffffffffffff, 0x0, 0xe7) sendmsg$BATADV_CMD_GET_DAT_CACHE(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000040)={0x24, 0x0, 0x2, 0x70bd25, 0x25dfdbff, {}, [@BATADV_ATTR_GW_BANDWIDTH_DOWN={0x8, 0x31, 0x1}, @BATADV_ATTR_MULTICAST_FANOUT={0x8, 0x3c, 0x464}]}, 0x24}}, 0x80) write$nbd(0xffffffffffffffff, &(0x7f0000000080), 0x10) 07:39:24 executing program 2 (fault-call:1 fault-nth:70): r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xfffffdef) 07:39:24 executing program 3: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) write$nbd(r0, &(0x7f0000000000)=ANY=[@ANYBLOB="67446698feffffff000000000000000097a753852ea83542637955dae0671713b6efb388269a970f359901000100000000001ca13faa3698df7944f03aaa40a2a43dc7464bab5ee7e03b854208ace1093bb94f8d0921fe7440c577d933fdfde072503135696abedf6251767fe324"], 0xfec8) 07:39:24 executing program 5: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x0, 0x2, &(0x7f0000000440)=[{0x0, 0x0, 0x100000000}, {&(0x7f0000000400)="b6e4ba5e97a999bfce4e9bf4475031d183cbe1", 0x13, 0x3}], 0x10e, &(0x7f0000000000)={[{@fat=@time_offset={'time_offset', 0x3d, 0xfffffffffffffc11}}]}) 07:39:24 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf8040000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 2873.318503][T20825] loop5: detected capacity change from 0 to 264192 [ 2873.327480][T20829] FAULT_INJECTION: forcing a failure. [ 2873.327480][T20829] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2873.334499][T20825] FAT-fs (loop5): invalid media value (0xe1) [ 2873.340585][T20829] CPU: 0 PID: 20829 Comm: syz-executor.2 Not tainted 5.14.0-rc4-syzkaller #0 [ 2873.346528][T20825] FAT-fs (loop5): Can't find a valid FAT filesystem 07:39:24 executing program 3: openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="67446698feffffff000000000000000097a753852ea83542637955dae0671713b6efb388269a970f359901000100000000001ca13faa3698df7944f03aaa40a2a43dc7464bab5ee7e03b854208ace1093bb94f8d0921fe7440c577d933fdfde072503135696abedf6251767fe324"], 0xfec8) 07:39:24 executing program 0: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, 0x0, 0xe7) write$nbd(r0, &(0x7f0000000000)=ANY=[@ANYBLOB="674405b4fc004520ee86cc0000000000000000"], 0x10) r1 = socket$netlink(0x10, 0x3, 0x15) syz_genetlink_get_family_id$batadv(&(0x7f0000000040), r1) [ 2873.355261][T20829] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2873.355274][T20829] Call Trace: [ 2873.355281][T20829] dump_stack_lvl+0xb7/0x103 [ 2873.355301][T20829] dump_stack+0x11/0x1a [ 2873.355315][T20829] should_fail+0x23c/0x250 [ 2873.388396][T20829] should_fail_usercopy+0x16/0x20 [ 2873.393435][T20829] copy_page_from_iter_atomic+0x2c1/0xba0 [ 2873.399274][T20829] ? shmem_write_begin+0x7e/0x100 [ 2873.404290][T20829] generic_perform_write+0x1df/0x3c0 [ 2873.409713][T20829] ? shmem_write_begin+0x100/0x100 07:39:24 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf9000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 07:39:24 executing program 3: openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="67446698feffffff000000000000000097a753852ea83542637955dae0671713b6efb388269a970f359901000100000000001ca13faa3698df7944f03aaa40a2a43dc7464bab5ee7e03b854208ace1093bb94f8d0921fe7440c577d933fdfde072503135696abedf6251767fe324"], 0xfec8) [ 2873.414830][T20829] __generic_file_write_iter+0x161/0x300 [ 2873.420463][T20829] ? generic_write_checks+0x242/0x290 [ 2873.425843][T20829] generic_file_write_iter+0x75/0x130 [ 2873.431253][T20829] vfs_write+0x69d/0x770 [ 2873.435513][T20829] ksys_write+0xce/0x180 [ 2873.439757][T20829] __x64_sys_write+0x3e/0x50 [ 2873.444408][T20829] do_syscall_64+0x3d/0x90 [ 2873.448823][T20829] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 2873.454726][T20829] RIP: 0033:0x4665e9 [ 2873.458639][T20829] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2873.478247][T20829] RSP: 002b:00007fdb39a02188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2873.486658][T20829] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665e9 [ 2873.494626][T20829] RDX: 00000000fffffdef RSI: 0000000020000480 RDI: 0000000000000003 [ 2873.502646][T20829] RBP: 00007fdb39a021d0 R08: 0000000000000000 R09: 0000000000000000 [ 2873.510621][T20829] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 07:39:24 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf9010000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 2873.518593][T20829] R13: 00007ffca9e2055f R14: 00007fdb39a02300 R15: 0000000000022000 [ 2873.551636][T20825] loop5: detected capacity change from 0 to 264192 [ 2873.611240][T20825] FAT-fs (loop5): invalid media value (0xe1) [ 2873.617280][T20825] FAT-fs (loop5): Can't find a valid FAT filesystem 07:39:25 executing program 4: socketpair$unix(0x1, 0x0, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) recvmsg$unix(r0, &(0x7f0000000200)={&(0x7f0000000280), 0x87, 0x0, 0x0, 0x0, 0x52}, 0x2100) 07:39:25 executing program 3: openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="67446698feffffff000000000000000097a753852ea83542637955dae0671713b6efb388269a970f359901000100000000001ca13faa3698df7944f03aaa40a2a43dc7464bab5ee7e03b854208ace1093bb94f8d0921fe7440c577d933fdfde072503135696abedf6251767fe324"], 0xfec8) 07:39:25 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf9020000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 07:39:25 executing program 0: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) ioctl$SNDRV_SEQ_IOCTL_DELETE_PORT(r0, 0x40a85321, &(0x7f00000000c0)={{0x35, 0x8}, 'port0\x00', 0xa, 0x100c24, 0x8f, 0xfff, 0x5, 0xffffffff, 0x9, 0x0, 0x6, 0x7f}) write$nbd(r0, 0x0, 0xe7) r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000700), 0x40000, 0x0) recvmsg$unix(r1, &(0x7f0000000b80)={&(0x7f0000000740), 0x6e, 0x0}, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r1, 0xc0a85320, &(0x7f00000001c0)={{0x40, 0x7f}, 'port1\x00', 0x8, 0x20000, 0x1, 0x4, 0x9, 0x80000000, 0x200, 0x0, 0x4, 0x3}) r2 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000700), 0x40000, 0x0) recvmsg$unix(r2, &(0x7f0000000b80)={&(0x7f0000000740), 0x6e, 0x0}, 0x0) ioctl$sock_ipv6_tunnel_SIOCGET6RD(r1, 0x89f8, &(0x7f0000000280)={'syztnl1\x00', &(0x7f0000000040)={'syztnl2\x00', 0x0, 0x4, 0xff, 0x7f, 0x0, 0x8, @private1={0xfc, 0x1, '\x00', 0x1}, @private0, 0x80, 0x40, 0xcb, 0x5}}) ioctl$sock_ipv6_tunnel_SIOCCHGPRL(r2, 0x89f7, &(0x7f0000000340)={'ip6gre0\x00', &(0x7f00000002c0)={'ip6tnl0\x00', r3, 0x4, 0x4, 0x9, 0x80000001, 0x4ebc6d64a73083c9, @local, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0x1, 0x7, 0x3f9a7df1, 0x3}}) write$nbd(r0, &(0x7f0000000000)=ANY=[@ANYBLOB="6744669800006c5f0db6248b4e9900000000000006000000"], 0x10) 07:39:25 executing program 5: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x0, 0x2, &(0x7f0000000440)=[{0x0, 0x0, 0x100000000}, {&(0x7f0000000400)="b6e4ba5e97a999bfce4e9bf4475031d183cbe1", 0x13, 0x3}], 0x1ba, &(0x7f0000000000)={[{@fat=@time_offset={'time_offset', 0x3d, 0xfffffffffffffc11}}]}) 07:39:25 executing program 2 (fault-call:1 fault-nth:71): r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xfffffdef) [ 2874.187037][T20876] loop5: detected capacity change from 0 to 264192 [ 2874.204534][T20874] FAULT_INJECTION: forcing a failure. [ 2874.204534][T20874] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 2874.217861][T20874] CPU: 1 PID: 20874 Comm: syz-executor.2 Not tainted 5.14.0-rc4-syzkaller #0 [ 2874.226625][T20874] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2874.236686][T20874] Call Trace: [ 2874.239960][T20874] dump_stack_lvl+0xb7/0x103 [ 2874.244543][T20874] dump_stack+0x11/0x1a [ 2874.248691][T20874] should_fail+0x23c/0x250 [ 2874.253114][T20874] __alloc_pages+0x102/0x320 [ 2874.257731][T20874] alloc_pages_vma+0x513/0x680 [ 2874.262565][T20874] shmem_getpage_gfp+0x954/0x13d0 [ 2874.267602][T20874] shmem_write_begin+0x7e/0x100 [ 2874.272474][T20874] generic_perform_write+0x196/0x3c0 [ 2874.277947][T20874] ? shmem_write_begin+0x100/0x100 [ 2874.283095][T20874] __generic_file_write_iter+0x161/0x300 [ 2874.288725][T20874] ? generic_write_checks+0x242/0x290 [ 2874.294100][T20874] generic_file_write_iter+0x75/0x130 [ 2874.299544][T20874] vfs_write+0x69d/0x770 [ 2874.303783][T20874] ksys_write+0xce/0x180 [ 2874.308066][T20874] __x64_sys_write+0x3e/0x50 [ 2874.312676][T20874] do_syscall_64+0x3d/0x90 [ 2874.317088][T20874] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 2874.323031][T20874] RIP: 0033:0x4665e9 07:39:25 executing program 3: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, 0x0, 0xfec8) 07:39:25 executing program 0: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, 0x0, 0xe7) r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000700), 0x40000, 0x0) recvmsg$unix(r1, &(0x7f0000000b80)={&(0x7f0000000740), 0x6e, 0x0}, 0x0) write$nbd(r1, &(0x7f0000000080)={0x67446698, 0x0, 0x4}, 0x10) 07:39:25 executing program 4: socketpair$unix(0x1, 0x0, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) recvmsg$unix(r0, &(0x7f0000000200)={&(0x7f0000000280), 0x87, 0x0, 0x0, 0x0, 0x52}, 0x2100) 07:39:25 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf9030000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 07:39:25 executing program 3: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, 0x0, 0xfec8) 07:39:25 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf9040000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 2874.326916][T20874] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2874.346520][T20874] RSP: 002b:00007fdb39a02188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2874.354943][T20874] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665e9 [ 2874.362911][T20874] RDX: 00000000fffffdef RSI: 0000000020000480 RDI: 0000000000000003 [ 2874.370911][T20874] RBP: 00007fdb39a021d0 R08: 0000000000000000 R09: 0000000000000000 [ 2874.378895][T20874] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 07:39:25 executing program 4: socketpair$unix(0x1, 0x0, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) recvmsg$unix(r0, &(0x7f0000000200)={&(0x7f0000000280), 0x87, 0x0, 0x0, 0x0, 0x52}, 0x2100) 07:39:25 executing program 3: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, 0x0, 0xfec8) 07:39:25 executing program 0: openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/class/input', 0x40000, 0x10) openat$nvram(0xffffffffffffff9c, &(0x7f0000000080), 0x1a980, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0)) r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000700), 0x40000, 0x0) recvmsg$unix(r0, &(0x7f0000000b80)={&(0x7f0000000740), 0x6e, 0x0}, 0x0) r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000100), 0x612500, 0x0) recvmsg$unix(r1, &(0x7f0000000b80)={&(0x7f0000000740), 0x6e, 0x0}, 0x0) r2 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000700), 0x40000, 0x0) recvmsg$unix(r2, &(0x7f0000000b80)={&(0x7f0000000740), 0x6e, 0x0}, 0x0) write$nbd(r2, 0x0, 0xe7) r3 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000700), 0x40000, 0x0) recvmsg$unix(r3, &(0x7f0000000b80)={&(0x7f0000000740), 0x6e, 0x0}, 0x0) write$nbd(r3, &(0x7f0000000040)={0x67446698, 0xffffffff, 0x4, 0x0, 0x0, "23636e8ef296431966e1a1a5c50900000000000000ec3e13878000000000"}, 0xfffffffffffffd50) 07:39:25 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfa000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 2874.386863][T20874] R13: 00007ffca9e2055f R14: 00007fdb39a02300 R15: 0000000000022000 [ 2874.419341][T20876] loop5: detected capacity change from 0 to 264192 07:39:25 executing program 5: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x0, 0x2, &(0x7f0000000440)=[{0x0, 0x0, 0x100000000}, {&(0x7f0000000400)="b6e4ba5e97a999bfce4e9bf4475031d183cbe1", 0x13, 0x3}], 0x1bb, &(0x7f0000000000)={[{@fat=@time_offset={'time_offset', 0x3d, 0xfffffffffffffc11}}]}) 07:39:25 executing program 2 (fault-call:1 fault-nth:72): r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xfffffdef) 07:39:25 executing program 4: socketpair$unix(0x1, 0x2, 0x0, 0x0) recvmsg$unix(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000280), 0x87, 0x0, 0x0, 0x0, 0x52}, 0x2100) 07:39:25 executing program 3: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000000)=ANY=[], 0xfec8) 07:39:25 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfa010000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 07:39:25 executing program 0: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, 0x0, 0xe7) write$nbd(r0, &(0x7f0000000080), 0x10) r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000700), 0x40000, 0x0) recvmsg$unix(r1, &(0x7f0000000b80)={&(0x7f0000000740), 0x6e, 0x0}, 0x0) ioctl$SNDRV_SEQ_IOCTL_UNSUBSCRIBE_PORT(r1, 0x40505331, &(0x7f0000000000)={{0x8, 0x2}, {0x1, 0xf9}, 0x8, 0x3, 0x35}) [ 2874.529668][T20920] loop5: detected capacity change from 0 to 264192 07:39:25 executing program 5: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x0, 0x2, &(0x7f0000000440)=[{0x0, 0x0, 0x100000000}, {&(0x7f0000000400)="b6e4ba5e97a999bfce4e9bf4475031d183cbe1", 0x13, 0x3}], 0x1bc, &(0x7f0000000000)={[{@fat=@time_offset={'time_offset', 0x3d, 0xfffffffffffffc11}}]}) 07:39:25 executing program 4: socketpair$unix(0x1, 0x2, 0x0, 0x0) recvmsg$unix(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000280), 0x87, 0x0, 0x0, 0x0, 0x52}, 0x2100) [ 2874.615132][T20932] FAULT_INJECTION: forcing a failure. [ 2874.615132][T20932] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2874.628234][T20932] CPU: 0 PID: 20932 Comm: syz-executor.2 Not tainted 5.14.0-rc4-syzkaller #0 [ 2874.637982][T20932] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2874.646425][T20939] loop5: detected capacity change from 0 to 264192 [ 2874.648047][T20932] Call Trace: [ 2874.648055][T20932] dump_stack_lvl+0xb7/0x103 07:39:25 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfa020000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 07:39:25 executing program 0: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, 0x0, 0xe7) prctl$PR_GET_UNALIGN(0x5, &(0x7f0000000080)) write$nbd(r0, &(0x7f0000000000)=ANY=[@ANYBLOB="67446698e54cb6be30535ae7000b00000002ba3cfa0000fc29db2c8439cec703c67a140a4357f62bd02c474ff904731f6e61bd49fa147e0b5381234b006d763df23f91b46c22328a46007635b09ee2c710a23a350427ad2545dc184f4af685174583d8d0cb27edec00e8e17e0d39c93e8ca36e606823b69ff867bb76383bbb"], 0x10) 07:39:25 executing program 3: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xe7) r1 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/mem_sleep', 0x4002, 0x2) r2 = syz_genetlink_get_family_id$team(&(0x7f00000000c0), r0) io_uring_register$IORING_REGISTER_EVENTFD_ASYNC(r1, 0x7, &(0x7f0000000dc0)=r0, 0x1) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000100)) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000140)={'team0\x00', 0x0}) ioctl$sock_ipv6_tunnel_SIOCCHGPRL(r0, 0x89f7, &(0x7f0000000240)={'syztnl1\x00', &(0x7f00000001c0)={'ip6gre0\x00', 0x0, 0x29, 0xab, 0x9, 0x100, 0x55, @empty, @mcast1, 0x40, 0x8, 0xfffffff7, 0x18}}) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r0, 0x89f1, &(0x7f0000000300)={'syztnl2\x00', &(0x7f0000000280)={'sit0\x00', 0x0, 0x29, 0x1f, 0x0, 0x3, 0x20, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', @ipv4={'\x00', '\xff\xff', @loopback}, 0x20, 0x8060, 0x8, 0x6}}) getsockname$packet(r0, &(0x7f0000000340)={0x11, 0x0, 0x0}, &(0x7f0000000380)=0x14) ioctl$sock_ipv6_tunnel_SIOCDELPRL(r0, 0x89f6, &(0x7f0000000440)={'ip6_vti0\x00', &(0x7f00000003c0)={'ip6gre0\x00', 0x0, 0x4, 0x9, 0x92, 0xfff, 0x5, @loopback, @remote, 0x40, 0x700, 0x39c}}) getsockname$packet(r0, &(0x7f0000000480)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f00000004c0)=0x14) getsockname$packet(r0, &(0x7f0000000500)={0x11, 0x0, 0x0}, &(0x7f0000000580)=0x14) sendmsg$TEAM_CMD_NOOP(r1, &(0x7f0000000d00)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000cc0)={&(0x7f0000000e00)={0x688, r2, 0x200, 0x70bd2a, 0x25dfdbfe, {}, [{{0x8}, {0x4}}, {{0x8}, {0x4}}, {{0x8}, {0x4}}, {{0x8}, {0x80, 0x2, 0x0, 0x1, [{0x40, 0x1, @lb_port_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x200}}, {0x8}}}, {0x3c, 0x1, @user_linkup={{{0x24}, {0x5}, {0x4}}, {0x8}}}]}}, {{0x8, 0x1, r3}, {0x16c, 0x2, 0x0, 0x1, [{0x4c, 0x1, @lb_tx_method={{0x24}, {0x5}, {0x19, 0x4, 'hash_to_port_mapping\x00'}}}, {0x38, 0x1, @notify_peers_count={{0x24}, {0x5}, {0x8, 0x4, 0x9a4}}}, {0x38, 0x1, @mcast_rejoin_count={{0x24}, {0x5}, {0x8, 0x4, 0x81}}}, {0x38, 0x1, @activeport={{0x24}, {0x5}, {0x8}}}, {0x3c, 0x1, @user_linkup={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r4}}}, {0x38, 0x1, @mcast_rejoin_interval={{0x24}, {0x5}, {0x8, 0x4, 0x5}}}]}}, {{0x8, 0x1, r5}, {0xbc, 0x2, 0x0, 0x1, [{0x40, 0x1, @lb_tx_hash_to_port_mapping={{{0x24}, {0x5}, {0x8, 0x4, r6}}, {0x8}}}, {0x40, 0x1, @queue_id={{{0x24}, {0x5}, {0x8, 0x4, 0x7}}, {0x8}}}, {0x38, 0x1, @lb_stats_refresh_interval={{0x24}, {0x5}, {0x8}}}]}}, {{0x8, 0x1, r7}, {0xec, 0x2, 0x0, 0x1, [{0x38, 0x1, @notify_peers_interval={{0x24}, {0x5}, {0x8, 0x4, 0x3}}}, {0x40, 0x1, @lb_tx_hash_to_port_mapping={{{0x24}, {0x5}, {0x8}}, {0x8}}}, {0x38, 0x1, @mcast_rejoin_count={{0x24}, {0x5}, {0x8, 0x4, 0xffff7387}}}, {0x38, 0x1, @mcast_rejoin_count={{0x24}, {0x5}, {0x8, 0x4, 0x2}}}]}}, {{0x8, 0x1, r8}, {0x294, 0x2, 0x0, 0x1, [{0x38, 0x1, @activeport={{0x24}, {0x5}, {0x8, 0x4, r5}}}, {0x40, 0x1, @priority={{{0x24}, {0x5}, {0x8, 0x4, 0x91d8}}, {0x8, 0x6, r3}}}, {0x38, 0x1, @notify_peers_count={{0x24}, {0x5}, {0x8, 0x4, 0x2}}}, {0x3c, 0x1, @enabled={{{0x24}, {0x5}, {0x4}}, {0x8}}}, {0x54, 0x1, @bpf_hash_func={{0x24}, {0x5}, {0x24, 0x4, [{0x5, 0x6, 0x5, 0x40}, {0x83, 0x1, 0x86, 0x1}, {0x6, 0x9, 0x3, 0x4}, {0x40, 0x9, 0x6, 0xffffffbe}]}}}, {0x4c, 0x1, @lb_tx_method={{0x24}, {0x5}, {0x19, 0x4, 'hash_to_port_mapping\x00'}}}, {0x44, 0x1, @name={{0x24}, {0x5}, {0x11, 0x4, 'activebackup\x00'}}}, {0x40, 0x1, @priority={{{0x24}, {0x5}, {0x8, 0x4, 0x1}}, {0x8}}}, {0x40, 0x1, @priority={{{0x24}, {0x5}, {0x8, 0x4, 0x2}}, {0x8}}}, {0x40, 0x1, @queue_id={{{0x24}, {0x5}, {0x8, 0x4, 0x401}}, {0x8, 0x6, r9}}}]}}]}, 0x688}, 0x1, 0x0, 0x0, 0x2000c050}, 0x4001) write$nbd(r0, &(0x7f0000000080), 0x10) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TEMPO(r1, 0xc02c5341, &(0x7f0000000d40)) [ 2874.648076][T20932] dump_stack+0x11/0x1a [ 2874.666605][T20932] should_fail+0x23c/0x250 [ 2874.671066][T20932] should_fail_usercopy+0x16/0x20 [ 2874.676141][T20932] copy_page_from_iter_atomic+0x2c1/0xba0 [ 2874.681944][T20932] ? shmem_write_begin+0x7e/0x100 [ 2874.686969][T20932] generic_perform_write+0x1df/0x3c0 [ 2874.692330][T20932] ? shmem_write_begin+0x100/0x100 [ 2874.697525][T20932] __generic_file_write_iter+0x161/0x300 [ 2874.703174][T20932] ? generic_write_checks+0x242/0x290 [ 2874.708797][T20932] generic_file_write_iter+0x75/0x130 07:39:25 executing program 4: socketpair$unix(0x1, 0x2, 0x0, 0x0) recvmsg$unix(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000280), 0x87, 0x0, 0x0, 0x0, 0x52}, 0x2100) 07:39:25 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfa030000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 2874.714239][T20932] vfs_write+0x69d/0x770 [ 2874.718502][T20932] ksys_write+0xce/0x180 [ 2874.722814][T20932] __x64_sys_write+0x3e/0x50 [ 2874.727401][T20932] do_syscall_64+0x3d/0x90 [ 2874.731812][T20932] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 2874.737704][T20932] RIP: 0033:0x4665e9 [ 2874.741589][T20932] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2874.761214][T20932] RSP: 002b:00007fdb39a02188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2874.769724][T20932] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665e9 [ 2874.777695][T20932] RDX: 00000000fffffdef RSI: 0000000020000480 RDI: 0000000000000003 [ 2874.785665][T20932] RBP: 00007fdb39a021d0 R08: 0000000000000000 R09: 0000000000000000 [ 2874.793636][T20932] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2874.801601][T20932] R13: 00007ffca9e2055f R14: 00007fdb39a02300 R15: 0000000000022000 [ 2874.849638][T20939] loop5: detected capacity change from 0 to 264192 07:39:25 executing program 2 (fault-call:1 fault-nth:73): r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xfffffdef) 07:39:25 executing program 4: socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)) recvmsg$unix(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000280), 0x87, 0x0, 0x0, 0x0, 0x52}, 0x2100) 07:39:25 executing program 3: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xe7) r1 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/mem_sleep', 0x4002, 0x2) r2 = syz_genetlink_get_family_id$team(&(0x7f00000000c0), r0) io_uring_register$IORING_REGISTER_EVENTFD_ASYNC(r1, 0x7, &(0x7f0000000dc0)=r0, 0x1) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000100)) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000140)={'team0\x00', 0x0}) ioctl$sock_ipv6_tunnel_SIOCCHGPRL(r0, 0x89f7, &(0x7f0000000240)={'syztnl1\x00', &(0x7f00000001c0)={'ip6gre0\x00', 0x0, 0x29, 0xab, 0x9, 0x100, 0x55, @empty, @mcast1, 0x40, 0x8, 0xfffffff7, 0x18}}) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r0, 0x89f1, &(0x7f0000000300)={'syztnl2\x00', &(0x7f0000000280)={'sit0\x00', 0x0, 0x29, 0x1f, 0x0, 0x3, 0x20, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', @ipv4={'\x00', '\xff\xff', @loopback}, 0x20, 0x8060, 0x8, 0x6}}) getsockname$packet(r0, &(0x7f0000000340)={0x11, 0x0, 0x0}, &(0x7f0000000380)=0x14) ioctl$sock_ipv6_tunnel_SIOCDELPRL(r0, 0x89f6, &(0x7f0000000440)={'ip6_vti0\x00', &(0x7f00000003c0)={'ip6gre0\x00', 0x0, 0x4, 0x9, 0x92, 0xfff, 0x5, @loopback, @remote, 0x40, 0x700, 0x39c}}) getsockname$packet(r0, &(0x7f0000000480)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f00000004c0)=0x14) getsockname$packet(r0, &(0x7f0000000500)={0x11, 0x0, 0x0}, &(0x7f0000000580)=0x14) sendmsg$TEAM_CMD_NOOP(r1, &(0x7f0000000d00)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000cc0)={&(0x7f0000000e00)={0x688, r2, 0x200, 0x70bd2a, 0x25dfdbfe, {}, [{{0x8}, {0x4}}, {{0x8}, {0x4}}, {{0x8}, {0x4}}, {{0x8}, {0x80, 0x2, 0x0, 0x1, [{0x40, 0x1, @lb_port_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x200}}, {0x8}}}, {0x3c, 0x1, @user_linkup={{{0x24}, {0x5}, {0x4}}, {0x8}}}]}}, {{0x8, 0x1, r3}, {0x16c, 0x2, 0x0, 0x1, [{0x4c, 0x1, @lb_tx_method={{0x24}, {0x5}, {0x19, 0x4, 'hash_to_port_mapping\x00'}}}, {0x38, 0x1, @notify_peers_count={{0x24}, {0x5}, {0x8, 0x4, 0x9a4}}}, {0x38, 0x1, @mcast_rejoin_count={{0x24}, {0x5}, {0x8, 0x4, 0x81}}}, {0x38, 0x1, @activeport={{0x24}, {0x5}, {0x8}}}, {0x3c, 0x1, @user_linkup={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r4}}}, {0x38, 0x1, @mcast_rejoin_interval={{0x24}, {0x5}, {0x8, 0x4, 0x5}}}]}}, {{0x8, 0x1, r5}, {0xbc, 0x2, 0x0, 0x1, [{0x40, 0x1, @lb_tx_hash_to_port_mapping={{{0x24}, {0x5}, {0x8, 0x4, r6}}, {0x8}}}, {0x40, 0x1, @queue_id={{{0x24}, {0x5}, {0x8, 0x4, 0x7}}, {0x8}}}, {0x38, 0x1, @lb_stats_refresh_interval={{0x24}, {0x5}, {0x8}}}]}}, {{0x8, 0x1, r7}, {0xec, 0x2, 0x0, 0x1, [{0x38, 0x1, @notify_peers_interval={{0x24}, {0x5}, {0x8, 0x4, 0x3}}}, {0x40, 0x1, @lb_tx_hash_to_port_mapping={{{0x24}, {0x5}, {0x8}}, {0x8}}}, {0x38, 0x1, @mcast_rejoin_count={{0x24}, {0x5}, {0x8, 0x4, 0xffff7387}}}, {0x38, 0x1, @mcast_rejoin_count={{0x24}, {0x5}, {0x8, 0x4, 0x2}}}]}}, {{0x8, 0x1, r8}, {0x294, 0x2, 0x0, 0x1, [{0x38, 0x1, @activeport={{0x24}, {0x5}, {0x8, 0x4, r5}}}, {0x40, 0x1, @priority={{{0x24}, {0x5}, {0x8, 0x4, 0x91d8}}, {0x8, 0x6, r3}}}, {0x38, 0x1, @notify_peers_count={{0x24}, {0x5}, {0x8, 0x4, 0x2}}}, {0x3c, 0x1, @enabled={{{0x24}, {0x5}, {0x4}}, {0x8}}}, {0x54, 0x1, @bpf_hash_func={{0x24}, {0x5}, {0x24, 0x4, [{0x5, 0x6, 0x5, 0x40}, {0x83, 0x1, 0x86, 0x1}, {0x6, 0x9, 0x3, 0x4}, {0x40, 0x9, 0x6, 0xffffffbe}]}}}, {0x4c, 0x1, @lb_tx_method={{0x24}, {0x5}, {0x19, 0x4, 'hash_to_port_mapping\x00'}}}, {0x44, 0x1, @name={{0x24}, {0x5}, {0x11, 0x4, 'activebackup\x00'}}}, {0x40, 0x1, @priority={{{0x24}, {0x5}, {0x8, 0x4, 0x1}}, {0x8}}}, {0x40, 0x1, @priority={{{0x24}, {0x5}, {0x8, 0x4, 0x2}}, {0x8}}}, {0x40, 0x1, @queue_id={{{0x24}, {0x5}, {0x8, 0x4, 0x401}}, {0x8, 0x6, r9}}}]}}]}, 0x688}, 0x1, 0x0, 0x0, 0x2000c050}, 0x4001) write$nbd(r0, &(0x7f0000000080), 0x10) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TEMPO(r1, 0xc02c5341, &(0x7f0000000d40)) 07:39:25 executing program 0: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0101, 0x0) r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000700), 0x40000, 0x0) select(0x0, 0x0, 0x0, &(0x7f0000000200), &(0x7f0000000240)) r2 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TEAM_CMD_NOOP(r2, &(0x7f00000031c0)={&(0x7f0000002c40)={0x10, 0x0, 0x0, 0x8800200}, 0xc, &(0x7f0000003180)={&(0x7f0000002e80)={0x14}, 0x14}}, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r1, 0x8933, &(0x7f0000000240)={'batadv0\x00', 0x0}) sendmsg$BATADV_CMD_SET_VLAN(r2, &(0x7f0000000200)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000100)={0x54, 0x0, 0x20, 0x70bd2c, 0x25dfdbff, {}, [@BATADV_ATTR_MULTICAST_FANOUT={0x8, 0x3c, 0x456d}, @BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r3}, @BATADV_ATTR_MULTICAST_FORCEFLOOD_ENABLED={0x5, 0x37, 0x1}, @BATADV_ATTR_VLANID={0x6, 0x28, 0x3}, @BATADV_ATTR_GW_SEL_CLASS={0x8, 0x34, 0xff}, @BATADV_ATTR_ELP_INTERVAL={0x8, 0x3a, 0x9}, @BATADV_ATTR_HARD_IFINDEX={0x8}, @BATADV_ATTR_GW_MODE={0x5, 0x33, 0x2}]}, 0x54}, 0x1, 0x0, 0x0, 0x40}, 0x24004000) recvmsg$unix(r1, &(0x7f0000000b80)={&(0x7f0000000740), 0x6e, 0x0}, 0x0) ioctl$SNDRV_SEQ_IOCTL_QUERY_NEXT_CLIENT(r1, 0xc0bc5351, &(0x7f0000000000)={0x80000001, 0x1, 'client1\x00', 0x0, "1b4e8b400921b9c4", "2caa061404a0103353e4f3c2b28639d2b6cad2280d6f0ce1bbfddd2bf60e6f70"}) write$nbd(r0, 0x0, 0xe7) 07:39:25 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfa040000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 07:39:25 executing program 5: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x0, 0x2, &(0x7f0000000440)=[{0x0, 0x0, 0x100000000}, {&(0x7f0000000400)="b6e4ba5e97a999bfce4e9bf4475031d183cbe1", 0x13, 0x3}], 0x204, &(0x7f0000000000)={[{@fat=@time_offset={'time_offset', 0x3d, 0xfffffffffffffc11}}]}) [ 2874.982509][T20976] loop5: detected capacity change from 0 to 264192 [ 2874.990300][T20977] FAULT_INJECTION: forcing a failure. [ 2874.990300][T20977] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 2875.003690][T20977] CPU: 1 PID: 20977 Comm: syz-executor.2 Not tainted 5.14.0-rc4-syzkaller #0 [ 2875.009870][T20976] FAT-fs (loop5): invalid media value (0xe1) [ 2875.012446][T20977] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2875.012459][T20977] Call Trace: [ 2875.012466][T20977] dump_stack_lvl+0xb7/0x103 [ 2875.018441][T20976] FAT-fs (loop5): Can't find a valid FAT filesystem [ 2875.028467][T20977] dump_stack+0x11/0x1a [ 2875.028489][T20977] should_fail+0x23c/0x250 [ 2875.051565][T20977] __alloc_pages+0x102/0x320 [ 2875.056155][T20977] alloc_pages_vma+0x513/0x680 [ 2875.060916][T20977] shmem_getpage_gfp+0x954/0x13d0 [ 2875.065938][T20977] shmem_write_begin+0x7e/0x100 [ 2875.070784][T20977] generic_perform_write+0x196/0x3c0 [ 2875.076101][T20977] ? shmem_write_begin+0x100/0x100 07:39:25 executing program 0: ioctl$TIOCSTI(0xffffffffffffffff, 0x5412, &(0x7f0000000240)=0x22) r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) r1 = pidfd_getfd(0xffffffffffffffff, r0, 0x0) write$nbd(r0, 0x0, 0xe7) write$nbd(r0, &(0x7f0000000000)=ANY=[@ANYBLOB="67446698281b0000aa7b5455ff0100aea0fcac97cd0efc000000"], 0x10) r2 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000040), 0x8400, 0x0) io_uring_register$IORING_REGISTER_EVENTFD_ASYNC(r0, 0x7, &(0x7f0000000080)=r2, 0x1) sendmsg$BATADV_CMD_GET_NEIGHBORS(r1, &(0x7f0000000200)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000100)={0x4c, 0x0, 0x2, 0x70bd2c, 0x25dfdbfe, {}, [@BATADV_ATTR_GW_BANDWIDTH_UP={0x8, 0x32, 0xd3b}, @BATADV_ATTR_GW_BANDWIDTH_DOWN={0x8, 0x31, 0x2}, @BATADV_ATTR_VLANID={0x6, 0x28, 0x1}, @BATADV_ATTR_ORIG_INTERVAL={0x8, 0x39, 0x8001}, @BATADV_ATTR_ISOLATION_MARK={0x8, 0x2b, 0x5}, @BATADV_ATTR_HOP_PENALTY={0x5, 0x35, 0x5}, @BATADV_ATTR_HARD_IFINDEX={0x8}]}, 0x4c}, 0x1, 0x0, 0x0, 0x20044800}, 0x4811) [ 2875.081207][T20977] __generic_file_write_iter+0x161/0x300 [ 2875.086842][T20977] ? generic_write_checks+0x242/0x290 [ 2875.092212][T20977] generic_file_write_iter+0x75/0x130 [ 2875.097583][T20977] vfs_write+0x69d/0x770 [ 2875.101823][T20977] ksys_write+0xce/0x180 [ 2875.106065][T20977] __x64_sys_write+0x3e/0x50 [ 2875.110650][T20977] do_syscall_64+0x3d/0x90 [ 2875.115116][T20977] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 2875.121006][T20977] RIP: 0033:0x4665e9 07:39:26 executing program 4: socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)) recvmsg$unix(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000280), 0x87, 0x0, 0x0, 0x0, 0x52}, 0x2100) 07:39:26 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfb000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 07:39:26 executing program 3: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xe7) r1 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/mem_sleep', 0x4002, 0x2) r2 = syz_genetlink_get_family_id$team(&(0x7f00000000c0), r0) io_uring_register$IORING_REGISTER_EVENTFD_ASYNC(r1, 0x7, &(0x7f0000000dc0)=r0, 0x1) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000100)) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000140)={'team0\x00', 0x0}) ioctl$sock_ipv6_tunnel_SIOCCHGPRL(r0, 0x89f7, &(0x7f0000000240)={'syztnl1\x00', &(0x7f00000001c0)={'ip6gre0\x00', 0x0, 0x29, 0xab, 0x9, 0x100, 0x55, @empty, @mcast1, 0x40, 0x8, 0xfffffff7, 0x18}}) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r0, 0x89f1, &(0x7f0000000300)={'syztnl2\x00', &(0x7f0000000280)={'sit0\x00', 0x0, 0x29, 0x1f, 0x0, 0x3, 0x20, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', @ipv4={'\x00', '\xff\xff', @loopback}, 0x20, 0x8060, 0x8, 0x6}}) getsockname$packet(r0, &(0x7f0000000340)={0x11, 0x0, 0x0}, &(0x7f0000000380)=0x14) ioctl$sock_ipv6_tunnel_SIOCDELPRL(r0, 0x89f6, &(0x7f0000000440)={'ip6_vti0\x00', &(0x7f00000003c0)={'ip6gre0\x00', 0x0, 0x4, 0x9, 0x92, 0xfff, 0x5, @loopback, @remote, 0x40, 0x700, 0x39c}}) getsockname$packet(r0, &(0x7f0000000480)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f00000004c0)=0x14) getsockname$packet(r0, &(0x7f0000000500)={0x11, 0x0, 0x0}, &(0x7f0000000580)=0x14) sendmsg$TEAM_CMD_NOOP(r1, &(0x7f0000000d00)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000cc0)={&(0x7f0000000e00)={0x688, r2, 0x200, 0x70bd2a, 0x25dfdbfe, {}, [{{0x8}, {0x4}}, {{0x8}, {0x4}}, {{0x8}, {0x4}}, {{0x8}, {0x80, 0x2, 0x0, 0x1, [{0x40, 0x1, @lb_port_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x200}}, {0x8}}}, {0x3c, 0x1, @user_linkup={{{0x24}, {0x5}, {0x4}}, {0x8}}}]}}, {{0x8, 0x1, r3}, {0x16c, 0x2, 0x0, 0x1, [{0x4c, 0x1, @lb_tx_method={{0x24}, {0x5}, {0x19, 0x4, 'hash_to_port_mapping\x00'}}}, {0x38, 0x1, @notify_peers_count={{0x24}, {0x5}, {0x8, 0x4, 0x9a4}}}, {0x38, 0x1, @mcast_rejoin_count={{0x24}, {0x5}, {0x8, 0x4, 0x81}}}, {0x38, 0x1, @activeport={{0x24}, {0x5}, {0x8}}}, {0x3c, 0x1, @user_linkup={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r4}}}, {0x38, 0x1, @mcast_rejoin_interval={{0x24}, {0x5}, {0x8, 0x4, 0x5}}}]}}, {{0x8, 0x1, r5}, {0xbc, 0x2, 0x0, 0x1, [{0x40, 0x1, @lb_tx_hash_to_port_mapping={{{0x24}, {0x5}, {0x8, 0x4, r6}}, {0x8}}}, {0x40, 0x1, @queue_id={{{0x24}, {0x5}, {0x8, 0x4, 0x7}}, {0x8}}}, {0x38, 0x1, @lb_stats_refresh_interval={{0x24}, {0x5}, {0x8}}}]}}, {{0x8, 0x1, r7}, {0xec, 0x2, 0x0, 0x1, [{0x38, 0x1, @notify_peers_interval={{0x24}, {0x5}, {0x8, 0x4, 0x3}}}, {0x40, 0x1, @lb_tx_hash_to_port_mapping={{{0x24}, {0x5}, {0x8}}, {0x8}}}, {0x38, 0x1, @mcast_rejoin_count={{0x24}, {0x5}, {0x8, 0x4, 0xffff7387}}}, {0x38, 0x1, @mcast_rejoin_count={{0x24}, {0x5}, {0x8, 0x4, 0x2}}}]}}, {{0x8, 0x1, r8}, {0x294, 0x2, 0x0, 0x1, [{0x38, 0x1, @activeport={{0x24}, {0x5}, {0x8, 0x4, r5}}}, {0x40, 0x1, @priority={{{0x24}, {0x5}, {0x8, 0x4, 0x91d8}}, {0x8, 0x6, r3}}}, {0x38, 0x1, @notify_peers_count={{0x24}, {0x5}, {0x8, 0x4, 0x2}}}, {0x3c, 0x1, @enabled={{{0x24}, {0x5}, {0x4}}, {0x8}}}, {0x54, 0x1, @bpf_hash_func={{0x24}, {0x5}, {0x24, 0x4, [{0x5, 0x6, 0x5, 0x40}, {0x83, 0x1, 0x86, 0x1}, {0x6, 0x9, 0x3, 0x4}, {0x40, 0x9, 0x6, 0xffffffbe}]}}}, {0x4c, 0x1, @lb_tx_method={{0x24}, {0x5}, {0x19, 0x4, 'hash_to_port_mapping\x00'}}}, {0x44, 0x1, @name={{0x24}, {0x5}, {0x11, 0x4, 'activebackup\x00'}}}, {0x40, 0x1, @priority={{{0x24}, {0x5}, {0x8, 0x4, 0x1}}, {0x8}}}, {0x40, 0x1, @priority={{{0x24}, {0x5}, {0x8, 0x4, 0x2}}, {0x8}}}, {0x40, 0x1, @queue_id={{{0x24}, {0x5}, {0x8, 0x4, 0x401}}, {0x8, 0x6, r9}}}]}}]}, 0x688}, 0x1, 0x0, 0x0, 0x2000c050}, 0x4001) write$nbd(r0, &(0x7f0000000080), 0x10) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TEMPO(r1, 0xc02c5341, &(0x7f0000000d40)) [ 2875.124888][T20977] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2875.144486][T20977] RSP: 002b:00007fdb39a02188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2875.152921][T20977] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665e9 [ 2875.161023][T20977] RDX: 00000000fffffdef RSI: 0000000020000480 RDI: 0000000000000003 [ 2875.168988][T20977] RBP: 00007fdb39a021d0 R08: 0000000000000000 R09: 0000000000000000 07:39:26 executing program 4: socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)) recvmsg$unix(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000280), 0x87, 0x0, 0x0, 0x0, 0x52}, 0x2100) [ 2875.176955][T20977] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2875.184918][T20977] R13: 00007ffca9e2055f R14: 00007fdb39a02300 R15: 0000000000022000 [ 2875.215620][T20976] loop5: detected capacity change from 0 to 264192 07:39:26 executing program 3: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xe7) r1 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/mem_sleep', 0x4002, 0x2) r2 = syz_genetlink_get_family_id$team(&(0x7f00000000c0), r0) io_uring_register$IORING_REGISTER_EVENTFD_ASYNC(r1, 0x7, &(0x7f0000000dc0)=r0, 0x1) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000100)) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000140)={'team0\x00', 0x0}) ioctl$sock_ipv6_tunnel_SIOCCHGPRL(r0, 0x89f7, &(0x7f0000000240)={'syztnl1\x00', &(0x7f00000001c0)={'ip6gre0\x00', 0x0, 0x29, 0xab, 0x9, 0x100, 0x55, @empty, @mcast1, 0x40, 0x8, 0xfffffff7, 0x18}}) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r0, 0x89f1, &(0x7f0000000300)={'syztnl2\x00', &(0x7f0000000280)={'sit0\x00', 0x0, 0x29, 0x1f, 0x0, 0x3, 0x20, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', @ipv4={'\x00', '\xff\xff', @loopback}, 0x20, 0x8060, 0x8, 0x6}}) getsockname$packet(r0, &(0x7f0000000340)={0x11, 0x0, 0x0}, &(0x7f0000000380)=0x14) ioctl$sock_ipv6_tunnel_SIOCDELPRL(r0, 0x89f6, &(0x7f0000000440)={'ip6_vti0\x00', &(0x7f00000003c0)={'ip6gre0\x00', 0x0, 0x4, 0x9, 0x92, 0xfff, 0x5, @loopback, @remote, 0x40, 0x700, 0x39c}}) getsockname$packet(r0, &(0x7f0000000480)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f00000004c0)=0x14) getsockname$packet(r0, &(0x7f0000000500)={0x11, 0x0, 0x0}, &(0x7f0000000580)=0x14) sendmsg$TEAM_CMD_NOOP(r1, &(0x7f0000000d00)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000cc0)={&(0x7f0000000e00)={0x688, r2, 0x200, 0x70bd2a, 0x25dfdbfe, {}, [{{0x8}, {0x4}}, {{0x8}, {0x4}}, {{0x8}, {0x4}}, {{0x8}, {0x80, 0x2, 0x0, 0x1, [{0x40, 0x1, @lb_port_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x200}}, {0x8}}}, {0x3c, 0x1, @user_linkup={{{0x24}, {0x5}, {0x4}}, {0x8}}}]}}, {{0x8, 0x1, r3}, {0x16c, 0x2, 0x0, 0x1, [{0x4c, 0x1, @lb_tx_method={{0x24}, {0x5}, {0x19, 0x4, 'hash_to_port_mapping\x00'}}}, {0x38, 0x1, @notify_peers_count={{0x24}, {0x5}, {0x8, 0x4, 0x9a4}}}, {0x38, 0x1, @mcast_rejoin_count={{0x24}, {0x5}, {0x8, 0x4, 0x81}}}, {0x38, 0x1, @activeport={{0x24}, {0x5}, {0x8}}}, {0x3c, 0x1, @user_linkup={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r4}}}, {0x38, 0x1, @mcast_rejoin_interval={{0x24}, {0x5}, {0x8, 0x4, 0x5}}}]}}, {{0x8, 0x1, r5}, {0xbc, 0x2, 0x0, 0x1, [{0x40, 0x1, @lb_tx_hash_to_port_mapping={{{0x24}, {0x5}, {0x8, 0x4, r6}}, {0x8}}}, {0x40, 0x1, @queue_id={{{0x24}, {0x5}, {0x8, 0x4, 0x7}}, {0x8}}}, {0x38, 0x1, @lb_stats_refresh_interval={{0x24}, {0x5}, {0x8}}}]}}, {{0x8, 0x1, r7}, {0xec, 0x2, 0x0, 0x1, [{0x38, 0x1, @notify_peers_interval={{0x24}, {0x5}, {0x8, 0x4, 0x3}}}, {0x40, 0x1, @lb_tx_hash_to_port_mapping={{{0x24}, {0x5}, {0x8}}, {0x8}}}, {0x38, 0x1, @mcast_rejoin_count={{0x24}, {0x5}, {0x8, 0x4, 0xffff7387}}}, {0x38, 0x1, @mcast_rejoin_count={{0x24}, {0x5}, {0x8, 0x4, 0x2}}}]}}, {{0x8, 0x1, r8}, {0x294, 0x2, 0x0, 0x1, [{0x38, 0x1, @activeport={{0x24}, {0x5}, {0x8, 0x4, r5}}}, {0x40, 0x1, @priority={{{0x24}, {0x5}, {0x8, 0x4, 0x91d8}}, {0x8, 0x6, r3}}}, {0x38, 0x1, @notify_peers_count={{0x24}, {0x5}, {0x8, 0x4, 0x2}}}, {0x3c, 0x1, @enabled={{{0x24}, {0x5}, {0x4}}, {0x8}}}, {0x54, 0x1, @bpf_hash_func={{0x24}, {0x5}, {0x24, 0x4, [{0x5, 0x6, 0x5, 0x40}, {0x83, 0x1, 0x86, 0x1}, {0x6, 0x9, 0x3, 0x4}, {0x40, 0x9, 0x6, 0xffffffbe}]}}}, {0x4c, 0x1, @lb_tx_method={{0x24}, {0x5}, {0x19, 0x4, 'hash_to_port_mapping\x00'}}}, {0x44, 0x1, @name={{0x24}, {0x5}, {0x11, 0x4, 'activebackup\x00'}}}, {0x40, 0x1, @priority={{{0x24}, {0x5}, {0x8, 0x4, 0x1}}, {0x8}}}, {0x40, 0x1, @priority={{{0x24}, {0x5}, {0x8, 0x4, 0x2}}, {0x8}}}, {0x40, 0x1, @queue_id={{{0x24}, {0x5}, {0x8, 0x4, 0x401}}, {0x8, 0x6, r9}}}]}}]}, 0x688}, 0x1, 0x0, 0x0, 0x2000c050}, 0x4001) write$nbd(r0, &(0x7f0000000080), 0x10) 07:39:26 executing program 2 (fault-call:1 fault-nth:74): r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xfffffdef) 07:39:26 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfb010000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 07:39:26 executing program 4: socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) recvmsg$unix(r0, 0x0, 0x2100) [ 2875.287603][T20976] FAT-fs (loop5): invalid media value (0xe1) [ 2875.293640][T20976] FAT-fs (loop5): Can't find a valid FAT filesystem [ 2875.337112][T21011] FAULT_INJECTION: forcing a failure. [ 2875.337112][T21011] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2875.350262][T21011] CPU: 0 PID: 21011 Comm: syz-executor.2 Not tainted 5.14.0-rc4-syzkaller #0 [ 2875.359057][T21011] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2875.369109][T21011] Call Trace: [ 2875.372427][T21011] dump_stack_lvl+0xb7/0x103 [ 2875.377017][T21011] dump_stack+0x11/0x1a [ 2875.381168][T21011] should_fail+0x23c/0x250 [ 2875.385577][T21011] should_fail_usercopy+0x16/0x20 [ 2875.390680][T21011] copy_page_from_iter_atomic+0x2c1/0xba0 [ 2875.396458][T21011] ? shmem_write_begin+0x7e/0x100 [ 2875.401543][T21011] generic_perform_write+0x1df/0x3c0 [ 2875.406813][T21011] ? shmem_write_begin+0x100/0x100 [ 2875.411948][T21011] __generic_file_write_iter+0x161/0x300 [ 2875.417565][T21011] ? generic_write_checks+0x242/0x290 [ 2875.422925][T21011] generic_file_write_iter+0x75/0x130 [ 2875.428363][T21011] vfs_write+0x69d/0x770 [ 2875.432589][T21011] ksys_write+0xce/0x180 [ 2875.436815][T21011] __x64_sys_write+0x3e/0x50 [ 2875.441389][T21011] do_syscall_64+0x3d/0x90 [ 2875.445789][T21011] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 2875.451719][T21011] RIP: 0033:0x4665e9 [ 2875.455591][T21011] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2875.475255][T21011] RSP: 002b:00007fdb39a02188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 07:39:26 executing program 3: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xe7) r1 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/mem_sleep', 0x4002, 0x2) r2 = syz_genetlink_get_family_id$team(&(0x7f00000000c0), r0) io_uring_register$IORING_REGISTER_EVENTFD_ASYNC(r1, 0x7, &(0x7f0000000dc0)=r0, 0x1) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000100)) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000140)={'team0\x00', 0x0}) ioctl$sock_ipv6_tunnel_SIOCCHGPRL(r0, 0x89f7, &(0x7f0000000240)={'syztnl1\x00', &(0x7f00000001c0)={'ip6gre0\x00', 0x0, 0x29, 0xab, 0x9, 0x100, 0x55, @empty, @mcast1, 0x40, 0x8, 0xfffffff7, 0x18}}) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r0, 0x89f1, &(0x7f0000000300)={'syztnl2\x00', &(0x7f0000000280)={'sit0\x00', 0x0, 0x29, 0x1f, 0x0, 0x3, 0x20, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', @ipv4={'\x00', '\xff\xff', @loopback}, 0x20, 0x8060, 0x8, 0x6}}) getsockname$packet(r0, &(0x7f0000000340)={0x11, 0x0, 0x0}, &(0x7f0000000380)=0x14) ioctl$sock_ipv6_tunnel_SIOCDELPRL(r0, 0x89f6, &(0x7f0000000440)={'ip6_vti0\x00', &(0x7f00000003c0)={'ip6gre0\x00', 0x0, 0x4, 0x9, 0x92, 0xfff, 0x5, @loopback, @remote, 0x40, 0x700, 0x39c}}) getsockname$packet(r0, &(0x7f0000000480)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f00000004c0)=0x14) getsockname$packet(r0, &(0x7f0000000500)={0x11, 0x0, 0x0}, &(0x7f0000000580)=0x14) sendmsg$TEAM_CMD_NOOP(r1, &(0x7f0000000d00)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000cc0)={&(0x7f0000000e00)={0x688, r2, 0x200, 0x70bd2a, 0x25dfdbfe, {}, [{{0x8}, {0x4}}, {{0x8}, {0x4}}, {{0x8}, {0x4}}, {{0x8}, {0x80, 0x2, 0x0, 0x1, [{0x40, 0x1, @lb_port_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x200}}, {0x8}}}, {0x3c, 0x1, @user_linkup={{{0x24}, {0x5}, {0x4}}, {0x8}}}]}}, {{0x8, 0x1, r3}, {0x16c, 0x2, 0x0, 0x1, [{0x4c, 0x1, @lb_tx_method={{0x24}, {0x5}, {0x19, 0x4, 'hash_to_port_mapping\x00'}}}, {0x38, 0x1, @notify_peers_count={{0x24}, {0x5}, {0x8, 0x4, 0x9a4}}}, {0x38, 0x1, @mcast_rejoin_count={{0x24}, {0x5}, {0x8, 0x4, 0x81}}}, {0x38, 0x1, @activeport={{0x24}, {0x5}, {0x8}}}, {0x3c, 0x1, @user_linkup={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r4}}}, {0x38, 0x1, @mcast_rejoin_interval={{0x24}, {0x5}, {0x8, 0x4, 0x5}}}]}}, {{0x8, 0x1, r5}, {0xbc, 0x2, 0x0, 0x1, [{0x40, 0x1, @lb_tx_hash_to_port_mapping={{{0x24}, {0x5}, {0x8, 0x4, r6}}, {0x8}}}, {0x40, 0x1, @queue_id={{{0x24}, {0x5}, {0x8, 0x4, 0x7}}, {0x8}}}, {0x38, 0x1, @lb_stats_refresh_interval={{0x24}, {0x5}, {0x8}}}]}}, {{0x8, 0x1, r7}, {0xec, 0x2, 0x0, 0x1, [{0x38, 0x1, @notify_peers_interval={{0x24}, {0x5}, {0x8, 0x4, 0x3}}}, {0x40, 0x1, @lb_tx_hash_to_port_mapping={{{0x24}, {0x5}, {0x8}}, {0x8}}}, {0x38, 0x1, @mcast_rejoin_count={{0x24}, {0x5}, {0x8, 0x4, 0xffff7387}}}, {0x38, 0x1, @mcast_rejoin_count={{0x24}, {0x5}, {0x8, 0x4, 0x2}}}]}}, {{0x8, 0x1, r8}, {0x294, 0x2, 0x0, 0x1, [{0x38, 0x1, @activeport={{0x24}, {0x5}, {0x8, 0x4, r5}}}, {0x40, 0x1, @priority={{{0x24}, {0x5}, {0x8, 0x4, 0x91d8}}, {0x8, 0x6, r3}}}, {0x38, 0x1, @notify_peers_count={{0x24}, {0x5}, {0x8, 0x4, 0x2}}}, {0x3c, 0x1, @enabled={{{0x24}, {0x5}, {0x4}}, {0x8}}}, {0x54, 0x1, @bpf_hash_func={{0x24}, {0x5}, {0x24, 0x4, [{0x5, 0x6, 0x5, 0x40}, {0x83, 0x1, 0x86, 0x1}, {0x6, 0x9, 0x3, 0x4}, {0x40, 0x9, 0x6, 0xffffffbe}]}}}, {0x4c, 0x1, @lb_tx_method={{0x24}, {0x5}, {0x19, 0x4, 'hash_to_port_mapping\x00'}}}, {0x44, 0x1, @name={{0x24}, {0x5}, {0x11, 0x4, 'activebackup\x00'}}}, {0x40, 0x1, @priority={{{0x24}, {0x5}, {0x8, 0x4, 0x1}}, {0x8}}}, {0x40, 0x1, @priority={{{0x24}, {0x5}, {0x8, 0x4, 0x2}}, {0x8}}}, {0x40, 0x1, @queue_id={{{0x24}, {0x5}, {0x8, 0x4, 0x401}}, {0x8, 0x6, r9}}}]}}]}, 0x688}, 0x1, 0x0, 0x0, 0x2000c050}, 0x4001) 07:39:26 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfb020000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 2875.483649][T21011] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665e9 [ 2875.491670][T21011] RDX: 00000000fffffdef RSI: 0000000020000480 RDI: 0000000000000003 [ 2875.499643][T21011] RBP: 00007fdb39a021d0 R08: 0000000000000000 R09: 0000000000000000 [ 2875.507597][T21011] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2875.515551][T21011] R13: 00007ffca9e2055f R14: 00007fdb39a02300 R15: 0000000000022000 07:39:26 executing program 5: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x0, 0x2, &(0x7f0000000440)=[{0x0, 0x0, 0x100000000}, {&(0x7f0000000400)="b6e4ba5e97a999bfce4e9bf4475031d183cbe1", 0x13, 0x3}], 0x243, &(0x7f0000000000)={[{@fat=@time_offset={'time_offset', 0x3d, 0xfffffffffffffc11}}]}) 07:39:26 executing program 0: r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/module/msr', 0x117044, 0x100) bind$netlink(r0, &(0x7f0000000040)={0x10, 0x0, 0x25dfdbfe, 0x800}, 0xc) r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r1, 0x0, 0xe7) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0}, &(0x7f0000000140)=0x14) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f00000001c0)={'batadv_slave_1\x00', 0x0}) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r1, 0x8933, &(0x7f0000000200)={'batadv0\x00', 0x0}) ioctl$sock_ipv6_tunnel_SIOCCHGPRL(r0, 0x89f7, &(0x7f00000002c0)={'ip6_vti0\x00', &(0x7f0000000240)={'ip6_vti0\x00', 0x0, 0x79, 0x1, 0x3, 0x7ff, 0x5e, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', @remote, 0x700, 0x10, 0x5, 0x8000}}) ioctl$ifreq_SIOCGIFINDEX_team(r1, 0x8933, &(0x7f0000000300)={'team0\x00', 0x0}) sendmsg$TEAM_CMD_PORT_LIST_GET(0xffffffffffffffff, &(0x7f0000000bc0)={&(0x7f0000000ac0)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000b80)={&(0x7f0000000b00)={0x58, 0x0, 0x1, 0x70bd28, 0x25dfdbfe, {}, [{{0x8, 0x1, r5}, {0x3c, 0x2, 0x0, 0x1, [{0x38, 0x1, @notify_peers_count={{0x24}, {0x5}, {0x8, 0x4, 0x6}}}]}}]}, 0x58}, 0x1, 0x0, 0x0, 0x20048040}, 0x10) ioctl$sock_ipv6_tunnel_SIOCGET6RD(0xffffffffffffffff, 0x89f8, &(0x7f00000003c0)={'syztnl1\x00', &(0x7f0000000340)={'syztnl1\x00', 0x0, 0x0, 0x0, 0x3, 0x5, 0x40, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @local, 0x1, 0x0, 0x5, 0x9af}}) getsockname$packet(r0, &(0x7f0000000400)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @multicast}, &(0x7f0000000440)=0x14) sendmsg$TEAM_CMD_OPTIONS_SET(r0, &(0x7f0000000a80)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x1000008}, 0xc, &(0x7f0000000a40)={&(0x7f0000000480)={0x588, 0x0, 0x1, 0x70bd2a, 0x25dfdbff, {}, [{{0x8, 0x1, r2}, {0x104, 0x2, 0x0, 0x1, [{0x40, 0x1, @queue_id={{{0x24}, {0x5}, {0x8, 0x4, 0x5}}, {0x8, 0x6, r3}}}, {0x3c, 0x1, @bpf_hash_func={{0x24}, {0x5}, {0xc, 0x4, [{0x9d, 0x3f, 0x2, 0x7f}]}}}, {0x4c, 0x1, @lb_tx_method={{0x24}, {0x5}, {0x19, 0x4, 'hash_to_port_mapping\x00'}}}, {0x38, 0x1, @notify_peers_interval={{0x24}, {0x5}, {0x8, 0x4, 0x5}}}]}}, {{0x8}, {0x1b8, 0x2, 0x0, 0x1, [{0x3c, 0x1, @name={{0x24}, {0x5}, {0xb, 0x4, 'random\x00'}}}, {0x3c, 0x1, @user_linkup_enabled={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r4}}}, {0x40, 0x1, @priority={{{0x24}, {0x5}, {0x8, 0x4, 0x5}}, {0x8}}}, {0x38, 0x1, @lb_stats_refresh_interval={{0x24}, {0x5}, {0x8, 0x4, 0x6}}}, {0x40, 0x1, @name={{0x24}, {0x5}, {0xf, 0x4, 'roundrobin\x00'}}}, {0x4c, 0x1, @lb_tx_method={{0x24}, {0x5}, {0x19, 0x4, 'hash_to_port_mapping\x00'}}}, {0x38, 0x1, @activeport={{0x24}, {0x5}, {0x8, 0x4, r4}}}]}}, {{0x8, 0x1, r5}, {0x100, 0x2, 0x0, 0x1, [{0x40, 0x1, @lb_hash_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x9f6c}}, {0x8}}}, {0x40, 0x1, @priority={{{0x24}, {0x5}, {0x8, 0x4, 0x80000001}}, {0x8}}}, {0x3c, 0x1, @user_linkup={{{0x24}, {0x5}, {0x4}}, {0x8}}}, {0x40, 0x1, @lb_tx_hash_to_port_mapping={{{0x24}, {0x5}, {0x8}}, {0x8}}}]}}, {{0x8, 0x1, r6}, {0x44, 0x2, 0x0, 0x1, [{0x40, 0x1, @queue_id={{{0x24}, {0x5}, {0x8, 0x4, 0x2}}, {0x8}}}]}}, {{0x8, 0x1, r7}, {0x108, 0x2, 0x0, 0x1, [{0x4c, 0x1, @bpf_hash_func={{0x24}, {0x5}, {0x1c, 0x4, [{0x1ff, 0x5, 0x81, 0x7fff}, {0x3, 0x3, 0x2, 0x2}, {0x2, 0x7, 0x4, 0x2}]}}}, {0x3c, 0x1, @lb_tx_method={{0x24}, {0x5}, {0x9, 0x4, 'hash\x00'}}}, {0x40, 0x1, @name={{0x24}, {0x5}, {0xe, 0x4, 'broadcast\x00'}}}, {0x3c, 0x1, @bpf_hash_func={{0x24}, {0x5}, {0xc, 0x4, [{0x1f, 0x1, 0x3, 0x3}]}}}]}}, {{0x8}, {0x3c, 0x2, 0x0, 0x1, [{0x38, 0x1, @mcast_rejoin_count={{0x24}, {0x5}, {0x8, 0x4, 0x518}}}]}}]}, 0x588}, 0x1, 0x0, 0x0, 0x82}, 0x20008000) write$nbd(r1, &(0x7f0000000080), 0x10) 07:39:26 executing program 4: socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) recvmsg$unix(r0, 0x0, 0x2100) 07:39:26 executing program 3: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xe7) r1 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/mem_sleep', 0x4002, 0x2) syz_genetlink_get_family_id$team(&(0x7f00000000c0), r0) io_uring_register$IORING_REGISTER_EVENTFD_ASYNC(r1, 0x7, &(0x7f0000000dc0)=r0, 0x1) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000100)) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000140)) ioctl$sock_ipv6_tunnel_SIOCCHGPRL(r0, 0x89f7, &(0x7f0000000240)={'syztnl1\x00', &(0x7f00000001c0)={'ip6gre0\x00', 0x0, 0x29, 0xab, 0x9, 0x100, 0x55, @empty, @mcast1, 0x40, 0x8, 0xfffffff7, 0x18}}) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r0, 0x89f1, &(0x7f0000000300)={'syztnl2\x00', &(0x7f0000000280)={'sit0\x00', 0x0, 0x29, 0x1f, 0x0, 0x3, 0x20, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', @ipv4={'\x00', '\xff\xff', @loopback}, 0x20, 0x8060, 0x8, 0x6}}) getsockname$packet(r0, &(0x7f0000000340), &(0x7f0000000380)=0x14) ioctl$sock_ipv6_tunnel_SIOCDELPRL(r0, 0x89f6, &(0x7f0000000440)={'ip6_vti0\x00', &(0x7f00000003c0)={'ip6gre0\x00', 0x0, 0x4, 0x9, 0x92, 0xfff, 0x5, @loopback, @remote, 0x40, 0x700, 0x39c}}) getsockname$packet(r0, &(0x7f0000000480)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f00000004c0)=0x14) getsockname$packet(r0, &(0x7f0000000500), &(0x7f0000000580)=0x14) 07:39:26 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfb030000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 07:39:26 executing program 3: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xe7) r1 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/mem_sleep', 0x4002, 0x2) syz_genetlink_get_family_id$team(&(0x7f00000000c0), r0) io_uring_register$IORING_REGISTER_EVENTFD_ASYNC(r1, 0x7, &(0x7f0000000dc0)=r0, 0x1) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000100)) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000140)) ioctl$sock_ipv6_tunnel_SIOCCHGPRL(r0, 0x89f7, &(0x7f0000000240)={'syztnl1\x00', &(0x7f00000001c0)={'ip6gre0\x00', 0x0, 0x29, 0xab, 0x9, 0x100, 0x55, @empty, @mcast1, 0x40, 0x8, 0xfffffff7, 0x18}}) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r0, 0x89f1, &(0x7f0000000300)={'syztnl2\x00', &(0x7f0000000280)={'sit0\x00', 0x0, 0x29, 0x1f, 0x0, 0x3, 0x20, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', @ipv4={'\x00', '\xff\xff', @loopback}, 0x20, 0x8060, 0x8, 0x6}}) getsockname$packet(r0, &(0x7f0000000340), &(0x7f0000000380)=0x14) ioctl$sock_ipv6_tunnel_SIOCDELPRL(r0, 0x89f6, &(0x7f0000000440)={'ip6_vti0\x00', &(0x7f00000003c0)={'ip6gre0\x00', 0x0, 0x4, 0x9, 0x92, 0xfff, 0x5, @loopback, @remote, 0x40, 0x700, 0x39c}}) getsockname$packet(r0, &(0x7f0000000480)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f00000004c0)=0x14) 07:39:26 executing program 4: socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) recvmsg$unix(r0, 0x0, 0x2100) 07:39:26 executing program 2 (fault-call:1 fault-nth:75): r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xfffffdef) 07:39:26 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfb040000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 07:39:26 executing program 0: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, 0x0, 