set_mempolicy(0x3, &(0x7f0000000000)=0xffffffffffffff81, 0x5) r0 = socket$inet6(0xa, 0x400000000001, 0x0) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e24, 0x178, @rand_addr=' \x01\x00'}, 0x1c) setsockopt$inet6_int(r0, 0x29, 0x38, &(0x7f00000000c0)=0x7, 0x4) close(r0) r1 = open(&(0x7f0000000000)='./bus\x00', 0x44142, 0x0) r2 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e22, 0x10000, @private1={0xfc, 0x1, '\x00', 0x1}, 0x4}, 0x1c) getdents(r2, 0x0, 0x18) setsockopt$inet6_int(r2, 0x29, 0xc8, &(0x7f0000000080)=0x4, 0x4) ftruncate(r1, 0x2008000) sendfile(r0, r1, 0x0, 0x200fff) r3 = creat(&(0x7f0000000040)='./file0/file1\x00', 0x0) write$cgroup_type(r3, &(0x7f00000009c0), 0xd4ba0ff) r4 = creat(&(0x7f0000000040)='./file0/file1\x00', 0x0) setsockopt$inet6_tcp_TCP_REPAIR(r2, 0x6, 0x13, &(0x7f0000000140)=0x1, 0x4) write$cgroup_type(r4, &(0x7f00000009c0), 0xd4ba0ff) dup2(r3, r4) 17:04:18 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000200)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in6=@ipv4={'\x00', '\xff\xff', @broadcast}, 0x0, 0x32}, @in=@dev, {0x0, 0x0, 0x0, 0x0, 0x0, 0xb}, {}, {}, 0x0, 0x0, 0xa, 0xd104, 0x0, 0x24}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0) 17:04:18 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000580)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = socket$inet(0x10, 0x3, 0x0) sendmsg(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000400)="24001200260007031dfffd946fa2830020200a0009000000001d85680c1ba3a20400ff7e280000001c00ffffba16a0aa1c0009b3ebcd774a3c374a095dca5285307eadea8653a1cc7e63975c", 0x4c}], 0x1}, 0x0) [ 563.306626][ T1034] loop2: p1 p2 p3 p4 [ 563.320014][T14546] FAULT_INJECTION: forcing a failure. [ 563.320014][T14546] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 563.333397][T14546] CPU: 0 PID: 14546 Comm: syz-executor.4 Not tainted 5.12.0-syzkaller #0 [ 563.334246][ T1034] loop2: p1 start 10 is beyond EOD, [ 563.341826][T14546] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 563.341843][T14546] Call Trace: [ 563.341850][T14546] dump_stack+0x137/0x19d [ 563.341874][T14546] should_fail+0x23c/0x250 [ 563.347141][ T1034] truncated [ 563.347147][ T1034] loop2: p2 size 1073872896 extends beyond EOD, [ 563.357179][T14546] __alloc_pages+0x102/0x320 [ 563.357200][T14546] alloc_pages+0x21d/0x310 [ 563.357218][T14546] push_pipe+0x267/0x370 [ 563.360477][ T1034] truncated [ 563.362959][ T1034] loop2: p3 start 225 is beyond EOD, [ 563.364785][T14546] iov_iter_get_pages+0xb39/0xcc0 [ 563.364810][T14546] bio_iov_iter_get_pages+0x55f/0xa70 [ 563.369237][ T1034] truncated [ 563.372332][T14546] iomap_dio_bio_actor+0x673/0xb50 [ 563.378644][ T1034] loop2: p4 size 3657465856 extends beyond EOD, [ 563.383207][T14546] iomap_dio_actor+0x26e/0x3b0 [ 563.387625][ T1034] truncated [ 563.391838][T14546] ? __filemap_fdatawait_range+0x17c/0x1b0 [ 563.439532][T14546] iomap_apply+0x1e2/0x400 [ 563.443992][T14546] __iomap_dio_rw+0x5af/0xad0 [ 563.448683][T14546] ? __iomap_dio_rw+0xad0/0xad0 [ 563.453549][T14546] iomap_dio_rw+0x30/0x70 [ 563.457883][T14546] ext4_file_read_iter+0x21a/0x290 [ 563.463031][T14546] generic_file_splice_read+0x22a/0x310 [ 563.469448][T14546] ? splice_shrink_spd+0x60/0x60 [ 563.474395][T14546] splice_direct_to_actor+0x2aa/0x650 [ 563.479778][T14546] ? do_splice_direct+0x170/0x170 [ 563.484822][T14546] do_splice_direct+0xf5/0x170 [ 563.489656][T14546] do_sendfile+0x773/0xda0 [ 563.494119][T14546] __x64_sys_sendfile64+0xf2/0x130 [ 563.499227][T14546] do_syscall_64+0x4a/0x90 [ 563.503688][T14546] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 563.509637][T14546] RIP: 0033:0x4665f9 [ 563.513567][T14546] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 563.533181][T14546] RSP: 002b:00007f66db8d7188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 563.541677][T14546] RAX: ffffffffffffffda RBX: 000000000056c008 RCX: 00000000004665f9 [ 563.549662][T14546] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000003 17:04:19 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000200)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in6=@ipv4={'\x00', '\xff\xff', @broadcast}, 0x0, 0x32}, @in=@dev, {0x0, 0x0, 0x0, 0x0, 0x0, 0xc}, {}, {}, 0x0, 0x0, 0xa, 0xd104, 0x0, 0x24}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0) 17:04:19 executing program 5: r0 = syz_io_uring_setup(0x60a, &(0x7f0000000240)={0x0, 0x0, 0x2}, &(0x7f0000002000/0x2000)=nil, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_setup(0x4a85, &(0x7f0000000080)={0x0, 0x8162, 0x6a, 0x0, 0x0, 0x0, r0}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000000180), &(0x7f00000001c0)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x2) 17:04:19 executing program 0: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f000099e000)={0x2, 0x4e20, @multicast1}, 0x10) ioctl$int_in(0xffffffffffffffff, 0x5452, &(0x7f00000000c0)=0x24) getpgid(0x0) openat$bsg(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$F2FS_IOC_COMMIT_ATOMIC_WRITE(0xffffffffffffffff, 0xf502, 0x0) r1 = getpid() perf_event_open(&(0x7f0000000700)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, r1, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) splice(0xffffffffffffffff, &(0x7f0000000040), 0xffffffffffffffff, &(0x7f0000000180)=0x3, 0x7, 0xf) sendto$inet(r0, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) preadv(0xffffffffffffffff, &(0x7f0000000040), 0x0, 0x7fffffff, 0x0) r2 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r2, 0x0, 0x0) getsockname$packet(r2, &(0x7f00000002c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000003c0)=0x14) openat$vcsa(0xffffffffffffff9c, &(0x7f00000001c0), 0x40700, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, 0x0) setuid(r3) ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, 0x0) recvfrom(r0, &(0x7f0000000480)=""/110, 0xfffffe32, 0x734, 0x0, 0xffffffffffffff39) [ 563.557639][T14546] RBP: 00007f66db8d71d0 R08: 0000000000000000 R09: 0000000000000000 [ 563.565610][T14546] R10: 00008080ffffff7e R11: 0000000000000246 R12: 0000000000000002 [ 563.573671][T14546] R13: 00007ffc1c86f7ef R14: 00007f66db8d7300 R15: 0000000000022000 [ 563.617031][ T1034] loop2: p1 p2 p3 p4 [ 563.621517][ T1034] loop2: p1 start 10 is beyond EOD, truncated [ 563.627697][ T1034] loop2: p2 size 1073872896 extends beyond EOD, truncated [ 563.641402][ T1034] loop2: p3 start 225 is beyond EOD, truncated [ 563.647658][ T1034] loop2: p4 size 3657465856 extends beyond EOD, truncated 17:04:19 executing program 4 (fault-call:11 fault-nth:12): prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x6}, 0x0) r0 = open(&(0x7f00000001c0)='./bus\x00', 0x145842, 0x0) r1 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0) lseek(r1, 0x4200, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r3, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r2, &(0x7f0000000000), 0x10000}]) r4 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r1, r4, 0x0, 0x8400fffffffb) sendfile(r0, r0, 0x0, 0x8080ffffff7e) 17:04:19 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000580)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = socket$inet(0x10, 0x3, 0x0) sendmsg(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000400)="245a1d00260007031dfffd946fa2830020200a0009000000001d85680c1ba3a20400ff7e280000001c00ffffba16a0aa1c0009b3ebcd774a3c374a095dca5285307eadea8653a1cc7e63975c", 0x4c}], 0x1}, 0x0) 17:04:19 executing program 3: r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f00000000c0)={0x2, &(0x7f0000000040)=[{}, {0x1, 0x4, 0x3, 0x3f}]}) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r2 = creat(&(0x7f0000000040)='./file0/file1\x00', 0x0) write$cgroup_type(r2, &(0x7f00000009c0), 0xd4ba0ff) r3 = creat(&(0x7f0000000040)='./file0/file1\x00', 0x0) write$cgroup_type(r3, &(0x7f00000009c0), 0xd4ba0ff) r4 = creat(&(0x7f0000000040)='./file0/file1\x00', 0x0) write$cgroup_type(r4, &(0x7f00000009c0), 0xd4ba0ff) dup2(r0, r3) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) getpid() sched_setscheduler(0x0, 0x0, 0x0) r5 = syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000080)='./file0/file1\x00', 0x0, 0x0, &(0x7f0000000200), 0x0, &(0x7f0000000140)=ANY=[]) unlinkat(r5, &(0x7f0000000100)='./file0\x00', 0x200) 17:04:19 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000200)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in6=@ipv4={'\x00', '\xff\xff', @broadcast}, 0x0, 0x32}, @in=@dev, {0x0, 0x0, 0x0, 0x0, 0x0, 0xd}, {}, {}, 0x0, 0x0, 0xa, 0xd104, 0x0, 0x24}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0) 17:04:19 executing program 5: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f0000000140), r0) r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000000040), r3) sendmsg$NLBL_MGMT_C_LISTDEF(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x1c, r5, 0x1, 0x0, 0x0, {}, [@NLBL_MGMT_A_FAMILY={0x6}]}, 0x1c}}, 0x0) r6 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f0000000200), r6) r8 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r9 = creat(&(0x7f0000000040)='./file0/file1\x00', 0x0) write$cgroup_type(r9, &(0x7f00000009c0), 0xd4ba0ff) sendmsg$AUDIT_GET_FEATURE(r9, &(0x7f00000002c0)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000280)={&(0x7f0000000240)={0x10, 0x3fb, 0x8, 0x70bd2a, 0x25dfdbfe, "", [""]}, 0x10}}, 0x14) sendmsg$NLBL_CIPSOV4_C_ADD(r8, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000000)={0x3c, r7, 0x1, 0x0, 0x0, {}, [@NLBL_CIPSOV4_A_TAGLST={0x4}, @NLBL_CIPSOV4_A_DOI={0x8}, @NLBL_CIPSOV4_A_MLSCATLST={0x10, 0xc, 0x0, 0x1, [{0x7, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8}]}]}, @NLBL_CIPSOV4_A_MLSLVLLST={0x4}, @NLBL_CIPSOV4_A_MTYPE={0x8, 0x2, 0x1}]}, 0x3c}}, 0x0) sendmsg$NLBL_CIPSOV4_C_ADD(r4, &(0x7f0000000180)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000100)={&(0x7f0000000080)={0x7c, r7, 0x2, 0x70bd25, 0x25dfdbfb, {}, [@NLBL_CIPSOV4_A_DOI={0x8, 0x1, 0x3}, @NLBL_CIPSOV4_A_TAGLST={0xc, 0x4, 0x0, 0x1, [{0x5, 0x3, 0x5}]}, @NLBL_CIPSOV4_A_TAGLST={0x14, 0x4, 0x0, 0x1, [{0x5}, {0x5, 0x3, 0x1}]}, @NLBL_CIPSOV4_A_MTYPE={0x8, 0x2, 0x2}, @NLBL_CIPSOV4_A_MLSLVLLST={0x20, 0x8, 0x0, 0x1, [{0x1c, 0x7, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0xf7}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x7fb740bd}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x3fda008e}]}]}, @NLBL_CIPSOV4_A_DOI={0x8, 0x1, 0x3}, @NLBL_CIPSOV4_A_MTYPE={0x8, 0x2, 0x3}, @NLBL_CIPSOV4_A_MTYPE={0x8, 0x2, 0x3}]}, 0x7c}, 0x1, 0x0, 0x0, 0xc4}, 0x8010) sendmsg$NLBL_CIPSOV4_C_ADD(r1, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000000)={0x40, r2, 0x1, 0x0, 0x0, {}, [@NLBL_CIPSOV4_A_MLSLVLLST={0x18, 0x8, 0x0, 0x1, [{0x14, 0x7, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x4f03bfe0}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8}]}]}, @NLBL_CIPSOV4_A_DOI={0x8}, @NLBL_CIPSOV4_A_MTYPE={0x8, 0x2, 0x1}, @NLBL_CIPSOV4_A_TAGLST={0x4}]}, 0x40}}, 0x800) 17:04:19 executing program 5: r0 = syz_open_dev$tty20(0xc, 0x4, 0x0) write$cgroup_type(0xffffffffffffffff, &(0x7f00000009c0), 0xd4ba0ff) writev(0xffffffffffffffff, &(0x7f00000021c0)=[{&(0x7f00000010c0)="6c617e01c69ec1c5d88a58ed6582e4b388b492445092997f1cddfa148f3fc4b2b80f5f2bcd626469bcdf972b94e9b91a0d5add81967be8db8b831ff8ebc9526a08ea2bd71293db4aa5750ffbda8f9ac5a6fae2720236b750ea298969027941896981b2e5f37b345848b1bf1353e07571fed08f8f77d2497e1df539aa93a1902d1aae5512a5b671b120a9bf7f05f1a70753de8056e3fc0ea091cd8df0bd870eb8bca4a8ec4667f28746bf92e3484cd10372cafe45aa821f6d09532db19633be49c32ebf0868623724424b132c464293fd63a9af200454103c5cce3ec1d3d105079edb762e39d5e49079e1514662e18a386d62cf5dc1a797a4ea5c4b196a970f2d424cf18bb8c2b2ee9dc5e8a76fad4ccf6af07dafdd8a1d40f1984b6375473b6d2803e4588aff2a8c3c336669981483adfd6a8e524169292f483d984d306698d74ec83b931e8c5dd02a728e2f43a2fa18b45e19583877d6eac1e2e9a435057bbf695bc96b5808da8c3fe7d6f4e3fd3b4e94579ac8c69b2c1d204a2b34a95283f31316e6caea7d2a3b79f7167a387f6e1e47bd31794477071d473246d30b9139fa80480bc843b498d3129e59c6afab0864e0b57916ff694919f5af17b4e6f68c83736649e7c89c78c72c93515846a411f495d0f0760622bd59847eeb7a11dd39b4920b917c6e6c871a0fdde727b4f77aae288f82ec073f96bc1866ae266da70634d65a43db89136759226aa8825b5c0f77675b1c39bde81a946245a35d5bd866956bdc20db5bd8bcbcd1944e46567aa9877b101d48d0f971a42cb49cc819a588d77b0d1bca9a4e8f15d4f88bf12ad7c5d48a598b4b413977f7ed204c5618aafc66793260dff6f93dae7519d04f261ab80374fba019fdf188f6693afc6633a8aff45df383682a2a05e9fcb775c01d626c904df1987d46d259b6bf99ef02438aea77087294430d20c2ac93562d2162a557dff562bb0dfffb0483fd9c085c3ff13471e6929b6d9234c291cab5c36b955c678a5402f6c1ba111a95bc653de4fad6d12ba2eae3962c77d4de0244fdf06bb9e58c92126275797d0d19e89ccea4afc2af3752d07bc954fac7dc7baa49f6733eab79ffd49fed5da98171ad501c3eb51aa5d3a62663849bf50d5ddf7572e9a0efd6c93e1bfc24306b14198a105522185b814863f23e571eb48aeb867dfbfea9a3ddf63a4a6bdc7231f27a711f11f6893a0507217ce4430df32715bcd6c8bc04647a6757f7e23d6a143a2f47c07d45976288e10659532a18287dc429d0a3947bb656ac5feb45c5d1535a4d279504a526b53abb598884b60aa3a384284ec833a43da39ed522cbcdbbe30b838f7cfb6326dd65c03bbece1316d987436ad390ec597b3fc8c9805b6208bf51e2dbf5e96cbd184f7ba13bcce03fe54d948dd3df766468f519e9d363270e34951b1148180881a5b466d59ddba529125120b742637e50b7278fedcbe77a339d13bc8c935f30ed00c21edf49bc6789d671ad04fea862e2c70e3ba4979d69a7594e92dbcaef84c7d9a368d4d0976b91b88624f772380a1a930aaad7e6df4697b570a25135a368a5b0d7b4507e25f4f0d98b15e41aa26d5299b16d633db5a22c2887895b5f3423956bf9e54477d23e1527d00bc39607d4bf40e903f124a223238acda978c598bc39038ed1b97ab6df1361692e46b2862e7dec8ac415e5d4c6ef819b91a475a5e1dda1a41cd13501c1c6f891809d5fcc217edee1d9bbdbd8cc059ed0f17e6739c494096f9cbc4de8858c0ea84d9951b507cf2aa99d6c39b913b3989b0c2d7dd623004ee0fe8c7e177048d0e128723f697baed985a9c890abdaa02d954ebcc09ea36f84280d22883879aef52fde724ffef48c548b1720d60a7679a46c2e1342e3a239b4f2b025872dcae17b3750d7d9ba5b3dac66357b364510e89ed16ec0c516e7ccc9cb5c7a53af34405e92ec4d9b2c17a65129d788f06b839e714a396501585787f86d5894c6c25097398567ffce49d4126b343800409c03aa2a405b1c19b9203041884df62f7bc0d8ad75542773c4415f17f9c91b2456281106dbda4d57a9106983f4ac40fa29e1b9179758676c32a9455809fb13b4736cd50127d9411aa5638306bfe8330f05f1f48262fac121fbb47aeab5ce880112bad9e65bcfe39df7dcbd09e50326f1f0c3b7561cc45bf6b07b61a3ecb520574bd254535370a56da290591399c16796a4c1b4277100214cacf81eaf4df28d7dea413900d70bd45bbcbb0ddcd02c52edb6495bc638f901f3b8480b2ecedc8489af3bfe76974899efe23c01f2123bd356dc6f2239be89b02444669ef359b82761cee2d2541b1e7faccb1917687009204558f5590f1f4f380d633b1e953311ef31306aaae5cc6131ef5211aeb6d4090897ab2dbb314e37cd5524d3b43aeb6033d57612764850c78acbdb6af137cb4a47411947019c1bc0f4efc4fba91af057eaf69c550941a0f2b89b90c7143f3d4d73e6f28893a60deb6f48ef64a46d0ab10cd533297bc22cdbc059de35b809bc6f493fe1261b4214a18269cc75c847cefbe8fab7e04552e8c13900d88e1c05c0bdeb221912cbe6d3f1d0718f216f3aec559c3f62a95f8418f0675b1040018e4c0a3f7503774fe24d715c89628be6b6793c660c006ae2f7d36676d816b996eb2d5a5a9bfaf70bdf9e0987036a9015869bdbcc7e317c9db7877a494fc7b3ebc7007b4060db7cd801328d6d7ea1586ea27f91df2abcd199c63d32911bb09df0114559991cfb11e6e135a33aec4a90bd14ec4f404ea894cb8c9f0ffde33cf09c7f9666b3e309b67108359d62b6e282bb1b0f543ab3c4b8b84cd680c14d474bf31673841eac46348f8fa89fc00270a33349773d8d0fe99cb3d301290528691fa62cba00e088960bd7f117534e849b3e4db2d2d8949f67f22cf71d62f92b7935f8bcf40ff611db71f7dcab4f2e6caa1de62501d4725e8eef13f3bf150c75d412272e221f64a230572cc27ed91163108b2bb75dd50b522fdc5eabb1300f54661f95cbb99f2e56cfb7c1febb2e5d2753775d82a14db1a66e4e4b5f5043772a93c3a3af4703727040e5a30fb8a9c7f648e66339b98ef92ba1147cb00d07e8293aae343ecfd27e95741798d2bf3f254a64bbcbbeeec9e24857fa877d2acf931c294c82d050bfa61cbdcacd8a165034414adbe4f637bec781c5db0b8c26b54a2ecffaea2b242f9a93a81ec7d79c0e8e258966e1272762b54e17f11a5bf0da8f13131e59075380d5393ca4cd020bce7e29fb1d59928deed5579b0c5427b8a11f2aee8d7619fd1a19aee6698f48b71252bd272350e813de059367e5b398ce63ebbe34bf5d237275bb64e7229520de2e5dfbda797f31e02ff598ccac1a589d3e33f098c895e827a614ec784b1f734d349adcc92e6764c7a299e536140aa9c0f52f35b56f7d1e408c70cab839341e5020b4064b02fe9005e442d51aa069bcff1f04d8374a74af43f803fca2f1f6ca216a914bb52064ad7b35de7f00560e6b3836173c04faa7f9184965dd4063da2687b2d2feac3ed31dac1d3ed7995a8255045fa0fbf535a3e571781fa3fe9edd3e1a9433eb863e9d6abc035a566442e4040a2e2a3ec279782780c07fb160fdd250ff2bc6d9a3d133455794ce7dce08316d1109b2bb1a989ceff841d1df0d0c1589c41b5702aca9a8856e38cddd669fb665c9796099091b39c46c318b4cc7f6755c388f665b616708d5610084a4019af6964ae356c61a80a63a32c1b78ba4a39e31acecc3ce2fe67b67c0bc457cdfa5433dd546601411c1ea5b73bdb475572ef1b5f8ee61d9539c957ef2b2ebffbacc2cf3335d958918733120b06a87732c4662e896118214636201d1844e4b33d9019ca8fb31bef76b4bec1e4da98cae37c155ca9a955e6ab3617d4847caefd32b8bc22a69fedc65c24fee1a201e8e7ebc3d693afecc56e8e2586e5c736aa3c0b77b4eea4503be6d99bb7d6c3d3b99cf6dfc14a4442f788efa8e3766f16309d6abe87afd1f9347ef2626a18404fdb08c489c9247be464afc97fe8ed3aec0c297bb18993c3e0e4927fc97d5ccb508cb76fb2e775273579fe900ea4361262280a23de1526636c7a2797aba6f5c55373ac149cf9d0165c90d52e37312332808185298f8ca56d3cb16b15ba5ff7882d96b2ce56fedfa4f2804883762aafe3979501b5a", 0xb93}], 0x1) r1 = signalfd(r0, &(0x7f0000000000)={[0xcec]}, 0x8) open(&(0x7f0000000040)='./file0\x00', 0x4a002, 0x5) ioctl$TCXONC(r1, 0x540a, 0x1) 17:04:19 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000200)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in6=@ipv4={'\x00', '\xff\xff', @broadcast}, 0x0, 0x32}, @in=@dev, {0x0, 0x0, 0x0, 0x0, 0x0, 0xe}, {}, {}, 0x0, 0x0, 0xa, 0xd104, 0x0, 0x24}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0) 17:04:19 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000580)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = socket$inet(0x10, 0x3, 0x0) sendmsg(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000400)="24002000260007031dfffd946fa2830020200a0009000000001d85680c1ba3a20400ff7e280000001c00ffffba16a0aa1c0009b3ebcd774a3c374a095dca5285307eadea8653a1cc7e63975c", 0x4c}], 0x1}, 0x0) 17:04:19 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) lsetxattr$security_ima(&(0x7f0000000040)='./file0\x00', &(0x7f00000000c0), &(0x7f0000000100)=@ng={0x4, 0xf, "8b8098"}, 0x5, 0x1) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) creat(&(0x7f0000000140)='./file0\x00', 0x0) clone(0x2c800000, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount$9p_tcp(&(0x7f0000000180), &(0x7f00000001c0)='./file0\x00', &(0x7f0000000200), 0x0, &(0x7f0000000080)) 17:04:19 executing program 5: preadv(0xffffffffffffffff, &(0x7f00000004c0)=[{&(0x7f0000000040)=""/64, 0x40}, {&(0x7f0000000280)=""/154, 0x9a}, {&(0x7f0000000180)=""/83, 0x53}, {&(0x7f0000000340)=""/112, 0x70}, {&(0x7f00000000c0)=""/7, 0x7}, {&(0x7f00000003c0)=""/209, 0xd1}], 0x6, 0x90, 0x800) syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="200000000d00000019000000900100000f000000000000000000000004000000000002000020000020000000d1f4655fd1f4655f0100ffff53ef010001000000d9f4655f000000000000000001000000000000000b0000000001000018000000c28500002b02", 0x66, 0x400}, {&(0x7f0000000140)="000000000000000010000000f2a953140c764271ad9be301789147cf010040", 0x1f, 0x4e0}, {&(0x7f0000010200)="0000000000000000000000000000000000000000000000000000000020002000010000000000050040", 0x29, 0x540}, {0x0, 0x0, 0x2200}], 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB="ec"]) [ 564.289777][ T1034] loop2: p1 p2 p3 p4 [ 564.295631][ T1034] loop2: p1 start 10 is beyond EOD, truncated [ 564.300871][T14614] FAULT_INJECTION: forcing a failure. [ 564.300871][T14614] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 564.301835][ T1034] loop2: p2 size 1073872896 extends beyond EOD, truncated [ 564.314937][T14614] CPU: 0 PID: 14614 Comm: syz-executor.4 Not tainted 5.12.0-syzkaller #0 [ 564.325123][ T1034] loop2: p3 start 225 is beyond EOD, [ 564.330422][T14614] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 564.330436][T14614] Call Trace: [ 564.330443][T14614] dump_stack+0x137/0x19d [ 564.335832][ T1034] truncated [ 564.345917][T14614] should_fail+0x23c/0x250 [ 564.345943][T14614] __alloc_pages+0x102/0x320 [ 564.349196][ T1034] loop2: p4 size 3657465856 extends beyond EOD, [ 564.353500][T14614] alloc_pages+0x21d/0x310 [ 564.353517][T14614] push_pipe+0x267/0x370 [ 564.353538][T14614] iov_iter_get_pages+0xb39/0xcc0 [ 564.356638][ T1034] truncated [ 564.388822][T14614] bio_iov_iter_get_pages+0x55f/0xa70 [ 564.394218][T14614] iomap_dio_bio_actor+0x673/0xb50 [ 564.399346][T14614] iomap_dio_actor+0x26e/0x3b0 [ 564.404182][T14614] ? __filemap_fdatawait_range+0x17c/0x1b0 [ 564.410011][T14614] iomap_apply+0x1e2/0x400 [ 564.415606][T14614] __iomap_dio_rw+0x5af/0xad0 [ 564.420518][T14614] ? __iomap_dio_rw+0xad0/0xad0 [ 564.425447][T14614] iomap_dio_rw+0x30/0x70 [ 564.429861][T14614] ext4_file_read_iter+0x21a/0x290 17:04:20 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000200)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in6=@ipv4={'\x00', '\xff\xff', @broadcast}, 0x0, 0x32}, @in=@dev, {0x0, 0x0, 0x0, 0x0, 0x0, 0x10}, {}, {}, 0x0, 0x0, 0xa, 0xd104, 0x0, 0x24}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0) [ 564.435066][T14614] generic_file_splice_read+0x22a/0x310 [ 564.440761][T14614] ? splice_shrink_spd+0x60/0x60 [ 564.445708][T14614] splice_direct_to_actor+0x2aa/0x650 [ 564.451234][T14614] ? do_splice_direct+0x170/0x170 [ 564.457771][T14614] do_splice_direct+0xf5/0x170 [ 564.462604][T14614] do_sendfile+0x773/0xda0 [ 564.467025][T14614] __x64_sys_sendfile64+0xf2/0x130 [ 564.472226][T14614] do_syscall_64+0x4a/0x90 [ 564.476665][T14614] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 564.482567][T14614] RIP: 0033:0x4665f9 [ 564.486600][T14614] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 564.506342][T14614] RSP: 002b:00007f66db8d7188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 564.514834][T14614] RAX: ffffffffffffffda RBX: 000000000056c008 RCX: 00000000004665f9 [ 564.522817][T14614] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000003 [ 564.522875][T14614] RBP: 00007f66db8d71d0 R08: 0000000000000000 R09: 0000000000000000 17:04:20 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000580)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = socket$inet(0x10, 0x3, 0x0) sendmsg(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000400)="24002500260007031dfffd946fa2830020200a0009000000001d85680c1ba3a20400ff7e280000001c00ffffba16a0aa1c0009b3ebcd774a3c374a095dca5285307eadea8653a1cc7e63975c", 0x4c}], 0x1}, 0x0) [ 564.522885][T14614] R10: 00008080ffffff7e R11: 0000000000000246 R12: 0000000000000002 [ 564.522897][T14614] R13: 00007ffc1c86f7ef R14: 00007f66db8d7300 R15: 0000000000022000 [ 564.525132][ T1034] loop2: p1 p2 p3 p4 [ 564.580537][ T1034] loop2: p1 start 10 is beyond EOD, truncated [ 564.586705][ T1034] loop2: p2 size 1073872896 extends beyond EOD, truncated [ 564.596168][ T1034] loop2: p3 start 225 is beyond EOD, truncated [ 564.602511][ T1034] loop2: p4 size 3657465856 extends beyond EOD, truncated [ 564.633715][ T1034] loop2: p1 p2 p3 p4 [ 564.637931][ T1034] loop2: p1 start 10 is beyond EOD, truncated [ 564.644029][ T1034] loop2: p2 size 1073872896 extends beyond EOD, truncated [ 564.652506][ T1034] loop2: p3 start 225 is beyond EOD, truncated [ 564.658684][ T1034] loop2: p4 size 3657465856 extends beyond EOD, truncated 17:04:20 executing program 4 (fault-call:11 fault-nth:13): prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x6}, 0x0) r0 = open(&(0x7f00000001c0)='./bus\x00', 0x145842, 0x0) r1 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0) lseek(r1, 0x4200, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r3, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r2, &(0x7f0000000000), 0x10000}]) r4 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r1, r4, 0x0, 0x8400fffffffb) sendfile(r0, r0, 0x0, 0x8080ffffff7e) 17:04:20 executing program 5: r0 = socket$inet6(0xa, 0x3, 0x2) setsockopt$inet6_buf(r0, 0x29, 0x39, &(0x7f0000000040)="ff0204000000000100000000000000000000000000000205", 0x18) connect$inet6(r0, &(0x7f0000000080)={0xa, 0x0, 0x0, @private2}, 0x1c) r1 = creat(&(0x7f0000000040)='./file0/file1\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0), 0xd4ba0ff) r2 = creat(&(0x7f0000000040)='./file0/file1\x00', 0x0) write$cgroup_type(r2, &(0x7f00000009c0), 0xd4ba0ff) r3 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) getdents(r3, 0x0, 0x18) setsockopt$inet6_IPV6_RTHDRDSTOPTS(r0, 0x29, 0x37, &(0x7f00000002c0)=ANY=[@ANYRES64=r3, @ANYRESDEC, @ANYRES16, @ANYRESDEC=r0, @ANYRESDEC=r2, @ANYRESOCT, @ANYRESOCT=r0, @ANYRESHEX=r2, @ANYBLOB="71d8e44f85be326809a43d854a7b78a253e16fc14952f6e53aeaaac88fa3155c25a635be33c53218c9a301f5473c6777a4abe3b80e440806bafdeffbe97cd393c2ed605df0920cf46b0cb5fc26c5f3cede1250b85283e864cd3f908bee369f66300f5d27526edbb6787f44dae74e5b1f9282065561ec966320cf90a103b8538d1e37984f15371848707138033dd2da7c09e36fdb438bef17330df19fdfa2188f1c14a2fde6e11a2f54bd431d30cf585a2a0fccbd041a3fb5a4fd8646a88ecbc345d100159ea77414f4648cab813d56dfe641de5e311b1e4f5761b50288c88b309c6290b1d3f0fc459486496936fd28"], 0x8) connect$inet6(r0, &(0x7f0000000100)={0xa, 0x4e21, 0x4b, @local, 0x3}, 0x1c) r4 = openat$vcsu(0xffffffffffffff9c, &(0x7f00000000c0), 0x301200, 0x0) setsockopt$inet6_IPV6_HOPOPTS(r2, 0x29, 0x36, &(0x7f00000001c0)={0x32, 0x1e, '\x00', [@pad1, @ra={0x5, 0x2, 0x101}, @generic={0x6, 0xd7, "025891b0ac3c43ad7d5296b486a40abeae3a2ff45d17090640e96233e2426e6d5d407d10607717cefbdebfe6aa62f0e1ab5a590c74058516aa729e058b4ba349f23dffc4630df0fd67ae574e97ff473cf6497f429f4db49b46f3c8616c686d0cd61905aa7db336393abaf7df5ee48b0ad8b2ab6678ed33d4a4e4942a66e8673c49f32ef56f2a4e1eed8dfc63fed2d2e7f6aabd6c37d32dad5c4a4a4e15265217382000180882a4704f3a29a3fb22adc08695346dc1c9c37489e050f0ae3395261e1fd7aa15e6e33815c52998e1d9b894910a04bdd430ed"}, @pad1, @padn={0x1, 0x1, [0x0]}, @jumbo={0xc2, 0x4, 0x2}, @pad1, @ra={0x5, 0x2, 0xaa}]}, 0x100) setsockopt$inet6_MCAST_MSFILTER(r4, 0x29, 0x30, &(0x7f00000007c0)=ANY=[@ANYBLOB="00010000000000000a004e2400000000fc000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000050000000a004e222800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000090000584210b5361dac87efb08eb100000000000000000000000000000000000000000000000000000000000000000000000000000000000a004e2000000009ff02000000000000000000000000000100000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a004e21d5c5765200dfbaf40000000000000000000000bb55fd0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a004e2400000001fe88000000000000000000000000010108000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c5f470000000000000000000000000000000000000000000000000000000000000000000000000000000000000a004e23000006c0fc0000000000000000000000000000010400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000090000000000000000000000000000000000000000905dd26764c8c3a2726f69e829cdbbc49895a4e1d456020200705594182e252dfaa9e564514070cf4b709502ce701d60a0b6309c2895a622799eaaf733d31f88e4ae285d3899af2c928d661e9edac7bf247f46"], 0x310) sendto$inet6(r0, 0x0, 0x0, 0x0, 0x0, 0x0) inotify_add_watch(r2, &(0x7f0000000000)='./file0/file1\x00', 0x10000060) 17:04:20 executing program 0: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f000099e000)={0x2, 0x4e20, @multicast1}, 0x10) ioctl$int_in(0xffffffffffffffff, 0x5452, &(0x7f00000000c0)=0x24) getpgid(0x0) openat$bsg(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$F2FS_IOC_COMMIT_ATOMIC_WRITE(0xffffffffffffffff, 0xf502, 0x0) r1 = getpid() perf_event_open(&(0x7f0000000700)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, r1, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) splice(0xffffffffffffffff, &(0x7f0000000040), 0xffffffffffffffff, &(0x7f0000000180)=0x3, 0x7, 0xf) sendto$inet(r0, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) preadv(0xffffffffffffffff, &(0x7f0000000040), 0x0, 0x7fffffff, 0x0) r2 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r2, 0x0, 0x0) getsockname$packet(r2, &(0x7f00000002c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000003c0)=0x14) openat$vcsa(0xffffffffffffff9c, &(0x7f00000001c0), 0x40700, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, 0x0) setuid(r3) ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, 0x0) recvfrom(r0, &(0x7f0000000480)=""/110, 0xfffffe32, 0x734, 0x0, 0xffffffffffffff39) 17:04:20 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000200)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in6=@ipv4={'\x00', '\xff\xff', @broadcast}, 0x0, 0x32}, @in=@dev, {0x0, 0x0, 0x0, 0x0, 0x0, 0x11}, {}, {}, 0x0, 0x0, 0xa, 0xd104, 0x0, 0x24}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0) 17:04:20 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000580)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = socket$inet(0x10, 0x3, 0x0) sendmsg(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000400)="24112500260007031dfffd946fa2830020200a0009000000001d85680c1ba3a20400ff7e280000001c00ffffba16a0aa1c0009b3ebcd774a3c374a095dca5285307eadea8653a1cc7e63975c", 0x4c}], 0x1}, 0x0) 17:04:20 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000200)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in6=@ipv4={'\x00', '\xff\xff', @broadcast}, 0x0, 0x32}, @in=@dev, {0x0, 0x0, 0x0, 0x0, 0x0, 0x12}, {}, {}, 0x0, 0x0, 0xa, 0xd104, 0x0, 0x24}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0) 17:04:20 executing program 5: set_mempolicy(0x2, &(0x7f0000000440)=0x5, 0x7b2) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x3ff, 0x40, 0x8, 0x2}]}) syz_genetlink_get_family_id$gtp(&(0x7f0000000140), 0xffffffffffffffff) 17:04:20 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000580)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = socket$inet(0x10, 0x3, 0x0) sendmsg(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000400)="24002800260007031dfffd946fa2830020200a0009000000001d85680c1ba3a20400ff7e280000001c00ffffba16a0aa1c0009b3ebcd774a3c374a095dca5285307eadea8653a1cc7e63975c", 0x4c}], 0x1}, 0x0) [ 565.243303][ T1034] loop2: p1 p2 p3 p4 [ 565.248744][ T1034] loop2: p1 start 10 is beyond EOD, truncated [ 565.254876][ T1034] loop2: p2 size 1073872896 extends beyond EOD, truncated [ 565.267400][ T1034] loop2: p3 start 225 is beyond EOD, truncated [ 565.271890][T14676] FAULT_INJECTION: forcing a failure. [ 565.271890][T14676] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 565.273611][ T1034] loop2: p4 size 3657465856 extends beyond EOD, truncated [ 565.286792][T14676] CPU: 1 PID: 14676 Comm: syz-executor.4 Not tainted 5.12.0-syzkaller #0 [ 565.286811][T14676] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 565.286820][T14676] Call Trace: [ 565.286826][T14676] dump_stack+0x137/0x19d [ 565.320444][T14676] should_fail+0x23c/0x250 [ 565.324874][T14676] __alloc_pages+0x102/0x320 [ 565.329479][T14676] alloc_pages+0x21d/0x310 [ 565.333990][T14676] push_pipe+0x267/0x370 [ 565.338266][T14676] iov_iter_get_pages+0xb39/0xcc0 [ 565.343315][T14676] bio_iov_iter_get_pages+0x55f/0xa70 [ 565.348702][T14676] iomap_dio_bio_actor+0x673/0xb50 [ 565.353832][T14676] iomap_dio_actor+0x26e/0x3b0 [ 565.358631][T14676] ? __filemap_fdatawait_range+0x17c/0x1b0 [ 565.364452][T14676] iomap_apply+0x1e2/0x400 [ 565.368929][T14676] __iomap_dio_rw+0x5af/0xad0 [ 565.371745][T14623] 9pnet: p9_fd_create_tcp (14623): problem connecting socket to 127.0.0.1 [ 565.373632][T14676] ? __iomap_dio_rw+0xad0/0xad0 [ 565.386967][T14676] iomap_dio_rw+0x30/0x70 [ 565.391917][T14676] ext4_file_read_iter+0x21a/0x290 [ 565.397128][T14676] generic_file_splice_read+0x22a/0x310 [ 565.402803][T14676] ? splice_shrink_spd+0x60/0x60 [ 565.407747][T14676] splice_direct_to_actor+0x2aa/0x650 [ 565.413125][T14676] ? do_splice_direct+0x170/0x170 [ 565.418154][T14676] do_splice_direct+0xf5/0x170 [ 565.422998][T14676] do_sendfile+0x773/0xda0 [ 565.427568][T14676] __x64_sys_sendfile64+0xf2/0x130 [ 565.432673][T14676] do_syscall_64+0x4a/0x90 [ 565.437096][T14676] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 565.443026][T14676] RIP: 0033:0x4665f9 [ 565.446922][T14676] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 565.466531][T14676] RSP: 002b:00007f66db8d7188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 565.474961][T14676] RAX: ffffffffffffffda RBX: 000000000056c008 RCX: 00000000004665f9 [ 565.482967][T14676] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000003 17:04:21 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000200)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in6=@ipv4={'\x00', '\xff\xff', @broadcast}, 0x0, 0x32}, @in=@dev, {0x0, 0x0, 0x0, 0x0, 0x0, 0x14}, {}, {}, 0x0, 0x0, 0xa, 0xd104, 0x0, 0x24}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0) 17:04:21 executing program 3: syz_mount_image$vfat(&(0x7f0000000140), &(0x7f0000000100)='./file1\x00', 0x0, 0x2, &(0x7f0000000080)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400028001000240000004f801", 0x17}, {0x0, 0x0, 0x10dfe}], 0x0, &(0x7f00000000c0)=ANY=[]) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0) open(&(0x7f0000000040)='./file1\x00', 0x480, 0x40) write$binfmt_script(r0, &(0x7f0000000200)=ANY=[@ANYRES32, @ANYRESHEX, @ANYBLOB="52d2d0328032d5857d284e86bdf9d0056d6b2385f883b6a81621f23d7b0aa7f0dbad4c17810979a1a6643e"], 0xfe4a) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x12, r0, 0x0) 17:04:21 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000580)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = socket$inet(0x10, 0x3, 0x0) sendmsg(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000400)="24103400260007031dfffd946fa2830020200a0009000000001d85680c1ba3a20400ff7e280000001c00ffffba16a0aa1c0009b3ebcd774a3c374a095dca5285307eadea8653a1cc7e63975c", 0x4c}], 0x1}, 0x0) 17:04:21 executing program 5: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff}) ioctl$F2FS_IOC_RELEASE_COMPRESS_BLOCKS(r0, 0x8008f512, &(0x7f0000000080)) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000340)='memory.events\x00', 0x7a05, 0x1700) ioctl$PERF_EVENT_IOC_PERIOD(r2, 0x40086602, &(0x7f0000000100)=0xee) write$cgroup_type(r1, &(0x7f0000000000), 0x248800) fork() [ 565.490937][T14676] RBP: 00007f66db8d71d0 R08: 0000000000000000 R09: 0000000000000000 [ 565.498921][T14676] R10: 00008080ffffff7e R11: 0000000000000246 R12: 0000000000000002 [ 565.506892][T14676] R13: 00007ffc1c86f7ef R14: 00007f66db8d7300 R15: 0000000000022000 [ 565.559381][ T1034] loop2: p1 p2 p3 p4 [ 565.563981][ T1034] loop2: p1 start 10 is beyond EOD, truncated [ 565.570148][ T1034] loop2: p2 size 1073872896 extends beyond EOD, truncated [ 565.585377][ T1034] loop2: p3 start 225 is beyond EOD, truncated [ 565.591777][ T1034] loop2: p4 size 3657465856 extends beyond EOD, truncated [ 565.615398][T14700] loop3: detected capacity change from 0 to 269 [ 565.677142][ T1034] loop2: p1 p2 p3 p4 [ 565.682670][ T1034] loop2: p1 start 10 is beyond EOD, truncated [ 565.688888][ T1034] loop2: p2 size 1073872896 extends beyond EOD, truncated [ 565.697309][ T1034] loop2: p3 start 225 is beyond EOD, truncated [ 565.703561][ T1034] loop2: p4 size 3657465856 extends beyond EOD, truncated 17:04:21 executing program 4 (fault-call:11 fault-nth:14): prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x6}, 0x0) r0 = open(&(0x7f00000001c0)='./bus\x00', 0x145842, 0x0) r1 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0) lseek(r1, 0x4200, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r3, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r2, &(0x7f0000000000), 0x10000}]) r4 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r1, r4, 0x0, 0x8400fffffffb) sendfile(r0, r0, 0x0, 0x8080ffffff7e) 17:04:21 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000200)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in6=@ipv4={'\x00', '\xff\xff', @broadcast}, 0x0, 0x32}, @in=@dev, {0x0, 0x0, 0x0, 0x0, 0x0, 0x17}, {}, {}, 0x0, 0x0, 0xa, 0xd104, 0x0, 0x24}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0) 17:04:21 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000580)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = socket$inet(0x10, 0x3, 0x0) sendmsg(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000400)="24004800260007031dfffd946fa2830020200a0009000000001d85680c1ba3a20400ff7e280000001c00ffffba16a0aa1c0009b3ebcd774a3c374a095dca5285307eadea8653a1cc7e63975c", 0x4c}], 0x1}, 0x0) 17:04:21 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f00000002c0)='./file0\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = creat(&(0x7f0000000040)='./file0/file1\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0), 0xd4ba0ff) mmap(&(0x7f00005ed000/0x2000)=nil, 0x2000, 0x2000006, 0x100010, r1, 0x219c7000) syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000140)=[{&(0x7f0000010000)="200000008000000006000000600000000f000000000000000100000001000000004000000040000020000000d8f4655fd8f4655f0100ffff53ef", 0x3a, 0x400}, {&(0x7f0000000040)="01bcb27b661a4448e8ef1782388a8fa82070", 0x12, 0x560}, {&(0x7f0000010400)="020000001200000022", 0x9, 0x800}, {&(0x7f0000012e00)="ed41000000080000d8f4655fd8f4655fd8f4655f000000000000040004", 0x1d, 0x11080}], 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1e9390363c13d25501404e7138"]) mkdir(&(0x7f0000000080)='./file0\x00', 0x124) 17:04:21 executing program 5: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff}) ioctl$F2FS_IOC_RELEASE_COMPRESS_BLOCKS(r0, 0x8008f512, &(0x7f0000000080)) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000340)='memory.events\x00', 0x7a05, 0x1700) ioctl$PERF_EVENT_IOC_PERIOD(r2, 0x40086602, &(0x7f0000000100)=0xee) write$cgroup_type(r1, &(0x7f0000000000), 0x248800) fork() 17:04:21 executing program 0: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f00000000c0), 0xffffffffffffffff) sendmsg$NLBL_CIPSOV4_C_LISTALL(r0, &(0x7f0000000200)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x7c, r1, 0xa3afadf9f9df08c7, 0x70bd2b, 0x25dfdbfe, {}, [@NLBL_CIPSOV4_A_MLSLVLLST={0x4c, 0x8, 0x0, 0x1, [{0x3c, 0x7, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x1098de41}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x1e35fa0b}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x32}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x655d9079}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x787625da}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x4b}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x85307d4}]}, {0xc, 0x7, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0xfff}]}]}, @NLBL_CIPSOV4_A_DOI={0x8, 0x1, 0x3}, @NLBL_CIPSOV4_A_TAGLST={0x14, 0x4, 0x0, 0x1, [{0x5, 0x3, 0x7}, {0x5}]}]}, 0x7c}, 0x1, 0x0, 0x0, 0x48884}, 0x8040) syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x2000, 0x1, &(0x7f0000000300)=[{&(0x7f0000000440)="200000000002000019000000900100000f000000000000000000000004000000000002000020000020000000d1f4655fd1f4655f0100ffff53ef010001000000d9f4655f000000000000000001000000000000000b00000000013e1f6bb54fda3ba9df52d62324ade7ce9da8072639bf516e959702340b4bb7c94e785267bd643029cf3c206c0c3bbfb554ca35b1b4afa57467fb6ff5e7a2da0a1b2a88fdc9dc8edfb029aadff6540b30268233c4d65c04477eebcfccfaebb03da994e80ea6b50df4750145a85fa710e0de37add4e200d99e08c13a3417e1d9b477ded72be32fc6aaf34bf0033c4adea2fd5eadf3fba5cd41df64277e99f305c957cccf21633f1df780723c07d6860f2867a3319da85e6a635c3ab693bd3ffcefa0015170788fb280c6adcdf7b9f9ca5bcc5e68d089f1fc75a1347625038823af1d36e537221c460ccb624b12a846c3470de29bea07187bd78ffc2f1301588e18567b356001d8", 0x160, 0x400}], 0x8000, &(0x7f0000000080)) [ 566.170144][T14727] loop3: detected capacity change from 0 to 512 [ 566.170161][T14731] loop0: detected capacity change from 0 to 16 [ 566.189554][T14731] EXT4-fs (loop0): bad s_want_extra_isize: 55297 17:04:21 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000200)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in6=@ipv4={'\x00', '\xff\xff', @broadcast}, 0x0, 0x32}, @in=@dev, {0x0, 0x0, 0x0, 0x0, 0x0, 0x300}, {}, {}, 0x0, 0x0, 0xa, 0xd104, 0x0, 0x24}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0) 17:04:21 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000580)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = socket$inet(0x10, 0x3, 0x0) sendmsg(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000400)="24004c00260007031dfffd946fa2830020200a0009000000001d85680c1ba3a20400ff7e280000001c00ffffba16a0aa1c0009b3ebcd774a3c374a095dca5285307eadea8653a1cc7e63975c", 0x4c}], 0x1}, 0x0) 17:04:21 executing program 0: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r1 = openat(0xffffffffffffffff, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) r2 = creat(&(0x7f0000000040)='./file0/file1\x00', 0x0) write$cgroup_type(r2, &(0x7f00000009c0), 0xd4ba0ff) ioctl$BTRFS_IOC_QUOTA_RESCAN(r2, 0x4040942c, &(0x7f0000000080)={0x0, 0x0, [0x0, 0xf2, 0x2, 0x2c04, 0x800, 0x4]}) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0) preadv(r2, &(0x7f0000000800)=[{&(0x7f0000000200)=""/88, 0x58}, {&(0x7f0000000280)=""/163, 0xa3}, {&(0x7f00000003c0)=""/156, 0x9c}, {&(0x7f0000000180)=""/35, 0x23}, {&(0x7f0000000480)=""/210, 0xd2}, {&(0x7f0000000580)=""/246, 0xf6}, {&(0x7f0000000680)=""/195, 0xc3}, {&(0x7f0000000780)=""/40, 0x28}, {&(0x7f00000007c0)=""/24, 0x18}], 0x9, 0xffff, 0xffffffff) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) creat(&(0x7f0000000140)='./file0\x00', 0x0) fallocate(r1, 0x0, 0x3, 0x1000) creat(&(0x7f00000000c0)='./file0\x00', 0x84) clone(0x40100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pipe2$9p(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000100), 0x0, &(0x7f0000000340)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r3, @ANYBLOB=',wfdno=', @ANYRESHEX=r4, @ANYBLOB="2c76657273696f6e3d3970323030302c616649643d3028c26f4379bd78083030303030303030303030303030382c6163636573733d"]) [ 566.218656][T14727] EXT4-fs (loop3): Unrecognized mount option "6<U@Nq8" or missing value [ 566.260463][ T1034] loop2: p1 p2 p3 p4 [ 566.266960][ T1034] loop2: p1 start 10 is beyond EOD, truncated [ 566.273732][ T1034] loop2: p2 size 1073872896 extends beyond EOD, truncated [ 566.281953][T14754] FAULT_INJECTION: forcing a failure. [ 566.281953][T14754] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 566.283731][ T1034] loop2: p3 start 225 is beyond EOD, [ 566.295327][T14754] CPU: 1 PID: 14754 Comm: syz-executor.4 Not tainted 5.12.0-syzkaller #0 [ 566.295348][T14754] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 566.295359][T14754] Call Trace: [ 566.300720][ T1034] truncated [ 566.300726][ T1034] loop2: p4 size 3657465856 extends beyond EOD, [ 566.309114][T14754] dump_stack+0x137/0x19d [ 566.319216][ T1034] truncated [ 566.322455][T14754] should_fail+0x23c/0x250 [ 566.343768][T14754] __alloc_pages+0x102/0x320 [ 566.348363][T14754] alloc_pages+0x21d/0x310 [ 566.352833][T14754] push_pipe+0x267/0x370 [ 566.357075][T14754] iov_iter_get_pages+0xb39/0xcc0 [ 566.362139][T14754] bio_iov_iter_get_pages+0x55f/0xa70 [ 566.367533][T14754] iomap_dio_bio_actor+0x673/0xb50 [ 566.372657][T14754] iomap_dio_actor+0x26e/0x3b0 [ 566.377521][T14754] ? __filemap_fdatawait_range+0x17c/0x1b0 [ 566.383408][T14754] iomap_apply+0x1e2/0x400 [ 566.387839][T14754] __iomap_dio_rw+0x5af/0xad0 [ 566.392640][T14754] ? __iomap_dio_rw+0xad0/0xad0 [ 566.397519][T14754] iomap_dio_rw+0x30/0x70 [ 566.401851][T14754] ext4_file_read_iter+0x21a/0x290 [ 566.406980][T14754] generic_file_splice_read+0x22a/0x310 [ 566.412540][T14754] ? splice_shrink_spd+0x60/0x60 17:04:22 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000200)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in6=@ipv4={'\x00', '\xff\xff', @broadcast}, 0x0, 0x32}, @in=@dev, {0x0, 0x0, 0x0, 0x0, 0x0, 0x500}, {}, {}, 0x0, 0x0, 0xa, 0xd104, 0x0, 0x24}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0) [ 566.417491][T14754] splice_direct_to_actor+0x2aa/0x650 [ 566.423048][T14754] ? do_splice_direct+0x170/0x170 [ 566.428072][T14754] do_splice_direct+0xf5/0x170 [ 566.429724][T14765] loop3: detected capacity change from 0 to 512 [ 566.432836][T14754] do_sendfile+0x773/0xda0 [ 566.432859][T14754] __x64_sys_sendfile64+0xf2/0x130 [ 566.432877][T14754] do_syscall_64+0x4a/0x90 [ 566.447864][T14765] EXT4-fs (loop3): Unrecognized mount option "6<U@Nq8" or missing value [ 566.448634][T14754] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 566.448666][T14754] RIP: 0033:0x4665f9 [ 566.471618][T14754] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 566.491441][T14754] RSP: 002b:00007f66db8d7188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 566.499872][T14754] RAX: ffffffffffffffda RBX: 000000000056c008 RCX: 00000000004665f9 [ 566.507985][T14754] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000003 17:04:22 executing program 0: r0 = syz_open_procfs(0x0, &(0x7f0000001480)='net/sockstat6\x00') r1 = syz_open_procfs(0x0, &(0x7f0000001480)='net/sockstat6\x00') mount$9p_fd(0x0, &(0x7f0000000000)='.\x00', &(0x7f0000000040), 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r1, @ANYBLOB, @ANYRESHEX=r0, @ANYBLOB=',version=9p2000,\x00']) [ 566.515953][T14754] RBP: 00007f66db8d71d0 R08: 0000000000000000 R09: 0000000000000000 [ 566.523912][T14754] R10: 00008080ffffff7e R11: 0000000000000246 R12: 0000000000000002 [ 566.541429][T14754] R13: 00007ffc1c86f7ef R14: 00007f66db8d7300 R15: 0000000000022000 17:04:22 executing program 3: mkdir(&(0x7f0000000240)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000100)='ramfs\x00', 0x0, 0x0) chdir(&(0x7f0000000200)='./file0\x00') umount2(&(0x7f00000001c0)='../file0\x00', 0x2) setxattr(&(0x7f0000000000)='./file0\x00', &(0x7f0000000080)=@known='system.sockprotoname\x00', &(0x7f00000000c0)='\',-!+&}^(\x00', 0xa, 0x3) unshare(0x24020400) r0 = geteuid() newfstatat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x1000) lstat(&(0x7f0000000400)='./file0\x00', &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r4 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r4, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0, 0x0}, &(0x7f0000cab000)=0xc) setregid(0x0, r5) setgroups(0x2, &(0x7f0000000180)=[r5, 0x0]) sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)=[{&(0x7f0000000540)={0x610, 0x17, 0x100, 0x70bd29, 0x25dfdbfb, "", [@generic="2c053da9aafdff80558e", @generic="1b7b7493057955422d965a4929b23fe66c145e0b06f4e703fa5378fb78fc96489bf09c614207ff88f911cec067684044229f381161625f9e8adbe2eb5d04abbeca1c1ed76862c49cde1433840903708fe2363c2a3a4378ac58cb0721d4f8ae5fc883f7f765ea9e3c5679255aab3230c43e535b68db1d3bdc4222c8fe9f781834054004f91c3e0ae1c4f229fb5b792aea84adbc8cc8af12d5413f52c569d805f393323d007d051f2b", @nested={0x1f2, 0x67, 0x0, 0x1, [@typed={0xc, 0x5a, 0x0, 0x0, @u64}, @generic="a1f365b1c8589888967c6c7796e35ac40be7a774acb298c16ef2ee94c37baf26e04baabb4da6e2f0793cfcee423f6b05cc1d94094b98ddfe8eb5ba67c297e9d28aec76ca6019024f029c5db84d50cd225841cada343c57de24631c229f7d007132db4f85c7250e1d6e250c5ba27f3200a46095b7987ccb217b873679ca95d4f87234d692a2215d9df19b6d0908b24ff138322e930df3caf7aca09693b15c9dfc0537", @typed={0x8, 0x78, 0x0, 0x0, @uid=r1}, @generic="f1a4ca42c573fe23c41bb50a3ba237ccd4c5aad9ad55196d9ccff7f58f8f8b25abaeb4073e25bcf11a083c672234e0f652ed8a931fa77a42664b2b43de80305a3c62d0302e71d418d39811077525574cfc74382309326f622e6ef92a8c03a4575a836b2a633e01afeb3d7cf177dc50a64a04cf5408c7169e4b23da9952ce480fd58d820d1d3feb0596d8845264e2b15c255644eff74600c21b35185d389e443e90378e8d2d91b40c45b1a0395488cb88c3acd68739ffaf139b22a59d483f34101a3fa275a80a985c0e77d6c629", @generic="97e1c94754c79020d500a4d4c2d9361bded3912376ecf8644489857c46556a8e755c2a683cf3a9ec8703a70f67a3f0ec3adf6838b663d2fc831562cc036dc80c56ebb698032ddb3e67e6bbed1b9d04976b5ea1", @typed={0x8, 0x76, 0x0, 0x0, @fd=r4}, @typed={0xe, 0x8c, 0x0, 0x0, @str='\',-!+&}^(\x00'}]}, @nested={0x8, 0x3fff, 0x0, 0x1, [@generic="dd11eb6c"]}, @generic="970022a8aa889733aefe24a941af391e759425bfb82c996feb387d408b637b8c442219729f1c92df56189ad0d3683bcad2e795bca466fac9a53ae38f56b605", @nested={0x126, 0xc, 0x0, 0x1, [@generic="aaf0588f2616c30d2183dc95fafe5f6f72fd705f6f48a8f19da85e9e55c4288bdecb68e585662246944b51b741cbf68d335ce279a646e27d4b8897988da64dc5ace63fed94727989551d91d9529e9e963568a99881476156c50e2681a7819a7f3f72020577562489df57269594cda7ce5ec3ef6782ba7fb412b7327c8fe68dd1db2a0d80ff2ab5a6c7ce34193b06062a1f", @generic="8cde38e8c0bf3259dc7596945c6d6265a4671b2f1a9bd2d1f9e347125c7361d5a26989fd6820921b270fa71e1758d31844553b1646578e293e8dafceed5ded25b3bae2b0d234d6d60e6d5e36dd50051f63c994b50667bd223599cb2b10cb0bfa00586ad477ff0cd11b603bdb532b3d67bf4b69e2434793e6e1faa532ec", @typed={0x11, 0x87, 0x0, 0x0, @binary="d74f06ba77ccc468375f473dc1"}]}, @typed={0x8, 0x77, 0x0, 0x0, @fd=r4}, @typed={0x8, 0x4b, 0x0, 0x0, @ipv4=@broadcast}, @nested={0x11d, 0x78, 0x0, 0x1, [@typed={0x8, 0x8b, 0x0, 0x0, @ipv4=@initdev={0xac, 0x1e, 0x0, 0x0}}, @generic="c9e7b5aa997e1477ad81ee8098572eecbe056cfa653f8c37bc494b9f89135c063f691ca9b0afbc30f6eb231aea5153b15f9071949f7c0c38ba80882470c36642c07f6583ce3cd69b1b083a18b230fd9fd566ac5469472af9d8cf44c8654fdc8036c4143f8976f960dd4eb0ff42ad42a4f7367eff90771fd5b1fbe30e32cf734f686ae5b7d9880997d45869bd573436e05d7a059ac2a2a70185dafd6eb189eb79416ca3ce0492c23d8968f6f17977f5910b8a3c546b0aa2efa8b21d430c694b384b4d62", @generic="bbeededbd67bd91d179c92c1f775732b3e350cc068b822a6120a87ab7a3458f63fbaccf001203f54d598f6abbe957cae739be3dd344809ab9cb7c98d4bdc24cb41af787b7294", @typed={0x6, 0x3c, 0x0, 0x0, @binary="649a"}]}, @generic="b492a05747b8337e9fc6962820abe9ac8c2fc98ff09c51a3707578377c2ba64ffe27a7fd49148e801bd74d3396440ec35affa5f5d1414df13f921970d9c5926c7d340a1859afacb35783567f97cc6c66c496ef6997f6f88b92f477ce77c67eabfd609ee260f5acb3eae4a4cd65284fc4ffff41253bedadfef08783592a0630c4a58c610e23774a6a0fd8658e44a51288e88aba27d7ab0693c47e3d4907a0341eba5929b2593055aa8a63ef78e24059a6a983400387661fb7"]}, 0x610}], 0x1, 0x0, 0x0, 0x40000084}, 0x4008084) setxattr$system_posix_acl(&(0x7f0000000140)='./file1\x00', &(0x7f0000000180)='system.posix_acl_access\x00', &(0x7f00000004c0)={{}, {}, [{0x2, 0x0, r0}], {0x4, 0x2}, [{0x8, 0x0, 0xee00}, {0x8, 0x1, r2}, {0x8, 0x6, r3}, {0x8, 0x1, 0xffffffffffffffff}, {0x8, 0x4, 0xffffffffffffffff}, {0x8, 0x1, r5}, {0x8, 0x2, 0xee01}], {}, {0x20, 0x4}}, 0x64, 0x3) [ 566.617354][T14780] 9pnet: Insufficient options for proto=fd [ 566.661414][T14786] 9pnet: Insufficient options for proto=fd [ 566.670787][ T1034] loop2: p1 p2 p3 p4 [ 566.693116][ T1034] loop2: p1 start 10 is beyond EOD, truncated [ 566.699312][ T1034] loop2: p2 size 1073872896 extends beyond EOD, truncated [ 566.709141][ T1034] loop2: p3 start 225 is beyond EOD, truncated [ 566.715410][ T1034] loop2: p4 size 3657465856 extends beyond EOD, truncated 17:04:22 executing program 4 (fault-call:11 fault-nth:15): prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x6}, 0x0) r0 = open(&(0x7f00000001c0)='./bus\x00', 0x145842, 0x0) r1 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0) lseek(r1, 0x4200, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r3, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r2, &(0x7f0000000000), 0x10000}]) r4 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r1, r4, 0x0, 0x8400fffffffb) sendfile(r0, r0, 0x0, 0x8080ffffff7e) 17:04:22 executing program 5: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff}) ioctl$F2FS_IOC_RELEASE_COMPRESS_BLOCKS(r0, 0x8008f512, &(0x7f0000000080)) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000340)='memory.events\x00', 0x7a05, 0x1700) ioctl$PERF_EVENT_IOC_PERIOD(r2, 0x40086602, &(0x7f0000000100)=0xee) write$cgroup_type(r1, &(0x7f0000000000), 0x248800) fork() 17:04:22 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000200)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in6=@ipv4={'\x00', '\xff\xff', @broadcast}, 0x0, 0x32}, @in=@dev, {0x0, 0x0, 0x0, 0x0, 0x0, 0x600}, {}, {}, 0x0, 0x0, 0xa, 0xd104, 0x0, 0x24}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0) 17:04:22 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000580)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = socket$inet(0x10, 0x3, 0x0) sendmsg(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000400)="241d5a00260007031dfffd946fa2830020200a0009000000001d85680c1ba3a20400ff7e280000001c00ffffba16a0aa1c0009b3ebcd774a3c374a095dca5285307eadea8653a1cc7e63975c", 0x4c}], 0x1}, 0x0) 17:04:22 executing program 0: ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x40082406, &(0x7f0000000000)='\x00') r0 = timerfd_create(0x5, 0x800) ioctl$BTRFS_IOC_DEV_INFO(r0, 0xd000941e, &(0x7f0000000040)={0x0, "ec53da89f8ebef186796b857b4ee6510"}) r2 = openat$cgroup_int(0xffffffffffffffff, &(0x7f0000001040)='cpuset.mems\x00', 0x2, 0x0) ioctl$BTRFS_IOC_DEV_REPLACE(r2, 0xca289435, &(0x7f0000001080)={0x2, 0xfff, @start={r1, 0x0, "5933a9a043513c006ae6b17532fb979512430e502de5cacad15e28975afd4540721c7b4c38ebd9e16da2f9ccffe8b945652ea05cccdec16cad5b3d04e7e016c159e8c32d19e69054a16c5f8ef24029d0c4ae12702446499fff695e441fcb6c6fb070d7d4e521acf38c450245020f96b1e40cc47b6fdd28e5cc772fda06d94ede5f56848b7b579fee32d072734759f2bf2834128356c4a2e47fad9412ad30f28404fc640c6663a292e868d0e88fa86b291a5fd453ce5e7f95145b823fdaec285513c6d139ad9af1d7971dbe0ac70c9026dd7e99c816b3e9307e6981d5f8af91922c594f8bb2f18cc88c24624056dcc7cc3bb364b65dec91727cc536711585ac6e971f80bfb7e0063f4406752d85c1293709a2c0ee1a4dc3dd1430980b9cb1ef75606f06df771e9dc734203e3daa89bb2577ff966cf27be3c3840276d9524490e0816f14c573e790edc05fd2759497e40e5497f34bc076ba9d22cc3f18db740a792bfa77a342ff632cbc60198c9c955cced4b10e0c17eb226cd8034f5cf3bb6e63c737ec076698768bc17e8da6d2527ba302e7074ad947cef212e9e6d5a10b52700c56030d58d29b979e6f2c3129072e0e766ee94563dc56dfdd2d8c27947afb8232c7e153f503d2f30d72b499a37e7c21f2d406f45cde6da1cf8dc7bbcdf69ab937f59765d18e8519f86b00da25402e9cc90d3cb0074bc8a990d55e10a3f49e1f0b584f427f517def7b3fdd50632175e5a722a4d2e4594dc2d024f5182ef326e30c785d58c755e7bc203936dff8f08b786e4b5e1e460dd6f47c23854fd8fad53626a5edacfe1ef021d0065ff61698589544e4aa79bde905e238025a313b7f6c3d42fd37369cfc762483d441721373091cbd3a4aa5890cca358be5f77489e2d5cfeb4ffe46f8f1cc900fd1d04e45ac00d3916794b8e6270524e7fe827586e913d58bc5152030699b705e7277d816cbdb161f1ec62753a2729a01fdb34cfc9576df7e4e43ce660fd0e325e0738f362a2be08ef74350301de99f6b3c4cba72f15cdc77775f814bfbcca07141010e15c0b6c2ee4978ed2a747205c68d7eae0a17c532992d19a313a9ddb11161bdeeb90f1eb87fe0ab1ea1ffe6924afd7eb83c8b7789ab795b516dd631e4e08e2ebd24bf1a0362a541730cb0866625a20e2f8e8982b8d2bed71110d3d56319de63db2ba0c710ea8b5c4b998f916ce70778757bc306f0b5c4a3625ac4284ae9ae30e0f264b676df03eb518460da8b541be0dd2303e9698bc419c1c326d3ff55ca23a1fe45074dce82bcf0c1dcb5509285ab2293d68d8243a62d07a07615c684b973170d6bf8676c7e11d597ea06be3c9d8a534c2044071096c20927b7cf2efa1b894fe159644b918d5a5bb9897ca8e7743d664ba58ef2177bfea9e8a6a9aa1df8e31f0cee955fc37fc138c81aedde895817a21a6731c219", "bfc50c1174f3bea7b638263ca183727d7f6a89badf9e885168b59151806033a12274f2f305fe962137b9ac6a5db26db82fda770072a74afcb3bf7952f8f90a120192c97fd1267c3370bd264bc50f6ede5cd87c663878ef07d0c9bfd2693acedc9c177e0dabc457db97f1a8ae125a9788bca787f86edec65fd41848c3ef3c5cb2a76c1cfac48bfbd8cdaf7c58b5eae360ce9a1b4f22db19fb9cd37c2ef2bc2fba0fb2fd8557f27bc2bbeb6cd166ed20eaf1a6594ec8dfeaaf9679a83b65a4b5aed20d0f8a927e0f9ec7563c02415b3c4c15f2ec5a13f18f1332b7284f9b8fd3534c86198b7ab7c382134b78205aac34e4d1eecb90a89f6d6a0920c32024d89ff2a2638a4b5001302d6df67e50e1df19ab7431600d0e283fbb3d2d18a48ae551d98d504eae9b532ebf7c94952048c4b163be0b135d3052b90913939524e1bc33b9b4fb7ae94274b65fbd6981689c71e734877497900c4fd5864b35efc078dfb282883a8a8ec8f666a816ee823fb215586fdb83a9c90a2a7c94660f7a54276eab055eed8c67879d9beb1fef1caa6930af68632ed2429cd2ba8a6250674e168cfcf333a4fe352e85b7449b63e466b94f07c84aa11ee48dcf68f785c1dc219609507aaf19f042fcf9bfdd134cf0883e51f63a0eac9964a6725b33a1b0bfc8c65b1cff72e9f1422437938d583904f6d25780952f02d6ac1126da5659a1cebcc687b3d55be7b44f4a1cb67ad50288309f36ae36dda922c6e9db557d4eb2fd8ee7a3e8416244605a2898782014a178a932e5400b620af83523d8b979640a86ad9c466e990a68b531561372c6f7a8f259a3a3f5fbd3a1da04415a17d0c7ef2c9a59f343a7fa93860c83cbf78bbf71729143eb5d32ed11f5692d5048cf5da83f03a0e6b77ae4cd77afc8a14bb34d1279d8069527dbdfd6edff0fd19a4faa994115a47442b1fb2dada46819062a47889c2d5d846b59ccb00b37ad1d8c870d5b364da0872ba4e0c9afcaa9e4aa00e92e70ee7b2e910c2236125f21c25894f65c10dfc59a039da62ba75defa14b29e21d0874b3aabbeb9a8e39131d3d322f61d568f7b301128f482d872d9f8de99542c57334aae672a47bb5357d2e35cb4cf47d3dedd454e48044ec33b445f9791cd38ab53eea23effe334e9e744cb8abaad73cf1133806388d917c9673ede75bcdc5dd2ae159d02b3f88d5f95ed0c37d7be6bbc817314395975f5eed2b06728885c645400d7a739eb8d95aa19535c28634b8d716fc7695c4ea823bc090bd5b10c463f3c888c751497685f72ba70181aa5f47e3365a94394edbd75abf2f73c63158b92c01de878ba9c92693bdbaf43da052603649150c0f07f393563fd32d14c6a376909be963f9f706288a93b9f52679100f6383975d2733f0f9af9e99fdbdae78841207790f750367cb786d4430a92bad7a496c1e01af9def90"}, [0xfffffffffffffffc, 0x80, 0x3, 0x2, 0xaa93, 0xaa7a, 0x100000001, 0x7, 0x5, 0x9, 0x6, 0x101, 0x1, 0x4, 0x980, 0x8000, 0x1, 0x80000001, 0x40, 0x1, 0x9, 0x5, 0x9, 0x4, 0x7fffffff, 0x634b, 0x0, 0x10001, 0x1, 0x80, 0x101, 0x5, 0x2, 0x8001, 0x1, 0x8, 0x7ff, 0x3, 0x2, 0x3, 0xfffffffffffffffa, 0xe28, 0x3ff, 0x9, 0x7, 0x2020, 0x5, 0x3, 0x5, 0x10001, 0x93ba, 0x7f, 0x2, 0xc387, 0x3, 0x1, 0x8, 0x10000, 0x9, 0x6, 0x100000000, 0x9, 0x5b58f19a, 0x3ff]}) r3 = signalfd4(r2, &(0x7f0000001ac0)={[0x7]}, 0x8, 0x80000) openat$cgroup_devices(r3, &(0x7f0000001b00)='devices.deny\x00', 0x2, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000001b40)=0x6, 0x80000000) r4 = socket$nl_generic(0x10, 0x3, 0x10) flock(r4, 0x1) r5 = openat(r3, &(0x7f0000001b80)='./file0\x00', 0x680200, 0x2) r6 = openat$cgroup_subtree(r5, &(0x7f0000001bc0), 0x2, 0x0) r7 = syz_genetlink_get_family_id$tipc(&(0x7f0000001c40), r3) sendmsg$TIPC_CMD_GET_NODES(r4, &(0x7f0000001d00)={&(0x7f0000001c00)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000001cc0)={&(0x7f0000001c80)={0x1c, r7, 0x0, 0x70bd2b, 0x25dfdbff, {}, [""]}, 0x1c}, 0x1, 0x0, 0x0, 0x10}, 0x40840) r8 = syz_genetlink_get_family_id$tipc(&(0x7f0000001d80), r4) sendmsg$TIPC_CMD_SET_LINK_WINDOW(r5, &(0x7f0000001e80)={&(0x7f0000001d40)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000001e40)={&(0x7f0000001dc0)={0x68, r8, 0x400, 0x70bd2a, 0x25dfdbfe, {{}, {}, {0x4c, 0x18, {0x8, @link='broadcast-link\x00'}}}, ["", "", ""]}, 0x68}}, 0x48044) write$cgroup_subtree(r6, &(0x7f0000001ec0)={[{0x2d, 'rdma'}, {0x2b, 'pids'}, {0x2b, 'memory'}, {0x2d, 'memory'}, {0x2b, 'rdma'}, {0x2b, 'cpu'}]}, 0x27) openat$cgroup_subtree(0xffffffffffffffff, &(0x7f0000001f00), 0x2, 0x0) sendmsg$NL80211_CMD_SET_MESH_CONFIG(r4, &(0x7f0000002080)={&(0x7f0000001f40)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000002040)={&(0x7f0000001f80)={0xa0, 0x0, 0x800, 0x70bd25, 0x25dfdbff, {{}, {@void, @val={0xc, 0x99, {0x7, 0x10}}}}, [@NL80211_ATTR_WIPHY={0x8, 0x1, 0x4b}, @NL80211_ATTR_MESH_CONFIG={0x14, 0x23, 0x0, 0x1, [@NL80211_MESHCONF_GATE_ANNOUNCEMENTS={0x5}, @NL80211_MESHCONF_HWMP_MAX_PREQ_RETRIES={0x5, 0x8, 0x1}]}, @NL80211_ATTR_MESH_CONFIG={0x34, 0x23, 0x0, 0x1, [@NL80211_MESHCONF_CONFIRM_TIMEOUT={0x6, 0x2, 0x29}, @NL80211_MESHCONF_MAX_RETRIES={0x5, 0x5, 0xd}, @NL80211_MESHCONF_RSSI_THRESHOLD={0x8, 0x14, 0xffffffffffffff66}, @NL80211_MESHCONF_HWMP_ROOTMODE={0x5}, @NL80211_MESHCONF_HWMP_NET_DIAM_TRVS_TIME={0x6, 0xd, 0x8}, @NL80211_MESHCONF_CONFIRM_TIMEOUT={0x6, 0x2, 0xd9}]}, @NL80211_ATTR_WIPHY={0x8, 0x1, 0x26}, @NL80211_ATTR_WDEV={0xc, 0x99, {0x1f, 0x7a}}, @NL80211_ATTR_MESH_CONFIG={0x1c, 0x23, 0x0, 0x1, [@NL80211_MESHCONF_RETRY_TIMEOUT={0x6, 0x1, 0xa9}, @NL80211_MESHCONF_HWMP_CONFIRMATION_INTERVAL={0x6, 0x19, 0x56}, @NL80211_MESHCONF_POWER_MODE={0x8, 0x1a, 0x3}]}]}, 0xa0}, 0x1, 0x0, 0x0, 0x8010}, 0x4000014) sendmsg$TIPC_CMD_SHOW_PORTS(0xffffffffffffffff, &(0x7f0000002180)={&(0x7f00000020c0)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000002140)={&(0x7f0000002100)={0x1c, r8, 0x400, 0x70bd2d, 0x25dfdbfb, {}, ["", "", "", "", "", "", "", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x20000000}, 0x8000) 17:04:22 executing program 3: fcntl$F_SET_RW_HINT(0xffffffffffffffff, 0x40c, &(0x7f0000000040)=0x3) r0 = creat(&(0x7f0000000000)='./file0\x00', 0x0) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f0000000180)=[{0x200000000006, 0x0, 0x0, 0x7ffc0003}]}) prctl$PR_SET_SECCOMP(0x16, 0x0, &(0x7f0000000080)={0x9, &(0x7f00000001c0)=[{0x8000, 0x20, 0x4, 0x56952000}, {0x176, 0x5, 0xff, 0xffff}, {0x5, 0x9, 0x6, 0x1}, {0x4, 0x1f, 0x8, 0x1}, {0x3, 0x28, 0x1, 0xe01}, {0x1, 0x2, 0x2, 0xe7}, {0x8001, 0x2, 0x81, 0x5}, {0xe5c6, 0x4, 0x9b, 0x7}, {0xffff, 0x0, 0x8, 0x7}]}) dup2(r0, r0) r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000100), 0x400200, 0x0) ioctl$EVIOCGNAME(r1, 0x80404506, &(0x7f00000000c0)=""/21) 17:04:22 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000580)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = socket$inet(0x10, 0x3, 0x0) sendmsg(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000400)="24006000260007031dfffd946fa2830020200a0009000000001d85680c1ba3a20400ff7e280000001c00ffffba16a0aa1c0009b3ebcd774a3c374a095dca5285307eadea8653a1cc7e63975c", 0x4c}], 0x1}, 0x0) [ 567.158395][ T25] kauditd_printk_skb: 62 callbacks suppressed [ 567.158406][ T25] audit: type=1326 audit(1620579862.850:573): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=system_u:system_r:kernel_t:s0 pid=14799 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x4665f9 code=0x7ffc0000 [ 567.202780][ T1034] loop2: p1 p2 p3 p4 17:04:22 executing program 0: r0 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r1 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) getdents(r1, 0x0, 0x18) ioctl$F2FS_IOC_PRECACHE_EXTENTS(r1, 0xf50f, 0x0) ioctl$BTRFS_IOC_ADD_DEV(r0, 0x5000940a, 0x0) [ 567.207287][ T1034] loop2: p1 start 10 is beyond EOD, truncated [ 567.213421][ T1034] loop2: p2 size 1073872896 extends beyond EOD, truncated 17:04:22 executing program 3: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file1\x00', 0x0, 0x2, &(0x7f0000000140)=[{&(0x7f0000010000)="200000004000000003000000300000000f000000000000de0200000002000000008000060080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000002000028", 0x5d, 0x400}, {0x0, 0x0, 0x1000}], 0x141028, &(0x7f0000000200)) 17:04:22 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000200)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in6=@ipv4={'\x00', '\xff\xff', @broadcast}, 0x0, 0x32}, @in=@dev, {0x0, 0x0, 0x0, 0x0, 0x0, 0x680}, {}, {}, 0x0, 0x0, 0xa, 0xd104, 0x0, 0x24}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0) [ 567.248966][ T1034] loop2: p3 start 225 is beyond EOD, truncated [ 567.255229][ T1034] loop2: p4 size 3657465856 extends beyond EOD, truncated [ 567.264241][T14828] FAULT_INJECTION: forcing a failure. [ 567.264241][T14828] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 567.277551][T14828] CPU: 0 PID: 14828 Comm: syz-executor.4 Not tainted 5.12.0-syzkaller #0 [ 567.285969][T14828] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 567.293552][ T25] audit: type=1326 audit(1620579862.850:574): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=system_u:system_r:kernel_t:s0 pid=14799 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x4665f9 code=0x7ffc0000 [ 567.296124][T14828] Call Trace: [ 567.296134][T14828] dump_stack+0x137/0x19d [ 567.296160][T14828] should_fail+0x23c/0x250 [ 567.328496][ T25] audit: type=1326 audit(1620579862.880:575): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=system_u:system_r:kernel_t:s0 pid=14799 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=157 compat=0 ip=0x4665f9 code=0x7ffc0000 [ 567.332101][T14828] __alloc_pages+0x102/0x320 [ 567.332127][T14828] alloc_pages+0x21d/0x310 [ 567.332143][T14828] push_pipe+0x267/0x370 [ 567.332162][T14828] iov_iter_get_pages+0xb39/0xcc0 [ 567.332183][T14828] bio_iov_iter_get_pages+0x55f/0xa70 [ 567.358322][ T25] audit: type=1326 audit(1620579862.880:576): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=system_u:system_r:kernel_t:s0 pid=14799 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x4665f9 code=0x7ffc0000 [ 567.360768][T14828] iomap_dio_bio_actor+0x673/0xb50 [ 567.367025][ T25] audit: type=1326 audit(1620579862.880:577): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=system_u:system_r:kernel_t:s0 pid=14799 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x4665f9 code=0x7ffc0000 [ 567.369419][T14828] iomap_dio_actor+0x26e/0x3b0 [ 567.369442][T14828] ? __filemap_fdatawait_range+0x17c/0x1b0 [ 567.369461][T14828] iomap_apply+0x1e2/0x400 [ 567.375724][ T25] audit: type=1326 audit(1620579862.880:578): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=system_u:system_r:kernel_t:s0 pid=14799 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=33 compat=0 ip=0x4665f9 code=0x7ffc0000 [ 567.379823][T14828] __iomap_dio_rw+0x5af/0xad0 [ 567.379846][T14828] ? __iomap_dio_rw+0xad0/0xad0 [ 567.379866][T14828] iomap_dio_rw+0x30/0x70 17:04:23 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000580)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = socket$inet(0x10, 0x3, 0x0) sendmsg(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000400)="24006800260007031dfffd946fa2830020200a0009000000001d85680c1ba3a20400ff7e280000001c00ffffba16a0aa1c0009b3ebcd774a3c374a095dca5285307eadea8653a1cc7e63975c", 0x4c}], 0x1}, 0x0) [ 567.405684][ T25] audit: type=1326 audit(1620579862.880:579): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=system_u:system_r:kernel_t:s0 pid=14799 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x4665f9 code=0x7ffc0000 [ 567.409318][T14828] ext4_file_read_iter+0x21a/0x290 [ 567.409345][T14828] generic_file_splice_read+0x22a/0x310 [ 567.409367][T14828] ? splice_shrink_spd+0x60/0x60 [ 567.409398][T14828] splice_direct_to_actor+0x2aa/0x650 [ 567.435789][ T25] audit: type=1326 audit(1620579862.880:580): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=system_u:system_r:kernel_t:s0 pid=14799 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x4665f9 code=0x7ffc0000 [ 567.438357][T14828] ? do_splice_direct+0x170/0x170 [ 567.438385][T14828] do_splice_direct+0xf5/0x170 [ 567.457269][ T25] audit: type=1326 audit(1620579862.890:581): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=system_u:system_r:kernel_t:s0 pid=14799 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=257 compat=0 ip=0x4665f9 code=0x7ffc0000 [ 567.472861][T14828] do_sendfile+0x773/0xda0 [ 567.478371][ T25] audit: type=1326 audit(1620579862.890:582): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=system_u:system_r:kernel_t:s0 pid=14799 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x4665f9 code=0x7ffc0000 [ 567.482412][T14828] __x64_sys_sendfile64+0xf2/0x130 [ 567.482434][T14828] do_syscall_64+0x4a/0x90 [ 567.627515][T14828] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 567.633433][T14828] RIP: 0033:0x4665f9 [ 567.637311][T14828] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 567.657013][T14828] RSP: 002b:00007f66db8d7188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 567.665427][T14828] RAX: ffffffffffffffda RBX: 000000000056c008 RCX: 00000000004665f9 [ 567.673381][T14828] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000003 [ 567.681338][T14828] RBP: 00007f66db8d71d0 R08: 0000000000000000 R09: 0000000000000000 [ 567.689294][T14828] R10: 00008080ffffff7e R11: 0000000000000246 R12: 0000000000000002 17:04:23 executing program 0: r0 = openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, 0x0, 0x0, 0xd9f, 0x0) madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa) timer_create(0x0, &(0x7f0000000300)={0x0, 0x12}, &(0x7f00000003c0)) ioctl$BTRFS_IOC_SET_RECEIVED_SUBVOL(r0, 0xc0c89425, &(0x7f0000000400)={"f67ecfc4dfa11cedd297e7abc457a709", 0x0, 0x0, {0x7f, 0x6}, {0x4d}, 0x4, [0x7, 0x10001, 0x3, 0x7ff, 0xad, 0x9, 0x27b6, 0xa967, 0x7, 0x81, 0x4b, 0xffffffff, 0x4, 0x1, 0x9, 0x5]}) ioctl$BTRFS_IOC_SUBVOL_CREATE_V2(r0, 0x50009418, &(0x7f0000000500)={{r0}, r1, 0x1a, @unused=[0x3ff, 0x100000000, 0x101, 0x40], @name="0742b48a155aab7df7429144468865650cb2c9e52990ee04cf62dcaf9b16ffcde6b7ec051853b1f6f786419d9d202c724cb2da6f2e8e5aa7328309a9b5b244a99eb9b0d7d1c056cb25fb62cc9f42607f6fb79900bd3337c45503c9b645cb00085d440186e9016726b7e362037b0edc986650bc85160fd68261d8b2eacd7fd1c546060361c008faba47c4f66cd6b8bcfb841ac7408cb8d385138ae73369941b91490f25a40435240a93ed8268b26434ce9c4a2aa497246828301fae1b95da47d85651528abe9524cc98070cdeea8c786a2dc0c6e65cdaa51eff2a72403c32187e6797d52f24cfc7bc194ae0a19155e9dea4a94448a20d052a80b3a68baec29d88339320e1aa60b417c9edfbb1da67f524ab7c8518cf76ab187038afdb73dcb064ce72c0755f0a66d3caa144a67e6e820aea118cd9685d27246e75450c1c11b5e86cbb7ea5f87df355e0e1da345846de8fa00185610e421db0dd435b62cce8bb7cda649a614cc9de0da54a38bec7f1d7023b0f42f871d3d863896dfcc9eb1b500207de92a1564d49a5bc48d312c9e0112f13c7cb35f0413a87f6c5323040f7ae3bcb49fa685c798a6a6cbe4e3fda720ce7fe830318098fe0bd678ac051e8024e2fc9da4ce7e4aa0b309b6e9851a2d3844878f65d77cc10c6d698f185ce839943ece664b86934c8feccbfba5e7b89570afca8b576af6e17a0545ff4715ab2364320e9d4c8e1dd43e3e7f5caedcff062f2a63b59dd94fa1ce0f787bf40c4b31f81e914f208ab6b0ea85c8804090d23127249ffea6c3c72b8dece20b917c6c6f896e32601ddddb5bdba37466f2a9fb967b9dc6ed0ecbaf520dbf9810d26baee7ac1e6d2558c9abcbabf14f26e87a2ea324dc72ea44ac3f13acdad7082fad3d4c7bfbdb928145b4c23cad0eaca0b99e9188e9db4e14ec030b1f47c28c5f189c40d8aafe9c49f9cf5460d5f835892d273a0771ef26449b79b933de06e3675940ada7b6a2cff09ed1a70b697a0c98d3c5fc59bb57f856063f7ba2d6d084d5866d17399cb4f7b571d80c7ca0d9b8e5d5c873f94c806aea54521074d1156a6edc70fa5e9530bce5a7be492213441e15d24bee604e06b14786006466c1306a3e583a9383a48f78de49c291fe878fe949d2a502c8aafa9dad86485112ca886fb4546403b90dae1d51a900c3975f818015aa81cafd63b8d6b497feabae83aebecfbd86157f0ed6f8fb2961aa937a5e67dbf0021e49e6c62586d5b1067d3304da149fb7e9a961b3aee1aa9ce570e974fb428794256d1a9ce45017cb9744839462fd628ab9f00fa583287463e2306d45d03fa4acfa39d2bb16e26adde13f6eaa3debb5fba2e1d51838cc595807aa1e32ba6f43d86e2dcb6796ff87bc1f3d43f059d927957b0c7a2931127b6b1415fe9b5dc602146e2a3ad921ab1485fba4fc1d3cdbf9e53357b6011001602bfac72bad0a5e5c83a1c8de7d70fe6630ac44f89be023346270d16cebab7fc5d0b117707819ff488572d81b33f5505b1acf0f68069846221c49418711362430d2d84ddeb62e576cf9d4a383890578488a8ac8dd4ec8a5c0ddf5fd0c010564c27c2cda2dd05d9bcec3a54fd2b464d23adb2fba1bf6527427320a3cdb35f6a03d969b9c35b3556af6d0df0e49606a62b8c62ac252f51667bee71d93af8abab22b63a73ab8ea870cf8f8f647b6fca44ec7c66191d88e284bde8c4918970803e09e2679e27e9592b81a59107f64bf5cd50b7d04e271165257ac904469f95df8dca459e8bc4be0911377c91e64d7b84e1d25767a6be88afa766242fd1928c7232b7a78f6c1ad21a65a0333fcb546dc45ab7b195fd8de0f1463af0a2b586bae7e0fc00d4c15cf0534c3e930bc2c295531a1bf417397f7f55da05c6fbf0f9d02f9672857877fe910fc7e0ea61585c1f1fb9a865147b96349150ac8674879e4306ebd2691bc9e1cfb64aaf1af4e43f3bd589b6536e2fe0a881eb5c6524759df5b92ae94dcc9b73a0530351939faa52768d38cf89ea96624a577a9cf0a89dcbc56b203738c5d7a53e31ab0f979e4815c763f42b0d7123ad977ba44931e68052ebff7dda07259ebf0406a285dfcd63feebc8ee9a194a3acf748ba326ff3f2722313a10771e0fdee577c68d9ebc20d6f06edbe00a83b9e6c40aeddf39e21c91e0a6ae0b28107a6e7b1b8ca9f136c8ccfc43fb98df95ba8656bdb1d5c45a625c1dd7fa8af0382b37e0b887e683c0d27f6cff29e05bbdf4a801628de6c59644d26556a77ad0cd357722345cb6fc4ca89f9d8beae0dfd140c738d15fcf65341fdcb86d1f35bb6812863566d97718e7a2026e7553ed4fdd2e6b539fd2ea90d7280ab2faf3d2e6c265e53762487673b393a529dc4abedc963dc21cdc24b6241527b81b66d9d145fd0dc881c42fcd4a3a3be0d65b1df0a9dfe552ac91c98db9eef76f09251eb01cedda1300b37037908486e4ab9839222a8d02c75d242b4816a5829a175d56ccc804d30d9604cb3a1033f024bd28d8669cdacb350e37dd427c10955bce9b1afd9744f664756d7bbd6fc9479701aaeb9a878e2997f65ea04a92b6c7513c7d82047b4734e26fb0e8327a556258a813a44a42c186534945de01af870671144b8df425f949b8660a73c562567c924de93879d23873f300d2dcc2db2b1d3a2b10bda1886e3e5a9a5236ff02a40073497dc8d7e75165a06726ac1367bb9d29bc565650ee239e8b5ba6ec107d9b99ea9f05140fc6fefbe4658d3c4e3c6fa48c755873bd44540d3b542ca405a0856e84d73a1f81375a78a4fc1315dc53bfc1d924dd46f059c4a9c62263db78a8add237abdeaed4048a1dbbbc829ecc9db5f924d964c32370f6297567b0287ddcb550d511a5952655b39a3557ed7f672ab9d1bbea2849109e61b270743fe2ecda1b58aa23328f450a0867a4fbf011c5ef554999830028c6a2ad2de99cfd00252a5f1ac53d056c1c1ec5810356fa530f31ba7c858ae2231c6952a06cca0fd37cbdd05df6e0f02c9778dee00dc354eaada77fe85c38fbf460894da7ee0f8c7bcef8a3f81a7e27a89d3742f495184b28fa5a64001d4b4308b90f13884658ee0c30d3393a0929e636b10ee2cca0ede98cb1a7c16dff404780e5dcfc751e19c143389ae40e42186039528f841c450cb3fb093ac06127f2f770dae94ae0ae0bd58b2dc3f6c1304f78ca95cd882ffd66f44d6c4fd0b785319eb094976970541d04f81180315b230123239fb9aeb945528c674c92046d6c3bea76db23637b1cfa87bbc9a2669aa7160718f2f083b45f023dcc9cdbd28a61d041e3ac33e51c68586c28a2497639f532bc235253a5748a0ec74616cbacf9312294d13420f2d318082135644221de39ad6249bff63487aea3a852508d532b2c92faeec4dc6f42567b3e125a77ef16e90723967cefb3e59e4dafd70e84bff43598002b24e46c246345017ea24fbcbda830ef8e4b7a9566d18c37efbcb7daab4f55b6da5bab579a33aa61aeef082453bbe879c0521e50f076f0f5831e64b81f3a52d602c1c1cddfb69843b3fdae3a34aba5bbce572c4fea47d4b8e9f2e8601f7e86a6c8b8b96c138ba35205cb07e9ba578a46ae7793934ed5e15a53358024bdd17b75e067f4c7e90d71f79207d2018844a65b6cae359c07782f0f630f886340bf845df872b79a4ad6c2deb67449ae0936407e16e73650a0d8ebf639c558439a135af6e093487c1bdc3b364422cc1c820ad6b8ba27e8ba272b058789601e13ddc862f772e720a8a5fbed86942c6ce5fd4e5e2140f9cc43143e468d0402b0c1899ae930e9392a1c9d819b4dd5016d9f84323a051c49ea666f7b5e9910b05ccc41488b530cf79d1a0131e15fb3ac8c15d18b3f824d53398c655d88950e566ef1818cb7ddd94a9fc53fff036cc37bc15dd29e61fb743a04b562f802c03e0d62af587fefae74de6ab4954336e1e8bd2c226a4964bc57d79a860c00753004ac8c74e9fb9e0b2c8b7308b167962493ed1a8e67d632b5c86fec100df6c06d00cdc834297a3c173656f9164a124ebb3d26054a9390384ff3c5fae797b0ca104a064400333bd5f113ad50a6a4bedde407b9f6b3669b367d96994102c26e68a283d7263988bef54d93de8b63d622b2c1512bc6b9bbf4d07bea636bd507a739b9226ffef647ce8f41ce73dee9ac6cab6f2f4d78e9b6bc570d823dde9ea6ab48e164a1ae66d1a7c60c393d3cbe7e779d93fe53d23b06efaad412022c25c8a5d934b04000b84263862d4629c27ce2e09c9aef864685da89b04d5ac8fe85648cafda7a483ab6926b9e8d1f58a62819a7f981638dca2058886f7ef9ef74d186227a259da097d872bfff3f18032e34b9b76224200dd1e030d1755f5d4adc637fa25d1942f8a53ac9b9ad3477893dcbc7a53a746baf08fce0ce350a6e62a6e35e1ecb37ad268725c81a360107ac320e733b03d0db51f0ff58bd828368a6409e7b8618301988deb485e21017e58a602b0f3465fbaa56d8af7e2e1961fcc87a93dc063116d0da8f06784051c8eda1fdb6abca86ef2e6b1d082d884ca52904c37fc19762e435889012fd10b237a0cbbaf97be1e18c0330bd3071a75f813421f763e984ff26f31c67af0468e71dbc33abd221b62b6e601c26fe06a085c626136dd6bb296da09d9f47d020c4b9998784e59b06ffda85dce7e8bfe8cd70bbd70abe15a377410a31c05a0c68e3db7b759709760268822ed22ab56964b1414d9252909391424d707b8ffe526de7af4ea9fd101b63820f2095045578d82ab4216e7b3f9fc4ca667881cd5e607bcf7caae9d8173c279400b3f4da48f16e2dd78ed8a2323f0ee86c087d68c6d9fbf6c8ae0fdbaff20612aaac1e3417458bb797d887d29b6d22d0a165c8728a012aba4650b8f5dfc4a62ac16f3dd5252396b18f458ee889946776dbd1f5726c514402795f537aab683d9f7c6a9d2c3bf7ae348e48d1e2cd7c68e48465632a6a45ee66f5f35fbf85ce869c455152b9d522a4d5e4d1812808b37a5a6f4ede5f136ecc96e2533905fc1a4366999ded1589fd8c77d13bd765238b464ee03e268a4eb966afd9aaf813c83d8d410a3f5d03fc60fc13b8ee7ea2bcd21bdc9c326fd2e2f7cdeade887755cf73742ddc3df7c115d9db1d350917a78274a8125d8969d0bae7e476b7d47914a45847bd4bca064ceeb6e8eb4d76995daa9e5ea2b99e538cb3bbb16d6cef9106d6ecf6700c8c154e49f7ab705526f8eb3f2e94632beda4c36ee0fe38eb0f62c49e62135c440c15d06e6bd05fc5b4b35ed93de371616f95c4fbed3dccb296f1c1f6fccf6a47b622e672c40ec685e206941927ee56d095f37ce0c0d9bf4b74d3310edcb1cddf2ebb3cd9e97408c8f1bcda5261d4b8b3152ce2bf4e62f69dd1737edeb47e00499db9fc6740f6183c0b58fd84beb2a54ace257e28870e3eaf7206915f9e6d28dbe46fe3bbc060c6300dccf076b1c18d67fe5cc4b300c9e33175222a74dd88474afd4e96d0e99852b1059be42b8b9ce2ce7adc3e91359d94b7bc8efc43887382983971518fa3b454328fde382a48d088c77d8a6058569ac467c30da2d4ac06e0d08bc809f6176cf3bbff42229a682e43e1881c14a0b6de5abfff240907a2b0a484c0f1f93c460bb3595a8ba164622d7ad4c5da7331ea3a4c0aaf8dcb9a00d1e424564adeb6691a145a8a39240005e43b73c41fe9bf6ebbd77594beb5861f399902ee"}) timer_settime(0x0, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) openat$vcsa(0xffffffffffffff9c, &(0x7f00000000c0), 0x10000, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000200)=0x0) timer_settime(r2, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) pipe(&(0x7f0000000080)) r3 = openat$tcp_mem(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/ipv4/tcp_rmem\x00', 0x1, 0x0) write$binfmt_misc(r3, &(0x7f0000000100)=ANY=[@ANYRESHEX, @ANYBLOB="4461506df3406c4a2e9528fe68660dac79e0d5e4c5d2e2c9ced36b0b1c2bd5ec6345d373787ebfca7e7495bbf96fccca884e64fa39ae572bae902c4bf663cbb036715c59111e60ff0048781c5bf4e2c84b0cabd6e0f434f411ab0c0133b1fdf7ebead7"], 0x4240a2a0) clone(0x1fe00000, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 567.697253][T14828] R13: 00007ffc1c86f7ef R14: 00007f66db8d7300 R15: 0000000000022000 [ 567.716422][ T1034] loop2: p1 p2 p3 p4 [ 567.717031][T14832] loop3: detected capacity change from 0 to 16 [ 567.741839][ T1034] loop2: p1 start 10 is beyond EOD, truncated [ 567.748035][ T1034] loop2: p2 size 1073872896 extends beyond EOD, truncated [ 567.760945][ T1034] loop2: p3 start 225 is beyond EOD, truncated [ 567.767180][ T1034] loop2: p4 size 3657465856 extends beyond EOD, truncated [ 567.787980][T14832] loop3: detected capacity change from 0 to 16 [ 567.800341][ T1034] loop2: p1 p2 p3 p4 [ 567.805260][ T1034] loop2: p1 start 10 is beyond EOD, truncated [ 567.811353][ T1034] loop2: p2 size 1073872896 extends beyond EOD, truncated [ 567.820014][ T1034] loop2: p3 start 225 is beyond EOD, truncated [ 567.826224][ T1034] loop2: p4 size 3657465856 extends beyond EOD, truncated 17:04:23 executing program 4 (fault-call:11 fault-nth:16): prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x6}, 0x0) r0 = open(&(0x7f00000001c0)='./bus\x00', 0x145842, 0x0) r1 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0) lseek(r1, 0x4200, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r3, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r2, &(0x7f0000000000), 0x10000}]) r4 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r1, r4, 0x0, 0x8400fffffffb) sendfile(r0, r0, 0x0, 0x8080ffffff7e) 17:04:23 executing program 5: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff}) ioctl$F2FS_IOC_RELEASE_COMPRESS_BLOCKS(r0, 0x8008f512, &(0x7f0000000080)) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000340)='memory.events\x00', 0x7a05, 0x1700) ioctl$PERF_EVENT_IOC_PERIOD(r2, 0x40086602, &(0x7f0000000100)=0xee) write$cgroup_type(r1, &(0x7f0000000000), 0x248800) fork() 17:04:23 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000200)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in6=@ipv4={'\x00', '\xff\xff', @broadcast}, 0x0, 0x32}, @in=@dev, {0x0, 0x0, 0x0, 0x0, 0x0, 0x700}, {}, {}, 0x0, 0x0, 0xa, 0xd104, 0x0, 0x24}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0) 17:04:23 executing program 3: r0 = socket$inet6(0xa, 0x3, 0x102) connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x0, @loopback}, 0x37) sendmmsg(0xffffffffffffffff, &(0x7f0000000540)=[{{&(0x7f0000000040)=@un=@abs, 0x80, 0x0, 0x0, &(0x7f0000000580)=ANY=[], 0xb0}}], 0x1, 0x0) sendmmsg(r0, &(0x7f0000000640)=[{{&(0x7f00000000c0)=@in6={0xa, 0x4e21, 0xffff, @private2, 0x8ce}, 0x80, &(0x7f0000000240)=[{&(0x7f0000000000)="ae19bcf2e100680c7a9b88", 0xb}, {&(0x7f00000002c0)="97628c147f0e7e392a79cfe102d80e0bbb95202e15c54a98044dfc373b766b5d5927e55bf3c7782535c48f492e7d18cb038943ebac426a43cfcf789ebf4ac8484853781379e93558cc7b134f59e4d0a89d0557d581d62ba06d8c90ac2719c41b49bb9238b10a5795cb3b9c4a957ee2cd363266fbe83bf6a8c3cd8699b6bb1e2bffa48812184a3c44549c06d22232e9baf2f1748b0fb531a125c9b7630c2767ace63a71535c9282019af7a2a3e5ba71647d0eb73fd74ce86e7a31cf9db32f", 0xbe}], 0x2}}, {{&(0x7f0000000180)=@rc={0x1f, @any, 0x2}, 0x0, &(0x7f0000000200)=[{&(0x7f0000000380)="4e56efa5f4a7067def6b6588a19ce5d9ba0768c63b297bd2eb3bdc74d2ca2432615063331f752a3b0c3e15f10356b53c5328a1aaa1b44070a3c7fb2bf9d44f1baee94491dbe2b08afa01f5f2ee35529ea7d9a24d49314bb74dcbc3158c905bccbf2b45ba38e3"}, {&(0x7f0000000400)="83e7ae19a70972c416d9fd800fd066c5b8dfc4d9cfa0ab6f33738cacae0eb52bb67414fe73c92884b461d7197327cc558be245aa1edc8b9a9ba2d10b212a914b8270bf7157343958e0dbf4e2ac3e4a463eef724c98912fa6de50ec8ccec939fad89b957cab71a725fdfff4fd1fbb849874d1c80c00fd14cda3717f1073cfd8fadcbdeea7b70ffeac51abac82af32d3d7339bd09613e1051241f07dcb2067ea3cebcb81d0b5443822acba36e6c398503254333ea2bfdb4170ac492dbd2cf5901ffb1a4bf98f1ec1ffcf8e3e6c457fc83a4a379a1acb3dcf8856cfb580af1fa1ac0d7ae2451ab9d3cf9c4b50b9ae1045be1ba196"}], 0x0, &(0x7f0000000580)=[{0x0, 0x113, 0x9a64, "0e9c0ae67c1d26baa0efc2047c270e6db00a968744255837ab89a048c891eecf9565c0d984f8be24b1fc0bec662ddf71589aae84787cd9fc4e38b6168409fb10aea81f7646dd0d15daf0a3300bcc3808baabac4dd1c9114dae2851999f22bf1bea9de80528b57b8cfa5a5ae521f25fb1c66604e0d6085789"}, {0x0, 0x0, 0x7d, "b6df6827d3415671b098db1aa75c98"}]}}], 0x776, 0x0) 17:04:23 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000580)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = socket$inet(0x10, 0x3, 0x0) sendmsg(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000400)="24006c00260007031dfffd946fa2830020200a0009000000001d85680c1ba3a20400ff7e280000001c00ffffba16a0aa1c0009b3ebcd774a3c374a095dca5285307eadea8653a1cc7e63975c", 0x4c}], 0x1}, 0x0) 17:04:23 executing program 0: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000040)='./file0\x00', 0x0) flistxattr(0xffffffffffffffff, &(0x7f00000000c0)=""/81, 0x23) openat$tcp_congestion(0xffffffffffffff9c, &(0x7f0000000080), 0x1, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp, 0x800, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x6cbaa500, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r0) wait4(0x0, 0x0, 0x0, 0x0) fcntl$getown(0xffffffffffffffff, 0x9) wait4(0x0, 0x0, 0x0, 0x0) fork() 17:04:23 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000200)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in6=@ipv4={'\x00', '\xff\xff', @broadcast}, 0x0, 0x32}, @in=@dev, {0x0, 0x0, 0x0, 0x0, 0x0, 0x900}, {}, {}, 0x0, 0x0, 0xa, 0xd104, 0x0, 0x24}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0) 17:04:23 executing program 3: syz_mount_image$vfat(&(0x7f0000000000), &(0x7f00000001c0)='./file0\x00', 0x0, 0x4, &(0x7f0000000200)=[{&(0x7f0000000080)="eb3c906d6b66732e66617400020101000240008000f801", 0x17}, {&(0x7f0000010100)="00000000000000000000000000000000000000000000000000000000000055aaf8ff", 0x22, 0x1e4}, {&(0x7f0000000140)="53595a4b414c4c45522020080000e680325132510000e680325100000000000041660069006c00650030000f00fc0000ffffffffffffffffffff0000ffffffff46494c45302020202020201000ace670325132510000e670325103", 0x5b, 0x600}, {&(0x7f0000000780)="2ebc9c5d9d20202020202010", 0xc, 0x1000}], 0x0, &(0x7f0000010d00)=ANY=[]) r0 = openat(0xffffffffffffffff, &(0x7f0000000100)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1000002, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x800006, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0xbbd77b4686b03f) mknod$loop(&(0x7f00000000c0)='./file0\x00', 0x6000, 0x1) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f0000000100)=@filename='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='ext2\x00', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000000)='./file0/file0\x00', 0x0, 0x0) preadv(r0, &(0x7f0000000280)=[{&(0x7f0000000040)=""/34, 0x22}], 0x1, 0x7, 0xbd54) 17:04:23 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000580)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = socket$inet(0x10, 0x3, 0x0) sendmsg(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000400)="24007400260007031dfffd946fa2830020200a0009000000001d85680c1ba3a20400ff7e280000001c00ffffba16a0aa1c0009b3ebcd774a3c374a095dca5285307eadea8653a1cc7e63975c", 0x4c}], 0x1}, 0x0) [ 568.222755][ T1034] loop2: p1 p2 p3 p4 [ 568.240553][T14901] FAULT_INJECTION: forcing a failure. [ 568.240553][T14901] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 568.253837][T14901] CPU: 0 PID: 14901 Comm: syz-executor.4 Not tainted 5.12.0-syzkaller #0 [ 568.262293][T14901] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 17:04:24 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000580)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = socket$inet(0x10, 0x3, 0x0) sendmsg(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000400)="24007a00260007031dfffd946fa2830020200a0009000000001d85680c1ba3a20400ff7e280000001c00ffffba16a0aa1c0009b3ebcd774a3c374a095dca5285307eadea8653a1cc7e63975c", 0x4c}], 0x1}, 0x0) 17:04:24 executing program 5: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff}) ioctl$F2FS_IOC_RELEASE_COMPRESS_BLOCKS(r0, 0x8008f512, &(0x7f0000000080)) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000340)='memory.events\x00', 0x7a05, 0x1700) ioctl$PERF_EVENT_IOC_PERIOD(r2, 0x40086602, &(0x7f0000000100)=0xee) write$cgroup_type(r1, &(0x7f0000000000), 0x248800) 17:04:24 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000200)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in6=@ipv4={'\x00', '\xff\xff', @broadcast}, 0x0, 0x32}, @in=@dev, {0x0, 0x0, 0x0, 0x0, 0x0, 0xa00}, {}, {}, 0x0, 0x0, 0xa, 0xd104, 0x0, 0x24}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0) [ 568.272354][T14901] Call Trace: [ 568.275638][T14901] dump_stack+0x137/0x19d [ 568.279980][T14901] should_fail+0x23c/0x250 [ 568.284462][T14901] __alloc_pages+0x102/0x320 [ 568.289064][T14901] alloc_pages+0x21d/0x310 [ 568.293580][T14901] push_pipe+0x267/0x370 [ 568.297834][T14901] iov_iter_get_pages+0xb39/0xcc0 [ 568.302862][T14901] bio_iov_iter_get_pages+0x55f/0xa70 [ 568.308257][T14901] iomap_dio_bio_actor+0x673/0xb50 [ 568.313401][T14901] iomap_dio_actor+0x26e/0x3b0 [ 568.318174][T14901] ? __filemap_fdatawait_range+0x17c/0x1b0 [ 568.319130][ T1034] loop2: p1 start 10 is beyond EOD, truncated [ 568.323991][T14901] iomap_apply+0x1e2/0x400 [ 568.330118][ T1034] loop2: p2 size 1073872896 extends beyond EOD, [ 568.334528][T14901] __iomap_dio_rw+0x5af/0xad0 [ 568.334551][T14901] ? __iomap_dio_rw+0xad0/0xad0 [ 568.340866][ T1034] truncated [ 568.348651][ T1034] loop2: p3 start 225 is beyond EOD, [ 568.350368][T14901] iomap_dio_rw+0x30/0x70 [ 568.350396][T14901] ext4_file_read_iter+0x21a/0x290 [ 568.353510][ T1034] truncated [ 568.358839][T14901] generic_file_splice_read+0x22a/0x310 [ 568.363168][ T1034] loop2: p4 size 3657465856 extends beyond EOD, [ 568.368236][T14901] ? splice_shrink_spd+0x60/0x60 [ 568.371325][ T1034] truncated [ 568.391240][T14901] splice_direct_to_actor+0x2aa/0x650 [ 568.396623][T14901] ? do_splice_direct+0x170/0x170 [ 568.401659][T14901] do_splice_direct+0xf5/0x170 [ 568.406440][T14901] do_sendfile+0x773/0xda0 [ 568.410869][T14901] __x64_sys_sendfile64+0xf2/0x130 [ 568.415994][T14901] do_syscall_64+0x4a/0x90 [ 568.420514][T14901] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 568.426415][T14901] RIP: 0033:0x4665f9 [ 568.430293][T14901] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 568.449896][T14901] RSP: 002b:00007f66db8d7188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 568.458435][T14901] RAX: ffffffffffffffda RBX: 000000000056c008 RCX: 00000000004665f9 [ 568.466392][T14901] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000003 [ 568.474402][T14901] RBP: 00007f66db8d71d0 R08: 0000000000000000 R09: 0000000000000000 [ 568.482458][T14901] R10: 00008080ffffff7e R11: 0000000000000246 R12: 0000000000000002 [ 568.490434][T14901] R13: 00007ffc1c86f7ef R14: 00007f66db8d7300 R15: 0000000000022000 [ 568.502080][T14906] loop3: detected capacity change from 0 to 16 [ 568.513865][T14929] EXT4-fs (loop7): VFS: Can't find ext4 filesystem [ 568.522601][ T1034] loop2: p1 p2 p3 p4 [ 568.528018][ T1034] loop2: p1 start 10 is beyond EOD, truncated [ 568.534147][ T1034] loop2: p2 size 1073872896 extends beyond EOD, truncated [ 568.547169][ T1034] loop2: p3 start 225 is beyond EOD, truncated [ 568.553460][ T1034] loop2: p4 size 3657465856 extends beyond EOD, truncated 17:04:24 executing program 4 (fault-call:11 fault-nth:17): prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x6}, 0x0) r0 = open(&(0x7f00000001c0)='./bus\x00', 0x145842, 0x0) r1 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0) lseek(r1, 0x4200, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r3, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r2, &(0x7f0000000000), 0x10000}]) r4 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r1, r4, 0x0, 0x8400fffffffb) sendfile(r0, r0, 0x0, 0x8080ffffff7e) 17:04:24 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000580)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = socket$inet(0x10, 0x3, 0x0) sendmsg(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000400)="240ec000260007031dfffd946fa2830020200a0009000000001d85680c1ba3a20400ff7e280000001c00ffffba16a0aa1c0009b3ebcd774a3c374a095dca5285307eadea8653a1cc7e63975c", 0x4c}], 0x1}, 0x0) 17:04:24 executing program 3: syz_mount_image$vfat(&(0x7f0000000000), &(0x7f00000001c0)='./file0\x00', 0x0, 0x4, &(0x7f0000000200)=[{&(0x7f0000000080)="eb3c906d6b66732e66617400020101000240008000f801", 0x17}, {&(0x7f0000010100)="00000000000000000000000000000000000000000000000000000000000055aaf8ff", 0x22, 0x1e4}, {&(0x7f0000000140)="53595a4b414c4c45522020080000e680325132510000e680325100000000000041660069006c00650030000f00fc0000ffffffffffffffffffff0000ffffffff46494c45302020202020201000ace670325132510000e670325103", 0x5b, 0x600}, {&(0x7f0000000780)="2ebc9c5d9d20202020202010", 0xc, 0x1000}], 0x0, &(0x7f0000010d00)=ANY=[]) r0 = openat(0xffffffffffffffff, &(0x7f0000000100)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1000002, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x800006, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0xbbd77b4686b03f) mknod$loop(&(0x7f00000000c0)='./file0\x00', 0x6000, 0x1) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f0000000100)=@filename='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='ext2\x00', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000000)='./file0/file0\x00', 0x0, 0x0) preadv(r0, &(0x7f0000000280)=[{&(0x7f0000000040)=""/34, 0x22}], 0x1, 0x7, 0xbd54) 17:04:24 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000200)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in6=@ipv4={'\x00', '\xff\xff', @broadcast}, 0x0, 0x32}, @in=@dev, {0x0, 0x0, 0x0, 0x0, 0x0, 0xb00}, {}, {}, 0x0, 0x0, 0xa, 0xd104, 0x0, 0x24}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0) 17:04:24 executing program 5: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff}) ioctl$F2FS_IOC_RELEASE_COMPRESS_BLOCKS(r0, 0x8008f512, &(0x7f0000000080)) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000340)='memory.events\x00', 0x7a05, 0x1700) ioctl$PERF_EVENT_IOC_PERIOD(r2, 0x40086602, &(0x7f0000000100)=0xee) write$cgroup_type(r1, &(0x7f0000000000), 0x248800) [ 569.119646][T14950] EXT4-fs (loop7): VFS: Can't find ext4 filesystem [ 569.173745][ T1034] loop2: p1 p2 p3 p4 [ 569.178660][ T1034] loop2: p1 start 10 is beyond EOD, truncated [ 569.184784][ T1034] loop2: p2 size 1073872896 extends beyond EOD, truncated [ 569.193687][ T1034] loop2: p3 start 225 is beyond EOD, truncated [ 569.199875][ T1034] loop2: p4 size 3657465856 extends beyond EOD, truncated [ 569.213724][T14966] FAULT_INJECTION: forcing a failure. [ 569.213724][T14966] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 569.226992][T14966] CPU: 1 PID: 14966 Comm: syz-executor.4 Not tainted 5.12.0-syzkaller #0 [ 569.235420][T14966] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 569.245477][T14966] Call Trace: [ 569.248761][T14966] dump_stack+0x137/0x19d [ 569.253107][T14966] should_fail+0x23c/0x250 [ 569.257534][T14966] __alloc_pages+0x102/0x320 [ 569.262298][T14966] alloc_pages+0x21d/0x310 [ 569.266797][T14966] push_pipe+0x267/0x370 [ 569.271075][T14966] iov_iter_get_pages+0xb39/0xcc0 [ 569.276080][T14966] bio_iov_iter_get_pages+0x55f/0xa70 [ 569.281439][T14966] iomap_dio_bio_actor+0x673/0xb50 [ 569.286892][T14966] iomap_dio_actor+0x26e/0x3b0 [ 569.291687][T14966] ? __filemap_fdatawait_range+0x17c/0x1b0 [ 569.297517][T14966] iomap_apply+0x1e2/0x400 [ 569.301928][T14966] __iomap_dio_rw+0x5af/0xad0 [ 569.306619][T14966] ? __iomap_dio_rw+0xad0/0xad0 [ 569.311531][T14966] iomap_dio_rw+0x30/0x70 [ 569.316119][T14966] ext4_file_read_iter+0x21a/0x290 [ 569.321218][T14966] generic_file_splice_read+0x22a/0x310 [ 569.326846][T14966] ? splice_shrink_spd+0x60/0x60 [ 569.331777][T14966] splice_direct_to_actor+0x2aa/0x650 [ 569.337217][T14966] ? do_splice_direct+0x170/0x170 [ 569.342242][T14966] do_splice_direct+0xf5/0x170 [ 569.346989][T14966] do_sendfile+0x773/0xda0 [ 569.351464][T14966] __x64_sys_sendfile64+0xf2/0x130 [ 569.356559][T14966] do_syscall_64+0x4a/0x90 [ 569.361011][T14966] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 569.366910][T14966] RIP: 0033:0x4665f9 [ 569.370786][T14966] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 569.390384][T14966] RSP: 002b:00007f66db8d7188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 569.398917][T14966] RAX: ffffffffffffffda RBX: 000000000056c008 RCX: 00000000004665f9 [ 569.407017][T14966] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000003 [ 569.415312][T14966] RBP: 00007f66db8d71d0 R08: 0000000000000000 R09: 0000000000000000 [ 569.423299][T14966] R10: 00008080ffffff7e R11: 0000000000000246 R12: 0000000000000002 [ 569.431257][T14966] R13: 00007ffc1c86f7ef R14: 00007f66db8d7300 R15: 0000000000022000 17:04:26 executing program 0: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000040)='./file0\x00', 0x0) flistxattr(0xffffffffffffffff, &(0x7f00000000c0)=""/81, 0x23) openat$tcp_congestion(0xffffffffffffff9c, &(0x7f0000000080), 0x1, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp, 0x800, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x6cbaa500, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r0) wait4(0x0, 0x0, 0x0, 0x0) fcntl$getown(0xffffffffffffffff, 0x9) wait4(0x0, 0x0, 0x0, 0x0) fork() 17:04:26 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000580)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = socket$inet(0x10, 0x3, 0x0) sendmsg(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000400)="24000000770007031dfffd946fa2830020200a0009000000001d85680c1ba3a20400ff7e280000001c00ffffba16a0aa1c0009b3ebcd774a3c374a095dca5285307eadea8653a1cc7e63975c", 0x4c}], 0x1}, 0x0) 17:04:26 executing program 3: syz_mount_image$vfat(&(0x7f0000000000), &(0x7f00000001c0)='./file0\x00', 0x0, 0x4, &(0x7f0000000200)=[{&(0x7f0000000080)="eb3c906d6b66732e66617400020101000240008000f801", 0x17}, {&(0x7f0000010100)="00000000000000000000000000000000000000000000000000000000000055aaf8ff", 0x22, 0x1e4}, {&(0x7f0000000140)="53595a4b414c4c45522020080000e680325132510000e680325100000000000041660069006c00650030000f00fc0000ffffffffffffffffffff0000ffffffff46494c45302020202020201000ace670325132510000e670325103", 0x5b, 0x600}, {&(0x7f0000000780)="2ebc9c5d9d20202020202010", 0xc, 0x1000}], 0x0, &(0x7f0000010d00)=ANY=[]) r0 = openat(0xffffffffffffffff, &(0x7f0000000100)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1000002, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x800006, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0xbbd77b4686b03f) mknod$loop(&(0x7f00000000c0)='./file0\x00', 0x6000, 0x1) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f0000000100)=@filename='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='ext2\x00', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000000)='./file0/file0\x00', 0x0, 0x0) preadv(r0, &(0x7f0000000280)=[{&(0x7f0000000040)=""/34, 0x22}], 0x1, 0x7, 0xbd54) 17:04:26 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000200)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in6=@ipv4={'\x00', '\xff\xff', @broadcast}, 0x0, 0x32}, @in=@dev, {0x0, 0x0, 0x0, 0x0, 0x0, 0xc00}, {}, {}, 0x0, 0x0, 0xa, 0xd104, 0x0, 0x24}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0) 17:04:26 executing program 5: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff}) ioctl$F2FS_IOC_RELEASE_COMPRESS_BLOCKS(r0, 0x8008f512, &(0x7f0000000080)) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000340)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(r1, &(0x7f0000000000), 0x248800) 17:04:26 executing program 4 (fault-call:11 fault-nth:18): prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x6}, 0x0) r0 = open(&(0x7f00000001c0)='./bus\x00', 0x145842, 0x0) r1 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0) lseek(r1, 0x4200, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r3, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r2, &(0x7f0000000000), 0x10000}]) r4 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r1, r4, 0x0, 0x8400fffffffb) sendfile(r0, r0, 0x0, 0x8080ffffff7e) [ 571.161727][T14981] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=119 sclass=netlink_route_socket pid=14981 comm=syz-executor.2 [ 571.176795][T14982] EXT4-fs (loop7): VFS: Can't find ext4 filesystem 17:04:26 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000200)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in6=@ipv4={'\x00', '\xff\xff', @broadcast}, 0x0, 0x32}, @in=@dev, {0x0, 0x0, 0x0, 0x0, 0x0, 0xd00}, {}, {}, 0x0, 0x0, 0xa, 0xd104, 0x0, 0x24}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0) 17:04:26 executing program 5: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff}) ioctl$F2FS_IOC_RELEASE_COMPRESS_BLOCKS(r0, 0x8008f512, &(0x7f0000000080)) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000340)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(r1, &(0x7f0000000000), 0x248800) 17:04:26 executing program 3: syz_mount_image$vfat(&(0x7f0000000000), &(0x7f00000001c0)='./file0\x00', 0x0, 0x4, &(0x7f0000000200)=[{&(0x7f0000000080)="eb3c906d6b66732e66617400020101000240008000f801", 0x17}, {&(0x7f0000010100)="00000000000000000000000000000000000000000000000000000000000055aaf8ff", 0x22, 0x1e4}, {&(0x7f0000000140)="53595a4b414c4c45522020080000e680325132510000e680325100000000000041660069006c00650030000f00fc0000ffffffffffffffffffff0000ffffffff46494c45302020202020201000ace670325132510000e670325103", 0x5b, 0x600}, {&(0x7f0000000780)="2ebc9c5d9d20202020202010", 0xc, 0x1000}], 0x0, &(0x7f0000010d00)=ANY=[]) r0 = openat(0xffffffffffffffff, &(0x7f0000000100)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1000002, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x800006, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0xbbd77b4686b03f) mknod$loop(&(0x7f00000000c0)='./file0\x00', 0x6000, 0x1) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f0000000100)=@filename='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='ext2\x00', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000000)='./file0/file0\x00', 0x0, 0x0) preadv(r0, &(0x7f0000000280)=[{&(0x7f0000000040)=""/34, 0x22}], 0x1, 0x7, 0xbd54) [ 571.219768][T14981] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.2'. [ 571.237985][T14993] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=119 sclass=netlink_route_socket pid=14993 comm=syz-executor.2 [ 571.255132][T14993] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.2'. [ 571.262123][T14996] FAULT_INJECTION: forcing a failure. [ 571.262123][T14996] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 571.277928][T14996] CPU: 0 PID: 14996 Comm: syz-executor.4 Not tainted 5.12.0-syzkaller #0 [ 571.286350][T14996] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 571.296412][T14996] Call Trace: [ 571.299692][T14996] dump_stack+0x137/0x19d [ 571.304101][T14996] should_fail+0x23c/0x250 [ 571.308526][T14996] __alloc_pages+0x102/0x320 [ 571.313123][T14996] alloc_pages+0x21d/0x310 [ 571.317550][T14996] push_pipe+0x267/0x370 [ 571.321804][T14996] iov_iter_get_pages+0xb39/0xcc0 [ 571.326828][T14996] bio_iov_iter_get_pages+0x55f/0xa70 [ 571.332221][T14996] iomap_dio_bio_actor+0x673/0xb50 [ 571.337339][T14996] iomap_dio_actor+0x26e/0x3b0 [ 571.342112][T14996] ? __filemap_fdatawait_range+0x17c/0x1b0 [ 571.347986][T14996] iomap_apply+0x1e2/0x400 [ 571.352466][T14996] __iomap_dio_rw+0x5af/0xad0 [ 571.357145][T14996] ? __iomap_dio_rw+0xad0/0xad0 [ 571.362001][T14996] iomap_dio_rw+0x30/0x70 [ 571.366332][T14996] ext4_file_read_iter+0x21a/0x290 [ 571.371456][T14996] generic_file_splice_read+0x22a/0x310 [ 571.377005][T14996] ? splice_shrink_spd+0x60/0x60 [ 571.381946][T14996] splice_direct_to_actor+0x2aa/0x650 [ 571.387326][T14996] ? do_splice_direct+0x170/0x170 [ 571.387682][T15002] EXT4-fs (loop7): VFS: Can't find ext4 filesystem [ 571.392356][T14996] do_splice_direct+0xf5/0x170 [ 571.392379][T14996] do_sendfile+0x773/0xda0 [ 571.392398][T14996] __x64_sys_sendfile64+0xf2/0x130 [ 571.392415][T14996] do_syscall_64+0x4a/0x90 17:04:27 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000200)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in6=@ipv4={'\x00', '\xff\xff', @broadcast}, 0x0, 0x32}, @in=@dev, {0x0, 0x0, 0x0, 0x0, 0x0, 0xe00}, {}, {}, 0x0, 0x0, 0xa, 0xd104, 0x0, 0x24}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0) 17:04:27 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000580)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = socket$inet(0x10, 0x3, 0x0) sendmsg(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000400)="24000200260007031dfffd946fa2830020200a0009000000001d85680c1ba3a20400ff7e280000001c00ffffba16a0aa1c0009b3ebcd774a3c374a095dca5285307eadea8653a1cc7e63975c", 0x4c}], 0x1}, 0x0) 17:04:27 executing program 5: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff}) ioctl$F2FS_IOC_RELEASE_COMPRESS_BLOCKS(r0, 0x8008f512, &(0x7f0000000080)) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000340)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(r1, &(0x7f0000000000), 0x248800) [ 571.417550][T14996] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 571.423514][T14996] RIP: 0033:0x4665f9 [ 571.427403][T14996] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 571.447063][T14996] RSP: 002b:00007f66db8d7188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 571.455488][T14996] RAX: ffffffffffffffda RBX: 000000000056c008 RCX: 00000000004665f9 [ 571.463459][T14996] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000003 [ 571.471437][T14996] RBP: 00007f66db8d71d0 R08: 0000000000000000 R09: 0000000000000000 [ 571.479460][T14996] R10: 00008080ffffff7e R11: 0000000000000246 R12: 0000000000000002 [ 571.487442][T14996] R13: 00007ffc1c86f7ef R14: 00007f66db8d7300 R15: 0000000000022000 [ 571.497916][ T1034] loop2: p1 p2 p3 p4 [ 571.503067][ T1034] loop2: p1 start 10 is beyond EOD, truncated [ 571.509232][ T1034] loop2: p2 size 1073872896 extends beyond EOD, truncated [ 571.524078][ T1034] loop2: p3 start 225 is beyond EOD, truncated [ 571.530467][ T1034] loop2: p4 size 3657465856 extends beyond EOD, truncated [ 571.561699][ T1034] loop2: p1 p2 p3 p4 [ 571.565816][ T1034] loop2: p1 start 10 is beyond EOD, truncated [ 571.571925][ T1034] loop2: p2 size 1073872896 extends beyond EOD, truncated [ 571.580365][ T1034] loop2: p3 start 225 is beyond EOD, truncated [ 571.586657][ T1034] loop2: p4 size 3657465856 extends beyond EOD, truncated 17:04:29 executing program 3: syz_mount_image$vfat(&(0x7f0000000000), &(0x7f00000001c0)='./file0\x00', 0x0, 0x4, &(0x7f0000000200)=[{&(0x7f0000000080)="eb3c906d6b66732e66617400020101000240008000f801", 0x17}, {&(0x7f0000010100)="00000000000000000000000000000000000000000000000000000000000055aaf8ff", 0x22, 0x1e4}, {&(0x7f0000000140)="53595a4b414c4c45522020080000e680325132510000e680325100000000000041660069006c00650030000f00fc0000ffffffffffffffffffff0000ffffffff46494c45302020202020201000ace670325132510000e670325103", 0x5b, 0x600}, {&(0x7f0000000780)="2ebc9c5d9d20202020202010", 0xc, 0x1000}], 0x0, &(0x7f0000010d00)=ANY=[]) r0 = openat(0xffffffffffffffff, &(0x7f0000000100)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1000002, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x800006, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0xbbd77b4686b03f) mknod$loop(&(0x7f00000000c0)='./file0\x00', 0x6000, 0x1) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f0000000100)=@filename='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='ext2\x00', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000000)='./file0/file0\x00', 0x0, 0x0) 17:04:29 executing program 4 (fault-call:11 fault-nth:19): prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x6}, 0x0) r0 = open(&(0x7f00000001c0)='./bus\x00', 0x145842, 0x0) r1 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0) lseek(r1, 0x4200, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r3, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r2, &(0x7f0000000000), 0x10000}]) r4 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r1, r4, 0x0, 0x8400fffffffb) sendfile(r0, r0, 0x0, 0x8080ffffff7e) 17:04:29 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000200)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in6=@ipv4={'\x00', '\xff\xff', @broadcast}, 0x0, 0x32}, @in=@dev, {0x0, 0x0, 0x0, 0x0, 0x0, 0x1100}, {}, {}, 0x0, 0x0, 0xa, 0xd104, 0x0, 0x24}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0) 17:04:29 executing program 5: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff}) ioctl$F2FS_IOC_RELEASE_COMPRESS_BLOCKS(r0, 0x8008f512, &(0x7f0000000080)) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(r1, &(0x7f0000000000), 0x248800) 17:04:29 executing program 0: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000740)={0xffffffffffffffff, 0xffffffffffffffff}) socket$nl_generic(0x10, 0x3, 0x10) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = openat$null(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r4 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) syz_open_procfs$userns(0xffffffffffffffff, &(0x7f00000000c0)) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$unix(r0, &(0x7f0000000a00)={0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="1c000000000000000100000001000000", @ANYRES32=r2, @ANYRES32=r3, @ANYRES32=r4, @ANYBLOB="00000000ba5981e79b9ff88b9627c3eb510556fff13b2cbafc12452b59d13f10264dac4270788f850466c15d2e10e8fa6175d7bb9d878055d40ec782f28e3e0eda29a92756b990cd52befd4e07dfbab731e657d5adb4b29d2bdeee37f895285c62049c7f7ba6eb0a97ff6ff23580bb8f663c1ead6fd08e22b18889d754c1bec3c00af6528eff2aa2a676b889dbc8248186c0546953b3e566ca75ef88"], 0x20}, 0x0) r5 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/locks\x00', 0x0, 0x0) dup2(r5, r1) 17:04:29 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000580)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = socket$inet(0x10, 0x3, 0x0) sendmsg(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000400)="24000300260007031dfffd946fa2830020200a0009000000001d85680c1ba3a20400ff7e280000001c00ffffba16a0aa1c0009b3ebcd774a3c374a095dca5285307eadea8653a1cc7e63975c", 0x4c}], 0x1}, 0x0) 17:04:29 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000200)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in6=@ipv4={'\x00', '\xff\xff', @broadcast}, 0x0, 0x32}, @in=@dev, {0x0, 0x0, 0x0, 0x0, 0x0, 0x1200}, {}, {}, 0x0, 0x0, 0xa, 0xd104, 0x0, 0x24}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0) 17:04:29 executing program 5: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff}) ioctl$F2FS_IOC_RELEASE_COMPRESS_BLOCKS(r0, 0x8008f512, &(0x7f0000000080)) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(r1, &(0x7f0000000000), 0x248800) 17:04:29 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000580)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = socket$inet(0x10, 0x3, 0x0) sendmsg(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000400)="24000400260007031dfffd946fa2830020200a0009000000001d85680c1ba3a20400ff7e280000001c00ffffba16a0aa1c0009b3ebcd774a3c374a095dca5285307eadea8653a1cc7e63975c", 0x4c}], 0x1}, 0x0) 17:04:29 executing program 3: syz_mount_image$vfat(&(0x7f0000000000), &(0x7f00000001c0)='./file0\x00', 0x0, 0x4, &(0x7f0000000200)=[{&(0x7f0000000080)="eb3c906d6b66732e66617400020101000240008000f801", 0x17}, {&(0x7f0000010100)="00000000000000000000000000000000000000000000000000000000000055aaf8ff", 0x22, 0x1e4}, {&(0x7f0000000140)="53595a4b414c4c45522020080000e680325132510000e680325100000000000041660069006c00650030000f00fc0000ffffffffffffffffffff0000ffffffff46494c45302020202020201000ace670325132510000e670325103", 0x5b, 0x600}, {&(0x7f0000000780)="2ebc9c5d9d20202020202010", 0xc, 0x1000}], 0x0, &(0x7f0000010d00)=ANY=[]) r0 = openat(0xffffffffffffffff, &(0x7f0000000100)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1000002, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x800006, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0xbbd77b4686b03f) mknod$loop(&(0x7f00000000c0)='./file0\x00', 0x6000, 0x1) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f0000000100)=@filename='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='ext2\x00', 0x0, 0x0) [ 574.209488][T15050] EXT4-fs (loop7): VFS: Can't find ext4 filesystem 17:04:30 executing program 0: open_tree(0xffffffffffffffff, &(0x7f0000000040)='./file0\x00', 0x9900) set_mempolicy(0x3, &(0x7f00000000c0)=0x81, 0x3fab) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(r0, &(0x7f0000000000), 0x248800) [ 574.283621][T15059] FAULT_INJECTION: forcing a failure. [ 574.283621][T15059] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 574.296921][T15059] CPU: 1 PID: 15059 Comm: syz-executor.4 Not tainted 5.12.0-syzkaller #0 [ 574.305340][T15059] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 574.315396][T15059] Call Trace: [ 574.318676][T15059] dump_stack+0x137/0x19d [ 574.323014][T15059] should_fail+0x23c/0x250 [ 574.327435][T15059] __alloc_pages+0x102/0x320 [ 574.332145][T15059] alloc_pages+0x21d/0x310 [ 574.336607][T15059] push_pipe+0x267/0x370 [ 574.340854][T15059] iov_iter_get_pages+0xb39/0xcc0 [ 574.345877][T15059] bio_iov_iter_get_pages+0x55f/0xa70 [ 574.351253][T15059] iomap_dio_bio_actor+0x673/0xb50 [ 574.356394][T15059] iomap_dio_actor+0x26e/0x3b0 [ 574.361169][T15059] ? __filemap_fdatawait_range+0x17c/0x1b0 [ 574.366983][T15059] iomap_apply+0x1e2/0x400 [ 574.371399][T15059] __iomap_dio_rw+0x5af/0xad0 [ 574.376078][T15059] ? __iomap_dio_rw+0xad0/0xad0 [ 574.380930][T15059] iomap_dio_rw+0x30/0x70 [ 574.385257][T15059] ext4_file_read_iter+0x21a/0x290 [ 574.390423][T15059] generic_file_splice_read+0x22a/0x310 [ 574.395981][T15059] ? splice_shrink_spd+0x60/0x60 [ 574.400996][T15059] splice_direct_to_actor+0x2aa/0x650 [ 574.406610][T15059] ? do_splice_direct+0x170/0x170 [ 574.411660][T15059] do_splice_direct+0xf5/0x170 [ 574.416406][T15059] do_sendfile+0x773/0xda0 [ 574.420862][T15059] __x64_sys_sendfile64+0xf2/0x130 [ 574.425999][T15059] do_syscall_64+0x4a/0x90 [ 574.430464][T15059] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 574.436360][T15059] RIP: 0033:0x4665f9 [ 574.440353][T15059] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 574.459945][T15059] RSP: 002b:00007f66db8d7188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 574.468362][T15059] RAX: ffffffffffffffda RBX: 000000000056c008 RCX: 00000000004665f9 [ 574.476321][T15059] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000003 [ 574.484283][T15059] RBP: 00007f66db8d71d0 R08: 0000000000000000 R09: 0000000000000000 [ 574.492240][T15059] R10: 00008080ffffff7e R11: 0000000000000246 R12: 0000000000000002 [ 574.500218][T15059] R13: 00007ffc1c86f7ef R14: 00007f66db8d7300 R15: 0000000000022000 [ 574.515695][ T1034] loop2: p1 p2 p3 p4 [ 574.522057][ T1034] loop2: p1 start 10 is beyond EOD, truncated [ 574.528163][ T1034] loop2: p2 size 1073872896 extends beyond EOD, truncated 17:04:30 executing program 5: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff}) ioctl$F2FS_IOC_RELEASE_COMPRESS_BLOCKS(r0, 0x8008f512, &(0x7f0000000080)) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(r1, &(0x7f0000000000), 0x248800) 17:04:30 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000200)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in6=@ipv4={'\x00', '\xff\xff', @broadcast}, 0x0, 0x32}, @in=@dev, {0x0, 0x0, 0x0, 0x0, 0x0, 0x1400}, {}, {}, 0x0, 0x0, 0xa, 0xd104, 0x0, 0x24}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0) 17:04:30 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000580)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = socket$inet(0x10, 0x3, 0x0) sendmsg(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000400)="24000500260007031dfffd946fa2830020200a0009000000001d85680c1ba3a20400ff7e280000001c00ffffba16a0aa1c0009b3ebcd774a3c374a095dca5285307eadea8653a1cc7e63975c", 0x4c}], 0x1}, 0x0) [ 574.557488][ T1034] loop2: p3 start 225 is beyond EOD, truncated [ 574.563820][ T1034] loop2: p4 size 3657465856 extends beyond EOD, truncated [ 574.573456][T15074] EXT4-fs (loop7): VFS: Can't find ext4 filesystem [ 574.673801][ T1034] loop2: p1 p2 p3 p4 [ 574.678110][ T1034] loop2: p1 start 10 is beyond EOD, truncated [ 574.684292][ T1034] loop2: p2 size 1073872896 extends beyond EOD, truncated [ 574.692569][ T1034] loop2: p3 start 225 is beyond EOD, truncated [ 574.698966][ T1034] loop2: p4 size 3657465856 extends beyond EOD, truncated [ 574.735274][ T1034] loop2: p1 p2 p3 p4 [ 574.739419][ T1034] loop2: p1 start 10 is beyond EOD, truncated [ 574.745573][ T1034] loop2: p2 size 1073872896 extends beyond EOD, truncated [ 574.753753][ T1034] loop2: p3 start 225 is beyond EOD, truncated [ 574.759915][ T1034] loop2: p4 size 3657465856 extends beyond EOD, truncated 17:04:30 executing program 4 (fault-call:11 fault-nth:20): prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x6}, 0x0) r0 = open(&(0x7f00000001c0)='./bus\x00', 0x145842, 0x0) r1 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0) lseek(r1, 0x4200, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r3, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r2, &(0x7f0000000000), 0x10000}]) r4 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r1, r4, 0x0, 0x8400fffffffb) sendfile(r0, r0, 0x0, 0x8080ffffff7e) 17:04:30 executing program 0: syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f0000000040)="0201630000000a000000ff45ac0000ffffffa9000800000000000000024000ffffffbf000000e10000008877007200300700a5ffffff00000000008000da55aa", 0x40, 0x1c0}]) 17:04:30 executing program 3: syz_mount_image$vfat(&(0x7f0000000000), &(0x7f00000001c0)='./file0\x00', 0x0, 0x4, &(0x7f0000000200)=[{&(0x7f0000000080)="eb3c906d6b66732e66617400020101000240008000f801", 0x17}, {&(0x7f0000010100)="00000000000000000000000000000000000000000000000000000000000055aaf8ff", 0x22, 0x1e4}, {&(0x7f0000000140)="53595a4b414c4c45522020080000e680325132510000e680325100000000000041660069006c00650030000f00fc0000ffffffffffffffffffff0000ffffffff46494c45302020202020201000ace670325132510000e670325103", 0x5b, 0x600}, {&(0x7f0000000780)="2ebc9c5d9d20202020202010", 0xc, 0x1000}], 0x0, &(0x7f0000010d00)=ANY=[]) r0 = openat(0xffffffffffffffff, &(0x7f0000000100)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1000002, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x800006, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0xbbd77b4686b03f) mknod$loop(&(0x7f00000000c0)='./file0\x00', 0x6000, 0x1) mount(&(0x7f0000000100)=@filename='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='ext2\x00', 0x0, 0x0) 17:04:30 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000200)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in6=@ipv4={'\x00', '\xff\xff', @broadcast}, 0x0, 0x32}, @in=@dev, {0x0, 0x0, 0x0, 0x0, 0x0, 0x1700}, {}, {}, 0x0, 0x0, 0xa, 0xd104, 0x0, 0x24}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0) 17:04:30 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000580)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = socket$inet(0x10, 0x3, 0x0) sendmsg(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000400)="24000600260007031dfffd946fa2830020200a0009000000001d85680c1ba3a20400ff7e280000001c00ffffba16a0aa1c0009b3ebcd774a3c374a095dca5285307eadea8653a1cc7e63975c", 0x4c}], 0x1}, 0x0) 17:04:30 executing program 5: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff}) ioctl$F2FS_IOC_RELEASE_COMPRESS_BLOCKS(r0, 0x8008f512, &(0x7f0000000080)) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000340)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(0xffffffffffffffff, &(0x7f0000000000), 0x248800) 17:04:30 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000200)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in6=@ipv4={'\x00', '\xff\xff', @broadcast}, 0x0, 0x32}, @in=@dev, {0x0, 0x0, 0x0, 0x0, 0x0, 0x2000}, {}, {}, 0x0, 0x0, 0xa, 0xd104, 0x0, 0x24}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0) 17:04:30 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000580)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = socket$inet(0x10, 0x3, 0x0) sendmsg(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000400)="24000700260007031dfffd946fa2830020200a0009000000001d85680c1ba3a20400ff7e280000001c00ffffba16a0aa1c0009b3ebcd774a3c374a095dca5285307eadea8653a1cc7e63975c", 0x4c}], 0x1}, 0x0) 17:04:30 executing program 5: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff}) ioctl$F2FS_IOC_RELEASE_COMPRESS_BLOCKS(r0, 0x8008f512, &(0x7f0000000080)) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000340)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(0xffffffffffffffff, &(0x7f0000000000), 0x248800) [ 575.137712][T15111] EXT4-fs (loop7): VFS: Can't find ext4 filesystem [ 575.150172][T15115] loop0: detected capacity change from 0 to 1 [ 575.220141][T15115] loop0: p1 p2 p3 p4 [ 575.225205][ T1034] loop2: p1 p2 p3 p4 [ 575.227999][T15130] FAULT_INJECTION: forcing a failure. [ 575.227999][T15130] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 575.229433][ T1034] loop2: p1 start 10 is beyond EOD, truncated [ 575.242432][T15130] CPU: 0 PID: 15130 Comm: syz-executor.4 Not tainted 5.12.0-syzkaller #0 [ 575.248489][ T1034] loop2: p2 size 1073872896 extends beyond EOD, [ 575.256880][T15130] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 575.256893][T15130] Call Trace: [ 575.256901][T15130] dump_stack+0x137/0x19d [ 575.263234][ T1034] truncated [ 575.273248][T15130] should_fail+0x23c/0x250 [ 575.273333][T15130] __alloc_pages+0x102/0x320 [ 575.276880][T15115] loop0: p1 start 10 is beyond EOD, [ 575.280904][T15130] alloc_pages+0x21d/0x310 [ 575.284038][T15115] truncated [ 575.288406][T15130] push_pipe+0x267/0x370 [ 575.288426][T15130] iov_iter_get_pages+0xb39/0xcc0 [ 575.288441][T15130] bio_iov_iter_get_pages+0x55f/0xa70 [ 