&(0x7f00000002c0)=[{&(0x7f0000000180)="040005090000000066617400040409000200027400f801", 0x17}], 0x0, &(0x7f0000000080)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') r0 = open(&(0x7f00000000c0)='./file0\x00', 0x40c2, 0x0) write(r0, &(0x7f0000001400)="bb", 0x1001) r1 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r1, &(0x7f0000000300)=ANY=[], 0x116) sendfile(r1, r1, &(0x7f0000000240), 0x7fff) creat(&(0x7f0000000100)='./file1\x00', 0x1a2) sendfile(r1, r0, &(0x7f0000000080), 0x684aa014) write$binfmt_script(r0, 0x0, 0x60) ioctl$FS_IOC_GETFSMAP(0xffffffffffffffff, 0xc0c0583b, &(0x7f0000000300)=ANY=[@ANYBLOB="000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000300000001000000ff00000000000000d71f1e0500000000080000000000000039000000000000000000000000000000000000000000000000000000000000009e0f0000c70000000800000000000000000000000000000000000000000000000200"/320]) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) gettid() wait4(0x0, 0x0, 0x4000000a, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000002c0)="0f34", 0x2}], 0x1, 0x0) 11:12:23 executing program 3: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f00000000c0)='./file1\x00', 0x7aca, 0x1, &(0x7f00000002c0)=[{&(0x7f0000000180)="040005090000000066617400040409000200027400f801", 0x17}], 0x0, &(0x7f0000000080)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') r0 = open(&(0x7f00000000c0)='./file0\x00', 0x40c2, 0x0) write(r0, &(0x7f0000001400)="bb", 0x1001) r1 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r1, &(0x7f0000000300)=ANY=[], 0x116) creat(&(0x7f0000000100)='./file1\x00', 0x1a2) sendfile(r1, r0, &(0x7f0000000080), 0x684aa014) write$binfmt_script(r0, 0x0, 0x60) ioctl$FS_IOC_GETFSMAP(0xffffffffffffffff, 0xc0c0583b, &(0x7f0000000300)=ANY=[@ANYBLOB="000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000300000001000000ff00000000000000d71f1e0500000000080000000000000039000000000000000000000000000000000000000000000000000000000000009e0f0000c70000000800000000000000000000000000000000000000000000000200"/320]) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() wait4(0x0, 0x0, 0x4000000a, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000002c0)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r2, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0, 0x34}, {&(0x7f0000000000)=""/3, 0x3}], 0x3, 0x0, 0x0, 0x0) tkill(r2, 0x3c) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x48, &(0x7f0000000300)="f43970da7cfeb6d42fd55103666c5762306aa6000000006e59b65f92b10000c571b846e84785185abde7d01894a79025a799ce07a8bdf0c91d32be313b558a8b5a3ae6a22cd7123b"}}], 0x1c) [ 273.579282][T25561] loop1: detected capacity change from 0 to 262160 [ 273.580471][T25562] loop4: detected capacity change from 0 to 61 [ 273.589639][T25563] loop0: detected capacity change from 0 to 61 11:12:23 executing program 4: r0 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r0, &(0x7f0000000300)=ANY=[], 0x116) sendfile(r0, r0, &(0x7f0000000240), 0x7fff) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r2 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r2, &(0x7f0000000300)=ANY=[], 0x116) sendfile(r2, r2, &(0x7f0000000240), 0x7fff) syz_mount_image$msdos(&(0x7f0000000040), &(0x7f0000000080)='./file0/file0\x00', 0x7aca, 0x0, &(0x7f00000002c0), 0x0, &(0x7f0000000100)=ANY=[@ANYRES32=r0, @ANYRES16=r0, @ANYRESHEX, @ANYRES32=r1, @ANYRESOCT=r2, @ANYRESOCT, @ANYRESHEX]) chdir(&(0x7f0000000000)='./file1\x00') r3 = open(&(0x7f00000000c0)='./file0\x00', 0x40c2, 0x0) write$binfmt_script(r3, 0x0, 0x8800000) 11:12:23 executing program 1: getpid() syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) r1 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x401ffc000) 11:12:23 executing program 0: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f00000000c0)='./file1\x00', 0x7aca, 0x1, &(0x7f00000002c0)=[{&(0x7f0000000180)="040005090000000066617400040409000200027400f801", 0x17}], 0x0, &(0x7f0000000100)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') r0 = open(&(0x7f00000000c0)='./file0\x00', 0x40c2, 0x0) write(r0, &(0x7f0000001400)="bb8f9f640903127a53527c6fbfe65d43b0e0586f2d40c7e7df58cac83420e83662d6e39bb6d5430622431454eedeeaee423d8f210bc3525fa7927c18d5fbc91ab13c2041136047d8da9375934d00f325499bfe77", 0x54) write$P9_RSTAT(r0, &(0x7f0000000240)={0x54, 0x7d, 0x0, {0x0, 0x4d, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0, 0x0, '', 0x6, 'msdos\x00', 0xa, '/dev/vcsu\x06', 0xa, '\\j}/*/|,\x13('}}, 0x54) [ 273.662574][T25563] handle_bad_sector: 11 callbacks suppressed [ 273.662591][T25563] attempt to access beyond end of device [ 273.662591][T25563] loop0: rw=2049, want=64, limit=61 [ 273.666902][T25584] loop5: detected capacity change from 0 to 61 [ 273.725841][T25584] attempt to access beyond end of device [ 273.725841][T25584] loop5: rw=2049, want=72, limit=61 [ 273.740997][T25584] attempt to access beyond end of device [ 273.740997][T25584] loop5: rw=2049, want=80, limit=61 [ 273.761644][T25603] loop1: detected capacity change from 0 to 262160 [ 273.769119][T25604] loop0: detected capacity change from 0 to 61 [ 273.778353][T25584] attempt to access beyond end of device [ 273.778353][T25584] loop5: rw=2049, want=80, limit=61 11:12:24 executing program 2: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000240)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = getpgrp(r0) sched_setattr(r1, &(0x7f00000004c0)={0x38, 0x0, 0x1000004b, 0x1, 0x4, 0x0, 0xff, 0x400, 0x7, 0x8}, 0x0) r2 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ioctl$FS_IOC_SETFLAGS(r2, 0x40086602, &(0x7f0000000040)=0x8) r3 = creat(&(0x7f0000000380)='./bus\x00', 0x0) r4 = open(&(0x7f00000000c0)='./bus\x00', 0x14d842, 0x0) r5 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r4, r5, 0x0, 0x80000008) lseek(r3, 0x7ffffc, 0x0) r6 = syz_mount_image$msdos(&(0x7f0000000100), &(0x7f0000000140)='./bus\x00', 0x5c, 0x3, &(0x7f00000003c0)=[{&(0x7f0000000180)="64db4ce1ec3e392489bcd5c5d6b4eaf8f079ec6a3ab76ac938c94f59cecadef91d15010afd114dc59ad3859823ef734140100985ab6d1750697ccd4805d4850299074d13c0760af272b1bb8435b9e014fc1480dd648b0f9dc8a4285cfed5cc20dcf90c82a044618e9104b33dcd1d", 0x6e, 0xd29}, {&(0x7f0000000200)="a845f384c7", 0x5, 0xfffffffffffffffe}, {&(0x7f00000002c0)="5fc3982e94ba9b436df6f41ac70f12f22c08d3eb17d1b9a0b82aacc37c01fe59a30c175045e0f1917961585babce59cb8250c930a5ad3f38607d150f82505855d4dea95a9c5aff9c9fd40d8254a5ba130dda12269a8f5376a646c0b0f648e37988c7d100cf39c7ed91250997ada6ce49c0eef142fb45f6bb", 0x78, 0x7fff}], 0x0, &(0x7f0000000440)={[{@dots}, {@nodots}, {@nodots}, {@dots}, {@nodots}, {@dots}, {@dots}, {@dots}], [{@obj_role}, {@defcontext={'defcontext', 0x3d, 'unconfined_u'}}, {@smackfshat}, {@permit_directio}, {@seclabel}]}) fchmodat(r6, &(0x7f0000000340)='./bus\x00', 0x42) write$binfmt_elf64(r3, &(0x7f0000000000)=ANY=[], 0xfd14) 11:12:24 executing program 1: getpid() syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) r1 