0xe7) write$nbd(r0, &(0x7f0000000000)=ANY=[@ANYBLOB="67446698000000000080000002000000626110d2e6fb18dca7a8b2b3dcc1b464dc52d3610ccabcf9dd809b4a90cacc8c6278b8c5f34d4192b8f5f4493cf837b4a9b6b7a682beb2bfe87f8377a203e4a77748b943339c2ca438cebaf8085e21bf"], 0x10) 07:39:26 executing program 3: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xe7) r1 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/mem_sleep', 0x4002, 0x2) syz_genetlink_get_family_id$team(&(0x7f00000000c0), r0) io_uring_register$IORING_REGISTER_EVENTFD_ASYNC(r1, 0x7, &(0x7f0000000dc0)=r0, 0x1) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000100)) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000140)) ioctl$sock_ipv6_tunnel_SIOCCHGPRL(r0, 0x89f7, &(0x7f0000000240)={'syztnl1\x00', &(0x7f00000001c0)={'ip6gre0\x00', 0x0, 0x29, 0xab, 0x9, 0x100, 0x55, @empty, @mcast1, 0x40, 0x8, 0xfffffff7, 0x18}}) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r0, 0x89f1, &(0x7f0000000300)={'syztnl2\x00', &(0x7f0000000280)={'sit0\x00', 0x0, 0x29, 0x1f, 0x0, 0x3, 0x20, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', @ipv4={'\x00', '\xff\xff', @loopback}, 0x20, 0x8060, 0x8, 0x6}}) getsockname$packet(r0, &(0x7f0000000340), &(0x7f0000000380)=0x14) ioctl$sock_ipv6_tunnel_SIOCDELPRL(r0, 0x89f6, &(0x7f0000000440)={'ip6_vti0\x00', &(0x7f00000003c0)={'ip6gre0\x00', 0x0, 0x4, 0x9, 0x92, 0xfff, 0x5, @loopback, @remote, 0x40, 0x700, 0x39c}}) 07:39:26 executing program 4: socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) recvmsg$unix(r0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x2100) [ 2875.754373][T21044] loop5: detected capacity change from 0 to 264192 [ 2875.781870][T21044] FAT-fs (loop5): invalid media value (0xe1) [ 2875.787884][T21044] FAT-fs (loop5): Can't find a valid FAT filesystem [ 2875.846698][T21059] FAULT_INJECTION: forcing a failure. [ 2875.846698][T21059] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 2875.860014][T21059] CPU: 0 PID: 21059 Comm: syz-executor.2 Not tainted 5.14.0-rc4-syzkaller #0 [ 2875.868772][T21059] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2875.878820][T21059] Call Trace: [ 2875.882088][T21059] dump_stack_lvl+0xb7/0x103 [ 2875.886669][T21059] dump_stack+0x11/0x1a [ 2875.890874][T21059] should_fail+0x23c/0x250 [ 2875.895305][T21059] __alloc_pages+0x102/0x320 [ 2875.899882][T21059] alloc_pages_vma+0x513/0x680 [ 2875.904706][T21059] shmem_getpage_gfp+0x954/0x13d0 [ 2875.909717][T21059] shmem_write_begin+0x7e/0x100 [ 2875.914547][T21059] generic_perform_write+0x196/0x3c0 [ 2875.919858][T21059] ? shmem_write_begin+0x100/0x100 [ 2875.924964][T21059] __generic_file_write_iter+0x161/0x300 [ 2875.930598][T21059] ? generic_write_checks+0x242/0x290 [ 2875.936061][T21059] generic_file_write_iter+0x75/0x130 [ 2875.941730][T21059] vfs_write+0x69d/0x770 [ 2875.945968][T21059] ksys_write+0xce/0x180 [ 2875.950381][T21059] __x64_sys_write+0x3e/0x50 [ 2875.954951][T21059] do_syscall_64+0x3d/0x90 [ 2875.959365][T21059] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 2875.965246][T21059] RIP: 0033:0x4665e9 [ 2875.969121][T21059] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2875.988727][T21059] RSP: 002b:00007fdb39a02188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 07:39:26 executing program 5: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x0, 0x2, &(0x7f0000000440)=[{0x0, 0x0, 0x100000000}, {&(0x7f0000000400)="b6e4ba5e97a999bfce4e9bf4475031d183cbe1", 0x13, 0x3}], 0x244, &(0x7f0000000000)={[{@fat=@time_offset={'time_offset', 0x3d, 0xfffffffffffffc11}}]}) 07:39:26 executing program 3: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xe7) r1 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/mem_sleep', 0x4002, 0x2) syz_genetlink_get_family_id$team(&(0x7f00000000c0), r0) io_uring_register$IORING_REGISTER_EVENTFD_ASYNC(r1, 0x7, &(0x7f0000000dc0)=r0, 0x1) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000100)) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000140)) ioctl$sock_ipv6_tunnel_SIOCCHGPRL(r0, 0x89f7, &(0x7f0000000240)={'syztnl1\x00', &(0x7f00000001c0)={'ip6gre0\x00', 0x0, 0x29, 0xab, 0x9, 0x100, 0x55, @empty, @mcast1, 0x40, 0x8, 0xfffffff7, 0x18}}) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r0, 0x89f1, &(0x7f0000000300)={'syztnl2\x00', &(0x7f0000000280)={'sit0\x00', 0x0, 0x29, 0x1f, 0x0, 0x3, 0x20, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', @ipv4={'\x00', '\xff\xff', @loopback}, 0x20, 0x8060, 0x8, 0x6}}) getsockname$packet(r0, &(0x7f0000000340), &(0x7f0000000380)=0x14) 07:39:26 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfc000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 2875.997131][T21059] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665e9 [ 2876.005099][T21059] RDX: 00000000fffffdef RSI: 0000000020000480 RDI: 0000000000000003 [ 2876.013079][T21059] RBP: 00007fdb39a021d0 R08: 0000000000000000 R09: 0000000000000000 [ 2876.021032][T21059] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2876.029019][T21059] R13: 00007ffca9e2055f R14: 00007fdb39a02300 R15: 0000000000022000 07:39:27 executing program 2 (fault-call:1 fault-nth:76): r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xfffffdef) 07:39:27 executing program 0: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, 0x0, 0xe7) write$nbd(r0, &(0x7f00000000c0)={0x67446698, 0x0, 0x0, 0xffee, 0xffffffff, "120989d7133a693b8cf100829ca43c01ae97d6f641ddc8b795c44f1a3db92207df56caa7e927ceb729b1240aa78b608292c02c06e22904dd9a4ca701b03f977c8128c21150df99641460bfd34590aee811db92389c0aad8278a835757a73605c6248e91eda1da8b32cb7d34b3dc8f543df9dc7b897604ecc2ec22152f627534c6c4791ef77890c67b63a961c6d66865e3b5295600fbb5db5678f801851528822e61e6313070f9b0384"}, 0xb9) syz_open_dev$ttys(0xc, 0x2, 0x0) socket(0x2c, 0xa, 0x18000000) r1 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$batadv(&(0x7f0000000040), r1) sendmsg$TEAM_CMD_NOOP(r1, &(0x7f00000031c0)={&(0x7f0000002c40)={0x10, 0x0, 0x0, 0x8800200}, 0xc, &(0x7f0000003180)={&(0x7f0000002e80)=ANY=[@ANYBLOB='\x00\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB='\x00'/14], 0x14}}, 0x0) r2 = openat$nvram(0xffffffffffffff9c, &(0x7f0000001500), 0xc0000, 0x0) write$nbd(r2, &(0x7f0000001540)={0x67446698, 0x0, 0x3, 0x3, 0x3, "f05f0a1b57ea1b1f7826a4c12a8b7aecd9ee143fb228b925f528a3aa2f466e7fd6789facd0383f0370f7813c9a512c55012e6e7dcd2217ea9bda9a5131e0b9ad5676d79bd6cc0dea661a5769a572b12f86a56c2e97b55346c0bb9e"}, 0x6b) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000080)) syz_genetlink_get_family_id$batadv(&(0x7f0000000000), r1) 07:39:27 executing program 3: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xe7) r1 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/mem_sleep', 0x4002, 0x2) syz_genetlink_get_family_id$team(&(0x7f00000000c0), r0) io_uring_register$IORING_REGISTER_EVENTFD_ASYNC(r1, 0x7, &(0x7f0000000dc0)=r0, 0x1) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000100)) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000140)) ioctl$sock_ipv6_tunnel_SIOCCHGPRL(r0, 0x89f7, &(0x7f0000000240)={'syztnl1\x00', &(0x7f00000001c0)={'ip6gre0\x00', 0x0, 0x29, 0xab, 0x9, 0x100, 0x55, @empty, @mcast1, 0x40, 0x8, 0xfffffff7, 0x18}}) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r0, 0x89f1, &(0x7f0000000300)={'syztnl2\x00', &(0x7f0000000280)={'sit0\x00', 0x0, 0x29, 0x1f, 0x0, 0x3, 0x20, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', @ipv4={'\x00', '\xff\xff', @loopback}, 0x20, 0x8060, 0x8, 0x6}}) 07:39:27 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfc010000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 2876.140717][T21077] loop5: detected capacity change from 0 to 264192 [ 2876.158505][T21083] FAULT_INJECTION: forcing a failure. [ 2876.158505][T21083] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2876.171666][T21083] CPU: 0 PID: 21083 Comm: syz-executor.2 Not tainted 5.14.0-rc4-syzkaller #0 [ 2876.180423][T21083] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 07:39:27 executing program 3: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xe7) r1 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/mem_sleep', 0x4002, 0x2) syz_genetlink_get_family_id$team(&(0x7f00000000c0), r0) io_uring_register$IORING_REGISTER_EVENTFD_ASYNC(r1, 0x7, &(0x7f0000000dc0)=r0, 0x1) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000100)) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000140)) ioctl$sock_ipv6_tunnel_SIOCCHGPRL(r0, 0x89f7, &(0x7f0000000240)={'syztnl1\x00', &(0x7f00000001c0)={'ip6gre0\x00', 0x0, 0x29, 0xab, 0x9, 0x100, 0x55, @empty, @mcast1, 0x40, 0x8, 0xfffffff7, 0x18}}) 07:39:27 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfc020000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 2876.190486][T21083] Call Trace: [ 2876.193785][T21083] dump_stack_lvl+0xb7/0x103 [ 2876.198379][T21083] dump_stack+0x11/0x1a [ 2876.202535][T21083] should_fail+0x23c/0x250 [ 2876.207030][T21083] should_fail_usercopy+0x16/0x20 [ 2876.212169][T21083] copy_page_from_iter_atomic+0x2c1/0xba0 [ 2876.217903][T21083] ? shmem_write_begin+0x7e/0x100 [ 2876.223018][T21083] generic_perform_write+0x1df/0x3c0 [ 2876.228311][T21083] ? shmem_write_begin+0x100/0x100 [ 2876.233421][T21083] __generic_file_write_iter+0x161/0x300 [ 2876.239082][T21083] ? generic_write_checks+0x242/0x290 [ 2876.244466][T21083] generic_file_write_iter+0x75/0x130 [ 2876.245688][T21077] FAT-fs (loop5): invalid media value (0xe1) [ 2876.249848][T21083] vfs_write+0x69d/0x770 [ 2876.249885][T21083] ksys_write+0xce/0x180 [ 2876.249901][T21083] __x64_sys_write+0x3e/0x50 [ 2876.255869][T21077] FAT-fs (loop5): Can't find a valid FAT filesystem [ 2876.260092][T21083] do_syscall_64+0x3d/0x90 [ 2876.260116][T21083] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 2876.285802][T21083] RIP: 0033:0x4665e9 [ 2876.289691][T21083] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2876.309303][T21083] RSP: 002b:00007fdb39a02188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2876.317718][T21083] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665e9 [ 2876.325703][T21083] RDX: 00000000fffffdef RSI: 0000000020000480 RDI: 0000000000000003 [ 2876.333677][T21083] RBP: 00007fdb39a021d0 R08: 0000000000000000 R09: 0000000000000000 07:39:27 executing program 3: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xe7) r1 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/mem_sleep', 0x4002, 0x2) syz_genetlink_get_family_id$team(&(0x7f00000000c0), r0) io_uring_register$IORING_REGISTER_EVENTFD_ASYNC(r1, 0x7, &(0x7f0000000dc0)=r0, 0x1) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000100)) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000140)) 07:39:27 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfc030000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 2876.341715][T21083] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2876.349715][T21083] R13: 00007ffca9e2055f R14: 00007fdb39a02300 R15: 0000000000022000 [ 2876.399412][T21077] loop5: detected capacity change from 0 to 264192 [ 2876.417204][T21077] FAT-fs (loop5): invalid media value (0xe1) [ 2876.423231][T21077] FAT-fs (loop5): Can't find a valid FAT filesystem 07:39:27 executing program 4: socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) recvmsg$unix(r0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x2100) 07:39:27 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfc040000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 07:39:27 executing program 3: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xe7) r1 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/mem_sleep', 0x4002, 0x2) syz_genetlink_get_family_id$team(&(0x7f00000000c0), r0) io_uring_register$IORING_REGISTER_EVENTFD_ASYNC(r1, 0x7, &(0x7f0000000dc0)=r0, 0x1) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000100)) 07:39:27 executing program 5: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x0, 0x2, &(0x7f0000000440)=[{0x0, 0x0, 0x100000000}, {&(0x7f0000000400)="b6e4ba5e97a999bfce4e9bf4475031d183cbe1", 0x13, 0x3}], 0x245, &(0x7f0000000000)={[{@fat=@time_offset={'time_offset', 0x3d, 0xfffffffffffffc11}}]}) 07:39:27 executing program 0: syz_open_dev$tty20(0xc, 0x4, 0x0) r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, 0x0, 0xe7) write$nbd(r0, &(0x7f0000000080), 0x10) r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000700), 0x40000, 0x0) recvmsg$unix(r1, &(0x7f0000000b80)={&(0x7f0000000740), 0x6e, 0x0}, 0x0) ioctl$SECCOMP_IOCTL_NOTIF_SEND(r1, 0xc0182101, &(0x7f0000000000)={0x0, 0x401, 0x2}) 07:39:27 executing program 2 (fault-call:1 fault-nth:77): r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xfffffdef) 07:39:27 executing program 3: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xe7) r1 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/mem_sleep', 0x4002, 0x2) syz_genetlink_get_family_id$team(&(0x7f00000000c0), r0) io_uring_register$IORING_REGISTER_EVENTFD_ASYNC(r1, 0x7, &(0x7f0000000dc0)=r0, 0x1) [ 2876.919008][T21122] FAULT_INJECTION: forcing a failure. [ 2876.919008][T21122] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 2876.932263][T21122] CPU: 0 PID: 21122 Comm: syz-executor.2 Not tainted 5.14.0-rc4-syzkaller #0 [ 2876.941021][T21122] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2876.951131][T21122] Call Trace: [ 2876.954403][T21122] dump_stack_lvl+0xb7/0x103 [ 2876.959045][T21122] dump_stack+0x11/0x1a [ 2876.963203][T21122] should_fail+0x23c/0x250 07:39:27 executing program 3: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xe7) openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/mem_sleep', 0x4002, 0x2) syz_genetlink_get_family_id$team(&(0x7f00000000c0), r0) [ 2876.967655][T21122] __alloc_pages+0x102/0x320 [ 2876.972336][T21122] alloc_pages_vma+0x513/0x680 [ 2876.977097][T21122] shmem_getpage_gfp+0x954/0x13d0 [ 2876.982125][T21122] shmem_write_begin+0x7e/0x100 [ 2876.987038][T21122] generic_perform_write+0x196/0x3c0 [ 2876.992356][T21122] ? shmem_write_begin+0x100/0x100 [ 2876.997458][T21122] __generic_file_write_iter+0x161/0x300 [ 2877.003164][T21122] ? generic_write_checks+0x242/0x290 [ 2877.008612][T21122] generic_file_write_iter+0x75/0x130 [ 2877.014065][T21122] vfs_write+0x69d/0x770 [ 2877.018374][T21122] ksys_write+0xce/0x180 [ 2877.022608][T21122] __x64_sys_write+0x3e/0x50 [ 2877.023395][T21124] loop5: detected capacity change from 0 to 264192 [ 2877.027240][T21122] do_syscall_64+0x3d/0x90 [ 2877.027262][T21122] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 2877.043998][T21122] RIP: 0033:0x4665e9 [ 2877.047930][T21122] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 07:39:28 executing program 3: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xe7) openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/mem_sleep', 0x4002, 0x2) 07:39:28 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfd000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 2877.067531][T21122] RSP: 002b:00007fdb39a02188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2877.075946][T21122] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665e9 [ 2877.084017][T21122] RDX: 00000000fffffdef RSI: 0000000020000480 RDI: 0000000000000003 [ 2877.092232][T21122] RBP: 00007fdb39a021d0 R08: 0000000000000000 R09: 0000000000000000 [ 2877.100205][T21122] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2877.108163][T21122] R13: 00007ffca9e2055f R14: 00007fdb39a02300 R15: 0000000000022000 07:39:28 executing program 2 (fault-call:1 fault-nth:78): r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xfffffdef) [ 2877.154308][T21124] FAT-fs (loop5): invalid media value (0xe1) [ 2877.160354][T21124] FAT-fs (loop5): Can't find a valid FAT filesystem 07:39:28 executing program 0: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) r1 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) ioctl$KDSKBMODE(r1, 0x4b45, 0x0) ioctl$KDSETLED(r1, 0x4b32, 0x7a) ioctl$VT_RESIZEX(r1, 0x560a, &(0x7f00000001c0)={0xafa, 0x60d, 0x6, 0x6, 0xa2c5, 0xecb}) r2 = socket(0x5, 0xa, 0x96c7) sendmsg$BATADV_CMD_GET_TRANSTABLE_GLOBAL(r2, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000040)={0x3c, 0x0, 0x410, 0x70bd2c, 0x25dfdbff, {}, [@BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5, 0x2e, 0x1}, @BATADV_ATTR_THROUGHPUT_OVERRIDE={0x8, 0x3b, 0x10001}, @BATADV_ATTR_FRAGMENTATION_ENABLED={0x5, 0x30, 0x1}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5}, @BATADV_ATTR_ORIG_INTERVAL={0x8, 0x39, 0x7}]}, 0x3c}, 0x1, 0x0, 0x0, 0x20004041}, 0x4004000) write$nbd(r0, 0x0, 0xe7) write$nbd(r0, &(0x7f0000000080), 0x10) ioctl$VT_RESIZEX(r0, 0x560a, &(0x7f0000000140)={0x4, 0xd, 0x7ff, 0xff, 0x2, 0x7}) sendmsg$BATADV_CMD_GET_NEIGHBORS(r2, &(0x7f0000000300)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000280)={&(0x7f0000000240)={0x34, 0x0, 0x8, 0x70bd27, 0x25dfdbff, {}, [@BATADV_ATTR_BONDING_ENABLED={0x5}, @BATADV_ATTR_DISTRIBUTED_ARP_TABLE_ENABLED={0x5, 0x2f, 0x1}, @BATADV_ATTR_VLANID={0x6, 0x28, 0x4}, @BATADV_ATTR_GW_MODE={0x5, 0x33, 0x2}]}, 0x34}, 0x1, 0x0, 0x0, 0x800}, 0x1) [ 2877.217644][T21151] FAULT_INJECTION: forcing a failure. [ 2877.217644][T21151] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2877.230848][T21151] CPU: 0 PID: 21151 Comm: syz-executor.2 Not tainted 5.14.0-rc4-syzkaller #0 [ 2877.239612][T21151] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2877.249703][T21151] Call Trace: [ 2877.252973][T21151] dump_stack_lvl+0xb7/0x103 [ 2877.257562][T21151] dump_stack+0x11/0x1a [ 2877.261715][T21151] should_fail+0x23c/0x250 [ 2877.266281][T21151] should_fail_usercopy+0x16/0x20 [ 2877.271318][T21151] copy_page_from_iter_atomic+0x2c1/0xba0 [ 2877.277149][T21151] ? shmem_write_begin+0x7e/0x100 [ 2877.282173][T21151] generic_perform_write+0x1df/0x3c0 [ 2877.287464][T21151] ? shmem_write_begin+0x100/0x100 [ 2877.292581][T21151] __generic_file_write_iter+0x161/0x300 [ 2877.298218][T21151] ? generic_write_checks+0x242/0x290 [ 2877.303590][T21151] generic_file_write_iter+0x75/0x130 [ 2877.308984][T21151] vfs_write+0x69d/0x770 [ 2877.313206][T21151] ksys_write+0xce/0x180 [ 2877.317566][T21151] __x64_sys_write+0x3e/0x50 [ 2877.322161][T21151] do_syscall_64+0x3d/0x90 [ 2877.326564][T21151] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 2877.332518][T21151] RIP: 0033:0x4665e9 [ 2877.336389][T21151] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2877.355994][T21151] RSP: 002b:00007fdb39a02188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2877.364446][T21151] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665e9 [ 2877.372399][T21151] RDX: 00000000fffffdef RSI: 0000000020000480 RDI: 0000000000000003 [ 2877.380351][T21151] RBP: 00007fdb39a021d0 R08: 0000000000000000 R09: 0000000000000000 [ 2877.388386][T21151] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2877.396429][T21151] R13: 00007ffca9e2055f R14: 00007fdb39a02300 R15: 0000000000022000 [ 2877.427160][T21124] loop5: detected capacity change from 0 to 264192 [ 2877.435738][T21124] FAT-fs (loop5): invalid media value (0xe1) [ 2877.441763][T21124] FAT-fs (loop5): Can't find a valid FAT filesystem 07:39:28 executing program 4: socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) recvmsg$unix(r0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x2100) 07:39:28 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfd010000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 07:39:28 executing program 3: openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/mem_sleep', 0x4002, 0x2) 07:39:28 executing program 0: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, 0x0, 0xe7) r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000700), 0x40000, 0x0) recvmsg$unix(r1, &(0x7f0000000b80)={&(0x7f0000000740), 0x6e, 0x0}, 0x0) syz_io_uring_setup(0x2e5d, &(0x7f0000000000)={0x0, 0x4dd4, 0x4, 0x2, 0x387, 0x0, r1}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f00000000c0), &(0x7f0000000100)) write$nbd(r0, &(0x7f0000000080), 0x10) 07:39:28 executing program 5: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x0, 0x2, &(0x7f0000000440)=[{0x0, 0x0, 0x100000000}, {&(0x7f0000000400)="b6e4ba5e97a999bfce4e9bf4475031d183cbe1", 0x13, 0x3}], 0x300, &(0x7f0000000000)={[{@fat=@time_offset={'time_offset', 0x3d, 0xfffffffffffffc11}}]}) 07:39:28 executing program 2 (fault-call:1 fault-nth:79): r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xfffffdef) 07:39:28 executing program 3: openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/mem_sleep', 0x4002, 0x2) [ 2877.827736][T21180] loop5: detected capacity change from 0 to 264192 [ 2877.842292][T21182] FAULT_INJECTION: forcing a failure. [ 2877.842292][T21182] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 2877.855694][T21182] CPU: 0 PID: 21182 Comm: syz-executor.2 Not tainted 5.14.0-rc4-syzkaller #0 [ 2877.864496][T21182] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2877.874554][T21182] Call Trace: 07:39:28 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfd020000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 2877.877838][T21182] dump_stack_lvl+0xb7/0x103 [ 2877.882486][T21182] dump_stack+0x11/0x1a [ 2877.886665][T21182] should_fail+0x23c/0x250 [ 2877.891146][T21182] __alloc_pages+0x102/0x320 [ 2877.895740][T21182] alloc_pages_vma+0x513/0x680 [ 2877.900535][T21182] shmem_getpage_gfp+0x954/0x13d0 [ 2877.905565][T21182] shmem_write_begin+0x7e/0x100 [ 2877.910420][T21182] generic_perform_write+0x196/0x3c0 [ 2877.915215][T21180] FAT-fs (loop5): invalid media value (0xe1) [ 2877.915747][T21182] ? shmem_write_begin+0x100/0x100 07:39:28 executing program 3: openat$sysfs(0xffffffffffffff9c, 0x0, 0x4002, 0x2) [ 2877.921749][T21180] FAT-fs (loop5): Can't find a valid FAT filesystem [ 2877.926810][T21182] __generic_file_write_iter+0x161/0x300 [ 2877.939009][T21182] ? generic_write_checks+0x242/0x290 [ 2877.944394][T21182] generic_file_write_iter+0x75/0x130 [ 2877.949793][T21182] vfs_write+0x69d/0x770 [ 2877.954037][T21182] ksys_write+0xce/0x180 [ 2877.958279][T21182] __x64_sys_write+0x3e/0x50 [ 2877.962924][T21182] do_syscall_64+0x3d/0x90 [ 2877.967362][T21182] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 2877.973250][T21182] RIP: 0033:0x4665e9 07:39:28 executing program 0: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, 0x0, 0xe7) r1 = openat$cgroup_devices(r0, &(0x7f0000000000)='devices.deny\x00', 0x2, 0x0) write$nbd(r0, &(0x7f0000000080), 0x10) r2 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000700), 0x40000, 0x0) recvmsg$unix(r2, &(0x7f00000000c0)={&(0x7f0000000740), 0x6e, 0x0}, 0x0) ioctl$TIOCSTI(r2, 0x5412, &(0x7f0000000140)=0xda) openat$cgroup_devices(r2, &(0x7f0000000040)='devices.allow\x00', 0x2, 0x0) write$cgroup_devices(r1, &(0x7f0000000100)={'c', ' *:* ', 'rm\x00'}, 0x9) 07:39:28 executing program 3: openat$sysfs(0xffffffffffffff9c, 0x0, 0x4002, 0x2) [ 2877.977138][T21182] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2877.996784][T21182] RSP: 002b:00007fdb39a02188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2878.005199][T21182] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665e9 [ 2878.013180][T21182] RDX: 00000000fffffdef RSI: 0000000020000480 RDI: 0000000000000003 [ 2878.021153][T21182] RBP: 00007fdb39a021d0 R08: 0000000000000000 R09: 0000000000000000 [ 2878.029144][T21182] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2878.037112][T21182] R13: 00007ffca9e2055f R14: 00007fdb39a02300 R15: 0000000000022000 07:39:28 executing program 0: socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_RESET(0xffffffffffffffff, 0x2403, 0x1f) write$nbd(r0, 0x0, 0xe7) write$nbd(r0, &(0x7f0000000100)={0x67446698, 0x0, 0x0, 0x0, 0x2, "8350fc3f8ed80c093b8c8aad8caf50426263fd9cefbda5edcc9463223468f9124c556fedc803aea3f04c54a841c4cf5b8275e55b6533029a665e417afd86565d486d759ef7afd24938c7a9085521b2a9ee32c0f08bb6c2a3e89f504812d365e7486a8cb3c0c533676f5001edd95546ed42a6834f8fd46b91d37f1252f09ca29cbaaffaede2a2773dee8c62b7055f50df99e99d17105e24608adbc57c14634f83c49d9e0e81f5c640ec992da2e7b8c9992ca9a7bbadd01b19c59f91ccdf84d3714409275fa973c1cd68d25f6f6b0cfa7410cc03ca681297fa5b56850159ab6b0deddb384aa920161823839c381332b5fc18779b9afc9d6bfbd6a4b2ddc5"}, 0x10d) r1 = socket(0x9, 0x2, 0x1) r2 = pidfd_getfd(0xffffffffffffffff, r0, 0x0) write$nbd(r1, &(0x7f0000000240)={0x67446698, 0x0, 0x0, 0x0, 0x800}, 0x10) ioctl$TIOCSSOFTCAR(r2, 0x541a, &(0x7f00000000c0)=0x1) r3 = pidfd_getfd(0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_genetlink_get_family_id$batadv(&(0x7f0000000000), r3) [ 2878.076125][T21180] loop5: detected capacity change from 0 to 264192 [ 2878.092442][T21180] FAT-fs (loop5): invalid media value (0xe1) [ 2878.098526][T21180] FAT-fs (loop5): Can't find a valid FAT filesystem 07:39:29 executing program 4: socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) recvmsg$unix(r0, &(0x7f0000000200)={&(0x7f0000000280), 0x87, 0x0, 0x0, 0x0, 0x52}, 0x0) 07:39:29 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfd030000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 07:39:29 executing program 2 (fault-call:1 fault-nth:80): r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xfffffdef) 07:39:29 executing program 3: openat$sysfs(0xffffffffffffff9c, 0x0, 0x4002, 0x2) 07:39:29 executing program 5: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x0, 0x2, &(0x7f0000000440)=[{0x0, 0x0, 0x100000000}, {&(0x7f0000000400)="b6e4ba5e97a999bfce4e9bf4475031d183cbe1", 0x13, 0x3}], 0x384, &(0x7f0000000000)={[{@fat=@time_offset={'time_offset', 0x3d, 0xfffffffffffffc11}}]}) 07:39:29 executing program 0: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, 0x0, 0xe7) r1 = syz_genetlink_get_family_id$batadv(&(0x7f0000000040), r0) sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000100)={&(0x7f0000000280)={0x54, r1, 0x100, 0x70bd29, 0x25dfdbfb, {}, [@BATADV_ATTR_GW_MODE={0x5, 0x33, 0x2}, @BATADV_ATTR_MESH_IFINDEX={0x8}, @BATADV_ATTR_ORIG_INTERVAL={0x8, 0x39, 0x7ff}, @BATADV_ATTR_MESH_IFINDEX={0x8}, @BATADV_ATTR_BONDING_ENABLED={0x5}, @BATADV_ATTR_AGGREGATED_OGMS_ENABLED={0x5}, @BATADV_ATTR_HOP_PENALTY={0x5, 0x35, 0x3f}, @BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5, 0x2e, 0x1}]}, 0x54}, 0x1, 0x0, 0x0, 0x8000}, 0x0) write$nbd(r0, &(0x7f0000000080), 0x10) ioctl$sock_ipv6_tunnel_SIOCCHGPRL(r0, 0x89f7, &(0x7f0000000240)={'sit0\x00', &(0x7f00000001c0)={'syztnl1\x00', 0x0, 0x2d, 0x4, 0x80, 0x4, 0x2, @private1={0xfc, 0x1, '\x00', 0x1}, @loopback, 0x7, 0x1, 0x8ed6, 0x2}}) [ 2878.692826][T21231] FAULT_INJECTION: forcing a failure. [ 2878.692826][T21231] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2878.705978][T21231] CPU: 0 PID: 21231 Comm: syz-executor.2 Not tainted 5.14.0-rc4-syzkaller #0 [ 2878.714741][T21231] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2878.718278][T21233] loop5: detected capacity change from 0 to 264192 [ 2878.724792][T21231] Call Trace: [ 2878.724802][T21231] dump_stack_lvl+0xb7/0x103 07:39:29 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfd040000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 07:39:29 executing program 3: openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/mem_sleep', 0x0, 0x2) [ 2878.739168][T21231] dump_stack+0x11/0x1a [ 2878.743390][T21231] should_fail+0x23c/0x250 [ 2878.746572][T21233] FAT-fs (loop5): invalid media value (0xe1) [ 2878.747804][T21231] should_fail_usercopy+0x16/0x20 [ 2878.753800][T21233] FAT-fs (loop5): Can't find a valid FAT filesystem [ 2878.758772][T21231] copy_page_from_iter_atomic+0x2c1/0xba0 [ 2878.758800][T21231] ? shmem_write_begin+0x7e/0x100 [ 2878.776139][T21231] generic_perform_write+0x1df/0x3c0 [ 2878.781424][T21231] ? shmem_write_begin+0x100/0x100 [ 2878.786530][T21231] __generic_file_write_iter+0x161/0x300 07:39:29 executing program 4: socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) recvmsg$unix(r0, &(0x7f0000000200)={&(0x7f0000000280), 0x87, 0x0, 0x0, 0x0, 0x52}, 0x0) 07:39:29 executing program 0: ioctl$SNDRV_SEQ_IOCTL_GET_NAMED_QUEUE(0xffffffffffffffff, 0xc08c5336, &(0x7f00000000c0)={0x0, 0x9, 0x0, 'queue1\x00', 0x1ff}) r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, 0x0, 0xe7) write$nbd(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="674466980000000000000000b75b0400"], 0x10) [ 2878.792162][T21231] ? generic_write_checks+0x242/0x290 [ 2878.797568][T21231] generic_file_write_iter+0x75/0x130 [ 2878.802968][T21231] vfs_write+0x69d/0x770 [ 2878.807210][T21231] ksys_write+0xce/0x180 [ 2878.811479][T21231] __x64_sys_write+0x3e/0x50 [ 2878.816061][T21231] do_syscall_64+0x3d/0x90 [ 2878.820475][T21231] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 2878.826366][T21231] RIP: 0033:0x4665e9 [ 2878.830250][T21231] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2878.849890][T21231] RSP: 002b:00007fdb39a02188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2878.858299][T21231] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665e9 [ 2878.866316][T21231] RDX: 00000000fffffdef RSI: 0000000020000480 RDI: 0000000000000003 [ 2878.874281][T21231] RBP: 00007fdb39a021d0 R08: 0000000000000000 R09: 0000000000000000 [ 2878.882248][T21231] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 07:39:29 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfe000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 07:39:29 executing program 3: openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/mem_sleep', 0x0, 0x2) [ 2878.890218][T21231] R13: 00007ffca9e2055f R14: 00007fdb39a02300 R15: 0000000000022000 07:39:29 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfe010000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 07:39:29 executing program 3: openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/mem_sleep', 0x0, 0x2) [ 2878.941799][T21233] loop5: detected capacity change from 0 to 264192 [ 2878.953133][T21233] FAT-fs (loop5): invalid media value (0xe1) [ 2878.959165][T21233] FAT-fs (loop5): Can't find a valid FAT filesystem 07:39:30 executing program 2 (fault-call:1 fault-nth:81): r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xfffffdef) 07:39:30 executing program 5: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x0, 0x2, &(0x7f0000000440)=[{0x0, 0x0, 0x100000000}, {&(0x7f0000000400)="b6e4ba5e97a999bfce4e9bf4475031d183cbe1", 0x13, 0x3}], 0x402, &(0x7f0000000000)={[{@fat=@time_offset={'time_offset', 0x3d, 0xfffffffffffffc11}}]}) 07:39:30 executing program 0: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, 0x0, 0xe7) write$nbd(r0, &(0x7f0000000080), 0x10) r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000700), 0x40000, 0x0) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r0, 0xc0502100, &(0x7f00000007c0)) recvmsg$unix(r1, &(0x7f0000000b80)={&(0x7f0000000740), 0x6e, 0x0}, 0x0) recvmsg$unix(r1, &(0x7f00000006c0)={&(0x7f0000000000)=@abs, 0x6e, &(0x7f00000005c0)=[{&(0x7f00000000c0)=""/76, 0x4c}, {&(0x7f00000001c0)=""/188, 0xbc}, {&(0x7f0000000280)=""/151, 0x97}, {&(0x7f0000000340)=""/237, 0xed}, {&(0x7f0000000140)=""/33, 0x21}, {&(0x7f0000000440)=""/121, 0x79}, {&(0x7f00000004c0)=""/200, 0xc8}], 0x7, &(0x7f0000000640)=[@cred={{0x1c}}, @cred={{0x1c}}, @rights={{0x28, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}], 0x68}, 0x1c1) 07:39:30 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfe020000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 07:39:30 executing program 3: openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/mem_sleep', 0x4002, 0x0) [ 2879.164285][T21284] loop5: detected capacity change from 0 to 264192 [ 2879.175119][T21284] FAT-fs (loop5): invalid media value (0xe1) [ 2879.181173][T21284] FAT-fs (loop5): Can't find a valid FAT filesystem [ 2879.191239][T21290] FAULT_INJECTION: forcing a failure. [ 2879.191239][T21290] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 2879.204510][T21290] CPU: 0 PID: 21290 Comm: syz-executor.2 Not tainted 5.14.0-rc4-syzkaller #0 07:39:30 executing program 5: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x0, 0x2, &(0x7f0000000440)=[{0x0, 0x0, 0x100000000}, {&(0x7f0000000400)="b6e4ba5e97a999bfce4e9bf4475031d183cbe1", 0x13, 0x3}], 0x406, &(0x7f0000000000)={[{@fat=@time_offset={'time_offset', 0x3d, 0xfffffffffffffc11}}]}) [ 2879.213295][T21290] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2879.223344][T21290] Call Trace: [ 2879.226636][T21290] dump_stack_lvl+0xb7/0x103 [ 2879.231235][T21290] dump_stack+0x11/0x1a [ 2879.235392][T21290] should_fail+0x23c/0x250 [ 2879.239825][T21290] __alloc_pages+0x102/0x320 [ 2879.244413][T21290] alloc_pages_vma+0x513/0x680 [ 2879.249185][T21290] shmem_getpage_gfp+0x954/0x13d0 [ 2879.254300][T21290] shmem_write_begin+0x7e/0x100 [ 2879.259153][T21290] generic_perform_write+0x196/0x3c0 [ 2879.264491][T21290] ? shmem_write_begin+0x100/0x100 [ 2879.269592][T21290] __generic_file_write_iter+0x161/0x300 [ 2879.275286][T21290] ? generic_write_checks+0x242/0x290 [ 2879.280662][T21290] generic_file_write_iter+0x75/0x130 [ 2879.286076][T21290] vfs_write+0x69d/0x770 [ 2879.290315][T21290] ksys_write+0xce/0x180 [ 2879.294549][T21290] __x64_sys_write+0x3e/0x50 [ 2879.299126][T21290] do_syscall_64+0x3d/0x90 [ 2879.303536][T21290] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 2879.309416][T21290] RIP: 0033:0x4665e9 [ 2879.313304][T21290] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2879.332902][T21290] RSP: 002b:00007fdb39a02188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2879.341373][T21290] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665e9 [ 2879.349382][T21290] RDX: 00000000fffffdef RSI: 0000000020000480 RDI: 0000000000000003 [ 2879.357334][T21290] RBP: 00007fdb39a021d0 R08: 0000000000000000 R09: 0000000000000000 [ 2879.365284][T21290] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2879.373236][T21290] R13: 00007ffca9e2055f R14: 00007fdb39a02300 R15: 0000000000022000 [ 2879.414198][T21299] loop5: detected capacity change from 0 to 264192 [ 2879.423455][T21299] FAT-fs (loop5): invalid media value (0xe1) [ 2879.429489][T21299] FAT-fs (loop5): Can't find a valid FAT filesystem 07:39:30 executing program 5: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x0, 0x2, &(0x7f0000000440)=[{0x0, 0x0, 0x100000000}, {&(0x7f0000000400)="b6e4ba5e97a999bfce4e9bf4475031d183cbe1", 0x13, 0x3}], 0x410, &(0x7f0000000000)={[{@fat=@time_offset={'time_offset', 0x3d, 0xfffffffffffffc11}}]}) 07:39:30 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfe030000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 07:39:30 executing program 3: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000040), 0x14000, 0x0) write$nbd(r0, 0x0, 0xe7) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$IPCTNL_MSG_TIMEOUT_NEW(r0, &(0x7f0000000180)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x1c, 0x0, 0x8, 0x101, 0x0, 0x0, {}, [@CTA_TIMEOUT_L4PROTO={0x5, 0x3, 0x6}]}, 0x1c}, 0x1, 0x0, 0x0, 0x8088}, 0x4000050) write$nbd(r1, &(0x7f0000000080)={0x67446698, 0x0, 0xffff}, 0xfec3) 07:39:30 executing program 0: r0 = syz_io_uring_setup(0x0, 0x0, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffd000/0x3000)=nil, 0x0, 0x0) syz_io_uring_setup(0x62e3, &(0x7f0000000540)={0x0, 0x1315, 0x0, 0x3, 0x18b}, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, 0x0, 0x0) r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r1, 0x0, 0xe7) r2 = pidfd_getfd(r1, r0, 0x0) ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(r2, 0x80045301, &(0x7f0000000000)) r3 = io_uring_setup(0x74a1, &(0x7f0000000040)={0x0, 0xe6e5, 0x4, 0x2, 0x248}) io_uring_setup(0x61b2, &(0x7f00000000c0)={0x0, 0x7936, 0x20, 0x2, 0x363, 0x0, r3}) 07:39:30 executing program 2 (fault-call:1 fault-nth:82): r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xfffffdef) 07:39:30 executing program 4: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, 0x0, 0xe7) write$nbd(r0, &(0x7f0000000080), 0x20000090) [ 2879.795903][T21315] loop5: detected capacity change from 0 to 264192 [ 2879.798787][T21314] FAULT_INJECTION: forcing a failure. [ 2879.798787][T21314] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2879.815596][T21314] CPU: 0 PID: 21314 Comm: syz-executor.2 Not tainted 5.14.0-rc4-syzkaller #0 [ 2879.824390][T21314] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2879.834438][T21314] Call Trace: [ 2879.837740][T21314] dump_stack_lvl+0xb7/0x103 07:39:30 executing program 0: waitid(0x1, 0xffffffffffffffff, &(0x7f00000000c0), 0x8, &(0x7f00000001c0)) r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, 0x0, 0xe7) write$nbd(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="6744a68b66f7c265f65dec6698000000"], 0x10) syz_genetlink_get_family_id$batadv(&(0x7f0000000000), r0) r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000140), 0x46200, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r0, 0x2405, r1) r2 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) ioctl$KDSKBMODE(r2, 0x4b45, 0x0) ioctl$TIOCSTI(r2, 0x5412, &(0x7f0000000280)=0x40) setsockopt$netlink_NETLINK_DROP_MEMBERSHIP(r0, 0x10e, 0x2, &(0x7f0000000040)=0x1d, 0x4) [ 2879.842325][T21314] dump_stack+0x11/0x1a [ 2879.846471][T21314] should_fail+0x23c/0x250 [ 2879.850958][T21314] should_fail_usercopy+0x16/0x20 [ 2879.856081][T21314] copy_page_from_iter_atomic+0x2c1/0xba0 [ 2879.861804][T21314] ? shmem_write_begin+0x7e/0x100 [ 2879.866910][T21314] generic_perform_write+0x1df/0x3c0 [ 2879.872237][T21314] ? shmem_write_begin+0x100/0x100 [ 2879.877428][T21314] __generic_file_write_iter+0x161/0x300 [ 2879.883054][T21314] ? generic_write_checks+0x242/0x290 [ 2879.888422][T21314] generic_file_write_iter+0x75/0x130 [ 2879.889459][T21315] FAT-fs (loop5): invalid media value (0xe1) [ 2879.893812][T21314] vfs_write+0x69d/0x770 [ 2879.893834][T21314] ksys_write+0xce/0x180 [ 2879.899927][T21315] FAT-fs (loop5): Can't find a valid FAT filesystem [ 2879.904113][T21314] __x64_sys_write+0x3e/0x50 [ 2879.919501][T21314] do_syscall_64+0x3d/0x90 [ 2879.923927][T21314] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 2879.929813][T21314] RIP: 0033:0x4665e9 07:39:30 executing program 3: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000040), 0x14000, 0x0) write$nbd(r0, 0x0, 0xe7) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$IPCTNL_MSG_TIMEOUT_NEW(r0, &(0x7f0000000180)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x1c, 0x0, 0x8, 0x101, 0x0, 0x0, {}, [@CTA_TIMEOUT_L4PROTO={0x5, 0x3, 0x6}]}, 0x1c}, 0x1, 0x0, 0x0, 0x8088}, 0x4000050) write$nbd(r1, &(0x7f0000000080)={0x67446698, 0x0, 0xffff}, 0xfec3) [ 2879.933696][T21314] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2879.953399][T21314] RSP: 002b:00007fdb39a02188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2879.961893][T21314] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665e9 [ 2879.969861][T21314] RDX: 00000000fffffdef RSI: 0000000020000480 RDI: 0000000000000003 [ 2879.977829][T21314] RBP: 00007fdb39a021d0 R08: 0000000000000000 R09: 0000000000000000 [ 2879.985799][T21314] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 07:39:30 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfe040000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 2879.993804][T21314] R13: 00007ffca9e2055f R14: 00007fdb39a02300 R15: 0000000000022000 07:39:30 executing program 0: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, 0x0, 0xe7) ioctl$KDGKBMETA(0xffffffffffffffff, 0x4b62, &(0x7f0000000040)) r1 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) ioctl$KDSKBMODE(r1, 0x4b45, 0x0) r2 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000700), 0x40000, 0x0) recvmsg$unix(r2, &(0x7f0000000b80)={&(0x7f0000000740), 0x6e, 0x0}, 0x0) write$nbd(r2, &(0x7f0000000000)=ANY=[@ANYRES16=r1, @ANYRES16=r0], 0x10) [ 2880.031951][T21315] loop5: detected capacity change from 0 to 264192 [ 2880.044617][T21315] FAT-fs (loop5): invalid media value (0xe1) [ 2880.050688][T21315] FAT-fs (loop5): Can't find a valid FAT filesystem 07:39:31 executing program 3: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000040), 0x14000, 0x0) write$nbd(r0, 0x0, 0xe7) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$IPCTNL_MSG_TIMEOUT_NEW(r0, &(0x7f0000000180)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x1c, 0x0, 0x8, 0x101, 0x0, 0x0, {}, [@CTA_TIMEOUT_L4PROTO={0x5, 0x3, 0x6}]}, 0x1c}, 0x1, 0x0, 0x0, 0x8088}, 0x4000050) write$nbd(r1, &(0x7f0000000080)={0x67446698, 0x0, 0xffff}, 0xfec3) 07:39:31 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 07:39:31 executing program 5: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x0, 0x2, &(0x7f0000000440)=[{0x0, 0x0, 0x100000000}, {&(0x7f0000000400)="b6e4ba5e97a999bfce4e9bf4475031d183cbe1", 0x13, 0x3}], 0x411, &(0x7f0000000000)={[{@fat=@time_offset={'time_offset', 0x3d, 0xfffffffffffffc11}}]}) 07:39:31 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff010000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 07:39:31 executing program 0: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, 0x0, 0xe7) ioctl$SNDRV_SEQ_IOCTL_GET_PORT_INFO(r0, 0xc0a85322, &(0x7f00000001c0)) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)) write$nbd(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="6744448e0000000000000092fb0f6d857c2a2472afb9b54646c7b1be783e"], 0x10) eventfd(0x81) pipe(&(0x7f0000000040)) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000080)) 07:39:31 executing program 3: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000040), 0x14000, 0x0) write$nbd(r0, 0x0, 0xe7) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) write$nbd(r1, &(0x7f0000000080)={0x67446698, 0x0, 0xffff}, 0xfec3) [ 2880.175430][T21350] loop5: detected capacity change from 0 to 264192 [ 2880.206897][T21350] FAT-fs (loop5): invalid media value (0xe1) [ 2880.212919][T21350] FAT-fs (loop5): Can't find a valid FAT filesystem 07:39:31 executing program 2 (fault-call:1 fault-nth:83): r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xfffffdef) 07:39:31 executing program 0: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, 0x0, 0xe7) write$nbd(r0, &(0x7f00000001c0)=ANY=[@ANYBLOB="670000000004000000000000000000009e885b1a459723655d1d5affa8109c3895d8ffe62f9b4344db814c07661d4bb8470c5a1727cf887078924b77f3d286095444c7534e00000000000085d68f43770000000000000000007b47941c88c63b1cb08d5194f6bf2bed6814a16574073f869bd9557bf417f30bd01910c792b9c94877d8d3db650d96802d05d7e5e6f042bc93cabee6c6a4011756386c21214ff80c7048b74f787c"], 0x10) 07:39:31 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff020000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 07:39:31 executing program 3: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000040), 0x14000, 0x0) write$nbd(r0, 0x0, 0xe7) write$nbd(0xffffffffffffffff, &(0x7f0000000080)={0x67446698, 0x0, 0xffff}, 0xfec3) 07:39:31 executing program 4: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, 0x0, 0xe7) write$nbd(r0, &(0x7f0000000080), 0x20000090) [ 2880.314552][T21350] loop5: detected capacity change from 0 to 264192 [ 2880.338337][T21350] FAT-fs (loop5): invalid media value (0xe1) [ 2880.344346][T21350] FAT-fs (loop5): Can't find a valid FAT filesystem 07:39:31 executing program 3: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000040), 0x14000, 0x0) write$nbd(r0, 0x0, 0xe7) write$nbd(0xffffffffffffffff, &(0x7f0000000080)={0x67446698, 0x0, 0xffff}, 0xfec3) [ 2880.421189][T21382] FAULT_INJECTION: forcing a failure. [ 2880.421189][T21382] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 2880.434435][T21382] CPU: 0 PID: 21382 Comm: syz-executor.2 Not tainted 5.14.0-rc4-syzkaller #0 [ 2880.443194][T21382] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2880.453240][T21382] Call Trace: [ 2880.456563][T21382] dump_stack_lvl+0xb7/0x103 [ 2880.461150][T21382] dump_stack+0x11/0x1a [ 2880.465296][T21382] should_fail+0x23c/0x250 07:39:31 executing program 5: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x0, 0x2, &(0x7f0000000440)=[{0x0, 0x0, 0x100000000}, {&(0x7f0000000400)="b6e4ba5e97a999bfce4e9bf4475031d183cbe1", 0x13, 0x3}], 0x412, &(0x7f0000000000)={[{@fat=@time_offset={'time_offset', 0x3d, 0xfffffffffffffc11}}]}) [ 2880.469794][T21382] __alloc_pages+0x102/0x320 [ 2880.474416][T21382] alloc_pages_vma+0x513/0x680 [ 2880.479213][T21382] shmem_getpage_gfp+0x954/0x13d0 [ 2880.484310][T21382] shmem_write_begin+0x7e/0x100 [ 2880.489149][T21382] generic_perform_write+0x196/0x3c0 [ 2880.494478][T21382] ? shmem_write_begin+0x100/0x100 [ 2880.499580][T21382] __generic_file_write_iter+0x161/0x300 [ 2880.505203][T21382] ? generic_write_checks+0x242/0x290 [ 2880.510656][T21382] generic_file_write_iter+0x75/0x130 [ 2880.516026][T21382] vfs_write+0x69d/0x770 07:39:31 executing program 3: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000040), 0x14000, 0x0) write$nbd(r0, 0x0, 0xe7) write$nbd(0xffffffffffffffff, &(0x7f0000000080)={0x67446698, 0x0, 0xffff}, 0xfec3) [ 2880.520312][T21382] ksys_write+0xce/0x180 [ 2880.524545][T21382] __x64_sys_write+0x3e/0x50 [ 2880.529125][T21382] do_syscall_64+0x3d/0x90 [ 2880.533582][T21382] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 2880.539562][T21382] RIP: 0033:0x4665e9 [ 2880.543439][T21382] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2880.563044][T21382] RSP: 002b:00007fdb39a02188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 07:39:31 executing program 3: openat$bsg(0xffffffffffffff9c, &(0x7f0000000040), 0x14000, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) write$nbd(r0, &(0x7f0000000080)={0x67446698, 0x0, 0xffff}, 0xfec3) 07:39:31 executing program 0: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) r1 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) ioctl$KDSKBMODE(r1, 0x4b45, 0x0) ioctl$TIOCL_GETMOUSEREPORTING(r1, 0x541c, &(0x7f0000000000)) ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, &(0x7f0000000040)) write$nbd(r0, 0x0, 0xe7) write$nbd(r0, &(0x7f0000000080), 0x10) [ 2880.571454][T21382] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665e9 [ 2880.579437][T21382] RDX: 00000000fffffdef RSI: 0000000020000480 RDI: 0000000000000003 [ 2880.587402][T21382] RBP: 00007fdb39a021d0 R08: 0000000000000000 R09: 0000000000000000 [ 2880.595365][T21382] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2880.603368][T21382] R13: 00007ffca9e2055f R14: 00007fdb39a02300 R15: 0000000000022000 07:39:31 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff030000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 07:39:31 executing program 3: socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) write$nbd(r0, &(0x7f0000000080)={0x67446698, 0x0, 0xffff}, 0xfec3) 07:39:31 executing program 2 (fault-call:1 fault-nth:84): r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xfffffdef) [ 2880.688067][T21400] loop5: detected capacity change from 0 to 264192 07:39:31 executing program 3: socketpair$nbd(0x1, 0x1, 0x0, 0x0) write$nbd(0xffffffffffffffff, &(0x7f0000000080)={0x67446698, 0x0, 0xffff}, 0xfec3) [ 2880.748038][T21400] FAT-fs (loop5): invalid media value (0xe1) [ 2880.754075][T21400] FAT-fs (loop5): Can't find a valid FAT filesystem [ 2880.768640][T21412] FAULT_INJECTION: forcing a failure. [ 2880.768640][T21412] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2880.781731][T21412] CPU: 1 PID: 21412 Comm: syz-executor.2 Not tainted 5.14.0-rc4-syzkaller #0 [ 2880.790489][T21412] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2880.800533][T21412] Call Trace: [ 2880.803918][T21412] dump_stack_lvl+0xb7/0x103 [ 2880.808500][T21412] dump_stack+0x11/0x1a [ 2880.812690][T21412] should_fail+0x23c/0x250 [ 2880.817108][T21412] should_fail_usercopy+0x16/0x20 [ 2880.822131][T21412] copy_page_from_iter_atomic+0x2c1/0xba0 [ 2880.827985][T21412] ? shmem_write_begin+0x7e/0x100 [ 2880.833007][T21412] generic_perform_write+0x1df/0x3c0 [ 2880.838313][T21412] ? shmem_write_begin+0x100/0x100 07:39:31 executing program 0: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, 0x0, 0xe7) r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000700), 0x40000, 0x0) recvmsg$unix(r1, &(0x7f0000000b80)={&(0x7f0000000740), 0x6e, 0x0}, 0x0) write$nbd(r0, &(0x7f00000000c0)={0x67446698, 0x1, 0x4, 0x0, 0x1, "2b0000010000000000aa0760160d0eba26bdd64493b560f048ba0700000000000000e9af2b62b3df9a838b96888d93de3bd5f34afa38717a4bb4c0aa02361ef85d152f6542ea66a01b61cf8b9c1d2ea0d7854dea03b7ad5969e8b1bc8ebae2944907acfc008005d97742f132e4476a931b89c8617edbdba5847db91e527b0afa9c48085c7ea3e1c8bb0000001500000000"}, 0xa1) 07:39:31 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff040000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 07:39:31 executing program 4: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, 0x0, 0xe7) write$nbd(r0, &(0x7f0000000080), 0x20000090) 07:39:31 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 2880.843464][T21412] __generic_file_write_iter+0x161/0x300 [ 2880.849160][T21412] ? generic_write_checks+0x242/0x290 [ 2880.854522][T21412] generic_file_write_iter+0x75/0x130 [ 2880.859914][T21412] vfs_write+0x69d/0x770 [ 2880.864229][T21412] ksys_write+0xce/0x180 [ 2880.868471][T21412] __x64_sys_write+0x3e/0x50 [ 2880.873054][T21412] do_syscall_64+0x3d/0x90 [ 2880.877471][T21412] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 2880.883363][T21412] RIP: 0033:0x4665e9 [ 2880.887246][T21412] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2880.906878][T21412] RSP: 002b:00007fdb39a02188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2880.915287][T21412] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665e9 [ 2880.923250][T21412] RDX: 00000000fffffdef RSI: 0000000020000480 RDI: 0000000000000003 [ 2880.931239][T21412] RBP: 00007fdb39a021d0 R08: 0000000000000000 R09: 0000000000000000 [ 2880.939214][T21412] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 07:39:31 executing program 5: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x0, 0x2, &(0x7f0000000440)=[{0x0, 0x0, 0x100000000}, {&(0x7f0000000400)="b6e4ba5e97a999bfce4e9bf4475031d183cbe1", 0x13, 0x3}], 0x413, &(0x7f0000000000)={[{@fat=@time_offset={'time_offset', 0x3d, 0xfffffffffffffc11}}]}) 07:39:31 executing program 3: socketpair$nbd(0x1, 0x1, 0x0, 0x0) write$nbd(0xffffffffffffffff, &(0x7f0000000080)={0x67446698, 0x0, 0xffff}, 0xfec3) 07:39:31 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 07:39:31 executing program 0: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, 0x0, 0xe7) write$nbd(r0, &(0x7f00000001c0)=ANY=[@ANYBLOB="67446698000000000000000000000000b6271fd559fd6b3790942548d8c577ef3f38b61c432d81c252912d4e42d5928f6548e2f13ffc85826e55c5ba760ca917a11919188c1ce75f99ece4549aec6e39ab0b79cc0b30057ee5b5ffe7fe5b5ee8b95e75a3357fe2a58656a87cefcc430faef33912299ebe8c18258d0de144363a54f16a7892489860db00"/151], 0x10) [ 2880.947256][T21412] R13: 00007ffca9e2055f R14: 00007fdb39a02300 R15: 0000000000022000 07:39:31 executing program 3: socketpair$nbd(0x1, 0x1, 0x0, 0x0) write$nbd(0xffffffffffffffff, &(0x7f0000000080)={0x67446698, 0x0, 0xffff}, 0xfec3) 07:39:31 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000001000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 2881.052558][T21440] loop5: detected capacity change from 0 to 264192 [ 2881.092595][T21440] FAT-fs (loop5): invalid media value (0xe1) [ 2881.098702][T21440] FAT-fs (loop5): Can't find a valid FAT filesystem 07:39:32 executing program 2 (fault-call:1 fault-nth:85): r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xfffffdef) 07:39:32 executing program 0: ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(0xffffffffffffffff, 0x4040534e, &(0x7f0000000040)={0x5d, @time={0x6, 0x9f4}, 0xff, {0x8, 0x7f}, 0x3, 0x0, 0x4}) r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0xd0501, 0x0) r1 = openat$nvram(0xffffffffffffff9c, &(0x7f00000000c0), 0x62c02, 0x0) ioctl$SNDRV_SEQ_IOCTL_SUBSCRIBE_PORT(r1, 0x40505330, &(0x7f0000000100)={{0x0, 0x8}, {0x40, 0x7f}, 0x7f, 0x8, 0xc1}) r2 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000700), 0x40000, 0x0) recvmsg$unix(r2, &(0x7f0000000b80)={&(0x7f0000000740), 0x6e, 0x0}, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r2, 0xc0a85320, &(0x7f0000000180)={{0x2, 0x6}, 'port1\x00', 0x11, 0xc02, 0x4, 0xfffffc01, 0x1, 0x1, 0x3, 0x0, 0x4, 0x8}) write$nbd(r0, 0x0, 0xe7) write$nbd(r0, &(0x7f0000000080), 0x10) 07:39:32 executing program 3: socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)) write$nbd(0xffffffffffffffff, &(0x7f0000000080)={0x67446698, 0x0, 0xffff}, 0xfec3) 07:39:32 executing program 5: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x0, 0x2, &(0x7f0000000440)=[{0x0, 0x0, 0x100000000}, {&(0x7f0000000400)="b6e4ba5e97a999bfce4e9bf4475031d183cbe1", 0x13, 0x3}], 0x414, &(0x7f0000000000)={[{@fat=@time_offset={'time_offset', 0x3d, 0xfffffffffffffc11}}]}) 07:39:32 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 07:39:32 executing program 4: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000080), 0x20000090) [ 2881.285464][T21463] FAULT_INJECTION: forcing a failure. [ 2881.285464][T21463] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 2881.298788][T21463] CPU: 1 PID: 21463 Comm: syz-executor.2 Not tainted 5.14.0-rc4-syzkaller #0 [ 2881.307546][T21463] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2881.317652][T21463] Call Trace: [ 2881.320958][T21463] dump_stack_lvl+0xb7/0x103 [ 2881.325551][T21463] dump_stack+0x11/0x1a [ 2881.329742][T21463] should_fail+0x23c/0x250 07:39:32 executing program 0: syz_open_dev$tty20(0xc, 0x4, 0x1) r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, 0x0, 0xe7) write$nbd(r0, &(0x7f0000000080), 0x10) 07:39:32 executing program 3: socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)) write$nbd(0xffffffffffffffff, &(0x7f0000000080)={0x67446698, 0x0, 0xffff}, 0xfec3) [ 2881.334161][T21463] __alloc_pages+0x102/0x320 [ 2881.338747][T21463] alloc_pages_vma+0x513/0x680 [ 2881.343511][T21463] shmem_getpage_gfp+0x954/0x13d0 [ 2881.348534][T21463] shmem_write_begin+0x7e/0x100 [ 2881.353450][T21463] generic_perform_write+0x196/0x3c0 [ 2881.358737][T21463] ? shmem_write_begin+0x100/0x100 [ 2881.363841][T21463] __generic_file_write_iter+0x161/0x300 [ 2881.369632][T21463] ? generic_write_checks+0x242/0x290 [ 2881.375005][T21463] generic_file_write_iter+0x75/0x130 [ 2881.380389][T21463] vfs_write+0x69d/0x770 [ 2881.384630][T21463] ksys_write+0xce/0x180 [ 2881.388861][T21463] __x64_sys_write+0x3e/0x50 [ 2881.393463][T21463] do_syscall_64+0x3d/0x90 [ 2881.397897][T21463] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 2881.403784][T21463] RIP: 0033:0x4665e9 [ 2881.407684][T21463] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2881.427300][T21463] RSP: 002b:00007fdb39a02188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2881.435712][T21463] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665e9 [ 2881.443684][T21463] RDX: 00000000fffffdef RSI: 0000000020000480 RDI: 0000000000000003 [ 2881.450399][T21470] loop5: detected capacity change from 0 to 264192 [ 2881.451644][T21463] RBP: 00007fdb39a021d0 R08: 0000000000000000 R09: 0000000000000000 [ 2881.466133][T21463] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2881.474168][T21463] R13: 00007ffca9e2055f R14: 00007fdb39a02300 R15: 0000000000022000 07:39:32 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 07:39:32 executing program 3: socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)) write$nbd(0xffffffffffffffff, &(0x7f0000000080)={0x67446698, 0x0, 0xffff}, 0xfec3) 07:39:32 executing program 5: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x0, 0x2, &(0x7f0000000440)=[{0x0, 0x0, 0x100000000}, {&(0x7f0000000400)="b6e4ba5e97a999bfce4e9bf4475031d183cbe1", 0x13, 0x3}], 0x415, &(0x7f0000000000)={[{@fat=@time_offset={'time_offset', 0x3d, 0xfffffffffffffc11}}]}) 07:39:32 executing program 0: write$nbd(0xffffffffffffffff, 0x0, 0xe7) write$nbd(0xffffffffffffffff, &(0x7f0000000080), 0x10) [ 2881.493313][T21470] FAT-fs (loop5): invalid media value (0xe1) [ 2881.499433][T21470] FAT-fs (loop5): Can't find a valid FAT filesystem 07:39:32 executing program 2 (fault-call:1 fault-nth:86): r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xfffffdef) 07:39:32 executing program 3: socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) write$nbd(r0, 0x0, 0x0) 07:39:32 executing program 0: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) syz_open_dev$ttys(0xc, 0x2, 0x0) write$nbd(r0, 0x0, 0xe7) write$nbd(r0, &(0x7f0000000080), 0x10) 07:39:32 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 2881.628065][T21493] loop5: detected capacity change from 0 to 264192 [ 2881.641767][T21500] FAULT_INJECTION: forcing a failure. [ 2881.641767][T21500] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2881.642723][T21493] FAT-fs (loop5): invalid media value (0xe1) [ 2881.654855][T21500] CPU: 0 PID: 21500 Comm: syz-executor.2 Not tainted 5.14.0-rc4-syzkaller #0 [ 2881.660853][T21493] FAT-fs (loop5): Can't find a valid FAT filesystem 07:39:32 executing program 0: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TEAM_CMD_NOOP(r1, &(0x7f00000031c0)={&(0x7f0000002c40)={0x10, 0x0, 0x0, 0x8800200}, 0xc, &(0x7f0000003180)={&(0x7f0000002e80)={0x14}, 0x14}}, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(r1, 0x8933, &(0x7f0000000000)) write$nbd(r0, 0x0, 0xe7) socket$netlink(0x10, 0x3, 0x1) write$nbd(r0, &(0x7f0000000080), 0x10) 07:39:32 executing program 4: write$nbd(0xffffffffffffffff, &(0x7f0000000080), 0x20000090) 07:39:32 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 2881.669553][T21500] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2881.669564][T21500] Call Trace: [ 2881.669572][T21500] dump_stack_lvl+0xb7/0x103 [ 2881.694059][T21500] dump_stack+0x11/0x1a [ 2881.698207][T21500] should_fail+0x23c/0x250 [ 2881.702625][T21500] should_fail_usercopy+0x16/0x20 [ 2881.707672][T21500] copy_page_from_iter_atomic+0x2c1/0xba0 [ 2881.713391][T21500] ? shmem_write_begin+0x7e/0x100 [ 2881.718408][T21500] generic_perform_write+0x1df/0x3c0 [ 2881.723738][T21500] ? shmem_write_begin+0x100/0x100 [ 2881.728883][T21500] __generic_file_write_iter+0x161/0x300 [ 2881.734530][T21500] ? generic_write_checks+0x242/0x290 [ 2881.739956][T21500] generic_file_write_iter+0x75/0x130 [ 2881.745362][T21500] vfs_write+0x69d/0x770 [ 2881.749642][T21500] ksys_write+0xce/0x180 [ 2881.753880][T21500] __x64_sys_write+0x3e/0x50 [ 2881.758465][T21500] do_syscall_64+0x3d/0x90 [ 2881.762951][T21500] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 2881.768913][T21500] RIP: 0033:0x4665e9 07:39:32 executing program 3: socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) write$nbd(r0, 0x0, 0x0) [ 2881.772796][T21500] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2881.792400][T21500] RSP: 002b:00007fdb39a02188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2881.800807][T21500] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665e9 [ 2881.808780][T21500] RDX: 00000000fffffdef RSI: 0000000020000480 RDI: 0000000000000003 [ 2881.816758][T21500] RBP: 00007fdb39a021d0 R08: 0000000000000000 R09: 0000000000000000 07:39:32 executing program 0: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r0, 0x408c5333, &(0x7f0000000040)={0xffff, 0x0, 0x0, 'queue1\x00', 0x2}) write$nbd(r0, 0x0, 0xe7) write$nbd(r0, &(0x7f0000000000), 0x10) 07:39:32 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 2881.824807][T21500] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2881.832831][T21500] R13: 00007ffca9e2055f R14: 00007fdb39a02300 R15: 0000000000022000 [ 2881.863438][T21493] loop5: detected capacity change from 0 to 264192 07:39:32 executing program 5: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x0, 0x2, &(0x7f0000000440)=[{0x0, 0x0, 0x100000000}, {&(0x7f0000000400)="b6e4ba5e97a999bfce4e9bf4475031d183cbe1", 0x13, 0x3}], 0x416, &(0x7f0000000000)={[{@fat=@time_offset={'time_offset', 0x3d, 0xfffffffffffffc11}}]}) 07:39:32 executing program 4: write$nbd(0xffffffffffffffff, &(0x7f0000000080), 0x20000090) [ 2881.874327][T21493] FAT-fs (loop5): invalid media value (0xe1) [ 2881.880407][T21493] FAT-fs (loop5): Can't find a valid FAT filesystem [ 2881.981239][T21544] loop5: detected capacity change from 0 to 264192 [ 2881.990206][T21544] FAT-fs (loop5): invalid media value (0xe1) [ 2881.996221][T21544] FAT-fs (loop5): Can't find a valid FAT filesystem 07:39:32 executing program 2 (fault-call:1 fault-nth:87): r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xfffffdef) 07:39:32 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 07:39:32 executing program 0: write$nbd(0xffffffffffffffff, 0x0, 0xe7) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TEAM_CMD_NOOP(r0, &(0x7f00000031c0)={&(0x7f0000002c40)={0x10, 0x0, 0x0, 0x8800200}, 0xc, &(0x7f0000003180)={&(0x7f0000002e80)={0x14}, 0x14}}, 0x0) sendmsg$BATADV_CMD_SET_HARDIF(r0, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000040)={0x24, 0x0, 0x100, 0x8001, 0x25dfdbfb, {}, [@BATADV_ATTR_AGGREGATED_OGMS_ENABLED={0x5}, @BATADV_ATTR_NETWORK_CODING_ENABLED={0x5, 0x38, 0x1}]}, 0x24}, 0x1, 0x0, 0x0, 0x40800}, 0x1) write$nbd(0xffffffffffffffff, &(0x7f0000000080), 0x10) 07:39:32 executing program 3: socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) write$nbd(r0, 0x0, 0x0) 07:39:32 executing program 4: write$nbd(0xffffffffffffffff, &(0x7f0000000080), 0x20000090) 07:39:32 executing program 5: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x0, 0x2, &(0x7f0000000440)=[{0x0, 0x0, 0x100000000}, {&(0x7f0000000400)="b6e4ba5e97a999bfce4e9bf4475031d183cbe1", 0x13, 0x3}], 0x417, &(0x7f0000000000)={[{@fat=@time_offset={'time_offset', 0x3d, 0xfffffffffffffc11}}]}) 07:39:32 executing program 3: socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) write$nbd(r0, &(0x7f0000000080), 0xfec3) [ 2882.086232][T21562] loop5: detected capacity change from 0 to 264192 [ 2882.094689][T21563] FAULT_INJECTION: forcing a failure. [ 2882.094689][T21563] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 2882.107945][T21563] CPU: 1 PID: 21563 Comm: syz-executor.2 Not tainted 5.14.0-rc4-syzkaller #0 [ 2882.116700][T21563] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2882.126803][T21563] Call Trace: [ 2882.130075][T21563] dump_stack_lvl+0xb7/0x103 [ 2882.133322][T21562] FAT-fs (loop5): invalid media value (0xe1) [ 2882.134660][T21563] dump_stack+0x11/0x1a [ 2882.134679][T21563] should_fail+0x23c/0x250 [ 2882.140681][T21562] FAT-fs (loop5): Can't find a valid FAT filesystem [ 2882.144807][T21563] __alloc_pages+0x102/0x320 [ 2882.160351][T21563] alloc_pages_vma+0x513/0x680 [ 2882.165126][T21563] shmem_getpage_gfp+0x954/0x13d0 [ 2882.170163][T21563] shmem_write_begin+0x7e/0x100 [ 2882.175009][T21563] generic_perform_write+0x196/0x3c0 [ 2882.180292][T21563] ? shmem_write_begin+0x100/0x100 [ 2882.185461][T21563] __generic_file_write_iter+0x161/0x300 [ 2882.191219][T21563] ? generic_write_checks+0x242/0x290 [ 2882.196618][T21563] generic_file_write_iter+0x75/0x130 [ 2882.202070][T21563] vfs_write+0x69d/0x770 [ 2882.206308][T21563] ksys_write+0xce/0x180 [ 2882.210599][T21563] __x64_sys_write+0x3e/0x50 [ 2882.215255][T21563] do_syscall_64+0x3d/0x90 [ 2882.219682][T21563] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 2882.225654][T21563] RIP: 0033:0x4665e9 07:39:33 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 07:39:33 executing program 4: r0 = openat$bsg(0xffffffffffffff9c, 0x0, 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000080), 0x20000090) 07:39:33 executing program 0: prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x2, 0xb36, &(0x7f0000000000)=0x1) r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, 0x0, 0xe7) write$nbd(r0, &(0x7f0000000080), 0x10) 07:39:33 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000010000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 2882.229535][T21563] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2882.249136][T21563] RSP: 002b:00007fdb39a02188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2882.257560][T21563] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665e9 [ 2882.265530][T21563] RDX: 00000000fffffdef RSI: 0000000020000480 RDI: 0000000000000003 [ 2882.273519][T21563] RBP: 00007fdb39a021d0 R08: 0000000000000000 R09: 0000000000000000 07:39:33 executing program 0: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, 0x0, 0xe7) r1 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) ioctl$KDSKBMODE(r1, 0x4b45, 0x0) ioctl$TIOCGISO7816(r1, 0x80285442, &(0x7f0000000040)) ioctl$KDSKBMODE(r0, 0x4b45, &(0x7f0000000000)=0x80000000000004) write$nbd(r0, &(0x7f0000000080)={0x67446698, 0x200}, 0x10) [ 2882.281566][T21563] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2882.289565][T21563] R13: 00007ffca9e2055f R14: 00007fdb39a02300 R15: 0000000000022000 [ 2882.318555][T21562] loop5: detected capacity change from 0 to 264192 07:39:33 executing program 2 (fault-call:1 fault-nth:88): r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xfffffdef) 07:39:33 executing program 3: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x0, 0x2, &(0x7f0000000440)=[{0x0, 0x0, 0x100000000}, {&(0x7f0000000400)="b6e4ba5e97a999bfce4e9bf4475031d183cbe1", 0x13, 0xd}], 0x0, &(0x7f0000000000)={[{@fat=@time_offset={'time_offset', 0x3d, 0xfffffffffffffc11}}]}) 07:39:33 executing program 0: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, 0x0, 0xe7) write$nbd(r0, &(0x7f0000000080), 0x10) r1 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000000), 0x428400, 0x0) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r1, 0xc0502100, &(0x7f00000000c0)) 07:39:33 executing program 4: r0 = openat$bsg(0xffffffffffffff9c, 0x0, 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000080), 0x20000090) 07:39:33 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000100000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 2882.337219][T21562] FAT-fs (loop5): invalid media value (0xe1) [ 2882.343251][T21562] FAT-fs (loop5): Can't find a valid FAT filesystem 07:39:33 executing program 5: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x0, 0x2, &(0x7f0000000440)=[{0x0, 0x0, 0x100000000}, {&(0x7f0000000400)="b6e4ba5e97a999bfce4e9bf4475031d183cbe1", 0x13, 0x3}], 0x418, &(0x7f0000000000)={[{@fat=@time_offset={'time_offset', 0x3d, 0xfffffffffffffc11}}]}) 07:39:33 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 07:39:33 executing program 4: r0 = openat$bsg(0xffffffffffffff9c, 0x0, 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000080), 0x20000090) [ 2882.442677][T21610] loop5: detected capacity change from 0 to 264192 [ 2882.444316][T21605] FAULT_INJECTION: forcing a failure. [ 2882.444316][T21605] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2882.462749][T21605] CPU: 1 PID: 21605 Comm: syz-executor.2 Not tainted 5.14.0-rc4-syzkaller #0 [ 2882.471508][T21605] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2882.481567][T21605] Call Trace: [ 2882.484840][T21605] dump_stack_lvl+0xb7/0x103 [ 2882.489435][T21605] dump_stack+0x11/0x1a [ 2882.493598][T21605] should_fail+0x23c/0x250 [ 2882.495812][T21610] FAT-fs (loop5): invalid media value (0xe1) [ 2882.498011][T21605] should_fail_usercopy+0x16/0x20 [ 2882.504002][T21610] FAT-fs (loop5): Can't find a valid FAT filesystem [ 2882.509004][T21605] copy_page_from_iter_atomic+0x2c1/0xba0 [ 2882.521280][T21605] ? shmem_write_begin+0x7e/0x100 [ 2882.526302][T21605] generic_perform_write+0x1df/0x3c0 [ 2882.531588][T21605] ? shmem_write_begin+0x100/0x100 [ 2882.536741][T21605] __generic_file_write_iter+0x161/0x300 07:39:33 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x101000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 07:39:33 executing program 3: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000000)=ANY=[], 0xe7) socket$netlink(0x10, 0x3, 0x8) write$nbd(r0, &(0x7f0000000080), 0x10) 07:39:33 executing program 0: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, 0x0, 0xe7) eventfd2(0x7453, 0x2) write$nbd(r0, &(0x7f0000000080), 0x10) [ 2882.542406][T21605] ? generic_write_checks+0x242/0x290 [ 2882.547769][T21605] generic_file_write_iter+0x75/0x130 [ 2882.553196][T21605] vfs_write+0x69d/0x770 [ 2882.557432][T21605] ksys_write+0xce/0x180 [ 2882.561727][T21605] __x64_sys_write+0x3e/0x50 [ 2882.566401][T21605] do_syscall_64+0x3d/0x90 [ 2882.570857][T21605] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 2882.576755][T21605] RIP: 0033:0x4665e9 07:39:33 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x102000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 2882.580639][T21605] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2882.600241][T21605] RSP: 002b:00007fdb39a02188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2882.608645][T21605] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665e9 [ 2882.616613][T21605] RDX: 00000000fffffdef RSI: 0000000020000480 RDI: 0000000000000003 [ 2882.624575][T21605] RBP: 00007fdb39a021d0 R08: 0000000000000000 R09: 0000000000000000 [ 2882.632629][T21605] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2882.640590][T21605] R13: 00007ffca9e2055f R14: 00007fdb39a02300 R15: 0000000000022000 [ 2882.694536][T21610] loop5: detected capacity change from 0 to 264192 [ 2882.708737][T21610] FAT-fs (loop5): invalid media value (0xe1) [ 2882.714763][T21610] FAT-fs (loop5): Can't find a valid FAT filesystem 07:39:33 executing program 2 (fault-call:1 fault-nth:89): r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xfffffdef) 07:39:33 executing program 4: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) write$nbd(r0, &(0x7f0000000080), 0x20000090) 07:39:33 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x103000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 07:39:33 executing program 0: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x10402, 0x0) write$nbd(r0, 0x0, 0xe7) write$nbd(r0, &(0x7f0000000080), 0x10) 07:39:33 executing program 3: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000140), 0x80000, 0x0) ioctl$sock_ipv6_tunnel_SIOCCHGPRL(r0, 0x89f7, &(0x7f0000000200)={'ip6gre0\x00', &(0x7f0000000180)={'ip6tnl0\x00', 0x0, 0x4, 0x40, 0x20, 0x9a0b, 0x42, @ipv4={'\x00', '\xff\xff', @remote}, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0x700, 0x1, 0x4, 0x10001}}) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000000680), r2) sendmsg$NLBL_MGMT_C_LISTALL(r2, &(0x7f0000000500)={&(0x7f0000000400), 0xc, &(0x7f00000004c0)={&(0x7f0000000440)=ANY=[], 0x50}}, 0x80) sendmsg$NLBL_MGMT_C_REMOVE(r2, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000840)=ANY=[@ANYBLOB="34000000bd93778f5672deedafc216a5e42f1cf1dc577bf38b352d4474ee77cd160bc03e5a930032e8b55473e0ad9256a31eee15a2e4f5710d809af756d1741cb0deb80f8be40a4a45ae788257adcd2cb0737cb005654e3b704d043e357b04aa9034", @ANYRES16=0x0, @ANYBLOB="20002dbd7000fcdbdf2502000000080007000a01010108000c00020000000800040001000000080008000a010102"], 0x34}, 0x1, 0x0, 0x0, 0x40080}, 0x1c11) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TEAM_CMD_NOOP(r3, &(0x7f00000031c0)={&(0x7f0000002c40)={0x10, 0x0, 0x0, 0x8800200}, 0xc, &(0x7f0000003180)={&(0x7f0000002e80)={0x14}, 0x14}}, 0x0) ioctl$sock_ipv6_tunnel_SIOCCHGPRL(r0, 0x89f7, &(0x7f0000000300)={'sit0\x00', &(0x7f0000000280)={'syztnl0\x00', r1, 0x4, 0x4, 0x20, 0x9, 0xc, @initdev={0xfe, 0x88, '\x00', 0x2, 0x0}, @mcast1, 0x40, 0x700, 0x7ff, 0x8}}) ioctl$sock_ipv6_tunnel_SIOCCHGPRL(r0, 0x89f7, &(0x7f0000000080)={'syztnl2\x00', &(0x7f0000000600)={'ip6tnl0\x00', r1, 0x2f, 0x6, 0x9, 0x3f, 0x22, @private1={0xfc, 0x1, '\x00', 0x1}, @private2={0xfc, 0x2, '\x00', 0x1}, 0x8000, 0x7, 0x4, 0xff}}) getsockname$packet(r0, &(0x7f0000000340)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f00000003c0)={'team0\x00', 0x0}) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f00000005c0)={'ip6gre0\x00', &(0x7f0000000540)={'syztnl0\x00', r1, 0x2, 0x40, 0x1, 0x3f, 0x50, @mcast1, @empty, 0x40, 0x40, 0x80000001, 0xff}}) sendmsg$TEAM_CMD_NOOP(r3, &(0x7f0000000480)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000440)={&(0x7f00000006c0)={0x164, 0x0, 0x400, 0x70bd2a, 0x25dfdbfc, {}, [{{0x8, 0x1, r4}, {0x4}}, {{0x8, 0x1, r5}, {0xf4, 0x2, 0x0, 0x1, [{0x38, 0x1, @mcast_rejoin_interval={{0x24}, {0x5}, {0x8, 0x4, 0x1e1c}}}, {0x40, 0x1, @lb_port_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x2}}, {0x8, 0x6, r1}}}, {0x38, 0x1, @lb_stats_refresh_interval={{0x24}, {0x5}, {0x8, 0x4, 0x6aa}}}, {0x40, 0x1, @name={{0x24}, {0x5}, {0x10, 0x4, 'loadbalance\x00'}}}]}}, {{0x8, 0x1, r6}, {0x40, 0x2, 0x0, 0x1, [{0x3c, 0x1, @lb_tx_method={{0x24}, {0x5}, {0x9, 0x4, 'hash\x00'}}}]}}]}, 0x164}, 0x1, 0x0, 0x0, 0x4000}, 0x4004000) r7 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x4d0501, 0x0) write$nbd(r7, 0x0, 0x7fffffffffffffff) 07:39:33 executing program 5: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x0, 0x2, &(0x7f0000000440)=[{0x0, 0x0, 0x100000000}, {&(0x7f0000000400)="b6e4ba5e97a999bfce4e9bf4475031d183cbe1", 0x13, 0x3}], 0x419, &(0x7f0000000000)={[{@fat=@time_offset={'time_offset', 0x3d, 0xfffffffffffffc11}}]}) [ 2882.805568][T21646] FAULT_INJECTION: forcing a failure. [ 2882.805568][T21646] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 2882.818816][T21646] CPU: 1 PID: 21646 Comm: syz-executor.2 Not tainted 5.14.0-rc4-syzkaller #0 [ 2882.827574][T21646] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2882.837647][T21646] Call Trace: [ 2882.840969][T21646] dump_stack_lvl+0xb7/0x103 [ 2882.845554][T21646] dump_stack+0x11/0x1a [ 2882.849703][T21646] should_fail+0x23c/0x250 07:39:33 executing program 0: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, 0x0, 0xe7) write$nbd(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="9800"/13], 0x10) 07:39:33 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x104000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 2882.854147][T21646] __alloc_pages+0x102/0x320 [ 2882.858732][T21646] alloc_pages_vma+0x513/0x680 [ 2882.863491][T21646] shmem_getpage_gfp+0x954/0x13d0 [ 2882.868589][T21646] shmem_write_begin+0x7e/0x100 [ 2882.873434][T21646] generic_perform_write+0x196/0x3c0 [ 2882.878742][T21646] ? shmem_write_begin+0x100/0x100 [ 2882.883851][T21646] __generic_file_write_iter+0x161/0x300 [ 2882.889482][T21646] ? generic_write_checks+0x242/0x290 [ 2882.894944][T21646] generic_file_write_iter+0x75/0x130 [ 2882.900318][T21646] vfs_write+0x69d/0x770 07:39:33 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x105000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 2882.904624][T21646] ksys_write+0xce/0x180 [ 2882.908862][T21646] __x64_sys_write+0x3e/0x50 [ 2882.913452][T21646] do_syscall_64+0x3d/0x90 [ 2882.917939][T21646] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 2882.923835][T21646] RIP: 0033:0x4665e9 [ 2882.925928][T21658] loop5: detected capacity change from 0 to 264192 [ 2882.927781][T21646] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2882.927855][T21646] RSP: 002b:00007fdb39a02188 EFLAGS: 00000246 [ 2882.942010][T21658] FAT-fs (loop5): invalid media value (0xe1) [ 2882.954030][T21646] ORIG_RAX: 0000000000000001 [ 2882.954041][T21646] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665e9 [ 2882.954054][T21646] RDX: 00000000fffffdef RSI: 0000000020000480 RDI: 0000000000000003 [ 2882.954064][T21646] RBP: 00007fdb39a021d0 R08: 0000000000000000 R09: 0000000000000000 [ 2882.954075][T21646] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 07:39:33 executing program 4: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) write$nbd(r0, &(0x7f0000000080), 0x20000090) 07:39:33 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 07:39:33 executing program 2 (fault-call:1 fault-nth:90): r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xfffffdef) 07:39:33 executing program 3: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4c0501, 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_CLIENT(r0, 0x404c534a, &(0x7f0000000000)={0x8000, 0x9}) write$nbd(r0, 0x0, 0x7fffffffffffffff) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TEMPO(r0, 0xc02c5341, &(0x7f00000002c0)) ioctl$SNDRV_SEQ_IOCTL_SET_PORT_INFO(0xffffffffffffffff, 0x40a85323, &(0x7f0000000340)={{0x6}, 'port1\x00', 0xc, 0x80008, 0xfff, 0x7, 0x9, 0x7463, 0x7ff, 0x0, 0x0, 0x3}) r1 = syz_genetlink_get_family_id$batadv(&(0x7f00000001c0), r0) ioctl$SECCOMP_IOCTL_NOTIF_SEND(r0, 0xc0182101, &(0x7f0000000400)={0x0, 0x7, 0x20}) r2 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) ioctl$KDSKBMODE(r2, 0x4b45, 0x0) ioctl$TIOCSTI(r2, 0x5412, &(0x7f0000000440)=0x5) sendmsg$BATADV_CMD_GET_TRANSTABLE_GLOBAL(r0, &(0x7f0000000280)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000240)={&(0x7f0000000200)={0x3c, r1, 0x100, 0x70bd2d, 0x25dfdbfd, {}, [@BATADV_ATTR_BONDING_ENABLED={0x5}, @BATADV_ATTR_AGGREGATED_OGMS_ENABLED={0x5, 0x29, 0x1}, @BATADV_ATTR_MESH_IFINDEX={0x8}, @BATADV_ATTR_AGGREGATED_OGMS_ENABLED={0x5}, @BATADV_ATTR_ELP_INTERVAL={0x8, 0x3a, 0x81}]}, 0x3c}, 0x1, 0x0, 0x0, 0x40000}, 0x50) ioctl$SNDRV_SEQ_IOCTL_GET_CLIENT_INFO(r0, 0xc0bc5310, &(0x7f0000000080)) [ 2882.960149][T21658] FAT-fs (loop5): Can't find a valid FAT filesystem [ 2882.966087][T21646] R13: 00007ffca9e2055f R14: 00007fdb39a02300 R15: 0000000000022000 [ 2883.058292][T21676] FAULT_INJECTION: forcing a failure. [ 2883.058292][T21676] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2883.071459][T21676] CPU: 0 PID: 21676 Comm: syz-executor.2 Not tainted 5.14.0-rc4-syzkaller #0 [ 2883.080220][T21676] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2883.090366][T21676] Call Trace: [ 2883.093642][T21676] dump_stack_lvl+0xb7/0x103 [ 2883.098237][T21676] dump_stack+0x11/0x1a [ 2883.102386][T21676] should_fail+0x23c/0x250 [ 2883.106805][T21676] should_fail_usercopy+0x16/0x20 [ 2883.111832][T21676] copy_page_from_iter_atomic+0x2c1/0xba0 [ 2883.117558][T21676] ? shmem_write_begin+0x7e/0x100 [ 2883.122640][T21676] generic_perform_write+0x1df/0x3c0 [ 2883.127984][T21676] ? shmem_write_begin+0x100/0x100 [ 2883.133094][T21676] __generic_file_write_iter+0x161/0x300 [ 2883.138725][T21676] ? generic_write_checks+0x242/0x290 [ 2883.144132][T21676] generic_file_write_iter+0x75/0x130 [ 2883.149503][T21676] vfs_write+0x69d/0x770 [ 2883.153748][T21676] ksys_write+0xce/0x180 07:39:34 executing program 0: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, 0x0, 0xe7) write$nbd(r0, &(0x7f0000000240)=ANY=[], 0x10) 07:39:34 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x201000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 07:39:34 executing program 4: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) write$nbd(r0, &(0x7f0000000080), 0x20000090) [ 2883.157987][T21676] __x64_sys_write+0x3e/0x50 [ 2883.162576][T21676] do_syscall_64+0x3d/0x90 [ 2883.166991][T21676] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 2883.172947][T21676] RIP: 0033:0x4665e9 [ 2883.176865][T21676] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2883.196485][T21676] RSP: 002b:00007fdb39a02188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 07:39:34 executing program 4: openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(0xffffffffffffffff, &(0x7f0000000080), 0x20000090) [ 2883.204893][T21676] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665e9 [ 2883.212861][T21676] RDX: 00000000fffffdef RSI: 0000000020000480 RDI: 0000000000000003 [ 2883.220916][T21676] RBP: 00007fdb39a021d0 R08: 0000000000000000 R09: 0000000000000000 [ 2883.228883][T21676] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2883.236850][T21676] R13: 00007ffca9e2055f R14: 00007fdb39a02300 R15: 0000000000022000 07:39:34 executing program 5: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x0, 0x2, &(0x7f0000000440)=[{0x0, 0x0, 0x100000000}, {&(0x7f0000000400)="b6e4ba5e97a999bfce4e9bf4475031d183cbe1", 0x13, 0x3}], 0x41a, &(0x7f0000000000)={[{@fat=@time_offset={'time_offset', 0x3d, 0xfffffffffffffc11}}]}) 07:39:34 executing program 3: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xe7) write$nbd(r0, &(0x7f0000000080), 0x7fffffffffffff18) 07:39:34 executing program 4: openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(0xffffffffffffffff, &(0x7f0000000080), 0x20000090) 07:39:34 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x202000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 07:39:34 executing program 0: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x208841, 0x0) write$nbd(r0, 0x0, 0xe7) r1 = syz_io_uring_setup(0x420c, &(0x7f0000000000)={0x0, 0xefc0, 0x0, 0x1, 0x0, 0x0, r0}, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000000c0), &(0x7f0000000100)) mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x1, 0x12, r1, 0x10000000) r2 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000700), 0x40000, 0x0) recvmsg$unix(r2, &(0x7f0000000b80)={&(0x7f0000000740), 0x6e, 0x0}, 0x0) io_uring_register$IORING_REGISTER_EVENTFD_ASYNC(r2, 0x7, &(0x7f0000000140)=r0, 0x1) write$nbd(r0, &(0x7f00000001c0)=ANY=[@ANYBLOB="67446698000000245f0a5817e75584d3e5e84c55c10571cd7b1ce11e8a3052b51e4d2c4c38bbc8f51e3a55b65cd33c4af0f4561f34bf"], 0x10) [ 2883.271764][T21658] loop5: detected capacity change from 0 to 264192 [ 2883.301285][T21658] FAT-fs (loop5): invalid media value (0xe1) [ 2883.307373][T21658] FAT-fs (loop5): Can't find a valid FAT filesystem 07:39:34 executing program 3: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xe7) write$nbd(r0, &(0x7f0000000080), 0x7fffffffffffff18) [ 2883.397896][T21729] loop5: detected capacity change from 0 to 264192 [ 2883.444612][T21729] FAT-fs (loop5): invalid media value (0xe1) [ 2883.450651][T21729] FAT-fs (loop5): Can't find a valid FAT filesystem 07:39:34 executing program 2 (fault-call:1 fault-nth:91): r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xfffffdef) 07:39:34 executing program 4: openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(0xffffffffffffffff, &(0x7f0000000080), 0x20000090) 07:39:34 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x203000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 07:39:34 executing program 0: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, 0x0, 0xe7) write$nbd(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="67441576eb0475a83c834d0000000000"], 0x10) 07:39:34 executing program 3: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xe7) write$nbd(r0, &(0x7f0000000080), 0x7fffffffffffff18) 07:39:34 executing program 5: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x0, 0x2, &(0x7f0000000440)=[{0x0, 0x0, 0x100000000}, {&(0x7f0000000400)="b6e4ba5e97a999bfce4e9bf4475031d183cbe1", 0x13, 0x3}], 0x41b, &(0x7f0000000000)={[{@fat=@time_offset={'time_offset', 0x3d, 0xfffffffffffffc11}}]}) [ 2883.495149][T21729] loop5: detected capacity change from 0 to 264192 [ 2883.502118][T21729] FAT-fs (loop5): invalid media value (0xe1) [ 2883.508192][T21729] FAT-fs (loop5): Can't find a valid FAT filesystem [ 2883.574665][T21752] loop5: detected capacity change from 0 to 264192 [ 2883.586199][T21755] FAULT_INJECTION: forcing a failure. [ 2883.586199][T21755] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 2883.594568][T21752] FAT-fs (loop5): invalid media value (0xe1) [ 2883.599433][T21755] CPU: 0 PID: 21755 Comm: syz-executor.2 Not tainted 5.14.0-rc4-syzkaller #0 [ 2883.605396][T21752] FAT-fs (loop5): Can't find a valid FAT filesystem 07:39:34 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x204000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 07:39:34 executing program 0: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x208841, 0x0) write$nbd(r0, 0x0, 0xe7) r1 = syz_io_uring_setup(0x420c, &(0x7f0000000000)={0x0, 0xefc0, 0x0, 0x1, 0x0, 0x0, r0}, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000000c0), &(0x7f0000000100)) mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x1, 0x12, r1, 0x10000000) r2 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000700), 0x40000, 0x0) recvmsg$unix(r2, &(0x7f0000000b80)={&(0x7f0000000740), 0x6e, 0x0}, 0x0) io_uring_register$IORING_REGISTER_EVENTFD_ASYNC(r2, 0x7, &(0x7f0000000140)=r0, 0x1) write$nbd(r0, &(0x7f00000001c0)=ANY=[@ANYBLOB="67446698000000245f0a5817e75584d3e5e84c55c10571cd7b1ce11e8a3052b51e4d2c4c38bbc8f51e3a55b65cd33c4af0f4561f34bf"], 0x10) [ 2883.614145][T21755] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2883.614158][T21755] Call Trace: [ 2883.614165][T21755] dump_stack_lvl+0xb7/0x103 [ 2883.614184][T21755] dump_stack+0x11/0x1a [ 2883.642772][T21755] should_fail+0x23c/0x250 [ 2883.647209][T21755] __alloc_pages+0x102/0x320 [ 2883.651809][T21755] alloc_pages_vma+0x513/0x680 [ 2883.656575][T21755] shmem_getpage_gfp+0x954/0x13d0 [ 2883.661683][T21755] shmem_write_begin+0x7e/0x100 [ 2883.666565][T21755] generic_perform_write+0x196/0x3c0 07:39:34 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x205000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 07:39:34 executing program 4: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, 0x0, 0x0) [ 2883.671893][T21755] ? shmem_write_begin+0x100/0x100 [ 2883.677054][T21755] __generic_file_write_iter+0x161/0x300 [ 2883.682709][T21755] ? generic_write_checks+0x242/0x290 [ 2883.688077][T21755] generic_file_write_iter+0x75/0x130 [ 2883.693452][T21755] vfs_write+0x69d/0x770 [ 2883.697687][T21755] ksys_write+0xce/0x180 [ 2883.701919][T21755] __x64_sys_write+0x3e/0x50 [ 2883.706520][T21755] do_syscall_64+0x3d/0x90 [ 2883.711018][T21755] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 2883.716953][T21755] RIP: 0033:0x4665e9 07:39:34 executing program 3: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000080), 0x7fffffffffffff18) [ 2883.720835][T21755] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2883.740513][T21755] RSP: 002b:00007fdb39a02188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2883.749097][T21755] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665e9 [ 2883.757083][T21755] RDX: 00000000fffffdef RSI: 0000000020000480 RDI: 0000000000000003 [ 2883.765167][T21755] RBP: 00007fdb39a021d0 R08: 0000000000000000 R09: 0000000000000000 07:39:34 executing program 0: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x208841, 0x0) write$nbd(r0, 0x0, 0xe7) r1 = syz_io_uring_setup(0x420c, &(0x7f0000000000)={0x0, 0xefc0, 0x0, 0x1, 0x0, 0x0, r0}, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000000c0), &(0x7f0000000100)) mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x1, 0x12, r1, 0x10000000) r2 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000700), 0x40000, 0x0) recvmsg$unix(r2, &(0x7f0000000b80)={&(0x7f0000000740), 0x6e, 0x0}, 0x0) io_uring_register$IORING_REGISTER_EVENTFD_ASYNC(r2, 0x7, &(0x7f0000000140)=r0, 0x1) write$nbd(r0, &(0x7f00000001c0)=ANY=[@ANYBLOB="67446698000000245f0a5817e75584d3e5e84c55c10571cd7b1ce11e8a3052b51e4d2c4c38bbc8f51e3a55b65cd33c4af0f4561f34bf"], 0x10) [ 2883.773158][T21755] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2883.781272][T21755] R13: 00007ffca9e2055f R14: 00007fdb39a02300 R15: 0000000000022000 07:39:34 executing program 2 (fault-call:1 fault-nth:92): r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xfffffdef) 07:39:34 executing program 4: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, 0x0, 0x0) 07:39:34 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x300000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 07:39:34 executing program 3: write$nbd(0xffffffffffffffff, &(0x7f0000000080), 0x7fffffffffffff18) 07:39:34 executing program 0: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x208841, 0x0) write$nbd(r0, 0x0, 0xe7) r1 = syz_io_uring_setup(0x420c, &(0x7f0000000000)={0x0, 0xefc0, 0x0, 0x1, 0x0, 0x0, r0}, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000000c0), &(0x7f0000000100)) mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x1, 0x12, r1, 0x10000000) r2 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000700), 0x40000, 0x0) recvmsg$unix(r2, &(0x7f0000000b80)={&(0x7f0000000740), 0x6e, 0x0}, 0x0) io_uring_register$IORING_REGISTER_EVENTFD_ASYNC(r2, 0x7, &(0x7f0000000140)=r0, 0x1) write$nbd(r0, &(0x7f00000001c0)=ANY=[@ANYBLOB="67446698000000245f0a5817e75584d3e5e84c55c10571cd7b1ce11e8a3052b51e4d2c4c38bbc8f51e3a55b65cd33c4af0f4561f34bf"], 0x10) [ 2883.825043][T21752] loop5: detected capacity change from 0 to 264192 [ 2883.838331][T21752] FAT-fs (loop5): invalid media value (0xe1) [ 2883.844357][T21752] FAT-fs (loop5): Can't find a valid FAT filesystem 07:39:34 executing program 5: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x0, 0x2, &(0x7f0000000440)=[{0x0, 0x0, 0x100000000}, {&(0x7f0000000400)="b6e4ba5e97a999bfce4e9bf4475031d183cbe1", 0x13, 0x3}], 0x500, &(0x7f0000000000)={[{@fat=@time_offset={'time_offset', 0x3d, 0xfffffffffffffc11}}]}) [ 2883.922801][T21798] FAULT_INJECTION: forcing a failure. [ 2883.922801][T21798] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2883.935908][T21798] CPU: 1 PID: 21798 Comm: syz-executor.2 Not tainted 5.14.0-rc4-syzkaller #0 [ 2883.944686][T21798] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2883.954739][T21798] Call Trace: [ 2883.958017][T21798] dump_stack_lvl+0xb7/0x103 [ 2883.962607][T21798] dump_stack+0x11/0x1a [ 2883.966754][T21798] should_fail+0x23c/0x250 [ 2883.971194][T21798] should_fail_usercopy+0x16/0x20 [ 2883.976256][T21798] copy_page_from_iter_atomic+0x2c1/0xba0 [ 2883.981976][T21798] ? shmem_write_begin+0x7e/0x100 [ 2883.987010][T21798] generic_perform_write+0x1df/0x3c0 [ 2883.992290][T21798] ? shmem_write_begin+0x100/0x100 [ 2883.997396][T21798] __generic_file_write_iter+0x161/0x300 [ 2884.003091][T21798] ? generic_write_checks+0x242/0x290 [ 2884.008465][T21798] generic_file_write_iter+0x75/0x130 [ 2884.013845][T21798] vfs_write+0x69d/0x770 [ 2884.018165][T21798] ksys_write+0xce/0x180 [ 2884.022403][T21798] __x64_sys_write+0x3e/0x50 [ 2884.025750][T21802] loop5: detected capacity change from 0 to 264192 [ 2884.026992][T21798] do_syscall_64+0x3d/0x90 [ 2884.037968][T21798] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 2884.043935][T21798] RIP: 0033:0x4665e9 [ 2884.047828][T21798] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 07:39:34 executing program 3: write$nbd(0xffffffffffffffff, &(0x7f0000000080), 0x7fffffffffffff18) 07:39:34 executing program 0: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x208841, 0x0) write$nbd(r0, 0x0, 0xe7) r1 = syz_io_uring_setup(0x420c, &(0x7f0000000000)={0x0, 0xefc0, 0x0, 0x1, 0x0, 0x0, r0}, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000000c0), &(0x7f0000000100)) mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x1, 0x12, r1, 0x10000000) r2 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000700), 0x40000, 0x0) recvmsg$unix(r2, &(0x7f0000000b80)={&(0x7f0000000740), 0x6e, 0x0}, 0x0) io_uring_register$IORING_REGISTER_EVENTFD_ASYNC(r2, 0x7, &(0x7f0000000140)=r0, 0x1) 07:39:34 executing program 4: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, 0x0, 0x0) 07:39:34 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x301000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 2884.067422][T21798] RSP: 002b:00007fdb39a02188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2884.075858][T21798] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665e9 [ 2884.083826][T21798] RDX: 00000000fffffdef RSI: 0000000020000480 RDI: 0000000000000003 [ 2884.086673][T21802] FAT-fs (loop5): invalid media value (0xe1) [ 2884.091786][T21798] RBP: 00007fdb39a021d0 R08: 0000000000000000 R09: 0000000000000000 [ 2884.091822][T21798] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2884.091832][T21798] R13: 00007ffca9e2055f R14: 00007fdb39a02300 R15: 0000000000022000 07:39:35 executing program 0: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x208841, 0x0) write$nbd(r0, 0x0, 0xe7) r1 = syz_io_uring_setup(0x420c, &(0x7f0000000000)={0x0, 0xefc0, 0x0, 0x1, 0x0, 0x0, r0}, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000000c0), &(0x7f0000000100)) mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x1, 0x12, r1, 0x10000000) r2 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000700), 0x40000, 0x0) recvmsg$unix(r2, &(0x7f0000000b80)={&(0x7f0000000740), 0x6e, 0x0}, 0x0) 07:39:35 executing program 3: write$nbd(0xffffffffffffffff, &(0x7f0000000080), 0x7fffffffffffff18) [ 2884.097804][T21802] FAT-fs (loop5): Can't find a valid FAT filesystem 07:39:35 executing program 2 (fault-call:1 fault-nth:93): r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xfffffdef) 07:39:35 executing program 4: openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(0xffffffffffffffff, &(0x7f0000000080), 0x20000090) 07:39:35 executing program 0: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x208841, 0x0) write$nbd(r0, 0x0, 0xe7) r1 = syz_io_uring_setup(0x420c, &(0x7f0000000000)={0x0, 0xefc0, 0x0, 0x1, 0x0, 0x0, r0}, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000000c0), &(0x7f0000000100)) mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x1, 0x12, r1, 0x10000000) openat$bsg(0xffffffffffffff9c, &(0x7f0000000700), 0x40000, 0x0) 07:39:35 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x302000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 07:39:35 executing program 3: r0 = openat$bsg(0xffffffffffffff9c, 0x0, 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000080), 0x7fffffffffffff18) [ 2884.263193][T21802] loop5: detected capacity change from 0 to 264192 [ 2884.276633][T21802] FAT-fs (loop5): invalid media value (0xe1) [ 2884.282689][T21802] FAT-fs (loop5): Can't find a valid FAT filesystem [ 2884.321704][T21840] FAULT_INJECTION: forcing a failure. [ 2884.321704][T21840] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 2884.334993][T21840] CPU: 1 PID: 21840 Comm: syz-executor.2 Not tainted 5.14.0-rc4-syzkaller #0 [ 2884.343757][T21840] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2884.353904][T21840] Call Trace: [ 2884.357221][T21840] dump_stack_lvl+0xb7/0x103 [ 2884.361810][T21840] dump_stack+0x11/0x1a [ 2884.365999][T21840] should_fail+0x23c/0x250 [ 2884.370467][T21840] __alloc_pages+0x102/0x320 [ 2884.375058][T21840] alloc_pages_vma+0x513/0x680 [ 2884.379824][T21840] shmem_getpage_gfp+0x954/0x13d0 [ 2884.384949][T21840] shmem_write_begin+0x7e/0x100 [ 2884.389801][T21840] generic_perform_write+0x196/0x3c0 [ 2884.395089][T21840] ? shmem_write_begin+0x100/0x100 [ 2884.400197][T21840] __generic_file_write_iter+0x161/0x300 [ 2884.405883][T21840] ? generic_write_checks+0x242/0x290 [ 2884.411253][T21840] generic_file_write_iter+0x75/0x130 [ 2884.416682][T21840] vfs_write+0x69d/0x770 [ 2884.420940][T21840] ksys_write+0xce/0x180 [ 2884.425196][T21840] __x64_sys_write+0x3e/0x50 [ 2884.429790][T21840] do_syscall_64+0x3d/0x90 [ 2884.434215][T21840] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 2884.440117][T21840] RIP: 0033:0x4665e9 [ 2884.444041][T21840] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2884.463644][T21840] RSP: 002b:00007fdb39a02188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 07:39:35 executing program 5: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x0, 0x2, &(0x7f0000000440)=[{0x0, 0x0, 0x100000000}, {&(0x7f0000000400)="b6e4ba5e97a999bfce4e9bf4475031d183cbe1", 0x13, 0x3}], 0x600, &(0x7f0000000000)={[{@fat=@time_offset={'time_offset', 0x3d, 0xfffffffffffffc11}}]}) 07:39:35 executing program 3: r0 = openat$bsg(0xffffffffffffff9c, 0x0, 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000080), 0x7fffffffffffff18) 07:39:35 executing program 0: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x208841, 0x0) write$nbd(r0, 0x0, 0xe7) r1 = syz_io_uring_setup(0x420c, &(0x7f0000000000)={0x0, 0xefc0, 0x0, 0x1, 0x0, 0x0, r0}, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000000c0), &(0x7f0000000100)) mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x1, 0x12, r1, 0x10000000) 07:39:35 executing program 3: r0 = openat$bsg(0xffffffffffffff9c, 0x0, 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000080), 0x7fffffffffffff18) 07:39:35 executing program 0: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x208841, 0x0) write$nbd(r0, 0x0, 0xe7) mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x1, 0x12, 0xffffffffffffffff, 0x10000000) 07:39:35 executing program 0: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x208841, 0x0) write$nbd(r0, 0x0, 0xe7) mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x1, 0x12, 0xffffffffffffffff, 0x10000000) 07:39:35 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x303000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 2884.472058][T21840] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665e9 [ 2884.480031][T21840] RDX: 00000000fffffdef RSI: 0000000020000480 RDI: 0000000000000003 [ 2884.488072][T21840] RBP: 00007fdb39a021d0 R08: 0000000000000000 R09: 0000000000000000 [ 2884.496039][T21840] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2884.504068][T21840] R13: 00007ffca9e2055f R14: 00007fdb39a02300 R15: 0000000000022000 07:39:35 executing program 2 (fault-call:1 fault-nth:94): r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xfffffdef) 07:39:35 executing program 4: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xe7) write$nbd(r0, &(0x7f0000000080), 0x20000090) 07:39:35 executing program 3: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) write$nbd(r0, &(0x7f0000000080), 0x7fffffffffffff18) 07:39:35 executing program 0: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x208841, 0x0) write$nbd(r0, 0x0, 0xe7) mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x1, 0x12, 0xffffffffffffffff, 0x10000000) [ 2884.560968][T21867] loop5: detected capacity change from 0 to 264192 [ 2884.584928][T21867] FAT-fs (loop5): invalid media value (0xe1) [ 2884.590981][T21867] FAT-fs (loop5): Can't find a valid FAT filesystem [ 2884.620370][T21874] FAULT_INJECTION: forcing a failure. [ 2884.620370][T21874] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2884.633485][T21874] CPU: 1 PID: 21874 Comm: syz-executor.2 Not tainted 5.14.0-rc4-syzkaller #0 [ 2884.642243][T21874] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2884.652286][T21874] Call Trace: [ 2884.655583][T21874] dump_stack_lvl+0xb7/0x103 [ 2884.660177][T21874] dump_stack+0x11/0x1a [ 2884.664384][T21874] should_fail+0x23c/0x250 07:39:35 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x304000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 2884.668872][T21874] should_fail_usercopy+0x16/0x20 [ 2884.673897][T21874] copy_page_from_iter_atomic+0x2c1/0xba0 [ 2884.679625][T21874] ? shmem_write_begin+0x7e/0x100 [ 2884.684669][T21874] generic_perform_write+0x1df/0x3c0 [ 2884.689945][T21874] ? shmem_write_begin+0x100/0x100 [ 2884.695090][T21874] __generic_file_write_iter+0x161/0x300 [ 2884.700871][T21874] ? generic_write_checks+0x242/0x290 [ 2884.706238][T21874] generic_file_write_iter+0x75/0x130 [ 2884.711669][T21874] vfs_write+0x69d/0x770 [ 2884.715907][T21874] ksys_write+0xce/0x180 [ 2884.720172][T21874] __x64_sys_write+0x3e/0x50 [ 2884.724767][T21874] do_syscall_64+0x3d/0x90 [ 2884.729186][T21874] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 2884.735137][T21874] RIP: 0033:0x4665e9 [ 2884.739024][T21874] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2884.758795][T21874] RSP: 002b:00007fdb39a02188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 07:39:35 executing program 5: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x0, 0x2, &(0x7f0000000440)=[{0x0, 0x0, 0x100000000}, {&(0x7f0000000400)="b6e4ba5e97a999bfce4e9bf4475031d183cbe1", 0x13, 0x3}], 0x604, &(0x7f0000000000)={[{@fat=@time_offset={'time_offset', 0x3d, 0xfffffffffffffc11}}]}) 07:39:35 executing program 3: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) write$nbd(r0, &(0x7f0000000080), 0x7fffffffffffff18) 07:39:35 executing program 4: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xe7) write$nbd(r0, &(0x7f0000000080), 0x20000090) [ 2884.767202][T21874] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665e9 [ 2884.775183][T21874] RDX: 00000000fffffdef RSI: 0000000020000480 RDI: 0000000000000003 [ 2884.783151][T21874] RBP: 00007fdb39a021d0 R08: 0000000000000000 R09: 0000000000000000 [ 2884.791115][T21874] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2884.799076][T21874] R13: 00007ffca9e2055f R14: 00007fdb39a02300 R15: 0000000000022000 07:39:35 executing program 0: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x208841, 0x0) r1 = syz_io_uring_setup(0x420c, &(0x7f0000000000)={0x0, 0xefc0, 0x0, 0x1, 0x0, 0x0, r0}, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000000c0), &(0x7f0000000100)) mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x1, 0x12, r1, 0x10000000) 07:39:35 executing program 3: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) write$nbd(r0, &(0x7f0000000080), 0x7fffffffffffff18) 07:39:35 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x305000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 07:39:35 executing program 0: r0 = syz_io_uring_setup(0x420c, &(0x7f0000000000)={0x0, 0xefc0, 0x0, 0x1}, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000000c0), &(0x7f0000000100)) mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x1, 0x12, r0, 0x10000000) [ 2884.874055][T21894] loop5: detected capacity change from 0 to 264192 [ 2884.898001][T21894] FAT-fs (loop5): invalid media value (0xe1) [ 2884.904076][T21894] FAT-fs (loop5): Can't find a valid FAT filesystem 07:39:36 executing program 2 (fault-call:1 fault-nth:95): r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xfffffdef) 07:39:36 executing program 3: openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(0xffffffffffffffff, &(0x7f0000000080), 0x7fffffffffffff18) 07:39:36 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 07:39:36 executing program 5: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x0, 0x2, &(0x7f0000000440)=[{0x0, 0x0, 0x100000000}, {&(0x7f0000000400)="b6e4ba5e97a999bfce4e9bf4475031d183cbe1", 0x13, 0x3}], 0x700, &(0x7f0000000000)={[{@fat=@time_offset={'time_offset', 0x3d, 0xfffffffffffffc11}}]}) 07:39:36 executing program 0: r0 = syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0xefc0, 0x0, 0x1}, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000000c0), &(0x7f0000000100)) mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x1, 0x12, r0, 0x10000000) 07:39:36 executing program 4: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xe7) write$nbd(r0, &(0x7f0000000080), 0x20000090) [ 