575.288464][T15130] iomap_dio_bio_actor+0x673/0xb50 [ 575.293073][T15115] loop0: p2 size 1073872896 extends beyond EOD, [ 575.298292][T15130] iomap_dio_actor+0x26e/0x3b0 [ 575.302769][T15115] truncated [ 575.305794][T15130] ? __filemap_fdatawait_range+0x17c/0x1b0 [ 575.319102][T15115] loop0: p3 start 225 is beyond EOD, [ 575.320378][T15130] iomap_apply+0x1e2/0x400 [ 575.325532][T15115] truncated [ 575.331825][T15130] __iomap_dio_rw+0x5af/0xad0 [ 575.331847][T15130] ? __iomap_dio_rw+0xad0/0xad0 [ 575.331866][T15130] iomap_dio_rw+0x30/0x70 [ 575.331885][T15130] ext4_file_read_iter+0x21a/0x290 [ 575.336616][T15115] loop0: p4 size 3657465856 extends beyond EOD, [ 575.339702][T15130] generic_file_splice_read+0x22a/0x310 [ 575.345494][T15115] truncated [ 575.350827][T15130] ? splice_shrink_spd+0x60/0x60 [ 575.364217][ T1034] loop2: p3 start 225 is beyond EOD, [ 575.368076][T15130] splice_direct_to_actor+0x2aa/0x650 [ 575.368103][T15130] ? do_splice_direct+0x170/0x170 [ 575.368125][T15130] do_splice_direct+0xf5/0x170 [ 575.372461][ T1034] truncated [ 575.377524][T15130] do_sendfile+0x773/0xda0 [ 575.383848][ T1034] loop2: p4 size 3657465856 extends beyond EOD, [ 575.389344][T15130] __x64_sys_sendfile64+0xf2/0x130 [ 575.392445][ T1034] truncated [ 575.397342][T15130] do_syscall_64+0x4a/0x90 [ 575.444257][T15130] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 575.450212][T15130] RIP: 0033:0x4665f9 17:04:31 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000200)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in6=@ipv4={'\x00', '\xff\xff', @broadcast}, 0x0, 0x32}, @in=@dev, {0x0, 0x0, 0x0, 0x0, 0x0, 0x8006}, {}, {}, 0x0, 0x0, 0xa, 0xd104, 0x0, 0x24}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0) 17:04:31 executing program 3: syz_mount_image$vfat(&(0x7f0000000000), &(0x7f00000001c0)='./file0\x00', 0x0, 0x4, &(0x7f0000000200)=[{&(0x7f0000000080)="eb3c906d6b66732e66617400020101000240008000f801", 0x17}, {&(0x7f0000010100)="00000000000000000000000000000000000000000000000000000000000055aaf8ff", 0x22, 0x1e4}, {&(0x7f0000000140)="53595a4b414c4c45522020080000e680325132510000e680325100000000000041660069006c00650030000f00fc0000ffffffffffffffffffff0000ffffffff46494c45302020202020201000ace670325132510000e670325103", 0x5b, 0x600}, {&(0x7f0000000780)="2ebc9c5d9d20202020202010", 0xc, 0x1000}], 0x0, &(0x7f0000010d00)=ANY=[]) r0 = openat(0xffffffffffffffff, &(0x7f0000000100)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1000002, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x800006, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0xbbd77b4686b03f) mknod$loop(&(0x7f00000000c0)='./file0\x00', 0x6000, 0x1) mount(&(0x7f0000000100)=@filename='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='ext2\x00', 0x0, 0x0) [ 575.454148][T15130] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 575.473833][T15130] RSP: 002b:00007f66db8d7188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 575.482252][T15130] RAX: ffffffffffffffda RBX: 000000000056c008 RCX: 00000000004665f9 [ 575.490275][T15130] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000003 [ 575.498405][T15130] RBP: 00007f66db8d71d0 R08: 0000000000000000 R09: 0000000000000000 [ 575.506510][T15130] R10: 00008080ffffff7e R11: 0000000000000246 R12: 0000000000000002 17:04:31 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000580)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = socket$inet(0x10, 0x3, 0x0) sendmsg(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000400)="24000800260007031dfffd946fa2830020200a0009000000001d85680c1ba3a20400ff7e280000001c00ffffba16a0aa1c0009b3ebcd774a3c374a095dca5285307eadea8653a1cc7e63975c", 0x4c}], 0x1}, 0x0) [ 575.514467][T15130] R13: 00007ffc1c86f7ef R14: 00007f66db8d7300 R15: 0000000000022000 [ 575.592939][T15158] EXT4-fs (loop7): VFS: Can't find ext4 filesystem [ 575.600811][T15115] loop0: detected capacity change from 0 to 1 [ 575.627336][ T1034] loop2: p1 p2 p3 p4 [ 575.632035][ T1034] loop2: p1 start 10 is beyond EOD, truncated [ 575.638341][ T1034] loop2: p2 size 1073872896 extends beyond EOD, truncated [ 575.646415][T15115] loop0: p1 p2 p3 p4 [ 575.656871][T15115] loop0: p1 start 10 is beyond EOD, truncated [ 575.663008][T15115] loop0: p2 size 1073872896 extends beyond EOD, truncated [ 575.675353][T15115] loop0: p3 start 225 is beyond EOD, truncated [ 575.681739][T15115] loop0: p4 size 3657465856 extends beyond EOD, truncated [ 575.690439][ T1034] loop2: p3 start 225 is beyond EOD, truncated [ 575.697010][ T1034] loop2: p4 size 3657465856 extends beyond EOD, truncated [ 575.783584][ T1034] loop0: p1 p2 p3 p4 [ 575.787770][ T1034] loop0: p1 start 10 is beyond EOD, truncated [ 575.793999][ T1034] loop0: p2 size 1073872896 extends beyond EOD, truncated [ 575.801673][ T1034] loop0: p3 start 225 is beyond EOD, truncated [ 575.807999][ T1034] loop0: p4 size 3657465856 extends beyond EOD, truncated 17:04:31 executing program 4 (fault-call:11 fault-nth:21): prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x6}, 0x0) r0 = open(&(0x7f00000001c0)='./bus\x00', 0x145842, 0x0) r1 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0) lseek(r1, 0x4200, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r3, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r2, &(0x7f0000000000), 0x10000}]) r4 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r1, r4, 0x0, 0x8400fffffffb) sendfile(r0, r0, 0x0, 0x8080ffffff7e) 17:04:31 executing program 5: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff}) ioctl$F2FS_IOC_RELEASE_COMPRESS_BLOCKS(r0, 0x8008f512, &(0x7f0000000080)) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000340)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(0xffffffffffffffff, &(0x7f0000000000), 0x248800) 17:04:31 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000200)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in6=@ipv4={'\x00', '\xff\xff', @broadcast}, 0x0, 0x32}, @in=@dev, {0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000}, {}, {}, 0x0, 0x0, 0xa, 0xd104, 0x0, 0x24}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0) 17:04:31 executing program 3: syz_mount_image$vfat(&(0x7f0000000000), &(0x7f00000001c0)='./file0\x00', 0x0, 0x4, &(0x7f0000000200)=[{&(0x7f0000000080)="eb3c906d6b66732e66617400020101000240008000f801", 0x17}, {&(0x7f0000010100)="00000000000000000000000000000000000000000000000000000000000055aaf8ff", 0x22, 0x1e4}, {&(0x7f0000000140)="53595a4b414c4c45522020080000e680325132510000e680325100000000000041660069006c00650030000f00fc0000ffffffffffffffffffff0000ffffffff46494c45302020202020201000ace670325132510000e670325103", 0x5b, 0x600}, {&(0x7f0000000780)="2ebc9c5d9d20202020202010", 0xc, 0x1000}], 0x0, &(0x7f0000010d00)=ANY=[]) r0 = openat(0xffffffffffffffff, &(0x7f0000000100)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1000002, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x800006, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0xbbd77b4686b03f) mknod$loop(&(0x7f00000000c0)='./file0\x00', 0x6000, 0x1) mount(&(0x7f0000000100)=@filename='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='ext2\x00', 0x0, 0x0) 17:04:31 executing program 0: r0 = syz_mount_image$ext4(&(0x7f0000000000)='ext2\x00', &(0x7f0000000040)='./file0\x00', 0x83600, 0x6, &(0x7f0000000540)=[{&(0x7f0000000100)="200000000002000019220000600100000f000000000000000000000004000000000002000020000020000000ddf4655fddf4655f0100ffff53ef010001000000ddf4655f000000000000000001000000000000000b0000000001000008000000d24200001203", 0x66, 0x9}, {&(0x7f0000000180)="0000000000000000000000026856d49a00cc4371bd6a7c893f280045010040", 0x1f, 0x4}, {&(0x7f0000010300)="03", 0x1, 0x6}, {&(0x7f0000000080)="030000000400000005", 0x9, 0x1}, {&(0x7f0000010e00)="ed41000000040000ddf4655fddf4655fddf4655f000000000000040020", 0x1d, 0x1500}, {&(0x7f00000000c0)="0004", 0x2, 0x1600}], 0x2000881, &(0x7f00000001c0)) r1 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0) r2 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) getdents(r2, 0x0, 0x18) dup2(r2, r0) preadv(r1, &(0x7f0000000280), 0x100000000000008d, 0x4, 0x0) 17:04:31 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000580)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = socket$inet(0x10, 0x3, 0x0) sendmsg(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000400)="24000900260007031dfffd946fa2830020200a0009000000001d85680c1ba3a20400ff7e280000001c00ffffba16a0aa1c0009b3ebcd774a3c374a095dca5285307eadea8653a1cc7e63975c", 0x4c}], 0x1}, 0x0) 17:04:31 executing program 5: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) pipe(&(0x7f0000000040)) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000340)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(r0, &(0x7f0000000000), 0x248800) 17:04:31 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000580)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = socket$inet(0x10, 0x3, 0x0) sendmsg(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000400)="24000a00260007031dfffd946fa2830020200a0009000000001d85680c1ba3a20400ff7e280000001c00ffffba16a0aa1c0009b3ebcd774a3c374a095dca5285307eadea8653a1cc7e63975c", 0x4c}], 0x1}, 0x0) 17:04:31 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000200)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in6=@ipv4={'\x00', '\xff\xff', @broadcast}, 0x0, 0x32}, @in=@dev, {0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000}, {}, {}, 0x0, 0x0, 0xa, 0xd104, 0x0, 0x24}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0) 17:04:31 executing program 3: syz_mount_image$vfat(&(0x7f0000000000), &(0x7f00000001c0)='./file0\x00', 0x0, 0x4, &(0x7f0000000200)=[{&(0x7f0000000080)="eb3c906d6b66732e66617400020101000240008000f801", 0x17}, {&(0x7f0000010100)="00000000000000000000000000000000000000000000000000000000000055aaf8ff", 0x22, 0x1e4}, {&(0x7f0000000140)="53595a4b414c4c45522020080000e680325132510000e680325100000000000041660069006c00650030000f00fc0000ffffffffffffffffffff0000ffffffff46494c45302020202020201000ace670325132510000e670325103", 0x5b, 0x600}, {&(0x7f0000000780)="2ebc9c5d9d20202020202010", 0xc, 0x1000}], 0x0, &(0x7f0000010d00)=ANY=[]) r0 = openat(0xffffffffffffffff, &(0x7f0000000100)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1000002, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x800006, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0xbbd77b4686b03f) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f0000000100)=@filename='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='ext2\x00', 0x0, 0x0) [ 576.107591][T15192] loop0: detected capacity change from 0 to 1051 [ 576.124428][T15194] EXT4-fs (loop7): VFS: Can't find ext4 filesystem [ 576.146743][T15192] EXT4-fs (loop0): VFS: Can't find ext4 filesystem [ 576.198293][T15192] loop0: detected capacity change from 0 to 1051 [ 576.206814][T15192] EXT4-fs (loop0): VFS: Can't find ext4 filesystem [ 576.225152][ T1034] loop2: p1 p2 p3 p4 [ 576.233611][T15214] FAULT_INJECTION: forcing a failure. [ 576.233611][T15214] name failslab, interval 1, probability 0, space 0, times 0 [ 576.246377][T15214] CPU: 1 PID: 15214 Comm: syz-executor.4 Not tainted 5.12.0-syzkaller #0 [ 576.254784][T15214] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 576.264990][T15214] Call Trace: [ 576.268254][T15214] dump_stack+0x137/0x19d [ 576.272619][T15214] should_fail+0x23c/0x250 [ 576.277023][T15214] __should_failslab+0x81/0x90 [ 576.281774][T15214] should_failslab+0x5/0x20 [ 576.286406][T15214] kmem_cache_alloc_node+0x58/0x2b0 [ 576.291611][T15214] ? create_task_io_context+0x36/0x210 [ 576.297164][T15214] create_task_io_context+0x36/0x210 [ 576.301069][ T1034] loop2: p1 start 10 is beyond EOD, truncated [ 576.302434][T15214] submit_bio_checks+0x778/0x800 [ 576.308516][ T1034] loop2: p2 size 1073872896 extends beyond EOD, truncated [ 576.313432][T15214] ? iov_iter_advance+0xcd6/0xe10 [ 576.326609][T15214] submit_bio_noacct+0x33/0x7e0 [ 576.327634][ T1034] loop2: p3 start 225 is beyond EOD, [ 576.331628][T15214] ? bio_iov_iter_get_pages+0xa17/0xa70 [ 576.331651][T15214] submit_bio+0x16d/0x2b0 [ 576.331672][T15214] iomap_dio_bio_actor+0x91d/0xb50 [ 576.337035][ T1034] truncated [ 576.337041][ T1034] loop2: p4 size 3657465856 extends beyond EOD, [ 576.342555][T15214] iomap_dio_actor+0x26e/0x3b0 [ 576.342577][T15214] ? __filemap_fdatawait_range+0x17c/0x1b0 [ 576.346879][ T1034] truncated [ 576.375027][T15214] iomap_apply+0x1e2/0x400 [ 576.379457][T15214] __iomap_dio_rw+0x5af/0xad0 [ 576.384138][T15214] ? __iomap_dio_rw+0xad0/0xad0 [ 576.389244][T15214] iomap_dio_rw+0x30/0x70 [ 576.393587][T15214] ext4_file_read_iter+0x21a/0x290 [ 576.398701][T15214] generic_file_splice_read+0x22a/0x310 [ 576.404414][T15214] ? splice_shrink_spd+0x60/0x60 [ 576.409397][T15214] splice_direct_to_actor+0x2aa/0x650 [ 576.414820][T15214] ? do_splice_direct+0x170/0x170 [ 576.419842][T15214] do_splice_direct+0xf5/0x170 [ 576.424592][T15214] do_sendfile+0x773/0xda0 [ 576.429019][T15214] __x64_sys_sendfile64+0xf2/0x130 [ 576.434185][T15214] do_syscall_64+0x4a/0x90 [ 576.438673][T15214] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 576.444601][T15214] RIP: 0033:0x4665f9 [ 576.448498][T15214] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 576.468381][T15214] RSP: 002b:00007f66db8d7188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 576.476863][T15214] RAX: ffffffffffffffda RBX: 000000000056c008 RCX: 00000000004665f9 [ 576.484884][T15214] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000003 17:04:32 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000200)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in6=@ipv4={'\x00', '\xff\xff', @broadcast}, 0x0, 0x32}, @in=@dev, {0x0, 0x0, 0x0, 0x0, 0x0, 0x3000000}, {}, {}, 0x0, 0x0, 0xa, 0xd104, 0x0, 0x24}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0) 17:04:32 executing program 3: syz_mount_image$vfat(&(0x7f0000000000), &(0x7f00000001c0)='./file0\x00', 0x0, 0x4, &(0x7f0000000200)=[{&(0x7f0000000080)="eb3c906d6b66732e66617400020101000240008000f801", 0x17}, {&(0x7f0000010100)="00000000000000000000000000000000000000000000000000000000000055aaf8ff", 0x22, 0x1e4}, {&(0x7f0000000140)="53595a4b414c4c45522020080000e680325132510000e680325100000000000041660069006c00650030000f00fc0000ffffffffffffffffffff0000ffffffff46494c45302020202020201000ace670325132510000e670325103", 0x5b, 0x600}, {&(0x7f0000000780)="2ebc9c5d9d20202020202010", 0xc, 0x1000}], 0x0, &(0x7f0000010d00)=ANY=[]) r0 = openat(0xffffffffffffffff, &(0x7f0000000100)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1000002, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x800006, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0xbbd77b4686b03f) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f0000000100)=@filename='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='ext2\x00', 0x0, 0x0) [ 576.492983][T15214] RBP: 00007f66db8d71d0 R08: 0000000000000000 R09: 0000000000000000 [ 576.500951][T15214] R10: 00008080ffffff7e R11: 0000000000000246 R12: 0000000000000002 [ 576.508930][T15214] R13: 00007ffc1c86f7ef R14: 00007f66db8d7300 R15: 0000000000022000 [ 576.583095][ T1034] loop2: p1 p2 p3 p4 [ 576.587694][ T1034] loop2: p1 start 10 is beyond EOD, truncated [ 576.593853][ T1034] loop2: p2 size 1073872896 extends beyond EOD, truncated [ 576.605285][ T1034] loop2: p3 start 225 is beyond EOD, truncated [ 576.611513][ T1034] loop2: p4 size 3657465856 extends beyond EOD, truncated 17:04:32 executing program 5: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) pipe(&(0x7f0000000040)) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000340)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(r0, &(0x7f0000000000), 0x248800) 17:04:32 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000200)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in6=@ipv4={'\x00', '\xff\xff', @broadcast}, 0x0, 0x32}, @in=@dev, {0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000}, {}, {}, 0x0, 0x0, 0xa, 0xd104, 0x0, 0x24}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0) 17:04:32 executing program 0: mmap(&(0x7f0000542000/0x1000)=nil, 0x1000, 0x0, 0x10, 0xffffffffffffffff, 0x1000) openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) preadv(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='ramfs\x00', 0x0, 0x0) r0 = open(&(0x7f00000002c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f0000000180), 0x2d1ee37) clone(0x20001000104, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) symlink(&(0x7f0000000100)='./file0\x00', &(0x7f0000000140)='./file0\x00') r2 = gettid() prctl$PR_SET_PTRACER(0x59616d61, r2) lsetxattr$system_posix_acl(&(0x7f0000000000)='./file0\x00', &(0x7f0000000200)='system.posix_acl_default\x00', &(0x7f0000000080)=ANY=[], 0x2c, 0x0) ptrace$setopts(0x4206, r2, 0x0, 0x0) tkill(r2, 0x1d) creat(&(0x7f0000000040)='./file0\x00', 0x0) 17:04:32 executing program 4 (fault-call:11 fault-nth:22): prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x6}, 0x0) r0 = open(&(0x7f00000001c0)='./bus\x00', 0x145842, 0x0) r1 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0) lseek(r1, 0x4200, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r3, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r2, &(0x7f0000000000), 0x10000}]) r4 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r1, r4, 0x0, 0x8400fffffffb) sendfile(r0, r0, 0x0, 0x8080ffffff7e) 17:04:32 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000580)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = socket$inet(0x10, 0x3, 0x0) sendmsg(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000400)="24000b00260007031dfffd946fa2830020200a0009000000001d85680c1ba3a20400ff7e280000001c00ffffba16a0aa1c0009b3ebcd774a3c374a095dca5285307eadea8653a1cc7e63975c", 0x4c}], 0x1}, 0x0) 17:04:32 executing program 3: syz_mount_image$vfat(&(0x7f0000000000), &(0x7f00000001c0)='./file0\x00', 0x0, 0x4, &(0x7f0000000200)=[{&(0x7f0000000080)="eb3c906d6b66732e66617400020101000240008000f801", 0x17}, {&(0x7f0000010100)="00000000000000000000000000000000000000000000000000000000000055aaf8ff", 0x22, 0x1e4}, {&(0x7f0000000140)="53595a4b414c4c45522020080000e680325132510000e680325100000000000041660069006c00650030000f00fc0000ffffffffffffffffffff0000ffffffff46494c45302020202020201000ace670325132510000e670325103", 0x5b, 0x600}, {&(0x7f0000000780)="2ebc9c5d9d20202020202010", 0xc, 0x1000}], 0x0, &(0x7f0000010d00)=ANY=[]) r0 = openat(0xffffffffffffffff, &(0x7f0000000100)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1000002, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x800006, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0xbbd77b4686b03f) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f0000000100)=@filename='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='ext2\x00', 0x0, 0x0) 17:04:32 executing program 3: syz_mount_image$vfat(&(0x7f0000000000), &(0x7f00000001c0)='./file0\x00', 0x0, 0x4, &(0x7f0000000200)=[{&(0x7f0000000080)="eb3c906d6b66732e66617400020101000240008000f801", 0x17}, {&(0x7f0000010100)="00000000000000000000000000000000000000000000000000000000000055aaf8ff", 0x22, 0x1e4}, {&(0x7f0000000140)="53595a4b414c4c45522020080000e680325132510000e680325100000000000041660069006c00650030000f00fc0000ffffffffffffffffffff0000ffffffff46494c45302020202020201000ace670325132510000e670325103", 0x5b, 0x600}, {&(0x7f0000000780)="2ebc9c5d9d20202020202010", 0xc, 0x1000}], 0x0, &(0x7f0000010d00)=ANY=[]) r0 = openat(0xffffffffffffffff, &(0x7f0000000100)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1000002, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x800006, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod$loop(&(0x7f00000000c0)='./file0\x00', 0x6000, 0x1) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f0000000100)=@filename='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='ext2\x00', 0x0, 0x0) 17:04:32 executing program 5: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) pipe(&(0x7f0000000040)) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000340)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(r0, &(0x7f0000000000), 0x248800) 17:04:32 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000200)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in6=@ipv4={'\x00', '\xff\xff', @broadcast}, 0x0, 0x32}, @in=@dev, {0x0, 0x0, 0x0, 0x0, 0x0, 0x5000000}, {}, {}, 0x0, 0x0, 0xa, 0xd104, 0x0, 0x24}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0) 17:04:32 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000580)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = socket$inet(0x10, 0x3, 0x0) sendmsg(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000400)="24000c00260007031dfffd946fa2830020200a0009000000001d85680c1ba3a20400ff7e280000001c00ffffba16a0aa1c0009b3ebcd774a3c374a095dca5285307eadea8653a1cc7e63975c", 0x4c}], 0x1}, 0x0) [ 577.165501][T15267] EXT4-fs (loop7): VFS: Can't find ext4 filesystem [ 577.195276][ T1034] loop2: p1 p2 p3 p4 [ 577.200073][T15276] FAULT_INJECTION: forcing a failure. [ 577.200073][T15276] name failslab, interval 1, probability 0, space 0, times 0 [ 577.212764][T15276] CPU: 0 PID: 15276 Comm: syz-executor.4 Not tainted 5.12.0-syzkaller #0 [ 577.213721][ T1034] loop2: p1 start 10 is beyond EOD, [ 577.221309][T15276] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 577.226625][ T1034] truncated [ 577.226631][ T1034] loop2: p2 size 1073872896 extends beyond EOD, [ 577.236660][T15276] Call Trace: [ 577.236669][T15276] dump_stack+0x137/0x19d [ 577.239775][ T1034] truncated [ 577.256741][T15276] should_fail+0x23c/0x250 [ 577.261161][T15276] ? kmalloc_array+0x2d/0x40 17:04:32 executing program 5: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) ioctl$F2FS_IOC_RELEASE_COMPRESS_BLOCKS(0xffffffffffffffff, 0x8008f512, &(0x7f0000000080)) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000340)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(r0, &(0x7f0000000000), 0x248800) [ 577.265756][T15276] __should_failslab+0x81/0x90 [ 577.270568][T15276] should_failslab+0x5/0x20 [ 577.275148][T15276] __kmalloc+0x66/0x340 [ 577.279307][T15276] ? activate_task+0xb7/0xe0 [ 577.283939][T15276] ? ttwu_do_activate+0x7c/0x90 [ 577.288800][T15276] ? splice_from_pipe+0xc0/0xc0 [ 577.293653][T15276] kmalloc_array+0x2d/0x40 [ 577.298297][T15276] iter_file_splice_write+0xc1/0x750 [ 577.303646][T15276] ? wake_up_q+0x46/0x80 [ 577.305044][ T1034] loop2: p3 start 225 is beyond EOD, [ 577.307898][T15276] ? up_read+0xd1/0xe0 [ 577.313294][ T1034] truncated [ 577.317316][T15276] ? ext4_file_read_iter+0x271/0x290 [ 577.320405][ T1034] loop2: p4 size 3657465856 extends beyond EOD, truncated [ 577.325671][T15276] ? generic_file_splice_read+0x2a4/0x310 [ 577.338570][T15276] ? splice_from_pipe+0xc0/0xc0 [ 577.343531][T15276] direct_splice_actor+0x80/0xa0 [ 577.348489][T15276] splice_direct_to_actor+0x345/0x650 [ 577.353868][T15276] ? do_splice_direct+0x170/0x170 [ 577.358904][T15276] do_splice_direct+0xf5/0x170 17:04:33 executing program 5: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) ioctl$F2FS_IOC_RELEASE_COMPRESS_BLOCKS(0xffffffffffffffff, 0x8008f512, &(0x7f0000000080)) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000340)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(r0, &(0x7f0000000000), 0x248800) [ 577.363708][T15276] do_sendfile+0x773/0xda0 [ 577.368136][T15276] __x64_sys_sendfile64+0xf2/0x130 [ 577.373331][T15276] do_syscall_64+0x4a/0x90 [ 577.377746][T15276] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 577.383653][T15276] RIP: 0033:0x4665f9 [ 577.387571][T15276] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 577.407181][T15276] RSP: 002b:00007f66db8d7188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 577.415603][T15276] RAX: ffffffffffffffda RBX: 000000000056c008 RCX: 00000000004665f9 [ 577.423643][T15276] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000003 [ 577.431624][T15276] RBP: 00007f66db8d71d0 R08: 0000000000000000 R09: 0000000000000000 [ 577.439601][T15276] R10: 00008080ffffff7e R11: 0000000000000246 R12: 0000000000000002 [ 577.447609][T15276] R13: 00007ffc1c86f7ef R14: 00007f66db8d7300 R15: 0000000000022000 [ 577.510070][ T1034] loop2: p1 p2 p3 p4 [ 577.519866][ T1034] loop2: p1 start 10 is beyond EOD, truncated [ 577.526257][ T1034] loop2: p2 size 1073872896 extends beyond EOD, truncated [ 577.534038][ T1034] loop2: p3 start 225 is beyond EOD, truncated [ 577.540267][ T1034] loop2: p4 size 3657465856 extends beyond EOD, truncated 17:04:33 executing program 4 (fault-call:11 fault-nth:23): prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x6}, 0x0) r0 = open(&(0x7f00000001c0)='./bus\x00', 0x145842, 0x0) r1 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0) lseek(r1, 0x4200, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r3, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r2, &(0x7f0000000000), 0x10000}]) r4 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r1, r4, 0x0, 0x8400fffffffb) sendfile(r0, r0, 0x0, 0x8080ffffff7e) 17:04:33 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000200)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in6=@ipv4={'\x00', '\xff\xff', @broadcast}, 0x0, 0x32}, @in=@dev, {0x0, 0x0, 0x0, 0x0, 0x0, 0x6000000}, {}, {}, 0x0, 0x0, 0xa, 0xd104, 0x0, 0x24}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0) 17:04:33 executing program 3: syz_mount_image$vfat(&(0x7f0000000000), &(0x7f00000001c0)='./file0\x00', 0x0, 0x4, &(0x7f0000000200)=[{&(0x7f0000000080)="eb3c906d6b66732e66617400020101000240008000f801", 0x17}, {&(0x7f0000010100)="00000000000000000000000000000000000000000000000000000000000055aaf8ff", 0x22, 0x1e4}, {&(0x7f0000000140)="53595a4b414c4c45522020080000e680325132510000e680325100000000000041660069006c00650030000f00fc0000ffffffffffffffffffff0000ffffffff46494c45302020202020201000ace670325132510000e670325103", 0x5b, 0x600}, {&(0x7f0000000780)="2ebc9c5d9d20202020202010", 0xc, 0x1000}], 0x0, &(0x7f0000010d00)=ANY=[]) r0 = openat(0xffffffffffffffff, &(0x7f0000000100)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1000002, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x800006, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod$loop(&(0x7f00000000c0)='./file0\x00', 0x6000, 0x1) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f0000000100)=@filename='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='ext2\x00', 0x0, 0x0) [ 578.084020][T15306] EXT4-fs (loop7): VFS: Can't find ext4 filesystem [ 578.159637][T15317] FAULT_INJECTION: forcing a failure. [ 578.159637][T15317] name failslab, interval 1, probability 0, space 0, times 0 [ 578.172315][T15317] CPU: 0 PID: 15317 Comm: syz-executor.4 Not tainted 5.12.0-syzkaller #0 [ 578.180740][T15317] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 578.191010][T15317] Call Trace: [ 578.194285][T15317] dump_stack+0x137/0x19d [ 578.198650][T15317] should_fail+0x23c/0x250 [ 578.203078][T15317] ? kmalloc_array+0x2d/0x40 [ 578.207666][T15317] __should_failslab+0x81/0x90 [ 578.212428][T15317] should_failslab+0x5/0x20 [ 578.216951][T15317] __kmalloc+0x66/0x340 [ 578.221120][T15317] ? native_smp_send_reschedule+0x36/0x50 [ 578.226868][T15317] ? splice_from_pipe+0xc0/0xc0 [ 578.231719][T15317] kmalloc_array+0x2d/0x40 [ 578.236125][T15317] iter_file_splice_write+0xc1/0x750 [ 578.241408][T15317] ? wake_up_q+0x46/0x80 [ 578.245691][T15317] ? up_read+0xd1/0xe0 [ 578.249893][T15317] ? ext4_file_read_iter+0x271/0x290 [ 578.255177][T15317] ? generic_file_splice_read+0x2a4/0x310 [ 578.260892][T15317] ? splice_from_pipe+0xc0/0xc0 [ 578.265889][T15317] direct_splice_actor+0x80/0xa0 [ 578.270826][T15317] splice_direct_to_actor+0x345/0x650 [ 578.276351][T15317] ? do_splice_direct+0x170/0x170 [ 578.281417][T15317] do_splice_direct+0xf5/0x170 [ 578.286255][T15317] do_sendfile+0x773/0xda0 [ 578.290662][T15317] __x64_sys_sendfile64+0xf2/0x130 [ 578.295836][T15317] do_syscall_64+0x4a/0x90 [ 578.300406][T15317] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 578.306296][T15317] RIP: 0033:0x4665f9 [ 578.310237][T15317] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 578.330027][T15317] RSP: 002b:00007f66db8d7188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 578.338521][T15317] RAX: ffffffffffffffda RBX: 000000000056c008 RCX: 00000000004665f9 [ 578.346736][T15317] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000003 [ 578.354907][T15317] RBP: 00007f66db8d71d0 R08: 0000000000000000 R09: 0000000000000000 [ 578.362889][T15317] R10: 00008080ffffff7e R11: 0000000000000246 R12: 0000000000000002 [ 578.370864][T15317] R13: 00007ffc1c86f7ef R14: 00007f66db8d7300 R15: 0000000000022000 17:04:35 executing program 5: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) ioctl$F2FS_IOC_RELEASE_COMPRESS_BLOCKS(0xffffffffffffffff, 0x8008f512, &(0x7f0000000080)) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000340)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(r0, &(0x7f0000000000), 0x248800) 17:04:35 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000580)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = socket$inet(0x10, 0x3, 0x0) sendmsg(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000400)="24000d00260007031dfffd946fa2830020200a0009000000001d85680c1ba3a20400ff7e280000001c00ffffba16a0aa1c0009b3ebcd774a3c374a095dca5285307eadea8653a1cc7e63975c", 0x4c}], 0x1}, 0x0) 17:04:35 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000200)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in6=@ipv4={'\x00', '\xff\xff', @broadcast}, 0x0, 0x32}, @in=@dev, {0x0, 0x0, 0x0, 0x0, 0x0, 0x7000000}, {}, {}, 0x0, 0x0, 0xa, 0xd104, 0x0, 0x24}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0) 17:04:35 executing program 3: syz_mount_image$vfat(&(0x7f0000000000), &(0x7f00000001c0)='./file0\x00', 0x0, 0x4, &(0x7f0000000200)=[{&(0x7f0000000080)="eb3c906d6b66732e66617400020101000240008000f801", 0x17}, {&(0x7f0000010100)="00000000000000000000000000000000000000000000000000000000000055aaf8ff", 0x22, 0x1e4}, {&(0x7f0000000140)="53595a4b414c4c45522020080000e680325132510000e680325100000000000041660069006c00650030000f00fc0000ffffffffffffffffffff0000ffffffff46494c45302020202020201000ace670325132510000e670325103", 0x5b, 0x600}, {&(0x7f0000000780)="2ebc9c5d9d20202020202010", 0xc, 0x1000}], 0x0, &(0x7f0000010d00)=ANY=[]) r0 = openat(0xffffffffffffffff, &(0x7f0000000100)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1000002, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x800006, 0x12, r1, 0x0) mknod$loop(&(0x7f00000000c0)='./file0\x00', 0x6000, 0x1) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f0000000100)=@filename='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='ext2\x00', 0x0, 0x0) 17:04:35 executing program 4 (fault-call:11 fault-nth:24): prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x6}, 0x0) r0 = open(&(0x7f00000001c0)='./bus\x00', 0x145842, 0x0) r1 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0) lseek(r1, 0x4200, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r3, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r2, &(0x7f0000000000), 0x10000}]) r4 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r1, r4, 0x0, 0x8400fffffffb) sendfile(r0, r0, 0x0, 0x8080ffffff7e) 17:04:35 executing program 0: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.events\x00', 0xb00000000065808, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000140)) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(r2, &(0x7f0000000000), 0xb1d000) ioctl$FITRIM(r0, 0x4030582b, &(0x7f0000000080)={0x0, 0x800004, 0x40000010000}) r3 = openat(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/self/exe\x00', 0x105100, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x2000007, 0x10010, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r4 = syz_io_uring_complete(0x0) symlinkat(&(0x7f00000000c0)='./file0\x00', r4, &(0x7f00000002c0)='./file0\x00') r5 = creat(&(0x7f0000000040)='./file0/file1\x00', 0x0) write$cgroup_type(r5, &(0x7f00000009c0), 0xd4ba0ff) ftruncate(r5, 0x20) dup3(r3, r4, 0x0) r6 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) getdents(r6, 0x0, 0x18) openat$cgroup_ro(r6, &(0x7f0000000240)='cpuset.effective_mems\x00', 0x0, 0x0) ioctl$BTRFS_IOC_QGROUP_LIMIT(r3, 0x8030942b, &(0x7f0000000200)={0x0, {0x2, 0x8, 0x2, 0x6, 0xffffffffffffc3bf}}) write$binfmt_script(0xffffffffffffffff, 0x0, 0x21) 17:04:35 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000200)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in6=@ipv4={'\x00', '\xff\xff', @broadcast}, 0x0, 0x32}, @in=@dev, {0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000}, {}, {}, 0x0, 0x0, 0xa, 0xd104, 0x0, 0x24}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0) 17:04:35 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000580)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = socket$inet(0x10, 0x3, 0x0) sendmsg(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000400)="24000e00260007031dfffd946fa2830020200a0009000000001d85680c1ba3a20400ff7e280000001c00ffffba16a0aa1c0009b3ebcd774a3c374a095dca5285307eadea8653a1cc7e63975c", 0x4c}], 0x1}, 0x0) [ 580.132396][T15330] EXT4-fs (loop7): VFS: Can't find ext4 filesystem 17:04:35 executing program 5: pipe(&(0x7f0000000040)={0xffffffffffffffff}) ioctl$F2FS_IOC_RELEASE_COMPRESS_BLOCKS(r0, 0x8008f512, &(0x7f0000000080)) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000340)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(r1, &(0x7f0000000000), 0x248800) [ 580.179920][ T1034] loop2: p1 p2 p3 p4 [ 580.184956][ T1034] loop2: p1 start 10 is beyond EOD, truncated [ 580.191086][ T1034] loop2: p2 size 1073872896 extends beyond EOD, truncated [ 580.201664][ T1034] loop2: p3 start 225 is beyond EOD, truncated [ 580.205223][T15341] FAULT_INJECTION: forcing a failure. [ 580.205223][T15341] name failslab, interval 1, probability 0, space 0, times 0 [ 580.210171][ T1034] loop2: p4 size 3657465856 extends beyond EOD, truncated [ 580.222655][T15341] CPU: 0 PID: 15341 Comm: syz-executor.4 Not tainted 5.12.0-syzkaller #0 [ 580.238145][T15341] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 580.248244][T15341] Call Trace: [ 580.251519][T15341] dump_stack+0x137/0x19d [ 580.255854][T15341] should_fail+0x23c/0x250 [ 580.260277][T15341] __should_failslab+0x81/0x90 [ 580.265050][T15341] ? __iomap_dio_rw+0xf1/0xad0 [ 580.269843][T15341] should_failslab+0x5/0x20 [ 580.274354][T15341] kmem_cache_alloc_trace+0x49/0x310 [ 580.279647][T15341] __iomap_dio_rw+0xf1/0xad0 [ 580.284248][T15341] ? file_update_time+0x1bd/0x3e0 [ 580.289281][T15341] iomap_dio_rw+0x30/0x70 [ 580.293648][T15341] ext4_file_write_iter+0xa4f/0x11d0 [ 580.298947][T15341] do_iter_readv_writev+0x2cb/0x360 [ 580.304139][T15341] do_iter_write+0x112/0x4c0 [ 580.308713][T15341] ? kmalloc_array+0x2d/0x40 [ 580.313290][T15341] vfs_iter_write+0x4c/0x70 [ 580.317826][T15341] iter_file_splice_write+0x40a/0x750 [ 580.323182][T15341] ? splice_from_pipe+0xc0/0xc0 [ 580.328017][T15341] direct_splice_actor+0x80/0xa0 [ 580.333013][T15341] splice_direct_to_actor+0x345/0x650 [ 580.338367][T15341] ? do_splice_direct+0x170/0x170 [ 580.343373][T15341] do_splice_direct+0xf5/0x170 [ 580.348121][T15341] do_sendfile+0x773/0xda0 [ 580.352565][T15341] __x64_sys_sendfile64+0xf2/0x130 [ 580.357717][T15341] do_syscall_64+0x4a/0x90 [ 580.362121][T15341] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 580.368047][T15341] RIP: 0033:0x4665f9 [ 580.371923][T15341] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 580.391634][T15341] RSP: 002b:00007f66db8d7188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 580.400032][T15341] RAX: ffffffffffffffda RBX: 000000000056c008 RCX: 00000000004665f9 [ 580.407987][T15341] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000003 [ 580.416170][T15341] RBP: 00007f66db8d71d0 R08: 0000000000000000 R09: 0000000000000000 17:04:35 executing program 3: syz_mount_image$vfat(&(0x7f0000000000), &(0x7f00000001c0)='./file0\x00', 0x0, 0x4, &(0x7f0000000200)=[{&(0x7f0000000080)="eb3c906d6b66732e66617400020101000240008000f801", 0x17}, {&(0x7f0000010100)="00000000000000000000000000000000000000000000000000000000000055aaf8ff", 0x22, 0x1e4}, {&(0x7f0000000140)="53595a4b414c4c45522020080000e680325132510000e680325100000000000041660069006c00650030000f00fc0000ffffffffffffffffffff0000ffffffff46494c45302020202020201000ace670325132510000e670325103", 0x5b, 0x600}, {&(0x7f0000000780)="2ebc9c5d9d20202020202010", 0xc, 0x1000}], 0x0, &(0x7f0000010d00)=ANY=[]) r0 = openat(0xffffffffffffffff, &(0x7f0000000100)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1000002, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mknod$loop(&(0x7f00000000c0)='./file0\x00', 0x6000, 0x1) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f0000000100)=@filename='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='ext2\x00', 0x0, 0x0) 17:04:35 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000580)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = socket$inet(0x10, 0x3, 0x0) sendmsg(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000400)="24001000260007031dfffd946fa2830020200a0009000000001d85680c1ba3a20400ff7e280000001c00ffffba16a0aa1c0009b3ebcd774a3c374a095dca5285307eadea8653a1cc7e63975c", 0x4c}], 0x1}, 0x0) 17:04:36 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000200)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in6=@ipv4={'\x00', '\xff\xff', @broadcast}, 0x0, 0x32}, @in=@dev, {0x0, 0x0, 0x0, 0x0, 0x0, 0x9000000}, {}, {}, 0x0, 0x0, 0xa, 0xd104, 0x0, 0x24}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0) [ 580.424169][T15341] R10: 00008080ffffff7e R11: 0000000000000246 R12: 0000000000000002 [ 580.432131][T15341] R13: 00007ffc1c86f7ef R14: 00007f66db8d7300 R15: 0000000000022000 17:04:36 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000580)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = socket$inet(0x10, 0x3, 0x0) sendmsg(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000400)="24001100260007031dfffd946fa2830020200a0009000000001d85680c1ba3a20400ff7e280000001c00ffffba16a0aa1c0009b3ebcd774a3c374a095dca5285307eadea8653a1cc7e63975c", 0x4c}], 0x1}, 0x0) 17:04:36 executing program 5: pipe(&(0x7f0000000040)={0xffffffffffffffff}) ioctl$F2FS_IOC_RELEASE_COMPRESS_BLOCKS(r0, 0x8008f512, &(0x7f0000000080)) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000340)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(r1, &(0x7f0000000000), 0x248800) 17:04:36 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000200)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in6=@ipv4={'\x00', '\xff\xff', @broadcast}, 0x0, 0x32}, @in=@dev, {0x0, 0x0, 0x0, 0x0, 0x0, 0xa000000}, {}, {}, 0x0, 0x0, 0xa, 0xd104, 0x0, 0x24}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0) [ 580.480051][ T1034] loop2: p1 p2 p3 p4 [ 580.490221][ T1034] loop2: p1 start 10 is beyond EOD, truncated [ 580.496441][ T1034] loop2: p2 size 1073872896 extends beyond EOD, truncated [ 580.506209][T15360] EXT4-fs (loop7): VFS: Can't find ext4 filesystem [ 580.510338][ T1034] loop2: p3 start 225 is beyond EOD, truncated [ 580.519083][ T1034] loop2: p4 size 3657465856 extends beyond EOD, truncated 17:04:36 executing program 3: syz_mount_image$vfat(&(0x7f0000000000), &(0x7f00000001c0)='./file0\x00', 0x0, 0x4, &(0x7f0000000200)=[{&(0x7f0000000080)="eb3c906d6b66732e66617400020101000240008000f801", 0x17}, {&(0x7f0000010100)="00000000000000000000000000000000000000000000000000000000000055aaf8ff", 0x22, 0x1e4}, {&(0x7f0000000140)="53595a4b414c4c45522020080000e680325132510000e680325100000000000041660069006c00650030000f00fc0000ffffffffffffffffffff0000ffffffff46494c45302020202020201000ace670325132510000e670325103", 0x5b, 0x600}, {&(0x7f0000000780)="2ebc9c5d9d20202020202010", 0xc, 0x1000}], 0x0, &(0x7f0000010d00)=ANY=[]) r0 = openat(0xffffffffffffffff, &(0x7f0000000100)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1000002, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod$loop(&(0x7f00000000c0)='./file0\x00', 0x6000, 0x1) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f0000000100)=@filename='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='ext2\x00', 0x0, 0x0) [ 580.607285][ T1034] loop2: p1 p2 p3 p4 [ 580.617777][ T1034] loop2: p1 start 10 is beyond EOD, truncated [ 580.623924][ T1034] loop2: p2 size 1073872896 extends beyond EOD, truncated [ 580.638786][ T1034] loop2: p3 start 225 is beyond EOD, truncated [ 580.644131][T15383] EXT4-fs (loop7): VFS: Can't find ext4 filesystem [ 580.645132][ T1034] loop2: p4 size 3657465856 extends beyond EOD, truncated 17:04:36 executing program 4 (fault-call:11 fault-nth:25): prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x6}, 0x0) r0 = open(&(0x7f00000001c0)='./bus\x00', 0x145842, 0x0) r1 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0) lseek(r1, 0x4200, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r3, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r2, &(0x7f0000000000), 0x10000}]) r4 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r1, r4, 0x0, 0x8400fffffffb) sendfile(r0, r0, 0x0, 0x8080ffffff7e) 17:04:36 executing program 0: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.events\x00', 0xb00000000065808, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000140)) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(r2, &(0x7f0000000000), 0xb1d000) ioctl$FITRIM(r0, 0x4030582b, &(0x7f0000000080)={0x0, 0x800004, 0x40000010000}) r3 = openat(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/self/exe\x00', 0x105100, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x2000007, 0x10010, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r4 = syz_io_uring_complete(0x0) symlinkat(&(0x7f00000000c0)='./file0\x00', r4, &(0x7f00000002c0)='./file0\x00') r5 = creat(&(0x7f0000000040)='./file0/file1\x00', 0x0) write$cgroup_type(r5, &(0x7f00000009c0), 0xd4ba0ff) ftruncate(r5, 0x20) dup3(r3, r4, 0x0) r6 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) getdents(r6, 0x0, 0x18) openat$cgroup_ro(r6, &(0x7f0000000240)='cpuset.effective_mems\x00', 0x0, 0x0) ioctl$BTRFS_IOC_QGROUP_LIMIT(r3, 0x8030942b, &(0x7f0000000200)={0x0, {0x2, 0x8, 0x2, 0x6, 0xffffffffffffc3bf}}) write$binfmt_script(0xffffffffffffffff, 0x0, 0x21) 17:04:36 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000200)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in6=@ipv4={'\x00', '\xff\xff', @broadcast}, 0x0, 0x32}, @in=@dev, {0x0, 0x0, 0x0, 0x0, 0x0, 0xb000000}, {}, {}, 0x0, 0x0, 0xa, 0xd104, 0x0, 0x24}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0) 17:04:36 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000580)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = socket$inet(0x10, 0x3, 0x0) sendmsg(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000400)="24001200260007031dfffd946fa2830020200a0009000000001d85680c1ba3a20400ff7e280000001c00ffffba16a0aa1c0009b3ebcd774a3c374a095dca5285307eadea8653a1cc7e63975c", 0x4c}], 0x1}, 0x0) 17:04:36 executing program 5: pipe(&(0x7f0000000040)={0xffffffffffffffff}) ioctl$F2FS_IOC_RELEASE_COMPRESS_BLOCKS(r0, 0x8008f512, &(0x7f0000000080)) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000340)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(r1, &(0x7f0000000000), 0x248800) 17:04:36 executing program 3: syz_mount_image$vfat(&(0x7f0000000000), &(0x7f00000001c0)='./file0\x00', 0x0, 0x4, &(0x7f0000000200)=[{&(0x7f0000000080)="eb3c906d6b66732e66617400020101000240008000f801", 0x17}, {&(0x7f0000010100)="00000000000000000000000000000000000000000000000000000000000055aaf8ff", 0x22, 0x1e4}, {&(0x7f0000000140)="53595a4b414c4c45522020080000e680325132510000e680325100000000000041660069006c00650030000f00fc0000ffffffffffffffffffff0000ffffffff46494c45302020202020201000ace670325132510000e670325103", 0x5b, 0x600}, {&(0x7f0000000780)="2ebc9c5d9d20202020202010", 0xc, 0x1000}], 0x0, &(0x7f0000010d00)=ANY=[]) r0 = openat(0xffffffffffffffff, &(0x7f0000000100)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1000002, 0x12, r0, 0x0) mknod$loop(&(0x7f00000000c0)='./file0\x00', 0x6000, 0x1) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f0000000100)=@filename='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='ext2\x00', 0x0, 0x0) 17:04:36 executing program 5: openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff}) ioctl$F2FS_IOC_RELEASE_COMPRESS_BLOCKS(r0, 0x8008f512, &(0x7f0000000080)) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000340)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(r1, &(0x7f0000000000), 0x248800) 17:04:36 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000200)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in6=@ipv4={'\x00', '\xff\xff', @broadcast}, 0x0, 0x32}, @in=@dev, {0x0, 0x0, 0x0, 0x0, 0x0, 0xc000000}, {}, {}, 0x0, 0x0, 0xa, 0xd104, 0x0, 0x24}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0) 17:04:36 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000580)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = socket$inet(0x10, 0x3, 0x0) sendmsg(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000400)="24002500260007031dfffd946fa2830020200a0009000000001d85680c1ba3a20400ff7e280000001c00ffffba16a0aa1c0009b3ebcd774a3c374a095dca5285307eadea8653a1cc7e63975c", 0x4c}], 0x1}, 0x0) [ 581.084381][T15402] EXT4-fs (loop7): VFS: Can't find ext4 filesystem 17:04:36 executing program 5: openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff}) ioctl$F2FS_IOC_RELEASE_COMPRESS_BLOCKS(r0, 0x8008f512, &(0x7f0000000080)) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000340)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(r1, &(0x7f0000000000), 0x248800) 17:04:36 executing program 3: syz_mount_image$vfat(&(0x7f0000000000), &(0x7f00000001c0)='./file0\x00', 0x0, 0x4, &(0x7f0000000200)=[{&(0x7f0000000080)="eb3c906d6b66732e66617400020101000240008000f801", 0x17}, {&(0x7f0000010100)="00000000000000000000000000000000000000000000000000000000000055aaf8ff", 0x22, 0x1e4}, {&(0x7f0000000140)="53595a4b414c4c45522020080000e680325132510000e680325100000000000041660069006c00650030000f00fc0000ffffffffffffffffffff0000ffffffff46494c45302020202020201000ace670325132510000e670325103", 0x5b, 0x600}, {&(0x7f0000000780)="2ebc9c5d9d20202020202010", 0xc, 0x1000}], 0x0, &(0x7f0000010d00)=ANY=[]) r0 = openat(0xffffffffffffffff, &(0x7f0000000100)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1000002, 0x12, r0, 0x0) mknod$loop(&(0x7f00000000c0)='./file0\x00', 0x6000, 0x1) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f0000000100)=@filename='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='ext2\x00', 0x0, 0x0) [ 581.134047][ T1034] loop2: p1 p2 p3 p4 [ 581.138283][ T1034] loop2: p1 start 10 is beyond EOD, truncated [ 581.144396][ T1034] loop2: p2 size 1073872896 extends beyond EOD, truncated [ 581.156893][ T1034] loop2: p3 start 225 is beyond EOD, truncated [ 581.163140][ T1034] loop2: p4 size 3657465856 extends beyond EOD, truncated [ 581.197282][T15428] FAULT_INJECTION: forcing a failure. [ 581.197282][T15428] name failslab, interval 1, probability 0, space 0, times 0 [ 581.209958][T15428] CPU: 0 PID: 15428 Comm: syz-executor.4 Not tainted 5.12.0-syzkaller #0 [ 581.218390][T15428] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 581.228453][T15428] Call Trace: [ 581.231755][T15428] dump_stack+0x137/0x19d [ 581.236087][T15428] should_fail+0x23c/0x250 [ 581.240581][T15428] ? mempool_alloc_slab+0x16/0x20 [ 581.245635][T15428] __should_failslab+0x81/0x90 [ 581.250407][T15428] should_failslab+0x5/0x20 [ 581.254964][T15428] kmem_cache_alloc+0x46/0x2f0 [ 581.259724][T15428] mempool_alloc_slab+0x16/0x20 [ 581.264676][T15428] ? mempool_free+0x130/0x130 [ 581.269357][T15428] mempool_alloc+0x8c/0x300 [ 581.273916][T15428] ? ext4_es_lookup_extent+0x36b/0x490 [ 581.279381][T15428] ? iov_iter_alignment+0x77a/0x800 [ 581.284589][T15428] bio_alloc_bioset+0xcc/0x480 [ 581.288303][ T1034] loop2: p1 p2 p3 p4 [ 581.289363][T15428] iomap_dio_bio_actor+0x511/0xb50 [ 581.295069][ T1034] loop2: p1 start 10 is beyond EOD, [ 581.298445][T15428] iomap_dio_actor+0x26e/0x3b0 [ 581.298459][ T1034] truncated [ 581.298471][T15428] ? ext4_iomap_overwrite_begin+0x5e/0x80 [ 581.303757][ T1034] loop2: p2 size 1073872896 extends beyond EOD, [ 581.308473][T15428] iomap_apply+0x1e2/0x400 [ 581.311577][ T1034] truncated [ 581.317431][T15428] __iomap_dio_rw+0x5af/0xad0 [ 581.331840][ T1034] loop2: p3 start 225 is beyond EOD, [ 581.336079][T15428] ? __iomap_dio_rw+0xad0/0xad0 17:04:36 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000200)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in6=@ipv4={'\x00', '\xff\xff', @broadcast}, 0x0, 0x32}, @in=@dev, {0x0, 0x0, 0x0, 0x0, 0x0, 0xd000000}, {}, {}, 0x0, 0x0, 0xa, 0xd104, 0x0, 0x24}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0) [ 581.341467][ T1034] truncated [ 581.346284][T15428] iomap_dio_rw+0x30/0x70 [ 581.349370][ T1034] loop2: p4 size 3657465856 extends beyond EOD, [ 581.353680][T15428] ext4_file_write_iter+0xa4f/0x11d0 [ 581.353712][T15428] do_iter_readv_writev+0x2cb/0x360 [ 581.360012][ T1034] truncated [ 581.373666][T15428] do_iter_write+0x112/0x4c0 [ 581.380087][T15428] ? kmalloc_array+0x2d/0x40 [ 581.380183][T15429] EXT4-fs (loop7): VFS: Can't find ext4 filesystem [ 581.384681][T15428] vfs_iter_write+0x4c/0x70 [ 581.384701][T15428] iter_file_splice_write+0x40a/0x750 [ 581.401055][T15428] ? splice_from_pipe+0xc0/0xc0 [ 581.405924][T15428] direct_splice_actor+0x80/0xa0 [ 581.410872][T15428] splice_direct_to_actor+0x345/0x650 [ 581.416305][T15428] ? do_splice_direct+0x170/0x170 [ 581.421436][T15428] do_splice_direct+0xf5/0x170 [ 581.426215][T15428] do_sendfile+0x773/0xda0 [ 581.430786][T15428] __x64_sys_sendfile64+0xf2/0x130 [ 581.435921][T15428] do_syscall_64+0x4a/0x90 [ 581.440352][T15428] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 581.446321][T15428] RIP: 0033:0x4665f9 [ 581.450247][T15428] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 581.469850][T15428] RSP: 002b:00007f66db8d7188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 581.478270][T15428] RAX: ffffffffffffffda RBX: 000000000056c008 RCX: 00000000004665f9 [ 581.486256][T15428] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000003 [ 581.494242][T15428] RBP: 00007f66db8d71d0 R08: 0000000000000000 R09: 0000000000000000 [ 581.502220][T15428] R10: 00008080ffffff7e R11: 0000000000000246 R12: 0000000000000002 [ 581.510201][T15428] R13: 00007ffc1c86f7ef R14: 00007f66db8d7300 R15: 0000000000022000 17:04:37 executing program 4 (fault-call:11 fault-nth:26): prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x6}, 0x0) r0 = open(&(0x7f00000001c0)='./bus\x00', 0x145842, 0x0) r1 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0) lseek(r1, 0x4200, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r3, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r2, &(0x7f0000000000), 0x10000}]) r4 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r1, r4, 0x0, 0x8400fffffffb) sendfile(r0, r0, 0x0, 0x8080ffffff7e) 17:04:37 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000580)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = socket$inet(0x10, 0x3, 0x0) sendmsg(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000400)="24002800260007031dfffd946fa2830020200a0009000000001d85680c1ba3a20400ff7e280000001c00ffffba16a0aa1c0009b3ebcd774a3c374a095dca5285307eadea8653a1cc7e63975c", 0x4c}], 0x1}, 0x0) 17:04:37 executing program 0: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.events\x00', 0xb00000000065808, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000140)) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(r2, &(0x7f0000000000), 0xb1d000) ioctl$FITRIM(r0, 0x4030582b, &(0x7f0000000080)={0x0, 0x800004, 0x40000010000}) r3 = openat(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/self/exe\x00', 0x105100, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x2000007, 0x10010, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r4 = syz_io_uring_complete(0x0) symlinkat(&(0x7f00000000c0)='./file0\x00', r4, &(0x7f00000002c0)='./file0\x00') r5 = creat(&(0x7f0000000040)='./file0/file1\x00', 0x0) write$cgroup_type(r5, &(0x7f00000009c0), 0xd4ba0ff) ftruncate(r5, 0x20) dup3(r3, r4, 0x0) r6 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) getdents(r6, 0x0, 0x18) openat$cgroup_ro(r6, &(0x7f0000000240)='cpuset.effective_mems\x00', 0x0, 0x0) ioctl$BTRFS_IOC_QGROUP_LIMIT(r3, 0x8030942b, &(0x7f0000000200)={0x0, {0x2, 0x8, 0x2, 0x6, 0xffffffffffffc3bf}}) write$binfmt_script(0xffffffffffffffff, 0x0, 0x21) 17:04:37 executing program 5: openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff}) ioctl$F2FS_IOC_RELEASE_COMPRESS_BLOCKS(r0, 0x8008f512, &(0x7f0000000080)) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000340)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(r1, &(0x7f0000000000), 0x248800) 17:04:37 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000200)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in6=@ipv4={'\x00', '\xff\xff', @broadcast}, 0x0, 0x32}, @in=@dev, {0x0, 0x0, 0x0, 0x0, 0x0, 0xe000000}, {}, {}, 0x0, 0x0, 0xa, 0xd104, 0x0, 0x24}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0) 17:04:37 executing program 3: syz_mount_image$vfat(&(0x7f0000000000), &(0x7f00000001c0)='./file0\x00', 0x0, 0x4, &(0x7f0000000200)=[{&(0x7f0000000080)="eb3c906d6b66732e66617400020101000240008000f801", 0x17}, {&(0x7f0000010100)="00000000000000000000000000000000000000000000000000000000000055aaf8ff", 0x22, 0x1e4}, {&(0x7f0000000140)="53595a4b414c4c45522020080000e680325132510000e680325100000000000041660069006c00650030000f00fc0000ffffffffffffffffffff0000ffffffff46494c45302020202020201000ace670325132510000e670325103", 0x5b, 0x600}, {&(0x7f0000000780)="2ebc9c5d9d20202020202010", 0xc, 0x1000}], 0x0, &(0x7f0000010d00)=ANY=[]) r0 = openat(0xffffffffffffffff, &(0x7f0000000100)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1000002, 0x12, r0, 0x0) mknod$loop(&(0x7f00000000c0)='./file0\x00', 0x6000, 0x1) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f0000000100)=@filename='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='ext2\x00', 0x0, 0x0) 17:04:37 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000200)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in6=@ipv4={'\x00', '\xff\xff', @broadcast}, 0x0, 0x32}, @in=@dev, {0x0, 0x0, 0x0, 0x0, 0x0, 0x10000000}, {}, {}, 0x0, 0x0, 0xa, 0xd104, 0x0, 0x24}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0) 17:04:37 executing program 5: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) pipe(0x0) ioctl$F2FS_IOC_RELEASE_COMPRESS_BLOCKS(0xffffffffffffffff, 0x8008f512, &(0x7f0000000080)) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000340)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(r0, &(0x7f0000000000), 0x248800) 17:04:37 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000580)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = socket$inet(0x10, 0x3, 0x0) sendmsg(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000400)="24004800260007031dfffd946fa2830020200a0009000000001d85680c1ba3a20400ff7e280000001c00ffffba16a0aa1c0009b3ebcd774a3c374a095dca5285307eadea8653a1cc7e63975c", 0x4c}], 0x1}, 0x0) [ 582.102681][T15462] EXT4-fs (loop7): VFS: Can't find ext4 filesystem 17:04:37 executing program 3: syz_mount_image$vfat(&(0x7f0000000000), &(0x7f00000001c0)='./file0\x00', 0x0, 0x4, &(0x7f0000000200)=[{&(0x7f0000000080)="eb3c906d6b66732e66617400020101000240008000f801", 0x17}, {&(0x7f0000010100)="00000000000000000000000000000000000000000000000000000000000055aaf8ff", 0x22, 0x1e4}, {&(0x7f0000000140)="53595a4b414c4c45522020080000e680325132510000e680325100000000000041660069006c00650030000f00fc0000ffffffffffffffffffff0000ffffffff46494c45302020202020201000ace670325132510000e670325103", 0x5b, 0x600}, {&(0x7f0000000780)="2ebc9c5d9d20202020202010", 0xc, 0x1000}], 0x0, &(0x7f0000010d00)=ANY=[]) r0 = openat(0xffffffffffffffff, &(0x7f0000000100)='/proc/self/exe\x00', 0x0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod$loop(&(0x7f00000000c0)='./file0\x00', 0x6000, 0x1) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f0000000100)=@filename='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='ext2\x00', 0x0, 0x0) 17:04:37 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000200)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in6=@ipv4={'\x00', '\xff\xff', @broadcast}, 0x0, 0x32}, @in=@dev, {0x0, 0x0, 0x0, 0x0, 0x0, 0x11000000}, {}, {}, 0x0, 0x0, 0xa, 0xd104, 0x0, 0x24}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0) [ 582.167585][ T1034] loop2: p1 p2 p3 p4 [ 582.172153][ T1034] loop2: p1 start 10 is beyond EOD, truncated [ 582.178349][ T1034] loop2: p2 size 1073872896 extends beyond EOD, truncated [ 582.189447][T15480] FAULT_INJECTION: forcing a failure. [ 582.189447][T15480] name failslab, interval 1, probability 0, space 0, times 0 [ 582.200000][ T1034] loop2: p3 start 225 is beyond EOD, truncated [ 582.202201][T15480] CPU: 1 PID: 15480 Comm: syz-executor.4 Not tainted 5.12.0-syzkaller #0 [ 582.208254][ T1034] loop2: p4 size 3657465856 extends beyond EOD, [ 582.216644][T15480] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 582.216656][T15480] Call Trace: [ 582.216663][T15480] dump_stack+0x137/0x19d [ 582.222984][ T1034] truncated [ 582.233102][T15480] should_fail+0x23c/0x250 [ 582.248172][T15480] ? mempool_alloc_slab+0x16/0x20 [ 582.253203][T15480] __should_failslab+0x81/0x90 [ 582.257978][T15480] should_failslab+0x5/0x20 [ 582.262506][T15480] kmem_cache_alloc+0x46/0x2f0 [ 582.267299][T15480] mempool_alloc_slab+0x16/0x20 [ 582.272230][T15480] ? mempool_free+0x130/0x130 [ 582.276908][T15480] mempool_alloc+0x8c/0x300 [ 582.281418][T15480] sg_pool_alloc+0x74/0x90 [ 582.285833][T15480] __sg_alloc_table+0xce/0x290 [ 582.290604][T15480] sg_alloc_table_chained+0xaf/0x140 [ 582.295910][T15480] ? sg_alloc_table_chained+0x140/0x140 [ 582.301548][T15480] scsi_alloc_sgtables+0x180/0x500 [ 582.306764][T15480] sd_init_command+0x935/0x15f0 [ 582.311685][T15480] scsi_queue_rq+0x10e0/0x15a0 [ 582.316502][T15480] blk_mq_dispatch_rq_list+0x628/0x10b0 [ 582.322044][T15480] ? deadline_remove_request+0x167/0x180 [ 582.327673][T15480] ? dd_dispatch_request+0x341/0x3d0 [ 582.332954][T15480] blk_mq_do_dispatch_sched+0x3cb/0x660 [ 582.338490][T15480] __blk_mq_sched_dispatch_requests+0x21e/0x2c0 [ 582.344755][T15480] blk_mq_sched_dispatch_requests+0x9f/0x110 [ 582.350723][T15480] __blk_mq_run_hw_queue+0xbc/0x140 [ 582.355909][T15480] __blk_mq_delay_run_hw_queue+0x163/0x2f0 [ 582.361719][T15480] ? dd_insert_request+0x255/0x330 [ 582.366885][T15480] blk_mq_run_hw_queue+0x22c/0x250 [ 582.372173][T15480] ? dd_finish_request+0x10/0x10 [ 582.377172][T15480] blk_mq_sched_insert_requests+0x13f/0x200 [ 582.383050][T15480] blk_mq_flush_plug_list+0x2f5/0x3c0 [ 582.388421][T15480] blk_flush_plug_list+0x235/0x260 [ 582.393526][T15480] blk_finish_plug+0x44/0x60 [ 582.398126][T15480] __iomap_dio_rw+0x780/0xad0 [ 582.402802][T15480] iomap_dio_rw+0x30/0x70 [ 582.407132][T15480] ext4_file_write_iter+0xa4f/0x11d0 [ 582.412420][T15480] do_iter_readv_writev+0x2cb/0x360 [ 582.417641][T15480] do_iter_write+0x112/0x4c0 [ 582.422223][T15480] ? kmalloc_array+0x2d/0x40 [ 582.426868][T15480] vfs_iter_write+0x4c/0x70 [ 582.431387][T15480] iter_file_splice_write+0x40a/0x750 [ 582.436776][T15480] ? splice_from_pipe+0xc0/0xc0 [ 582.441638][T15480] direct_splice_actor+0x80/0xa0 [ 582.446574][T15480] splice_direct_to_actor+0x345/0x650 [ 582.451933][T15480] ? do_splice_direct+0x170/0x170 [ 582.456990][T15480] do_splice_direct+0xf5/0x170 [ 582.461780][T15480] do_sendfile+0x773/0xda0 [ 582.466190][T15480] __x64_sys_sendfile64+0xf2/0x130 [ 582.471296][T15480] do_syscall_64+0x4a/0x90 [ 582.475697][T15480] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 582.481595][T15480] RIP: 0033:0x4665f9 [ 582.485468][T15480] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 582.505169][T15480] RSP: 002b:00007f66db8d7188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 582.513643][T15480] RAX: ffffffffffffffda RBX: 000000000056c008 RCX: 00000000004665f9 [ 582.521620][T15480] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000003 [ 582.529580][T15480] RBP: 00007f66db8d71d0 R08: 0000000000000000 R09: 0000000000000000 [ 582.537545][T15480] R10: 00008080ffffff7e R11: 0000000000000246 R12: 0000000000000002 [ 582.546032][T15480] R13: 00007ffc1c86f7ef R14: 00007f66db8d7300 R15: 0000000000022000 [ 582.574705][T15488] EXT4-fs (loop7): VFS: Can't find ext4 filesystem 17:04:38 executing program 0: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.events\x00', 0xb00000000065808, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000140)) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(r2, &(0x7f0000000000), 0xb1d000) ioctl$FITRIM(r0, 0x4030582b, &(0x7f0000000080)={0x0, 0x800004, 0x40000010000}) r3 = openat(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/self/exe\x00', 0x105100, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x2000007, 0x10010, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r4 = syz_io_uring_complete(0x0) symlinkat(&(0x7f00000000c0)='./file0\x00', r4, &(0x7f00000002c0)='./file0\x00') r5 = creat(&(0x7f0000000040)='./file0/file1\x00', 0x0) write$cgroup_type(r5, &(0x7f00000009c0), 0xd4ba0ff) ftruncate(r5, 0x20) dup3(r3, r4, 0x0) r6 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) getdents(r6, 0x0, 0x18) openat$cgroup_ro(r6, &(0x7f0000000240)='cpuset.effective_mems\x00', 0x0, 0x0) ioctl$BTRFS_IOC_QGROUP_LIMIT(r3, 0x8030942b, &(0x7f0000000200)={0x0, {0x2, 0x8, 0x2, 0x6, 0xffffffffffffc3bf}}) write$binfmt_script(0xffffffffffffffff, 0x0, 0x21) [ 582.650792][ T1034] loop2: p1 p2 p3 p4 [ 582.654949][ T1034] loop2: p1 start 10 is beyond EOD, truncated [ 582.661072][ T1034] loop2: p2 size 1073872896 extends beyond EOD, truncated [ 582.671756][ T1034] loop2: p3 start 225 is beyond EOD, truncated [ 582.678008][ T1034] loop2: p4 size 3657465856 extends beyond EOD, truncated [ 582.945997][T15480] syz-executor.4 (15480) used greatest stack depth: 10192 bytes left 17:04:38 executing program 4 (fault-call:11 fault-nth:27): prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x6}, 0x0) r0 = open(&(0x7f00000001c0)='./bus\x00', 0x145842, 0x0) r1 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0) lseek(r1, 0x4200, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r3, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r2, &(0x7f0000000000), 0x10000}]) r4 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r1, r4, 0x0, 0x8400fffffffb) sendfile(r0, r0, 0x0, 0x8080ffffff7e) 17:04:38 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000580)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = socket$inet(0x10, 0x3, 0x0) sendmsg(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000400)="24004c00260007031dfffd946fa2830020200a0009000000001d85680c1ba3a20400ff7e280000001c00ffffba16a0aa1c0009b3ebcd774a3c374a095dca5285307eadea8653a1cc7e63975c", 0x4c}], 0x1}, 0x0) 17:04:38 executing program 3: syz_mount_image$vfat(&(0x7f0000000000), &(0x7f00000001c0)='./file0\x00', 0x0, 0x4, &(0x7f0000000200)=[{&(0x7f0000000080)="eb3c906d6b66732e66617400020101000240008000f801", 0x17}, {&(0x7f0000010100)="00000000000000000000000000000000000000000000000000000000000055aaf8ff", 0x22, 0x1e4}, {&(0x7f0000000140)="53595a4b414c4c45522020080000e680325132510000e680325100000000000041660069006c00650030000f00fc0000ffffffffffffffffffff0000ffffffff46494c45302020202020201000ace670325132510000e670325103", 0x5b, 0x600}, {&(0x7f0000000780)="2ebc9c5d9d20202020202010", 0xc, 0x1000}], 0x0, &(0x7f0000010d00)=ANY=[]) r0 = openat(0xffffffffffffffff, &(0x7f0000000100)='/proc/self/exe\x00', 0x0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod$loop(&(0x7f00000000c0)='./file0\x00', 0x6000, 0x1) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f0000000100)=@filename='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='ext2\x00', 0x0, 0x0) 17:04:38 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000200)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in6=@ipv4={'\x00', '\xff\xff', @broadcast}, 0x0, 0x32}, @in=@dev, {0x0, 0x0, 0x0, 0x0, 0x0, 0x12000000}, {}, {}, 0x0, 0x0, 0xa, 0xd104, 0x0, 0x24}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0) 17:04:38 executing program 5: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) pipe(0x0) ioctl$F2FS_IOC_RELEASE_COMPRESS_BLOCKS(0xffffffffffffffff, 0x8008f512, &(0x7f0000000080)) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000340)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(r0, &(0x7f0000000000), 0x248800) 17:04:38 executing program 0: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.events\x00', 0xb00000000065808, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000140)) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(r2, &(0x7f0000000000), 0xb1d000) ioctl$FITRIM(r0, 0x4030582b, &(0x7f0000000080)={0x0, 0x800004, 0x40000010000}) r3 = openat(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/self/exe\x00', 0x105100, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x2000007, 0x10010, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r4 = syz_io_uring_complete(0x0) symlinkat(&(0x7f00000000c0)='./file0\x00', r4, &(0x7f00000002c0)='./file0\x00') r5 = creat(&(0x7f0000000040)='./file0/file1\x00', 0x0) write$cgroup_type(r5, &(0x7f00000009c0), 0xd4ba0ff) ftruncate(r5, 0x20) dup3(r3, r4, 0x0) r6 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) getdents(r6, 0x0, 0x18) openat$cgroup_ro(r6, &(0x7f0000000240)='cpuset.effective_mems\x00', 0x0, 0x0) ioctl$BTRFS_IOC_QGROUP_LIMIT(r3, 0x8030942b, &(0x7f0000000200)={0x0, {0x2, 0x8, 0x2, 0x6, 0xffffffffffffc3bf}}) 17:04:38 executing program 5: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) pipe(0x0) ioctl$F2FS_IOC_RELEASE_COMPRESS_BLOCKS(0xffffffffffffffff, 0x8008f512, &(0x7f0000000080)) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000340)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(r0, &(0x7f0000000000), 0x248800) 17:04:38 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000200)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in6=@ipv4={'\x00', '\xff\xff', @broadcast}, 0x0, 0x32}, @in=@dev, {0x0, 0x0, 0x0, 0x0, 0x0, 0x14000000}, {}, {}, 0x0, 0x0, 0xa, 0xd104, 0x0, 0x24}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0) 17:04:38 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000580)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = socket$inet(0x10, 0x3, 0x0) sendmsg(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000400)="24006000260007031dfffd946fa2830020200a0009000000001d85680c1ba3a20400ff7e280000001c00ffffba16a0aa1c0009b3ebcd774a3c374a095dca5285307eadea8653a1cc7e63975c", 0x4c}], 0x1}, 0x0) [ 583.091876][T15522] EXT4-fs (loop7): VFS: Can't find ext4 filesystem 17:04:38 executing program 3: syz_mount_image$vfat(&(0x7f0000000000), &(0x7f00000001c0)='./file0\x00', 0x0, 0x4, &(0x7f0000000200)=[{&(0x7f0000000080)="eb3c906d6b66732e66617400020101000240008000f801", 0x17}, {&(0x7f0000010100)="00000000000000000000000000000000000000000000000000000000000055aaf8ff", 0x22, 0x1e4}, {&(0x7f0000000140)="53595a4b414c4c45522020080000e680325132510000e680325100000000000041660069006c00650030000f00fc0000ffffffffffffffffffff0000ffffffff46494c45302020202020201000ace670325132510000e670325103", 0x5b, 0x600}, {&(0x7f0000000780)="2ebc9c5d9d20202020202010", 0xc, 0x1000}], 0x0, &(0x7f0000010d00)=ANY=[]) r0 = openat(0xffffffffffffffff, &(0x7f0000000100)='/proc/self/exe\x00', 0x0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod$loop(&(0x7f00000000c0)='./file0\x00', 0x6000, 0x1) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f0000000100)=@filename='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='ext2\x00', 0x0, 0x0) [ 583.165510][ T1034] loop2: p1 p2 p3 p4 [ 583.170254][ T1034] loop2: p1 start 10 is beyond EOD, truncated [ 583.175041][T15537] FAULT_INJECTION: forcing a failure. [ 583.175041][T15537] name failslab, interval 1, probability 0, space 0, times 0 [ 583.176376][ T1034] loop2: p2 size 1073872896 extends beyond EOD, truncated [ 583.188937][T15537] CPU: 1 PID: 15537 Comm: syz-executor.4 Not tainted 5.12.0-syzkaller #0 [ 583.198068][ T1034] loop2: p3 start 225 is beyond EOD, [ 583.204427][T15537] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 583.209838][ T1034] truncated [ 583.219860][T15537] Call Trace: [ 583.219870][T15537] dump_stack+0x137/0x19d [ 583.222989][ T1034] loop2: p4 size 3657465856 extends beyond EOD, truncated [ 583.237843][T15537] should_fail+0x23c/0x250 [ 583.242342][T15537] __should_failslab+0x81/0x90 [ 583.247125][T15537] ? __iomap_dio_rw+0xf1/0xad0 [ 583.251908][T15537] should_failslab+0x5/0x20 [ 583.256425][T15537] kmem_cache_alloc_trace+0x49/0x310 17:04:38 executing program 0: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.events\x00', 0xb00000000065808, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000140)) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(r2, &(0x7f0000000000), 0xb1d000) ioctl$FITRIM(r0, 0x4030582b, &(0x7f0000000080)={0x0, 0x800004, 0x40000010000}) r3 = openat(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/self/exe\x00', 0x105100, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x2000007, 0x10010, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r4 = syz_io_uring_complete(0x0) symlinkat(&(0x7f00000000c0)='./file0\x00', r4, &(0x7f00000002c0)='./file0\x00') r5 = creat(&(0x7f0000000040)='./file0/file1\x00', 0x0) write$cgroup_type(r5, &(0x7f00000009c0), 0xd4ba0ff) ftruncate(r5, 0x20) dup3(r3, r4, 0x0) r6 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) getdents(r6, 0x0, 0x18) openat$cgroup_ro(r6, &(0x7f0000000240)='cpuset.effective_mems\x00', 0x0, 0x0) [ 583.262058][T15537] __iomap_dio_rw+0xf1/0xad0 [ 583.266684][T15537] ? __down_read_common+0x13b/0x5a0 [ 583.271890][T15537] ? kfree+0xf0/0x1d0 [ 583.275883][T15537] ? pipe_unlock+0x37/0x40 [ 583.280324][T15537] ? iter_file_splice_write+0x6da/0x750 [ 583.285884][T15537] iomap_dio_rw+0x30/0x70 [ 583.290225][T15537] ext4_file_read_iter+0x21a/0x290 [ 583.295338][T15537] generic_file_splice_read+0x22a/0x310 [ 583.300929][T15537] ? splice_shrink_spd+0x60/0x60 [ 583.305925][T15537] splice_direct_to_actor+0x2aa/0x650 [ 583.311363][T15537] ? do_splice_direct+0x170/0x170 17:04:39 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000200)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in6=@ipv4={'\x00', '\xff\xff', @broadcast}, 0x0, 0x32}, @in=@dev, {0x0, 0x0, 0x0, 0x0, 0x0, 0x17000000}, {}, {}, 0x0, 0x0, 0xa, 0xd104, 0x0, 0x24}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0) [ 583.316423][T15537] do_splice_direct+0xf5/0x170 [ 583.321197][T15537] do_sendfile+0x773/0xda0 [ 583.325677][T15537] __x64_sys_sendfile64+0xf2/0x130 [ 583.330831][T15537] do_syscall_64+0x4a/0x90 [ 583.335275][T15537] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 583.341197][T15537] RIP: 0033:0x4665f9 [ 583.345075][T15537] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 583.364716][T15537] RSP: 002b:00007f66db8d7188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 583.373382][T15537] RAX: ffffffffffffffda RBX: 000000000056c008 RCX: 00000000004665f9 [ 583.381338][T15537] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000003 [ 583.389296][T15537] RBP: 00007f66db8d71d0 R08: 0000000000000000 R09: 0000000000000000 [ 583.397424][T15537] R10: 00008080ffffff7e R11: 0000000000000246 R12: 0000000000000002 [ 583.405418][T15537] R13: 00007ffc1c86f7ef R14: 00007f66db8d7300 R15: 0000000000022000 [ 583.453324][T15553] EXT4-fs (loop7): VFS: Can't find ext4 filesystem [ 583.509705][ T1034] loop2: p1 p2 p3 p4 [ 583.513958][ T1034] loop2: p1 start 10 is beyond EOD, truncated [ 583.520030][ T1034] loop2: p2 size 1073872896 extends beyond EOD, truncated [ 583.528619][ T1034] loop2: p3 start 225 is beyond EOD, truncated [ 583.535292][ T1034] loop2: p4 size 3657465856 extends beyond EOD, truncated 17:04:39 executing program 4 (fault-call:11 fault-nth:28): prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x6}, 0x0) r0 = open(&(0x7f00000001c0)='./bus\x00', 0x145842, 0x0) r1 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0) lseek(r1, 0x4200, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r3, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r2, &(0x7f0000000000), 0x10000}]) r4 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r1, r4, 0x0, 0x8400fffffffb) sendfile(r0, r0, 0x0, 0x8080ffffff7e) 17:04:39 executing program 5: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) pipe(&(0x7f0000000040)) ioctl$F2FS_IOC_RELEASE_COMPRESS_BLOCKS(0xffffffffffffffff, 0x8008f512, &(0x7f0000000080)) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000340)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(r0, &(0x7f0000000000), 0x248800) 17:04:39 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000580)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = socket$inet(0x10, 0x3, 0x0) sendmsg(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000400)="24006800260007031dfffd946fa2830020200a0009000000001d85680c1ba3a20400ff7e280000001c00ffffba16a0aa1c0009b3ebcd774a3c374a095dca5285307eadea8653a1cc7e63975c", 0x4c}], 0x1}, 0x0) 17:04:39 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000200)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in6=@ipv4={'\x00', '\xff\xff', @broadcast}, 0x0, 0x32}, @in=@dev, {0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000}, {}, {}, 0x0, 0x0, 0xa, 0xd104, 0x0, 0x24}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0) 17:04:39 executing program 3: syz_mount_image$vfat(&(0x7f0000000000), &(0x7f00000001c0)='./file0\x00', 0x0, 0x4, &(0x7f0000000200)=[{&(0x7f0000000080)="eb3c906d6b66732e66617400020101000240008000f801", 0x17}, {&(0x7f0000010100)="00000000000000000000000000000000000000000000000000000000000055aaf8ff", 0x22, 0x1e4}, {&(0x7f0000000140)="53595a4b414c4c45522020080000e680325132510000e680325100000000000041660069006c00650030000f00fc0000ffffffffffffffffffff0000ffffffff46494c45302020202020201000ace670325132510000e670325103", 0x5b, 0x600}, {&(0x7f0000000780)="2ebc9c5d9d20202020202010", 0xc, 0x1000}], 0x0, &(0x7f0000010d00)=ANY=[]) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1000002, 0x12, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod$loop(&(0x7f00000000c0)='./file0\x00', 0x6000, 0x1) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f0000000100)=@filename='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='ext2\x00', 0x0, 0x0) 17:04:39 executing program 0: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.events\x00', 0xb00000000065808, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000140)) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(r2, &(0x7f0000000000), 0xb1d000) ioctl$FITRIM(r0, 0x4030582b, &(0x7f0000000080)={0x0, 0x800004, 0x40000010000}) r3 = openat(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/self/exe\x00', 0x105100, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x2000007, 0x10010, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r4 = syz_io_uring_complete(0x0) symlinkat(&(0x7f00000000c0)='./file0\x00', r4, &(0x7f00000002c0)='./file0\x00') r5 = creat(&(0x7f0000000040)='./file0/file1\x00', 0x0) write$cgroup_type(r5, &(0x7f00000009c0), 0xd4ba0ff) ftruncate(r5, 0x20) dup3(r3, r4, 0x0) r6 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) getdents(r6, 0x0, 0x18) 17:04:39 executing program 5: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) pipe(&(0x7f0000000040)) ioctl$F2FS_IOC_RELEASE_COMPRESS_BLOCKS(0xffffffffffffffff, 0x8008f512, &(0x7f0000000080)) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000340)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(r0, &(0x7f0000000000), 0x248800) 17:04:39 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000580)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = socket$inet(0x10, 0x3, 0x0) sendmsg(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000400)="24006c00260007031dfffd946fa2830020200a0009000000001d85680c1ba3a20400ff7e280000001c00ffffba16a0aa1c0009b3ebcd774a3c374a095dca5285307eadea8653a1cc7e63975c", 0x4c}], 0x1}, 0x0) 17:04:39 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000200)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in6=@ipv4={'\x00', '\xff\xff', @broadcast}, 0x0, 0x32}, @in=@dev, {0x0, 0x0, 0x0, 0x0, 0x0, 0x80060000}, {}, {}, 0x0, 0x0, 0xa, 0xd104, 0x0, 0x24}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0) [ 584.045841][T15582] EXT4-fs (loop7): VFS: Can't find ext4 filesystem 17:04:39 executing program 3: syz_mount_image$vfat(&(0x7f0000000000), &(0x7f00000001c0)='./file0\x00', 0x0, 0x4, &(0x7f0000000200)=[{&(0x7f0000000080)="eb3c906d6b66732e66617400020101000240008000f801", 0x17}, {&(0x7f0000010100)="00000000000000000000000000000000000000000000000000000000000055aaf8ff", 0x22, 0x1e4}, {&(0x7f0000000140)="53595a4b414c4c45522020080000e680325132510000e680325100000000000041660069006c00650030000f00fc0000ffffffffffffffffffff0000ffffffff46494c45302020202020201000ace670325132510000e670325103", 0x5b, 0x600}, {&(0x7f0000000780)="2ebc9c5d9d20202020202010", 0xc, 0x1000}], 0x0, &(0x7f0000010d00)=ANY=[]) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1000002, 0x12, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod$loop(&(0x7f00000000c0)='./file0\x00', 0x6000, 0x1) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f0000000100)=@filename='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='ext2\x00', 0x0, 0x0) [ 584.109074][ T1034] loop2: p1 p2 p3 p4 [ 584.115181][ T1034] loop2: p1 start 10 is beyond EOD, truncated [ 584.121413][ T1034] loop2: p2 size 1073872896 extends beyond EOD, truncated [ 584.136608][ T1034] loop2: p3 start 225 is beyond EOD, truncated [ 584.142868][ T1034] loop2: p4 size 3657465856 extends beyond EOD, truncated [ 584.147644][T15602] FAULT_INJECTION: forcing a failure. [ 584.147644][T15602] name failslab, interval 1, probability 0, space 0, times 0 [ 584.162650][T15602] CPU: 1 PID: 15602 Comm: syz-executor.4 Not tainted 5.12.0-syzkaller #0 [ 584.171071][T15602] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 584.181124][T15602] Call Trace: [ 584.184423][T15602] dump_stack+0x137/0x19d [ 584.188779][T15602] should_fail+0x23c/0x250 [ 584.193227][T15602] ? mempool_alloc_slab+0x16/0x20 [ 584.198320][T15602] __should_failslab+0x81/0x90 [ 584.203101][T15602] should_failslab+0x5/0x20 [ 584.207607][T15602] kmem_cache_alloc+0x46/0x2f0 [ 584.212378][T15602] mempool_alloc_slab+0x16/0x20 [ 584.217251][T15602] ? mempool_free+0x130/0x130 [ 584.221995][T15602] mempool_alloc+0x8c/0x300 [ 584.226485][T15602] ? percpu_counter_add_batch+0x69/0xd0 [ 584.232026][T15602] ? iov_iter_npages+0x9a0/0xa00 [ 584.236961][T15602] ? iov_iter_alignment+0x7b2/0x800 [ 584.242141][T15602] ? ext4_es_lookup_extent+0x36b/0x490 [ 584.247726][T15602] bio_alloc_bioset+0xcc/0x480 [ 584.252583][T15602] iomap_dio_bio_actor+0x511/0xb50 [ 584.257715][T15602] iomap_dio_actor+0x26e/0x3b0 [ 584.262468][T15602] ? __filemap_fdatawait_range+0x17c/0x1b0 [ 584.268343][T15602] iomap_apply+0x1e2/0x400 [ 584.272747][T15602] __iomap_dio_rw+0x5af/0xad0 [ 584.277429][T15602] ? __iomap_dio_rw+0xad0/0xad0 [ 584.282276][T15602] iomap_dio_rw+0x30/0x70 [ 584.286699][T15602] ext4_file_read_iter+0x21a/0x290 [ 584.291833][T15602] generic_file_splice_read+0x22a/0x310 [ 584.297362][T15602] ? splice_shrink_spd+0x60/0x60 [ 584.302322][T15602] splice_direct_to_actor+0x2aa/0x650 [ 584.307723][T15602] ? do_splice_direct+0x170/0x170 [ 584.312866][T15602] do_splice_direct+0xf5/0x170 [ 584.317620][T15602] do_sendfile+0x773/0xda0 [ 584.322034][T15602] __x64_sys_sendfile64+0xf2/0x130 [ 584.327130][T15602] do_syscall_64+0x4a/0x90 [ 584.331575][T15602] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 584.337589][T15602] RIP: 0033:0x4665f9 [ 584.341467][T15602] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 584.361066][T15602] RSP: 002b:00007f66db8d7188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 584.369481][T15602] RAX: ffffffffffffffda RBX: 000000000056c008 RCX: 00000000004665f9 [ 584.377518][T15602] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000003 [ 584.385487][T15602] RBP: 00007f66db8d71d0 R08: 0000000000000000 R09: 0000000000000000 [ 584.393444][T15602] R10: 00008080ffffff7e R11: 0000000000000246 R12: 0000000000000002 [ 584.401406][T15602] R13: 00007ffc1c86f7ef R14: 00007f66db8d7300 R15: 0000000000022000 17:04:40 executing program 5: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) pipe(&(0x7f0000000040)) ioctl$F2FS_IOC_RELEASE_COMPRESS_BLOCKS(0xffffffffffffffff, 0x8008f512, &(0x7f0000000080)) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000340)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(r0, &(0x7f0000000000), 0x248800) 17:04:40 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000580)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = socket$inet(0x10, 0x3, 0x0) sendmsg(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000400)="24007400260007031dfffd946fa2830020200a0009000000001d85680c1ba3a20400ff7e280000001c00ffffba16a0aa1c0009b3ebcd774a3c374a095dca5285307eadea8653a1cc7e63975c", 0x4c}], 0x1}, 0x0) [ 584.439261][T15616] EXT4-fs (loop7): VFS: Can't find ext4 filesystem [ 584.486138][ T1034] loop2: p1 p2 p3 p4 [ 584.490679][ T1034] loop2: p1 start 10 is beyond EOD, truncated [ 584.496809][ T1034] loop2: p2 size 1073872896 extends beyond EOD, truncated [ 584.520086][ T1034] loop2: p3 start 225 is beyond EOD, truncated [ 584.526312][ T1034] loop2: p4 size 3657465856 extends beyond EOD, truncated [ 584.571450][ T1034] loop2: p1 p2 p3 p4 [ 584.575643][ T1034] loop2: p1 start 10 is beyond EOD, truncated [ 584.581741][ T1034] loop2: p2 size 1073872896 extends beyond EOD, truncated [ 584.589802][ T1034] loop2: p3 start 225 is beyond EOD, truncated [ 584.596254][ T1034] loop2: p4 size 3657465856 extends beyond EOD, truncated 17:04:40 executing program 4 (fault-call:11 fault-nth:29): prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x6}, 0x0) r0 = open(&(0x7f00000001c0)='./bus\x00', 0x145842, 0x0) r1 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0) lseek(r1, 0x4200, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r3, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r2, &(0x7f0000000000), 0x10000}]) r4 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r1, r4, 0x0, 0x8400fffffffb) sendfile(r0, r0, 0x0, 0x8080ffffff7e) 17:04:40 executing program 0: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.events\x00', 0xb00000000065808, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000140)) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(r2, &(0x7f0000000000), 0xb1d000) ioctl$FITRIM(r0, 0x4030582b, &(0x7f0000000080)={0x0, 0x800004, 0x40000010000}) r3 = openat(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/self/exe\x00', 0x105100, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x2000007, 0x10010, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r4 = syz_io_uring_complete(0x0) symlinkat(&(0x7f00000000c0)='./file0\x00', r4, &(0x7f00000002c0)='./file0\x00') r5 = creat(&(0x7f0000000040)='./file0/file1\x00', 0x0) write$cgroup_type(r5, &(0x7f00000009c0), 0xd4ba0ff) ftruncate(r5, 0x20) dup3(r3, r4, 0x0) open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) 17:04:40 executing program 3: syz_mount_image$vfat(&(0x7f0000000000), &(0x7f00000001c0)='./file0\x00', 0x0, 0x4, &(0x7f0000000200)=[{&(0x7f0000000080)="eb3c906d6b66732e66617400020101000240008000f801", 0x17}, {&(0x7f0000010100)="00000000000000000000000000000000000000000000000000000000000055aaf8ff", 0x22, 0x1e4}, {&(0x7f0000000140)="53595a4b414c4c45522020080000e680325132510000e680325100000000000041660069006c00650030000f00fc0000ffffffffffffffffffff0000ffffffff46494c45302020202020201000ace670325132510000e670325103", 0x5b, 0x600}, {&(0x7f0000000780)="2ebc9c5d9d20202020202010", 0xc, 0x1000}], 0x0, &(0x7f0000010d00)=ANY=[]) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1000002, 0x12, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod$loop(&(0x7f00000000c0)='./file0\x00', 0x6000, 0x1) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f0000000100)=@filename='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='ext2\x00', 0x0, 0x0) 17:04:40 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000580)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = socket$inet(0x10, 0x3, 0x0) sendmsg(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000400)="24007a00260007031dfffd946fa2830020200a0009000000001d85680c1ba3a20400ff7e280000001c00ffffba16a0aa1c0009b3ebcd774a3c374a095dca5285307eadea8653a1cc7e63975c", 0x4c}], 0x1}, 0x0) 17:04:40 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000200)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in6=@ipv4={'\x00', '\xff\xff', @broadcast}, 0x0, 0x32}, @in=@dev, {0x0, 0x0, 0x0, 0x0, 0x0, 0x9effffff}, {}, {}, 0x0, 0x0, 0xa, 0xd104, 0x0, 0x24}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0) 17:04:40 executing program 5: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff}) ioctl$F2FS_IOC_RELEASE_COMPRESS_BLOCKS(r0, 0x8008f512, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000340)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(r1, &(0x7f0000000000), 0x248800) 17:04:40 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000580)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = socket$inet(0x10, 0x3, 0x0) sendmsg(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000400)="24000003260007031dfffd946fa2830020200a0009000000001d85680c1ba3a20400ff7e280000001c00ffffba16a0aa1c0009b3ebcd774a3c374a095dca5285307eadea8653a1cc7e63975c", 0x4c}], 0x1}, 0x0) 17:04:40 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000200)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in6=@ipv4={'\x00', '\xff\xff', @broadcast}, 0x0, 0x32}, @in=@dev, {0x0, 0x0, 0x0, 0x0, 0x0, 0xeaffffff}, {}, {}, 0x0, 0x0, 0xa, 0xd104, 0x0, 0x24}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0) [ 585.031026][T15650] EXT4-fs (loop7): VFS: Can't find ext4 filesystem [ 585.045763][ T1034] loop2: p1 p2 p3 p4 [ 585.065349][ T1034] loop2: p1 start 10 is beyond EOD, truncated [ 585.071494][ T1034] loop2: p2 size 1073872896 extends beyond EOD, truncated 17:04:40 executing program 5: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff}) ioctl$F2FS_IOC_RELEASE_COMPRESS_BLOCKS(r0, 0x8008f512, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000340)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(r1, &(0x7f0000000000), 0x248800) 17:04:40 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000100)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1000002, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod$loop(&(0x7f00000000c0)='./file0\x00', 0x6000, 0x1) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f0000000100)=@filename='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='ext2\x00', 0x0, 0x0) 17:04:40 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000580)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = socket$inet(0x10, 0x3, 0x0) sendmsg(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000400)="24000005260007031dfffd946fa2830020200a0009000000001d85680c1ba3a20400ff7e280000001c00ffffba16a0aa1c0009b3ebcd774a3c374a095dca5285307eadea8653a1cc7e63975c", 0x4c}], 0x1}, 0x0) [ 585.089261][ T1034] loop2: p3 start 225 is beyond EOD, truncated [ 585.095585][ T1034] loop2: p4 size 3657465856 extends beyond EOD, truncated [ 585.125525][T15671] FAULT_INJECTION: forcing a failure. [ 585.125525][T15671] name failslab, interval 1, probability 0, space 0, times 0 [ 585.138182][T15671] CPU: 0 PID: 15671 Comm: syz-executor.4 Not tainted 5.12.0-syzkaller #0 [ 585.146604][T15671] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 585.156665][T15671] Call Trace: [ 585.159946][T15671] dump_stack+0x137/0x19d [ 585.164281][T15671] should_fail+0x23c/0x250 [ 585.168713][T15671] ? bio_alloc_bioset+0x27d/0x480 [ 585.173739][T15671] __should_failslab+0x81/0x90 [ 585.178516][T15671] should_failslab+0x5/0x20 [ 585.183099][T15671] kmem_cache_alloc+0x46/0x2f0 [ 585.187866][T15671] ? iov_iter_npages+0x9a0/0xa00 [ 585.192801][T15671] ? iov_iter_alignment+0x7b2/0x800 [ 585.197982][T15671] ? ext4_es_lookup_extent+0x36b/0x490 [ 585.203473][T15671] bio_alloc_bioset+0x27d/0x480 [ 585.208338][T15671] iomap_dio_bio_actor+0x511/0xb50 [ 585.213441][T15671] iomap_dio_actor+0x26e/0x3b0 [ 585.218190][T15671] ? __filemap_fdatawait_range+0x17c/0x1b0 [ 585.223980][T15671] iomap_apply+0x1e2/0x400 [ 585.228380][T15671] __iomap_dio_rw+0x5af/0xad0 [ 585.233060][T15671] ? __iomap_dio_rw+0xad0/0xad0 [ 585.237964][T15671] iomap_dio_rw+0x30/0x70 [ 585.242279][T15671] ext4_file_read_iter+0x21a/0x290 [ 585.247377][T15671] generic_file_splice_read+0x22a/0x310 [ 585.252909][T15671] ? splice_shrink_spd+0x60/0x60 [ 585.257828][T15671] splice_direct_to_actor+0x2aa/0x650 [ 585.263183][T15671] ? do_splice_direct+0x170/0x170 [ 585.268190][T15671] do_splice_direct+0xf5/0x170 [ 585.273019][T15671] do_sendfile+0x773/0xda0 [ 585.277416][T15671] __x64_sys_sendfile64+0xf2/0x130 [ 585.282591][T15671] do_syscall_64+0x4a/0x90 [ 585.286996][T15671] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 585.292874][T15671] RIP: 0033:0x4665f9 [ 585.296751][T15671] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 585.316339][T15671] RSP: 002b:00007f66db8d7188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 585.324735][T15671] RAX: ffffffffffffffda RBX: 000000000056c008 RCX: 00000000004665f9 [ 585.332689][T15671] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000003 17:04:41 executing program 5: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff}) ioctl$F2FS_IOC_RELEASE_COMPRESS_BLOCKS(r0, 0x8008f512, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000340)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(r1, &(0x7f0000000000), 0x248800) [ 585.340687][T15671] RBP: 00007f66db8d71d0 R08: 0000000000000000 R09: 0000000000000000 [ 585.348658][T15671] R10: 00008080ffffff7e R11: 0000000000000246 R12: 0000000000000002 [ 585.356677][T15671] R13: 00007ffc1c86f7ef R14: 00007f66db8d7300 R15: 0000000000022000 [ 585.369830][T15681] EXT4-fs (loop7): VFS: Can't find ext4 filesystem [ 585.386850][ T1034] loop2: p1 p2 p3 p4 [ 585.393198][ T1034] loop2: p1 start 10 is beyond EOD, truncated [ 585.399301][ T1034] loop2: p2 size 1073872896 extends beyond EOD, truncated [ 585.424258][ T1034] loop2: p3 start 225 is beyond EOD, truncated [ 585.430612][ T1034] loop2: p4 size 3657465856 extends beyond EOD, truncated 17:04:41 executing program 4 (fault-call:11 fault-nth:30): prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x6}, 0x0) r0 = open(&(0x7f00000001c0)='./bus\x00', 0x145842, 0x0) r1 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0) lseek(r1, 0x4200, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r3, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r2, &(0x7f0000000000), 0x10000}]) r4 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r1, r4, 0x0, 0x8400fffffffb) sendfile(r0, r0, 0x0, 0x8080ffffff7e) 17:04:41 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000200)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in6=@ipv4={'\x00', '\xff\xff', @broadcast}, 0x0, 0x32}, @in=@dev, {0x0, 0x0, 0x0, 0x0, 0x0, 0xefffffff}, {}, {}, 0x0, 0x0, 0xa, 0xd104, 0x0, 0x24}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0) 17:04:41 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000100)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1000002, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod$loop(&(0x7f00000000c0)='./file0\x00', 0x6000, 0x1) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f0000000100)=@filename='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='ext2\x00', 0x0, 0x0) 17:04:41 executing program 0: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.events\x00', 0xb00000000065808, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000140)) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(r2, &(0x7f0000000000), 0xb1d000) ioctl$FITRIM(r0, 0x4030582b, &(0x7f0000000080)={0x0, 0x800004, 0x40000010000}) r3 = openat(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/self/exe\x00', 0x105100, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x2000007, 0x10010, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r4 = syz_io_uring_complete(0x0) symlinkat(&(0x7f00000000c0)='./file0\x00', r4, &(0x7f00000002c0)='./file0\x00') r5 = creat(&(0x7f0000000040)='./file0/file1\x00', 0x0) write$cgroup_type(r5, &(0x7f00000009c0), 0xd4ba0ff) ftruncate(r5, 0x20) dup3(r3, r4, 0x0) 17:04:41 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000580)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = socket$inet(0x10, 0x3, 0x0) sendmsg(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000400)="24000006260007031dfffd946fa2830020200a0009000000001d85680c1ba3a20400ff7e280000001c00ffffba16a0aa1c0009b3ebcd774a3c374a095dca5285307eadea8653a1cc7e63975c", 0x4c}], 0x1}, 0x0) 17:04:41 executing program 5: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff}) ioctl$F2FS_IOC_RELEASE_COMPRESS_BLOCKS(r0, 0x8008f512, &(0x7f0000000080)) r1 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x7a05, 0x1700) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000340)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(r1, &(0x7f0000000000), 0x248800) 17:04:41 executing program 5: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff}) ioctl$F2FS_IOC_RELEASE_COMPRESS_BLOCKS(r0, 0x8008f512, &(0x7f0000000080)) r1 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x7a05, 0x1700) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000340)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(r1, &(0x7f0000000000), 0x248800) 17:04:41 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000580)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = socket$inet(0x10, 0x3, 0x0) sendmsg(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000400)="24000007260007031dfffd946fa2830020200a0009000000001d85680c1ba3a20400ff7e280000001c00ffffba16a0aa1c0009b3ebcd774a3c374a095dca5285307eadea8653a1cc7e63975c", 0x4c}], 0x1}, 0x0) 17:04:41 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000200)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in6=@ipv4={'\x00', '\xff\xff', @broadcast}, 0x0, 0x32}, @in=@dev, {0x0, 0x0, 0x0, 0x0, 0x0, 0xf0ffffff}, {}, {}, 0x0, 0x0, 0xa, 0xd104, 0x0, 0x24}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0) [ 585.983141][T15699] EXT4-fs (loop7): VFS: Can't find ext4 filesystem 17:04:41 executing program 3: r0 = openat(0xffffffffffffffff, 0x0, 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1000002, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod$loop(&(0x7f00000000c0)='./file0\x00', 0x6000, 0x1) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f0000000100)=@filename='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='ext2\x00', 0x0, 0x0) [ 586.052209][ T1034] loop2: p1 p2 p3 p4 [ 586.058012][ T1034] loop2: p1 start 10 is beyond EOD, truncated [ 586.064128][ T1034] loop2: p2 size 1073872896 extends beyond EOD, truncated [ 586.074734][ T1034] loop2: p3 start 225 is beyond EOD, truncated [ 586.081182][ T1034] loop2: p4 size 3657465856 extends beyond EOD, truncated [ 586.095725][T15720] FAULT_INJECTION: forcing a failure. [ 586.095725][T15720] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 586.109029][T15720] CPU: 1 PID: 15720 Comm: syz-executor.4 Not tainted 5.12.0-syzkaller #0 [ 586.117567][T15720] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 586.127627][T15720] Call Trace: [ 586.130904][T15720] dump_stack+0x137/0x19d [ 586.135264][T15720] should_fail+0x23c/0x250 [ 586.139674][T15720] __alloc_pages+0x102/0x320 [ 586.144266][T15720] alloc_pages+0x21d/0x310 [ 586.148678][T15720] push_pipe+0x267/0x370 17:04:41 executing program 5: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff}) ioctl$F2FS_IOC_RELEASE_COMPRESS_BLOCKS(r0, 0x8008f512, &(0x7f0000000080)) r1 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x7a05, 0x1700) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000340)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(r1, &(0x7f0000000000), 0x248800) [ 586.152918][T15720] iov_iter_get_pages+0xb39/0xcc0 [ 586.157967][T15720] bio_iov_iter_get_pages+0x55f/0xa70 [ 586.163366][T15720] iomap_dio_bio_actor+0x673/0xb50 [ 586.168488][T15720] iomap_dio_actor+0x26e/0x3b0 [ 586.173282][T15720] ? __filemap_fdatawait_range+0x17c/0x1b0 [ 586.179157][T15720] iomap_apply+0x1e2/0x400 [ 586.183582][T15720] __iomap_dio_rw+0x5af/0xad0 [ 586.188245][T15720] ? __iomap_dio_rw+0xad0/0xad0 [ 586.193082][T15720] iomap_dio_rw+0x30/0x70 [ 586.197394][T15720] ext4_file_read_iter+0x21a/0x290 [ 586.202508][T15720] generic_file_splice_read+0x22a/0x310 [ 586.208239][T15720] ? splice_shrink_spd+0x60/0x60 [ 586.213176][T15720] splice_direct_to_actor+0x2aa/0x650 [ 586.218591][T15720] ? do_splice_direct+0x170/0x170 [ 586.223604][T15720] do_splice_direct+0xf5/0x170 [ 586.228465][T15720] do_sendfile+0x773/0xda0 [ 586.232882][T15720] __x64_sys_sendfile64+0xf2/0x130 [ 586.237998][T15720] do_syscall_64+0x4a/0x90 [ 586.242555][T15720] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 586.248510][T15720] RIP: 0033:0x4665f9 [ 586.252406][T15720] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 586.272133][T15720] RSP: 002b:00007f66db8d7188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 586.280534][T15720] RAX: ffffffffffffffda RBX: 000000000056c008 RCX: 00000000004665f9 [ 586.288579][T15720] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000003 17:04:42 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000580)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = socket$inet(0x10, 0x3, 0x0) sendmsg(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000400)="24000009260007031dfffd946fa2830020200a0009000000001d85680c1ba3a20400ff7e280000001c00ffffba16a0aa1c0009b3ebcd774a3c374a095dca5285307eadea8653a1cc7e63975c", 0x4c}], 0x1}, 0x0) [ 586.296540][T15720] RBP: 00007f66db8d71d0 R08: 0000000000000000 R09: 0000000000000000 [ 586.304575][T15720] R10: 00008080ffffff7e R11: 0000000000000246 R12: 0000000000000002 [ 586.312659][T15720] R13: 00007ffc1c86f7ef R14: 00007f66db8d7300 R15: 0000000000022000 [ 586.346423][ T1034] loop2: p1 p2 p3 p4 [ 586.351194][ T1034] loop2: p1 start 10 is beyond EOD, truncated [ 586.355045][T15729] EXT4-fs (loop7): VFS: Can't find ext4 filesystem [ 586.357323][ T1034] loop2: p2 size 1073872896 extends beyond EOD, truncated [ 586.368845][ T1034] loop2: p3 start 225 is beyond EOD, truncated [ 586.377187][ T1034] loop2: p4 size 3657465856 extends beyond EOD, truncated 17:04:42 executing program 4 (fault-call:11 fault-nth:31): prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x6}, 0x0) r0 = open(&(0x7f00000001c0)='./bus\x00', 0x145842, 0x0) r1 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0) lseek(r1, 0x4200, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r3, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r2, &(0x7f0000000000), 0x10000}]) r4 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r1, r4, 0x0, 0x8400fffffffb) sendfile(r0, r0, 0x0, 0x8080ffffff7e) 17:04:42 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000200)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in6=@ipv4={'\x00', '\xff\xff', @broadcast}, 0x0, 0x32}, @in=@dev, {0x0, 0x0, 0x0, 0x0, 0x0, 0xfcffffff}, {}, {}, 0x0, 0x0, 0xa, 0xd104, 0x0, 0x24}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0) 17:04:42 executing program 5: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff}) ioctl$F2FS_IOC_RELEASE_COMPRESS_BLOCKS(r0, 0x8008f512, &(0x7f0000000080)) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x7a05, 0x1700) write$cgroup_type(r1, &(0x7f0000000000), 0x248800) 17:04:42 executing program 3: r0 = openat(0xffffffffffffffff, 0x0, 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1000002, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod$loop(&(0x7f00000000c0)='./file0\x00', 0x6000, 0x1) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f0000000100)=@filename='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='ext2\x00', 0x0, 0x0) 17:04:42 executing program 0: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.events\x00', 0xb00000000065808, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000140)) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(r2, &(0x7f0000000000), 0xb1d000) ioctl$FITRIM(r0, 0x4030582b, &(0x7f0000000080)={0x0, 0x800004, 0x40000010000}) r3 = openat(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/self/exe\x00', 0x105100, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x2000007, 0x10010, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r4 = syz_io_uring_complete(0x0) symlinkat(&(0x7f00000000c0)='./file0\x00', r4, &(0x7f00000002c0)='./file0\x00') r5 = creat(&(0x7f0000000040)='./file0/file1\x00', 0x0) write$cgroup_type(r5, &(0x7f00000009c0), 0xd4ba0ff) ftruncate(r5, 0x20) 17:04:42 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000580)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = socket$inet(0x10, 0x3, 0x0) sendmsg(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000400)="2400000a260007031dfffd946fa2830020200a0009000000001d85680c1ba3a20400ff7e280000001c00ffffba16a0aa1c0009b3ebcd774a3c374a095dca5285307eadea8653a1cc7e63975c", 0x4c}], 0x1}, 0x0) 17:04:42 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000200)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in6=@ipv4={'\x00', '\xff\xff', @broadcast}, 0x0, 0x32}, @in=@dev, {0x0, 0x0, 0x0, 0x0, 0x0, 0xfeffffff}, {}, {}, 0x0, 0x0, 0xa, 0xd104, 0x0, 0x24}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0) 17:04:42 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000580)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = socket$inet(0x10, 0x3, 0x0) sendmsg(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000400)="2400000b260007031dfffd946fa2830020200a0009000000001d85680c1ba3a20400ff7e280000001c00ffffba16a0aa1c0009b3ebcd774a3c374a095dca5285307eadea8653a1cc7e63975c", 0x4c}], 0x1}, 0x0) 17:04:42 executing program 5: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff}) ioctl$F2FS_IOC_RELEASE_COMPRESS_BLOCKS(r0, 0x8008f512, &(0x7f0000000080)) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x7a05, 0x1700) write$cgroup_type(r1, &(0x7f0000000000), 0x248800) [ 586.987335][T15763] EXT4-fs (loop7): VFS: Can't find ext4 filesystem 17:04:42 executing program 3: r0 = openat(0xffffffffffffffff, 0x0, 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1000002, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod$loop(&(0x7f00000000c0)='./file0\x00', 0x6000, 0x1) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f0000000100)=@filename='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='ext2\x00', 0x0, 0x0) 17:04:42 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000200)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in6=@ipv4={'\x00', '\xff\xff', @broadcast}, 0x0, 0x32}, @in=@dev, {0x0, 0x0, 0x0, 0x0, 0x0, 0xffffff7f}, {}, {}, 0x0, 0x0, 0xa, 0xd104, 0x0, 0x24}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0) [ 587.029243][ T1034] loop2: p1 p2 p3 p4 [ 587.033668][ T1034] loop2: p1 start 10 is beyond EOD, truncated [ 587.039761][ T1034] loop2: p2 size 1073872896 extends beyond EOD, truncated [ 587.055239][ T1034] loop2: p3 start 225 is beyond EOD, truncated [ 587.061511][ T1034] loop2: p4 size 3657465856 extends beyond EOD, truncated [ 587.084460][T15779] FAULT_INJECTION: forcing a failure. [ 587.084460][T15779] name failslab, interval 1, probability 0, space 0, times 0 [ 587.097175][T15779] CPU: 0 PID: 15779 Comm: syz-executor.4 Not tainted 5.12.0-syzkaller #0 [ 587.105599][T15779] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 587.115651][T15779] Call Trace: [ 587.118975][T15779] dump_stack+0x137/0x19d [ 587.123383][T15779] should_fail+0x23c/0x250 [ 587.127823][T15779] ? bio_alloc_bioset+0x27d/0x480 [ 587.132900][T15779] __should_failslab+0x81/0x90 [ 587.137703][T15779] should_failslab+0x5/0x20 [ 587.142206][T15779] kmem_cache_alloc+0x46/0x2f0 [ 587.146981][T15779] ? iov_iter_npages+0x9a0/0xa00 [ 587.151930][T15779] ? iov_iter_alignment+0x7b2/0x800 [ 587.157128][T15779] ? ext4_es_lookup_extent+0x36b/0x490 [ 587.162669][T15779] bio_alloc_bioset+0x27d/0x480 [ 587.167682][T15779] iomap_dio_bio_actor+0x511/0xb50 [ 587.173245][T15779] iomap_dio_actor+0x26e/0x3b0 [ 587.178014][T15779] ? __filemap_fdatawait_range+0x17c/0x1b0 [ 587.183832][T15779] iomap_apply+0x1e2/0x400 [ 587.188256][T15779] __iomap_dio_rw+0x5af/0xad0 [ 587.192942][T15779] ? __iomap_dio_rw+0xad0/0xad0 [ 587.197922][T15779] iomap_dio_rw+0x30/0x70 [ 587.202301][T15779] ext4_file_read_iter+0x21a/0x290 [ 587.207511][T15779] generic_file_splice_read+0x22a/0x310 [ 587.213100][T15779] ? splice_shrink_spd+0x60/0x60 [ 587.218039][T15779] splice_direct_to_actor+0x2aa/0x650 [ 587.223422][T15779] ? do_splice_direct+0x170/0x170 [ 587.228488][T15779] do_splice_direct+0xf5/0x170 [ 587.233273][T15779] do_sendfile+0x773/0xda0 [ 587.237835][T15779] __x64_sys_sendfile64+0xf2/0x130 [ 587.242945][T15779] do_syscall_64+0x4a/0x90 [ 587.247486][T15779] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 587.253382][T15779] RIP: 0033:0x4665f9 [ 587.257258][T15779] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 587.276936][T15779] RSP: 002b:00007f66db8d7188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 17:04:43 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000580)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = socket$inet(0x10, 0x3, 0x0) sendmsg(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000400)="2400000c260007031dfffd946fa2830020200a0009000000001d85680c1ba3a20400ff7e280000001c00ffffba16a0aa1c0009b3ebcd774a3c374a095dca5285307eadea8653a1cc7e63975c", 0x4c}], 0x1}, 0x0) [ 587.285333][T15779] RAX: ffffffffffffffda RBX: 000000000056c008 RCX: 00000000004665f9 [ 587.293295][T15779] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000003 [ 587.301284][T15779] RBP: 00007f66db8d71d0 R08: 0000000000000000 R09: 0000000000000000 [ 587.309236][T15779] R10: 00008080ffffff7e R11: 0000000000000246 R12: 0000000000000002 [ 587.317298][T15779] R13: 00007ffc1c86f7ef R14: 00007f66db8d7300 R15: 0000000000022000 [ 587.337089][T15792] EXT4-fs (loop7): VFS: Can't find ext4 filesystem [ 587.349410][ T1034] loop2: p1 p2 p3 p4 [ 587.354270][ T1034] loop2: p1 start 10 is beyond EOD, truncated [ 587.360374][ T1034] loop2: p2 size 1073872896 extends beyond EOD, truncated [ 587.371298][ T1034] loop2: p3 start 225 is beyond EOD, truncated [ 587.377620][ T1034] loop2: p4 size 3657465856 extends beyond EOD, truncated [ 587.417021][ T1034] loop2: p1 p2 p3 p4 [ 587.421338][ T1034] loop2: p1 start 10 is beyond EOD, truncated [ 587.427527][ T1034] loop2: p2 size 1073872896 extends beyond EOD, truncated [ 587.435525][ T1034] loop2: p3 start 225 is beyond EOD, truncated [ 587.441825][ T1034] loop2: p4 size 3657465856 extends beyond EOD, truncated 17:04:43 executing program 4 (fault-call:11 fault-nth:32): prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x6}, 0x0) r0 = open(&(0x7f00000001c0)='./bus\x00', 0x145842, 0x0) r1 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0) lseek(r1, 0x4200, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r3, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r2, &(0x7f0000000000), 0x10000}]) r4 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r1, r4, 0x0, 0x8400fffffffb) sendfile(r0, r0, 0x0, 0x8080ffffff7e) 17:04:43 executing program 0: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.events\x00', 0xb00000000065808, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000140)) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(r2, &(0x7f0000000000), 0xb1d000) ioctl$FITRIM(r0, 0x4030582b, &(0x7f0000000080)={0x0, 0x800004, 0x40000010000}) r3 = openat(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/self/exe\x00', 0x105100, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x2000007, 0x10010, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r4 = syz_io_uring_complete(0x0) symlinkat(&(0x7f00000000c0)='./file0\x00', r4, &(0x7f00000002c0)='./file0\x00') r5 = creat(&(0x7f0000000040)='./file0/file1\x00', 0x0) write$cgroup_type(r5, &(0x7f00000009c0), 0xd4ba0ff) 17:04:43 executing program 5: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff}) ioctl$F2FS_IOC_RELEASE_COMPRESS_BLOCKS(r0, 0x8008f512, &(0x7f0000000080)) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x7a05, 0x1700) write$cgroup_type(r1, &(0x7f0000000000), 0x248800) 17:04:43 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000200)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in6=@ipv4={'\x00', '\xff\xff', @broadcast}, 0x0, 0x32}, @in=@dev, {0x0, 0x0, 0x0, 0x0, 0x0, 0xffffff9e}, {}, {}, 0x0, 0x0, 0xa, 0xd104, 0x0, 0x24}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0) 17:04:43 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000580)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = socket$inet(0x10, 0x3, 0x0) sendmsg(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000400)="2400000d260007031dfffd946fa2830020200a0009000000001d85680c1ba3a20400ff7e280000001c00ffffba16a0aa1c0009b3ebcd774a3c374a095dca5285307eadea8653a1cc7e63975c", 0x4c}], 0x1}, 0x0) 17:04:43 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000100)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod$loop(&(0x7f00000000c0)='./file0\x00', 0x6000, 0x1) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f0000000100)=@filename='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='ext2\x00', 0x0, 0x0) 17:04:43 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000100)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod$loop(&(0x7f00000000c0)='./file0\x00', 0x6000, 0x1) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f0000000100)=@filename='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='ext2\x00', 0x0, 0x0) 17:04:43 executing program 5: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff}) ioctl$F2FS_IOC_RELEASE_COMPRESS_BLOCKS(r0, 0x8008f512, &(0x7f0000000080)) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000340)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(0xffffffffffffffff, &(0x7f0000000000), 0x248800) 17:04:43 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000200)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in6=@ipv4={'\x00', '\xff\xff', @broadcast}, 0x0, 0x32}, @in=@dev, {0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffea}, {}, {}, 0x0, 0x0, 0xa, 0xd104, 0x0, 0x24}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0) 17:04:43 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000580)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = socket$inet(0x10, 0x3, 0x0) sendmsg(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000400)="2400000e260007031dfffd946fa2830020200a0009000000001d85680c1ba3a20400ff7e280000001c00ffffba16a0aa1c0009b3ebcd774a3c374a095dca5285307eadea8653a1cc7e63975c", 0x4c}], 0x1}, 0x0) [ 588.044130][T15837] FAULT_INJECTION: forcing a failure. [ 588.044130][T15837] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 588.057464][T15837] CPU: 0 PID: 15837 Comm: syz-executor.4 Not tainted 5.12.0-syzkaller #0 [ 588.065887][T15837] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 588.071488][ T1034] loop2: p1 p2 p3 p4 [ 588.075942][T15837] Call Trace: [ 588.075953][T15837] dump_stack+0x137/0x19d [ 588.081803][ T1034] loop2: p1 start 10 is beyond EOD, [ 588.083186][T15837] should_fail+0x23c/0x250 [ 588.087508][ T1034] truncated [ 588.087515][ T1034] loop2: p2 size 1073872896 extends beyond EOD, [ 588.092790][T15837] __alloc_pages+0x102/0x320 [ 588.092810][T15837] alloc_pages+0x21d/0x310 [ 588.092827][T15837] push_pipe+0x267/0x370 [ 588.097222][ T1034] truncated [ 588.123004][T15837] iov_iter_get_pages+0xb39/0xcc0 [ 588.125572][ T1034] loop2: p3 start 225 is beyond EOD, [ 588.128040][T15837] bio_iov_iter_get_pages+0x55f/0xa70 [ 588.128079][T15837] iomap_dio_bio_actor+0x673/0xb50 [ 588.133458][ T1034] truncated [ 588.138795][T15837] iomap_dio_actor+0x26e/0x3b0 [ 588.143914][ T1034] loop2: p4 size 3657465856 extends beyond EOD, [ 588.146983][T15837] ? __filemap_fdatawait_range+0x17c/0x1b0 [ 588.151750][ T1034] truncated [ 588.158037][T15837] iomap_apply+0x1e2/0x400 [ 588.171339][T15837] __iomap_dio_rw+0x5af/0xad0 [ 588.176021][T15837] ? __iomap_dio_rw+0xad0/0xad0 [ 588.180902][T15837] iomap_dio_rw+0x30/0x70 [ 588.185316][T15837] ext4_file_read_iter+0x21a/0x290 17:04:43 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000100)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod$loop(&(0x7f00000000c0)='./file0\x00', 0x6000, 0x1) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f0000000100)=@filename='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='ext2\x00', 0x0, 0x0) 17:04:43 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000580)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = socket$inet(0x10, 0x3, 0x0) sendmsg(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000400)="2400c00e260007031dfffd946fa2830020200a0009000000001d85680c1ba3a20400ff7e280000001c00ffffba16a0aa1c0009b3ebcd774a3c374a095dca5285307eadea8653a1cc7e63975c", 0x4c}], 0x1}, 0x0) [ 588.190451][T15837] generic_file_splice_read+0x22a/0x310 [ 588.196001][T15837] ? splice_shrink_spd+0x60/0x60 [ 588.200948][T15837] splice_direct_to_actor+0x2aa/0x650 [ 588.206361][T15837] ? do_splice_direct+0x170/0x170 [ 588.211456][T15837] do_splice_direct+0xf5/0x170 [ 588.216226][T15837] do_sendfile+0x773/0xda0 [ 588.220718][T15837] __x64_sys_sendfile64+0xf2/0x130 [ 588.225870][T15837] do_syscall_64+0x4a/0x90 [ 588.230296][T15837] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 588.236204][T15837] RIP: 0033:0x4665f9 [ 588.240142][T15837] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 588.259814][T15837] RSP: 002b:00007f66db8d7188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 588.267266][ T1034] loop2: p1 p2 p3 p4 [ 588.268372][T15837] RAX: ffffffffffffffda RBX: 000000000056c008 RCX: 00000000004665f9 [ 588.268388][T15837] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000003 [ 588.279000][ T1034] loop2: p1 start 10 is beyond EOD, [ 588.280334][T15837] RBP: 00007f66db8d71d0 R08: 0000000000000000 R09: 0000000000000000 [ 588.280350][T15837] R10: 00008080ffffff7e R11: 0000000000000246 R12: 0000000000000002 [ 588.280361][T15837] R13: 00007ffc1c86f7ef R14: 00007f66db8d7300 R15: 0000000000022000 [ 588.317793][ T1034] truncated [ 588.320922][ T1034] loop2: p2 size 1073872896 extends beyond EOD, truncated [ 588.341539][ T1034] loop2: p3 start 225 is beyond EOD, truncated [ 588.347736][ T1034] loop2: p4 size 3657465856 extends beyond EOD, truncated [ 588.376289][ T1034] loop2: p1 p2 p3 p4 [ 588.381065][ T1034] loop2: p1 start 10 is beyond EOD, truncated [ 588.387254][ T1034] loop2: p2 size 1073872896 extends beyond EOD, truncated [ 588.394722][ T1034] loop2: p3 start 225 is beyond EOD, truncated [ 588.400932][ T1034] loop2: p4 size 3657465856 extends beyond EOD, truncated 17:04:44 executing program 4 (fault-call:11 fault-nth:33): prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x6}, 0x0) r0 = open(&(0x7f00000001c0)='./bus\x00', 0x145842, 0x0) r1 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0) lseek(r1, 0x4200, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r3, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r2, &(0x7f0000000000), 0x10000}]) r4 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r1, r4, 0x0, 0x8400fffffffb) sendfile(r0, r0, 0x0, 0x8080ffffff7e) 17:04:44 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000100)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1000002, 0x10, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod$loop(&(0x7f00000000c0)='./file0\x00', 0x6000, 0x1) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f0000000100)=@filename='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='ext2\x00', 0x0, 0x0) 17:04:44 executing program 0: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.events\x00', 0xb00000000065808, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000140)) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(r2, &(0x7f0000000000), 0xb1d000) ioctl$FITRIM(r0, 0x4030582b, &(0x7f0000000080)={0x0, 0x800004, 0x40000010000}) r3 = openat(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/self/exe\x00', 0x105100, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x2000007, 0x10010, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r4 = syz_io_uring_complete(0x0) symlinkat(&(0x7f00000000c0)='./file0\x00', r4, &(0x7f00000002c0)='./file0\x00') creat(&(0x7f0000000040)='./file0/file1\x00', 0x0) 17:04:44 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000200)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in6=@ipv4={'\x00', '\xff\xff', @broadcast}, 0x0, 0x32}, @in=@dev, {0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffef}, {}, {}, 0x0, 0x0, 0xa, 0xd104, 0x0, 0x24}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0) 17:04:44 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000580)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = socket$inet(0x10, 0x3, 0x0) sendmsg(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000400)="24003410260007031dfffd946fa2830020200a0009000000001d85680c1ba3a20400ff7e280000001c00ffffba16a0aa1c0009b3ebcd774a3c374a095dca5285307eadea8653a1cc7e63975c", 0x4c}], 0x1}, 0x0) 17:04:44 executing program 5: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff}) ioctl$F2FS_IOC_RELEASE_COMPRESS_BLOCKS(r0, 0x8008f512, &(0x7f0000000080)) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000340)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(0xffffffffffffffff, &(0x7f0000000000), 0x248800) 17:04:44 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000200)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in6=@ipv4={'\x00', '\xff\xff', @broadcast}, 0x0, 0x32}, @in=@dev, {0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffff0}, {}, {}, 0x0, 0x0, 0xa, 0xd104, 0x0, 0x24}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0) 17:04:44 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000580)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = socket$inet(0x10, 0x3, 