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x401ffc000) 11:12:24 executing program 5: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f00000000c0)='./file1\x00', 0x7aca, 0x1, &(0x7f00000002c0)=[{&(0x7f0000000180)="040005090000000066617400040409000200027400f801", 0x17}], 0x0, &(0x7f0000000080)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') r0 = open(&(0x7f00000000c0)='./file0\x00', 0x40c2, 0x0) write(r0, &(0x7f0000001400)="bb", 0x1001) r1 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r1, &(0x7f0000000300)=ANY=[], 0x116) sendfile(r1, r1, &(0x7f0000000240), 0x7fff) creat(&(0x7f0000000100)='./file1\x00', 0x1a2) sendfile(r1, r0, &(0x7f0000000080), 0x684aa014) write$binfmt_script(r0, 0x0, 0x60) ioctl$FS_IOC_GETFSMAP(0xffffffffffffffff, 0xc0c0583b, &(0x7f0000000300)=ANY=[@ANYBLOB="000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000300000001000000ff00000000000000d71f1e0500000000080000000000000039000000000000000000000000000000000000000000000000000000000000009e0f0000c70000000800000000000000000000000000000000000000000000000200"/320]) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) gettid() wait4(0x0, 0x0, 0x4000000a, 0x0) 11:12:24 executing program 0: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f00000000c0)='./file1\x00', 0x7aca, 0x1, &(0x7f00000002c0)=[{&(0x7f0000000180)="040005090000000066617400040409000200027400f801", 0x17}], 0x0, &(0x7f0000000100)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') r0 = open(&(0x7f00000000c0)='./file0\x00', 0x40c2, 0x0) write(r0, &(0x7f0000001400)="bb8f9f640903127a53527c6fbfe65d43b0e0586f2d40c7e7df58cac83420e83662d6e39bb6d5430622431454eedeeaee423d8f210bc3525fa7927c18d5fbc91ab13c2041136047d8da9375934d00f325499bfe77", 0x54) write$P9_RSTAT(r0, &(0x7f0000000240)={0x54, 0x7d, 0x0, {0x0, 0x4d, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0, 0x0, '', 0x6, 'msdos\x00', 0xa, '/dev/vcsu\x04', 0xa, '\\j}/*/|,\x13('}}, 0x54) [ 273.820064][T25604] attempt to access beyond end of device [ 273.820064][T25604] loop0: rw=2049, want=64, limit=61 [ 273.838888][T25612] attempt to access beyond end of device [ 273.838888][T25612] loop5: rw=0, want=72, limit=61 [ 273.903115][T25623] loop4: detected capacity change from 0 to 61 [ 273.917697][T25625] loop1: detected capacity change from 0 to 262160 11:12:24 executing program 1: getpid() syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = open(&(0x7f00000001c0)='./file0\x00', 0x4e141, 0x0) r1 = openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendfile(r0, r1, 0x0, 0x401ffc000) [ 273.979776][T25595] loop4: detected capacity change from 0 to 61 [ 273.985888][T25640] loop0: detected capacity change from 0 to 61 [ 274.014930][T25640] attempt to access beyond end of device [ 274.014930][T25640] loop0: rw=2049, want=64, limit=61 11:12:24 executing program 4: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f00000000c0)='./file1\x00', 0x7aca, 0x1, &(0x7f00000002c0)=[{&(0x7f0000000180)="040005090000000066617400040409000200027400f801", 0x17}], 0x0, &(0x7f0000000080)=ANY=[]) chdir(&(0x7f0000000000)='./file0\x00') r0 = open(&(0x7f00000000c0)='./file0\x00', 0x40c2, 0x0) write$binfmt_script(r0, 0x0, 0x8800000) write$binfmt_elf64(r0, &(0x7f0000000300)={{0x7f, 0x45, 0x4c, 0x46, 0xff, 0xb6, 0x35, 0x4, 0x7, 0x3, 0x3, 0x4, 0x1f4, 0x40, 0x2bc, 0x6, 0x6, 0x38, 0x2, 0x20, 0x7, 0x9}, [{0x3, 0x8, 0x80, 0x2, 0x1cd60b4b, 0x10, 0x0, 