2885.139799][T21922] FAULT_INJECTION: forcing a failure. [ 2885.139799][T21922] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 2885.148511][T21926] loop5: detected capacity change from 0 to 264192 [ 2885.153069][T21922] CPU: 1 PID: 21922 Comm: syz-executor.2 Not tainted 5.14.0-rc4-syzkaller #0 [ 2885.168353][T21922] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2885.178425][T21922] Call Trace: [ 2885.181696][T21922] dump_stack_lvl+0xb7/0x103 07:39:36 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x401000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 07:39:36 executing program 3: openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(0xffffffffffffffff, &(0x7f0000000080), 0x7fffffffffffff18) [ 2885.186290][T21922] dump_stack+0x11/0x1a [ 2885.190451][T21922] should_fail+0x23c/0x250 [ 2885.194940][T21922] __alloc_pages+0x102/0x320 [ 2885.199044][T21926] FAT-fs (loop5): invalid media value (0xe1) [ 2885.199626][T21922] alloc_pages_vma+0x513/0x680 [ 2885.205601][T21926] FAT-fs (loop5): Can't find a valid FAT filesystem [ 2885.210327][T21922] shmem_getpage_gfp+0x954/0x13d0 [ 2885.221933][T21922] shmem_write_begin+0x7e/0x100 [ 2885.226867][T21922] generic_perform_write+0x196/0x3c0 [ 2885.232154][T21922] ? shmem_write_begin+0x100/0x100 07:39:36 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 2885.237265][T21922] __generic_file_write_iter+0x161/0x300 [ 2885.242897][T21922] ? generic_write_checks+0x242/0x290 [ 2885.248260][T21922] generic_file_write_iter+0x75/0x130 [ 2885.253660][T21922] vfs_write+0x69d/0x770 [ 2885.258038][T21922] ksys_write+0xce/0x180 [ 2885.262280][T21922] __x64_sys_write+0x3e/0x50 [ 2885.266868][T21922] do_syscall_64+0x3d/0x90 [ 2885.271273][T21922] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 2885.277217][T21922] RIP: 0033:0x4665e9 07:39:36 executing program 3: openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(0xffffffffffffffff, &(0x7f0000000080), 0x7fffffffffffff18) [ 2885.281112][T21922] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2885.300732][T21922] RSP: 002b:00007fdb39a02188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2885.309149][T21922] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665e9 [ 2885.317134][T21922] RDX: 00000000fffffdef RSI: 0000000020000480 RDI: 0000000000000003 [ 2885.325101][T21922] RBP: 00007fdb39a021d0 R08: 0000000000000000 R09: 0000000000000000 07:39:36 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x403000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 07:39:36 executing program 3: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, 0x0, 0x0) [ 2885.333070][T21922] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2885.341039][T21922] R13: 00007ffca9e2055f R14: 00007fdb39a02300 R15: 0000000000022000 [ 2885.384690][T21926] loop5: detected capacity change from 0 to 264192 [ 2885.396608][T21926] FAT-fs (loop5): invalid media value (0xe1) [ 2885.402656][T21926] FAT-fs (loop5): Can't find a valid FAT filesystem 07:39:36 executing program 2 (fault-call:1 fault-nth:96): r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xfffffdef) 07:39:36 executing program 3: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, 0x0, 0x0) 07:39:36 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x404000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 07:39:36 executing program 0: r0 = syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0xefc0, 0x0, 0x1}, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000000c0), &(0x7f0000000100)) mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x1, 0x12, r0, 0x10000000) 07:39:36 executing program 4: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000080), 0x20000090) 07:39:36 executing program 5: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x0, 0x2, &(0x7f0000000440)=[{0x0, 0x0, 0x100000000}, {&(0x7f0000000400)="b6e4ba5e97a999bfce4e9bf4475031d183cbe1", 0x13, 0x3}], 0x900, &(0x7f0000000000)={[{@fat=@time_offset={'time_offset', 0x3d, 0xfffffffffffffc11}}]}) [ 2885.472303][T21964] FAULT_INJECTION: forcing a failure. [ 2885.472303][T21964] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2885.485518][T21964] CPU: 0 PID: 21964 Comm: syz-executor.2 Not tainted 5.14.0-rc4-syzkaller #0 [ 2885.491143][T21969] loop5: detected capacity change from 0 to 264192 [ 2885.494351][T21964] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2885.494364][T21964] Call Trace: [ 2885.494371][T21964] dump_stack_lvl+0xb7/0x103 [ 2885.518734][T21964] dump_stack+0x11/0x1a [ 2885.522921][T21964] should_fail+0x23c/0x250 [ 2885.527337][T21964] should_fail_usercopy+0x16/0x20 [ 2885.532355][T21964] copy_page_from_iter_atomic+0x2c1/0xba0 [ 2885.538072][T21964] ? shmem_write_begin+0x7e/0x100 [ 2885.543096][T21964] generic_perform_write+0x1df/0x3c0 [ 2885.548447][T21964] ? shmem_write_begin+0x100/0x100 [ 2885.553688][T21964] __generic_file_write_iter+0x161/0x300 [ 2885.554312][T21969] FAT-fs (loop5): invalid media value (0xe1) [ 2885.559323][T21964] ? generic_write_checks+0x242/0x290 [ 2885.559347][T21964] generic_file_write_iter+0x75/0x130 [ 2885.565317][T21969] FAT-fs (loop5): Can't find a valid FAT filesystem [ 2885.570660][T21964] vfs_write+0x69d/0x770 [ 2885.570679][T21964] ksys_write+0xce/0x180 [ 2885.591093][T21964] __x64_sys_write+0x3e/0x50 [ 2885.595729][T21964] do_syscall_64+0x3d/0x90 [ 2885.600147][T21964] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 2885.606101][T21964] RIP: 0033:0x4665e9 [ 2885.609983][T21964] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2885.629589][T21964] RSP: 002b:00007fdb39a02188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2885.638000][T21964] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665e9 [ 2885.645971][T21964] RDX: 00000000fffffdef RSI: 0000000020000480 RDI: 0000000000000003 [ 2885.654028][T21964] RBP: 00007fdb39a021d0 R08: 0000000000000000 R09: 0000000000000000 [ 2885.662016][T21964] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 07:39:36 executing program 3: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, 0x0, 0x0) 07:39:36 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x405000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 07:39:36 executing program 4: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000080), 0x20000090) [ 2885.670027][T21964] R13: 00007ffca9e2055f R14: 00007fdb39a02300 R15: 0000000000022000 07:39:36 executing program 3: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x0, 0x2, &(0x7f0000000440)=[{0x0, 0x0, 0x100000000}, {&(0x7f0000000400)="b6e4ba5e97a999bfce4e9bf4475031d183cbe1", 0x13, 0x3}], 0x604, &(0x7f0000000000)={[{@fat=@time_offset={'time_offset', 0x3d, 0xfffffffffffffc11}}]}) 07:39:36 executing program 0: r0 = syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0xefc0, 0x0, 0x1}, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000000c0), &(0x7f0000000100)) mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x1, 0x12, r0, 0x10000000) 07:39:36 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x500000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 2885.700812][T21969] loop5: detected capacity change from 0 to 264192 [ 2885.738477][T21969] FAT-fs (loop5): invalid media value (0xe1) [ 2885.744500][T21969] FAT-fs (loop5): Can't find a valid FAT filesystem 07:39:36 executing program 2 (fault-call:1 fault-nth:97): r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xfffffdef) 07:39:36 executing program 0: r0 = syz_io_uring_setup(0x420c, 0x0, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000000c0), &(0x7f0000000100)) mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x1, 0x12, r0, 0x10000000) 07:39:36 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x501000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 07:39:36 executing program 3: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xe7) write$nbd(r0, &(0x7f0000000080), 0x87fff19) 07:39:36 executing program 5: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x0, 0x2, &(0x7f0000000440)=[{0x0, 0x0, 0x100000000}, {&(0x7f0000000400)="b6e4ba5e97a999bfce4e9bf4475031d183cbe1", 0x13, 0x3}], 0xa00, &(0x7f0000000000)={[{@fat=@time_offset={'time_offset', 0x3d, 0xfffffffffffffc11}}]}) 07:39:36 executing program 4: write$nbd(0xffffffffffffffff, &(0x7f0000000080), 0x20000090) [ 2885.944265][T22006] loop5: detected capacity change from 0 to 264192 [ 2885.966163][T22006] FAT-fs (loop5): invalid media value (0xe1) [ 2885.972191][T22006] FAT-fs (loop5): Can't find a valid FAT filesystem [ 2885.986192][T22016] FAULT_INJECTION: forcing a failure. 07:39:36 executing program 4: write$nbd(0xffffffffffffffff, &(0x7f0000000080), 0x20000090) [ 2885.986192][T22016] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 2885.999448][T22016] CPU: 0 PID: 22016 Comm: syz-executor.2 Not tainted 5.14.0-rc4-syzkaller #0 [ 2886.008299][T22016] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2886.018353][T22016] Call Trace: [ 2886.021624][T22016] dump_stack_lvl+0xb7/0x103 [ 2886.026220][T22016] dump_stack+0x11/0x1a [ 2886.030376][T22016] should_fail+0x23c/0x250 [ 2886.034793][T22016] __alloc_pages+0x102/0x320 [ 2886.039378][T22016] alloc_pages_vma+0x513/0x680 [ 2886.044195][T22016] shmem_getpage_gfp+0x954/0x13d0 [ 2886.049280][T22016] shmem_write_begin+0x7e/0x100 [ 2886.054124][T22016] generic_perform_write+0x196/0x3c0 [ 2886.059425][T22016] ? shmem_write_begin+0x100/0x100 [ 2886.064592][T22016] __generic_file_write_iter+0x161/0x300 [ 2886.070247][T22016] ? generic_write_checks+0x242/0x290 [ 2886.075683][T22016] generic_file_write_iter+0x75/0x130 [ 2886.081087][T22016] vfs_write+0x69d/0x770 [ 2886.085427][T22016] ksys_write+0xce/0x180 [ 2886.089677][T22016] __x64_sys_write+0x3e/0x50 07:39:37 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x502000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 2886.094288][T22016] do_syscall_64+0x3d/0x90 [ 2886.098779][T22016] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 2886.104671][T22016] RIP: 0033:0x4665e9 [ 2886.108565][T22016] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2886.128175][T22016] RSP: 002b:00007fdb39a02188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2886.136650][T22016] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665e9 07:39:37 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x503000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 07:39:37 executing program 0: r0 = syz_io_uring_setup(0x420c, 0x0, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000000c0), &(0x7f0000000100)) mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x1, 0x12, r0, 0x10000000) 07:39:37 executing program 4: write$nbd(0xffffffffffffffff, &(0x7f0000000080), 0x20000090) [ 2886.144611][T22016] RDX: 00000000fffffdef RSI: 0000000020000480 RDI: 0000000000000003 [ 2886.152666][T22016] RBP: 00007fdb39a021d0 R08: 0000000000000000 R09: 0000000000000000 [ 2886.160638][T22016] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2886.168665][T22016] R13: 00007ffca9e2055f R14: 00007fdb39a02300 R15: 0000000000022000 07:39:37 executing program 2 (fault-call:1 fault-nth:98): r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xfffffdef) [ 2886.214983][T22006] loop5: detected capacity change from 0 to 264192 [ 2886.253439][T22006] FAT-fs (loop5): invalid media value (0xe1) 07:39:37 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x504000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 07:39:37 executing program 0: r0 = syz_io_uring_setup(0x420c, 0x0, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000000c0), &(0x7f0000000100)) mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x1, 0x12, r0, 0x10000000) [ 2886.259477][T22006] FAT-fs (loop5): Can't find a valid FAT filesystem [ 2886.300118][T22038] FAULT_INJECTION: forcing a failure. [ 2886.300118][T22038] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2886.313204][T22038] CPU: 1 PID: 22038 Comm: syz-executor.2 Not tainted 5.14.0-rc4-syzkaller #0 [ 2886.321965][T22038] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2886.332068][T22038] Call Trace: [ 2886.335339][T22038] dump_stack_lvl+0xb7/0x103 [ 2886.340020][T22038] dump_stack+0x11/0x1a [ 2886.344173][T22038] should_fail+0x23c/0x250 [ 2886.348694][T22038] should_fail_usercopy+0x16/0x20 [ 2886.353723][T22038] copy_page_from_iter_atomic+0x2c1/0xba0 [ 2886.359452][T22038] ? shmem_write_begin+0x7e/0x100 [ 2886.364472][T22038] generic_perform_write+0x1df/0x3c0 [ 2886.369767][T22038] ? shmem_write_begin+0x100/0x100 [ 2886.374873][T22038] __generic_file_write_iter+0x161/0x300 [ 2886.380618][T22038] ? generic_write_checks+0x242/0x290 [ 2886.386014][T22038] generic_file_write_iter+0x75/0x130 [ 2886.391398][T22038] vfs_write+0x69d/0x770 [ 2886.395738][T22038] ksys_write+0xce/0x180 07:39:37 executing program 0: r0 = syz_io_uring_setup(0x420c, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1}, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000000c0), &(0x7f0000000100)) mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x1, 0x12, r0, 0x10000000) 07:39:37 executing program 3: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xe7) write$nbd(r0, &(0x7f0000000080), 0x87fff19) [ 2886.399978][T22038] __x64_sys_write+0x3e/0x50 [ 2886.404593][T22038] do_syscall_64+0x3d/0x90 [ 2886.409009][T22038] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 2886.414904][T22038] RIP: 0033:0x4665e9 [ 2886.418792][T22038] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2886.438476][T22038] RSP: 002b:00007fdb39a02188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2886.446949][T22038] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665e9 [ 2886.454919][T22038] RDX: 00000000fffffdef RSI: 0000000020000480 RDI: 0000000000000003 [ 2886.462884][T22038] RBP: 00007fdb39a021d0 R08: 0000000000000000 R09: 0000000000000000 [ 2886.470925][T22038] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2886.478890][T22038] R13: 00007ffca9e2055f R14: 00007fdb39a02300 R15: 0000000000022000 07:39:37 executing program 5: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x0, 0x2, &(0x7f0000000440)=[{0x0, 0x0, 0x100000000}, {&(0x7f0000000400)="b6e4ba5e97a999bfce4e9bf4475031d183cbe1", 0x13, 0x3}], 0xb00, &(0x7f0000000000)={[{@fat=@time_offset={'time_offset', 0x3d, 0xfffffffffffffc11}}]}) 07:39:37 executing program 4: r0 = openat$bsg(0xffffffffffffff9c, 0x0, 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000080), 0x20000090) 07:39:37 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x505000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 07:39:37 executing program 0: r0 = syz_io_uring_setup(0x420c, &(0x7f0000000000), &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000000c0), &(0x7f0000000100)) mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x1, 0x12, r0, 0x10000000) 07:39:37 executing program 4: r0 = openat$bsg(0xffffffffffffff9c, 0x0, 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000080), 0x20000090) 07:39:37 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x600000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 07:39:37 executing program 0: r0 = syz_io_uring_setup(0x420c, &(0x7f0000000000), &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, 0x0, &(0x7f0000000100)) mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x1, 0x12, r0, 0x10000000) [ 2886.590221][T22066] loop5: detected capacity change from 0 to 264192 [ 2886.612179][T22066] FAT-fs (loop5): invalid media value (0xe1) [ 2886.618242][T22066] FAT-fs (loop5): Can't find a valid FAT filesystem 07:39:37 executing program 2 (fault-call:1 fault-nth:99): r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xfffffdef) 07:39:37 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x601000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 07:39:37 executing program 5: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x0, 0x2, &(0x7f0000000440)=[{0x0, 0x0, 0x100000000}, {&(0x7f0000000400)="b6e4ba5e97a999bfce4e9bf4475031d183cbe1", 0x13, 0x3}], 0xc00, &(0x7f0000000000)={[{@fat=@time_offset={'time_offset', 0x3d, 0xfffffffffffffc11}}]}) 07:39:37 executing program 4: r0 = openat$bsg(0xffffffffffffff9c, 0x0, 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000080), 0x20000090) [ 2886.750680][T22084] loop5: detected capacity change from 0 to 264192 [ 2886.795419][T22090] FAULT_INJECTION: forcing a failure. [ 2886.795419][T22090] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 2886.808672][T22090] CPU: 1 PID: 22090 Comm: syz-executor.2 Not tainted 5.14.0-rc4-syzkaller #0 [ 2886.817437][T22090] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2886.827487][T22090] Call Trace: [ 2886.830758][T22090] dump_stack_lvl+0xb7/0x103 [ 2886.835350][T22090] dump_stack+0x11/0x1a [ 2886.839552][T22090] should_fail+0x23c/0x250 07:39:37 executing program 3: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xe7) write$nbd(r0, &(0x7f0000000080), 0x87fff19) 07:39:37 executing program 0: r0 = syz_io_uring_setup(0x420c, &(0x7f0000000000), &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, 0x0, &(0x7f0000000100)) mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x1, 0x12, r0, 0x10000000) 07:39:37 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x602000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 07:39:37 executing program 4: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) write$nbd(r0, &(0x7f0000000080), 0x20000090) [ 2886.843975][T22090] __alloc_pages+0x102/0x320 [ 2886.848577][T22090] alloc_pages_vma+0x513/0x680 [ 2886.853340][T22090] shmem_getpage_gfp+0x954/0x13d0 [ 2886.858363][T22090] shmem_write_begin+0x7e/0x100 [ 2886.863210][T22090] generic_perform_write+0x196/0x3c0 [ 2886.866526][T22084] FAT-fs (loop5): invalid media value (0xe1) [ 2886.868507][T22090] ? shmem_write_begin+0x100/0x100 [ 2886.868526][T22090] __generic_file_write_iter+0x161/0x300 [ 2886.874497][T22084] FAT-fs (loop5): Can't find a valid FAT filesystem [ 2886.879587][T22090] ? generic_write_checks+0x242/0x290 [ 2886.879611][T22090] generic_file_write_iter+0x75/0x130 [ 2886.902484][T22090] vfs_write+0x69d/0x770 [ 2886.906875][T22090] ksys_write+0xce/0x180 [ 2886.911118][T22090] __x64_sys_write+0x3e/0x50 [ 2886.915712][T22090] do_syscall_64+0x3d/0x90 [ 2886.920125][T22090] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 2886.926090][T22090] RIP: 0033:0x4665e9 07:39:37 executing program 0: r0 = syz_io_uring_setup(0x420c, &(0x7f0000000000), &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, 0x0, &(0x7f0000000100)) mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x1, 0x12, r0, 0x10000000) 07:39:37 executing program 4: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) write$nbd(r0, &(0x7f0000000080), 0x20000090) [ 2886.929976][T22090] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2886.949578][T22090] RSP: 002b:00007fdb39a02188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2886.958104][T22090] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665e9 [ 2886.966184][T22090] RDX: 00000000fffffdef RSI: 0000000020000480 RDI: 0000000000000003 [ 2886.974154][T22090] RBP: 00007fdb39a021d0 R08: 0000000000000000 R09: 0000000000000000 [ 2886.982130][T22090] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000003 07:39:37 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x603000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 2886.990129][T22090] R13: 00007ffca9e2055f R14: 00007fdb39a02300 R15: 0000000000022000 07:39:37 executing program 2: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xfffffdef) 07:39:37 executing program 0: r0 = syz_io_uring_setup(0x420c, &(0x7f0000000000), &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000000c0), 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x1, 0x12, r0, 0x10000000) [ 2887.037076][T22084] loop5: detected capacity change from 0 to 264192 07:39:38 executing program 4: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) write$nbd(r0, &(0x7f0000000080), 0x20000090) [ 2887.085903][T22084] FAT-fs (loop5): invalid media value (0xe1) [ 2887.091937][T22084] FAT-fs (loop5): Can't find a valid FAT filesystem 07:39:38 executing program 5: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x0, 0x2, &(0x7f0000000440)=[{0x0, 0x0, 0x100000000}, {&(0x7f0000000400)="b6e4ba5e97a999bfce4e9bf4475031d183cbe1", 0x13, 0x3}], 0xd00, &(0x7f0000000000)={[{@fat=@time_offset={'time_offset', 0x3d, 0xfffffffffffffc11}}]}) 07:39:38 executing program 0: r0 = syz_io_uring_setup(0x420c, &(0x7f0000000000), &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000000c0), 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x1, 0x12, r0, 0x10000000) [ 2887.254503][T22137] loop5: detected capacity change from 0 to 264192 [ 2887.270394][T22137] FAT-fs (loop5): invalid media value (0xe1) [ 2887.276428][T22137] FAT-fs (loop5): Can't find a valid FAT filesystem 07:39:38 executing program 3: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000080), 0x87fff19) 07:39:38 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x604000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 07:39:38 executing program 4: openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(0xffffffffffffffff, &(0x7f0000000080), 0x20000090) 07:39:38 executing program 0: r0 = syz_io_uring_setup(0x420c, &(0x7f0000000000), &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000000c0), 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x1, 0x12, r0, 0x10000000) 07:39:38 executing program 2: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0x7ffff000) 07:39:38 executing program 4: openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(0xffffffffffffffff, &(0x7f0000000080), 0x20000090) 07:39:38 executing program 0: r0 = syz_io_uring_setup(0x420c, &(0x7f0000000000), &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000000c0), &(0x7f0000000100)) mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x10000000) [ 2887.355552][T22137] loop5: detected capacity change from 0 to 264192 [ 2887.392027][T22137] FAT-fs (loop5): invalid media value (0xe1) [ 2887.398070][T22137] FAT-fs (loop5): Can't find a valid FAT filesystem 07:39:38 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x605000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 07:39:38 executing program 4: openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(0xffffffffffffffff, &(0x7f0000000080), 0x20000090) 07:39:38 executing program 5: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x0, 0x2, &(0x7f0000000440)=[{0x0, 0x0, 0x100000000}, {&(0x7f0000000400)="b6e4ba5e97a999bfce4e9bf4475031d183cbe1", 0x13, 0x3}], 0xe00, &(0x7f0000000000)={[{@fat=@time_offset={'time_offset', 0x3d, 0xfffffffffffffc11}}]}) 07:39:38 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x700000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 07:39:38 executing program 0: r0 = syz_io_uring_setup(0x420c, &(0x7f0000000000), &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000000c0), &(0x7f0000000100)) mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x10, r0, 0x10000000) [ 2887.545643][T22172] loop5: detected capacity change from 0 to 264192 [ 2887.590462][T22172] FAT-fs (loop5): invalid media value (0xe1) [ 2887.596509][T22172] FAT-fs (loop5): Can't find a valid FAT filesystem 07:39:38 executing program 3: write$nbd(0xffffffffffffffff, &(0x7f0000000080), 0x87fff19) 07:39:38 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x701000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 07:39:38 executing program 4: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, 0x0, 0x0) 07:39:38 executing program 0: r0 = syz_io_uring_setup(0x420c, &(0x7f0000000000), &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000000c0), &(0x7f0000000100)) mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x10, r0, 0x10000000) 07:39:38 executing program 2: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0x12000026f) 07:39:38 executing program 5: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x0, 0x2, &(0x7f0000000440)=[{0x0, 0x0, 0x100000000}, {&(0x7f0000000400)="b6e4ba5e97a999bfce4e9bf4475031d183cbe1", 0x13, 0x3}], 0xe01, &(0x7f0000000000)={[{@fat=@time_offset={'time_offset', 0x3d, 0xfffffffffffffc11}}]}) [ 2887.687075][T22172] loop5: detected capacity change from 0 to 264192 [ 2887.704535][T22172] FAT-fs (loop5): invalid media value (0xe1) [ 2887.710580][T22172] FAT-fs (loop5): Can't find a valid FAT filesystem 07:39:38 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x702000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 07:39:38 executing program 0: r0 = syz_io_uring_setup(0x420c, &(0x7f0000000000), &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000000c0), &(0x7f0000000100)) mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x10, r0, 0x10000000) 07:39:38 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x703000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 07:39:38 executing program 4: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, 0x0, 0x0) 07:39:38 executing program 3: write$nbd(0xffffffffffffffff, &(0x7f0000000080), 0x87fff19) [ 2887.810508][T22205] loop5: detected capacity change from 0 to 264192 07:39:38 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x704000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 07:39:38 executing program 3: write$nbd(0xffffffffffffffff, &(0x7f0000000080), 0x87fff19) 07:39:38 executing program 0: syz_io_uring_setup(0x420c, &(0x7f0000000000), &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000000c0), &(0x7f0000000100)) mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x12, 0xffffffffffffffff, 0x10000000) [ 2887.890360][T22205] FAT-fs (loop5): invalid media value (0xe1) [ 2887.896385][T22205] FAT-fs (loop5): Can't find a valid FAT filesystem 07:39:38 executing program 4: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, 0x0, 0x0) 07:39:38 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x705000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 2887.978023][T22205] loop5: detected capacity change from 0 to 264192 [ 2887.998294][T22205] FAT-fs (loop5): invalid media value (0xe1) [ 2888.004319][T22205] FAT-fs (loop5): Can't find a valid FAT filesystem 07:39:39 executing program 2: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xffffffffffffffff) 07:39:39 executing program 3: r0 = openat$bsg(0xffffffffffffff9c, 0x0, 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000080), 0x87fff19) 07:39:39 executing program 0: syz_io_uring_setup(0x420c, &(0x7f0000000000), &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000000c0), &(0x7f0000000100)) mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x12, 0xffffffffffffffff, 0x10000000) 07:39:39 executing program 4: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0x7ffff000) 07:39:39 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 07:39:39 executing program 5: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x0, 0x2, &(0x7f0000000440)=[{0x0, 0x0, 0x100000000}, {&(0x7f0000000400)="b6e4ba5e97a999bfce4e9bf4475031d183cbe1", 0x13, 0x3}], 0xf00, &(0x7f0000000000)={[{@fat=@time_offset={'time_offset', 0x3d, 0xfffffffffffffc11}}]}) 07:39:39 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x801000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 07:39:39 executing program 3: r0 = openat$bsg(0xffffffffffffff9c, 0x0, 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000080), 0x87fff19) 07:39:39 executing program 2: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000700), 0x40000, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000100)) r2 = socket$unix(0x1, 0x5, 0x0) recvmsg$unix(r2, &(0x7f0000000b80)={&(0x7f0000000080), 0x6e, 0x0}, 0x2042) ioctl$SECCOMP_IOCTL_NOTIF_ID_VALID(r1, 0x40082102, &(0x7f0000000000)) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xfffffdef) setsockopt$inet6_udp_encap(r0, 0x11, 0x64, &(0x7f0000000040)=0x4, 0x4) 07:39:39 executing program 0: syz_io_uring_setup(0x420c, &(0x7f0000000000), &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000000c0), &(0x7f0000000100)) mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x12, 0xffffffffffffffff, 0x10000000) [ 2888.169136][T22252] loop5: detected capacity change from 0 to 264192 [ 2888.198146][T22252] FAT-fs (loop5): invalid media value (0xe1) [ 2888.204306][T22252] FAT-fs (loop5): Can't find a valid FAT filesystem 07:39:39 executing program 3: r0 = openat$bsg(0xffffffffffffff9c, 0x0, 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000080), 0x87fff19) 07:39:39 executing program 0: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x0, 0x2, &(0x7f0000000440)=[{0x0, 0x0, 0x100000000}, {&(0x7f0000000400)="b6e4ba5e97a999bfce4e9bf4475031d183cbe1", 0x13, 0x3}], 0xd00, &(0x7f0000000000)={[{@fat=@time_offset={'time_offset', 0x3d, 0xfffffffffffffc11}}]}) 07:39:39 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x802000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 2888.283184][T22252] loop5: detected capacity change from 0 to 264192 [ 2888.305136][T22252] FAT-fs (loop5): invalid media value (0xe1) [ 2888.311213][T22252] FAT-fs (loop5): Can't find a valid FAT filesystem 07:39:39 executing program 0 (fault-call:1 fault-nth:0): r0 = syz_io_uring_setup(0x420c, &(0x7f0000000000), &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000000c0), &(0x7f0000000100)) mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x10000000) 07:39:39 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x803000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 2888.433318][T22285] FAULT_INJECTION: forcing a failure. [ 2888.433318][T22285] name failslab, interval 1, probability 0, space 0, times 0 [ 2888.446010][T22285] CPU: 1 PID: 22285 Comm: syz-executor.0 Not tainted 5.14.0-rc4-syzkaller #0 [ 2888.454767][T22285] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2888.464962][T22285] Call Trace: [ 2888.468237][T22285] dump_stack_lvl+0xb7/0x103 [ 2888.473001][T22285] dump_stack+0x11/0x1a [ 2888.477192][T22285] should_fail+0x23c/0x250 [ 2888.481676][T22285] ? vm_area_dup+0x44/0x120 [ 2888.486180][T22285] __should_failslab+0x81/0x90 [ 2888.490946][T22285] should_failslab+0x5/0x20 [ 2888.495509][T22285] kmem_cache_alloc+0x46/0x2e0 [ 2888.500270][T22285] vm_area_dup+0x44/0x120 [ 2888.504638][T22285] ? kcsan_setup_watchpoint+0x8b/0x3e0 [ 2888.510089][T22285] ? get_page_from_freelist+0x54e/0x820 [ 2888.515626][T22285] __split_vma+0x82/0x320 [ 2888.519978][T22285] ? vmacache_find+0x157/0x320 [ 2888.524769][T22285] __do_munmap+0x27c/0x1330 07:39:39 executing program 4 (fault-call:1 fault-nth:0): r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000080), 0x20000090) 07:39:39 executing program 3: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) write$nbd(r0, &(0x7f0000000080), 0x87fff19) 07:39:39 executing program 5: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x0, 0x2, &(0x7f0000000440)=[{0x0, 0x0, 0x100000000}, {&(0x7f0000000400)="b6e4ba5e97a999bfce4e9bf4475031d183cbe1", 0x13, 0x3}], 0x1004, &(0x7f0000000000)={[{@fat=@time_offset={'time_offset', 0x3d, 0xfffffffffffffc11}}]}) 07:39:39 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x804000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 2888.529477][T22285] ? __mod_memcg_lruvec_state+0xa7/0x190 [ 2888.535227][T22285] mmap_region+0x5aa/0x1400 [ 2888.539763][T22285] do_mmap+0x73f/0xc40 [ 2888.543899][T22285] vm_mmap_pgoff+0xf9/0x1d0 [ 2888.548410][T22285] ksys_mmap_pgoff+0x2a8/0x380 [ 2888.553177][T22285] do_syscall_64+0x3d/0x90 [ 2888.557590][T22285] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 2888.563486][T22285] RIP: 0033:0x4665e9 [ 2888.567366][T22285] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2888.587002][T22285] RSP: 002b:00007f7ee2d24188 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 2888.595410][T22285] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665e9 [ 2888.603388][T22285] RDX: 0000000000000000 RSI: 0000000000001000 RDI: 0000000020ffd000 [ 2888.611348][T22285] RBP: 00007f7ee2d241d0 R08: 0000000000000003 R09: 0000000010000000 [ 2888.619310][T22285] R10: 0000000000000012 R11: 0000000000000246 R12: 0000000000000001 [ 2888.627334][T22285] R13: 00007ffca15a228f R14: 00007f7ee2d24300 R15: 0000000000022000 07:39:39 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x805000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 2888.664446][T22300] FAULT_INJECTION: forcing a failure. [ 2888.664446][T22300] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 2888.677698][T22300] CPU: 1 PID: 22300 Comm: syz-executor.4 Not tainted 5.14.0-rc4-syzkaller #0 [ 2888.678960][T22299] loop5: detected capacity change from 0 to 264192 [ 2888.686474][T22300] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2888.686487][T22300] Call Trace: [ 2888.686494][T22300] dump_stack_lvl+0xb7/0x103 07:39:39 executing program 2: socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r1, 0x2405, r1) ioctl$ifreq_SIOCGIFINDEX_team(r1, 0x8933, &(0x7f00000008c0)) socket$netlink(0x10, 0x3, 0x13) recvmsg$unix(r1, &(0x7f0000000340)={&(0x7f0000000000)=@abs, 0x6e, &(0x7f0000000280)=[{&(0x7f0000000080)=""/164, 0xa4}, {&(0x7f0000000140)=""/17, 0x11}, {&(0x7f00000001c0)=""/139, 0x8b}], 0x3, &(0x7f00000002c0)=[@rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x1c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x10}}], 0x48}, 0x40010141) openat$sysfs(0xffffffffffffff9c, &(0x7f00000003c0)='/sys/bus/pci', 0x400000, 0x2b) recvmsg$unix(r2, &(0x7f0000000880)={&(0x7f0000000400)=@abs, 0x6e, &(0x7f00000007c0)=[{&(0x7f0000000480)=""/173, 0xad}, {&(0x7f0000000540)=""/84, 0x54}, {&(0x7f00000005c0)=""/32, 0x20}, {&(0x7f0000000600)=""/125, 0x7d}, {&(0x7f0000000680)=""/242, 0xf2}, {&(0x7f0000000780)=""/24, 0x18}], 0x6, &(0x7f0000000940)=[@rights={{0x24, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @cred={{0x1c}}, @rights={{0x28, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @cred={{0x1c}}, @rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x34, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}], 0x150}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) setsockopt$netlink_NETLINK_DROP_MEMBERSHIP(r3, 0x10e, 0x2, &(0x7f0000000900)=0x1a, 0x4) setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0x7, &(0x7f0000000840)={0x10001, 0x8000, 0x0, 0x5}, 0x10) write$nbd(r1, &(0x7f0000000480)=ANY=[], 0xfffffdef) 07:39:39 executing program 3: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) write$nbd(r0, &(0x7f0000000080), 0x87fff19) [ 2888.710848][T22300] dump_stack+0x11/0x1a [ 2888.714999][T22300] should_fail+0x23c/0x250 [ 2888.719503][T22300] __alloc_pages+0x102/0x320 [ 2888.724174][T22300] alloc_pages_vma+0x513/0x680 [ 2888.728936][T22300] shmem_getpage_gfp+0x954/0x13d0 [ 2888.733968][T22300] shmem_write_begin+0x7e/0x100 [ 2888.738806][T22300] generic_perform_write+0x196/0x3c0 [ 2888.744108][T22300] __generic_file_write_iter+0x161/0x300 [ 2888.749741][T22300] ? generic_write_checks+0x242/0x290 [ 2888.755109][T22300] generic_file_write_iter+0x75/0x130 [ 2888.760484][T22300] vfs_write+0x69d/0x770 [ 2888.764724][T22300] ksys_write+0xce/0x180 [ 2888.768964][T22300] __x64_sys_write+0x3e/0x50 [ 2888.773555][T22300] do_syscall_64+0x3d/0x90 [ 2888.777993][T22300] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 2888.783973][T22300] RIP: 0033:0x4665e9 [ 2888.787862][T22300] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 07:39:39 executing program 3: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) write$nbd(r0, &(0x7f0000000080), 0x87fff19) [ 2888.807463][T22300] RSP: 002b:00007fe6dc981188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2888.815868][T22300] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665e9 [ 2888.823837][T22300] RDX: 0000000020000090 RSI: 0000000020000080 RDI: 0000000000000003 [ 2888.831867][T22300] RBP: 00007fe6dc9811d0 R08: 0000000000000000 R09: 0000000000000000 [ 2888.839831][T22300] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 2888.847805][T22300] R13: 00007ffe9e0603cf R14: 00007fe6dc981300 R15: 0000000000022000 07:39:39 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x900000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 07:39:39 executing program 3: openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(0xffffffffffffffff, &(0x7f0000000080), 0x87fff19) 07:39:39 executing program 0 (fault-call:1 fault-nth:1): r0 = syz_io_uring_setup(0x420c, &(0x7f0000000000), &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000000c0), &(0x7f0000000100)) mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x10000000) 07:39:39 executing program 4 (fault-call:1 fault-nth:1): r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000080), 0x20000090) 07:39:39 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x901000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 2888.918301][T22299] loop5: detected capacity change from 0 to 264192 [ 2888.989314][T22329] FAULT_INJECTION: forcing a failure. [ 2888.989314][T22329] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2889.002593][T22329] CPU: 0 PID: 22329 Comm: syz-executor.4 Not tainted 5.14.0-rc4-syzkaller #0 [ 2889.007763][T22330] FAULT_INJECTION: forcing a failure. [ 2889.007763][T22330] name failslab, interval 1, probability 0, space 0, times 0 [ 2889.011369][T22329] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2889.011381][T22329] Call Trace: [ 2889.011389][T22329] dump_stack_lvl+0xb7/0x103 [ 2889.041799][T22329] dump_stack+0x11/0x1a [ 2889.046022][T22329] should_fail+0x23c/0x250 [ 2889.050443][T22329] should_fail_usercopy+0x16/0x20 [ 2889.055454][T22329] copy_page_from_iter_atomic+0x2c1/0xba0 [ 2889.061166][T22329] ? shmem_write_begin+0x7e/0x100 [ 2889.066220][T22329] generic_perform_write+0x1df/0x3c0 [ 2889.071554][T22329] __generic_file_write_iter+0x161/0x300 [ 2889.077172][T22329] ? generic_write_checks+0x242/0x290 [ 2889.082563][T22329] generic_file_write_iter+0x75/0x130 [ 2889.087961][T22329] vfs_write+0x69d/0x770 [ 2889.092190][T22329] ksys_write+0xce/0x180 [ 2889.096453][T22329] __x64_sys_write+0x3e/0x50 [ 2889.101098][T22329] do_syscall_64+0x3d/0x90 [ 2889.105549][T22329] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 2889.111436][T22329] RIP: 0033:0x4665e9 [ 2889.115348][T22329] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2889.135567][T22329] RSP: 002b:00007fe6dc981188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2889.143965][T22329] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665e9 [ 2889.151961][T22329] RDX: 0000000020000090 RSI: 0000000020000080 RDI: 0000000000000003 [ 2889.159997][T22329] RBP: 00007fe6dc9811d0 R08: 0000000000000000 R09: 0000000000000000 [ 2889.168024][T22329] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 2889.175976][T22329] R13: 00007ffe9e0603cf R14: 00007fe6dc981300 R15: 0000000000022000 [ 2889.184025][T22330] CPU: 1 PID: 22330 Comm: syz-executor.0 Not tainted 5.14.0-rc4-syzkaller #0 [ 2889.192790][T22330] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2889.202905][T22330] Call Trace: [ 2889.206177][T22330] dump_stack_lvl+0xb7/0x103 [ 2889.210763][T22330] dump_stack+0x11/0x1a [ 2889.214912][T22330] should_fail+0x23c/0x250 [ 2889.219326][T22330] ? vm_area_dup+0x44/0x120 [ 2889.223815][T22330] __should_failslab+0x81/0x90 [ 2889.228571][T22330] should_failslab+0x5/0x20 [ 2889.233220][T22330] kmem_cache_alloc+0x46/0x2e0 [ 2889.237997][T22330] vm_area_dup+0x44/0x120 [ 2889.242329][T22330] __split_vma+0x82/0x320 [ 2889.246679][T22330] ? vmacache_find+0x2d2/0x320 [ 2889.251442][T22330] __do_munmap+0x2ee/0x1330 [ 2889.255960][T22330] ? kcsan_setup_watchpoint+0x8b/0x3e0 [ 2889.261485][T22330] mmap_region+0x5aa/0x1400 [ 2889.266085][T22330] do_mmap+0x73f/0xc40 [ 2889.270145][T22330] vm_mmap_pgoff+0xf9/0x1d0 [ 2889.274646][T22330] ksys_mmap_pgoff+0x2a8/0x380 [ 2889.279405][T22330] do_syscall_64+0x3d/0x90 [ 2889.283881][T22330] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 2889.289852][T22330] RIP: 0033:0x4665e9 [ 2889.293801][T22330] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2889.313403][T22330] RSP: 002b:00007f7ee2d24188 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 2889.321884][T22330] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665e9 [ 2889.329944][T22330] RDX: 0000000000000000 RSI: 0000000000001000 RDI: 0000000020ffd000 07:39:40 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x902000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 07:39:40 executing program 5: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x0, 0x2, &(0x7f0000000440)=[{0x0, 0x0, 0x100000000}, {&(0x7f0000000400)="b6e4ba5e97a999bfce4e9bf4475031d183cbe1", 0x13, 0x3}], 0x1020, &(0x7f0000000000)={[{@fat=@time_offset={'time_offset', 0x3d, 0xfffffffffffffc11}}]}) 07:39:40 executing program 3: openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(0xffffffffffffffff, &(0x7f0000000080), 0x87fff19) [ 2889.337989][T22330] RBP: 00007f7ee2d241d0 R08: 0000000000000003 R09: 0000000010000000 [ 2889.345951][T22330] R10: 0000000000000012 R11: 0000000000000246 R12: 0000000000000001 [ 2889.353913][T22330] R13: 00007ffca15a228f R14: 00007f7ee2d24300 R15: 0000000000022000 07:39:40 executing program 0 (fault-call:1 fault-nth:2): r0 = syz_io_uring_setup(0x420c, &(0x7f0000000000), &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000000c0), &(0x7f0000000100)) mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x10000000) 07:39:40 executing program 2: openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x4d0501, 0x0) [ 2889.411581][T22344] loop5: detected capacity change from 0 to 264192 07:39:40 executing program 2: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x98f83, 0x0) r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000700), 0x40000, 0x0) recvmsg$unix(r1, &(0x7f0000000b80)={&(0x7f0000000740), 0x6e, 0x0}, 0x0) pidfd_getfd(r1, r0, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xfffffdef) r2 = socket$netlink(0x10, 0x3, 0x2) sendmsg$BATADV_CMD_GET_TRANSTABLE_GLOBAL(r2, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000140)={&(0x7f0000000080)={0x28, 0x0, 0x1, 0x70bd27, 0x25dfdbfd, {}, [@BATADV_ATTR_MULTICAST_FORCEFLOOD_ENABLED={0x5, 0x37, 0x8}, @BATADV_ATTR_ORIG_ADDRESS={0xa, 0x9, @broadcast}]}, 0x28}, 0x1, 0x0, 0x0, 0x24008011}, 0x8000) io_uring_setup(0x4c3f, &(0x7f00000001c0)={0x0, 0x9b9b, 0x2, 0x3, 0x1c0}) ioctl$sock_inet6_udp_SIOCINQ(0xffffffffffffffff, 0x541b, &(0x7f0000000000)) [ 2889.455198][T22348] FAULT_INJECTION: forcing a failure. [ 2889.455198][T22348] name failslab, interval 1, probability 0, space 0, times 0 [ 2889.467839][T22348] CPU: 1 PID: 22348 Comm: syz-executor.0 Not tainted 5.14.0-rc4-syzkaller #0 [ 2889.476701][T22348] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2889.486754][T22348] Call Trace: [ 2889.490091][T22348] dump_stack_lvl+0xb7/0x103 [ 2889.494746][T22348] dump_stack+0x11/0x1a [ 2889.498897][T22348] should_fail+0x23c/0x250 07:39:40 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x903000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 07:39:40 executing program 4 (fault-call:1 fault-nth:2): r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000080), 0x20000090) 07:39:40 executing program 3: openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(0xffffffffffffffff, &(0x7f0000000080), 0x87fff19) [ 2889.503314][T22348] ? vm_area_alloc+0x28/0xa0 [ 2889.507966][T22348] __should_failslab+0x81/0x90 [ 2889.512818][T22348] should_failslab+0x5/0x20 [ 2889.517357][T22348] kmem_cache_alloc+0x46/0x2e0 [ 2889.522127][T22348] vm_area_alloc+0x28/0xa0 [ 2889.526546][T22348] mmap_region+0x741/0x1400 [ 2889.531061][T22348] do_mmap+0x73f/0xc40 [ 2889.535145][T22348] vm_mmap_pgoff+0xf9/0x1d0 [ 2889.539665][T22348] ksys_mmap_pgoff+0x2a8/0x380 [ 2889.544449][T22348] do_syscall_64+0x3d/0x90 [ 2889.548859][T22348] entry_SYSCALL_64_after_hwframe+0x44/0xae 07:39:40 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x904000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 2889.554759][T22348] RIP: 0033:0x4665e9 [ 2889.558650][T22348] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2889.578255][T22348] RSP: 002b:00007f7ee2d24188 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 2889.586666][T22348] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665e9 [ 2889.594647][T22348] RDX: 0000000000000000 RSI: 0000000000001000 RDI: 0000000020ffd000 [ 2889.602649][T22348] RBP: 00007f7ee2d241d0 R08: 0000000000000003 R09: 0000000010000000 [ 2889.610621][T22348] R10: 0000000000000012 R11: 0000000000000246 R12: 0000000000000001 [ 2889.617977][T22374] FAULT_INJECTION: forcing a failure. [ 2889.617977][T22374] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 2889.618587][T22348] R13: 00007ffca15a228f R14: 00007f7ee2d24300 R15: 0000000000022000 [ 2889.639783][T22374] CPU: 0 PID: 22374 Comm: syz-executor.4 Not tainted 5.14.0-rc4-syzkaller #0 [ 2889.648600][T22374] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2889.658658][T22374] Call Trace: [ 2889.661936][T22374] dump_stack_lvl+0xb7/0x103 [ 2889.666588][T22374] dump_stack+0x11/0x1a [ 2889.670747][T22374] should_fail+0x23c/0x250 [ 2889.675190][T22374] __alloc_pages+0x102/0x320 [ 2889.679788][T22374] alloc_pages_vma+0x513/0x680 [ 2889.684614][T22374] shmem_getpage_gfp+0x954/0x13d0 [ 2889.689714][T22374] shmem_write_begin+0x7e/0x100 [ 2889.694558][T22374] generic_perform_write+0x196/0x3c0 [ 2889.699946][T22374] ? shmem_write_begin+0x100/0x100 [ 2889.705055][T22374] __generic_file_write_iter+0x161/0x300 [ 2889.710751][T22374] ? generic_write_checks+0x242/0x290 [ 2889.712001][T22379] FAULT_INJECTION: forcing a failure. [ 2889.712001][T22379] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2889.716159][T22374] generic_file_write_iter+0x75/0x130 [ 2889.734548][T22374] vfs_write+0x69d/0x770 [ 2889.738781][T22374] ksys_write+0xce/0x180 [ 2889.743006][T22374] __x64_sys_write+0x3e/0x50 [ 2889.747593][T22374] do_syscall_64+0x3d/0x90 [ 2889.752057][T22374] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 2889.757950][T22374] RIP: 0033:0x4665e9 [ 2889.761832][T22374] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2889.781518][T22374] RSP: 002b:00007fe6dc981188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2889.789944][T22374] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665e9 [ 2889.797897][T22374] RDX: 0000000020000090 RSI: 0000000020000080 RDI: 0000000000000003 07:39:40 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x905000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 07:39:40 executing program 2: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x54443, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xfffffdef) 07:39:40 executing program 0 (fault-call:1 fault-nth:3): r0 = syz_io_uring_setup(0x420c, &(0x7f0000000000), &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000000c0), &(0x7f0000000100)) mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x10000000) [ 2889.805912][T22374] RBP: 00007fe6dc9811d0 R08: 0000000000000000 R09: 0000000000000000 [ 2889.813863][T22374] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 2889.821816][T22374] R13: 00007ffe9e0603cf R14: 00007fe6dc981300 R15: 0000000000022000 [ 2889.829771][T22379] CPU: 1 PID: 22379 Comm: syz-executor.0 Not tainted 5.14.0-rc4-syzkaller #0 [ 2889.838538][T22379] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2889.848179][T22344] loop5: detected capacity change from 0 to 264192 [ 2889.848596][T22379] Call Trace: [ 2889.848604][T22379] dump_stack_lvl+0xb7/0x103 [ 2889.862903][T22379] dump_stack+0x11/0x1a [ 2889.867055][T22379] should_fail+0x23c/0x250 [ 2889.871548][T22379] should_fail_usercopy+0x16/0x20 [ 2889.876600][T22379] _copy_to_user+0x1c/0x90 [ 2889.881017][T22379] simple_read_from_buffer+0xab/0x120 [ 2889.886385][T22379] proc_fail_nth_read+0xf6/0x140 [ 2889.891413][T22379] ? rw_verify_area+0x136/0x250 [ 2889.896266][T22379] ? proc_fault_inject_write+0x200/0x200 [ 2889.901978][T22379] vfs_read+0x154/0x5d0 [ 2889.906126][T22379] ? up_write+0x25/0xc0 [ 2889.910275][T22379] ? __fget_light+0x21b/0x260 [ 2889.914948][T22379] ? __cond_resched+0x11/0x40 [ 2889.919623][T22379] ksys_read+0xce/0x180 [ 2889.923787][T22379] __x64_sys_read+0x3e/0x50 [ 2889.928301][T22379] do_syscall_64+0x3d/0x90 [ 2889.932721][T22379] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 2889.938681][T22379] RIP: 0033:0x41936c [ 2889.942561][T22379] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 fc ff ff 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 2f fd ff ff 48 [ 2889.962155][T22379] RSP: 002b:00007f7ee2d24170 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 2889.970562][T22379] RAX: ffffffffffffffda RBX: 0000000020ffd000 RCX: 000000000041936c [ 2889.978517][T22379] RDX: 000000000000000f RSI: 00007f7ee2d241e0 RDI: 0000000000000004 [ 2889.986469][T22379] RBP: 00007f7ee2d241d0 R08: 0000000000000000 R09: 0000000010000000 [ 2889.994418][T22379] R10: 0000000000000012 R11: 0000000000000246 R12: 0000000000000001 07:39:40 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa00000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 07:39:40 executing program 3: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, 0x0, 0x0) 07:39:40 executing program 5: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x0, 0x2, &(0x7f0000000440)=[{0x0, 0x0, 0x100000000}, {&(0x7f0000000400)="b6e4ba5e97a999bfce4e9bf4475031d183cbe1", 0x13, 0x3}], 0x1100, &(0x7f0000000000)={[{@fat=@time_offset={'time_offset', 0x3d, 0xfffffffffffffc11}}]}) 07:39:40 executing program 4 (fault-call:1 fault-nth:3): r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000080), 0x20000090) 07:39:40 executing program 0: r0 = syz_io_uring_setup(0x420c, &(0x7f0000000000), &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000000c0), &(0x7f0000000100)) mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x10000000) 07:39:40 executing program 2: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x105800, 0x0) r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000700), 0x40000, 0x0) recvmsg$unix(r1, &(0x7f0000000b80)={&(0x7f0000000740), 0x6e, 0x0}, 0x0) r2 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000700), 0x40000, 0x0) recvmsg$unix(r2, &(0x7f0000000b80)={&(0x7f0000000740), 0x6e, 0x0}, 0x0) recvmsg$unix(r2, &(0x7f0000003b40)={0x0, 0x0, &(0x7f0000003a40)=[{&(0x7f0000001600)=""/229, 0xe5}, {&(0x7f0000001700)=""/4096, 0x1000}, {&(0x7f0000002700)=""/77, 0x4d}, {&(0x7f0000002780)=""/4096, 0x1000}, {&(0x7f0000003780)=""/197, 0xc5}, {&(0x7f0000003880)=""/76, 0x4c}, {&(0x7f0000003900)=""/107, 0x6b}, {&(0x7f0000003980)=""/138, 0x8a}], 0x8, &(0x7f0000003ac0)=[@rights={{0x20, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x1c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @rights={{0x20, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}], 0x80}, 0x40002020) process_madvise(r1, &(0x7f0000001540)=[{&(0x7f0000000000)="002e9d4491abc32febd6a77185a6f8c1c7a3889702da9c50bd7b88a80a058fb9e0545bc14973924f1b10ae1c285e0d68846459f10b7822ec45bf56837e768242d8b33a149ddee265d68c9be04731a7482779eceab458a342111b3914cd6b248d1b85db3ba4fe6ea4d9810a22b0c4b8e2cba61138", 