0x0) sendmsg(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000400)="24000011260007031dfffd946fa2830020200a0009000000001d85680c1ba3a20400ff7e280000001c00ffffba16a0aa1c0009b3ebcd774a3c374a095dca5285307eadea8653a1cc7e63975c", 0x4c}], 0x1}, 0x0) [ 588.916977][T15880] EXT4-fs (loop7): VFS: Can't find ext4 filesystem 17:04:44 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000100)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1000002, 0x10, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod$loop(&(0x7f00000000c0)='./file0\x00', 0x6000, 0x1) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f0000000100)=@filename='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='ext2\x00', 0x0, 0x0) 17:04:44 executing program 5: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff}) ioctl$F2FS_IOC_RELEASE_COMPRESS_BLOCKS(r0, 0x8008f512, &(0x7f0000000080)) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000340)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(0xffffffffffffffff, &(0x7f0000000000), 0x248800) [ 588.970018][ T1034] loop2: p1 p2 p3 p4 [ 588.974391][ T1034] loop2: p1 start 10 is beyond EOD, truncated [ 588.980515][ T1034] loop2: p2 size 1073872896 extends beyond EOD, truncated [ 588.993582][ T1034] loop2: p3 start 225 is beyond EOD, truncated [ 588.999911][ T1034] loop2: p4 size 3657465856 extends beyond EOD, truncated [ 589.024042][T15897] FAULT_INJECTION: forcing a failure. [ 589.024042][T15897] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 589.037456][T15897] CPU: 0 PID: 15897 Comm: syz-executor.4 Not tainted 5.12.0-syzkaller #0 [ 589.045929][T15897] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 589.056012][T15897] Call Trace: [ 589.059296][T15897] dump_stack+0x137/0x19d [ 589.063630][T15897] should_fail+0x23c/0x250 [ 589.068134][T15897] __alloc_pages+0x102/0x320 [ 589.072732][T15897] alloc_pages+0x21d/0x310 [ 589.077163][T15897] push_pipe+0x267/0x370 [ 589.081493][T15897] iov_iter_get_pages+0xb39/0xcc0 [ 589.086526][T15897] bio_iov_iter_get_pages+0x55f/0xa70 [ 589.091909][T15897] iomap_dio_bio_actor+0x673/0xb50 [ 589.097089][T15897] iomap_dio_actor+0x26e/0x3b0 [ 589.101929][T15897] ? __filemap_fdatawait_range+0x17c/0x1b0 [ 589.107805][T15897] iomap_apply+0x1e2/0x400 [ 589.112220][T15897] __iomap_dio_rw+0x5af/0xad0 [ 589.116964][T15897] ? __iomap_dio_rw+0xad0/0xad0 17:04:44 executing program 5: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff}) ioctl$F2FS_IOC_RELEASE_COMPRESS_BLOCKS(r0, 0x8008f512, &(0x7f0000000080)) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000340)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(r1, 0x0, 0x0) 17:04:44 executing program 0: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.events\x00', 0xb00000000065808, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000140)) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(r2, &(0x7f0000000000), 0xb1d000) ioctl$FITRIM(r0, 0x4030582b, &(0x7f0000000080)={0x0, 0x800004, 0x40000010000}) r3 = openat(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/self/exe\x00', 0x105100, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x2000007, 0x10010, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r4 = syz_io_uring_complete(0x0) symlinkat(&(0x7f00000000c0)='./file0\x00', r4, &(0x7f00000002c0)='./file0\x00') [ 589.121815][T15897] iomap_dio_rw+0x30/0x70 [ 589.126223][T15897] ext4_file_read_iter+0x21a/0x290 [ 589.131379][T15897] generic_file_splice_read+0x22a/0x310 [ 589.137090][T15897] ? splice_shrink_spd+0x60/0x60 [ 589.142143][T15897] splice_direct_to_actor+0x2aa/0x650 [ 589.147536][T15897] ? do_splice_direct+0x170/0x170 [ 589.152573][T15897] do_splice_direct+0xf5/0x170 [ 589.157344][T15897] do_sendfile+0x773/0xda0 [ 589.161826][T15897] __x64_sys_sendfile64+0xf2/0x130 [ 589.165080][T15908] EXT4-fs (loop7): VFS: Can't find ext4 filesystem [ 589.166943][T15897] do_syscall_64+0x4a/0x90 [ 589.177838][T15897] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 589.183742][T15897] RIP: 0033:0x4665f9 [ 589.187690][T15897] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 589.207313][T15897] RSP: 002b:00007f66db8d7188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 589.215721][T15897] RAX: ffffffffffffffda RBX: 000000000056c008 RCX: 00000000004665f9 [ 589.223679][T15897] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000003 [ 589.231661][T15897] RBP: 00007f66db8d71d0 R08: 0000000000000000 R09: 0000000000000000 [ 589.239616][T15897] R10: 00008080ffffff7e R11: 0000000000000246 R12: 0000000000000002 [ 589.247702][T15897] R13: 00007ffc1c86f7ef R14: 00007f66db8d7300 R15: 0000000000022000 [ 589.265370][ T1034] loop2: p1 p2 p3 p4 [ 589.272455][ T1034] loop2: p1 start 10 is beyond EOD, truncated [ 589.278802][ T1034] loop2: p2 size 1073872896 extends beyond EOD, truncated [ 589.287430][ T1034] loop2: p3 start 225 is beyond EOD, truncated [ 589.293671][ T1034] loop2: p4 size 3657465856 extends beyond EOD, truncated 17:04:45 executing program 4 (fault-call:11 fault-nth:34): prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x6}, 0x0) r0 = open(&(0x7f00000001c0)='./bus\x00', 0x145842, 0x0) r1 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0) lseek(r1, 0x4200, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r3, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r2, &(0x7f0000000000), 0x10000}]) r4 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r1, r4, 0x0, 0x8400fffffffb) sendfile(r0, r0, 0x0, 0x8080ffffff7e) 17:04:45 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000200)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in6=@ipv4={'\x00', '\xff\xff', @broadcast}, 0x0, 0x32}, @in=@dev, {0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc}, {}, {}, 0x0, 0x0, 0xa, 0xd104, 0x0, 0x24}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0) 17:04:45 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000580)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = socket$inet(0x10, 0x3, 0x0) sendmsg(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000400)="24002511260007031dfffd946fa2830020200a0009000000001d85680c1ba3a20400ff7e280000001c00ffffba16a0aa1c0009b3ebcd774a3c374a095dca5285307eadea8653a1cc7e63975c", 0x4c}], 0x1}, 0x0) 17:04:45 executing program 5: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff}) ioctl$F2FS_IOC_RELEASE_COMPRESS_BLOCKS(r0, 0x8008f512, &(0x7f0000000080)) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000340)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(r1, 0x0, 0x0) 17:04:45 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000100)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1000002, 0x10, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod$loop(&(0x7f00000000c0)='./file0\x00', 0x6000, 0x1) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f0000000100)=@filename='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='ext2\x00', 0x0, 0x0) 17:04:45 executing program 0: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.events\x00', 0xb00000000065808, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000140)) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(r2, &(0x7f0000000000), 0xb1d000) ioctl$FITRIM(r0, 0x4030582b, &(0x7f0000000080)={0x0, 0x800004, 0x40000010000}) r3 = openat(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/self/exe\x00', 0x105100, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x2000007, 0x10010, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) syz_io_uring_complete(0x0) 17:04:45 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000580)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = socket$inet(0x10, 0x3, 0x0) sendmsg(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000400)="24000012260007031dfffd946fa2830020200a0009000000001d85680c1ba3a20400ff7e280000001c00ffffba16a0aa1c0009b3ebcd774a3c374a095dca5285307eadea8653a1cc7e63975c", 0x4c}], 0x1}, 0x0) 17:04:45 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000200)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in6=@ipv4={'\x00', '\xff\xff', @broadcast}, 0x0, 0x32}, @in=@dev, {0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe}, {}, {}, 0x0, 0x0, 0xa, 0xd104, 0x0, 0x24}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0) [ 589.905689][T15935] EXT4-fs (loop7): VFS: Can't find ext4 filesystem 17:04:45 executing program 5: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff}) ioctl$F2FS_IOC_RELEASE_COMPRESS_BLOCKS(r0, 0x8008f512, &(0x7f0000000080)) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000340)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(r1, 0x0, 0x0) 17:04:45 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000100)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1000002, 0x12, 0xffffffffffffffff, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod$loop(&(0x7f00000000c0)='./file0\x00', 0x6000, 0x1) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f0000000100)=@filename='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='ext2\x00', 0x0, 0x0) [ 589.952063][ T1034] loop2: p1 p2 p3 p4 [ 589.956504][ T1034] loop2: p1 start 10 is beyond EOD, truncated [ 589.962611][ T1034] loop2: p2 size 1073872896 extends beyond EOD, truncated 17:04:45 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000200)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in6=@ipv4={'\x00', '\xff\xff', @broadcast}, 0x0, 0x32}, @in=@dev, {0x0, 0x0, 0x0, 0x0, 0x0, 0x4928311328}, {}, {}, 0x0, 0x0, 0xa, 0xd104, 0x0, 0x24}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0) [ 590.000207][T15953] FAULT_INJECTION: forcing a failure. [ 590.000207][T15953] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 590.013546][T15953] CPU: 1 PID: 15953 Comm: syz-executor.4 Not tainted 5.12.0-syzkaller #0 [ 590.021711][ T1034] loop2: p3 start 225 is beyond EOD, [ 590.022000][T15953] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 590.022015][T15953] Call Trace: [ 590.022022][T15953] dump_stack+0x137/0x19d [ 590.027392][ T1034] truncated [ 590.027397][ T1034] loop2: p4 size 3657465856 extends beyond EOD, truncated [ 590.055295][T15953] should_fail+0x23c/0x250 [ 590.059829][T15953] __alloc_pages+0x102/0x320 [ 590.064426][T15953] alloc_pages+0x21d/0x310 [ 590.068851][T15953] push_pipe+0x267/0x370 [ 590.073111][T15953] iov_iter_get_pages+0xb39/0xcc0 [ 590.078226][T15953] bio_iov_iter_get_pages+0x55f/0xa70 [ 590.083681][T15953] iomap_dio_bio_actor+0x673/0xb50 [ 590.088834][T15953] iomap_dio_actor+0x26e/0x3b0 [ 590.093617][T15953] ? __filemap_fdatawait_range+0x17c/0x1b0 [ 590.099568][T15953] iomap_apply+0x1e2/0x400 [ 590.104066][T15953] __iomap_dio_rw+0x5af/0xad0 [ 590.108821][T15953] ? __iomap_dio_rw+0xad0/0xad0 [ 590.113732][T15953] iomap_dio_rw+0x30/0x70 [ 590.118049][T15953] ext4_file_read_iter+0x21a/0x290 [ 590.123148][T15953] generic_file_splice_read+0x22a/0x310 [ 590.128681][T15953] ? splice_shrink_spd+0x60/0x60 [ 590.133612][T15953] splice_direct_to_actor+0x2aa/0x650 [ 590.139038][T15953] ? do_splice_direct+0x170/0x170 [ 590.144061][T15953] do_splice_direct+0xf5/0x170 [ 590.148822][T15953] do_sendfile+0x773/0xda0 [ 590.153230][T15953] __x64_sys_sendfile64+0xf2/0x130 [ 590.158349][T15953] do_syscall_64+0x4a/0x90 [ 590.162826][T15953] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 590.168723][T15953] RIP: 0033:0x4665f9 [ 590.172627][T15953] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 590.192243][T15953] RSP: 002b:00007f66db8d7188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 17:04:45 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000580)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = socket$inet(0x10, 0x3, 0x0) sendmsg(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000400)="24005a1d260007031dfffd946fa2830020200a0009000000001d85680c1ba3a20400ff7e280000001c00ffffba16a0aa1c0009b3ebcd774a3c374a095dca5285307eadea8653a1cc7e63975c", 0x4c}], 0x1}, 0x0) [ 590.200641][T15953] RAX: ffffffffffffffda RBX: 000000000056c008 RCX: 00000000004665f9 [ 590.208699][T15953] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000003 [ 590.216669][T15953] RBP: 00007f66db8d71d0 R08: 0000000000000000 R09: 0000000000000000 [ 590.224637][T15953] R10: 00008080ffffff7e R11: 0000000000000246 R12: 0000000000000002 [ 590.232653][T15953] R13: 00007ffc1c86f7ef R14: 00007f66db8d7300 R15: 0000000000022000 [ 590.261337][T15965] EXT4-fs (loop7): VFS: Can't find ext4 filesystem [ 590.277748][ T1034] loop2: p1 p2 p3 p4 [ 590.285894][ T1034] loop2: p1 start 10 is beyond EOD, truncated [ 590.292105][ T1034] loop2: p2 size 1073872896 extends beyond EOD, truncated [ 590.304705][ T1034] loop2: p3 start 225 is beyond EOD, truncated [ 590.311024][ T1034] loop2: p4 size 3657465856 extends beyond EOD, truncated [ 590.358905][ T1034] loop2: p1 p2 p3 p4 [ 590.363111][ T1034] loop2: p1 start 10 is beyond EOD, truncated [ 590.369174][ T1034] loop2: p2 size 1073872896 extends beyond EOD, truncated [ 590.376793][ T1034] loop2: p3 start 225 is beyond EOD, truncated [ 590.383003][ T1034] loop2: p4 size 3657465856 extends beyond EOD, truncated 17:04:46 executing program 4 (fault-call:11 fault-nth:35): prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x6}, 0x0) r0 = open(&(0x7f00000001c0)='./bus\x00', 0x145842, 0x0) r1 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0) lseek(r1, 0x4200, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r3, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r2, &(0x7f0000000000), 0x10000}]) r4 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r1, r4, 0x0, 0x8400fffffffb) sendfile(r0, r0, 0x0, 0x8080ffffff7e) 17:04:46 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.events\x00', 0xb00000000065808, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000140)) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(r2, &(0x7f0000000000), 0xb1d000) ioctl$FITRIM(r0, 0x4030582b, &(0x7f0000000080)={0x0, 0x800004, 0x40000010000}) r3 = openat(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/self/exe\x00', 0x105100, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x2000007, 0x10010, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r4 = syz_io_uring_complete(0x0) symlinkat(&(0x7f00000000c0)='./file0\x00', r4, &(0x7f00000002c0)='./file0\x00') r5 = creat(&(0x7f0000000040)='./file0/file1\x00', 0x0) write$cgroup_type(r5, &(0x7f00000009c0), 0xd4ba0ff) ftruncate(r5, 0x20) dup3(r3, r4, 0x0) 17:04:46 executing program 0: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.events\x00', 0xb00000000065808, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000140)) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(r2, &(0x7f0000000000), 0xb1d000) ioctl$FITRIM(r0, 0x4030582b, &(0x7f0000000080)={0x0, 0x800004, 0x40000010000}) r3 = openat(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/self/exe\x00', 0x105100, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x2000007, 0x10010, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) 17:04:46 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000100)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1000002, 0x12, 0xffffffffffffffff, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod$loop(&(0x7f00000000c0)='./file0\x00', 0x6000, 0x1) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f0000000100)=@filename='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='ext2\x00', 0x0, 0x0) 17:04:46 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000200)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in6=@ipv4={'\x00', '\xff\xff', @broadcast}, 0x0, 0x32}, @in=@dev, {0x0, 0x0, 0x0, 0x0, 0x0, 0x100000000000000}, {}, {}, 0x0, 0x0, 0xa, 0xd104, 0x0, 0x24}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0) 17:04:46 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000580)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = socket$inet(0x10, 0x3, 0x0) sendmsg(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000400)="24000020260007031dfffd946fa2830020200a0009000000001d85680c1ba3a20400ff7e280000001c00ffffba16a0aa1c0009b3ebcd774a3c374a095dca5285307eadea8653a1cc7e63975c", 0x4c}], 0x1}, 0x0) 17:04:46 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000200)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in6=@ipv4={'\x00', '\xff\xff', @broadcast}, 0x0, 0x32}, @in=@dev, {0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000000000}, {}, {}, 0x0, 0x0, 0xa, 0xd104, 0x0, 0x24}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0) 17:04:46 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000580)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = socket$inet(0x10, 0x3, 0x0) sendmsg(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000400)="24000025260007031dfffd946fa2830020200a0009000000001d85680c1ba3a20400ff7e280000001c00ffffba16a0aa1c0009b3ebcd774a3c374a095dca5285307eadea8653a1cc7e63975c", 0x4c}], 0x1}, 0x0) 17:04:46 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000100)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1000002, 0x12, 0xffffffffffffffff, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod$loop(&(0x7f00000000c0)='./file0\x00', 0x6000, 0x1) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f0000000100)=@filename='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='ext2\x00', 0x0, 0x0) [ 590.886247][T15994] EXT4-fs (loop7): VFS: Can't find ext4 filesystem [ 590.953967][ T1034] loop2: p1 p2 p3 p4 [ 590.958629][ T1034] loop2: p1 start 10 is beyond EOD, truncated [ 590.965264][ T1034] loop2: p2 size 1073872896 extends beyond EOD, truncated [ 590.981996][ T1034] loop2: p3 start 225 is beyond EOD, truncated [ 590.983719][T16012] FAULT_INJECTION: forcing a failure. [ 590.983719][T16012] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 590.988281][ T1034] loop2: p4 size 3657465856 extends beyond EOD, truncated [ 591.001405][T16012] CPU: 0 PID: 16012 Comm: syz-executor.4 Not tainted 5.12.0-syzkaller #0 [ 591.016954][T16012] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 591.024274][T16017] EXT4-fs (loop7): VFS: Can't find ext4 filesystem [ 591.027039][T16012] Call Trace: [ 591.027048][T16012] dump_stack+0x137/0x19d [ 591.041170][T16012] should_fail+0x23c/0x250 [ 591.045583][T16012] __alloc_pages+0x102/0x320 [ 591.050266][T16012] alloc_pages+0x21d/0x310 [ 591.054672][T16012] push_pipe+0x267/0x370 [ 591.058901][T16012] iov_iter_get_pages+0xb39/0xcc0 [ 591.063913][T16012] bio_iov_iter_get_pages+0x55f/0xa70 [ 591.069312][T16012] iomap_dio_bio_actor+0x673/0xb50 [ 591.074410][T16012] iomap_dio_actor+0x26e/0x3b0 [ 591.079203][T16012] ? __filemap_fdatawait_range+0x17c/0x1b0 [ 591.084992][T16012] iomap_apply+0x1e2/0x400 [ 591.089392][T16012] __iomap_dio_rw+0x5af/0xad0 [ 591.094052][T16012] ? __iomap_dio_rw+0xad0/0xad0 [ 591.098931][T16012] iomap_dio_rw+0x30/0x70 [ 591.103263][T16012] ext4_file_read_iter+0x21a/0x290 [ 591.108391][T16012] generic_file_splice_read+0x22a/0x310 [ 591.113943][T16012] ? splice_shrink_spd+0x60/0x60 [ 591.118963][T16012] splice_direct_to_actor+0x2aa/0x650 [ 591.124322][T16012] ? do_splice_direct+0x170/0x170 [ 591.129334][T16012] do_splice_direct+0xf5/0x170 [ 591.134084][T16012] do_sendfile+0x773/0xda0 [ 591.138486][T16012] __x64_sys_sendfile64+0xf2/0x130 [ 591.143643][T16012] do_syscall_64+0x4a/0x90 [ 591.148055][T16012] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 591.153936][T16012] RIP: 0033:0x4665f9 [ 591.157813][T16012] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 591.177408][T16012] RSP: 002b:00007f66db8d7188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 591.185819][T16012] RAX: ffffffffffffffda RBX: 000000000056c008 RCX: 00000000004665f9 [ 591.193818][T16012] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000003 [ 591.201864][T16012] RBP: 00007f66db8d71d0 R08: 0000000000000000 R09: 0000000000000000 [ 591.209817][T16012] R10: 00008080ffffff7e R11: 0000000000000246 R12: 0000000000000002 [ 591.217776][T16012] R13: 00007ffc1c86f7ef R14: 00007f66db8d7300 R15: 0000000000022000 17:04:46 executing program 0: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.events\x00', 0xb00000000065808, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000140)) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(r2, &(0x7f0000000000), 0xb1d000) ioctl$FITRIM(r0, 0x4030582b, &(0x7f0000000080)={0x0, 0x800004, 0x40000010000}) r3 = openat(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/self/exe\x00', 0x105100, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x2000007, 0x10010, r3, 0x0) 17:04:46 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000100)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1000002, 0x12, r0, 0x0) preadv(0xffffffffffffffff, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod$loop(&(0x7f00000000c0)='./file0\x00', 0x6000, 0x1) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f0000000100)=@filename='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='ext2\x00', 0x0, 0x0) 17:04:47 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000200)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in6=@ipv4={'\x00', '\xff\xff', @broadcast}, 0x0, 0x32}, @in=@dev, {0x0, 0x0, 0x0, 0x0, 0x0, 0x300000000000000}, {}, {}, 0x0, 0x0, 0xa, 0xd104, 0x0, 0x24}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0) [ 591.317027][T16031] EXT4-fs (loop7): VFS: Can't find ext4 filesystem [ 591.362298][ T1034] loop2: p1 p2 p3 p4 [ 591.366799][ T1034] loop2: p1 start 10 is beyond EOD, truncated [ 591.372936][ T1034] loop2: p2 size 1073872896 extends beyond EOD, truncated [ 591.383130][ T1034] loop2: p3 start 225 is beyond EOD, truncated [ 591.389325][ T1034] loop2: p4 size 3657465856 extends beyond EOD, truncated 17:04:47 executing program 4 (fault-call:11 fault-nth:36): prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x6}, 0x0) r0 = open(&(0x7f00000001c0)='./bus\x00', 0x145842, 0x0) r1 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0) lseek(r1, 0x4200, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r3, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r2, &(0x7f0000000000), 0x10000}]) r4 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r1, r4, 0x0, 0x8400fffffffb) sendfile(r0, r0, 0x0, 0x8080ffffff7e) 17:04:47 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.events\x00', 0xb00000000065808, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000140)) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(r2, &(0x7f0000000000), 0xb1d000) ioctl$FITRIM(r0, 0x4030582b, &(0x7f0000000080)={0x0, 0x800004, 0x40000010000}) r3 = openat(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/self/exe\x00', 0x105100, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x2000007, 0x10010, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r4 = syz_io_uring_complete(0x0) symlinkat(&(0x7f00000000c0)='./file0\x00', r4, &(0x7f00000002c0)='./file0\x00') r5 = creat(&(0x7f0000000040)='./file0/file1\x00', 0x0) write$cgroup_type(r5, &(0x7f00000009c0), 0xd4ba0ff) ftruncate(r5, 0x20) dup3(r3, r4, 0x0) 17:04:47 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000200)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in6=@ipv4={'\x00', '\xff\xff', @broadcast}, 0x0, 0x32}, @in=@dev, {0x0, 0x0, 0x0, 0x0, 0x0, 0x400000000000000}, {}, {}, 0x0, 0x0, 0xa, 0xd104, 0x0, 0x24}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0) 17:04:47 executing program 0: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.events\x00', 0xb00000000065808, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000140)) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(r2, &(0x7f0000000000), 0xb1d000) ioctl$FITRIM(r0, 0x4030582b, &(0x7f0000000080)={0x0, 0x800004, 0x40000010000}) openat(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/self/exe\x00', 0x105100, 0x0) 17:04:47 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000100)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1000002, 0x12, r0, 0x0) preadv(0xffffffffffffffff, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod$loop(&(0x7f00000000c0)='./file0\x00', 0x6000, 0x1) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f0000000100)=@filename='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='ext2\x00', 0x0, 0x0) 17:04:47 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000580)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = socket$inet(0x10, 0x3, 0x0) sendmsg(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000400)="24001125260007031dfffd946fa2830020200a0009000000001d85680c1ba3a20400ff7e280000001c00ffffba16a0aa1c0009b3ebcd774a3c374a095dca5285307eadea8653a1cc7e63975c", 0x4c}], 0x1}, 0x0) 17:04:47 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000580)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = socket$inet(0x10, 0x3, 0x0) sendmsg(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000400)="24000028260007031dfffd946fa2830020200a0009000000001d85680c1ba3a20400ff7e280000001c00ffffba16a0aa1c0009b3ebcd774a3c374a095dca5285307eadea8653a1cc7e63975c", 0x4c}], 0x1}, 0x0) [ 591.862805][T16055] EXT4-fs (loop7): VFS: Can't find ext4 filesystem 17:04:47 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000200)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in6=@ipv4={'\x00', '\xff\xff', @broadcast}, 0x0, 0x32}, @in=@dev, {0x0, 0x0, 0x0, 0x0, 0x0, 0x500000000000000}, {}, {}, 0x0, 0x0, 0xa, 0xd104, 0x0, 0x24}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0) 17:04:47 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000100)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1000002, 0x12, r0, 0x0) preadv(0xffffffffffffffff, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod$loop(&(0x7f00000000c0)='./file0\x00', 0x6000, 0x1) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f0000000100)=@filename='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='ext2\x00', 0x0, 0x0) [ 591.909340][ T1034] loop2: p1 p2 p3 p4 [ 591.917482][ T1034] loop2: p1 start 10 is beyond EOD, truncated [ 591.923789][ T1034] loop2: p2 size 1073872896 extends beyond EOD, truncated [ 591.934873][ T1034] loop2: p3 start 225 is beyond EOD, truncated [ 591.941106][ T1034] loop2: p4 size 3657465856 extends beyond EOD, truncated [ 591.984716][T16076] FAULT_INJECTION: forcing a failure. [ 591.984716][T16076] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 591.998003][T16076] CPU: 0 PID: 16076 Comm: syz-executor.4 Not tainted 5.12.0-syzkaller #0 [ 592.006429][T16076] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 592.016485][T16076] Call Trace: [ 592.019762][T16076] dump_stack+0x137/0x19d [ 592.024103][T16076] should_fail+0x23c/0x250 [ 592.028529][T16076] __alloc_pages+0x102/0x320 [ 592.033124][T16076] alloc_pages+0x21d/0x310 [ 592.037616][T16076] push_pipe+0x267/0x370 [ 592.041871][T16076] iov_iter_get_pages+0xb39/0xcc0 [ 592.046974][T16076] bio_iov_iter_get_pages+0x55f/0xa70 [ 592.050496][T16083] EXT4-fs (loop7): VFS: Can't find ext4 filesystem [ 592.052398][T16076] iomap_dio_bio_actor+0x673/0xb50 [ 592.063998][T16076] iomap_dio_actor+0x26e/0x3b0 [ 592.068768][T16076] ? __filemap_fdatawait_range+0x17c/0x1b0 [ 592.074571][T16076] iomap_apply+0x1e2/0x400 [ 592.078980][T16076] __iomap_dio_rw+0x5af/0xad0 [ 592.083649][T16076] ? __iomap_dio_rw+0xad0/0xad0 [ 592.088488][T16076] iomap_dio_rw+0x30/0x70 [ 592.092801][T16076] ext4_file_read_iter+0x21a/0x290 [ 592.097951][T16076] generic_file_splice_read+0x22a/0x310 [ 592.103525][T16076] ? splice_shrink_spd+0x60/0x60 [ 592.108455][T16076] splice_direct_to_actor+0x2aa/0x650 [ 592.113828][T16076] ? do_splice_direct+0x170/0x170 [ 592.118837][T16076] do_splice_direct+0xf5/0x170 [ 592.123584][T16076] do_sendfile+0x773/0xda0 [ 592.128045][T16076] __x64_sys_sendfile64+0xf2/0x130 [ 592.133142][T16076] do_syscall_64+0x4a/0x90 [ 592.137546][T16076] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 592.143449][T16076] RIP: 0033:0x4665f9 [ 592.147326][T16076] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 592.167048][T16076] RSP: 002b:00007f66db8d7188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 592.175446][T16076] RAX: ffffffffffffffda RBX: 000000000056c008 RCX: 00000000004665f9 17:04:47 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000580)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = socket$inet(0x10, 0x3, 0x0) sendmsg(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000400)="24001034260007031dfffd946fa2830020200a0009000000001d85680c1ba3a20400ff7e280000001c00ffffba16a0aa1c0009b3ebcd774a3c374a095dca5285307eadea8653a1cc7e63975c", 0x4c}], 0x1}, 0x0) 17:04:47 executing program 0: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.events\x00', 0xb00000000065808, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000140)) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(r2, &(0x7f0000000000), 0xb1d000) ioctl$FITRIM(r0, 0x4030582b, &(0x7f0000000080)={0x0, 0x800004, 0x40000010000}) 17:04:47 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000200)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in6=@ipv4={'\x00', '\xff\xff', @broadcast}, 0x0, 0x32}, @in=@dev, {0x0, 0x0, 0x0, 0x0, 0x0, 0x600000000000000}, {}, {}, 0x0, 0x0, 0xa, 0xd104, 0x0, 0x24}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0) [ 592.183443][T16076] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000003 [ 592.191400][T16076] RBP: 00007f66db8d71d0 R08: 0000000000000000 R09: 0000000000000000 [ 592.199354][T16076] R10: 00008080ffffff7e R11: 0000000000000246 R12: 0000000000000002 [ 592.207360][T16076] R13: 00007ffc1c86f7ef R14: 00007f66db8d7300 R15: 0000000000022000 [ 592.232066][ T1034] loop2: p1 p2 p3 p4 [ 592.236486][ T1034] loop2: p1 start 10 is beyond EOD, truncated [ 592.242632][ T1034] loop2: p2 size 1073872896 extends beyond EOD, truncated [ 592.251044][ T1034] loop2: p3 start 225 is beyond EOD, truncated [ 592.257312][ T1034] loop2: p4 size 3657465856 extends beyond EOD, truncated [ 592.320893][ T1034] loop2: p1 p2 p3 p4 [ 592.325256][ T1034] loop2: p1 start 10 is beyond EOD, truncated [ 592.331376][ T1034] loop2: p2 size 1073872896 extends beyond EOD, truncated [ 592.339187][ T1034] loop2: p3 start 225 is beyond EOD, truncated [ 592.345434][ T1034] loop2: p4 size 3657465856 extends beyond EOD, truncated 17:04:48 executing program 4 (fault-call:11 fault-nth:37): prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x6}, 0x0) r0 = open(&(0x7f00000001c0)='./bus\x00', 0x145842, 0x0) r1 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0) lseek(r1, 0x4200, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r3, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r2, &(0x7f0000000000), 0x10000}]) r4 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r1, r4, 0x0, 0x8400fffffffb) sendfile(r0, r0, 0x0, 0x8080ffffff7e) 17:04:48 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.events\x00', 0xb00000000065808, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000140)) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(r2, &(0x7f0000000000), 0xb1d000) ioctl$FITRIM(r0, 0x4030582b, &(0x7f0000000080)={0x0, 0x800004, 0x40000010000}) r3 = openat(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/self/exe\x00', 0x105100, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x2000007, 0x10010, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r4 = syz_io_uring_complete(0x0) symlinkat(&(0x7f00000000c0)='./file0\x00', r4, &(0x7f00000002c0)='./file0\x00') r5 = creat(&(0x7f0000000040)='./file0/file1\x00', 0x0) write$cgroup_type(r5, &(0x7f00000009c0), 0xd4ba0ff) ftruncate(r5, 0x20) dup3(r3, r4, 0x0) 17:04:48 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000100)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1000002, 0x12, r0, 0x0) preadv(r0, 0x0, 0x0, 0xd9f, 0x0) mknod$loop(&(0x7f00000000c0)='./file0\x00', 0x6000, 0x1) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f0000000100)=@filename='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='ext2\x00', 0x0, 0x0) 17:04:48 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000580)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = socket$inet(0x10, 0x3, 0x0) sendmsg(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000400)="24000048260007031dfffd946fa2830020200a0009000000001d85680c1ba3a20400ff7e280000001c00ffffba16a0aa1c0009b3ebcd774a3c374a095dca5285307eadea8653a1cc7e63975c", 0x4c}], 0x1}, 0x0) 17:04:48 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000200)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in6=@ipv4={'\x00', '\xff\xff', @broadcast}, 0x0, 0x32}, @in=@dev, {0x0, 0x0, 0x0, 0x0, 0x0, 0x700000000000000}, {}, {}, 0x0, 0x0, 0xa, 0xd104, 0x0, 0x24}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0) 17:04:48 executing program 0: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.events\x00', 0xb00000000065808, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000140)) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x7a05, 0x1700) ioctl$FITRIM(r0, 0x4030582b, &(0x7f0000000080)={0x0, 0x800004, 0x40000010000}) 17:04:48 executing program 0: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.events\x00', 0xb00000000065808, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000140)) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x7a05, 0x1700) ioctl$FITRIM(r0, 0x4030582b, &(0x7f0000000080)={0x0, 0x800004, 0x40000010000}) 17:04:48 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000200)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in6=@ipv4={'\x00', '\xff\xff', @broadcast}, 0x0, 0x32}, @in=@dev, {0x0, 0x0, 0x0, 0x0, 0x0, 0x800000000000000}, {}, {}, 0x0, 0x0, 0xa, 0xd104, 0x0, 0x24}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0) 17:04:48 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000580)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = socket$inet(0x10, 0x3, 0x0) sendmsg(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000400)="2400004c260007031dfffd946fa2830020200a0009000000001d85680c1ba3a20400ff7e280000001c00ffffba16a0aa1c0009b3ebcd774a3c374a095dca5285307eadea8653a1cc7e63975c", 0x4c}], 0x1}, 0x0) [ 592.864407][T16116] EXT4-fs (loop7): VFS: Can't find ext4 filesystem 17:04:48 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000100)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1000002, 0x12, r0, 0x0) preadv(r0, 0x0, 0x0, 0xd9f, 0x0) mknod$loop(&(0x7f00000000c0)='./file0\x00', 0x6000, 0x1) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f0000000100)=@filename='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='ext2\x00', 0x0, 0x0) [ 592.928816][ T1034] loop2: p1 p2 p3 p4 [ 592.936107][ T1034] loop2: p1 start 10 is beyond EOD, truncated [ 592.942269][ T1034] loop2: p2 size 1073872896 extends beyond EOD, truncated [ 592.969848][T16132] FAULT_INJECTION: forcing a failure. [ 592.969848][T16132] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 592.983342][T16132] CPU: 1 PID: 16132 Comm: syz-executor.4 Not tainted 5.12.0-syzkaller #0 [ 592.991793][T16132] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 593.002141][T16132] Call Trace: [ 593.005421][T16132] dump_stack+0x137/0x19d [ 593.009828][T16132] should_fail+0x23c/0x250 [ 593.014255][T16132] __alloc_pages+0x102/0x320 [ 593.018928][T16132] alloc_pages+0x21d/0x310 [ 593.023354][T16132] push_pipe+0x267/0x370 [ 593.027614][T16132] iov_iter_get_pages+0xb39/0xcc0 [ 593.032672][T16132] bio_iov_iter_get_pages+0x55f/0xa70 [ 593.038054][T16132] iomap_dio_bio_actor+0x673/0xb50 [ 593.040053][ T1034] loop2: p3 start 225 is beyond EOD, [ 593.043244][T16132] iomap_dio_actor+0x26e/0x3b0 [ 593.043268][T16132] ? __filemap_fdatawait_range+0x17c/0x1b0 [ 593.048613][ T1034] truncated [ 593.048671][ T1034] loop2: p4 size 3657465856 extends beyond EOD, [ 593.053360][T16132] iomap_apply+0x1e2/0x400 [ 593.053381][T16132] __iomap_dio_rw+0x5af/0xad0 [ 593.059180][ T1034] truncated [ 593.080738][T16132] ? __iomap_dio_rw+0xad0/0xad0 [ 593.085656][T16132] iomap_dio_rw+0x30/0x70 [ 593.089989][T16132] ext4_file_read_iter+0x21a/0x290 [ 593.095120][T16132] generic_file_splice_read+0x22a/0x310 [ 593.100673][T16132] ? splice_shrink_spd+0x60/0x60 [ 593.105635][T16132] splice_direct_to_actor+0x2aa/0x650 [ 593.111020][T16132] ? do_splice_direct+0x170/0x170 [ 593.116032][T16132] do_splice_direct+0xf5/0x170 17:04:48 executing program 0: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.events\x00', 0xb00000000065808, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000140)) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x7a05, 0x1700) ioctl$FITRIM(r0, 0x4030582b, &(0x7f0000000080)={0x0, 0x800004, 0x40000010000}) 17:04:48 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000200)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in6=@ipv4={'\x00', '\xff\xff', @broadcast}, 0x0, 0x32}, @in=@dev, {0x0, 0x0, 0x0, 0x0, 0x0, 0x900000000000000}, {}, {}, 0x0, 0x0, 0xa, 0xd104, 0x0, 0x24}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0) [ 593.120807][T16132] do_sendfile+0x773/0xda0 [ 593.125303][T16132] __x64_sys_sendfile64+0xf2/0x130 [ 593.130412][T16132] do_syscall_64+0x4a/0x90 [ 593.134854][T16132] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 593.140822][T16132] RIP: 0033:0x4665f9 [ 593.144720][T16132] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 593.164340][T16132] RSP: 002b:00007f66db8d7188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 593.172786][T16132] RAX: ffffffffffffffda RBX: 000000000056c008 RCX: 00000000004665f9 [ 593.180802][T16132] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000003 [ 593.188800][T16132] RBP: 00007f66db8d71d0 R08: 0000000000000000 R09: 0000000000000000 [ 593.196775][T16132] R10: 00008080ffffff7e R11: 0000000000000246 R12: 0000000000000002 [ 593.204732][T16132] R13: 00007ffc1c86f7ef R14: 00007f66db8d7300 R15: 0000000000022000 [ 593.229193][T16146] EXT4-fs (loop7): VFS: Can't find ext4 filesystem [ 593.242454][ T1034] loop2: p1 p2 p3 p4 [ 593.247039][ T1034] loop2: p1 start 10 is beyond EOD, truncated [ 593.253225][ T1034] loop2: p2 size 1073872896 extends beyond EOD, truncated [ 593.262550][ T1034] loop2: p3 start 225 is beyond EOD, truncated [ 593.268733][ T1034] loop2: p4 size 3657465856 extends beyond EOD, truncated 17:04:49 executing program 4 (fault-call:11 fault-nth:38): prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x6}, 0x0) r0 = open(&(0x7f00000001c0)='./bus\x00', 0x145842, 0x0) r1 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0) lseek(r1, 0x4200, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r3, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r2, &(0x7f0000000000), 0x10000}]) r4 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r1, r4, 0x0, 0x8400fffffffb) sendfile(r0, r0, 0x0, 0x8080ffffff7e) 17:04:49 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000100)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1000002, 0x12, r0, 0x0) preadv(r0, 0x0, 0x0, 0xd9f, 0x0) mknod$loop(&(0x7f00000000c0)='./file0\x00', 0x6000, 0x1) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f0000000100)=@filename='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='ext2\x00', 0x0, 0x0) 17:04:49 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000200)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in6=@ipv4={'\x00', '\xff\xff', @broadcast}, 0x0, 0x32}, @in=@dev, {0x0, 0x0, 0x0, 0x0, 0x0, 0xa00000000000000}, {}, {}, 0x0, 0x0, 0xa, 0xd104, 0x0, 0x24}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0) 17:04:49 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.events\x00', 0xb00000000065808, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000140)) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(r2, &(0x7f0000000000), 0xb1d000) ioctl$FITRIM(r0, 0x4030582b, &(0x7f0000000080)={0x0, 0x800004, 0x40000010000}) r3 = openat(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/self/exe\x00', 0x105100, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x2000007, 0x10010, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r4 = syz_io_uring_complete(0x0) symlinkat(&(0x7f00000000c0)='./file0\x00', r4, &(0x7f00000002c0)='./file0\x00') r5 = creat(&(0x7f0000000040)='./file0/file1\x00', 0x0) write$cgroup_type(r5, &(0x7f00000009c0), 0xd4ba0ff) ftruncate(r5, 0x20) 17:04:49 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000580)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = socket$inet(0x10, 0x3, 0x0) sendmsg(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000400)="24001d5a260007031dfffd946fa2830020200a0009000000001d85680c1ba3a20400ff7e280000001c00ffffba16a0aa1c0009b3ebcd774a3c374a095dca5285307eadea8653a1cc7e63975c", 0x4c}], 0x1}, 0x0) 17:04:49 executing program 0: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.events\x00', 0xb00000000065808, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000140)) write$cgroup_type(0xffffffffffffffff, &(0x7f0000000000), 0xb1d000) ioctl$FITRIM(r0, 0x4030582b, &(0x7f0000000080)={0x0, 0x800004, 0x40000010000}) 17:04:49 executing program 0: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.events\x00', 0xb00000000065808, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000140)) write$cgroup_type(0xffffffffffffffff, &(0x7f0000000000), 0xb1d000) ioctl$FITRIM(r0, 0x4030582b, &(0x7f0000000080)={0x0, 0x800004, 0x40000010000}) 17:04:49 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000580)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = socket$inet(0x10, 0x3, 0x0) sendmsg(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000400)="24000060260007031dfffd946fa2830020200a0009000000001d85680c1ba3a20400ff7e280000001c00ffffba16a0aa1c0009b3ebcd774a3c374a095dca5285307eadea8653a1cc7e63975c", 0x4c}], 0x1}, 0x0) 17:04:49 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000200)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in6=@ipv4={'\x00', '\xff\xff', @broadcast}, 0x0, 0x32}, @in=@dev, {0x0, 0x0, 0x0, 0x0, 0x0, 0xb00000000000000}, {}, {}, 0x0, 0x0, 0xa, 0xd104, 0x0, 0x24}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0) [ 593.806483][T16169] EXT4-fs (loop7): VFS: Can't find ext4 filesystem 17:04:49 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000100)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1000002, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0x0, 0x0) mknod$loop(&(0x7f00000000c0)='./file0\x00', 0x6000, 0x1) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f0000000100)=@filename='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='ext2\x00', 0x0, 0x0) 17:04:49 executing program 0: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.events\x00', 0xb00000000065808, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000140)) write$cgroup_type(0xffffffffffffffff, &(0x7f0000000000), 0xb1d000) ioctl$FITRIM(r0, 0x4030582b, &(0x7f0000000080)={0x0, 0x800004, 0x40000010000}) [ 593.869915][ T1034] loop2: p1 p2 p3 p4 [ 593.886751][ T1034] loop2: p1 start 10 is beyond EOD, truncated [ 593.892901][ T1034] loop2: p2 size 1073872896 extends beyond EOD, truncated [ 593.902061][ T1034] loop2: p3 start 225 is beyond EOD, truncated [ 593.908579][ T1034] loop2: p4 size 3657465856 extends beyond EOD, truncated [ 593.919189][T16193] EXT4-fs (loop7): VFS: Can't find ext4 filesystem [ 593.930109][T16196] FAULT_INJECTION: forcing a failure. [ 593.930109][T16196] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 593.943374][T16196] CPU: 0 PID: 16196 Comm: syz-executor.4 Not tainted 5.12.0-syzkaller #0 [ 593.951832][T16196] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 593.961891][T16196] Call Trace: [ 593.965176][T16196] dump_stack+0x137/0x19d [ 593.969550][T16196] should_fail+0x23c/0x250 [ 593.973978][T16196] __alloc_pages+0x102/0x320 [ 593.978570][T16196] alloc_pages+0x21d/0x310 [ 593.982997][T16196] push_pipe+0x267/0x370 [ 593.987247][T16196] iov_iter_get_pages+0xb39/0xcc0 [ 593.992320][T16196] bio_iov_iter_get_pages+0x55f/0xa70 [ 593.997768][T16196] iomap_dio_bio_actor+0x673/0xb50 [ 594.002939][T16196] iomap_dio_actor+0x26e/0x3b0 [ 594.007707][T16196] ? __filemap_fdatawait_range+0x17c/0x1b0 [ 594.013595][T16196] iomap_apply+0x1e2/0x400 17:04:49 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000200)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in6=@ipv4={'\x00', '\xff\xff', @broadcast}, 0x0, 0x32}, @in=@dev, {0x0, 0x0, 0x0, 0x0, 0x0, 0xc00000000000000}, {}, {}, 0x0, 0x0, 0xa, 0xd104, 0x0, 0x24}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0) [ 594.018071][T16196] __iomap_dio_rw+0x5af/0xad0 [ 594.022753][T16196] ? __iomap_dio_rw+0xad0/0xad0 [ 594.027626][T16196] iomap_dio_rw+0x30/0x70 [ 594.031965][T16196] ext4_file_read_iter+0x21a/0x290 [ 594.037127][T16196] generic_file_splice_read+0x22a/0x310 [ 594.042676][T16196] ? splice_shrink_spd+0x60/0x60 [ 594.047622][T16196] splice_direct_to_actor+0x2aa/0x650 [ 594.053012][T16196] ? do_splice_direct+0x170/0x170 [ 594.058132][T16196] do_splice_direct+0xf5/0x170 [ 594.062992][T16196] do_sendfile+0x773/0xda0 [ 594.067419][T16196] __x64_sys_sendfile64+0xf2/0x130 [ 594.072535][T16196] do_syscall_64+0x4a/0x90 [ 594.076996][T16196] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 594.082975][T16196] RIP: 0033:0x4665f9 [ 594.085643][ T1034] loop2: p1 p2 p3 p4 [ 594.087065][T16196] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 594.091487][ T1034] loop2: p1 start 10 is beyond EOD, [ 594.110924][T16196] RSP: 002b:00007f66db8d7188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 594.110947][T16196] RAX: ffffffffffffffda RBX: 000000000056c008 RCX: 00000000004665f9 [ 594.110960][T16196] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000003 [ 594.116229][ T1034] truncated [ 594.116235][ T1034] loop2: p2 size 1073872896 extends beyond EOD, truncated [ 594.123138][ T1034] loop2: p3 start 225 is beyond EOD, [ 594.124683][T16196] RBP: 00007f66db8d71d0 R08: 0000000000000000 R09: 0000000000000000 [ 594.124697][T16196] R10: 00008080ffffff7e R11: 0000000000000246 R12: 0000000000000002 [ 594.124707][T16196] R13: 00007ffc1c86f7ef R14: 00007f66db8d7300 R15: 0000000000022000 [ 594.180578][ T1034] truncated [ 594.183679][ T1034] loop2: p4 size 3657465856 extends beyond EOD, truncated 17:04:50 executing program 4 (fault-call:11 fault-nth:39): prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x6}, 0x0) r0 = open(&(0x7f00000001c0)='./bus\x00', 0x145842, 0x0) r1 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0) lseek(r1, 0x4200, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r3, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r2, &(0x7f0000000000), 0x10000}]) r4 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r1, r4, 0x0, 0x8400fffffffb) sendfile(r0, r0, 0x0, 0x8080ffffff7e) 17:04:50 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.events\x00', 0xb00000000065808, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000140)) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(r2, &(0x7f0000000000), 0xb1d000) ioctl$FITRIM(r0, 0x4030582b, &(0x7f0000000080)={0x0, 0x800004, 0x40000010000}) r3 = openat(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/self/exe\x00', 0x105100, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x2000007, 0x10010, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r4 = syz_io_uring_complete(0x0) symlinkat(&(0x7f00000000c0)='./file0\x00', r4, &(0x7f00000002c0)='./file0\x00') r5 = creat(&(0x7f0000000040)='./file0/file1\x00', 0x0) write$cgroup_type(r5, &(0x7f00000009c0), 0xd4ba0ff) 17:04:50 executing program 0: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x275a, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.events\x00', 0xb00000000065808, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(r1, &(0x7f0000000000), 0xb1d000) ioctl$FITRIM(r0, 0x4030582b, &(0x7f0000000080)={0x0, 0x800004, 0x40000010000}) 17:04:50 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000580)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = socket$inet(0x10, 0x3, 0x0) sendmsg(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000400)="24000068260007031dfffd946fa2830020200a0009000000001d85680c1ba3a20400ff7e280000001c00ffffba16a0aa1c0009b3ebcd774a3c374a095dca5285307eadea8653a1cc7e63975c", 0x4c}], 0x1}, 0x0) 17:04:50 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000200)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in6=@ipv4={'\x00', '\xff\xff', @broadcast}, 0x0, 0x32}, @in=@dev, {0x0, 0x0, 0x0, 0x0, 0x0, 0xd00000000000000}, {}, {}, 0x0, 0x0, 0xa, 0xd104, 0x0, 0x24}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0) 17:04:50 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000100)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1000002, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0x0, 0x0) mknod$loop(&(0x7f00000000c0)='./file0\x00', 0x6000, 0x1) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f0000000100)=@filename='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='ext2\x00', 0x0, 0x0) 17:04:50 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000580)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = socket$inet(0x10, 0x3, 0x0) sendmsg(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000400)="2400006c260007031dfffd946fa2830020200a0009000000001d85680c1ba3a20400ff7e280000001c00ffffba16a0aa1c0009b3ebcd774a3c374a095dca5285307eadea8653a1cc7e63975c", 0x4c}], 0x1}, 0x0) 17:04:50 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000200)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in6=@ipv4={'\x00', '\xff\xff', @broadcast}, 0x0, 0x32}, @in=@dev, {0x0, 0x0, 0x0, 0x0, 0x0, 0xe00000000000000}, {}, {}, 0x0, 0x0, 0xa, 0xd104, 0x0, 0x24}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0) [ 594.784915][T16224] EXT4-fs (loop7): VFS: Can't find ext4 filesystem 17:04:50 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000100)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1000002, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0x0, 0x0) mknod$loop(&(0x7f00000000c0)='./file0\x00', 0x6000, 0x1) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f0000000100)=@filename='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='ext2\x00', 0x0, 0x0) [ 594.841588][ T1034] loop2: p1 p2 p3 p4 [ 594.847117][ T1034] loop2: p1 start 10 is beyond EOD, truncated [ 594.853258][ T1034] loop2: p2 size 1073872896 extends beyond EOD, truncated [ 594.879253][ T1034] loop2: p3 start 225 is beyond EOD, truncated [ 594.885490][ T1034] loop2: p4 size 3657465856 extends beyond EOD, truncated [ 594.904216][T16243] FAULT_INJECTION: forcing a failure. [ 594.904216][T16243] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 594.914907][T16249] EXT4-fs (loop7): VFS: Can't find ext4 filesystem [ 594.917956][T16243] CPU: 0 PID: 16243 Comm: syz-executor.4 Not tainted 5.12.0-syzkaller #0 [ 594.932845][T16243] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 594.942907][T16243] Call Trace: [ 594.946183][T16243] dump_stack+0x137/0x19d [ 594.950685][T16243] should_fail+0x23c/0x250 [ 594.955093][T16243] __alloc_pages+0x102/0x320 [ 594.959671][T16243] alloc_pages+0x21d/0x310 [ 594.964076][T16243] push_pipe+0x267/0x370 [ 594.968329][T16243] iov_iter_get_pages+0xb39/0xcc0 [ 594.973340][T16243] bio_iov_iter_get_pages+0x55f/0xa70 [ 594.978700][T16243] iomap_dio_bio_actor+0x673/0xb50 [ 594.983842][T16243] iomap_dio_actor+0x26e/0x3b0 [ 594.988626][T16243] ? __filemap_fdatawait_range+0x17c/0x1b0 [ 594.994430][T16243] iomap_apply+0x1e2/0x400 [ 594.998866][T16243] __iomap_dio_rw+0x5af/0xad0 [ 595.003531][T16243] ? __iomap_dio_rw+0xad0/0xad0 [ 595.008369][T16243] iomap_dio_rw+0x30/0x70 [ 595.012725][T16243] ext4_file_read_iter+0x21a/0x290 [ 595.017824][T16243] generic_file_splice_read+0x22a/0x310 [ 595.023354][T16243] ? splice_shrink_spd+0x60/0x60 [ 595.028308][T16243] splice_direct_to_actor+0x2aa/0x650 [ 595.033711][T16243] ? do_splice_direct+0x170/0x170 [ 595.039362][T16243] do_splice_direct+0xf5/0x170 [ 595.044109][T16243] do_sendfile+0x773/0xda0 [ 595.048552][T16243] __x64_sys_sendfile64+0xf2/0x130 [ 595.053748][T16243] do_syscall_64+0x4a/0x90 [ 595.058278][T16243] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 595.064227][T16243] RIP: 0033:0x4665f9 [ 595.068165][T16243] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 17:04:50 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000200)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in6=@ipv4={'\x00', '\xff\xff', @broadcast}, 0x0, 0x32}, @in=@dev, {0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000000000000}, {}, {}, 0x0, 0x0, 0xa, 0xd104, 0x0, 0x24}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0) 17:04:50 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000580)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = socket$inet(0x10, 0x3, 0x0) sendmsg(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000400)="24000074260007031dfffd946fa2830020200a0009000000001d85680c1ba3a20400ff7e280000001c00ffffba16a0aa1c0009b3ebcd774a3c374a095dca5285307eadea8653a1cc7e63975c", 0x4c}], 0x1}, 0x0) 17:04:50 executing program 0: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x275a, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.events\x00', 0xb00000000065808, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(r1, &(0x7f0000000000), 0xb1d000) ioctl$FITRIM(r0, 0x4030582b, &(0x7f0000000080)={0x0, 0x800004, 0x40000010000}) [ 595.087828][T16243] RSP: 002b:00007f66db8d7188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 595.096225][T16243] RAX: ffffffffffffffda RBX: 000000000056c008 RCX: 00000000004665f9 [ 595.104181][T16243] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000003 [ 595.112143][T16243] RBP: 00007f66db8d71d0 R08: 0000000000000000 R09: 0000000000000000 [ 595.120097][T16243] R10: 00008080ffffff7e R11: 0000000000000246 R12: 0000000000000002 [ 595.128055][T16243] R13: 00007ffc1c86f7ef R14: 00007f66db8d7300 R15: 0000000000022000 [ 595.172064][ T1034] loop2: p1 p2 p3 p4 [ 595.176602][ T1034] loop2: p1 start 10 is beyond EOD, truncated [ 595.182752][ T1034] loop2: p2 size 1073872896 extends beyond EOD, truncated [ 595.194895][ T1034] loop2: p3 start 225 is beyond EOD, truncated [ 595.201216][ T1034] loop2: p4 size 3657465856 extends beyond EOD, truncated 17:04:51 executing program 4 (fault-call:11 fault-nth:40): prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x6}, 0x0) r0 = open(&(0x7f00000001c0)='./bus\x00', 0x145842, 0x0) r1 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0) lseek(r1, 0x4200, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r3, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r2, &(0x7f0000000000), 0x10000}]) r4 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r1, r4, 0x0, 0x8400fffffffb) sendfile(r0, r0, 0x0, 0x8080ffffff7e) 17:04:51 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.events\x00', 0xb00000000065808, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000140)) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(r2, &(0x7f0000000000), 0xb1d000) ioctl$FITRIM(r0, 0x4030582b, &(0x7f0000000080)={0x0, 0x800004, 0x40000010000}) r3 = openat(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/self/exe\x00', 0x105100, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x2000007, 0x10010, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r4 = syz_io_uring_complete(0x0) symlinkat(&(0x7f00000000c0)='./file0\x00', r4, &(0x7f00000002c0)='./file0\x00') creat(&(0x7f0000000040)='./file0/file1\x00', 0x0) 17:04:51 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000580)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = socket$inet(0x10, 0x3, 0x0) sendmsg(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000400)="2400007a260007031dfffd946fa2830020200a0009000000001d85680c1ba3a20400ff7e280000001c00ffffba16a0aa1c0009b3ebcd774a3c374a095dca5285307eadea8653a1cc7e63975c", 0x4c}], 0x1}, 0x0) 17:04:51 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000100)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1000002, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod$loop(0x0, 0x6000, 0x1) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f0000000100)=@filename='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='ext2\x00', 0x0, 0x0) 17:04:51 executing program 0: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x275a, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.events\x00', 0xb00000000065808, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(r1, &(0x7f0000000000), 0xb1d000) ioctl$FITRIM(r0, 0x4030582b, &(0x7f0000000080)={0x0, 0x800004, 0x40000010000}) 17:04:51 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000200)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in6=@ipv4={'\x00', '\xff\xff', @broadcast}, 0x0, 0x32}, @in=@dev, {0x0, 0x0, 0x0, 0x0, 0x0, 0x1100000000000000}, {}, {}, 0x0, 0x0, 0xa, 0xd104, 0x0, 0x24}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0) 17:04:51 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000100)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1000002, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod$loop(0x0, 0x6000, 0x1) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f0000000100)=@filename='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='ext2\x00', 0x0, 0x0) 17:04:51 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000100)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1000002, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod$loop(0x0, 0x6000, 0x1) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f0000000100)=@filename='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='ext2\x00', 0x0, 0x0) 17:04:51 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000580)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = socket$inet(0x10, 0x3, 0x0) sendmsg(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000400)="24000ec0260007031dfffd946fa2830020200a0009000000001d85680c1ba3a20400ff7e280000001c00ffffba16a0aa1c0009b3ebcd774a3c374a095dca5285307eadea8653a1cc7e63975c", 0x4c}], 0x1}, 0x0) 17:04:51 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.events\x00', 0xb00000000065808, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000140)) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(r2, &(0x7f0000000000), 0xb1d000) ioctl$FITRIM(r0, 0x4030582b, &(0x7f0000000080)={0x0, 0x800004, 0x40000010000}) r3 = openat(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/self/exe\x00', 0x105100, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x2000007, 0x10010, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r4 = syz_io_uring_complete(0x0) symlinkat(&(0x7f00000000c0)='./file0\x00', r4, &(0x7f00000002c0)='./file0\x00') 17:04:51 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000100)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1000002, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod$loop(&(0x7f00000000c0)='./file0\x00', 0x0, 0x1) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f0000000100)=@filename='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='ext2\x00', 0x0, 0x0) 17:04:51 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000200)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in6=@ipv4={'\x00', '\xff\xff', @broadcast}, 0x0, 0x32}, @in=@dev, {0x0, 0x0, 0x0, 0x0, 0x0, 0x1200000000000000}, {}, {}, 0x0, 0x0, 0xa, 0xd104, 0x0, 0x24}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0) [ 595.874055][ T1034] loop2: p1 p2 p3 p4 [ 595.886871][ T1034] loop2: p1 start 10 is beyond EOD, truncated [ 595.893062][ T1034] loop2: p2 size 1073872896 extends beyond EOD, truncated [ 595.906508][ T1034] loop2: p3 start 225 is beyond EOD, truncated [ 595.914005][ T1034] loop2: p4 size 3657465856 extends beyond EOD, truncated [ 595.930757][T16311] FAULT_INJECTION: forcing a failure. [ 595.930757][T16311] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 595.944112][T16311] CPU: 0 PID: 16311 Comm: syz-executor.4 Not tainted 5.12.0-syzkaller #0 [ 595.952595][T16311] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 595.962651][T16311] Call Trace: [ 595.965928][T16311] dump_stack+0x137/0x19d [ 595.970317][T16311] should_fail+0x23c/0x250 [ 595.974736][T16311] __alloc_pages+0x102/0x320 [ 595.979363][T16311] alloc_pages+0x21d/0x310 [ 595.983786][T16311] push_pipe+0x267/0x370 [ 595.988032][T16311] iov_iter_get_pages+0xb39/0xcc0 [ 595.993071][T16311] bio_iov_iter_get_pages+0x55f/0xa70 [ 595.998458][T16311] iomap_dio_bio_actor+0x673/0xb50 [ 596.003581][T16311] iomap_dio_actor+0x26e/0x3b0 [ 596.008408][T16311] ? __filemap_fdatawait_range+0x17c/0x1b0 [ 596.014280][T16311] iomap_apply+0x1e2/0x400 [ 596.018699][T16311] __iomap_dio_rw+0x5af/0xad0 [ 596.023391][T16311] ? __iomap_dio_rw+0xad0/0xad0 [ 596.028249][T16311] iomap_dio_rw+0x30/0x70 [ 596.032592][T16311] ext4_file_read_iter+0x21a/0x290 [ 596.037715][T16311] generic_file_splice_read+0x22a/0x310 [ 596.043273][T16311] ? splice_shrink_spd+0x60/0x60 [ 596.048328][T16311] splice_direct_to_actor+0x2aa/0x650 [ 596.053704][T16311] ? do_splice_direct+0x170/0x170 [ 596.058899][T16311] do_splice_direct+0xf5/0x170 [ 596.063690][T16311] do_sendfile+0x773/0xda0 [ 596.068095][T16311] __x64_sys_sendfile64+0xf2/0x130 [ 596.073190][T16311] do_syscall_64+0x4a/0x90 [ 596.077595][T16311] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 596.083504][T16311] RIP: 0033:0x4665f9 [ 596.087628][T16311] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 596.107361][T16311] RSP: 002b:00007f66db8d7188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 596.115760][T16311] RAX: ffffffffffffffda RBX: 000000000056c008 RCX: 00000000004665f9 [ 596.123769][T16311] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000003 [ 596.131823][T16311] RBP: 00007f66db8d71d0 R08: 0000000000000000 R09: 0000000000000000 [ 596.139842][T16311] R10: 00008080ffffff7e R11: 0000000000000246 R12: 0000000000000002 [ 596.147797][T16311] R13: 00007ffc1c86f7ef R14: 00007f66db8d7300 R15: 0000000000022000 [ 596.160245][ T1034] loop2: p1 p2 p3 p4 [ 596.165953][ T1034] loop2: p1 start 10 is beyond EOD, truncated [ 596.172095][ T1034] loop2: p2 size 1073872896 extends beyond EOD, truncated [ 596.180716][ T1034] loop2: p3 start 225 is beyond EOD, truncated [ 596.186990][ T1034] loop2: p4 size 3657465856 extends beyond EOD, truncated 17:04:52 executing program 0: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x275a, 0x0) ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, &(0x7f0000000140)) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(r1, &(0x7f0000000000), 0xb1d000) ioctl$FITRIM(r0, 0x4030582b, &(0x7f0000000080)={0x0, 0x800004, 0x40000010000}) 17:04:52 executing program 4 (fault-call:11 fault-nth:41): prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x6}, 0x0) r0 = open(&(0x7f00000001c0)='./bus\x00', 0x145842, 0x0) r1 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0) lseek(r1, 0x4200, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r3, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r2, &(0x7f0000000000), 0x10000}]) r4 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r1, r4, 0x0, 0x8400fffffffb) sendfile(r0, r0, 0x0, 0x8080ffffff7e) 17:04:52 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000580)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = socket$inet(0x10, 0x3, 0x0) sendmsg(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000400)="24000000110007031dfffd946fa2830020200a0009000000001d85680c1ba3a20400ff7e280000001c00ffffba16a0aa1c0009b3ebcd774a3c374a095dca5285307eadea8653a1cc7e63975c", 0x4c}], 0x1}, 0x0) 17:04:52 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000200)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in6=@ipv4={'\x00', '\xff\xff', @broadcast}, 0x0, 0x32}, @in=@dev, {0x0, 0x0, 0x0, 0x0, 0x0, 0x1400000000000000}, {}, {}, 0x0, 0x0, 0xa, 0xd104, 0x0, 0x24}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0) 17:04:52 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.events\x00', 0xb00000000065808, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000140)) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(r2, &(0x7f0000000000), 0xb1d000) ioctl$FITRIM(r0, 0x4030582b, &(0x7f0000000080)={0x0, 0x800004, 0x40000010000}) r3 = openat(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/self/exe\x00', 0x105100, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x2000007, 0x10010, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r4 = syz_io_uring_complete(0x0) symlinkat(&(0x7f00000000c0)='./file0\x00', r4, &(0x7f00000002c0)='./file0\x00') 17:04:52 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000100)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1000002, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod$loop(&(0x7f00000000c0)='./file0\x00', 0x0, 0x1) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f0000000100)=@filename='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='ext2\x00', 0x0, 0x0) 17:04:52 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000100)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1000002, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod$loop(&(0x7f00000000c0)='./file0\x00', 0x0, 0x1) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f0000000100)=@filename='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='ext2\x00', 0x0, 0x0) 17:04:52 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000200)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in6=@ipv4={'\x00', '\xff\xff', @broadcast}, 0x0, 0x32}, @in=@dev, {0x0, 0x0, 0x0, 0x0, 0x0, 0x1700000000000000}, {}, {}, 0x0, 0x0, 0xa, 0xd104, 0x0, 0x24}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0) [ 596.776566][T16352] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.2'. 17:04:52 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000100)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1000002, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod$loop(&(0x7f00000000c0)='./file0\x00', 0x6000, 0x1) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f0000000100)=@filename='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='ext2\x00', 0x0, 0x0) 17:04:52 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000580)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = socket$inet(0x10, 0x3, 0x0) sendmsg(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000400)="24000000120007031dfffd946fa2830020200a0009000000001d85680c1ba3a20400ff7e280000001c00ffffba16a0aa1c0009b3ebcd774a3c374a095dca5285307eadea8653a1cc7e63975c", 0x4c}], 0x1}, 0x0) [ 596.823703][T16360] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.2'. [ 596.874604][T16367] FAULT_INJECTION: forcing a failure. [ 596.874604][T16367] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 596.887909][T16367] CPU: 0 PID: 16367 Comm: syz-executor.4 Not tainted 5.12.0-syzkaller #0 [ 596.896333][T16367] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 596.906387][T16367] Call Trace: [ 596.909704][T16367] dump_stack+0x137/0x19d [ 596.914073][T16367] should_fail+0x23c/0x250 [ 596.918503][T16367] __alloc_pages+0x102/0x320 [ 596.923103][T16367] alloc_pages+0x21d/0x310 [ 596.927528][T16367] push_pipe+0x267/0x370 [ 596.931777][T16367] iov_iter_get_pages+0xb39/0xcc0 [ 596.936819][T16367] bio_iov_iter_get_pages+0x55f/0xa70 [ 596.942201][T16367] iomap_dio_bio_actor+0x673/0xb50 [ 596.947338][T16367] iomap_dio_actor+0x26e/0x3b0 [ 596.952169][T16367] ? __filemap_fdatawait_range+0x17c/0x1b0 [ 596.957986][T16367] iomap_apply+0x1e2/0x400 [ 596.962417][T16367] __iomap_dio_rw+0x5af/0xad0 [ 596.967100][T16367] ? __iomap_dio_rw+0xad0/0xad0 [ 596.971956][T16367] iomap_dio_rw+0x30/0x70 [ 596.976284][T16367] ext4_file_read_iter+0x21a/0x290 [ 596.981456][T16367] generic_file_splice_read+0x22a/0x310 [ 596.987036][T16367] ? splice_shrink_spd+0x60/0x60 [ 596.991960][T16367] splice_direct_to_actor+0x2aa/0x650 [ 596.997344][T16367] ? do_splice_direct+0x170/0x170 [ 597.004528][T16367] do_splice_direct+0xf5/0x170 [ 597.009280][T16367] do_sendfile+0x773/0xda0 [ 597.013683][T16367] __x64_sys_sendfile64+0xf2/0x130 [ 597.018782][T16367] do_syscall_64+0x4a/0x90 [ 597.023188][T16367] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 597.029070][T16367] RIP: 0033:0x4665f9 [ 597.032971][T16367] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 597.052715][T16367] RSP: 002b:00007f66db8d7188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 597.061135][T16367] RAX: ffffffffffffffda RBX: 000000000056c008 RCX: 00000000004665f9 17:04:52 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000200)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in6=@ipv4={'\x00', '\xff\xff', @broadcast}, 0x0, 0x32}, @in=@dev, {0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000000000000}, {}, {}, 0x0, 0x0, 0xa, 0xd104, 0x0, 0x24}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0) 17:04:52 executing program 0: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x275a, 0x0) ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, &(0x7f0000000140)) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(r1, &(0x7f0000000000), 0xb1d000) ioctl$FITRIM(r0, 0x4030582b, &(0x7f0000000080)={0x0, 0x800004, 0x40000010000}) 17:04:52 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.events\x00', 0xb00000000065808, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000140)) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(r2, &(0x7f0000000000), 0xb1d000) ioctl$FITRIM(r0, 0x4030582b, &(0x7f0000000080)={0x0, 0x800004, 0x40000010000}) r3 = openat(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/self/exe\x00', 0x105100, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x2000007, 0x10010, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) syz_io_uring_complete(0x0) [ 597.069098][T16367] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000003 [ 597.077053][T16367] RBP: 00007f66db8d71d0 R08: 0000000000000000 R09: 0000000000000000 [ 597.085008][T16367] R10: 00008080ffffff7e R11: 0000000000000246 R12: 0000000000000002 [ 597.092984][T16367] R13: 00007ffc1c86f7ef R14: 00007f66db8d7300 R15: 0000000000022000 [ 597.107207][T16379] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.2'. [ 597.125936][ T1034] loop2: p1 p2 p3 p4 [ 597.131520][T16374] EXT4-fs (loop7): VFS: Can't find ext4 filesystem [ 597.138609][ T1034] loop2: p1 start 10 is beyond EOD, truncated [ 597.144790][ T1034] loop2: p2 size 1073872896 extends beyond EOD, truncated [ 597.154789][ T1034] loop2: p3 start 225 is beyond EOD, truncated [ 597.161075][ T1034] loop2: p4 size 3657465856 extends beyond EOD, truncated [ 597.222205][ T1034] loop2: p1 p2 p3 p4 [ 597.227256][ T1034] loop2: p1 start 10 is beyond EOD, truncated [ 597.233469][ T1034] loop2: p2 size 1073872896 extends beyond EOD, truncated [ 597.241397][ T1034] loop2: p3 start 225 is beyond EOD, truncated [ 597.247825][ T1034] loop2: p4 size 3657465856 extends beyond EOD, truncated 17:04:53 executing program 4 (fault-call:11 fault-nth:42): prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x6}, 0x0) r0 = open(&(0x7f00000001c0)='./bus\x00', 0x145842, 0x0) r1 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0) lseek(r1, 0x4200, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r3, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r2, &(0x7f0000000000), 0x10000}]) r4 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r1, r4, 0x0, 0x8400fffffffb) sendfile(r0, r0, 0x0, 0x8080ffffff7e) 17:04:53 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000100)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1000002, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod$loop(&(0x7f00000000c0)='./file0\x00', 0x6000, 0x1) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f0000000100)=@filename='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='ext2\x00', 0x0, 0x0) 17:04:53 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000580)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = socket$inet(0x10, 0x3, 0x0) sendmsg(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000400)="24000000130007031dfffd946fa2830020200a0009000000001d85680c1ba3a20400ff7e280000001c00ffffba16a0aa1c0009b3ebcd774a3c374a095dca5285307eadea8653a1cc7e63975c", 0x4c}], 0x1}, 0x0) 17:04:53 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000200)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in6=@ipv4={'\x00', '\xff\xff', @broadcast}, 0x0, 0x32}, @in=@dev, {0x0, 0x0, 0x0, 0x0, 0x0, 0x2813312849000000}, {}, {}, 0x0, 0x0, 0xa, 0xd104, 0x0, 0x24}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0) 17:04:53 executing program 0: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x275a, 0x0) ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, &(0x7f0000000140)) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(r1, &(0x7f0000000000), 0xb1d000) ioctl$FITRIM(r0, 0x4030582b, &(0x7f0000000080)={0x0, 0x800004, 0x40000010000}) 17:04:53 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.events\x00', 0xb00000000065808, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000140)) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(r2, &(0x7f0000000000), 0xb1d000) ioctl$FITRIM(r0, 0x4030582b, &(0x7f0000000080)={0x0, 0x800004, 0x40000010000}) r3 = openat(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/self/exe\x00', 0x105100, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x2000007, 0x10010, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) 17:04:53 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000200)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in6=@ipv4={'\x00', '\xff\xff', @broadcast}, 0x0, 0x32}, @in=@dev, {0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000000000000}, {}, {}, 0x0, 0x0, 0xa, 0xd104, 0x0, 0x24}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0) [ 597.752856][T16407] EXT4-fs (loop7): VFS: Can't find ext4 filesystem [ 597.756799][T16410] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.2'. 17:04:53 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000100)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1000002, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod$loop(&(0x7f00000000c0)='./file0\x00', 0x6000, 0x1) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f0000000100)=@filename='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='ext2\x00', 0x0, 0x0) 17:04:53 executing program 0: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.events\x00', 0xb00000000065808, 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f0000000140)) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(r1, &(0x7f0000000000), 0xb1d000) ioctl$FITRIM(0xffffffffffffffff, 0x4030582b, &(0x7f0000000080)={0x0, 0x800004, 0x40000010000}) [ 597.799773][T16419] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.2'. [ 597.861735][T16421] FAULT_INJECTION: forcing a failure. [ 597.861735][T16421] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 597.875012][T16421] CPU: 0 PID: 16421 Comm: syz-executor.4 Not tainted 5.12.0-syzkaller #0 [ 597.883526][T16421] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 597.893613][T16421] Call Trace: [ 597.896942][T16421] dump_stack+0x137/0x19d [ 597.901279][T16421] should_fail+0x23c/0x250 [ 597.905526][T16427] EXT4-fs (loop7): VFS: Can't find ext4 filesystem [ 597.905707][T16421] __alloc_pages+0x102/0x320 [ 597.917043][T16421] alloc_pages+0x21d/0x310 [ 597.921460][T16421] push_pipe+0x267/0x370 [ 597.925716][T16421] iov_iter_get_pages+0xb39/0xcc0 [ 597.930751][T16421] bio_iov_iter_get_pages+0x55f/0xa70 [ 597.936115][T16421] iomap_dio_bio_actor+0x673/0xb50 [ 597.941213][T16421] iomap_dio_actor+0x26e/0x3b0 [ 597.945997][T16421] ? __filemap_fdatawait_range+0x17c/0x1b0 [ 597.951792][T16421] iomap_apply+0x1e2/0x400 [ 597.956195][T16421] __iomap_dio_rw+0x5af/0xad0 [ 597.960857][T16421] ? __iomap_dio_rw+0xad0/0xad0 [ 597.965705][T16421] iomap_dio_rw+0x30/0x70 [ 597.970057][T16421] ext4_file_read_iter+0x21a/0x290 [ 597.975163][T16421] generic_file_splice_read+0x22a/0x310 [ 597.980713][T16421] ? splice_shrink_spd+0x60/0x60 [ 597.985636][T16421] splice_direct_to_actor+0x2aa/0x650 [ 597.990991][T16421] ? do_splice_direct+0x170/0x170 [ 597.996000][T16421] do_splice_direct+0xf5/0x170 [ 598.000751][T16421] do_sendfile+0x773/0xda0 [ 598.005150][T16421] __x64_sys_sendfile64+0xf2/0x130 [ 598.010254][T16421] do_syscall_64+0x4a/0x90 [ 598.014660][T16421] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 598.020542][T16421] RIP: 0033:0x4665f9 [ 598.024426][T16421] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 598.044029][T16421] RSP: 002b:00007f66db8d7188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 598.052548][T16421] RAX: ffffffffffffffda RBX: 000000000056c008 RCX: 00000000004665f9 17:04:53 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000580)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = socket$inet(0x10, 0x3, 0x0) sendmsg(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000400)="24000000140007031dfffd946fa2830020200a0009000000001d85680c1ba3a20400ff7e280000001c00ffffba16a0aa1c0009b3ebcd774a3c374a095dca5285307eadea8653a1cc7e63975c", 0x4c}], 0x1}, 0x0) 17:04:53 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.events\x00', 0xb00000000065808, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000140)) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(r2, &(0x7f0000000000), 0xb1d000) ioctl$FITRIM(r0, 0x4030582b, &(0x7f0000000080)={0x0, 0x800004, 0x40000010000}) r3 = openat(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/self/exe\x00', 0x105100, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x2000007, 0x10010, r3, 0x0) [ 598.060519][T16421] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000003 [ 598.068471][T16421] RBP: 00007f66db8d71d0 R08: 0000000000000000 R09: 0000000000000000 [ 598.076455][T16421] R10: 00008080ffffff7e R11: 0000000000000246 R12: 0000000000000002 [ 598.084413][T16421] R13: 00007ffc1c86f7ef R14: 00007f66db8d7300 R15: 0000000000022000 [ 598.096381][ T1034] loop2: p1 p2 p3 p4 [ 598.101546][ T1034] loop2: p1 start 10 is beyond EOD, truncated 17:04:53 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000200)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in6=@ipv4={'\x00', '\xff\xff', @broadcast}, 0x0, 0x32}, @in=@dev, {0x0, 0x0, 0x0, 0x0, 0x0, 0x8006000000000000}, {}, {}, 0x0, 0x0, 0xa, 0xd104, 0x0, 0x24}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0) [ 598.107780][ T1034] loop2: p2 size 1073872896 extends beyond EOD, truncated [ 598.140749][ T1034] loop2: p3 start 225 is beyond EOD, truncated [ 598.146962][ T1034] loop2: p4 size 3657465856 extends beyond EOD, truncated [ 598.166202][T16442] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.2'. 17:04:54 executing program 0: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.events\x00', 0xb00000000065808, 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f0000000140)) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(r1, &(0x7f0000000000), 0xb1d000) ioctl$FITRIM(0xffffffffffffffff, 0x4030582b, &(0x7f0000000080)={0x0, 0x800004, 0x40000010000}) 17:04:54 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.events\x00', 0xb00000000065808, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000140)) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(r2, &(0x7f0000000000), 0xb1d000) ioctl$FITRIM(r0, 0x4030582b, &(0x7f0000000080)={0x0, 0x800004, 0x40000010000}) openat(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/self/exe\x00', 0x105100, 0x0) 17:04:54 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000100)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1000002, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod$loop(&(0x7f00000000c0)='./file0\x00', 0x6000, 0x1) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='ext2\x00', 0x0, 0x0) 17:04:54 executing program 4 (fault-call:11 fault-nth:43): prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x6}, 0x0) r0 = open(&(0x7f00000001c0)='./bus\x00', 0x145842, 0x0) r1 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0) lseek(r1, 0x4200, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r3, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r2, &(0x7f0000000000), 0x10000}]) r4 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r1, r4, 0x0, 0x8400fffffffb) sendfile(r0, r0, 0x0, 0x8080ffffff7e) 17:04:54 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000200)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in6=@ipv4={'\x00', '\xff\xff', @broadcast}, 0x0, 0x32}, @in=@dev, {0x0, 0x0, 0x0, 0x0, 0x0, 0x9effffff00000000}, {}, {}, 0x0, 0x0, 0xa, 0xd104, 0x0, 0x24}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0) 17:04:54 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000580)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = socket$inet(0x10, 0x3, 0x0) sendmsg(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000400)="24000000150007031dfffd946fa2830020200a0009000000001d85680c1ba3a20400ff7e280000001c00ffffba16a0aa1c0009b3ebcd774a3c374a095dca5285307eadea8653a1cc7e63975c", 0x4c}], 0x1}, 0x0) 17:04:54 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000100)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1000002, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod$loop(&(0x7f00000000c0)='./file0\x00', 0x6000, 0x1) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='ext2\x00', 0x0, 0x0) 17:04:54 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000200)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in6=@ipv4={'\x00', '\xff\xff', @broadcast}, 0x0, 0x32}, @in=@dev, {0x0, 0x0, 0x0, 0x0, 0x0, 0xeaffffff00000000}, {}, {}, 0x0, 0x0, 0xa, 0xd104, 0x0, 0x24}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0) 17:04:54 executing program 0: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.events\x00', 0xb00000000065808, 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f0000000140)) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(r1, &(0x7f0000000000), 0xb1d000) ioctl$FITRIM(0xffffffffffffffff, 0x4030582b, &(0x7f0000000080)={0x0, 0x800004, 0x40000010000}) [ 598.729458][T16461] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.2'. [ 598.787840][T16475] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.2'. [ 598.805944][T16477] FAULT_INJECTION: forcing a failure. [ 598.805944][T16477] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 598.819500][T16477] CPU: 1 PID: 16477 Comm: syz-executor.4 Not tainted 5.12.0-syzkaller #0 [ 598.827926][T16477] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 598.837981][T16477] Call Trace: [ 598.841270][T16477] dump_stack+0x137/0x19d [ 598.845637][T16477] should_fail+0x23c/0x250 [ 598.850054][T16477] __alloc_pages+0x102/0x320 [ 598.854666][T16477] alloc_pages+0x21d/0x310 [ 598.859205][T16477] push_pipe+0x267/0x370 [ 598.863495][T16477] iov_iter_get_pages+0xb39/0xcc0 [ 598.868521][T16477] bio_iov_iter_get_pages+0x55f/0xa70 [ 598.873894][T16477] iomap_dio_bio_actor+0x673/0xb50 [ 598.879097][T16477] iomap_dio_actor+0x26e/0x3b0 [ 598.883940][T16477] ? __filemap_fdatawait_range+0x17c/0x1b0 [ 598.889779][T16477] iomap_apply+0x1e2/0x400 [ 598.894181][T16477] __iomap_dio_rw+0x5af/0xad0 [ 598.898952][T16477] ? __iomap_dio_rw+0xad0/0xad0 [ 598.903926][T16477] iomap_dio_rw+0x30/0x70 [ 598.908260][T16477] ext4_file_read_iter+0x21a/0x290 [ 598.913418][T16477] generic_file_splice_read+0x22a/0x310 [ 598.919024][T16477] ? splice_shrink_spd+0x60/0x60 [ 598.924142][T16477] splice_direct_to_actor+0x2aa/0x650 [ 598.929517][T16477] ? do_splice_direct+0x170/0x170 [ 598.934779][T16477] do_splice_direct+0xf5/0x170 [ 598.939538][T16477] do_sendfile+0x773/0xda0 [ 598.943963][T16477] __x64_sys_sendfile64+0xf2/0x130 [ 598.949061][T16477] do_syscall_64+0x4a/0x90 [ 598.953477][T16477] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 598.959439][T16477] RIP: 0033:0x4665f9 [ 598.963329][T16477] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 17:04:54 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000580)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = socket$inet(0x10, 0x3, 0x0) sendmsg(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000400)="24000000160007031dfffd946fa2830020200a0009000000001d85680c1ba3a20400ff7e280000001c00ffffba16a0aa1c0009b3ebcd774a3c374a095dca5285307eadea8653a1cc7e63975c", 0x4c}], 0x1}, 0x0) 17:04:54 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000100)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1000002, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod$loop(&(0x7f00000000c0)='./file0\x00', 0x6000, 0x1) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='ext2\x00', 0x0, 0x0) [ 598.983214][T16477] RSP: 002b:00007f66db8d7188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 598.991632][T16477] RAX: ffffffffffffffda RBX: 000000000056c008 RCX: 00000000004665f9 [ 598.999600][T16477] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000003 [ 599.007565][T16477] RBP: 00007f66db8d71d0 R08: 0000000000000000 R09: 0000000000000000 [ 599.015658][T16477] R10: 00008080ffffff7e R11: 0000000000000246 R12: 0000000000000002 [ 599.023758][T16477] R13: 00007ffc1c86f7ef R14: 00007f66db8d7300 R15: 0000000000022000 17:04:54 executing program 0: r0 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.events\x00', 0xb00000000065808, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000140)) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(r2, &(0x7f0000000000), 0xb1d000) ioctl$FITRIM(r0, 0x4030582b, &(0x7f0000000080)={0x0, 0x800004, 0x40000010000}) [ 599.056779][ T1034] loop2: p1 p2 p3 p4 [ 599.061303][ T1034] loop2: p1 start 10 is beyond EOD, truncated [ 599.067480][ T1034] loop2: p2 size 1073872896 extends beyond EOD, truncated [ 599.088126][ T1034] loop2: p3 start 225 is beyond EOD, truncated [ 599.094374][ T1034] loop2: p4 size 3657465856 extends beyond EOD, truncated [ 599.112400][T16495] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.2'. [ 599.137942][T16498] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.2'. 17:04:55 executing program 4 (fault-call:11 fault-nth:44): prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x6}, 0x0) r0 = open(&(0x7f00000001c0)='./bus\x00', 0x145842, 0x0) r1 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0) lseek(r1, 0x4200, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r3, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r2, &(0x7f0000000000), 0x10000}]) r4 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r1, r4, 0x0, 0x8400fffffffb) sendfile(r0, r0, 0x0, 0x8080ffffff7e) 17:04:55 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000200)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in6=@ipv4={'\x00', '\xff\xff', @broadcast}, 0x0, 0x32}, @in=@dev, {0x0, 0x0, 0x0, 0x0, 0x0, 0xefffffff00000000}, {}, {}, 0x0, 0x0, 0xa, 0xd104, 0x0, 0x24}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0) 17:04:55 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.events\x00', 0xb00000000065808, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000140)) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(r2, &(0x7f0000000000), 0xb1d000) ioctl$FITRIM(r0, 0x4030582b, &(0x7f0000000080)={0x0, 0x800004, 0x40000010000}) 17:04:55 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000100)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1000002, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod$loop(&(0x7f00000000c0)='./file0\x00', 0x6000, 0x1) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f0000000100)=@filename='./file0\x00', 0x0, &(0x7f0000000180)='ext2\x00', 0x0, 0x0) 17:04:55 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000580)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = socket$inet(0x10, 0x3, 0x0) sendmsg(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000400)="24000000180007031dfffd946fa2830020200a0009000000001d85680c1ba3a20400ff7e280000001c00ffffba16a0aa1c0009b3ebcd774a3c374a095dca5285307eadea8653a1cc7e63975c", 0x4c}], 0x1}, 0x0) 17:04:55 executing program 0: r0 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.events\x00', 0xb00000000065808, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000140)) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(r2, &(0x7f0000000000), 0xb1d000) ioctl$FITRIM(r0, 0x4030582b, &(0x7f0000000080)={0x0, 0x800004, 0x40000010000}) 17:04:55 executing program 0: r0 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.events\x00', 0xb00000000065808, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000140)) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(r2, &(0x7f0000000000), 0xb1d000) ioctl$FITRIM(r0, 0x4030582b, &(0x7f0000000080)={0x0, 0x800004, 0x40000010000}) 17:04:55 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000100)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1000002, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod$loop(&(0x7f00000000c0)='./file0\x00', 0x6000, 0x1) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f0000000100)=@filename='./file0\x00', 0x0, &(0x7f0000000180)='ext2\x00', 0x0, 0x0) 17:04:55 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000200)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in6=@ipv4={'\x00', '\xff\xff', @broadcast}, 0x0, 0x32}, @in=@dev, {0x0, 0x0, 0x0, 0x0, 0x0, 0xf0ffffff00000000}, {}, {}, 0x0, 0x0, 0xa, 0xd104, 0x0, 0x24}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0) 17:04:55 executing program 0: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0xb00000000065808, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000140)) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(r2, &(0x7f0000000000), 0xb1d000) ioctl$FITRIM(r0, 0x4030582b, &(0x7f0000000080)={0x0, 0x800004, 0x40000010000}) [ 599.792177][T16535] FAULT_INJECTION: forcing a failure. [ 599.792177][T16535] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 599.805557][T16535] CPU: 0 PID: 16535 Comm: syz-executor.4 Not tainted 5.12.0-syzkaller #0 [ 599.814010][T16535] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 599.824073][T16535] Call Trace: [ 599.827353][T16535] dump_stack+0x137/0x19d [ 599.831780][T16535] should_fail+0x23c/0x250 [ 599.836215][T16535] __alloc_pages+0x102/0x320 [ 599.840813][T16535] alloc_pages+0x21d/0x310 [ 599.845289][T16535] push_pipe+0x267/0x370 [ 599.849717][T16535] iov_iter_get_pages+0xb39/0xcc0 [ 599.854776][T16535] bio_iov_iter_get_pages+0x55f/0xa70 [ 599.860175][T16535] iomap_dio_bio_actor+0x673/0xb50 [ 599.865303][T16535] iomap_dio_actor+0x26e/0x3b0 [ 599.870072][T16535] ? __filemap_fdatawait_range+0x17c/0x1b0 [ 599.875892][T16535] iomap_apply+0x1e2/0x400 [ 599.880424][T16535] __iomap_dio_rw+0x5af/0xad0 [ 599.885115][T16535] ? __iomap_dio_rw+0xad0/0xad0 [ 599.890036][T16535] iomap_dio_rw+0x30/0x70 [ 599.894366][T16535] ext4_file_read_iter+0x21a/0x290 [ 599.899565][T16535] generic_file_splice_read+0x22a/0x310 [ 599.905118][T16535] ? splice_shrink_spd+0x60/0x60 [ 599.910060][T16535] splice_direct_to_actor+0x2aa/0x650 [ 599.915464][T16535] ? do_splice_direct+0x170/0x170 [ 599.920502][T16535] do_splice_direct+0xf5/0x170 [ 599.925362][T16535] do_sendfile+0x773/0xda0 [ 599.929792][T16535] __x64_sys_sendfile64+0xf2/0x130 [ 599.934913][T16535] do_syscall_64+0x4a/0x90 17:04:55 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000100)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1000002, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod$loop(&(0x7f00000000c0)='./file0\x00', 0x6000, 0x1) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f0000000100)=@filename='./file0\x00', 0x0, &(0x7f0000000180)='ext2\x00', 0x0, 0x0) 17:04:55 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000100)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1000002, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod$loop(&(0x7f00000000c0)='./file0\x00', 0x6000, 0x1) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f0000000100)=@filename='./file0\x00', &(0x7f0000000140)='./file0\x00', 0x0, 0x0, 0x0) [ 599.939464][T16535] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 599.945377][T16535] RIP: 0033:0x4665f9 [ 599.949278][T16535] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 599.968918][T16535] RSP: 002b:00007f66db8d7188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 599.977365][T16535] RAX: ffffffffffffffda RBX: 000000000056c008 RCX: 00000000004665f9 [ 599.985350][T16535] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000003 [ 599.993415][T16535] RBP: 00007f66db8d71d0 R08: 0000000000000000 R09: 0000000000000000 [ 600.001460][T16535] R10: 00008080ffffff7e R11: 0000000000000246 R12: 0000000000000002 [ 600.009427][T16535] R13: 00007ffc1c86f7ef R14: 00007f66db8d7300 R15: 0000000000022000 [ 600.018348][ T1034] loop2: p1 p2 p3 p4 [ 600.022757][ T1034] loop2: p1 start 10 is beyond EOD, truncated [ 600.028903][ T1034] loop2: p2 size 1073872896 extends beyond EOD, truncated [ 600.037232][ T1034] loop2: p3 start 225 is beyond EOD, truncated [ 600.043637][ T1034] loop2: p4 size 3657465856 extends beyond EOD, truncated 17:04:56 executing program 4 (fault-call:11 fault-nth:45): prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x6}, 0x0) r0 = open(&(0x7f00000001c0)='./bus\x00', 0x145842, 0x0) r1 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0) lseek(r1, 0x4200, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r3, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r2, &(0x7f0000000000), 0x10000}]) r4 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r1, r4, 0x0, 0x8400fffffffb) sendfile(r0, r0, 0x0, 0x8080ffffff7e) 17:04:56 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000100)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1000002, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod$loop(&(0x7f00000000c0)='./file0\x00', 0x6000, 0x1) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f0000000100)=@filename='./file0\x00', &(0x7f0000000140)='./file0\x00', 0x0, 0x0, 0x0) 17:04:56 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000580)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = socket$inet(0x10, 0x3, 0x0) sendmsg(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000400)="24000000190007031dfffd946fa2830020200a0009000000001d85680c1ba3a20400ff7e280000001c00ffffba16a0aa1c0009b3ebcd774a3c374a095dca5285307eadea8653a1cc7e63975c", 0x4c}], 0x1}, 0x0) 17:04:56 executing program 0: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0xb00000000065808, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000140)) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(r2, &(0x7f0000000000), 0xb1d000) ioctl$FITRIM(r0, 0x4030582b, &(0x7f0000000080)={0x0, 0x800004, 0x40000010000}) 17:04:56 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.events\x00', 0xb00000000065808, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000140)) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x7a05, 0x1700) ioctl$FITRIM(r0, 0x4030582b, &(0x7f0000000080)={0x0, 0x800004, 0x40000010000}) 17:04:56 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000200)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in6=@ipv4={'\x00', '\xff\xff', @broadcast}, 0x0, 0x32}, @in=@dev, {0x0, 0x0, 0x0, 0x0, 0x0, 0xfcffffff00000000}, {}, {}, 0x0, 0x0, 0xa, 0xd104, 0x0, 0x24}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0) 17:04:56 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000100)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1000002, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod$loop(&(0x7f00000000c0)='./file0\x00', 0x6000, 0x1) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f0000000100)=@filename='./file0\x00', &(0x7f0000000140)='./file0\x00', 0x0, 0x0, 0x0) 17:04:56 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000580)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = socket$inet(0x10, 0x3, 0x0) sendmsg(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000400)="240000001a0007031dfffd946fa2830020200a0009000000001d85680c1ba3a20400ff7e280000001c00ffffba16a0aa1c0009b3ebcd774a3c374a095dca5285307eadea8653a1cc7e63975c", 0x4c}], 0x1}, 0x0) 17:04:56 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000200)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in6=@ipv4={'\x00', '\xff\xff', @broadcast}, 0x0, 0x32}, @in=@dev, {0x0, 0x0, 0x0, 0x0, 0x0, 0xfeffffff00000000}, {}, {}, 0x0, 0x0, 0xa, 0xd104, 0x0, 0x24}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0) 17:04:56 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.events\x00', 0xb00000000065808, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000140)) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x7a05, 0x1700) ioctl$FITRIM(r0, 0x4030582b, &(0x7f0000000080)={0x0, 0x800004, 0x40000010000}) 17:04:56 executing program 3 (fault-call:5 fault-nth:0): r0 = openat(0xffffffffffffffff, &(0x7f0000000100)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1000002, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod$loop(&(0x7f00000000c0)='./file0\x00', 0x6000, 0x1) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f0000000100)=@filename='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='ext2\x00', 0x0, 0x0) [ 600.750067][ T1034] loop2: p1 p2 p3 p4 [ 600.760434][ T1034] loop2: p1 start 10 is beyond EOD, truncated [ 600.766685][ T1034] loop2: p2 size 1073872896 extends beyond EOD, truncated 17:04:56 executing program 0: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0xb00000000065808, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000140)) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(r2, &(0x7f0000000000), 0xb1d000) ioctl$FITRIM(r0, 0x4030582b, &(0x7f0000000080)={0x0, 0x800004, 0x40000010000}) [ 600.802746][T16588] FAULT_INJECTION: forcing a failure. [ 600.802746][T16588] name failslab, interval 1, probability 0, space 0, times 0 [ 600.815512][T16588] CPU: 1 PID: 16588 Comm: syz-executor.4 Not tainted 5.12.0-syzkaller #0 [ 600.823923][T16588] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 600.833978][T16588] Call Trace: [ 600.837255][T16588] dump_stack+0x137/0x19d [ 600.841648][T16588] should_fail+0x23c/0x250 [ 600.846066][T16588] ? mempool_alloc_slab+0x16/0x20 [ 600.850058][ T1034] loop2: p3 start 225 is beyond EOD, [ 600.851121][T16588] __should_failslab+0x81/0x90 [ 600.851149][T16588] should_failslab+0x5/0x20 [ 600.856615][ T1034] truncated [ 600.856621][ T1034] loop2: p4 size 3657465856 extends beyond EOD, [ 600.861357][T16588] kmem_cache_alloc+0x46/0x2f0 [ 600.861384][T16588] mempool_alloc_slab+0x16/0x20 [ 600.865872][ T1034] truncated [ 600.888062][T16588] ? mempool_free+0x130/0x130 [ 600.892825][T16588] mempool_alloc+0x8c/0x300 [ 600.897345][T16588] ? scsi_queue_rq+0x1339/0x15a0 [ 600.902315][T16588] sg_pool_alloc+0x74/0x90 [ 600.906747][T16588] __sg_alloc_table+0xce/0x290 [ 600.911551][T16588] sg_alloc_table_chained+0xaf/0x140 [ 600.916870][T16588] ? sg_alloc_table_chained+0x140/0x140 [ 600.922423][T16588] scsi_alloc_sgtables+0x180/0x500 [ 600.927553][T16588] sd_init_command+0x935/0x15f0 [ 600.932389][T16588] scsi_queue_rq+0x10e0/0x15a0 [ 600.937136][T16588] blk_mq_dispatch_rq_list+0x628/0x10b0 [ 600.942667][T16588] ? deadline_remove_request+0x167/0x180 [ 600.948284][T16588] ? dd_dispatch_request+0x341/0x3d0 [ 600.953581][T16588] blk_mq_do_dispatch_sched+0x3cb/0x660 [ 600.959438][T16588] __blk_mq_sched_dispatch_requests+0x21e/0x2c0 [ 600.965689][T16588] blk_mq_sched_dispatch_requests+0x9f/0x110 [ 600.971770][T16588] __blk_mq_run_hw_queue+0xbc/0x140 [ 600.976996][T16588] __blk_mq_delay_run_hw_queue+0x163/0x2f0 [ 600.982792][T16588] ? dd_insert_request+0x255/0x330 [ 600.987889][T16588] blk_mq_run_hw_queue+0x22c/0x250 [ 600.992990][T16588] ? dd_finish_request+0x10/0x10 [ 600.997947][T16588] blk_mq_sched_insert_requests+0x13f/0x200 [ 601.003839][T16588] blk_mq_flush_plug_list+0x2f5/0x3c0 [ 601.009277][T16588] blk_flush_plug_list+0x235/0x260 [ 601.014374][T16588] blk_finish_plug+0x44/0x60 [ 601.019152][T16588] __iomap_dio_rw+0x780/0xad0 [ 601.023836][T16588] iomap_dio_rw+0x30/0x70 [ 601.028157][T16588] ext4_file_read_iter+0x21a/0x290 [ 601.033379][T16588] generic_file_splice_read+0x22a/0x310 [ 601.038913][T16588] ? splice_shrink_spd+0x60/0x60 [ 601.043886][T16588] splice_direct_to_actor+0x2aa/0x650 [ 601.049256][T16588] ? do_splice_direct+0x170/0x170 [ 601.054283][T16588] do_splice_direct+0xf5/0x170 [ 601.059247][T16588] do_sendfile+0x773/0xda0 [ 601.063704][T16588] __x64_sys_sendfile64+0xf2/0x130 [ 601.068817][T16588] do_syscall_64+0x4a/0x90 [ 601.073223][T16588] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 601.079184][T16588] RIP: 0033:0x4665f9 [ 601.083064][T16588] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 601.102723][T16588] RSP: 002b:00007f66db8d7188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 601.111191][T16588] RAX: ffffffffffffffda RBX: 000000000056c008 RCX: 00000000004665f9 [ 601.119165][T16588] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000003 [ 601.127128][T16588] RBP: 00007f66db8d71d0 R08: 0000000000000000 R09: 0000000000000000 [ 601.135082][T16588] R10: 00008080ffffff7e R11: 0000000000000246 R12: 0000000000000002 [ 601.143040][T16588] R13: 00007ffc1c86f7ef R14: 00007f66db8d7300 R15: 0000000000022000 [ 601.180966][T16598] FAULT_INJECTION: forcing a failure. [ 601.180966][T16598] name failslab, interval 1, probability 0, space 0, times 0 [ 601.189428][ T1034] loop2: p1 p2 p3 p4 [ 601.193654][T16598] CPU: 1 PID: 16598 Comm: syz-executor.3 Not tainted 5.12.0-syzkaller #0 [ 601.198265][ T1034] loop2: p1 start 10 is beyond EOD, [ 601.205970][T16598] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 601.205983][T16598] Call Trace: [ 601.205990][T16598] dump_stack+0x137/0x19d [ 601.206012][T16598] should_fail+0x23c/0x250 [ 601.206030][T16598] ? __se_sys_mount+0x4e/0x2e0 [ 601.206043][T16598] __should_failslab+0x81/0x90 [ 601.211346][ T1034] truncated [ 601.221365][T16598] should_failslab+0x5/0x20 [ 601.224672][ T1034] loop2: p2 size 1073872896 extends beyond EOD, [ 601.228972][T16598] __kmalloc_track_caller+0x64/0x340 [ 601.233384][ T1034] truncated [ 601.238100][T16598] ? strnlen_user+0x137/0x1c0 [ 601.257942][ T1034] loop2: p3 start 225 is beyond EOD, [ 601.262188][T16598] strndup_user+0x73/0x120 [ 601.262212][T16598] __se_sys_mount+0x4e/0x2e0 [ 601.265318][ T1034] truncated [ 601.265324][ T1034] loop2: p4 size 3657465856 extends beyond EOD, [ 601.269970][T16598] ? fput+0x2d/0x130 [ 601.269988][T16598] ? ksys_write+0x157/0x180 [ 601.275333][ T1034] truncated [ 601.305144][T16598] __x64_sys_mount+0x63/0x70 [ 601.309737][T16598] do_syscall_64+0x4a/0x90 [ 601.314158][T16598] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 601.320068][T16598] RIP: 0033:0x4665f9 [ 601.323961][T16598] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 601.343555][T16598] RSP: 002b:00007f6768eaa188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 601.352128][T16598] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 00000000004665f9 [ 601.360109][T16598] RDX: 0000000020000180 RSI: 0000000020000140 RDI: 0000000020000100 [ 601.368078][T16598] RBP: 00007f6768eaa1d0 R08: 0000000000000000 R09: 0000000000000000 [ 601.376746][T16598] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 601.384719][T16598] R13: 00007ffd9abfb9ff R14: 00007f6768eaa300 R15: 0000000000022000 17:04:57 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000580)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = socket$inet(0x10, 0x3, 0x0) sendmsg(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000400)="240000001c0007031dfffd946fa2830020200a0009000000001d85680c1ba3a20400ff7e280000001c00ffffba16a0aa1c0009b3ebcd774a3c374a095dca5285307eadea8653a1cc7e63975c", 0x4c}], 0x1}, 0x0) 17:04:57 executing program 0: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x275a, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.events\x00', 0xb00000000065808, 0x0) ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, &(0x7f0000000140)) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(r1, &(0x7f0000000000), 0xb1d000) ioctl$FITRIM(r0, 0x4030582b, &(0x7f0000000080)={0x0, 0x800004, 0x40000010000}) 17:04:57 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.events\x00', 0xb00000000065808, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000140)) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x7a05, 0x1700) ioctl$FITRIM(r0, 0x4030582b, &(0x7f0000000080)={0x0, 0x800004, 0x40000010000}) 17:04:57 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000200)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in6=@ipv4={'\x00', '\xff\xff', @broadcast}, 0x0, 0x32}, @in=@dev, {0x0, 0x0, 0x0, 0x0, 0x0, 0xffffff7f00000000}, {}, {}, 0x0, 0x0, 0xa, 0xd104, 0x0, 0x24}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0) 17:04:57 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000100)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1000002, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod$loop(&(0x7f00000000c0)='./file0\x00', 0x6000, 0x1) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f0000000100)=@filename='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='ext2\x00', 0x0, 0x0) 17:04:57 executing program 4 (fault-call:11 fault-nth:46): prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x6}, 0x0) r0 = open(&(0x7f00000001c0)='./bus\x00', 0x145842, 0x0) r1 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0) lseek(r1, 0x4200, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r3, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r2, &(0x7f0000000000), 0x10000}]) r4 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r1, r4, 0x0, 0x8400fffffffb) sendfile(r0, r0, 0x0, 0x8080ffffff7e) 17:04:57 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.events\x00', 0xb00000000065808, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000140)) write$cgroup_type(0xffffffffffffffff, &(0x7f0000000000), 0xb1d000) ioctl$FITRIM(r0, 0x4030582b, &(0x7f0000000080)={0x0, 0x800004, 0x40000010000}) 17:04:57 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000200)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in6=@ipv4={'\x00', '\xff\xff', @broadcast}, 0x0, 0x32}, @in=@dev, {0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff00000000}, {}, {}, 0x0, 0x0, 0xa, 0xd104, 0x0, 0x24}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0) 17:04:57 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000580)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = socket$inet(0x10, 0x3, 0x0) sendmsg(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000400)="240000001d0007031dfffd946fa2830020200a0009000000001d85680c1ba3a20400ff7e280000001c00ffffba16a0aa1c0009b3ebcd774a3c374a095dca5285307eadea8653a1cc7e63975c", 0x4c}], 0x1}, 0x0) 17:04:57 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000100)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1000002, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod$loop(&(0x7f00000000c0)='./file0\x00', 0x6000, 0x1) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f0000000100)=@filename='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='ext2\x00', 0x2, 0x0) [ 601.664683][T16622] EXT4-fs (loop7): VFS: Can't find ext4 filesystem 17:04:57 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.events\x00', 0xb00000000065808, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000140)) write$cgroup_type(0xffffffffffffffff, &(0x7f0000000000), 0xb1d000) ioctl$FITRIM(r0, 0x4030582b, &(0x7f0000000080)={0x0, 0x800004, 0x40000010000}) [ 601.728317][ T1034] loop2: p1 p2 p3 p4 [ 601.736363][ T1034] loop2: p1 start 10 is beyond EOD, truncated [ 601.742518][ T1034] loop2: p2 size 1073872896 extends beyond EOD, truncated [ 601.768985][T16641] FAULT_INJECTION: forcing a failure. [ 601.768985][T16641] name failslab, interval 1, probability 0, space 0, times 0 [ 601.781654][T16641] CPU: 1 PID: 16641 Comm: syz-executor.4 Not tainted 5.12.0-syzkaller #0 [ 601.790134][T16641] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 601.793237][ T1034] loop2: p3 start 225 is beyond EOD, [ 601.800206][T16641] Call Trace: [ 601.800216][T16641] dump_stack+0x137/0x19d [ 601.800241][T16641] should_fail+0x23c/0x250 [ 601.800259][T16641] ? mempool_alloc_slab+0x16/0x20 [ 601.805640][ T1034] truncated [ 601.808907][T16641] __should_failslab+0x81/0x90 [ 601.813276][ T1034] loop2: p4 size 3657465856 extends beyond EOD, [ 601.817665][T16641] should_failslab+0x5/0x20 [ 601.822689][ T1034] truncated [ 601.825758][T16641] kmem_cache_alloc+0x46/0x2f0 [ 601.825779][T16641] mempool_alloc_slab+0x16/0x20 [ 601.825796][T16641] ? mempool_free+0x130/0x130 [ 601.859145][T16641] mempool_alloc+0x8c/0x300 [ 601.863786][T16641] ? scsi_queue_rq+0x1339/0x15a0 17:04:57 executing program 0: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x275a, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.events\x00', 0xb00000000065808, 0x0) ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, &(0x7f0000000140)) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(r1, &(0x7f0000000000), 0xb1d000) ioctl$FITRIM(r0, 0x4030582b, &(0x7f0000000080)={0x0, 0x800004, 0x40000010000}) [ 601.868738][T16641] sg_pool_alloc+0x74/0x90 [ 601.873164][T16641] __sg_alloc_table+0xce/0x290 [ 601.877993][T16641] sg_alloc_table_chained+0xaf/0x140 [ 601.883285][T16641] ? sg_alloc_table_chained+0x140/0x140 [ 601.888922][T16641] scsi_alloc_sgtables+0x180/0x500 [ 601.894116][T16641] sd_init_command+0x935/0x15f0 [ 601.898994][T16641] scsi_queue_rq+0x10e0/0x15a0 [ 601.903777][T16641] blk_mq_dispatch_rq_list+0x628/0x10b0 [ 601.909338][T16641] ? deadline_remove_request+0x167/0x180 [ 601.914969][T16641] ? dd_dispatch_request+0x341/0x3d0 [ 601.920250][T16641] blk_mq_do_dispatch_sched+0x3cb/0x660 [ 601.925790][T16641] __blk_mq_sched_dispatch_requests+0x21e/0x2c0 [ 601.932143][T16641] blk_mq_sched_dispatch_requests+0x9f/0x110 [ 601.938193][T16641] __blk_mq_run_hw_queue+0xbc/0x140 [ 601.943514][T16641] __blk_mq_delay_run_hw_queue+0x163/0x2f0 [ 601.949513][T16641] ? dd_insert_request+0x255/0x330 [ 601.954617][T16641] blk_mq_run_hw_queue+0x22c/0x250 [ 601.959811][T16641] ? dd_finish_request+0x10/0x10 [ 601.964768][T16641] blk_mq_sched_insert_requests+0x13f/0x200 [ 601.970650][T16641] blk_mq_flush_plug_list+0x2f5/0x3c0 [ 601.976231][T16641] blk_flush_plug_list+0x235/0x260 [ 601.981410][T16641] blk_finish_plug+0x44/0x60 [ 601.985997][T16641] __iomap_dio_rw+0x780/0xad0 [ 601.990745][T16641] iomap_dio_rw+0x30/0x70 [ 601.995071][T16641] ext4_file_read_iter+0x21a/0x290 [ 602.000187][T16641] generic_file_splice_read+0x22a/0x310 [ 602.006168][T16641] ? splice_shrink_spd+0x60/0x60 [ 602.011099][T16641] splice_direct_to_actor+0x2aa/0x650 [ 602.016636][T16641] ? do_splice_direct+0x170/0x170 [ 602.021678][T16641] do_splice_direct+0xf5/0x170 [ 602.026634][T16641] do_sendfile+0x773/0xda0 [ 602.031035][T16641] __x64_sys_sendfile64+0xf2/0x130 [ 602.036139][T16641] do_syscall_64+0x4a/0x90 [ 602.040618][T16641] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 602.046574][T16641] RIP: 0033:0x4665f9 [ 602.050480][T16641] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 602.070311][T16641] RSP: 002b:00007f66db8d7188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 602.078823][T16641] RAX: ffffffffffffffda RBX: 000000000056c008 RCX: 00000000004665f9 [ 602.086792][T16641] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000003 [ 602.094835][T16641] RBP: 00007f66db8d71d0 R08: 0000000000000000 R09: 0000000000000000 [ 602.102804][T16641] R10: 00008080ffffff7e R11: 0000000000000246 R12: 0000000000000002 [ 602.110761][T16641] R13: 00007ffc1c86f7ef R14: 00007f66db8d7300 R15: 0000000000022000 [ 602.131431][T16652] EXT4-fs (loop7): VFS: Can't find ext4 filesystem [ 602.147758][ T1034] loop2: p1 p2 p3 p4 [ 602.162008][ T1034] loop2: p1 start 10 is beyond EOD, truncated [ 602.168205][ T1034] loop2: p2 size 1073872896 extends beyond EOD, truncated [ 602.177085][ T1034] loop2: p3 start 225 is beyond EOD, truncated [ 602.183420][ T1034] loop2: p4 size 3657465856 extends beyond EOD, truncated 17:04:58 executing program 4 (fault-call:11 fault-nth:47): prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x6}, 0x0) r0 = open(&(0x7f00000001c0)='./bus\x00', 0x145842, 0x0) r1 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0) lseek(r1, 0x4200, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r3, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r2, &(0x7f0000000000), 0x10000}]) r4 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r1, r4, 0x0, 0x8400fffffffb) sendfile(r0, r0, 0x0, 0x8080ffffff7e) 17:04:58 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.events\x00', 0xb00000000065808, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000140)) write$cgroup_type(0xffffffffffffffff, &(0x7f0000000000), 0xb1d000) ioctl$FITRIM(r0, 0x4030582b, &(0x7f0000000080)={0x0, 0x800004, 0x40000010000}) 17:04:58 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000200)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in6=@ipv4={'\x00', '\xff\xff', @broadcast}, 0x0, 0x32}, @in=@dev, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, {}, {}, 0x0, 0x0, 0xa, 0xd104, 0x0, 0x24}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0) 17:04:58 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000100)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1000002, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod$loop(&(0x7f00000000c0)='./file0\x00', 0x6000, 0x1) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f0000000100)=@filename='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='ext2\x00', 0x3, 0x0) 17:04:58 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000580)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = socket$inet(0x10, 0x3, 0x0) sendmsg(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000400)="240000001e0007031dfffd946fa2830020200a0009000000001d85680c1ba3a20400ff7e280000001c00ffffba16a0aa1c0009b3ebcd774a3c374a095dca5285307eadea8653a1cc7e63975c", 0x4c}], 0x1}, 0x0) 17:04:58 executing program 0: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x275a, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.events\x00', 0xb00000000065808, 0x0) ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, &(0x7f0000000140)) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(r1, &(0x7f0000000000), 0xb1d000) ioctl$FITRIM(r0, 0x4030582b, &(0x7f0000000080)={0x0, 0x800004, 0x40000010000}) 17:04:58 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x275a, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.events\x00', 0xb00000000065808, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(r1, &(0x7f0000000000), 0xb1d000) ioctl$FITRIM(r0, 0x4030582b, &(0x7f0000000080)={0x0, 0x800004, 0x40000010000}) [ 602.625048][T16677] __nla_validate_parse: 11 callbacks suppressed [ 602.625064][T16677] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.2'. [ 602.651357][T16676] EXT4-fs (loop7): VFS: Can't find ext4 filesystem 17:04:58 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000200)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in6=@ipv4={'\x00', '\xff\xff', @broadcast}, 0x0, 0x32}, @in=@dev, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, {}, {}, 0x0, 0x0, 0xa, 0xd104, 0x0, 0x24}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0) [ 602.673616][T16677] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.2'. [ 602.693751][T16691] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.2'. [ 602.705862][T16691] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.2'. 17:04:58 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000100)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1000002, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod$loop(&(0x7f00000000c0)='./file0\x00', 0x6000, 0x1) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f0000000100)=@filename='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='ext2\x00', 0x4, 0x0) 17:04:58 executing program 0: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.events\x00', 0xb00000000065808, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(r2, &(0x7f0000000000), 0xb1d000) ioctl$FITRIM(r0, 0x4030582b, &(0x7f0000000080)={0x0, 0x800004, 0x40000010000}) [ 602.721979][T16684] EXT4-fs (loop7): VFS: Can't find ext4 filesystem [ 602.777977][T16695] FAULT_INJECTION: forcing a failure. [ 602.777977][T16695] name failslab, interval 1, probability 0, space 0, times 0 [ 602.790783][T16695] CPU: 1 PID: 16695 Comm: syz-executor.4 Not tainted 5.12.0-syzkaller #0 [ 602.796813][T16701] EXT4-fs (loop7): VFS: Can't find ext4 filesystem [ 602.799206][T16695] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 602.799220][T16695] Call Trace: [ 602.799227][T16695] dump_stack+0x137/0x19d [ 602.823958][T16695] should_fail+0x23c/0x250 [ 602.828368][T16695] ? mempool_alloc_slab+0x16/0x20 [ 602.833405][T16695] __should_failslab+0x81/0x90 [ 602.838208][T16695] should_failslab+0x5/0x20 [ 602.842779][T16695] kmem_cache_alloc+0x46/0x2f0 [ 602.847528][T16695] mempool_alloc_slab+0x16/0x20 [ 602.852365][T16695] ? mempool_free+0x130/0x130 [ 602.857096][T16695] mempool_alloc+0x8c/0x300 [ 602.861781][T16695] ? __queue_work+0x830/0xaa0 [ 602.866447][T16695] sg_pool_alloc+0x74/0x90 [ 602.870847][T16695] __sg_alloc_table+0xce/0x290 [ 602.876187][T16695] sg_alloc_table_chained+0xaf/0x140 [ 602.881455][T16695] ? sg_alloc_table_chained+0x140/0x140 [ 602.886985][T16695] scsi_alloc_sgtables+0x180/0x500 [ 602.892084][T16695] sd_init_command+0x935/0x15f0 [ 602.896930][T16695] scsi_queue_rq+0x10e0/0x15a0 [ 602.901753][T16695] blk_mq_dispatch_rq_list+0x628/0x10b0 [ 602.907415][T16695] ? deadline_remove_request+0x167/0x180 [ 602.913047][T16695] ? dd_dispatch_request+0x341/0x3d0 [ 602.918327][T16695] blk_mq_do_dispatch_sched+0x3cb/0x660 [ 602.923865][T16695] __blk_mq_sched_dispatch_requests+0x21e/0x2c0 [ 602.930174][T16695] blk_mq_sched_dispatch_requests+0x9f/0x110 [ 602.936230][T16695] __blk_mq_run_hw_queue+0xbc/0x140 [ 602.941414][T16695] __blk_mq_delay_run_hw_queue+0x163/0x2f0 [ 602.947235][T16695] ? dd_insert_request+0x255/0x330 [ 602.952398][T16695] blk_mq_run_hw_queue+0x22c/0x250 [ 602.957527][T16695] ? dd_finish_request+0x10/0x10 [ 602.962447][T16695] blk_mq_sched_insert_requests+0x13f/0x200 [ 602.972478][T16695] blk_mq_flush_plug_list+0x2f5/0x3c0 [ 602.977838][T16695] blk_flush_plug_list+0x235/0x260 [ 602.982932][T16695] blk_finish_plug+0x44/0x60 [ 602.987581][T16695] __iomap_dio_rw+0x780/0xad0 [ 602.992244][T16695] iomap_dio_rw+0x30/0x70 [ 602.996594][T16695] ext4_file_read_iter+0x21a/0x290 [ 603.001703][T16695] generic_file_splice_read+0x22a/0x310 [ 603.007238][T16695] ? splice_shrink_spd+0x60/0x60 [ 603.012255][T16695] splice_direct_to_actor+0x2aa/0x650 [ 603.017613][T16695] ? do_splice_direct+0x170/0x170 [ 603.022669][T16695] do_splice_direct+0xf5/0x170 [ 603.027417][T16695] do_sendfile+0x773/0xda0 [ 603.031874][T16695] __x64_sys_sendfile64+0xf2/0x130 [ 603.036988][T16695] do_syscall_64+0x4a/0x90 [ 603.041394][T16695] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 603.047391][T16695] RIP: 0033:0x4665f9 [ 603.051269][T16695] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 603.070878][T16695] RSP: 002b:00007f66db8d7188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 17:04:58 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000200)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in6=@ipv4={'\x00', '\xff\xff', @broadcast}, 0x0, 0x32}, @in=@dev, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, {}, {}, 0x0, 0x0, 0xa, 0xd104, 0x0, 0x24}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0) 17:04:58 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000580)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = socket$inet(0x10, 0x3, 0x0) sendmsg(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000400)="24000000200007031dfffd946fa2830020200a0009000000001d85680c1ba3a20400ff7e280000001c00ffffba16a0aa1c0009b3ebcd774a3c374a095dca5285307eadea8653a1cc7e63975c", 0x4c}], 0x1}, 0x0) [ 603.079278][T16695] RAX: ffffffffffffffda RBX: 000000000056c008 RCX: 00000000004665f9 [ 603.087242][T16695] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000003 [ 603.095265][T16695] RBP: 00007f66db8d71d0 R08: 0000000000000000 R09: 0000000000000000 [ 603.104443][T16695] R10: 00008080ffffff7e R11: 0000000000000246 R12: 0000000000000002 [ 603.112398][T16695] R13: 00007ffc1c86f7ef R14: 00007f66db8d7300 R15: 0000000000022000 [ 603.140733][ T1034] loop2: p1 p2 p3 p4 [ 603.145154][ T1034] loop2: p1 start 10 is beyond EOD, truncated [ 603.151253][ T1034] loop2: p2 size 1073872896 extends beyond EOD, truncated [ 603.163933][ T1034] loop2: p3 start 225 is beyond EOD, truncated [ 603.170173][ T1034] loop2: p4 size 3657465856 extends beyond EOD, truncated [ 603.180641][T16712] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.2'. 