0x89}], "e92f2dd78dc95d0dede3099ceea2820233bffee5d3a69b7909278c2c610fb1ad497239262e5d2da816899cbe1026ac1a1407d7933715346d3ba90d4e6c1a43569b9c0ac554b453b80dfff6614c18446599e2ee6ad58696f0f06479685e1d2ec5184b9277e70c105f6ff28998d2f42b24843164bb3bba848675bc148371294d847b05238413163cd8ef0a7f636cf31e19d7099cd25ae6f083b2a7eed1a408c3041d476ef44345b021df78da263c62451c8169c59aaa839083d2fa6f7a9a1ad640ccb391adaa2824de663aa70a0fd630b2061f2d8af0066a8e", ['\x00', '\x00', '\x00', '\x00', '\x00', '\x00']}, 0x750) 11:12:24 executing program 1: getpid() syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = open(&(0x7f00000001c0)='./file0\x00', 0x4e141, 0x0) r1 = openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendfile(r0, r1, 0x0, 0x401ffc000) [ 274.035859][T25648] loop1: detected capacity change from 0 to 262160 11:12:24 executing program 0: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f00000000c0)='./file1\x00', 0x7aca, 0x1, &(0x7f00000002c0)=[{&(0x7f0000000180)="040005090000000066617400040409000200027400f801", 0x17}], 0x0, &(0x7f0000000100)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') r0 = open(&(0x7f00000000c0)='./file0\x00', 0x40c2, 0x0) write(r0, &(0x7f0000001400)="bb8f9f640903127a53527c6fbfe65d43b0e0586f2d40c7e7df58cac83420e83662d6e39bb6d5430622431454eedeeaee423d8f210bc3525fa7927c18d5fbc91ab13c2041136047d8da9375934d00f325499bfe77", 0x54) write$P9_RSTAT(r0, &(0x7f0000000240)={0x54, 0x7d, 0x0, {0x0, 0x4d, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0, 0x0, '', 0x6, 'msdos\x00', 0xa, '/dev/vcsu\x00', 0xa, '\\j}/*/|,\x13('}}, 0x54) [ 274.091844][T25659] loop4: detected capacity change from 0 to 61 [ 274.168510][T25677] loop0: detected capacity change from 0 to 61 [ 274.181991][T25677] attempt to access beyond end of device [ 274.181991][T25677] loop0: rw=2049, want=64, limit=61 11:12:26 executing program 3: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f00000000c0)='./file1\x00', 0x7aca, 0x1, &(0x7f00000002c0)=[{&(0x7f0000000180)="040005090000000066617400040409000200027400f801", 0x17}], 0x0, &(0x7f0000000080)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') r0 = open(&(0x7f00000000c0)='./file0\x00', 0x40c2, 0x0) write(r0, &(0x7f0000001400)="bb", 0x1001) r1 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r1, &(0x7f0000000300)=ANY=[], 0x116) creat(&(0x7f0000000100)='./file1\x00', 0x1a2) sendfile(r1, r0, &(0x7f0000000080), 0x684aa014) write$binfmt_script(r0, 0x0, 0x60) ioctl$FS_IOC_GETFSMAP(0xffffffffffffffff, 0xc0c0583b, &(0x7f0000000300)=ANY=[@ANYBLOB="000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000300000001000000ff00000000000000d71f1e0500000000080000000000000039000000000000000000000000000000000000000000000000000000000000009e0f0000c70000000800000000000000000000000000000000000000000000000200"/320]) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() wait4(0x0, 0x0, 0x4000000a, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000002c0)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r2, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0, 0x34}, {&(0x7f0000000000)=""/3, 0x3}], 0x3, 0x0, 0x0, 0x0) tkill(r2, 0x3c) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x48, &(0x7f0000000300)="f43970da7cfeb6d42fd55103666c5762306aa6000000006e59b65f92b10000c571b846e84785185abde7d01894a79025a799ce07a8bdf0c91d32be313b558a8b5a3ae6a22cd7123b"}}], 0x1c) 11:12:26 executing program 1: getpid() syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = open(&(0x7f00000001c0)='./file0\x00', 