0x74}, {&(0x7f0000000080)="d811700ee0c923db38fd639e36e07c1204c39b3e2b64660159cec14046a87a0133e0c789b05f63e51cd6931101aa32bb144b9644b39d63392f500c599fa277e4fbb205406a4b13ce2347040fb71910d35067ee32a3f5921a3781842070ca5eaaff03c013e6db6e531757f4cfb864decbcd4123a3283395325ded0bb74f0dc73bb8a29968f7b25148a1174d3118390f92ccc98d2b2ccd466ce3ca1c1a32b1d9628630b11edb5658ccd1d478c8b6c403c6bb6985170121ce0d174f7746862f2cd9d085ce93715e62f0c6dbf0e1852363d17f6f36203ae2be718570dea06e5d7720ea7c5b4ac74ee57d16", 0xe9}, {&(0x7f00000001c0)="1877bc4562898bb0c02c476fb2f280efadcc398d46e5f208eb7735987288dac92e5fadfbd66288c366be8bdca1f76a2eec12d6", 0x33}, {&(0x7f0000004b80)="38af8ab86ab63c04f27304a0a90fd06d2db903c8ba896ac2809c5fdfb4bff4f06096623e4846e1530e6da88517d7ed59101e16b2d0c66c2d0b6a96fe1cc6d10a61cbcf2ad43f4cdee751025f07fd3eff50693d168bbbef856387e3a59c579db59780400290e670c46962950b3cf9d332fa5ec63602b3cef0af48efc5d0c5c88f490454d11dacf66bf106e3aa8963d16db64ef5dc8e6a73889f63af4c9a89e5953cd2a8c773d539ae8292df575f61af7d735889d54516a6c71ccfedd37a27cf78b624ac78333371b40d22321920a70cc024cccf6d46a644b9ec7c35f3130d02de1234bbc5bc014f074d4138205e89a957940e314a859d1dd7e2ccd4a781994096b90b42dc41ceb554317fcbcaf53c108ffa19f6bb5fb3deb6f0dd275c44ec21eca642866eec48a4f09dbb415d4d599975fb834726f62a12886447d18f6ff0e95d68f1e73a8d09c4cfcb424b121021896c498d30352c2e0d0e1e2dfa7d613bde058900c8a0fca892829665311561b1a234f94b1da33bc0367c1d09050def38acd87265a9da0526fbd3ff66620098202db6c2ecfae7eb542d7b8b62d14154886692809d296330a5c2675858c78d1868ca083964053df9d0c24565d2a0a692170349e56a0bdb1de62ef3f93408fd6547f05ca4e3f1f3e417fd8ece40d40b7ca6d8bddf0023273a177bbd82a34038bacf7688f613568ad2d450c74ed47165fa2f0f77ea056d933b4b790eb867ef3878010977b7f3ee004dc73e93f5a0dc43eae0b96cdac267db397617c3e90954e4a2a675ad9d666fcede9f3a25df4b877beb933e8b7ee6fb7dbf69b3ed5193a67f8a46537120ceaf73162e012ffeb855214d1380c21bd4469bec6832008122cda48d32a80bbf8cc8832a676a121ff644e6d555a103cb5b8965ea1d1445e9c68f1de4dc91bcf789177aa17153073d95647fc66a2b8f829116ce26383315cd8ec2d93f9388b6fbbeb4b51f1f2b25ee3bfe64e5b61d62887a67962369942ca7fbdddda0654afea7aca00e8fecd6dd3ce8fad8c32ed63961f9b40f9fdb82ef95b2eb5d6f4d138e0cd4dcb192ada01a2031efdbc19f64b35a9edac95f0c82d35a2d2bd0c6a9ac82d074dbb2aae11295dda53a6a5f477ac09b636c2234bf7b4cb527bafdebf6a0dd39aa30ad817e30043f1ffc67f1a58587e2582c2bcf2ea78767176ce60494ead29aaf31801adc4095b9263a2818cbdc0c7d62aaf142cc8333aec9824a5e5da37bdc1190a64eca1f23dea97f1290ae1e4f4e45fbb5cbcf5708ce6053913f6ecb9c8613827f90fca5798cbb56fe0dce3afaaedfc3a58465411f4988a875a050d6741db2c742fd34465242c80c23141d9811b7c35eb05eb1a1c28a20515f1587ea16ada61da3565ae6b235ad08cc154c3ebd645187a6348abfd6439ee893f8f1e499265be0a064cd570e5167f440e6d5e0942c35370c575515f873e8bf08438ca89e1860dbd49a2251e8a5fad4bde8caf392ecdb50f899d8d50bc9e5a3a0b150a41ea48d575039314e4a8d8a3236a3c3b47fdd5cd26ac4fc3bb2a78058b737682d7b9a38e2ffff20f6f65bd87d6615130cd5d807436ccb94eaf8fda95eb32a224294006c63f8b8805f78d38b0d6d2a17ca7e3e43ecc91d668d082c328d22b8065cbcb6bd13da5505f4365356db3e257ef94a83819041e843eaf60c333ae14560405bc85d52dad385953fd79eaaf5892112f149644eb4ab2f35c774106c9956bd28579d7f478917c8c3c0b8cf0626b5b78ab572360b08c06b9fcf79c5caeda9a70935467bcc29178891fd6ba81daffd2381662b3c2a07d897e2259d134033d36f8cdb52e0eb572b827a0434724ca4be60ee30187ff6ff3e2f4ff8e382d8742333c89b3f8deadfe570b611f4c4bd66ce888a0518599cf62cbc21e3fc79e8a284b752c054b90d641865175ce4975c19569b1b88197502420b81f3502387a94410c296dc49b3b9ed4ede29c79e3813bdfaa5e3def76c8e98b834cd159f8e89f864cbf503286ef16e484d6acd28299a7fc73e8d3e15e2e8e308fc8d5b4ebf3ce0d3105194f9b502aa1d28d8a31d475b53ac226dbebe734f94a656b844095ae908532d9dee02d90a9c7eca531371f422fc48750c779d993512586fd191210c604694815411c8f5b59b0566e42c8bd0c3d8bce4a1b7150a20508f59a7db86141ebeffd3989e19f27f273b1fe924eda93754506c80439fb1914908cd44052486d1622ba9779bd636224d5924e185a5ec4fedc061f02cecc6341e6aa546f9b0dc57b657b321b060f8f900c384cb724af0bace77644c7ef68cc664ba2d5d8b44a39f9fa6ff3a33e8f5499c645c6a984bf844920e035583b89aac52c623e9f3ad41d8c50d9fc4876b4ebdc8c9067e5b9fd2c42cbc184bd25ffad8b66b8300114e80e1d2e7f5b92877f7e2e703fef2e934cc2652f4dfe5299b3c22cd3f0821d54d7bfa8676efb66d2a226c071506ce8ccf17c713201dabdc32efa327020cd37f46fe16db02a431c334b1738a184da524e7fc4a86c58ecbd89359369edfef5df15fc6b10839fc3f6a1568e5f4d624997e793109a7e012c4e10368a62b5770e75e3459428d1179c41ec3e63aa812cc8efdd52bad871ab65fead1e23fe3b8f9f45b4a70d9f994ca9737a8b9ef4ba6fba2b2a2cd8b54dad81a4ced8a00d298a5a968868a238e3d043f9e5fe2e3f1e7353192fd91475e00942f52b3dff487cbb3554d1b236c68c5d79e9510a27991c37c35deb86aa8a64d97a4dce00845e984ebea7ad5877448e40ed99f8c6c5ff11b82e0e4a8aa9a376e037dd29e793aed69f64f1670dd1036158abc2fdc552a70ac69cfc00d6138f52b59ceaed9b8ba253be31b6e1a59102bdf1520d34a235deb756dd9fba9e07ede1990e346a51d947c86a5a9f4e424dc1d961622c58d950454c7b8937a38bb1a5e2aa6bafedd64fc8c4a8f68a2d862395dd47e01c7bb0d0425f5aa84585357568b031ef062b7f8f89317e35daf09357242096ec727df877e44499d257f2b0d4895dd3681ac42c90a7fa54ed629c6c08c8b277277333f6cb13cf181ca9612bddf73fabe47de4ff02bebbf2c3b5618cff47308782f0689d52d4eacad39fb396b112dcab6048b5b44c1e3360976e5ba0f2100596e4705d5da08086d4f5d356b8f56ecad308dd02c52d1191f780e2488484a4037a83666c7e7169f4ad38f9a0fb5701e3a6b0d74c988a8f094955d7c01e6264694efe03afc9680842bba3fba40df85cc442ae880ce23d9c86f757e287b8ab365d4d2b95a3e8805977b798eddc10a77d1fd7b3fbe02af63435ce88ee1f53341904de114e5204a6c1292191b38baa0765a7b805a33b65e350731c92aca576a32592f35e124132b8211e0bd0845ac54bb37d0d4475a8115255d34a78e8445dc1681921da0961427bde0a33ecd505ad0686d9dec547a9ce59709add8e0fff0554bf0edbfdc0bc58a993db74d291009836b1364a6f761edac444b9068dfd9bb18b24664fbd974bb3490d5aca0ae16b8e3c08e1d94f0eccfecb20f44b84e500b0cb6cfa74bd466fbe946bc6fe153a021abbe7b1d35f6d9001e17431a6b6dc97415e7aa8d73dd39ccc1424280056f16341442b5286ada1dca75ec2d14f54b4f5a27d216c2216852a557d478766e8ecb90febbd1418c5bb9aa1c132c200fac2ca89c422e296de91c8fee9eda6fa8f6ad883691cacb556f9b54a4571449aa750bc5d3abd5484bea137b8741a7a809b689b2ec6a8972514df39ad4f0856aec16c721c73f5f3a41284d1b7efa11b408700be0a6b3942d3deb9fb40f88a00b8db33130335647e04e0edd219403bd1db12115fd3346f307607df08f4188680d02836d1f3490b4a942dc780e30764fca35b6b60382d93fd28c6d50a7faa142129e2278adcaa19f02185238cb1fdddefb03e489a723dbaa42afc3046d84bf730a1c8f8c9b5b16cfa9e7ecfa645c63d8275075e3ae2e2408aae7e2253ea19b4a4bee54cc4ba0a498a1d59a68eef7c7bd47336e5974e2701d56f9c99fb96d3fea18c0421d659fb32bf07bf7692d74a5bc1db4a509a9aa826974be5cca568c841f5e9b623568c91517960f80581b22c731ddb820f333405e5e3a1c1ea36dba0f463e2482446673f7e15a6fcd8db19c8453c8c6d5a4a817fb81f088223c323bc9672446228c439b4629eea9bd46d36b6dbea83c56ddfb879d88a11083f00234bf85cefd6f295ba987022bd835c44b1057adc641aa12f26511a7363c607d0f235833306e7383065d5241ac6f78c2cb44df394bbf7602779e1fed90efd72f4390a9761cb3500e9928e933b96c162505574c785952bc990f076e7b75a149daa7a9a7f441072a30fc61758804845b9d5ace7748ebf9040cb00b2ec12d92c26a54a1060c76958479662ab218682a60c489ff29afcc6b6063c9241bd160e655f78745b8bf288b7e191e905510dd52f8298b98ce0524cdb1974aab7e3d81712d4bcd0850db2628087b1b0656217fa36fc3fa423385b5ccef12432145396db62878a9c5c8a56275f27e40eb4525eed9a4b12ad116380f1af4aac2d565117f5e4412eb2a7fb7681e481cb1a75de5d48b23ff7744dc688e85872115c533f95479cbcf993b95c19adc08cbd931c54ce95f897bfc0a350c3ca0795429baf1807e980f2dd154e5ebc6fef1a735cee5ff3b9fcdf9c3464ec7273dc84e41df1cf094365ca5668dbf597addbfdbcda0bc18bd521a580a1df9722af8bd2db3d5a0471472d50397fb108ae60d72b2d752ab31da7fca8d89317f020f5b1f2b9c42d5f5c72b2fce48487334cb5cf7fcbfdff3c4b94ce0b953ea1edf109d6e2c48439900f7bf7736ca27e319f3799afd37ee4320121cd91b4295c6970f95827c5d8c23ad1b48432830392c4b46f8ea54b1f74c35b4651f56ec4f82e65a077f9c29c354bae44ba4fa3daff074d471505d73d7ecfb2100b66034b35c5d7089117b5c0f059802f22f91ba868b1a8c11caed950da78e6821067d6b1d8f5d887080b1e3d5b3b5d50b9bbcb7c57159525e2cbdef70e4e0293cdfe2983f128d271ddbed2fd256861041d2281b57c5e9220d58265ebf8fcf2d83cc1dc5966624f7c8e148c9c9faa8b5be3b859a24efb141df47f2541dcf297b625129e19d7cc48b06174db78d34a04777345b4a5d10ea50f63f3b21b1ae0e1e32a89bb56069b95485758e61de50342595c1cd8687f506032e5a696502268863fbdf5fe63bcd6b8dbdcc9d84525dd105426fcf13f8864b0966b071b2d4862ebc49a13c2d930ee8a710a48cd87b0dcd275ae8f9b6a65cb379ccc8ad1b0a5ca69ba40eaa71d8219e2c7ed3310cdc7430930cb5144285099b08f1156e6c4e4b8369858f838678042d82b331843b71b529d3ed0b41e77b230d0fda4615449199b04334c3f1d37aefc19c29faa18f7abdc68dcefe80744709ee935581633e6e4eca0c18f67bab703a8d948cb82a1233bf061409eb5ba24cb87cea2bc135c1959994e44b7fd661a3f0c9e3062c3052dd99cb33b06f8ec95af2a67e7c8796e6c7bb05f52c62fb5a3b0445b836f67bdaeeaa72556dfacfd87eaeaa99717609c4be84b7c2e5ee3baa4663c3a6bf4618bb7f5a31a65c6e0957a46881412e05e10f5955f5cd16cc55dc86aa5d9db4978af07d62105f3c4bb0984cbeaa2a7c056bb7074a55159b8eb355ada21b926c9181fafcc4b091b9841f47e00469e1c67fcaf183123f577626a88edd83408a4c12288a466a8e182f1c9e1808f462b9a5614ccd7f99e66300385239d2d0d5045c10fb7a63e786ffc5111bcb3eafce96dff494ae23d1b1ed42bf143b0f35df11bbe0a19a0ecd14dc12108a6f2aa5788227f86d291d212726949113bf543bd4d9acdfa3f869249c14ccb4965856a60b8122eabb36ce5787ad9c0209d3a0d446982ee7b6e7bfb9084a11222edb97eea5be044906fec12507607275dcb9ff41ead7788940f91747cab59cfddb44f5f74771898c98e2e55964555dc2476fe3b4614e1a3a0013123828e973", 0x109e}, {&(0x7f0000001200)="52161884f1e3deed3375fb767d42d2f2c5a47cc67f50a364f4cf837d69766605bdeb969d9a24bb1c41c4798c9f24786c6c3a4e8991b92a57c71204b273a80746e255d49e97bb013ced9a5191a40ac2ecf618e216625db1d3c5a9534507ba8a19352934180fbd063b69bed8f5218abf663fa2a6737ab940d3bf663976fe6a89609af8a4a2eeb29a358aa9d694f7854fa7d469f387597cbd6f44fa9d6c027216b2ed71fb54dcefb83c9f8c814208d7001001061330a00a674a083c70ebd668143b4ab4a649edd6f784218527ac71196b5a154b9227ae64031d4e551882c64539a014288ca63abdc4fd117426d7ba6c4a3126f19b735d3139c8da", 0xf9}, {&(0x7f0000001300)="4cf9eff8958549a2cd0a2b05d70a832b0e6f8cf51bf043975823f0ba626408072b928558fb60ac6edcedbdf1b07838080cecfcdf09eb6d4ace1f602cd26b9867", 0x40}, {&(0x7f0000001340)="f3907a4a29d0a6fdbbf17856", 0xc}, {&(0x7f0000001380)="7c8236a3f2fd99394b7bfab4281f90257f09f6e4ab3798c69b1f2190b56c3b8266fa53c2bdc1d039cf39fa70d2e2e17d2d0b1fbb8dd135b07ad56c534a84f5d4cc2d5163dcaacf1f0478cf56dc8703864faa997ae7700eef62842a49efc9cffecc52b73229", 0x65}, {&(0x7f0000001400)="caa7e712e1ee3dd8b07fbfac9f84a7aacf25cec0ff55da12135b9e0d5b668f059176de522b841a7a7110c3968cc02d8f745c7344222e4e1b22c04b71c6403ec4ae426021d463236a0497f0d11c1878c9e9401230625cce00", 0x58}, {&(0x7f0000001480)="b018b6344f0428c9879c3daf2db66cfa84d10a16231474cda1bb7f2dd42162dc3ceaf8800478035b3e916825aa0504d36ca413ac1aece0c6b9cf989fea1adec3667fa639cb2061a377771b54925ece994e28e3e177267ff1f52ba662621844ad72ab2b883b2a90efa50d1fe2a28724e6ea5f57e58b5611fe74fd720759e99a456d451e8b5f0842e87106bd2dfd1bae8325017366d05cf21321e881", 0x9b}], 0xa, 0x9, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xfffffdef) [ 2890.002369][T22379] R13: 00007ffca15a228f R14: 00007f7ee2d24300 R15: 0000000000022000 [ 2890.066636][T22400] FAULT_INJECTION: forcing a failure. [ 2890.066636][T22400] name failslab, interval 1, probability 0, space 0, times 0 [ 2890.073225][T22404] loop5: detected capacity change from 0 to 264192 [ 2890.079257][T22400] CPU: 0 PID: 22400 Comm: syz-executor.4 Not tainted 5.14.0-rc4-syzkaller #0 [ 2890.094514][T22400] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2890.104639][T22400] Call Trace: [ 2890.107914][T22400] dump_stack_lvl+0xb7/0x103 [ 2890.112497][T22400] dump_stack+0x11/0x1a [ 2890.116650][T22400] should_fail+0x23c/0x250 [ 2890.121072][T22400] ? xas_create+0x3fb/0xb30 [ 2890.125572][T22400] __should_failslab+0x81/0x90 [ 2890.130405][T22400] should_failslab+0x5/0x20 [ 2890.134903][T22400] kmem_cache_alloc+0x46/0x2e0 [ 2890.139673][T22400] ? should_fail+0x2a/0x250 [ 2890.144172][T22400] xas_create+0x3fb/0xb30 [ 2890.148579][T22400] xas_create_range+0x146/0x360 [ 2890.153603][T22400] shmem_add_to_page_cache+0x3ad/0x650 [ 2890.159059][T22400] shmem_getpage_gfp+0xb8f/0x13d0 07:39:41 executing program 0: r0 = syz_io_uring_setup(0x420c, &(0x7f0000000000), &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000000c0), &(0x7f0000000100)) mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1002, 0x0, 0x12, r0, 0x10000000) 07:39:41 executing program 3: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, 0x0, 0x0) [ 2890.164126][T22400] shmem_write_begin+0x7e/0x100 [ 2890.168977][T22400] generic_perform_write+0x196/0x3c0 [ 2890.174257][T22400] ? shmem_write_begin+0x100/0x100 [ 2890.179367][T22400] __generic_file_write_iter+0x161/0x300 [ 2890.185036][T22400] ? generic_write_checks+0x242/0x290 [ 2890.190516][T22400] generic_file_write_iter+0x75/0x130 [ 2890.195892][T22400] vfs_write+0x69d/0x770 [ 2890.200131][T22400] ksys_write+0xce/0x180 [ 2890.204368][T22400] __x64_sys_write+0x3e/0x50 [ 2890.208953][T22400] do_syscall_64+0x3d/0x90 07:39:41 executing program 0: r0 = syz_io_uring_setup(0x420c, &(0x7f0000000000), &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000000c0), &(0x7f0000000100)) mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1004, 0x0, 0x12, r0, 0x10000000) [ 2890.213449][T22400] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 2890.219341][T22400] RIP: 0033:0x4665e9 [ 2890.223242][T22400] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2890.242921][T22400] RSP: 002b:00007fe6dc981188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2890.251333][T22400] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665e9 [ 2890.259311][T22400] RDX: 0000000020000090 RSI: 0000000020000080 RDI: 0000000000000003 07:39:41 executing program 3: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, 0x0, 0x0) 07:39:41 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa01000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 07:39:41 executing program 2: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xfffffdef) r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000700), 0x40000, 0x0) recvmsg$unix(r1, &(0x7f0000000b80)={&(0x7f0000000740), 0x6e, 0x0}, 0x0) ioctl$TCSETSW2(r1, 0x402c542c, &(0x7f0000000040)={0x6, 0x2, 0x8, 0x3ff, 0x3f, "8ebb299ac97f7ca5c22e3c5332c7d616a294fc", 0x2}) write$cgroup_devices(r1, &(0x7f0000000000)={'b', ' *:* ', 'wm\x00'}, 0x9) [ 2890.267279][T22400] RBP: 00007fe6dc9811d0 R08: 0000000000000000 R09: 0000000000000000 [ 2890.275249][T22400] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 2890.283215][T22400] R13: 00007ffe9e0603cf R14: 00007fe6dc981300 R15: 0000000000022000 07:39:41 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa02000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 07:39:41 executing program 0: r0 = syz_io_uring_setup(0x420c, &(0x7f0000000000), &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000000c0), &(0x7f0000000100)) mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x100a, 0x0, 0x12, r0, 0x10000000) [ 2890.342885][T22404] loop5: detected capacity change from 0 to 264192 07:39:41 executing program 5: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x0, 0x2, &(0x7f0000000440)=[{0x0, 0x0, 0x100000000}, {&(0x7f0000000400)="b6e4ba5e97a999bfce4e9bf4475031d183cbe1", 0x13, 0x3}], 0x1104, &(0x7f0000000000)={[{@fat=@time_offset={'time_offset', 0x3d, 0xfffffffffffffc11}}]}) [ 2890.455713][T22444] loop5: detected capacity change from 0 to 264192 07:39:41 executing program 4 (fault-call:1 fault-nth:4): r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000080), 0x20000090) 07:39:41 executing program 3: socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r1, 0x2405, r1) ioctl$ifreq_SIOCGIFINDEX_team(r1, 0x8933, &(0x7f00000008c0)) socket$netlink(0x10, 0x3, 0x13) recvmsg$unix(r1, &(0x7f0000000340)={&(0x7f0000000000)=@abs, 0x6e, &(0x7f0000000280)=[{&(0x7f0000000080)=""/164, 0xa4}, {&(0x7f0000000140)=""/17, 0x11}, {&(0x7f00000001c0)=""/139, 0x8b}], 0x3, &(0x7f00000002c0)=[@rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x1c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x10}}], 0x48}, 0x40010141) openat$sysfs(0xffffffffffffff9c, &(0x7f00000003c0)='/sys/bus/pci', 0x400000, 0x2b) recvmsg$unix(r2, &(0x7f0000000880)={&(0x7f0000000400)=@abs, 0x6e, &(0x7f00000007c0)=[{&(0x7f0000000480)=""/173, 0xad}, {&(0x7f0000000540)=""/84, 0x54}, {&(0x7f00000005c0)=""/32, 0x20}, {&(0x7f0000000600)=""/125, 0x7d}, {&(0x7f0000000680)=""/242, 0xf2}, {&(0x7f0000000780)=""/24, 0x18}], 0x6, &(0x7f0000000940)=[@rights={{0x24, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @cred={{0x1c}}, @rights={{0x28, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @cred={{0x1c}}, @rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x34, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}], 0x150}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) setsockopt$netlink_NETLINK_DROP_MEMBERSHIP(r3, 0x10e, 0x2, &(0x7f0000000900)=0x1a, 0x4) setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0x7, &(0x7f0000000840)={0x10001, 0x8000, 0x0, 0x5}, 0x10) write$nbd(r1, &(0x7f0000000480)=ANY=[], 0xfffffdef) 07:39:41 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa03000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 07:39:41 executing program 0: r0 = syz_io_uring_setup(0x420c, &(0x7f0000000000), &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000000c0), &(0x7f0000000100)) mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x200000, 0x0, 0x12, r0, 0x10000000) 07:39:41 executing program 5: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x0, 0x2, &(0x7f0000000440)=[{0x0, 0x0, 0x100000000}, {&(0x7f0000000400)="b6e4ba5e97a999bfce4e9bf4475031d183cbe1", 0x13, 0x3}], 0x1200, &(0x7f0000000000)={[{@fat=@time_offset={'time_offset', 0x3d, 0xfffffffffffffc11}}]}) 07:39:41 executing program 2: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000700), 0x40000, 0x0) recvmsg$unix(r0, &(0x7f0000000b80)={&(0x7f0000000740), 0x6e, 0x0}, 0x0) ioctl$SNDRV_SEQ_IOCTL_SUBSCRIBE_PORT(r0, 0x40505330, &(0x7f0000000000)={{0x8, 0xfe}, {0x2, 0x7f}, 0x100, 0x5, 0x8}) r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x6d0501, 0x0) write$nbd(r1, &(0x7f0000000480)=ANY=[], 0xfffffdef) 07:39:41 executing program 0: r0 = syz_io_uring_setup(0x420c, &(0x7f0000000000), &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000000c0), &(0x7f0000000100)) mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1d8b5000, 0x0, 0x12, r0, 0x10000000) [ 2890.618339][T22459] loop5: detected capacity change from 0 to 264192 [ 2890.626744][T22464] FAULT_INJECTION: forcing a failure. [ 2890.626744][T22464] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2890.639863][T22464] CPU: 0 PID: 22464 Comm: syz-executor.4 Not tainted 5.14.0-rc4-syzkaller #0 [ 2890.648621][T22464] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2890.658670][T22464] Call Trace: [ 2890.661965][T22464] dump_stack_lvl+0xb7/0x103 07:39:41 executing program 0: r0 = syz_io_uring_setup(0x420c, &(0x7f0000000000), &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000000c0), &(0x7f0000000100)) mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x20ffd000, 0x0, 0x12, r0, 0x10000000) [ 2890.666551][T22464] dump_stack+0x11/0x1a [ 2890.670697][T22464] should_fail+0x23c/0x250 [ 2890.675200][T22464] should_fail_usercopy+0x16/0x20 [ 2890.680227][T22464] copy_page_from_iter_atomic+0x2c1/0xba0 [ 2890.685983][T22464] ? shmem_write_begin+0x7e/0x100 [ 2890.691053][T22464] generic_perform_write+0x1df/0x3c0 [ 2890.696335][T22464] ? shmem_write_begin+0x100/0x100 [ 2890.701440][T22464] __generic_file_write_iter+0x161/0x300 [ 2890.707095][T22464] ? generic_write_checks+0x242/0x290 [ 2890.712461][T22464] generic_file_write_iter+0x75/0x130 07:39:41 executing program 0: r0 = syz_io_uring_setup(0x420c, &(0x7f0000000000), &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000000c0), &(0x7f0000000100)) mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x7fffdf002000, 0x0, 0x12, r0, 0x10000000) [ 2890.717828][T22464] vfs_write+0x69d/0x770 [ 2890.722065][T22464] ksys_write+0xce/0x180 [ 2890.726332][T22464] __x64_sys_write+0x3e/0x50 [ 2890.730914][T22464] do_syscall_64+0x3d/0x90 [ 2890.735328][T22464] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 2890.741270][T22464] RIP: 0033:0x4665e9 [ 2890.745157][T22464] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2890.764761][T22464] RSP: 002b:00007fe6dc981188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2890.773166][T22464] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665e9 [ 2890.781128][T22464] RDX: 0000000020000090 RSI: 0000000020000080 RDI: 0000000000000003 [ 2890.789139][T22464] RBP: 00007fe6dc9811d0 R08: 0000000000000000 R09: 0000000000000000 [ 2890.797164][T22464] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 2890.805132][T22464] R13: 00007ffe9e0603cf R14: 00007fe6dc981300 R15: 0000000000022000 07:39:41 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa04000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 2890.834294][T22459] loop5: detected capacity change from 0 to 264192 07:39:41 executing program 5: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x0, 0x2, &(0x7f0000000440)=[{0x0, 0x0, 0x100000000}, {&(0x7f0000000400)="b6e4ba5e97a999bfce4e9bf4475031d183cbe1", 0x13, 0x3}], 0x1204, &(0x7f0000000000)={[{@fat=@time_offset={'time_offset', 0x3d, 0xfffffffffffffc11}}]}) 07:39:41 executing program 0: r0 = syz_io_uring_setup(0x420c, &(0x7f0000000000), &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000000c0), &(0x7f0000000100)) mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x7ffffffff000, 0x0, 0x12, r0, 0x10000000) [ 2890.953539][T22493] loop5: detected capacity change from 0 to 264192 07:39:41 executing program 4 (fault-call:1 fault-nth:5): r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000080), 0x20000090) 07:39:41 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa05000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 07:39:41 executing program 2: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000700), 0x40000, 0x0) recvmsg$unix(r0, &(0x7f0000000b80)={&(0x7f0000000740), 0x6e, 0x0}, 0x0) openat$sysfs(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/class/tty', 0x40000, 0xc0) ioctl$sock_ipv6_tunnel_SIOCCHGPRL(r0, 0x89f7, &(0x7f00000005c0)={'ip6_vti0\x00', &(0x7f0000000100)={'ip6tnl0\x00', 0x0, 0x29, 0x10, 0x3, 0x3, 0x56, @local, @local, 0x20, 0x80, 0x7f, 0x62}}) ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_INFO(r0, 0x40bc5311, &(0x7f0000000000)={0x7ff, 0x0, 'client1\x00', 0xffffffff80000004, "d341ef7cfdfd6913", "8bdee9967b7526dc7b23d5d6f5b7681d85661b4918fe6de998876323f6953afb", 0x101, 0x7f}) ioctl$TIOCGISO7816(r0, 0x80285442, &(0x7f0000000600)) r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r1, &(0x7f0000000480)=ANY=[], 0xfffffdef) r2 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) ioctl$KDSKBMODE(r2, 0x4b45, 0x0) ioctl$PIO_FONTX(r2, 0x4b6c, &(0x7f00000000c0)={0x26, 0x2, &(0x7f0000000bc0)="d0720e4f744528c753004367c5177264e6320e922660f4d40da921bd06aa81d9624bc33972a7d698f98db153286653c72342472fc390b5a9edbc42fe497417d30c13ed494fe7c7e3a563135efeffc56914078a8ab9d3e1ebcdf9cd9f47fe9c65aea6cc8c6784494e5041d30b4365e17a7cd12e3d4c45ddd939461a8273a81f6f8c27ab109028f15da8bdf4b902a87db68b27a23237584cbf53e017fa87355459acfe9b183d54a42e0f0f7b8ce81e39bf40d5f2d7a341fa979fe9a4e5eaeaf9c355dbe8680e0b5bc34386cc5aa91ed92aa4942f76a8a5d0414b22875cb327f4e2db91f76d5e64561975da601030a931c016672cf2bf226545727f28acaa3c118d60b4eab19e7acd2c468b97bc69b5a5f308c4bcda4a7730e2ab466bd138f28031904bb6aa58266ecbcd9fff8140f5edd504f47cededaf6a05e89e71d2241020025e605558738e4769dd2a84accac63a8d55b2ef5873a798a0ad7d7089357d9c5e6496ff84945e6d4742bd84eebe522c11dc218d7b41e71bb1f79d0dd2eb66a08027339184a7e542f4b9ab5564bdf97beaa5465afb395ed6e0fb28cc08c3777304524958b3f2214872422fc0cddc3b4a5dd35e67581a7333bfdb6410910878162e2bf9e2fea822b0e002a262650056475ae8d5a62dc55ec560e69f1992d6530b4572b7af0699a28a7959a11c84d3f04440741ea20b306c68ea43b07e19ae04272f799f8669df06dff767a32afced99b90e8ac9c7ba013206ac16dc070de24530c8c8deb9744367fc97fef45f693e218b0795b4424be554bacf66595a6c000088e1cb41c26c8564c41e1a7728502a71002f8dd51f7facd305da9a5aa4896502200bff6402639e9b6feba1f1e436a1a8e18291722925e489327bf1637a8b993f2c8e5da05aff231880153ea9f135393e2ec3c36e6254155d8f2fb1fca99fd9d5cc87fe938fa9e201417c430e87ca0889e0870cdcd41186d30c166c10cf07cb79a1f804a0ebcfdc63c28401ae7053f7e9f3920059362e4486fce9271c25d50e20c6d48193e63755b7bc6e1edb591b3b5409966d14eae65ee561dd5a719ca3b9284af13f3036e060d59b77f9bf3c6638e7c367056b7729aada9d7fe10c8815e7e75d0eea7232d6c65df54932e337b02bbc70d45df855611913a847ba86511391330467998c22a1b03c6e30aac76a8a1532c09e49f734818feba9379e4223d38c3bfe60e47787bdfa7a004c6532170d3e0af529cfbc3e4cdace7e1a320cc21c2921da72ce481c824c5354001af0e5ba8086153083d98d48af8d1d69b3b07b164659418c2418c7d6e25cc76d5a35a8736613632239edeb02517aa2eff9b498bc48a4e8451e0b616870f41a4ed3f1fe8d5af78a7e1a911c2db6f815ba220f805bba976a1ac691ddde14867ab5947d81e3cf890a6c1adc8e1f952c97b797eae41c92ae595c"}) pipe(&(0x7f0000000200)={0xffffffffffffffff}) ioctl$TIOCL_UNBLANKSCREEN(r3, 0x541c, &(0x7f0000000240)) 07:39:41 executing program 5: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x0, 0x2, &(0x7f0000000440)=[{0x0, 0x0, 0x100000000}, {&(0x7f0000000400)="b6e4ba5e97a999bfce4e9bf4475031d183cbe1", 0x13, 0x3}], 0x1304, &(0x7f0000000000)={[{@fat=@time_offset={'time_offset', 0x3d, 0xfffffffffffffc11}}]}) 07:39:41 executing program 0: r0 = syz_io_uring_setup(0x420c, &(0x7f0000000000), &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000000c0), &(0x7f0000000100)) mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0xffffffffffffffff, 0x0, 0x12, r0, 0x10000000) 07:39:41 executing program 3: socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r1, 0x2405, r1) ioctl$ifreq_SIOCGIFINDEX_team(r1, 0x8933, &(0x7f00000008c0)) socket$netlink(0x10, 0x3, 0x13) recvmsg$unix(r1, &(0x7f0000000340)={&(0x7f0000000000)=@abs, 0x6e, &(0x7f0000000280)=[{&(0x7f0000000080)=""/164, 0xa4}, {&(0x7f0000000140)=""/17, 0x11}, {&(0x7f00000001c0)=""/139, 0x8b}], 0x3, &(0x7f00000002c0)=[@rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x1c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x10}}], 0x48}, 0x40010141) openat$sysfs(0xffffffffffffff9c, &(0x7f00000003c0)='/sys/bus/pci', 0x400000, 0x2b) recvmsg$unix(r2, &(0x7f0000000880)={&(0x7f0000000400)=@abs, 0x6e, &(0x7f00000007c0)=[{&(0x7f0000000480)=""/173, 0xad}, {&(0x7f0000000540)=""/84, 0x54}, {&(0x7f00000005c0)=""/32, 0x20}, {&(0x7f0000000600)=""/125, 0x7d}, {&(0x7f0000000680)=""/242, 0xf2}, {&(0x7f0000000780)=""/24, 0x18}], 0x6, &(0x7f0000000940)=[@rights={{0x24, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @cred={{0x1c}}, @rights={{0x28, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @cred={{0x1c}}, @rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x34, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}], 0x150}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) setsockopt$netlink_NETLINK_DROP_MEMBERSHIP(r3, 0x10e, 0x2, &(0x7f0000000900)=0x1a, 0x4) setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0x7, &(0x7f0000000840)={0x10001, 0x8000, 0x0, 0x5}, 0x10) write$nbd(r1, &(0x7f0000000480)=ANY=[], 0xfffffdef) [ 2891.124941][T22510] loop5: detected capacity change from 0 to 264192 [ 2891.134523][T22511] FAULT_INJECTION: forcing a failure. [ 2891.134523][T22511] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 2891.147794][T22511] CPU: 1 PID: 22511 Comm: syz-executor.4 Not tainted 5.14.0-rc4-syzkaller #0 [ 2891.156612][T22511] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2891.166667][T22511] Call Trace: [ 2891.169940][T22511] dump_stack_lvl+0xb7/0x103 [ 2891.174525][T22511] dump_stack+0x11/0x1a [ 2891.178731][T22511] should_fail+0x23c/0x250 [ 2891.183144][T22511] __alloc_pages+0x102/0x320 [ 2891.187730][T22511] alloc_pages_vma+0x513/0x680 [ 2891.192507][T22511] shmem_getpage_gfp+0x954/0x13d0 [ 2891.197601][T22511] shmem_write_begin+0x7e/0x100 [ 2891.202446][T22511] generic_perform_write+0x196/0x3c0 [ 2891.207763][T22511] ? shmem_write_begin+0x100/0x100 [ 2891.212914][T22511] __generic_file_write_iter+0x161/0x300 [ 2891.218595][T22511] ? generic_write_checks+0x242/0x290 [ 2891.223968][T22511] generic_file_write_iter+0x75/0x130 [ 2891.229336][T22511] vfs_write+0x69d/0x770 [ 2891.233658][T22511] ksys_write+0xce/0x180 [ 2891.237974][T22511] __x64_sys_write+0x3e/0x50 [ 2891.242580][T22511] do_syscall_64+0x3d/0x90 [ 2891.246985][T22511] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 2891.252888][T22511] RIP: 0033:0x4665e9 07:39:42 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb00000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 07:39:42 executing program 0: r0 = syz_io_uring_setup(0x420c, &(0x7f0000000000), &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000000c0), &(0x7f0000000100)) mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x2, 0x12, r0, 0x10000000) 07:39:42 executing program 5: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x0, 0x2, &(0x7f0000000440)=[{0x0, 0x0, 0x100000000}, {&(0x7f0000000400)="b6e4ba5e97a999bfce4e9bf4475031d183cbe1", 0x13, 0x3}], 0x1404, &(0x7f0000000000)={[{@fat=@time_offset={'time_offset', 0x3d, 0xfffffffffffffc11}}]}) [ 2891.256842][T22511] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2891.276438][T22511] RSP: 002b:00007fe6dc981188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2891.285101][T22511] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665e9 [ 2891.293104][T22511] RDX: 0000000020000090 RSI: 0000000020000080 RDI: 0000000000000003 [ 2891.301068][T22511] RBP: 00007fe6dc9811d0 R08: 0000000000000000 R09: 0000000000000000 [ 2891.309059][T22511] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 2891.317024][T22511] R13: 00007ffe9e0603cf R14: 00007fe6dc981300 R15: 0000000000022000 07:39:42 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb01000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 07:39:42 executing program 0: r0 = syz_io_uring_setup(0x420c, &(0x7f0000000000), &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000000c0), &(0x7f0000000100)) mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x4, 0x12, r0, 0x10000000) 07:39:42 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb02000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 2891.432063][T22521] loop5: detected capacity change from 0 to 264192 07:39:42 executing program 4 (fault-call:1 fault-nth:6): r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000080), 0x20000090) 07:39:42 executing program 3: socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r1, 0x2405, r1) ioctl$ifreq_SIOCGIFINDEX_team(r1, 0x8933, &(0x7f00000008c0)) socket$netlink(0x10, 0x3, 0x13) recvmsg$unix(r1, &(0x7f0000000340)={&(0x7f0000000000)=@abs, 0x6e, &(0x7f0000000280)=[{&(0x7f0000000080)=""/164, 0xa4}, {&(0x7f0000000140)=""/17, 0x11}, {&(0x7f00000001c0)=""/139, 0x8b}], 0x3, &(0x7f00000002c0)=[@rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x1c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x10}}], 0x48}, 0x40010141) openat$sysfs(0xffffffffffffff9c, &(0x7f00000003c0)='/sys/bus/pci', 0x400000, 0x2b) recvmsg$unix(r2, &(0x7f0000000880)={&(0x7f0000000400)=@abs, 0x6e, &(0x7f00000007c0)=[{&(0x7f0000000480)=""/173, 0xad}, {&(0x7f0000000540)=""/84, 0x54}, {&(0x7f00000005c0)=""/32, 0x20}, {&(0x7f0000000600)=""/125, 0x7d}, {&(0x7f0000000680)=""/242, 0xf2}, {&(0x7f0000000780)=""/24, 0x18}], 0x6, &(0x7f0000000940)=[@rights={{0x24, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @cred={{0x1c}}, @rights={{0x28, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @cred={{0x1c}}, @rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x34, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}], 0x150}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) setsockopt$netlink_NETLINK_DROP_MEMBERSHIP(r3, 0x10e, 0x2, &(0x7f0000000900)=0x1a, 0x4) setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0x7, &(0x7f0000000840)={0x10001, 0x8000, 0x0, 0x5}, 0x10) write$nbd(r1, &(0x7f0000000480)=ANY=[], 0xfffffdef) 07:39:42 executing program 2: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xfffffdef) r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000700), 0x40000, 0x0) r2 = clone3(&(0x7f00000002c0)={0x10002000, &(0x7f0000000040)=0xffffffffffffffff, &(0x7f0000000080)=0x0, &(0x7f00000000c0)=0x0, {0x1}, &(0x7f00000001c0)=""/229, 0xe5, &(0x7f0000000100)=""/40, &(0x7f0000000140)=[0x0], 0x1, {r1}}, 0x58) r6 = syz_genetlink_get_family_id$batadv(&(0x7f0000000800), r0) sendmsg$BATADV_CMD_SET_HARDIF(r0, &(0x7f0000000900)={&(0x7f00000007c0)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f00000008c0)={&(0x7f0000000840)={0x44, r6, 0x10, 0x70bd2c, 0x25dfdbfb, {}, [@BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5}, @BATADV_ATTR_FRAGMENTATION_ENABLED={0x5}, @BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5, 0x2e, 0x1}, @BATADV_ATTR_FRAGMENTATION_ENABLED={0x5}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5}, @BATADV_ATTR_AGGREGATED_OGMS_ENABLED={0x5}]}, 0x44}, 0x1, 0x0, 0x0, 0x4040014}, 0x8804) waitid$P_PIDFD(0x3, r3, &(0x7f0000000340), 0x4, &(0x7f00000003c0)) recvmsg$unix(r1, &(0x7f0000000b80)={&(0x7f0000000740), 0x6e, 0x0}, 0x0) clone3(&(0x7f0000000600)={0x0, &(0x7f0000000480)=0xffffffffffffffff, &(0x7f00000004c0), &(0x7f0000000500), {0x1e}, &(0x7f0000000540)=""/44, 0x2c, &(0x7f0000000580)=""/36, &(0x7f00000005c0)=[r2, r4, r5, r2, r4], 0x5, {r0}}, 0x58) pidfd_send_signal(r7, 0x3f, &(0x7f0000000680)={0x1a, 0x401, 0x5}, 0x0) openat$sysfs(0xffffffffffffff9c, &(0x7f0000000940)='/sys/kernel/uevent_helper', 0x1, 0x11c) setsockopt$inet6_icmp_ICMP_FILTER(r1, 0x1, 0x1, &(0x7f0000000000)={0x401}, 0x4) 07:39:42 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb03000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 07:39:42 executing program 5: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x0, 0x2, &(0x7f0000000440)=[{0x0, 0x0, 0x100000000}, {&(0x7f0000000400)="b6e4ba5e97a999bfce4e9bf4475031d183cbe1", 0x13, 0x3}], 0x1504, &(0x7f0000000000)={[{@fat=@time_offset={'time_offset', 0x3d, 0xfffffffffffffc11}}]}) 07:39:42 executing program 0: r0 = syz_io_uring_setup(0x420c, &(0x7f0000000000), &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000000c0), &(0x7f0000000100)) mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x8, 0x12, r0, 0x10000000) [ 2891.528247][T22536] FAULT_INJECTION: forcing a failure. [ 2891.528247][T22536] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2891.541371][T22536] CPU: 0 PID: 22536 Comm: syz-executor.4 Not tainted 5.14.0-rc4-syzkaller #0 [ 2891.550123][T22536] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2891.560178][T22536] Call Trace: [ 2891.563461][T22536] dump_stack_lvl+0xb7/0x103 [ 2891.568109][T22536] dump_stack+0x11/0x1a [ 2891.572329][T22536] should_fail+0x23c/0x250 [ 2891.576747][T22536] should_fail_usercopy+0x16/0x20 [ 2891.581801][T22536] copy_page_from_iter_atomic+0x2c1/0xba0 [ 2891.587544][T22536] ? shmem_write_begin+0x7e/0x100 [ 2891.592563][T22536] generic_perform_write+0x1df/0x3c0 [ 2891.597854][T22536] ? shmem_write_begin+0x100/0x100 [ 2891.602964][T22536] __generic_file_write_iter+0x161/0x300 [ 2891.608611][T22536] ? generic_write_checks+0x242/0x290 [ 2891.613999][T22536] generic_file_write_iter+0x75/0x130 [ 2891.619368][T22536] vfs_write+0x69d/0x770 [ 2891.623600][T22536] ksys_write+0xce/0x180 [ 2891.627829][T22536] __x64_sys_write+0x3e/0x50 [ 2891.632407][T22536] do_syscall_64+0x3d/0x90 [ 2891.636823][T22536] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 2891.642889][T22536] RIP: 0033:0x4665e9 [ 2891.646776][T22536] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2891.666376][T22536] RSP: 002b:00007fe6dc981188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 07:39:42 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb04000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 2891.674786][T22536] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665e9 [ 2891.682829][T22536] RDX: 0000000020000090 RSI: 0000000020000080 RDI: 0000000000000003 [ 2891.690795][T22536] RBP: 00007fe6dc9811d0 R08: 0000000000000000 R09: 0000000000000000 [ 2891.698755][T22536] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 2891.706719][T22536] R13: 00007ffe9e0603cf R14: 00007fe6dc981300 R15: 0000000000022000 07:39:42 executing program 0: r0 = syz_io_uring_setup(0x420c, &(0x7f0000000000), &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000000c0), &(0x7f0000000100)) mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0xa, 0x12, r0, 0x10000000) [ 2891.726679][T22551] loop5: detected capacity change from 0 to 264192 07:39:42 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb05000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 07:39:42 executing program 0: r0 = syz_io_uring_setup(0x420c, &(0x7f0000000000), &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000000c0), &(0x7f0000000100)) mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x10, 0x12, r0, 0x10000000) [ 2891.822526][T22551] loop5: detected capacity change from 0 to 264192 07:39:42 executing program 5: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x0, 0x2, &(0x7f0000000440)=[{0x0, 0x0, 0x100000000}, {&(0x7f0000000400)="b6e4ba5e97a999bfce4e9bf4475031d183cbe1", 0x13, 0x3}], 0x1604, &(0x7f0000000000)={[{@fat=@time_offset={'time_offset', 0x3d, 0xfffffffffffffc11}}]}) 07:39:42 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc00000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 2891.957065][T22577] loop5: detected capacity change from 0 to 264192 07:39:42 executing program 4 (fault-call:1 fault-nth:7): r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000080), 0x20000090) 07:39:42 executing program 0: r0 = syz_io_uring_setup(0x420c, &(0x7f0000000000), &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000000c0), &(0x7f0000000100)) mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x60, 0x12, r0, 0x10000000) [ 2892.021480][T22577] loop5: detected capacity change from 0 to 264192 [ 2892.065692][T22587] FAULT_INJECTION: forcing a failure. [ 2892.065692][T22587] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 2892.079064][T22587] CPU: 0 PID: 22587 Comm: syz-executor.4 Not tainted 5.14.0-rc4-syzkaller #0 [ 2892.087829][T22587] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2892.097875][T22587] Call Trace: [ 2892.101152][T22587] dump_stack_lvl+0xb7/0x103 [ 2892.105745][T22587] dump_stack+0x11/0x1a [ 2892.109894][T22587] should_fail+0x23c/0x250 [ 2892.114310][T22587] __alloc_pages+0x102/0x320 [ 2892.118942][T22587] alloc_pages_vma+0x513/0x680 [ 2892.123753][T22587] shmem_getpage_gfp+0x954/0x13d0 [ 2892.128775][T22587] shmem_write_begin+0x7e/0x100 [ 2892.133622][T22587] generic_perform_write+0x196/0x3c0 [ 2892.138900][T22587] ? shmem_write_begin+0x100/0x100 [ 2892.144016][T22587] __generic_file_write_iter+0x161/0x300 [ 2892.149703][T22587] ? generic_write_checks+0x242/0x290 [ 2892.155080][T22587] generic_file_write_iter+0x75/0x130 [ 2892.160446][T22587] vfs_write+0x69d/0x770 [ 2892.164699][T22587] ksys_write+0xce/0x180 [ 2892.168929][T22587] __x64_sys_write+0x3e/0x50 [ 2892.173557][T22587] do_syscall_64+0x3d/0x90 [ 2892.177971][T22587] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 2892.183918][T22587] RIP: 0033:0x4665e9 [ 2892.187807][T22587] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2892.207485][T22587] RSP: 002b:00007fe6dc981188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 07:39:43 executing program 2: write$nbd(0xffffffffffffffff, &(0x7f0000000480)=ANY=[], 0xfffffdef) 07:39:43 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc01000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 07:39:43 executing program 3: socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r1, 0x2405, r1) ioctl$ifreq_SIOCGIFINDEX_team(r1, 0x8933, &(0x7f00000008c0)) socket$netlink(0x10, 0x3, 0x13) recvmsg$unix(r1, &(0x7f0000000340)={&(0x7f0000000000)=@abs, 0x6e, &(0x7f0000000280)=[{&(0x7f0000000080)=""/164, 0xa4}, {&(0x7f0000000140)=""/17, 0x11}, {&(0x7f00000001c0)=""/139, 0x8b}], 0x3, &(0x7f00000002c0)=[@rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x1c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x10}}], 0x48}, 0x40010141) openat$sysfs(0xffffffffffffff9c, &(0x7f00000003c0)='/sys/bus/pci', 0x400000, 0x2b) recvmsg$unix(r2, &(0x7f0000000880)={&(0x7f0000000400)=@abs, 0x6e, &(0x7f00000007c0)=[{&(0x7f0000000480)=""/173, 0xad}, {&(0x7f0000000540)=""/84, 0x54}, {&(0x7f00000005c0)=""/32, 0x20}, {&(0x7f0000000600)=""/125, 0x7d}, {&(0x7f0000000680)=""/242, 0xf2}, {&(0x7f0000000780)=""/24, 0x18}], 0x6, &(0x7f0000000940)=[@rights={{0x24, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @cred={{0x1c}}, @rights={{0x28, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @cred={{0x1c}}, @rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x34, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}], 0x150}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) setsockopt$netlink_NETLINK_DROP_MEMBERSHIP(r3, 0x10e, 0x2, &(0x7f0000000900)=0x1a, 0x4) setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0x7, &(0x7f0000000840)={0x10001, 0x8000, 0x0, 0x5}, 0x10) 07:39:43 executing program 5: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x0, 0x2, &(0x7f0000000440)=[{0x0, 0x0, 0x100000000}, {&(0x7f0000000400)="b6e4ba5e97a999bfce4e9bf4475031d183cbe1", 0x13, 0x3}], 0x1704, &(0x7f0000000000)={[{@fat=@time_offset={'time_offset', 0x3d, 0xfffffffffffffc11}}]}) 07:39:43 executing program 0: r0 = syz_io_uring_setup(0x420c, &(0x7f0000000000), &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000000c0), &(0x7f0000000100)) mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0xa00, 0x12, r0, 0x10000000) 07:39:43 executing program 4 (fault-call:1 fault-nth:8): r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000080), 0x20000090) [ 2892.215897][T22587] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665e9 [ 2892.223871][T22587] RDX: 0000000020000090 RSI: 0000000020000080 RDI: 0000000000000003 [ 2892.231835][T22587] RBP: 00007fe6dc9811d0 R08: 0000000000000000 R09: 0000000000000000 [ 2892.239802][T22587] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 2892.247759][T22587] R13: 00007ffe9e0603cf R14: 00007fe6dc981300 R15: 0000000000022000 [ 2892.338454][T22606] FAULT_INJECTION: forcing a failure. [ 2892.338454][T22606] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2892.338580][T22604] loop5: detected capacity change from 0 to 264192 [ 2892.351540][T22606] CPU: 1 PID: 22606 Comm: syz-executor.4 Not tainted 5.14.0-rc4-syzkaller #0 [ 2892.366749][T22606] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2892.376844][T22606] Call Trace: [ 2892.380131][T22606] dump_stack_lvl+0xb7/0x103 [ 2892.384716][T22606] dump_stack+0x11/0x1a 07:39:43 executing program 0: r0 = syz_io_uring_setup(0x420c, &(0x7f0000000000), &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000000c0), &(0x7f0000000100)) mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x4000, 0x12, r0, 0x10000000) 07:39:43 executing program 2: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) r1 = syz_genetlink_get_family_id$batadv(&(0x7f0000000040), 0xffffffffffffffff) ioctl$sock_ipv6_tunnel_SIOCCHGPRL(r0, 0x89f7, &(0x7f0000000080)={'ip6_vti0\x00', &(0x7f00000001c0)={'syztnl0\x00', 0x0, 0x4, 0x6, 0xff, 0x51e, 0x21, @dev={0xfe, 0x80, '\x00', 0x3b}, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0x8, 0x7800, 0xfffffffc, 0x1ff}}) sendmsg$BATADV_CMD_SET_HARDIF(r0, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000140)={0x24, r1, 0x526, 0x70bdad, 0x25dfdbff, {}, [@BATADV_ATTR_ISOLATION_MARK={0x8, 0x2b, 0x1}, @BATADV_ATTR_ORIG_INTERVAL={0x8, 0x39, 0xfff}]}, 0x24}}, 0x20008044) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xfffffdef) r2 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) ioctl$KDSKBMODE(r2, 0x4b45, 0x0) ioctl$PIO_FONTX(r2, 0x4b6c, &(0x7f0000000640)={0x6a, 0x18, &(0x7f0000000240)="95ca4f2856baa5f0f5285f36cfb0418c6823ffc29c39f68bd3825d2b04af7c6ffbbeae7afa695159d868fa5960cde065c25427ad745f9593242a31436de43709b73bc96f1364c8e937c81468b3148a42edbbbdbe0138a78d165ea5d0cedd38d2144fde9c44a2c278e35f4a3b87749d6f0499b60a4753642fb4fbf4e4d7a78ab5941348bc0417c6e357900330318d84a5be9f31187ae9aa23e9d21b9cfdacd03ff5a6721fb08e16fafc45a6c5d25959e5f0a491e67062d1440b48ec22f0cbbd3584bd21c52d6c7e51e40ea84b4fe1fb231558cb8bf2d80de877c4ed2f64293d7aa75f31c920f7b7e211df87a369a8ef557cb7ada4ffb0a99c7cd9abe7b823417d6ea1f96a9e39357b9d220b6ef9524b22faf599e0c7356175fd9296cebff2912e7fbb8c866d297ecc57d50216f3b50477293746055147210395b40a7ffc9c5494d7343629baeb59bb4099d8f9c14d0c3657303ab565e770e6c9f9ee14c895f3fa916b5567e859bba112eb7c0972ba598b03d4e948b7b3ecfbb3ef875a67466c0487bb2b62f6c0a3e0edb1c3c145813c9131f19cc6876e0a31b94fc551f8d11a9efc9b5eb9310cdbe95b928943a4027c5859258948b409437b85a1c71f26b4fd2d47b063b41eeea80626fc22fee84d07bd2c2f2247fe096ea8d2be26710e797b874c6ad1ece955281062e8650754f5a4ddd13c8f68b835f45542fda2dfe63ef6426ed55e257d555ac1283abb550da9a31389b0833ef9263c9004aa2254062fac998e94f5e026485a435f19b6ef406f8206bddbeabf28e310221629132880632aa49f1e0f9917f76b84bb19a48e9c5e3b79541f0ef19773ef0349194e7d5e8f3da200a759906f0ad8650f2930bdc409225b1d912df1a1dee58e24701680b9ee295549b14ee4b1080cc464ae49e82848ac2f58ae689fc28c54c80a1ff531a57c8af3cdfa60b02b4f5841f9ceb878668313085aba5a5ff2d99af24800635820dcd591a838c2ceea768126dbcfdc4f93c42401c7febbab07821d5d011ae0faa672029cd074eb265fc4ecc539d5ef57fe921f39277d824cd5947812e37d8463b424349a83445c3ff6cf30f09be9c375384024e6e600bbce884e99650a145dac21cadf27d1ab75b0ab7778219eadf571360152c2f25a1fe8b93331d2074c491a187eea2a66efa50bb6dfc521019ecc7cd16fb8a65c4cc30e49c194e75e67005cb1dedbaa1a4e89ad2bccee8c25558747cfa9b23797998721c6d17fd5f7a6f8efb05637a117aa179b1b1fab3d6427870a35bd66538c90b6a02bd30ca1796e2d46847cdc83648ed8238b1c479461e218b67fb2b3e22407afc6989b36223be8e2800e5a7ea573af2242b9ae7aadddc50ad5127a68d86591817a81d77235166329439500c9abbdf261b26cab630a0ec5db257be204338d6c3b72946af6a515fe27e82919311c"}) 07:39:43 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc02000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 2892.388858][T22606] should_fail+0x23c/0x250 [ 2892.393353][T22606] should_fail_usercopy+0x16/0x20 [ 2892.398374][T22606] copy_page_from_iter_atomic+0x2c1/0xba0 [ 2892.404091][T22606] ? shmem_write_begin+0x7e/0x100 [ 2892.409134][T22606] generic_perform_write+0x1df/0x3c0 [ 2892.414474][T22606] ? shmem_write_begin+0x100/0x100 [ 2892.419606][T22606] __generic_file_write_iter+0x161/0x300 [ 2892.425230][T22606] ? generic_write_checks+0x242/0x290 [ 2892.430666][T22606] generic_file_write_iter+0x75/0x130 07:39:43 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc03000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 2892.436037][T22606] vfs_write+0x69d/0x770 [ 2892.440267][T22606] ksys_write+0xce/0x180 [ 2892.444583][T22606] __x64_sys_write+0x3e/0x50 [ 2892.449246][T22606] do_syscall_64+0x3d/0x90 [ 2892.453689][T22606] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 2892.459577][T22606] RIP: 0033:0x4665e9 [ 2892.463463][T22606] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 07:39:43 executing program 0: r0 = syz_io_uring_setup(0x420c, &(0x7f0000000000), &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000000c0), &(0x7f0000000100)) mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x6000, 0x12, r0, 0x10000000) [ 2892.483062][T22606] RSP: 002b:00007fe6dc981188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2892.491478][T22606] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665e9 [ 2892.499447][T22606] RDX: 0000000020000090 RSI: 0000000020000080 RDI: 0000000000000003 [ 2892.507497][T22606] RBP: 00007fe6dc9811d0 R08: 0000000000000000 R09: 0000000000000000 [ 2892.515464][T22606] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 2892.523421][T22606] R13: 00007ffe9e0603cf R14: 00007fe6dc981300 R15: 0000000000022000 07:39:43 executing program 3: socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r1, 0x2405, r1) ioctl$ifreq_SIOCGIFINDEX_team(r1, 0x8933, &(0x7f00000008c0)) socket$netlink(0x10, 0x3, 0x13) recvmsg$unix(r1, &(0x7f0000000340)={&(0x7f0000000000)=@abs, 0x6e, &(0x7f0000000280)=[{&(0x7f0000000080)=""/164, 0xa4}, {&(0x7f0000000140)=""/17, 0x11}, {&(0x7f00000001c0)=""/139, 0x8b}], 0x3, &(0x7f00000002c0)=[@rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x1c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x10}}], 0x48}, 0x40010141) openat$sysfs(0xffffffffffffff9c, &(0x7f00000003c0)='/sys/bus/pci', 0x400000, 0x2b) recvmsg$unix(r2, &(0x7f0000000880)={&(0x7f0000000400)=@abs, 0x6e, &(0x7f00000007c0)=[{&(0x7f0000000480)=""/173, 0xad}, {&(0x7f0000000540)=""/84, 0x54}, {&(0x7f00000005c0)=""/32, 0x20}, {&(0x7f0000000600)=""/125, 0x7d}, {&(0x7f0000000680)=""/242, 0xf2}, {&(0x7f0000000780)=""/24, 0x18}], 0x6, &(0x7f0000000940)=[@rights={{0x24, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @cred={{0x1c}}, @rights={{0x28, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @cred={{0x1c}}, @rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x34, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}], 0x150}, 0x0) socket$nl_generic(0x10, 0x3, 0x10) setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0x7, &(0x7f0000000840)={0x10001, 0x8000, 0x0, 0x5}, 0x10) 07:39:43 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc04000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 2892.545548][T22604] loop5: detected capacity change from 0 to 264192 07:39:43 executing program 5: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x0, 0x2, &(0x7f0000000440)=[{0x0, 0x0, 0x100000000}, {&(0x7f0000000400)="b6e4ba5e97a999bfce4e9bf4475031d183cbe1", 0x13, 0x3}], 0x1804, &(0x7f0000000000)={[{@fat=@time_offset={'time_offset', 0x3d, 0xfffffffffffffc11}}]}) 07:39:43 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc05000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 07:39:43 executing program 0: r0 = syz_io_uring_setup(0x420c, &(0x7f0000000000), &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000000c0), &(0x7f0000000100)) mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x80000, 0x12, r0, 0x10000000) 07:39:43 executing program 3: socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r1, 0x2405, r1) ioctl$ifreq_SIOCGIFINDEX_team(r1, 0x8933, &(0x7f00000008c0)) socket$netlink(0x10, 0x3, 0x13) recvmsg$unix(r1, &(0x7f0000000340)={&(0x7f0000000000)=@abs, 0x6e, &(0x7f0000000280)=[{&(0x7f0000000080)=""/164, 0xa4}, {&(0x7f0000000140)=""/17, 0x11}, {&(0x7f00000001c0)=""/139, 0x8b}], 0x3, &(0x7f00000002c0)=[@rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x1c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x10}}], 0x48}, 0x40010141) openat$sysfs(0xffffffffffffff9c, &(0x7f00000003c0)='/sys/bus/pci', 0x400000, 0x2b) recvmsg$unix(r2, &(0x7f0000000880)={&(0x7f0000000400)=@abs, 0x6e, &(0x7f00000007c0)=[{&(0x7f0000000480)=""/173, 0xad}, {&(0x7f0000000540)=""/84, 0x54}, {&(0x7f00000005c0)=""/32, 0x20}, {&(0x7f0000000600)=""/125, 0x7d}, {&(0x7f0000000680)=""/242, 0xf2}, {&(0x7f0000000780)=""/24, 