17:04:59 executing program 0: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.events\x00', 0xb00000000065808, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(r2, &(0x7f0000000000), 0xb1d000) ioctl$FITRIM(r0, 0x4030582b, &(0x7f0000000080)={0x0, 0x800004, 0x40000010000}) 17:04:59 executing program 4 (fault-call:11 fault-nth:48): prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x6}, 0x0) r0 = open(&(0x7f00000001c0)='./bus\x00', 0x145842, 0x0) r1 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0) lseek(r1, 0x4200, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r3, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r2, &(0x7f0000000000), 0x10000}]) r4 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r1, r4, 0x0, 0x8400fffffffb) sendfile(r0, r0, 0x0, 0x8080ffffff7e) 17:04:59 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x275a, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.events\x00', 0xb00000000065808, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(r1, &(0x7f0000000000), 0xb1d000) ioctl$FITRIM(r0, 0x4030582b, &(0x7f0000000080)={0x0, 0x800004, 0x40000010000}) 17:04:59 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000580)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = socket$inet(0x10, 0x3, 0x0) sendmsg(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000400)="24000000210007031dfffd946fa2830020200a0009000000001d85680c1ba3a20400ff7e280000001c00ffffba16a0aa1c0009b3ebcd774a3c374a095dca5285307eadea8653a1cc7e63975c", 0x4c}], 0x1}, 0x0) 17:04:59 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000200)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in6=@ipv4={'\x00', '\xff\xff', @broadcast}, 0x0, 0x32}, @in=@dev, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, {}, {}, 0x0, 0x0, 0xa, 0xd104, 0x0, 0x24}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0) 17:04:59 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000100)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1000002, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod$loop(&(0x7f00000000c0)='./file0\x00', 0x6000, 0x1) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f0000000100)=@filename='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='ext2\x00', 0x5, 0x0) 17:04:59 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000200)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in6=@ipv4={'\x00', '\xff\xff', @broadcast}, 0x0, 0x32}, @in=@dev, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, {}, {}, 0x0, 0x0, 0xa, 0xd104, 0x0, 0x24}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0) [ 603.622520][T16735] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.2'. [ 603.632771][T16734] EXT4-fs (loop7): VFS: Can't find ext4 filesystem 17:04:59 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000100)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1000002, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod$loop(&(0x7f00000000c0)='./file0\x00', 0x6000, 0x1) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f0000000100)=@filename='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='ext2\x00', 0x6, 0x0) 17:04:59 executing program 0: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.events\x00', 0xb00000000065808, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(r2, &(0x7f0000000000), 0xb1d000) ioctl$FITRIM(r0, 0x4030582b, &(0x7f0000000080)={0x0, 0x800004, 0x40000010000}) 17:04:59 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000200)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in6=@ipv4={'\x00', '\xff\xff', @broadcast}, 0x0, 0x32}, @in=@dev, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, {}, {}, 0x0, 0x0, 0xa, 0xd104, 0x0, 0x24}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0) [ 603.666113][T16739] EXT4-fs (loop7): VFS: Can't find ext4 filesystem 17:04:59 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000580)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = socket$inet(0x10, 0x3, 0x0) sendmsg(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000400)="24000000220007031dfffd946fa2830020200a0009000000001d85680c1ba3a20400ff7e280000001c00ffffba16a0aa1c0009b3ebcd774a3c374a095dca5285307eadea8653a1cc7e63975c", 0x4c}], 0x1}, 0x0) 17:04:59 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000100)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1000002, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod$loop(&(0x7f00000000c0)='./file0\x00', 0x6000, 0x1) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f0000000100)=@filename='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='ext2\x00', 0x7, 0x0) [ 603.744043][T16752] EXT4-fs (loop7): VFS: Can't find ext4 filesystem [ 603.750933][T16755] EXT4-fs (loop7): VFS: Can't find ext4 filesystem [ 603.764848][ T1034] loop2: p1 p2 p3 p4 [ 603.768225][T16758] FAULT_INJECTION: forcing a failure. [ 603.768225][T16758] name failslab, interval 1, probability 0, space 0, times 0 [ 603.769506][ T1034] loop2: p1 start 10 is beyond EOD, [ 603.781471][T16758] CPU: 1 PID: 16758 Comm: syz-executor.4 Not tainted 5.12.0-syzkaller #0 [ 603.786753][ T1034] truncated [ 603.786759][ T1034] loop2: p2 size 1073872896 extends beyond EOD, [ 603.795141][T16758] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 603.795153][T16758] Call Trace: [ 603.795159][T16758] dump_stack+0x137/0x19d [ 603.798260][ T1034] truncated [ 603.825265][T16758] should_fail+0x23c/0x250 [ 603.829692][T16758] ? kmalloc_array+0x2d/0x40 [ 603.834268][T16758] __should_failslab+0x81/0x90 [ 603.839175][T16758] should_failslab+0x5/0x20 [ 603.843668][T16758] __kmalloc+0x66/0x340 [ 603.847808][T16758] ? activate_task+0xb7/0xe0 [ 603.852436][T16758] ? ttwu_do_activate+0x7c/0x90 [ 603.857343][T16758] ? splice_from_pipe+0xc0/0xc0 [ 603.862223][T16758] kmalloc_array+0x2d/0x40 [ 603.866632][T16758] iter_file_splice_write+0xc1/0x750 [ 603.871927][T16758] ? wake_up_q+0x46/0x80 [ 603.876167][T16758] ? up_read+0xd1/0xe0 [ 603.880240][T16758] ? ext4_file_read_iter+0x271/0x290 [ 603.885596][T16758] ? generic_file_splice_read+0x2a4/0x310 [ 603.891300][T16758] ? splice_from_pipe+0xc0/0xc0 [ 603.896135][T16758] direct_splice_actor+0x80/0xa0 [ 603.901105][T16758] splice_direct_to_actor+0x345/0x650 [ 603.906459][T16758] ? do_splice_direct+0x170/0x170 [ 603.911466][T16758] do_splice_direct+0xf5/0x170 [ 603.916215][T16758] do_sendfile+0x773/0xda0 [ 603.920641][T16758] __x64_sys_sendfile64+0xf2/0x130 [ 603.925735][T16758] do_syscall_64+0x4a/0x90 [ 603.930135][T16758] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 603.936049][T16758] RIP: 0033:0x4665f9 [ 603.939924][T16758] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 603.959637][T16758] RSP: 002b:00007f66db8d7188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 603.968131][T16758] RAX: ffffffffffffffda RBX: 000000000056c008 RCX: 00000000004665f9 [ 603.976087][T16758] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000003 [ 603.984041][T16758] RBP: 00007f66db8d71d0 R08: 0000000000000000 R09: 0000000000000000 [ 603.991995][T16758] R10: 00008080ffffff7e R11: 0000000000000246 R12: 0000000000000002 [ 603.999950][T16758] R13: 00007ffc1c86f7ef R14: 00007f66db8d7300 R15: 0000000000022000 [ 604.038173][ T1034] loop2: p3 start 225 is beyond EOD, truncated [ 604.044414][ T1034] loop2: p4 size 3657465856 extends beyond EOD, truncated [ 604.068660][T16768] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.2'. [ 604.088845][T16769] EXT4-fs (loop7): VFS: Can't find ext4 filesystem [ 604.101101][T16771] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.2'. [ 604.118666][T16772] EXT4-fs (loop7): VFS: Can't find ext4 filesystem [ 604.156872][ T1034] loop2: p1 p2 p3 p4 [ 604.161031][ T1034] loop2: p1 start 10 is beyond EOD, truncated [ 604.167101][ T1034] loop2: p2 size 1073872896 extends beyond EOD, truncated [ 604.175256][ T1034] loop2: p3 start 225 is beyond EOD, truncated [ 604.181661][ T1034] loop2: p4 size 3657465856 extends beyond EOD, truncated 17:05:00 executing program 0: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.events\x00', 0xb00000000065808, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000140)) r2 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x7a05, 0x1700) write$cgroup_type(r2, &(0x7f0000000000), 0xb1d000) ioctl$FITRIM(r0, 0x4030582b, &(0x7f0000000080)={0x0, 0x800004, 0x40000010000}) 17:05:00 executing program 4 (fault-call:11 fault-nth:49): prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x6}, 0x0) r0 = open(&(0x7f00000001c0)='./bus\x00', 0x145842, 0x0) r1 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0) lseek(r1, 0x4200, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r3, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r2, &(0x7f0000000000), 0x10000}]) r4 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r1, r4, 0x0, 0x8400fffffffb) sendfile(r0, r0, 0x0, 0x8080ffffff7e) 17:05:00 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x275a, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.events\x00', 0xb00000000065808, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(r1, &(0x7f0000000000), 0xb1d000) ioctl$FITRIM(r0, 0x4030582b, &(0x7f0000000080)={0x0, 0x800004, 0x40000010000}) 17:05:00 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000100)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1000002, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod$loop(&(0x7f00000000c0)='./file0\x00', 0x6000, 0x1) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f0000000100)=@filename='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='ext2\x00', 0x8, 0x0) 17:05:00 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000200)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in6=@ipv4={'\x00', '\xff\xff', @broadcast}, 0x0, 0x32}, @in=@dev, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, {}, {}, 0x0, 0x0, 0xa, 0xd104, 0x0, 0x24}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0) 17:05:00 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000580)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = socket$inet(0x10, 0x3, 0x0) sendmsg(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000400)="24000000240007031dfffd946fa2830020200a0009000000001d85680c1ba3a20400ff7e280000001c00ffffba16a0aa1c0009b3ebcd774a3c374a095dca5285307eadea8653a1cc7e63975c", 0x4c}], 0x1}, 0x0) 17:05:00 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000200)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in6=@ipv4={'\x00', '\xff\xff', @broadcast}, 0x0, 0x32}, @in=@dev, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, {}, {}, 0x0, 0x0, 0xa, 0xd104, 0x0, 0x24}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0) 17:05:00 executing program 0: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.events\x00', 0xb00000000065808, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000140)) r2 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x7a05, 0x1700) write$cgroup_type(r2, &(0x7f0000000000), 0xb1d000) ioctl$FITRIM(r0, 0x4030582b, &(0x7f0000000080)={0x0, 0x800004, 0x40000010000}) 17:05:00 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000580)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = socket$inet(0x10, 0x3, 0x0) sendmsg(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000400)="24000000250007031dfffd946fa2830020200a0009000000001d85680c1ba3a20400ff7e280000001c00ffffba16a0aa1c0009b3ebcd774a3c374a095dca5285307eadea8653a1cc7e63975c", 0x4c}], 0x1}, 0x0) [ 604.655039][T16797] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.2'. [ 604.670547][T16799] EXT4-fs (loop7): VFS: Can't find ext4 filesystem [ 604.686027][T16804] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.2'. 17:05:00 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000100)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1000002, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod$loop(&(0x7f00000000c0)='./file0\x00', 0x6000, 0x1) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f0000000100)=@filename='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='ext2\x00', 0x9, 0x0) 17:05:00 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000200)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in6=@ipv4={'\x00', '\xff\xff', @broadcast}, 0x0, 0x32}, @in=@dev, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0xa, 0xd104, 0x0, 0x24}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0) 17:05:00 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x275a, 0x0) ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, &(0x7f0000000140)) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(r1, &(0x7f0000000000), 0xb1d000) ioctl$FITRIM(r0, 0x4030582b, &(0x7f0000000080)={0x0, 0x800004, 0x40000010000}) [ 604.745321][ T1034] loop2: p1 p2 p3 p4 [ 604.757801][ T1034] loop2: p1 start 10 is beyond EOD, truncated [ 604.763966][ T1034] loop2: p2 size 1073872896 extends beyond EOD, truncated [ 604.773165][ T1034] loop2: p3 start 225 is beyond EOD, truncated [ 604.779420][ T1034] loop2: p4 size 3657465856 extends beyond EOD, truncated [ 604.790546][T16820] FAULT_INJECTION: forcing a failure. [ 604.790546][T16820] name failslab, interval 1, probability 0, space 0, times 0 [ 604.803177][T16820] CPU: 0 PID: 16820 Comm: syz-executor.4 Not tainted 5.12.0-syzkaller #0 [ 604.811601][T16820] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 604.821720][T16820] Call Trace: [ 604.825039][T16820] dump_stack+0x137/0x19d [ 604.829375][T16820] should_fail+0x23c/0x250 [ 604.833798][T16820] ? mempool_alloc_slab+0x16/0x20 [ 604.838836][T16820] __should_failslab+0x81/0x90 [ 604.843612][T16820] should_failslab+0x5/0x20 [ 604.848115][T16820] kmem_cache_alloc+0x46/0x2f0 [ 604.852885][T16820] mempool_alloc_slab+0x16/0x20 [ 604.857764][T16820] ? mempool_free+0x130/0x130 [ 604.862444][T16820] mempool_alloc+0x8c/0x300 [ 604.866958][T16820] ? ext4_es_lookup_extent+0x36b/0x490 [ 604.872420][T16820] ? iov_iter_alignment+0x77a/0x800 [ 604.877639][T16820] bio_alloc_bioset+0xcc/0x480 [ 604.882411][T16820] iomap_dio_bio_actor+0x511/0xb50 [ 604.887552][T16820] iomap_dio_actor+0x26e/0x3b0 [ 604.892323][T16820] ? ext4_iomap_overwrite_begin+0x5e/0x80 [ 604.898129][T16820] iomap_apply+0x1e2/0x400 [ 604.902617][T16820] __iomap_dio_rw+0x5af/0xad0 [ 604.907320][T16820] ? __iomap_dio_rw+0xad0/0xad0 [ 604.912174][T16820] iomap_dio_rw+0x30/0x70 [ 604.916597][T16820] ext4_file_write_iter+0xa4f/0x11d0 [ 604.921978][T16820] do_iter_readv_writev+0x2cb/0x360 [ 604.927180][T16820] do_iter_write+0x112/0x4c0 [ 604.931776][T16820] ? kmalloc_array+0x2d/0x40 [ 604.936380][T16820] vfs_iter_write+0x4c/0x70 [ 604.940895][T16820] iter_file_splice_write+0x40a/0x750 [ 604.946309][T16820] ? splice_from_pipe+0xc0/0xc0 [ 604.951163][T16820] direct_splice_actor+0x80/0xa0 [ 604.956121][T16820] splice_direct_to_actor+0x345/0x650 [ 604.961565][T16820] ? do_splice_direct+0x170/0x170 [ 604.963209][T16836] EXT4-fs (loop7): VFS: Can't find ext4 filesystem [ 604.966590][T16820] do_splice_direct+0xf5/0x170 [ 604.977843][T16820] do_sendfile+0x773/0xda0 [ 604.982259][T16820] __x64_sys_sendfile64+0xf2/0x130 [ 604.987369][T16820] do_syscall_64+0x4a/0x90 [ 604.991793][T16820] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 604.997855][T16820] RIP: 0033:0x4665f9 [ 605.001731][T16820] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 605.003174][ T1034] loop2: p1 p2 p3 p4 [ 605.021389][T16820] RSP: 002b:00007f66db8d7188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 605.021411][T16820] RAX: ffffffffffffffda RBX: 000000000056c008 RCX: 00000000004665f9 [ 605.021423][T16820] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000003 [ 605.021434][T16820] RBP: 00007f66db8d71d0 R08: 0000000000000000 R09: 0000000000000000 [ 605.026329][ T1034] loop2: p1 start 10 is beyond EOD, [ 605.033826][T16820] R10: 00008080ffffff7e R11: 0000000000000246 R12: 0000000000000002 [ 605.033842][T16820] R13: 00007ffc1c86f7ef R14: 00007f66db8d7300 R15: 0000000000022000 [ 605.079160][ T1034] truncated [ 605.082312][ T1034] loop2: p2 size 1073872896 extends beyond EOD, truncated [ 605.090271][ T1034] loop2: p3 start 225 is beyond EOD, truncated [ 605.096504][ T1034] loop2: p4 size 3657465856 extends beyond EOD, truncated 17:05:01 executing program 4 (fault-call:11 fault-nth:50): prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x6}, 0x0) r0 = open(&(0x7f00000001c0)='./bus\x00', 0x145842, 0x0) r1 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0) lseek(r1, 0x4200, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r3, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r2, &(0x7f0000000000), 0x10000}]) r4 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r1, r4, 0x0, 0x8400fffffffb) sendfile(r0, r0, 0x0, 0x8080ffffff7e) 17:05:01 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000200)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in6=@ipv4={'\x00', '\xff\xff', @broadcast}, 0x0, 0x32}, @in=@dev, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb}, {}, {}, 0x0, 0x0, 0xa, 0xd104, 0x0, 0x24}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0) 17:05:01 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x275a, 0x0) ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, &(0x7f0000000140)) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(r1, &(0x7f0000000000), 0xb1d000) ioctl$FITRIM(r0, 0x4030582b, &(0x7f0000000080)={0x0, 0x800004, 0x40000010000}) 17:05:01 executing program 0: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.events\x00', 0xb00000000065808, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000140)) r2 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x7a05, 0x1700) write$cgroup_type(r2, &(0x7f0000000000), 0xb1d000) ioctl$FITRIM(r0, 0x4030582b, &(0x7f0000000080)={0x0, 0x800004, 0x40000010000}) 17:05:01 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000100)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1000002, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod$loop(&(0x7f00000000c0)='./file0\x00', 0x6000, 0x1) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f0000000100)=@filename='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='ext2\x00', 0xa, 0x0) 17:05:01 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000580)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = socket$inet(0x10, 0x3, 0x0) sendmsg(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000400)="24000002260007031dfffd946fa2830020200a0009000000001d85680c1ba3a20400ff7e280000001c00ffffba16a0aa1c0009b3ebcd774a3c374a095dca5285307eadea8653a1cc7e63975c", 0x4c}], 0x1}, 0x0) 17:05:01 executing program 0: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.events\x00', 0xb00000000065808, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000140)) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(0xffffffffffffffff, &(0x7f0000000000), 0xb1d000) ioctl$FITRIM(r0, 0x4030582b, &(0x7f0000000080)={0x0, 0x800004, 0x40000010000}) 17:05:01 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000100)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1000002, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod$loop(&(0x7f00000000c0)='./file0\x00', 0x6000, 0x1) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f0000000100)=@filename='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='ext2\x00', 0xb, 0x0) 17:05:01 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000580)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = socket$inet(0x10, 0x3, 0x0) sendmsg(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000400)="24000003260007031dfffd946fa2830020200a0009000000001d85680c1ba3a20400ff7e280000001c00ffffba16a0aa1c0009b3ebcd774a3c374a095dca5285307eadea8653a1cc7e63975c", 0x4c}], 0x1}, 0x0) [ 605.647991][T16853] EXT4-fs (loop7): VFS: Can't find ext4 filesystem [ 605.668812][T16858] EXT4-fs (loop7): VFS: Can't find ext4 filesystem 17:05:01 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000200)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in6=@ipv4={'\x00', '\xff\xff', @broadcast}, 0x0, 0x32}, @in=@dev, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc}, {}, {}, 0x0, 0x0, 0xa, 0xd104, 0x0, 0x24}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0) 17:05:01 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x275a, 0x0) ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, &(0x7f0000000140)) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(r1, &(0x7f0000000000), 0xb1d000) ioctl$FITRIM(r0, 0x4030582b, &(0x7f0000000080)={0x0, 0x800004, 0x40000010000}) [ 605.707331][ T1034] loop2: p1 p2 p3 p4 [ 605.719332][ T1034] loop2: p1 start 10 is beyond EOD, truncated [ 605.725438][ T1034] loop2: p2 size 1073872896 extends beyond EOD, truncated [ 605.760011][ T1034] loop2: p3 start 225 is beyond EOD, truncated [ 605.762440][T16877] EXT4-fs (loop7): VFS: Can't find ext4 filesystem [ 605.766205][ T1034] loop2: p4 size 3657465856 extends beyond EOD, truncated [ 605.780946][T16880] FAULT_INJECTION: forcing a failure. [ 605.780946][T16880] name failslab, interval 1, probability 0, space 0, times 0 [ 605.793602][T16880] CPU: 0 PID: 16880 Comm: syz-executor.4 Not tainted 5.12.0-syzkaller #0 [ 605.802014][T16880] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 605.812068][T16880] Call Trace: [ 605.815386][T16880] dump_stack+0x137/0x19d [ 605.819807][T16880] should_fail+0x23c/0x250 [ 605.824240][T16880] ? mempool_alloc_slab+0x16/0x20 [ 605.824769][T16882] EXT4-fs (loop7): VFS: Can't find ext4 filesystem [ 605.829271][T16880] __should_failslab+0x81/0x90 [ 605.829296][T16880] should_failslab+0x5/0x20 [ 605.829342][T16880] kmem_cache_alloc+0x46/0x2f0 [ 605.849834][T16880] mempool_alloc_slab+0x16/0x20 [ 605.854773][T16880] ? mempool_free+0x130/0x130 17:05:01 executing program 0: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.events\x00', 0xb00000000065808, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000140)) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(0xffffffffffffffff, &(0x7f0000000000), 0xb1d000) ioctl$FITRIM(r0, 0x4030582b, &(0x7f0000000080)={0x0, 0x800004, 0x40000010000}) [ 605.859462][T16880] mempool_alloc+0x8c/0x300 [ 605.864076][T16880] sg_pool_alloc+0x74/0x90 [ 605.868502][T16880] __sg_alloc_table+0xce/0x290 [ 605.873323][T16880] sg_alloc_table_chained+0xaf/0x140 [ 605.878609][T16880] ? sg_alloc_table_chained+0x140/0x140 [ 605.884228][T16880] scsi_alloc_sgtables+0x180/0x500 [ 605.889363][T16880] sd_init_command+0x935/0x15f0 [ 605.894226][T16880] scsi_queue_rq+0x10e0/0x15a0 [ 605.899030][T16880] blk_mq_dispatch_rq_list+0x628/0x10b0 [ 605.904581][T16880] ? deadline_remove_request+0x167/0x180 [ 605.910294][T16880] ? dd_dispatch_request+0x341/0x3d0 [ 605.915586][T16880] blk_mq_do_dispatch_sched+0x3cb/0x660 [ 605.921253][T16880] __blk_mq_sched_dispatch_requests+0x21e/0x2c0 [ 605.927505][T16880] blk_mq_sched_dispatch_requests+0x9f/0x110 [ 605.933469][T16880] __blk_mq_run_hw_queue+0xbc/0x140 [ 605.938716][T16880] __blk_mq_delay_run_hw_queue+0x163/0x2f0 [ 605.944573][T16880] ? dd_insert_request+0x255/0x330 [ 605.949684][T16880] blk_mq_run_hw_queue+0x22c/0x250 [ 605.954799][T16880] ? dd_finish_request+0x10/0x10 [ 605.959742][T16880] blk_mq_sched_insert_requests+0x13f/0x200 [ 605.965744][T16880] blk_mq_flush_plug_list+0x2f5/0x3c0 [ 605.971282][T16880] blk_flush_plug_list+0x235/0x260 [ 605.976500][T16880] blk_finish_plug+0x44/0x60 [ 605.981115][T16880] __iomap_dio_rw+0x780/0xad0 [ 605.985784][T16880] iomap_dio_rw+0x30/0x70 [ 605.990103][T16880] ext4_file_write_iter+0xa4f/0x11d0 [ 605.995461][T16880] do_iter_readv_writev+0x2cb/0x360 [ 606.000875][T16880] do_iter_write+0x112/0x4c0 [ 606.005451][T16880] ? kmalloc_array+0x2d/0x40 [ 606.010038][T16880] vfs_iter_write+0x4c/0x70 [ 606.014543][T16880] iter_file_splice_write+0x40a/0x750 [ 606.019918][T16880] ? splice_from_pipe+0xc0/0xc0 [ 606.024771][T16880] direct_splice_actor+0x80/0xa0 [ 606.029712][T16880] splice_direct_to_actor+0x345/0x650 [ 606.035086][T16880] ? do_splice_direct+0x170/0x170 [ 606.040139][T16880] do_splice_direct+0xf5/0x170 [ 606.045009][T16880] do_sendfile+0x773/0xda0 [ 606.049409][T16880] __x64_sys_sendfile64+0xf2/0x130 [ 606.054535][T16880] do_syscall_64+0x4a/0x90 [ 606.058966][T16880] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 606.065012][T16880] RIP: 0033:0x4665f9 [ 606.068888][T16880] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 606.088644][T16880] RSP: 002b:00007f66db8d7188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 606.097040][T16880] RAX: ffffffffffffffda RBX: 000000000056c008 RCX: 00000000004665f9 [ 606.105111][T16880] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000003 [ 606.113085][T16880] RBP: 00007f66db8d71d0 R08: 0000000000000000 R09: 0000000000000000 [ 606.121056][T16880] R10: 00008080ffffff7e R11: 0000000000000246 R12: 0000000000000002 [ 606.129186][T16880] R13: 00007ffc1c86f7ef R14: 00007f66db8d7300 R15: 0000000000022000 [ 606.155828][ T1034] loop2: p1 p2 p3 p4 [ 606.162581][ T1034] loop2: p1 start 10 is beyond EOD, truncated [ 606.168782][ T1034] loop2: p2 size 1073872896 extends beyond EOD, truncated [ 606.177568][ T1034] loop2: p3 start 225 is beyond EOD, truncated [ 606.184064][ T1034] loop2: p4 size 3657465856 extends beyond EOD, truncated 17:05:02 executing program 4 (fault-call:11 fault-nth:51): prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x6}, 0x0) r0 = open(&(0x7f00000001c0)='./bus\x00', 0x145842, 0x0) r1 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0) lseek(r1, 0x4200, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r3, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r2, &(0x7f0000000000), 0x10000}]) r4 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r1, r4, 0x0, 0x8400fffffffb) sendfile(r0, r0, 0x0, 0x8080ffffff7e) 17:05:02 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000200)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in6=@ipv4={'\x00', '\xff\xff', @broadcast}, 0x0, 0x32}, @in=@dev, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd}, {}, {}, 0x0, 0x0, 0xa, 0xd104, 0x0, 0x24}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0) 17:05:02 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000580)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = socket$inet(0x10, 0x3, 0x0) sendmsg(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000400)="24000004260007031dfffd946fa2830020200a0009000000001d85680c1ba3a20400ff7e280000001c00ffffba16a0aa1c0009b3ebcd774a3c374a095dca5285307eadea8653a1cc7e63975c", 0x4c}], 0x1}, 0x0) 17:05:02 executing program 0: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.events\x00', 0xb00000000065808, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000140)) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(0xffffffffffffffff, &(0x7f0000000000), 0xb1d000) ioctl$FITRIM(r0, 0x4030582b, &(0x7f0000000080)={0x0, 0x800004, 0x40000010000}) 17:05:02 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000100)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1000002, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod$loop(&(0x7f00000000c0)='./file0\x00', 0x6000, 0x1) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f0000000100)=@filename='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='ext2\x00', 0xc, 0x0) 17:05:02 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.events\x00', 0xb00000000065808, 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f0000000140)) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(r1, &(0x7f0000000000), 0xb1d000) ioctl$FITRIM(0xffffffffffffffff, 0x4030582b, &(0x7f0000000080)={0x0, 0x800004, 0x40000010000}) 17:05:02 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000580)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = socket$inet(0x10, 0x3, 0x0) sendmsg(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000400)="24000005260007031dfffd946fa2830020200a0009000000001d85680c1ba3a20400ff7e280000001c00ffffba16a0aa1c0009b3ebcd774a3c374a095dca5285307eadea8653a1cc7e63975c", 0x4c}], 0x1}, 0x0) 17:05:02 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000100)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1000002, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod$loop(&(0x7f00000000c0)='./file0\x00', 0x6000, 0x1) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f0000000100)=@filename='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='ext2\x00', 0xd, 0x0) 17:05:02 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.events\x00', 0xb00000000065808, 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f0000000140)) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(r1, &(0x7f0000000000), 0xb1d000) ioctl$FITRIM(0xffffffffffffffff, 0x4030582b, &(0x7f0000000080)={0x0, 0x800004, 0x40000010000}) 17:05:02 executing program 0: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.events\x00', 0xb00000000065808, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000140)) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(r2, 0x0, 0x0) ioctl$FITRIM(r0, 0x4030582b, &(0x7f0000000080)={0x0, 0x800004, 0x40000010000}) 17:05:02 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000200)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in6=@ipv4={'\x00', '\xff\xff', @broadcast}, 0x0, 0x32}, @in=@dev, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe}, {}, {}, 0x0, 0x0, 0xa, 0xd104, 0x0, 0x24}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0) [ 606.651957][T16917] EXT4-fs (loop7): VFS: Can't find ext4 filesystem [ 606.669228][ T1034] loop2: p1 p2 p3 p4 [ 606.671336][T16921] EXT4-fs (loop7): VFS: Can't find ext4 filesystem [ 606.681541][ T1034] loop2: p1 start 10 is beyond EOD, truncated [ 606.687815][ T1034] loop2: p2 size 1073872896 extends beyond EOD, truncated [ 606.733752][ T1034] loop2: p3 start 225 is beyond EOD, truncated [ 606.740003][ T1034] loop2: p4 size 3657465856 extends beyond EOD, truncated [ 606.759851][T16932] EXT4-fs (loop7): VFS: Can't find ext4 filesystem 17:05:02 executing program 0: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.events\x00', 0xb00000000065808, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000140)) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(r2, 0x0, 0x0) ioctl$FITRIM(r0, 0x4030582b, &(0x7f0000000080)={0x0, 0x800004, 0x40000010000}) [ 606.787879][T16941] EXT4-fs (loop7): VFS: Can't find ext4 filesystem [ 606.800874][T16940] FAULT_INJECTION: forcing a failure. [ 606.800874][T16940] name failslab, interval 1, probability 0, space 0, times 0 [ 606.813557][T16940] CPU: 0 PID: 16940 Comm: syz-executor.4 Not tainted 5.12.0-syzkaller #0 [ 606.821984][T16940] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 606.832131][T16940] Call Trace: [ 606.835408][T16940] dump_stack+0x137/0x19d [ 606.839763][T16940] should_fail+0x23c/0x250 [ 606.844192][T16940] ? mempool_alloc_slab+0x16/0x20 [ 606.849225][T16940] __should_failslab+0x81/0x90 [ 606.854075][T16940] should_failslab+0x5/0x20 [ 606.858594][T16940] kmem_cache_alloc+0x46/0x2f0 [ 606.863372][T16940] mempool_alloc_slab+0x16/0x20 [ 606.866053][ T1034] loop2: p1 p2 p3 p4 [ 606.868292][T16940] ? mempool_free+0x130/0x130 [ 606.872864][ T1034] loop2: p1 start 10 is beyond EOD, truncated [ 606.876917][T16940] mempool_alloc+0x8c/0x300 [ 606.883009][ T1034] loop2: p2 size 1073872896 extends beyond EOD, truncated [ 606.887461][T16940] sg_pool_alloc+0x74/0x90 [ 606.898641][ T1034] loop2: p3 start 225 is beyond EOD, [ 606.898945][T16940] __sg_alloc_table+0xce/0x290 [ 606.898969][T16940] sg_alloc_table_chained+0xaf/0x140 [ 606.904370][ T1034] truncated [ 606.909051][T16940] ? sg_alloc_table_chained+0x140/0x140 [ 606.909070][T16940] scsi_alloc_sgtables+0x180/0x500 [ 606.914332][ T1034] loop2: p4 size 3657465856 extends beyond EOD, [ 606.917451][T16940] sd_init_command+0x935/0x15f0 [ 606.922987][ T1034] truncated [ 606.928054][T16940] scsi_queue_rq+0x10e0/0x15a0 [ 606.947041][T16940] blk_mq_dispatch_rq_list+0x628/0x10b0 [ 606.952666][T16940] ? deadline_remove_request+0x167/0x180 [ 606.958372][T16940] ? dd_dispatch_request+0x341/0x3d0 [ 606.963704][T16940] blk_mq_do_dispatch_sched+0x3cb/0x660 [ 606.969254][T16940] __blk_mq_sched_dispatch_requests+0x21e/0x2c0 [ 606.975597][T16940] blk_mq_sched_dispatch_requests+0x9f/0x110 [ 606.981596][T16940] __blk_mq_run_hw_queue+0xbc/0x140 [ 606.986836][T16940] __blk_mq_delay_run_hw_queue+0x163/0x2f0 [ 606.992647][T16940] ? dd_insert_request+0x255/0x330 [ 606.997766][T16940] blk_mq_run_hw_queue+0x22c/0x250 [ 607.002963][T16940] ? dd_finish_request+0x10/0x10 [ 607.007881][T16940] blk_mq_sched_insert_requests+0x13f/0x200 [ 607.013779][T16940] blk_mq_flush_plug_list+0x2f5/0x3c0 [ 607.019296][T16940] blk_flush_plug_list+0x235/0x260 [ 607.024442][T16940] blk_finish_plug+0x44/0x60 [ 607.029054][T16940] __iomap_dio_rw+0x780/0xad0 [ 607.033774][T16940] iomap_dio_rw+0x30/0x70 [ 607.038085][T16940] ext4_file_write_iter+0xa4f/0x11d0 [ 607.043362][T16940] do_iter_readv_writev+0x2cb/0x360 [ 607.048557][T16940] do_iter_write+0x112/0x4c0 [ 607.053128][T16940] ? kmalloc_array+0x2d/0x40 [ 607.057700][T16940] vfs_iter_write+0x4c/0x70 [ 607.062186][T16940] iter_file_splice_write+0x40a/0x750 [ 607.067573][T16940] ? splice_from_pipe+0xc0/0xc0 [ 607.072403][T16940] direct_splice_actor+0x80/0xa0 [ 607.077324][T16940] splice_direct_to_actor+0x345/0x650 [ 607.082692][T16940] ? do_splice_direct+0x170/0x170 [ 607.087697][T16940] do_splice_direct+0xf5/0x170 [ 607.092470][T16940] do_sendfile+0x773/0xda0 [ 607.096884][T16940] __x64_sys_sendfile64+0xf2/0x130 [ 607.102004][T16940] do_syscall_64+0x4a/0x90 [ 607.106410][T16940] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 607.112308][T16940] RIP: 0033:0x4665f9 [ 607.116190][T16940] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 607.135783][T16940] RSP: 002b:00007f66db8d7188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 607.144204][T16940] RAX: ffffffffffffffda RBX: 000000000056c008 RCX: 00000000004665f9 [ 607.152161][T16940] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000003 [ 607.160346][T16940] RBP: 00007f66db8d71d0 R08: 0000000000000000 R09: 0000000000000000 [ 607.168343][T16940] R10: 00008080ffffff7e R11: 0000000000000246 R12: 0000000000000002 [ 607.176307][T16940] R13: 00007ffc1c86f7ef R14: 00007f66db8d7300 R15: 0000000000022000 [ 607.522902][T16940] syz-executor.4 (16940) used greatest stack depth: 10136 bytes left 17:05:03 executing program 4 (fault-call:11 fault-nth:52): prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x6}, 0x0) r0 = open(&(0x7f00000001c0)='./bus\x00', 0x145842, 0x0) r1 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0) lseek(r1, 0x4200, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r3, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r2, &(0x7f0000000000), 0x10000}]) r4 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r1, r4, 0x0, 0x8400fffffffb) sendfile(r0, r0, 0x0, 0x8080ffffff7e) 17:05:03 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.events\x00', 0xb00000000065808, 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f0000000140)) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(r1, &(0x7f0000000000), 0xb1d000) ioctl$FITRIM(0xffffffffffffffff, 0x4030582b, &(0x7f0000000080)={0x0, 0x800004, 0x40000010000}) 17:05:03 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000100)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1000002, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod$loop(&(0x7f00000000c0)='./file0\x00', 0x6000, 0x1) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f0000000100)=@filename='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='ext2\x00', 0xe, 0x0) 17:05:03 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000200)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in6=@ipv4={'\x00', '\xff\xff', @broadcast}, 0x0, 0x32}, @in=@dev, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10}, {}, {}, 0x0, 0x0, 0xa, 0xd104, 0x0, 0x24}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0) 17:05:03 executing program 0: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.events\x00', 0xb00000000065808, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000140)) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(r2, 0x0, 0x0) ioctl$FITRIM(r0, 0x4030582b, &(0x7f0000000080)={0x0, 0x800004, 0x40000010000}) 17:05:03 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000580)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = socket$inet(0x10, 0x3, 0x0) sendmsg(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000400)="24000006260007031dfffd946fa2830020200a0009000000001d85680c1ba3a20400ff7e280000001c00ffffba16a0aa1c0009b3ebcd774a3c374a095dca5285307eadea8653a1cc7e63975c", 0x4c}], 0x1}, 0x0) 17:05:03 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.events\x00', 0xb00000000065808, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000140)) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(r2, &(0x7f0000000000), 0xb1d000) ioctl$FITRIM(r0, 0x4030582b, &(0x7f0000000080)={0x0, 0x800004, 0x40000010000}) 17:05:03 executing program 0: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x275a, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.events\x00', 0xb00000000065808, 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f0000000140)) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(r1, &(0x7f0000000000), 0xb1d000) ioctl$FITRIM(0xffffffffffffffff, 0x4030582b, &(0x7f0000000080)={0x0, 0x800004, 0x40000010000}) 17:05:03 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000200)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in6=@ipv4={'\x00', '\xff\xff', @broadcast}, 0x0, 0x32}, @in=@dev, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x11}, {}, {}, 0x0, 0x0, 0xa, 0xd104, 0x0, 0x24}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0) 17:05:03 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000580)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = socket$inet(0x10, 0x3, 0x0) sendmsg(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000400)="24000007260007031dfffd946fa2830020200a0009000000001d85680c1ba3a20400ff7e280000001c00ffffba16a0aa1c0009b3ebcd774a3c374a095dca5285307eadea8653a1cc7e63975c", 0x4c}], 0x1}, 0x0) 17:05:03 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000100)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1000002, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod$loop(&(0x7f00000000c0)='./file0\x00', 0x6000, 0x1) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f0000000100)=@filename='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='ext2\x00', 0xf, 0x0) [ 607.663273][T16967] EXT4-fs (loop7): VFS: Can't find ext4 filesystem [ 607.690678][T16974] EXT4-fs (loop7): VFS: Can't find ext4 filesystem [ 607.713082][ T1034] loop2: p1 p2 p3 p4 [ 607.719961][ T1034] loop2: p1 start 10 is beyond EOD, truncated [ 607.726127][ T1034] loop2: p2 size 1073872896 extends beyond EOD, truncated [ 607.753047][ T1034] loop2: p3 start 225 is beyond EOD, truncated 17:05:03 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.events\x00', 0xb00000000065808, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000140)) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(r2, &(0x7f0000000000), 0xb1d000) ioctl$FITRIM(r0, 0x4030582b, &(0x7f0000000080)={0x0, 0x800004, 0x40000010000}) [ 607.759268][ T1034] loop2: p4 size 3657465856 extends beyond EOD, truncated [ 607.785179][T16992] FAULT_INJECTION: forcing a failure. [ 607.785179][T16992] name failslab, interval 1, probability 0, space 0, times 0 [ 607.798173][T16992] CPU: 1 PID: 16992 Comm: syz-executor.4 Not tainted 5.12.0-syzkaller #0 [ 607.806590][T16992] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 607.816658][T16992] Call Trace: [ 607.819934][T16992] dump_stack+0x137/0x19d [ 607.824280][T16992] should_fail+0x23c/0x250 [ 607.828706][T16992] ? mempool_alloc_slab+0x16/0x20 [ 607.833744][T16992] __should_failslab+0x81/0x90 [ 607.838572][T16992] should_failslab+0x5/0x20 [ 607.843082][T16992] kmem_cache_alloc+0x46/0x2f0 [ 607.847903][T16992] mempool_alloc_slab+0x16/0x20 [ 607.852846][T16992] ? mempool_free+0x130/0x130 [ 607.855341][T16990] EXT4-fs (loop7): VFS: Can't find ext4 filesystem [ 607.857526][T16992] mempool_alloc+0x8c/0x300 [ 607.868520][T16992] ? percpu_counter_add_batch+0x69/0xd0 [ 607.874063][T16992] ? iov_iter_npages+0x9a0/0xa00 [ 607.878994][T16992] ? iov_iter_alignment+0x7b2/0x800 [ 607.884240][T16992] ? ext4_es_lookup_extent+0x36b/0x490 [ 607.889783][T16992] bio_alloc_bioset+0xcc/0x480 [ 607.894544][T16992] iomap_dio_bio_actor+0x511/0xb50 [ 607.899649][T16992] iomap_dio_actor+0x26e/0x3b0 [ 607.904460][T16992] ? __filemap_fdatawait_range+0x17c/0x1b0 [ 607.910323][T16992] iomap_apply+0x1e2/0x400 [ 607.914725][T16992] __iomap_dio_rw+0x5af/0xad0 [ 607.919405][T16992] ? __iomap_dio_rw+0xad0/0xad0 [ 607.924266][T16992] iomap_dio_rw+0x30/0x70 [ 607.928623][T16992] ext4_file_read_iter+0x21a/0x290 [ 607.933811][T16992] generic_file_splice_read+0x22a/0x310 [ 607.939375][T16992] ? splice_shrink_spd+0x60/0x60 [ 607.944397][T16992] splice_direct_to_actor+0x2aa/0x650 [ 607.949755][T16992] ? do_splice_direct+0x170/0x170 [ 607.954775][T16992] do_splice_direct+0xf5/0x170 [ 607.959594][T16992] do_sendfile+0x773/0xda0 [ 607.964066][T16992] __x64_sys_sendfile64+0xf2/0x130 [ 607.969161][T16992] do_syscall_64+0x4a/0x90 [ 607.973564][T16992] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 607.979450][T16992] RIP: 0033:0x4665f9 [ 607.983336][T16992] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 608.002931][T16992] RSP: 002b:00007f66db8d7188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 608.011325][T16992] RAX: ffffffffffffffda RBX: 000000000056c008 RCX: 00000000004665f9 [ 608.019279][T16992] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000003 [ 608.027233][T16992] RBP: 00007f66db8d71d0 R08: 0000000000000000 R09: 0000000000000000 [ 608.035186][T16992] R10: 00008080ffffff7e R11: 0000000000000246 R12: 0000000000000002 [ 608.043141][T16992] R13: 00007ffc1c86f7ef R14: 00007f66db8d7300 R15: 0000000000022000 [ 608.069231][ T1034] loop2: p1 p2 p3 p4 [ 608.073700][ T1034] loop2: p1 start 10 is beyond EOD, truncated [ 608.079816][ T1034] loop2: p2 size 1073872896 extends beyond EOD, truncated [ 608.096817][ T1034] loop2: p3 start 225 is beyond EOD, truncated [ 608.103125][ T1034] loop2: p4 size 3657465856 extends beyond EOD, truncated 17:05:04 executing program 4 (fault-call:11 fault-nth:53): prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x6}, 0x0) r0 = open(&(0x7f00000001c0)='./bus\x00', 0x145842, 0x0) r1 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0) lseek(r1, 0x4200, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r3, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r2, &(0x7f0000000000), 0x10000}]) r4 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r1, r4, 0x0, 0x8400fffffffb) sendfile(r0, r0, 0x0, 0x8080ffffff7e) 17:05:04 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000200)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in6=@ipv4={'\x00', '\xff\xff', @broadcast}, 0x0, 0x32}, @in=@dev, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x12}, {}, {}, 0x0, 0x0, 0xa, 0xd104, 0x0, 0x24}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0) 17:05:04 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000580)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = socket$inet(0x10, 0x3, 0x0) sendmsg(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000400)="24000008260007031dfffd946fa2830020200a0009000000001d85680c1ba3a20400ff7e280000001c00ffffba16a0aa1c0009b3ebcd774a3c374a095dca5285307eadea8653a1cc7e63975c", 0x4c}], 0x1}, 0x0) 17:05:04 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000100)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1000002, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod$loop(&(0x7f00000000c0)='./file0\x00', 0x6000, 0x1) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f0000000100)=@filename='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='ext2\x00', 0x10, 0x0) 17:05:04 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.events\x00', 0xb00000000065808, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000140)) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(r2, &(0x7f0000000000), 0xb1d000) ioctl$FITRIM(r0, 0x4030582b, &(0x7f0000000080)={0x0, 0x800004, 0x40000010000}) 17:05:04 executing program 0: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x275a, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.events\x00', 0xb00000000065808, 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f0000000140)) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(r1, &(0x7f0000000000), 0xb1d000) ioctl$FITRIM(0xffffffffffffffff, 0x4030582b, &(0x7f0000000080)={0x0, 0x800004, 0x40000010000}) 17:05:04 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000200)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in6=@ipv4={'\x00', '\xff\xff', @broadcast}, 0x0, 0x32}, @in=@dev, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x14}, {}, {}, 0x0, 0x0, 0xa, 0xd104, 0x0, 0x24}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0) 17:05:04 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000100)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1000002, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod$loop(&(0x7f00000000c0)='./file0\x00', 0x6000, 0x1) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f0000000100)=@filename='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='ext2\x00', 0x11, 0x0) 17:05:04 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000580)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = socket$inet(0x10, 0x3, 0x0) sendmsg(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000400)="24000009260007031dfffd946fa2830020200a0009000000001d85680c1ba3a20400ff7e280000001c00ffffba16a0aa1c0009b3ebcd774a3c374a095dca5285307eadea8653a1cc7e63975c", 0x4c}], 0x1}, 0x0) 17:05:04 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0xb00000000065808, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000140)) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(r2, &(0x7f0000000000), 0xb1d000) ioctl$FITRIM(r0, 0x4030582b, &(0x7f0000000080)={0x0, 0x800004, 0x40000010000}) [ 608.644890][T17021] EXT4-fs (loop7): VFS: Can't find ext4 filesystem [ 608.664317][T17029] EXT4-fs (loop7): VFS: Can't find ext4 filesystem 17:05:04 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000200)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in6=@ipv4={'\x00', '\xff\xff', @broadcast}, 0x0, 0x32}, @in=@dev, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x17}, {}, {}, 0x0, 0x0, 0xa, 0xd104, 0x0, 0x24}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0) [ 608.705592][ T1034] loop2: p1 p2 p3 p4 [ 608.715972][ T1034] loop2: p1 start 10 is beyond EOD, truncated [ 608.722149][ T1034] loop2: p2 size 1073872896 extends beyond EOD, truncated [ 608.758443][T17049] FAULT_INJECTION: forcing a failure. [ 608.758443][T17049] name failslab, interval 1, probability 0, space 0, times 0 [ 608.771104][T17049] CPU: 0 PID: 17049 Comm: syz-executor.4 Not tainted 5.12.0-syzkaller #0 [ 608.779519][T17049] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 608.789633][T17049] Call Trace: [ 608.792907][T17049] dump_stack+0x137/0x19d [ 608.797245][T17049] should_fail+0x23c/0x250 [ 608.801670][T17049] ? mempool_alloc_slab+0x16/0x20 [ 608.806679][T17048] EXT4-fs (loop7): VFS: Can't find ext4 filesystem [ 608.806702][T17049] __should_failslab+0x81/0x90 [ 608.816140][T17052] EXT4-fs (loop7): VFS: Can't find ext4 filesystem [ 608.817936][T17049] should_failslab+0x5/0x20 [ 608.817993][T17049] kmem_cache_alloc+0x46/0x2f0 [ 608.833766][T17049] mempool_alloc_slab+0x16/0x20 [ 608.838676][T17049] ? mempool_free+0x130/0x130 [ 608.843365][T17049] mempool_alloc+0x8c/0x300 [ 608.847860][T17049] ? percpu_counter_add_batch+0x69/0xd0 [ 608.853425][T17049] ? iov_iter_npages+0x9a0/0xa00 [ 608.858388][T17049] ? iov_iter_alignment+0x7b2/0x800 [ 608.863627][T17049] ? ext4_es_lookup_extent+0x36b/0x490 [ 608.869081][T17049] bio_alloc_bioset+0xcc/0x480 [ 608.873902][T17049] iomap_dio_bio_actor+0x511/0xb50 [ 608.879000][T17049] iomap_dio_actor+0x26e/0x3b0 [ 608.883835][T17049] ? __filemap_fdatawait_range+0x17c/0x1b0 [ 608.889692][T17049] iomap_apply+0x1e2/0x400 [ 608.894095][T17049] __iomap_dio_rw+0x5af/0xad0 [ 608.898753][T17049] ? __iomap_dio_rw+0xad0/0xad0 [ 608.903642][T17049] iomap_dio_rw+0x30/0x70 [ 608.907972][T17049] ext4_file_read_iter+0x21a/0x290 [ 608.913162][T17049] generic_file_splice_read+0x22a/0x310 [ 608.918726][T17049] ? splice_shrink_spd+0x60/0x60 [ 608.923839][T17049] splice_direct_to_actor+0x2aa/0x650 [ 608.929240][T17049] ? do_splice_direct+0x170/0x170 [ 608.934293][T17049] do_splice_direct+0xf5/0x170 [ 608.939105][T17049] do_sendfile+0x773/0xda0 [ 608.943509][T17049] __x64_sys_sendfile64+0xf2/0x130 [ 608.948605][T17049] do_syscall_64+0x4a/0x90 [ 608.953006][T17049] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 608.958964][T17049] RIP: 0033:0x4665f9 [ 608.962841][T17049] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 608.982445][T17049] RSP: 002b:00007f66db8d7188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 608.990926][T17049] RAX: ffffffffffffffda RBX: 000000000056c008 RCX: 00000000004665f9 [ 608.998993][T17049] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000003 17:05:04 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000100)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1000002, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod$loop(&(0x7f00000000c0)='./file0\x00', 0x6000, 0x1) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f0000000100)=@filename='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='ext2\x00', 0x12, 0x0) [ 609.006948][T17049] RBP: 00007f66db8d71d0 R08: 0000000000000000 R09: 0000000000000000 [ 609.014941][T17049] R10: 00008080ffffff7e R11: 0000000000000246 R12: 0000000000000002 [ 609.022941][T17049] R13: 00007ffc1c86f7ef R14: 00007f66db8d7300 R15: 0000000000022000 [ 609.039545][ T1034] loop2: p3 start 225 is beyond EOD, truncated [ 609.045811][ T1034] loop2: p4 size 3657465856 extends beyond EOD, truncated [ 609.080777][ T1034] loop2: p1 p2 p3 p4 [ 609.084998][ T1034] loop2: p1 start 10 is beyond EOD, truncated [ 609.091102][ T1034] loop2: p2 size 1073872896 extends beyond EOD, truncated [ 609.098865][ T1034] loop2: p3 start 225 is beyond EOD, truncated [ 609.105026][ T1034] loop2: p4 size 3657465856 extends beyond EOD, truncated [ 609.119243][T17062] EXT4-fs (loop7): VFS: Can't find ext4 filesystem [ 609.126513][T17067] EXT4-fs (loop7): VFS: Can't find ext4 filesystem 17:05:05 executing program 4 (fault-call:11 fault-nth:54): prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x6}, 0x0) r0 = open(&(0x7f00000001c0)='./bus\x00', 0x145842, 0x0) r1 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0) lseek(r1, 0x4200, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r3, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r2, &(0x7f0000000000), 0x10000}]) r4 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r1, r4, 0x0, 0x8400fffffffb) sendfile(r0, r0, 0x0, 0x8080ffffff7e) 17:05:05 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000580)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = socket$inet(0x10, 0x3, 0x0) sendmsg(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000400)="2400000a260007031dfffd946fa2830020200a0009000000001d85680c1ba3a20400ff7e280000001c00ffffba16a0aa1c0009b3ebcd774a3c374a095dca5285307eadea8653a1cc7e63975c", 0x4c}], 0x1}, 0x0) 17:05:05 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000200)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in6=@ipv4={'\x00', '\xff\xff', @broadcast}, 0x0, 0x32}, @in=@dev, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x300}, {}, {}, 0x0, 0x0, 0xa, 0xd104, 0x0, 0x24}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0) 17:05:05 executing program 0: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x275a, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.events\x00', 0xb00000000065808, 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f0000000140)) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(r1, &(0x7f0000000000), 0xb1d000) ioctl$FITRIM(0xffffffffffffffff, 0x4030582b, &(0x7f0000000080)={0x0, 0x800004, 0x40000010000}) 17:05:05 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0xb00000000065808, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000140)) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(r2, &(0x7f0000000000), 0xb1d000) ioctl$FITRIM(r0, 0x4030582b, &(0x7f0000000080)={0x0, 0x800004, 0x40000010000}) 17:05:05 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000100)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1000002, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod$loop(&(0x7f00000000c0)='./file0\x00', 0x6000, 0x1) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f0000000100)=@filename='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='ext2\x00', 0x25, 0x0) 17:05:05 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000100)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1000002, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod$loop(&(0x7f00000000c0)='./file0\x00', 0x6000, 0x1) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f0000000100)=@filename='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='ext2\x00', 0x48, 0x0) 17:05:05 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000200)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in6=@ipv4={'\x00', '\xff\xff', @broadcast}, 0x0, 0x32}, @in=@dev, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x500}, {}, {}, 0x0, 0x0, 0xa, 0xd104, 0x0, 0x24}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0) 17:05:05 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000580)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = socket$inet(0x10, 0x3, 0x0) sendmsg(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000400)="2400000b260007031dfffd946fa2830020200a0009000000001d85680c1ba3a20400ff7e280000001c00ffffba16a0aa1c0009b3ebcd774a3c374a095dca5285307eadea8653a1cc7e63975c", 0x4c}], 0x1}, 0x0) [ 609.741825][ T1034] loop2: p1 p2 p3 p4 [ 609.741993][T17098] EXT4-fs (loop7): VFS: Can't find ext4 filesystem [ 609.749634][ T1034] loop2: p1 start 10 is beyond EOD, truncated [ 609.758703][ T1034] loop2: p2 size 1073872896 extends beyond EOD, truncated [ 609.780066][ T1034] loop2: p3 start 225 is beyond EOD, truncated [ 609.786273][ T1034] loop2: p4 size 3657465856 extends beyond EOD, truncated [ 609.795561][T17104] FAULT_INJECTION: forcing a failure. [ 609.795561][T17104] name failslab, interval 1, probability 0, space 0, times 0 [ 609.806357][T17100] EXT4-fs (loop7): VFS: Can't find ext4 filesystem [ 609.808319][T17104] CPU: 1 PID: 17104 Comm: syz-executor.4 Not tainted 5.12.0-syzkaller #0 [ 609.823069][T17104] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 609.833132][T17104] Call Trace: [ 609.836395][T17104] dump_stack+0x137/0x19d [ 609.840755][T17104] should_fail+0x23c/0x250 [ 609.845158][T17104] ? mempool_alloc_slab+0x16/0x20 [ 609.850168][T17104] __should_failslab+0x81/0x90 [ 609.854916][T17104] should_failslab+0x5/0x20 [ 609.859407][T17104] kmem_cache_alloc+0x46/0x2f0 [ 609.864171][T17104] mempool_alloc_slab+0x16/0x20 [ 609.869007][T17104] ? mempool_free+0x130/0x130 [ 609.873724][T17104] mempool_alloc+0x8c/0x300 [ 609.878210][T17104] ? percpu_counter_add_batch+0x69/0xd0 [ 609.883744][T17104] ? iov_iter_npages+0x9a0/0xa00 [ 609.888671][T17104] ? iov_iter_alignment+0x7b2/0x800 [ 609.893874][T17104] ? ext4_es_lookup_extent+0x36b/0x490 [ 609.899338][T17104] bio_alloc_bioset+0xcc/0x480 [ 609.904104][T17104] iomap_dio_bio_actor+0x511/0xb50 [ 609.909266][T17104] iomap_dio_actor+0x26e/0x3b0 [ 609.914015][T17104] ? __filemap_fdatawait_range+0x17c/0x1b0 [ 609.919816][T17104] iomap_apply+0x1e2/0x400 [ 609.924213][T17104] __iomap_dio_rw+0x5af/0xad0 [ 609.929013][T17104] ? __iomap_dio_rw+0xad0/0xad0 [ 609.933850][T17104] iomap_dio_rw+0x30/0x70 [ 609.938164][T17104] ext4_file_read_iter+0x21a/0x290 [ 609.943260][T17104] generic_file_splice_read+0x22a/0x310 [ 609.948790][T17104] ? splice_shrink_spd+0x60/0x60 [ 609.953736][T17104] splice_direct_to_actor+0x2aa/0x650 [ 609.959090][T17104] ? do_splice_direct+0x170/0x170 [ 609.964098][T17104] do_splice_direct+0xf5/0x170 [ 609.968869][T17104] do_sendfile+0x773/0xda0 [ 609.973277][T17104] __x64_sys_sendfile64+0xf2/0x130 [ 609.978374][T17104] do_syscall_64+0x4a/0x90 [ 609.982802][T17104] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 609.988789][T17104] RIP: 0033:0x4665f9 [ 609.992684][T17104] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 610.012292][T17104] RSP: 002b:00007f66db8d7188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 610.020709][T17104] RAX: ffffffffffffffda RBX: 000000000056c008 RCX: 00000000004665f9 [ 610.028736][T17104] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000003 17:05:05 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000200)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in6=@ipv4={'\x00', '\xff\xff', @broadcast}, 0x0, 0x32}, @in=@dev, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x600}, {}, {}, 0x0, 0x0, 0xa, 0xd104, 0x0, 0x24}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0) 17:05:05 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000100)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1000002, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod$loop(&(0x7f00000000c0)='./file0\x00', 0x6000, 0x1) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f0000000100)=@filename='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='ext2\x00', 0x4c, 0x0) [ 610.036688][T17104] RBP: 00007f66db8d71d0 R08: 0000000000000000 R09: 0000000000000000 [ 610.044644][T17104] R10: 00008080ffffff7e R11: 0000000000000246 R12: 0000000000000002 [ 610.052620][T17104] R13: 00007ffc1c86f7ef R14: 00007f66db8d7300 R15: 0000000000022000 17:05:05 executing program 0: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.events\x00', 0xb00000000065808, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000140)) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(r2, &(0x7f0000000000), 0xb1d000) ioctl$FITRIM(r0, 0x4030582b, 0x0) [ 610.138222][T17118] EXT4-fs (loop7): VFS: Can't find ext4 filesystem [ 610.145889][ T1034] loop2: p1 p2 p3 p4 [ 610.150456][ T1034] loop2: p1 start 10 is beyond EOD, truncated [ 610.154524][T17121] EXT4-fs (loop7): VFS: Can't find ext4 filesystem [ 610.156631][ T1034] loop2: p2 size 1073872896 extends beyond EOD, truncated [ 610.177853][ T1034] loop2: p3 start 225 is beyond EOD, truncated [ 610.184149][ T1034] loop2: p4 size 3657465856 extends beyond EOD, truncated 17:05:06 executing program 4 (fault-call:11 fault-nth:55): prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x6}, 0x0) r0 = open(&(0x7f00000001c0)='./bus\x00', 0x145842, 0x0) r1 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0) lseek(r1, 0x4200, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r3, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r2, &(0x7f0000000000), 0x10000}]) r4 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r1, r4, 0x0, 0x8400fffffffb) sendfile(r0, r0, 0x0, 0x8080ffffff7e) 17:05:06 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0xb00000000065808, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000140)) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(r2, &(0x7f0000000000), 0xb1d000) ioctl$FITRIM(r0, 0x4030582b, &(0x7f0000000080)={0x0, 0x800004, 0x40000010000}) 17:05:06 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000580)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = socket$inet(0x10, 0x3, 0x0) sendmsg(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000400)="2400000c260007031dfffd946fa2830020200a0009000000001d85680c1ba3a20400ff7e280000001c00ffffba16a0aa1c0009b3ebcd774a3c374a095dca5285307eadea8653a1cc7e63975c", 0x4c}], 0x1}, 0x0) 17:05:06 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000200)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in6=@ipv4={'\x00', '\xff\xff', @broadcast}, 0x0, 0x32}, @in=@dev, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x680}, {}, {}, 0x0, 0x0, 0xa, 0xd104, 0x0, 0x24}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0) 17:05:06 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000100)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1000002, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod$loop(&(0x7f00000000c0)='./file0\x00', 0x6000, 0x1) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f0000000100)=@filename='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='ext2\x00', 0x60, 0x0) 17:05:06 executing program 0: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.events\x00', 0xb00000000065808, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000140)) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(r2, &(0x7f0000000000), 0xb1d000) ioctl$FITRIM(r0, 0x4030582b, 0x0) 17:05:06 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000100)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1000002, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod$loop(&(0x7f00000000c0)='./file0\x00', 0x6000, 0x1) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f0000000100)=@filename='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='ext2\x00', 0x68, 0x0) 17:05:06 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000200)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in6=@ipv4={'\x00', '\xff\xff', @broadcast}, 0x0, 0x32}, @in=@dev, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x700}, {}, {}, 0x0, 0x0, 0xa, 0xd104, 0x0, 0x24}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0) 17:05:06 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000580)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = socket$inet(0x10, 0x3, 0x0) sendmsg(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000400)="2400000d260007031dfffd946fa2830020200a0009000000001d85680c1ba3a20400ff7e280000001c00ffffba16a0aa1c0009b3ebcd774a3c374a095dca5285307eadea8653a1cc7e63975c", 0x4c}], 0x1}, 0x0) 17:05:06 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000100)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1000002, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod$loop(&(0x7f00000000c0)='./file0\x00', 0x6000, 0x1) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f0000000100)=@filename='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='ext2\x00', 0x6c, 0x0) [ 610.723886][T17163] FAULT_INJECTION: forcing a failure. [ 610.723886][T17163] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 610.737323][T17163] CPU: 1 PID: 17163 Comm: syz-executor.4 Not tainted 5.12.0-syzkaller #0 [ 610.738805][ T1034] loop2: p1 p2 p3 p4 [ 610.745832][T17163] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 610.745845][T17163] Call Trace: [ 610.745853][T17163] dump_stack+0x137/0x19d [ 610.765012][ T1034] loop2: p1 start 10 is beyond EOD, [ 610.767520][T17163] should_fail+0x23c/0x250 [ 610.767545][T17163] __alloc_pages+0x102/0x320 [ 610.772874][ T1034] truncated [ 610.777231][T17163] alloc_pages+0x21d/0x310 [ 610.781828][ T1034] loop2: p2 size 1073872896 extends beyond EOD, [ 610.784902][T17163] push_pipe+0x267/0x370 [ 610.789326][ T1034] truncated [ 610.795593][T17163] iov_iter_get_pages+0xb39/0xcc0 [ 610.804460][ T1034] loop2: p3 start 225 is beyond EOD, [ 610.807906][T17163] bio_iov_iter_get_pages+0x55f/0xa70 [ 610.807923][ T1034] truncated 17:05:06 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000200)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in6=@ipv4={'\x00', '\xff\xff', @broadcast}, 0x0, 0x32}, @in=@dev, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x900}, {}, {}, 0x0, 0x0, 0xa, 0xd104, 0x0, 0x24}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0) [ 610.807936][T17163] iomap_dio_bio_actor+0x673/0xb50 [ 610.807954][T17163] iomap_dio_actor+0x26e/0x3b0 [ 610.813337][ T1034] loop2: p4 size 3657465856 extends beyond EOD, [ 610.818657][T17163] ? __filemap_fdatawait_range+0x17c/0x1b0 [ 610.818679][T17163] iomap_apply+0x1e2/0x400 [ 610.821769][ T1034] truncated [ 610.851274][T17163] __iomap_dio_rw+0x5af/0xad0 [ 610.855960][T17163] ? __iomap_dio_rw+0xad0/0xad0 [ 610.861039][T17163] iomap_dio_rw+0x30/0x70 [ 610.865379][T17163] ext4_file_read_iter+0x21a/0x290 [ 610.870504][T17163] generic_file_splice_read+0x22a/0x310 [ 610.876121][T17163] ? splice_shrink_spd+0x60/0x60 [ 610.881166][T17163] splice_direct_to_actor+0x2aa/0x650 [ 610.886682][T17163] ? do_splice_direct+0x170/0x170 [ 610.891783][T17163] do_splice_direct+0xf5/0x170 [ 610.896545][T17163] do_sendfile+0x773/0xda0 [ 610.901047][T17163] __x64_sys_sendfile64+0xf2/0x130 [ 610.906155][T17163] do_syscall_64+0x4a/0x90 [ 610.910565][T17163] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 610.916526][T17163] RIP: 0033:0x4665f9 [ 610.920410][T17163] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 610.940098][T17163] RSP: 002b:00007f66db8d7188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 610.948580][T17163] RAX: ffffffffffffffda RBX: 000000000056c008 RCX: 00000000004665f9 [ 610.956567][T17163] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000003 [ 610.964546][T17163] RBP: 00007f66db8d71d0 R08: 0000000000000000 R09: 0000000000000000 [ 610.972517][T17163] R10: 00008080ffffff7e R11: 0000000000000246 R12: 0000000000000002 [ 610.980486][T17163] R13: 00007ffc1c86f7ef R14: 00007f66db8d7300 R15: 0000000000022000 17:05:06 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x275a, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.events\x00', 0xb00000000065808, 0x0) ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, &(0x7f0000000140)) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(r1, &(0x7f0000000000), 0xb1d000) ioctl$FITRIM(r0, 0x4030582b, &(0x7f0000000080)={0x0, 0x800004, 0x40000010000}) [ 611.097367][ T1034] loop2: p1 p2 p3 p4 [ 611.103486][ T1034] loop2: p1 start 10 is beyond EOD, truncated [ 611.109693][ T1034] loop2: p2 size 1073872896 extends beyond EOD, truncated [ 611.121996][ T1034] loop2: p3 start 225 is beyond EOD, truncated [ 611.128334][ T1034] loop2: p4 size 3657465856 extends beyond EOD, truncated 17:05:07 executing program 4 (fault-call:11 fault-nth:56): prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x6}, 0x0) r0 = open(&(0x7f00000001c0)='./bus\x00', 0x145842, 0x0) r1 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0) lseek(r1, 0x4200, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r3, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r2, &(0x7f0000000000), 0x10000}]) r4 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r1, r4, 0x0, 0x8400fffffffb) sendfile(r0, r0, 0x0, 0x8080ffffff7e) 17:05:07 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000100)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1000002, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod$loop(&(0x7f00000000c0)='./file0\x00', 0x6000, 0x1) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f0000000100)=@filename='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='ext2\x00', 0x74, 0x0) 17:05:07 executing program 0: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.events\x00', 0xb00000000065808, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000140)) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(r2, &(0x7f0000000000), 0xb1d000) ioctl$FITRIM(r0, 0x4030582b, 0x0) 17:05:07 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000200)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in6=@ipv4={'\x00', '\xff\xff', @broadcast}, 0x0, 0x32}, @in=@dev, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa00}, {}, {}, 0x0, 0x0, 0xa, 0xd104, 0x0, 0x24}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0) 17:05:07 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000580)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = socket$inet(0x10, 0x3, 0x0) sendmsg(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000400)="2400000e260007031dfffd946fa2830020200a0009000000001d85680c1ba3a20400ff7e280000001c00ffffba16a0aa1c0009b3ebcd774a3c374a095dca5285307eadea8653a1cc7e63975c", 0x4c}], 0x1}, 0x0) 17:05:07 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x275a, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.events\x00', 0xb00000000065808, 0x0) ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, &(0x7f0000000140)) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(r1, &(0x7f0000000000), 0xb1d000) ioctl$FITRIM(r0, 0x4030582b, &(0x7f0000000080)={0x0, 0x800004, 0x40000010000}) 17:05:07 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000100)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1000002, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod$loop(&(0x7f00000000c0)='./file0\x00', 0x6000, 0x1) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f0000000100)=@filename='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='ext2\x00', 0x7a, 0x0) 17:05:07 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000200)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in6=@ipv4={'\x00', '\xff\xff', @broadcast}, 0x0, 0x32}, @in=@dev, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb00}, {}, {}, 0x0, 0x0, 0xa, 0xd104, 0x0, 0x24}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0) 17:05:07 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000580)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = socket$inet(0x10, 0x3, 0x0) sendmsg(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000400)="24000010260007031dfffd946fa2830020200a0009000000001d85680c1ba3a20400ff7e280000001c00ffffba16a0aa1c0009b3ebcd774a3c374a095dca5285307eadea8653a1cc7e63975c", 0x4c}], 0x1}, 0x0) 17:05:07 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000100)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1000002, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod$loop(&(0x7f00000000c0)='./file0\x00', 0x6000, 0x1) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f0000000100)=@filename='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='ext2\x00', 0x204, 0x0) [ 611.689799][ T1034] loop2: p1 p2 p3 p4 [ 611.693894][ T1034] loop2: p1 start 10 is beyond EOD, truncated [ 611.700071][ T1034] loop2: p2 size 1073872896 extends beyond EOD, truncated [ 611.724640][ T1034] loop2: p3 start 225 is beyond EOD, truncated [ 611.730861][ T1034] loop2: p4 size 3657465856 extends beyond EOD, truncated [ 611.780873][T17234] FAULT_INJECTION: forcing a failure. [ 611.780873][T17234] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 611.794200][T17234] CPU: 0 PID: 17234 Comm: syz-executor.4 Not tainted 5.12.0-syzkaller #0 [ 611.802773][T17234] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 611.812857][T17234] Call Trace: [ 611.816154][T17234] dump_stack+0x137/0x19d [ 611.820560][T17234] should_fail+0x23c/0x250 [ 611.824987][T17234] __alloc_pages+0x102/0x320 [ 611.829583][T17234] alloc_pages+0x21d/0x310 [ 611.834062][T17234] push_pipe+0x267/0x370 [ 611.838317][T17234] iov_iter_get_pages+0xb39/0xcc0 [ 611.843403][T17234] bio_iov_iter_get_pages+0x55f/0xa70 [ 611.846189][T17243] EXT4-fs (loop7): VFS: Can't find ext4 filesystem [ 611.848775][T17234] iomap_dio_bio_actor+0x673/0xb50 [ 611.848803][T17234] iomap_dio_actor+0x26e/0x3b0 [ 611.865125][T17234] ? __filemap_fdatawait_range+0x17c/0x1b0 [ 611.870959][T17234] iomap_apply+0x1e2/0x400 [ 611.875377][T17234] __iomap_dio_rw+0x5af/0xad0 [ 611.880066][T17234] ? __iomap_dio_rw+0xad0/0xad0 [ 611.885016][T17234] iomap_dio_rw+0x30/0x70 [ 611.889352][T17234] ext4_file_read_iter+0x21a/0x290 [ 611.891311][ T1034] loop2: p1 p2 p3 p4 [ 611.894555][T17234] generic_file_splice_read+0x22a/0x310 [ 611.894581][T17234] ? splice_shrink_spd+0x60/0x60 [ 611.894602][T17234] splice_direct_to_actor+0x2aa/0x650 [ 611.899369][ T1034] loop2: p1 start 10 is beyond EOD, [ 611.904122][T17234] ? do_splice_direct+0x170/0x170 [ 611.904145][T17234] do_splice_direct+0xf5/0x170 [ 611.904193][T17234] do_sendfile+0x773/0xda0 [ 611.904207][T17234] __x64_sys_sendfile64+0xf2/0x130 [ 611.904222][T17234] do_syscall_64+0x4a/0x90 [ 611.904239][T17234] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 611.909168][ T1034] truncated [ 611.914496][T17234] RIP: 0033:0x4665f9 [ 611.919767][ T1034] loop2: p2 size 1073872896 extends beyond EOD, 17:05:07 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000580)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = socket$inet(0x10, 0x3, 0x0) sendmsg(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000400)="24000011260007031dfffd946fa2830020200a0009000000001d85680c1ba3a20400ff7e280000001c00ffffba16a0aa1c0009b3ebcd774a3c374a095dca5285307eadea8653a1cc7e63975c", 0x4c}], 0x1}, 0x0) 17:05:07 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x275a, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.events\x00', 0xb00000000065808, 0x0) ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, &(0x7f0000000140)) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(r1, &(0x7f0000000000), 0xb1d000) ioctl$FITRIM(r0, 0x4030582b, &(0x7f0000000080)={0x0, 0x800004, 0x40000010000}) [ 611.924755][T17234] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 611.929504][ T1034] truncated [ 611.933909][T17234] RSP: 002b:00007f66db8d7188 EFLAGS: 00000246 [ 611.941324][ T1034] loop2: p3 start 225 is beyond EOD, [ 611.943416][T17234] ORIG_RAX: 0000000000000028 [ 611.943426][T17234] RAX: ffffffffffffffda RBX: 000000000056c008 RCX: 00000000004665f9 [ 611.949324][ T1034] truncated [ 611.952395][T17234] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000003 [ 611.956265][ T1034] loop2: p4 size 3657465856 extends beyond EOD, [ 611.962565][T17234] RBP: 00007f66db8d71d0 R08: 0000000000000000 R09: 0000000000000000 [ 611.962578][T17234] R10: 00008080ffffff7e R11: 0000000000000246 R12: 0000000000000002 [ 611.962592][T17234] R13: 00007ffc1c86f7ef R14: 00007f66db8d7300 R15: 0000000000022000 [ 611.982181][ T1034] truncated [ 612.079017][T17245] EXT4-fs (loop7): VFS: Can't find ext4 filesystem [ 612.117562][ T1034] loop2: p1 p2 p3 p4 [ 612.122268][ T1034] loop2: p1 start 10 is beyond EOD, truncated [ 612.128496][ T1034] loop2: p2 size 1073872896 extends beyond EOD, truncated [ 612.136477][ T1034] loop2: p3 start 225 is beyond EOD, truncated [ 612.143056][ T1034] loop2: p4 size 3657465856 extends beyond EOD, truncated 17:05:08 executing program 4 (fault-call:11 fault-nth:57): prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x6}, 0x0) r0 = open(&(0x7f00000001c0)='./bus\x00', 0x145842, 0x0) r1 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0) lseek(r1, 0x4200, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r3, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r2, &(0x7f0000000000), 0x10000}]) r4 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r1, r4, 0x0, 0x8400fffffffb) sendfile(r0, r0, 0x0, 0x8080ffffff7e) 17:05:08 executing program 0: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.events\x00', 0xb00000000065808, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000140)) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(r2, &(0x7f0000000000), 0xb1d000) ioctl$FITRIM(r0, 0x4030582b, &(0x7f0000000080)={0x0, 0x0, 0x40000010000}) 17:05:08 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000200)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in6=@ipv4={'\x00', '\xff\xff', @broadcast}, 0x0, 0x32}, @in=@dev, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc00}, {}, {}, 0x0, 0x0, 0xa, 0xd104, 0x0, 0x24}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0) 17:05:08 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000100)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1000002, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod$loop(&(0x7f00000000c0)='./file0\x00', 0x6000, 0x1) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f0000000100)=@filename='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='ext2\x00', 0x206, 0x0) 17:05:08 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000580)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = socket$inet(0x10, 0x3, 0x0) sendmsg(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000400)="24000012260007031dfffd946fa2830020200a0009000000001d85680c1ba3a20400ff7e280000001c00ffffba16a0aa1c0009b3ebcd774a3c374a095dca5285307eadea8653a1cc7e63975c", 0x4c}], 0x1}, 0x0) 17:05:08 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.events\x00', 0xb00000000065808, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(r2, &(0x7f0000000000), 0xb1d000) ioctl$FITRIM(r0, 0x4030582b, &(0x7f0000000080)={0x0, 0x800004, 0x40000010000}) 17:05:08 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000100)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1000002, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod$loop(&(0x7f00000000c0)='./file0\x00', 0x6000, 0x1) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f0000000100)=@filename='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='ext2\x00', 0x300, 0x0) 17:05:08 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000200)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in6=@ipv4={'\x00', '\xff\xff', @broadcast}, 0x0, 0x32}, @in=@dev, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd00}, {}, {}, 0x0, 0x0, 0xa, 0xd104, 0x0, 0x24}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0) 17:05:08 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000580)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = socket$inet(0x10, 0x3, 0x0) sendmsg(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000400)="24000025260007031dfffd946fa2830020200a0009000000001d85680c1ba3a20400ff7e280000001c00ffffba16a0aa1c0009b3ebcd774a3c374a095dca5285307eadea8653a1cc7e63975c", 0x4c}], 0x1}, 0x0) [ 612.621890][T17267] EXT4-fs (loop7): VFS: Can't find ext4 filesystem [ 612.650611][T17274] EXT4-fs (loop7): VFS: Can't find ext4 filesystem [ 612.715277][ T1034] loop2: p1 p2 p3 p4 [ 612.722185][ T1034] loop2: p1 start 10 is beyond EOD, truncated [ 612.728641][ T1034] loop2: p2 size 1073872896 extends beyond EOD, truncated [ 612.741661][T17292] FAULT_INJECTION: forcing a failure. [ 612.741661][T17292] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 612.752872][T17291] EXT4-fs (loop7): VFS: Can't find ext4 filesystem [ 612.754988][T17292] CPU: 0 PID: 17292 Comm: syz-executor.4 Not tainted 5.12.0-syzkaller #0 [ 612.769854][T17292] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 612.770760][ T1034] loop2: p3 start 225 is beyond EOD, [ 612.780009][T17292] Call Trace: [ 612.780019][T17292] dump_stack+0x137/0x19d [ 612.780042][T17292] should_fail+0x23c/0x250 [ 612.785406][ T1034] truncated [ 612.785412][ T1034] loop2: p4 size 3657465856 extends beyond EOD, [ 612.788671][T17292] __alloc_pages+0x102/0x320 [ 612.793000][ T1034] truncated [ 612.814456][T17292] alloc_pages+0x21d/0x310 [ 612.818863][T17292] push_pipe+0x267/0x370 [ 612.823095][T17292] iov_iter_get_pages+0xb39/0xcc0 [ 612.828107][T17292] bio_iov_iter_get_pages+0x55f/0xa70 [ 612.833699][T17292] iomap_dio_bio_actor+0x673/0xb50 [ 612.838857][T17292] iomap_dio_actor+0x26e/0x3b0 [ 612.843682][T17292] ? __filemap_fdatawait_range+0x17c/0x1b0 [ 612.849476][T17292] iomap_apply+0x1e2/0x400 [ 612.853876][T17292] __iomap_dio_rw+0x5af/0xad0 [ 612.858540][T17292] ? __iomap_dio_rw+0xad0/0xad0 [ 612.863408][T17292] iomap_dio_rw+0x30/0x70 [ 612.867800][T17292] ext4_file_read_iter+0x21a/0x290 [ 612.872925][T17292] generic_file_splice_read+0x22a/0x310 [ 612.878552][T17292] ? splice_shrink_spd+0x60/0x60 [ 612.883474][T17292] splice_direct_to_actor+0x2aa/0x650 [ 612.888832][T17292] ? do_splice_direct+0x170/0x170 [ 612.893844][T17292] do_splice_direct+0xf5/0x170 [ 612.898663][T17292] do_sendfile+0x773/0xda0 [ 612.903076][T17292] __x64_sys_sendfile64+0xf2/0x130 [ 612.908173][T17292] do_syscall_64+0x4a/0x90 [ 612.912602][T17292] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 612.918481][T17292] RIP: 0033:0x4665f9 [ 612.922360][T17292] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 612.942041][T17292] RSP: 002b:00007f66db8d7188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 612.950439][T17292] RAX: ffffffffffffffda RBX: 000000000056c008 RCX: 00000000004665f9 [ 612.958394][T17292] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000003 17:05:08 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000200)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in6=@ipv4={'\x00', '\xff\xff', @broadcast}, 0x0, 0x32}, @in=@dev, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe00}, {}, {}, 0x0, 0x0, 0xa, 0xd104, 0x0, 0x24}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0) 17:05:08 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.events\x00', 0xb00000000065808, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(r2, &(0x7f0000000000), 0xb1d000) ioctl$FITRIM(r0, 0x4030582b, &(0x7f0000000080)={0x0, 0x800004, 0x40000010000}) [ 612.966370][T17292] RBP: 00007f66db8d71d0 R08: 0000000000000000 R09: 0000000000000000 [ 612.974362][T17292] R10: 00008080ffffff7e R11: 0000000000000246 R12: 0000000000000002 [ 612.982319][T17292] R13: 00007ffc1c86f7ef R14: 00007f66db8d7300 R15: 0000000000022000 17:05:08 executing program 0: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.events\x00', 0xb00000000065808, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000140)) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(r2, &(0x7f0000000000), 0xb1d000) ioctl$FITRIM(r0, 0x4030582b, &(0x7f0000000080)={0x0, 0x0, 0x40000010000}) [ 613.067513][ T1034] loop2: p1 p2 p3 p4 [ 613.069057][T17295] EXT4-fs (loop7): VFS: Can't find ext4 filesystem [ 613.085507][ T1034] loop2: p1 start 10 is beyond EOD, truncated [ 613.091628][ T1034] loop2: p2 size 1073872896 extends beyond EOD, truncated [ 613.109044][ T1034] loop2: p3 start 225 is beyond EOD, truncated [ 613.115318][ T1034] loop2: p4 size 3657465856 extends beyond EOD, truncated 17:05:09 executing program 4 (fault-call:11 fault-nth:58): prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x6}, 0x0) r0 = open(&(0x7f00000001c0)='./bus\x00', 0x145842, 0x0) r1 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0) lseek(r1, 0x4200, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r3, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r2, &(0x7f0000000000), 0x10000}]) r4 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r1, r4, 0x0, 0x8400fffffffb) sendfile(r0, r0, 0x0, 0x8080ffffff7e) 17:05:09 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000580)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = socket$inet(0x10, 0x3, 0x0) sendmsg(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000400)="24000028260007031dfffd946fa2830020200a0009000000001d85680c1ba3a20400ff7e280000001c00ffffba16a0aa1c0009b3ebcd774a3c374a095dca5285307eadea8653a1cc7e63975c", 0x4c}], 0x1}, 0x0) 17:05:09 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000100)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1000002, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod$loop(&(0x7f00000000c0)='./file0\x00', 0x6000, 0x1) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f0000000100)=@filename='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='ext2\x00', 0x402, 0x0) 17:05:09 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000200)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in6=@ipv4={'\x00', '\xff\xff', @broadcast}, 0x0, 0x32}, @in=@dev, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1100}, {}, {}, 0x0, 0x0, 0xa, 0xd104, 0x0, 0x24}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0) 17:05:09 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.events\x00', 0xb00000000065808, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(r2, &(0x7f0000000000), 0xb1d000) ioctl$FITRIM(r0, 0x4030582b, &(0x7f0000000080)={0x0, 0x800004, 0x40000010000}) 17:05:09 executing program 0: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.events\x00', 0xb00000000065808, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000140)) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(r2, &(0x7f0000000000), 0xb1d000) ioctl$FITRIM(r0, 0x4030582b, &(0x7f0000000080)={0x0, 0x0, 0x40000010000}) 17:05:09 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000100)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1000002, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod$loop(&(0x7f00000000c0)='./file0\x00', 0x6000, 0x1) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f0000000100)=@filename='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='ext2\x00', 0x406, 0x0) 17:05:09 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000200)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in6=@ipv4={'\x00', '\xff\xff', @broadcast}, 0x0, 0x32}, @in=@dev, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1200}, {}, {}, 0x0, 0x0, 0xa, 0xd104, 0x0, 0x24}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0) 17:05:09 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000580)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = socket$inet(0x10, 0x3, 0x0) sendmsg(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000400)="24000048260007031dfffd946fa2830020200a0009000000001d85680c1ba3a20400ff7e280000001c00ffffba16a0aa1c0009b3ebcd774a3c374a095dca5285307eadea8653a1cc7e63975c", 0x4c}], 0x1}, 0x0) [ 613.625464][T17326] EXT4-fs (loop7): VFS: Can't find ext4 filesystem [ 613.643800][T17335] EXT4-fs (loop7): VFS: Can't find ext4 filesystem [ 613.690721][ T1034] loop2: p1 p2 p3 p4 [ 613.708811][ T1034] loop2: p1 start 10 is beyond EOD, truncated [ 613.715375][ T1034] loop2: p2 size 1073872896 extends beyond EOD, truncated [ 613.732627][T17350] FAULT_INJECTION: forcing a failure. [ 613.732627][T17350] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 613.736932][ T1034] loop2: p3 start 225 is beyond EOD, truncated [ 613.745885][T17350] CPU: 0 PID: 17350 Comm: syz-executor.4 Not tainted 5.12.0-syzkaller #0 [ 613.752047][ T1034] loop2: p4 size 3657465856 extends beyond EOD, [ 613.760410][T17350] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 613.760424][T17350] Call Trace: [ 613.760432][T17350] dump_stack+0x137/0x19d [ 613.766722][ T1034] truncated [ 613.777179][T17352] EXT4-fs (loop7): VFS: Can't find ext4 filesystem [ 613.780048][T17350] should_fail+0x23c/0x250 [ 613.780072][T17350] __alloc_pages+0x102/0x320 [ 613.803040][T17350] alloc_pages+0x21d/0x310 [ 613.807450][T17350] push_pipe+0x267/0x370 [ 613.811783][T17350] iov_iter_get_pages+0xb39/0xcc0 [ 613.816793][T17350] bio_iov_iter_get_pages+0x55f/0xa70 [ 613.822187][T17350] iomap_dio_bio_actor+0x673/0xb50 [ 613.827327][T17350] iomap_dio_actor+0x26e/0x3b0 [ 613.832125][T17350] ? __filemap_fdatawait_range+0x17c/0x1b0 [ 613.837917][T17350] iomap_apply+0x1e2/0x400 [ 613.842390][T17350] __iomap_dio_rw+0x5af/0xad0 [ 613.847107][T17350] ? __iomap_dio_rw+0xad0/0xad0 [ 613.852060][T17350] iomap_dio_rw+0x30/0x70 [ 613.856392][T17350] ext4_file_read_iter+0x21a/0x290 [ 613.861576][T17350] generic_file_splice_read+0x22a/0x310 [ 613.867169][T17350] ? splice_shrink_spd+0x60/0x60 [ 613.872091][T17350] splice_direct_to_actor+0x2aa/0x650 [ 613.877519][T17350] ? do_splice_direct+0x170/0x170 [ 613.882614][T17350] do_splice_direct+0xf5/0x170 [ 613.887417][T17350] do_sendfile+0x773/0xda0 [ 613.891816][T17350] __x64_sys_sendfile64+0xf2/0x130 [ 613.896933][T17350] do_syscall_64+0x4a/0x90 [ 613.901347][T17350] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 613.907229][T17350] RIP: 0033:0x4665f9 [ 613.911105][T17350] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 613.930718][T17350] RSP: 002b:00007f66db8d7188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 17:05:09 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000200)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in6=@ipv4={'\x00', '\xff\xff', @broadcast}, 0x0, 0x32}, @in=@dev, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1400}, {}, {}, 0x0, 0x0, 0xa, 0xd104, 0x0, 0x24}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0) 17:05:09 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.events\x00', 0xb00000000065808, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000140)) r2 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x7a05, 0x1700) write$cgroup_type(r2, &(0x7f0000000000), 0xb1d000) ioctl$FITRIM(r0, 0x4030582b, &(0x7f0000000080)={0x0, 0x800004, 0x40000010000}) 17:05:09 executing program 0: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.events\x00', 0xb00000000065808, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000140)) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(r2, &(0x7f0000000000), 0xb1d000) ioctl$FITRIM(r0, 0x4030582b, &(0x7f0000000080)={0x0, 0x800004}) [ 613.939117][T17350] RAX: ffffffffffffffda RBX: 000000000056c008 RCX: 00000000004665f9 [ 613.947074][T17350] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000003 [ 613.955048][T17350] RBP: 00007f66db8d71d0 R08: 0000000000000000 R09: 0000000000000000 [ 613.963005][T17350] R10: 00008080ffffff7e R11: 0000000000000246 R12: 0000000000000002 [ 613.971009][T17350] R13: 00007ffc1c86f7ef R14: 00007f66db8d7300 R15: 0000000000022000 [ 614.030047][T17355] EXT4-fs (loop7): VFS: Can't find ext4 filesystem [ 614.045750][ T1034] loop2: p1 p2 p3 p4 [ 614.050002][ T1034] loop2: p1 start 10 is beyond EOD, truncated [ 614.056086][ T1034] loop2: p2 size 1073872896 extends beyond EOD, truncated [ 614.067017][ T1034] loop2: p3 start 225 is beyond EOD, truncated [ 614.073260][ T1034] loop2: p4 size 3657465856 extends beyond EOD, truncated 17:05:10 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000100)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1000002, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod$loop(&(0x7f00000000c0)='./file0\x00', 0x6000, 0x1) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f0000000100)=@filename='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='ext2\x00', 0x500, 0x0) 17:05:10 executing program 0: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.events\x00', 0xb00000000065808, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000140)) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(r2, &(0x7f0000000000), 0xb1d000) ioctl$FITRIM(r0, 0x4030582b, &(0x7f0000000080)={0x0, 0x800004}) 17:05:10 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.events\x00', 0xb00000000065808, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000140)) r2 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x7a05, 0x1700) write$cgroup_type(r2, &(0x7f0000000000), 0xb1d000) ioctl$FITRIM(r0, 0x4030582b, &(0x7f0000000080)={0x0, 0x800004, 0x40000010000}) 17:05:10 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000580)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = socket$inet(0x10, 0x3, 0x0) sendmsg(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000400)="2400004c260007031dfffd946fa2830020200a0009000000001d85680c1ba3a20400ff7e280000001c00ffffba16a0aa1c0009b3ebcd774a3c374a095dca5285307eadea8653a1cc7e63975c", 0x4c}], 0x1}, 0x0) 17:05:10 executing program 4 (fault-call:11 fault-nth:59): prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x6}, 0x0) r0 = open(&(0x7f00000001c0)='./bus\x00', 0x145842, 0x0) r1 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0) lseek(r1, 0x4200, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r3, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r2, &(0x7f0000000000), 0x10000}]) r4 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r1, r4, 0x0, 0x8400fffffffb) sendfile(r0, r0, 0x0, 0x8080ffffff7e) 17:05:10 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000200)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in6=@ipv4={'\x00', '\xff\xff', @broadcast}, 0x0, 0x32}, @in=@dev, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1700}, {}, {}, 0x0, 0x0, 0xa, 0xd104, 0x0, 0x24}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0) 17:05:10 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.events\x00', 0xb00000000065808, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000140)) r2 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x7a05, 0x1700) write$cgroup_type(r2, &(0x7f0000000000), 0xb1d000) ioctl$FITRIM(r0, 0x4030582b, &(0x7f0000000080)={0x0, 0x800004, 0x40000010000}) 17:05:10 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000200)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in6=@ipv4={'\x00', '\xff\xff', @broadcast}, 0x0, 0x32}, @in=@dev, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000}, {}, {}, 0x0, 0x0, 0xa, 0xd104, 0x0, 0x24}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0) 17:05:10 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000580)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = socket$inet(0x10, 0x3, 0x0) sendmsg(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000400)="24000060260007031dfffd946fa2830020200a0009000000001d85680c1ba3a20400ff7e280000001c00ffffba16a0aa1c0009b3ebcd774a3c374a095dca5285307eadea8653a1cc7e63975c", 0x4c}], 0x1}, 0x0) [ 614.599765][T17385] EXT4-fs (loop7): VFS: Can't find ext4 filesystem 17:05:10 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.events\x00', 0xb00000000065808, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000140)) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(0xffffffffffffffff, &(0x7f0000000000), 0xb1d000) ioctl$FITRIM(r0, 0x4030582b, &(0x7f0000000080)={0x0, 0x800004, 0x40000010000}) 17:05:10 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000200)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in6=@ipv4={'\x00', '\xff\xff', @broadcast}, 0x0, 0x32}, @in=@dev, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8006}, {}, {}, 0x0, 0x0, 0xa, 0xd104, 0x0, 0x24}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0) 17:05:10 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000100)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1000002, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod$loop(&(0x7f00000000c0)='./file0\x00', 0x6000, 0x1) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f0000000100)=@filename='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='ext2\x00', 0x600, 0x0) [ 614.671373][ T1034] loop2: p1 p2 p3 p4 [ 614.676323][ T1034] loop2: p1 start 10 is beyond EOD, truncated [ 614.682479][ T1034] loop2: p2 size 1073872896 extends beyond EOD, truncated [ 614.697862][ T1034] loop2: p3 start 225 is beyond EOD, truncated [ 614.704124][ T1034] loop2: p4 size 3657465856 extends beyond EOD, truncated [ 614.730496][T17407] FAULT_INJECTION: forcing a failure. [ 614.730496][T17407] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 614.743778][T17407] CPU: 0 PID: 17407 Comm: syz-executor.4 Not tainted 5.12.0-syzkaller #0 [ 614.752268][T17407] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 614.762321][T17407] Call Trace: [ 614.765606][T17407] dump_stack+0x137/0x19d [ 614.769938][T17407] should_fail+0x23c/0x250 [ 614.774360][T17407] __alloc_pages+0x102/0x320 [ 614.779014][T17407] alloc_pages+0x21d/0x310 [ 614.783451][T17407] push_pipe+0x267/0x370 [ 614.787712][T17407] iov_iter_get_pages+0xb39/0xcc0 [ 614.792787][T17407] bio_iov_iter_get_pages+0x55f/0xa70 [ 614.798242][T17407] iomap_dio_bio_actor+0x673/0xb50 [ 614.803341][T17407] iomap_dio_actor+0x26e/0x3b0 [ 614.808091][T17407] ? __filemap_fdatawait_range+0x17c/0x1b0 [ 614.814343][T17407] iomap_apply+0x1e2/0x400 [ 614.818789][T17407] __iomap_dio_rw+0x5af/0xad0 [ 614.823458][T17407] ? __iomap_dio_rw+0xad0/0xad0 [ 614.828293][T17407] iomap_dio_rw+0x30/0x70 [ 614.832693][T17407] ext4_file_read_iter+0x21a/0x290 [ 614.837891][T17407] generic_file_splice_read+0x22a/0x310 [ 614.843442][T17407] ? splice_shrink_spd+0x60/0x60 [ 614.848365][T17407] splice_direct_to_actor+0x2aa/0x650 [ 614.853783][T17407] ? do_splice_direct+0x170/0x170 [ 614.858863][T17407] do_splice_direct+0xf5/0x170 [ 614.863612][T17407] do_sendfile+0x773/0xda0 [ 614.868099][T17407] __x64_sys_sendfile64+0xf2/0x130 [ 614.873247][T17407] do_syscall_64+0x4a/0x90 [ 614.877672][T17407] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 614.883622][T17407] RIP: 0033:0x4665f9 [ 614.887500][T17407] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 614.907129][T17407] RSP: 002b:00007f66db8d7188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 614.915583][T17407] RAX: ffffffffffffffda RBX: 000000000056c008 RCX: 00000000004665f9 [ 614.923540][T17407] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000003 [ 614.931494][T17407] RBP: 00007f66db8d71d0 R08: 0000000000000000 R09: 0000000000000000 [ 614.939446][T17407] R10: 00008080ffffff7e R11: 0000000000000246 R12: 0000000000000002 [ 614.947400][T17407] R13: 00007ffc1c86f7ef R14: 00007f66db8d7300 R15: 0000000000022000 [ 614.966852][ T1034] loop2: p1 p2 p3 p4 [ 614.971371][T17419] EXT4-fs (loop7): VFS: Can't find ext4 filesystem [ 614.978258][ T1034] loop2: p1 start 10 is beyond EOD, truncated [ 614.984561][ T1034] loop2: p2 size 1073872896 extends beyond EOD, truncated [ 614.992262][ T1034] loop2: p3 start 225 is beyond EOD, truncated [ 614.998608][ T1034] loop2: p4 size 3657465856 extends beyond EOD, truncated [ 615.008865][T17427] EXT4-fs (loop7): VFS: Can't find ext4 filesystem 17:05:11 executing program 0: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.events\x00', 0xb00000000065808, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000140)) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(r2, &(0x7f0000000000), 0xb1d000) ioctl$FITRIM(r0, 0x4030582b, &(0x7f0000000080)={0x0, 0x800004}) 17:05:11 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000200)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in6=@ipv4={'\x00', '\xff\xff', @broadcast}, 0x0, 0x32}, @in=@dev, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000}, {}, {}, 0x0, 0x0, 0xa, 0xd104, 0x0, 0x24}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0) 17:05:11 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000580)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = socket$inet(0x10, 0x3, 0x0) sendmsg(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000400)="24000068260007031dfffd946fa2830020200a0009000000001d85680c1ba3a20400ff7e280000001c00ffffba16a0aa1c0009b3ebcd774a3c374a095dca5285307eadea8653a1cc7e63975c", 0x4c}], 0x1}, 0x0) 17:05:11 executing program 4 (fault-call:11 fault-nth:60): prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x6}, 0x0) r0 = open(&(0x7f00000001c0)='./bus\x00', 0x145842, 0x0) r1 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0) lseek(r1, 0x4200, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r3, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r2, &(0x7f0000000000), 0x10000}]) r4 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r1, r4, 0x0, 0x8400fffffffb) sendfile(r0, r0, 0x0, 0x8080ffffff7e) 17:05:11 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.events\x00', 0xb00000000065808, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000140)) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(0xffffffffffffffff, &(0x7f0000000000), 0xb1d000) ioctl$FITRIM(r0, 0x4030582b, &(0x7f0000000080)={0x0, 0x800004, 0x40000010000}) 17:05:11 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000100)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1000002, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod$loop(&(0x7f00000000c0)='./file0\x00', 0x6000, 0x1) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f0000000100)=@filename='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='ext2\x00', 0x602, 0x0) 17:05:11 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.events\x00', 0xb00000000065808, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000140)) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(0xffffffffffffffff, &(0x7f0000000000), 0xb1d000) ioctl$FITRIM(r0, 0x4030582b, &(0x7f0000000080)={0x0, 0x800004, 0x40000010000}) 17:05:11 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000100)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1000002, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod$loop(&(0x7f00000000c0)='./file0\x00', 0x6000, 0x1) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f0000000100)=@filename='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='ext2\x00', 0x604, 0x0) 17:05:11 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000200)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in6=@ipv4={'\x00', '\xff\xff', @broadcast}, 0x0, 0x32}, @in=@dev, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000}, {}, {}, 0x0, 0x0, 0xa, 0xd104, 0x0, 0x24}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0) 17:05:11 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000580)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = socket$inet(0x10, 0x3, 0x0) sendmsg(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000400)="2400006c260007031dfffd946fa2830020200a0009000000001d85680c1ba3a20400ff7e280000001c00ffffba16a0aa1c0009b3ebcd774a3c374a095dca5285307eadea8653a1cc7e63975c", 0x4c}], 0x1}, 0x0) [ 615.588485][T17442] EXT4-fs (loop7): VFS: Can't find ext4 filesystem [ 615.612547][T17449] EXT4-fs (loop7): VFS: Can't find ext4 filesystem [ 615.664532][ T1034] loop2: p1 p2 p3 p4 [ 615.674286][ T1034] loop2: p1 start 10 is beyond EOD, truncated [ 615.681216][ T1034] loop2: p2 size 1073872896 extends beyond EOD, truncated [ 615.682651][T17463] EXT4-fs (loop7): VFS: Can't find ext4 filesystem [ 615.693640][ T1034] loop2: p3 start 225 is beyond EOD, truncated [ 615.701064][ T1034] loop2: p4 size 3657465856 extends beyond EOD, truncated [ 615.701247][T17467] FAULT_INJECTION: forcing a failure. [ 615.701247][T17467] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 615.721390][T17467] CPU: 1 PID: 17467 Comm: syz-executor.4 Not tainted 5.12.0-syzkaller #0 [ 615.729811][T17467] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 615.739957][T17467] Call Trace: [ 615.743244][T17467] dump_stack+0x137/0x19d [ 615.747581][T17467] should_fail+0x23c/0x250 [ 615.751995][T17467] __alloc_pages+0x102/0x320 [ 615.756576][T17467] alloc_pages+0x21d/0x310 [ 615.760996][T17467] push_pipe+0x267/0x370 [ 615.765231][T17467] iov_iter_get_pages+0xb39/0xcc0 [ 615.770284][T17467] bio_iov_iter_get_pages+0x55f/0xa70 [ 615.776000][T17467] iomap_dio_bio_actor+0x673/0xb50 [ 615.781135][T17467] iomap_dio_actor+0x26e/0x3b0 [ 615.786070][T17467] ? __filemap_fdatawait_range+0x17c/0x1b0 [ 615.791864][T17467] iomap_apply+0x1e2/0x400 [ 615.796324][T17467] __iomap_dio_rw+0x5af/0xad0 [ 615.800985][T17467] ? __iomap_dio_rw+0xad0/0xad0 [ 615.805823][T17467] iomap_dio_rw+0x30/0x70 [ 615.810214][T17467] ext4_file_read_iter+0x21a/0x290 [ 615.815324][T17467] generic_file_splice_read+0x22a/0x310 [ 615.820937][T17467] ? splice_shrink_spd+0x60/0x60 [ 615.825877][T17467] splice_direct_to_actor+0x2aa/0x650 [ 615.831352][T17467] ? do_splice_direct+0x170/0x170 [ 615.837495][T17467] do_splice_direct+0xf5/0x170 [ 615.842246][T17467] do_sendfile+0x773/0xda0 [ 615.846664][T17467] __x64_sys_sendfile64+0xf2/0x130 [ 615.851775][T17467] do_syscall_64+0x4a/0x90 [ 615.856191][T17467] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 615.862145][T17467] RIP: 0033:0x4665f9 [ 615.866032][T17467] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 615.885623][T17467] RSP: 002b:00007f66db8d7188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 615.894037][T17467] RAX: ffffffffffffffda RBX: 000000000056c008 RCX: 00000000004665f9 [ 615.902024][T17467] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000003 17:05:11 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.events\x00', 0xb00000000065808, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000140)) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(r2, 0x0, 0x0) ioctl$FITRIM(r0, 0x4030582b, &(0x7f0000000080)={0x0, 0x800004, 0x40000010000}) 17:05:11 executing program 0: r0 = openat(0xffffffffffffffff, &(0x7f0000000100)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1000002, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod$loop(&(0x7f00000000c0)='./file0\x00', 0x6000, 0x1) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f0000000100)=@filename='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='ext2\x00', 0x600, 0x0) [ 615.910037][T17467] RBP: 00007f66db8d71d0 R08: 0000000000000000 R09: 0000000000000000 [ 615.917992][T17467] R10: 00008080ffffff7e R11: 0000000000000246 R12: 0000000000000002 [ 615.925959][T17467] R13: 00007ffc1c86f7ef R14: 00007f66db8d7300 R15: 0000000000022000 [ 615.968850][T17466] EXT4-fs (loop7): VFS: Can't find ext4 filesystem [ 616.028087][ T703] blk_update_request: I/O error, dev loop1, sector 2 op 0x0:(READ) flags 0x1000 phys_seg 1 prio class 0 [ 616.039743][T17479] EXT4-fs (loop1): unable to read superblock [ 616.051823][ T1034] loop2: p1 p2 p3 p4 [ 616.056180][ T1034] loop2: p1 start 10 is beyond EOD, truncated [ 616.062354][ T1034] loop2: p2 size 1073872896 extends beyond EOD, truncated [ 616.070564][ T1034] loop2: p3 start 225 is beyond EOD, truncated [ 616.077015][ T1034] loop2: p4 size 3657465856 extends beyond EOD, truncated 17:05:12 executing program 4 (fault-call:11 fault-nth:61): prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x6}, 0x0) r0 = open(&(0x7f00000001c0)='./bus\x00', 0x145842, 0x0) r1 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0) lseek(r1, 0x4200, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r3, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r2, &(0x7f0000000000), 0x10000}]) r4 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r1, r4, 0x0, 0x8400fffffffb) sendfile(r0, r0, 0x0, 0x8080ffffff7e) 17:05:12 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000100)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1000002, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod$loop(&(0x7f00000000c0)='./file0\x00', 0x6000, 0x1) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f0000000100)=@filename='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='ext2\x00', 0x700, 0x0) 17:05:12 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000200)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in6=@ipv4={'\x00', '\xff\xff', @broadcast}, 0x0, 0x32}, @in=@dev, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000000}, {}, {}, 0x0, 0x0, 0xa, 0xd104, 0x0, 0x24}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0) 17:05:12 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.events\x00', 0xb00000000065808, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000140)) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(r2, 0x0, 0x0) ioctl$FITRIM(r0, 0x4030582b, &(0x7f0000000080)={0x0, 0x800004, 0x40000010000}) 17:05:12 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000580)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = socket$inet(0x10, 0x3, 0x0) sendmsg(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000400)="24000074260007031dfffd946fa2830020200a0009000000001d85680c1ba3a20400ff7e280000001c00ffffba16a0aa1c0009b3ebcd774a3c374a095dca5285307eadea8653a1cc7e63975c", 0x4c}], 0x1}, 0x0) 17:05:12 executing program 0: r0 = openat(0xffffffffffffffff, &(0x7f0000000100)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1000002, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod$loop(&(0x7f00000000c0)='./file0\x00', 0x6000, 0x1) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f0000000100)=@filename='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='ext2\x00', 0x300, 0x0) 17:05:12 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.events\x00', 0xb00000000065808, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000140)) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(r2, 0x0, 0x0) ioctl$FITRIM(r0, 0x4030582b, &(0x7f0000000080)={0x0, 0x800004, 0x40000010000}) 17:05:12 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000200)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in6=@ipv4={'\x00', '\xff\xff', @broadcast}, 0x0, 0x32}, @in=@dev, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000}, {}, {}, 0x0, 0x0, 0xa, 0xd104, 0x0, 0x24}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0) 17:05:12 executing program 0: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x275a, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.events\x00', 0xb00000000065808, 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f0000000140)) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(r1, &(0x7f0000000000), 0xb1d000) ioctl$FITRIM(0xffffffffffffffff, 0x4030582b, &(0x7f0000000080)={0x0, 0x800004, 0x40000010000}) 17:05:12 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000100)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1000002, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod$loop(&(0x7f00000000c0)='./file0\x00', 0x6000, 0x1) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f0000000100)=@filename='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='ext2\x00', 0x900, 0x0) 17:05:12 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000580)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = socket$inet(0x10, 0x3, 0x0) sendmsg(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000400)="2400007a260007031dfffd946fa2830020200a0009000000001d85680c1ba3a20400ff7e280000001c00ffffba16a0aa1c0009b3ebcd774a3c374a095dca5285307eadea8653a1cc7e63975c", 0x4c}], 0x1}, 0x0) [ 616.576467][T17496] EXT4-fs (loop7): VFS: Can't find ext4 filesystem [ 616.589468][ T969] blk_update_request: I/O error, dev loop1, sector 2 op 0x0:(READ) flags 0x1000 phys_seg 1 prio class 0 [ 616.600945][T17497] EXT4-fs (loop1): unable to read superblock [ 616.619468][T17503] EXT4-fs (loop7): VFS: Can't find ext4 filesystem 17:05:12 executing program 5: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x275a, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.events\x00', 0xb00000000065808, 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f0000000140)) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(r1, &(0x7f0000000000), 0xb1d000) ioctl$FITRIM(0xffffffffffffffff, 0x4030582b, &(0x7f0000000080)={0x0, 0x800004, 0x40000010000}) [ 616.656922][ T1034] loop2: p1 p2 p3 p4 [ 616.663262][ T1034] loop2: p1 start 10 is beyond EOD, truncated [ 616.669420][ T1034] loop2: p2 size 1073872896 extends beyond EOD, truncated [ 616.696937][ T1034] loop2: p3 start 225 is beyond EOD, truncated [ 616.703201][ T1034] loop2: p4 size 3657465856 extends beyond EOD, truncated [ 616.715970][T17525] EXT4-fs (loop7): VFS: Can't find ext4 filesystem [ 616.730258][T17524] FAULT_INJECTION: forcing a failure. [ 616.730258][T17524] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 616.743646][T17524] CPU: 1 PID: 17524 Comm: syz-executor.4 Not tainted 5.12.0-syzkaller #0 [ 616.752075][T17524] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 616.762137][T17524] Call Trace: [ 616.765423][T17524] dump_stack+0x137/0x19d [ 616.769779][T17524] should_fail+0x23c/0x250 [ 616.774205][T17524] __alloc_pages+0x102/0x320 [ 616.778795][T17524] alloc_pages+0x21d/0x310 [ 616.783222][T17524] push_pipe+0x267/0x370 [ 616.787475][T17524] iov_iter_get_pages+0xb39/0xcc0 [ 616.792528][T17524] bio_iov_iter_get_pages+0x55f/0xa70 [ 616.797899][T17524] iomap_dio_bio_actor+0x673/0xb50 [ 616.803103][T17524] iomap_dio_actor+0x26e/0x3b0 [ 616.807850][T17524] ? __filemap_fdatawait_range+0x17c/0x1b0 [ 616.813759][T17524] iomap_apply+0x1e2/0x400 [ 616.818247][T17524] __iomap_dio_rw+0x5af/0xad0 [ 616.822985][T17524] ? __iomap_dio_rw+0xad0/0xad0 [ 616.827836][T17524] iomap_dio_rw+0x30/0x70 [ 616.832159][T17524] ext4_file_read_iter+0x21a/0x290 [ 616.837285][T17524] generic_file_splice_read+0x22a/0x310 [ 616.842831][T17524] ? splice_shrink_spd+0x60/0x60 [ 616.847796][T17524] splice_direct_to_actor+0x2aa/0x650 [ 616.853219][T17524] ? do_splice_direct+0x170/0x170 [ 616.858245][T17524] do_splice_direct+0xf5/0x170 [ 616.863066][T17524] do_sendfile+0x773/0xda0 [ 616.867488][T17524] __x64_sys_sendfile64+0xf2/0x130 [ 616.872738][T17524] do_syscall_64+0x4a/0x90 [ 616.877236][T17524] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 616.883137][T17524] RIP: 0033:0x4665f9 [ 616.887054][T17524] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 616.906789][T17524] RSP: 002b:00007f66db8d7188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 616.915277][T17524] RAX: ffffffffffffffda RBX: 000000000056c008 RCX: 00000000004665f9 [ 616.923262][T17524] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000003 [ 616.931346][T17524] RBP: 00007f66db8d71d0 R08: 0000000000000000 R09: 0000000000000000 [ 616.939301][T17524] R10: 00008080ffffff7e R11: 0000000000000246 R12: 0000000000000002 [ 616.947255][T17524] R13: 00007ffc1c86f7ef R14: 00007f66db8d7300 R15: 0000000000022000 [ 616.976956][ T1034] loop2: p1 p2 p3 p4 [ 616.984569][ T1034] loop2: p1 start 10 is beyond EOD, truncated [ 616.990928][ T1034] loop2: p2 size 1073872896 extends beyond EOD, truncated [ 616.999998][ T1034] loop2: p3 start 225 is beyond EOD, truncated [ 617.006297][ T1034] loop2: p4 size 3657465856 extends beyond EOD, truncated 17:05:13 executing program 4 (fault-call:11 fault-nth:62): prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x6}, 0x0) r0 = open(&(0x7f00000001c0)='./bus\x00', 0x145842, 0x0) r1 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0) lseek(r1, 0x4200, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r3, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r2, &(0x7f0000000000), 0x10000}]) r4 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r1, r4, 0x0, 0x8400fffffffb) sendfile(r0, r0, 0x0, 0x8080ffffff7e) 17:05:13 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000200)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in6=@ipv4={'\x00', '\xff\xff', @broadcast}, 0x0, 0x32}, @in=@dev, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5000000}, {}, {}, 0x0, 0x0, 0xa, 0xd104, 0x0, 0x24}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0) 17:05:13 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000100)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1000002, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod$loop(&(0x7f00000000c0)='./file0\x00', 0x6000, 0x1) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f0000000100)=@filename='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='ext2\x00', 0xa00, 0x0) 17:05:13 executing program 0 (fault-call:5 fault-nth:0): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.events\x00', 0xb00000000065808, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000140)) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(r2, &(0x7f0000000000), 0xb1d000) ioctl$FITRIM(r0, 0x4030582b, &(0x7f0000000080)={0x0, 0x800004, 0x40000010000}) 17:05:13 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000580)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = socket$inet(0x10, 0x3, 0x0) sendmsg(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000400)="24000000770007031dfffd946fa2830020200a0009000000001d85680c1ba3a20400ff7e280000001c00ffffba16a0aa1c0009b3ebcd774a3c374a095dca5285307eadea8653a1cc7e63975c", 0x4c}], 0x1}, 0x0) 17:05:13 executing program 5: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x275a, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.events\x00', 0xb00000000065808, 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f0000000140)) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(r1, &(0x7f0000000000), 0xb1d000) ioctl$FITRIM(0xffffffffffffffff, 0x4030582b, &(0x7f0000000080)={0x0, 0x800004, 0x40000010000}) 17:05:13 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000100)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1000002, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod$loop(&(0x7f00000000c0)='./file0\x00', 0x6000, 0x1) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f0000000100)=@filename='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='ext2\x00', 0xb00, 0x0) [ 617.529407][T17552] EXT4-fs (loop7): VFS: Can't find ext4 filesystem [ 617.550542][T17560] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=119 sclass=netlink_route_socket pid=17560 comm=syz-executor.2 [ 617.568866][T17554] EXT4-fs (loop7): VFS: Can't find ext4 filesystem [ 617.587811][T17560] __nla_validate_parse: 2 callbacks suppressed [ 617.587827][T17560] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.2'. [ 617.608659][T17568] FAULT_INJECTION: forcing a failure. [ 617.608659][T17568] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 617.621801][T17568] CPU: 0 PID: 17568 Comm: syz-executor.0 Not tainted 5.12.0-syzkaller #0 [ 617.626139][T17569] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=119 