0x18}], 0x6, &(0x7f0000000940)=[@rights={{0x24, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @cred={{0x1c}}, @rights={{0x28, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @cred={{0x1c}}, @rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x34, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}], 0x150}, 0x0) setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0x7, &(0x7f0000000840)={0x10001, 0x8000, 0x0, 0x5}, 0x10) [ 2892.680053][T22647] loop5: detected capacity change from 0 to 264192 07:39:43 executing program 4 (fault-call:1 fault-nth:9): r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000080), 0x20000090) 07:39:43 executing program 2: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xfffffdef) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TEAM_CMD_NOOP(r1, &(0x7f00000031c0)={&(0x7f0000002c40)={0x10, 0x0, 0x0, 0x8800200}, 0xc, &(0x7f0000003180)={&(0x7f0000002e80)={0x14}, 0x14}}, 0x0) ioctl$sock_ipv6_tunnel_SIOCCHGPRL(r0, 0x89f7, &(0x7f0000000100)={'sit0\x00', &(0x7f0000000080)={'ip6tnl0\x00', 0x0, 0x4, 0x0, 0x7, 0x7ff, 0x40, @dev={0xfe, 0x80, '\x00', 0x16}, @remote, 0x7800, 0x20, 0x5, 0x57}}) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000140)={'batadv_slave_0\x00', 0x0}) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000180)={'team0\x00', 0x0}) sendmsg$TEAM_CMD_OPTIONS_SET(r1, &(0x7f0000000500)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f00000004c0)={&(0x7f00000001c0)={0x2e4, 0x0, 0x8, 0x70bd25, 0x25dfdbfe, {}, [{{0x8}, {0x80, 0x2, 0x0, 0x1, [{0x40, 0x1, @name={{0x24}, {0x5}, {0x10, 0x4, 'loadbalance\x00'}}}, {0x3c, 0x1, @name={{0x24}, {0x5}, {0xb, 0x4, 'random\x00'}}}]}}, {{0x8}, {0x16c, 0x2, 0x0, 0x1, [{0x40, 0x1, @queue_id={{{0x24}, {0x5}, {0x8, 0x4, 0x7c}}, {0x8}}}, {0x38, 0x1, @mcast_rejoin_count={{0x24}, {0x5}, {0x8, 0x4, 0x2}}}, {0x3c, 0x1, @user_linkup={{{0x24}, {0x5}, {0x4}}, {0x8}}}, {0x40, 0x1, @priority={{{0x24}, {0x5}, {0x8, 0x4, 0x7}}, {0x8}}}, {0x3c, 0x1, @enabled={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r2}}}, {0x38, 0x1, @mcast_rejoin_count={{0x24}, {0x5}, {0x8, 0x4, 0xfff}}}]}}, {{0x8}, {0x44, 0x2, 0x0, 0x1, [{0x40, 0x1, @priority={{{0x24}, {0x5}, {0x8, 0x4, 0x2}}, {0x8, 0x6, r3}}}]}}, {{0x8, 0x1, r4}, {0x80, 0x2, 0x0, 0x1, [{0x40, 0x1, @lb_hash_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x1ff}}, {0x8}}}, {0x3c, 0x1, @lb_tx_method={{0x24}, {0x5}, {0x9, 0x4, 'hash\x00'}}}]}}]}, 0x2e4}, 0x1, 0x0, 0x0, 0x8000}, 0x8000) 07:39:43 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd01000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 07:39:43 executing program 0: r0 = syz_io_uring_setup(0x420c, &(0x7f0000000000), &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000000c0), &(0x7f0000000100)) mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x100000, 0x12, r0, 0x10000000) 07:39:43 executing program 5: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x0, 0x2, &(0x7f0000000440)=[{0x0, 0x0, 0x100000000}, {&(0x7f0000000400)="b6e4ba5e97a999bfce4e9bf4475031d183cbe1", 0x13, 0x3}], 0x1904, &(0x7f0000000000)={[{@fat=@time_offset={'time_offset', 0x3d, 0xfffffffffffffc11}}]}) 07:39:43 executing program 3: socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r1, 0x2405, r1) ioctl$ifreq_SIOCGIFINDEX_team(r1, 0x8933, &(0x7f00000008c0)) socket$netlink(0x10, 0x3, 0x13) recvmsg$unix(r1, &(0x7f0000000340)={&(0x7f0000000000)=@abs, 0x6e, &(0x7f0000000280)=[{&(0x7f0000000080)=""/164, 0xa4}, {&(0x7f0000000140)=""/17, 0x11}, {&(0x7f00000001c0)=""/139, 0x8b}], 0x3, &(0x7f00000002c0)=[@rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x1c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x10}}], 0x48}, 0x40010141) openat$sysfs(0xffffffffffffff9c, &(0x7f00000003c0)='/sys/bus/pci', 0x400000, 0x2b) setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0x7, &(0x7f0000000840)={0x10001, 0x8000, 0x0, 0x5}, 0x10) [ 2892.878452][T22670] loop5: detected capacity change from 0 to 264192 [ 2892.891158][T22673] FAULT_INJECTION: forcing a failure. [ 2892.891158][T22673] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 2892.904523][T22673] CPU: 1 PID: 22673 Comm: syz-executor.4 Not tainted 5.14.0-rc4-syzkaller #0 [ 2892.913350][T22673] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2892.923393][T22673] Call Trace: [ 2892.926669][T22673] dump_stack_lvl+0xb7/0x103 [ 2892.931337][T22673] dump_stack+0x11/0x1a [ 2892.935486][T22673] should_fail+0x23c/0x250 [ 2892.939936][T22673] __alloc_pages+0x102/0x320 [ 2892.944530][T22673] alloc_pages_vma+0x513/0x680 [ 2892.949369][T22673] shmem_getpage_gfp+0x954/0x13d0 [ 2892.954401][T22673] shmem_write_begin+0x7e/0x100 [ 2892.959272][T22673] generic_perform_write+0x196/0x3c0 [ 2892.964641][T22673] ? shmem_write_begin+0x100/0x100 [ 2892.969829][T22673] __generic_file_write_iter+0x161/0x300 [ 2892.975455][T22673] ? generic_write_checks+0x242/0x290 [ 2892.980830][T22673] generic_file_write_iter+0x75/0x130 [ 2892.986243][T22673] vfs_write+0x69d/0x770 [ 2892.990488][T22673] ksys_write+0xce/0x180 [ 2892.994722][T22673] __x64_sys_write+0x3e/0x50 [ 2892.999309][T22673] do_syscall_64+0x3d/0x90 [ 2893.003752][T22673] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 2893.009811][T22673] RIP: 0033:0x4665e9 [ 2893.013691][T22673] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2893.033295][T22673] RSP: 002b:00007fe6dc981188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2893.041702][T22673] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665e9 [ 2893.049670][T22673] RDX: 0000000020000090 RSI: 0000000020000080 RDI: 0000000000000003 [ 2893.057654][T22673] RBP: 00007fe6dc9811d0 R08: 0000000000000000 R09: 0000000000000000 [ 2893.065620][T22673] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 07:39:43 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd02000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 07:39:43 executing program 3: socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r1, 0x2405, r1) ioctl$ifreq_SIOCGIFINDEX_team(r1, 0x8933, &(0x7f00000008c0)) socket$netlink(0x10, 0x3, 0x13) recvmsg$unix(r1, &(0x7f0000000340)={&(0x7f0000000000)=@abs, 0x6e, &(0x7f0000000280)=[{&(0x7f0000000080)=""/164, 0xa4}, {&(0x7f0000000140)=""/17, 0x11}, {&(0x7f00000001c0)=""/139, 0x8b}], 0x3, &(0x7f00000002c0)=[@rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x1c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x10}}], 0x48}, 0x40010141) setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0x7, &(0x7f0000000840)={0x10001, 0x8000, 0x0, 0x5}, 0x10) 07:39:43 executing program 0: r0 = syz_io_uring_setup(0x420c, &(0x7f0000000000), &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000000c0), &(0x7f0000000100)) mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x400000, 0x12, r0, 0x10000000) 07:39:43 executing program 2: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) r1 = socket(0xb, 0x4, 0x9) r2 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) ioctl$KDSKBMODE(r2, 0x4b45, 0x0) write$nbd(r1, &(0x7f0000000040)=ANY=[@ANYRESHEX=r0, @ANYRES16, @ANYRESOCT, @ANYRES16], 0xfffffdef) [ 2893.073619][T22673] R13: 00007ffe9e0603cf R14: 00007fe6dc981300 R15: 0000000000022000 07:39:44 executing program 0: r0 = syz_io_uring_setup(0x420c, &(0x7f0000000000), &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000000c0), &(0x7f0000000100)) mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x508b1d, 0x12, r0, 0x10000000) 07:39:44 executing program 3: socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r1, 0x2405, r1) ioctl$ifreq_SIOCGIFINDEX_team(r1, 0x8933, &(0x7f00000008c0)) socket$netlink(0x10, 0x3, 0x13) setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0x7, &(0x7f0000000840)={0x10001, 0x8000, 0x0, 0x5}, 0x10) [ 2893.115791][T22670] loop5: detected capacity change from 0 to 264192 07:39:44 executing program 4 (fault-call:1 fault-nth:10): r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000080), 0x20000090) 07:39:44 executing program 5: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x0, 0x2, &(0x7f0000000440)=[{0x0, 0x0, 0x100000000}, {&(0x7f0000000400)="b6e4ba5e97a999bfce4e9bf4475031d183cbe1", 0x13, 0x3}], 0x1a04, &(0x7f0000000000)={[{@fat=@time_offset={'time_offset', 0x3d, 0xfffffffffffffc11}}]}) 07:39:44 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd03000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 07:39:44 executing program 0: r0 = syz_io_uring_setup(0x420c, &(0x7f0000000000), &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000000c0), &(0x7f0000000100)) mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x600000, 0x12, r0, 0x10000000) 07:39:44 executing program 2: sendmsg$IPSET_CMD_SAVE(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000000), 0xc, &(0x7f00000000c0)={&(0x7f0000000040)={0x50, 0x8, 0x6, 0x201, 0x0, 0x0, {0x2, 0x0, 0x800a}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x50}, 0x1, 0x0, 0x0, 0x4004801}, 0x4) r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x200200, 0x0) r1 = syz_genetlink_get_family_id$batadv(&(0x7f00000001c0), r0) sendmsg$BATADV_CMD_GET_TRANSTABLE_GLOBAL(r0, &(0x7f0000000280)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000200)={0x40, r1, 0x400, 0x70bd2c, 0x25dfdbfd, {}, [@BATADV_ATTR_ORIG_ADDRESS={0xa, 0x9, @multicast}, @BATADV_ATTR_MULTICAST_FORCEFLOOD_ENABLED={0x5, 0x37, 0x1}, @BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5}, @BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5}, @BATADV_ATTR_MESH_IFINDEX={0x8}]}, 0x40}, 0x1, 0x0, 0x0, 0x20000000}, 0x20008881) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xfffffdef) r2 = syz_genetlink_get_family_id$team(&(0x7f0000000300), r0) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000340)={'team0\x00', 0x0}) sendmsg$NLBL_MGMT_C_REMOVE(0xffffffffffffffff, &(0x7f0000000740)={&(0x7f0000000640)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000700)={&(0x7f0000000680)={0x68, 0x0, 0x200, 0x70bd29, 0x25dfdbff, {}, [@NLBL_MGMT_A_CLPDOI={0x8, 0xc, 0x1}, @NLBL_MGMT_A_IPV6MASK={0x14, 0x6, @ipv4={'\x00', '\xff\xff', @local}}, @NLBL_MGMT_A_PROTOCOL={0x8, 0x2, 0x3}, @NLBL_MGMT_A_CV4DOI={0x8, 0x4, 0x3}, @NLBL_MGMT_A_IPV6MASK={0x14, 0x6, @remote}, @NLBL_MGMT_A_DOMAIN={0xb, 0x1, 'batadv\x00'}, @NLBL_MGMT_A_IPV4ADDR={0x8, 0x7, @broadcast}]}, 0x68}, 0x1, 0x0, 0x0, 0x40082}, 0x88c0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000380)={'batadv_slave_1\x00', 0x0}) r5 = openat$vcsa(0xffffffffffffff9c, &(0x7f0000000780), 0x181240, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f00000003c0)={'batadv_slave_0\x00', 0x0}) r7 = syz_genetlink_get_family_id$batadv(&(0x7f0000000800), r5) sendmsg$BATADV_CMD_GET_NEIGHBORS(r0, &(0x7f0000000900)={&(0x7f00000007c0)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f00000008c0)={&(0x7f0000000840)={0x4c, r7, 0x10, 0x70bd2c, 0x25dfdbff, {}, [@BATADV_ATTR_ELP_INTERVAL={0x8, 0x3a, 0xff}, @BATADV_ATTR_NETWORK_CODING_ENABLED={0x5, 0x38, 0x1}, @BATADV_ATTR_MULTICAST_FANOUT={0x8}, @BATADV_ATTR_MULTICAST_FORCEFLOOD_ENABLED={0x5}, @BATADV_ATTR_GW_SEL_CLASS={0x8, 0x34, 0x5d}, @BATADV_ATTR_AGGREGATED_OGMS_ENABLED={0x5, 0x29, 0x1}, @BATADV_ATTR_ELP_INTERVAL={0x8, 0x3a, 0x2}]}, 0x4c}}, 0x2000884) sendmsg$TEAM_CMD_OPTIONS_SET(r0, &(0x7f0000000600)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f00000005c0)={&(0x7f0000000400)={0x1b0, r2, 0x100, 0x70bd28, 0x25dfdbfd, {}, [{{0x8}, {0x8c, 0x2, 0x0, 0x1, [{0x3c, 0x1, @user_linkup={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r3}}}, {0x4c, 0x1, @lb_tx_method={{0x24}, {0x5}, {0x19, 0x4, 'hash_to_port_mapping\x00'}}}]}}, {{0x8}, {0x4}}, {{0x8}, {0xf4, 0x2, 0x0, 0x1, [{0x40, 0x1, @lb_port_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x8}}, {0x8, 0x6, r4}}}, {0x38, 0x1, @mcast_rejoin_interval={{0x24}, {0x5}, {0x8, 0x4, 0x5}}}, {0x40, 0x1, @lb_port_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x6}}, {0x8, 0x6, r6}}}, {0x38, 0x1, @mcast_rejoin_interval={{0x24}, {0x5}, {0x8, 0x4, 0x3}}}]}}]}, 0x1b0}, 0x1, 0x0, 0x0, 0x1}, 0x4c004) 07:39:44 executing program 3: socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r1, 0x2405, r1) ioctl$ifreq_SIOCGIFINDEX_team(r1, 0x8933, &(0x7f00000008c0)) setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0x7, &(0x7f0000000840)={0x10001, 0x8000, 0x0, 0x5}, 0x10) 07:39:44 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd04000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 07:39:44 executing program 3: socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r1, 0x2405, r1) setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0x7, &(0x7f0000000840)={0x10001, 0x8000, 0x0, 0x5}, 0x10) [ 2893.281336][T22723] loop5: detected capacity change from 0 to 264192 [ 2893.293708][T22724] FAULT_INJECTION: forcing a failure. [ 2893.293708][T22724] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2893.306793][T22724] CPU: 1 PID: 22724 Comm: syz-executor.4 Not tainted 5.14.0-rc4-syzkaller #0 [ 2893.315689][T22724] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2893.325739][T22724] Call Trace: 07:39:44 executing program 2: ioctl$TIOCGISO7816(0xffffffffffffffff, 0x80285442, &(0x7f0000000000)) r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xfffffdef) 07:39:44 executing program 0: r0 = syz_io_uring_setup(0x420c, &(0x7f0000000000), &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000000c0), &(0x7f0000000100)) mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x800000, 0x12, r0, 0x10000000) [ 2893.329049][T22724] dump_stack_lvl+0xb7/0x103 [ 2893.333638][T22724] dump_stack+0x11/0x1a [ 2893.337790][T22724] should_fail+0x23c/0x250 [ 2893.342202][T22724] should_fail_usercopy+0x16/0x20 [ 2893.347326][T22724] copy_page_from_iter_atomic+0x2c1/0xba0 [ 2893.353046][T22724] ? shmem_write_begin+0x7e/0x100 [ 2893.358063][T22724] generic_perform_write+0x1df/0x3c0 [ 2893.363416][T22724] ? shmem_write_begin+0x100/0x100 [ 2893.368517][T22724] __generic_file_write_iter+0x161/0x300 [ 2893.374225][T22724] ? generic_write_checks+0x242/0x290 07:39:44 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd05000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 07:39:44 executing program 0: r0 = syz_io_uring_setup(0x420c, &(0x7f0000000000), &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000000c0), &(0x7f0000000100)) mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x80ffff, 0x12, r0, 0x10000000) [ 2893.379591][T22724] generic_file_write_iter+0x75/0x130 [ 2893.384997][T22724] vfs_write+0x69d/0x770 [ 2893.389247][T22724] ksys_write+0xce/0x180 [ 2893.393489][T22724] __x64_sys_write+0x3e/0x50 [ 2893.398097][T22724] do_syscall_64+0x3d/0x90 [ 2893.402511][T22724] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 2893.408466][T22724] RIP: 0033:0x4665e9 [ 2893.412348][T22724] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2893.431971][T22724] RSP: 002b:00007fe6dc981188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2893.440409][T22724] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665e9 [ 2893.448377][T22724] RDX: 0000000020000090 RSI: 0000000020000080 RDI: 0000000000000003 [ 2893.456365][T22724] RBP: 00007fe6dc9811d0 R08: 0000000000000000 R09: 0000000000000000 [ 2893.464408][T22724] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2893.472371][T22724] R13: 00007ffe9e0603cf R14: 00007fe6dc981300 R15: 0000000000022000 [ 2893.531787][T22723] loop5: detected capacity change from 0 to 264192 07:39:44 executing program 4 (fault-call:1 fault-nth:11): r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000080), 0x20000090) 07:39:44 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe00000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 07:39:44 executing program 0: r0 = syz_io_uring_setup(0x420c, &(0x7f0000000000), &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000000c0), &(0x7f0000000100)) mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0xc0ffff, 0x12, r0, 0x10000000) 07:39:44 executing program 3: socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0x7, &(0x7f0000000840)={0x10001, 0x8000, 0x0, 0x5}, 0x10) 07:39:44 executing program 5: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x0, 0x2, &(0x7f0000000440)=[{0x0, 0x0, 0x100000000}, {&(0x7f0000000400)="b6e4ba5e97a999bfce4e9bf4475031d183cbe1", 0x13, 0x3}], 0x1b04, &(0x7f0000000000)={[{@fat=@time_offset={'time_offset', 0x3d, 0xfffffffffffffc11}}]}) 07:39:44 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe01000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 07:39:44 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe02000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 2893.702112][T22761] loop5: detected capacity change from 0 to 264192 [ 2893.715586][T22763] FAULT_INJECTION: forcing a failure. [ 2893.715586][T22763] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 2893.728846][T22763] CPU: 1 PID: 22763 Comm: syz-executor.4 Not tainted 5.14.0-rc4-syzkaller #0 [ 2893.737605][T22763] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2893.747728][T22763] Call Trace: 07:39:44 executing program 3: socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0x7, &(0x7f0000000840)={0x10001, 0x8000, 0x0, 0x5}, 0x10) [ 2893.751005][T22763] dump_stack_lvl+0xb7/0x103 [ 2893.755598][T22763] dump_stack+0x11/0x1a [ 2893.759750][T22763] should_fail+0x23c/0x250 [ 2893.764162][T22763] __alloc_pages+0x102/0x320 [ 2893.768746][T22763] alloc_pages_vma+0x513/0x680 [ 2893.773513][T22763] shmem_getpage_gfp+0x954/0x13d0 [ 2893.778587][T22763] shmem_write_begin+0x7e/0x100 [ 2893.783431][T22763] generic_perform_write+0x196/0x3c0 [ 2893.788786][T22763] ? shmem_write_begin+0x100/0x100 [ 2893.793894][T22763] __generic_file_write_iter+0x161/0x300 07:39:44 executing program 2: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000040), 0x540241, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xfffffdef) [ 2893.799626][T22763] ? generic_write_checks+0x242/0x290 [ 2893.805000][T22763] generic_file_write_iter+0x75/0x130 [ 2893.810379][T22763] vfs_write+0x69d/0x770 [ 2893.814670][T22763] ksys_write+0xce/0x180 [ 2893.818908][T22763] __x64_sys_write+0x3e/0x50 [ 2893.823548][T22763] do_syscall_64+0x3d/0x90 [ 2893.828042][T22763] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 2893.834037][T22763] RIP: 0033:0x4665e9 07:39:44 executing program 0: r0 = syz_io_uring_setup(0x420c, &(0x7f0000000000), &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000000c0), &(0x7f0000000100)) mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0xe0ff20, 0x12, r0, 0x10000000) [ 2893.837923][T22763] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2893.857631][T22763] RSP: 002b:00007fe6dc981188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2893.866046][T22763] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665e9 [ 2893.874007][T22763] RDX: 0000000020000090 RSI: 0000000020000080 RDI: 0000000000000003 [ 2893.882123][T22763] RBP: 00007fe6dc9811d0 R08: 0000000000000000 R09: 0000000000000000 [ 2893.890183][T22763] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2893.898145][T22763] R13: 00007ffe9e0603cf R14: 00007fe6dc981300 R15: 0000000000022000 07:39:44 executing program 2: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000700), 0x40000, 0x0) recvmsg$unix(r0, &(0x7f0000000b80)={&(0x7f0000000740), 0x6e, 0x0}, 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_CLIENT(r0, 0x404c534a, &(0x7f0000000000)={0xfff, 0x3, 0x8}) r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r1, &(0x7f0000000480)=ANY=[], 0xfffffdef) 07:39:44 executing program 3: setsockopt$netlink_NETLINK_TX_RING(0xffffffffffffffff, 0x10e, 0x7, &(0x7f0000000840)={0x10001, 0x8000, 0x0, 0x5}, 0x10) 07:39:44 executing program 4 (fault-call:1 fault-nth:12): r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000080), 0x20000090) 07:39:44 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe03000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 07:39:44 executing program 0: r0 = syz_io_uring_setup(0x420c, &(0x7f0000000000), &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000000c0), &(0x7f0000000100)) mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x1000000, 0x12, r0, 0x10000000) [ 2893.965572][T22761] loop5: detected capacity change from 0 to 264192 07:39:44 executing program 5: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x0, 0x2, &(0x7f0000000440)=[{0x0, 0x0, 0x100000000}, {&(0x7f0000000400)="b6e4ba5e97a999bfce4e9bf4475031d183cbe1", 0x13, 0x3}], 0x2000, &(0x7f0000000000)={[{@fat=@time_offset={'time_offset', 0x3d, 0xfffffffffffffc11}}]}) [ 2894.043412][T22802] FAULT_INJECTION: forcing a failure. [ 2894.043412][T22802] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2894.056504][T22802] CPU: 1 PID: 22802 Comm: syz-executor.4 Not tainted 5.14.0-rc4-syzkaller #0 [ 2894.065260][T22802] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2894.075300][T22802] Call Trace: [ 2894.078573][T22802] dump_stack_lvl+0xb7/0x103 [ 2894.083249][T22802] dump_stack+0x11/0x1a [ 2894.087394][T22802] should_fail+0x23c/0x250 07:39:45 executing program 3: setsockopt$netlink_NETLINK_TX_RING(0xffffffffffffffff, 0x10e, 0x7, &(0x7f0000000840)={0x10001, 0x8000, 0x0, 0x5}, 0x10) [ 2894.091806][T22802] should_fail_usercopy+0x16/0x20 [ 2894.096995][T22802] copy_page_from_iter_atomic+0x2c1/0xba0 [ 2894.102725][T22802] ? shmem_write_begin+0x7e/0x100 [ 2894.107748][T22802] generic_perform_write+0x1df/0x3c0 [ 2894.113033][T22802] ? shmem_write_begin+0x100/0x100 [ 2894.118135][T22802] __generic_file_write_iter+0x161/0x300 [ 2894.123862][T22802] ? generic_write_checks+0x242/0x290 [ 2894.129232][T22802] generic_file_write_iter+0x75/0x130 [ 2894.134605][T22802] vfs_write+0x69d/0x770 [ 2894.138844][T22802] ksys_write+0xce/0x180 [ 2894.143079][T22802] __x64_sys_write+0x3e/0x50 [ 2894.147666][T22802] do_syscall_64+0x3d/0x90 [ 2894.152086][T22802] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 2894.157976][T22802] RIP: 0033:0x4665e9 [ 2894.161866][T22802] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2894.181499][T22802] RSP: 002b:00007fe6dc981188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 07:39:45 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe04000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 2894.189973][T22802] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665e9 [ 2894.197972][T22802] RDX: 0000000020000090 RSI: 0000000020000080 RDI: 0000000000000003 [ 2894.205935][T22802] RBP: 00007fe6dc9811d0 R08: 0000000000000000 R09: 0000000000000000 [ 2894.213890][T22802] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2894.221852][T22802] R13: 00007ffe9e0603cf R14: 00007fe6dc981300 R15: 0000000000022000 07:39:45 executing program 3: setsockopt$netlink_NETLINK_TX_RING(0xffffffffffffffff, 0x10e, 0x7, &(0x7f0000000840)={0x10001, 0x8000, 0x0, 0x5}, 0x10) [ 2894.239584][T22803] loop5: detected capacity change from 0 to 264192 07:39:45 executing program 0: r0 = syz_io_uring_setup(0x420c, &(0x7f0000000000), &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000000c0), &(0x7f0000000100)) mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x2000000, 0x12, r0, 0x10000000) 07:39:45 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe05000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 07:39:45 executing program 3: socketpair$nbd(0x1, 0x1, 0x0, 0x0) setsockopt$netlink_NETLINK_TX_RING(0xffffffffffffffff, 0x10e, 0x7, &(0x7f0000000840)={0x10001, 0x8000, 0x0, 0x5}, 0x10) 07:39:45 executing program 2: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xfffffdef) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TEAM_CMD_NOOP(r1, &(0x7f00000031c0)={&(0x7f0000002c40)={0x10, 0x0, 0x0, 0x8800200}, 0xc, &(0x7f0000003180)={&(0x7f0000002e80)={0x14}, 0x14}}, 0x0) r2 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000700), 0x40000, 0x0) recvmsg$unix(r2, &(0x7f0000000b80)={&(0x7f0000000740), 0x6e, 0x0}, 0x0) ioctl$SNDRV_SEQ_IOCTL_DELETE_PORT(r2, 0x40a85321, &(0x7f00000001c0)={{0x0, 0xb1}, 'port0\x00', 0x0, 0x10000, 0x8, 0x1000, 0x7, 0x8, 0x5, 0x0, 0x1, 0x9}) sendmsg$BATADV_CMD_GET_NEIGHBORS(r1, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x34, 0x0, 0x200, 0x70bd28, 0x25dfdbfd, {}, [@BATADV_ATTR_BONDING_ENABLED={0x5, 0x2d, 0x1}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5}, @BATADV_ATTR_HARD_IFINDEX={0x8}, @BATADV_ATTR_THROUGHPUT_OVERRIDE={0x8, 0x3b, 0xa06}]}, 0x34}, 0x1, 0x0, 0x0, 0x400c048}, 0x20000000) [ 2894.316246][T22803] loop5: detected capacity change from 0 to 264192 07:39:45 executing program 5: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x0, 0x2, &(0x7f0000000440)=[{0x0, 0x0, 0x100000000}, {&(0x7f0000000400)="b6e4ba5e97a999bfce4e9bf4475031d183cbe1", 0x13, 0x3}], 0x2010, &(0x7f0000000000)={[{@fat=@time_offset={'time_offset', 0x3d, 0xfffffffffffffc11}}]}) [ 2894.457779][T22831] loop5: detected capacity change from 0 to 264192 07:39:45 executing program 4 (fault-call:1 fault-nth:13): r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000080), 0x20000090) 07:39:45 executing program 0: r0 = syz_io_uring_setup(0x420c, &(0x7f0000000000), &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000000c0), &(0x7f0000000100)) mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x4000000, 0x12, r0, 0x10000000) 07:39:45 executing program 3: socketpair$nbd(0x1, 0x1, 0x0, 0x0) setsockopt$netlink_NETLINK_TX_RING(0xffffffffffffffff, 0x10e, 0x7, &(0x7f0000000840)={0x10001, 0x8000, 0x0, 0x5}, 0x10) 07:39:45 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf00000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 07:39:45 executing program 5: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x0, 0x2, &(0x7f0000000440)=[{0x0, 0x0, 0x100000000}, {&(0x7f0000000400)="b6e4ba5e97a999bfce4e9bf4475031d183cbe1", 0x13, 0x3}], 0x2200, &(0x7f0000000000)={[{@fat=@time_offset={'time_offset', 0x3d, 0xfffffffffffffc11}}]}) [ 2894.523777][T22831] loop5: detected capacity change from 0 to 264192 [ 2894.588272][T22845] FAULT_INJECTION: forcing a failure. [ 2894.588272][T22845] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 2894.601514][T22845] CPU: 0 PID: 22845 Comm: syz-executor.4 Not tainted 5.14.0-rc4-syzkaller #0 [ 2894.610331][T22845] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2894.620388][T22845] Call Trace: [ 2894.623663][T22845] dump_stack_lvl+0xb7/0x103 [ 2894.628255][T22845] dump_stack+0x11/0x1a [ 2894.632406][T22845] should_fail+0x23c/0x250 [ 2894.636820][T22845] __alloc_pages+0x102/0x320 [ 2894.641406][T22845] alloc_pages_vma+0x513/0x680 [ 2894.646176][T22845] shmem_getpage_gfp+0x954/0x13d0 [ 2894.651212][T22845] shmem_write_begin+0x7e/0x100 [ 2894.656069][T22845] generic_perform_write+0x196/0x3c0 [ 2894.661351][T22845] ? shmem_write_begin+0x100/0x100 [ 2894.661977][T22851] loop5: detected capacity change from 0 to 264192 [ 2894.666465][T22845] __generic_file_write_iter+0x161/0x300 [ 2894.678579][T22845] ? generic_write_checks+0x242/0x290 07:39:45 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf01000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 07:39:45 executing program 2: r0 = openat$vcsa(0xffffffffffffff9c, &(0x7f0000000000), 0x80, 0x0) ioctl$TIOCGISO7816(r0, 0x80285442, &(0x7f0000000040)) r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r1, &(0x7f0000000480)=ANY=[], 0xfffffdef) 07:39:45 executing program 3: socketpair$nbd(0x1, 0x1, 0x0, 0x0) setsockopt$netlink_NETLINK_TX_RING(0xffffffffffffffff, 0x10e, 0x7, &(0x7f0000000840)={0x10001, 0x8000, 0x0, 0x5}, 0x10) [ 2894.683949][T22845] generic_file_write_iter+0x75/0x130 [ 2894.689368][T22845] vfs_write+0x69d/0x770 [ 2894.693602][T22845] ksys_write+0xce/0x180 [ 2894.697852][T22845] __x64_sys_write+0x3e/0x50 [ 2894.702440][T22845] do_syscall_64+0x3d/0x90 [ 2894.706849][T22845] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 2894.712798][T22845] RIP: 0033:0x4665e9 [ 2894.716683][T22845] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 07:39:45 executing program 0: r0 = syz_io_uring_setup(0x420c, &(0x7f0000000000), &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000000c0), &(0x7f0000000100)) mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0xa000000, 0x12, r0, 0x10000000) 07:39:45 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf02000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 07:39:45 executing program 3: socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000380)) setsockopt$netlink_NETLINK_TX_RING(0xffffffffffffffff, 0x10e, 0x7, &(0x7f0000000840)={0x10001, 0x8000, 0x0, 0x5}, 0x10) [ 2894.736280][T22845] RSP: 002b:00007fe6dc981188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2894.744694][T22845] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665e9 [ 2894.752658][T22845] RDX: 0000000020000090 RSI: 0000000020000080 RDI: 0000000000000003 [ 2894.760625][T22845] RBP: 00007fe6dc9811d0 R08: 0000000000000000 R09: 0000000000000000 [ 2894.768600][T22845] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2894.776566][T22845] R13: 00007ffe9e0603cf R14: 00007fe6dc981300 R15: 0000000000022000 07:39:45 executing program 4 (fault-call:1 fault-nth:14): r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000080), 0x20000090) [ 2894.814118][T22851] loop5: detected capacity change from 0 to 264192 07:39:45 executing program 5: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x0, 0x2, &(0x7f0000000440)=[{0x0, 0x0, 0x100000000}, {&(0x7f0000000400)="b6e4ba5e97a999bfce4e9bf4475031d183cbe1", 0x13, 0x3}], 0x2500, &(0x7f0000000000)={[{@fat=@time_offset={'time_offset', 0x3d, 0xfffffffffffffc11}}]}) 07:39:45 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf03000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 07:39:45 executing program 0: r0 = syz_io_uring_setup(0x420c, &(0x7f0000000000), &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000000c0), &(0x7f0000000100)) mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x1d8b5000, 0x12, r0, 0x10000000) [ 2894.901395][T22874] FAULT_INJECTION: forcing a failure. [ 2894.901395][T22874] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2894.914486][T22874] CPU: 1 PID: 22874 Comm: syz-executor.4 Not tainted 5.14.0-rc4-syzkaller #0 [ 2894.923252][T22874] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2894.933305][T22874] Call Trace: [ 2894.936597][T22874] dump_stack_lvl+0xb7/0x103 [ 2894.941174][T22874] dump_stack+0x11/0x1a [ 2894.945321][T22874] should_fail+0x23c/0x250 [ 2894.949742][T22874] should_fail_usercopy+0x16/0x20 [ 2894.954769][T22874] copy_page_from_iter_atomic+0x2c1/0xba0 [ 2894.960508][T22874] ? shmem_write_begin+0x7e/0x100 [ 2894.965561][T22874] generic_perform_write+0x1df/0x3c0 [ 2894.970875][T22874] ? shmem_write_begin+0x100/0x100 [ 2894.975982][T22874] __generic_file_write_iter+0x161/0x300 [ 2894.981611][T22874] ? generic_write_checks+0x242/0x290 [ 2894.987000][T22874] generic_file_write_iter+0x75/0x130 [ 2894.992366][T22874] vfs_write+0x69d/0x770 [ 2894.996598][T22874] ksys_write+0xce/0x180 [ 2895.000830][T22874] __x64_sys_write+0x3e/0x50 [ 2895.005446][T22874] do_syscall_64+0x3d/0x90 [ 2895.009861][T22874] ? irqentry_exit+0xe/0x30 [ 2895.014365][T22874] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 2895.020338][T22874] RIP: 0033:0x4665e9 [ 2895.024224][T22874] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 07:39:45 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf04000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 07:39:45 executing program 3: socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000380)) setsockopt$netlink_NETLINK_TX_RING(0xffffffffffffffff, 0x10e, 0x7, &(0x7f0000000840)={0x10001, 0x8000, 0x0, 0x5}, 0x10) 07:39:45 executing program 0: r0 = syz_io_uring_setup(0x420c, &(0x7f0000000000), &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000000c0), &(0x7f0000000100)) mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x20ffe000, 0x12, r0, 0x10000000) 07:39:45 executing program 2: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) r1 = socket$inet6_udplite(0xa, 0x2, 0x88) r2 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000700), 0x40000, 0x0) recvmsg$unix(r2, &(0x7f0000000b80)={&(0x7f0000000740), 0x6e, 0x0}, 0x0) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r0, 0xc0502100, &(0x7f0000000000)={0x0}) ioctl$SECCOMP_IOCTL_NOTIF_ID_VALID(r2, 0x40082102, &(0x7f0000000080)=r3) recvmsg$unix(r1, &(0x7f0000001400)={0x0, 0x0, 0x0}, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xfffffdef) gettid() [ 2895.043829][T22874] RSP: 002b:00007fe6dc981188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2895.052318][T22874] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665e9 [ 2895.060290][T22874] RDX: 0000000020000090 RSI: 0000000020000080 RDI: 0000000000000003 [ 2895.068544][T22874] RBP: 00007fe6dc9811d0 R08: 0000000000000000 R09: 0000000000000000 [ 2895.076510][T22874] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2895.084472][T22874] R13: 00007ffe9e0603cf R14: 00007fe6dc981300 R15: 0000000000022000 07:39:46 executing program 0: r0 = syz_io_uring_setup(0x420c, &(0x7f0000000000), &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000000c0), &(0x7f0000000100)) mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0xffff8000, 0x12, r0, 0x10000000) 07:39:46 executing program 3: socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000380)) setsockopt$netlink_NETLINK_TX_RING(0xffffffffffffffff, 0x10e, 0x7, &(0x7f0000000840)={0x10001, 0x8000, 0x0, 0x5}, 0x10) [ 2895.109201][T22879] loop5: detected capacity change from 0 to 264192 07:39:46 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf05000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 07:39:46 executing program 5: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x0, 0x2, &(0x7f0000000440)=[{0x0, 0x0, 0x100000000}, {&(0x7f0000000400)="b6e4ba5e97a999bfce4e9bf4475031d183cbe1", 0x13, 0x3}], 0x26d2, &(0x7f0000000000)={[{@fat=@time_offset={'time_offset', 0x3d, 0xfffffffffffffc11}}]}) [ 2895.228257][T22905] loop5: detected capacity change from 0 to 264192 07:39:46 executing program 4 (fault-call:1 fault-nth:15): r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000080), 0x20000090) 07:39:46 executing program 3: socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0x7, 0x0, 0x0) 07:39:46 executing program 0: r0 = syz_io_uring_setup(0x420c, &(0x7f0000000000), &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000000c0), &(0x7f0000000100)) mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0xffffc000, 0x12, r0, 0x10000000) 07:39:46 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 2895.280948][T22905] loop5: detected capacity change from 0 to 264192 07:39:46 executing program 5: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x0, 0x2, &(0x7f0000000440)=[{0x0, 0x0, 0x100000000}, {&(0x7f0000000400)="b6e4ba5e97a999bfce4e9bf4475031d183cbe1", 0x13, 0x3}], 0x27b4, &(0x7f0000000000)={[{@fat=@time_offset={'time_offset', 0x3d, 0xfffffffffffffc11}}]}) 07:39:46 executing program 0: r0 = syz_io_uring_setup(0x420c, &(0x7f0000000000), &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000000c0), &(0x7f0000000100)) mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x19e000fff, 0x12, r0, 0x10000000) 07:39:46 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1001000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 2895.386459][T22924] FAULT_INJECTION: forcing a failure. [ 2895.386459][T22924] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 2895.399763][T22924] CPU: 1 PID: 22924 Comm: syz-executor.4 Not tainted 5.14.0-rc4-syzkaller #0 [ 2895.407838][T22927] loop5: detected capacity change from 0 to 264192 [ 2895.408513][T22924] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2895.425098][T22924] Call Trace: [ 2895.428370][T22924] dump_stack_lvl+0xb7/0x103 [ 2895.433019][T22924] dump_stack+0x11/0x1a [ 2895.437164][T22924] should_fail+0x23c/0x250 [ 2895.441586][T22924] __alloc_pages+0x102/0x320 [ 2895.446189][T22924] alloc_pages_vma+0x513/0x680 [ 2895.450959][T22924] shmem_getpage_gfp+0x954/0x13d0 [ 2895.455980][T22924] shmem_write_begin+0x7e/0x100 [ 2895.460854][T22924] generic_perform_write+0x196/0x3c0 [ 2895.466144][T22924] ? shmem_write_begin+0x100/0x100 [ 2895.471292][T22924] __generic_file_write_iter+0x161/0x300 [ 2895.476922][T22924] ? generic_write_checks+0x242/0x290 [ 2895.482288][T22924] generic_file_write_iter+0x75/0x130 [ 2895.487794][T22924] vfs_write+0x69d/0x770 [ 2895.492028][T22924] ksys_write+0xce/0x180 [ 2895.496320][T22924] __x64_sys_write+0x3e/0x50 [ 2895.500915][T22924] do_syscall_64+0x3d/0x90 [ 2895.505313][T22924] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 2895.511287][T22924] RIP: 0033:0x4665e9 [ 2895.515167][T22924] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2895.534752][T22924] RSP: 002b:00007fe6dc981188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2895.543143][T22924] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665e9 [ 2895.551089][T22924] RDX: 0000000020000090 RSI: 0000000020000080 RDI: 0000000000000003 [ 2895.559042][T22924] RBP: 00007fe6dc9811d0 R08: 0000000000000000 R09: 0000000000000000 [ 2895.566992][T22924] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2895.574949][T22924] R13: 00007ffe9e0603cf R14: 00007fe6dc981300 R15: 0000000000022000 [ 2895.597365][T22927] loop5: detected capacity change from 0 to 264192 07:39:46 executing program 2: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000000)=ANY=[@ANYRES16=r0], 0xfffffdef) 07:39:46 executing program 0: r0 = syz_io_uring_setup(0x420c, &(0x7f0000000000), &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000000c0), &(0x7f0000000100)) mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x19e001fff, 0x12, r0, 0x10000000) 07:39:46 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1002000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 07:39:46 executing program 3: r0 = syz_io_uring_setup(0x420c, &(0x7f0000000000), &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000000c0), &(0x7f0000000100)) mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0xa000000, 0x12, r0, 0x10000000) 07:39:46 executing program 4 (fault-call:1 fault-nth:16): r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000080), 0x20000090) 07:39:46 executing program 5: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x0, 0x2, &(0x7f0000000440)=[{0x0, 0x0, 0x100000000}, {&(0x7f0000000400)="b6e4ba5e97a999bfce4e9bf4475031d183cbe1", 0x13, 0x3}], 0x3f00, &(0x7f0000000000)={[{@fat=@time_offset={'time_offset', 0x3d, 0xfffffffffffffc11}}]}) [ 2896.034755][T22947] FAULT_INJECTION: forcing a failure. [ 2896.034755][T22947] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2896.045718][T22946] loop5: detected capacity change from 0 to 264192 [ 2896.047838][T22947] CPU: 1 PID: 22947 Comm: syz-executor.4 Not tainted 5.14.0-rc4-syzkaller #0 [ 2896.063074][T22947] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2896.073173][T22947] Call Trace: [ 2896.076572][T22947] dump_stack_lvl+0xb7/0x103 [ 2896.081159][T22947] dump_stack+0x11/0x1a [ 2896.085308][T22947] should_fail+0x23c/0x250 [ 2896.089837][T22947] should_fail_usercopy+0x16/0x20 [ 2896.094948][T22947] copy_page_from_iter_atomic+0x2c1/0xba0 [ 2896.100701][T22947] ? shmem_write_begin+0x7e/0x100 [ 2896.105715][T22947] generic_perform_write+0x1df/0x3c0 [ 2896.110995][T22947] ? shmem_write_begin+0x100/0x100 [ 2896.116193][T22947] __generic_file_write_iter+0x161/0x300 [ 2896.121919][T22947] ? generic_write_checks+0x242/0x290 [ 2896.127380][T22947] generic_file_write_iter+0x75/0x130 07:39:47 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1003000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 2896.132818][T22947] vfs_write+0x69d/0x770 [ 2896.137053][T22947] ksys_write+0xce/0x180 [ 2896.141299][T22947] __x64_sys_write+0x3e/0x50 [ 2896.145885][T22947] do_syscall_64+0x3d/0x90 [ 2896.150291][T22947] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 2896.156242][T22947] RIP: 0033:0x4665e9 [ 2896.160144][T22947] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 07:39:47 executing program 5: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x0, 0x2, &(0x7f0000000440)=[{0x0, 0x0, 0x100000000}, {&(0x7f0000000400)="b6e4ba5e97a999bfce4e9bf4475031d183cbe1", 0x13, 0x3}], 0x4000, &(0x7f0000000000)={[{@fat=@time_offset={'time_offset', 0x3d, 0xfffffffffffffc11}}]}) [ 2896.179768][T22947] RSP: 002b:00007fe6dc981188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2896.188184][T22947] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665e9 [ 2896.196181][T22947] RDX: 0000000020000090 RSI: 0000000020000080 RDI: 0000000000000003 [ 2896.204292][T22947] RBP: 00007fe6dc9811d0 R08: 0000000000000000 R09: 0000000000000000 [ 2896.212260][T22947] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2896.220274][T22947] R13: 00007ffe9e0603cf R14: 00007fe6dc981300 R15: 0000000000022000 07:39:47 executing program 3: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xfffffdef) r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000700), 0x40000, 0x0) r2 = clone3(&(0x7f00000002c0)={0x10002000, &(0x7f0000000040)=0xffffffffffffffff, &(0x7f0000000080)=0x0, &(0x7f00000000c0)=0x0, {0x1}, &(0x7f00000001c0)=""/229, 0xe5, &(0x7f0000000100)=""/40, &(0x7f0000000140)=[0x0], 0x1, {r1}}, 0x58) r6 = syz_genetlink_get_family_id$batadv(&(0x7f0000000800), r0) sendmsg$BATADV_CMD_SET_HARDIF(r0, &(0x7f0000000900)={&(0x7f00000007c0)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f00000008c0)={&(0x7f0000000840)={0x44, r6, 0x10, 0x70bd2c, 0x25dfdbfb, {}, [@BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5}, @BATADV_ATTR_FRAGMENTATION_ENABLED={0x5}, @BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5, 0x2e, 0x1}, @BATADV_ATTR_FRAGMENTATION_ENABLED={0x5}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5}, @BATADV_ATTR_AGGREGATED_OGMS_ENABLED={0x5}]}, 0x44}, 0x1, 0x0, 0x0, 0x4040014}, 0x8804) waitid$P_PIDFD(0x3, r3, &(0x7f0000000340), 0x4, &(0x7f00000003c0)) recvmsg$unix(r1, &(0x7f0000000b80)={&(0x7f0000000740), 0x6e, 0x0}, 0x0) clone3(&(0x7f0000000600)={0x0, &(0x7f0000000480)=0xffffffffffffffff, &(0x7f00000004c0), &(0x7f0000000500), {0x1e}, &(0x7f0000000540)=""/44, 0x2c, &(0x7f0000000580)=""/36, &(0x7f00000005c0)=[r2, r4, r5, r2, r4], 0x5, {r0}}, 0x58) pidfd_send_signal(r7, 0x3f, &(0x7f0000000680)={0x1a, 0x401, 0x5}, 0x0) openat$sysfs(0xffffffffffffff9c, &(0x7f0000000940)='/sys/kernel/uevent_helper', 0x1, 0x11c) setsockopt$inet6_icmp_ICMP_FILTER(r1, 0x1, 0x1, &(0x7f0000000000)={0x401}, 0x4) 07:39:47 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1004000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 07:39:47 executing program 5: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x0, 0x2, &(0x7f0000000440)=[{0x0, 0x0, 0x100000000}, {&(0x7f0000000400)="b6e4ba5e97a999bfce4e9bf4475031d183cbe1", 0x13, 0x3}], 0x4302, &(0x7f0000000000)={[{@fat=@time_offset={'time_offset', 0x3d, 0xfffffffffffffc11}}]}) 07:39:47 executing program 0: r0 = syz_io_uring_setup(0x420c, &(0x7f0000000000), &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000000c0), &(0x7f0000000100)) mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x400000000000, 0x12, r0, 0x10000000) 07:39:47 executing program 2: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) pidfd_getfd(r0, r0, 0x0) write$nbd(r0, &(0x7f0000000000)=ANY=[@ANYRES64=r0, @ANYRES16=r0], 0xfffffdef) 07:39:47 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1005000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 07:39:47 executing program 0: r0 = syz_io_uring_setup(0x420c, &(0x7f0000000000), &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000000c0), &(0x7f0000000100)) mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x8000000000000, 0x12, r0, 0x10000000) [ 2896.365067][T22974] loop5: detected capacity change from 0 to 264192 [ 2896.394896][T22974] FAT-fs (loop5): invalid media value (0xe1) [ 2896.400913][T22974] FAT-fs (loop5): Can't find a valid FAT filesystem 07:39:47 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1100000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 2896.534106][T22974] loop5: detected capacity change from 0 to 264192 [ 2896.567751][T22974] FAT-fs (loop5): invalid media value (0xe1) [ 2896.573881][T22974] FAT-fs (loop5): Can't find a valid FAT filesystem [ 2896.609415][T22985] ================================================================== [ 2896.617540][T22985] BUG: KCSAN: data-race in __percpu_counter_compare / percpu_counter_add_batch [ 2896.626478][T22985] [ 2896.628809][T22985] write to 0xffff88810004b3d0 of 8 bytes by task 22941 on cpu 1: [ 2896.636512][T22985] percpu_counter_add_batch+0x9c/0xd0 [ 2896.641889][T22985] shmem_undo_range+0xd24/0xe20 [ 2896.646747][T22985] shmem_evict_inode+0x115/0x5a0 [ 2896.651683][T22985] evict+0x1c8/0x3c0 [ 2896.655576][T22985] iput+0x430/0x580 [ 2896.659379][T22985] dentry_unlink_inode+0x23a/0x260 [ 2896.664479][T22985] __dentry_kill+0x2af/0x4e0 [ 2896.669055][T22985] dput+0xc6/0x360 [ 2896.672770][T22985] __fput+0x3ab/0x4e0 [ 2896.676736][T22985] ____fput+0x11/0x20 [ 2896.680709][T22985] task_work_run+0xae/0x130 [ 2896.685196][T22985] exit_to_user_mode_prepare+0x156/0x190 [ 2896.690823][T22985] syscall_exit_to_user_mode+0x20/0x40 [ 2896.696278][T22985] do_syscall_64+0x49/0x90 [ 2896.700688][T22985] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 2896.706576][T22985] [ 2896.708878][T22985] read to 0xffff88810004b3d0 of 8 bytes by task 22985 on cpu 0: [ 2896.716520][T22985] __percpu_counter_compare+0x28/0x1a0 [ 2896.721962][T22985] shmem_getpage_gfp+0x84d/0x13d0 [ 2896.726964][T22985] shmem_write_begin+0x7e/0x100 [ 2896.731788][T22985] generic_perform_write+0x196/0x3c0 [ 2896.737052][T22985] __generic_file_write_iter+0x161/0x300 [ 2896.742665][T22985] generic_file_write_iter+0x75/0x130 [ 2896.748012][T22985] vfs_write+0x69d/0x770 [ 2896.752228][T22985] ksys_write+0xce/0x180 [ 2896.756444][T22985] __x64_sys_write+0x3e/0x50 [ 2896.761008][T22985] do_syscall_64+0x3d/0x90 [ 2896.765401][T22985] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 2896.771269][T22985] [ 2896.773598][T22985] value changed: 0x0000000000002804 -> 0x0000000000001823 [ 2896.780685][T22985] [ 2896.782983][T22985] Reported by Kernel Concurrency Sanitizer on: [ 2896.789136][T22985] CPU: 0 PID: 22985 Comm: syz-executor.2 Not tainted 5.14.0-rc4-syzkaller #0 [ 2896.797870][T22985] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 07:39:47 executing program 4 (fault-call:1 fault-nth:17): r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000080), 0x20000090) 07:39:47 executing program 0: r0 = syz_io_uring_setup(0x420c, &(0x7f0000000000), &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000000c0), &(0x7f0000000100)) mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x10000000000000, 0x12, r0, 0x10000000) 07:39:47 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1101000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 07:39:47 executing program 5: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x0, 0x2, &(0x7f0000000440)=[{0x0, 0x0, 0x100000000}, {&(0x7f0000000400)="b6e4ba5e97a999bfce4e9bf4475031d183cbe1", 0x13, 0x3}], 0x4402, &(0x7f0000000000)={[{@fat=@time_offset={'time_offset', 0x3d, 0xfffffffffffffc11}}]}) 07:39:47 executing program 3: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xfffffdef) r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000700), 0x40000, 0x0) r2 = clone3(&(0x7f00000002c0)={0x10002000, &(0x7f0000000040)=0xffffffffffffffff, &(0x7f0000000080)=0x0, &(0x7f00000000c0)=0x0, {0x1}, &(0x7f00000001c0)=""/229, 0xe5, &(0x7f0000000100)=""/40, &(0x7f0000000140)=[0x0], 0x1, {r1}}, 0x58) r6 = syz_genetlink_get_family_id$batadv(&(0x7f0000000800), r0) sendmsg$BATADV_CMD_SET_HARDIF(r0, &(0x7f0000000900)={&(0x7f00000007c0)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f00000008c0)={&(0x7f0000000840)={0x44, r6, 0x10, 0x70bd2c, 0x25dfdbfb, {}, [@BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5}, @BATADV_ATTR_FRAGMENTATION_ENABLED={0x5}, @BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5, 0x2e, 0x1}, @BATADV_ATTR_FRAGMENTATION_ENABLED={0x5}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5}, @BATADV_ATTR_AGGREGATED_OGMS_ENABLED={0x5}]}, 0x44}, 0x1, 0x0, 0x0, 0x4040014}, 0x8804) waitid$P_PIDFD(0x3, r3, &(0x7f0000000340), 0x4, &(0x7f00000003c0)) recvmsg$unix(r1, &(0x7f0000000b80)={&(0x7f0000000740), 0x6e, 0x0}, 0x0) clone3(&(0x7f0000000600)={0x0, &(0x7f0000000480)=0xffffffffffffffff, &(0x7f00000004c0), &(0x7f0000000500), {0x1e}, &(0x7f0000000540)=""/44, 0x2c, &(0x7f0000000580)=""/36, &(0x7f00000005c0)=[r2, r4, r5, r2, r4], 0x5, {r0}}, 0x58) pidfd_send_signal(r7, 0x3f, &(0x7f0000000680)={0x1a, 0x401, 0x5}, 0x0) openat$sysfs(0xffffffffffffff9c, &(0x7f0000000940)='/sys/kernel/uevent_helper', 0x1, 0x11c) setsockopt$inet6_icmp_ICMP_FILTER(r1, 0x1, 0x1, &(0x7f0000000000)={0x401}, 0x4) [ 2896.807923][T22985] ================================================================== [ 2896.847225][T23005] FAULT_INJECTION: forcing a failure. [ 2896.847225][T23005] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 2896.860484][T23005] CPU: 1 PID: 23005 Comm: syz-executor.4 Not tainted 5.14.0-rc4-syzkaller #0 [ 2896.869259][T23005] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2896.879339][T23005] Call Trace: [ 2896.882617][T23005] dump_stack_lvl+0xb7/0x103 [ 2896.887252][T23005] dump_stack+0x11/0x1a [ 2896.891404][T23005] should_fail+0x23c/0x250 [ 2896.895875][T23005] __alloc_pages+0x102/0x320 [ 2896.900479][T23005] alloc_pages_vma+0x513/0x680 [ 2896.905244][T23005] shmem_getpage_gfp+0x954/0x13d0 07:39:47 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1102000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 2896.910274][T23005] shmem_write_begin+0x7e/0x100 [ 2896.915119][T23005] generic_perform_write+0x196/0x3c0 [ 2896.920486][T23005] ? shmem_write_begin+0x100/0x100 [ 2896.925597][T23005] __generic_file_write_iter+0x161/0x300 [ 2896.931274][T23005] ? generic_write_checks+0x242/0x290 [ 2896.936661][T23005] generic_file_write_iter+0x75/0x130 [ 2896.942103][T23005] vfs_write+0x69d/0x770 [ 2896.946336][T23005] ksys_write+0xce/0x180 [ 2896.950572][T23005] __x64_sys_write+0x3e/0x50 [ 2896.955153][T23005] do_syscall_64+0x3d/0x90 07:39:47 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1103000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 2896.959594][T23005] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 2896.965539][T23005] RIP: 0033:0x4665e9 [ 2896.969428][T23005] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2896.989206][T23005] RSP: 002b:00007fe6dc981188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2896.997620][T23005] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665e9 07:39:47 executing program 4 (fault-call:1 fault-nth:18): r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000080), 0x20000090) [ 2897.005593][T23005] RDX: 0000000020000090 RSI: 0000000020000080 RDI: 0000000000000003 [ 2897.013569][T23005] RBP: 00007fe6dc9811d0 R08: 0000000000000000 R09: 0000000000000000 [ 