sclass=netlink_route_socket pid=17569 comm=syz-executor.2 [ 617.630210][T17568] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 617.630225][T17568] Call Trace: [ 617.630232][T17568] dump_stack+0x137/0x19d [ 617.660891][T17568] should_fail+0x23c/0x250 [ 617.665320][T17568] should_fail_usercopy+0x16/0x20 [ 617.665705][T17569] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.2'. [ 617.670341][T17568] _copy_from_user+0x1c/0xd0 [ 617.670395][T17568] do_vfs_ioctl+0x1040/0x1410 [ 617.670415][T17568] ? inode_dio_wait+0xb/0x140 [ 617.693682][T17568] __se_sys_ioctl+0x83/0x140 [ 617.698293][T17568] __x64_sys_ioctl+0x3f/0x50 [ 617.702912][T17568] do_syscall_64+0x4a/0x90 [ 617.707341][T17568] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 617.713312][T17568] RIP: 0033:0x4665f9 [ 617.717209][T17568] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 17:05:13 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000580)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = socket$inet(0x10, 0x3, 0x0) sendmsg(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000400)="24000000100007031dfffd946fa2830020200a0009000000001d85680c1ba3a20400ff7e280000001c00ffffba16a0aa1c0009b3ebcd774a3c374a095dca5285307eadea8653a1cc7e63975c", 0x4c}], 0x1}, 0x0) [ 617.736931][T17568] RSP: 002b:00007fc38c4f2188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 617.745345][T17568] RAX: ffffffffffffffda RBX: 000000000056c008 RCX: 00000000004665f9 [ 617.753323][T17568] RDX: 0000000020000080 RSI: 000000004030582b RDI: 0000000000000003 [ 617.761295][T17568] RBP: 00007fc38c4f21d0 R08: 0000000000000000 R09: 0000000000000000 [ 617.769316][T17568] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 617.777271][T17568] R13: 00007fff9319eeff R14: 00007fc38c4f2300 R15: 0000000000022000 17:05:13 executing program 5: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x275a, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.events\x00', 0xb00000000065808, 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f0000000140)) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(r1, &(0x7f0000000000), 0xb1d000) ioctl$FITRIM(0xffffffffffffffff, 0x4030582b, &(0x7f0000000080)={0x0, 0x800004, 0x40000010000}) 17:05:13 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000200)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in6=@ipv4={'\x00', '\xff\xff', @broadcast}, 0x0, 0x32}, @in=@dev, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6000000}, {}, {}, 0x0, 0x0, 0xa, 0xd104, 0x0, 0x24}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0) 17:05:13 executing program 0 (fault-call:5 fault-nth:1): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.events\x00', 0xb00000000065808, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000140)) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(r2, &(0x7f0000000000), 0xb1d000) ioctl$FITRIM(r0, 0x4030582b, &(0x7f0000000080)={0x0, 0x800004, 0x40000010000}) [ 617.798973][T17570] EXT4-fs (loop7): VFS: Can't find ext4 filesystem [ 617.809500][ T1034] loop2: p1 p2 p3 p4 [ 617.810603][T17571] EXT4-fs (loop7): VFS: Can't find ext4 filesystem [ 617.816473][ T1034] loop2: p1 start 10 is beyond EOD, truncated [ 617.826149][ T1034] loop2: p2 size 1073872896 extends beyond EOD, truncated [ 617.834964][T17573] FAULT_INJECTION: forcing a failure. [ 617.834964][T17573] name failslab, interval 1, probability 0, space 0, times 0 [ 617.847830][T17573] CPU: 1 PID: 17573 Comm: syz-executor.4 Not tainted 5.12.0-syzkaller #0 [ 617.850685][T17579] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.2'. [ 617.856240][T17573] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 617.856253][T17573] Call Trace: [ 617.856260][T17573] dump_stack+0x137/0x19d [ 617.866243][ T1034] loop2: p3 start 225 is beyond EOD, [ 617.875642][T17573] should_fail+0x23c/0x250 [ 617.875670][T17573] ? kmalloc_array+0x2d/0x40 [ 617.875689][T17573] __should_failslab+0x81/0x90 [ 617.878979][ T1034] truncated [ 617.883289][T17573] should_failslab+0x5/0x20 [ 617.888662][ T1034] loop2: p4 size 3657465856 extends beyond EOD, [ 617.893038][T17573] __kmalloc+0x66/0x340 [ 617.897606][ T1034] truncated [ 617.920721][T17581] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.2'. [ 617.923662][T17573] ? native_smp_send_reschedule+0x36/0x50 [ 617.938663][T17573] ? splice_from_pipe+0xc0/0xc0 [ 617.943570][T17573] kmalloc_array+0x2d/0x40 [ 617.947999][T17573] iter_file_splice_write+0xc1/0x750 [ 617.953293][T17573] ? wake_up_q+0x46/0x80 [ 617.957537][T17573] ? up_read+0xd1/0xe0 [ 617.961617][T17573] ? ext4_file_read_iter+0x271/0x290 [ 617.966910][T17573] ? generic_file_splice_read+0x2a4/0x310 [ 617.972786][T17573] ? splice_from_pipe+0xc0/0xc0 [ 617.977626][T17573] direct_splice_actor+0x80/0xa0 [ 617.982562][T17573] splice_direct_to_actor+0x345/0x650 [ 617.987918][T17573] ? do_splice_direct+0x170/0x170 [ 617.992998][T17573] do_splice_direct+0xf5/0x170 [ 617.997973][T17573] do_sendfile+0x773/0xda0 [ 618.002464][T17573] __x64_sys_sendfile64+0xf2/0x130 [ 618.007579][T17573] do_syscall_64+0x4a/0x90 [ 618.012039][T17573] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 618.018019][T17573] RIP: 0033:0x4665f9 [ 618.021904][T17573] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 17:05:13 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000580)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = socket$inet(0x10, 0x3, 0x0) sendmsg(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000400)="24000000110007031dfffd946fa2830020200a0009000000001d85680c1ba3a20400ff7e280000001c00ffffba16a0aa1c0009b3ebcd774a3c374a095dca5285307eadea8653a1cc7e63975c", 0x4c}], 0x1}, 0x0) [ 618.042065][T17573] RSP: 002b:00007f66db8d7188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 618.050460][T17573] RAX: ffffffffffffffda RBX: 000000000056c008 RCX: 00000000004665f9 [ 618.058569][T17573] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000003 [ 618.066522][T17573] RBP: 00007f66db8d71d0 R08: 0000000000000000 R09: 0000000000000000 [ 618.074543][T17573] R10: 00008080ffffff7e R11: 0000000000000246 R12: 0000000000000002 [ 618.082514][T17573] R13: 00007ffc1c86f7ef R14: 00007f66db8d7300 R15: 0000000000022000 [ 618.114854][ T1034] loop2: p1 p2 p3 p4 [ 618.122531][ T1034] loop2: p1 start 10 is beyond EOD, truncated [ 618.128662][ T1034] loop2: p2 size 1073872896 extends beyond EOD, truncated [ 618.141487][ T1034] loop2: p3 start 225 is beyond EOD, truncated [ 618.147817][ T1034] loop2: p4 size 3657465856 extends beyond EOD, truncated [ 618.162247][T17597] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.2'. [ 618.173283][T17600] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.2'. [ 618.258377][T17605] FAULT_INJECTION: forcing a failure. [ 618.258377][T17605] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 618.271651][T17605] CPU: 0 PID: 17605 Comm: syz-executor.0 Not tainted 5.12.0-syzkaller #0 [ 618.280075][T17605] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 618.290556][T17605] Call Trace: [ 618.293842][T17605] dump_stack+0x137/0x19d [ 618.298176][T17605] should_fail+0x23c/0x250 [ 618.302596][T17605] __alloc_pages+0x102/0x320 [ 618.307202][T17605] alloc_pages+0x21d/0x310 [ 618.311603][T17605] __page_cache_alloc+0x4d/0xf0 [ 618.316615][T17605] pagecache_get_page+0x5f4/0x900 [ 618.321711][T17605] ext4_block_zero_page_range+0xa0/0x620 [ 618.327371][T17605] ext4_zero_partial_blocks+0xde/0x180 [ 618.332813][T17605] ext4_punch_hole+0x54e/0x9a0 [ 618.337563][T17605] ext4_fallocate+0xea/0x4d0 [ 618.342205][T17605] ? ext4_ext_truncate+0x170/0x170 [ 618.347305][T17605] vfs_fallocate+0x463/0x660 [ 618.351886][T17605] do_vfs_ioctl+0x1322/0x1410 [ 618.356580][T17605] ? inode_dio_wait+0xb/0x140 [ 618.361269][T17605] __se_sys_ioctl+0x83/0x140 [ 618.365845][T17605] __x64_sys_ioctl+0x3f/0x50 [ 618.370491][T17605] do_syscall_64+0x4a/0x90 [ 618.374967][T17605] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 618.380856][T17605] RIP: 0033:0x4665f9 [ 618.384780][T17605] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 618.404576][T17605] RSP: 002b:00007fc38c4f2188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 618.413135][T17605] RAX: ffffffffffffffda RBX: 000000000056c008 RCX: 00000000004665f9 [ 618.421224][T17605] RDX: 0000000020000080 RSI: 000000004030582b RDI: 0000000000000003 [ 618.429201][T17605] RBP: 00007fc38c4f21d0 R08: 0000000000000000 R09: 0000000000000000 [ 618.437338][T17605] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 618.445298][T17605] R13: 00007fff9319eeff R14: 00007fc38c4f2300 R15: 0000000000022000 17:05:14 executing program 4 (fault-call:11 fault-nth:63): prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x6}, 0x0) r0 = open(&(0x7f00000001c0)='./bus\x00', 0x145842, 0x0) r1 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0) lseek(r1, 0x4200, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r3, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r2, &(0x7f0000000000), 0x10000}]) r4 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r1, r4, 0x0, 0x8400fffffffb) sendfile(r0, r0, 0x0, 0x8080ffffff7e) 17:05:14 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000200)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in6=@ipv4={'\x00', '\xff\xff', @broadcast}, 0x0, 0x32}, @in=@dev, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7000000}, {}, {}, 0x0, 0x0, 0xa, 0xd104, 0x0, 0x24}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0) 17:05:14 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000580)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = socket$inet(0x10, 0x3, 0x0) sendmsg(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000400)="24000000120007031dfffd946fa2830020200a0009000000001d85680c1ba3a20400ff7e280000001c00ffffba16a0aa1c0009b3ebcd774a3c374a095dca5285307eadea8653a1cc7e63975c", 0x4c}], 0x1}, 0x0) 17:05:14 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000100)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1000002, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod$loop(&(0x7f00000000c0)='./file0\x00', 0x6000, 0x1) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f0000000100)=@filename='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='ext2\x00', 0xc00, 0x0) 17:05:14 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.events\x00', 0xb00000000065808, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000140)) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(r2, &(0x7f0000000000), 0xb1d000) ioctl$FITRIM(r0, 0x4030582b, 0x0) 17:05:14 executing program 0 (fault-call:5 fault-nth:2): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.events\x00', 0xb00000000065808, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000140)) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(r2, &(0x7f0000000000), 0xb1d000) ioctl$FITRIM(r0, 0x4030582b, &(0x7f0000000080)={0x0, 0x800004, 0x40000010000}) 17:05:14 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000200)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in6=@ipv4={'\x00', '\xff\xff', @broadcast}, 0x0, 0x32}, @in=@dev, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000}, {}, {}, 0x0, 0x0, 0xa, 0xd104, 0x0, 0x24}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0) [ 618.535302][T17614] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.2'. [ 618.546432][T17619] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.2'. [ 618.559992][T17617] EXT4-fs (loop7): VFS: Can't find ext4 filesystem 17:05:14 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000100)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1000002, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod$loop(&(0x7f00000000c0)='./file0\x00', 0x6000, 0x1) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f0000000100)=@filename='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='ext2\x00', 0xd00, 0x0) 17:05:14 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000580)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = socket$inet(0x10, 0x3, 0x0) sendmsg(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000400)="24000000130007031dfffd946fa2830020200a0009000000001d85680c1ba3a20400ff7e280000001c00ffffba16a0aa1c0009b3ebcd774a3c374a095dca5285307eadea8653a1cc7e63975c", 0x4c}], 0x1}, 0x0) [ 618.590190][T17624] EXT4-fs (loop7): VFS: Can't find ext4 filesystem [ 618.627432][ T1034] loop2: p1 p2 p3 p4 [ 618.633856][ T1034] loop2: p1 start 10 is beyond EOD, truncated [ 618.639986][ T1034] loop2: p2 size 1073872896 extends beyond EOD, truncated [ 618.648813][ T1034] loop2: p3 start 225 is beyond EOD, truncated [ 618.655035][ T1034] loop2: p4 size 3657465856 extends beyond EOD, truncated 17:05:14 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000200)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in6=@ipv4={'\x00', '\xff\xff', @broadcast}, 0x0, 0x32}, @in=@dev, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9000000}, {}, {}, 0x0, 0x0, 0xa, 0xd104, 0x0, 0x24}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0) [ 618.683699][T17642] FAULT_INJECTION: forcing a failure. [ 618.683699][T17642] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 618.697143][T17642] CPU: 1 PID: 17642 Comm: syz-executor.4 Not tainted 5.12.0-syzkaller #0 [ 618.706055][T17642] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 618.716245][T17642] Call Trace: [ 618.719520][T17642] dump_stack+0x137/0x19d [ 618.723877][T17642] should_fail+0x23c/0x250 [ 618.728289][T17642] __alloc_pages+0x102/0x320 [ 618.732896][T17642] alloc_pages+0x21d/0x310 [ 618.737523][T17642] push_pipe+0x267/0x370 [ 618.741834][T17642] iov_iter_get_pages+0xb39/0xcc0 [ 618.746887][T17642] bio_iov_iter_get_pages+0x55f/0xa70 [ 618.752249][T17642] iomap_dio_bio_actor+0x673/0xb50 [ 618.757422][T17642] iomap_dio_actor+0x26e/0x3b0 [ 618.762193][T17642] ? __filemap_fdatawait_range+0x17c/0x1b0 [ 618.768214][T17642] iomap_apply+0x1e2/0x400 [ 618.772694][T17642] __iomap_dio_rw+0x5af/0xad0 [ 618.777372][T17642] ? __iomap_dio_rw+0xad0/0xad0 [ 618.782227][T17642] iomap_dio_rw+0x30/0x70 [ 618.786543][T17642] ext4_file_read_iter+0x21a/0x290 [ 618.792028][T17642] generic_file_splice_read+0x22a/0x310 [ 618.797580][T17642] ? splice_shrink_spd+0x60/0x60 [ 618.802598][T17642] splice_direct_to_actor+0x2aa/0x650 [ 618.808091][T17642] ? do_splice_direct+0x170/0x170 [ 618.813159][T17642] do_splice_direct+0xf5/0x170 [ 618.817992][T17642] do_sendfile+0x773/0xda0 [ 618.822496][T17642] __x64_sys_sendfile64+0xf2/0x130 [ 618.827770][T17642] do_syscall_64+0x4a/0x90 [ 618.832189][T17642] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 618.838090][T17642] RIP: 0033:0x4665f9 [ 618.841999][T17642] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 618.861712][T17642] RSP: 002b:00007f66db8d7188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 618.870162][T17642] RAX: ffffffffffffffda RBX: 000000000056c008 RCX: 00000000004665f9 [ 618.878143][T17642] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000003 [ 618.886150][T17642] RBP: 00007f66db8d71d0 R08: 0000000000000000 R09: 0000000000000000 [ 618.894121][T17642] R10: 00008080ffffff7e R11: 0000000000000246 R12: 0000000000000002 [ 618.902150][T17642] R13: 00007ffc1c86f7ef R14: 00007f66db8d7300 R15: 0000000000022000 [ 618.919106][T17629] FAULT_INJECTION: forcing a failure. [ 618.919106][T17629] name failslab, interval 1, probability 0, space 0, times 0 [ 618.922201][T17645] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.2'. [ 618.931712][T17629] CPU: 0 PID: 17629 Comm: syz-executor.0 Not tainted 5.12.0-syzkaller #0 [ 618.931736][T17629] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 618.931747][T17629] Call Trace: [ 618.931754][T17629] dump_stack+0x137/0x19d [ 618.959192][T17647] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.2'. [ 618.959476][T17629] should_fail+0x23c/0x250 [ 618.959501][T17629] ? xas_create+0x96b/0xb30 [ 618.978991][T17644] EXT4-fs (loop7): VFS: Can't find ext4 filesystem [ 618.980754][T17629] __should_failslab+0x81/0x90 [ 618.996522][T17629] should_failslab+0x5/0x20 [ 619.001025][T17629] kmem_cache_alloc+0x46/0x2f0 [ 619.005812][T17629] xas_create+0x96b/0xb30 [ 619.010212][T17629] xas_store+0x70/0xca0 [ 619.014412][T17629] ? xas_find_conflict+0x422/0x4c0 [ 619.019510][T17629] __add_to_page_cache_locked+0x1eb/0x4e0 [ 619.025217][T17629] ? workingset_activation+0x270/0x270 [ 619.030675][T17629] add_to_page_cache_lru+0xa0/0x1b0 [ 619.035860][T17629] pagecache_get_page+0x6a3/0x900 [ 619.040885][T17629] ext4_block_zero_page_range+0xa0/0x620 [ 619.046583][T17629] ext4_zero_partial_blocks+0xde/0x180 [ 619.053762][T17629] ext4_punch_hole+0x54e/0x9a0 [ 619.058512][T17629] ext4_fallocate+0xea/0x4d0 [ 619.063092][T17629] ? ext4_ext_truncate+0x170/0x170 [ 619.068191][T17629] vfs_fallocate+0x463/0x660 [ 619.072857][T17629] do_vfs_ioctl+0x1322/0x1410 [ 619.077520][T17629] ? inode_dio_wait+0xb/0x140 [ 619.082313][T17629] __se_sys_ioctl+0x83/0x140 [ 619.086961][T17629] __x64_sys_ioctl+0x3f/0x50 [ 619.091608][T17629] do_syscall_64+0x4a/0x90 [ 619.096063][T17629] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 619.102009][T17629] RIP: 0033:0x4665f9 [ 619.105902][T17629] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 619.125514][T17629] RSP: 002b:00007fc38c4f2188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 17:05:14 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000580)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = socket$inet(0x10, 0x3, 0x0) sendmsg(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000400)="24000000140007031dfffd946fa2830020200a0009000000001d85680c1ba3a20400ff7e280000001c00ffffba16a0aa1c0009b3ebcd774a3c374a095dca5285307eadea8653a1cc7e63975c", 0x4c}], 0x1}, 0x0) [ 619.133913][T17629] RAX: ffffffffffffffda RBX: 000000000056c008 RCX: 00000000004665f9 [ 619.142656][T17629] RDX: 0000000020000080 RSI: 000000004030582b RDI: 0000000000000003 [ 619.150612][T17629] RBP: 00007fc38c4f21d0 R08: 0000000000000000 R09: 0000000000000000 [ 619.158597][T17629] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 619.166552][T17629] R13: 00007fff9319eeff R14: 00007fc38c4f2300 R15: 0000000000022000 17:05:14 executing program 0 (fault-call:5 fault-nth:3): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.events\x00', 0xb00000000065808, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000140)) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(r2, &(0x7f0000000000), 0xb1d000) ioctl$FITRIM(r0, 0x4030582b, &(0x7f0000000080)={0x0, 0x800004, 0x40000010000}) [ 619.193334][ T1034] loop2: p1 p2 p3 p4 [ 619.197982][ T1034] loop2: p1 start 10 is beyond EOD, truncated [ 619.204125][ T1034] loop2: p2 size 1073872896 extends beyond EOD, truncated [ 619.225318][ T1034] loop2: p3 start 225 is beyond EOD, truncated [ 619.231553][ T1034] loop2: p4 size 3657465856 extends beyond EOD, truncated [ 619.239856][T17649] EXT4-fs (loop7): VFS: Can't find ext4 filesystem [ 619.298210][ T1034] loop2: p1 p2 p3 p4 [ 619.302474][ T1034] loop2: p1 start 10 is beyond EOD, truncated [ 619.308645][ T1034] loop2: p2 size 1073872896 extends beyond EOD, truncated [ 619.316604][ T1034] loop2: p3 start 225 is beyond EOD, truncated [ 619.322916][ T1034] loop2: p4 size 3657465856 extends beyond EOD, truncated [ 619.354318][T17669] FAULT_INJECTION: forcing a failure. [ 619.354318][T17669] name failslab, interval 1, probability 0, space 0, times 0 [ 619.366995][T17669] CPU: 0 PID: 17669 Comm: syz-executor.0 Not tainted 5.12.0-syzkaller #0 [ 619.375493][T17669] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 619.385651][T17669] Call Trace: [ 619.388954][T17669] dump_stack+0x137/0x19d [ 619.393341][T17669] should_fail+0x23c/0x250 [ 619.397739][T17669] ? xas_create+0x96b/0xb30 [ 619.402226][T17669] __should_failslab+0x81/0x90 [ 619.407074][T17669] should_failslab+0x5/0x20 [ 619.411644][T17669] kmem_cache_alloc+0x46/0x2f0 [ 619.416416][T17669] ? xas_create+0x96b/0xb30 [ 619.420918][T17669] xas_create+0x96b/0xb30 [ 619.425239][T17669] xas_store+0x70/0xca0 [ 619.429403][T17669] ? xas_find_conflict+0x422/0x4c0 [ 619.434562][T17669] __add_to_page_cache_locked+0x1eb/0x4e0 [ 619.440267][T17669] ? workingset_activation+0x270/0x270 [ 619.445775][T17669] add_to_page_cache_lru+0xa0/0x1b0 [ 619.451011][T17669] pagecache_get_page+0x6a3/0x900 [ 619.456027][T17669] ext4_block_zero_page_range+0xa0/0x620 [ 619.461748][T17669] ext4_zero_partial_blocks+0xde/0x180 [ 619.467380][T17669] ext4_punch_hole+0x54e/0x9a0 [ 619.472125][T17669] ext4_fallocate+0xea/0x4d0 [ 619.476882][T17669] ? ext4_ext_truncate+0x170/0x170 [ 619.481997][T17669] vfs_fallocate+0x463/0x660 [ 619.486570][T17669] do_vfs_ioctl+0x1322/0x1410 [ 619.491227][T17669] ? inode_dio_wait+0xb/0x140 [ 619.495892][T17669] __se_sys_ioctl+0x83/0x140 [ 619.500483][T17669] __x64_sys_ioctl+0x3f/0x50 [ 619.505120][T17669] do_syscall_64+0x4a/0x90 [ 619.509525][T17669] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 619.515512][T17669] RIP: 0033:0x4665f9 [ 619.519385][T17669] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 619.538973][T17669] RSP: 002b:00007fc38c4f2188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 619.547368][T17669] RAX: ffffffffffffffda RBX: 000000000056c008 RCX: 00000000004665f9 [ 619.555346][T17669] RDX: 0000000020000080 RSI: 000000004030582b RDI: 0000000000000003 [ 619.563300][T17669] RBP: 00007fc38c4f21d0 R08: 0000000000000000 R09: 0000000000000000 [ 619.571259][T17669] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 619.579210][T17669] R13: 00007fff9319eeff R14: 00007fc38c4f2300 R15: 0000000000022000 17:05:15 executing program 4 (fault-call:11 fault-nth:64): prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x6}, 0x0) r0 = open(&(0x7f00000001c0)='./bus\x00', 0x145842, 0x0) r1 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0) lseek(r1, 0x4200, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r3, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r2, &(0x7f0000000000), 0x10000}]) r4 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r1, r4, 0x0, 0x8400fffffffb) sendfile(r0, r0, 0x0, 0x8080ffffff7e) 17:05:15 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.events\x00', 0xb00000000065808, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000140)) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(r2, &(0x7f0000000000), 0xb1d000) ioctl$FITRIM(r0, 0x4030582b, 0x0) 17:05:15 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000100)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1000002, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod$loop(&(0x7f00000000c0)='./file0\x00', 0x6000, 0x1) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f0000000100)=@filename='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='ext2\x00', 0xe00, 0x0) 17:05:15 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000200)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in6=@ipv4={'\x00', '\xff\xff', @broadcast}, 0x0, 0x32}, @in=@dev, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa000000}, {}, {}, 0x0, 0x0, 0xa, 0xd104, 0x0, 0x24}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0) 17:05:15 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000580)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = socket$inet(0x10, 0x3, 0x0) sendmsg(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000400)="24000000150007031dfffd946fa2830020200a0009000000001d85680c1ba3a20400ff7e280000001c00ffffba16a0aa1c0009b3ebcd774a3c374a095dca5285307eadea8653a1cc7e63975c", 0x4c}], 0x1}, 0x0) 17:05:15 executing program 0 (fault-call:5 fault-nth:4): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.events\x00', 0xb00000000065808, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000140)) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(r2, &(0x7f0000000000), 0xb1d000) ioctl$FITRIM(r0, 0x4030582b, &(0x7f0000000080)={0x0, 0x800004, 0x40000010000}) 17:05:15 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000580)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = socket$inet(0x10, 0x3, 0x0) sendmsg(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000400)="24000000160007031dfffd946fa2830020200a0009000000001d85680c1ba3a20400ff7e280000001c00ffffba16a0aa1c0009b3ebcd774a3c374a095dca5285307eadea8653a1cc7e63975c", 0x4c}], 0x1}, 0x0) 17:05:15 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000200)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in6=@ipv4={'\x00', '\xff\xff', @broadcast}, 0x0, 0x32}, @in=@dev, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb000000}, {}, {}, 0x0, 0x0, 0xa, 0xd104, 0x0, 0x24}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0) [ 619.733127][T17681] EXT4-fs (loop7): VFS: Can't find ext4 filesystem 17:05:15 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000100)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1000002, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod$loop(&(0x7f00000000c0)='./file0\x00', 0x6000, 0x1) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f0000000100)=@filename='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='ext2\x00', 0xf00, 0x0) [ 619.782555][ T1034] loop2: p1 p2 p3 p4 [ 619.788922][T17688] EXT4-fs (loop7): VFS: Can't find ext4 filesystem [ 619.791000][ T1034] loop2: p1 start 10 is beyond EOD, truncated [ 619.801646][ T1034] loop2: p2 size 1073872896 extends beyond EOD, truncated [ 619.820582][ T1034] loop2: p3 start 225 is beyond EOD, truncated [ 619.826817][ T1034] loop2: p4 size 3657465856 extends beyond EOD, truncated [ 619.839583][T17697] FAULT_INJECTION: forcing a failure. [ 619.839583][T17697] name failslab, interval 1, probability 0, space 0, times 0 [ 619.852346][T17697] CPU: 0 PID: 17697 Comm: syz-executor.0 Not tainted 5.12.0-syzkaller #0 [ 619.860836][T17697] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 619.870892][T17697] Call Trace: [ 619.874173][T17697] dump_stack+0x137/0x19d [ 619.878562][T17697] should_fail+0x23c/0x250 17:05:15 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000580)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = socket$inet(0x10, 0x3, 0x0) sendmsg(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000400)="24000000180007031dfffd946fa2830020200a0009000000001d85680c1ba3a20400ff7e280000001c00ffffba16a0aa1c0009b3ebcd774a3c374a095dca5285307eadea8653a1cc7e63975c", 0x4c}], 0x1}, 0x0) [ 619.883028][T17697] ? mempool_alloc_slab+0x16/0x20 [ 619.888052][T17697] __should_failslab+0x81/0x90 [ 619.892823][T17697] should_failslab+0x5/0x20 [ 619.897356][T17697] kmem_cache_alloc+0x46/0x2f0 [ 619.902174][T17697] mempool_alloc_slab+0x16/0x20 [ 619.907025][T17697] ? mempool_free+0x130/0x130 [ 619.911706][T17697] mempool_alloc+0x8c/0x300 [ 619.916210][T17697] ? ext4_es_lookup_extent+0x36b/0x490 [ 619.921763][T17697] bio_alloc_bioset+0xcc/0x480 [ 619.926542][T17697] ? ext4_map_blocks+0x597/0xef0 [ 619.931475][T17697] submit_bh_wbc+0x130/0x330 [ 619.936052][T17697] submit_bh+0x21/0x30 [ 619.940106][T17697] ? __wait_on_buffer+0x60/0x60 [ 619.944942][T17697] ext4_read_bh+0xdf/0x190 [ 619.949374][T17697] ext4_read_bh_lock+0x44/0xd0 [ 619.954179][T17697] ext4_block_zero_page_range+0x350/0x620 [ 619.959889][T17697] ext4_zero_partial_blocks+0xde/0x180 [ 619.965334][T17697] ext4_punch_hole+0x54e/0x9a0 [ 619.970147][T17697] ext4_fallocate+0xea/0x4d0 [ 619.974823][T17697] ? ext4_ext_truncate+0x170/0x170 [ 619.980002][T17697] vfs_fallocate+0x463/0x660 [ 619.984577][T17697] do_vfs_ioctl+0x1322/0x1410 [ 619.989255][T17697] ? inode_dio_wait+0xb/0x140 [ 619.993938][T17697] __se_sys_ioctl+0x83/0x140 [ 619.998572][T17697] __x64_sys_ioctl+0x3f/0x50 [ 620.003218][T17697] do_syscall_64+0x4a/0x90 [ 620.007697][T17697] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 620.013577][T17697] RIP: 0033:0x4665f9 [ 620.017458][T17697] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 620.037049][T17697] RSP: 002b:00007fc38c4f2188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 620.045448][T17697] RAX: ffffffffffffffda RBX: 000000000056c008 RCX: 00000000004665f9 [ 620.053405][T17697] RDX: 0000000020000080 RSI: 000000004030582b RDI: 0000000000000003 [ 620.061417][T17697] RBP: 00007fc38c4f21d0 R08: 0000000000000000 R09: 0000000000000000 [ 620.069384][T17697] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 17:05:15 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000200)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in6=@ipv4={'\x00', '\xff\xff', @broadcast}, 0x0, 0x32}, @in=@dev, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc000000}, {}, {}, 0x0, 0x0, 0xa, 0xd104, 0x0, 0x24}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0) 17:05:15 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.events\x00', 0xb00000000065808, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000140)) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(r2, &(0x7f0000000000), 0xb1d000) ioctl$FITRIM(r0, 0x4030582b, 0x0) [ 620.077392][T17697] R13: 00007fff9319eeff R14: 00007fc38c4f2300 R15: 0000000000022000 [ 620.086259][T17707] EXT4-fs (loop7): VFS: Can't find ext4 filesystem [ 620.093788][T17698] FAULT_INJECTION: forcing a failure. [ 620.093788][T17698] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 620.107107][T17698] CPU: 1 PID: 17698 Comm: syz-executor.4 Not tainted 5.12.0-syzkaller #0 [ 620.110301][ T1034] loop2: p1 p2 p3 p4 [ 620.115524][T17698] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 620.115537][T17698] Call Trace: [ 620.115544][T17698] dump_stack+0x137/0x19d [ 620.120326][ T1034] loop2: p1 start 10 is beyond EOD, [ 620.129556][T17698] should_fail+0x23c/0x250 [ 620.129581][T17698] __alloc_pages+0x102/0x320 [ 620.132858][ T1034] truncated [ 620.132863][ T1034] loop2: p2 size 1073872896 extends beyond EOD, [ 620.137168][T17698] alloc_pages+0x21d/0x310 [ 620.142446][ T1034] truncated [ 620.146817][T17698] push_pipe+0x267/0x370 [ 620.154852][ T1034] loop2: p3 start 225 is beyond EOD, [ 620.160780][T17698] iov_iter_get_pages+0xb39/0xcc0 [ 620.160805][T17698] bio_iov_iter_get_pages+0x55f/0xa70 [ 620.165212][ T1034] truncated [ 620.165217][ T1034] loop2: p4 size 3657465856 extends beyond EOD, [ 620.168301][T17698] iomap_dio_bio_actor+0x673/0xb50 [ 620.172525][ T1034] truncated [ 620.205957][T17698] iomap_dio_actor+0x26e/0x3b0 [ 620.210730][T17698] ? __filemap_fdatawait_range+0x17c/0x1b0 [ 620.216542][T17698] iomap_apply+0x1e2/0x400 [ 620.221068][T17698] __iomap_dio_rw+0x5af/0xad0 [ 620.225753][T17698] ? __iomap_dio_rw+0xad0/0xad0 [ 620.230618][T17698] iomap_dio_rw+0x30/0x70 [ 620.234954][T17698] ext4_file_read_iter+0x21a/0x290 [ 620.240094][T17698] generic_file_splice_read+0x22a/0x310 [ 620.245846][T17698] ? splice_shrink_spd+0x60/0x60 [ 620.250866][T17698] splice_direct_to_actor+0x2aa/0x650 [ 620.256258][T17698] ? do_splice_direct+0x170/0x170 [ 620.261276][T17698] do_splice_direct+0xf5/0x170 [ 620.266036][T17698] do_sendfile+0x773/0xda0 [ 620.270494][T17698] __x64_sys_sendfile64+0xf2/0x130 [ 620.275671][T17698] do_syscall_64+0x4a/0x90 [ 620.280069][T17698] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 620.285950][T17698] RIP: 0033:0x4665f9 [ 620.289826][T17698] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 620.309416][T17698] RSP: 002b:00007f66db8d7188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 620.317817][T17698] RAX: ffffffffffffffda RBX: 000000000056c008 RCX: 00000000004665f9 [ 620.325773][T17698] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000003 [ 620.333731][T17698] RBP: 00007f66db8d71d0 R08: 0000000000000000 R09: 0000000000000000 [ 620.341707][T17698] R10: 00008080ffffff7e R11: 0000000000000246 R12: 0000000000000002 [ 620.349659][T17698] R13: 00007ffc1c86f7ef R14: 00007f66db8d7300 R15: 0000000000022000 [ 620.379392][T17710] EXT4-fs (loop7): VFS: Can't find ext4 filesystem [ 620.429049][ T1034] loop2: p1 p2 p3 p4 [ 620.434361][ T1034] loop2: p1 start 10 is beyond EOD, truncated [ 620.440474][ T1034] loop2: p2 size 1073872896 extends beyond EOD, truncated [ 620.449718][ T1034] loop2: p3 start 225 is beyond EOD, truncated [ 620.455913][ T1034] loop2: p4 size 3657465856 extends beyond EOD, truncated 17:05:16 executing program 4 (fault-call:11 fault-nth:65): prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x6}, 0x0) r0 = open(&(0x7f00000001c0)='./bus\x00', 0x145842, 0x0) r1 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0) lseek(r1, 0x4200, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r3, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r2, &(0x7f0000000000), 0x10000}]) r4 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r1, r4, 0x0, 0x8400fffffffb) sendfile(r0, r0, 0x0, 0x8080ffffff7e) 17:05:16 executing program 0 (fault-call:5 fault-nth:5): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.events\x00', 0xb00000000065808, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000140)) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(r2, &(0x7f0000000000), 0xb1d000) ioctl$FITRIM(r0, 0x4030582b, &(0x7f0000000080)={0x0, 0x800004, 0x40000010000}) 17:05:16 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000580)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = socket$inet(0x10, 0x3, 0x0) sendmsg(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000400)="24000000190007031dfffd946fa2830020200a0009000000001d85680c1ba3a20400ff7e280000001c00ffffba16a0aa1c0009b3ebcd774a3c374a095dca5285307eadea8653a1cc7e63975c", 0x4c}], 0x1}, 0x0) 17:05:16 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000100)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1000002, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod$loop(&(0x7f00000000c0)='./file0\x00', 0x6000, 0x1) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f0000000100)=@filename='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='ext2\x00', 0x1020, 0x0) 17:05:16 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000200)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in6=@ipv4={'\x00', '\xff\xff', @broadcast}, 0x0, 0x32}, @in=@dev, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd000000}, {}, {}, 0x0, 0x0, 0xa, 0xd104, 0x0, 0x24}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0) 17:05:16 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.events\x00', 0xb00000000065808, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000140)) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(r2, &(0x7f0000000000), 0xb1d000) ioctl$FITRIM(r0, 0x4030582b, &(0x7f0000000080)={0x0, 0x0, 0x40000010000}) 17:05:16 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000100)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1000002, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod$loop(&(0x7f00000000c0)='./file0\x00', 0x6000, 0x1) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f0000000100)=@filename='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='ext2\x00', 0x1100, 0x0) 17:05:16 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000580)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = socket$inet(0x10, 0x3, 0x0) sendmsg(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000400)="240000001a0007031dfffd946fa2830020200a0009000000001d85680c1ba3a20400ff7e280000001c00ffffba16a0aa1c0009b3ebcd774a3c374a095dca5285307eadea8653a1cc7e63975c", 0x4c}], 0x1}, 0x0) 17:05:16 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000200)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in6=@ipv4={'\x00', '\xff\xff', @broadcast}, 0x0, 0x32}, @in=@dev, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe000000}, {}, {}, 0x0, 0x0, 0xa, 0xd104, 0x0, 0x24}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0) [ 620.756420][ T1034] loop2: p1 p2 p3 p4 [ 620.760735][ T1034] loop2: p1 start 10 is beyond EOD, truncated [ 620.766824][ T1034] loop2: p2 size 1073872896 extends beyond EOD, truncated [ 620.788137][ T1034] loop2: p3 start 225 is beyond EOD, truncated [ 620.794340][ T1034] loop2: p4 size 3657465856 extends beyond EOD, truncated 17:05:16 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000580)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = socket$inet(0x10, 0x3, 0x0) sendmsg(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000400)="240000001c0007031dfffd946fa2830020200a0009000000001d85680c1ba3a20400ff7e280000001c00ffffba16a0aa1c0009b3ebcd774a3c374a095dca5285307eadea8653a1cc7e63975c", 0x4c}], 0x1}, 0x0) 17:05:16 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000200)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in6=@ipv4={'\x00', '\xff\xff', @broadcast}, 0x0, 0x32}, @in=@dev, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000000}, {}, {}, 0x0, 0x0, 0xa, 0xd104, 0x0, 0x24}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0) [ 620.802466][T17758] FAULT_INJECTION: forcing a failure. [ 620.802466][T17758] name failslab, interval 1, probability 0, space 0, times 0 [ 620.815312][T17758] CPU: 0 PID: 17758 Comm: syz-executor.0 Not tainted 5.12.0-syzkaller #0 [ 620.823745][T17758] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 620.833809][T17758] Call Trace: [ 620.837093][T17758] dump_stack+0x137/0x19d [ 620.841447][T17758] should_fail+0x23c/0x250 [ 620.845943][T17758] __should_failslab+0x81/0x90 [ 620.850717][T17758] should_failslab+0x5/0x20 [ 620.855234][T17758] kmem_cache_alloc_node+0x58/0x2b0 [ 620.860447][T17758] ? create_task_io_context+0x36/0x210 [ 620.865913][T17758] create_task_io_context+0x36/0x210 [ 620.871264][T17758] submit_bio_checks+0x778/0x800 [ 620.872272][T17769] FAULT_INJECTION: forcing a failure. [ 620.872272][T17769] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 620.876216][T17758] ? kmem_cache_alloc+0x201/0x2f0 [ 620.894452][T17758] ? mempool_alloc_slab+0x16/0x20 [ 620.899481][T17758] submit_bio_noacct+0x33/0x7e0 [ 620.904332][T17758] ? mempool_alloc_slab+0x16/0x20 [ 620.909410][T17758] ? mempool_free+0x130/0x130 [ 620.914071][T17758] ? mempool_alloc+0x99/0x300 [ 620.918736][T17758] submit_bio+0x16d/0x2b0 [ 620.923054][T17758] submit_bh_wbc+0x2f3/0x330 [ 620.927628][T17758] submit_bh+0x21/0x30 [ 620.931746][T17758] ? __wait_on_buffer+0x60/0x60 [ 620.936580][T17758] ext4_read_bh+0xdf/0x190 [ 620.940980][T17758] ext4_read_bh_lock+0x44/0xd0 [ 620.945727][T17758] ext4_block_zero_page_range+0x350/0x620 [ 620.951492][T17758] ext4_zero_partial_blocks+0xde/0x180 [ 620.956939][T17758] ext4_punch_hole+0x54e/0x9a0 [ 620.961703][T17758] ext4_fallocate+0xea/0x4d0 [ 620.966279][T17758] ? ext4_ext_truncate+0x170/0x170 [ 620.971387][T17758] vfs_fallocate+0x463/0x660 [ 620.976038][T17758] do_vfs_ioctl+0x1322/0x1410 [ 620.980750][T17758] ? inode_dio_wait+0xb/0x140 [ 620.985412][T17758] __se_sys_ioctl+0x83/0x140 [ 620.990028][T17758] __x64_sys_ioctl+0x3f/0x50 [ 620.994648][T17758] do_syscall_64+0x4a/0x90 [ 620.999064][T17758] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 621.004950][T17758] RIP: 0033:0x4665f9 [ 621.008831][T17758] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 621.028460][T17758] RSP: 002b:00007fc38c4f2188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 621.036858][T17758] RAX: ffffffffffffffda RBX: 000000000056c008 RCX: 00000000004665f9 [ 621.044831][T17758] RDX: 0000000020000080 RSI: 000000004030582b RDI: 0000000000000003 [ 621.052788][T17758] RBP: 00007fc38c4f21d0 R08: 0000000000000000 R09: 0000000000000000 [ 621.060805][T17758] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 621.068762][T17758] R13: 00007fff9319eeff R14: 00007fc38c4f2300 R15: 0000000000022000 [ 621.076723][T17769] CPU: 1 PID: 17769 Comm: syz-executor.4 Not tainted 5.12.0-syzkaller #0 [ 621.085151][T17769] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 621.095248][T17769] Call Trace: [ 621.098530][T17769] dump_stack+0x137/0x19d [ 621.102867][T17769] should_fail+0x23c/0x250 [ 621.107292][T17769] __alloc_pages+0x102/0x320 [ 621.111889][T17769] alloc_pages+0x21d/0x310 [ 621.116321][T17769] push_pipe+0x267/0x370 [ 621.120634][T17769] iov_iter_get_pages+0xb39/0xcc0 [ 621.125663][T17769] bio_iov_iter_get_pages+0x55f/0xa70 [ 621.131089][T17769] iomap_dio_bio_actor+0x673/0xb50 [ 621.135322][ T1034] loop2: p1 p2 p3 p4 [ 621.136206][T17769] iomap_dio_actor+0x26e/0x3b0 [ 621.140829][ T1034] loop2: p1 start 10 is beyond EOD, [ 621.144948][T17769] ? __filemap_fdatawait_range+0x17c/0x1b0 [ 621.150251][ T1034] truncated [ 621.156011][T17769] iomap_apply+0x1e2/0x400 [ 621.159120][ T1034] loop2: p2 size 1073872896 extends beyond EOD, truncated [ 621.163496][T17769] __iomap_dio_rw+0x5af/0xad0 [ 621.174446][ T1034] loop2: p3 start 225 is beyond EOD, [ 621.175237][T17769] ? __iomap_dio_rw+0xad0/0xad0 [ 621.180631][ T1034] truncated [ 621.185435][T17769] iomap_dio_rw+0x30/0x70 [ 621.188558][ T1034] loop2: p4 size 3657465856 extends beyond EOD, truncated [ 621.192825][T17769] ext4_file_read_iter+0x21a/0x290 17:05:16 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.events\x00', 0xb00000000065808, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000140)) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(r2, &(0x7f0000000000), 0xb1d000) ioctl$FITRIM(r0, 0x4030582b, &(0x7f0000000080)={0x0, 0x0, 0x40000010000}) [ 621.205009][T17769] generic_file_splice_read+0x22a/0x310 [ 621.210577][T17769] ? splice_shrink_spd+0x60/0x60 [ 621.215595][T17769] splice_direct_to_actor+0x2aa/0x650 [ 621.220973][T17769] ? do_splice_direct+0x170/0x170 [ 621.226077][T17769] do_splice_direct+0xf5/0x170 [ 621.230852][T17769] do_sendfile+0x773/0xda0 [ 621.235281][T17769] __x64_sys_sendfile64+0xf2/0x130 [ 621.240396][T17769] do_syscall_64+0x4a/0x90 [ 621.244899][T17769] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 621.250801][T17769] RIP: 0033:0x4665f9 [ 621.254798][T17769] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 621.274528][T17769] RSP: 002b:00007f66db8d7188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 621.282931][T17769] RAX: ffffffffffffffda RBX: 000000000056c008 RCX: 00000000004665f9 [ 621.290887][T17769] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000003 [ 621.298846][T17769] RBP: 00007f66db8d71d0 R08: 0000000000000000 R09: 0000000000000000 [ 621.306802][T17769] R10: 00008080ffffff7e R11: 0000000000000246 R12: 0000000000000002 [ 621.314776][T17769] R13: 00007ffc1c86f7ef R14: 00007f66db8d7300 R15: 0000000000022000 [ 621.390739][ T1034] loop2: p1 p2 p3 p4 [ 621.395044][ T1034] loop2: p1 start 10 is beyond EOD, truncated [ 621.401276][ T1034] loop2: p2 size 1073872896 extends beyond EOD, truncated [ 621.409310][ T1034] loop2: p3 start 225 is beyond EOD, truncated [ 621.415608][ T1034] loop2: p4 size 3657465856 extends beyond EOD, truncated 17:05:17 executing program 4 (fault-call:11 fault-nth:66): prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x6}, 0x0) r0 = open(&(0x7f00000001c0)='./bus\x00', 0x145842, 0x0) r1 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0) lseek(r1, 0x4200, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r3, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r2, &(0x7f0000000000), 0x10000}]) r4 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r1, r4, 0x0, 0x8400fffffffb) sendfile(r0, r0, 0x0, 0x8080ffffff7e) 17:05:17 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000100)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1000002, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod$loop(&(0x7f00000000c0)='./file0\x00', 0x6000, 0x1) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f0000000100)=@filename='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='ext2\x00', 0x1200, 0x0) 17:05:17 executing program 0 (fault-call:5 fault-nth:6): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.events\x00', 0xb00000000065808, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000140)) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(r2, &(0x7f0000000000), 0xb1d000) ioctl$FITRIM(r0, 0x4030582b, &(0x7f0000000080)={0x0, 0x800004, 0x40000010000}) 17:05:17 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000200)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in6=@ipv4={'\x00', '\xff\xff', @broadcast}, 0x0, 0x32}, @in=@dev, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x11000000}, {}, {}, 0x0, 0x0, 0xa, 0xd104, 0x0, 0x24}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0) 17:05:17 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000580)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = socket$inet(0x10, 0x3, 0x0) sendmsg(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000400)="240000001d0007031dfffd946fa2830020200a0009000000001d85680c1ba3a20400ff7e280000001c00ffffba16a0aa1c0009b3ebcd774a3c374a095dca5285307eadea8653a1cc7e63975c", 0x4c}], 0x1}, 0x0) 17:05:17 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.events\x00', 0xb00000000065808, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000140)) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(r2, &(0x7f0000000000), 0xb1d000) ioctl$FITRIM(r0, 0x4030582b, &(0x7f0000000080)={0x0, 0x0, 0x40000010000}) 17:05:17 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000100)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1000002, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod$loop(&(0x7f00000000c0)='./file0\x00', 0x6000, 0x1) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f0000000100)=@filename='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='ext2\x00', 0x2000, 0x0) 17:05:17 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000200)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in6=@ipv4={'\x00', '\xff\xff', @broadcast}, 0x0, 0x32}, @in=@dev, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x12000000}, {}, {}, 0x0, 0x0, 0xa, 0xd104, 0x0, 0x24}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0) 17:05:17 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000580)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = socket$inet(0x10, 0x3, 0x0) sendmsg(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000400)="240000001e0007031dfffd946fa2830020200a0009000000001d85680c1ba3a20400ff7e280000001c00ffffba16a0aa1c0009b3ebcd774a3c374a095dca5285307eadea8653a1cc7e63975c", 0x4c}], 0x1}, 0x0) 17:05:17 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000200)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in6=@ipv4={'\x00', '\xff\xff', @broadcast}, 0x0, 0x32}, @in=@dev, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x14000000}, {}, {}, 0x0, 0x0, 0xa, 0xd104, 0x0, 0x24}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0) [ 621.741425][ T1034] loop2: p1 p2 p3 p4 [ 621.749229][ T1034] loop2: p1 start 10 is beyond EOD, truncated [ 621.755434][ T1034] loop2: p2 size 1073872896 extends beyond EOD, truncated [ 621.764985][ T1034] loop2: p3 start 225 is beyond EOD, truncated [ 621.771323][ T1034] loop2: p4 size 3657465856 extends beyond EOD, truncated [ 621.785767][T17834] FAULT_INJECTION: forcing a failure. 17:05:17 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000100)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1000002, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod$loop(&(0x7f00000000c0)='./file0\x00', 0x6000, 0x1) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f0000000100)=@filename='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='ext2\x00', 0x2010, 0x0) [ 621.785767][T17834] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 621.799151][T17834] CPU: 1 PID: 17834 Comm: syz-executor.4 Not tainted 5.12.0-syzkaller #0 [ 621.807621][T17834] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 621.817677][T17834] Call Trace: [ 621.820958][T17834] dump_stack+0x137/0x19d [ 621.825294][T17834] should_fail+0x23c/0x250 [ 621.829788][T17834] __alloc_pages+0x102/0x320 [ 621.834385][T17834] alloc_pages+0x21d/0x310 [ 621.838870][T17834] push_pipe+0x267/0x370 [ 621.843123][T17834] iov_iter_get_pages+0xb39/0xcc0 [ 621.848143][T17834] bio_iov_iter_get_pages+0x55f/0xa70 [ 621.853545][T17834] iomap_dio_bio_actor+0x673/0xb50 [ 621.858710][T17834] iomap_dio_actor+0x26e/0x3b0 [ 621.863488][T17834] ? __filemap_fdatawait_range+0x17c/0x1b0 [ 621.869293][T17834] iomap_apply+0x1e2/0x400 [ 621.873706][T17834] __iomap_dio_rw+0x5af/0xad0 [ 621.878446][T17834] ? __iomap_dio_rw+0xad0/0xad0 [ 621.883277][T17834] iomap_dio_rw+0x30/0x70 [ 621.887726][T17834] ext4_file_read_iter+0x21a/0x290 [ 621.892839][T17834] generic_file_splice_read+0x22a/0x310 [ 621.898393][T17834] ? splice_shrink_spd+0x60/0x60 [ 621.903409][T17834] splice_direct_to_actor+0x2aa/0x650 [ 621.908763][T17834] ? do_splice_direct+0x170/0x170 [ 621.913768][T17834] do_splice_direct+0xf5/0x170 [ 621.918564][T17834] do_sendfile+0x773/0xda0 [ 621.923032][T17834] __x64_sys_sendfile64+0xf2/0x130 [ 621.928126][T17834] do_syscall_64+0x4a/0x90 [ 621.932527][T17834] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 621.938406][T17834] RIP: 0033:0x4665f9 [ 621.942285][T17834] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 621.961879][T17834] RSP: 002b:00007f66db8d7188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 621.970325][T17834] RAX: ffffffffffffffda RBX: 000000000056c008 RCX: 00000000004665f9 [ 621.978285][T17834] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000003 17:05:17 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000580)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = socket$inet(0x10, 0x3, 0x0) sendmsg(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000400)="24000000210007031dfffd946fa2830020200a0009000000001d85680c1ba3a20400ff7e280000001c00ffffba16a0aa1c0009b3ebcd774a3c374a095dca5285307eadea8653a1cc7e63975c", 0x4c}], 0x1}, 0x0) [ 621.986242][T17834] RBP: 00007f66db8d71d0 R08: 0000000000000000 R09: 0000000000000000 [ 621.994195][T17834] R10: 00008080ffffff7e R11: 0000000000000246 R12: 0000000000000002 [ 622.002165][T17834] R13: 00007ffc1c86f7ef R14: 00007f66db8d7300 R15: 0000000000022000 [ 622.020495][T17824] FAULT_INJECTION: forcing a failure. [ 622.020495][T17824] name failslab, interval 1, probability 0, space 0, times 0 [ 622.033235][T17824] CPU: 0 PID: 17824 Comm: syz-executor.0 Not tainted 5.12.0-syzkaller #0 [ 622.041735][T17824] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 622.051799][T17824] Call Trace: [ 622.055081][T17824] dump_stack+0x137/0x19d [ 622.059435][T17824] should_fail+0x23c/0x250 [ 622.063865][T17824] ? mempool_alloc_slab+0x16/0x20 [ 622.068947][T17824] __should_failslab+0x81/0x90 [ 622.073699][T17824] should_failslab+0x5/0x20 [ 622.078191][T17824] kmem_cache_alloc+0x46/0x2f0 [ 622.082939][T17824] mempool_alloc_slab+0x16/0x20 [ 622.087775][T17824] ? mempool_free+0x130/0x130 [ 622.092437][T17824] mempool_alloc+0x8c/0x300 [ 622.096935][T17824] ? __brelse+0x2c/0x50 [ 622.101073][T17824] bio_alloc_bioset+0xcc/0x480 [ 622.105823][T17824] submit_bh_wbc+0x130/0x330 [ 622.110437][T17824] ? __list_del_entry_valid+0x54/0xc0 [ 622.115899][T17824] __sync_dirty_buffer+0x136/0x1e0 [ 622.120995][T17824] sync_dirty_buffer+0x16/0x20 [ 622.125782][T17824] __ext4_handle_dirty_metadata+0x1d3/0x590 [ 622.131664][T17824] ? ext4_clear_blocks+0x292/0x2b0 [ 622.136759][T17824] ext4_free_data+0x258/0x2b0 [ 622.141418][T17824] ext4_free_branches+0x64/0x420 [ 622.146394][T17824] ? ext4_find_shared+0x25e/0x290 [ 622.151453][T17824] ext4_ind_remove_space+0xe2d/0x1330 [ 622.156810][T17824] ext4_punch_hole+0x69e/0x9a0 [ 622.161557][T17824] ext4_fallocate+0xea/0x4d0 [ 622.166204][T17824] ? ext4_ext_truncate+0x170/0x170 [ 622.171297][T17824] vfs_fallocate+0x463/0x660 [ 622.175879][T17824] do_vfs_ioctl+0x1322/0x1410 [ 622.180655][T17824] ? inode_dio_wait+0xb/0x140 [ 622.185330][T17824] __se_sys_ioctl+0x83/0x140 [ 622.189910][T17824] __x64_sys_ioctl+0x3f/0x50 [ 622.194508][T17824] do_syscall_64+0x4a/0x90 [ 622.198916][T17824] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 622.204796][T17824] RIP: 0033:0x4665f9 [ 622.208674][T17824] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 622.228268][T17824] RSP: 002b:00007fc38c4f2188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 622.236677][T17824] RAX: ffffffffffffffda RBX: 000000000056c008 RCX: 00000000004665f9 [ 622.244632][T17824] RDX: 0000000020000080 RSI: 000000004030582b RDI: 0000000000000003 [ 622.252586][T17824] RBP: 00007fc38c4f21d0 R08: 0000000000000000 R09: 0000000000000000 [ 622.260548][T17824] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 622.268500][T17824] R13: 00007fff9319eeff R14: 00007fc38c4f2300 R15: 0000000000022000 [ 622.309959][ T1034] loop2: p1 p2 p3 p4 [ 622.315359][ T1034] loop2: p1 start 10 is beyond EOD, truncated [ 622.321479][ T1034] loop2: p2 size 1073872896 extends beyond EOD, truncated [ 622.347477][ T1034] loop2: p3 start 225 is beyond EOD, truncated [ 622.353751][ T1034] loop2: p4 size 3657465856 extends beyond EOD, truncated [ 622.391996][ T1034] loop2: p1 p2 p3 p4 [ 622.396288][ T1034] loop2: p1 start 10 is beyond EOD, truncated [ 622.402391][ T1034] loop2: p2 size 1073872896 extends beyond EOD, truncated [ 622.410111][ T1034] loop2: p3 start 225 is beyond EOD, truncated [ 622.416480][ T1034] loop2: p4 size 3657465856 extends beyond EOD, truncated 17:05:18 executing program 4 (fault-call:11 fault-nth:67): prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x6}, 0x0) r0 = open(&(0x7f00000001c0)='./bus\x00', 0x145842, 0x0) r1 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0) lseek(r1, 0x4200, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r3, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r2, &(0x7f0000000000), 0x10000}]) r4 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r1, r4, 0x0, 0x8400fffffffb) sendfile(r0, r0, 0x0, 0x8080ffffff7e) 17:05:18 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000100)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1000002, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod$loop(&(0x7f00000000c0)='./file0\x00', 0x6000, 0x1) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f0000000100)=@filename='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='ext2\x00', 0x2500, 0x0) 17:05:18 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.events\x00', 0xb00000000065808, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000140)) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(r2, &(0x7f0000000000), 0xb1d000) ioctl$FITRIM(r0, 0x4030582b, &(0x7f0000000080)={0x0, 0x800004}) 17:05:18 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000580)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = socket$inet(0x10, 0x3, 0x0) sendmsg(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000400)="24000000220007031dfffd946fa2830020200a0009000000001d85680c1ba3a20400ff7e280000001c00ffffba16a0aa1c0009b3ebcd774a3c374a095dca5285307eadea8653a1cc7e63975c", 0x4c}], 0x1}, 0x0) 17:05:18 executing program 0 (fault-call:5 fault-nth:7): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.events\x00', 0xb00000000065808, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000140)) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(r2, &(0x7f0000000000), 0xb1d000) ioctl$FITRIM(r0, 0x4030582b, &(0x7f0000000080)={0x0, 0x800004, 0x40000010000}) 17:05:18 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000200)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in6=@ipv4={'\x00', '\xff\xff', @broadcast}, 0x0, 0x32}, @in=@dev, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x17000000}, {}, {}, 0x0, 0x0, 0xa, 0xd104, 0x0, 0x24}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0) 17:05:18 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000100)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1000002, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod$loop(&(0x7f00000000c0)='./file0\x00', 0x6000, 0x1) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f0000000100)=@filename='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='ext2\x00', 0x3f00, 0x0) 17:05:18 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000200)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in6=@ipv4={'\x00', '\xff\xff', @broadcast}, 0x0, 0x32}, @in=@dev, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000}, {}, {}, 0x0, 0x0, 0xa, 0xd104, 0x0, 0x24}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0) [ 622.667060][T17881] __nla_validate_parse: 22 callbacks suppressed [ 622.667072][T17881] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.2'. 17:05:18 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000580)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = socket$inet(0x10, 0x3, 0x0) sendmsg(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000400)="24000000240007031dfffd946fa2830020200a0009000000001d85680c1ba3a20400ff7e280000001c00ffffba16a0aa1c0009b3ebcd774a3c374a095dca5285307eadea8653a1cc7e63975c", 0x4c}], 0x1}, 0x0) 17:05:18 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000200)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in6=@ipv4={'\x00', '\xff\xff', @broadcast}, 0x0, 0x32}, @in=@dev, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80060000}, {}, {}, 0x0, 0x0, 0xa, 0xd104, 0x0, 0x24}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0) [ 622.754500][T17896] FAULT_INJECTION: forcing a failure. [ 622.754500][T17896] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 622.767862][T17896] CPU: 1 PID: 17896 Comm: syz-executor.4 Not tainted 5.12.0-syzkaller #0 [ 622.776284][T17896] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 622.786346][T17896] Call Trace: [ 622.789629][T17896] dump_stack+0x137/0x19d [ 622.793950][T17896] should_fail+0x23c/0x250 [ 622.798349][T17896] __alloc_pages+0x102/0x320 [ 622.802924][T17896] alloc_pages+0x21d/0x310 [ 622.807337][T17896] push_pipe+0x267/0x370 [ 622.811573][T17896] iov_iter_get_pages+0xb39/0xcc0 [ 622.816589][T17896] bio_iov_iter_get_pages+0x55f/0xa70 [ 622.821978][T17896] iomap_dio_bio_actor+0x673/0xb50 [ 622.827101][T17896] iomap_dio_actor+0x26e/0x3b0 [ 622.831893][T17896] ? __filemap_fdatawait_range+0x17c/0x1b0 [ 622.837695][T17896] iomap_apply+0x1e2/0x400 [ 622.842222][T17896] __iomap_dio_rw+0x5af/0xad0 [ 622.846887][T17896] ? __iomap_dio_rw+0xad0/0xad0 [ 622.851724][T17896] iomap_dio_rw+0x30/0x70 [ 622.856044][T17896] ext4_file_read_iter+0x21a/0x290 [ 622.861144][T17896] generic_file_splice_read+0x22a/0x310 [ 622.866754][T17896] ? splice_shrink_spd+0x60/0x60 [ 622.871674][T17896] splice_direct_to_actor+0x2aa/0x650 [ 622.877072][T17896] ? do_splice_direct+0x170/0x170 [ 622.882096][T17896] do_splice_direct+0xf5/0x170 [ 622.886860][T17896] do_sendfile+0x773/0xda0 [ 622.891281][T17896] __x64_sys_sendfile64+0xf2/0x130 [ 622.896469][T17896] do_syscall_64+0x4a/0x90 [ 622.900873][T17896] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 622.906804][T17896] RIP: 0033:0x4665f9 [ 622.910685][T17896] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 622.930479][T17896] RSP: 002b:00007f66db8d7188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 622.939009][T17896] RAX: ffffffffffffffda RBX: 000000000056c008 RCX: 00000000004665f9 [ 622.948729][T17896] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000003 [ 622.956690][T17896] RBP: 00007f66db8d71d0 R08: 0000000000000000 R09: 0000000000000000 [ 622.964673][T17896] R10: 00008080ffffff7e R11: 0000000000000246 R12: 0000000000000002 [ 622.972709][T17896] R13: 00007ffc1c86f7ef R14: 00007f66db8d7300 R15: 0000000000022000 [ 622.983338][T17892] FAULT_INJECTION: forcing a failure. [ 622.983338][T17892] name failslab, interval 1, probability 0, space 0, times 0 [ 622.995988][T17892] CPU: 0 PID: 17892 Comm: syz-executor.0 Not tainted 5.12.0-syzkaller #0 [ 623.004409][T17892] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 623.011837][ T1034] loop2: p1 p2 p3 p4 [ 623.014500][T17892] Call Trace: [ 623.014510][T17892] dump_stack+0x137/0x19d [ 623.014533][T17892] should_fail+0x23c/0x250 [ 623.014552][T17892] ? mempool_alloc_slab+0x16/0x20 [ 623.014574][T17892] __should_failslab+0x81/0x90 [ 623.021580][ T1034] loop2: p1 start 10 is beyond EOD, [ 623.021865][T17892] should_failslab+0x5/0x20 [ 623.026231][ T1034] truncated [ 623.030578][T17892] kmem_cache_alloc+0x46/0x2f0 [ 623.035599][ T1034] loop2: p2 size 1073872896 extends beyond EOD, [ 623.040340][T17892] mempool_alloc_slab+0x16/0x20 [ 623.040364][T17892] ? mempool_free+0x130/0x130 [ 623.045618][ T1034] truncated [ 623.058329][ T1034] loop2: p3 start 225 is beyond EOD, [ 623.064244][T17892] mempool_alloc+0x8c/0x300 [ 623.064269][T17892] ? __brelse+0x2c/0x50 [ 623.069138][ T1034] truncated [ 623.073776][T17892] bio_alloc_bioset+0xcc/0x480 [ 623.076865][ T1034] loop2: p4 size 3657465856 extends beyond EOD, [ 623.082227][T17892] submit_bh_wbc+0x130/0x330 [ 623.086720][ T1034] truncated [ 623.112637][T17892] ? __list_del_entry_valid+0x54/0xc0 [ 623.118026][T17892] __sync_dirty_buffer+0x136/0x1e0 [ 623.123133][T17892] sync_dirty_buffer+0x16/0x20 [ 623.127911][T17892] __ext4_handle_dirty_metadata+0x1d3/0x590 [ 623.132057][T17906] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.2'. [ 623.133867][T17892] ? ext4_clear_blocks+0x292/0x2b0 [ 623.133894][T17892] ext4_free_data+0x258/0x2b0 17:05:18 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000100)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1000002, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod$loop(&(0x7f00000000c0)='./file0\x00', 0x6000, 0x1) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f0000000100)=@filename='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='ext2\x00', 0x4000, 0x0) 17:05:18 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.events\x00', 0xb00000000065808, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000140)) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(r2, &(0x7f0000000000), 0xb1d000) ioctl$FITRIM(r0, 0x4030582b, &(0x7f0000000080)={0x0, 0x800004}) [ 623.133910][T17892] ext4_free_branches+0x64/0x420 [ 623.133927][T17892] ? ext4_find_shared+0x25e/0x290 [ 623.163087][T17892] ext4_ind_remove_space+0xeaa/0x1330 [ 623.168476][T17892] ext4_punch_hole+0x69e/0x9a0 [ 623.173245][T17892] ext4_fallocate+0xea/0x4d0 [ 623.177847][T17892] ? ext4_ext_truncate+0x170/0x170 [ 623.183032][T17892] vfs_fallocate+0x463/0x660 [ 623.187639][T17892] do_vfs_ioctl+0x1322/0x1410 [ 623.192337][T17892] ? inode_dio_wait+0xb/0x140 [ 623.197021][T17892] __se_sys_ioctl+0x83/0x140 [ 623.201702][T17892] __x64_sys_ioctl+0x3f/0x50 [ 623.206307][T17892] do_syscall_64+0x4a/0x90 [ 623.210728][T17892] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 623.216624][T17892] RIP: 0033:0x4665f9 [ 623.220507][T17892] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 623.232028][ T1034] loop2: p1 p2 p3 p4 [ 623.240240][T17892] RSP: 002b:00007fc38c4f2188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 623.244750][ T1034] loop2: p1 start 10 is beyond EOD, [ 623.252628][T17892] RAX: ffffffffffffffda RBX: 000000000056c008 RCX: 00000000004665f9 [ 623.252643][T17892] RDX: 0000000020000080 RSI: 000000004030582b RDI: 0000000000000003 [ 623.252655][T17892] RBP: 00007fc38c4f21d0 R08: 0000000000000000 R09: 0000000000000000 [ 623.257931][ T1034] truncated [ 623.265962][T17892] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 623.265979][T17892] R13: 00007fff9319eeff R14: 00007fc38c4f2300 R15: 0000000000022000 [ 623.273965][ T1034] loop2: p2 size 1073872896 extends beyond EOD, truncated [ 623.309329][ T1034] loop2: p3 start 225 is beyond EOD, truncated [ 623.315595][ T1034] loop2: p4 size 3657465856 extends beyond EOD, truncated [ 623.362945][T17926] EXT4-fs (loop7): VFS: Can't find ext4 filesystem [ 623.381458][T17927] EXT4-fs (loop7): VFS: Can't find ext4 filesystem 17:05:19 executing program 4 (fault-call:11 fault-nth:68): prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x6}, 0x0) r0 = open(&(0x7f00000001c0)='./bus\x00', 0x145842, 0x0) r1 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0) lseek(r1, 0x4200, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r3, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r2, &(0x7f0000000000), 0x10000}]) r4 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r1, r4, 0x0, 0x8400fffffffb) sendfile(r0, r0, 0x0, 0x8080ffffff7e) 17:05:19 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000580)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = socket$inet(0x10, 0x3, 0x0) sendmsg(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000400)="24000000250007031dfffd946fa2830020200a0009000000001d85680c1ba3a20400ff7e280000001c00ffffba16a0aa1c0009b3ebcd774a3c374a095dca5285307eadea8653a1cc7e63975c", 0x4c}], 0x1}, 0x0) 17:05:19 executing program 0 (fault-call:5 fault-nth:8): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.events\x00', 0xb00000000065808, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000140)) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(r2, &(0x7f0000000000), 0xb1d000) ioctl$FITRIM(r0, 0x4030582b, &(0x7f0000000080)={0x0, 0x800004, 0x40000010000}) 17:05:19 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000100)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1000002, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod$loop(&(0x7f00000000c0)='./file0\x00', 0x6000, 0x1) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f0000000100)=@filename='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='ext2\x00', 0x4800, 0x0) 17:05:19 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000200)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in6=@ipv4={'\x00', '\xff\xff', @broadcast}, 0x0, 0x32}, @in=@dev, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9effffff}, {}, {}, 0x0, 0x0, 0xa, 0xd104, 0x0, 0x24}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0) 17:05:19 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.events\x00', 0xb00000000065808, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000140)) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(r2, &(0x7f0000000000), 0xb1d000) ioctl$FITRIM(r0, 0x4030582b, &(0x7f0000000080)={0x0, 0x800004}) [ 623.593656][T17939] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.2'. [ 623.604432][T17940] EXT4-fs (loop7): VFS: Can't find ext4 filesystem [ 623.620153][T17947] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.2'. 17:05:19 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000100)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1000002, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod$loop(&(0x7f00000000c0)='./file0\x00', 0x6000, 0x1) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f0000000100)=@filename='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='ext2\x00', 0x4c00, 0x0) 17:05:19 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000200)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in6=@ipv4={'\x00', '\xff\xff', @broadcast}, 0x0, 0x32}, @in=@dev, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xeaffffff}, {}, {}, 0x0, 0x0, 0xa, 0xd104, 0x0, 0x24}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0) [ 623.649027][T17943] EXT4-fs (loop7): VFS: Can't find ext4 filesystem 17:05:19 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000580)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = socket$inet(0x10, 0x3, 0x0) sendmsg(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000400)="24000000770007031dfffd946fa2830020200a0009000000001d85680c1ba3a20400ff7e280000001c00ffffba16a0aa1c0009b3ebcd774a3c374a095dca5285307eadea8653a1cc7e63975c", 0x4c}], 0x1}, 0x0) [ 623.690437][T17951] FAULT_INJECTION: forcing a failure. [ 623.690437][T17951] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 623.703548][T17951] CPU: 1 PID: 17951 Comm: syz-executor.0 Not tainted 5.12.0-syzkaller #0 [ 623.711973][T17951] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 623.722303][T17951] Call Trace: [ 623.725584][T17951] dump_stack+0x137/0x19d [ 623.729912][T17951] should_fail+0x23c/0x250 [ 623.734337][T17951] should_fail_usercopy+0x16/0x20 [ 623.739370][T17951] _copy_to_user+0x1c/0x90 [ 623.743774][T17951] simple_read_from_buffer+0xab/0x120 [ 623.749150][T17951] proc_fail_nth_read+0xf6/0x140 [ 623.754139][T17951] ? rw_verify_area+0x136/0x250 [ 623.759064][T17951] ? proc_fault_inject_write+0x200/0x200 [ 623.764777][T17951] vfs_read+0x154/0x5d0 [ 623.768980][T17951] ? __fget_light+0x21b/0x260 [ 623.773658][T17951] ? __cond_resched+0x11/0x40 [ 623.778379][T17951] ksys_read+0xce/0x180 [ 623.782561][T17951] __x64_sys_read+0x3e/0x50 [ 623.787055][T17951] do_syscall_64+0x4a/0x90 [ 623.791605][T17951] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 623.797552][T17951] RIP: 0033:0x41937c [ 623.801425][T17951] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 fc ff ff 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 2f fd ff ff 48 [ 623.821159][T17951] RSP: 002b:00007fc38c4f2170 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 623.829568][T17951] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000041937c [ 623.837525][T17951] RDX: 000000000000000f RSI: 00007fc38c4f21e0 RDI: 0000000000000006 [ 623.845580][T17951] RBP: 00007fc38c4f21d0 R08: 0000000000000000 R09: 0000000000000000 [ 623.853553][T17951] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 623.861527][T17951] R13: 00007fff9319eeff R14: 00007fc38c4f2300 R15: 0000000000022000 [ 623.885480][ T1034] loop2: p1 p2 p3 p4 17:05:19 executing program 0: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.events\x00', 0xb00000000065808, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000140)) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(r2, &(0x7f0000000000), 0xb1d000) ioctl$FITRIM(r0, 0x4030582b, &(0x7f0000000080)={0x0, 0x800004, 0x40000010000}) 17:05:19 executing program 5: r0 = openat(0xffffffffffffff9c, &(0x7f0000000580)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = socket$inet(0x10, 0x3, 0x0) sendmsg(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000400)="24000000120007031dfffd946fa2830020200a0009000000001d85680c1ba3a20400ff7e280000001c00ffffba16a0aa1c0009b3ebcd774a3c374a095dca5285307eadea8653a1cc7e63975c", 0x4c}], 0x1}, 0x0) 17:05:19 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000200)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in6=@ipv4={'\x00', '\xff\xff', @broadcast}, 0x0, 0x32}, @in=@dev, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xefffffff}, {}, {}, 0x0, 0x0, 0xa, 0xd104, 0x0, 0x24}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0) [ 623.889887][ T1034] loop2: p1 start 10 is beyond EOD, truncated [ 623.896038][ T1034] loop2: p2 size 1073872896 extends beyond EOD, truncated [ 623.910303][T17961] EXT4-fs (loop7): VFS: Can't find ext4 filesystem [ 623.924057][ T1034] loop2: p3 start 225 is beyond EOD, truncated [ 623.930347][ T1034] loop2: p4 size 3657465856 extends beyond EOD, truncated [ 623.930841][T17967] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=119 sclass=netlink_route_socket pid=17967 comm=syz-executor.2 [ 623.952304][T17958] FAULT_INJECTION: forcing a failure. [ 623.952304][T17958] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 623.965567][T17958] CPU: 0 PID: 17958 Comm: syz-executor.4 Not tainted 5.12.0-syzkaller #0 [ 623.973994][T17958] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 623.978113][T17967] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.2'. [ 623.984341][T17958] Call Trace: [ 623.984352][T17958] dump_stack+0x137/0x19d [ 623.984376][T17958] should_fail+0x23c/0x250 [ 623.984399][T17958] __alloc_pages+0x102/0x320 [ 623.984430][T17958] alloc_pages+0x21d/0x310 [ 624.014726][T17958] push_pipe+0x267/0x370 [ 624.018977][T17958] iov_iter_get_pages+0xb39/0xcc0 [ 624.024012][T17958] bio_iov_iter_get_pages+0x55f/0xa70 [ 624.032257][T17958] iomap_dio_bio_actor+0x673/0xb50 [ 624.037474][T17958] iomap_dio_actor+0x26e/0x3b0 [ 624.042373][T17958] ? __filemap_fdatawait_range+0x17c/0x1b0 [ 624.048182][T17958] iomap_apply+0x1e2/0x400 [ 624.050840][T17966] EXT4-fs (loop7): VFS: Can't find ext4 filesystem [ 624.052613][T17958] __iomap_dio_rw+0x5af/0xad0 [ 624.063789][T17958] ? __iomap_dio_rw+0xad0/0xad0 [ 624.068635][T17958] iomap_dio_rw+0x30/0x70 [ 624.072947][T17958] ext4_file_read_iter+0x21a/0x290 [ 624.078109][T17958] generic_file_splice_read+0x22a/0x310 [ 624.083641][T17958] ? splice_shrink_spd+0x60/0x60 [ 624.088585][T17958] splice_direct_to_actor+0x2aa/0x650 [ 624.093956][T17958] ? do_splice_direct+0x170/0x170 [ 624.098964][T17958] do_splice_direct+0xf5/0x170 [ 624.103732][T17958] do_sendfile+0x773/0xda0 [ 624.108147][T17958] __x64_sys_sendfile64+0xf2/0x130 [ 624.113244][T17958] do_syscall_64+0x4a/0x90 [ 624.117737][T17958] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 624.123738][T17958] RIP: 0033:0x4665f9 [ 624.127621][T17958] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 624.147236][T17958] RSP: 002b:00007f66db8d7188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 624.155639][T17958] RAX: ffffffffffffffda RBX: 000000000056c008 RCX: 00000000004665f9 [ 624.163608][T17958] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000003 [ 624.171562][T17958] RBP: 00007f66db8d71d0 R08: 0000000000000000 R09: 0000000000000000 [ 624.179517][T17958] R10: 00008080ffffff7e R11: 0000000000000246 R12: 0000000000000002 [ 624.187502][T17958] R13: 00007ffc1c86f7ef R14: 00007f66db8d7300 R15: 0000000000022000 [ 624.201534][T17984] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.5'. [ 624.206089][T17982] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=119 sclass=netlink_route_socket pid=17982 comm=syz-executor.2 [ 624.227292][T17982] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.2'. [ 624.258574][ T1034] loop2: p1 p2 p3 p4 [ 624.262833][ T1034] loop2: p1 start 10 is beyond EOD, truncated [ 624.268943][ T1034] loop2: p2 size 1073872896 extends beyond EOD, truncated [ 624.278126][ T1034] loop2: p3 start 225 is beyond EOD, truncated [ 624.284498][ T1034] loop2: p4 size 3657465856 extends beyond EOD, truncated 17:05:20 executing program 4 (fault-call:11 fault-nth:69): prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x6}, 0x0) r0 = open(&(0x7f00000001c0)='./bus\x00', 0x145842, 0x0) r1 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0) lseek(r1, 0x4200, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r3, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r2, &(0x7f0000000000), 0x10000}]) r4 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r1, r4, 0x0, 0x8400fffffffb) sendfile(r0, r0, 0x0, 0x8080ffffff7e) 17:05:20 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000100)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1000002, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod$loop(&(0x7f00000000c0)='./file0\x00', 0x6000, 0x1) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f0000000100)=@filename='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='ext2\x00', 0x6000, 0x0) 17:05:20 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000200)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in6=@ipv4={'\x00', '\xff\xff', @broadcast}, 0x0, 0x32}, @in=@dev, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf0ffffff}, {}, {}, 0x0, 0x0, 0xa, 0xd104, 0x0, 0x24}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0) 17:05:20 executing program 5 (fault-call:5 fault-nth:0): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.events\x00', 0xb00000000065808, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000140)) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(r2, &(0x7f0000000000), 0xb1d000) ioctl$FITRIM(r0, 0x4030582b, &(0x7f0000000080)={0x0, 0x800004, 0x40000010000}) 17:05:20 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000580)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = socket$inet(0x10, 0x3, 0x0) sendmsg(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000400)="24000000260207031dfffd946fa2830020200a0009000000001d85680c1ba3a20400ff7e280000001c00ffffba16a0aa1c0009b3ebcd774a3c374a095dca5285307eadea8653a1cc7e63975c", 0x4c}], 0x1}, 0x0) 17:05:20 executing program 0: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.events\x00', 0xb00000000065808, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000140)) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(r2, &(0x7f0000000000), 0xb1d000) ioctl$FITRIM(r0, 0x2, &(0x7f0000000080)={0x0, 0x800004, 0x40000010000}) 17:05:20 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000200)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in6=@ipv4={'\x00', '\xff\xff', @broadcast}, 0x0, 0x32}, @in=@dev, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfcffffff}, {}, {}, 0x0, 0x0, 0xa, 0xd104, 0x0, 0x24}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0) 17:05:20 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000100)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1000002, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod$loop(&(0x7f00000000c0)='./file0\x00', 0x6000, 0x1) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f0000000100)=@filename='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='ext2\x00', 0x6800, 0x0) [ 624.577318][T18000] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=550 sclass=netlink_route_socket pid=18000 comm=syz-executor.2 [ 624.591090][T18000] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.2'. 17:05:20 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000100)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1000002, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod$loop(&(0x7f00000000c0)='./file0\x00', 0x6000, 0x1) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f0000000100)=@filename='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='ext2\x00', 0x6c00, 0x0) 17:05:20 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000200)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in6=@ipv4={'\x00', '\xff\xff', @broadcast}, 0x0, 0x32}, @in=@dev, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfeffffff}, {}, {}, 0x0, 0x0, 0xa, 0xd104, 0x0, 0x24}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0) [ 624.634847][T18009] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=550 sclass=netlink_route_socket pid=18009 comm=syz-executor.2 17:05:20 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.events\x00', 0xb00000000065808, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000140)) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(r2, &(0x7f0000000000), 0xb1d000) ioctl$FITRIM(r0, 0x4030582b, &(0x7f0000000080)={0x0, 0x800004, 0x40000010000}) 17:05:20 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000580)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = socket$inet(0x10, 0x3, 0x0) sendmsg(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000400)="24000000260307031dfffd946fa2830020200a0009000000001d85680c1ba3a20400ff7e280000001c00ffffba16a0aa1c0009b3ebcd774a3c374a095dca5285307eadea8653a1cc7e63975c", 0x4c}], 0x1}, 0x0) [ 624.689215][T18009] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.2'. [ 624.737842][T18027] FAULT_INJECTION: forcing a failure. [ 624.737842][T18027] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 624.743901][ T1034] loop2: p1 p2 p3 p4 [ 624.751101][T18027] CPU: 1 PID: 18027 Comm: syz-executor.4 Not tainted 5.12.0-syzkaller #0 [ 624.755706][ T1034] loop2: p1 start 10 is beyond EOD, [ 624.763463][T18027] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 624.763477][T18027] Call Trace: [ 624.763483][T18027] dump_stack+0x137/0x19d [ 624.763507][T18027] should_fail+0x23c/0x250 [ 624.768822][ T1034] truncated [ 624.778836][T18027] __alloc_pages+0x102/0x320 [ 624.778861][T18027] alloc_pages+0x21d/0x310 [ 624.782121][ T1034] loop2: p2 size 1073872896 extends beyond EOD, [ 624.786432][T18027] push_pipe+0x267/0x370 [ 624.786452][T18027] iov_iter_get_pages+0xb39/0xcc0 [ 624.790861][ T1034] truncated [ 624.793928][T18027] bio_iov_iter_get_pages+0x55f/0xa70 [ 624.800977][ T1034] loop2: p3 start 225 is beyond EOD, [ 624.802983][T18027] iomap_dio_bio_actor+0x673/0xb50 [ 624.803014][T18027] iomap_dio_actor+0x26e/0x3b0 [ 624.809335][ T1034] truncated [ 624.809340][ T1034] loop2: p4 size 3657465856 extends beyond EOD, truncated [ 624.852656][T18027] ? __filemap_fdatawait_range+0x17c/0x1b0 [ 624.858473][T18027] iomap_apply+0x1e2/0x400 [ 624.862926][T18027] __iomap_dio_rw+0x5af/0xad0 [ 624.867618][T18027] ? __iomap_dio_rw+0xad0/0xad0 [ 624.873014][T18027] iomap_dio_rw+0x30/0x70 [ 624.877344][T18027] ext4_file_read_iter+0x21a/0x290 [ 624.882468][T18027] generic_file_splice_read+0x22a/0x310 [ 624.888003][T18027] ? splice_shrink_spd+0x60/0x60 [ 624.892929][T18027] splice_direct_to_actor+0x2aa/0x650 [ 624.898302][T18027] ? do_splice_direct+0x170/0x170 [ 624.903315][T18027] do_splice_direct+0xf5/0x170 [ 624.908080][T18027] do_sendfile+0x773/0xda0 [ 624.912513][T18027] __x64_sys_sendfile64+0xf2/0x130 [ 624.917647][T18027] do_syscall_64+0x4a/0x90 [ 624.922051][T18027] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 624.927931][T18027] RIP: 0033:0x4665f9 [ 624.931811][T18027] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 624.951563][T18027] RSP: 002b:00007f66db8d7188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 624.959973][T18027] RAX: ffffffffffffffda RBX: 000000000056c008 RCX: 00000000004665f9 [ 624.967946][T18027] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000003 [ 624.975994][T18027] RBP: 00007f66db8d71d0 R08: 0000000000000000 R09: 0000000000000000 [ 624.983964][T18027] R10: 00008080ffffff7e R11: 0000000000000246 R12: 0000000000000002 [ 624.992023][T18027] R13: 00007ffc1c86f7ef R14: 00007f66db8d7300 R15: 0000000000022000 [ 625.011067][T18043] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=806 sclass=netlink_route_socket pid=18043 comm=syz-executor.2 [ 625.049011][T18043] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.2'. [ 625.068295][T18049] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=806 sclass=netlink_route_socket pid=18049 comm=syz-executor.2 [ 625.111673][ T1034] loop2: p1 p2 p3 p4 [ 625.116077][ T1034] loop2: p1 start 10 is beyond EOD, truncated [ 625.122215][ T1034] loop2: p2 size 1073872896 extends beyond EOD, truncated [ 625.130337][ T1034] loop2: p3 start 225 is beyond EOD, truncated [ 625.136501][ T1034] loop2: p4 size 3657465856 extends beyond EOD, truncated 17:05:21 executing program 0: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.events\x00', 0xb00000000065808, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000140)) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(r2, &(0x7f0000000000), 0xb1d000) ioctl$FITRIM(r0, 0x4b47, &(0x7f0000000080)={0x0, 0x800004, 0x40000010000}) 17:05:21 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.events\x00', 0xb00000000065808, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000140)) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(r2, &(0x7f0000000000), 0xb1d000) ioctl$FITRIM(r0, 0x2, &(0x7f0000000080)={0x0, 0x800004, 0x40000010000}) 17:05:21 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000100)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1000002, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod$loop(&(0x7f00000000c0)='./file0\x00', 0x6000, 0x1) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f0000000100)=@filename='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='ext2\x00', 0x7400, 0x0) 17:05:21 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000200)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in6=@ipv4={'\x00', '\xff\xff', @broadcast}, 0x0, 0x32}, @in=@dev, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffff7f}, {}, {}, 0x0, 0x0, 0xa, 0xd104, 0x0, 0x24}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0) 17:05:21 executing program 4 (fault-call:11 fault-nth:70): prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x6}, 0x0) r0 = open(&(0x7f00000001c0)='./bus\x00', 0x145842, 0x0) r1 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0) lseek(r1, 0x4200, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r3, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r2, &(0x7f0000000000), 0x10000}]) r4 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r1, r4, 0x0, 0x8400fffffffb) sendfile(r0, r0, 0x0, 0x8080ffffff7e) 17:05:21 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000580)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = socket$inet(0x10, 0x3, 0x0) sendmsg(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000400)="24000000260407031dfffd946fa2830020200a0009000000001d85680c1ba3a20400ff7e280000001c00ffffba16a0aa1c0009b3ebcd774a3c374a095dca5285307eadea8653a1cc7e63975c", 0x4c}], 0x1}, 0x0) 17:05:21 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000100)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1000002, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod$loop(&(0x7f00000000c0)='./file0\x00', 0x6000, 0x1) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f0000000100)=@filename='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='ext2\x00', 0x7a00, 0x0) 17:05:21 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000200)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in6=@ipv4={'\x00', '\xff\xff', @broadcast}, 0x0, 0x32}, @in=@dev, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffff9e}, {}, {}, 0x0, 0x0, 0xa, 0xd104, 0x0, 0x24}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0) [ 625.622163][T18067] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=1062 sclass=netlink_route_socket pid=18067 comm=syz-executor.2 17:05:21 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000100)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1000002, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod$loop(&(0x7f00000000c0)='./file0\x00', 0x6000, 0x1) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f0000000100)=@filename='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='ext2\x00', 0xedc0, 0x0) [ 625.691868][T18067] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=1062 sclass=netlink_route_socket pid=18067 comm=syz-executor.2 [ 625.735602][T18092] FAULT_INJECTION: forcing a failure. [ 625.735602][T18092] name failslab, interval 1, probability 0, space 0, times 0 [ 625.748277][T18092] CPU: 0 PID: 18092 Comm: syz-executor.4 Not tainted 5.12.0-syzkaller #0 [ 625.756691][T18092] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 625.766752][T18092] Call Trace: [ 625.770035][T18092] dump_stack+0x137/0x19d [ 625.774412][T18092] should_fail+0x23c/0x250 [ 625.778834][T18092] ? mempool_alloc_slab+0x16/0x20 17:05:21 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000100)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1000002, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod$loop(&(0x7f00000000c0)='./file0\x00', 0x6000, 0x1) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f0000000100)=@filename='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='ext2\x00', 0xff0f, 0x0) 17:05:21 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.events\x00', 0xb00000000065808, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000140)) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(r2, &(0x7f0000000000), 0xb1d000) ioctl$FITRIM(r0, 0x4b47, &(0x7f0000000080)={0x0, 0x800004, 0x40000010000}) 17:05:21 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000580)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = socket$inet(0x10, 0x3, 0x0) sendmsg(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000400)="24000000260507031dfffd946fa2830020200a0009000000001d85680c1ba3a20400ff7e280000001c00ffffba16a0aa1c0009b3ebcd774a3c374a095dca5285307eadea8653a1cc7e63975c", 0x4c}], 0x1}, 0x0) [ 625.783873][T18092] __should_failslab+0x81/0x90 [ 625.788653][T18092] should_failslab+0x5/0x20 [ 625.793252][T18092] kmem_cache_alloc+0x46/0x2f0 [ 625.798072][T18092] mempool_alloc_slab+0x16/0x20 [ 625.803001][T18092] ? mempool_free+0x130/0x130 [ 625.807683][T18092] mempool_alloc+0x8c/0x300 [ 625.812189][T18092] ? scsi_queue_rq+0x1339/0x15a0 [ 625.817129][T18092] sg_pool_alloc+0x74/0x90 [ 625.821549][T18092] __sg_alloc_table+0xce/0x290 [ 625.826323][T18092] sg_alloc_table_chained+0xaf/0x140 [ 625.831674][T18092] ? sg_alloc_table_chained+0x140/0x140 [ 625.837223][T18092] scsi_alloc_sgtables+0x180/0x500 [ 625.842328][T18092] sd_init_command+0x935/0x15f0 [ 625.847169][T18092] scsi_queue_rq+0x10e0/0x15a0 [ 625.852027][T18092] blk_mq_dispatch_rq_list+0x628/0x10b0 [ 625.857565][T18092] ? deadline_remove_request+0x167/0x180 [ 625.863218][T18092] ? dd_dispatch_request+0x341/0x3d0 [ 625.868486][T18092] blk_mq_do_dispatch_sched+0x3cb/0x660 [ 625.874047][T18092] __blk_mq_sched_dispatch_requests+0x21e/0x2c0 [ 625.880281][T18092] blk_mq_sched_dispatch_requests+0x9f/0x110 [ 625.886295][T18092] __blk_mq_run_hw_queue+0xbc/0x140 [ 625.891484][T18092] __blk_mq_delay_run_hw_queue+0x163/0x2f0 [ 625.897303][T18092] ? dd_insert_request+0x255/0x330 [ 625.902446][T18092] blk_mq_run_hw_queue+0x22c/0x250 [ 625.907595][T18092] ? dd_finish_request+0x10/0x10 [ 625.912514][T18092] blk_mq_sched_insert_requests+0x13f/0x200 [ 625.918390][T18092] blk_mq_flush_plug_list+0x2f5/0x3c0 [ 625.923749][T18092] blk_flush_plug_list+0x235/0x260 [ 625.928845][T18092] blk_finish_plug+0x44/0x60 [ 625.933486][T18092] __iomap_dio_rw+0x780/0xad0 [ 625.938155][T18092] iomap_dio_rw+0x30/0x70 [ 625.942468][T18092] ext4_file_read_iter+0x21a/0x290 [ 625.947585][T18092] generic_file_splice_read+0x22a/0x310 [ 625.953133][T18092] ? splice_shrink_spd+0x60/0x60 [ 625.958213][T18092] splice_direct_to_actor+0x2aa/0x650 [ 625.963587][T18092] ? do_splice_direct+0x170/0x170 [ 625.968598][T18092] do_splice_direct+0xf5/0x170 [ 625.973426][T18092] do_sendfile+0x773/0xda0 [ 625.977825][T18092] __x64_sys_sendfile64+0xf2/0x130 [ 625.982926][T18092] do_syscall_64+0x4a/0x90 [ 625.987329][T18092] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 625.993221][T18092] RIP: 0033:0x4665f9 [ 625.997116][T18092] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 626.016744][T18092] RSP: 002b:00007f66db8d7188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 626.025184][T18092] RAX: ffffffffffffffda RBX: 000000000056c008 RCX: 00000000004665f9 [ 626.033140][T18092] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000003 [ 626.041269][T18092] RBP: 00007f66db8d71d0 R08: 0000000000000000 R09: 0000000000000000 [ 626.049273][T18092] R10: 00008080ffffff7e R11: 0000000000000246 R12: 0000000000000002 [ 626.057232][T18092] R13: 00007ffc1c86f7ef R14: 00007f66db8d7300 R15: 0000000000022000 [ 626.075749][ T1034] loop2: p1 p2 p3 p4 [ 626.084829][ T1034] loop2: p1 start 10 is beyond EOD, truncated [ 626.091004][ T1034] loop2: p2 size 1073872896 extends beyond EOD, truncated [ 626.106364][ T1034] loop2: p3 start 225 is beyond EOD, truncated [ 626.107778][T18111] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=1318 sclass=netlink_route_socket pid=18111 comm=syz-executor.2 [ 626.112636][ T1034] loop2: p4 size 3657465856 extends beyond EOD, truncated [ 626.127533][T18113] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=1318 sclass=netlink_route_socket pid=18113 comm=syz-executor.2 [ 626.183567][ T1034] loop2: p1 p2 p3 p4 [ 626.188031][ T1034] loop2: p1 start 10 is beyond EOD, truncated [ 626.194109][ T1034] loop2: p2 size 1073872896 extends beyond EOD, truncated [ 626.202300][ T1034] loop2: p3 start 225 is beyond EOD, truncated [ 626.208511][ T1034] loop2: p4 size 3657465856 extends beyond EOD, truncated 17:05:22 executing program 4 (fault-call:11 fault-nth:71): prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x6}, 0x0) r0 = open(&(0x7f00000001c0)='./bus\x00', 0x145842, 0x0) r1 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0) lseek(r1, 0x4200, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r3, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r2, &(0x7f0000000000), 0x10000}]) r4 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r1, r4, 0x0, 0x8400fffffffb) sendfile(r0, r0, 0x0, 0x8080ffffff7e) 17:05:22 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000100)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1000002, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod$loop(&(0x7f00000000c0)='./file0\x00', 0x6000, 0x1) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f0000000100)=@filename='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='ext2\x00', 0x13fc00, 0x0) 17:05:22 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000580)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = socket$inet(0x10, 0x3, 0x0) sendmsg(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000400)="24000000260607031dfffd946fa2830020200a0009000000001d85680c1ba3a20400ff7e280000001c00ffffba16a0aa1c0009b3ebcd774a3c374a095dca5285307eadea8653a1cc7e63975c", 0x4c}], 0x1}, 0x0) 17:05:22 executing program 0: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.events\x00', 0xb00000000065808, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000140)) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(r2, &(0x7f0000000000), 0xb1d000) ioctl$FITRIM(r0, 0x4b49, &(0x7f0000000080)={0x0, 0x800004, 0x40000010000}) 17:05:22 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.events\x00', 0xb00000000065808, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000140)) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(r2, &(0x7f0000000000), 0xb1d000) ioctl$FITRIM(r0, 0x4b49, &(0x7f0000000080)={0x0, 0x800004, 0x40000010000}) 17:05:22 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000200)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in6=@ipv4={'\x00', '\xff\xff', @broadcast}, 0x0, 0x32}, @in=@dev, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffea}, {}, {}, 0x0, 0x0, 0xa, 0xd104, 0x0, 0x24}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0) 17:05:22 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000100)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1000002, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod$loop(&(0x7f00000000c0)='./file0\x00', 0x6000, 0x1) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f0000000100)=@filename='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='ext2\x00', 0xfc1300, 0x0) 17:05:22 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000200)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in6=@ipv4={'\x00', '\xff\xff', @broadcast}, 0x0, 0x32}, @in=@dev, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffef}, {}, {}, 0x0, 0x0, 0xa, 0xd104, 0x0, 0x24}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0) 17:05:22 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000580)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = socket$inet(0x10, 0x3, 0x0) sendmsg(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000400)="24000000260707031dfffd946fa2830020200a0009000000001d85680c1ba3a20400ff7e280000001c00ffffba16a0aa1c0009b3ebcd774a3c374a095dca5285307eadea8653a1cc7e63975c", 0x4c}], 0x1}, 0x0) 17:05:22 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000100)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1000002, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod$loop(&(0x7f00000000c0)='./file0\x00', 0x6000, 0x1) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f0000000100)=@filename='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='ext2\x00', 0x1000000, 0x0) [ 626.691006][ T1034] loop2: p1 p2 p3 p4 [ 626.695611][ T1034] loop2: p1 start 10 is beyond EOD, truncated [ 626.701740][ T1034] loop2: p2 size 1073872896 extends beyond EOD, truncated [ 626.721651][ T1034] loop2: p3 start 225 is beyond EOD, truncated [ 626.727947][ T1034] loop2: p4 size 3657465856 extends beyond EOD, truncated [ 626.731357][T18154] FAULT_INJECTION: forcing a failure. [ 626.731357][T18154] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 626.748331][T18154] CPU: 1 PID: 18154 Comm: syz-executor.4 Not tainted 5.12.0-syzkaller #0 [ 626.756819][T18154] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 626.766879][T18154] Call Trace: [ 626.770165][T18154] dump_stack+0x137/0x19d [ 626.774498][T18154] should_fail+0x23c/0x250 [ 626.778941][T18154] __alloc_pages+0x102/0x320 [ 626.783533][T18154] alloc_pages+0x21d/0x310 17:05:22 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000200)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in6=@ipv4={'\x00', '\xff\xff', @broadcast}, 0x0, 0x32}, @in=@dev, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffff0}, {}, {}, 0x0, 0x0, 0xa, 0xd104, 0x0, 0x24}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0) [ 626.787996][T18154] push_pipe+0x267/0x370 [ 626.792321][T18154] iov_iter_get_pages+0xb39/0xcc0 [ 626.797351][T18154] bio_iov_iter_get_pages+0x55f/0xa70 [ 626.802777][T18154] iomap_dio_bio_actor+0x673/0xb50 [ 626.807896][T18154] iomap_dio_actor+0x26e/0x3b0 [ 626.812675][T18154] ? __filemap_fdatawait_range+0x17c/0x1b0 [ 626.818501][T18154] iomap_apply+0x1e2/0x400 [ 626.822929][T18154] __iomap_dio_rw+0x5af/0xad0 [ 626.827613][T18154] ? __iomap_dio_rw+0xad0/0xad0 [ 626.832462][T18154] iomap_dio_rw+0x30/0x70 [ 626.836829][T18154] ext4_file_read_iter+0x21a/0x290 [ 626.841992][T18154] generic_file_splice_read+0x22a/0x310 [ 626.847574][T18154] ? splice_shrink_spd+0x60/0x60 [ 626.852547][T18154] splice_direct_to_actor+0x2aa/0x650 [ 626.859829][T18154] ? do_splice_direct+0x170/0x170 [ 626.864956][T18154] do_splice_direct+0xf5/0x170 [ 626.869824][T18154] do_sendfile+0x773/0xda0 [ 626.874242][T18154] __x64_sys_sendfile64+0xf2/0x130 [ 626.879345][T18154] do_syscall_64+0x4a/0x90 [ 626.883752][T18154] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 626.889750][T18154] RIP: 0033:0x4665f9 [ 626.893634][T18154] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 626.913383][T18154] RSP: 002b:00007f66db8d7188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 626.921883][T18154] RAX: ffffffffffffffda RBX: 000000000056c008 RCX: 00000000004665f9 [ 626.929847][T18154] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000003 17:05:22 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000580)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = socket$inet(0x10, 0x3, 0x0) sendmsg(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000400)="24000000260807031dfffd946fa2830020200a0009000000001d85680c1ba3a20400ff7e280000001c00ffffba16a0aa1c0009b3ebcd774a3c374a095dca5285307eadea8653a1cc7e63975c", 0x4c}], 0x1}, 0x0) [ 626.937849][T18154] RBP: 00007f66db8d71d0 R08: 0000000000000000 R09: 0000000000000000 [ 626.945866][T18154] R10: 00008080ffffff7e R11: 0000000000000246 R12: 0000000000000002 [ 626.953837][T18154] R13: 00007ffc1c86f7ef R14: 00007f66db8d7300 R15: 0000000000022000 [ 626.978896][ T1034] loop2: p1 p2 p3 p4 [ 627.001398][ T1034] loop2: p1 start 10 is beyond EOD, truncated [ 627.007547][ T1034] loop2: p2 size 1073872896 extends beyond EOD, truncated [ 627.030694][ T1034] loop2: p3 start 225 is beyond EOD, truncated [ 627.037016][ T1034] loop2: p4 size 3657465856 extends beyond EOD, truncated [ 627.086232][ T1034] loop2: p1 p2 p3 p4 [ 627.090830][ T1034] loop2: p1 start 10 is beyond EOD, truncated [ 627.096974][ T1034] loop2: p2 size 1073872896 extends beyond EOD, truncated [ 627.106480][ T1034] loop2: p3 start 225 is beyond EOD, truncated [ 627.112758][ T1034] loop2: p4 size 3657465856 extends beyond EOD, truncated 17:05:23 executing program 4 (fault-call:11 fault-nth:72): prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x6}, 0x0) r0 = open(&(0x7f00000001c0)='./bus\x00', 0x145842, 0x0) r1 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0) lseek(r1, 0x4200, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r3, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r2, &(0x7f0000000000), 0x10000}]) r4 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r1, r4, 0x0, 0x8400fffffffb) sendfile(r0, r0, 0x0, 0x8080ffffff7e) 17:05:23 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000100)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1000002, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod$loop(&(0x7f00000000c0)='./file0\x00', 0x6000, 0x1) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f0000000100)=@filename='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='ext2\x00', 0x2000000, 0x0) 17:05:23 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.events\x00', 0xb00000000065808, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000140)) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(r2, &(0x7f0000000000), 0xb1d000) ioctl$FITRIM(r0, 0x541b, &(0x7f0000000080)={0x0, 0x800004, 0x40000010000}) 17:05:23 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000580)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = socket$inet(0x10, 0x3, 0x0) sendmsg(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000400)="24000000260907031dfffd946fa2830020200a0009000000001d85680c1ba3a20400ff7e280000001c00ffffba16a0aa1c0009b3ebcd774a3c374a095dca5285307eadea8653a1cc7e63975c", 0x4c}], 0x1}, 0x0) 17:05:23 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000200)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in6=@ipv4={'\x00', '\xff\xff', @broadcast}, 0x0, 0x32}, @in=@dev, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc}, {}, {}, 0x0, 0x0, 0xa, 0xd104, 0x0, 0x24}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0) 17:05:23 executing program 0: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.events\x00', 0xb00000000065808, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000140)) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(r2, &(0x7f0000000000), 0xb1d000) ioctl$FITRIM(r0, 0x541b, &(0x7f0000000080)={0x0, 0x800004, 0x40000010000}) 17:05:23 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000100)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1000002, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod$loop(&(0x7f00000000c0)='./file0\x00', 0x6000, 0x1) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f0000000100)=@filename='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='ext2\x00', 0x2040000, 0x0) 17:05:23 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000200)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in6=@ipv4={'\x00', '\xff\xff', @broadcast}, 0x0, 0x32}, @in=@dev, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe}, {}, {}, 0x0, 0x0, 0xa, 0xd104, 0x0, 0x24}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0) 17:05:23 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000580)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = socket$inet(0x10, 0x3, 0x0) sendmsg(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000400)="24000000260a07031dfffd946fa2830020200a0009000000001d85680c1ba3a20400ff7e280000001c00ffffba16a0aa1c0009b3ebcd774a3c374a095dca5285307eadea8653a1cc7e63975c", 0x4c}], 0x1}, 0x0) [ 627.559660][T18203] EXT4-fs (loop7): VFS: Can't find ext4 filesystem [ 627.586100][T18206] EXT4-fs (loop7): VFS: Can't find ext4 filesystem 17:05:23 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000200)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in6=@ipv4={'\x00', '\xff\xff', @broadcast}, 0x0, 0x32}, @in=@dev, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4928311328}, {}, {}, 0x0, 0x0, 0xa, 0xd104, 0x0, 0x24}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0) [ 627.650128][ T1034] loop2: p1 p2 p3 p4 [ 627.656729][ T1034] loop2: p1 start 10 is beyond EOD, truncated [ 627.662931][ T1034] loop2: p2 size 1073872896 extends beyond EOD, truncated [ 627.679171][ T1034] loop2: p3 start 225 is beyond EOD, truncated [ 627.685387][ T1034] loop2: p4 size 3657465856 extends beyond EOD, truncated [ 627.698729][T18230] __nla_validate_parse: 13 callbacks suppressed [ 627.698746][T18230] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.2'. [ 627.720401][T18227] FAULT_INJECTION: forcing a failure. [ 627.720401][T18227] name failslab, interval 1, probability 0, space 0, times 0 [ 627.733211][T18227] CPU: 1 PID: 18227 Comm: syz-executor.4 Not tainted 5.12.0-syzkaller #0 17:05:23 executing program 0: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.events\x00', 0xb00000000065808, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000140)) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(r2, &(0x7f0000000000), 0xb1d000) ioctl$FITRIM(r0, 0x5421, &(0x7f0000000080)={0x0, 0x800004, 0x40000010000}) 17:05:23 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000200)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in6=@ipv4={'\x00', '\xff\xff', @broadcast}, 0x0, 0x32}, @in=@dev, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000000000000}, {}, {}, 0x0, 0x0, 0xa, 0xd104, 0x0, 0x24}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0) [ 627.741636][T18227] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 627.752027][T18227] Call Trace: [ 627.755325][T18227] dump_stack+0x137/0x19d [ 627.759693][T18227] should_fail+0x23c/0x250 [ 627.764121][T18227] ? mempool_alloc_slab+0x16/0x20 [ 627.769158][T18227] __should_failslab+0x81/0x90 [ 627.773958][T18227] should_failslab+0x5/0x20 [ 627.778480][T18227] kmem_cache_alloc+0x46/0x2f0 [ 627.783250][T18227] mempool_alloc_slab+0x16/0x20 [ 627.787302][T18239] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.2'. [ 627.788118][T18227] ? mempool_free+0x130/0x130 [ 627.802052][T18227] mempool_alloc+0x8c/0x300 [ 627.806630][T18227] ? sbitmap_get+0x387/0x410 [ 627.811219][T18227] sg_pool_alloc+0x74/0x90 [ 627.815635][T18227] __sg_alloc_table+0xce/0x290 [ 627.820578][T18227] sg_alloc_table_chained+0xaf/0x140 [ 627.825923][T18227] ? sg_alloc_table_chained+0x140/0x140 [ 627.831470][T18227] scsi_alloc_sgtables+0x180/0x500 [ 627.836748][T18227] sd_init_command+0x935/0x15f0 [ 627.841590][T18227] scsi_queue_rq+0x10e0/0x15a0 [ 627.846395][T18227] blk_mq_dispatch_rq_list+0x628/0x10b0 [ 627.852048][T18227] ? deadline_remove_request+0x167/0x180 [ 627.857778][T18227] ? dd_dispatch_request+0x341/0x3d0 [ 627.863162][T18227] blk_mq_do_dispatch_sched+0x3cb/0x660 [ 627.868712][T18227] __blk_mq_sched_dispatch_requests+0x21e/0x2c0 [ 627.874975][T18227] blk_mq_sched_dispatch_requests+0x9f/0x110 [ 627.880984][T18227] __blk_mq_run_hw_queue+0xbc/0x140 [ 627.886290][T18227] __blk_mq_delay_run_hw_queue+0x163/0x2f0 [ 627.892085][T18227] ? dd_insert_request+0x255/0x330 [ 627.897242][T18227] blk_mq_run_hw_queue+0x22c/0x250 [ 627.902387][T18227] ? dd_finish_request+0x10/0x10 [ 627.907317][T18227] blk_mq_sched_insert_requests+0x13f/0x200 [ 627.913202][T18227] blk_mq_flush_plug_list+0x2f5/0x3c0 [ 627.918577][T18227] blk_flush_plug_list+0x235/0x260 [ 627.923690][T18227] blk_finish_plug+0x44/0x60 [ 627.928272][T18227] __iomap_dio_rw+0x780/0xad0 [ 627.932944][T18227] iomap_dio_rw+0x30/0x70 [ 627.937524][T18227] ext4_file_read_iter+0x21a/0x290 [ 627.942740][T18227] generic_file_splice_read+0x22a/0x310 [ 627.948377][T18227] ? splice_shrink_spd+0x60/0x60 [ 627.953455][T18227] splice_direct_to_actor+0x2aa/0x650 [ 627.958886][T18227] ? do_splice_direct+0x170/0x170 [ 627.963914][T18227] do_splice_direct+0xf5/0x170 [ 627.968663][T18227] do_sendfile+0x773/0xda0 [ 627.973135][T18227] __x64_sys_sendfile64+0xf2/0x130 [ 627.978265][T18227] do_syscall_64+0x4a/0x90 [ 627.982669][T18227] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 627.988582][T18227] RIP: 0033:0x4665f9 [ 627.992459][T18227] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 628.012051][T18227] RSP: 002b:00007f66db8d7188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 628.020480][T18227] RAX: ffffffffffffffda RBX: 000000000056c008 RCX: 00000000004665f9 [ 628.028485][T18227] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000003 [ 628.036439][T18227] RBP: 00007f66db8d71d0 R08: 0000000000000000 R09: 0000000000000000 [ 628.044462][T18227] R10: 00008080ffffff7e R11: 0000000000000246 R12: 0000000000000002 [ 628.052450][T18227] R13: 00007ffc1c86f7ef R14: 00007f66db8d7300 R15: 0000000000022000 [ 628.076589][ T1034] loop2: p1 p2 p3 p4 [ 628.082723][ T1034] loop2: p1 start 10 is beyond EOD, truncated [ 628.088860][ T1034] loop2: p2 size 1073872896 extends beyond EOD, truncated [ 628.102146][ T1034] loop2: p3 start 225 is beyond EOD, truncated [ 628.108392][ T1034] loop2: p4 size 3657465856 extends beyond EOD, truncated 17:05:24 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000100)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1000002, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod$loop(&(0x7f00000000c0)='./file0\x00', 0x6000, 0x1) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f0000000100)=@filename='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='ext2\x00', 0x3000000, 0x0) 17:05:24 executing program 0: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.events\x00', 0xb00000000065808, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000140)) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(r2, &(0x7f0000000000), 0xb1d000) ioctl$FITRIM(r0, 0x5450, &(0x7f0000000080)={0x0, 0x800004, 0x40000010000}) 17:05:24 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000580)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = socket$inet(0x10, 0x3, 0x0) sendmsg(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000400)="24000000260b07031dfffd946fa2830020200a0009000000001d85680c1ba3a20400ff7e280000001c00ffffba16a0aa1c0009b3ebcd774a3c374a095dca5285307eadea8653a1cc7e63975c", 0x4c}], 0x1}, 0x0) 17:05:24 executing program 4 (fault-call:11 fault-nth:73): prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x6}, 0x0) r0 = open(&(0x7f00000001c0)='./bus\x00', 0x145842, 0x0) r1 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0) lseek(r1, 0x4200, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r3, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r2, &(0x7f0000000000), 0x10000}]) r4 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r1, r4, 0x0, 0x8400fffffffb) sendfile(r0, r0, 0x0, 0x8080ffffff7e) 17:05:24 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000200)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in6=@ipv4={'\x00', '\xff\xff', @broadcast}, 0x0, 0x32}, @in=@dev, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000000000}, {}, {}, 0x0, 0x0, 0xa, 0xd104, 0x0, 0x24}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0) 17:05:24 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.events\x00', 0xb00000000065808, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000140)) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(r2, &(0x7f0000000000), 0xb1d000) ioctl$FITRIM(r0, 0x5421, &(0x7f0000000080)={0x0, 0x800004, 0x40000010000}) [ 628.527542][T18260] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.2'. [ 628.547882][T18262] EXT4-fs (loop7): VFS: Can't find ext4 filesystem 17:05:24 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000200)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in6=@ipv4={'\x00', '\xff\xff', @broadcast}, 0x0, 0x32}, @in=@dev, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x300000000000000}, {}, {}, 0x0, 0x0, 0xa, 0xd104, 0x0, 0x24}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0) 17:05:24 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000100)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1000002, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod$loop(&(0x7f00000000c0)='./file0\x00', 0x6000, 0x1) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f0000000100)=@filename='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='ext2\x00', 0x4000000, 0x0) 17:05:24 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000580)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = socket$inet(0x10, 0x3, 0x0) sendmsg(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000400)="24000000260c07031dfffd946fa2830020200a0009000000001d85680c1ba3a20400ff7e280000001c00ffffba16a0aa1c0009b3ebcd774a3c374a095dca5285307eadea8653a1cc7e63975c", 0x4c}], 0x1}, 0x0) [ 628.569730][T18271] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.2'. [ 628.575821][T18269] EXT4-fs (loop7): VFS: Can't find ext4 filesystem 17:05:24 executing program 0: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.events\x00', 0xb00000000065808, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000140)) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(r2, &(0x7f0000000000), 0xb1d000) ioctl$FITRIM(r0, 0x5451, &(0x7f0000000080)={0x0, 0x800004, 0x40000010000}) [ 628.644646][ T1034] loop2: p1 p2 p3 p4 [ 628.653704][ T1034] loop2: p1 start 10 is beyond EOD, truncated [ 628.659985][ T1034] loop2: p2 size 1073872896 extends beyond EOD, truncated [ 628.680684][T18284] FAULT_INJECTION: forcing a failure. [ 628.680684][T18284] name failslab, interval 1, probability 0, space 0, times 0 [ 628.683598][ T1034] loop2: p3 start 225 is beyond EOD, truncated [ 628.693387][T18284] CPU: 1 PID: 18284 Comm: syz-executor.4 Not tainted 5.12.0-syzkaller #0 [ 628.699496][ T1034] loop2: p4 size 3657465856 extends beyond EOD, [ 628.708125][T18284] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 628.708144][T18284] Call Trace: [ 628.708152][T18284] dump_stack+0x137/0x19d [ 628.714449][ T1034] truncated [ 628.724487][T18284] should_fail+0x23c/0x250 [ 628.739589][T18284] ? kmalloc_array+0x2d/0x40 [ 628.744188][T18284] __should_failslab+0x81/0x90 [ 628.748966][T18284] should_failslab+0x5/0x20 [ 628.753475][T18284] __kmalloc+0x66/0x340 [ 628.757669][T18284] ? native_smp_send_reschedule+0x36/0x50 [ 628.761015][T18288] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.2'. [ 628.763391][T18284] ? splice_from_pipe+0xc0/0xc0 [ 628.777500][T18284] kmalloc_array+0x2d/0x40 [ 628.781931][T18284] iter_file_splice_write+0xc1/0x750 [ 628.787229][T18284] ? wake_up_q+0x46/0x80 17:05:24 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000200)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in6=@ipv4={'\x00', '\xff\xff', @broadcast}, 0x0, 0x32}, @in=@dev, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400000000000000}, {}, {}, 0x0, 0x0, 0xa, 0xd104, 0x0, 0x24}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0) [ 628.791509][T18284] ? up_read+0xd1/0xe0 [ 628.795576][T18284] ? ext4_file_read_iter+0x271/0x290 [ 628.795663][T18292] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.2'. [ 628.800925][T18284] ? generic_file_splice_read+0x2a4/0x310 [ 628.800949][T18284] ? splice_from_pipe+0xc0/0xc0 [ 628.800966][T18284] direct_splice_actor+0x80/0xa0 [ 628.825706][T18284] splice_direct_to_actor+0x345/0x650 [ 628.831176][T18284] ? do_splice_direct+0x170/0x170 [ 628.836209][T18284] do_splice_direct+0xf5/0x170 [ 628.841339][T18284] do_sendfile+0x773/0xda0 [ 628.845804][T18284] __x64_sys_sendfile64+0xf2/0x130 [ 628.851120][T18284] do_syscall_64+0x4a/0x90 [ 628.855551][T18284] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 628.861459][T18284] RIP: 0033:0x4665f9 [ 628.865336][T18284] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 628.885073][T18284] RSP: 002b:00007f66db8d7188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 17:05:24 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000580)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = socket$inet(0x10, 0x3, 0x0) sendmsg(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000400)="24000000260d07031dfffd946fa2830020200a0009000000001d85680c1ba3a20400ff7e280000001c00ffffba16a0aa1c0009b3ebcd774a3c374a095dca5285307eadea8653a1cc7e63975c", 0x4c}], 0x1}, 0x0) [ 628.893489][T18284] RAX: ffffffffffffffda RBX: 000000000056c008 RCX: 00000000004665f9 [ 628.901449][T18284] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000003 [ 628.909407][T18284] RBP: 00007f66db8d71d0 R08: 0000000000000000 R09: 0000000000000000 [ 628.917372][T18284] R10: 00008080ffffff7e R11: 0000000000000246 R12: 0000000000000002 [ 628.925420][T18284] R13: 00007ffc1c86f7ef R14: 00007f66db8d7300 R15: 0000000000022000 [ 628.959664][ T1034] loop2: p1 p2 p3 p4 [ 628.966357][ T1034] loop2: p1 start 10 is beyond EOD, truncated [ 628.972492][ T1034] loop2: p2 size 1073872896 extends beyond EOD, truncated [ 628.984167][ T1034] loop2: p3 start 225 is beyond EOD, truncated [ 628.990454][ T1034] loop2: p4 size 3657465856 extends beyond EOD, truncated [ 628.991440][T18304] selinux_netlink_send: 14 callbacks suppressed [ 628.991482][T18304] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=3366 sclass=netlink_route_socket pid=18304 comm=syz-executor.2 [ 629.066946][T18304] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.2'. [ 629.082749][T18314] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=3366 sclass=netlink_route_socket pid=18314 comm=syz-executor.2 [ 629.096513][T18314] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.2'. [ 629.132127][ T1034] loop2: p1 p2 p3 p4 [ 629.136439][ T1034] loop2: p1 start 10 is beyond EOD, truncated [ 629.142618][ T1034] loop2: p2 size 1073872896 extends beyond EOD, truncated [ 629.150814][ T1034] loop2: p3 start 225 is beyond EOD, truncated [ 629.156980][ T1034] loop2: p4 size 3657465856 extends beyond EOD, truncated 17:05:25 executing program 4 (fault-call:11 fault-nth:74): prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x6}, 0x0) r0 = open(&(0x7f00000001c0)='./bus\x00', 0x145842, 0x0) r1 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0) lseek(r1, 0x4200, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r3, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r2, &(0x7f0000000000), 0x10000}]) r4 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r1, r4, 0x0, 0x8400fffffffb) sendfile(r0, r0, 0x0, 0x8080ffffff7e) 17:05:25 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000200)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in6=@ipv4={'\x00', '\xff\xff', @broadcast}, 0x0, 0x32}, @in=@dev, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x500000000000000}, {}, {}, 0x0, 0x0, 0xa, 0xd104, 0x0, 0x24}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0) 17:05:25 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.events\x00', 0xb00000000065808, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000140)) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(r2, &(0x7f0000000000), 0xb1d000) ioctl$FITRIM(r0, 0x5450, &(0x7f0000000080)={0x0, 0x800004, 0x40000010000}) 17:05:25 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000100)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1000002, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod$loop(&(0x7f00000000c0)='./file0\x00', 0x6000, 0x1) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f0000000100)=@filename='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='ext2\x00', 0x5000000, 0x0) 17:05:25 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000580)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = socket$inet(0x10, 0x3, 0x0) sendmsg(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000400)="24000000260e07031dfffd946fa2830020200a0009000000001d85680c1ba3a20400ff7e280000001c00ffffba16a0aa1c0009b3ebcd774a3c374a095dca5285307eadea8653a1cc7e63975c", 0x4c}], 0x1}, 0x0) 17:05:25 executing program 0: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.events\x00', 0xb00000000065808, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000140)) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(r2, &(0x7f0000000000), 0xb1d000) ioctl$FITRIM(r0, 0x5452, &(0x7f0000000080)={0x0, 0x800004, 0x40000010000}) 17:05:25 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000200)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in6=@ipv4={'\x00', '\xff\xff', @broadcast}, 0x0, 0x32}, @in=@dev, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x600000000000000}, {}, {}, 0x0, 0x0, 0xa, 0xd104, 0x0, 0x24}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0) [ 629.542354][T18333] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=3622 sclass=netlink_route_socket pid=18333 comm=syz-executor.2 [ 629.559544][T18333] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.2'. [ 629.568488][T18334] EXT4-fs (loop7): VFS: Can't find ext4 filesystem 17:05:25 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000100)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1000002, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod$loop(&(0x7f00000000c0)='./file0\x00', 0x6000, 0x1) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f0000000100)=@filename='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='ext2\x00', 0x6000000, 0x0) [ 629.582880][T18343] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=3622 sclass=netlink_route_socket pid=18343 comm=syz-executor.2 [ 629.596375][T18343] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.2'. [ 629.607966][T18339] EXT4-fs (loop7): VFS: Can't find ext4 filesystem 17:05:25 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000580)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = socket$inet(0x10, 0x3, 0x0) sendmsg(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000400)="24000000261007031dfffd946fa2830020200a0009000000001d85680c1ba3a20400ff7e280000001c00ffffba16a0aa1c0009b3ebcd774a3c374a095dca5285307eadea8653a1cc7e63975c", 0x4c}], 0x1}, 0x0) 17:05:25 executing program 0: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.events\x00', 0xb00000000065808, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000140)) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(r2, &(0x7f0000000000), 0xb1d000) ioctl$FITRIM(r0, 0x5460, &(0x7f0000000080)={0x0, 0x800004, 0x40000010000}) 17:05:25 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.events\x00', 0xb00000000065808, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000140)) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(r2, &(0x7f0000000000), 0xb1d000) ioctl$FITRIM(r0, 0x5451, &(0x7f0000000080)={0x0, 0x800004, 0x40000010000}) [ 629.668388][ T1034] loop2: p1 p2 p3 p4 [ 629.672697][ T1034] loop2: p1 start 10 is beyond EOD, truncated [ 629.678893][ T1034] loop2: p2 size 1073872896 extends beyond EOD, truncated [ 629.698695][T18352] FAULT_INJECTION: forcing a failure. [ 629.698695][T18352] name failslab, interval 1, probability 0, space 0, times 0 [ 629.708280][ T1034] loop2: p3 start 225 is beyond EOD, truncated [ 629.711395][T18352] CPU: 1 PID: 18352 Comm: syz-executor.4 Not tainted 5.12.0-syzkaller #0 [ 629.717515][ T1034] loop2: p4 size 3657465856 extends beyond EOD, truncated [ 629.725996][T18352] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 629.743174][T18352] Call Trace: [ 629.746460][T18352] dump_stack+0x137/0x19d [ 629.750804][T18352] should_fail+0x23c/0x250 [ 629.755260][T18352] ? mempool_alloc_slab+0x16/0x20 [ 629.760348][T18352] __should_failslab+0x81/0x90 [ 629.762235][T18363] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=4134 sclass=netlink_route_socket pid=18363 comm=syz-executor.2 [ 629.765147][T18352] should_failslab+0x5/0x20 [ 629.782680][T18352] kmem_cache_alloc+0x46/0x2f0 [ 629.787494][T18352] mempool_alloc_slab+0x16/0x20 [ 629.792379][T18352] ? mempool_free+0x130/0x130 [ 629.797148][T18352] mempool_alloc+0x8c/0x300 [ 629.801637][T18352] sg_pool_alloc+0x74/0x90 [ 629.806193][T18352] __sg_alloc_table+0xce/0x290 [ 629.810942][T18352] sg_alloc_table_chained+0xaf/0x140 [ 629.816319][T18352] ? sg_alloc_table_chained+0x140/0x140 [ 629.821855][T18352] scsi_alloc_sgtables+0x180/0x500 [ 629.827083][T18352] sd_init_command+0x935/0x15f0 [ 629.831984][T18352] scsi_queue_rq+0x10e0/0x15a0 [ 629.836737][T18352] blk_mq_dispatch_rq_list+0x628/0x10b0 [ 629.842288][T18352] ? deadline_remove_request+0x167/0x180 [ 629.847915][T18352] ? dd_dispatch_request+0x341/0x3d0 [ 629.853266][T18352] blk_mq_do_dispatch_sched+0x3cb/0x660 [ 629.858845][T18352] __blk_mq_sched_dispatch_requests+0x21e/0x2c0 [ 629.865238][T18352] blk_mq_sched_dispatch_requests+0x9f/0x110 [ 629.871287][T18352] __blk_mq_run_hw_queue+0xbc/0x140 [ 629.876475][T18352] __blk_mq_delay_run_hw_queue+0x163/0x2f0 [ 629.882275][T18352] ? dd_insert_request+0x255/0x330 [ 629.887394][T18352] blk_mq_run_hw_queue+0x22c/0x250 [ 629.892564][T18352] ? dd_finish_request+0x10/0x10 [ 629.897501][T18352] blk_mq_sched_insert_requests+0x13f/0x200 [ 629.903436][T18352] blk_mq_flush_plug_list+0x2f5/0x3c0 [ 629.908806][T18352] blk_flush_plug_list+0x235/0x260 [ 629.913916][T18352] blk_finish_plug+0x44/0x60 [ 629.918557][T18352] __iomap_dio_rw+0x780/0xad0 [ 629.923283][T18352] iomap_dio_rw+0x30/0x70 [ 629.927671][T18352] ext4_file_write_iter+0xa4f/0x11d0 [ 629.932979][T18352] do_iter_readv_writev+0x2cb/0x360 [ 629.938184][T18352] do_iter_write+0x112/0x4c0 [ 629.942814][T18352] ? kmalloc_array+0x2d/0x40 [ 629.947388][T18352] vfs_iter_write+0x4c/0x70 [ 629.951873][T18352] iter_file_splice_write+0x40a/0x750 [ 629.957230][T18352] ? splice_from_pipe+0xc0/0xc0 [ 629.962063][T18352] direct_splice_actor+0x80/0xa0 [ 629.967004][T18352] splice_direct_to_actor+0x345/0x650 [ 629.972375][T18352] ? do_splice_direct+0x170/0x170 [ 629.977502][T18352] do_splice_direct+0xf5/0x170 [ 629.982322][T18352] do_sendfile+0x773/0xda0 [ 629.986724][T18352] __x64_sys_sendfile64+0xf2/0x130 [ 629.991864][T18352] do_syscall_64+0x4a/0x90 [ 629.996267][T18352] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 630.002169][T18352] RIP: 0033:0x4665f9 [ 630.006050][T18352] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 630.025651][T18352] RSP: 002b:00007f66db8d7188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 630.034060][T18352] RAX: ffffffffffffffda RBX: 000000000056c008 RCX: 00000000004665f9 [ 630.042020][T18352] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000003 [ 630.049989][T18352] RBP: 00007f66db8d71d0 R08: 0000000000000000 R09: 0000000000000000 [ 630.058012][T18352] R10: 00008080ffffff7e R11: 0000000000000246 R12: 0000000000000002 17:05:25 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000200)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in6=@ipv4={'\x00', '\xff\xff', @broadcast}, 0x0, 0x32}, @in=@dev, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x700000000000000}, {}, {}, 0x0, 0x0, 0xa, 0xd104, 0x0, 0x24}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0) [ 630.065985][T18352] R13: 00007ffc1c86f7ef R14: 00007f66db8d7300 R15: 0000000000022000 [ 630.088288][T18354] EXT4-fs (loop7): VFS: Can't find ext4 filesystem [ 630.122595][ T1034] loop2: p1 p2 p3 p4 [ 630.127817][ T1034] loop2: p1 start 10 is beyond EOD, truncated [ 630.133924][ T1034] loop2: p2 size 1073872896 extends beyond EOD, truncated [ 630.168301][ T1034] loop2: p3 start 225 is beyond EOD, truncated [ 630.174581][ T1034] loop2: p4 size 3657465856 extends beyond EOD, truncated 17:05:26 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000100)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1000002, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod$loop(&(0x7f00000000c0)='./file0\x00', 0x6000, 0x1) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f0000000100)=@filename='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='ext2\x00', 0x6020000, 0x0) 17:05:26 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.events\x00', 0xb00000000065808, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000140)) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(r2, &(0x7f0000000000), 0xb1d000) ioctl$FITRIM(r0, 0x5452, &(0x7f0000000080)={0x0, 0x800004, 0x40000010000}) 17:05:26 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000580)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = socket$inet(0x10, 0x3, 0x0) sendmsg(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000400)="24000000261107031dfffd946fa2830020200a0009000000001d85680c1ba3a20400ff7e280000001c00ffffba16a0aa1c0009b3ebcd774a3c374a095dca5285307eadea8653a1cc7e63975c", 0x4c}], 0x1}, 0x0) 17:05:26 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000200)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in6=@ipv4={'\x00', '\xff\xff', @broadcast}, 0x0, 0x32}, @in=@dev, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800000000000000}, {}, {}, 0x0, 0x0, 0xa, 0xd104, 0x0, 0x24}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0) 17:05:26 executing program 4 (fault-call:11 fault-nth:75): prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x6}, 0x0) r0 = open(&(0x7f00000001c0)='./bus\x00', 0x145842, 0x0) r1 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0) lseek(r1, 0x4200, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r3, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r2, &(0x7f0000000000), 0x10000}]) r4 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r1, r4, 0x0, 0x8400fffffffb) sendfile(r0, r0, 0x0, 0x8080ffffff7e) 17:05:26 executing program 0: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.events\x00', 0xb00000000065808, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000140)) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(r2, &(0x7f0000000000), 0xb1d000) ioctl$FITRIM(r0, 0x40049409, &(0x7f0000000080)={0x0, 0x800004, 0x40000010000}) 17:05:26 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000200)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in6=@ipv4={'\x00', '\xff\xff', @broadcast}, 0x0, 0x32}, @in=@dev, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x900000000000000}, {}, {}, 0x0, 0x0, 0xa, 0xd104, 0x0, 0x24}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0) 17:05:26 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000100)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1000002, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod$loop(&(0x7f00000000c0)='./file0\x00', 0x6000, 0x1) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f0000000100)=@filename='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='ext2\x00', 0x6040000, 0x0) [ 630.527819][T18393] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=4390 sclass=netlink_route_socket pid=18393 comm=syz-executor.2 [ 630.550915][T18403] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=4390 sclass=netlink_route_socket pid=18403 comm=syz-executor.2 17:05:26 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000580)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = socket$inet(0x10, 0x3, 0x0) sendmsg(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000400)="24000000261207031dfffd946fa2830020200a0009000000001d85680c1ba3a20400ff7e280000001c00ffffba16a0aa1c0009b3ebcd774a3c374a095dca5285307eadea8653a1cc7e63975c", 0x4c}], 0x1}, 0x0) [ 630.649536][ T1034] loop2: p1 p2 p3 p4 [ 630.655395][ T1034] loop2: p1 start 10 is beyond EOD, truncated [ 630.661569][ T1034] loop2: p2 size 1073872896 extends beyond EOD, truncated [ 630.669982][T18414] FAULT_INJECTION: forcing a failure. [ 630.669982][T18414] name failslab, interval 1, probability 0, space 0, times 0 [ 630.674611][ T1034] loop2: p3 start 225 is beyond EOD, truncated [ 630.682679][T18414] CPU: 1 PID: 18414 Comm: syz-executor.4 Not tainted 5.12.0-syzkaller #0 17:05:26 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000200)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in6=@ipv4={'\x00', '\xff\xff', @broadcast}, 0x0, 0x32}, @in=@dev, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa00000000000000}, {}, {}, 0x0, 0x0, 0xa, 0xd104, 0x0, 0x24}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0) [ 630.688819][ T1034] loop2: p4 size 3657465856 extends beyond EOD, [ 630.697191][T18414] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 630.697203][T18414] Call Trace: [ 630.697211][T18414] dump_stack+0x137/0x19d [ 630.703541][ T1034] truncated [ 630.713549][T18414] should_fail+0x23c/0x250 [ 630.728658][T18414] __should_failslab+0x81/0x90 [ 630.733461][T18414] ? __iomap_dio_rw+0xf1/0xad0 [ 630.738238][T18414] should_failslab+0x5/0x20 [ 630.742781][T18414] kmem_cache_alloc_trace+0x49/0x310 [ 630.748082][T18414] __iomap_dio_rw+0xf1/0xad0 [ 630.752691][T18414] ? __mark_inode_dirty+0x49c/0x6c0 [ 630.758413][T18414] ? __mnt_drop_write_file+0x5a/0x60 [ 630.763730][T18414] ? file_update_time+0x3ae/0x3e0 [ 630.768753][T18414] iomap_dio_rw+0x30/0x70 [ 630.773106][T18414] ext4_file_write_iter+0xa4f/0x11d0 [ 630.778520][T18414] do_iter_readv_writev+0x2cb/0x360 [ 630.783705][T18414] do_iter_write+0x112/0x4c0 [ 630.788345][T18414] ? kmalloc_array+0x2d/0x40 [ 630.792985][T18414] vfs_iter_write+0x4c/0x70 [ 630.797467][T18414] iter_file_splice_write+0x40a/0x750 [ 630.802934][T18414] ? splice_from_pipe+0xc0/0xc0 [ 630.807767][T18414] direct_splice_actor+0x80/0xa0 [ 630.812805][T18414] splice_direct_to_actor+0x345/0x650 [ 630.818176][T18414] ? do_splice_direct+0x170/0x170 [ 630.823192][T18414] do_splice_direct+0xf5/0x170 [ 630.828003][T18414] do_sendfile+0x773/0xda0 [ 630.832487][T18414] __x64_sys_sendfile64+0xf2/0x130 [ 630.837636][T18414] do_syscall_64+0x4a/0x90 [ 630.842094][T18414] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 630.848013][T18414] RIP: 0033:0x4665f9 [ 630.851902][T18414] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 630.871564][T18414] RSP: 002b:00007f66db8d7188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 630.880060][T18414] RAX: ffffffffffffffda RBX: 000000000056c008 RCX: 00000000004665f9 [ 630.888038][T18414] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000003 17:05:26 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000100)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1000002, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod$loop(&(0x7f00000000c0)='./file0\x00', 0x6000, 0x1) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f0000000100)=@filename='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='ext2\x00', 0x7000000, 0x0) 17:05:26 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.events\x00', 0xb00000000065808, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000140)) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(r2, &(0x7f0000000000), 0xb1d000) ioctl$FITRIM(r0, 0x5460, &(0x7f0000000080)={0x0, 0x800004, 0x40000010000}) [ 630.896019][T18414] RBP: 00007f66db8d71d0 R08: 0000000000000000 R09: 0000000000000000 [ 630.903994][T18414] R10: 00008080ffffff7e R11: 0000000000000246 R12: 0000000000000002 [ 630.912060][T18414] R13: 00007ffc1c86f7ef R14: 00007f66db8d7300 R15: 0000000000022000 [ 630.943916][T18431] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=4646 sclass=netlink_route_socket pid=18431 comm=syz-executor.2 [ 630.981712][T18438] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=4646 sclass=netlink_route_socket pid=18438 comm=syz-executor.2 [ 630.998431][T18440] EXT4-fs (loop7): VFS: Can't find ext4 filesystem [ 631.012803][T18442] EXT4-fs (loop7): VFS: Can't find ext4 filesystem [ 631.042592][ T1034] loop2: p1 p2 p3 p4 [ 631.051898][ T1034] loop2: p1 start 10 is beyond EOD, truncated [ 631.058113][ T1034] loop2: p2 size 1073872896 extends beyond EOD, truncated [ 631.066258][ T1034] loop2: p3 start 225 is beyond EOD, truncated [ 631.072500][ T1034] loop2: p4 size 3657465856 extends beyond EOD, truncated 17:05:27 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000100)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1000002, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod$loop(&(0x7f00000000c0)='./file0\x00', 0x6000, 0x1) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f0000000100)=@filename='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='ext2\x00', 0x8000000, 0x0) 17:05:27 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.events\x00', 0xb00000000065808, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000140)) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(r2, &(0x7f0000000000), 0xb1d000) ioctl$FITRIM(r0, 0x40049409, &(0x7f0000000080)={0x0, 0x800004, 0x40000010000}) 17:05:27 executing program 0: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.events\x00', 0xb00000000065808, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000140)) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(r2, &(0x7f0000000000), 0xb1d000) ioctl$FITRIM(r0, 0x40086602, &(0x7f0000000080)={0x0, 0x800004, 0x40000010000}) 17:05:27 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000580)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = socket$inet(0x10, 0x3, 0x0) sendmsg(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000400)="24000000262507031dfffd946fa2830020200a0009000000001d85680c1ba3a20400ff7e280000001c00ffffba16a0aa1c0009b3ebcd774a3c374a095dca5285307eadea8653a1cc7e63975c", 0x4c}], 0x1}, 0x0) 17:05:27 executing program 4 (fault-call:11 fault-nth:76): prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x6}, 0x0) r0 = open(&(0x7f00000001c0)='./bus\x00', 0x145842, 0x0) r1 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0) lseek(r1, 0x4200, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r3, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r2, &(0x7f0000000000), 0x10000}]) r4 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r1, r4, 0x0, 0x8400fffffffb) sendfile(r0, r0, 0x0, 0x8080ffffff7e) 17:05:27 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000200)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in6=@ipv4={'\x00', '\xff\xff', @broadcast}, 0x0, 0x32}, @in=@dev, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb00000000000000}, {}, {}, 0x0, 0x0, 0xa, 0xd104, 0x0, 0x24}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0) 17:05:27 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000200)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in6=@ipv4={'\x00', '\xff\xff', @broadcast}, 0x0, 0x32}, @in=@dev, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc00000000000000}, {}, {}, 0x0, 0x0, 0xa, 0xd104, 0x0, 0x24}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0) 17:05:27 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000580)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = socket$inet(0x10, 0x3, 0x0) sendmsg(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000400)="24000000262807031dfffd946fa2830020200a0009000000001d85680c1ba3a20400ff7e280000001c00ffffba16a0aa1c0009b3ebcd774a3c374a095dca5285307eadea8653a1cc7e63975c", 0x4c}], 0x1}, 0x0) [ 631.516983][T18460] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=9510 sclass=netlink_route_socket pid=18460 comm=syz-executor.2 [ 631.543632][T18464] EXT4-fs (loop7): VFS: Can't find ext4 filesystem 17:05:27 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000100)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1000002, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod$loop(&(0x7f00000000c0)='./file0\x00', 0x6000, 0x1) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f0000000100)=@filename='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='ext2\x00', 0x9000000, 0x0) [ 631.587786][T18467] EXT4-fs (loop7): VFS: Can't find ext4 filesystem [ 631.605067][ T1034] loop2: p1 p2 p3 p4 [ 631.610124][ T1034] loop2: p1 start 10 is beyond EOD, truncated [ 631.616229][ T1034] loop2: p2 size 1073872896 extends beyond EOD, truncated [ 631.625174][ T1034] loop2: p3 start 225 is beyond EOD, truncated [ 631.631435][ T1034] loop2: p4 size 3657465856 extends beyond EOD, truncated [ 631.668103][T18487] FAULT_INJECTION: forcing a failure. [ 631.668103][T18487] name failslab, interval 1, probability 0, space 0, times 0 [ 631.680932][T18487] CPU: 0 PID: 18487 Comm: syz-executor.4 Not tainted 5.12.0-syzkaller #0 [ 631.689473][T18487] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 631.699541][T18487] Call Trace: [ 631.702823][T18487] dump_stack+0x137/0x19d [ 631.707155][T18487] should_fail+0x23c/0x250 [ 631.707775][T18488] EXT4-fs (loop7): VFS: Can't find ext4 filesystem [ 631.711576][T18487] ? mempool_alloc_slab+0x16/0x20 [ 631.711603][T18487] __should_failslab+0x81/0x90 [ 631.727838][T18487] should_failslab+0x5/0x20 [ 631.732443][T18487] kmem_cache_alloc+0x46/0x2f0 [ 631.737221][T18487] mempool_alloc_slab+0x16/0x20 [ 631.742077][T18487] ? mempool_free+0x130/0x130 [ 631.746836][T18487] mempool_alloc+0x8c/0x300 [ 631.751388][T18487] ? ext4_es_lookup_extent+0x36b/0x490 [ 631.756857][T18487] ? iov_iter_alignment+0x77a/0x800 [ 631.762094][T18487] bio_alloc_bioset+0xcc/0x480 [ 631.766862][T18487] iomap_dio_bio_actor+0x511/0xb50 [ 631.771997][T18487] iomap_dio_actor+0x26e/0x3b0 [ 631.776773][T18487] ? ext4_iomap_overwrite_begin+0x5e/0x80 [ 631.782506][T18487] iomap_apply+0x1e2/0x400 [ 631.786932][T18487] __iomap_dio_rw+0x5af/0xad0 [ 631.791644][T18487] ? __iomap_dio_rw+0xad0/0xad0 [ 631.796493][T18487] iomap_dio_rw+0x30/0x70 [ 631.800866][T18487] ext4_file_write_iter+0xa4f/0x11d0 [ 631.806159][T18487] do_iter_readv_writev+0x2cb/0x360 [ 631.811370][T18487] do_iter_write+0x112/0x4c0 17:05:27 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000200)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in6=@ipv4={'\x00', '\xff\xff', @broadcast}, 0x0, 0x32}, @in=@dev, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd00000000000000}, {}, {}, 0x0, 0x0, 0xa, 0xd104, 0x0, 0x24}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0) 17:05:27 executing program 0: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.events\x00', 0xb00000000065808, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000140)) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(r2, &(0x7f0000000000), 0xb1d000) ioctl$FITRIM(r0, 0x40087602, &(0x7f0000000080)={0x0, 0x800004, 0x40000010000}) 17:05:27 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000580)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = socket$inet(0x10, 0x3, 0x0) sendmsg(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000400)="24000000264807031dfffd946fa2830020200a0009000000001d85680c1ba3a20400ff7e280000001c00ffffba16a0aa1c0009b3ebcd774a3c374a095dca5285307eadea8653a1cc7e63975c", 0x4c}], 0x1}, 0x0) [ 631.815975][T18487] ? kmalloc_array+0x2d/0x40 [ 631.820572][T18487] vfs_iter_write+0x4c/0x70 [ 631.825074][T18487] iter_file_splice_write+0x40a/0x750 [ 631.830452][T18487] ? splice_from_pipe+0xc0/0xc0 [ 631.835312][T18487] direct_splice_actor+0x80/0xa0 [ 631.840297][T18487] splice_direct_to_actor+0x345/0x650 [ 631.845714][T18487] ? do_splice_direct+0x170/0x170 [ 631.850734][T18487] do_splice_direct+0xf5/0x170 [ 631.855496][T18487] do_sendfile+0x773/0xda0 [ 631.860073][T18487] __x64_sys_sendfile64+0xf2/0x130 [ 631.865181][T18487] do_syscall_64+0x4a/0x90 [ 631.869616][T18487] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 631.875520][T18487] RIP: 0033:0x4665f9 [ 631.879415][T18487] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 631.899053][T18487] RSP: 002b:00007f66db8d7188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 631.907505][T18487] RAX: ffffffffffffffda RBX: 000000000056c008 RCX: 00000000004665f9 [ 631.915478][T18487] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000003 [ 631.923451][T18487] RBP: 00007f66db8d71d0 R08: 0000000000000000 R09: 0000000000000000 [ 631.931521][T18487] R10: 00008080ffffff7e R11: 0000000000000246 R12: 0000000000000002 [ 631.937422][ T1034] loop2: p1 p2 p3 p4 [ 631.939617][T18487] R13: 00007ffc1c86f7ef R14: 00007f66db8d7300 R15: 0000000000022000 [ 631.952508][ T1034] loop2: p1 start 10 is beyond EOD, truncated [ 631.958653][ T1034] loop2: p2 size 1073872896 extends beyond EOD, truncated [ 631.966421][ T1034] loop2: p3 start 225 is beyond EOD, truncated [ 631.972764][ T1034] loop2: p4 size 3657465856 extends beyond EOD, truncated [ 631.981248][T18492] EXT4-fs (loop7): VFS: Can't find ext4 filesystem [ 632.003872][T18513] EXT4-fs warning (device sda1): __ext4_ioctl:829: Setting inode version is not supported with metadata_csum enabled. 17:05:28 executing program 4 (fault-call:11 fault-nth:77): prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x6}, 0x0) r0 = open(&(0x7f00000001c0)='./bus\x00', 0x145842, 0x0) r1 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0) lseek(r1, 0x4200, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r3, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r2, &(0x7f0000000000), 0x10000}]) r4 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r1, r4, 0x0, 0x8400fffffffb) sendfile(r0, r0, 0x0, 0x8080ffffff7e) 17:05:28 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.events\x00', 0xb00000000065808, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000140)) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(r2, &(0x7f0000000000), 0xb1d000) ioctl$FITRIM(r0, 0x40086602, &(0x7f0000000080)={0x0, 0x800004, 0x40000010000}) 17:05:28 executing program 0: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.events\x00', 0xb00000000065808, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000140)) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(r2, &(0x7f0000000000), 0xb1d000) ioctl$FITRIM(r0, 0x401c5820, &(0x7f0000000080)={0x0, 0x800004, 0x40000010000}) 17:05:28 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000580)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = socket$inet(0x10, 0x3, 0x0) sendmsg(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000400)="24000000264c07031dfffd946fa2830020200a0009000000001d85680c1ba3a20400ff7e280000001c00ffffba16a0aa1c0009b3ebcd774a3c374a095dca5285307eadea8653a1cc7e63975c", 0x4c}], 0x1}, 0x0) 17:05:28 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000200)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in6=@ipv4={'\x00', '\xff\xff', @broadcast}, 0x0, 0x32}, @in=@dev, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe00000000000000}, {}, {}, 0x0, 0x0, 0xa, 0xd104, 0x0, 0x24}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0) 17:05:28 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000100)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1000002, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod$loop(&(0x7f00000000c0)='./file0\x00', 0x6000, 0x1) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f0000000100)=@filename='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='ext2\x00', 0xa000000, 0x0) 17:05:28 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000100)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1000002, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod$loop(&(0x7f00000000c0)='./file0\x00', 0x6000, 0x1) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f0000000100)=@filename='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='ext2\x00', 0xb000000, 0x0) 17:05:28 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000200)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in6=@ipv4={'\x00', '\xff\xff', @broadcast}, 0x0, 0x32}, @in=@dev, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000000000000}, {}, {}, 0x0, 0x0, 0xa, 0xd104, 0x0, 0x24}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0) 17:05:28 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000580)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = socket$inet(0x10, 0x3, 0x0) sendmsg(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000400)="24000000266007031dfffd946fa2830020200a0009000000001d85680c1ba3a20400ff7e280000001c00ffffba16a0aa1c0009b3ebcd774a3c374a095dca5285307eadea8653a1cc7e63975c", 0x4c}], 0x1}, 0x0) [ 632.557429][T18526] EXT4-fs (loop7): VFS: Can't find ext4 filesystem [ 632.584049][T18532] EXT4-fs (loop7): VFS: Can't find ext4 filesystem [ 632.637983][ T1034] loop2: p1 p2 p3 p4 [ 632.642319][ T1034] loop2: p1 start 10 is beyond EOD, truncated [ 632.648454][ T1034] loop2: p2 size 1073872896 extends beyond EOD, truncated [ 632.663487][ T1034] loop2: p3 start 225 is beyond EOD, truncated [ 632.669753][ T1034] loop2: p4 size 3657465856 extends beyond EOD, truncated [ 632.673263][T18553] FAULT_INJECTION: forcing a failure. [ 632.673263][T18553] name failslab, interval 1, probability 0, space 0, times 0 [ 632.689653][T18553] CPU: 1 PID: 18553 Comm: syz-executor.4 Not tainted 5.12.0-syzkaller #0 [ 632.698176][T18553] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 632.708241][T18553] Call Trace: [ 632.711522][T18553] dump_stack+0x137/0x19d [ 632.715862][T18553] should_fail+0x23c/0x250 [ 632.720280][T18553] ? bio_alloc_bioset+0x27d/0x480 [ 632.725310][T18553] __should_failslab+0x81/0x90 [ 632.730137][T18553] should_failslab+0x5/0x20 17:05:28 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000200)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in6=@ipv4={'\x00', '\xff\xff', @broadcast}, 0x0, 0x32}, @in=@dev, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1100000000000000}, {}, {}, 0x0, 0x0, 0xa, 0xd104, 0x0, 0x24}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0) [ 632.734645][T18553] kmem_cache_alloc+0x46/0x2f0 [ 632.739447][T18553] ? iov_iter_npages+0x9a0/0xa00 [ 632.744382][T18553] ? iov_iter_alignment+0x7b2/0x800 [ 632.749581][T18553] ? ext4_es_lookup_extent+0x36b/0x490 [ 632.755098][T18553] bio_alloc_bioset+0x27d/0x480 [ 632.760010][T18553] iomap_dio_bio_actor+0x511/0xb50 [ 632.765126][T18553] iomap_dio_actor+0x26e/0x3b0 [ 632.770036][T18553] ? __filemap_fdatawait_range+0x17c/0x1b0 [ 632.775842][T18553] iomap_apply+0x1e2/0x400 [ 632.780241][T18553] __iomap_dio_rw+0x5af/0xad0 [ 632.784923][T18553] ? __iomap_dio_rw+0xad0/0xad0 [ 632.789833][T18553] iomap_dio_rw+0x30/0x70 [ 632.794189][T18553] ext4_file_read_iter+0x21a/0x290 [ 632.799331][T18553] generic_file_splice_read+0x22a/0x310 [ 632.804864][T18553] ? splice_shrink_spd+0x60/0x60 [ 632.809825][T18553] splice_direct_to_actor+0x2aa/0x650 [ 632.815232][T18553] ? do_splice_direct+0x170/0x170 [ 632.820245][T18553] do_splice_direct+0xf5/0x170 [ 632.825073][T18553] do_sendfile+0x773/0xda0 [ 632.829521][T18553] __x64_sys_sendfile64+0xf2/0x130 [ 632.834615][T18553] do_syscall_64+0x4a/0x90 [ 632.839077][T18553] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 632.844973][T18553] RIP: 0033:0x4665f9 [ 632.848851][T18553] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 632.868568][T18553] RSP: 002b:00007f66db8d7188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 632.877098][T18553] RAX: ffffffffffffffda RBX: 000000000056c008 RCX: 00000000004665f9 17:05:28 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000580)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = socket$inet(0x10, 0x3, 0x0) sendmsg(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000400)="24000000266807031dfffd946fa2830020200a0009000000001d85680c1ba3a20400ff7e280000001c00ffffba16a0aa1c0009b3ebcd774a3c374a095dca5285307eadea8653a1cc7e63975c", 0x4c}], 0x1}, 0x0) [ 632.885055][T18553] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000003 [ 632.893034][T18553] RBP: 00007f66db8d71d0 R08: 0000000000000000 R09: 0000000000000000 [ 632.900990][T18553] R10: 00008080ffffff7e R11: 0000000000000246 R12: 0000000000000002 [ 632.908944][T18553] R13: 00007ffc1c86f7ef R14: 00007f66db8d7300 R15: 0000000000022000 [ 632.928785][T18558] EXT4-fs (loop7): VFS: Can't find ext4 filesystem 17:05:28 executing program 0: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.events\x00', 0xb00000000065808, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000140)) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(r2, &(0x7f0000000000), 0xb1d000) ioctl$FITRIM(r0, 0x4020940d, &(0x7f0000000080)={0x0, 0x800004, 0x40000010000}) [ 632.951648][ T1034] loop2: p1 p2 p3 p4 [ 632.963689][ T1034] loop2: p1 start 10 is beyond EOD, truncated [ 632.969871][ T1034] loop2: p2 size 1073872896 extends beyond EOD, truncated [ 632.983927][ T1034] loop2: p3 start 225 is beyond EOD, truncated [ 632.990188][ T1034] loop2: p4 size 3657465856 extends beyond EOD, truncated [ 633.005548][T18570] __nla_validate_parse: 15 callbacks suppressed [ 633.005634][T18570] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.2'. [ 633.046886][T18579] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.2'. 17:05:29 executing program 4 (fault-call:11 fault-nth:78): prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x6}, 0x0) r0 = open(&(0x7f00000001c0)='./bus\x00', 0x145842, 0x0) r1 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0) lseek(r1, 0x4200, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r3, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r2, &(0x7f0000000000), 0x10000}]) r4 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r1, r4, 0x0, 0x8400fffffffb) sendfile(r0, r0, 0x0, 0x8080ffffff7e) 17:05:29 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000100)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1000002, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod$loop(&(0x7f00000000c0)='./file0\x00', 0x6000, 0x1) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f0000000100)=@filename='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='ext2\x00', 0xc000000, 0x0) 17:05:29 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000580)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = socket$inet(0x10, 0x3, 0x0) sendmsg(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000400)="24000000266c07031dfffd946fa2830020200a0009000000001d85680c1ba3a20400ff7e280000001c00ffffba16a0aa1c0009b3ebcd774a3c374a095dca5285307eadea8653a1cc7e63975c", 0x4c}], 0x1}, 0x0) 17:05:29 executing program 0: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.events\x00', 0xb00000000065808, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000140)) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(r2, &(0x7f0000000000), 0xb1d000) ioctl$FITRIM(r0, 0x40305828, &(0x7f0000000080)={0x0, 0x800004, 0x40000010000}) 17:05:29 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.events\x00', 0xb00000000065808, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000140)) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(r2, &(0x7f0000000000), 0xb1d000) ioctl$FITRIM(r0, 0x40087602, &(0x7f0000000080)={0x0, 0x800004, 0x40000010000}) 17:05:29 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000200)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in6=@ipv4={'\x00', '\xff\xff', @broadcast}, 0x0, 0x32}, @in=@dev, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1200000000000000}, {}, {}, 0x0, 0x0, 0xa, 0xd104, 0x0, 0x24}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0) 17:05:29 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000200)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in6=@ipv4={'\x00', '\xff\xff', @broadcast}, 0x0, 0x32}, @in=@dev, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1400000000000000}, {}, {}, 0x0, 0x0, 0xa, 0xd104, 0x0, 0x24}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0) [ 633.518297][T18594] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.2'. [ 633.530995][T18598] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.2'. [ 633.554023][T18596] EXT4-fs (loop7): VFS: Can't find ext4 filesystem 17:05:29 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000100)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1000002, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod$loop(&(0x7f00000000c0)='./file0\x00', 0x6000, 0x1) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f0000000100)=@filename='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='ext2\x00', 0xd000000, 0x0) 17:05:29 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000580)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = socket$inet(0x10, 0x3, 0x0) sendmsg(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000400)="24000000267407031dfffd946fa2830020200a0009000000001d85680c1ba3a20400ff7e280000001c00ffffba16a0aa1c0009b3ebcd774a3c374a095dca5285307eadea8653a1cc7e63975c", 0x4c}], 0x1}, 0x0) [ 633.597625][T18604] EXT4-fs (loop7): VFS: Can't find ext4 filesystem [ 633.615231][T18610] EXT4-fs warning (device sda1): __ext4_ioctl:829: Setting inode version is not supported with metadata_csum enabled. 17:05:29 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000200)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in6=@ipv4={'\x00', '\xff\xff', @broadcast}, 0x0, 0x32}, @in=@dev, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1700000000000000}, {}, {}, 0x0, 0x0, 0xa, 0xd104, 0x0, 0x24}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0) [ 633.645564][ T1034] loop2: p1 p2 p3 p4 [ 633.654121][ T1034] loop2: p1 start 10 is beyond EOD, truncated [ 633.660402][ T1034] loop2: p2 size 1073872896 extends beyond EOD, truncated [ 633.670065][T18614] FAULT_INJECTION: forcing a failure. [ 633.670065][T18614] name failslab, interval 1, probability 0, space 0, times 0 [ 633.682720][T18614] CPU: 1 PID: 18614 Comm: syz-executor.4 Not tainted 5.12.0-syzkaller #0 [ 633.691207][T18614] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 633.692715][ T1034] loop2: p3 start 225 is beyond EOD, [ 633.701324][T18614] Call Trace: [ 633.701333][T18614] dump_stack+0x137/0x19d [ 633.701358][T18614] should_fail+0x23c/0x250 [ 633.706724][ T1034] truncated [ 633.706731][ T1034] loop2: p4 size 3657465856 extends beyond EOD, [ 633.710005][T18614] ? mempool_alloc_slab+0x16/0x20 [ 633.710030][T18614] __should_failslab+0x81/0x90 [ 633.714346][ T1034] truncated [ 633.740985][T18614] should_failslab+0x5/0x20 [ 633.745495][T18614] kmem_cache_alloc+0x46/0x2f0 [ 633.750268][T18614] mempool_alloc_slab+0x16/0x20 [ 633.755194][T18614] ? mempool_free+0x130/0x130 [ 633.759894][T18614] mempool_alloc+0x8c/0x300 [ 633.764394][T18614] ? percpu_counter_add_batch+0x69/0xd0 [ 633.770016][T18614] ? iov_iter_npages+0x9a0/0xa00 [ 633.775010][T18614] ? iov_iter_alignment+0x7b2/0x800 [ 633.780207][T18614] ? ext4_es_lookup_extent+0x36b/0x490 [ 633.785727][T18614] bio_alloc_bioset+0xcc/0x480 [ 633.790477][T18614] iomap_dio_bio_actor+0x511/0xb50 [ 633.795585][T18614] iomap_dio_actor+0x26e/0x3b0 [ 633.800405][T18614] ? __filemap_fdatawait_range+0x17c/0x1b0 [ 633.806213][T18614] iomap_apply+0x1e2/0x400 [ 633.810621][T18614] __iomap_dio_rw+0x5af/0xad0 [ 633.815419][T18614] ? __iomap_dio_rw+0xad0/0xad0 [ 633.820466][T18614] iomap_dio_rw+0x30/0x70 [ 633.824903][T18614] ext4_file_read_iter+0x21a/0x290 [ 633.830094][T18614] generic_file_splice_read+0x22a/0x310 [ 633.835666][T18614] ? splice_shrink_spd+0x60/0x60 [ 633.840638][T18614] splice_direct_to_actor+0x2aa/0x650 [ 633.846001][T18614] ? do_splice_direct+0x170/0x170 [ 633.851012][T18614] do_splice_direct+0xf5/0x170 [ 633.855778][T18614] do_sendfile+0x773/0xda0 [ 633.860186][T18614] __x64_sys_sendfile64+0xf2/0x130 [ 633.865376][T18614] do_syscall_64+0x4a/0x90 [ 633.869881][T18614] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 633.875835][T18614] RIP: 0033:0x4665f9 [ 633.879717][T18614] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 633.899421][T18614] RSP: 002b:00007f66db8d7188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 633.907902][T18614] RAX: ffffffffffffffda RBX: 000000000056c008 RCX: 00000000004665f9 [ 633.915879][T18614] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000003 [ 633.923836][T18614] RBP: 00007f66db8d71d0 R08: 0000000000000000 R09: 0000000000000000 [ 633.931808][T18614] R10: 00008080ffffff7e R11: 0000000000000246 R12: 0000000000000002 [ 633.939849][T18614] R13: 00007ffc1c86f7ef R14: 00007f66db8d7300 R15: 0000000000022000 17:05:29 executing program 0: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.events\x00', 0xb00000000065808, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000140)) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(r2, &(0x7f0000000000), 0xb1d000) ioctl$FITRIM(r0, 0x40305829, &(0x7f0000000080)={0x0, 0x800004, 0x40000010000}) [ 633.963574][T18624] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.2'. [ 633.979453][T18627] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.2'. [ 633.991784][T18626] EXT4-fs (loop7): VFS: Can't find ext4 filesystem 17:05:29 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000580)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = socket$inet(0x10, 0x3, 0x0) sendmsg(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000400)="24000000267a07031dfffd946fa2830020200a0009000000001d85680c1ba3a20400ff7e280000001c00ffffba16a0aa1c0009b3ebcd774a3c374a095dca5285307eadea8653a1cc7e63975c", 0x4c}], 0x1}, 0x0) [ 634.011460][T18628] EXT4-fs (loop7): VFS: Can't find ext4 filesystem [ 634.031011][ T1034] loop2: p1 p2 p3 p4 [ 634.035618][ T1034] loop2: p1 start 10 is beyond EOD, truncated [ 634.041798][ T1034] loop2: p2 size 1073872896 extends beyond EOD, truncated [ 634.055245][ T1034] loop2: p3 start 225 is beyond EOD, truncated [ 634.061453][ T1034] loop2: p4 size 3657465856 extends beyond EOD, truncated [ 634.085246][T18640] selinux_netlink_send: 15 callbacks suppressed [ 634.085258][T18640] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=31270 sclass=netlink_route_socket pid=18640 comm=syz-executor.2 [ 634.105809][T18640] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.2'. [ 634.123677][T18645] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=31270 sclass=netlink_route_socket pid=18645 comm=syz-executor.2 [ 634.142310][T18645] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.2'. [ 634.176045][ T1034] loop2: p1 p2 p3 p4 [ 634.181692][ T1034] loop2: p1 start 10 is beyond EOD, truncated [ 634.187811][ T1034] loop2: p2 size 1073872896 extends beyond EOD, truncated [ 634.198882][ T1034] loop2: p3 start 225 is beyond EOD, truncated [ 634.205162][ T1034] loop2: p4 size 3657465856 extends beyond EOD, truncated 17:05:30 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.events\x00', 0xb00000000065808, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000140)) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(r2, &(0x7f0000000000), 0xb1d000) ioctl$FITRIM(r0, 0x401c5820, &(0x7f0000000080)={0x0, 0x800004, 0x40000010000}) 17:05:30 executing program 4 (fault-call:11 fault-nth:79): prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x6}, 0x0) r0 = open(&(0x7f00000001c0)='./bus\x00', 0x145842, 0x0) r1 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0) lseek(r1, 0x4200, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r3, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r2, &(0x7f0000000000), 0x10000}]) r4 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r1, r4, 0x0, 0x8400fffffffb) sendfile(r0, r0, 0x0, 0x8080ffffff7e) 17:05:30 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000100)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1000002, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod$loop(&(0x7f00000000c0)='./file0\x00', 0x6000, 0x1) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f0000000100)=@filename='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='ext2\x00', 0xe000000, 0x0) 17:05:30 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000200)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in6=@ipv4={'\x00', '\xff\xff', @broadcast}, 0x0, 0x32}, @in=@dev, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000000000000}, {}, {}, 0x0, 0x0, 0xa, 0xd104, 0x0, 0x24}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0) 17:05:30 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000580)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = socket$inet(0x10, 0x3, 0x0) sendmsg(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000400)="24000000260009031dfffd946fa2830020200a0009000000001d85680c1ba3a20400ff7e280000001c00ffffba16a0aa1c0009b3ebcd774a3c374a095dca5285307eadea8653a1cc7e63975c", 0x4c}], 0x1}, 0x0) 17:05:30 executing program 0: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.events\x00', 0xb00000000065808, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000140)) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(r2, &(0x7f0000000000), 0xb1d000) ioctl$FITRIM(r0, 0x4030582a, &(0x7f0000000080)={0x0, 0x800004, 0x40000010000}) 17:05:30 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000100)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1000002, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod$loop(&(0x7f00000000c0)='./file0\x00', 0x6000, 0x1) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f0000000100)=@filename='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='ext2\x00', 0xf000000, 0x0) [ 634.510478][T18659] EXT4-fs (loop7): VFS: Can't find ext4 filesystem [ 634.522500][T18660] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.2'. [ 634.545294][T18667] EXT4-fs (loop7): VFS: Can't find ext4 filesystem 17:05:30 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000200)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in6=@ipv4={'\x00', '\xff\xff', @broadcast}, 0x0, 0x32}, @in=@dev, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2813312849000000}, {}, {}, 0x0, 0x0, 0xa, 0xd104, 0x0, 0x24}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0) [ 634.561749][T18673] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.2'. 17:05:30 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000580)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = socket$inet(0x10, 0x3, 0x0) sendmsg(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000400)="24000000260004031dfffd946fa2830020200a0009000000001d85680c1ba3a20400ff7e280000001c00ffffba16a0aa1c0009b3ebcd774a3c374a095dca5285307eadea8653a1cc7e63975c", 0x4c}], 0x1}, 0x0) 17:05:30 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000100)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1000002, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod$loop(&(0x7f00000000c0)='./file0\x00', 0x6000, 0x1) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f0000000100)=@filename='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='ext2\x00', 0x10000000, 0x0) 17:05:30 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.events\x00', 0xb00000000065808, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000140)) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(r2, &(0x7f0000000000), 0xb1d000) ioctl$FITRIM(r0, 0x4020940d, &(0x7f0000000080)={0x0, 0x800004, 0x40000010000}) 17:05:30 executing program 0: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.events\x00', 0xb00000000065808, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000140)) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(r2, &(0x7f0000000000), 0xb1d000) ioctl$FITRIM(r0, 0x40305839, &(0x7f0000000080)={0x0, 0x800004, 0x40000010000}) [ 634.609056][T18678] EXT4-fs (loop7): VFS: Can't find ext4 filesystem [ 634.623833][T18681] EXT4-fs (loop7): VFS: Can't find ext4 filesystem [ 634.639414][ T1034] loop2: p1 p2 p3 p4 [ 634.644565][ T1034] loop2: p1 start 10 is beyond EOD, truncated [ 634.650744][ T1034] loop2: p2 size 1073872896 extends beyond EOD, truncated 17:05:30 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000200)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in6=@ipv4={'\x00', '\xff\xff', @broadcast}, 0x0, 0x32}, @in=@dev, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000000000000}, {}, {}, 0x0, 0x0, 0xa, 0xd104, 0x0, 0x24}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0) [ 634.693872][T18685] FAULT_INJECTION: forcing a failure. [ 634.693872][T18685] name failslab, interval 1, probability 0, space 0, times 0 [ 634.706559][T18685] CPU: 1 PID: 18685 Comm: syz-executor.4 Not tainted 5.12.0-syzkaller #0 [ 634.706619][ T1034] loop2: p3 start 225 is beyond EOD, [ 634.714972][T18685] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 634.714984][T18685] Call Trace: [ 634.714991][T18685] dump_stack+0x137/0x19d [ 634.715016][T18685] should_fail+0x23c/0x250 [ 634.720386][ T1034] truncated [ 634.730411][T18685] ? mempool_alloc_slab+0x16/0x20 [ 634.730437][T18685] __should_failslab+0x81/0x90 [ 634.733707][ T1034] loop2: p4 size 3657465856 extends beyond EOD, truncated [ 634.762377][T18685] should_failslab+0x5/0x20 [ 634.766903][T18685] kmem_cache_alloc+0x46/0x2f0 [ 634.771732][T18685] mempool_alloc_slab+0x16/0x20 [ 634.776604][T18685] ? mempool_free+0x130/0x130 [ 634.781285][T18685] mempool_alloc+0x8c/0x300 [ 634.785865][T18685] ? percpu_counter_add_batch+0x69/0xd0 [ 634.791472][T18685] ? iov_iter_npages+0x9a0/0xa00 [ 634.796399][T18685] ? iov_iter_alignment+0x7b2/0x800 [ 634.801691][T18685] ? ext4_es_lookup_extent+0x36b/0x490 [ 634.807198][T18685] bio_alloc_bioset+0xcc/0x480 [ 634.812000][T18685] iomap_dio_bio_actor+0x511/0xb50 [ 634.817210][T18685] iomap_dio_actor+0x26e/0x3b0 [ 634.822032][T18685] ? __filemap_fdatawait_range+0x17c/0x1b0 [ 634.827838][T18685] iomap_apply+0x1e2/0x400 [ 634.832263][T18685] __iomap_dio_rw+0x5af/0xad0 [ 634.837016][T18685] ? __iomap_dio_rw+0xad0/0xad0 [ 634.841867][T18685] iomap_dio_rw+0x30/0x70 [ 634.846182][T18685] ext4_file_read_iter+0x21a/0x290 [ 634.851296][T18685] generic_file_splice_read+0x22a/0x310 [ 634.856841][T18685] ? splice_shrink_spd+0x60/0x60 [ 634.861884][T18685] splice_direct_to_actor+0x2aa/0x650 [ 634.867335][T18685] ? do_splice_direct+0x170/0x170 [ 634.872466][T18685] do_splice_direct+0xf5/0x170 [ 634.877313][T18685] do_sendfile+0x773/0xda0 [ 634.881718][T18685] __x64_sys_sendfile64+0xf2/0x130 [ 634.886823][T18685] do_syscall_64+0x4a/0x90 [ 634.891315][T18685] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 634.897206][T18685] RIP: 0033:0x4665f9 [ 634.901297][T18685] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 634.921151][T18685] RSP: 002b:00007f66db8d7188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 634.929780][T18685] RAX: ffffffffffffffda RBX: 000000000056c008 RCX: 00000000004665f9 [ 634.937755][T18685] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000003 [ 634.945730][T18685] RBP: 00007f66db8d71d0 R08: 0000000000000000 R09: 0000000000000000 [ 634.953751][T18685] R10: 00008080ffffff7e R11: 0000000000000246 R12: 0000000000000002 [ 634.961874][T18685] R13: 00007ffc1c86f7ef R14: 00007f66db8d7300 R15: 0000000000022000 [ 634.990169][ T1034] loop2: p1 p2 p3 p4 [ 634.994926][ T1034] loop2: p1 start 10 is beyond EOD, truncated [ 635.001049][ T1034] loop2: p2 size 1073872896 extends beyond EOD, truncated [ 635.013750][ T1034] loop2: p3 start 225 is beyond EOD, truncated [ 635.020558][ T1034] loop2: p4 size 3657465856 extends beyond EOD, truncated 17:05:31 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000100)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1000002, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod$loop(&(0x7f00000000c0)='./file0\x00', 0x6000, 0x1) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f0000000100)=@filename='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='ext2\x00', 0x11000000, 0x0) 17:05:31 executing program 0: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.events\x00', 0xb00000000065808, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000140)) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(r2, &(0x7f0000000000), 0xb1d000) ioctl$FITRIM(r0, 0x80086601, &(0x7f0000000080)={0x0, 0x800004, 0x40000010000}) 17:05:31 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000580)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = socket$inet(0x10, 0x3, 0x0) sendmsg(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000400)="24000000260009031dfffd946fa2830020200a0009000000001d85680c1ba3a20400ff7e280000001c00ffffba16a0aa1c0009b3ebcd774a3c374a095dca5285307eadea8653a1cc7e63975c", 0x4c}], 0x1}, 0x0) 17:05:31 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.events\x00', 0xb00000000065808, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000140)) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(r2, &(0x7f0000000000), 0xb1d000) ioctl$FITRIM(r0, 0x40305828, &(0x7f0000000080)={0x0, 0x800004, 0x40000010000}) 17:05:31 executing program 4 (fault-call:11 fault-nth:80): prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x6}, 0x0) r0 = open(&(0x7f00000001c0)='./bus\x00', 0x145842, 0x0) r1 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0) lseek(r1, 0x4200, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r3, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r2, &(0x7f0000000000), 0x10000}]) r4 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r1, r4, 0x0, 0x8400fffffffb) sendfile(r0, r0, 0x0, 0x8080ffffff7e) 17:05:31 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000200)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in6=@ipv4={'\x00', '\xff\xff', @broadcast}, 0x0, 0x32}, @in=@dev, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8006000000000000}, {}, {}, 0x0, 0x0, 0xa, 0xd104, 0x0, 0x24}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0) 17:05:31 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000580)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = socket$inet(0x10, 0x3, 0x0) sendmsg(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000400)="24000000260007021dfffd946fa2830020200a0009000000001d85680c1ba3a20400ff7e280000001c00ffffba16a0aa1c0009b3ebcd774a3c374a095dca5285307eadea8653a1cc7e63975c", 0x4c}], 0x1}, 0x0) 17:05:31 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000200)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in6=@ipv4={'\x00', '\xff\xff', @broadcast}, 0x0, 0x32}, @in=@dev, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9effffff00000000}, {}, {}, 0x0, 0x0, 0xa, 0xd104, 0x0, 0x24}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0) [ 635.520434][T18731] EXT4-fs (loop7): VFS: Can't find ext4 filesystem [ 635.546625][ T1034] loop2: p1 p2 p3 p4 [ 635.551235][ T1034] loop2: p1 start 10 is beyond EOD, truncated [ 635.557415][ T1034] loop2: p2 size 1073872896 extends beyond EOD, truncated 17:05:31 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000100)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1000002, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod$loop(&(0x7f00000000c0)='./file0\x00', 0x6000, 0x1) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f0000000100)=@filename='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='ext2\x00', 0x12000000, 0x0) [ 635.567557][T18740] EXT4-fs (loop7): VFS: Can't find ext4 filesystem [ 635.572336][ T1034] loop2: p3 start 225 is beyond EOD, truncated [ 635.580276][ T1034] loop2: p4 size 3657465856 extends beyond EOD, truncated 17:05:31 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.events\x00', 0xb00000000065808, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000140)) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(r2, &(0x7f0000000000), 0xb1d000) ioctl$FITRIM(r0, 0x40305829, &(0x7f0000000080)={0x0, 0x800004, 0x40000010000}) 17:05:31 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000200)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in6=@ipv4={'\x00', '\xff\xff', @broadcast}, 0x0, 0x32}, @in=@dev, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xeaffffff00000000}, {}, {}, 0x0, 0x0, 0xa, 0xd104, 0x0, 0x24}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0) 17:05:31 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000580)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = socket$inet(0x10, 0x3, 0x0) sendmsg(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000400)="24000000260007041dfffd946fa2830020200a0009000000001d85680c1ba3a20400ff7e280000001c00ffffba16a0aa1c0009b3ebcd774a3c374a095dca5285307eadea8653a1cc7e63975c", 0x4c}], 0x1}, 0x0) [ 635.667479][T18762] EXT4-fs (loop7): VFS: Can't find ext4 filesystem [ 635.688213][T18764] FAULT_INJECTION: forcing a failure. [ 635.688213][T18764] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 635.701554][T18764] CPU: 1 PID: 18764 Comm: syz-executor.4 Not tainted 5.12.0-syzkaller #0 [ 635.709970][T18764] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 635.720105][T18764] Call Trace: [ 635.723368][T18764] dump_stack+0x137/0x19d [ 635.727683][T18764] should_fail+0x23c/0x250 [ 635.732154][T18764] __alloc_pages+0x102/0x320 [ 635.736723][T18764] alloc_pages+0x21d/0x310 [ 635.741125][T18764] push_pipe+0x267/0x370 [ 635.745493][T18764] iov_iter_get_pages+0xb39/0xcc0 [ 635.750524][T18764] bio_iov_iter_get_pages+0x55f/0xa70 [ 635.755877][T18764] iomap_dio_bio_actor+0x673/0xb50 [ 635.760973][T18764] iomap_dio_actor+0x26e/0x3b0 [ 635.765729][T18764] ? __filemap_fdatawait_range+0x17c/0x1b0 [ 635.771566][T18764] iomap_apply+0x1e2/0x400 [ 635.775969][T18764] __iomap_dio_rw+0x5af/0xad0 [ 635.780652][T18764] ? __iomap_dio_rw+0xad0/0xad0 [ 635.785684][T18764] iomap_dio_rw+0x30/0x70 [ 635.790017][T18764] ext4_file_read_iter+0x21a/0x290 [ 635.795563][T18764] generic_file_splice_read+0x22a/0x310 [ 635.801093][T18764] ? splice_shrink_spd+0x60/0x60 [ 635.806055][T18764] splice_direct_to_actor+0x2aa/0x650 [ 635.811424][T18764] ? do_splice_direct+0x170/0x170 [ 635.816439][T18764] do_splice_direct+0xf5/0x170 [ 635.821300][T18764] do_sendfile+0x773/0xda0 [ 635.825714][T18764] __x64_sys_sendfile64+0xf2/0x130 [ 635.830827][T18764] do_syscall_64+0x4a/0x90 [ 635.835238][T18764] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 635.841121][T18764] RIP: 0033:0x4665f9 [ 635.845005][T18764] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 635.864624][T18764] RSP: 002b:00007f66db8d7188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 635.873024][T18764] RAX: ffffffffffffffda RBX: 000000000056c008 RCX: 00000000004665f9 [ 635.881033][T18764] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000003 [ 635.888998][T18764] RBP: 00007f66db8d71d0 R08: 0000000000000000 R09: 0000000000000000 [ 635.896972][T18764] R10: 00008080ffffff7e R11: 0000000000000246 R12: 0000000000000002 [ 635.904943][T18764] R13: 00007ffc1c86f7ef R14: 00007f66db8d7300 R15: 0000000000022000 [ 635.917533][T18766] EXT4-fs (loop7): VFS: Can't find ext4 filesystem [ 635.928083][ T1034] loop2: p1 p2 p3 p4 [ 635.932404][ T1034] loop2: p1 start 10 is beyond EOD, truncated [ 635.938625][ T1034] loop2: p2 size 1073872896 extends beyond EOD, truncated [ 635.953472][ T1034] loop2: p3 start 225 is beyond EOD, truncated [ 635.959778][ T1034] loop2: p4 size 3657465856 extends beyond EOD, truncated 17:05:32 executing program 0: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.events\x00', 0xb00000000065808, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000140)) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(r2, &(0x7f0000000000), 0xb1d000) ioctl$FITRIM(r0, 0x80087601, &(0x7f0000000080)={0x0, 0x800004, 0x40000010000}) 17:05:32 executing program 4 (fault-call:11 fault-nth:81): prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x6}, 0x0) r0 = open(&(0x7f00000001c0)='./bus\x00', 0x145842, 0x0) r1 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0) lseek(r1, 0x4200, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r3, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r2, &(0x7f0000000000), 0x10000}]) r4 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r1, r4, 0x0, 0x8400fffffffb) sendfile(r0, r0, 0x0, 0x8080ffffff7e) 17:05:32 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000100)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1000002, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod$loop(&(0x7f00000000c0)='./file0\x00', 0x6000, 0x1) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f0000000100)=@filename='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='ext2\x00', 0x20000000, 0x0) 17:05:32 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000200)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in6=@ipv4={'\x00', '\xff\xff', @broadcast}, 0x0, 0x32}, @in=@dev, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xefffffff00000000}, {}, {}, 0x0, 0x0, 0xa, 0xd104, 0x0, 0x24}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0) 17:05:32 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000580)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = socket$inet(0x10, 0x3, 0x0) sendmsg(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000400)="24000000260007051dfffd946fa2830020200a0009000000001d85680c1ba3a20400ff7e280000001c00ffffba16a0aa1c0009b3ebcd774a3c374a095dca5285307eadea8653a1cc7e63975c", 0x4c}], 0x1}, 0x0) 17:05:32 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.events\x00', 0xb00000000065808, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000140)) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(r2, &(0x7f0000000000), 0xb1d000) ioctl$FITRIM(r0, 0x4030582a, &(0x7f0000000080)={0x0, 0x800004, 0x40000010000}) 17:05:32 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000200)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in6=@ipv4={'\x00', '\xff\xff', @broadcast}, 0x0, 0x32}, @in=@dev, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf0ffffff00000000}, {}, {}, 0x0, 0x0, 0xa, 0xd104, 0x0, 0x24}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0) 17:05:32 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000580)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = socket$inet(0x10, 0x3, 0x0) sendmsg(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000400)="24000000260007061dfffd946fa2830020200a0009000000001d85680c1ba3a20400ff7e280000001c00ffffba16a0aa1c0009b3ebcd774a3c374a095dca5285307eadea8653a1cc7e63975c", 0x4c}], 0x1}, 0x0) [ 636.513690][T18798] EXT4-fs (loop7): VFS: Can't find ext4 filesystem [ 636.544194][ T1034] loop2: p1 p2 p3 p4 [ 636.548520][ T1034] loop2: p1 start 10 is beyond EOD, truncated [ 636.554599][ T1034] loop2: p2 size 1073872896 extends beyond EOD, truncated 17:05:32 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000100)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1000002, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod$loop(&(0x7f00000000c0)='./file0\x00', 0x6000, 0x1) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f0000000100)=@filename='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='ext2\x00', 0x20100000, 0x0) 17:05:32 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000580)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = socket$inet(0x10, 0x3, 0x0) sendmsg(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000400)="24000000260007071dfffd946fa2830020200a0009000000001d85680c1ba3a20400ff7e280000001c00ffffba16a0aa1c0009b3ebcd774a3c374a095dca5285307eadea8653a1cc7e63975c", 0x4c}], 0x1}, 0x0) [ 636.565594][T18803] EXT4-fs (loop7): VFS: Can't find ext4 filesystem 17:05:32 executing program 0: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.events\x00', 0xb00000000065808, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000140)) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(r2, &(0x7f0000000000), 0xb1d000) ioctl$FITRIM(r0, 0x801c581f, &(0x7f0000000080)={0x0, 0x800004, 0x40000010000}) 17:05:32 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000200)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in6=@ipv4={'\x00', '\xff\xff', @broadcast}, 0x0, 0x32}, @in=@dev, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfcffffff00000000}, {}, {}, 0x0, 0x0, 0xa, 0xd104, 0x0, 0x24}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0) [ 636.616365][ T1034] loop2: p3 start 225 is beyond EOD, truncated [ 636.622718][ T1034] loop2: p4 size 3657465856 extends beyond EOD, truncated [ 636.659362][T18826] FAULT_INJECTION: forcing a failure. [ 636.659362][T18826] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 636.672643][T18826] CPU: 0 PID: 18826 Comm: syz-executor.4 Not tainted 5.12.0-syzkaller #0 [ 636.681074][T18826] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 636.691127][T18826] Call Trace: [ 636.694465][T18826] dump_stack+0x137/0x19d [ 636.698847][T18826] should_fail+0x23c/0x250 [ 636.703252][T18826] __alloc_pages+0x102/0x320 [ 636.707824][T18826] alloc_pages+0x21d/0x310 [ 636.712229][T18826] push_pipe+0x267/0x370 [ 636.716525][T18826] iov_iter_get_pages+0xb39/0xcc0 [ 636.721553][T18826] ? cache_alloc_refill+0x2cb/0x3d0 [ 636.726738][T18826] bio_iov_iter_get_pages+0x55f/0xa70 [ 636.732112][T18826] iomap_dio_bio_actor+0x673/0xb50 [ 636.737267][T18826] iomap_dio_actor+0x26e/0x3b0 [ 636.742013][T18826] ? __filemap_fdatawait_range+0x17c/0x1b0 [ 636.747820][T18826] iomap_apply+0x1e2/0x400 [ 636.752233][T18826] __iomap_dio_rw+0x5af/0xad0 [ 636.756972][T18826] ? __iomap_dio_rw+0xad0/0xad0 [ 636.761809][T18826] iomap_dio_rw+0x30/0x70 [ 636.766213][T18826] ext4_file_read_iter+0x21a/0x290 [ 636.771312][T18826] generic_file_splice_read+0x22a/0x310 [ 636.776856][T18826] ? splice_shrink_spd+0x60/0x60 [ 636.781778][T18826] splice_direct_to_actor+0x2aa/0x650 [ 636.787164][T18826] ? do_splice_direct+0x170/0x170 [ 636.792171][T18826] do_splice_direct+0xf5/0x170 [ 636.796916][T18826] do_sendfile+0x773/0xda0 [ 636.801314][T18826] __x64_sys_sendfile64+0xf2/0x130 [ 636.806474][T18826] do_syscall_64+0x4a/0x90 [ 636.810878][T18826] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 636.816825][T18826] RIP: 0033:0x4665f9 [ 636.820702][T18826] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 636.840360][T18826] RSP: 002b:00007f66db8d7188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 636.848776][T18826] RAX: ffffffffffffffda RBX: 000000000056c008 RCX: 00000000004665f9 [ 636.856730][T18826] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000003 [ 636.864683][T18826] RBP: 00007f66db8d71d0 R08: 0000000000000000 R09: 0000000000000000 [ 636.872732][T18826] R10: 00008080ffffff7e R11: 0000000000000246 R12: 0000000000000002 [ 636.880704][T18826] R13: 00007ffc1c86f7ef R14: 00007f66db8d7300 R15: 0000000000022000 [ 636.894565][ T1034] loop2: p1 p2 p3 p4 [ 636.913769][ T1034] loop2: p1 start 10 is beyond EOD, truncated [ 636.919977][ T1034] loop2: p2 size 1073872896 extends beyond EOD, truncated [ 636.941960][ T1034] loop2: p3 start 225 is beyond EOD, truncated [ 636.948187][ T1034] loop2: p4 size 3657465856 extends beyond EOD, truncated [ 636.983191][ T1034] loop2: p1 p2 p3 p4 [ 636.987363][ T1034] loop2: p1 start 10 is beyond EOD, truncated [ 636.993568][ T1034] loop2: p2 size 1073872896 extends beyond EOD, truncated [ 637.002270][ T1034] loop2: p3 start 225 is beyond EOD, truncated [ 637.008610][ T1034] loop2: p4 size 3657465856 extends beyond EOD, truncated 17:05:33 executing program 4 (fault-call:11 fault-nth:82): prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x6}, 0x0) r0 = open(&(0x7f00000001c0)='./bus\x00', 0x145842, 0x0) r1 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0) lseek(r1, 0x4200, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r3, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r2, &(0x7f0000000000), 0x10000}]) r4 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r1, r4, 0x0, 0x8400fffffffb) sendfile(r0, r0, 0x0, 0x8080ffffff7e) 17:05:33 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000100)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1000002, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod$loop(&(0x7f00000000c0)='./file0\x00', 0x6000, 0x1) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f0000000100)=@filename='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='ext2\x00', 0x25000000, 0x0) 17:05:33 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000580)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = socket$inet(0x10, 0x3, 0x0) sendmsg(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000400)="24000000260007081dfffd946fa2830020200a0009000000001d85680c1ba3a20400ff7e280000001c00ffffba16a0aa1c0009b3ebcd774a3c374a095dca5285307eadea8653a1cc7e63975c", 0x4c}], 0x1}, 0x0) 17:05:33 executing program 0: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.events\x00', 0xb00000000065808, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000140)) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(r2, &(0x7f0000000000), 0xb1d000) ioctl$FITRIM(r0, 0xc0045878, &(0x7f0000000080)={0x0, 0x800004, 0x40000010000}) 17:05:33 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000200)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in6=@ipv4={'\x00', '\xff\xff', @broadcast}, 0x0, 0x32}, @in=@dev, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfeffffff00000000}, {}, {}, 0x0, 0x0, 0xa, 0xd104, 0x0, 0x24}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0) 17:05:33 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.events\x00', 0xb00000000065808, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000140)) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(r2, &(0x7f0000000000), 0xb1d000) ioctl$FITRIM(r0, 0x40305839, &(0x7f0000000080)={0x0, 0x800004, 0x40000010000}) 17:05:33 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000200)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in6=@ipv4={'\x00', '\xff\xff', @broadcast}, 0x0, 0x32}, @in=@dev, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffff7f00000000}, {}, {}, 0x0, 0x0, 0xa, 0xd104, 0x0, 0x24}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0) [ 637.511371][T18860] EXT4-fs (loop7): VFS: Can't find ext4 filesystem 17:05:33 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000100)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1000002, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod$loop(&(0x7f00000000c0)='./file0\x00', 0x6000, 0x1) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f0000000100)=@filename='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='ext2\x00', 0x3f000000, 0x0) 17:05:33 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000580)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = socket$inet(0x10, 0x3, 0x0) sendmsg(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000400)="24000000260007091dfffd946fa2830020200a0009000000001d85680c1ba3a20400ff7e280000001c00ffffba16a0aa1c0009b3ebcd774a3c374a095dca5285307eadea8653a1cc7e63975c", 0x4c}], 0x1}, 0x0) [ 637.577402][T18863] EXT4-fs (loop7): VFS: Can't find ext4 filesystem [ 637.603028][ T1034] loop2: p1 p2 p3 p4 [ 637.607286][ T1034] loop2: p1 start 10 is beyond EOD, truncated [ 637.613379][ T1034] loop2: p2 size 1073872896 extends beyond EOD, truncated [ 637.625100][ T1034] loop2: p3 start 225 is beyond EOD, truncated [ 637.631344][ T1034] loop2: p4 size 3657465856 extends beyond EOD, truncated [ 637.653035][T18881] FAULT_INJECTION: forcing a failure. [ 637.653035][T18881] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 637.667244][T18881] CPU: 0 PID: 18881 Comm: syz-executor.4 Not tainted 5.12.0-syzkaller #0 17:05:33 executing program 0: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.events\x00', 0xb00000000065808, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000140)) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(r2, &(0x7f0000000000), 0xb1d000) ioctl$FITRIM(r0, 0xc0045878, &(0x7f0000000080)={0x0, 0x800004, 0x40000010000}) 17:05:33 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000200)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in6=@ipv4={'\x00', '\xff\xff', @broadcast}, 0x0, 0x32}, @in=@dev, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff00000000}, {}, {}, 0x0, 0x0, 0xa, 0xd104, 0x0, 0x24}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0) [ 637.675665][T18881] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 637.685728][T18881] Call Trace: [ 637.689042][T18881] dump_stack+0x137/0x19d [ 637.693390][T18881] should_fail+0x23c/0x250 [ 637.697819][T18881] __alloc_pages+0x102/0x320 [ 637.702420][T18881] alloc_pages+0x21d/0x310 [ 637.706873][T18881] push_pipe+0x267/0x370 [ 637.711136][T18881] iov_iter_get_pages+0xb39/0xcc0 [ 637.716194][T18881] bio_iov_iter_get_pages+0x55f/0xa70 [ 637.721574][T18881] iomap_dio_bio_actor+0x673/0xb50 17:05:33 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000580)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = socket$inet(0x10, 0x3, 0x0) sendmsg(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000400)="240000002600070a1dfffd946fa2830020200a0009000000001d85680c1ba3a20400ff7e280000001c00ffffba16a0aa1c0009b3ebcd774a3c374a095dca5285307eadea8653a1cc7e63975c", 0x4c}], 0x1}, 0x0) [ 637.726695][T18881] iomap_dio_actor+0x26e/0x3b0 [ 637.731471][T18881] ? __filemap_fdatawait_range+0x17c/0x1b0 [ 637.737349][T18881] iomap_apply+0x1e2/0x400 [ 637.741777][T18881] __iomap_dio_rw+0x5af/0xad0 [ 637.746476][T18881] ? __iomap_dio_rw+0xad0/0xad0 [ 637.751386][T18881] iomap_dio_rw+0x30/0x70 [ 637.755771][T18881] ext4_file_read_iter+0x21a/0x290 [ 637.760916][T18881] generic_file_splice_read+0x22a/0x310 [ 637.766471][T18881] ? splice_shrink_spd+0x60/0x60 [ 637.767072][T18887] EXT4-fs (loop7): VFS: Can't find ext4 filesystem [ 637.771440][T18881] splice_direct_to_actor+0x2aa/0x650 [ 637.771466][T18881] ? do_splice_direct+0x170/0x170 [ 637.788304][T18881] do_splice_direct+0xf5/0x170 [ 637.793085][T18881] do_sendfile+0x773/0xda0 [ 637.797584][T18881] __x64_sys_sendfile64+0xf2/0x130 [ 637.802777][T18881] do_syscall_64+0x4a/0x90 [ 637.807204][T18881] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 637.813120][T18881] RIP: 0033:0x4665f9 [ 637.817002][T18881] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 637.836645][T18881] RSP: 002b:00007f66db8d7188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 637.845042][T18881] RAX: ffffffffffffffda RBX: 000000000056c008 RCX: 00000000004665f9 [ 637.853066][T18881] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000003 [ 637.861027][T18881] RBP: 00007f66db8d71d0 R08: 0000000000000000 R09: 0000000000000000 [ 637.869002][T18881] R10: 00008080ffffff7e R11: 0000000000000246 R12: 0000000000000002 [ 637.876958][T18881] R13: 00007ffc1c86f7ef R14: 00007f66db8d7300 R15: 0000000000022000 [ 637.893190][T18890] EXT4-fs (loop7): VFS: Can't find ext4 filesystem [ 637.927549][ T1034] loop2: p1 p2 p3 p4 [ 637.939079][ T1034] loop2: p1 start 10 is beyond EOD, truncated [ 637.945195][ T1034] loop2: p2 size 1073872896 extends beyond EOD, truncated [ 637.953495][ T1034] loop2: p3 start 225 is beyond EOD, truncated [ 637.959689][ T1034] loop2: p4 size 3657465856 extends beyond EOD, truncated [ 637.991465][ T1034] loop2: p1 p2 p3 p4 [ 637.996020][ T1034] loop2: p1 start 10 is beyond EOD, truncated [ 638.002156][ T1034] loop2: p2 size 1073872896 extends beyond EOD, truncated [ 638.010914][ T1034] loop2: p3 start 225 is beyond EOD, truncated [ 638.017104][ T1034] loop2: p4 size 3657465856 extends beyond EOD, truncated 17:05:34 executing program 4 (fault-call:11 fault-nth:83): prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x6}, 0x0) r0 = open(&(0x7f00000001c0)='./bus\x00', 0x145842, 0x0) r1 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0) lseek(r1, 0x4200, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r3, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r2, &(0x7f0000000000), 0x10000}]) r4 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r1, r4, 0x0, 0x8400fffffffb) sendfile(r0, r0, 0x0, 0x8080ffffff7e) 17:05:34 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000100)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1000002, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod$loop(&(0x7f00000000c0)='./file0\x00', 0x6000, 0x1) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f0000000100)=@filename='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='ext2\x00', 0x40000000, 0x0) 17:05:34 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.events\x00', 0xb00000000065808, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000140)) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(r2, &(0x7f0000000000), 0xb1d000) ioctl$FITRIM(r0, 0x80086601, &(0x7f0000000080)={0x0, 0x800004, 0x40000010000}) 17:05:34 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000200)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in6=@ipv4={'\x00', '\xff\xff', @broadcast}, 0x0, 0x32}, @in=@dev, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, {}, {}, 0x0, 0x0, 0xa, 0xd104, 0x0, 0x24}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0) 17:05:34 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000580)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = socket$inet(0x10, 0x3, 0x0) sendmsg(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000400)="240000002600070b1dfffd946fa2830020200a0009000000001d85680c1ba3a20400ff7e280000001c00ffffba16a0aa1c0009b3ebcd774a3c374a095dca5285307eadea8653a1cc7e63975c", 0x4c}], 0x1}, 0x0) 17:05:34 executing program 0: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.events\x00', 0xb00000000065808, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000140)) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(r2, &(0x7f0000000000), 0xb1d000) ioctl$FITRIM(r0, 0xc0189436, &(0x7f0000000080)={0x0, 0x800004, 0x40000010000}) 17:05:34 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000100)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1000002, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod$loop(&(0x7f00000000c0)='./file0\x00', 0x6000, 0x1) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f0000000100)=@filename='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='ext2\x00', 0x48000000, 0x0) [ 638.482074][T18924] EXT4-fs (loop7): VFS: Can't find ext4 filesystem [ 638.489025][T18926] __nla_validate_parse: 19 callbacks suppressed [ 638.489037][T18926] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.2'. [ 638.520283][T18929] EXT4-fs (loop7): VFS: Can't find ext4 filesystem 17:05:34 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000200)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in6=@ipv4={'\x00', '\xff\xff', @broadcast}, 0x0, 0x32}, @in=@dev, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, {}, {}, 0x0, 0x0, 0xa, 0xd104, 0x0, 0x24}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0) [ 638.546189][T18937] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.2'. [ 638.583288][T18942] FAULT_INJECTION: forcing a failure. [ 638.583288][T18942] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 638.596693][T18942] CPU: 1 PID: 18942 Comm: syz-executor.4 Not tainted 5.12.0-syzkaller #0 [ 638.605110][T18942] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 638.615405][T18942] Call Trace: [ 638.618683][T18942] dump_stack+0x137/0x19d [ 638.623020][T18942] should_fail+0x23c/0x250 [ 638.627444][T18942] __alloc_pages+0x102/0x320 [ 638.632140][T18942] alloc_pages+0x21d/0x310 [ 638.636581][T18942] push_pipe+0x267/0x370 [ 638.640816][T18942] iov_iter_get_pages+0xb39/0xcc0 [ 638.645847][T18942] bio_iov_iter_get_pages+0x55f/0xa70 [ 638.651260][T18942] iomap_dio_bio_actor+0x673/0xb50 [ 638.656375][T18942] iomap_dio_actor+0x26e/0x3b0 [ 638.661328][T18942] ? __filemap_fdatawait_range+0x17c/0x1b0 [ 638.667239][T18942] iomap_apply+0x1e2/0x400 [ 638.671639][T18942] __iomap_dio_rw+0x5af/0xad0 [ 638.676404][T18942] ? __iomap_dio_rw+0xad0/0xad0 [ 638.681260][T18942] iomap_dio_rw+0x30/0x70 [ 638.685596][T18942] ext4_file_read_iter+0x21a/0x290 [ 638.690820][T18942] generic_file_splice_read+0x22a/0x310 [ 638.696441][T18942] ? splice_shrink_spd+0x60/0x60 [ 638.701376][T18942] splice_direct_to_actor+0x2aa/0x650 [ 638.706812][T18942] ? do_splice_direct+0x170/0x170 [ 638.711842][T18942] do_splice_direct+0xf5/0x170 [ 638.716611][T18942] do_sendfile+0x773/0xda0 [ 638.721037][T18942] __x64_sys_sendfile64+0xf2/0x130 [ 638.726211][T18942] do_syscall_64+0x4a/0x90 [ 638.730628][T18942] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 638.736537][T18942] RIP: 0033:0x4665f9 [ 638.740425][T18942] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 638.760017][T18942] RSP: 002b:00007f66db8d7188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 638.768410][T18942] RAX: ffffffffffffffda RBX: 000000000056c008 RCX: 00000000004665f9 [ 638.776392][T18942] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000003 [ 638.784430][T18942] RBP: 00007f66db8d71d0 R08: 0000000000000000 R09: 0000000000000000 17:05:34 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000580)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = socket$inet(0x10, 0x3, 0x0) sendmsg(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000400)="240000002600070c1dfffd946fa2830020200a0009000000001d85680c1ba3a20400ff7e280000001c00ffffba16a0aa1c0009b3ebcd774a3c374a095dca5285307eadea8653a1cc7e63975c", 0x4c}], 0x1}, 0x0) 17:05:34 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000100)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1000002, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod$loop(&(0x7f00000000c0)='./file0\x00', 0x6000, 0x1) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f0000000100)=@filename='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='ext2\x00', 0x4c000000, 0x0) [ 638.792402][T18942] R10: 00008080ffffff7e R11: 0000000000000246 R12: 0000000000000002 [ 638.800460][T18942] R13: 00007ffc1c86f7ef R14: 00007f66db8d7300 R15: 0000000000022000 17:05:34 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000200)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in6=@ipv4={'\x00', '\xff\xff', @broadcast}, 0x0, 0x32}, @in=@dev, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, {}, {}, 0x0, 0x0, 0xa, 0xd104, 0x0, 0x24}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0) 17:05:34 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.events\x00', 0xb00000000065808, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000140)) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(r2, &(0x7f0000000000), 0xb1d000) ioctl$FITRIM(r0, 0x80087601, &(0x7f0000000080)={0x0, 0x800004, 0x40000010000}) [ 638.847320][ T1034] loop2: p1 p2 p3 p4 [ 638.854833][ T1034] loop2: p1 start 10 is beyond EOD, truncated [ 638.857126][T18955] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.2'. [ 638.861025][ T1034] loop2: p2 size 1073872896 extends beyond EOD, truncated [ 638.895851][T18957] EXT4-fs (loop7): VFS: Can't find ext4 filesystem [ 638.915630][ T1034] loop2: p3 start 225 is beyond EOD, truncated [ 638.916337][T18959] EXT4-fs (loop7): VFS: Can't find ext4 filesystem [ 638.921950][ T1034] loop2: p4 size 3657465856 extends beyond EOD, truncated [ 638.937584][T18963] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.2'. 17:05:35 executing program 4 (fault-call:11 fault-nth:84): prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x6}, 0x0) r0 = open(&(0x7f00000001c0)='./bus\x00', 0x145842, 0x0) r1 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0) lseek(r1, 0x4200, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r3, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r2, &(0x7f0000000000), 0x10000}]) r4 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r1, r4, 0x0, 0x8400fffffffb) sendfile(r0, r0, 0x0, 0x8080ffffff7e) 17:05:35 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000200)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in6=@ipv4={'\x00', '\xff\xff', @broadcast}, 0x0, 0x32}, @in=@dev, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, {}, {}, 0x0, 0x0, 0xa, 0xd104, 0x0, 0x24}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0) 17:05:35 executing program 0: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.events\x00', 0xb00000000065808, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000140)) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(r2, &(0x7f0000000000), 0xb1d000) ioctl$FITRIM(r0, 0xc020660b, &(0x7f0000000080)={0x0, 0x800004, 0x40000010000}) 17:05:35 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000100)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1000002, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod$loop(&(0x7f00000000c0)='./file0\x00', 0x6000, 0x1) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f0000000100)=@filename='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='ext2\x00', 0x53efffff, 0x0) 17:05:35 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000580)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = socket$inet(0x10, 0x3, 0x0) sendmsg(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000400)="240000002600070d1dfffd946fa2830020200a0009000000001d85680c1ba3a20400ff7e280000001c00ffffba16a0aa1c0009b3ebcd774a3c374a095dca5285307eadea8653a1cc7e63975c", 0x4c}], 0x1}, 0x0) 17:05:35 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.events\x00', 0xb00000000065808, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000140)) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(r2, &(0x7f0000000000), 0xb1d000) ioctl$FITRIM(r0, 0x801c581f, &(0x7f0000000080)={0x0, 0x800004, 0x40000010000}) 17:05:35 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000200)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in6=@ipv4={'\x00', '\xff\xff', @broadcast}, 0x0, 0x32}, @in=@dev, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, {}, {}, 0x0, 0x0, 0xa, 0xd104, 0x0, 0x24}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0) 17:05:35 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000100)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1000002, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod$loop(&(0x7f00000000c0)='./file0\x00', 0x6000, 0x1) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f0000000100)=@filename='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='ext2\x00', 0x60000000, 0x0) [ 639.477759][T18990] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.2'. [ 639.526777][T19001] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.2'. [ 639.550874][T19002] EXT4-fs (loop7): VFS: Can't find ext4 filesystem 17:05:35 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.events\x00', 0xb00000000065808, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000140)) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(r2, &(0x7f0000000000), 0xb1d000) ioctl$FITRIM(r0, 0xc0045878, &(0x7f0000000080)={0x0, 0x800004, 0x40000010000}) 17:05:35 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000200)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in6=@ipv4={'\x00', '\xff\xff', @broadcast}, 0x0, 0x32}, @in=@dev, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, {}, {}, 0x0, 0x0, 0xa, 0xd104, 0x0, 0x24}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0) [ 639.575888][T19005] FAULT_INJECTION: forcing a failure. [ 639.575888][T19005] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 639.589286][T19005] CPU: 1 PID: 19005 Comm: syz-executor.4 Not tainted 5.12.0-syzkaller #0 [ 639.597702][T19005] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 639.607769][T19005] Call Trace: [ 639.611125][T19005] dump_stack+0x137/0x19d [ 639.615512][T19005] should_fail+0x23c/0x250 [ 639.619915][T19005] __alloc_pages+0x102/0x320 [ 639.624528][T19005] alloc_pages+0x21d/0x310 [ 639.629176][T19005] push_pipe+0x267/0x370 [ 639.633408][T19005] iov_iter_get_pages+0xb39/0xcc0 [ 639.638552][T19005] bio_iov_iter_get_pages+0x55f/0xa70 [ 639.643967][T19005] iomap_dio_bio_actor+0x673/0xb50 [ 639.649066][T19005] iomap_dio_actor+0x26e/0x3b0 [ 639.653846][T19005] ? __filemap_fdatawait_range+0x17c/0x1b0 [ 639.659773][T19005] iomap_apply+0x1e2/0x400 [ 639.664231][T19005] __iomap_dio_rw+0x5af/0xad0 [ 639.668891][T19005] ? __iomap_dio_rw+0xad0/0xad0 [ 639.673796][T19005] iomap_dio_rw+0x30/0x70 [ 639.678190][T19005] ext4_file_read_iter+0x21a/0x290 [ 639.683328][T19005] generic_file_splice_read+0x22a/0x310 [ 639.688866][T19005] ? splice_shrink_spd+0x60/0x60 [ 639.693838][T19005] splice_direct_to_actor+0x2aa/0x650 [ 639.699206][T19005] ? do_splice_direct+0x170/0x170 [ 639.704221][T19005] do_splice_direct+0xf5/0x170 [ 639.709005][T19005] do_sendfile+0x773/0xda0 [ 639.713500][T19005] __x64_sys_sendfile64+0xf2/0x130 [ 639.718745][T19005] do_syscall_64+0x4a/0x90 [ 639.723242][T19005] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 639.729141][T19005] RIP: 0033:0x4665f9 [ 639.733022][T19005] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 639.752734][T19005] RSP: 002b:00007f66db8d7188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 639.761183][T19005] RAX: ffffffffffffffda RBX: 000000000056c008 RCX: 00000000004665f9 [ 639.769202][T19005] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000003 17:05:35 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000580)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = socket$inet(0x10, 0x3, 0x0) sendmsg(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000400)="240000002600070e1dfffd946fa2830020200a0009000000001d85680c1ba3a20400ff7e280000001c00ffffba16a0aa1c0009b3ebcd774a3c374a095dca5285307eadea8653a1cc7e63975c", 0x4c}], 0x1}, 0x0) [ 639.777170][T19005] RBP: 00007f66db8d71d0 R08: 0000000000000000 R09: 0000000000000000 [ 639.785144][T19005] R10: 00008080ffffff7e R11: 0000000000000246 R12: 0000000000000002 [ 639.793116][T19005] R13: 00007ffc1c86f7ef R14: 00007f66db8d7300 R15: 0000000000022000 [ 639.816619][ T1034] loop2: p1 p2 p3 p4 [ 639.821035][T19006] EXT4-fs (loop7): VFS: Can't find ext4 filesystem 17:05:35 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000100)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1000002, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod$loop(&(0x7f00000000c0)='./file0\x00', 0x6000, 0x1) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f0000000100)=@filename='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='ext2\x00', 0x68000000, 0x0) [ 639.825581][ T1034] loop2: p1 start 10 is beyond EOD, truncated [ 639.833739][ T1034] loop2: p2 size 1073872896 extends beyond EOD, truncated [ 639.849840][ T1034] loop2: p3 start 225 is beyond EOD, truncated [ 639.856034][ T1034] loop2: p4 size 3657465856 extends beyond EOD, truncated [ 639.875125][T19017] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.2'. [ 639.911973][T19024] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.2'. [ 639.926435][T19023] EXT4-fs (loop7): VFS: Can't find ext4 filesystem [ 639.953937][T19025] EXT4-fs (loop7): VFS: Can't find ext4 filesystem [ 640.011892][ T1034] loop2: p1 p2 p3 p4 [ 640.017296][ T1034] loop2: p1 start 10 is beyond EOD, truncated [ 640.023447][ T1034] loop2: p2 size 1073872896 extends beyond EOD, truncated [ 640.031942][ T1034] loop2: p3 start 225 is beyond EOD, truncated [ 640.038274][ T1034] loop2: p4 size 3657465856 extends beyond EOD, truncated 17:05:36 executing program 4 (fault-call:11 fault-nth:85): prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x6}, 0x0) r0 = open(&(0x7f00000001c0)='./bus\x00', 0x145842, 0x0) r1 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0) lseek(r1, 0x4200, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r3, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r2, &(0x7f0000000000), 0x10000}]) r4 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r1, r4, 0x0, 0x8400fffffffb) sendfile(r0, r0, 0x0, 0x8080ffffff7e) 17:05:36 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000580)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = socket$inet(0x10, 0x3, 0x0) sendmsg(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000400)="24000000260007101dfffd946fa2830020200a0009000000001d85680c1ba3a20400ff7e280000001c00ffffba16a0aa1c0009b3ebcd774a3c374a095dca5285307eadea8653a1cc7e63975c", 0x4c}], 0x1}, 0x0) 17:05:36 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000200)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in6=@ipv4={'\x00', '\xff\xff', @broadcast}, 0x0, 0x32}, @in=@dev, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, {}, {}, 0x0, 0x0, 0xa, 0xd104, 0x0, 0x24}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0) 17:05:36 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.events\x00', 0xb00000000065808, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000140)) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(r2, &(0x7f0000000000), 0xb1d000) ioctl$FITRIM(r0, 0xc0045878, &(0x7f0000000080)={0x0, 0x800004, 0x40000010000}) 17:05:36 executing program 0: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.events\x00', 0xb00000000065808, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000140)) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(r2, &(0x7f0000000000), 0xb1d000) ioctl$FITRIM(r0, 0x4030582b, &(0x7f0000000080)={0x2, 0x800004, 0x40000010000}) 17:05:36 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000100)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1000002, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod$loop(&(0x7f00000000c0)='./file0\x00', 0x6000, 0x1) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f0000000100)=@filename='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='ext2\x00', 0x6c000000, 0x0) [ 640.442744][T19048] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.2'. [ 640.443148][T19049] EXT4-fs (loop7): VFS: Can't find ext4 filesystem 17:05:36 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000200)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in6=@ipv4={'\x00', '\xff\xff', @broadcast}, 0x0, 0x32}, @in=@dev, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, {}, {}, 0x0, 0x0, 0xa, 0xd104, 0x0, 0x24}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0) 17:05:36 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000100)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1000002, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod$loop(&(0x7f00000000c0)='./file0\x00', 0x6000, 0x1) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f0000000100)=@filename='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='ext2\x00', 0x74000000, 0x0) 17:05:36 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000580)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = socket$inet(0x10, 0x3, 0x0) sendmsg(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000400)="24000000260007111dfffd946fa2830020200a0009000000001d85680c1ba3a20400ff7e280000001c00ffffba16a0aa1c0009b3ebcd774a3c374a095dca5285307eadea8653a1cc7e63975c", 0x4c}], 0x1}, 0x0) [ 640.485200][T19054] EXT4-fs (loop7): VFS: Can't find ext4 filesystem [ 640.493137][T19060] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.2'. [ 640.547296][ T1034] loop2: p1 p2 p3 p4 [ 640.555896][ T1034] loop2: p1 start 10 is beyond EOD, truncated [ 640.557509][T19066] FAULT_INJECTION: forcing a failure. [ 640.557509][T19066] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 640.562058][ T1034] loop2: p2 size 1073872896 extends beyond EOD, truncated [ 640.575397][T19066] CPU: 1 PID: 19066 Comm: syz-executor.4 Not tainted 5.12.0-syzkaller #0 17:05:36 executing program 0: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.events\x00', 0xb00000000065808, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000140)) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(r2, &(0x7f0000000000), 0xb1d000) ioctl$FITRIM(r0, 0x4030582b, &(0x7f0000000080)={0x3, 0x800004, 0x40000010000}) [ 640.591116][T19066] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 640.600257][ T1034] loop2: p3 start 225 is beyond EOD, [ 640.601173][T19066] Call Trace: [ 640.601182][T19066] dump_stack+0x137/0x19d [ 640.606543][ T1034] truncated [ 640.606549][ T1034] loop2: p4 size 3657465856 extends beyond EOD, [ 640.609810][T19066] should_fail+0x23c/0x250 [ 640.609831][T19066] __alloc_pages+0x102/0x320 [ 640.614142][ T1034] truncated [ 640.617229][T19066] alloc_pages+0x21d/0x310 [ 640.617249][T19066] push_pipe+0x267/0x370 17:05:36 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000200)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in6=@ipv4={'\x00', '\xff\xff', @broadcast}, 0x0, 0x32}, @in=@dev, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0xa, 0xd104, 0x0, 0x24}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0) [ 640.644235][T19066] iov_iter_get_pages+0xb39/0xcc0 [ 640.649264][T19066] bio_iov_iter_get_pages+0x55f/0xa70 [ 640.654685][T19066] iomap_dio_bio_actor+0x673/0xb50 [ 640.659819][T19066] iomap_dio_actor+0x26e/0x3b0 [ 640.664592][T19066] ? __filemap_fdatawait_range+0x17c/0x1b0 [ 640.670486][T19066] iomap_apply+0x1e2/0x400 [ 640.674927][T19066] __iomap_dio_rw+0x5af/0xad0 [ 640.679609][T19066] ? __iomap_dio_rw+0xad0/0xad0 [ 640.684469][T19066] iomap_dio_rw+0x30/0x70 [ 640.688851][T19066] ext4_file_read_iter+0x21a/0x290 [ 640.694054][T19066] generic_file_splice_read+0x22a/0x310 [ 640.699644][T19066] ? splice_shrink_spd+0x60/0x60 [ 640.704585][T19066] splice_direct_to_actor+0x2aa/0x650 [ 640.709984][T19066] ? do_splice_direct+0x170/0x170 [ 640.715011][T19066] do_splice_direct+0xf5/0x170 [ 640.719768][T19066] do_sendfile+0x773/0xda0 [ 640.724167][T19066] __x64_sys_sendfile64+0xf2/0x130 [ 640.729263][T19066] do_syscall_64+0x4a/0x90 [ 640.733667][T19066] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 640.739699][T19066] RIP: 0033:0x4665f9 [ 640.743658][T19066] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 640.763271][T19066] RSP: 002b:00007f66db8d7188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 640.771883][T19066] RAX: ffffffffffffffda RBX: 000000000056c008 RCX: 00000000004665f9 [ 640.779931][T19066] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000003 [ 640.787974][T19066] RBP: 00007f66db8d71d0 R08: 0000000000000000 R09: 0000000000000000 17:05:36 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000100)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1000002, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod$loop(&(0x7f00000000c0)='./file0\x00', 0x6000, 0x1) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f0000000100)=@filename='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='ext2\x00', 0x7a000000, 0x0) [ 640.795936][T19066] R10: 00008080ffffff7e R11: 0000000000000246 R12: 0000000000000002 [ 640.804028][T19066] R13: 00007ffc1c86f7ef R14: 00007f66db8d7300 R15: 0000000000022000 [ 640.875933][T19093] EXT4-fs (loop7): VFS: Can't find ext4 filesystem [ 640.912418][ T1034] loop2: p1 p2 p3 p4 [ 640.919472][ T1034] loop2: p1 start 10 is beyond EOD, truncated [ 640.925805][ T1034] loop2: p2 size 1073872896 extends beyond EOD, truncated [ 640.947214][T19095] EXT4-fs (loop7): VFS: Can't find ext4 filesystem [ 640.958394][ T1034] loop2: p3 start 225 is beyond EOD, truncated [ 640.964884][ T1034] loop2: p4 size 3657465856 extends beyond EOD, truncated 17:05:37 executing program 4 (fault-call:11 fault-nth:86): prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x6}, 0x0) r0 = open(&(0x7f00000001c0)='./bus\x00', 0x145842, 0x0) r1 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0) lseek(r1, 0x4200, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r3, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r2, &(0x7f0000000000), 0x10000}]) r4 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r1, r4, 0x0, 0x8400fffffffb) sendfile(r0, r0, 0x0, 0x8080ffffff7e) 17:05:37 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000580)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = socket$inet(0x10, 0x3, 0x0) sendmsg(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000400)="24000000260007121dfffd946fa2830020200a0009000000001d85680c1ba3a20400ff7e280000001c00ffffba16a0aa1c0009b3ebcd774a3c374a095dca5285307eadea8653a1cc7e63975c", 0x4c}], 0x1}, 0x0) 17:05:37 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000100)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1000002, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod$loop(&(0x7f00000000c0)='./file0\x00', 0x6000, 0x1) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f0000000100)=@filename='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='ext2\x00', 0x8cffffff, 0x0) 17:05:37 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.events\x00', 0xb00000000065808, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000140)) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(r2, &(0x7f0000000000), 0xb1d000) ioctl$FITRIM(r0, 0xc0189436, &(0x7f0000000080)={0x0, 0x800004, 0x40000010000}) 17:05:37 executing program 0: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.events\x00', 0xb00000000065808, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000140)) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(r2, &(0x7f0000000000), 0xb1d000) ioctl$FITRIM(r0, 0x4030582b, &(0x7f0000000080)={0x4, 0x800004, 0x40000010000}) 17:05:37 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000200)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in6=@ipv4={'\x00', '\xff\xff', @broadcast}, 0x0, 0x32}, @in=@dev, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb}, {}, {}, 0x0, 0x0, 0xa, 0xd104, 0x0, 0x24}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0) 17:05:37 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000580)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = socket$inet(0x10, 0x3, 0x0) sendmsg(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000400)="240000002600070326fffd946fa2830020200a0009000000001d85680c1ba3a20400ff7e280000001c00ffffba16a0aa1c0009b3ebcd774a3c374a095dca5285307eadea8653a1cc7e63975c", 0x4c}], 0x1}, 0x0) 17:05:37 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000100)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1000002, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod$loop(&(0x7f00000000c0)='./file0\x00', 0x6000, 0x1) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f0000000100)=@filename='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='ext2\x00', 0xc0ed0000, 0x0) 17:05:37 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000200)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in6=@ipv4={'\x00', '\xff\xff', @broadcast}, 0x0, 0x32}, @in=@dev, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc}, {}, {}, 0x0, 0x0, 0xa, 0xd104, 0x0, 0x24}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0) [ 641.440421][ T1034] loop2: p1 p2 p3 p4 [ 641.458442][ T1034] loop2: p1 start 10 is beyond EOD, truncated [ 641.464679][ T1034] loop2: p2 size 1073872896 extends beyond EOD, truncated [ 641.506799][T19133] FAULT_INJECTION: forcing a failure. [ 641.506799][T19133] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 641.508987][ T1034] loop2: p3 start 225 is beyond EOD, truncated [ 641.520189][T19133] CPU: 1 PID: 19133 Comm: syz-executor.4 Not tainted 5.12.0-syzkaller #0 [ 641.526203][ T1034] loop2: p4 size 3657465856 extends beyond EOD, [ 641.534595][T19133] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 641.534608][T19133] Call Trace: [ 641.534614][T19133] dump_stack+0x137/0x19d [ 641.534637][T19133] should_fail+0x23c/0x250 [ 641.534654][T19133] __alloc_pages+0x102/0x320 [ 641.540978][ T1034] truncated [ 641.550993][T19133] alloc_pages+0x21d/0x310 [ 641.575099][T19133] push_pipe+0x267/0x370 [ 641.579389][T19133] iov_iter_get_pages+0xb39/0xcc0 [ 641.584428][T19133] bio_iov_iter_get_pages+0x55f/0xa70 [ 641.589939][T19133] iomap_dio_bio_actor+0x673/0xb50 [ 641.595161][T19133] iomap_dio_actor+0x26e/0x3b0 [ 641.599944][T19133] ? __filemap_fdatawait_range+0x17c/0x1b0 [ 641.605756][T19133] iomap_apply+0x1e2/0x400 [ 641.610205][T19133] __iomap_dio_rw+0x5af/0xad0 [ 641.614890][T19133] ? __iomap_dio_rw+0xad0/0xad0 [ 641.619761][T19133] iomap_dio_rw+0x30/0x70 [ 641.624197][T19133] ext4_file_read_iter+0x21a/0x290 [ 641.629322][T19133] generic_file_splice_read+0x22a/0x310 [ 641.634945][T19133] ? splice_shrink_spd+0x60/0x60 [ 641.639904][T19133] splice_direct_to_actor+0x2aa/0x650 [ 641.645279][T19133] ? do_splice_direct+0x170/0x170 [ 641.650319][T19133] do_splice_direct+0xf5/0x170 [ 641.655071][T19133] do_sendfile+0x773/0xda0 [ 641.659477][T19133] __x64_sys_sendfile64+0xf2/0x130 [ 641.664574][T19133] do_syscall_64+0x4a/0x90 [ 641.668983][T19133] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 641.674889][T19133] RIP: 0033:0x4665f9 [ 641.678768][T19133] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 641.698499][T19133] RSP: 002b:00007f66db8d7188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 17:05:37 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000580)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = socket$inet(0x10, 0x3, 0x0) sendmsg(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000400)="24000000260007031dfffd940aa2830020200a0009000000001d85680c1ba3a20400ff7e280000001c00ffffba16a0aa1c0009b3ebcd774a3c374a095dca5285307eadea8653a1cc7e63975c", 0x4c}], 0x1}, 0x0) [ 641.706938][T19133] RAX: ffffffffffffffda RBX: 000000000056c008 RCX: 00000000004665f9 [ 641.714910][T19133] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000003 [ 641.723054][T19133] RBP: 00007f66db8d71d0 R08: 0000000000000000 R09: 0000000000000000 [ 641.731071][T19133] R10: 00008080ffffff7e R11: 0000000000000246 R12: 0000000000000002 [ 641.739185][T19133] R13: 00007ffc1c86f7ef R14: 00007f66db8d7300 R15: 0000000000022000 [ 641.770095][T19143] EXT4-fs (loop7): VFS: Can't find ext4 filesystem [ 641.783368][ T1034] loop2: p1 p2 p3 p4 [ 641.788236][ T1034] loop2: p1 start 10 is beyond EOD, truncated [ 641.794331][ T1034] loop2: p2 size 1073872896 extends beyond EOD, truncated [ 641.801839][T19144] EXT4-fs (loop7): VFS: Can't find ext4 filesystem [ 641.805749][ T1034] loop2: p3 start 225 is beyond EOD, truncated 17:05:37 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000100)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1000002, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod$loop(&(0x7f00000000c0)='./file0\x00', 0x6000, 0x1) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f0000000100)=@filename='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='ext2\x00', 0xdaffffff, 0x0) 17:05:37 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.events\x00', 0xb00000000065808, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000140)) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(r2, &(0x7f0000000000), 0xb1d000) ioctl$FITRIM(r0, 0xc020660b, &(0x7f0000000080)={0x0, 0x800004, 0x40000010000}) [ 641.814533][ T1034] loop2: p4 size 3657465856 extends beyond EOD, truncated [ 641.940133][ T1034] loop2: p1 p2 p3 p4 [ 641.945511][ T1034] loop2: p1 start 10 is beyond EOD, truncated [ 641.951813][ T1034] loop2: p2 size 1073872896 extends beyond EOD, truncated [ 641.959960][ T1034] loop2: p3 start 225 is beyond EOD, truncated [ 641.966208][ T1034] loop2: p4 size 3657465856 extends beyond EOD, truncated 17:05:38 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000200)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in6=@ipv4={'\x00', '\xff\xff', @broadcast}, 0x0, 0x32}, @in=@dev, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd}, {}, {}, 0x0, 0x0, 0xa, 0xd104, 0x0, 0x24}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0) 17:05:38 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.events\x00', 0xb00000000065808, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000140)) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(r2, &(0x7f0000000000), 0xb1d000) ioctl$FITRIM(r0, 0x4030582b, &(0x7f0000000080)={0x2, 0x800004, 0x40000010000}) 17:05:38 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000100)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1000002, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod$loop(&(0x7f00000000c0)='./file0\x00', 0x6000, 0x1) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f0000000100)=@filename='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='ext2\x00', 0xf6ffffff, 0x0) 17:05:38 executing program 0: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.events\x00', 0xb00000000065808, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000140)) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(r2, &(0x7f0000000000), 0xb1d000) ioctl$FITRIM(r0, 0x4030582b, &(0x7f0000000080)={0x5, 0x800004, 0x40000010000}) 17:05:38 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000580)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = socket$inet(0x10, 0x3, 0x0) sendmsg(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000400)="24000000260007031dfffd9425a2830020200a0009000000001d85680c1ba3a20400ff7e280000001c00ffffba16a0aa1c0009b3ebcd774a3c374a095dca5285307eadea8653a1cc7e63975c", 0x4c}], 0x1}, 0x0) 17:05:38 executing program 4 (fault-call:11 fault-nth:87): prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x6}, 0x0) r0 = open(&(0x7f00000001c0)='./bus\x00', 0x145842, 0x0) r1 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0) lseek(r1, 0x4200, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r3, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r2, &(0x7f0000000000), 0x10000}]) r4 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r1, r4, 0x0, 0x8400fffffffb) sendfile(r0, r0, 0x0, 0x8080ffffff7e) 17:05:38 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000100)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1000002, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod$loop(&(0x7f00000000c0)='./file0\x00', 0x6000, 0x1) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f0000000100)=@filename='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='ext2\x00', 0xf9fdffff, 0x0) 17:05:38 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000200)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in6=@ipv4={'\x00', '\xff\xff', @broadcast}, 0x0, 0x32}, @in=@dev, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe}, {}, {}, 0x0, 0x0, 0xa, 0xd104, 0x0, 0x24}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0) 17:05:38 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000580)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = socket$inet(0x10, 0x3, 0x0) sendmsg(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000400)="24000000260007031dfffd946fa283000a200a0009000000001d85680c1ba3a20400ff7e280000001c00ffffba16a0aa1c0009b3ebcd774a3c374a095dca5285307eadea8653a1cc7e63975c", 0x4c}], 0x1}, 0x0) 17:05:38 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000100)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1000002, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod$loop(&(0x7f00000000c0)='./file0\x00', 0x6000, 0x1) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f0000000100)=@filename='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='ext2\x00', 0xfeffffff, 0x0) [ 642.458986][ T1034] loop2: p1 p2 p3 p4 [ 642.463831][ T1034] loop2: p1 start 10 is beyond EOD, truncated [ 642.469959][ T1034] loop2: p2 size 1073872896 extends beyond EOD, truncated [ 642.479538][ T1034] loop2: p3 start 225 is beyond EOD, truncated [ 642.485720][ T1034] loop2: p4 size 3657465856 extends beyond EOD, truncated 17:05:38 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000200)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in6=@ipv4={'\x00', '\xff\xff', @broadcast}, 0x0, 0x32}, @in=@dev, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10}, {}, {}, 0x0, 0x0, 0xa, 0xd104, 0x0, 0x24}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0) [ 642.513572][T19219] FAULT_INJECTION: forcing a failure. [ 642.513572][T19219] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 642.527031][T19219] CPU: 1 PID: 19219 Comm: syz-executor.4 Not tainted 5.12.0-syzkaller #0 [ 642.535454][T19219] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 642.545507][T19219] Call Trace: [ 642.548836][T19219] dump_stack+0x137/0x19d [ 642.553251][T19219] should_fail+0x23c/0x250 [ 642.557750][T19219] __alloc_pages+0x102/0x320 [ 642.562353][T19219] alloc_pages+0x21d/0x310 [ 642.566783][T19219] push_pipe+0x267/0x370 [ 642.571030][T19219] iov_iter_get_pages+0xb39/0xcc0 [ 642.576073][T19219] bio_iov_iter_get_pages+0x55f/0xa70 [ 642.581627][T19219] iomap_dio_bio_actor+0x673/0xb50 [ 642.586881][T19219] iomap_dio_actor+0x26e/0x3b0 [ 642.591698][T19219] ? __filemap_fdatawait_range+0x17c/0x1b0 [ 642.597608][T19219] iomap_apply+0x1e2/0x400 [ 642.602096][T19219] __iomap_dio_rw+0x5af/0xad0 [ 642.606821][T19219] ? __iomap_dio_rw+0xad0/0xad0 [ 642.611730][T19219] iomap_dio_rw+0x30/0x70 [ 642.616062][T19219] ext4_file_read_iter+0x21a/0x290 [ 642.621179][T19219] generic_file_splice_read+0x22a/0x310 [ 642.626888][T19219] ? splice_shrink_spd+0x60/0x60 [ 642.631887][T19219] splice_direct_to_actor+0x2aa/0x650 [ 642.637535][T19219] ? do_splice_direct+0x170/0x170 [ 642.642556][T19219] do_splice_direct+0xf5/0x170 [ 642.647379][T19219] do_sendfile+0x773/0xda0 [ 642.651802][T19219] __x64_sys_sendfile64+0xf2/0x130 [ 642.657090][T19219] do_syscall_64+0x4a/0x90 [ 642.661621][T19219] ? irqentry_exit_to_user_mode+0x5/0x20 [ 642.667258][T19219] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 642.673187][T19219] RIP: 0033:0x4665f9 [ 642.677068][T19219] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 642.696660][T19219] RSP: 002b:00007f66db8d7188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 642.705249][T19219] RAX: ffffffffffffffda RBX: 000000000056c008 RCX: 00000000004665f9 17:05:38 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000580)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = socket$inet(0x10, 0x3, 0x0) sendmsg(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000400)="24000000260007031dfffd946fa2830220200a0009000000001d85680c1ba3a20400ff7e280000001c00ffffba16a0aa1c0009b3ebcd774a3c374a095dca5285307eadea8653a1cc7e63975c", 0x4c}], 0x1}, 0x0) [ 642.713438][T19219] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000003 [ 642.721457][T19219] RBP: 00007f66db8d71d0 R08: 0000000000000000 R09: 0000000000000000 [ 642.729432][T19219] R10: 00008080ffffff7e R11: 0000000000000246 R12: 0000000000000002 [ 642.737403][T19219] R13: 00007ffc1c86f7ef R14: 00007f66db8d7300 R15: 0000000000022000 [ 642.787697][ T1034] loop2: p1 p2 p3 p4 [ 642.809693][ T1034] loop2: p1 start 10 is beyond EOD, truncated [ 642.815887][ T1034] loop2: p2 size 1073872896 extends beyond EOD, truncated [ 642.842100][ T1034] loop2: p3 start 225 is beyond EOD, truncated [ 642.848335][ T1034] loop2: p4 size 3657465856 extends beyond EOD, truncated [ 642.887426][ T1034] loop2: p1 p2 p3 p4 [ 642.891736][ T1034] loop2: p1 start 10 is beyond EOD, truncated [ 642.897865][ T1034] loop2: p2 size 1073872896 extends beyond EOD, truncated [ 642.905820][ T1034] loop2: p3 start 225 is beyond EOD, truncated [ 642.912017][ T1034] loop2: p4 size 3657465856 extends beyond EOD, truncated 17:05:39 executing program 4 (fault-call:11 fault-nth:88): prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x6}, 0x0) r0 = open(&(0x7f00000001c0)='./bus\x00', 0x145842, 0x0) r1 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0) lseek(r1, 0x4200, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r3, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r2, &(0x7f0000000000), 0x10000}]) r4 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r1, r4, 0x0, 0x8400fffffffb) sendfile(r0, r0, 0x0, 0x8080ffffff7e) 17:05:39 executing program 0: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.events\x00', 0xb00000000065808, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000140)) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(r2, &(0x7f0000000000), 0xb1d000) ioctl$FITRIM(r0, 0x4030582b, &(0x7f0000000080)={0x6, 0x800004, 0x40000010000}) 17:05:39 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000100)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1000002, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod$loop(&(0x7f00000000c0)='./file0\x00', 0x6000, 0x1) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f0000000100)=@filename='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='ext2\x00', 0xff0f0000, 0x0) 17:05:39 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.events\x00', 0xb00000000065808, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000140)) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(r2, &(0x7f0000000000), 0xb1d000) ioctl$FITRIM(r0, 0x4030582b, &(0x7f0000000080)={0x3, 0x800004, 0x40000010000}) 17:05:39 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000200)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in6=@ipv4={'\x00', '\xff\xff', @broadcast}, 0x0, 0x32}, @in=@dev, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x11}, {}, {}, 0x0, 0x0, 0xa, 0xd104, 0x0, 0x24}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0) 17:05:39 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000580)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = socket$inet(0x10, 0x3, 0x0) sendmsg(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000400)="24000000260007031dfffd946fa2830320200a0009000000001d85680c1ba3a20400ff7e280000001c00ffffba16a0aa1c0009b3ebcd774a3c374a095dca5285307eadea8653a1cc7e63975c", 0x4c}], 0x1}, 0x0) 17:05:39 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000580)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = socket$inet(0x10, 0x3, 0x0) sendmsg(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000400)="24000000260007031dfffd946fa2830420200a0009000000001d85680c1ba3a20400ff7e280000001c00ffffba16a0aa1c0009b3ebcd774a3c374a095dca5285307eadea8653a1cc7e63975c", 0x4c}], 0x1}, 0x0) 17:05:39 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000100)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1000002, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod$loop(&(0x7f00000000c0)='./file0\x00', 0x6000, 0x1) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f0000000100)=@filename='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='ext2\x00', 0xffffef53, 0x0) 17:05:39 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000200)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in6=@ipv4={'\x00', '\xff\xff', @broadcast}, 0x0, 0x32}, @in=@dev, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x12}, {}, {}, 0x0, 0x0, 0xa, 0xd104, 0x0, 0x24}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0) [ 643.402806][ T1034] loop2: p1 p2 p3 p4 [ 643.425921][ T1034] loop2: p1 start 10 is beyond EOD, truncated [ 643.432163][ T1034] loop2: p2 size 1073872896 extends beyond EOD, truncated 17:05:39 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000100)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1000002, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod$loop(&(0x7f00000000c0)='./file0\x00', 0x6000, 0x1) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f0000000100)=@filename='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='ext2\x00', 0xfffffdf9, 0x0) [ 643.468447][ T1034] loop2: p3 start 225 is beyond EOD, truncated [ 643.474827][ T1034] loop2: p4 size 3657465856 extends beyond EOD, truncated [ 643.484187][T19274] FAULT_INJECTION: forcing a failure. [ 643.484187][T19274] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 643.497477][T19274] CPU: 0 PID: 19274 Comm: syz-executor.4 Not tainted 5.12.0-syzkaller #0 [ 643.505895][T19274] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 17:05:39 executing program 0: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.events\x00', 0xb00000000065808, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000140)) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(r2, &(0x7f0000000000), 0xb1d000) ioctl$FITRIM(r0, 0x4030582b, &(0x7f0000000080)={0x7, 0x800004, 0x40000010000}) 17:05:39 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000200)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in6=@ipv4={'\x00', '\xff\xff', @broadcast}, 0x0, 0x32}, @in=@dev, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x14}, {}, {}, 0x0, 0x0, 0xa, 0xd104, 0x0, 0x24}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0) [ 643.515955][T19274] Call Trace: [ 643.519287][T19274] dump_stack+0x137/0x19d [ 643.523636][T19274] should_fail+0x23c/0x250 [ 643.528057][T19274] __alloc_pages+0x102/0x320 [ 643.532695][T19274] alloc_pages+0x21d/0x310 [ 643.537112][T19274] push_pipe+0x267/0x370 [ 643.541362][T19274] iov_iter_get_pages+0xb39/0xcc0 [ 643.546392][T19274] bio_iov_iter_get_pages+0x55f/0xa70 [ 643.551770][T19274] iomap_dio_bio_actor+0x673/0xb50 [ 643.556960][T19274] iomap_dio_actor+0x26e/0x3b0 [ 643.561750][T19274] ? __filemap_fdatawait_range+0x17c/0x1b0 [ 643.567573][T19274] iomap_apply+0x1e2/0x400 [ 643.571994][T19274] __iomap_dio_rw+0x5af/0xad0 [ 643.576748][T19274] ? __iomap_dio_rw+0xad0/0xad0 [ 643.581656][T19274] iomap_dio_rw+0x30/0x70 [ 643.585995][T19274] ext4_file_read_iter+0x21a/0x290 [ 643.591174][T19274] generic_file_splice_read+0x22a/0x310 [ 643.596730][T19274] ? splice_shrink_spd+0x60/0x60 [ 643.601674][T19274] splice_direct_to_actor+0x2aa/0x650 [ 643.607061][T19274] ? do_splice_direct+0x170/0x170 [ 643.612097][T19274] do_splice_direct+0xf5/0x170 [ 643.616961][T19274] do_sendfile+0x773/0xda0 [ 643.621379][T19274] __x64_sys_sendfile64+0xf2/0x130 [ 643.626501][T19274] do_syscall_64+0x4a/0x90 [ 643.630987][T19274] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 643.636940][T19274] RIP: 0033:0x4665f9 [ 643.640892][T19274] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 643.660486][T19274] RSP: 002b:00007f66db8d7188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 643.668886][T19274] RAX: ffffffffffffffda RBX: 000000000056c008 RCX: 00000000004665f9 [ 643.676841][T19274] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000003 [ 643.684802][T19274] RBP: 00007f66db8d71d0 R08: 0000000000000000 R09: 0000000000000000 [ 643.692759][T19274] R10: 00008080ffffff7e R11: 0000000000000246 R12: 0000000000000002 [ 643.700796][T19274] R13: 00007ffc1c86f7ef R14: 00007f66db8d7300 R15: 0000000000022000 [ 643.715176][ T1034] loop2: p1 p2 p3 p4 [ 643.724700][ T1034] loop2: p1 start 10 is beyond EOD, truncated [ 643.730901][ T1034] loop2: p2 size 1073872896 extends beyond EOD, truncated [ 643.755699][ T1034] loop2: p3 start 225 is beyond EOD, truncated [ 643.762074][ T1034] loop2: p4 size 3657465856 extends beyond EOD, truncated 17:05:40 executing program 4 (fault-call:11 fault-nth:89): prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x6}, 0x0) r0 = open(&(0x7f00000001c0)='./bus\x00', 0x145842, 0x0) r1 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0) lseek(r1, 0x4200, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r3, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r2, &(0x7f0000000000), 0x10000}]) r4 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r1, r4, 0x0, 0x8400fffffffb) sendfile(r0, r0, 0x0, 0x8080ffffff7e) 17:05:40 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.events\x00', 0xb00000000065808, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000140)) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(r2, &(0x7f0000000000), 0xb1d000) ioctl$FITRIM(r0, 0x4030582b, &(0x7f0000000080)={0x4, 0x800004, 0x40000010000}) 17:05:40 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000100)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1000002, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod$loop(&(0x7f00000000c0)='./file0\x00', 0x6000, 0x1) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f0000000100)=@filename='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='ext2\x00', 0xffffff7f, 0x0) 17:05:40 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000200)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in6=@ipv4={'\x00', '\xff\xff', @broadcast}, 0x0, 0x32}, @in=@dev, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x17}, {}, {}, 0x0, 0x0, 0xa, 0xd104, 0x0, 0x24}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0) 17:05:40 executing program 0: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.events\x00', 0xb00000000065808, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000140)) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(r2, &(0x7f0000000000), 0xb1d000) ioctl$FITRIM(r0, 0x4030582b, &(0x7f0000000080)={0x8, 0x800004, 0x40000010000}) 17:05:40 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000580)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = socket$inet(0x10, 0x3, 0x0) sendmsg(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000400)="24000000260007031dfffd946fa2830520200a0009000000001d85680c1ba3a20400ff7e280000001c00ffffba16a0aa1c0009b3ebcd774a3c374a095dca5285307eadea8653a1cc7e63975c", 0x4c}], 0x1}, 0x0) 17:05:40 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000100)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1000002, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod$loop(&(0x7f00000000c0)='./file0\x00', 0x6000, 0x1) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f0000000100)=@filename='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='ext2\x00', 0xffffff8c, 0x0) 17:05:40 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000200)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in6=@ipv4={'\x00', '\xff\xff', @broadcast}, 0x0, 0x32}, @in=@dev, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x300}, {}, {}, 0x0, 0x0, 0xa, 0xd104, 0x0, 0x24}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0) [ 644.358604][T19317] __nla_validate_parse: 17 callbacks suppressed [ 644.358618][T19317] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.2'. 