2897.021531][T23005] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2897.029502][T23005] R13: 00007ffe9e0603cf R14: 00007fe6dc981300 R15: 0000000000022000 [ 2897.043118][T23007] loop5: detected capacity change from 0 to 264192 [ 2897.095453][T23007] FAT-fs (loop5): invalid media value (0xe1) [ 2897.101485][T23007] FAT-fs (loop5): Can't find a valid FAT filesystem [ 2897.136670][T23022] FAULT_INJECTION: forcing a failure. [ 2897.136670][T23022] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2897.149781][T23022] CPU: 0 PID: 23022 Comm: syz-executor.4 Not tainted 5.14.0-rc4-syzkaller #0 [ 2897.158618][T23022] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2897.168748][T23022] Call Trace: [ 2897.172028][T23022] dump_stack_lvl+0xb7/0x103 [ 2897.176616][T23022] dump_stack+0x11/0x1a [ 2897.180795][T23022] should_fail+0x23c/0x250 07:39:48 executing program 2: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xfffffdef) openat$cgroup_devices(r0, &(0x7f0000001300)='devices.deny\x00', 0x2, 0x0) r1 = fork() clone3(&(0x7f0000000b40)={0x20a00000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000b00)=[r1], 0x1}, 0x58) r2 = getpgid(0x0) r3 = getpgrp(0xffffffffffffffff) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r0, 0xc0502100, &(0x7f00000011c0)={0x0, 0x0}) clone3(&(0x7f0000001280)={0x120080, &(0x7f0000000000), &(0x7f0000000040), &(0x7f0000000080), {0x3b}, &(0x7f00000001c0)=""/4096, 0x1000, &(0x7f00000000c0)=""/168, &(0x7f0000001240)=[r1, r2, r3, r4], 0x4, {r0}}, 0x58) 07:39:48 executing program 0: r0 = syz_io_uring_setup(0x420c, &(0x7f0000000000), &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000000c0), &(0x7f0000000100)) mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x508b1d00000000, 0x12, r0, 0x10000000) 07:39:48 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1104000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 07:39:48 executing program 3: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xfffffdef) r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000700), 0x40000, 0x0) r2 = clone3(&(0x7f00000002c0)={0x10002000, &(0x7f0000000040)=0xffffffffffffffff, &(0x7f0000000080)=0x0, &(0x7f00000000c0)=0x0, {0x1}, &(0x7f00000001c0)=""/229, 0xe5, &(0x7f0000000100)=""/40, &(0x7f0000000140)=[0x0], 0x1, {r1}}, 0x58) r6 = syz_genetlink_get_family_id$batadv(&(0x7f0000000800), r0) sendmsg$BATADV_CMD_SET_HARDIF(r0, &(0x7f0000000900)={&(0x7f00000007c0)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f00000008c0)={&(0x7f0000000840)={0x44, r6, 0x10, 0x70bd2c, 0x25dfdbfb, {}, [@BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5}, @BATADV_ATTR_FRAGMENTATION_ENABLED={0x5}, @BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5, 0x2e, 0x1}, @BATADV_ATTR_FRAGMENTATION_ENABLED={0x5}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5}, @BATADV_ATTR_AGGREGATED_OGMS_ENABLED={0x5}]}, 0x44}, 0x1, 0x0, 0x0, 0x4040014}, 0x8804) waitid$P_PIDFD(0x3, r3, &(0x7f0000000340), 0x4, &(0x7f00000003c0)) recvmsg$unix(r1, &(0x7f0000000b80)={&(0x7f0000000740), 0x6e, 0x0}, 0x0) clone3(&(0x7f0000000600)={0x0, &(0x7f0000000480)=0xffffffffffffffff, &(0x7f00000004c0), &(0x7f0000000500), {0x1e}, &(0x7f0000000540)=""/44, 0x2c, &(0x7f0000000580)=""/36, &(0x7f00000005c0)=[r2, r4, r5, r2, r4], 0x5, {r0}}, 0x58) pidfd_send_signal(r7, 0x3f, &(0x7f0000000680)={0x1a, 0x401, 0x5}, 0x0) openat$sysfs(0xffffffffffffff9c, &(0x7f0000000940)='/sys/kernel/uevent_helper', 0x1, 0x11c) setsockopt$inet6_icmp_ICMP_FILTER(r1, 0x1, 0x1, &(0x7f0000000000)={0x401}, 0x4) [ 2897.185218][T23022] should_fail_usercopy+0x16/0x20 [ 2897.190246][T23022] copy_page_from_iter_atomic+0x2c1/0xba0 [ 2897.195972][T23022] ? shmem_write_begin+0x7e/0x100 [ 2897.200992][T23022] generic_perform_write+0x1df/0x3c0 [ 2897.206279][T23022] ? shmem_write_begin+0x100/0x100 [ 2897.211381][T23022] __generic_file_write_iter+0x161/0x300 [ 2897.217016][T23022] ? generic_write_checks+0x242/0x290 [ 2897.222381][T23022] generic_file_write_iter+0x75/0x130 [ 2897.227883][T23022] vfs_write+0x69d/0x770 [ 2897.232143][T23022] ksys_write+0xce/0x180 07:39:48 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1105000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 2897.236442][T23022] __x64_sys_write+0x3e/0x50 [ 2897.241096][T23022] do_syscall_64+0x3d/0x90 [ 2897.245575][T23022] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 2897.251473][T23022] RIP: 0033:0x4665e9 [ 2897.255356][T23022] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2897.274959][T23022] RSP: 002b:00007fe6dc981188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2897.283448][T23022] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665e9 [ 2897.291521][T23022] RDX: 0000000020000090 RSI: 0000000020000080 RDI: 0000000000000003 [ 2897.299573][T23022] RBP: 00007fe6dc9811d0 R08: 0000000000000000 R09: 0000000000000000 [ 2897.307633][T23022] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2897.315665][T23022] R13: 00007ffe9e0603cf R14: 00007fe6dc981300 R15: 0000000000022000 07:39:48 executing program 0: r0 = syz_io_uring_setup(0x420c, &(0x7f0000000000), &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000000c0), &(0x7f0000000100)) mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x60000000000000, 0x12, r0, 0x10000000) 07:39:48 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1200000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 2897.348932][T23007] loop5: detected capacity change from 0 to 264192 [ 2897.403288][T23007] FAT-fs (loop5): invalid media value (0xe1) [ 2897.409354][T23007] FAT-fs (loop5): Can't find a valid FAT filesystem 07:39:48 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1201000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 07:39:48 executing program 5: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x0, 0x2, &(0x7f0000000440)=[{0x0, 0x0, 0x100000000}, {&(0x7f0000000400)="b6e4ba5e97a999bfce4e9bf4475031d183cbe1", 0x13, 0x3}], 0x4502, &(0x7f0000000000)={[{@fat=@time_offset={'time_offset', 0x3d, 0xfffffffffffffc11}}]}) 07:39:48 executing program 0: r0 = syz_io_uring_setup(0x420c, &(0x7f0000000000), &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000000c0), &(0x7f0000000100)) mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x80000000000000, 0x12, r0, 0x10000000) 07:39:48 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1202000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 2897.572134][T23058] loop5: detected capacity change from 0 to 264192 [ 2897.612435][T23058] FAT-fs (loop5): invalid media value (0xe1) [ 2897.618583][T23058] FAT-fs (loop5): Can't find a valid FAT filesystem [ 2897.683159][T23058] loop5: detected capacity change from 0 to 264192 [ 2897.698605][T23058] FAT-fs (loop5): invalid media value (0xe1) [ 2897.704618][T23058] FAT-fs (loop5): Can't find a valid FAT filesystem 07:39:48 executing program 4 (fault-call:1 fault-nth:19): r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000080), 0x20000090) 07:39:48 executing program 0: r0 = syz_io_uring_setup(0x420c, &(0x7f0000000000), &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000000c0), &(0x7f0000000100)) mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x80ffff00000000, 0x12, r0, 0x10000000) 07:39:48 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1203000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 07:39:48 executing program 5: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x0, 0x2, &(0x7f0000000440)=[{0x0, 0x0, 0x100000000}, {&(0x7f0000000400)="b6e4ba5e97a999bfce4e9bf4475031d183cbe1", 0x13, 0x3}], 0x4800, &(0x7f0000000000)={[{@fat=@time_offset={'time_offset', 0x3d, 0xfffffffffffffc11}}]}) 07:39:48 executing program 2: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x4d0501, 0x0) waitid$P_PIDFD(0x3, r0, &(0x7f0000000500), 0x4, &(0x7f0000000100)) r1 = pidfd_getfd(r0, r0, 0x0) r2 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000700), 0x40000, 0x0) recvmsg$unix(r2, &(0x7f0000000b80)={&(0x7f0000000740), 0x6e, 0x0}, 0x0) process_madvise(r2, &(0x7f00000004c0)=[{&(0x7f00000001c0)="dcce8587cd6b6a5a56d01351e9f535cc538d227c504f30", 0x17}, {&(0x7f0000000200)="8baac3dc9214e7be6cd049869d705b75addb71e7b683091938857443282ab2dcad94fa2c711ca11643dc15a7f67e6e1376232108f481fc15eb988fc6ee456f38682f9172e83d974f67ce4f17e66cac10fc8217d95e3bb401c7c76c7d831af724480f6020320bec0b5fa928e6891762b31438e963cd8752f65fc4f3d2a08184e079185402676cc19e82241ecc1cf43d9d364374040fb87a43a0f001dfd11743d0276afb945d2e977488939b34d9b4dfaad7ba4269c5804d78ce6a562f5a39d57d3bd591e20a38ff34959c17ee7b176b5b0dd9cbeb3fc8d5b1367537f71f2bd0803968d75d9cdc", 0xe6}, {&(0x7f0000000300)="73387db1bc17aef845e288f84e274df86c0f80289c79c9648f083ba717c179f5affae77e3b8cdf757fdf9d09b5d18e3001549c9389c27dc8d8746e45e5b510d4cd79a764344cd570b26dcdd0dc2eecdafd3b8efd3875df98f3188da8e1e3e54013bad881981d7964d5f3ec7af929926d82c4472d76504d66e69ecde0763c0b391aec15348c9640c6c479c555a49e130f85f7488c53f868bceacd8716b89e6775dca1491976355a6316b63a25abf4ffb866e7eea786609c96fc00ab29621ea7458074abe8fa78b712b2164428ffbfa76d3aed2813567a54", 0xd7}, {&(0x7f0000000400)="2501253607699a810c1a065682fdb2d804e437b1a4f53f8c3823dbc7103bb38d46d7c6b0f619d0d0c32001a460b21b66a2af0333e5b1fc9e93c849a3313862a50d0a17f41e9ee35e53cffb29413e7288ff02cc7103cf1d8202e3f4ad43d81d20caa46ee588f58020ca6f74dcfd97c3f4be693fb81d3c091fc7d51bd7d25ec2117de4adabb374a769a6e95309893181e94e5afc6f06629062ebf3637ea82427b1850062b79662b60962b889ecfd28d8cd5451ea", 0xb3}], 0x4, 0x2, 0x0) r3 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000700), 0x40000, 0x0) recvmsg$unix(r3, &(0x7f0000000b80)={&(0x7f0000000740), 0x6e, 0x0}, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_STATUS(r3, 0xc05c5340, &(0x7f0000000080)={0xdf5, 0x0, 0x5, {0x6}, 0x1, 0x7fffffff}) ioctl$TIOCGPGRP(r1, 0x540f, &(0x7f0000000040)) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xfffffdef) 07:39:48 executing program 3: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xfffffdef) r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000700), 0x40000, 0x0) r2 = clone3(&(0x7f00000002c0)={0x10002000, &(0x7f0000000040)=0xffffffffffffffff, &(0x7f0000000080)=0x0, &(0x7f00000000c0)=0x0, {0x1}, &(0x7f00000001c0)=""/229, 0xe5, &(0x7f0000000100)=""/40, &(0x7f0000000140)=[0x0], 0x1, {r1}}, 0x58) r6 = syz_genetlink_get_family_id$batadv(&(0x7f0000000800), r0) sendmsg$BATADV_CMD_SET_HARDIF(r0, &(0x7f0000000900)={&(0x7f00000007c0)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f00000008c0)={&(0x7f0000000840)={0x44, r6, 0x10, 0x70bd2c, 0x25dfdbfb, {}, [@BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5}, @BATADV_ATTR_FRAGMENTATION_ENABLED={0x5}, @BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5, 0x2e, 0x1}, @BATADV_ATTR_FRAGMENTATION_ENABLED={0x5}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5}, @BATADV_ATTR_AGGREGATED_OGMS_ENABLED={0x5}]}, 0x44}, 0x1, 0x0, 0x0, 0x4040014}, 0x8804) waitid$P_PIDFD(0x3, r3, &(0x7f0000000340), 0x4, &(0x7f00000003c0)) recvmsg$unix(r1, &(0x7f0000000b80)={&(0x7f0000000740), 0x6e, 0x0}, 0x0) clone3(&(0x7f0000000600)={0x0, &(0x7f0000000480)=0xffffffffffffffff, &(0x7f00000004c0), &(0x7f0000000500), {0x1e}, &(0x7f0000000540)=""/44, 0x2c, &(0x7f0000000580)=""/36, &(0x7f00000005c0)=[r2, r4, r5, r2, r4], 0x5, {r0}}, 0x58) pidfd_send_signal(r7, 0x3f, &(0x7f0000000680)={0x1a, 0x401, 0x5}, 0x0) openat$sysfs(0xffffffffffffff9c, &(0x7f0000000940)='/sys/kernel/uevent_helper', 0x1, 0x11c) [ 2897.829382][T23081] loop5: detected capacity change from 0 to 264192 [ 2897.840942][T23084] FAULT_INJECTION: forcing a failure. [ 2897.840942][T23084] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 2897.854205][T23084] CPU: 0 PID: 23084 Comm: syz-executor.4 Not tainted 5.14.0-rc4-syzkaller #0 [ 2897.862971][T23084] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2897.873054][T23084] Call Trace: 07:39:48 executing program 0: r0 = syz_io_uring_setup(0x420c, &(0x7f0000000000), &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000000c0), &(0x7f0000000100)) mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0xc0ffff00000000, 0x12, r0, 0x10000000) 07:39:48 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1204000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 2897.876326][T23084] dump_stack_lvl+0xb7/0x103 [ 2897.880912][T23084] dump_stack+0x11/0x1a [ 2897.885060][T23084] should_fail+0x23c/0x250 [ 2897.889481][T23084] __alloc_pages+0x102/0x320 [ 2897.894086][T23084] alloc_pages_vma+0x513/0x680 [ 2897.898845][T23084] shmem_getpage_gfp+0x954/0x13d0 [ 2897.903883][T23084] shmem_write_begin+0x7e/0x100 [ 2897.908724][T23084] generic_perform_write+0x196/0x3c0 [ 2897.914013][T23084] ? shmem_write_begin+0x100/0x100 [ 2897.919116][T23084] __generic_file_write_iter+0x161/0x300 [ 2897.920831][T23081] FAT-fs (loop5): invalid media value (0xe1) [ 2897.924771][T23084] ? generic_write_checks+0x242/0x290 [ 2897.924797][T23084] generic_file_write_iter+0x75/0x130 [ 2897.930775][T23081] FAT-fs (loop5): Can't find a valid FAT filesystem [ 2897.936107][T23084] vfs_write+0x69d/0x770 [ 2897.952247][T23084] ksys_write+0xce/0x180 [ 2897.956486][T23084] __x64_sys_write+0x3e/0x50 [ 2897.961118][T23084] do_syscall_64+0x3d/0x90 [ 2897.965530][T23084] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 2897.971420][T23084] RIP: 0033:0x4665e9 [ 2897.975301][T23084] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2897.994902][T23084] RSP: 002b:00007fe6dc981188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2898.003315][T23084] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665e9 [ 2898.011282][T23084] RDX: 0000000020000090 RSI: 0000000020000080 RDI: 0000000000000003 [ 2898.019254][T23084] RBP: 00007fe6dc9811d0 R08: 0000000000000000 R09: 0000000000000000 [ 2898.027220][T23084] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2898.035191][T23084] R13: 00007ffe9e0603cf R14: 00007fe6dc981300 R15: 0000000000022000 07:39:48 executing program 5: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x0, 0x2, &(0x7f0000000440)=[{0x0, 0x0, 0x100000000}, {&(0x7f0000000400)="b6e4ba5e97a999bfce4e9bf4475031d183cbe1", 0x13, 0x3}], 0x4c00, &(0x7f0000000000)={[{@fat=@time_offset={'time_offset', 0x3d, 0xfffffffffffffc11}}]}) 07:39:48 executing program 0: r0 = syz_io_uring_setup(0x420c, &(0x7f0000000000), &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000000c0), &(0x7f0000000100)) mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0xe0ff2000000000, 0x12, r0, 0x10000000) 07:39:49 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1205000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 07:39:49 executing program 3: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xfffffdef) r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000700), 0x40000, 0x0) r2 = clone3(&(0x7f00000002c0)={0x10002000, &(0x7f0000000040)=0xffffffffffffffff, &(0x7f0000000080)=0x0, &(0x7f00000000c0)=0x0, {0x1}, &(0x7f00000001c0)=""/229, 0xe5, &(0x7f0000000100)=""/40, &(0x7f0000000140)=[0x0], 0x1, {r1}}, 0x58) r6 = syz_genetlink_get_family_id$batadv(&(0x7f0000000800), r0) sendmsg$BATADV_CMD_SET_HARDIF(r0, &(0x7f0000000900)={&(0x7f00000007c0)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f00000008c0)={&(0x7f0000000840)={0x44, r6, 0x10, 0x70bd2c, 0x25dfdbfb, {}, [@BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5}, @BATADV_ATTR_FRAGMENTATION_ENABLED={0x5}, @BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5, 0x2e, 0x1}, @BATADV_ATTR_FRAGMENTATION_ENABLED={0x5}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5}, @BATADV_ATTR_AGGREGATED_OGMS_ENABLED={0x5}]}, 0x44}, 0x1, 0x0, 0x0, 0x4040014}, 0x8804) waitid$P_PIDFD(0x3, r3, &(0x7f0000000340), 0x4, &(0x7f00000003c0)) recvmsg$unix(r1, &(0x7f0000000b80)={&(0x7f0000000740), 0x6e, 0x0}, 0x0) clone3(&(0x7f0000000600)={0x0, &(0x7f0000000480)=0xffffffffffffffff, &(0x7f00000004c0), &(0x7f0000000500), {0x1e}, &(0x7f0000000540)=""/44, 0x2c, &(0x7f0000000580)=""/36, &(0x7f00000005c0)=[r2, r4, r5, r2, r4], 0x5, {r0}}, 0x58) pidfd_send_signal(r7, 0x3f, &(0x7f0000000680)={0x1a, 0x401, 0x5}, 0x0) openat$sysfs(0xffffffffffffff9c, &(0x7f0000000940)='/sys/kernel/uevent_helper', 0x1, 0x11c) 07:39:49 executing program 4 (fault-call:1 fault-nth:20): r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000080), 0x20000090) 07:39:49 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1300000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 07:39:49 executing program 0: r0 = syz_io_uring_setup(0x420c, &(0x7f0000000000), &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000000c0), &(0x7f0000000100)) mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x100000000000000, 0x12, r0, 0x10000000) [ 2898.141513][T23108] loop5: detected capacity change from 0 to 264192 [ 2898.171676][T23108] FAT-fs (loop5): invalid media value (0xe1) [ 2898.177713][T23108] FAT-fs (loop5): Can't find a valid FAT filesystem [ 2898.194407][T23117] FAULT_INJECTION: forcing a failure. [ 2898.194407][T23117] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2898.207476][T23117] CPU: 0 PID: 23117 Comm: syz-executor.4 Not tainted 5.14.0-rc4-syzkaller #0 [ 2898.216345][T23117] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2898.226443][T23117] Call Trace: [ 2898.229717][T23117] dump_stack_lvl+0xb7/0x103 [ 2898.234307][T23117] dump_stack+0x11/0x1a [ 2898.238522][T23117] should_fail+0x23c/0x250 [ 2898.242935][T23117] should_fail_usercopy+0x16/0x20 [ 2898.247957][T23117] copy_page_from_iter_atomic+0x2c1/0xba0 [ 2898.253755][T23117] ? shmem_write_begin+0x7e/0x100 [ 2898.258766][T23117] generic_perform_write+0x1df/0x3c0 [ 2898.264038][T23117] ? shmem_write_begin+0x100/0x100 [ 2898.269456][T23117] __generic_file_write_iter+0x161/0x300 [ 2898.275075][T23117] ? generic_write_checks+0x242/0x290 [ 2898.280459][T23117] generic_file_write_iter+0x75/0x130 [ 2898.285932][T23117] vfs_write+0x69d/0x770 [ 2898.290155][T23117] ksys_write+0xce/0x180 [ 2898.294376][T23117] __x64_sys_write+0x3e/0x50 [ 2898.299108][T23117] do_syscall_64+0x3d/0x90 [ 2898.303517][T23117] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 2898.309413][T23117] RIP: 0033:0x4665e9 [ 2898.313302][T23117] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2898.332891][T23117] RSP: 002b:00007fe6dc981188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 07:39:49 executing program 0: r0 = syz_io_uring_setup(0x420c, &(0x7f0000000000), &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000000c0), &(0x7f0000000100)) mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x200000000000000, 0x12, r0, 0x10000000) [ 2898.341340][T23117] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665e9 [ 2898.349309][T23117] RDX: 0000000020000090 RSI: 0000000020000080 RDI: 0000000000000003 [ 2898.357261][T23117] RBP: 00007fe6dc9811d0 R08: 0000000000000000 R09: 0000000000000000 [ 2898.365212][T23117] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2898.373172][T23117] R13: 00007ffe9e0603cf R14: 00007fe6dc981300 R15: 0000000000022000 [ 2898.478718][T23108] loop5: detected capacity change from 0 to 264192 07:39:49 executing program 2: ioctl$TIOCL_PASTESEL(0xffffffffffffffff, 0x541c, &(0x7f0000000000)) r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) r1 = openat$vcsa(0xffffffffffffff9c, &(0x7f0000000080), 0x400000, 0x0) ioctl$SNDRV_SEQ_IOCTL_RUNNING_MODE(r1, 0xc0105303, &(0x7f00000000c0)={0x40, 0x1}) write$nbd(r0, &(0x7f0000000040)=ANY=[@ANYRES32=0x0, @ANYRESHEX, @ANYRESHEX], 0xfffffdef) 07:39:49 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1301000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 07:39:49 executing program 0: r0 = syz_io_uring_setup(0x420c, &(0x7f0000000000), &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000000c0), &(0x7f0000000100)) mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x400000000000000, 0x12, r0, 0x10000000) 07:39:49 executing program 5: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x0, 0x2, &(0x7f0000000440)=[{0x0, 0x0, 0x100000000}, {&(0x7f0000000400)="b6e4ba5e97a999bfce4e9bf4475031d183cbe1", 0x13, 0x3}], 0x6000, &(0x7f0000000000)={[{@fat=@time_offset={'time_offset', 0x3d, 0xfffffffffffffc11}}]}) 07:39:49 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1302000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 07:39:49 executing program 3: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xfffffdef) r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000700), 0x40000, 0x0) r2 = clone3(&(0x7f00000002c0)={0x10002000, &(0x7f0000000040)=0xffffffffffffffff, &(0x7f0000000080)=0x0, &(0x7f00000000c0)=0x0, {0x1}, &(0x7f00000001c0)=""/229, 0xe5, &(0x7f0000000100)=""/40, &(0x7f0000000140)=[0x0], 0x1, {r1}}, 0x58) r6 = syz_genetlink_get_family_id$batadv(&(0x7f0000000800), r0) sendmsg$BATADV_CMD_SET_HARDIF(r0, &(0x7f0000000900)={&(0x7f00000007c0)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f00000008c0)={&(0x7f0000000840)={0x44, r6, 0x10, 0x70bd2c, 0x25dfdbfb, {}, [@BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5}, @BATADV_ATTR_FRAGMENTATION_ENABLED={0x5}, @BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5, 0x2e, 0x1}, @BATADV_ATTR_FRAGMENTATION_ENABLED={0x5}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5}, @BATADV_ATTR_AGGREGATED_OGMS_ENABLED={0x5}]}, 0x44}, 0x1, 0x0, 0x0, 0x4040014}, 0x8804) waitid$P_PIDFD(0x3, r3, &(0x7f0000000340), 0x4, &(0x7f00000003c0)) recvmsg$unix(r1, &(0x7f0000000b80)={&(0x7f0000000740), 0x6e, 0x0}, 0x0) clone3(&(0x7f0000000600)={0x0, &(0x7f0000000480)=0xffffffffffffffff, &(0x7f00000004c0), &(0x7f0000000500), {0x1e}, &(0x7f0000000540)=""/44, 0x2c, &(0x7f0000000580)=""/36, &(0x7f00000005c0)=[r2, r4, r5, r2, r4], 0x5, {r0}}, 0x58) pidfd_send_signal(r7, 0x3f, &(0x7f0000000680)={0x1a, 0x401, 0x5}, 0x0) 07:39:49 executing program 0: r0 = syz_io_uring_setup(0x420c, &(0x7f0000000000), &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000000c0), &(0x7f0000000100)) mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0xa00000000000000, 0x12, r0, 0x10000000) 07:39:49 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1303000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 2898.673481][T23140] loop5: detected capacity change from 0 to 264192 07:39:49 executing program 4 (fault-call:1 fault-nth:21): r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000080), 0x20000090) 07:39:49 executing program 0: r0 = syz_io_uring_setup(0x420c, &(0x7f0000000000), &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000000c0), &(0x7f0000000100)) mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0xff0f009e01000000, 0x12, r0, 0x10000000) 07:39:49 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1304000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 2898.766749][T23140] loop5: detected capacity change from 0 to 264192 07:39:49 executing program 5: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x0, 0x2, &(0x7f0000000440)=[{0x0, 0x0, 0x100000000}, {&(0x7f0000000400)="b6e4ba5e97a999bfce4e9bf4475031d183cbe1", 0x13, 0x3}], 0x6800, &(0x7f0000000000)={[{@fat=@time_offset={'time_offset', 0x3d, 0xfffffffffffffc11}}]}) [ 2898.856800][T23165] FAULT_INJECTION: forcing a failure. [ 2898.856800][T23165] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 2898.870085][T23165] CPU: 0 PID: 23165 Comm: syz-executor.4 Not tainted 5.14.0-rc4-syzkaller #0 [ 2898.878843][T23165] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2898.888889][T23165] Call Trace: [ 2898.892175][T23165] dump_stack_lvl+0xb7/0x103 [ 2898.896765][T23165] dump_stack+0x11/0x1a [ 2898.900917][T23165] should_fail+0x23c/0x250 [ 2898.905332][T23165] __alloc_pages+0x102/0x320 [ 2898.909939][T23165] alloc_pages_vma+0x513/0x680 [ 2898.914706][T23165] shmem_getpage_gfp+0x954/0x13d0 [ 2898.918201][T23169] loop5: detected capacity change from 0 to 264192 [ 2898.919725][T23165] shmem_write_begin+0x7e/0x100 [ 2898.931047][T23165] generic_perform_write+0x196/0x3c0 [ 2898.936327][T23165] ? shmem_write_begin+0x100/0x100 [ 2898.941435][T23165] __generic_file_write_iter+0x161/0x300 [ 2898.947070][T23165] ? generic_write_checks+0x242/0x290 [ 2898.952475][T23165] generic_file_write_iter+0x75/0x130 [ 2898.957857][T23165] vfs_write+0x69d/0x770 [ 2898.962089][T23165] ksys_write+0xce/0x180 [ 2898.966364][T23165] __x64_sys_write+0x3e/0x50 [ 2898.970995][T23165] do_syscall_64+0x3d/0x90 [ 2898.975418][T23165] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 2898.981319][T23165] RIP: 0033:0x4665e9 [ 2898.985201][T23165] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2899.004803][T23165] RSP: 002b:00007fe6dc981188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2899.013243][T23165] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665e9 [ 2899.021236][T23165] RDX: 0000000020000090 RSI: 0000000020000080 RDI: 0000000000000003 [ 2899.029289][T23165] RBP: 00007fe6dc9811d0 R08: 0000000000000000 R09: 0000000000000000 [ 2899.037250][T23165] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2899.045207][T23165] R13: 00007ffe9e0603cf R14: 00007fe6dc981300 R15: 0000000000022000 07:39:50 executing program 2: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) pipe(&(0x7f0000000000)) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xfffffdef) 07:39:50 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1305000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 07:39:50 executing program 5: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x0, 0x2, &(0x7f0000000440)=[{0x0, 0x0, 0x100000000}, {&(0x7f0000000400)="b6e4ba5e97a999bfce4e9bf4475031d183cbe1", 0x13, 0x3}], 0x6c00, &(0x7f0000000000)={[{@fat=@time_offset={'time_offset', 0x3d, 0xfffffffffffffc11}}]}) 07:39:50 executing program 0: r0 = syz_io_uring_setup(0x420c, &(0x7f0000000000), &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000000c0), &(0x7f0000000100)) mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0xff1f009e01000000, 0x12, r0, 0x10000000) 07:39:50 executing program 4 (fault-call:1 fault-nth:22): r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000080), 0x20000090) 07:39:50 executing program 3: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xfffffdef) r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000700), 0x40000, 0x0) r2 = clone3(&(0x7f00000002c0)={0x10002000, &(0x7f0000000040)=0xffffffffffffffff, &(0x7f0000000080)=0x0, &(0x7f00000000c0)=0x0, {0x1}, &(0x7f00000001c0)=""/229, 0xe5, &(0x7f0000000100)=""/40, &(0x7f0000000140)=[0x0], 0x1, {r1}}, 0x58) r6 = syz_genetlink_get_family_id$batadv(&(0x7f0000000800), r0) sendmsg$BATADV_CMD_SET_HARDIF(r0, &(0x7f0000000900)={&(0x7f00000007c0)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f00000008c0)={&(0x7f0000000840)={0x44, r6, 0x10, 0x70bd2c, 0x25dfdbfb, {}, [@BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5}, @BATADV_ATTR_FRAGMENTATION_ENABLED={0x5}, @BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5, 0x2e, 0x1}, @BATADV_ATTR_FRAGMENTATION_ENABLED={0x5}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5}, @BATADV_ATTR_AGGREGATED_OGMS_ENABLED={0x5}]}, 0x44}, 0x1, 0x0, 0x0, 0x4040014}, 0x8804) waitid$P_PIDFD(0x3, r3, &(0x7f0000000340), 0x4, &(0x7f00000003c0)) recvmsg$unix(r1, &(0x7f0000000b80)={&(0x7f0000000740), 0x6e, 0x0}, 0x0) clone3(&(0x7f0000000600)={0x0, &(0x7f0000000480), &(0x7f00000004c0), &(0x7f0000000500), {0x1e}, &(0x7f0000000540)=""/44, 0x2c, &(0x7f0000000580)=""/36, &(0x7f00000005c0)=[r2, r4, r5, r2, r4], 0x5, {r0}}, 0x58) [ 2899.215810][T23186] FAULT_INJECTION: forcing a failure. [ 2899.215810][T23186] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2899.219484][T23189] loop5: detected capacity change from 0 to 264192 [ 2899.229060][T23186] CPU: 1 PID: 23186 Comm: syz-executor.4 Not tainted 5.14.0-rc4-syzkaller #0 [ 2899.244490][T23186] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2899.254587][T23186] Call Trace: [ 2899.257863][T23186] dump_stack_lvl+0xb7/0x103 [ 2899.262443][T23186] dump_stack+0x11/0x1a [ 2899.266599][T23186] should_fail+0x23c/0x250 [ 2899.271020][T23186] should_fail_usercopy+0x16/0x20 [ 2899.276116][T23186] copy_page_from_iter_atomic+0x2c1/0xba0 [ 2899.281908][T23186] ? shmem_write_begin+0x7e/0x100 [ 2899.286924][T23186] generic_perform_write+0x1df/0x3c0 [ 2899.292208][T23186] ? shmem_write_begin+0x100/0x100 [ 2899.297311][T23186] __generic_file_write_iter+0x161/0x300 [ 2899.302936][T23186] ? generic_write_checks+0x242/0x290 [ 2899.308306][T23186] generic_file_write_iter+0x75/0x130 [ 2899.313704][T23186] vfs_write+0x69d/0x770 [ 2899.317944][T23186] ksys_write+0xce/0x180 [ 2899.322179][T23186] __x64_sys_write+0x3e/0x50 [ 2899.326763][T23186] do_syscall_64+0x3d/0x90 [ 2899.331221][T23186] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 2899.337121][T23186] RIP: 0033:0x4665e9 [ 2899.341024][T23186] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 07:39:50 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1400000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 2899.360654][T23186] RSP: 002b:00007fe6dc981188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2899.369059][T23186] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665e9 [ 2899.377026][T23186] RDX: 0000000020000090 RSI: 0000000020000080 RDI: 0000000000000003 [ 2899.385066][T23186] RBP: 00007fe6dc9811d0 R08: 0000000000000000 R09: 0000000000000000 [ 2899.393038][T23186] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2899.401054][T23186] R13: 00007ffe9e0603cf R14: 00007fe6dc981300 R15: 0000000000022000 07:39:50 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1401000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 07:39:50 executing program 0: r0 = syz_io_uring_setup(0x420c, &(0x7f0000000000), &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000000c0), &(0x7f0000000100)) mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x8000000) [ 2899.435778][T23189] loop5: detected capacity change from 0 to 264192 07:39:50 executing program 5: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x0, 0x2, &(0x7f0000000440)=[{0x0, 0x0, 0x100000000}, {&(0x7f0000000400)="b6e4ba5e97a999bfce4e9bf4475031d183cbe1", 0x13, 0x3}], 0x7400, &(0x7f0000000000)={[{@fat=@time_offset={'time_offset', 0x3d, 0xfffffffffffffc11}}]}) 07:39:50 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1402000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 07:39:50 executing program 0: r0 = syz_io_uring_setup(0x420c, &(0x7f0000000000), &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000000c0), &(0x7f0000000100)) mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x10000002) 07:39:50 executing program 2: getpgrp(0x0) r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) r1 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000040), 0x80, 0x0) write$nbd(r1, &(0x7f0000000000)=ANY=[@ANYRES64=r1], 0xfffffdef) pidfd_getfd(r0, r0, 0x0) [ 2899.565750][T23209] loop5: detected capacity change from 0 to 264192 07:39:50 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1403000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 07:39:50 executing program 2: exit_group(0x8000) r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f00000001c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x14, 0x0, 0x400, 0x70bd28, 0x25dfdbfd}, 0x14}, 0x1, 0x0, 0x0, 0x404c011}, 0x20004884) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xfffffdef) ioctl$PERF_EVENT_IOC_MODIFY_ATTRIBUTES(0xffffffffffffffff, 0x4008240b, &(0x7f0000000040)={0x1, 0x80, 0x90, 0x4, 0x3, 0x3, 0x0, 0x2, 0x14084, 0x4, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb, 0x3, @perf_config_ext={0x5, 0x1}, 0x2820, 0x8001, 0x3ff, 0x0, 0x1, 0x7fff, 0x924e, 0x0, 0xff, 0x0, 0x3}) r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000200), 0x40, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_CLIENT(r1, 0xc04c5349, &(0x7f0000000240)={0x80, 0x81, 0x2407}) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0)) [ 2899.662241][T23209] loop5: detected capacity change from 0 to 264192 07:39:50 executing program 0: r0 = syz_io_uring_setup(0x420c, &(0x7f0000000000), &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000000c0), &(0x7f0000000100)) mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x10000004) 07:39:50 executing program 4 (fault-call:1 fault-nth:23): r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000080), 0x20000090) 07:39:50 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1404000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 07:39:50 executing program 3: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xfffffdef) r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000700), 0x40000, 0x0) r2 = clone3(&(0x7f00000002c0)={0x10002000, &(0x7f0000000040)=0xffffffffffffffff, &(0x7f0000000080)=0x0, &(0x7f00000000c0)=0x0, {0x1}, &(0x7f00000001c0)=""/229, 0xe5, &(0x7f0000000100)=""/40, &(0x7f0000000140)=[0x0], 0x1, {r1}}, 0x58) r6 = syz_genetlink_get_family_id$batadv(&(0x7f0000000800), r0) sendmsg$BATADV_CMD_SET_HARDIF(r0, &(0x7f0000000900)={&(0x7f00000007c0)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f00000008c0)={&(0x7f0000000840)={0x44, r6, 0x10, 0x70bd2c, 0x25dfdbfb, {}, [@BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5}, @BATADV_ATTR_FRAGMENTATION_ENABLED={0x5}, @BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5, 0x2e, 0x1}, @BATADV_ATTR_FRAGMENTATION_ENABLED={0x5}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5}, @BATADV_ATTR_AGGREGATED_OGMS_ENABLED={0x5}]}, 0x44}, 0x1, 0x0, 0x0, 0x4040014}, 0x8804) waitid$P_PIDFD(0x3, r3, &(0x7f0000000340), 0x4, &(0x7f00000003c0)) recvmsg$unix(r1, &(0x7f0000000b80)={&(0x7f0000000740), 0x6e, 0x0}, 0x0) clone3(&(0x7f0000000600)={0x0, &(0x7f0000000480), &(0x7f00000004c0), &(0x7f0000000500), {0x1e}, &(0x7f0000000540)=""/44, 0x2c, &(0x7f0000000580)=""/36, &(0x7f00000005c0)=[r2, r4, r5, r2, r4], 0x5, {r0}}, 0x58) 07:39:50 executing program 5: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x0, 0x2, &(0x7f0000000440)=[{0x0, 0x0, 0x100000000}, {&(0x7f0000000400)="b6e4ba5e97a999bfce4e9bf4475031d183cbe1", 0x13, 0x3}], 0x7a00, &(0x7f0000000000)={[{@fat=@time_offset={'time_offset', 0x3d, 0xfffffffffffffc11}}]}) 07:39:50 executing program 2: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(r0, 0x80045301, &(0x7f0000000000)) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000040)) r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000700), 0x40000, 0x0) recvmsg$unix(r1, &(0x7f0000000b80)={&(0x7f0000000740), 0x6e, 0x0}, 0x0) r2 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000000c0), 0x1) ioctl$SNDRV_SEQ_IOCTL_SUBSCRIBE_PORT(r2, 0x40505330, &(0x7f0000000100)={{}, {0x7, 0x3}, 0x9, 0x6, 0x40}) write$nbd(r1, &(0x7f0000000080)=ANY=[@ANYRESOCT=r0], 0xfffffdef) 07:39:50 executing program 0: r0 = syz_io_uring_setup(0x420c, &(0x7f0000000000), &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000000c0), &(0x7f0000000100)) mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x10000008) 07:39:50 executing program 0: r0 = syz_io_uring_setup(0x420c, &(0x7f0000000000), &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000000c0), &(0x7f0000000100)) mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x1000000a) [ 2899.851138][T23246] loop5: detected capacity change from 0 to 264192 [ 2899.856543][T23247] FAULT_INJECTION: forcing a failure. [ 2899.856543][T23247] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 2899.870890][T23247] CPU: 1 PID: 23247 Comm: syz-executor.4 Not tainted 5.14.0-rc4-syzkaller #0 [ 2899.879650][T23247] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2899.889743][T23247] Call Trace: [ 2899.893010][T23247] dump_stack_lvl+0xb7/0x103 [ 2899.897595][T23247] dump_stack+0x11/0x1a [ 2899.901747][T23247] should_fail+0x23c/0x250 [ 2899.906261][T23247] __alloc_pages+0x102/0x320 [ 2899.910848][T23247] alloc_pages_vma+0x513/0x680 [ 2899.915613][T23247] shmem_getpage_gfp+0x954/0x13d0 [ 2899.920664][T23247] shmem_write_begin+0x7e/0x100 [ 2899.925516][T23247] generic_perform_write+0x196/0x3c0 [ 2899.930923][T23247] ? shmem_write_begin+0x100/0x100 [ 2899.936056][T23247] __generic_file_write_iter+0x161/0x300 [ 2899.941711][T23247] ? generic_write_checks+0x242/0x290 07:39:50 executing program 0: r0 = syz_io_uring_setup(0x420c, &(0x7f0000000000), &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000000c0), &(0x7f0000000100)) mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x10000010) [ 2899.947075][T23247] generic_file_write_iter+0x75/0x130 [ 2899.952500][T23247] vfs_write+0x69d/0x770 [ 2899.956739][T23247] ksys_write+0xce/0x180 [ 2899.961020][T23247] __x64_sys_write+0x3e/0x50 [ 2899.965666][T23247] do_syscall_64+0x3d/0x90 [ 2899.970110][T23247] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 2899.976026][T23247] RIP: 0033:0x4665e9 [ 2899.979909][T23247] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 07:39:50 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1405000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 2899.999513][T23247] RSP: 002b:00007fe6dc981188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2900.008044][T23247] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665e9 [ 2900.016016][T23247] RDX: 0000000020000090 RSI: 0000000020000080 RDI: 0000000000000003 [ 2900.024073][T23247] RBP: 00007fe6dc9811d0 R08: 0000000000000000 R09: 0000000000000000 [ 2900.032055][T23247] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2900.040024][T23247] R13: 00007ffe9e0603cf R14: 00007fe6dc981300 R15: 0000000000022000 07:39:50 executing program 2: pipe(&(0x7f0000000000)) r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xfffffdef) 07:39:51 executing program 0: r0 = syz_io_uring_setup(0x420c, &(0x7f0000000000), &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000000c0), &(0x7f0000000100)) mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x10000060) [ 2900.102165][T23246] loop5: detected capacity change from 0 to 264192 07:39:51 executing program 5: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x0, 0x2, &(0x7f0000000440)=[{0x0, 0x0, 0x100000000}, {&(0x7f0000000400)="b6e4ba5e97a999bfce4e9bf4475031d183cbe1", 0x13, 0x3}], 0x8403, &(0x7f0000000000)={[{@fat=@time_offset={'time_offset', 0x3d, 0xfffffffffffffc11}}]}) 07:39:51 executing program 4 (fault-call:1 fault-nth:24): r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000080), 0x20000090) 07:39:51 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1500000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 07:39:51 executing program 0: r0 = syz_io_uring_setup(0x420c, &(0x7f0000000000), &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000000c0), &(0x7f0000000100)) mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x10000a00) 07:39:51 executing program 3: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xfffffdef) r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000700), 0x40000, 0x0) clone3(&(0x7f00000002c0)={0x10002000, &(0x7f0000000040)=0xffffffffffffffff, &(0x7f0000000080), &(0x7f00000000c0), {0x1}, &(0x7f00000001c0)=""/229, 0xe5, &(0x7f0000000100)=""/40, &(0x7f0000000140)=[0x0], 0x1, {r1}}, 0x58) r3 = syz_genetlink_get_family_id$batadv(&(0x7f0000000800), r0) sendmsg$BATADV_CMD_SET_HARDIF(r0, &(0x7f0000000900)={&(0x7f00000007c0)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f00000008c0)={&(0x7f0000000840)={0x44, r3, 0x10, 0x70bd2c, 0x25dfdbfb, {}, [@BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5}, @BATADV_ATTR_FRAGMENTATION_ENABLED={0x5}, @BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5, 0x2e, 0x1}, @BATADV_ATTR_FRAGMENTATION_ENABLED={0x5}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5}, @BATADV_ATTR_AGGREGATED_OGMS_ENABLED={0x5}]}, 0x44}, 0x1, 0x0, 0x0, 0x4040014}, 0x8804) waitid$P_PIDFD(0x3, r2, &(0x7f0000000340), 0x4, &(0x7f00000003c0)) recvmsg$unix(r1, &(0x7f0000000b80)={&(0x7f0000000740), 0x6e, 0x0}, 0x0) [ 2900.220335][T23275] loop5: detected capacity change from 0 to 264192 [ 2900.280472][T23275] loop5: detected capacity change from 0 to 264192 [ 2900.280472][T23285] FAULT_INJECTION: forcing a failure. [ 2900.280472][T23285] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2900.280492][T23285] CPU: 0 PID: 23285 Comm: syz-executor.4 Not tainted 5.14.0-rc4-syzkaller #0 [ 2900.280566][T23285] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2900.318835][T23285] Call Trace: [ 2900.322209][T23285] dump_stack_lvl+0xb7/0x103 [ 2900.326795][T23285] dump_stack+0x11/0x1a [ 2900.331020][T23285] should_fail+0x23c/0x250 [ 2900.335491][T23285] should_fail_usercopy+0x16/0x20 [ 2900.340516][T23285] copy_page_from_iter_atomic+0x2c1/0xba0 [ 2900.346237][T23285] ? shmem_write_begin+0x7e/0x100 [ 2900.351348][T23285] generic_perform_write+0x1df/0x3c0 [ 2900.356630][T23285] ? shmem_write_begin+0x100/0x100 [ 2900.361738][T23285] __generic_file_write_iter+0x161/0x300 [ 2900.367368][T23285] ? generic_write_checks+0x242/0x290 [ 2900.372797][T23285] generic_file_write_iter+0x75/0x130 [ 2900.378217][T23285] vfs_write+0x69d/0x770 [ 2900.382490][T23285] ksys_write+0xce/0x180 [ 2900.386727][T23285] __x64_sys_write+0x3e/0x50 [ 2900.391403][T23285] do_syscall_64+0x3d/0x90 [ 2900.395815][T23285] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 2900.401709][T23285] RIP: 0033:0x4665e9 [ 2900.405593][T23285] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 07:39:51 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1501000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 07:39:51 executing program 0: r0 = syz_io_uring_setup(0x420c, &(0x7f0000000000), &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000000c0), &(0x7f0000000100)) mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x10006000) 07:39:51 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1502000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 2900.425186][T23285] RSP: 002b:00007fe6dc981188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2900.433591][T23285] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665e9 [ 2900.441562][T23285] RDX: 0000000020000090 RSI: 0000000020000080 RDI: 0000000000000003 [ 2900.449570][T23285] RBP: 00007fe6dc9811d0 R08: 0000000000000000 R09: 0000000000000000 [ 2900.457534][T23285] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2900.465502][T23285] R13: 00007ffe9e0603cf R14: 00007fe6dc981300 R15: 0000000000022000 07:39:51 executing program 5: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x0, 0x2, &(0x7f0000000440)=[{0x0, 0x0, 0x100000000}, {&(0x7f0000000400)="b6e4ba5e97a999bfce4e9bf4475031d183cbe1", 0x13, 0x3}], 0xb427, &(0x7f0000000000)={[{@fat=@time_offset={'time_offset', 0x3d, 0xfffffffffffffc11}}]}) 07:39:51 executing program 3: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xfffffdef) r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000700), 0x40000, 0x0) clone3(&(0x7f00000002c0)={0x10002000, &(0x7f0000000040)=0xffffffffffffffff, &(0x7f0000000080), &(0x7f00000000c0), {0x1}, &(0x7f00000001c0)=""/229, 0xe5, &(0x7f0000000100)=""/40, &(0x7f0000000140)=[0x0], 0x1, {r1}}, 0x58) r3 = syz_genetlink_get_family_id$batadv(&(0x7f0000000800), r0) sendmsg$BATADV_CMD_SET_HARDIF(r0, &(0x7f0000000900)={&(0x7f00000007c0)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f00000008c0)={&(0x7f0000000840)={0x44, r3, 0x10, 0x70bd2c, 0x25dfdbfb, {}, [@BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5}, @BATADV_ATTR_FRAGMENTATION_ENABLED={0x5}, @BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5, 0x2e, 0x1}, @BATADV_ATTR_FRAGMENTATION_ENABLED={0x5}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5}, @BATADV_ATTR_AGGREGATED_OGMS_ENABLED={0x5}]}, 0x44}, 0x1, 0x0, 0x0, 0x4040014}, 0x8804) waitid$P_PIDFD(0x3, r2, &(0x7f0000000340), 0x4, &(0x7f00000003c0)) recvmsg$unix(r1, &(0x7f0000000b80)={&(0x7f0000000740), 0x6e, 0x0}, 0x0) [ 2900.610101][T23302] loop5: detected capacity change from 0 to 264192 07:39:51 executing program 2: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x6f2500, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xfffffdef) 07:39:51 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1503000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 07:39:51 executing program 0: r0 = syz_io_uring_setup(0x420c, &(0x7f0000000000), &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000000c0), &(0x7f0000000100)) r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000700), 0x40000, 0x0) recvmsg$unix(r1, &(0x7f0000000b80)={&(0x7f0000000740), 0x6e, 0x0}, 0x0) syz_io_uring_setup(0x2872, &(0x7f0000000140)={0x0, 0xca12, 0x10, 0x0, 0x1e, 0x0, r1}, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000ff9000/0x3000)=nil, &(0x7f00000001c0), &(0x7f0000000200)) mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x10000000) r2 = pidfd_getfd(0xffffffffffffffff, r0, 0x0) io_uring_register$IORING_REGISTER_EVENTFD_ASYNC(r0, 0x7, &(0x7f0000000080)=r2, 0x1) 07:39:51 executing program 4 (fault-call:1 fault-nth:25): r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000080), 0x20000090) 07:39:51 executing program 5: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x0, 0x2, &(0x7f0000000440)=[{0x0, 0x0, 0x100000000}, {&(0x7f0000000400)="b6e4ba5e97a999bfce4e9bf4475031d183cbe1", 0x13, 0x3}], 0xba01, &(0x7f0000000000)={[{@fat=@time_offset={'time_offset', 0x3d, 0xfffffffffffffc11}}]}) 07:39:51 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1504000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 07:39:51 executing program 2: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) r1 = syz_open_dev$ttys(0xc, 0x2, 0x1) ioctl$KDSETLED(r1, 0x4b32, 0x83a) openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x111200, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xfffffdef) [ 2900.799119][T23323] loop5: detected capacity change from 0 to 264192 [ 2900.821117][T23328] FAULT_INJECTION: forcing a failure. [ 2900.821117][T23328] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 2900.834360][T23328] CPU: 0 PID: 23328 Comm: syz-executor.4 Not tainted 5.14.0-rc4-syzkaller #0 [ 2900.843117][T23328] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2900.853168][T23328] Call Trace: [ 2900.856435][T23328] dump_stack_lvl+0xb7/0x103 [ 2900.861025][T23328] dump_stack+0x11/0x1a [ 2900.865175][T23328] should_fail+0x23c/0x250 [ 2900.869595][T23328] __alloc_pages+0x102/0x320 [ 2900.874179][T23328] alloc_pages_vma+0x513/0x680 [ 2900.878956][T23328] shmem_getpage_gfp+0x954/0x13d0 [ 2900.884060][T23328] shmem_write_begin+0x7e/0x100 [ 2900.888926][T23328] generic_perform_write+0x196/0x3c0 [ 2900.894234][T23328] ? shmem_write_begin+0x100/0x100 [ 2900.899342][T23328] __generic_file_write_iter+0x161/0x300 [ 2900.904977][T23328] ? generic_write_checks+0x242/0x290 [ 2900.910340][T23328] generic_file_write_iter+0x75/0x130 [ 2900.915716][T23328] vfs_write+0x69d/0x770 [ 2900.920045][T23328] ksys_write+0xce/0x180 [ 2900.924289][T23328] __x64_sys_write+0x3e/0x50 [ 2900.928877][T23328] do_syscall_64+0x3d/0x90 [ 2900.933295][T23328] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 2900.939183][T23328] RIP: 0033:0x4665e9 [ 2900.943067][T23328] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2900.962666][T23328] RSP: 002b:00007fe6dc981188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2900.971112][T23328] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665e9 [ 2900.979191][T23328] RDX: 0000000020000090 RSI: 0000000020000080 RDI: 0000000000000003 [ 2900.987156][T23328] RBP: 00007fe6dc9811d0 R08: 0000000000000000 R09: 0000000000000000 07:39:51 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1505000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 2900.995120][T23328] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2901.003103][T23328] R13: 00007ffe9e0603cf R14: 00007fe6dc981300 R15: 0000000000022000 07:39:51 executing program 4 (fault-call:1 fault-nth:26): r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000080), 0x20000090) 07:39:51 executing program 0: r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x18000) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f0000000180)={0x748, 0x922, 0x1, 'queue0\x00', 0x400}) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TIMER(r0, 0xc0605345, &(0x7f0000000240)={0x6, 0x2, {0x3, 0x0, 0x5, 0x2, 0x5}, 0x3}) ioctl$SNDRV_SEQ_IOCTL_RUNNING_MODE(r0, 0xc0105303, &(0x7f0000000140)={0x0, 0x5, 0x1}) r1 = syz_io_uring_setup(0x420c, &(0x7f0000000000), &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000000c0), &(0x7f0000000100)) mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x12, r1, 0x10000000) 07:39:52 executing program 3: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xfffffdef) r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000700), 0x40000, 0x0) clone3(&(0x7f00000002c0)={0x10002000, &(0x7f0000000040)=0xffffffffffffffff, &(0x7f0000000080), &(0x7f00000000c0), {0x1}, &(0x7f00000001c0)=""/229, 0xe5, &(0x7f0000000100)=""/40, &(0x7f0000000140)=[0x0], 0x1, {r1}}, 0x58) r3 = syz_genetlink_get_family_id$batadv(&(0x7f0000000800), r0) sendmsg$BATADV_CMD_SET_HARDIF(r0, &(0x7f0000000900)={&(0x7f00000007c0)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f00000008c0)={&(0x7f0000000840)={0x44, r3, 0x10, 0x70bd2c, 0x25dfdbfb, {}, [@BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5}, @BATADV_ATTR_FRAGMENTATION_ENABLED={0x5}, @BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5, 0x2e, 0x1}, @BATADV_ATTR_FRAGMENTATION_ENABLED={0x5}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5}, @BATADV_ATTR_AGGREGATED_OGMS_ENABLED={0x5}]}, 0x44}, 0x1, 0x0, 0x0, 0x4040014}, 0x8804) waitid$P_PIDFD(0x3, r2, &(0x7f0000000340), 0x4, &(0x7f00000003c0)) recvmsg$unix(r1, &(0x7f0000000b80)={&(0x7f0000000740), 0x6e, 0x0}, 0x0) [ 2901.064620][T23323] loop5: detected capacity change from 0 to 264192 07:39:52 executing program 5: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x0, 0x2, &(0x7f0000000440)=[{0x0, 0x0, 0x100000000}, {&(0x7f0000000400)="b6e4ba5e97a999bfce4e9bf4475031d183cbe1", 0x13, 0x3}], 0xbb01, &(0x7f0000000000)={[{@fat=@time_offset={'time_offset', 0x3d, 0xfffffffffffffc11}}]}) [ 2901.125554][T23345] FAULT_INJECTION: forcing a failure. [ 2901.125554][T23345] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2901.138765][T23345] CPU: 0 PID: 23345 Comm: syz-executor.4 Not tainted 5.14.0-rc4-syzkaller #0 [ 2901.147615][T23345] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2901.157667][T23345] Call Trace: [ 2901.160944][T23345] dump_stack_lvl+0xb7/0x103 [ 2901.165547][T23345] dump_stack+0x11/0x1a [ 2901.169697][T23345] should_fail+0x23c/0x250 [ 2901.174213][T23345] should_fail_usercopy+0x16/0x20 [ 2901.179261][T23345] copy_page_from_iter_atomic+0x2c1/0xba0 [ 2901.185001][T23345] ? shmem_write_begin+0x7e/0x100 [ 2901.190019][T23345] generic_perform_write+0x1df/0x3c0 [ 2901.195307][T23345] ? shmem_write_begin+0x100/0x100 [ 2901.200491][T23345] __generic_file_write_iter+0x161/0x300 [ 2901.206162][T23345] ? generic_write_checks+0x242/0x290 [ 2901.211655][T23345] generic_file_write_iter+0x75/0x130 [ 2901.217029][T23345] vfs_write+0x69d/0x770 [ 2901.221294][T23345] ksys_write+0xce/0x180 [ 2901.225611][T23345] __x64_sys_write+0x3e/0x50 [ 2901.230225][T23345] do_syscall_64+0x3d/0x90 [ 2901.234641][T23345] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 2901.240676][T23345] RIP: 0033:0x4665e9 [ 2901.244561][T23345] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2901.264194][T23345] RSP: 002b:00007fe6dc981188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 07:39:52 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1600000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 2901.272605][T23345] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665e9 [ 2901.280571][T23345] RDX: 0000000020000090 RSI: 0000000020000080 RDI: 0000000000000003 [ 2901.288535][T23345] RBP: 00007fe6dc9811d0 R08: 0000000000000000 R09: 0000000000000000 [ 2901.296563][T23345] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2901.304535][T23345] R13: 00007ffe9e0603cf R14: 00007fe6dc981300 R15: 0000000000022000 07:39:52 executing program 0: r0 = syz_io_uring_setup(0x5788, &(0x7f0000000000)={0x0, 0x0, 0x1, 0x0, 0x10}, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000000c0), &(0x7f0000000100)) mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x10000000) io_uring_setup(0x29d, &(0x7f0000000140)={0x0, 0x9560, 0x0, 0x3, 0x169}) 07:39:52 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1601000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 2901.342645][T23354] loop5: detected capacity change from 0 to 264192 07:39:52 executing program 2: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) sendmsg$BATADV_CMD_GET_TRANSTABLE_GLOBAL(r0, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000040)={0x44, 0x0, 0x200, 0x70bd28, 0x25dfdbff, {}, [@BATADV_ATTR_HOP_PENALTY={0x5}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5}, @BATADV_ATTR_GW_SEL_CLASS={0x8, 0x34, 0x53f}, @BATADV_ATTR_ISOLATION_MASK={0x8, 0x2c, 0x8}, @BATADV_ATTR_ELP_INTERVAL={0x8, 0x3a, 0x6}, @BATADV_ATTR_GW_SEL_CLASS={0x8, 0x34, 0x4}]}, 0x44}, 0x1, 0x0, 0x0, 0x20004080}, 0xc4000) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TEAM_CMD_NOOP(r1, &(0x7f00000031c0)={&(0x7f0000002c40)={0x10, 0x0, 0x0, 0x8800200}, 0xc, &(0x7f0000003180)={&(0x7f0000002e80)={0x14}, 0x14}}, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f00000001c0)={'batadv_slave_0\x00', 0x0}) sendmsg$BATADV_CMD_SET_VLAN(r1, &(0x7f00000002c0)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000280)={&(0x7f0000000200)={0x5c, 0x0, 0x801, 0x70bd28, 0x25dfdbfe, {}, [@BATADV_ATTR_FRAGMENTATION_ENABLED={0x5}, @BATADV_ATTR_ORIG_ADDRESS={0xa, 0x9, @remote}, @BATADV_ATTR_HARD_IFINDEX={0x8, 0x6, r2}, @BATADV_ATTR_FRAGMENTATION_ENABLED={0x5, 0x30, 0x1}, @BATADV_ATTR_GW_BANDWIDTH_DOWN={0x8, 0x31, 0x1}, @BATADV_ATTR_NETWORK_CODING_ENABLED={0x5}, @BATADV_ATTR_ORIG_ADDRESS={0xa, 0x9, @random="97033d06a714"}, @BATADV_ATTR_ISOLATION_MARK={0x8, 0x2b, 0x8901}]}, 0x5c}}, 0x4000) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xfffffdef) 07:39:52 executing program 5: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x0, 0x2, &(0x7f0000000440)=[{0x0, 0x0, 0x100000000}, {&(0x7f0000000400)="b6e4ba5e97a999bfce4e9bf4475031d183cbe1", 0x13, 0x3}], 0xbc01, &(0x7f0000000000)={[{@fat=@time_offset={'time_offset', 0x3d, 0xfffffffffffffc11}}]}) [ 2901.389500][T23354] loop5: detected capacity change from 0 to 264192 07:39:52 executing program 0: r0 = syz_io_uring_setup(0x420c, &(0x7f0000000000), &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000000c0), &(0x7f0000000100)) mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x10000000) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000080)) 07:39:52 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1602000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 07:39:52 executing program 3: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xfffffdef) r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000700), 0x40000, 0x0) r2 = clone3(&(0x7f00000002c0)={0x10002000, &(0x7f0000000040)=0xffffffffffffffff, &(0x7f0000000080)=0x0, &(0x7f00000000c0)=0x0, {0x1}, &(0x7f00000001c0)=""/229, 0xe5, &(0x7f0000000100)=""/40, &(0x7f0000000140)=[0x0], 0x1, {r1}}, 0x58) r6 = syz_genetlink_get_family_id$batadv(&(0x7f0000000800), r0) sendmsg$BATADV_CMD_SET_HARDIF(r0, &(0x7f0000000900)={&(0x7f00000007c0)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f00000008c0)={&(0x7f0000000840)={0x44, r6, 0x10, 0x70bd2c, 0x25dfdbfb, {}, [@BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5}, @BATADV_ATTR_FRAGMENTATION_ENABLED={0x5}, @BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5, 0x2e, 0x1}, @BATADV_ATTR_FRAGMENTATION_ENABLED={0x5}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5}, @BATADV_ATTR_AGGREGATED_OGMS_ENABLED={0x5}]}, 0x44}, 0x1, 0x0, 0x0, 0x4040014}, 0x8804) waitid$P_PIDFD(0x3, r3, &(0x7f0000000340), 0x4, &(0x7f00000003c0)) clone3(&(0x7f0000000600)={0x0, &(0x7f0000000480), &(0x7f00000004c0), &(0x7f0000000500), {0x1e}, &(0x7f0000000540)=""/44, 0x2c, &(0x7f0000000580)=""/36, &(0x7f00000005c0)=[r2, r4, r5, r2, r4], 0x5, {r0}}, 0x58) [ 2901.497939][T23374] loop5: detected capacity change from 0 to 264192 [ 2901.581158][T23374] loop5: detected capacity change from 0 to 264192 07:39:52 executing program 4 (fault-call:1 fault-nth:27): r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000080), 0x20000090) 07:39:52 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1603000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 07:39:52 executing program 0: r0 = syz_io_uring_setup(0x420c, &(0x7f0000000000), &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000000c0), &(0x7f0000000100)) mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x10000000) setsockopt$netlink_NETLINK_RX_RING(0xffffffffffffffff, 0x10e, 0x6, &(0x7f0000000080)={0x80000000, 0x5, 0x6065, 0x8}, 0x10) 07:39:52 executing program 5: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x0, 0x2, &(0x7f0000000440)=[{0x0, 0x0, 0x100000000}, {&(0x7f0000000400)="b6e4ba5e97a999bfce4e9bf4475031d183cbe1", 0x13, 0x3}], 0xd226, &(0x7f0000000000)={[{@fat=@time_offset={'time_offset', 0x3d, 0xfffffffffffffc11}}]}) [ 2901.727814][T23398] loop5: detected capacity change from 0 to 264192 [ 2901.739558][T23401] FAULT_INJECTION: forcing a failure. [ 2901.739558][T23401] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 2901.752963][T23401] CPU: 0 PID: 23401 Comm: syz-executor.4 Not tainted 5.14.0-rc4-syzkaller #0 [ 2901.761783][T23401] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2901.771922][T23401] Call Trace: [ 2901.775189][T23401] dump_stack_lvl+0xb7/0x103 [ 2901.779779][T23401] dump_stack+0x11/0x1a [ 2901.784010][T23401] should_fail+0x23c/0x250 [ 2901.788421][T23401] __alloc_pages+0x102/0x320 [ 2901.793052][T23401] alloc_pages_vma+0x513/0x680 [ 2901.797817][T23401] shmem_getpage_gfp+0x954/0x13d0 [ 2901.802853][T23401] shmem_write_begin+0x7e/0x100 [ 2901.807695][T23401] generic_perform_write+0x196/0x3c0 [ 2901.813039][T23401] ? shmem_write_begin+0x100/0x100 [ 2901.818145][T23401] __generic_file_write_iter+0x161/0x300 [ 2901.823775][T23401] ? generic_write_checks+0x242/0x290 [ 2901.829134][T23401] generic_file_write_iter+0x75/0x130 [ 2901.834503][T23401] vfs_write+0x69d/0x770 [ 2901.839086][T23401] ksys_write+0xce/0x180 [ 2901.843329][T23401] __x64_sys_write+0x3e/0x50 [ 2901.847910][T23401] do_syscall_64+0x3d/0x90 [ 2901.852327][T23401] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 2901.858263][T23401] RIP: 0033:0x4665e9 07:39:52 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1604000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 07:39:52 executing program 0: r0 = syz_io_uring_setup(0x85063, &(0x7f0000000000)={0x0, 0x2626, 0x20, 0x3, 0x315}, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000000c0), &(0x7f0000000080)) prctl$PR_GET_TIMERSLACK(0x1e) mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x10000000) 07:39:52 executing program 2: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) ioctl$GIO_UNISCRNMAP(0xffffffffffffffff, 0x4b69, &(0x7f00000001c0)=""/130) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xfffffdef) ioctl$PERF_EVENT_IOC_MODIFY_ATTRIBUTES(r0, 0x4008240b, &(0x7f0000000040)={0x3, 0x80, 0x2, 0x3, 0x7, 0x3, 0x0, 0x7, 0x21410, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x9, 0x1, @perf_bp={&(0x7f0000000000), 0x2}, 0x8500, 0x201, 0x101, 0x3, 0x3, 0x4, 0xbcc0, 0x0, 0x20000e78, 0x0, 0x5}) [ 2901.862149][T23401] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2901.882119][T23401] RSP: 002b:00007fe6dc981188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2901.890534][T23401] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665e9 [ 2901.898603][T23401] RDX: 0000000020000090 RSI: 0000000020000080 RDI: 0000000000000003 [ 2901.906573][T23401] RBP: 00007fe6dc9811d0 R08: 0000000000000000 R09: 0000000000000000 [ 2901.916627][T23401] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2901.924592][T23401] R13: 00007ffe9e0603cf R14: 00007fe6dc981300 R15: 0000000000022000 07:39:52 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1605000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 2901.972541][T23398] loop5: detected capacity change from 0 to 264192 07:39:52 executing program 5: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x0, 0x2, &(0x7f0000000440)=[{0x0, 0x0, 0x100000000}, {&(0x7f0000000400)="b6e4ba5e97a999bfce4e9bf4475031d183cbe1", 0x13, 0x3}], 0xedc0, &(0x7f0000000000)={[{@fat=@time_offset={'time_offset', 0x3d, 0xfffffffffffffc11}}]}) 07:39:52 executing program 4 (fault-call:1 fault-nth:28): r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000080), 0x20000090) 07:39:52 executing program 3: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xfffffdef) r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000700), 0x40000, 0x0) r2 = clone3(&(0x7f00000002c0)={0x10002000, &(0x7f0000000040), &(0x7f0000000080)=0x0, &(0x7f00000000c0)=0x0, {0x1}, &(0x7f00000001c0)=""/229, 0xe5, &(0x7f0000000100)=""/40, &(0x7f0000000140)=[0x0], 0x1, {r1}}, 0x58) r5 = syz_genetlink_get_family_id$batadv(&(0x7f0000000800), r0) sendmsg$BATADV_CMD_SET_HARDIF(r0, &(0x7f0000000900)={&(0x7f00000007c0)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f00000008c0)={&(0x7f0000000840)={0x44, r5, 0x10, 0x70bd2c, 0x25dfdbfb, {}, [@BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5}, @BATADV_ATTR_FRAGMENTATION_ENABLED={0x5}, @BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5, 0x2e, 0x1}, @BATADV_ATTR_FRAGMENTATION_ENABLED={0x5}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5}, @BATADV_ATTR_AGGREGATED_OGMS_ENABLED={0x5}]}, 0x44}, 0x1, 0x0, 0x0, 0x4040014}, 0x8804) clone3(&(0x7f0000000600)={0x0, &(0x7f0000000480), &(0x7f00000004c0), &(0x7f0000000500), {0x1e}, &(0x7f0000000540)=""/44, 0x2c, &(0x7f0000000580)=""/36, &(0x7f00000005c0)=[r2, r3, r4, r2, r3], 0x5, {r0}}, 0x58) 07:39:53 executing program 0: r0 = syz_io_uring_setup(0x420c, &(0x7f0000000000), &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000000c0), &(0x7f0000000100)) mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x10000000) sendmsg$NLBL_MGMT_C_PROTOCOLS(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x54, 0x0, 0x200, 0x70bd2a, 0x25dfdbfd, {}, [@NLBL_MGMT_A_PROTOCOL={0x8, 0x2, 0x5}, @NLBL_MGMT_A_CV4DOI={0x8, 0x4, 0x1}, @NLBL_MGMT_A_IPV6ADDR={0x14, 0x5, @ipv4={'\x00', '\xff\xff', @local}}, @NLBL_MGMT_A_CV4DOI={0x8, 0x4, 0x3}, @NLBL_MGMT_A_IPV6ADDR={0x14, 0x5, @dev={0xfe, 0x80, '\x00', 0x39}}]}, 0x54}, 0x1, 0x0, 0x0, 0x11}, 0x44010) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$team(&(0x7f0000000380), r0) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f00000003c0)={'team0\x00', 0x0}) ioctl$sock_ipv6_tunnel_SIOCCHGPRL(0xffffffffffffffff, 0x89f7, &(0x7f0000000480)={'sit0\x00', &(0x7f0000000400)={'ip6tnl0\x00', 0x0, 0x4, 0x5, 0x9, 0x7f, 0x0, @private0={0xfc, 0x0, '\x00', 0x1}, @mcast2, 0x8000, 0x8, 0x1, 0x5}}) ioctl$sock_ipv6_tunnel_SIOCDELPRL(0xffffffffffffffff, 0x89f6, &(0x7f0000000540)={'ip6tnl0\x00', &(0x7f00000004c0)={'ip6_vti0\x00', 0x0, 0x29, 0xff, 0x3, 0xffff8001, 0x0, @ipv4={'\x00', '\xff\xff', @empty}, @remote, 0x10, 0x20, 0x6, 0x7c1}}) ioctl$sock_ipv6_tunnel_SIOCDELPRL(0xffffffffffffffff, 0x89f6, &(0x7f0000000600)={'syztnl2\x00', &(0x7f0000000580)={'syztnl0\x00', 0x0, 0x4, 0x40, 0x7, 0x80000001, 0x2, @mcast2, @private1={0xfc, 0x1, '\x00', 0x1}, 0x8, 0x8000, 0x7, 0x77}}) ioctl$sock_ipv6_tunnel_SIOCGET6RD(0xffffffffffffffff, 0x89f8, &(0x7f00000006c0)={'syztnl1\x00', &(0x7f0000000640)={'sit0\x00', 0x0, 0x29, 0x2, 0x5, 0x10001, 0x38, @mcast2, @private1={0xfc, 0x1, '\x00', 0x1}, 0x7800, 0x80, 0x7, 0xbc01}}) getsockname$packet(0xffffffffffffffff, &(0x7f0000000700)={0x11, 0x0, 0x0}, &(0x7f0000000740)=0x14) ioctl$sock_ipv6_tunnel_SIOCGET6RD(0xffffffffffffffff, 0x89f8, &(0x7f0000000800)={'syztnl2\x00', &(0x7f0000000780)={'syztnl0\x00', 0x0, 0x29, 0x1f, 0x20, 0x7f, 0x20, @loopback, @dev={0xfe, 0x80, '\x00', 0x33}, 0x700, 0x746, 0x4, 0x7fffffff}}) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TEAM_CMD_OPTIONS_GET(0xffffffffffffffff, &(0x7f0000000ec0)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x81000}, 0xc, &(0x7f0000000e80)={&(0x7f0000000840)={0x608, r2, 0x4, 0x70bd25, 0x25dfdbfc, {}, [{{0x8}, {0x1b4, 0x2, 0x0, 0x1, [{0x40, 0x1, @priority={{{0x24}, {0x5}, {0x8, 0x4, 0x6}}, {0x8}}}, {0x40, 0x1, @priority={{{0x24}, {0x5}, {0x8}}, {0x8}}}, {0x3c, 0x1, @user_linkup_enabled={{{0x24}, {0x5}, {0x4}}, {0x8}}}, {0x3c, 0x1, @user_linkup_enabled={{{0x24}, {0x5}, {0x4}}, {0x8}}}, {0x40, 0x1, @lb_port_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x4}}, {0x8}}}, {0x38, 0x1, @notify_peers_count={{0x24}, {0x5}, {0x8}}}, {0x40, 0x1, @lb_hash_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x2}}, {0x8}}}]}}, {{0x8, 0x1, r3}, {0x13c, 0x2, 0x0, 0x1, [{0x3c, 0x1, @lb_tx_method={{0x24}, {0x5}, {0x9, 0x4, 'hash\x00'}}}, {0x40, 0x1, @lb_port_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x3f}}, {0x8, 0x6, r4}}}, {0x40, 0x1, @name={{0x24}, {0x5}, {0xe, 0x4, 'broadcast\x00'}}}, {0x3c, 0x1, @user_linkup={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r5}}}, {0x40, 0x1, @name={{0x24}, {0x5}, {0x10, 0x4, 'loadbalance\x00'}}}]}}, {{0x8, 0x1, r6}, {0x1e8, 0x2, 0x0, 0x1, [{0x3c, 0x1, @enabled={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r7}}}, {0x44, 0x1, @name={{0x24}, {0x5}, {0x11, 0x4, 'activebackup\x00'}}}, {0x38, 0x1, @notify_peers_count={{0x24}, {0x5}, {0x8, 0x4, 0xae}}}, {0x3c, 0x1, @lb_tx_method={{0x24}, {0x5}, {0x9, 0x4, 'hash\x00'}}}, {0x3c, 0x1, @enabled={{{0x24}, {0x5}, {0x4}}, {0x8}}}, {0x3c, 0x1, @user_linkup={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r8}}}, {0x38, 0x1, @mcast_rejoin_count={{0x24}, {0x5}, {0x8, 0x4, 0x7ff}}}, {0x40, 0x1, @lb_port_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x38}}, {0x8}}}]}}, {{0x8, 0x1, r9}, {0xfc, 0x2, 0x0, 0x1, [{0x3c, 0x1, @enabled={{{0x24}, {0x5}, {0x4}}, {0x8}}}, {0x40, 0x1, @queue_id={{{0x24}, {0x5}, {0x8, 0x4, 0x6}}, {0x8}}}, {0x40, 0x1, @lb_port_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x7fff}}, {0x8}}}, {0x3c, 0x1, @name={{0x24}, {0x5}, {0xb, 0x4, 'random\x00'}}}]}}]}, 0x608}, 0x1, 0x0, 0x0, 0x804}, 0x0) sendmsg$NLBL_MGMT_C_PROTOCOLS(r1, &(0x7f0000000300)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000280)={0x30, 0x0, 0x8, 0x70bd28, 0x25dfdbff, {}, [@NLBL_MGMT_A_CV4DOI={0x8, 0x4, 0x1}, @NLBL_MGMT_A_IPV6MASK={0x14, 0x6, @mcast1}]}, 0x30}}, 0x39e4186f30e2592a) [ 2902.098039][T23427] loop5: detected capacity change from 0 to 264192 [ 2902.109664][T23429] FAULT_INJECTION: forcing a failure. [ 2902.109664][T23429] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2902.122765][T23429] CPU: 0 PID: 23429 Comm: syz-executor.4 Not tainted 5.14.0-rc4-syzkaller #0 [ 2902.131554][T23429] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2902.141665][T23429] Call Trace: [ 2902.144939][T23429] dump_stack_lvl+0xb7/0x103 [ 2902.149600][T23429] dump_stack+0x11/0x1a [ 2902.153747][T23429] should_fail+0x23c/0x250 [ 2902.158238][T23429] should_fail_usercopy+0x16/0x20 [ 2902.163276][T23429] copy_page_from_iter_atomic+0x2c1/0xba0 [ 2902.169044][T23429] ? shmem_write_begin+0x7e/0x100 [ 2902.174059][T23429] generic_perform_write+0x1df/0x3c0 [ 2902.179371][T23429] ? shmem_write_begin+0x100/0x100 [ 2902.184472][T23429] __generic_file_write_iter+0x161/0x300 [ 2902.190106][T23429] ? generic_write_checks+0x242/0x290 07:39:53 executing program 0: r0 = syz_io_uring_setup(0x420c, &(0x7f0000000000), &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000000c0), &(0x7f0000000100)) mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x10000000) r1 = openat$vcsa(0xffffffffffffff9c, &(0x7f0000000080), 0x10080, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) io_uring_register$IORING_REGISTER_EVENTFD_ASYNC(r1, 0x7, &(0x7f0000000180)=r2, 0x1) [ 2902.195472][T23429] generic_file_write_iter+0x75/0x130 [ 2902.200843][T23429] vfs_write+0x69d/0x770 [ 2902.205111][T23429] ksys_write+0xce/0x180 [ 2902.209419][T23429] __x64_sys_write+0x3e/0x50 [ 2902.214016][T23429] do_syscall_64+0x3d/0x90 [ 2902.218425][T23429] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 2902.224318][T23429] RIP: 0033:0x4665e9 [ 2902.228201][T23429] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 07:39:53 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1700000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 2902.247885][T23429] RSP: 002b:00007fe6dc981188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2902.256291][T23429] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665e9 [ 2902.264291][T23429] RDX: 0000000020000090 RSI: 0000000020000080 RDI: 0000000000000003 [ 2902.272274][T23429] RBP: 00007fe6dc9811d0 R08: 0000000000000000 R09: 0000000000000000 [ 2902.280235][T23429] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2902.288197][T23429] R13: 00007ffe9e0603cf R14: 00007fe6dc981300 R15: 0000000000022000 07:39:53 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1701000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 07:39:53 executing program 0: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000080), 0x80, 0x0) sendmsg$BATADV_CMD_GET_NEIGHBORS(r0, &(0x7f0000000240)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000200)={&(0x7f0000000180)={0x4c, 0x0, 0x4, 0x70bd2b, 0x25dfdbfc, {}, [@BATADV_ATTR_THROUGHPUT_OVERRIDE={0x8, 0x3b, 0x7}, @BATADV_ATTR_BONDING_ENABLED={0x5}, @BATADV_ATTR_GW_MODE={0x5, 0x33, 0x2}, @BATADV_ATTR_MESH_IFINDEX={0x8}, @BATADV_ATTR_FRAGMENTATION_ENABLED={0x5, 0x30, 0x1}, @BATADV_ATTR_ORIG_INTERVAL={0x8, 0x39, 0x1}, @BATADV_ATTR_MULTICAST_FANOUT={0x8, 0x3c, 0x7}]}, 0x4c}, 0x1, 0x0, 0x0, 0x11}, 0x8000) r1 = syz_io_uring_setup(0x420c, &(0x7f0000000000), &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f00000000c0), &(0x7f0000000100)) mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x12, r1, 0x10000000) [ 2902.328774][T23427] loop5: detected capacity change from 0 to 264192 07:39:53 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1702000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 07:39:53 executing program 5: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x0, 0x2, &(0x7f0000000440)=[{0x0, 0x0, 0x100000000}, {&(0x7f0000000400)="b6e4ba5e97a999bfce4e9bf4475031d183cbe1", 0x13, 0x3}], 0xfeff, &(0x7f0000000000)={[{@fat=@time_offset={'time_offset', 0x3d, 0xfffffffffffffc11}}]}) 07:39:53 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1703000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 07:39:53 executing program 2: r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000040), 0x280) ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_INFO(r0, 0x40bc5311, &(0x7f0000000080)={0x8, 0x1, 'client1\x00', 0xffffffff80000000, "d5b67de30d212794", "3c499cc821f07f052e5d163551e61b944b4b49adb275c33a6f4abb4db79a5a43", 0x40, 0x7}) r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) r2 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) ioctl$KDSKBMODE(r2, 0x4b45, 0x0) r3 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) ioctl$KDSKBMODE(r3, 0x4b45, 0x0) write$nbd(r1, &(0x7f0000000000)=ANY=[@ANYRESDEC=r2, @ANYRESHEX=r3, @ANYRES64=r3, @ANYRES64], 0xfffffdef) 07:39:53 executing program 0: r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) ioctl$KDSKBMODE(r0, 0x4b45, 0x0) ioctl$TCSETS(r0, 0x5402, &(0x7f0000000080)={0xfffffffc, 0x1f, 0x0, 0x6, 0x19, "4159ea2132ae0a52a73620dfe180f88a5f21c7"}) r1 = syz_io_uring_setup(0x420c, &(0x7f0000000000), &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000000c0), &(0x7f0000000100)) mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x12, r1, 0x10000000) [ 2902.482376][T23461] loop5: detected capacity change from 0 to 264192 07:39:53 executing program 4 (fault-call:1 fault-nth:29): r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000080), 0x20000090) 07:39:53 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1704000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 07:39:53 executing program 5: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x0, 0x2, &(0x7f0000000440)=[{0x0, 0x0, 0x100000000}, {&(0x7f0000000400)="b6e4ba5e97a999bfce4e9bf4475031d183cbe1", 0x13, 0x3}], 0xff0f, &(0x7f0000000000)={[{@fat=@time_offset={'time_offset', 0x3d, 0xfffffffffffffc11}}]}) 07:39:53 executing program 0: r0 = syz_io_uring_setup(0x4420c, &(0x7f0000000000)={0x0, 0x0, 0x1}, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000000c0), &(0x7f0000000100)) mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x10000000) r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000700), 0x40000, 0x0) recvmsg$unix(r1, &(0x7f0000000b80)={&(0x7f0000000740), 0x6e, 0x0}, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_NAMED_QUEUE(r1, 0xc08c5336, &(0x7f0000000140)={0x3, 0x371613cb, 0x0, 'queue1\x00', 0x10000}) ioctl$PERF_EVENT_IOC_MODIFY_ATTRIBUTES(0xffffffffffffffff, 0x4008240b, &(0x7f0000000200)={0x1, 0x80, 0xc7, 0x80, 0x3f, 0x4, 0x0, 0x7ace, 0x1080, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0xffff, 0x4, @perf_bp={&(0x7f0000000080), 0x34d78f5fe0c8cef4}, 0x85, 0x4f9957f4, 0x80000000, 0x1, 0x0, 0x3, 0x8000, 0x0, 0x9, 0x0, 0x8}) 07:39:53 executing program 3: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xfffffdef) r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000700), 0x40000, 0x0) r2 = clone3(&(0x7f00000002c0)={0x10002000, &(0x7f0000000040), &(0x7f0000000080)=0x0, &(0x7f00000000c0)=0x0, {0x1}, &(0x7f00000001c0)=""/229, 0xe5, &(0x7f0000000100)=""/40, &(0x7f0000000140)=[0x0], 0x1, {r1}}, 0x58) r5 = syz_genetlink_get_family_id$batadv(&(0x7f0000000800), r0) sendmsg$BATADV_CMD_SET_HARDIF(r0, &(0x7f0000000900)={&(0x7f00000007c0)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f00000008c0)={&(0x7f0000000840)={0x44, r5, 0x10, 0x70bd2c, 0x25dfdbfb, {}, [@BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5}, @BATADV_ATTR_FRAGMENTATION_ENABLED={0x5}, @BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5, 0x2e, 0x1}, @BATADV_ATTR_FRAGMENTATION_ENABLED={0x5}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5}, @BATADV_ATTR_AGGREGATED_OGMS_ENABLED={0x5}]}, 0x44}, 0x1, 0x0, 0x0, 0x4040014}, 0x8804) clone3(&(0x7f0000000600)={0x0, &(0x7f0000000480), &(0x7f00000004c0), &(0x7f0000000500), {0x1e}, &(0x7f0000000540)=""/44, 0x2c, &(0x7f0000000580)=""/36, &(0x7f00000005c0)=[r2, r3, r4, r2, r3], 0x5, {r0}}, 0x58) 07:39:53 executing program 0: r0 = syz_io_uring_setup(0x7311, &(0x7f00000003c0)={0x0, 0xc52f, 0x2, 0x2, 0x2b5}, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000440)) r1 = syz_io_uring_setup(0x420f, &(0x7f0000000000)={0x0, 0xbf93, 0x20, 0x0, 0x0, 0x0, r0}, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000000c0), &(0x7f0000000200)) r2 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000700), 0x40000, 0x0) recvmsg$unix(r2, &(0x7f0000000b80)={&(0x7f0000000740), 0x6e, 0x0}, 0x0) r3 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000700), 0x40000, 0x0) recvmsg$unix(r3, &(0x7f0000000b80)={&(0x7f0000000740), 0x6e, 0x0}, 0x0) ioctl$TIOCL_GETMOUSEREPORTING(r2, 0x541c, &(0x7f00000001c0)) io_uring_setup(0x78d5, &(0x7f0000000140)={0x0, 0xb8b9, 0x8, 0x2, 0x1d5, 0x0, r3}) mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x12, r1, 0x10000000) sendmsg$BATADV_CMD_SET_VLAN(r2, &(0x7f0000000280)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[@ANYBLOB="50000000e7170af7c660b7c8afb666d97d2b07552d268a53f971a7e029ac12d6730716d00c87964cbbb3bd630b766edf9e612ef341be0f88305f269b33b8f98ea7f103851f4abbb5e9898e8855090c3e204eddf4b3d51ce543e34873421bd83bf0d1dec4ed658e8159e26f3d0b1bc8962506420dff30664689fd90efc2ad417cb5b8fcc0f6c080a1ec5c8174885d7b1bf22ef25d8e478447de8934deeaf244c3ad20b3e2440640d6e7230664c10dc690ade70b", @ANYRES16=0x0, @ANYBLOB="00022bbd7000fedbdf25120000000a000900000000000000000008003200da0e000005003000000000000500370000000000080031000700000008003a000400000008000b0000000000"], 0x50}, 0x1, 0x0, 0x0, 0x20000000}, 0x20040001) [ 2902.728623][T23480] loop5: detected capacity change from 0 to 264192 [ 2902.738695][T23481] FAULT_INJECTION: forcing a failure. [ 2902.738695][T23481] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 2902.752063][T23481] CPU: 0 PID: 23481 Comm: syz-executor.4 Not tainted 5.14.0-rc4-syzkaller #0 [ 2902.760850][T23481] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2902.770900][T23481] Call Trace: [ 2902.774175][T23481] dump_stack_lvl+0xb7/0x103 [ 2902.778802][T23481] dump_stack+0x11/0x1a [ 2902.782945][T23481] should_fail+0x23c/0x250 [ 2902.787362][T23481] __alloc_pages+0x102/0x320 [ 2902.792089][T23481] alloc_pages_vma+0x513/0x680 [ 2902.796856][T23481] shmem_getpage_gfp+0x954/0x13d0 [ 2902.801968][T23481] shmem_write_begin+0x7e/0x100 [ 2902.806869][T23481] generic_perform_write+0x196/0x3c0 [ 2902.812160][T23481] ? shmem_write_begin+0x100/0x100 [ 2902.817268][T23481] __generic_file_write_iter+0x161/0x300 [ 2902.822900][T23481] ? generic_write_checks+0x242/0x290 [ 2902.828301][T23481] generic_file_write_iter+0x75/0x130 [ 2902.833742][T23481] vfs_write+0x69d/0x770 [ 2902.838039][T23481] ksys_write+0xce/0x180 [ 2902.842271][T23481] __x64_sys_write+0x3e/0x50 [ 2902.846894][T23481] do_syscall_64+0x3d/0x90 [ 2902.851373][T23481] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 2902.857262][T23481] RIP: 0033:0x4665e9 07:39:53 executing program 2: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x1ca102, 0x0) r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000040), 0x200000, 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_INFO(r1, 0x40bc5311, &(0x7f0000000080)={0xffffffff, 0x2, 'client1\x00', 0xffffffff80000002, "23806b54f86fbf48", "c7622422b765d694d2bcf2f8c7c6c35324e4aa0ae99110cc1dc268767d9849ee", 0x5df3, 0x2}) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xfffffdef) r2 = fork() r3 = fork() clone3(&(0x7f0000000b40)={0x20a00000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000b00)=[r3], 0x1}, 0x58) r4 = fork() clone3(&(0x7f0000000b40)={0x20a00000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000b00)=[r4], 0x1}, 0x58) clone3(&(0x7f0000000b40)={0x0, 0x0, 0x0, 0x0, {0x3}, 0x0, 0x0, 0x0, &(0x7f0000000180)}, 0x58) pidfd_open(r2, 0x0) 07:39:53 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1705000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 2902.861166][T23481] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2902.880774][T23481] RSP: 002b:00007fe6dc981188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2902.889191][T23481] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665e9 [ 2902.897158][T23481] RDX: 0000000020000090 RSI: 0000000020000080 RDI: 0000000000000003 [ 2902.905187][T23481] RBP: 00007fe6dc9811d0 R08: 0000000000000000 R09: 0000000000000000 [ 2902.913327][T23481] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2902.921288][T23481] R13: 00007ffe9e0603cf R14: 00007fe6dc981300 R15: 0000000000022000 07:39:53 executing program 0: r0 = syz_io_uring_setup(0x420c, &(0x7f0000000000)={0x0, 0xfffffffd, 0x8}, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000000c0), &(0x7f0000000100)) arch_prctl$ARCH_MAP_VDSO_32(0x2002, 0x6) mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x10000000) ioctl$sock_ipv6_tunnel_SIOCCHGPRL(0xffffffffffffffff, 0x89f7, &(0x7f00000001c0)={'syztnl2\x00', &(0x7f0000000280)={'syztnl2\x00', 0x0, 0x2f, 0x40, 0x1, 0xfffffffb, 0x28, @mcast1, @ipv4={'\x00', '\xff\xff', @multicast1}, 0x48, 0x20, 0x0, 0x8}}) ioctl$sock_ipv6_tunnel_SIOCCHGPRL(0xffffffffffffffff, 0x89f7, &(0x7f0000000500)={'ip6_vti0\x00', &(0x7f0000000480)={'sit0\x00', r1, 0x2f, 0x2, 0x4, 0x1f, 0x0, @private2={0xfc, 0x2, '\x00', 0x1}, @private0={0xfc, 0x0, '\x00', 0x1}, 0x40, 0x16, 0xcae0, 0x194a}}) r2 = pidfd_getfd(0xffffffffffffffff, 0xffffffffffffffff, 0x0) pidfd_getfd(r2, r0, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000180)) openat$pidfd(0xffffffffffffff9c, &(0x7f0000000080), 0x115200, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TEAM_CMD_NOOP(r3, &(0x7f00000031c0)={&(0x7f0000002c40)={0x10, 0x0, 0x0, 0x8800200}, 0xc, &(0x7f0000003180)={&(0x7f0000002e80)=ANY=[@ANYBLOB, @ANYRES16=0x0, @ANYBLOB='\x00'/14], 0x14}}, 0x0) sendmsg$BATADV_CMD_GET_DAT_CACHE(r3, &(0x7f0000000240)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB="4800ed88edbfd6ee5998124a15711f2c727c412be495d34b9315849c8e76de792acfedae4676ec220e75739d6bf5dfe33dc5a3c002baa36eb41df4d0d640efbdec2920a5d93495339ef62784a8eb75bd0f23ab65e801ae61e722202fa0fba8ef19b853b2cf6ba1abd92de162e6311b35f449a4dc39b1ed54b8db436086bf63ded2f8658689bb2e6fd591e831dbcef4080606009d7ea5000000000000768b03d6625a5caff40947ceb8b5f9e5a8fdc30986234545a80d40093082c863337ed00eedabf753f558f482dbe64d48da25eb44b1994ecbb178138f6ff149abb7642607cec7d5d58cc4273e26d884765f070d37aaf7c53390b05270bfc998bc1af3775c06804c20e7fc496e2d4b3781734dda080000006ee18f2b01034fb1cfe439600c0134e675504137057f2c4496f7f3a9a9684ee9d634da1ad4", @ANYRES16=0x0, @ANYBLOB="00082bbd7000ffdbdf250d000000050037000100000005002a000000000005002a00010000000a000900aaaaaaaaaaaa000008002b000600000005002f0001000000"], 0x48}, 0x1, 0x0, 0x0, 0x40000}, 0x8800) 07:39:53 executing program 5: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x0, 0x2, &(0x7f0000000440)=[{0x0, 0x0, 0x100000000}, {&(0x7f0000000400)="b6e4ba5e97a999bfce4e9bf4475031d183cbe1", 0x13, 0x3}], 0xfffe, &(0x7f0000000000)={[{@fat=@time_offset={'time_offset', 0x3d, 0xfffffffffffffc11}}]}) [ 2902.972511][T23480] loop5: detected capacity change from 0 to 264192 07:39:53 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1800000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 07:39:54 executing program 0: openat$pidfd(0xffffffffffffff9c, &(0x7f0000000080), 0x200401, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x11, 0xffffffffffffffff, 0x10000000) r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000700), 0x40000, 0x0) recvmsg$unix(r0, &(0x7f0000000b80)={&(0x7f0000000740), 0x6e, 0x0}, 0x0) syz_io_uring_setup(0x2ba0, &(0x7f0000000440)={0x0, 0x6e63, 0x10, 0x0, 0x328, 0x0, r0}, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000000400), &(0x7f00000001c0)) ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r0, 0x408c5333, &(0x7f0000000240)={0x7fffffff, 0x9, 0x1, 'queue0\x00', 0x2}) r1 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/module/snd_seq', 0x10800, 0x83) ioctl$TIOCL_UNBLANKSCREEN(0xffffffffffffffff, 0x541c, &(0x7f0000000040)) sendmsg$BATADV_CMD_GET_MESH(r1, &(0x7f00000003c0)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000380)={&(0x7f0000000340)=ANY=[@ANYBLOB="01000080", @ANYRES16=0x0, @ANYBLOB="000125bd7000fddbdf250100000005003700010000000a000900aaaaaaaaaabb0000"], 0x28}}, 0x80) waitid$P_PIDFD(0x3, r1, &(0x7f00000000c0), 0x40000000, 0x0) [ 2903.077692][T23514] loop5: detected capacity change from 0 to 264192 07:39:54 executing program 4 (fault-call:1 fault-nth:30): r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000080), 0x20000090) 07:39:54 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1801000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 07:39:54 executing program 3: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xfffffdef) r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000700), 0x40000, 0x0) r2 = clone3(&(0x7f00000002c0)={0x10002000, &(0x7f0000000040), &(0x7f0000000080)=0x0, &(0x7f00000000c0)=0x0, {0x1}, &(0x7f00000001c0)=""/229, 0xe5, &(0x7f0000000100)=""/40, &(0x7f0000000140)=[0x0], 0x1, {r1}}, 0x58) r5 = syz_genetlink_get_family_id$batadv(&(0x7f0000000800), r0) sendmsg$BATADV_CMD_SET_HARDIF(r0, &(0x7f0000000900)={&(0x7f00000007c0)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f00000008c0)={&(0x7f0000000840)={0x44, r5, 0x10, 0x70bd2c, 0x25dfdbfb, {}, [@BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5}, @BATADV_ATTR_FRAGMENTATION_ENABLED={0x5}, @BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5, 0x2e, 0x1}, @BATADV_ATTR_FRAGMENTATION_ENABLED={0x5}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5}, @BATADV_ATTR_AGGREGATED_OGMS_ENABLED={0x5}]}, 0x44}, 0x1, 0x0, 0x0, 0x4040014}, 0x8804) clone3(&(0x7f0000000600)={0x0, &(0x7f0000000480), &(0x7f00000004c0), &(0x7f0000000500), {0x1e}, &(0x7f0000000540)=""/44, 0x2c, &(0x7f0000000580)=""/36, &(0x7f00000005c0)=[r2, r3, r4, r2, r3], 0x5, {r0}}, 0x58) 07:39:54 executing program 2: openat$bsg(0xffffffffffffff9c, &(0x7f0000000040), 0x4d0501, 0x0) r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000700), 0x40000, 0x0) recvmsg$unix(r0, &(0x7f0000000b80)={&(0x7f0000000740), 0x6e, 0x0}, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xfffffdef) 07:39:54 executing program 0: r0 = syz_io_uring_setup(0x420c, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x3, 0x83}, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f00000000c0), &(0x7f0000000100)) mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x10000000) 07:39:54 executing program 5: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x0, 0x2, &(0x7f0000000440)=[{0x0, 0x0, 0x100000000}, {&(0x7f0000000400)="b6e4ba5e97a999bfce4e9bf4475031d183cbe1", 0x13, 0x3}], 0x407ff, &(0x7f0000000000)={[{@fat=@time_offset={'time_offset', 0x3d, 0xfffffffffffffc11}}]}) [ 2903.171219][T23514] loop5: detected capacity change from 0 to 264192 07:39:54 executing program 2: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x317800, 0x0) r1 = syz_open_dev$ttys(0xc, 0x2, 0x1) pidfd_getfd(0xffffffffffffffff, r1, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xfffffdef) r2 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000700), 0x40000, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r2, 0xc0a85320, &(0x7f00000000c0)={{0x48, 0x4}, 'port1\x00', 0x1, 0x180010, 0x4, 0x5, 0x97d, 0x1ff, 0x9, 0x0, 0x0, 0x9}) io_uring_register$IORING_REGISTER_EVENTFD_ASYNC(r0, 0x7, &(0x7f0000000040)=r2, 0x1) openat$nvram(0xffffffffffffff9c, &(0x7f0000000180), 0x20c240, 0x0) ioctl$sock_inet6_udp_SIOCINQ(r0, 0x541b, &(0x7f0000000080)) 07:39:54 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1802000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 2903.263475][T23543] FAULT_INJECTION: forcing a failure. [ 2903.263475][T23543] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2903.276910][T23543] CPU: 0 PID: 23543 Comm: syz-executor.4 Not tainted 5.14.0-rc4-syzkaller #0 [ 2903.285668][T23543] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2903.295786][T23543] Call Trace: [ 2903.299052][T23543] dump_stack_lvl+0xb7/0x103 [ 2903.303640][T23543] dump_stack+0x11/0x1a [ 2903.307826][T23543] should_fail+0x23c/0x250 07:39:54 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1803000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 2903.312247][T23543] should_fail_usercopy+0x16/0x20 [ 2903.317325][T23543] copy_page_from_iter_atomic+0x2c1/0xba0 [ 2903.323039][T23543] ? shmem_write_begin+0x7e/0x100 [ 2903.328060][T23543] generic_perform_write+0x1df/0x3c0 [ 2903.333396][T23543] ? shmem_write_begin+0x100/0x100 [ 2903.338505][T23543] __generic_file_write_iter+0x161/0x300 [ 2903.344142][T23543] ? generic_write_checks+0x242/0x290 [ 2903.349558][T23543] generic_file_write_iter+0x75/0x130 [ 2903.354923][T23543] vfs_write+0x69d/0x770 [ 2903.359162][T23543] ksys_write+0xce/0x180 07:39:54 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1804000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 2903.363466][T23543] __x64_sys_write+0x3e/0x50 [ 2903.368111][T23543] do_syscall_64+0x3d/0x90 [ 2903.372552][T23543] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 2903.378467][T23543] RIP: 0033:0x4665e9 [ 2903.382349][T23543] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2903.401954][T23543] RSP: 002b:00007fe6dc981188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 07:39:54 executing program 0: syz_io_uring_setup(0x420c, &(0x7f0000000000), &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000000c0), &(0x7f0000000100)) [ 2903.410363][T23543] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665e9 [ 2903.418331][T23543] RDX: 0000000020000090 RSI: 0000000020000080 RDI: 0000000000000003 [ 2903.426370][T23543] RBP: 00007fe6dc9811d0 R08: 0000000000000000 R09: 0000000000000000 [ 2903.434409][T23543] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2903.442490][T23543] R13: 00007ffe9e0603cf R14: 00007fe6dc981300 R15: 0000000000022000 07:39:54 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1805000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 2903.467081][T23557] loop5: detected capacity change from 0 to 264192 [ 2903.530530][T23557] loop5: detected capacity change from 0 to 264192 07:39:54 executing program 4 (fault-call:1 fault-nth:31): r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000080), 0x20000090) 07:39:54 executing program 2: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xfffffdef) ioctl$TIOCGSID(r0, 0x5429, &(0x7f0000000000)) r1 = openat$vcsa(0xffffffffffffff9c, &(0x7f0000000040), 0x80000, 0x0) ioctl$GIO_UNISCRNMAP(r1, 0x4b69, &(0x7f00000001c0)=""/197) ioctl$TIOCL_SETSEL(r0, 0x541c, &(0x7f00000000c0)={0x2, {0x2, 0x5, 0x3, 0x3, 0xff}}) 07:39:54 executing program 0: r0 = syz_io_uring_setup(0x420c, &(0x7f0000000000), &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000000c0)=0x0, &(0x7f0000000100)) mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x10000000) io_uring_setup(0x14a6, &(0x7f0000000140)={0x0, 0x646e, 0x3, 0x2, 0x79, 0x0, r0}) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000000680), r2) sendmsg$NLBL_MGMT_C_LISTALL(r2, &(0x7f0000000500)={&(0x7f0000000400), 0xc, &(0x7f00000004c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="481e4d6c986423a50ec08dc4646deac324767f3af87e8652166fc0961bb41970b25b078edb6b4912a95d68e848736da6f9a6a11d8d98dfc9fa4f653988b9c38046a3a43c2425c941869a24cc1bc092c7375b9df7a3f7861c4f6061a1b1901522ef", @ANYRES32=r1], 0x50}}, 0x0) sendmsg$NLBL_MGMT_C_REMOVE(r2, &(0x7f0000000240)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0x38, 0x0, 0x800, 0x70bd28, 0x25dfdbfe, {}, [@NLBL_MGMT_A_IPV4MASK={0x8, 0x8, @private=0xa010101}, @NLBL_MGMT_A_IPV6MASK={0x14, 0x6, @dev={0xfe, 0x80, '\x00', 0x38}}, @NLBL_MGMT_A_CV4DOI={0x8}]}, 0x38}, 0x1, 0x0, 0x0, 0x4000000}, 0x40) 07:39:54 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1900000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 07:39:54 executing program 5: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x0, 0x2, &(0x7f0000000440)=[{0x0, 0x0, 0x100000000}, {&(0x7f0000000400)="b6e4ba5e97a999bfce4e9bf4475031d183cbe1", 0x13, 0x3}], 0x40800, &(0x7f0000000000)={[{@fat=@time_offset={'time_offset', 0x3d, 0xfffffffffffffc11}}]}) 07:39:54 executing program 3: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xfffffdef) r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000700), 0x40000, 0x0) r2 = clone3(&(0x7f00000002c0)={0x10002000, &(0x7f0000000040)=0xffffffffffffffff, &(0x7f0000000080)=0x0, &(0x7f00000000c0)=0x0, {0x1}, &(0x7f00000001c0)=""/229, 0xe5, &(0x7f0000000100)=""/40, &(0x7f0000000140)=[0x0], 0x1, {r1}}, 0x58) syz_genetlink_get_family_id$batadv(&(0x7f0000000800), r0) waitid$P_PIDFD(0x3, r3, &(0x7f0000000340), 0x4, &(0x7f00000003c0)) clone3(&(0x7f0000000600)={0x0, &(0x7f0000000480), &(0x7f00000004c0), &(0x7f0000000500), {0x1e}, &(0x7f0000000540)=""/44, 0x2c, &(0x7f0000000580)=""/36, &(0x7f00000005c0)=[r2, r4, r5, r2, r4], 0x5, {r0}}, 0x58) 07:39:54 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1901000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 2903.709480][T23582] loop5: detected capacity change from 0 to 264192 [ 2903.722407][T23586] FAULT_INJECTION: forcing a failure. [ 2903.722407][T23586] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 2903.735662][T23586] CPU: 0 PID: 23586 Comm: syz-executor.4 Not tainted 5.14.0-rc4-syzkaller #0 [ 2903.744438][T23586] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2903.754486][T23586] Call Trace: 07:39:54 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1902000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 2903.757765][T23586] dump_stack_lvl+0xb7/0x103 [ 2903.762358][T23586] dump_stack+0x11/0x1a [ 2903.766503][T23586] should_fail+0x23c/0x250 [ 2903.771006][T23586] __alloc_pages+0x102/0x320 [ 2903.771045][T23586] alloc_pages_vma+0x513/0x680 [ 2903.771062][T23586] shmem_getpage_gfp+0x954/0x13d0 [ 2903.771131][T23586] shmem_write_begin+0x7e/0x100 [ 2903.790384][T23586] generic_perform_write+0x196/0x3c0 [ 2903.795670][T23586] ? shmem_write_begin+0x100/0x100 [ 2903.800771][T23586] __generic_file_write_iter+0x161/0x300 [ 2903.806446][T23586] ? generic_write_checks+0x242/0x290 [ 2903.811818][T23586] generic_file_write_iter+0x75/0x130 [ 2903.817191][T23586] vfs_write+0x69d/0x770 [ 2903.821524][T23586] ksys_write+0xce/0x180 [ 2903.825761][T23586] __x64_sys_write+0x3e/0x50 [ 2903.830606][T23586] do_syscall_64+0x3d/0x90 [ 2903.835013][T23586] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 2903.840925][T23586] RIP: 0033:0x4665e9 07:39:54 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1903000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 2903.844814][T23586] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2903.864410][T23586] RSP: 002b:00007fe6dc981188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2903.872877][T23586] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665e9 [ 2903.880842][T23586] RDX: 0000000020000090 RSI: 0000000020000080 RDI: 0000000000000003 [ 2903.889058][T23586] RBP: 00007fe6dc9811d0 R08: 0000000000000000 R09: 0000000000000000 [ 2903.897085][T23586] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 07:39:54 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1904000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 2903.905129][T23586] R13: 00007ffe9e0603cf R14: 00007fe6dc981300 R15: 0000000000022000 07:39:54 executing program 0: r0 = syz_io_uring_setup(0x420c, &(0x7f0000000000), &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000000c0), &(0x7f0000000100)) mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x10000000) r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000700), 0x40000, 0x0) recvmsg$unix(r1, &(0x7f0000000b80)={&(0x7f0000000740), 0x6e, 0x0}, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x110, r1, 0x10000000) 07:39:54 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1905000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 07:39:55 executing program 4 (fault-call:1 fault-nth:32): r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000080), 0x20000090) 07:39:55 executing program 5: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x0, 0x2, &(0x7f0000000440)=[{0x0, 0x0, 0x100000000}, {&(0x7f0000000400)="b6e4ba5e97a999bfce4e9bf4475031d183cbe1", 0x13, 0x3}], 0x80000, &(0x7f0000000000)={[{@fat=@time_offset={'time_offset', 0x3d, 0xfffffffffffffc11}}]}) 07:39:55 executing program 0: r0 = syz_io_uring_setup(0x420c, &(0x7f0000000000), &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000000c0), &(0x7f0000000100)) mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x10000000) syz_io_uring_setup(0x4d2a, &(0x7f0000000140)={0x0, 0x3484, 0x4, 0x0, 0x1d4}, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000080), &(0x7f00000001c0)) 07:39:55 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1a00000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 07:39:55 executing program 2: ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_STATUS(0xffffffffffffffff, 0xc05c5340, &(0x7f0000000000)={0x7d, 0xe3, 0x5, {0xfffffe00, 0x1}, 0x10001, 0xba62}) r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xfffffdef) r1 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/dev/block', 0x8000, 0x8292c8034b716a4c) setsockopt$netlink_NETLINK_DROP_MEMBERSHIP(r1, 0x10e, 0x2, &(0x7f00000000c0)=0x17, 0x4) [ 2904.162226][T23624] loop5: detected capacity change from 0 to 264192 [ 2904.174016][T23628] FAULT_INJECTION: forcing a failure. [ 2904.174016][T23628] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2904.187137][T23628] CPU: 0 PID: 23628 Comm: syz-executor.4 Not tainted 5.14.0-rc4-syzkaller #0 [ 2904.195941][T23628] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2904.205992][T23628] Call Trace: [ 2904.209266][T23628] dump_stack_lvl+0xb7/0x103 [ 2904.214031][T23628] dump_stack+0x11/0x1a [ 2904.218183][T23628] should_fail+0x23c/0x250 [ 2904.222693][T23628] should_fail_usercopy+0x16/0x20 [ 2904.227721][T23628] copy_page_from_iter_atomic+0x2c1/0xba0 [ 2904.233449][T23628] ? shmem_write_begin+0x7e/0x100 [ 2904.238524][T23628] generic_perform_write+0x1df/0x3c0 [ 2904.243805][T23628] ? shmem_write_begin+0x100/0x100 [ 2904.248915][T23628] __generic_file_write_iter+0x161/0x300 [ 2904.254593][T23628] ? generic_write_checks+0x242/0x290 [ 2904.259963][T23628] generic_file_write_iter+0x75/0x130 [ 2904.265366][T23628] vfs_write+0x69d/0x770 [ 2904.269624][T23628] ksys_write+0xce/0x180 [ 2904.273859][T23628] __x64_sys_write+0x3e/0x50 [ 2904.278445][T23628] do_syscall_64+0x3d/0x90 [ 2904.282947][T23628] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 2904.288883][T23628] RIP: 0033:0x4665e9 [ 2904.292758][T23628] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 07:39:55 executing program 3: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xfffffdef) r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000700), 0x40000, 0x0) r2 = clone3(&(0x7f00000002c0)={0x10002000, &(0x7f0000000040)=0xffffffffffffffff, &(0x7f0000000080)=0x0, &(0x7f00000000c0)=0x0, {0x1}, &(0x7f00000001c0)=""/229, 0xe5, &(0x7f0000000100)=""/40, &(0x7f0000000140)=[0x0], 0x1, {r1}}, 0x58) waitid$P_PIDFD(0x3, r3, &(0x7f0000000340), 0x4, &(0x7f00000003c0)) clone3(&(0x7f0000000600)={0x0, &(0x7f0000000480), &(0x7f00000004c0), &(0x7f0000000500), {0x1e}, &(0x7f0000000540)=""/44, 0x2c, &(0x7f0000000580)=""/36, &(0x7f00000005c0)=[r2, r4, r5, r2, r4], 0x5, {r0}}, 0x58) 07:39:55 executing program 0: r0 = syz_io_uring_setup(0x420c, &(0x7f0000000000), &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000000c0), &(0x7f0000000100)) mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x10000000) ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, &(0x7f0000000080)) 07:39:55 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1a01000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 2904.312409][T23628] RSP: 002b:00007fe6dc981188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2904.320821][T23628] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665e9 [ 2904.328790][T23628] RDX: 0000000020000090 RSI: 0000000020000080 RDI: 0000000000000003 [ 2904.336759][T23628] RBP: 00007fe6dc9811d0 R08: 0000000000000000 R09: 0000000000000000 [ 2904.344728][T23628] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2904.352692][T23628] R13: 00007ffe9e0603cf R14: 00007fe6dc981300 R15: 0000000000022000 07:39:55 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1a02000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 07:39:55 executing program 0: r0 = syz_io_uring_setup(0x420c, &(0x7f0000000000), &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000000c0), &(0x7f0000000100)) mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x10000000) ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(0xffffffffffffffff, 0x408c5333, &(0x7f0000000140)={0xad6, 0x8, 0x1, 'queue1\x00', 0x2}) [ 2904.411667][T23624] loop5: detected capacity change from 0 to 264192 07:39:55 executing program 5: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x0, 0x2, &(0x7f0000000440)=[{0x0, 0x0, 0x100000000}, {&(0x7f0000000400)="b6e4ba5e97a999bfce4e9bf4475031d183cbe1", 0x13, 0x3}], 0x80040, &(0x7f0000000000)={[{@fat=@time_offset={'time_offset', 0x3d, 0xfffffffffffffc11}}]}) 07:39:55 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1a03000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 2904.523697][T23657] loop5: detected capacity change from 0 to 264192 [ 2904.581227][T23657] loop5: detected capacity change from 0 to 264192 07:39:55 executing program 4 (fault-call:1 fault-nth:33): r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000080), 0x20000090) 07:39:55 executing program 2: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000000)=ANY=[@ANYRES16=r0, @ANYRES64=r0], 0xfffffdef) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000200)={0x0, 0x9, 0x5a, {0x200, 0x1}, 0x1, 0x2}) r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000700), 0x40000, 0x0) openat$nvram(0xffffffffffffff9c, &(0x7f00000001c0), 0x569041, 0x0) recvmsg$unix(r1, &(0x7f0000000b80)={&(0x7f0000000740), 0x6e, 0x0}, 0x0) sendmsg$IPSET_CMD_SAVE(r1, &(0x7f0000000140)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)=ANY=[@ANYBLOB="2c0000000806010300000000000000000300000005000100070000000500010007000000"], 0x2c}, 0x1, 0x0, 0x0, 0x20004080}, 0x8048010) r2 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000700), 0x40000, 0x0) recvmsg$unix(r2, &(0x7f0000000b80)={&(0x7f0000000740), 0x6e, 0x0}, 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(r2, 0x4058534c, &(0x7f0000000280)={0xfffffffd, 0x0, 0x2f000, 0x7fff, 0xfffffff8, 0x5}) openat$thread_pidfd(0xffffffffffffff9c, &(0x7f0000000040), 0x100, 0x0) 07:39:55 executing program 0: r0 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000080), 0x20281, 0x0) r1 = syz_io_uring_setup(0x420c, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r0}, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffa000/0x3000)=nil, &(0x7f00000000c0), &(0x7f0000000100)) r2 = socket(0x4, 0x3, 0xce) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r2, 0x8933, &(0x7f0000000140)={'batadv_slave_1\x00'}) mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x12, r1, 0x10000000) 07:39:55 executing program 5: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x0, 0x2, &(0x7f0000000440)=[{0x0, 0x0, 0x100000000}, {&(0x7f0000000400)="b6e4ba5e97a999bfce4e9bf4475031d183cbe1", 0x13, 0x3}], 0x80400, &(0x7f0000000000)={[{@fat=@time_offset={'time_offset', 0x3d, 0xfffffffffffffc11}}]}) 07:39:55 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1a04000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 07:39:55 executing program 3: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x4d0501, 0x0) write$nbd(r0, &(0x7f0000000480)=ANY=[], 0xfffffdef) openat$bsg(0xffffffffffffff9c, &(0x7f0000000700), 0x40000, 0x0) waitid$P_PIDFD(0x3, 0xfffffff