17:05:40 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000100)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1000002, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod$loop(&(0x7f00000000c0)='./file0\x00', 0x6000, 0x1) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f0000000100)=@filename='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='ext2\x00', 0xffffffda, 0x0) 17:05:40 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000580)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = socket$inet(0x10, 0x3, 0x0) sendmsg(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000400)="24000000260007031dfffd946fa2830620200a0009000000001d85680c1ba3a20400ff7e280000001c00ffffba16a0aa1c0009b3ebcd774a3c374a095dca5285307eadea8653a1cc7e63975c", 0x4c}], 0x1}, 0x0) [ 644.426112][T19337] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.2'. 17:05:40 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.events\x00', 0xb00000000065808, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000140)) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(r2, &(0x7f0000000000), 0xb1d000) ioctl$FITRIM(r0, 0x4030582b, &(0x7f0000000080)={0x5, 0x800004, 0x40000010000}) [ 644.487903][ T1034] loop2: p1 p2 p3 p4 [ 644.492404][ T1034] loop2: p1 start 10 is beyond EOD, truncated [ 644.498536][ T1034] loop2: p2 size 1073872896 extends beyond EOD, truncated [ 644.510328][ T1034] loop2: p3 start 225 is beyond EOD, truncated [ 644.513313][T19340] FAULT_INJECTION: forcing a failure. [ 644.513313][T19340] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 644.516592][ T1034] loop2: p4 size 3657465856 extends beyond EOD, truncated [ 644.529797][T19340] CPU: 1 PID: 19340 Comm: syz-executor.4 Not tainted 5.12.0-syzkaller #0 [ 644.545316][T19340] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 644.555383][T19340] Call Trace: [ 644.559102][T19340] dump_stack+0x137/0x19d [ 644.563508][T19340] should_fail+0x23c/0x250 [ 644.567950][T19340] __alloc_pages+0x102/0x320 [ 644.572544][T19340] alloc_pages+0x21d/0x310 [ 644.576970][T19340] push_pipe+0x267/0x370 [ 644.581223][T19340] iov_iter_get_pages+0xb39/0xcc0 17:05:40 executing program 0: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.events\x00', 0xb00000000065808, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000140)) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(r2, &(0x7f0000000000), 0xb1d000) ioctl$FITRIM(r0, 0x4030582b, &(0x7f0000000080)={0x9, 0x800004, 0x40000010000}) [ 644.586257][T19340] bio_iov_iter_get_pages+0x55f/0xa70 [ 644.591632][T19340] iomap_dio_bio_actor+0x673/0xb50 [ 644.596760][T19340] iomap_dio_actor+0x26e/0x3b0 [ 644.601535][T19340] ? __filemap_fdatawait_range+0x17c/0x1b0 [ 644.607450][T19340] iomap_apply+0x1e2/0x400 [ 644.612089][T19340] __iomap_dio_rw+0x5af/0xad0 [ 644.616770][T19340] ? __iomap_dio_rw+0xad0/0xad0 [ 644.621815][T19340] iomap_dio_rw+0x30/0x70 [ 644.626142][T19340] ext4_file_read_iter+0x21a/0x290 [ 644.631370][T19340] generic_file_splice_read+0x22a/0x310 [ 644.636911][T19340] ? splice_shrink_spd+0x60/0x60 [ 644.641896][T19340] splice_direct_to_actor+0x2aa/0x650 [ 644.647255][T19340] ? do_splice_direct+0x170/0x170 [ 644.652434][T19340] do_splice_direct+0xf5/0x170 [ 644.657197][T19340] do_sendfile+0x773/0xda0 [ 644.661797][T19340] __x64_sys_sendfile64+0xf2/0x130 [ 644.666915][T19340] do_syscall_64+0x4a/0x90 [ 644.671363][T19340] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 644.677426][T19340] RIP: 0033:0x4665f9 [ 644.681360][T19340] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 644.701111][T19340] RSP: 002b:00007f66db8d7188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 644.709721][T19340] RAX: ffffffffffffffda RBX: 000000000056c008 RCX: 00000000004665f9 [ 644.717694][T19340] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000003 [ 644.725685][T19340] RBP: 00007f66db8d71d0 R08: 0000000000000000 R09: 0000000000000000 [ 644.733657][T19340] R10: 00008080ffffff7e R11: 0000000000000246 R12: 0000000000000002 [ 644.741624][T19340] R13: 00007ffc1c86f7ef R14: 00007f66db8d7300 R15: 0000000000022000 [ 644.772864][T19358] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.2'. [ 644.784818][T19358] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.2'. [ 644.843354][ T1034] loop2: p1 p2 p3 p4 [ 644.847834][ T1034] loop2: p1 start 10 is beyond EOD, truncated [ 644.854146][ T1034] loop2: p2 size 1073872896 extends beyond EOD, truncated [ 644.864312][ T1034] loop2: p3 start 225 is beyond EOD, truncated [ 644.870709][ T1034] loop2: p4 size 3657465856 extends beyond EOD, truncated 17:05:41 executing program 4 (fault-call:11 fault-nth:90): prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x6}, 0x0) r0 = open(&(0x7f00000001c0)='./bus\x00', 0x145842, 0x0) r1 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0) lseek(r1, 0x4200, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r3, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r2, &(0x7f0000000000), 0x10000}]) r4 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r1, r4, 0x0, 0x8400fffffffb) sendfile(r0, r0, 0x0, 0x8080ffffff7e) 17:05:41 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000200)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in6=@ipv4={'\x00', '\xff\xff', @broadcast}, 0x0, 0x32}, @in=@dev, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x500}, {}, {}, 0x0, 0x0, 0xa, 0xd104, 0x0, 0x24}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0) 17:05:41 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000580)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = socket$inet(0x10, 0x3, 0x0) sendmsg(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000400)="24000000260007031dfffd946fa2830720200a0009000000001d85680c1ba3a20400ff7e280000001c00ffffba16a0aa1c0009b3ebcd774a3c374a095dca5285307eadea8653a1cc7e63975c", 0x4c}], 0x1}, 0x0) 17:05:41 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.events\x00', 0xb00000000065808, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000140)) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(r2, &(0x7f0000000000), 0xb1d000) ioctl$FITRIM(r0, 0x4030582b, &(0x7f0000000080)={0x6, 0x800004, 0x40000010000}) 17:05:41 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000100)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1000002, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod$loop(&(0x7f00000000c0)='./file0\x00', 0x6000, 0x1) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f0000000100)=@filename='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='ext2\x00', 0xfffffff6, 0x0) 17:05:41 executing program 0: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.events\x00', 0xb00000000065808, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000140)) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(r2, &(0x7f0000000000), 0xb1d000) ioctl$FITRIM(r0, 0x4030582b, &(0x7f0000000080)={0xa, 0x800004, 0x40000010000}) 17:05:41 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000100)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1000002, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod$loop(&(0x7f00000000c0)='./file0\x00', 0x6000, 0x1) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f0000000100)=@filename='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='ext2\x00', 0xfffffffe, 0x0) 17:05:41 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000200)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in6=@ipv4={'\x00', '\xff\xff', @broadcast}, 0x0, 0x32}, @in=@dev, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x600}, {}, {}, 0x0, 0x0, 0xa, 0xd104, 0x0, 0x24}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0) [ 645.329059][T19383] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.2'. [ 645.361905][T19392] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.2'. 17:05:41 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000200)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in6=@ipv4={'\x00', '\xff\xff', @broadcast}, 0x0, 0x32}, @in=@dev, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x680}, {}, {}, 0x0, 0x0, 0xa, 0xd104, 0x0, 0x24}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0) 17:05:41 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000100)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1000002, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod$loop(&(0x7f00000000c0)='./file0\x00', 0x6000, 0x1) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f0000000100)=@filename='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='ext2\x00', 0x8000000000, 0x0) 17:05:41 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000580)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = socket$inet(0x10, 0x3, 0x0) sendmsg(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000400)="24000000260007031dfffd946fa2830820200a0009000000001d85680c1ba3a20400ff7e280000001c00ffffba16a0aa1c0009b3ebcd774a3c374a095dca5285307eadea8653a1cc7e63975c", 0x4c}], 0x1}, 0x0) 17:05:41 executing program 0: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.events\x00', 0xb00000000065808, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000140)) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(r2, &(0x7f0000000000), 0xb1d000) ioctl$FITRIM(r0, 0x4030582b, &(0x7f0000000080)={0xb, 0x800004, 0x40000010000}) [ 645.493600][T19407] FAULT_INJECTION: forcing a failure. [ 645.493600][T19407] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 645.506915][T19407] CPU: 0 PID: 19407 Comm: syz-executor.4 Not tainted 5.12.0-syzkaller #0 [ 645.515339][T19407] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 645.525424][T19407] Call Trace: [ 645.528821][T19407] dump_stack+0x137/0x19d [ 645.533154][T19407] should_fail+0x23c/0x250 [ 645.537576][T19407] __alloc_pages+0x102/0x320 [ 645.542171][T19407] alloc_pages+0x21d/0x310 [ 645.546592][T19407] push_pipe+0x267/0x370 [ 645.547826][ T1034] loop2: p1 p2 p3 p4 [ 645.550838][T19407] iov_iter_get_pages+0xb39/0xcc0 [ 645.555166][ T1034] loop2: p1 start 10 is beyond EOD, [ 645.559821][T19407] bio_iov_iter_get_pages+0x55f/0xa70 [ 645.565123][ T1034] truncated [ 645.565131][ T1034] loop2: p2 size 1073872896 extends beyond EOD, [ 645.570492][T19407] iomap_dio_bio_actor+0x673/0xb50 [ 645.570524][T19407] iomap_dio_actor+0x26e/0x3b0 [ 645.573626][ T1034] truncated [ 645.581841][ T1034] loop2: p3 start 225 is beyond EOD, [ 645.585062][T19407] ? __filemap_fdatawait_range+0x17c/0x1b0 [ 645.585089][T19407] iomap_apply+0x1e2/0x400 [ 645.585108][T19407] __iomap_dio_rw+0x5af/0xad0 [ 645.585125][T19407] ? __iomap_dio_rw+0xad0/0xad0 [ 645.589951][ T1034] truncated [ 645.592968][T19407] iomap_dio_rw+0x30/0x70 [ 645.598364][ T1034] loop2: p4 size 3657465856 extends beyond EOD, [ 645.604123][T19407] ext4_file_read_iter+0x21a/0x290 [ 645.608528][ T1034] truncated [ 645.613174][T19407] generic_file_splice_read+0x22a/0x310 [ 645.613194][T19407] ? splice_shrink_spd+0x60/0x60 [ 645.613209][T19407] splice_direct_to_actor+0x2aa/0x650 [ 645.613226][T19407] ? do_splice_direct+0x170/0x170 [ 645.627316][T19415] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.2'. [ 645.631784][T19407] do_splice_direct+0xf5/0x170 [ 645.631814][T19407] do_sendfile+0x773/0xda0 [ 645.679336][T19407] __x64_sys_sendfile64+0xf2/0x130 [ 645.684462][T19407] do_syscall_64+0x4a/0x90 [ 645.688894][T19407] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 645.694845][T19407] RIP: 0033:0x4665f9 [ 645.698780][T19407] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 645.709878][T19421] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.2'. [ 645.718454][T19407] RSP: 002b:00007f66db8d7188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 645.718480][T19407] RAX: ffffffffffffffda RBX: 000000000056c008 RCX: 00000000004665f9 [ 645.718492][T19407] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000003 [ 645.718502][T19407] RBP: 00007f66db8d71d0 R08: 0000000000000000 R09: 0000000000000000 [ 645.718515][T19407] R10: 00008080ffffff7e R11: 0000000000000246 R12: 0000000000000002 [ 645.767267][ T1034] loop2: p1 p2 p3 p4 [ 645.768408][T19407] R13: 00007ffc1c86f7ef R14: 00007f66db8d7300 R15: 0000000000022000 [ 645.772611][ T1034] loop2: p1 start 10 is beyond EOD, truncated [ 645.786563][ T1034] loop2: p2 size 1073872896 extends beyond EOD, truncated [ 645.796917][ T1034] loop2: p3 start 225 is beyond EOD, truncated [ 645.803189][ T1034] loop2: p4 size 3657465856 extends beyond EOD, truncated 17:05:41 executing program 4 (fault-call:11 fault-nth:91): prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x6}, 0x0) r0 = open(&(0x7f00000001c0)='./bus\x00', 0x145842, 0x0) r1 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0) lseek(r1, 0x4200, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r3, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r2, &(0x7f0000000000), 0x10000}]) r4 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r1, r4, 0x0, 0x8400fffffffb) sendfile(r0, r0, 0x0, 0x8080ffffff7e) 17:05:41 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.events\x00', 0xb00000000065808, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000140)) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(r2, &(0x7f0000000000), 0xb1d000) ioctl$FITRIM(r0, 0x4030582b, &(0x7f0000000080)={0x7, 0x800004, 0x40000010000}) 17:05:41 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000200)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in6=@ipv4={'\x00', '\xff\xff', @broadcast}, 0x0, 0x32}, @in=@dev, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x700}, {}, {}, 0x0, 0x0, 0xa, 0xd104, 0x0, 0x24}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0) 17:05:41 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000100)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1000002, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod$loop(&(0x7f00000000c0)='./file0\x00', 0x6000, 0x1) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f0000000100)=@filename='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='ext2\x00', 0xedc000000000, 0x0) 17:05:41 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000580)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = socket$inet(0x10, 0x3, 0x0) sendmsg(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000400)="24000000260007031dfffd946fa2830920200a0009000000001d85680c1ba3a20400ff7e280000001c00ffffba16a0aa1c0009b3ebcd774a3c374a095dca5285307eadea8653a1cc7e63975c", 0x4c}], 0x1}, 0x0) 17:05:41 executing program 0: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.events\x00', 0xb00000000065808, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000140)) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(r2, &(0x7f0000000000), 0xb1d000) ioctl$FITRIM(r0, 0x4030582b, &(0x7f0000000080)={0xc, 0x800004, 0x40000010000}) 17:05:42 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000200)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in6=@ipv4={'\x00', '\xff\xff', @broadcast}, 0x0, 0x32}, @in=@dev, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x900}, {}, {}, 0x0, 0x0, 0xa, 0xd104, 0x0, 0x24}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0) 17:05:42 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000100)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1000002, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod$loop(&(0x7f00000000c0)='./file0\x00', 0x6000, 0x1) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f0000000100)=@filename='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='ext2\x00', 0x1000000000000, 0x0) [ 646.334095][T19447] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.2'. [ 646.345511][T19455] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.2'. 17:05:42 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000200)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in6=@ipv4={'\x00', '\xff\xff', @broadcast}, 0x0, 0x32}, @in=@dev, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa00}, {}, {}, 0x0, 0x0, 0xa, 0xd104, 0x0, 0x24}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0) 17:05:42 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000580)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = socket$inet(0x10, 0x3, 0x0) sendmsg(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000400)="24000000260007031dfffd946fa2830a20200a0009000000001d85680c1ba3a20400ff7e280000001c00ffffba16a0aa1c0009b3ebcd774a3c374a095dca5285307eadea8653a1cc7e63975c", 0x4c}], 0x1}, 0x0) 17:05:42 executing program 0: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.events\x00', 0xb00000000065808, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000140)) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(r2, &(0x7f0000000000), 0xb1d000) ioctl$FITRIM(r0, 0x4030582b, &(0x7f0000000080)={0xd, 0x800004, 0x40000010000}) [ 646.440534][ T1034] loop2: p1 p2 p3 p4 [ 646.444723][ T1034] loop2: p1 start 10 is beyond EOD, truncated [ 646.450835][ T1034] loop2: p2 size 1073872896 extends beyond EOD, truncated [ 646.479935][T19475] FAULT_INJECTION: forcing a failure. [ 646.479935][T19475] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 646.493389][T19475] CPU: 0 PID: 19475 Comm: syz-executor.4 Not tainted 5.12.0-syzkaller #0 [ 646.501841][T19475] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 646.511899][T19475] Call Trace: [ 646.513346][ T1034] loop2: p3 start 225 is beyond EOD, [ 646.515178][T19475] dump_stack+0x137/0x19d [ 646.515263][T19475] should_fail+0x23c/0x250 [ 646.520617][ T1034] truncated [ 646.524883][T19475] __alloc_pages+0x102/0x320 17:05:42 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000100)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1000002, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod$loop(&(0x7f00000000c0)='./file0\x00', 0x6000, 0x1) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f0000000100)=@filename='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='ext2\x00', 0xfc130000000000, 0x0) [ 646.524907][T19475] alloc_pages+0x21d/0x310 [ 646.529320][ T1034] loop2: p4 size 3657465856 extends beyond EOD, [ 646.532381][T19475] push_pipe+0x267/0x370 [ 646.536966][ T1034] truncated [ 646.541344][T19475] iov_iter_get_pages+0xb39/0xcc0 [ 646.560107][T19475] bio_iov_iter_get_pages+0x55f/0xa70 [ 646.565491][T19475] iomap_dio_bio_actor+0x673/0xb50 [ 646.570614][T19475] iomap_dio_actor+0x26e/0x3b0 [ 646.575435][T19475] ? __filemap_fdatawait_range+0x17c/0x1b0 [ 646.581256][T19475] iomap_apply+0x1e2/0x400 [ 646.585684][T19475] __iomap_dio_rw+0x5af/0xad0 [ 646.590373][T19475] ? __iomap_dio_rw+0xad0/0xad0 [ 646.595238][T19475] iomap_dio_rw+0x30/0x70 [ 646.599575][T19475] ext4_file_read_iter+0x21a/0x290 [ 646.604706][T19475] generic_file_splice_read+0x22a/0x310 [ 646.610313][T19475] ? splice_shrink_spd+0x60/0x60 [ 646.615261][T19475] splice_direct_to_actor+0x2aa/0x650 [ 646.620635][T19475] ? do_splice_direct+0x170/0x170 [ 646.625667][T19475] do_splice_direct+0xf5/0x170 [ 646.630431][T19475] do_sendfile+0x773/0xda0 [ 646.634856][T19475] __x64_sys_sendfile64+0xf2/0x130 [ 646.640061][T19475] do_syscall_64+0x4a/0x90 [ 646.644465][T19475] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 646.650346][T19475] RIP: 0033:0x4665f9 [ 646.654222][T19475] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 646.673814][T19475] RSP: 002b:00007f66db8d7188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 646.682247][T19475] RAX: ffffffffffffffda RBX: 000000000056c008 RCX: 00000000004665f9 [ 646.690218][T19475] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000003 [ 646.698172][T19475] RBP: 00007f66db8d71d0 R08: 0000000000000000 R09: 0000000000000000 [ 646.706129][T19475] R10: 00008080ffffff7e R11: 0000000000000246 R12: 0000000000000002 [ 646.714084][T19475] R13: 00007ffc1c86f7ef R14: 00007f66db8d7300 R15: 0000000000022000 [ 646.746854][ T1034] loop2: p1 p2 p3 p4 [ 646.754600][ T1034] loop2: p1 start 10 is beyond EOD, truncated [ 646.761023][ T1034] loop2: p2 size 1073872896 extends beyond EOD, truncated [ 646.770300][ T1034] loop2: p3 start 225 is beyond EOD, truncated [ 646.776535][ T1034] loop2: p4 size 3657465856 extends beyond EOD, truncated 17:05:42 executing program 4 (fault-call:11 fault-nth:92): prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x6}, 0x0) r0 = open(&(0x7f00000001c0)='./bus\x00', 0x145842, 0x0) r1 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0) lseek(r1, 0x4200, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r3, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r2, &(0x7f0000000000), 0x10000}]) r4 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r1, r4, 0x0, 0x8400fffffffb) sendfile(r0, r0, 0x0, 0x8080ffffff7e) 17:05:42 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000580)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = socket$inet(0x10, 0x3, 0x0) sendmsg(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000400)="24000000260007031dfffd946fa2830b20200a0009000000001d85680c1ba3a20400ff7e280000001c00ffffba16a0aa1c0009b3ebcd774a3c374a095dca5285307eadea8653a1cc7e63975c", 0x4c}], 0x1}, 0x0) 17:05:42 executing program 0: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.events\x00', 0xb00000000065808, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000140)) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(r2, &(0x7f0000000000), 0xb1d000) ioctl$FITRIM(r0, 0x4030582b, &(0x7f0000000080)={0xf, 0x800004, 0x40000010000}) 17:05:42 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.events\x00', 0xb00000000065808, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000140)) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(r2, &(0x7f0000000000), 0xb1d000) ioctl$FITRIM(r0, 0x4030582b, &(0x7f0000000080)={0x8, 0x800004, 0x40000010000}) 17:05:42 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000200)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in6=@ipv4={'\x00', '\xff\xff', @broadcast}, 0x0, 0x32}, @in=@dev, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb00}, {}, {}, 0x0, 0x0, 0xa, 0xd104, 0x0, 0x24}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0) 17:05:42 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000100)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1000002, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod$loop(&(0x7f00000000c0)='./file0\x00', 0x6000, 0x1) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f0000000100)=@filename='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='ext2\x00', 0x100000000000000, 0x0) 17:05:43 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000200)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in6=@ipv4={'\x00', '\xff\xff', @broadcast}, 0x0, 0x32}, @in=@dev, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc00}, {}, {}, 0x0, 0x0, 0xa, 0xd104, 0x0, 0x24}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0) 17:05:43 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000100)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1000002, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod$loop(&(0x7f00000000c0)='./file0\x00', 0x6000, 0x1) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f0000000100)=@filename='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='ext2\x00', 0x200000000000000, 0x0) 17:05:43 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000580)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = socket$inet(0x10, 0x3, 0x0) sendmsg(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000400)="24000000260007031dfffd946fa2830c20200a0009000000001d85680c1ba3a20400ff7e280000001c00ffffba16a0aa1c0009b3ebcd774a3c374a095dca5285307eadea8653a1cc7e63975c", 0x4c}], 0x1}, 0x0) 17:05:43 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000100)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1000002, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod$loop(&(0x7f00000000c0)='./file0\x00', 0x6000, 0x1) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f0000000100)=@filename='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='ext2\x00', 0x204000000000000, 0x0) [ 647.388434][ T1034] loop2: p1 p2 p3 p4 [ 647.403026][ T1034] loop2: p1 start 10 is beyond EOD, truncated [ 647.409156][ T1034] loop2: p2 size 1073872896 extends beyond EOD, truncated [ 647.439876][T19533] FAULT_INJECTION: forcing a failure. [ 647.439876][T19533] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 647.453165][T19533] CPU: 0 PID: 19533 Comm: syz-executor.4 Not tainted 5.12.0-syzkaller #0 [ 647.461579][T19533] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 647.471641][T19533] Call Trace: [ 647.474920][T19533] dump_stack+0x137/0x19d [ 647.475144][ T1034] loop2: p3 start 225 is beyond EOD, [ 647.479249][T19533] should_fail+0x23c/0x250 17:05:43 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000580)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = socket$inet(0x10, 0x3, 0x0) sendmsg(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000400)="24000000260007031dfffd946fa2830d20200a0009000000001d85680c1ba3a20400ff7e280000001c00ffffba16a0aa1c0009b3ebcd774a3c374a095dca5285307eadea8653a1cc7e63975c", 0x4c}], 0x1}, 0x0) [ 647.479269][T19533] __alloc_pages+0x102/0x320 [ 647.479286][T19533] alloc_pages+0x21d/0x310 [ 647.479301][T19533] push_pipe+0x267/0x370 [ 647.479344][T19533] iov_iter_get_pages+0xb39/0xcc0 [ 647.479360][T19533] bio_iov_iter_get_pages+0x55f/0xa70 [ 647.479378][T19533] iomap_dio_bio_actor+0x673/0xb50 [ 647.484734][ T1034] truncated [ 647.484741][ T1034] loop2: p4 size 3657465856 extends beyond EOD, [ 647.489197][T19533] iomap_dio_actor+0x26e/0x3b0 [ 647.493722][ T1034] truncated 17:05:43 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.events\x00', 0xb00000000065808, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000140)) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(r2, &(0x7f0000000000), 0xb1d000) ioctl$FITRIM(r0, 0x4030582b, &(0x7f0000000080)={0x9, 0x800004, 0x40000010000}) [ 647.535078][T19533] ? __filemap_fdatawait_range+0x17c/0x1b0 [ 647.540922][T19533] iomap_apply+0x1e2/0x400 [ 647.545351][T19533] __iomap_dio_rw+0x5af/0xad0 [ 647.550068][T19533] ? __iomap_dio_rw+0xad0/0xad0 [ 647.555077][T19533] iomap_dio_rw+0x30/0x70 [ 647.559452][T19533] ext4_file_read_iter+0x21a/0x290 [ 647.564629][T19533] generic_file_splice_read+0x22a/0x310 [ 647.570229][T19533] ? splice_shrink_spd+0x60/0x60 [ 647.575171][T19533] splice_direct_to_actor+0x2aa/0x650 [ 647.580585][T19533] ? do_splice_direct+0x170/0x170 [ 647.585668][T19533] do_splice_direct+0xf5/0x170 [ 647.590441][T19533] do_sendfile+0x773/0xda0 [ 647.594891][T19533] __x64_sys_sendfile64+0xf2/0x130 [ 647.597716][ T1034] loop2: p1 p2 p3 p4 [ 647.600009][T19533] do_syscall_64+0x4a/0x90 [ 647.604884][ T1034] loop2: p1 start 10 is beyond EOD, [ 647.608389][T19533] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 647.608485][T19533] RIP: 0033:0x4665f9 [ 647.613786][ T1034] truncated [ 647.619640][T19533] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 647.619659][T19533] RSP: 002b:00007f66db8d7188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 647.619677][T19533] RAX: ffffffffffffffda RBX: 000000000056c008 RCX: 00000000004665f9 [ 647.619687][T19533] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000003 [ 647.619696][T19533] RBP: 00007f66db8d71d0 R08: 0000000000000000 R09: 0000000000000000 [ 647.619706][T19533] R10: 00008080ffffff7e R11: 0000000000000246 R12: 0000000000000002 [ 647.619716][T19533] R13: 00007ffc1c86f7ef R14: 00007f66db8d7300 R15: 0000000000022000 [ 647.694970][ T1034] loop2: p2 size 1073872896 extends beyond EOD, truncated [ 647.724477][ T1034] loop2: p3 start 225 is beyond EOD, truncated [ 647.730785][ T1034] loop2: p4 size 3657465856 extends beyond EOD, truncated [ 647.767442][ T1034] loop2: p1 p2 p3 p4 [ 647.772163][ T1034] loop2: p1 start 10 is beyond EOD, truncated [ 647.778641][ T1034] loop2: p2 size 1073872896 extends beyond EOD, truncated [ 647.788171][ T1034] loop2: p3 start 225 is beyond EOD, truncated [ 647.794557][ T1034] loop2: p4 size 3657465856 extends beyond EOD, truncated 17:05:43 executing program 4 (fault-call:11 fault-nth:93): prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x6}, 0x0) r0 = open(&(0x7f00000001c0)='./bus\x00', 0x145842, 0x0) r1 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0) lseek(r1, 0x4200, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r3, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r2, &(0x7f0000000000), 0x10000}]) r4 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r1, r4, 0x0, 0x8400fffffffb) sendfile(r0, r0, 0x0, 0x8080ffffff7e) 17:05:43 executing program 0: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.events\x00', 0xb00000000065808, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000140)) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(r2, &(0x7f0000000000), 0xb1d000) ioctl$FITRIM(r0, 0x4030582b, &(0x7f0000000080)={0x11, 0x800004, 0x40000010000}) 17:05:43 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000100)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1000002, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod$loop(&(0x7f00000000c0)='./file0\x00', 0x6000, 0x1) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f0000000100)=@filename='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='ext2\x00', 0x300000000000000, 0x0) 17:05:43 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000200)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in6=@ipv4={'\x00', '\xff\xff', @broadcast}, 0x0, 0x32}, @in=@dev, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd00}, {}, {}, 0x0, 0x0, 0xa, 0xd104, 0x0, 0x24}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0) 17:05:43 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000580)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = socket$inet(0x10, 0x3, 0x0) sendmsg(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000400)="24000000260007031dfffd946fa2830e20200a0009000000001d85680c1ba3a20400ff7e280000001c00ffffba16a0aa1c0009b3ebcd774a3c374a095dca5285307eadea8653a1cc7e63975c", 0x4c}], 0x1}, 0x0) 17:05:43 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.events\x00', 0xb00000000065808, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000140)) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(r2, &(0x7f0000000000), 0xb1d000) ioctl$FITRIM(r0, 0x4030582b, &(0x7f0000000080)={0xa, 0x800004, 0x40000010000}) 17:05:43 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000100)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1000002, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod$loop(&(0x7f00000000c0)='./file0\x00', 0x6000, 0x1) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f0000000100)=@filename='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='ext2\x00', 0x400000000000000, 0x0) 17:05:44 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000580)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = socket$inet(0x10, 0x3, 0x0) sendmsg(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000400)="24000000260007031dfffd946fa2831020200a0009000000001d85680c1ba3a20400ff7e280000001c00ffffba16a0aa1c0009b3ebcd774a3c374a095dca5285307eadea8653a1cc7e63975c", 0x4c}], 0x1}, 0x0) 17:05:44 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000100)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1000002, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod$loop(&(0x7f00000000c0)='./file0\x00', 0x6000, 0x1) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f0000000100)=@filename='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='ext2\x00', 0x500000000000000, 0x0) 17:05:44 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000200)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in6=@ipv4={'\x00', '\xff\xff', @broadcast}, 0x0, 0x32}, @in=@dev, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe00}, {}, {}, 0x0, 0x0, 0xa, 0xd104, 0x0, 0x24}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0) [ 648.376000][ T1034] loop2: p1 p2 p3 p4 [ 648.389972][ T1034] loop2: p1 start 10 is beyond EOD, truncated [ 648.396116][ T1034] loop2: p2 size 1073872896 extends beyond EOD, truncated 17:05:44 executing program 0: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.events\x00', 0xb00000000065808, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000140)) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(r2, &(0x7f0000000000), 0xb1d000) ioctl$FITRIM(r0, 0x4030582b, &(0x7f0000000080)={0x12, 0x800004, 0x40000010000}) [ 648.421181][ T1034] loop2: p3 start 225 is beyond EOD, truncated [ 648.427583][ T1034] loop2: p4 size 3657465856 extends beyond EOD, truncated [ 648.443280][T19604] FAULT_INJECTION: forcing a failure. [ 648.443280][T19604] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 648.456634][T19604] CPU: 1 PID: 19604 Comm: syz-executor.4 Not tainted 5.12.0-syzkaller #0 [ 648.465077][T19604] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 17:05:44 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000200)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in6=@ipv4={'\x00', '\xff\xff', @broadcast}, 0x0, 0x32}, @in=@dev, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1100}, {}, {}, 0x0, 0x0, 0xa, 0xd104, 0x0, 0x24}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0) [ 648.475134][T19604] Call Trace: [ 648.478479][T19604] dump_stack+0x137/0x19d [ 648.482821][T19604] should_fail+0x23c/0x250 [ 648.487279][T19604] __alloc_pages+0x102/0x320 [ 648.491887][T19604] alloc_pages+0x21d/0x310 [ 648.496313][T19604] push_pipe+0x267/0x370 [ 648.500580][T19604] iov_iter_get_pages+0xb39/0xcc0 [ 648.505610][T19604] bio_iov_iter_get_pages+0x55f/0xa70 [ 648.510995][T19604] iomap_dio_bio_actor+0x673/0xb50 [ 648.516122][T19604] iomap_dio_actor+0x26e/0x3b0 [ 648.520943][T19604] ? __filemap_fdatawait_range+0x17c/0x1b0 [ 648.526847][T19604] iomap_apply+0x1e2/0x400 [ 648.531327][T19604] __iomap_dio_rw+0x5af/0xad0 [ 648.536128][T19604] ? __iomap_dio_rw+0xad0/0xad0 [ 648.540971][T19604] iomap_dio_rw+0x30/0x70 [ 648.545328][T19604] ext4_file_read_iter+0x21a/0x290 [ 648.550454][T19604] generic_file_splice_read+0x22a/0x310 [ 648.556010][T19604] ? splice_shrink_spd+0x60/0x60 [ 648.560951][T19604] splice_direct_to_actor+0x2aa/0x650 [ 648.566355][T19604] ? do_splice_direct+0x170/0x170 [ 648.571384][T19604] do_splice_direct+0xf5/0x170 [ 648.576154][T19604] do_sendfile+0x773/0xda0 [ 648.580573][T19604] __x64_sys_sendfile64+0xf2/0x130 [ 648.585842][T19604] do_syscall_64+0x4a/0x90 [ 648.590252][T19604] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 648.596290][T19604] RIP: 0033:0x4665f9 [ 648.600198][T19604] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 648.619806][T19604] RSP: 002b:00007f66db8d7188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 648.628321][T19604] RAX: ffffffffffffffda RBX: 000000000056c008 RCX: 00000000004665f9 [ 648.636278][T19604] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000003 [ 648.644338][T19604] RBP: 00007f66db8d71d0 R08: 0000000000000000 R09: 0000000000000000 [ 648.652436][T19604] R10: 00008080ffffff7e R11: 0000000000000246 R12: 0000000000000002 [ 648.660395][T19604] R13: 00007ffc1c86f7ef R14: 00007f66db8d7300 R15: 0000000000022000 [ 648.709345][ T1034] loop2: p1 p2 p3 p4 [ 648.713466][ T1034] loop2: p1 start 10 is beyond EOD, truncated [ 648.719591][ T1034] loop2: p2 size 1073872896 extends beyond EOD, truncated [ 648.728626][ T1034] loop2: p3 start 225 is beyond EOD, truncated [ 648.735116][ T1034] loop2: p4 size 3657465856 extends beyond EOD, truncated 17:05:44 executing program 4 (fault-call:11 fault-nth:94): prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x6}, 0x0) r0 = open(&(0x7f00000001c0)='./bus\x00', 0x145842, 0x0) r1 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0) lseek(r1, 0x4200, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r3, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r2, &(0x7f0000000000), 0x10000}]) r4 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r1, r4, 0x0, 0x8400fffffffb) sendfile(r0, r0, 0x0, 0x8080ffffff7e) 17:05:44 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000100)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1000002, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod$loop(&(0x7f00000000c0)='./file0\x00', 0x6000, 0x1) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f0000000100)=@filename='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='ext2\x00', 0x600000000000000, 0x0) 17:05:44 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000580)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = socket$inet(0x10, 0x3, 0x0) sendmsg(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000400)="24000000260007031dfffd946fa2831120200a0009000000001d85680c1ba3a20400ff7e280000001c00ffffba16a0aa1c0009b3ebcd774a3c374a095dca5285307eadea8653a1cc7e63975c", 0x4c}], 0x1}, 0x0) 17:05:44 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.events\x00', 0xb00000000065808, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000140)) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(r2, &(0x7f0000000000), 0xb1d000) ioctl$FITRIM(r0, 0x4030582b, &(0x7f0000000080)={0xb, 0x800004, 0x40000010000}) 17:05:44 executing program 0: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.events\x00', 0xb00000000065808, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000140)) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(r2, &(0x7f0000000000), 0xb1d000) ioctl$FITRIM(r0, 0x4030582b, &(0x7f0000000080)={0x204, 0x800004, 0x40000010000}) 17:05:44 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000200)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in6=@ipv4={'\x00', '\xff\xff', @broadcast}, 0x0, 0x32}, @in=@dev, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1200}, {}, {}, 0x0, 0x0, 0xa, 0xd104, 0x0, 0x24}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0) 17:05:45 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000100)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1000002, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod$loop(&(0x7f00000000c0)='./file0\x00', 0x6000, 0x1) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f0000000100)=@filename='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='ext2\x00', 0x602000000000000, 0x0) 17:05:45 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000580)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = socket$inet(0x10, 0x3, 0x0) sendmsg(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000400)="24000000260007031dfffd946fa2831220200a0009000000001d85680c1ba3a20400ff7e280000001c00ffffba16a0aa1c0009b3ebcd774a3c374a095dca5285307eadea8653a1cc7e63975c", 0x4c}], 0x1}, 0x0) 17:05:45 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000200)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in6=@ipv4={'\x00', '\xff\xff', @broadcast}, 0x0, 0x32}, @in=@dev, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1400}, {}, {}, 0x0, 0x0, 0xa, 0xd104, 0x0, 0x24}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0) 17:05:45 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000100)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1000002, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod$loop(&(0x7f00000000c0)='./file0\x00', 0x6000, 0x1) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f0000000100)=@filename='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='ext2\x00', 0x604000000000000, 0x0) [ 649.353968][ T1034] loop2: p1 p2 p3 p4 [ 649.359114][ T1034] loop2: p1 start 10 is beyond EOD, truncated [ 649.365431][ T1034] loop2: p2 size 1073872896 extends beyond EOD, truncated [ 649.379407][ T1034] loop2: p3 start 225 is beyond EOD, truncated [ 649.385612][ T1034] loop2: p4 size 3657465856 extends beyond EOD, truncated [ 649.411539][T19666] __nla_validate_parse: 13 callbacks suppressed [ 649.411554][T19666] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.2'. [ 649.436623][T19667] FAULT_INJECTION: forcing a failure. [ 649.436623][T19667] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 649.449915][T19667] CPU: 1 PID: 19667 Comm: syz-executor.4 Not tainted 5.12.0-syzkaller #0 17:05:45 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.events\x00', 0xb00000000065808, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000140)) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(r2, &(0x7f0000000000), 0xb1d000) ioctl$FITRIM(r0, 0x4030582b, &(0x7f0000000080)={0xc, 0x800004, 0x40000010000}) [ 649.458343][T19667] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 649.459219][T19670] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.2'. [ 649.468457][T19667] Call Trace: [ 649.468468][T19667] dump_stack+0x137/0x19d [ 649.468492][T19667] should_fail+0x23c/0x250 [ 649.489754][T19667] __alloc_pages+0x102/0x320 [ 649.494351][T19667] alloc_pages+0x21d/0x310 [ 649.498817][T19667] push_pipe+0x267/0x370 [ 649.503078][T19667] iov_iter_get_pages+0xb39/0xcc0 [ 649.508135][T19667] bio_iov_iter_get_pages+0x55f/0xa70 [ 649.513519][T19667] iomap_dio_bio_actor+0x673/0xb50 [ 649.518663][T19667] iomap_dio_actor+0x26e/0x3b0 [ 649.523414][T19667] ? __filemap_fdatawait_range+0x17c/0x1b0 [ 649.529242][T19667] iomap_apply+0x1e2/0x400 [ 649.533743][T19667] __iomap_dio_rw+0x5af/0xad0 [ 649.538430][T19667] ? __iomap_dio_rw+0xad0/0xad0 [ 649.543334][T19667] iomap_dio_rw+0x30/0x70 [ 649.547780][T19667] ext4_file_read_iter+0x21a/0x290 [ 649.552904][T19667] generic_file_splice_read+0x22a/0x310 [ 649.558560][T19667] ? splice_shrink_spd+0x60/0x60 [ 649.563525][T19667] splice_direct_to_actor+0x2aa/0x650 [ 649.568943][T19667] ? do_splice_direct+0x170/0x170 [ 649.573968][T19667] do_splice_direct+0xf5/0x170 [ 649.578726][T19667] do_sendfile+0x773/0xda0 [ 649.583186][T19667] __x64_sys_sendfile64+0xf2/0x130 [ 649.588294][T19667] do_syscall_64+0x4a/0x90 [ 649.592703][T19667] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 649.598584][T19667] RIP: 0033:0x4665f9 [ 649.602635][T19667] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 649.622241][T19667] RSP: 002b:00007f66db8d7188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 649.630742][T19667] RAX: ffffffffffffffda RBX: 000000000056c008 RCX: 00000000004665f9 [ 649.638719][T19667] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000003 [ 649.646710][T19667] RBP: 00007f66db8d71d0 R08: 0000000000000000 R09: 0000000000000000 [ 649.654690][T19667] R10: 00008080ffffff7e R11: 0000000000000246 R12: 0000000000000002 17:05:45 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000580)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = socket$inet(0x10, 0x3, 0x0) sendmsg(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000400)="24000000260007031dfffd946fa2832520200a0009000000001d85680c1ba3a20400ff7e280000001c00ffffba16a0aa1c0009b3ebcd774a3c374a095dca5285307eadea8653a1cc7e63975c", 0x4c}], 0x1}, 0x0) [ 649.662668][T19667] R13: 00007ffc1c86f7ef R14: 00007f66db8d7300 R15: 0000000000022000 [ 649.700429][ T1034] loop2: p1 p2 p3 p4 [ 649.705598][ T1034] loop2: p1 start 10 is beyond EOD, truncated [ 649.711734][ T1034] loop2: p2 size 1073872896 extends beyond EOD, truncated [ 649.724433][ T1034] loop2: p3 start 225 is beyond EOD, truncated [ 649.730667][ T1034] loop2: p4 size 3657465856 extends beyond EOD, truncated [ 649.731666][T19684] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.2'. [ 649.757072][T19689] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.2'. 17:05:45 executing program 4 (fault-call:11 fault-nth:95): prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x6}, 0x0) r0 = open(&(0x7f00000001c0)='./bus\x00', 0x145842, 0x0) r1 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0) lseek(r1, 0x4200, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r3, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r2, &(0x7f0000000000), 0x10000}]) r4 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r1, r4, 0x0, 0x8400fffffffb) sendfile(r0, r0, 0x0, 0x8080ffffff7e) 17:05:45 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000100)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1000002, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod$loop(&(0x7f00000000c0)='./file0\x00', 0x6000, 0x1) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f0000000100)=@filename='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='ext2\x00', 0x700000000000000, 0x0) 17:05:45 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000200)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in6=@ipv4={'\x00', '\xff\xff', @broadcast}, 0x0, 0x32}, @in=@dev, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1700}, {}, {}, 0x0, 0x0, 0xa, 0xd104, 0x0, 0x24}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0) 17:05:45 executing program 0: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.events\x00', 0xb00000000065808, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000140)) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(r2, &(0x7f0000000000), 0xb1d000) ioctl$FITRIM(r0, 0x4030582b, &(0x7f0000000080)={0x300, 0x800004, 0x40000010000}) 17:05:45 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000580)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = socket$inet(0x10, 0x3, 0x0) sendmsg(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000400)="24000000260007031dfffd946fa2832820200a0009000000001d85680c1ba3a20400ff7e280000001c00ffffba16a0aa1c0009b3ebcd774a3c374a095dca5285307eadea8653a1cc7e63975c", 0x4c}], 0x1}, 0x0) 17:05:45 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.events\x00', 0xb00000000065808, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000140)) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(r2, &(0x7f0000000000), 0xb1d000) ioctl$FITRIM(r0, 0x4030582b, &(0x7f0000000080)={0xd, 0x800004, 0x40000010000}) 17:05:45 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000200)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in6=@ipv4={'\x00', '\xff\xff', @broadcast}, 0x0, 0x32}, @in=@dev, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000}, {}, {}, 0x0, 0x0, 0xa, 0xd104, 0x0, 0x24}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0) 17:05:46 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000100)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1000002, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod$loop(&(0x7f00000000c0)='./file0\x00', 0x6000, 0x1) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f0000000100)=@filename='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='ext2\x00', 0x800000000000000, 0x0) [ 650.266667][T19702] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.2'. 17:05:46 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000580)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = socket$inet(0x10, 0x3, 0x0) sendmsg(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000400)="24000000260007031dfffd946fa2834820200a0009000000001d85680c1ba3a20400ff7e280000001c00ffffba16a0aa1c0009b3ebcd774a3c374a095dca5285307eadea8653a1cc7e63975c", 0x4c}], 0x1}, 0x0) 17:05:46 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000200)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in6=@ipv4={'\x00', '\xff\xff', @broadcast}, 0x0, 0x32}, @in=@dev, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8006}, {}, {}, 0x0, 0x0, 0xa, 0xd104, 0x0, 0x24}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0) [ 650.350708][ T1034] loop2: p1 p2 p3 p4 [ 650.355735][ T1034] loop2: p1 start 10 is beyond EOD, truncated [ 650.361878][ T1034] loop2: p2 size 1073872896 extends beyond EOD, truncated [ 650.381362][ T1034] loop2: p3 start 225 is beyond EOD, truncated [ 650.387704][ T1034] loop2: p4 size 3657465856 extends beyond EOD, truncated 17:05:46 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000100)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1000002, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod$loop(&(0x7f00000000c0)='./file0\x00', 0x6000, 0x1) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f0000000100)=@filename='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='ext2\x00', 0x900000000000000, 0x0) [ 650.391271][T19734] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.2'. [ 650.402910][T19728] FAULT_INJECTION: forcing a failure. [ 650.402910][T19728] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 650.415977][T19736] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.2'. [ 650.417414][T19728] CPU: 1 PID: 19728 Comm: syz-executor.4 Not tainted 5.12.0-syzkaller #0 [ 650.435160][T19728] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 650.445210][T19728] Call Trace: [ 650.448485][T19728] dump_stack+0x137/0x19d [ 650.452827][T19728] should_fail+0x23c/0x250 [ 650.457252][T19728] __alloc_pages+0x102/0x320 [ 650.461850][T19728] alloc_pages+0x21d/0x310 [ 650.466316][T19728] push_pipe+0x267/0x370 [ 650.470585][T19728] iov_iter_get_pages+0xb39/0xcc0 [ 650.475683][T19728] bio_iov_iter_get_pages+0x55f/0xa70 [ 650.481055][T19728] iomap_dio_bio_actor+0x673/0xb50 [ 650.486344][T19728] iomap_dio_actor+0x26e/0x3b0 [ 650.491100][T19728] ? __filemap_fdatawait_range+0x17c/0x1b0 [ 650.496977][T19728] iomap_apply+0x1e2/0x400 [ 650.501525][T19728] __iomap_dio_rw+0x5af/0xad0 [ 650.506252][T19728] ? __iomap_dio_rw+0xad0/0xad0 [ 650.511204][T19728] iomap_dio_rw+0x30/0x70 [ 650.515582][T19728] ext4_file_read_iter+0x21a/0x290 [ 650.520704][T19728] generic_file_splice_read+0x22a/0x310 [ 650.526256][T19728] ? splice_shrink_spd+0x60/0x60 [ 650.531429][T19728] splice_direct_to_actor+0x2aa/0x650 [ 650.536806][T19728] ? do_splice_direct+0x170/0x170 [ 650.541835][T19728] do_splice_direct+0xf5/0x170 [ 650.546768][T19728] do_sendfile+0x773/0xda0 [ 650.551196][T19728] __x64_sys_sendfile64+0xf2/0x130 [ 650.556297][T19728] do_syscall_64+0x4a/0x90 [ 650.560718][T19728] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 650.566622][T19728] RIP: 0033:0x4665f9 [ 650.570505][T19728] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 650.590189][T19728] RSP: 002b:00007f66db8d7188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 17:05:46 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000580)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = socket$inet(0x10, 0x3, 0x0) sendmsg(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000400)="24000000260007031dfffd946fa2834c20200a0009000000001d85680c1ba3a20400ff7e280000001c00ffffba16a0aa1c0009b3ebcd774a3c374a095dca5285307eadea8653a1cc7e63975c", 0x4c}], 0x1}, 0x0) [ 650.598591][T19728] RAX: ffffffffffffffda RBX: 000000000056c008 RCX: 00000000004665f9 [ 650.606559][T19728] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000003 [ 650.614591][T19728] RBP: 00007f66db8d71d0 R08: 0000000000000000 R09: 0000000000000000 [ 650.622589][T19728] R10: 00008080ffffff7e R11: 0000000000000246 R12: 0000000000000002 [ 650.630638][T19728] R13: 00007ffc1c86f7ef R14: 00007f66db8d7300 R15: 0000000000022000 [ 650.666012][ T1034] loop2: p1 p2 p3 p4 [ 650.693840][ T1034] loop2: p1 start 10 is beyond EOD, truncated [ 650.696772][T19750] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.2'. [ 650.700019][ T1034] loop2: p2 size 1073872896 extends beyond EOD, truncated [ 650.719759][ T1034] loop2: p3 start 225 is beyond EOD, truncated [ 650.726004][ T1034] loop2: p4 size 3657465856 extends beyond EOD, truncated [ 650.745527][T19757] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.2'. [ 650.792576][ T1034] loop2: p1 p2 p3 p4 [ 650.796769][ T1034] loop2: p1 start 10 is beyond EOD, truncated [ 650.802880][ T1034] loop2: p2 size 1073872896 extends beyond EOD, truncated [ 650.810886][ T1034] loop2: p3 start 225 is beyond EOD, truncated [ 650.817199][ T1034] loop2: p4 size 3657465856 extends beyond EOD, truncated 17:05:46 executing program 4 (fault-call:11 fault-nth:96): prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x6}, 0x0) r0 = open(&(0x7f00000001c0)='./bus\x00', 0x145842, 0x0) r1 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0) lseek(r1, 0x4200, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r3, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r2, &(0x7f0000000000), 0x10000}]) r4 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r1, r4, 0x0, 0x8400fffffffb) sendfile(r0, r0, 0x0, 0x8080ffffff7e) 17:05:46 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000200)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in6=@ipv4={'\x00', '\xff\xff', @broadcast}, 0x0, 0x32}, @in=@dev, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000}, {}, {}, 0x0, 0x0, 0xa, 0xd104, 0x0, 0x24}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0) 17:05:46 executing program 0: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.events\x00', 0xb00000000065808, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000140)) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(r2, &(0x7f0000000000), 0xb1d000) ioctl$FITRIM(r0, 0x4030582b, &(0x7f0000000080)={0x402, 0x800004, 0x40000010000}) 17:05:46 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.events\x00', 0xb00000000065808, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000140)) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(r2, &(0x7f0000000000), 0xb1d000) ioctl$FITRIM(r0, 0x4030582b, &(0x7f0000000080)={0xf, 0x800004, 0x40000010000}) 17:05:46 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000100)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1000002, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod$loop(&(0x7f00000000c0)='./file0\x00', 0x6000, 0x1) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f0000000100)=@filename='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='ext2\x00', 0xa00000000000000, 0x0) 17:05:46 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000580)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = socket$inet(0x10, 0x3, 0x0) sendmsg(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000400)="24000000260007031dfffd946fa2836020200a0009000000001d85680c1ba3a20400ff7e280000001c00ffffba16a0aa1c0009b3ebcd774a3c374a095dca5285307eadea8653a1cc7e63975c", 0x4c}], 0x1}, 0x0) 17:05:46 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000100)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1000002, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod$loop(&(0x7f00000000c0)='./file0\x00', 0x6000, 0x1) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f0000000100)=@filename='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='ext2\x00', 0xb00000000000000, 0x0) [ 651.242654][T19783] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.2'. 17:05:47 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000200)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in6=@ipv4={'\x00', '\xff\xff', @broadcast}, 0x0, 0x32}, @in=@dev, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000}, {}, {}, 0x0, 0x0, 0xa, 0xd104, 0x0, 0x24}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0) 17:05:47 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000580)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = socket$inet(0x10, 0x3, 0x0) sendmsg(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000400)="24000000260007031dfffd946fa2836820200a0009000000001d85680c1ba3a20400ff7e280000001c00ffffba16a0aa1c0009b3ebcd774a3c374a095dca5285307eadea8653a1cc7e63975c", 0x4c}], 0x1}, 0x0) 17:05:47 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000100)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1000002, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod$loop(&(0x7f00000000c0)='./file0\x00', 0x6000, 0x1) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f0000000100)=@filename='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='ext2\x00', 0xc00000000000000, 0x0) [ 651.331978][ T1034] loop2: p1 p2 p3 p4 [ 651.346321][ T1034] loop2: p1 start 10 is beyond EOD, truncated [ 651.352621][ T1034] loop2: p2 size 1073872896 extends beyond EOD, truncated 17:05:47 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000200)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in6=@ipv4={'\x00', '\xff\xff', @broadcast}, 0x0, 0x32}, @in=@dev, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000000}, {}, {}, 0x0, 0x0, 0xa, 0xd104, 0x0, 0x24}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0) [ 651.376820][ T1034] loop2: p3 start 225 is beyond EOD, truncated [ 651.383085][ T1034] loop2: p4 size 3657465856 extends beyond EOD, truncated [ 651.398142][T19806] FAULT_INJECTION: forcing a failure. [ 651.398142][T19806] name failslab, interval 1, probability 0, space 0, times 0 [ 651.410900][T19806] CPU: 1 PID: 19806 Comm: syz-executor.4 Not tainted 5.12.0-syzkaller #0 [ 651.419317][T19806] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 17:05:47 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.events\x00', 0xb00000000065808, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000140)) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(r2, &(0x7f0000000000), 0xb1d000) ioctl$FITRIM(r0, 0x4030582b, &(0x7f0000000080)={0x11, 0x800004, 0x40000010000}) [ 651.429451][T19806] Call Trace: [ 651.432737][T19806] dump_stack+0x137/0x19d [ 651.437075][T19806] should_fail+0x23c/0x250 [ 651.441497][T19806] ? mempool_alloc_slab+0x16/0x20 [ 651.446551][T19806] __should_failslab+0x81/0x90 [ 651.451327][T19806] should_failslab+0x5/0x20 [ 651.455836][T19806] kmem_cache_alloc+0x46/0x2f0 [ 651.460611][T19806] mempool_alloc_slab+0x16/0x20 [ 651.465554][T19806] ? mempool_free+0x130/0x130 [ 651.470241][T19806] mempool_alloc+0x8c/0x300 [ 651.474780][T19806] ? scsi_queue_rq+0x1339/0x15a0 [ 651.479730][T19806] sg_pool_alloc+0x74/0x90 [ 651.484167][T19806] __sg_alloc_table+0xce/0x290 [ 651.488930][T19806] sg_alloc_table_chained+0xaf/0x140 [ 651.494217][T19806] ? sg_alloc_table_chained+0x140/0x140 [ 651.499768][T19806] scsi_alloc_sgtables+0x180/0x500 [ 651.504886][T19806] sd_init_command+0x935/0x15f0 [ 651.509862][T19806] scsi_queue_rq+0x10e0/0x15a0 [ 651.514809][T19806] blk_mq_dispatch_rq_list+0x628/0x10b0 [ 651.520359][T19806] ? deadline_remove_request+0x167/0x180 [ 651.525998][T19806] ? dd_dispatch_request+0x341/0x3d0 [ 651.531271][T19806] blk_mq_do_dispatch_sched+0x3cb/0x660 [ 651.536846][T19806] __blk_mq_sched_dispatch_requests+0x21e/0x2c0 [ 651.543109][T19806] blk_mq_sched_dispatch_requests+0x9f/0x110 [ 651.549183][T19806] __blk_mq_run_hw_queue+0xbc/0x140 [ 651.554392][T19806] __blk_mq_delay_run_hw_queue+0x163/0x2f0 [ 651.560204][T19806] ? dd_insert_request+0x255/0x330 [ 651.565368][T19806] blk_mq_run_hw_queue+0x22c/0x250 [ 651.570482][T19806] ? dd_finish_request+0x10/0x10 [ 651.575414][T19806] blk_mq_sched_insert_requests+0x13f/0x200 [ 651.581373][T19806] blk_mq_flush_plug_list+0x2f5/0x3c0 [ 651.586747][T19806] blk_flush_plug_list+0x235/0x260 [ 651.591849][T19806] blk_finish_plug+0x44/0x60 [ 651.596460][T19806] __iomap_dio_rw+0x780/0xad0 [ 651.601269][T19806] iomap_dio_rw+0x30/0x70 [ 651.605764][T19806] ext4_file_read_iter+0x21a/0x290 [ 651.610894][T19806] generic_file_splice_read+0x22a/0x310 [ 651.616560][T19806] ? splice_shrink_spd+0x60/0x60 [ 651.621568][T19806] splice_direct_to_actor+0x2aa/0x650 [ 651.627104][T19806] ? do_splice_direct+0x170/0x170 [ 651.632249][T19806] do_splice_direct+0xf5/0x170 [ 651.637019][T19806] do_sendfile+0x773/0xda0 [ 651.641490][T19806] __x64_sys_sendfile64+0xf2/0x130 [ 651.646676][T19806] do_syscall_64+0x4a/0x90 [ 651.651091][T19806] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 651.657150][T19806] RIP: 0033:0x4665f9 [ 651.661038][T19806] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 651.680750][T19806] RSP: 002b:00007f66db8d7188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 651.689162][T19806] RAX: ffffffffffffffda RBX: 000000000056c008 RCX: 00000000004665f9 [ 651.697129][T19806] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000003 [ 651.705095][T19806] RBP: 00007f66db8d71d0 R08: 0000000000000000 R09: 0000000000000000 [ 651.713115][T19806] R10: 00008080ffffff7e R11: 0000000000000246 R12: 0000000000000002 [ 651.722553][T19806] R13: 00007ffc1c86f7ef R14: 00007f66db8d7300 R15: 0000000000022000 [ 651.750016][ T1034] loop2: p1 p2 p3 p4 [ 651.755040][ T1034] loop2: p1 start 10 is beyond EOD, truncated [ 651.761159][ T1034] loop2: p2 size 1073872896 extends beyond EOD, truncated [ 651.769809][ T1034] loop2: p3 start 225 is beyond EOD, truncated [ 651.775997][ T1034] loop2: p4 size 3657465856 extends beyond EOD, truncated 17:05:47 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000100)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1000002, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod$loop(&(0x7f00000000c0)='./file0\x00', 0x6000, 0x1) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f0000000100)=@filename='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='ext2\x00', 0xd00000000000000, 0x0) 17:05:47 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.events\x00', 0xb00000000065808, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000140)) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(r2, &(0x7f0000000000), 0xb1d000) ioctl$FITRIM(r0, 0x4030582b, &(0x7f0000000080)={0x12, 0x800004, 0x40000010000}) 17:05:47 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000580)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = socket$inet(0x10, 0x3, 0x0) sendmsg(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000400)="24000000260007031dfffd946fa2836c20200a0009000000001d85680c1ba3a20400ff7e280000001c00ffffba16a0aa1c0009b3ebcd774a3c374a095dca5285307eadea8653a1cc7e63975c", 0x4c}], 0x1}, 0x0) 17:05:47 executing program 4 (fault-call:11 fault-nth:97): prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x6}, 0x0) r0 = open(&(0x7f00000001c0)='./bus\x00', 0x145842, 0x0) r1 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0) lseek(r1, 0x4200, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r3, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r2, &(0x7f0000000000), 0x10000}]) r4 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r1, r4, 0x0, 0x8400fffffffb) sendfile(r0, r0, 0x0, 0x8080ffffff7e) 17:05:47 executing program 0: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.events\x00', 0xb00000000065808, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000140)) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(r2, &(0x7f0000000000), 0xb1d000) ioctl$FITRIM(r0, 0x4030582b, &(0x7f0000000080)={0x406, 0x800004, 0x40000010000}) 17:05:47 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000200)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in6=@ipv4={'\x00', '\xff\xff', @broadcast}, 0x0, 0x32}, @in=@dev, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000}, {}, {}, 0x0, 0x0, 0xa, 0xd104, 0x0, 0x24}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0) 17:05:47 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000100)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1000002, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod$loop(&(0x7f00000000c0)='./file0\x00', 0x6000, 0x1) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f0000000100)=@filename='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='ext2\x00', 0xe00000000000000, 0x0) 17:05:47 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000200)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in6=@ipv4={'\x00', '\xff\xff', @broadcast}, 0x0, 0x32}, @in=@dev, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5000000}, {}, {}, 0x0, 0x0, 0xa, 0xd104, 0x0, 0x24}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0) 17:05:47 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000580)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = socket$inet(0x10, 0x3, 0x0) sendmsg(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000400)="24000000260007031dfffd946fa2837420200a0009000000001d85680c1ba3a20400ff7e280000001c00ffffba16a0aa1c0009b3ebcd774a3c374a095dca5285307eadea8653a1cc7e63975c", 0x4c}], 0x1}, 0x0) 17:05:48 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000200)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in6=@ipv4={'\x00', '\xff\xff', @broadcast}, 0x0, 0x32}, @in=@dev, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6000000}, {}, {}, 0x0, 0x0, 0xa, 0xd104, 0x0, 0x24}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0) 17:05:48 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000100)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1000002, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod$loop(&(0x7f00000000c0)='./file0\x00', 0x6000, 0x1) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f0000000100)=@filename='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='ext2\x00', 0xf00000000000000, 0x0) [ 652.301067][ T1034] loop2: p1 p2 p3 p4 [ 652.305170][ T1034] loop2: p1 start 10 is beyond EOD, truncated [ 652.311281][ T1034] loop2: p2 size 1073872896 extends beyond EOD, truncated [ 652.329002][ T1034] loop2: p3 start 225 is beyond EOD, truncated [ 652.335406][ T1034] loop2: p4 size 3657465856 extends beyond EOD, truncated [ 652.378734][T19874] FAULT_INJECTION: forcing a failure. [ 652.378734][T19874] name failslab, interval 1, probability 0, space 0, times 0 [ 652.391520][T19874] CPU: 1 PID: 19874 Comm: syz-executor.4 Not tainted 5.12.0-syzkaller #0 [ 652.399940][T19874] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 652.409996][T19874] Call Trace: [ 652.413337][T19874] dump_stack+0x137/0x19d [ 652.417682][T19874] should_fail+0x23c/0x250 [ 652.422161][T19874] __should_failslab+0x81/0x90 17:05:48 executing program 0: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.events\x00', 0xb00000000065808, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000140)) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(r2, &(0x7f0000000000), 0xb1d000) ioctl$FITRIM(r0, 0x4030582b, &(0x7f0000000080)={0x500, 0x800004, 0x40000010000}) [ 652.426939][T19874] ? __iomap_dio_rw+0xf1/0xad0 [ 652.431755][T19874] should_failslab+0x5/0x20 [ 652.436269][T19874] kmem_cache_alloc_trace+0x49/0x310 [ 652.441558][T19874] __iomap_dio_rw+0xf1/0xad0 [ 652.446325][T19874] ? file_update_time+0x1bd/0x3e0 [ 652.451352][T19874] iomap_dio_rw+0x30/0x70 [ 652.455737][T19874] ext4_file_write_iter+0xa4f/0x11d0 [ 652.461014][T19874] do_iter_readv_writev+0x2cb/0x360 [ 652.466206][T19874] do_iter_write+0x112/0x4c0 [ 652.470786][T19874] ? kmalloc_array+0x2d/0x40 [ 652.475393][T19874] vfs_iter_write+0x4c/0x70 [ 652.479885][T19874] iter_file_splice_write+0x40a/0x750 [ 652.485359][T19874] ? splice_from_pipe+0xc0/0xc0 [ 652.490197][T19874] direct_splice_actor+0x80/0xa0 [ 652.495264][T19874] splice_direct_to_actor+0x345/0x650 [ 652.500723][T19874] ? do_splice_direct+0x170/0x170 [ 652.505784][T19874] do_splice_direct+0xf5/0x170 [ 652.510561][T19874] do_sendfile+0x773/0xda0 [ 652.514964][T19874] __x64_sys_sendfile64+0xf2/0x130 [ 652.520061][T19874] do_syscall_64+0x4a/0x90 [ 652.524536][T19874] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 652.530433][T19874] RIP: 0033:0x4665f9 [ 652.534319][T19874] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 652.553960][T19874] RSP: 002b:00007f66db8d7188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 652.562452][T19874] RAX: ffffffffffffffda RBX: 000000000056c008 RCX: 00000000004665f9 [ 652.570408][T19874] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000003 [ 652.578366][T19874] RBP: 00007f66db8d71d0 R08: 0000000000000000 R09: 0000000000000000 [ 652.586402][T19874] R10: 00008080ffffff7e R11: 0000000000000246 R12: 0000000000000002 [ 652.594367][T19874] R13: 00007ffc1c86f7ef R14: 00007f66db8d7300 R15: 0000000000022000 [ 652.629895][ T1034] loop2: p1 p2 p3 p4 [ 652.634167][ T1034] loop2: p1 start 10 is beyond EOD, truncated [ 652.640327][ T1034] loop2: p2 size 1073872896 extends beyond EOD, truncated [ 652.657821][ T1034] loop2: p3 start 225 is beyond EOD, truncated [ 652.664085][ T1034] loop2: p4 size 3657465856 extends beyond EOD, truncated 17:05:48 executing program 4 (fault-call:11 fault-nth:98): prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x6}, 0x0) r0 = open(&(0x7f00000001c0)='./bus\x00', 0x145842, 0x0) r1 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0) lseek(r1, 0x4200, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r3, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r2, &(0x7f0000000000), 0x10000}]) r4 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r1, r4, 0x0, 0x8400fffffffb) sendfile(r0, r0, 0x0, 0x8080ffffff7e) 17:05:48 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000580)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = socket$inet(0x10, 0x3, 0x0) sendmsg(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000400)="24000000260007031dfffd946fa2837a20200a0009000000001d85680c1ba3a20400ff7e280000001c00ffffba16a0aa1c0009b3ebcd774a3c374a095dca5285307eadea8653a1cc7e63975c", 0x4c}], 0x1}, 0x0) 17:05:48 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.events\x00', 0xb00000000065808, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000140)) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(r2, &(0x7f0000000000), 0xb1d000) ioctl$FITRIM(r0, 0x4030582b, &(0x7f0000000080)={0x204, 0x800004, 0x40000010000}) 17:05:48 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000100)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1000002, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod$loop(&(0x7f00000000c0)='./file0\x00', 0x6000, 0x1) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f0000000100)=@filename='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='ext2\x00', 0x1000000000000000, 0x0) 17:05:48 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000200)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in6=@ipv4={'\x00', '\xff\xff', @broadcast}, 0x0, 0x32}, @in=@dev, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7000000}, {}, {}, 0x0, 0x0, 0xa, 0xd104, 0x0, 0x24}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0) 17:05:48 executing program 0: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.events\x00', 0xb00000000065808, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000140)) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(r2, &(0x7f0000000000), 0xb1d000) ioctl$FITRIM(r0, 0x4030582b, &(0x7f0000000080)={0x600, 0x800004, 0x40000010000}) 17:05:48 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000100)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1000002, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod$loop(&(0x7f00000000c0)='./file0\x00', 0x6000, 0x1) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f0000000100)=@filename='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='ext2\x00', 0x1100000000000000, 0x0) 17:05:48 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000580)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = socket$inet(0x10, 0x3, 0x0) sendmsg(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000400)="24000000260007031dfffd946fa2830025200a0009000000001d85680c1ba3a20400ff7e280000001c00ffffba16a0aa1c0009b3ebcd774a3c374a095dca5285307eadea8653a1cc7e63975c", 0x4c}], 0x1}, 0x0) 17:05:49 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000100)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1000002, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod$loop(&(0x7f00000000c0)='./file0\x00', 0x6000, 0x1) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f0000000100)=@filename='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='ext2\x00', 0x1200000000000000, 0x0) 17:05:49 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.events\x00', 0xb00000000065808, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000140)) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(r2, &(0x7f0000000000), 0xb1d000) ioctl$FITRIM(r0, 0x4030582b, &(0x7f0000000080)={0x300, 0x800004, 0x40000010000}) 17:05:49 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000200)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in6=@ipv4={'\x00', '\xff\xff', @broadcast}, 0x0, 0x32}, @in=@dev, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000}, {}, {}, 0x0, 0x0, 0xa, 0xd104, 0x0, 0x24}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0) [ 653.323485][ T1034] loop2: p1 p2 p3 p4 [ 653.340148][T19934] FAULT_INJECTION: forcing a failure. [ 653.340148][T19934] name failslab, interval 1, probability 0, space 0, times 0 [ 653.352916][T19934] CPU: 0 PID: 19934 Comm: syz-executor.4 Not tainted 5.12.0-syzkaller #0 [ 653.361337][T19934] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 653.366665][ T1034] loop2: p1 start 10 is beyond EOD, [ 653.371475][T19934] Call Trace: [ 653.371485][T19934] dump_stack+0x137/0x19d [ 653.371513][T19934] should_fail+0x23c/0x250 [ 653.371530][T19934] ? ext4_init_io_end+0x2d/0xa0 [ 653.376825][ T1034] truncated [ 653.380071][T19934] __should_failslab+0x81/0x90 [ 653.384385][ T1034] loop2: p2 size 1073872896 extends beyond EOD, [ 653.388774][T19934] should_failslab+0x5/0x20 [ 653.388799][T19934] kmem_cache_alloc+0x46/0x2f0 [ 653.393629][ T1034] truncated 17:05:49 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000580)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = socket$inet(0x10, 0x3, 0x0) sendmsg(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000400)="24000000260007031dfffd946fa2830026200a0009000000001d85680c1ba3a20400ff7e280000001c00ffffba16a0aa1c0009b3ebcd774a3c374a095dca5285307eadea8653a1cc7e63975c", 0x4c}], 0x1}, 0x0) [ 653.402158][ T1034] loop2: p3 start 225 is beyond EOD, [ 653.407820][T19934] ext4_init_io_end+0x2d/0xa0 [ 653.407859][T19934] ext4_writepages+0x6a5/0x1d10 [ 653.407879][T19934] ? virtscsi_queuecommand+0x252/0x2d0 [ 653.412371][ T1034] truncated [ 653.412376][ T1034] loop2: p4 size 3657465856 extends beyond EOD, [ 653.417109][T19934] ? blk_mq_dispatch_rq_list+0xf89/0x10b0 [ 653.417132][T19934] ? deadline_remove_request+0x167/0x180 [ 653.420232][ T1034] truncated [ 653.464452][T19934] ? ext4_readpage+0x140/0x140 [ 653.469299][T19934] do_writepages+0x7b/0x150 [ 653.473882][T19934] ? __perf_event_task_sched_out+0xce0/0xd30 [ 653.474301][ T1034] loop2: p1 p2 p3 p4 [ 653.479866][T19934] ? __cgroup_account_cputime+0x9b/0x1e0 [ 653.479889][T19934] filemap_write_and_wait_range+0x20a/0x390 [ 653.495371][T19934] __iomap_dio_rw+0x500/0xad0 [ 653.497212][ T1034] loop2: p1 start 10 is beyond EOD, truncated [ 653.500051][T19934] ? file_update_time+0x1bd/0x3e0 [ 653.506233][ T1034] loop2: p2 size 1073872896 extends beyond EOD, truncated [ 653.510035][ T1034] loop2: p3 start 225 is beyond EOD, [ 653.511259][T19934] iomap_dio_rw+0x30/0x70 [ 653.511284][T19934] ext4_file_write_iter+0xa4f/0x11d0 [ 653.518423][ T1034] truncated [ 653.523744][T19934] do_iter_readv_writev+0x2cb/0x360 [ 653.528068][ T1034] loop2: p4 size 3657465856 extends beyond EOD, [ 653.533308][T19934] do_iter_write+0x112/0x4c0 [ 653.536419][ T1034] truncated [ 653.541576][T19934] ? kmalloc_array+0x2d/0x40 [ 653.560228][T19934] vfs_iter_write+0x4c/0x70 [ 653.564732][T19934] iter_file_splice_write+0x40a/0x750 [ 653.570232][T19934] ? splice_from_pipe+0xc0/0xc0 [ 653.575188][T19934] direct_splice_actor+0x80/0xa0 [ 653.580207][T19934] splice_direct_to_actor+0x345/0x650 [ 653.585591][T19934] ? do_splice_direct+0x170/0x170 [ 653.590631][T19934] do_splice_direct+0xf5/0x170 [ 653.596098][T19934] do_sendfile+0x773/0xda0 [ 653.600525][T19934] __x64_sys_sendfile64+0xf2/0x130 [ 653.605644][T19934] do_syscall_64+0x4a/0x90 [ 653.610185][T19934] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 653.616156][T19934] RIP: 0033:0x4665f9 [ 653.620052][T19934] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 653.639662][T19934] RSP: 002b:00007f66db8d7188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 653.648089][T19934] RAX: ffffffffffffffda RBX: 000000000056c008 RCX: 00000000004665f9 [ 653.656092][T19934] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000003 [ 653.664071][T19934] RBP: 00007f66db8d71d0 R08: 0000000000000000 R09: 0000000000000000 [ 653.672052][T19934] R10: 00008080ffffff7e R11: 0000000000000246 R12: 0000000000000002 [ 653.680024][T19934] R13: 00007ffc1c86f7ef R14: 00007f66db8d7300 R15: 0000000000022000 [ 653.718970][ T1034] loop2: p1 p2 p3 p4 [ 653.723137][ T1034] loop2: p1 start 10 is beyond EOD, truncated [ 653.729279][ T1034] loop2: p2 size 1073872896 extends beyond EOD, truncated [ 653.736785][ T1034] loop2: p3 start 225 is beyond EOD, truncated [ 653.743022][ T1034] loop2: p4 size 3657465856 extends beyond EOD, truncated 17:05:49 executing program 4 (fault-call:11 fault-nth:99): prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x6}, 0x0) r0 = open(&(0x7f00000001c0)='./bus\x00', 0x145842, 0x0) r1 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0) lseek(r1, 0x4200, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r3, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r2, &(0x7f0000000000), 0x10000}]) r4 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r1, r4, 0x0, 0x8400fffffffb) sendfile(r0, r0, 0x0, 0x8080ffffff7e) 17:05:49 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000200)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in6=@ipv4={'\x00', '\xff\xff', @broadcast}, 0x0, 0x32}, @in=@dev, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9000000}, {}, {}, 0x0, 0x0, 0xa, 0xd104, 0x0, 0x24}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0) 17:05:49 executing program 0: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.events\x00', 0xb00000000065808, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000140)) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(r2, &(0x7f0000000000), 0xb1d000) ioctl$FITRIM(r0, 0x4030582b, &(0x7f0000000080)={0x604, 0x800004, 0x40000010000}) 17:05:49 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000100)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1000002, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod$loop(&(0x7f00000000c0)='./file0\x00', 0x6000, 0x1) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f0000000100)=@filename='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='ext2\x00', 0x2000000000000000, 0x0) 17:05:49 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000580)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = socket$inet(0x10, 0x3, 0x0) sendmsg(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000400)="24000000260007031dfffd946fa2830029200a0009000000001d85680c1ba3a20400ff7e280000001c00ffffba16a0aa1c0009b3ebcd774a3c374a095dca5285307eadea8653a1cc7e63975c", 0x4c}], 0x1}, 0x0) 17:05:49 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.events\x00', 0xb00000000065808, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000140)) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(r2, &(0x7f0000000000), 0xb1d000) ioctl$FITRIM(r0, 0x4030582b, &(0x7f0000000080)={0x402, 0x800004, 0x40000010000}) 17:05:49 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000100)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1000002, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod$loop(&(0x7f00000000c0)='./file0\x00', 0x6000, 0x1) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f0000000100)=@filename='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='ext2\x00', 0x2010000000000000, 0x0) 17:05:49 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000200)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in6=@ipv4={'\x00', '\xff\xff', @broadcast}, 0x0, 0x32}, @in=@dev, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa000000}, {}, {}, 0x0, 0x0, 0xa, 0xd104, 0x0, 0x24}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0) 17:05:49 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000580)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = socket$inet(0x10, 0x3, 0x0) sendmsg(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000400)="24000000260007031dfffd946fa283000a200a0009000000001d85680c1ba3a20400ff7e280000001c00ffffba16a0aa1c0009b3ebcd774a3c374a095dca5285307eadea8653a1cc7e63975c", 0x4c}], 0x1}, 0x0) 17:05:49 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000100)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1000002, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod$loop(&(0x7f00000000c0)='./file0\x00', 0x6000, 0x1) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f0000000100)=@filename='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='ext2\x00', 0x2500000000000000, 0x0) [ 654.293137][ T1034] loop2: p1 p2 p3 p4 [ 654.312701][ T1034] loop2: p1 start 10 is beyond EOD, truncated [ 654.318843][ T1034] loop2: p2 size 1073872896 extends beyond EOD, truncated [ 654.329200][T20022] FAULT_INJECTION: forcing a failure. [ 654.329200][T20022] name failslab, interval 1, probability 0, space 0, times 0 [ 654.341956][T20022] CPU: 1 PID: 20022 Comm: syz-executor.4 Not tainted 5.12.0-syzkaller #0 [ 654.347691][ T1034] loop2: p3 start 225 is beyond EOD, [ 654.350459][T20022] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 654.355825][ T1034] truncated [ 654.355831][ T1034] loop2: p4 size 3657465856 extends beyond EOD, [ 654.365860][T20022] Call Trace: [ 654.365869][T20022] dump_stack+0x137/0x19d [ 654.365892][T20022] should_fail+0x23c/0x250 [ 654.368998][ T1034] truncated [ 654.375375][T20022] ? mempool_alloc_slab+0x16/0x20 [ 654.395468][T20022] __should_failslab+0x81/0x90 [ 654.400280][T20022] should_failslab+0x5/0x20 [ 654.404795][T20022] kmem_cache_alloc+0x46/0x2f0 [ 654.409570][T20022] mempool_alloc_slab+0x16/0x20 [ 654.414433][T20022] ? mempool_free+0x130/0x130 [ 654.419126][T20022] mempool_alloc+0x8c/0x300 [ 654.423630][T20022] ? ext4_es_lookup_extent+0x36b/0x490 [ 654.429118][T20022] ? iov_iter_alignment+0x77a/0x800 [ 654.434431][T20022] bio_alloc_bioset+0xcc/0x480 17:05:50 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000200)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in6=@ipv4={'\x00', '\xff\xff', @broadcast}, 0x0, 0x32}, @in=@dev, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb000000}, {}, {}, 0x0, 0x0, 0xa, 0xd104, 0x0, 0x24}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0) 17:05:50 executing program 0: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.events\x00', 0xb00000000065808, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000140)) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(r2, &(0x7f0000000000), 0xb1d000) ioctl$FITRIM(r0, 0x4030582b, &(0x7f0000000080)={0x700, 0x800004, 0x40000010000}) [ 654.439228][T20022] iomap_dio_bio_actor+0x511/0xb50 [ 654.444345][T20022] iomap_dio_actor+0x26e/0x3b0 [ 654.449120][T20022] ? ext4_iomap_overwrite_begin+0x5e/0x80 [ 654.454852][T20022] iomap_apply+0x1e2/0x400 [ 654.459275][T20022] __iomap_dio_rw+0x5af/0xad0 [ 654.464042][T20022] ? __iomap_dio_rw+0xad0/0xad0 [ 654.468953][T20022] iomap_dio_rw+0x30/0x70 [ 654.473462][T20022] ext4_file_write_iter+0xa4f/0x11d0 [ 654.478739][T20022] do_iter_readv_writev+0x2cb/0x360 [ 654.483934][T20022] do_iter_write+0x112/0x4c0 [ 654.488603][T20022] ? kmalloc_array+0x2d/0x40 [ 654.493278][T20022] vfs_iter_write+0x4c/0x70 [ 654.497767][T20022] iter_file_splice_write+0x40a/0x750 [ 654.503363][T20022] ? splice_from_pipe+0xc0/0xc0 [ 654.508239][T20022] direct_splice_actor+0x80/0xa0 [ 654.513183][T20022] splice_direct_to_actor+0x345/0x650 [ 654.518563][T20022] ? do_splice_direct+0x170/0x170 [ 654.523739][T20022] do_splice_direct+0xf5/0x170 [ 654.528610][T20022] do_sendfile+0x773/0xda0 [ 654.533009][T20022] __x64_sys_sendfile64+0xf2/0x130 [ 654.538197][T20022] do_syscall_64+0x4a/0x90 [ 654.542647][T20022] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 654.548531][T20022] RIP: 0033:0x4665f9 [ 654.552477][T20022] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 654.572086][T20022] RSP: 002b:00007f66db8d7188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 654.580570][T20022] RAX: ffffffffffffffda RBX: 000000000056c008 RCX: 00000000004665f9 [ 654.588545][T20022] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000003 [ 654.596503][T20022] RBP: 00007f66db8d71d0 R08: 0000000000000000 R09: 0000000000000000 [ 654.604500][T20022] R10: 00008080ffffff7e R11: 0000000000000246 R12: 0000000000000003 [ 654.612540][T20022] R13: 00007ffc1c86f7ef R14: 00007f66db8d7300 R15: 0000000000022000 [ 654.666068][ T1034] loop2: p1 p2 p3 p4 [ 654.686924][ T1034] loop2: p1 start 10 is beyond EOD, truncated [ 654.693093][ T1034] loop2: p2 size 1073872896 extends beyond EOD, truncated [ 654.704552][ T1034] loop2: p3 start 225 is beyond EOD, truncated [ 654.710920][ T1034] loop2: p4 size 3657465856 extends beyond EOD, truncated 17:05:50 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x6}, 0x0) r0 = open(&(0x7f00000001c0)='./bus\x00', 0x145842, 0x0) r1 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0) lseek(r1, 0x4200, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r3, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r2, &(0x7f0000000000), 0x10000}]) r4 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r1, r4, 0x0, 0x8400fffffffb) sendfile(r0, r0, 0x0, 0x8080ffffff7e) 17:05:50 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000580)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = socket$inet(0x10, 0x3, 0x0) sendmsg(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000400)="24000000260007031dfffd946fa2830025200a0009000000001d85680c1ba3a20400ff7e280000001c00ffffba16a0aa1c0009b3ebcd774a3c374a095dca5285307eadea8653a1cc7e63975c", 0x4c}], 0x1}, 0x0) 17:05:50 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000100)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1000002, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod$loop(&(0x7f00000000c0)='./file0\x00', 0x6000, 0x1) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f0000000100)=@filename='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='ext2\x00', 0x3f00000000000000, 0x0) 17:05:50 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.events\x00', 0xb00000000065808, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000140)) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(r2, &(0x7f0000000000), 0xb1d000) ioctl$FITRIM(r0, 0x4030582b, &(0x7f0000000080)={0x406, 0x800004, 0x40000010000}) 17:05:50 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000200)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in6=@ipv4={'\x00', '\xff\xff', @broadcast}, 0x0, 0x32}, @in=@dev, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc000000}, {}, {}, 0x0, 0x0, 0xa, 0xd104, 0x0, 0x24}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0) 17:05:50 executing program 0: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.events\x00', 0xb00000000065808, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000140)) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(r2, &(0x7f0000000000), 0xb1d000) ioctl$FITRIM(r0, 0x4030582b, &(0x7f0000000080)={0x900, 0x800004, 0x40000010000}) 17:05:50 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000100)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1000002, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod$loop(&(0x7f00000000c0)='./file0\x00', 0x6000, 0x1) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f0000000100)=@filename='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='ext2\x00', 0x4000000000000000, 0x0) [ 655.163430][T20062] __nla_validate_parse: 16 callbacks suppressed [ 655.163446][T20062] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.2'. 17:05:50 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000200)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in6=@ipv4={'\x00', '\xff\xff', @broadcast}, 0x0, 0x32}, @in=@dev, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd000000}, {}, {}, 0x0, 0x0, 0xa, 0xd104, 0x0, 0x24}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0) 17:05:50 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000100)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1000002, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod$loop(&(0x7f00000000c0)='./file0\x00', 0x6000, 0x1) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f0000000100)=@filename='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='ext2\x00', 0x4800000000000000, 0x0) 17:05:51 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.events\x00', 0xb00000000065808, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000140)) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(r2, &(0x7f0000000000), 0xb1d000) ioctl$FITRIM(r0, 0x4030582b, &(0x7f0000000080)={0x500, 0x800004, 0x40000010000}) [ 655.264504][T20083] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.2'. 17:05:51 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000200)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in6=@ipv4={'\x00', '\xff\xff', @broadcast}, 0x0, 0x32}, @in=@dev, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe000000}, {}, {}, 0x0, 0x0, 0xa, 0xd104, 0x0, 0x24}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0) 17:05:51 executing program 0: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.events\x00', 0xb00000000065808, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000140)) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(r2, &(0x7f0000000000), 0xb1d000) ioctl$FITRIM(r0, 0x4030582b, &(0x7f0000000080)={0xa00, 0x800004, 0x40000010000}) [ 655.378499][ T1034] loop2: p1 p2 p3 p4 [ 655.395558][ T1034] loop2: p1 start 10 is beyond EOD, truncated [ 655.401708][ T1034] loop2: p2 size 1073872896 extends beyond EOD, truncated [ 655.415106][ T1034] loop2: p3 start 225 is beyond EOD, truncated [ 655.421463][ T1034] loop2: p4 size 3657465856 extends beyond EOD, truncated 17:05:51 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000580)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = socket$inet(0x10, 0x3, 0x0) sendmsg(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000400)="24000000260007031dfffd946fa2830026200a0009000000001d85680c1ba3a20400ff7e280000001c00ffffba16a0aa1c0009b3ebcd774a3c374a095dca5285307eadea8653a1cc7e63975c", 0x4c}], 0x1}, 0x0) 17:05:51 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000100)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1000002, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod$loop(&(0x7f00000000c0)='./file0\x00', 0x6000, 0x1) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f0000000100)=@filename='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='ext2\x00', 0x4c00000000000000, 0x0) 17:05:51 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000200)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in6=@ipv4={'\x00', '\xff\xff', @broadcast}, 0x0, 0x32}, @in=@dev, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000000}, {}, {}, 0x0, 0x0, 0xa, 0xd104, 0x0, 0x24}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0) 17:05:51 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.events\x00', 0xb00000000065808, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000140)) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(r2, &(0x7f0000000000), 0xb1d000) ioctl$FITRIM(r0, 0x4030582b, &(0x7f0000000080)={0x600, 0x800004, 0x40000010000}) 17:05:51 executing program 0: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.events\x00', 0xb00000000065808, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000140)) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(r2, &(0x7f0000000000), 0xb1d000) ioctl$FITRIM(r0, 0x4030582b, &(0x7f0000000080)={0xb00, 0x800004, 0x40000010000}) 17:05:51 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x6}, 0x0) r0 = open(&(0x7f00000001c0)='./bus\x00', 0x145842, 0x0) r1 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0) lseek(r1, 0x4200, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r3, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r2, &(0x7f0000000000), 0x10000}]) r4 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r1, r4, 0x0, 0x8400fffffffb) sendfile(r0, r0, 0x0, 0x7ffff000) 17:05:51 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000100)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1000002, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod$loop(&(0x7f00000000c0)='./file0\x00', 0x6000, 0x1) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f0000000100)=@filename='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='ext2\x00', 0x53efffff00000000, 0x0) 17:05:51 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000200)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in6=@ipv4={'\x00', '\xff\xff', @broadcast}, 0x0, 0x32}, @in=@dev, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x11000000}, {}, {}, 0x0, 0x0, 0xa, 0xd104, 0x0, 0x24}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0) [ 656.154587][T20127] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.2'. 17:05:51 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000100)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1000002, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod$loop(&(0x7f00000000c0)='./file0\x00', 0x6000, 0x1) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f0000000100)=@filename='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='ext2\x00', 0x6000000000000000, 0x0) 17:05:51 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000580)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = socket$inet(0x10, 0x3, 0x0) sendmsg(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000400)="24000000260007031dfffd946fa2830029200a0009000000001d85680c1ba3a20400ff7e280000001c00ffffba16a0aa1c0009b3ebcd774a3c374a095dca5285307eadea8653a1cc7e63975c", 0x4c}], 0x1}, 0x0) [ 656.212490][T20140] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.2'. 17:05:52 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000200)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in6=@ipv4={'\x00', '\xff\xff', @broadcast}, 0x0, 0x32}, @in=@dev, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x12000000}, {}, {}, 0x0, 0x0, 0xa, 0xd104, 0x0, 0x24}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0) [ 656.284767][ T1034] loop2: p1 p2 p3 p4 [ 656.290716][ T1034] loop2: p1 start 10 is beyond EOD, truncated [ 656.296892][ T1034] loop2: p2 size 1073872896 extends beyond EOD, truncated [ 656.321162][ T1034] loop2: p3 start 225 is beyond EOD, truncated 17:05:52 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.events\x00', 0xb00000000065808, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000140)) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(r2, &(0x7f0000000000), 0xb1d000) ioctl$FITRIM(r0, 0x4030582b, &(0x7f0000000080)={0x604, 0x800004, 0x40000010000}) 17:05:52 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000100)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1000002, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod$loop(&(0x7f00000000c0)='./file0\x00', 0x6000, 0x1) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f0000000100)=@filename='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='ext2\x00', 0x6800000000000000, 0x0) [ 656.326408][T20163] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.2'. [ 656.327657][ T1034] loop2: p4 size 3657465856 extends beyond EOD, truncated [ 656.347222][T20167] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.2'. 17:05:52 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000200)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in6=@ipv4={'\x00', '\xff\xff', @broadcast}, 0x0, 0x32}, @in=@dev, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x14000000}, {}, {}, 0x0, 0x0, 0xa, 0xd104, 0x0, 0x24}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0) 17:05:52 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000580)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = socket$inet(0x10, 0x3, 0x0) sendmsg(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000400)="24000000260007031dfffd946fa28300200a0a0009000000001d85680c1ba3a20400ff7e280000001c00ffffba16a0aa1c0009b3ebcd774a3c374a095dca5285307eadea8653a1cc7e63975c", 0x4c}], 0x1}, 0x0) 17:05:52 executing program 0: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.events\x00', 0xb00000000065808, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000140)) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(r2, &(0x7f0000000000), 0xb1d000) ioctl$FITRIM(r0, 0x4030582b, &(0x7f0000000080)={0xc00, 0x800004, 0x40000010000}) 17:05:52 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000100)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1000002, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod$loop(&(0x7f00000000c0)='./file0\x00', 0x6000, 0x1) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f0000000100)=@filename='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='ext2\x00', 0x6c00000000000000, 0x0) [ 656.445376][T20185] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.2'. [ 656.492426][T20192] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.2'. [ 656.507486][ T1034] loop2: p1 p2 p3 p4 [ 656.512330][ T1034] loop2: p1 start 10 is beyond EOD, truncated [ 656.518541][ T1034] loop2: p2 size 1073872896 extends beyond EOD, truncated [ 656.532971][ T1034] loop2: p3 start 225 is beyond EOD, truncated [ 656.539317][ T1034] loop2: p4 size 3657465856 extends beyond EOD, truncated 17:05:52 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000100)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1000002, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod$loop(&(0x7f00000000c0)='./file0\x00', 0x6000, 0x1) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f0000000100)=@filename='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='ext2\x00', 0x7400000000000000, 0x0) 17:05:52 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000200)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in6=@ipv4={'\x00', '\xff\xff', @broadcast}, 0x0, 0x32}, @in=@dev, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x17000000}, {}, {}, 0x0, 0x0, 0xa, 0xd104, 0x0, 0x24}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0) 17:05:52 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000580)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = socket$inet(0x10, 0x3, 0x0) sendmsg(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000400)="24000000260007031dfffd946fa2830020250a0009000000001d85680c1ba3a20400ff7e280000001c00ffffba16a0aa1c0009b3ebcd774a3c374a095dca5285307eadea8653a1cc7e63975c", 0x4c}], 0x1}, 0x0) 17:05:52 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.events\x00', 0xb00000000065808, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000140)) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(r2, &(0x7f0000000000), 0xb1d000) ioctl$FITRIM(r0, 0x4030582b, &(0x7f0000000080)={0x700, 0x800004, 0x40000010000}) 17:05:52 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x6}, 0x0) r0 = open(&(0x7f00000001c0)='./bus\x00', 0x145842, 0x0) r1 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0) lseek(r1, 0x4200, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r3, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r2, &(0x7f0000000000), 0x10000}]) r4 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r1, r4, 0x0, 0x8400fffffffb) sendfile(r0, r0, 0x0, 0x8080ffffff79) 17:05:52 executing program 0: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.events\x00', 0xb00000000065808, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000140)) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(r2, &(0x7f0000000000), 0xb1d000) ioctl$FITRIM(r0, 0x4030582b, &(0x7f0000000080)={0xd00, 0x800004, 0x40000010000}) 17:05:52 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000100)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1000002, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod$loop(&(0x7f00000000c0)='./file0\x00', 0x6000, 0x1) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f0000000100)=@filename='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='ext2\x00', 0x7a00000000000000, 0x0) 17:05:52 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000200)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in6=@ipv4={'\x00', '\xff\xff', @broadcast}, 0x0, 0x32}, @in=@dev, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000}, {}, {}, 0x0, 0x0, 0xa, 0xd104, 0x0, 0x24}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0) [ 657.125313][T20215] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.2'. 17:05:52 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000580)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = socket$inet(0x10, 0x3, 0x0) sendmsg(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000400)="24000000260007031dfffd946fa2830020260a0009000000001d85680c1ba3a20400ff7e280000001c00ffffba16a0aa1c0009b3ebcd774a3c374a095dca5285307eadea8653a1cc7e63975c", 0x4c}], 0x1}, 0x0) 17:05:52 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000100)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1000002, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod$loop(&(0x7f00000000c0)='./file0\x00', 0x6000, 0x1) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f0000000100)=@filename='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='ext2\x00', 0x8cffffff00000000, 0x0) [ 657.176007][T20228] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.2'. 17:05:52 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000200)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in6=@ipv4={'\x00', '\xff\xff', @broadcast}, 0x0, 0x32}, @in=@dev, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80060000}, {}, {}, 0x0, 0x0, 0xa, 0xd104, 0x0, 0x24}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0) 17:05:53 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000100)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1000002, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod$loop(&(0x7f00000000c0)='./file0\x00', 0x6000, 0x1) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f0000000100)=@filename='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='ext2\x00', 0xdaffffff00000000, 0x0) [ 657.231181][ T1034] loop2: p1 p2 p3 p4 [ 657.237697][ T1034] loop2: p1 start 10 is beyond EOD, truncated [ 657.243960][ T1034] loop2: p2 size 1073872896 extends beyond EOD, truncated [ 657.255701][ T1034] loop2: p3 start 225 is beyond EOD, truncated [ 657.261934][ T1034] loop2: p4 size 3657465856 extends beyond EOD, truncated 17:05:53 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000580)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = socket$inet(0x10, 0x3, 0x0) sendmsg(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000400)="24000000260007031dfffd946fa2830020290a0009000000001d85680c1ba3a20400ff7e280000001c00ffffba16a0aa1c0009b3ebcd774a3c374a095dca5285307eadea8653a1cc7e63975c", 0x4c}], 0x1}, 0x0) 17:05:53 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.events\x00', 0xb00000000065808, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000140)) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(r2, &(0x7f0000000000), 0xb1d000) ioctl$FITRIM(r0, 0x4030582b, &(0x7f0000000080)={0x900, 0x800004, 0x40000010000}) 17:05:53 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000200)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in6=@ipv4={'\x00', '\xff\xff', @broadcast}, 0x0, 0x32}, @in=@dev, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9effffff}, {}, {}, 0x0, 0x0, 0xa, 0xd104, 0x0, 0x24}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0) 17:05:53 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000100)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1000002, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod$loop(&(0x7f00000000c0)='./file0\x00', 0x6000, 0x1) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f0000000100)=@filename='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='ext2\x00', 0xf6ffffff00000000, 0x0) [ 657.372188][ T1034] loop2: p1 p2 p3 p4 [ 657.377363][ T1034] loop2: p1 start 10 is beyond EOD, truncated [ 657.383562][ T1034] loop2: p2 size 1073872896 extends beyond EOD, truncated [ 657.396180][ T1034] loop2: p3 start 225 is beyond EOD, truncated [ 657.402848][ T1034] loop2: p4 size 3657465856 extends beyond EOD, truncated [ 657.463182][ T1034] loop2: p1 p2 p3 p4 [ 657.471570][ T1034] loop2: p1 start 10 is beyond EOD, truncated [ 657.477771][ T1034] loop2: p2 size 1073872896 extends beyond EOD, truncated [ 657.486256][ T1034] loop2: p3 start 225 is beyond EOD, truncated [ 657.492548][ T1034] loop2: p4 size 3657465856 extends beyond EOD, truncated 17:05:53 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000580)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = socket$inet(0x10, 0x3, 0x0) sendmsg(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000400)="24000000260007031dfffd946fa283002020050009000000001d85680c1ba3a20400ff7e280000001c00ffffba16a0aa1c0009b3ebcd774a3c374a095dca5285307eadea8653a1cc7e63975c", 0x4c}], 0x1}, 0x0) 17:05:53 executing program 0: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.events\x00', 0xb00000000065808, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000140)) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(r2, &(0x7f0000000000), 0xb1d000) ioctl$FITRIM(r0, 0x4030582b, &(0x7f0000000080)={0xf00, 0x800004, 0x40000010000}) 17:05:53 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000100)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1000002, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod$loop(&(0x7f00000000c0)='./file0\x00', 0x6000, 0x1) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f0000000100)=@filename='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='ext2\x00', 0xf9fdffff00000000, 0x0) 17:05:53 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000200)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in6=@ipv4={'\x00', '\xff\xff', @broadcast}, 0x0, 0x32}, @in=@dev, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xeaffffff}, {}, {}, 0x0, 0x0, 0xa, 0xd104, 0x0, 0x24}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0) 17:05:53 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x6}, 0x0) r0 = open(&(0x7f00000001c0)='./bus\x00', 0x145842, 0x0) r1 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0) lseek(r1, 0x4200, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r3, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r2, &(0x7f0000000000), 0x10000}]) r4 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r1, r4, 0x0, 0x8400fffffffb) sendfile(r0, r0, 0x0, 0x8080ffffff7a) 17:05:53 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.events\x00', 0xb00000000065808, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000140)) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(r2, &(0x7f0000000000), 0xb1d000) ioctl$FITRIM(r0, 0x4030582b, &(0x7f0000000080)={0xa00, 0x800004, 0x40000010000}) 17:05:53 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000100)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1000002, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod$loop(&(0x7f00000000c0)='./file0\x00', 0x6000, 0x1) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f0000000100)=@filename='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='ext2\x00', 0xfeffffff00000000, 0x0) 17:05:53 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000200)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in6=@ipv4={'\x00', '\xff\xff', @broadcast}, 0x0, 0x32}, @in=@dev, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xefffffff}, {}, {}, 0x0, 0x0, 0xa, 0xd104, 0x0, 0x24}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0) 17:05:53 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000580)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = socket$inet(0x10, 0x3, 0x0) sendmsg(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000400)="24000000260007031dfffd946fa2830020200c0009000000001d85680c1ba3a20400ff7e280000001c00ffffba16a0aa1c0009b3ebcd774a3c374a095dca5285307eadea8653a1cc7e63975c", 0x4c}], 0x1}, 0x0) 17:05:53 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000100)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1000002, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod$loop(&(0x7f00000000c0)='./file0\x00', 0x6000, 0x1) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f0000000100)=@filename='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='ext2\x00', 0xff0f000000000000, 0x0) 17:05:53 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000200)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in6=@ipv4={'\x00', '\xff\xff', @broadcast}, 0x0, 0x32}, @in=@dev, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf0ffffff}, {}, {}, 0x0, 0x0, 0xa, 0xd104, 0x0, 0x24}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0) [ 658.230607][ T1034] loop2: p1 p2 p3 p4 17:05:53 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.events\x00', 0xb00000000065808, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000140)) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(r2, &(0x7f0000000000), 0xb1d000) ioctl$FITRIM(r0, 0x4030582b, &(0x7f0000000080)={0xb00, 0x800004, 0x40000010000}) 17:05:54 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000580)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = socket$inet(0x10, 0x3, 0x0) sendmsg(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000400)="24000000260007031dfffd946fa283002020250009000000001d85680c1ba3a20400ff7e280000001c00ffffba16a0aa1c0009b3ebcd774a3c374a095dca5285307eadea8653a1cc7e63975c", 0x4c}], 0x1}, 0x0) [ 658.264498][ T1034] loop2: p1 start 10 is beyond EOD, truncated [ 658.270730][ T1034] loop2: p2 size 1073872896 extends beyond EOD, truncated [ 658.334014][ T1034] loop2: p3 start 225 is beyond EOD, truncated [ 658.340263][ T1034] loop2: p4 size 3657465856 extends beyond EOD, truncated 17:05:54 executing program 0: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.events\x00', 0xb00000000065808, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000140)) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(r2, &(0x7f0000000000), 0xb1d000) ioctl$FITRIM(r0, 0x4030582b, &(0x7f0000000080)={0x1100, 0x800004, 0x40000010000}) 17:05:54 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000100)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1000002, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod$loop(&(0x7f00000000c0)='./file0\x00', 0x6000, 0x1) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f0000000100)=@filename='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='ext2\x00', 0xffffff7f00000000, 0x0) 17:05:54 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000200)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in6=@ipv4={'\x00', '\xff\xff', @broadcast}, 0x0, 0x32}, @in=@dev, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfcffffff}, {}, {}, 0x0, 0x0, 0xa, 0xd104, 0x0, 0x24}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0) [ 658.374492][ T1034] loop2: p1 p2 p3 p4 [ 658.388482][ T1034] loop2: p1 start 10 is beyond EOD, truncated [ 658.394578][ T1034] loop2: p2 size 1073872896 extends beyond EOD, truncated [ 658.403462][ T1034] loop2: p3 start 225 is beyond EOD, truncated [ 658.409772][ T1034] loop2: p4 size 3657465856 extends beyond EOD, truncated 17:05:54 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000100)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1000002, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod$loop(&(0x7f00000000c0)='./file0\x00', 0x6000, 0x1) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f0000000100)=@filename='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='ext2\x00', 0xffffffff00000000, 0x0) 17:05:54 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000580)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = socket$inet(0x10, 0x3, 0x0) sendmsg(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000400)="24000000260007031dfffd946fa283002020030209000000001d85680c1ba3a20400ff7e280000001c00ffffba16a0aa1c0009b3ebcd774a3c374a095dca5285307eadea8653a1cc7e63975c", 0x4c}], 0x1}, 0x0) 17:05:54 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000200)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in6=@ipv4={'\x00', '\xff\xff', @broadcast}, 0x0, 0x32}, @in=@dev, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfeffffff}, {}, {}, 0x0, 0x0, 0xa, 0xd104, 0x0, 0x24}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0) 17:05:54 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x6}, 0x0) r0 = open(&(0x7f00000001c0)='./bus\x00', 0x145842, 0x0) r1 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0) lseek(r1, 0x4200, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r3, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r2, &(0x7f0000000000), 0x10000}]) r4 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r1, r4, 0x0, 0x8400fffffffb) sendfile(r0, r0, 0x0, 0x8080ffffff7b) 17:05:54 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.events\x00', 0xb00000000065808, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000140)) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(r2, &(0x7f0000000000), 0xb1d000) ioctl$FITRIM(r0, 0x4030582b, &(0x7f0000000080)={0xc00, 0x800004, 0x40000010000}) 17:05:54 executing program 0: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.events\x00', 0xb00000000065808, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000140)) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(r2, &(0x7f0000000000), 0xb1d000) ioctl$FITRIM(r0, 0x4030582b, &(0x7f0000000080)={0x1200, 0x800004, 0x40000010000}) 17:05:54 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000100)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1000002, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod$loop(&(0x7f00000000c0)='./file0\x00', 0x6000, 0x1) syz_mount_image$ext4(&(0x7f0000000000)='ext2\x00', &(0x7f0000000040)='./file0\x00', 0x1ff, 0x7, &(0x7f0000000640)=[{&(0x7f00000001c0)="d873dc174c87e08cdf8be897467633ff31810829bf4140f8c02cffb123a342326c730259f78ac1deafe8b3d1e08c89819c40fd5a49af3d9ce5dbfb01196d2b6423ec5dbe28eec70d771b2d6844f48ac21fb013aa1d16d4a1d53bf60ce1581c15c4f6428827c5c60b47058581da9a968c6c7b674bbb0115f05e42e42617b9e6df112d6fc326cf4a211d14ed0a7964fc8fbb950d1c78b562", 0x97, 0x10001}, {&(0x7f0000000280)="7aefebb842ad21cab094b0e3b1739dd172ceccffb187ea8952648cd8e17009334ee1b478ecb97e942f219277946cb21d1db8ab34e10e83efe829e4f8e9de8fdd9f5e15b38b723b5cf30454b0c5e11ba4a0339b36f2c609a56a1059a2ebc0d3693a0ed5a7a1ba0db1ab654afc7f2f5dd178dd861e07ca5200f3c9c8d362c846e94469a3b4e3f5270490105f53e46245010eade3afa22447eed34007aeec2c8618a05e40cde8881c821bad164538b487f7a2f275b38dde6f772c18c73ae22639a57cf27faff56ed083b11afa11ad78dfb65d15", 0xd2, 0x2}, {&(0x7f0000000380)="de099d399112a4287662e468e2bbb6df2147604e262696e9a7b4b3e87e06f5aabe5db69b673491f47c6f921537da1326a69cec3e39a6496d287363351baa6f0367ab35ecad834c79924513dcbf9dc47af69497a51978c4defb2e8642fe062dbd81ba319954889cbb06bed4ea5c9a7d49420f05ea498f5644a33eebbbe3fc04b74bd382a379775ed7044351165beedce6c1810a3ac7db7ac6d31e9a4389abe4fde30b446204bae6d6ce6ea81528e942ea121711e695f6fdd9faf522f2212da8c0cb047862890565cfa22f2aa8d4bf804d996fda", 0xd3, 0x1}, {&(0x7f0000000480)="4e58ea01adf4e592750df64b5f6a7f09c13b6e6a4e0215b00eb116266a26841c3ef1366690afb0cc1eb5f0ab4b29606e7c90cfb9a9c587afea2ac312afe526d1ac94a67fa192db2260cd7a8b49834666dca2af", 0x53, 0xf0}, {&(0x7f0000000080)="534108268da8e9d8af4f1cb27d445a4f6a40afb09a28fb27f27588e985cf8239efc8e1de0114f2affc07", 0x2a, 0x7fff}, {&(0x7f0000000500)="bf55568d1f2442aa8b349595e44432c82236894d86352dcf53693bdc1c09452f5b8098dcadad99682e84f5414bea2ca303f5d900e541417299627a44fa2a5b7a4c0b53c21eda068f5aa0b11521", 0x4d, 0x3}, {&(0x7f0000000580)="17d16cce0b01ef7673965beeae81952e7e21ac147cc95a7d2ea5996ad922f1b1792a90a63b5a9bac0792a5189df509669cac123ee211a46ac8c43df09e108c8d6f5e18cbe913d7f8ff6ad4ca380034183af7a10f04b080faf2b9f90c0f11a0d8be8de9cc359c16b1dbb30d25f3b935b0289a4fa8215a1455712d3cf8faf3bb1126b897d81209c7e3cba746c1b81cfb786c8aca4a2e60f624", 0x98, 0x8}], 0x20200a0, &(0x7f0000000700)=ANY=[@ANYBLOB='barrier,block_validity,dioread_lock,lazytime,max_batch_time=000000000000008,auto_da_alloc,abort,lazytime,obj_user=,mask=MAY_WRITE,func=KEXEC_INITRAMFS_C_ECK,pcr=00000000000000000058,\x00\x00\x00\x00']) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f0000000100)=@filename='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='ext2\x00', 0x0, 0x0) 17:05:54 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000200)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in6=@ipv4={'\x00', '\xff\xff', @broadcast}, 0x0, 0x32}, @in=@dev, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffff7f}, {}, {}, 0x0, 0x0, 0xa, 0xd104, 0x0, 0x24}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0) 17:05:54 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000580)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = socket$inet(0x10, 0x3, 0x0) sendmsg(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000400)="24000000260007031dfffd946fa283002020be2809000000001d85680c1ba3a20400ff7e280000001c00ffffba16a0aa1c0009b3ebcd774a3c374a095dca5285307eadea8653a1cc7e63975c", 0x4c}], 0x1}, 0x0) 17:05:54 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000200)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in6=@ipv4={'\x00', '\xff\xff', @broadcast}, 0x0, 0x32}, @in=@dev, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffff9e}, {}, {}, 0x0, 0x0, 0xa, 0xd104, 0x0, 0x24}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0) [ 659.239251][ T1034] loop2: p1 p2 p3 p4 [ 659.247526][T20411] EXT4-fs (loop7): VFS: Can't find ext4 filesystem [ 659.249888][ T1034] loop2: p1 start 10 is beyond EOD, truncated [ 659.260340][ T1034] loop2: p2 size 1073872896 extends beyond EOD, truncated [ 659.274585][ T1034] loop2: p3 start 225 is beyond EOD, truncated [ 659.280843][ T1034] loop2: p4 size 3657465856 extends beyond EOD, truncated 17:05:55 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000580)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = socket$inet(0x10, 0x3, 0x0) sendmsg(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000400)="24000000260007031dfffd946fa2830020200a0003000000001d85680c1ba3a20400ff7e280000001c00ffffba16a0aa1c0009b3ebcd774a3c374a095dca5285307eadea8653a1cc7e63975c", 0x4c}], 0x1}, 0x0) 17:05:55 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000100)='./file0\x00', 0x441, 0x20) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1000002, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod$loop(&(0x7f00000000c0)='./file0\x00', 0x6000, 0x1) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f0000000100)=@filename='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='ext2\x00', 0x0, 0x0) 17:05:55 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.events\x00', 0xb00000000065808, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000140)) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(r2, &(0x7f0000000000), 0xb1d000) ioctl$FITRIM(r0, 0x4030582b, &(0x7f0000000080)={0xd00, 0x800004, 0x40000010000}) [ 659.306306][T20420] EXT4-fs (loop7): VFS: Can't find ext4 filesystem 17:05:55 executing program 0: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.events\x00', 0xb00000000065808, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000140)) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(r2, &(0x7f0000000000), 0xb1d000) ioctl$FITRIM(r0, 0x4030582b, &(0x7f0000000080)={0x2000, 0x800004, 0x40000010000}) 17:05:55 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000200)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in6=@ipv4={'\x00', '\xff\xff', @broadcast}, 0x0, 0x32}, @in=@dev, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffea}, {}, {}, 0x0, 0x0, 0xa, 0xd104, 0x0, 0x24}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0) [ 659.368220][ T1034] loop2: p1 p2 p3 p4 [ 659.385012][ T1034] loop2: p1 start 10 is beyond EOD, truncated [ 659.391178][ T1034] loop2: p2 size 1073872896 extends beyond EOD, truncated [ 659.401041][T20440] EXT4-fs (loop7): VFS: Can't find ext4 filesystem [ 659.402108][ T1034] loop2: p3 start 225 is beyond EOD, truncated [ 659.413809][ T1034] loop2: p4 size 3657465856 extends beyond EOD, truncated [ 659.456290][T20446] EXT4-fs (loop7): VFS: Can't find ext4 filesystem [ 659.510959][T20456] ================================================================== [ 659.519067][T20456] BUG: KCSAN: data-race in dd_insert_request / ll_back_merge_fn [ 659.526704][T20456] [ 659.529025][T20456] write to 0xffff8881026f2140 of 8 bytes by task 20447 on cpu 1: [ 659.536741][T20456] dd_insert_request+0x327/0x330 [ 659.541802][T20456] dd_insert_requests+0xfe/0x170 [ 659.546872][T20456] blk_mq_sched_insert_request+0x237/0x280 [ 659.552819][T20456] blk_mq_submit_bio+0x518/0xdd0 [ 659.557773][T20456] submit_bio_noacct+0x6f2/0x7e0 [ 659.562833][T20456] submit_bio+0x16d/0x2b0 [ 659.567156][T20456] submit_bh_wbc+0x2f3/0x330 [ 659.571739][T20456] __sync_dirty_buffer+0x136/0x1e0 [ 659.576854][T20456] sync_dirty_buffer+0x16/0x20 [ 659.581662][T20456] __ext4_handle_dirty_metadata+0x1d3/0x590 [ 659.587642][T20456] ext4_free_data+0x258/0x2b0 [ 659.592318][T20456] ext4_free_branches+0x64/0x420 [ 659.597249][T20456] ext4_free_branches+0x21b/0x420 [ 659.602280][T20456] ext4_free_branches+0x21b/0x420 [ 659.607296][T20456] ext4_ind_truncate+0x7c2/0x880 [ 659.612230][T20456] ext4_truncate+0x756/0xa80 [ 659.616810][T20456] ext4_setattr+0xacc/0xec0 [ 659.621318][T20456] notify_change+0x8a3/0xa80 [ 659.625904][T20456] do_truncate+0xe8/0x130 [ 659.630327][T20456] path_openat+0x1a79/0x20b0 [ 659.635002][T20456] do_filp_open+0xd9/0x1f0 [ 659.639442][T20456] do_sys_openat2+0xa3/0x250 [ 659.644020][T20456] __x64_sys_openat+0xef/0x110 [ 659.648771][T20456] do_syscall_64+0x4a/0x90 [ 659.653175][T20456] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 659.659166][T20456] [ 659.661476][T20456] read to 0xffff8881026f2140 of 8 bytes by task 20456 on cpu 0: [ 659.669177][T20456] ll_back_merge_fn+0x2b3/0x460 [ 659.674033][T20456] bio_attempt_back_merge+0x35/0x3f0 [ 659.679329][T20456] blk_attempt_bio_merge+0x229/0x270 [ 659.684623][T20456] blk_attempt_plug_merge+0xd1/0x130 [ 659.689934][T20456] blk_mq_submit_bio+0x13f/0xdd0 [ 659.694866][T20456] submit_bio_noacct+0x6f2/0x7e0 [ 659.699798][T20456] submit_bio+0x16d/0x2b0 [ 659.704143][T20456] iomap_dio_bio_actor+0x91d/0xb50 [ 659.709261][T20456] iomap_dio_actor+0x26e/0x3b0 [ 659.714013][T20456] iomap_apply+0x1e2/0x400 [ 659.718413][T20456] __iomap_dio_rw+0x5af/0xad0 [ 659.723079][T20456] iomap_dio_rw+0x30/0x70 [ 659.727412][T20456] ext4_file_write_iter+0xa4f/0x11d0 [ 659.732704][T20456] vfs_write+0x69d/0x770 [ 659.736963][T20456] ksys_write+0xce/0x180 [ 659.741226][T20456] __x64_sys_write+0x3e/0x50 [ 659.745799][T20456] do_syscall_64+0x4a/0x90 [ 659.750218][T20456] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 659.756124][T20456] [ 659.758428][T20456] Reported by Kernel Concurrency Sanitizer on: [ 659.764557][T20456] CPU: 0 PID: 20456 Comm: syz-executor.0 Not tainted 5.12.0-syzkaller #0 [ 659.772977][T20456] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 659.783021][T20456] ================================================================== 17:05:55 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000100)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1000002, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod$loop(&(0x7f00000000c0)='./file0\x00', 0x6000, 0x1) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f0000000000)=ANY=[@ANYBLOB="2e2f26697c6530009ad96a649133366c80961f42d2db05a9dcbcef7ddf8e5feb12b075227627cd65c4b2e17e901d8245165f519e92ab98b33975d05a712fdccfa8cef5d865c9ec2b2162c0fbc3a588663a86"], &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='ext2\x00', 0x0, 0x0) 17:05:55 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000580)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = socket$inet(0x10, 0x3, 0x0) sendmsg(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000400)="24000000260007031dfffd946fa2830020200a0005000000001d85680c1ba3a20400ff7e280000001c00ffffba16a0aa1c0009b3ebcd774a3c374a095dca5285307eadea8653a1cc7e63975c", 0x4c}], 0x1}, 0x0) 17:05:55 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000200)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in6=@ipv4={'\x00', '\xff\xff', @broadcast}, 0x0, 0x32}, @in=@dev, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffef}, {}, {}, 0x0, 0x0, 0xa, 0xd104, 0x0, 0x24}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0) 17:05:55 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x6}, 0x0) r0 = open(&(0x7f00000001c0)='./bus\x00', 0x145842, 0x0) r1 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0) lseek(r1, 0x4200, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r3, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r2, &(0x7f0000000000), 0x10000}]) r4 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r1, r4, 0x0, 0x8400fffffffb) sendfile(r0, r0, 0x0, 0x8080ffffff7c) 17:05:55 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.events\x00', 0xb00000000065808, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000140)) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(r2, &(0x7f0000000000), 0xb1d000) ioctl$FITRIM(r0, 0x4030582b, &(0x7f0000000080)={0xf00, 0x800004, 0x40000010000}) 17:05:55 executing program 0: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.events\x00', 0xb00000000065808, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000140)) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(r2, &(0x7f0000000000), 0xb1d000) ioctl$FITRIM(r0, 0x4030582b, &(0x7f0000000080)={0x3f00, 0x800004, 0x40000010000}) 17:05:55 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000200)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in6=@ipv4={'\x00', '\xff\xff', @broadcast}, 0x0, 0x32}, @in=@dev, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffff0}, {}, {}, 0x0, 0x0, 0xa, 0xd104, 0x0, 0x24}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0) 17:05:55 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000580)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = socket$inet(0x10, 0x3, 0x0) sendmsg(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000400)="24000000260007031dfffd946fa2830020200a0006000000001d85680c1ba3a20400ff7e280000001c00ffffba16a0aa1c0009b3ebcd774a3c374a095dca5285307eadea8653a1cc7e63975c", 0x4c}], 0x1}, 0x0) 17:05:55 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000100)='/proc/self/exe\x00', 0x0, 0x0) r1 = creat(&(0x7f0000000040)='./file0/file1\x00', 0x8) write$cgroup_type(r1, &(0x7f00000009c0), 0xd4ba0ff) openat(r1, &(0x7f0000001ac0)='./file0\x00', 0x101000, 0x8) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1000002, 0x12, r0, 0x0) r2 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x4000, 0x0) preadv(r2, &(0x7f0000000300)=[{&(0x7f0000000040)=""/9, 0x9}, {&(0x7f00000001c0)=""/151, 0x97}, {&(0x7f0000000280)=""/80, 0x50}, {&(0x7f0000000080)=""/58, 0x3a}], 0x4, 0x9, 0xfffffffe) ioctl$TCSETSF(r0, 0x5404, &(0x7f0000000600)={0x3f, 0x85c9, 0x0, 0x2, 0x8, "df9537adbd6d3630f7ab004286acb00608e3d3"}) mknod$loop(&(0x7f00000000c0)='./file0\x00', 0x6000, 0x1) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f0000000640)=ANY=[@ANYRES64=r2], &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='ext2\x00', 0x0, 0x0) r3 = openat$incfs(r0, &(0x7f0000000680)='.log\x00', 0x400000, 0xe) ioctl$BTRFS_IOC_SCRUB(r2, 0xc400941b, &(0x7f00000006c0)={0x0, 0x100000000, 0x0, 0x1}) ioctl$BTRFS_IOC_DEV_INFO(r3, 0xd000941e, &(0x7f0000000ac0)={r4, "30d54cbc4dbc833aff7ecabe50557db3"}) vmsplice(r0, &(0x7f00000005c0)=[{&(0x7f0000000340)="a5299782a45760dc93a008400b4dc61d68e1e72f03204713b1c98f4700ecf24d6639e252bb8cc435c239fdc96e9e6b6955a65b73cbd26473cdbe53825ccb757cf926e4df581c287d3286e7f4578ad97de4a50194df3a3286433067e50fd2678811e7951b7246123ecc9e9b048c608dbc08a9add296f06220d0d285752bb91da08248b2cf06a39d8f5129ebbd335a3737f02095fa4e4b50473d297c31cc461c6451c7134b815a9f836d0f3f6fe2e4682bf92c354a28695f8be9b161b342bc4200ed", 0xc1}, {&(0x7f0000000440)="7db341e3705b62f3c1991924f2cc4b5646c3d28578f4b65bbebb1e5923bc646333c28e59ab2b3f47e9df435b6a471d01e21f4cbcb669b81c8102c1dca0337bf10c0a15fdc0e38c9ac4e2568bfe9e248b3db57e18736bb3", 0x57}, {&(0x7f00000004c0)="186d63299a032a7b8dd1ddfbf8ef3d24fd9fcd2befa1c8de64bf06415f20df50c6cdd0806da2579b7bf3901c7dbe55d4ee57ad9e288cb3b59ff260d1e70f9020b1b23e86ff3802429bdf630debf989f1f7f1baca7a26b7b593c353103cb73706ee52397a608d860db5c258a6ddc5f11dc1f6c60c4a42d9609378ec12ebe0b26d0c14164d7783a69f62b15bb9fd727b4b13d49deba07daf128dd5f0eea65eb1b4c06dd5d6e924c808f8be77fc62d6d6b8e30f66b1e928d532fedb748edea80921eab8b69d65fe8fbc932cf6a8d186048cb0f7beeca890849583891c50b4a6816f3f04b7937ed5e7437857e20f10c856", 0xef}], 0x3, 0x0) [ 660.230356][ T1034] loop2: p1 p2 p3 p4 [ 660.235109][ T1034] loop2: p1 start 10 is beyond EOD, truncated [ 660.241341][ T1034] loop2: p2 size 1073872896 extends beyond EOD, truncated [ 660.264611][T20504] __nla_validate_parse: 18 callbacks suppressed [ 660.264627][T20504] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.2'. 17:05:56 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000200)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in6=@ipv4={'\x00', '\xff\xff', @broadcast}, 0x0, 0x32}, @in=@dev, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc}, {}, {}, 0x0, 0x0, 0xa, 0xd104, 0x0, 0x24}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0) 17:05:56 executing program 0: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.events\x00', 0xb00000000065808, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000140)) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(r2, &(0x7f0000000000), 0xb1d000) ioctl$FITRIM(r0, 0x4030582b, &(0x7f0000000080)={0x4000, 0x800004, 0x40000010000}) 17:05:56 executing program 3: getsockname$packet(0xffffffffffffffff, &(0x7f0000000040)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @random}, &(0x7f0000000080)=0x14) sendmsg$ETHTOOL_MSG_FEATURES_SET(0xffffffffffffffff, &(0x7f0000000380)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000340)={&(0x7f00000001c0)={0x15c, 0x0, 0x200, 0x70bd29, 0x25dfdbfd, {}, [@ETHTOOL_A_FEATURES_WANTED={0xf4, 0x3, 0x0, 0x1, [@ETHTOOL_A_BITSET_NOMASK={0x4}, @ETHTOOL_A_BITSET_BITS={0x5c, 0x3, 0x0, 0x1, [{0x10, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_NAME={0x9, 0x2, 'ext2\x00'}]}, {0x48, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_NAME={0x9, 0x2, '-{-(\x00'}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x47}, @ETHTOOL_A_BITSET_BIT_NAME={0x9, 0x2, 'ext2\x00'}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x3}, @ETHTOOL_A_BITSET_BIT_NAME={0x9, 0x2, 'ext2\x00'}, @ETHTOOL_A_BITSET_BIT_NAME={0x8, 0x2, '--^\x00'}]}]}, @ETHTOOL_A_BITSET_BITS={0x8c, 0x3, 0x0, 0x1, [{0x14, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x1}, @ETHTOOL_A_BITSET_BIT_NAME={0x7, 0x2, '%{\x00'}]}, {0x30, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x1}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0xebab}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}]}, {0x2c, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_NAME={0x10, 0x2, '+)*,,{*}$:+\x00'}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_NAME={0x6, 0x2, '{\x00'}, @ETHTOOL_A_BITSET_BIT_NAME={0x9, 0x2, 'ext2\x00'}]}, {0x8, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_VALUE={0x4}]}, {0x8, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_VALUE={0x4}]}, {0x8, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_VALUE={0x4}]}]}, @ETHTOOL_A_BITSET_NOMASK={0x4}]}, @ETHTOOL_A_FEATURES_HEADER={0x54, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'hsr0\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth0_vlan\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r0}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}]}]}, 0x15c}, 0x1, 0x0, 0x0, 0x20000040}, 0x800) r1 = openat(0xffffffffffffffff, &(0x7f0000000100)='/proc/self/exe\x00', 0x0, 0x0) r2 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) getdents(r2, 0x0, 0x18) r3 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000080)={'syz_tun\x00', 0x0}) sendto$packet(0xffffffffffffffff, &(0x7f0000000080)="b2a6ed2b4323c50ff7be27ae86dd", 0x36, 0x0, &(0x7f0000000640)={0x11, 0x0, r4, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_add_memb(r2, 0x107, 0x1, &(0x7f00000003c0)={r4, 0x1, 0x6, @local}, 0x10) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1000002, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod$loop(&(0x7f00000000c0)='./file0\x00', 0x6000, 0x1) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r5 = syz_open_procfs$userns(0xffffffffffffffff, &(0x7f0000000400)) sendfile(r1, r5, &(0x7f0000000440)=0x4, 0x80000000) mount(&(0x7f0000000100)=@filename='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='ext2\x00', 0x0, 0x0) [ 660.298486][ T1034] loop2: p3 start 225 is beyond EOD, truncated [ 660.304847][ T1034] loop2: p4 size 3657465856 extends beyond EOD, truncated 17:05:56 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.events\x00', 0xb00000000065808, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000140)) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(r2, &(0x7f0000000000), 0xb1d000) ioctl$FITRIM(r0, 0x4030582b, &(0x7f0000000080)={0x1100, 0x800004, 0x40000010000}) 17:05:56 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000580)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = socket$inet(0x10, 0x3, 0x0) sendmsg(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000400)="24000000260007031dfffd946fa2830020200a0007000000001d85680c1ba3a20400ff7e280000001c00ffffba16a0aa1c0009b3ebcd774a3c374a095dca5285307eadea8653a1cc7e63975c", 0x4c}], 0x1}, 0x0) 17:05:56 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000100)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1000002, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000080), 0x101082, 0x0) ioctl$BTRFS_IOC_SET_RECEIVED_SUBVOL(0xffffffffffffffff, 0xc0c89425, &(0x7f00000003c0)={"d07766415e6152660206060190eb5fb7", 0x0, 0x0, {0x4, 0x7}, {0xc939, 0xfffffc00}, 0x200, [0x3, 0x0, 0xe000000, 0x1000, 0xb083, 0xd343, 0x5, 0x1, 0x9, 0x0, 0x2, 0x2, 0x1, 0x0, 0x18, 0x3ff]}) ioctl$BTRFS_IOC_RM_DEV_V2(r1, 0x5000943a, &(0x7f00000004c0)={{r0}, r2, 0x38, @unused=[0x1, 0x101, 0x3, 0x5], @subvolid=0x80000000}) mknod$loop(&(0x7f00000000c0)='./file0\x00', 0x6000, 0x1) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) preadv(0xffffffffffffffff, &(0x7f0000000040)=[{&(0x7f00000001c0)=""/245, 0xf5}, {&(0x7f00000002c0)=""/240, 0xf0}, {&(0x7f0000000000)=""/6, 0x6}], 0x3, 0xfffff76b, 0x0) mount(&(0x7f0000000100)=@filename='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='ext2\x00', 0x24a8c8, 0x0) [ 660.401477][T20521] EXT4-fs (loop7): VFS: Can't find ext4 filesystem [ 660.461307][T20536] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.2'. [ 660.483339][ T1034] loop2: p1 p2 p3 p4 [ 660.506307][ T1034] loop2: p1 start 10 is beyond EOD, truncated [ 660.512606][ T1034] loop2: p2 size 1073872896 extends beyond EOD, truncated [ 660.536098][ T1034] loop2: p3 start 225 is beyond EOD, truncated [ 660.542512][ T1034] loop2: p4 size 3657465856 extends beyond EOD, truncated [ 660.588150][ T1034] loop2: p1 p2 p3 p4 [ 660.594750][ T1034] loop2: p1 start 10 is beyond EOD, truncated [ 660.600966][ T1034] loop2: p2 size 1073872896 extends beyond EOD, truncated [ 660.609904][ T1034] loop2: p3 start 225 is beyond EOD, truncated [ 660.616178][ T1034] loop2: p4 size 3657465856 extends beyond EOD, truncated 17:05:56 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000580)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = socket$inet(0x10, 0x3, 0x0) sendmsg(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000400)="24000000260007031dfffd946fa2830020200a0209000000001d85680c1ba3a20400ff7e280000001c00ffffba16a0aa1c0009b3ebcd774a3c374a095dca5285307eadea8653a1cc7e63975c", 0x4c}], 0x1}, 0x0) 17:05:56 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000200)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in6=@ipv4={'\x00', '\xff\xff', @broadcast}, 0x0, 0x32}, @in=@dev, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe}, {}, {}, 0x0, 0x0, 0xa, 0xd104, 0x0, 0x24}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0) 17:05:56 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000100)='./file0\x00', 0x0, 0x19) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1000002, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod$loop(&(0x7f00000000c0)='./file0\x00', 0x6000, 0x1) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f0000000100)=@filename='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='ext2\x00', 0x0, 0x0) 17:05:56 executing program 0: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.events\x00', 0xb00000000065808, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000140)) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(r2, &(0x7f0000000000), 0xb1d000) ioctl$FITRIM(r0, 0x4030582b, &(0x7f0000000080)={0xff0f, 0x800004, 0x40000010000}) 17:05:56 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x6}, 0x0) r0 = open(&(0x7f00000001c0)='./bus\x00', 0x145842, 0x0) r1 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0) lseek(r1, 0x4200, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r3, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r2, &(0x7f0000000000), 0x10000}]) r4 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r1, r4, 0x0, 0x8400fffffffb) sendfile(r0, r0, 0x0, 0x8080ffffff7d) 17:05:56 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.events\x00', 0xb00000000065808, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000140)) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(r2, &(0x7f0000000000), 0xb1d000) ioctl$FITRIM(r0, 0x4030582b, &(0x7f0000000080)={0x1200, 0x800004, 0x40000010000}) [ 661.157371][T20563] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.2'. [ 661.177532][T20569] EXT4-fs (loop7): VFS: Can't find ext4 filesystem [ 661.189484][T20571] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.2'. 17:05:56 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000200)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in6=@ipv4={'\x00', '\xff\xff', @broadcast}, 0x0, 0x32}, @in=@dev, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4928311328}, {}, {}, 0x0, 0x0, 0xa, 0xd104, 0x0, 0x24}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0) 17:05:56 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000580)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = socket$inet(0x10, 0x3, 0x0) sendmsg(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000400)="24000000260007031dfffd946fa2830020200a0309000000001d85680c1ba3a20400ff7e280000001c00ffffba16a0aa1c0009b3ebcd774a3c374a095dca5285307eadea8653a1cc7e63975c", 0x4c}], 0x1}, 0x0) 17:05:56 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000100)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1000002, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod$loop(&(0x7f00000000c0)='./file0\x00', 0x6000, 0x1) mount(&(0x7f0000000000)=ANY=[@ANYBLOB="2e2f69696c654140b2246ccadf9717df5f6738b58154464c47d76699599d510158fb9bcca88412b20250dceb7a1ba8476acb829fd38516ac72766a84e28fd22a1d761906b55fe83cabbd2b94a99d0f9dacf2dc7f6e1be3d90fb4a021fb817ae302d63e4f1659105c9805926c17cab6b550e99eefb28442d181779fde8c7ac49bb26fbb0d5105201bc300ef78700acf0d1c6a07a6ee52454bc485a8ed5651a63ccf5ea6d02b3ea39adf9aea303472936a46711b"], &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='ext2\x00', 0x0, 0x0) [ 661.220939][T20569] EXT4-fs (loop7): VFS: Can't find ext4 filesystem [ 661.244223][ T1034] loop2: p1 p2 p3 p4 [ 661.248558][ T1034] loop2: p1 start 10 is beyond EOD, truncated [ 661.254725][ T1034] loop2: p2 size 1073872896 extends beyond EOD, truncated [ 661.287502][ T1034] loop2: p3 start 225 is beyond EOD, truncated [ 661.293753][ T1034] loop2: p4 size 3657465856 extends beyond EOD, truncated [ 661.297769][T20590] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.2'. 17:05:57 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000100)='/proc/self/exe\x00', 0x100, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1000002, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod$loop(&(0x7f00000000c0)='./file0\x00', 0x6000, 0x1) clone(0xb6131880, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f0000000100)=@filename='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='ext2\x00', 0x0, 0x0) 17:05:57 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000200)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in6=@ipv4={'\x00', '\xff\xff', @broadcast}, 0x0, 0x32}, @in=@dev, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000000000000}, {}, {}, 0x0, 0x0, 0xa, 0xd104, 0x0, 0x24}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0) 17:05:57 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.events\x00', 0xb00000000065808, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000140)) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(r2, &(0x7f0000000000), 0xb1d000) ioctl$FITRIM(r0, 0x4030582b, &(0x7f0000000080)={0x2000, 0x800004, 0x40000010000}) 17:05:57 executing program 0: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.events\x00', 0xb00000000065808, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000140)) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(r2, &(0x7f0000000000), 0xb1d000) ioctl$FITRIM(r0, 0x4030582b, &(0x7f0000000080)={0x3f000, 0x800004, 0x40000010000}) 17:05:57 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000580)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = socket$inet(0x10, 0x3, 0x0) sendmsg(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000400)="24000000260007031dfffd946fa2830020200a0409000000001d85680c1ba3a20400ff7e280000001c00ffffba16a0aa1c0009b3ebcd774a3c374a095dca5285307eadea8653a1cc7e63975c", 0x4c}], 0x1}, 0x0) 17:05:57 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000200)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in6=@ipv4={'\x00', '\xff\xff', @broadcast}, 0x0, 0x32}, @in=@dev, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000000000}, {}, {}, 0x0, 0x0, 0xa, 0xd104, 0x0, 0x24}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0) [ 661.418255][T20605] EXT4-fs (loop7): VFS: Can't find ext4 filesystem [ 661.438726][ T1034] loop2: p1 p2 p3 p4 [ 661.443582][ T1034] loop2: p1 start 10 is beyond EOD, truncated [ 661.449732][ T1034] loop2: p2 size 1073872896 extends beyond EOD, truncated 17:05:57 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000100)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1000002, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod$loop(&(0x7f00000000c0)='./file0\x00', 0x6000, 0x1) fgetxattr(0xffffffffffffffff, &(0x7f0000000000)=@known='com.apple.system.Security\x00', &(0x7f00000001c0)=""/4096, 0x1000) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f0000000100)=@filename='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='ext2\x00', 0x0, 0x0) [ 661.482817][T20617] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.2'. [ 661.493411][T20621] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.2'. [ 661.516591][ T1034] loop2: p3 start 225 is beyond EOD, truncated [ 661.522798][ T1034] loop2: p4 size 3657465856 extends beyond EOD, truncated [ 661.549867][T20627] EXT4-fs (loop7): VFS: Can't find ext4 filesystem [ 661.560791][T20630] EXT4-fs (loop7): VFS: Can't find ext4 filesystem [ 661.593700][ T1034] loop2: p1 p2 p3 p4 [ 661.597927][ T1034] loop2: p1 start 10 is beyond EOD, truncated [ 661.604033][ T1034] loop2: p2 size 1073872896 extends beyond EOD, truncated [ 661.614195][ T1034] loop2: p3 start 225 is beyond EOD, truncated [ 661.620529][ T1034] loop2: p4 size 3657465856 extends beyond EOD, truncated 17:05:57 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000580)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = socket$inet(0x10, 0x3, 0x0) sendmsg(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000400)="24000000260007031dfffd946fa2830020200a0509000000001d85680c1ba3a20400ff7e280000001c00ffffba16a0aa1c0009b3ebcd774a3c374a095dca5285307eadea8653a1cc7e63975c", 0x4c}], 0x1}, 0x0) 17:05:57 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000200)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in6=@ipv4={'\x00', '\xff\xff', @broadcast}, 0x0, 0x32}, @in=@dev, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x300000000000000}, {}, {}, 0x0, 0x0, 0xa, 0xd104, 0x0, 0x24}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0) 17:05:57 executing program 3: r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) getdents(r0, 0x0, 0x18) ioctl$sock_inet_SIOCDARP(r0, 0x8953, &(0x7f00000001c0)={{0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x24}}, {0x306, @random="f14b2796eec3"}, 0x0, {0x2, 0x4e22, @empty}, 'veth0_to_bond\x00'}) truncate(&(0x7f0000000080)='./file0\x00', 0x7) r1 = openat(0xffffffffffffffff, &(0x7f0000000100)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1000002, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) openat2(r1, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040)={0x280441, 0x0, 0x3}, 0x18) mknod$loop(&(0x7f00000000c0)='./file0\x00', 0x6000, 0x1) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f0000000100)=ANY=[@ANYBLOB="0500803708000000"], &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='ext2\x00', 0x0, 0x0) 17:05:57 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.events\x00', 0xb00000000065808, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000140)) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(r2, &(0x7f0000000000), 0xb1d000) ioctl$FITRIM(r0, 0x4030582b, &(0x7f0000000080)={0x3f00, 0x800004, 0x40000010000}) 17:05:57 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x6}, 0x0) r0 = open(&(0x7f00000001c0)='./bus\x00', 0x145842, 0x0) r1 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0) lseek(r1, 0x4200, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r3, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r2, &(0x7f0000000000), 0x10000}]) r4 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r1, r4, 0x0, 0x8400fffffffb) sendfile(r0, r0, 0x0, 0x8080ffffff83) 17:05:57 executing program 0: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.events\x00', 0xb00000000065808, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000140)) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(r2, &(0x7f0000000000), 0xb1d000) ioctl$FITRIM(r0, 0x4030582b, &(0x7f0000000080)={0x40000, 0x800004, 0x40000010000}) 17:05:57 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000200)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in6=@ipv4={'\x00', '\xff\xff', @broadcast}, 0x0, 0x32}, @in=@dev, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400000000000000}, {}, {}, 0x0, 0x0, 0xa, 0xd104, 0x0, 0x24}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0) 17:05:57 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000100)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1000002, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod$loop(&(0x7f00000000c0)='./file0\x00', 0x6000, 0x1) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) syz_mount_image$tmpfs(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x7, 0x3, &(0x7f0000000340)=[{&(0x7f0000000080)="8005e14c2a6294f5f0ad874340aefc5598c34f0330772a919621", 0x1a, 0x5}, {&(0x7f00000001c0)="f82ab771868ad7e6e53874ebf457a5ad8a922884cf9755c8b25c5ff1bc3510b6966bffa0d9a2a02e35892eab03a70851843d56e58fd1e51d297a038e358850139524cb0f3a20266277c45fdd6fb7dd2667768baa64072d6889ee65c831f6684f68add99646c93474fde67b3f880290b73cec5fa437bdc081c711b61de4ec584f3bf85966e338280f918498f58b0a7f7291", 0x91, 0x1000}, {&(0x7f0000000280)="390a3942bed673939b7cee0b74ba311a7ae8230d81c5772f7f7d38a2ffc3019db9a2afe8f0018922314fb420f2bc1f0a94812be44dd0e082f960d2a7a1c623541acbc73741264d5e3db2c560bb3696c6f8f8b46bfab7aeded067e7cc926c3882a57441aab7c9ea3e8bab23aeff4712b4bdeff0b93b9812b4b34af66c648ef7c3375ffc0174630171e1477e79cb6c2c456879550fa21309b6ec22a47090e8df", 0x9f, 0x1000000000}], 0x1000, &(0x7f00000003c0)=ANY=[@ANYBLOB='huge=advise,nr_blocks=,,huge=always,nr_blocks=%19g,huge=advise,huge=within_size,nr_blocks=3xe36,fowner<', @ANYRESDEC=0xee00, @ANYBLOB=',euid<', @ANYRESDEC, @ANYBLOB=',uid=', @ANYRESDEC, @ANYBLOB="2c61707072616973652c736d61636b6673666c6f6f723d65787432002c6f626a6658ba33c2bcd3ad7432002c7569643c", @ANYRESDEC=0xee01, @ANYBLOB=',\x00']) mount(&(0x7f0000000100)=@filename='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='ext2\x00', 0x0, 0x0) [ 662.148056][T20653] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.2'. 17:05:57 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000580)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = socket$inet(0x10, 0x3, 0x0) sendmsg(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000400)="24000000260007031dfffd946fa2830020200a0609000000001d85680c1ba3a20400ff7e280000001c00ffffba16a0aa1c0009b3ebcd774a3c374a095dca5285307eadea8653a1cc7e63975c", 0x4c}], 0x1}, 0x0) 17:05:57 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000200)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in6=@ipv4={'\x00', '\xff\xff', @broadcast}, 0x0, 0x32}, @in=@dev, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x500000000000000}, {}, {}, 0x0, 0x0, 0xa, 0xd104, 0x0, 0x24}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0) [ 662.244299][T20676] EXT4-fs (loop7): VFS: Can't find ext4 filesystem [ 662.269916][ T1034] loop2: p1 p2 p3 p4 [ 662.277678][ T1034] loop2: p1 start 10 is beyond EOD, truncated [ 662.279009][T20679] EXT4-fs (loop7): VFS: Can't find ext4 filesystem 17:05:58 executing program 0: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.events\x00', 0xb00000000065808, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000140)) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(r2, &(0x7f0000000000), 0xb1d000) ioctl$FITRIM(r0, 0x4030582b, &(0x7f0000000080)={0x6a000, 0x800004, 0x40000010000}) [ 662.283804][ T1034] loop2: p2 size 1073872896 extends beyond EOD, truncated [ 662.303176][ T1034] loop2: p3 start 225 is beyond EOD, truncated [ 662.305322][T20688] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.2'. [ 662.309398][ T1034] loop2: p4 size 3657465856 extends beyond EOD, truncated 17:05:58 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.events\x00', 0xb00000000065808, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000140)) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(r2, &(0x7f0000000000), 0xb1d000) ioctl$FITRIM(r0, 0x4030582b, &(0x7f0000000080)={0x4000, 0x800004, 0x40000010000}) 17:05:58 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000100)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1000002, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod$loop(&(0x7f00000000c0)='./file0\x00', 0x6000, 0x1) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f0000000100)=@filename='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='ext2\x00', 0x0, 0x0) symlink(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='./file0\x00') r1 = openat$ptp0(0xffffffffffffff9c, &(0x7f0000000080), 0x480202, 0x0) ioctl$F2FS_IOC_SET_PIN_FILE(r1, 0x4004f50d, &(0x7f00000001c0)) 17:05:58 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000200)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in6=@ipv4={'\x00', '\xff\xff', @broadcast}, 0x0, 0x32}, @in=@dev, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x600000000000000}, {}, {}, 0x0, 0x0, 0xa, 0xd104, 0x0, 0x24}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0) [ 662.344129][T20696] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.2'. 17:05:58 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000580)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = socket$inet(0x10, 0x3, 0x0) sendmsg(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000400)="24000000260007031dfffd946fa2830020200a0709000000001d85680c1ba3a20400ff7e280000001c00ffffba16a0aa1c0009b3ebcd774a3c374a095dca5285307eadea8653a1cc7e63975c", 0x4c}], 0x1}, 0x0) [ 662.415840][T20704] EXT4-fs (loop7): VFS: Can't find ext4 filesystem [ 662.435996][T20708] EXT4-fs (loop7): VFS: Can't find ext4 filesystem [ 662.456086][ T1034] loop2: p1 p2 p3 p4 17:05:58 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000200)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in6=@ipv4={'\x00', '\xff\xff', @broadcast}, 0x0, 0x32}, @in=@dev, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x700000000000000}, {}, {}, 0x0, 0x0, 0xa, 0xd104, 0x0, 0x24}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0) [ 662.460456][ T1034] loop2: p1 start 10 is beyond EOD, truncated [ 662.466680][ T1034] loop2: p2 size 1073872896 extends beyond EOD, truncated [ 662.477126][ T1034] loop2: p3 start 225 is beyond EOD, truncated [ 662.483632][ T1034] loop2: p4 size 3657465856 extends beyond EOD, truncated [ 662.558217][ T1034] loop2: p1 p2 p3 p4 [ 662.565019][ T1034] loop2: p1 start 10 is beyond EOD, truncated [ 662.571155][ T1034] loop2: p2 size 1073872896 extends beyond EOD, truncated [ 662.579201][ T1034] loop2: p3 start 225 is beyond EOD, truncated [ 662.585389][ T1034] loop2: p4 size 3657465856 extends beyond EOD, truncated 17:05:58 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000580)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = socket$inet(0x10, 0x3, 0x0) sendmsg(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000400)="24000000260007031dfffd946fa2830020200a0809000000001d85680c1ba3a20400ff7e280000001c00ffffba16a0aa1c0009b3ebcd774a3c374a095dca5285307eadea8653a1cc7e63975c", 0x4c}], 0x1}, 0x0) 17:05:58 executing program 3: r0 = creat(&(0x7f0000000040)='./file0/file1\x00', 0x0) write$cgroup_type(r0, &(0x7f00000009c0), 0xd4ba0ff) ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r0, 0x89f2, &(0x7f0000000080)={'ip6_vti0\x00', &(0x7f0000000000)={'ip6tnl0\x00', 0x0, 0x4, 0x6, 0x1f, 0x2, 0x4, @remote, @dev={0xfe, 0x80, '\x00', 0x11}, 0x20, 0x20, 0x0, 0xd68}}) r1 = openat(0xffffffffffffffff, &(0x7f0000000100)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1000002, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r2 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) getdents(r2, 0x0, 0x18) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r2, 0x81f8943c, &(0x7f00000001c0)) mknod$loop(&(0x7f00000000c0)='./file0\x00', 0x6000, 0x1) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f0000000100)=@filename='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='ext2\x00', 0x0, 0x0) 17:05:58 executing program 0: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.events\x00', 0xb00000000065808, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000140)) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(r2, &(0x7f0000000000), 0xb1d000) ioctl$FITRIM(r0, 0x4030582b, &(0x7f0000000080)={0x6a001, 0x800004, 0x40000010000}) 17:05:58 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000200)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in6=@ipv4={'\x00', '\xff\xff', @broadcast}, 0x0, 0x32}, @in=@dev, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800000000000000}, {}, {}, 0x0, 0x0, 0xa, 0xd104, 0x0, 0x24}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0) 17:05:58 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x6}, 0x0) r0 = open(&(0x7f00000001c0)='./bus\x00', 0x145842, 0x0) r1 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0) lseek(r1, 0x4200, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r3, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r2, &(0x7f0000000000), 0x10000}]) r4 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r1, r4, 0x0, 0x8400fffffffb) sendfile(r0, r0, 0x0, 0x8080ffffff87) 17:05:58 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.events\x00', 0xb00000000065808, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000140)) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(r2, &(0x7f0000000000), 0xb1d000) ioctl$FITRIM(r0, 0x4030582b, &(0x7f0000000080)={0xff0f, 0x800004, 0x40000010000}) 17:05:58 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000200)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in6=@ipv4={'\x00', '\xff\xff', @broadcast}, 0x0, 0x32}, @in=@dev, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x900000000000000}, {}, {}, 0x0, 0x0, 0xa, 0xd104, 0x0, 0x24}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0) 17:05:58 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000100)='/proc/self/exe\x00', 0x0, 0x0) r1 = creat(&(0x7f0000000040)='./file0/file1\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0), 0xd4ba0ff) fchdir(r1) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1000002, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod$loop(&(0x7f00000000c0)='./file0\x00', 0x6000, 0x1) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f0000000100)=@filename='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='ext2\x00', 0x0, 0x0) [ 663.169751][T20743] EXT4-fs (loop7): VFS: Can't find ext4 filesystem 17:05:58 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000580)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = socket$inet(0x10, 0x3, 0x0) sendmsg(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000400)="24000000260007031dfffd946fa2830020200a0909000000001d85680c1ba3a20400ff7e280000001c00ffffba16a0aa1c0009b3ebcd774a3c374a095dca5285307eadea8653a1cc7e63975c", 0x4c}], 0x1}, 0x0) [ 663.243046][T20762] EXT4-fs (loop7): VFS: Can't find ext4 filesystem [ 663.251438][ T1034] loop2: p1 p2 p3 p4 [ 663.256250][ T1034] loop2: p1 start 10 is beyond EOD, truncated [ 663.262354][ T1034] loop2: p2 size 1073872896 extends beyond EOD, truncated [ 663.279065][T20771] EXT4-fs (loop7): VFS: Can't find ext4 filesystem 17:05:59 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000100)='./file0\x00', 0x0, 0x4) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1000002, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod$loop(&(0x7f00000000c0)='./file0\x00', 0x6000, 0x1) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f0000000100)=@filename='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='ext2\x00', 0x0, 0x0) fcntl$setflags(0xffffffffffffffff, 0x2, 0x1) 17:05:59 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000580)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = socket$inet(0x10, 0x3, 0x0) sendmsg(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000400)="24000000260007031dfffd946fa2830020200a0a09000000001d85680c1ba3a20400ff7e280000001c00ffffba16a0aa1c0009b3ebcd774a3c374a095dca5285307eadea8653a1cc7e63975c", 0x4c}], 0x1}, 0x0) 17:05:59 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000200)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in6=@ipv4={'\x00', '\xff\xff', @broadcast}, 0x0, 0x32}, @in=@dev, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa00000000000000}, {}, {}, 0x0, 0x0, 0xa, 0xd104, 0x0, 0x24}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0) [ 663.291699][ T1034] loop2: p3 start 225 is beyond EOD, truncated [ 663.297936][ T1034] loop2: p4 size 3657465856 extends beyond EOD, truncated 17:05:59 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.events\x00', 0xb00000000065808, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000140)) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(r2, &(0x7f0000000000), 0xb1d000) ioctl$FITRIM(r0, 0x4030582b, &(0x7f0000000080)={0x3f000, 0x800004, 0x40000010000}) 17:05:59 executing program 0: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.events\x00', 0xb00000000065808, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000140)) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(r2, &(0x7f0000000000), 0xb1d000) ioctl$FITRIM(r0, 0x4030582b, &(0x7f0000000080)={0x6a00c, 0x800004, 0x40000010000}) [ 663.358310][ T1034] loop2: p1 p2 p3 p4 [ 663.363139][ T1034] loop2: p1 start 10 is beyond EOD, truncated [ 663.369269][ T1034] loop2: p2 size 1073872896 extends beyond EOD, truncated [ 663.382977][ T1034] loop2: p3 start 225 is beyond EOD, truncated [ 663.389200][ T1034] loop2: p4 size 3657465856 extends beyond EOD, truncated [ 663.397533][T20790] EXT4-fs (loop7): VFS: Can't find ext4 filesystem 17:05:59 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000100)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1000002, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod$loop(&(0x7f00000000c0)='./file0\x00', 0x6000, 0x1) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f0000000100)=@filename='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='ext2\x00', 0x0, 0x0) r1 = openat$ptp0(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) flistxattr(r1, &(0x7f0000000080)=""/97, 0x3725407ed62b4039) ioctl$PTP_SYS_OFFSET_PRECISE(r1, 0xc0403d08, &(0x7f0000000040)) r2 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, &(0x7f0000000280)=0x5) fchown(r1, r3, 0xee01) getresgid(&(0x7f0000000040)=0x0, &(0x7f0000000080), &(0x7f00000001c0)) lchown(&(0x7f0000000000)='./file0\x00', r3, r4) 17:05:59 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000580)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = socket$inet(0x10, 0x3, 0x0) sendmsg(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000400)="24000000260007031dfffd946fa2830020200a0b09000000001d85680c1ba3a20400ff7e280000001c00ffffba16a0aa1c0009b3ebcd774a3c374a095dca5285307eadea8653a1cc7e63975c", 0x4c}], 0x1}, 0x0) [ 663.418852][T20793] EXT4-fs (loop7): VFS: Can't find ext4 filesystem [ 663.493027][T20804] EXT4-fs (loop7): VFS: Can't find ext4 filesystem [ 663.531079][T20804] EXT4-fs (loop7): VFS: Can't find ext4 filesystem [ 663.567246][ T1034] loop2: p1 p2 p3 p4 [ 663.573223][ T1034] loop2: p1 start 10 is beyond EOD, truncated [ 663.579360][ T1034] loop2: p2 size 1073872896 extends beyond EOD, truncated [ 663.589181][ T1034] loop2: p3 start 225 is beyond EOD, truncated [ 663.595535][ T1034] loop2: p4 size 3657465856 extends beyond EOD, truncated 17:05:59 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000580)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = socket$inet(0x10, 0x3, 0x0) sendmsg(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000400)="24000000260007031dfffd946fa2830020200a0c09000000001d85680c1ba3a20400ff7e280000001c00ffffba16a0aa1c0009b3ebcd774a3c374a095dca5285307eadea8653a1cc7e63975c", 0x4c}], 0x1}, 0x0) 17:05:59 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000200)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in6=@ipv4={'\x00', '\xff\xff', @broadcast}, 0x0, 0x32}, @in=@dev, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb00000000000000}, {}, {}, 0x0, 0x0, 0xa, 0xd104, 0x0, 0x24}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0) 17:05:59 executing program 3: ioctl$TIOCGRS485(0xffffffffffffffff, 0x542e, &(0x7f0000000000)) r0 = openat(0xffffffffffffffff, &(0x7f0000000100)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1000002, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod$loop(&(0x7f00000000c0)='./file0\x00', 0x6000, 0x1) ioctl$KDGKBMODE(r0, 0x4b44, &(0x7f0000000040)) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f0000000100)=ANY=[@ANYBLOB="a2b6a0b2c63fe846"], &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='ext2\x00', 0x0, 0x0) 17:05:59 executing program 0: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.events\x00', 0xb00000000065808, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000140)) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(r2, &(0x7f0000000000), 0xb1d000) ioctl$FITRIM(r0, 0x4030582b, &(0x7f0000000080)={0x80000, 0x800004, 0x40000010000}) 17:05:59 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x6}, 0x0) r0 = open(&(0x7f00000001c0)='./bus\x00', 0x145842, 0x0) r1 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0) lseek(r1, 0x4200, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r3, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r2, &(0x7f0000000000), 0x10000}]) r4 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r1, r4, 0x0, 0x8400fffffffb) sendfile(r0, r0, 0x0, 0x8080ffffff8b) 17:05:59 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.events\x00', 0xb00000000065808, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000140)) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(r2, &(0x7f0000000000), 0xb1d000) ioctl$FITRIM(r0, 0x4030582b, &(0x7f0000000080)={0x40000, 0x800004, 0x40000010000}) 17:05:59 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000100)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1000002, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f0000000100)=@filename='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='ext2\x00', 0x0, 0x0) 17:05:59 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000580)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = socket$inet(0x10, 0x3, 0x0) sendmsg(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000400)="24000000260007031dfffd946fa2830020200a0d09000000001d85680c1ba3a20400ff7e280000001c00ffffba16a0aa1c0009b3ebcd774a3c374a095dca5285307eadea8653a1cc7e63975c", 0x4c}], 0x1}, 0x0) 17:05:59 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000100)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1000002, 0x12, r0, 0xd5c17000) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod$loop(&(0x7f00000000c0)='./file0\x00', 0x6000, 0x1) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f0000000100)=@filename='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='ext2\x00', 0x0, 0x0) 17:05:59 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000200)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in6=@ipv4={'\x00', '\xff\xff', @broadcast}, 0x0, 0x32}, @in=@dev, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc00000000000000}, {}, {}, 0x0, 0x0, 0xa, 0xd104, 0x0, 0x24}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0) [ 664.248392][ T1034] loop2: p1 p2 p3 p4 [ 664.260131][ T1034] loop2: p1 start 10 is beyond EOD, truncated [ 664.266292][ T1034] loop2: p2 size 1073872896 extends beyond EOD, truncated [ 664.286828][ T1034] loop2: p3 start 225 is beyond EOD, truncated 17:06:00 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000100)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1000002, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod$loop(&(0x7f00000000c0)='./file0\x00', 0x6000, 0x1) r1 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) getdents(r1, 0x0, 0x18) ioctl$F2FS_IOC_GET_COMPRESS_BLOCKS(r1, 0x8008f511, &(0x7f0000000000)) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f0000000100)=@filename='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='ext2\x00', 0x0, 0x0) 17:06:00 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000580)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = socket$inet(0x10, 0x3, 0x0) sendmsg(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000400)="24000000260007031dfffd946fa2830020200a0e09000000001d85680c1ba3a20400ff7e280000001c00ffffba16a0aa1c0009b3ebcd774a3c374a095dca5285307eadea8653a1cc7e63975c", 0x4c}], 0x1}, 0x0) [ 664.293092][ T1034] loop2: p4 size 3657465856 extends beyond EOD, truncated 17:06:00 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.events\x00', 0xb00000000065808, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000140)) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(r2, &(0x7f0000000000), 0xb1d000) ioctl$FITRIM(r0, 0x4030582b, &(0x7f0000000080)={0x6a000, 0x800004, 0x40000010000}) 17:06:00 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000200)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in6=@ipv4={'\x00', '\xff\xff', @broadcast}, 0x0, 0x32}, @in=@dev, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd00000000000000}, {}, {}, 0x0, 0x0, 0xa, 0xd104, 0x0, 0x24}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0) 17:06:00 executing program 0: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.events\x00', 0xb00000000065808, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000140)) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(r2, &(0x7f0000000000), 0xb1d000) ioctl$FITRIM(r0, 0x4030582b, &(0x7f0000000080)={0xa00600, 0x800004, 0x40000010000}) 17:06:00 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000100)='/proc/self/exe\x00', 0x0, 0x0) r1 = open_tree(r0, &(0x7f00000011c0)='./file0\x00', 0x0) r2 = syz_io_uring_setup(0x187, &(0x7f0000000440)={0x0, 0x0, 0x2}, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000080)=0x0) socket$packet(0x11, 0x3, 0x300) syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) openat$dir(0xffffffffffffff9c, 0x0, 0x880, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r3, r4, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r5, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) io_uring_enter(r2, 0x3a28, 0x0, 0x0, 0x0, 0x0) shutdown(r5, 0x0) io_uring_register$IORING_REGISTER_EVENTFD(r2, 0x4, 0x0, 0x1) io_uring_enter(r2, 0x6196, 0x0, 0x0, 0x0, 0x0) move_mount(r1, &(0x7f0000001200)='./file1\x00', r0, &(0x7f0000001240)='./file0\x00', 0x2) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1000002, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) io_setup(0x1, &(0x7f0000000000)=0x0) io_cancel(r6, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x3, 0xa5, r0, &(0x7f00000001c0)="e92cb10956f92da62be650072387a5b97a1592cc576a3b4e287761f5f35e540292d753979333f727e19253cd00c7801014985696cd463cc4cc424c8b28a9167188ae516c75830b1f1e2cb4eaf4cc943d74630e3ebbb039f8fd91e09267e5556b561ff76f08960c044d3dbadf91c3547ea8437c1888938494b967da3ad2e50735854029a8c19d8d401877725c228770a61d0ac2b28b15ca2f3a960e699f5c672432d642af9ca343b3e8967d6780d54d54316798f0b86319df8e90850a212290902566ab70339a5716bad4a461553cc3e475d416abab606ea13780e07f06c8eff7ee9534c081c2004a77148c9e25a995413a8601690a3d3821fae0b773d3e0e7ab0c4893dbc218d5bb0c4c1ca1ea5e59c4a74108c11391062a1bdda48f5245777df5b125439064fb26a9e77279dafa665105d742d82302e6d2724c045e38cf6bc1e25899db3a9446312a26c140e77f129f7e9db71f244546f27246b2bba41db367def2de77703575287eaf8ec3b4d5fea76cf960841c16b4cd85b06cf815f01e04f97ddd48f7e4729b16e681ec88d9390129e22d93cbd323e22eb392595a3312784204c5c573eb38191a9497c7dddfc11c527989eecfb61478d892d254f866d3deecc9692aeaf4e5af8ca4f35846edb0cc0b4d1102f8b1b648b065df0412535d35ecf1d52a3fbb50fa074b6384bcecfdf449337c759e5df4238f520dd15aec9d3033039d7e0f6c8c966bcc290ed5e79e5fdc3226ed71bd9ba36e3906e67b78241c77430c0a21bcdd270773be1a66813bfaa6bb0bd88c44e9805cf11fd61276ffc40e1fe15173fd125f46e6b53b0a65e2d5e0adefc7b904750eba8a5975a3e41bfbcb30a60e1951ec72d8c24ed54349d62e7c71bf36e2ab849d9fe0a4812209d8907fbf90f3b8133e9660d97d6cc09601339d5013aa8e34a93fdd6272aa969f4bc2af7a4fa216d6f2410fe39e8625ee7087db51428076ace436abfb26ffac334a173c49e89285dbba62b5927163184de57b2268e2f1bd6e889f1667dec53e4d23350d34f6d3a086f2cfc022c1028b83fa7b3fafa4613f0aea8b9016b503e023112fcb8ce31919e211dcb90cb98ea7a840cf97cbf455e1284c1a27f0d64b316577c4c587a25988c8d35678139a5b223e5c99f08deeb86a905d14a7e8f3c4e35679298fda7b8d9b8c8e6094e88f4480a8b73a4a0f88ec8fac1f0c40fd5a881bf110ef1d7489b1e08ebf825ad72b43d4fda9c23dd3f2baa01f7c084f7d51a11abac6ccdfa1b4509aded22e84125a7f7c885ade68c197b3f69ee5b1e36438b53c2c57e38b362c4e3fd565d3659ea25929a83ec95f679a73e85dc96588c19f42a4d9554f79bac8b2b6ebd563e639bedbd4aadab7119dce04a939a94012228b87533652def800b0d9d630099e859854679e774e4c173bc8c1a6c4682183527c1b359efb3c7f0475174c7823041f28dd92e3a14063a8557ab2cf2e5ae96e8c61b2f47a872d9801f6de4ac7d7d8bf1a491c39e1328311d78a9b0b3f1184bb5817adaf8073498ac6b82e73bb8a65600b6cafb1e04bc25d0c501aeb8fb01db3a2baea301ed8ea3de88e98581b438ad96a0c2f70ba51ec214362fa6e7c312ebb61bda7bcf81920054add13767d46847c0d98b82256b56c87eb7a4094845f2f1fa4e96cf67c4c69fd49130bb109fe2c9798a0421b1f0138917afee552b5e41f5dbe14463d45a40afa0675b3c5d5cfa227d797e28b7a07d2c039f0ab5e3a8875438bbbe0e4ad3b5a77a1918618e7d00919908f4c1d5569ef2f0cab3f0e7f6fe701f742ea06e939fec766dede989905770421d9a10aa625d68dc185ebc431aecf00462789c62db97dad91e7008e8a90107ce0ef79ffdaf6a9967af2b44cd266ee409ee0876a5c173fb808ab2b22fd0ed2a77d5aa230aafbb3f82f27f7385e461b7b160f4cd3c210164f402669fcfd6b692a6c30619271ed70b6313d70c1a4366a7bafb63d95e87e1774c49deac342d2a94156bde0e619920aaef40248a3d492ee6c6fd27c0e9b7f4547037916cd23e5f417afe96a15adb697798636a2b7d0163e2af120bc342b0e1ead1b2cdf7311373ef68902e843e707e2deecc016d341de1f1f7878b29d5247e77375898b8a31680d879d0a37693f8ca31b0f558725fe98b36e5146cb787539f4265b5aea157353d485a3516c9345b3996562dac73c61fe8e39a4637d7b60f69f9156743bd699949409be22fc34a1e5ca1a7b96913a37caa333086743b052b9eea94654c9e45671ec8694057effb8a92f7b80c951ef8a1e9125239990412be67bb86d46736f5c63664358a9f2ee1425b96ccaf3f59857e6daf68c1e25db199f8671ac0f8737987df585c4ccef1fc76b90eefe60a829d5c78e0158046c605a621dd0662375032e39f3fad91e835d595edd51971e65a57d409896d1991a89ed98f37f071f8ebefa5aefa83621917785172f620f159b5ca540f39fb431bee15d070d2cbc00379319c55a2db7319b0852bfcfd3eeb61d10e96088b2710a01b3b5a989ed2e1a0790232a304c0f9461ea7aaeca6f2540ac9ff993b1939aea8fb1374fae9fdb159f9c0b042565d086eff88332b6d88101d3765f0ed720c49f07aa70fb5c6cab02ae780a41e333c25485991942e8fa54866249533d72e4c97f0c6839b67196595f62ebf50223b3fec5a4376602743d3d580ba51e2c63ac6be26f1fa791d24a54ca8180296863bbe6051effd1c2350164605c5a9d87bd93654b364c370724989a2a82a538a76e0b5cfb34165c0d5a4cf75e5cd4494ab50a0926f2456d70ae1d77011a6211e76b05c6332b8c765e4e25bd77e033f465d59f5f74b679f59c8cf4fffad9dd2f4f814a5c9417d77367b6012e04a40c260832caff343f37889706d24d048340f5dd78379bdc1fae6a4d221023d1d2d7a76254216dccc88cf8995ce69b05b4bdd737893a95822d76b81a2d9b60f1e9e07b2b239ede8223423f6ba62c620d8c04df6d96752bfc08463614176bc23227ac11beb035798dcdfbd20e6943543f9bd69c27c316353613521cd21cd370209bc4e9833bc7177c40042d0694cab2792fa439b33522cf6717100572ab4ee0e504b94acc9b6b232ab571b8c06c7c562d44b2cc8a0e5299e44beff56782a462eb190cc3cacc91a4ec3c60fdd8c6c8936bceb837b08e0eb3fb14066b26dc78106d9a7248ecdef724ec0f442bfdcffb3445af79b0eaea9a6b4e947ee5858b8a54a724aea4bd51da4ec9f4723a91371d24a408d3451a020ce98391999665e99ef0b2a901818e7449d1b5650d475dcd292fb28fcd32960b8a42fe434da428fb6cfb366159fecbd73e6c54638a7ec646ea9b978502a6d558dbcf798b75010f3e94e27f1d7564671f087f2cb0bef0c0014685c9c34bd7410abfc9db7747aa9d7e8e8301df95694dba5d00c4e74ba1cb72f7e90fbda7c80fe90c4d0675c437e4df15cc85ef8eb310d3fac1d611870c61de56508f5d0efa2e005dc0a9c3cfb3a0bbc103b87798f03f6ed7d2a64c84a566fddb03c4d60e0fe77dcb564823a363711503219f10ece59a5cf9f0231bbc973d71304292edc3daaca7c4fd42ebe10760ff335c919f4c006d7e4fe5a19bcb85091e25b5d64d5c5512c8add683e0518095de2e7b8078521dfb240b32dbc9fe09448361a00b14bbe9ed933a7dfc41dc6b96828aa10fe5833208356afff97838ea301cfb66d51490a87f1534d2842cd7f235c775ee40a4ab0bd99f580f0fb1130d08e18b9866c01252dc9fbae49fdb1a0c12d0251758a06bad2b63778b926770e10683199437bfb6cdf38850e02e3ba065cf66d2e9d2f038d2ecadc78e7149b52fde1041225889cefc4a85fef6ca1d489b23cca089783c6fcdab647aea8da495de1ce310009e8f13c0b455a30de5f86957c2396efc9f88c0914aae9448974d50aaf73bc87c5043499f1abc2c610834202e438c5215464b38907518cbeeb3b4a4a174dd5561a0446cd60ec017333090903208ae8011cee3112622a46d9913e3dd29465d71994939af02ab09d80647e13425e6bc94ce3a7d5da8c7e5b7278c416dd93a91b7d05089966e1da2a1b993775dbe76bb71a38a83b94ef95a64fdc7f666682952ec19f613e9c50de588dba1a84778f6a7d23d426842a1c626707049ac2278d93c00d8a725d301b8b6a576cfdf0c99dd727f50f591bd82a431f5a443b9b966abba026a6ed4970e2ac87d411ae74bc46d72f2c140cdee361b52052aa6890d089d6952694dc313b0d76a2d5562d54e325cab6711df34f8617b125668f5319a34c9b9237eba4650cf7b56fc9bbd5b8535890d084d6cdff75a73147e02739040810c9adde17355466690d2d874b18267445d35e00ed93934ab45e693bd80b536f730e4b244e8ddf2f8a4eefab6bdb7474f3f4a7f10aa361e4a5fa4fafb210378729616fe26bcfd5809508be2fa126d48ced86eed496f9d8903ec6d8743545ffd67dc9b7047f1e7d8cc16a730e7dd1876fb4658ce6d924830e5ea181864a59fb28bfc5747de51fe512f3401a36cb22517b8fb64de0fbe2b58db3723b69fee07ca3cb6d8d9546486393c97d80379d01babef2e20a8420e19e071ae82d88cf22df453a6f90b58815320cbd5d636a405c19520d8c380ab0ab9713f144ff6c0bdd3b655b5753f9fd09601ebeacbf285a495966a9a9ca2f56ef2183d7d42e56de5728a6345ca3060d63adb41e0710b4920bb2c644eac24551ee222f1cb0abc6619466083286d367f9decf9e901e8f378b6ea0cf8319ee051cca86e3da7393692040d613e8a07c6cf54f3d639068b0602304132bcfee82c4572f48ecd211b7a96aeb60fbdab2ed08e8ddb7497c404a1b8d4e59205155cad3f2b020dfb70844044cabb41bd59b8f218a7424bdbeec21f5f45d9c498489026815caea61914eb282fae1fff524ab3342e995499757dd9dc49164bc640f8277c63d71ed43397fcd6cb703783d5421a3a9f55f8dfed57375e79353aa6ebfb78364ec0c3f4e7f146467f5028396f5cd89c27d0ddbb2af6bac5c5a0c96c93c734c635308d19a61ddf70363e5efc42249d0711ca06004305fb84ff543037f8d5378c702ec571f793e59cb2d22dc3c9cda11671193193fa5cf9601f3c6879bd2e907f16b3954e74fb5851e9aa501fd5b2541c9a971d78ea93a3d4f4ed8942eb4b935433af4c4e494e848e799371c33e56dcc99f9bb85b1e9ffa8f2b1915fb6cf28b3ca9c8c187b97e57c2216e0bddc2e9c7a0951c1efbb1e96b3bfdfb120a8107d8c89c4fc58caa80e9be4163be4c5aaf47b7e37fb4b8f6a5f7e63b9df7edd8c138fca4cc225885e2051c30a914b3a2dc696f6d4bb0eaebdac8e3b4e4e732ca2d1088cde885dec9066f9b0419e7c5a2434256884c12f328e995b2f9a568e134d33ae85a5328b8f24dac59b3cd6a06236ca0892bbc6acab17f21594051ea4d2a63ccdf152baa78aec6de88762c4983ddf1e1900dc34f9046cdca8aa273684d9b8d4e4c202b8b71a74953b91df2f2bd2e336e2f50adb4813940eeddf57f41baba7255498b8db05bf62c7911b96778ec88b67bf32b6d8a8e2eba59ceae34bfd511eb7a32e882bdaa27295c60a9727a9924da290bd996c1ab88a272d0780c7a040e60ca196d3e8b5ba2ea20fd3f0b5c509588cea81d9025ff923586ecee82957a4b43db8d29d80d81da121f8d94f2acb4980691c7898041ba1c8983bef1163b19c8ff8aa89b6f58ab5a701b0cae7026a48c821f292f0f3361cc8b26cee1dddd800e326ac4b237f32b071412c56118a4ba2ce808", 0x1000}, &(0x7f0000000080)) mknod$loop(&(0x7f00000000c0)='./file0\x00', 0x6000, 0x1) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f0000001280)=ANY=[@ANYBLOB="001800020000a1e1f35b0e97e22d4be1ad48ebc84e479b28dc015769de6e4d17c3007f5f46d4d0270d7b28e2342c21d4a14ba7a9ee18a724423b8f4b07fa38744ca52cfcf3fd0290a01fc4b96a0a95c6ab1907c09bdde2b64967319f2a382f55e94d4467f0ead0fffa4d6258057c7b65e4ac36a40671813ae85a9e84b2368768bb554f11347c782a900ad0b0aa9feca0cd6b54baecd49e3e812870a5767577c1acb17c64c4e020173f0def43ace1abc3e6c3ed82f325ec2400"/194], &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='ext2\x00', 0x0, 0x0) [ 664.354188][T20871] EXT4-fs (loop7): VFS: Can't find ext4 filesystem [ 664.379420][T20874] EXT4-fs (loop7): VFS: Can't find ext4 filesystem [ 664.440575][ T1034] loop2: p1 p2 p3 p4 [ 664.452407][ T1034] loop2: p1 start 10 is beyond EOD, truncated [ 664.458608][ T1034] loop2: p2 size 1073872896 extends beyond EOD, truncated [ 664.467632][ T1034] loop2: p3 start 225 is beyond EOD, truncated [ 664.473828][ T1034] loop2: p4 size 3657465856 extends beyond EOD, truncated [ 664.560786][ T1034] loop2: p1 p2 p3 p4 [ 664.565916][ T1034] loop2: p1 start 10 is beyond EOD, truncated [ 664.572004][ T1034] loop2: p2 size 1073872896 extends beyond EOD, truncated [ 664.580835][ T1034] loop2: p3 start 225 is beyond EOD, truncated [ 664.587042][ T1034] loop2: p4 size 3657465856 extends beyond EOD, truncated 17:06:00 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000580)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = socket$inet(0x10, 0x3, 0x0) sendmsg(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000400)="24000000260007031dfffd946fa2830020200a1009000000001d85680c1ba3a20400ff7e280000001c00ffffba16a0aa1c0009b3ebcd774a3c374a095dca5285307eadea8653a1cc7e63975c", 0x4c}], 0x1}, 0x0) 17:06:00 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000200)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in6=@ipv4={'\x00', '\xff\xff', @broadcast}, 0x0, 0x32}, @in=@dev, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe00000000000000}, {}, {}, 0x0, 0x0, 0xa, 0xd104, 0x0, 0x24}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0) 17:06:00 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000100)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1000002, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod$loop(&(0x7f00000000c0)='./file0\x00', 0x6000, 0x1) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f0000000100)=@filename='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='ext2\x00', 0x0, 0x0) ptrace$setopts(0x4206, 0xffffffffffffffff, 0x5, 0x12) r1 = creat(&(0x7f0000000040)='./file0/file1\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0), 0xd4ba0ff) preadv(r1, &(0x7f0000000040), 0x0, 0xffffeffd, 0x54) r2 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) getdents(r2, 0x0, 0x18) write$sndseq(r2, &(0x7f0000000000)=[{0x5, 0x7a, 0x5, 0x41, @tick=0x3, {0x7f, 0x20}, {0x8, 0x5f}, @result={0x4, 0x40}}], 0x1c) 17:06:00 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x6}, 0x0) r0 = open(&(0x7f00000001c0)='./bus\x00', 0x145842, 0x0) r1 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0) lseek(r1, 0x4200, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r3, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r2, &(0x7f0000000000), 0x10000}]) r4 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r1, r4, 0x0, 0x8400fffffffb) sendfile(r0, r0, 0x0, 0xffffffffffffffff) 17:06:00 executing program 0: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.events\x00', 0xb00000000065808, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000140)) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(r2, &(0x7f0000000000), 0xb1d000) ioctl$FITRIM(r0, 0x4030582b, &(0x7f0000000080)={0xf00300, 0x800004, 0x40000010000}) 17:06:00 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.events\x00', 0xb00000000065808, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000140)) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(r2, &(0x7f0000000000), 0xb1d000) ioctl$FITRIM(r0, 0x4030582b, &(0x7f0000000080)={0x6a001, 0x800004, 0x40000010000}) 17:06:00 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000200)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in6=@ipv4={'\x00', '\xff\xff', @broadcast}, 0x0, 0x32}, @in=@dev, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000000000000}, {}, {}, 0x0, 0x0, 0xa, 0xd104, 0x0, 0x24}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0) 17:06:00 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000580)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = socket$inet(0x10, 0x3, 0x0) sendmsg(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000400)="24000000260007031dfffd946fa2830020200a1109000000001d85680c1ba3a20400ff7e280000001c00ffffba16a0aa1c0009b3ebcd774a3c374a095dca5285307eadea8653a1cc7e63975c", 0x4c}], 0x1}, 0x0) [ 665.124697][T20919] EXT4-fs (loop7): VFS: Can't find ext4 filesystem [ 665.140287][T20926] EXT4-fs (loop7): VFS: Can't find ext4 filesystem 17:06:00 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000100)='./file0\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1000002, 0x4010, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod$loop(&(0x7f00000000c0)='./file0\x00', 0x6000, 0x1) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) getdents(r2, 0x0, 0x18) r3 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) getdents(r3, 0x0, 0x18) r4 = creat(&(0x7f0000000040)='./file0/file1\x00', 0x0) write$cgroup_type(r4, &(0x7f00000009c0), 0xd4ba0ff) mmap(&(0x7f00003f1000/0x1000)=nil, 0x1000, 0x2000008, 0x10, r4, 0x484a5000) writev(r3, &(0x7f0000001940)=[{&(0x7f0000000040)="b7e5186fc03ccd24e4", 0x9}, {&(0x7f00000006c0)="8d6fb6a5598ddc94809d64a4ec6e1cc5545b14a66839de9c0c3d71efd69d1d66f524095eeb9199dab7f55b8d9c183a20271db8131ca0e14ca62fe85ce145ad301e284ae33fab817da7bd0a333593363ce40051af067109a260d874478ca95d30bac1da91db2eef779f38e3a65df61667ea5083bc39950b281e4034eee9a3028c0c8cc4246b8407afa31620932cf97cd89c36be17a9a5b33b235237c3", 0x9c}, {&(0x7f0000000080)="591a365ffe95f30bd5ea6477", 0xc}, {&(0x7f0000000780)="86c87e8c8f8ded3d9eaad649a8c741b48349fdf941057c39331cee5429c42ca8d6e1d7d8495e90637fc865a6503ab4048231fab56fde996fec49b9dc1dd0e17dbc683310f769ffa731e0f5b83482c31531086383ce4a1e24a5ce53f059d7c36983bcabc12b069dd22bc7d2e89cd6ada8613d1bcc54dc94712df515d7719289277370e67d639f33e446745f47ef47e5a95ef182f8805c1ef08e1e98ca99b3a66e4a88aa9c817ac710e7cbd165303fbd3f288443b3a525d974b950", 0xba}, {&(0x7f0000000840)="9f9d94ec6acdc38087568ed6ffe6490cfe86140f8d43e09455720c42fd2d66194f3814ce29bb40413a0599cb51a45faf8d139e7300c5bcf21b0a473e37eba04bd40dca73bc3e036f2fae23c178c32663b13b7a895ab9dabf75d92192798d56ab399ac67feb858d84e1dfc4352005d4d14a2c52e655c69368f471a4bc6d1e51e15dbdbdb1e9d8888a3a24c030ec09878481794003d64706f1e11ebba4926acfb4f1f5d1406717ded5c633ba01381029d3fdad96416a00d73f25458242ddd9dec46e1da78c57d859e8a967ce32fdb4e92bbcfccb63c1b1e5ee33b404f941472c92810f6130943a96023741375f4e5b65ef7e1c9a0bd7f76142db07a4a56769360a1dadda047de0585a0e5eb711c68e531bcb3cbbfbe28ed6226b19f0698df542d6a916c03536abfcf4b0f55359e92c15c2fa94e645ec51052480e58617730eae92e5214adb5700166cf98c13e99e0f5fe7d77e6bfa2e7d19954a5d9e9a60b0a6cdc1a751e174aa3c96f90be44ab1b9c24595dd9c528b784ab2ef66e773d9362667fd44a92b828b85aa119a25dfdfbf561409b3ca17cc1f3786202d30951a50816a623b00088162d693de1fbc657bdb1396f5a6781b3e6058e452ff67d6f08d39ee00a6837718424a36d089c44ba8842a197973a0d9860d473782185318ebd9d1ba0d3ab93397d2a94eeddbe6e5eefa7bae55964169931809e0205ce605b33eb43db3e7a056b7992267dfad336b774f050cb8c50f171f4a3434ee7f8bad269effe5a5f3b02be160f27555506064c8d5e48abc5375b2b72f2b5812a08472f1b4c6c96969de6eef89d37fec91cc51e9d93fed50244acf1f0ba63b456d4664cbca05ff856c6ad5c8f2fda1ebd9349d81a9bda553d6b6df25543e9208064de27717d2117daaabc50eccb985b78931381738e6b47b9cb7a9f03f7ea0b459d85ccb800a2a22d4278656d08e673443efa85941b432a6ddc55ac15c224c6dffb235f3d2874c31bc2564a0cbe53ac3163487dbc45f831b538cd83dacaa3fa774453269fa6687d7362589b10e97815b42483f22725e52344e3e8f7a9dc38b6ca97f784fbeaf6da327d7a98172edd014da5e1f16dd12b1ea49290a578ed848ac62f0114556147429605266f07832dd9bbdb2886110c9bce1705772dcc74e252a5949a2abf567659a1d830aed4e3163994900d3cd57a344e60375b66650cbae87903634ba1fe35c9b2b28c7af7765b49afd7f0cf21ee6d13b40674d649f1468bbdb42c292c38066bb130bed8a2248ef885c5f360f8ddacda563ef981714f03a6a3ea1a447c5cbcbd5c6780ea907ab772cc842776c2a68e2a88ece56036f65d9c5d2dd4f59000e75d9f8bf3905fef21c57514a64efb5171c2acd0fb0dceb7ed5a1ab890dbe022c5cc7c47e0f64c356bcd9cd5425f1c00f703ba14df2a8e995b7af8bd8638fa3dcc18e3457c0f15131a1ab290ffb546355a4131c421509d9563fcf7bb04fad4fcb13576ec1414ca1c5a8d271ae9996706f8de8c939d97338b0b5f6eed59d6233cbd7f69aa3ee4486163c00113f389d27a4bdfcdc861722f62e51c0804fb4118194572c875a2c4f89b7ab5cbafcae84c02b9c22aa434811e4ac543425aaa5aaf2048bc4ec6b49ad561469b91b400b97774e3cb930c6c31db67a5b8f0ccf50ebd557433684d2de21ea94dccb378f8a7e87b31cef1f9598195042f1e5722d0e417129ed4e13649648001151b2f9705ef917a5614b90d7e48e4491fb22a434c17bc2c695c7d5931d7c9570355ed2e3a146a5b6a8f97f6d6f4ee2630b15b2291fa6fcea32446327a4c23750c9fb9e3432a544d5839e538f181c149d9ea15d5f02cddbb086603880e3e1ef141a5604038c140cd3e666e446ffedf7e16c1d18a31893fcf746c40d53eae80bba0bf83f2ef70fc185ff2535291d8c071183e580898ff64c9448e5d48507890fc7432c1ea0669124337fa05591b1bb28d1640d4ccb4204983454fc741133c144c24711e6ae0cb674aee5fc1b5e4810fb7b3fc302beec00ffdde9593d3ab3114f1914a590df9ca78f1a3d47ac3a382fec991b6c026b4aa961e44e4718e6450f7e04ddee647f202d2742652db560c8355d69cc2df5bc0322797d6075567e6206d733195781db434f55906cf9b66eab316dcfdb74ff772b6712708b6e728d1776fa5a8fd35829954a0ede93c013b92a132810159cd8ee8e32b4b9af7b5d8d94170f30f4f0ebc14eb8e4f8da5470e95dcf5fc4b5c5e012c28e40699baae4f3abc244b4ba3a713d95d8a26d33e71200fbd37dc36a96d0a3be9bec8214347cf51b6fbda9bcacf47bdef24cf1a86427ea8fe1e04f96bfdd6d4db55d378bed6197de5380d1a4d6bbe562b273261d1e354e856b71fab836e784113f814ca580a00aa2ce27377c50023b5b13a5bcdac5df545caa40a1d994f544f11e3ce647c4a1d889c1e697f5d669b0f00ad4fd06f88a60f829bcd239029909291231b3075199fe0e1f4ac622e86d00547b71b537913b199c188132c32526d2c718a699c7f0cb958f96c6499b13048af5b21a2e60aa040aa667b9eb3f0201676a0773fc2ca624aa022b2579c30f0c37e8a5d716044052421bd9a80a529924ad3d117f7ac0b0e88d66f240952388a981586745e8631a1853418d254fca6c6390e391c2d4b1960fb6c2322346be08cb02480270702168c39512300c5c4a1a0bf749baa2d252e1e50bcb7ef6fba69bc369815989449e6f336085d634edeebc7ad4795ea9baeb2a72203690267df2f865df93d2c58171daaabe96aae0aa1dfdda9132a8a8eda2ae4be7de6c7183cdf8345bd51651bb879d565393b2934ba541a2abb5893f29fa7b0abe223dec04e41fb1a6c09ec017b023afe10f099b8a8a25a6590153585a0f75ccef2beb3296d85305c37a5633e4e0732b04c47c2fe1b69d7f4e33579668767891491a256c96daa3812194924ad929e107ede05f95f1a6b9cb105a6123388b5bbfb549f20cc262d47567fc93a1eb73761e93bfd3c21b092300d4e86bd8d057d5a730ca3be8b5232295f9daf26f5695c5503acaeb4339e397f75935fdbb20eb7ef558ad2160014c36dc5aaf2db27d27c2ca42db2b43acc186ad86f8c2c224ef8362df22ca8aef275ff90fac1bcbdda2fd2a6df4b3549014c39b237a8055dab6eecfc62d54539c571178b8847e995051c998dac8bfbc0843aa668211334edda8e93435a7148337216127045d29af5c482fc98f2a9338a53bcca3c2e642ea6698502d52b0364117db8d60026da610321fefca29996b8c0c2ace98f6e2b63d7aa9824bb4c6ab1325b81f4e6f5908559d6100d98a73d6f8a59873adab33c646512bc3e0150c2a26b8da14ba1f8bcb175bc9c7755bcdcb25cfe789a73d80a32c68dc3f0bae2a851d5e2e0dadf6860399387b5be04e98832727b7248a00014eee9bfdb96f5265ef650648efcfdfff0c13c0613ec11131562cb39a71e3196c2ea8722e0f5031341bc066356b0706ed3dab253e07d7a46c4819555b8befdda16ff07d74b1b4eda018fa1399dfc5e425ebf076427984e2f639b19eb76308c1722751eb3136d56459bfbb62a30613e8db9a77ec4cdc4aba0bdc0171f49c35a06307e39a87ba50002050112a9da0ab3795acc35c40430ec4fc90e15e14b61f92aa1593b2e16ad6a8950bef59045f296d0d3371c41700d5df6759f6b9675aca03f899324f186cbefbc85fdbddc54a1a6e4af4def675dba5f01fa7b5b0dd806dbb73e42526d095b7a0460061fe23ed4c2193b3880ddb0743d02a5967d3fbad5ce14e1d6c0fb00da5fb74041901cb39461f934b28187d04a74fb1fbe10bbf14002a4122449e1b20f30a043e188e8810d9e0ad0d1a1ce94da21004f737ca8a353ff071c60d02fbe638a1e055fd3d77f184cacf11c58542c4eb7ed9e351ddaa9039fae1e00bdcf537d23203573afed493beb8ef25a478adfc78b08f9c6b7de8508c0caa9ebe666fafbb6d8496cb29d0eeace1bc2fe48698b22844b374e025ed39c325b8eb86794a10093b19502d39708d6ea3114366e57c7a459f68521332036be23aa05b111aad4b357cf3ea91181a8f5f272ca8f57a7fe2fbe88f000416a9690c00b0345a7746a32d562661bf903d3e82da62841745159abe500cd20c8cccbbe42ed8d02d318f27bc0a7b3e7f1ff2491db5e9a3bacd108a9719d26daab27579e579e5da9d53db5e1ab37ad7b3bc1f79338cf5587e0e66917bc1d52a0e0018304d5983d976f75bf5fbcc96225566d8372cc6f30bfe895edc35d024077cb46202f28519beadc23eb216516e3eea9acd7a703807f4a16c1bb64904882f0bd56fb8ad2ae79898d387fe2dadcb4f03a0e8f0567a4955c4fd6d465328b59eeb27b4c0cb4d50acad58374ca0c85cad877905b31ee810a961c8f3cff20074caeee49c794fe1ca622e971b52de9f5e24b4b6391753bdd518475df6f7064159f55b86b44f2fc22e10437d35cfe21b39a02aa2b654a1a2ad74909bba54672ae608bfd4465cd12ceff637f9b0ec43545bfb2c11ecf629f162499545316506236472f7e67abd4d154f1bf3d33ace856079ad4a70fc8fe72f6ec4d0132f814e395b2f87913d8d35a7701b7f4ea31d31c2c1372831ed6551e10d0be652fe9fc52626fdf5511334197ae45f1aaf9603d7aad53e0848eea82185d141d62ac7e601c74d5049aaaecda4b15b4c93bc8d0ec14d42a1be94e649995a3801b482202a0e32a4021a8dd628e1c8405758bfe4a5e7337db2db6318398b9b5e1631f01d23cb79acae8b320a3eae00c91c865700c601f658afc8c3785b313f076fdadc9494026d3ccaa19d06c623fe5c947eb70cb2648ad7241f2c746031ecf11396db2f5e14969019c618dc797a5a8d33eddbabc38f817a14413061b500e27055dcb473f58baba66f2e2f7cce31ca4c7364429166e2fa0df68a1275dae479bd449672b535b715617ec3f3da09909763c93b17b65cd7759a1ac0c5d0bf67982b886095e9626e3d94cdc3f5edd19429b13b3d7679bba94164a61de89b31ea021d9e2d2a392e1da9177ff07ec1d32207606f95b289e1997b9e010c6924e2599a0ad95afa4e08cf977851a1d6c434a31d34aff810771bf7a454f968f2c502efd4d33fe1b69b1a760c3bfa673d650bbfa4590bd870a233753ab7964858ad7a77b5f46a89a10d49ca89256384387c258519d79f4262dac241cebd3f6a8a8e5d416d542092ecfd60da1928c34bd3ed3fae82989e6ccd28cf2670441893cbcbfa628b03effbe1aa9ec4044c68f9deaab197ca459eedf7065195ead05b256747d08c06e294d15a3a97a83bef697c3f62a59c138900c2cc429851f0b68b2079487bab3d0bf464f56b1e87be7d5aee0722a1ec578f638110812cb7ca39c0dfafeb16c3f77346806edb7fde0db35c8c98a5e846391e117167f9be8f965661f0ed0da90390cb3082c433d71bf4ab269249f75989cab58928fe177fca91cea0838f3b1615b0291a01f7af3d421da24a4a7c27de7cd334edee77ba72c44b4a444255e5879191e53036a056a3fbc28a0140f626522cd202882716afcf970d2ae4f86b82157fbe1a8c21638ce9f5e6d1d7cd40b26f2682c5acdf7692e59458cc0327640c78db0d98ca8f89f1f449d31fcf4b9e0a79fa2ba78946fca7ac941cb3152c7139dbf19e3a1f7b828c09bfd1b571f92c2e6bcee89a604bde0c9f21805f0e95f0a093918e271fdcf22a562ee10a7ca4fcf3c2d53970f9cf10b9fb9f01d2bf8a50bd22845dad6b17f4060dd85d3967f05c7d1ce10f6bd78911d5", 0x1000}, {&(0x7f00000019c0)="043e6f02728962047eb583269db1d4f0141a55caf79e416759074738210a4cb50f6cec63095ef2b552151e116186bd5f5f91957061cf40c7ec66917ab2597ea6c3c032e5ae11e19a71621828a6d81cdbcb3bc20429088ef1007ae2bf81f01f9ac3966a64d880ec36ac5c82751e7f660f5eccbabc9f2532b36d139c997f838d49e03aca9343a143f9c1a6637b9108f1cf5233418d70cc1c3518713b31bc662e006a6727f819812fef96302a54467235ba80384ea897bff5c93d7d815644cdd77c111ffb878a6fd922082c4c483ee7b94a43abe283304e162a2d93ed04c251c772f99d476ff6564dd9286cdb7a", 0xec}], 0x4d) ioctl$BTRFS_IOC_SCRUB_PROGRESS(r1, 0xc400941d, &(0x7f00000001c0)={0x0, 0x7, 0x6, 0x1}) mount(&(0x7f00000005c0)=ANY=[@ANYBLOB="2e2f66696c653000088b013cd6a981adc04d3b71851a43145033f1459a4117d1f7fd9e84fda4ed7531151616f026ed1f1c3a8e2c4225f840401a29b183779920a51226346ca5feb840a7bdc166ced2bed46cf0ca10b2e7627d5892845bf2640dd2a40c721846bc41cdf9dd73745fc696edb8e8eb3cd7cfad80b0e03208b7d48720edb97f41ea671648a134aac4d567e380a0f64d1686aae148a25f95e0f17b7903f0bac3293ae88ae0798f601b1bbd2397d1a04c598f99a049f67d11c29f798cbad3120e9e5e7b54530af464019f91d1915ef2cd8a94"], &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='ext2\x00', 0x0, 0x0) [ 665.180451][ T1034] loop2: p1 p2 p3 p4 [ 665.195216][ T1034] loop2: p1 start 10 is beyond EOD, truncated [ 665.201365][ T1034] loop2: p2 size 1073872896 extends beyond EOD, truncated 17:06:00 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000200)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in6=@ipv4={'\x00', '\xff\xff', @broadcast}, 0x0, 0x32}, @in=@dev, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1100000000000000}, {}, {}, 0x0, 0x0, 0xa, 0xd104, 0x0, 0x24}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0) 17:06:00 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000580)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = socket$inet(0x10, 0x3, 0x0) sendmsg(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000400)="24000000260007031dfffd946fa2830020200a1209000000001d85680c1ba3a20400ff7e280000001c00ffffba16a0aa1c0009b3ebcd774a3c374a095dca5285307eadea8653a1cc7e63975c", 0x4c}], 0x1}, 0x0) 17:06:00 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000100)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1000002, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) lgetxattr(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)=@known='system.sockprotoname\x00', &(0x7f00000001c0)=""/134, 0x86) mknod$loop(&(0x7f00000000c0)='./file0\x00', 0x6000, 0x1) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f0000000100)=@filename='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='ext2\x00', 0x0, 0x0) 17:06:01 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.events\x00', 0xb00000000065808, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000140)) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(r2, &(0x7f0000000000), 0xb1d000) ioctl$FITRIM(r0, 0x4030582b, &(0x7f0000000080)={0x6a00c, 0x800004, 0x40000010000}) [ 665.230593][T20949] EXT4-fs (loop7): VFS: Can't find ext4 filesystem [ 665.250031][ T1034] loop2: p3 start 225 is beyond EOD, truncated [ 665.256275][ T1034] loop2: p4 size 3657465856 extends beyond EOD, truncated 17:06:01 executing program 0: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.events\x00', 0xb00000000065808, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000140)) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(r2, &(0x7f0000000000), 0xb1d000) ioctl$FITRIM(r0, 0x4030582b, &(0x7f0000000080)={0x1000000, 0x800004, 0x40000010000}) [ 665.313217][ T1034] loop2: p1 p2 p3 p4 [ 665.316798][T20962] __nla_validate_parse: 20 callbacks suppressed [ 665.316811][T20962] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.2'. [ 665.320058][ T1034] loop2: p1 start 10 is beyond EOD, truncated [ 665.337147][T20967] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.2'. [ 665.338899][ T1034] loop2: p2 size 1073872896 extends beyond EOD, truncated 17:06:01 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000200)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in6=@ipv4={'\x00', '\xff\xff', @broadcast}, 0x0, 0x32}, @in=@dev, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1200000000000000}, {}, {}, 0x0, 0x0, 0xa, 0xd104, 0x0, 0x24}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0) [ 665.358569][ T1034] loop2: p3 start 225 is beyond EOD, truncated [ 665.364830][ T1034] loop2: p4 size 3657465856 extends beyond EOD, truncated [ 665.373240][T20963] EXT4-fs (loop7): VFS: Can't find ext4 filesystem [ 665.416332][ T1034] loop2: p1 p2 p3 p4 [ 665.421344][ T1034] loop2: p1 start 10 is beyond EOD, truncated [ 665.427538][ T1034] loop2: p2 size 1073872896 extends beyond EOD, truncated [ 665.435362][ T1034] loop2: p3 start 225 is beyond EOD, truncated [ 665.441667][ T1034] loop2: p4 size 3657465856 extends beyond EOD, truncated 17:06:01 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000100)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1000002, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod$loop(&(0x7f00000000c0)='./file0\x00', 0x6000, 0x1) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f0000000100)=@filename='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='ext2\x00', 0x0, 0x0) accept(r0, &(0x7f0000002200)=@xdp={0x2c, 0x0, 0x0}, &(0x7f0000002280)=0x80) sendmsg$inet(r0, &(0x7f0000002300)={&(0x7f0000000000)={0x2, 0x4e22, @private=0xa010102}, 0x10, &(0x7f00000021c0)=[{&(0x7f00000001c0)="c1217509bc4fc15662d4469125ad425ad2a9cacac5244d3e1961e8b4eb016d411094a76db7e9fc851fcdfaaa5e20c83d163c05267eaad30d6edc68a1d32bf5fec2c050825bf94cb4342a90b4afa0f211b04eb5848a6a9b4bbe6e22d035f5fa0df9eba0a04737c8aba5e0be960b869ec2ebede139a22b82b2c94cdcf5d3ff312fcbd74b9255db915a1960c4b18057eb44820f5614ea979675a9ee53bf8aa3f4a2991cfee3aee0a0a9204edee00d11c9520abdb1cb47aa8253ffe9f8ee4b76d2e01273e24de97b7464ac3230468da48324595c078789360771fd6d3ce43faae1cb54c32deb6aa85f5b5b7698750be5e3945a36028f47328a5a0ba37e92174b86dcd4a45836421c1408c414d7c5c00c2b65f3ff2238a771b6df491f52d58603f8ed5d172743120ee8420ef2962dd0951451fb3709b6762123c2c9571e4c90eda4764e2f90b114aedd39fecb27254ec7dc9a7739332844a4012c55b0d6b8b365306e86cd48d51fd2e7eb388f1a7d27b1dd1c7dec757679019ed6df62a9b0159868f06069e1837c090a9b078e18cf9051fb38b021fdce1d4adce655b74e6a7edf368c2626c6b5c20bf68103d16b0cc197b0c725e3b4f6d6493891a9d3b0b1c62f5e3bd412c889cc8dc611f61fcf3754289cda794036d635288717ab01dcab7a2cee6aebed1a2f2905f7ffe5323c0816878e90068d0980d9f4a64ec2708c3c18eaf369ce8f46c28445d25720000fb207537a30b0572e097f6a8537e48711415f9e5cd01aed0db6b551bc795b3379cc57718a5719e3721a8ab9b38a0c4808f2ae8f1008fc66911ed4b692be51ae135a72fba7e541fe7eb2caad7496630f711390e6599ebbec43f07806fb64009b42fb66f6c0021850970efa6c10014c2043067e94f3edb0255a2c5f7687bda4da0d08d0ddd67f2c66905f2d501779777030ebfa864fbdf801a359c86afe1110e56cfe0a70f0e7dbdcab51205e57b4ef26a2a001bba4a9b3c583fb2d9ff5de726769bc3764f14928b54b6bb44f3f8f5ed215a236855868b1c5d38bb2c683a17770b25d036570707a410104c6bf7aa0ee38f2c7ab0b2927ad0570b860799ec79ca1519a4ee13cfd267f5b8e6c0798d24018ef5b28da348da392a41784f3ce316914ce9fe6e3c3b62d227597ecbcc3b9e69817b876393cdf1b46cfdcc3ea150e01a5bd14d891246b3ffef6d9505f119e61cf412aa6f9d77c899934c1cfdfb539ab3ad53220bb4b4d9dde24eb612ee644835270c9ff5fe41e194094aa1ce2af1ff3e34d139c93e6ee25badbd04e83395015c2279df5755424aebc17a40d0a8a16459f957fb3d721c7f62c2ae8fdca9653c1e79e1f643ade77b424b2ca2307498f440aa3c951dfd82296283cfdfccb75d4401b187e55a05452b30938c875bfeb461e76a2a5f331bd0989af93f0d68fadd859c5da303c39f2979640f7c410bd417e725945b45e5cd24e0a61fb4701990b479b4d5217c9ad1d100fef09271b33188ef10f4f4384c4b4adceda68da400c0a793245c048ccd44eaea347519e9ce4bca9ec23a02e4004c9426d24c7a9d16a38d77f8ee2d5fecbfbf2fa86c07a1e23b6319e7082497e212988d3b8a3b32b541699c0bc7c35d17d8b653bab94da3d1ea74177fc1fc73a89b6fd028b5b1f64d06dbc67fcd5fba3ac9ce254b7d9af87e0418aff281d9a999c5b96222d6fe15182a1ed25b6b326650d76ddb33a1da2eef92e97ef04e30516243df7c84c32ac37340995af8710215e45cd8847f1549c7484881aae4d23e95c2b1f81b8436866188c3963b74e629d2c43eeb60b2c085c5ad5a0bdbec5c4e4a12d20cd7442921722677131a414fa466f020685148e5c29e6f6777daf050a897cbbf645c65b5abe775ac3776107b286c9dc2c6672a1661aa1c3ad81e9e5a2c3ae3c44c8f0a44b175e1785abe2deea4c39692c7647dddd27227031d479d02831b73bc9217255142d82b6f6f74a8dccaa23b2aecd1a78d028a6f9857fad8e5c62189433b987b042819701d88eda8fb595007669d143d2681e0979df6e612510ae8dc717dbe14b902a0e997ea25a4153c3937019e43056ee3fc106bb4c27fbe9d4e2b05b13bbd8257fd1d43eb1ea60cde264fa4257375df74e8fe653fd79fc9bacb54433f24322c2a21faed49edcd5eb195fb150cd3ed0e77671a2a37e034ccd16754d0ae5e335140626f12962a55de5281f7fa5d5f2260db61f6bf6b53b48dd4b2648259dad508c59f55ccbb798c7835f2ad10daa4ffe23cf7d62a1e1ee04ada5b787e5b51606923caa4e9c0747c315dffda0d4db09e8695bd49f95f705279348a90cb836d84325dec02eb7cd21cbe8f2ded54cd9117b7d2f609a45e8079ad0506ed8607da883521034b173b8c56dd628376643d700d84fdf6553aac5b17abef59acab9d6f60a7b3a8841515efc43fb0f7a88b91162a1c5af4ec5cb1d13dc8ad1e5bdf8ec9cd30a1994d79f7b09a430ba526e1696bf50b2629d7816b5ae0927086c1bf745e3927c5b1efca2bbf94ff83e59512788a91cd24a836038d4c6fa6f84b6ba4772fbaeb239f81290c934b6723223eb2abe1f00d803ff548818668862fb4d5d766d2224d244ea2901a53d4c6a3b91f3d16c8f02ec00dd7e767a05bcb1e08b4952c6edb8653c5cb7c6582f51a1d9e9a63df0e11e62ec114a0c5acc0ba8b60d1e6e481e9b008bc346d13a0cff6d034baf92ccc5346c0bd538ab67d22b5565aed41b12346b39f48a2312a7efb920992c9a3ed31e0e9ef3d4e2335c9d683184657c2f347b4cf0aef7eaff8ca49cc7f85fc64101b4d3329eaaba16ca2f2474b34b44aa2b6777ce486644bc15aadf86ad84948a13646dfbb1131a574d096506494f86279d4702d14a637607f145649e287ed5ed3b174bb086d4fe6a04e10afd8505702d08d33a46e1e30203931519bd03f5cf9e77c9e9ed733fb35eb7c41e8b54e37effe696447faad83d067278346ac7f58fb4aeca1973622a3e267ba2d9f91f80c4e5148f51a40bafb21c524ff1d51092db179096d52ed6df0035c9a4fd671626f38b2126f62588de3aacb1b7b134c836b2f4606e2b511ff7b9fc0c82ea4b944b704d3f1d518d6267a0ef432e568b7f36bc7e6a11583bb7562b0500ab9c5fd820125054d9b04a484170e97a20b3472e253a58381ce5a7c54e8de204b337e4700418fd1944d9b2f2cc6287379517175388971dbba6e4a62fe3ac2cc3b07b2ff586e4113396b67d2f6286d21cbadf8d3eb0935d277697e1369e0d3bb86c035a39f338ace446928638c7255c6748dd19780ebf828fa999ea94a6ae1f16709feba3c0eebb3b4bd403814adf2e675bf5d8ddc2f915be3649a71d23eff3b47ba03cd7e3edd597404774925ecdfa1fca9a175270a74d8f30619b286ce886e24cbf758bcada4e123e480e27e96fc96a8017308b0151b1ab21fff924dd665213391aad8125ad201684416f3c48f95f3a59ec26dc871cdddc4209526be0dd1af500e03716c989826c237794986e1d8335514c75487e5e0332733c9d5b924dcbb586c86a554d948276d41c716b0c1fc7ee03213a302096e5c24eb1e4882a77c95a63eb7cc527a3aa5227e0d83153f5531c7dd0155c90c4b72f4134aa521295e37085eb64f3badfc7d9736645d9219d9adf5433fbb9ff343a60b8783030f2ddf08c8cbd9165bcb8eae90778e150d963c4caf6f74d6f374b011fa84685169ba12c38cd623e2863e9975cc008930a932ae039191ac8bbadd028ece3f0cd4990c9d2dc29c7201dc29db021ca77437f2a707b9cfc0ac36a5b695218fc2cbb4eda48278e880b6c130a003748efa1a9d262e3d8cb47a4e2a311d95beb2ff8a39a7a6e740113520ca7a16c306c2ee715011dfc306ae6d5f0c9f2e01a1942524d7398a3e62832b9639c3c0a7f2a2898c47c963fff8367ba90a10841f4f1a1253c6824082c49d94eb585a16ed60214db134c281abbf8b0ef6bb381a60ebcaa63972f5c58f5ffb9dca9356fe01991e08b7cecc2fb100323cd1a8a2d1218e4be1b2c936603a14d1639a400d1fd4e7f396b6bfc927a1585a4a31019fdda7491cdaea7c4fd0627744526ecd453487e97d62676e79d6ebee7185ba1eebbc0110df3a23f3118cee34c3d7353bcf459b56e7e6928956eec301bb943402edc442d59bab40cea2e4a87ec3ce7ae835816a49decffad062d09af838361e82f0c1fbf6e9297becdc15698546b837bc590e6719b32a38a0268748e3e9b2ba47c4eeefc61ceca0f82e9a4df7d2a5c61baa340f35961507937e2620d663f624465eeeeb5a12a22bda2e2e952389e143cb64e285779331061856284438536ff2b3ca17e4a180c6647f42a4310bbd8e705343d031331333efc064cdf8d474c2f25289472128dcd7ee70f3a8eb196cc8e22681eb089ec012f8638b22df2a56f506ac497b6c09c301ef396745bd47971216838bda72c9c71a5dffbba5122a4455a837c990a78bfcc8178887d80de43d37d4e5ccd83998474387b60cfb3ad387f382c53f02eb96de7af991b735e79bdd84aa8fce7c72e35d29c05e54df2147de38a57e5cf5a364de3721649a75a427de6c2894c19a37c7f7725a152f7a18fb16e343f2896b9d2548c00ed1acc3a50b706bb49671afe0fc6d811493af26541dc88edc7bc23f559ef851d9f547f09f09671ac764e652637a542d4f41f86bbb499dd80b74d8faa138671d7abdcf4d68556d742a6cca9d2eb7900226864f15aaef791c8b1f715571c558381b194a93208c000afcc6232149d3b2592fa7d4e391118515d2f2aa913a12a113e98ab41de77cbf424d50b326db9d478446a1cb02f538468ddd4e9dfcb63d60009d53b53af50dc81ee90f25db29b594b496d3b848d830210ee077c6ee66757a0a0cce1647000c3712439fe513fadf3d852ab2c9589e41d60e964a5d65b59fbe37a6102ec746759a4cf5eaa2d4df10d745a59b3b766415ad887b0450c2ab17021b757ba20daeecc24c2f033824b2851bdb4955c07fd560afb46ea25ac4858ca7ae5fb77847a517dc4367120d3c89345ef3323cc5e2f8c73f75adb836e2495c93c01a1b6761e0f201d594648340046462afcd91350821521827cbff5baa533ba430fa45209d0d8d954f282543809b17ea6fdb894f6b79948224414ba51e8b5c75ee334dd67a072af2d8d137e52008dd43b73c3fa2f8464aeca1f61778a7d86c53bbf39945fc1ea2b6c6e1111edf2fd9714fc0f211be0f79d0ba61724656f3f69d73358a7ca35244f903356262cf7d2698726d97e0e56167013dce8d0b511dcde11cce81f876903563ec821214d02f8cba1c2751b530f18adb4274cf7b5a60dbe8eede2d73396aa14d727e37ec8a6ae26a99c17266dce126d055116e1613bb90f0057d009bb80ba2e54a343d1edda7d2a6680cb496a99f834071b1b407a0a1576b7067dcb27a0ac723581a6f427eaa40cefde53985705d07e555c82dd010755d2461716a64ea13a1cddcbe4daf4ca6b0ccb8c4a97b74aad60c61bafa64a91f9379b4551379de74e0bf499937ae0888df79b5303ba981b3a4f30e4dba2296687fface64fb8d1b5da3cf171eb0a4976f686e8a4242aef0eb97cf41d6527690a478118c690b95423a0f74cd709493902ab65fbd2b1a7e1db4e75acc05dff39ce22e4a71fd21a5d86210a94e9e71b3e6fe554237ce8994fdbee6b3312b200edb1d9f8d476fdc8caa4eb9a9c4519a9aa51ff5807fc296764b798bb03dfa3526430fd4fc6757e7b976e9184923f5067210e2f9262ac836592a09d1a18b9491a2d46d660", 0x1000}, {&(0x7f00000011c0)="b7bdd2f29c0466c6498d6c1889d111b9353268fa85fae6c6b31ed85ac5c34698747245d2f540468f042929581387dc741da3a4ac3663c7f091234c94e6f1c704ce1208c77196383c836eddd6e86abf12af662a5b4565cf1c019f7551c9f93c0979d9a73c57a9772c0fa36facb2fb85faa03ae7d65cb8b167a6b07c303a968df62efbc7e70d6f77729d301a89ed7ed05a8771ed6bc33c61915a31eec909482faf1848538b7b03bf3eb000c7a35d586b1a019ec134ec2af5607299c43421145c11485b3a075ad94524a0f3eb48eef4e49719a9c241f641b36a7e19eabad68b60a4f39c890629ee5905cf4a369a8575a0f48cd2aedea5607a0f0578fdec415e4acb0bce95f6dbe33adb961d251277231ae2d6c6d67fa7c3515d7bef9b2aa677b4e9edcbdc7dd2acdd648f59cdfe0362db6d064285b3d8475628f040e239596a57e62f9d5dd300d9a699de6ca077fa66bc116f670a3dcf8cb278b68d84548eefe88a394f139d90c70cc443ec448140a84cd4617faa2591b42b542e16f942f3ca112b49427503b4279d8b5b701b88fcc6e025ad78a828ae281e1dbd2e29512532d008f86ebff95f5cd0dc72e2bfe6645c4bea483482a3bb60df62671687c64f44a823ebb779fd255e1500a9e9904b1dc53986015614b6fb783f6d8eab3a6c61b4859eec3c4ab98ece4afca380c44fb5a93c0785cfebfeb3e94b583f9e6c1b41a447ba5113f3b8738f48964d745e520fbd47e41be6bd012aee963bc948f61ee7ee21e3ad7bb1701becdcfa07cdeef331a3a01b4ea4649780b1502fc9c0571cc579e0570575d409451797be49ff6f759b05eebd79cf3b78ecba23c0c62542011cc2e973cf415aa6413552fc0623a50e25a0a81dbca14a9897778ebfe21c4709458741c047a7519f66d8442f7d576f0ccacf3e2fcfeeeeab667c182eaea804027ac4cbaf37b64019bfe664a28c9a0512bce4447f6f22ca055f2f79d17ce73488dfa166c5c3f070da4c338cef06d7c33ac2d43e485dd38ed5b6d6c5bbb02619cae1aabb6781c83e212572eadd9da93428eb310f0d0fd9a80ef5f05fa52e9149cd98e5595550d95a66027227fb590641ca73acbf49581347e0e369efbb3012a97f676ccf8f3f55ee17db7013362eb490e413cb863a8c6fbda8b1ce565b14f287c57f924793b8d7ab8d85d9b6207a005adc92656d6d29b3537969c0269c3647ecb0d4e6d1fa8c0ec6175b2695baddec37ba2437a4bf3aa5c002699393ceeca14d4c85d98996e8991f1c4574dc1d18b01a4b6c20f54702cd5b2ae6bd00356f6091c87722b56dcd2cc2ef850c15f79a4f20fe6836d53b1741f40fa6715f1b3010ef9401a56f7dcf82bf5acc6bf3bcbec06975312c76c7446e15028f7787ba05001ab604d400888bd3d642fd5462202bccaf1691c2cf69df2af1ec4a4490a80bc7fb5a5bbb3a077ccfd3076bc5ccd287ed77ae2ae4cfa189d37c16c6e1d58f12e0cd900e1bcfab01d2116d3ef86999a4c05dc644a0f2d0e6530be9901adda1e26821f199996a7276d7294b76fccbf9dbd8423d6ebc99cd62a3d65e76d032f5bee61b9b81da1fbf801d6cc608b25774119499fc6e1bcbece04910f005f1615e02d40b1ea8451a523beb16dcee468d9b9bda957ff025f4d73a4c30a0cd96a4a5dd6fcde0c44c77fabcd7d6a1417d7b4a34ded52dcd66df2e3c08a5aea9a8cddc1cdd503cc051aaa47c72e83645f96e663ed61e1534aac22c1f191b56d25a2bd6d905caaffc72ecbd6e960d7cdbd3a70512750ce4864203d0767a7e3cbe168211c82fce29da5d7107202043b0d3afe61c4311dab83ea03ba92946d43237e49748babc76564f90a99391faadc84953d0dc67d51b8f654d642d7e8fa7c84403b41abfbe8b3f71000874992475305c7af77b4b17910c23a8a7794c1ee51f3bd6a1f98a25a6da22c811eaa6bd0ad8d19ecc8bfcffb18e48402478d3c8fd4f30f86d8786bb1400683daa0a41cf61eb6019288f1393b91eea2e7fa7c1f894c8ab45a1a18d23a0151138b8adafe6dab57984b61ea5374c5f4531baa1ad10504062681ab191218faa149e606c3d022000d43f63abc8539775746511e44a3d7452c9d8c75a088c23a4eebe41abc53f3561cbae784487f35136cff1baef8bcac0f439db081765a43d84063bafd1fd38690449d40d1d60e82e3760b09888481430e92233ca162d32a5dc5dae1e0a2ce8a1a19e2ba156092331a782c557ee01a7fc3d40d10ed6dc818b1f6465d5ef0154d1a51ca723e0e66ed51c014169e89e8a11bf75ed2303434671ecc85eaf23481f2650e408a829e602d4d0bff2699abd22d3d1baa62ede6cca8fbfaa18eb254ae4363b4899911148e48158a15b0e915e4cb9f1063dbb0af8348552b754a0f67eea430ac4763f7d7acf600fd1ab051b5085445086ac7a7505c1d3cd3a65f13abe1ad759f2b9dc2b462b1dfdc5df8a41b54ef325f2369d667fd3713fbb8eb84cd0601a6398577463349e0b13c9e3967bf8f5df03f8705456b454d4158347eb77c6616b0272b4263cf63bd10bebe66aecdaa2e613ad17b029fab025ef880a5415fb314a75e3909909ed4c47da8720da3d24483f73fcc9017a5cd3d32e196f83c6840f23d710e8d6204be965116168364b6a7f9190bc9fb8ec0fb598af7a73488a08e23be56e5b0966151efeb08c0307d96a1d515e347c5162e55d5924606986fb956beb1d258a8395b3875af40d0e4569b4f2ac7a3efcb350d0d323f359a9d0a8b5d37d156cfeb806218941a9fa5eceec1563097fe16670caa320aa83d7e395abd85b5e15ef53387674b6501b0d5edec403bb690751604163e65a2c853b6feacc10173a533e1ac5b1f938f25c6e3a3679446429c5a83af90187d5b31d4b82914562d2ab5987ae8efa8e00b41a463de9998717a2cd6a8c66b75d85e5e6aa4b52a8effaa2bb5210c2787d922699559aef9f536f83144eabeaa29510f03698c8cba07d5aaa0a22740e886ead09a21fd35f0f9045045cb318ff3cc5896d6c4d11393384d484db64c9bd18d53eecf86012fc909e38cc5d1839723698bbfa5b5eaa0d34c10cbef089d6d35a861704dce9b85788a291a82cee33615f163fa6be5ae3fe47be8698c92262dc9abfa5f02534c3916f32c793f2028f02fc4c92750a07aa82170c3bb4ee88898f57cc77f16976417e53ceac2d18bc1e31a4410476fa34f98329a839f6b2a1e3728a4768b3cde149014918c9084091f924bee67f8baab00e31b464886fee3ce8b873d0e7e485c8519ee2cba6233205012494bb61cdee803877a7b35f71948747b8ace37b82abc6358c08f6e22095f1f076424cefd2e1280de6bf006ed31c6bc20e1f40a023b91a2f44c3965c5da27a76cbc2dd42c28dea0b4a2670fc477611da55f57796955853b8fe14d56ae731f214f3b8c9fa2e7503b528f7c2e9adafedb2425f82e095827b39e8317d0180bab98a502f2e59451e4b6d7fdc97c669b814c553ad487c500826902e68c650165468da4eec4f57556a987c4d9a516eac024e0cf5171a4b42020d0e83ec345e99e96bdaec75b4259b52d3fc3c13bebaca52a33fb3e52c9bf983087a63381c55b435ae5433425e6b5c0c77b1f1b61d96df743f4a004647272886097efb46186e085054acb25b947b6bbc685efc773d29bc12853d78994a0b7ddb4c5ffc7b621d67c2f5c9aa9f070f01bd1bb0019d1f31355eafb7a1707b3f4b401c5f872b2429337c5764c495f4f3be6f3cab74a69542b5e451097059c3915d09cad4a5d23d13cab2027791b37b5d7d3fa4a660ed0e78253a41b58d714aef94830ff2547c6745fdfc5ad854d77073172e4b47d9658b270ca22fc713bfdd37fc65f2ab7c10229b231dd114011837b6e89d1a60c3b23c4b2b7b1e26f2232b3c50b57d950decd21ecbc53bc1438ed214a7a1ac1b4345f9f24e22bf3e34738cb801850b2b84dfa566e7b985049fc924d259546606c121beb41fd6978beff3e74f9090cf0920247eb089e20441464cd8bd312f308b950782cc5d91dae3037ed386e5e1fde7b1cb246a417930b7e2b99dc105b2d5d088a4b459cf08a56753f108bbdde2071cf91a662871c758d47587ef06e9fb4f4e13ebb493176f640fd7957dd97987c0da8d3f4db874bbe6759e2cbb907fdd41427b5932aea851f9bb24752efd08437430af57cf2e0d172bb8f7da601cd1bd90f6b254ea3a6169bf69f79578932c325d900a6fc1e9ca8719fa8af0019fc4e7713dd1ed0c691134f7260a79afcc0e3c561874991d247c1d8f12debb1e59b1536aa68ccfd680cdb8777d21c66f689723da954dc04679ad07ad106e62ccd2d74df38a071ba50f1efc7ed9b1e74674db80e5956e8771d50987b0e6783f4b3dba290c1da372922bb2d7eef95960971bbf3f3eb378c9651cb5c96bc758b7a46ed8b8dd3afa7086eebce4b9e49c0e5497440e2c3809a4fa698e7e5dd9a9b25c64c85594f9d317b0469cb111581abcaf178cf27a4b942c5abde46b1b166b6c10e995e2e6bd51cb690acbfaf95e0ee938396ccc3c3dbdde7799719d1ba35a2c842fbb23f375cece88058dbccecd297319ab5ded1c1721d67e1db6b8cd83feec89360369ddd236a0b177ce1b918a544d815fa98fbb160f0e00d61c14ab89da85d72d0bb3e2b6068211435fbed31d8428abb3dcc145be22f314d37c2890cc5491398697e26ab3fad8e8531bdccfc1cf4b9ac937c9f8709a29b7c92cef1180f2e89d2f12f6e0a948abd39d5128ada309a37b9bf237be1a0976905df0ed9932882b753ebc6b5a81f971bcb43f7508a03ae570a5f4e3e3621aa0d66ea742e958aec1e1aeebab14ed5ac859193f26094ccd9101edf4985eb51d51c83928a0f257a5f27ae147bd7e0f5317f8b74ebe4f1e943ef2f5ca93c997897536aa83fcb1db17acaa3deb419dc5e2723847a217046e9562e76212c340ed9035f7facde6904455187a02a7ac3b3003d66a958d1ac8a5187cc502bdc3436b1284592632b4902fb60fde013cebd1377042bda82815cfd0fe0883df7080e4910ed6b11e5a8a77cbf7e4457c706db7f8130c2d763c3b918861cd2566b8f4727523bcc2b2da34d75ab1d1eb5fb0a806c95ea793c9fd24161bf9a2b5ac6b680e554266cf4fbae13b8c5f27fc2dee5dde4ae9dff65e16686bbaf8f7940c619700a74240ea6abbed85760307b747f2e76deb7ec0aff56a261b9b3ff436bd2fd0418375cb9d63a1f00c818b18cebb1601b50227b07c7a11169a4bb73d0e39208571f7d9b933ae80b986a8d638adcbada8cec3081064f28f3ce04eea6c43ef4b177aa66adddbc7c5fff1ad21f2c6afb7a6bc1305407b93acde3fab01053007f521f8d05c5e934e01a930331129655be4a38094367b8e24202b129f18ee494bce79298f15e7db2f4543b82afc83383f0364f6b26097dc3edb2958a03e1090a26a8d85d9ce912ae32e0abf9074ea0328cf96c7a915d43390cd6bbf2ba7333095ef6cbf16d85e7dafdea9aef0a0d0cfc15f4e1f15d853a92e0d8efebfb40adbd9ee341c003efeb37386a734c04b317e2befcc4afb802a9306478bae54c29dd0ef10eb5808143589dce57ba60d84dd2349b3107a8a2e4869ef8c4f93162507b3c1f3d41bbf79b80e6d68aa4822772c7ccba47b076a68966d7323885ac08d46dea2ae910ae864de7e0c3579958f10cc1b2f9b6004d46ec4f71bedcf4cbe3f22dfbb47165bda64cd7aa3349e36e59e7be677c473314be75515e20d51c8c571041e30efad3b0a0a6c261221d2072a4bc32c348d6b3e0b014d", 0x1000}, {&(0x7f0000000040)="4ab24e8ce3e54a02435286e75792a9256b6dadb8b813374fa6bd89af3927b8fef7afd70c3aedc1eb1201da2e6efa66445e9a753b86356d80c0a330589607a6c5ad79adf924b0", 0x46}], 0x3, &(0x7f00000022c0)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {r1, @multicast1, @remote}}}], 0x20}, 0x24020890) 17:06:01 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000580)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = socket$inet(0x10, 0x3, 0x0) sendmsg(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000400)="24000000260007031dfffd946fa2830020200a2509000000001d85680c1ba3a20400ff7e280000001c00ffffba16a0aa1c0009b3ebcd774a3c374a095dca5285307eadea8653a1cc7e63975c", 0x4c}], 0x1}, 0x0) 17:06:01 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000200)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in6=@ipv4={'\x00', '\xff\xff', @broadcast}, 0x0, 0x32}, @in=@dev, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1400000000000000}, {}, {}, 0x0, 0x0, 0xa, 0xd104, 0x0, 0x24}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0) 17:06:01 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.events\x00', 0xb00000000065808, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000140)) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(r2, &(0x7f0000000000), 0xb1d000) ioctl$FITRIM(r0, 0x4030582b, &(0x7f0000000080)={0x80000, 0x800004, 0x40000010000}) 17:06:01 executing program 0: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.events\x00', 0xb00000000065808, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000140)) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(r2, &(0x7f0000000000), 0xb1d000) ioctl$FITRIM(r0, 0x4030582b, &(0x7f0000000080)={0x1a00600, 0x800004, 0x40000010000}) 17:06:01 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x6}, 0x0) r0 = open(&(0x7f00000001c0)='./bus\x00', 0x145842, 0x0) r1 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fcntl$setstatus(r0, 0x4, 0x2000) lseek(r1, 0x7fff, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r3, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r2, &(0x7f0000000000), 0x10000}]) r4 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) getdents(r4, 0x0, 0x18) flock(r4, 0x2) r5 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) r6 = creat(&(0x7f0000000040)='./file0/file1\x00', 0x0) write$cgroup_type(r6, &(0x7f00000009c0), 0xd4ba0ff) preadv(r6, &(0x7f0000000100)=[{&(0x7f00000002c0)=""/212}], 0x7, 0x2, 0x3) setrlimit(0xb, &(0x7f0000000140)={0x2, 0x64c}) sendfile(r1, r5, 0x0, 0x8400fffffffb) getpid() sendfile(0xffffffffffffffff, r6, 0x0, 0x2) 17:06:01 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000200)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in6=@ipv4={'\x00', '\xff\xff', @broadcast}, 0x0, 0x32}, @in=@dev, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1700000000000000}, {}, {}, 0x0, 0x0, 0xa, 0xd104, 0x0, 0x24}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0) 17:06:01 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000100)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1000002, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod$loop(&(0x7f00000000c0)='./file0\x00', 0x6000, 0x1) openat(r0, &(0x7f0000000000)='./file0\x00', 0x4002, 0x1e0) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f0000000100)=@filename='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='ext2\x00', 0x0, 0x0) r1 = syz_open_dev$vcsn(&(0x7f0000000040), 0x9, 0x20040) close(r1) [ 666.119460][T20999] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.2'. [ 666.133597][T21000] EXT4-fs (loop7): VFS: Can't find ext4 filesystem [ 666.147836][T21007] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.2'. 17:06:01 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000580)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = socket$inet(0x10, 0x3, 0x0) sendmsg(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000400)="24000000260007031dfffd946fa2830020200a2809000000001d85680c1ba3a20400ff7e280000001c00ffffba16a0aa1c0009b3ebcd774a3c374a095dca5285307eadea8653a1cc7e63975c", 0x4c}], 0x1}, 0x0) [ 666.210775][T21015] EXT4-fs (loop7): VFS: Can't find ext4 filesystem [ 666.227066][T21019] EXT4-fs (loop7): VFS: Can't find ext4 filesystem [ 666.238318][ T1034] loop2: p1 p2 p3 p4 [ 666.244905][ T1034] loop2: p1 start 10 is beyond EOD, truncated [ 666.251030][ T1034] loop2: p2 size 1073872896 extends beyond EOD, truncated 17:06:02 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000100)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1000002, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod$loop(&(0x7f00000000c0)='./file0\x00', 0x6000, 0x1) readlink(&(0x7f0000000000)='./file0/file0\x00', &(0x7f00000001c0)=""/4096, 0x1000) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f0000000040)=ANY=[@ANYBLOB="2ecfeacfccd8bd71431a6e5fb64e0221f297ed2a0711a9e9dc14f47d38f7d34053939cf1bf5757c662eb3e8864166eb2e9bf085947761ae7438729612f2ac1"], &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='ext2\x00', 0x0, 0x0) 17:06:02 executing program 0: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.events\x00', 0xb00000000065808, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000140)) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(r2, &(0x7f0000000000), 0xb1d000) ioctl$FITRIM(r0, 0x4030582b, &(0x7f0000000080)={0x2000000, 0x800004, 0x40000010000}) 17:06:02 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000200)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in6=@ipv4={'\x00', '\xff\xff', @broadcast}, 0x0, 0x32}, @in=@dev, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000000000000}, {}, {}, 0x0, 0x0, 0xa, 0xd104, 0x0, 0x24}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0) [ 666.260346][ T1034] loop2: p3 start 225 is beyond EOD, truncated [ 666.266608][ T1034] loop2: p4 size 3657465856 extends beyond EOD, truncated [ 666.298365][T21029] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.2'. 17:06:02 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.events\x00', 0xb00000000065808, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000140)) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(r2, &(0x7f0000000000), 0xb1d000) ioctl$FITRIM(r0, 0x4030582b, &(0x7f0000000080)={0xa00600, 0x800004, 0x40000010000}) 17:06:02 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000580)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = socket$inet(0x10, 0x3, 0x0) sendmsg(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000400)="24000000260007031dfffd946fa2830020200a4809000000001d85680c1ba3a20400ff7e280000001c00ffffba16a0aa1c0009b3ebcd774a3c374a095dca5285307eadea8653a1cc7e63975c", 0x4c}], 0x1}, 0x0) 17:06:02 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000100)='/proc/self/exe\x00', 0x0, 0x0) clone3(&(0x7f0000000380)={0x842880, &(0x7f0000000000)=0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000080), {0x26}, &(0x7f00000001c0)=""/205, 0xcd, &(0x7f00000002c0)=""/86, &(0x7f0000000340)=[0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff], 0x4, {r0}}, 0x58) mmap(&(0x7f000071b000/0x1000)=nil, 0x1000, 0x2, 0x100010, r1, 0xf037a000) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1000002, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod$loop(&(0x7f00000000c0)='./file0\x00', 0x6000, 0x1) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f0000000100)=@filename='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='ext2\x00', 0x0, 0x0) 17:06:02 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000200)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in6=@ipv4={'\x00', '\xff\xff', @broadcast}, 0x0, 0x32}, @in=@dev, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2813312849000000}, {}, {}, 0x0, 0x0, 0xa, 0xd104, 0x0, 0x24}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0) [ 666.396605][ T1034] loop2: p1 p2 p3 p4 [ 666.401657][ T1034] loop2: p1 start 10 is beyond EOD, truncated [ 666.407772][ T1034] loop2: p2 size 1073872896 extends beyond EOD, truncated [ 666.426290][ T1034] loop2: p3 start 225 is beyond EOD, truncated [ 666.432501][ T1034] loop2: p4 size 3657465856 extends beyond EOD, truncated [ 666.438064][T21055] EXT4-fs (loop7): VFS: Can't find ext4 filesystem 17:06:02 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000100)='/proc/self/exe\x00', 0x0, 0x0) r1 = getuid() mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x208400, &(0x7f00000001c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB="a5000034a12523", @ANYRESHEX=r0, @ANYBLOB=',cachetag=)(%%\'#,dfltuid=', @ANYRESHEX, @ANYBLOB=',privport,debug=0x0000000054b1e932,measure,smackfstransmute=ext2\x00,fsmagic=0x0000000000000006,mask=^MAY_EXEC,func=CREDS_CHECK,euid>', @ANYRESDEC=r1, @ANYBLOB=',obj_type=%@@,fscontext=sysadm_u,fsname=&-,seclabel,\x00']) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1000002, 0x12, r0, 0x0) r2 = creat(&(0x7f0000000040)='./file0/file1\x00', 0x0) write$cgroup_type(r2, &(0x7f00000009c0), 0xd4ba0ff) ioctl$sock_SIOCSIFVLAN_GET_VLAN_REALDEV_NAME_CMD(r2, 0x8983, &(0x7f0000000080)={0x8, 'bridge0\x00', {'vxcan1\x00'}, 0x800}) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod$loop(&(0x7f00000000c0)='./file0\x00', 0x6000, 0x1) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f0000000100)=@filename='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='ext2\x00', 0x0, 0x0) [ 666.464287][T21059] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.2'. [ 666.488456][T21057] EXT4-fs (loop7): VFS: Can't find ext4 filesystem [ 666.561897][T21076] EXT4-fs (loop7): VFS: Can't find ext4 filesystem [ 666.583969][ T1034] loop2: p1 p2 p3 p4 [ 666.588636][ T1034] loop2: p1 start 10 is beyond EOD, truncated [ 666.594795][ T1034] loop2: p2 size 1073872896 extends beyond EOD, truncated [ 666.603401][ T1034] loop2: p3 start 225 is beyond EOD, truncated [ 666.609615][ T1034] loop2: p4 size 3657465856 extends beyond EOD, truncated 17:06:02 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.events\x00', 0xb00000000065808, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000140)) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(r2, &(0x7f0000000000), 0xb1d000) ioctl$FITRIM(r0, 0x4030582b, &(0x7f0000000080)={0xf00300, 0x800004, 0x40000010000}) 17:06:02 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000580)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = socket$inet(0x10, 0x3, 0x0) sendmsg(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000400)="24000000260007031dfffd946fa2830020200a4c09000000001d85680c1ba3a20400ff7e280000001c00ffffba16a0aa1c0009b3ebcd774a3c374a095dca5285307eadea8653a1cc7e63975c", 0x4c}], 0x1}, 0x0) 17:06:02 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000200)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in6=@ipv4={'\x00', '\xff\xff', @broadcast}, 0x0, 0x32}, @in=@dev, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000000000000}, {}, {}, 0x0, 0x0, 0xa, 0xd104, 0x0, 0x24}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0) 17:06:02 executing program 0: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.events\x00', 0xb00000000065808, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000140)) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(r2, &(0x7f0000000000), 0xb1d000) ioctl$FITRIM(r0, 0x4030582b, &(0x7f0000000080)={0x2040000, 0x800004, 0x40000010000}) 17:06:02 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x6}, 0x0) r0 = open(&(0x7f00000001c0)='./bus\x00', 0x145842, 0x0) r1 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0) lseek(r1, 0x4200, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x1ff, &(0x7f00000004c0)=0x0) ioctl$BTRFS_IOC_DEV_INFO(r1, 0xd000941e, &(0x7f0000000a00)={0x0, "c4a2af99d80511ea54ae7bdd0e514ffc"}) io_submit(r3, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r2, &(0x7f0000000000), 0x10000}]) r4 = creat(&(0x7f0000000040)='./file0/file1\x00', 0x0) write$cgroup_type(r4, &(0x7f00000009c0), 0xd4ba0ff) lseek(r4, 0x5, 0x2) r5 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r1, r5, 0x0, 0x8400fffffffb) sendfile(r0, r0, 0x0, 0x8080ffffff7e) 17:06:02 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000100)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1000002, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = syz_open_dev$ttys(0xc, 0x2, 0x0) ioctl$FIONCLEX(r1, 0x5450) r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000040), r0) sendmsg$TIPC_NL_BEARER_DISABLE(r0, &(0x7f0000000280)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000080)={&(0x7f00000001c0)={0x8c, r2, 0x100, 0x70bd2a, 0x25dfdbfb, {}, [@TIPC_NLA_LINK={0x78, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x14, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x3f}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x800}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x3c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x4}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x18}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8001}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x80000001}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x2}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x1}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x8}]}]}]}, 0x8c}, 0x1, 0x0, 0x0, 0x40811}, 0x840) mknod$loop(&(0x7f00000000c0)='./file0\x00', 0x6000, 0x1) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f0000000100)=ANY=[@ANYBLOB="a1a1c2884944e41a"], &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='ext2\x00', 0x0, 0x0) 17:06:02 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000100)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1000002, 0x80010, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) write$binfmt_aout(r1, &(0x7f00000002c0)=ANY=[@ANYBLOB="0000e000ad000000480200007f0000007e03000002000200000000000000000047cc7e6643f1819d82dc60852f3729984cb08cf0130ffba1f5284d683597a8010aa30b587ad08c35c2ca4e3338e8d53c1b0ce08c51f5fa3cd11bed478f052c7c720ceb5ad31c1866e95ebf00517a85a53b22a131ae65754df5090fa58955c92cb9a75b0bd90892805abd969b10faba4bc29999c7f8a7f0fa5d3797e091e5041f4f12df41917c7e9962e705602ab4d86233edde3ef1914b253cf3f5c44d63f60c5b8f9ba2da9d7dc92f38a488fdb641e153dd7e97eb2f7448f3adfcc8fe3246088cbb1dc9f53dd9ec0c924cee1dad927d3ca7eab8a571ad53f7185dfb78f72988eb2040e5421522bbe94dc188ee4dac277fd998885bf373c696e31efdb7eaf452384f6287efd49277b162cc033bee44c08975a4822d77e936b85a76a40fb174fddc9c01a3251598141d8117416c7a21d9cf38e7dde058f96947adf566bb7cedb9538fb154958569d35e004c80478943bbf8cd02b976bae71bb57e9521dc95b273b32e4b65ea5cfe7023d3516246f46e581abbad7f6c7dc9b009c9c9512349c383794d86a125d9e44635843e07b2f4af2c"], 0xb8) mknod$loop(&(0x7f00000000c0)='./file0\x00', 0x4, 0x1) r2 = creat(&(0x7f0000000040)='./file0/file1\x00', 0x0) write$cgroup_type(r2, &(0x7f00000009c0), 0xd4ba0ff) getpeername$unix(r2, &(0x7f00000001c0), &(0x7f0000000240)=0x6e) ftruncate(r2, 0x7fff) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) rmdir(&(0x7f0000000280)='./file0/file1\x00') mount(&(0x7f0000000100)=@filename='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='ext2\x00', 0x0, 0x0) [ 667.107903][T21097] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.2'. [ 667.136950][T21104] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.2'. 17:06:02 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000580)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = socket$inet(0x10, 0x3, 0x0) sendmsg(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000400)="24000000260007031dfffd946fa2830020200a6009000000001d85680c1ba3a20400ff7e280000001c00ffffba16a0aa1c0009b3ebcd774a3c374a095dca5285307eadea8653a1cc7e63975c", 0x4c}], 0x1}, 0x0) 17:06:02 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000200)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in6=@ipv4={'\x00', '\xff\xff', @broadcast}, 0x0, 0x32}, @in=@dev, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8006000000000000}, {}, {}, 0x0, 0x0, 0xa, 0xd104, 0x0, 0x24}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0) 17:06:02 executing program 3: r0 = openat$ptp0(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) flistxattr(r0, &(0x7f0000000080)=""/97, 0x3725407ed62b4039) ioctl$PTP_SYS_OFFSET_PRECISE(r0, 0xc0403d08, &(0x7f0000000040)) r1 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, &(0x7f0000000280)=0x5) fchown(r0, r2, 0xee01) mount$9p_tcp(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', &(0x7f0000000080), 0x32802, &(0x7f00000001c0)={'trans=tcp,', {'port', 0x3d, 0x4e22}, 0x2c, {[{@cache_mmap}, {@noextend}, {@uname={'uname', 0x3d, 'ext2\x00'}}, {@cache_fscache}, {@cache_none}, {@access_any}], [{@subj_role={'subj_role', 0x3d, '*-@:%&-@'}}, {@defcontext={'defcontext', 0x3d, 'system_u'}}, {@fsmagic={'fsmagic', 0x3d, 0x9}}, {@mask={'mask', 0x3d, 'MAY_READ'}}, {@smackfsroot={'smackfsroot', 0x3d, '\\'}}, {@measure}, {@fowner_lt={'fowner<', r2}}, {@smackfsfloor={'smackfsfloor', 0x3d, '+#'}}, {@smackfsroot={'smackfsroot', 0x3d, ',.*'}}]}}) r3 = openat(0xffffffffffffffff, &(0x7f0000000100)='/proc/self/exe\x00', 0x0, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod$loop(&(0x7f00000000c0)='./file0\x00', 0x6000, 0x1) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f0000000100)=@filename='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='efs\x00', 0x0, 0x0) [ 667.209049][ T1034] loop2: p1 p2 p3 p