0x4e141, 0x0) r1 = openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendfile(r0, r1, 0x0, 0x401ffc000) 11:12:26 executing program 4: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f00000000c0)='./file1\x00', 0x7aca, 0x1, &(0x7f00000002c0)=[{&(0x7f0000000180)="04000509000000b0274d0eb400666174000404b760ba44", 0x17}], 0x120000, &(0x7f0000000080)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') pivot_root(&(0x7f0000000080)='./file0\x00', &(0x7f0000000100)='./file0\x00') r0 = open(&(0x7f00000000c0)='./file0\x00', 0x101c03, 0x91) write$binfmt_script(r0, 0x0, 0x8800000) 11:12:26 executing program 2: mq_timedsend(0xffffffffffffffff, &(0x7f00000001c0)="d23dd80ee5b702207cb56a7c82c9d969c8876da993d0f408caada055f776829dfaff2e53c1e2b32beec264f5ed5356cf395d8a10aa69640e9b5d9385670532d6b366e8", 0x43, 0x0, &(0x7f00000002c0)={0x0, 0x3938700}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getrlimit(0x2, &(0x7f0000000100)) setrlimit(0x2, &(0x7f0000000140)={0xb601, 0xfffffffffffffc01}) r0 = getpid() sched_setattr(r0, &(0x7f0000000240)={0x38, 0x2, 0x5, 0x0, 0x5, 0x0, 0x0, 0x0, 0x1000}, 0x0) r1 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000040)=0x8) r2 = creat(&(0x7f0000000380)='./bus\x00', 0x0) r3 = open(&(0x7f00000000c0)='./bus\x00', 0x14d842, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r3, r4, 0x0, 0x80000008) r5 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r5, 0x0) preadv(r5, &(0x7f0000000280), 0x18, 0xd9f, 0x0) lseek(r5, 0x7ffffc, 0x0) write$binfmt_elf64(r2, &(0x7f0000000000)=ANY=[], 0xfd14) ioctl$KDGKBMETA(r3, 0x4b62, &(0x7f0000000180)) ioctl$BTRFS_IOC_START_SYNC(0xffffffffffffffff, 0x80089418, &(0x7f0000000300)=0x0) ioctl$BTRFS_IOC_WAIT_SYNC(r2, 0x40089416, &(0x7f0000000340)=r6) 11:12:26 executing program 5: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f00000000c0)='./file1\x00', 0x7aca, 0x1, &(0x7f00000002c0)=[{&(0x7f0000000180)="040005090000000066617400040409000200027400f801", 0x17}], 0x0, &(0x7f0000000080)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') r0 = open(&(0x7f00000000c0)='./file0\x00', 0x40c2, 0x0) write(r0, &(0x7f0000001400)="bb", 0x1001) r1 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r1, &(0x7f0000000300)=ANY=[], 0x116) sendfile(r1, r1, &(0x7f0000000240), 0x7fff) creat(&(0x7f0000000100)='./file1\x00', 0x1a2) sendfile(r1, r0, &(0x7f0000000080), 0x684aa014) write$binfmt_script(r0, 0x0, 0x60) ioctl$FS_IOC_GETFSMAP(0xffffffffffffffff, 0xc0c0583b, &(0x7f0000000300)=ANY=[@ANYBLOB="000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000300000001000000ff00000000000000d71f1e0500000000080000000000000039000000000000000000000000000000000000000000000000000000000000009e0f0000c70000000800000000000000000000000000000000000000000000000200"/320]) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) gettid() wait4(0x0, 0x0, 0x4000000a, 0x0) 11:12:26 executing program 0: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f00000000c0)='./file1\x00', 0x7aca, 0x1, &(0x7f00000002c0)=[{&(0x7f0000000180)="040005090000000066617400040409000200027400f801", 0x17}], 0x0, &(0x7f0000000100)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') r0 = open(&(0x7f00000000c0)='./file0\x00', 0x40c2, 0x0) write(r0, &(0x7f0000001400)="bb8f9f640903127a53527c6fbfe65d43b0e0586f2d40c7e7df58cac83420e83662d6e39bb6d5430622431454eedeeaee423d8f210bc3525fa7927c18d5fbc91ab13c2041136047d8da9375934d00f325499bfe77", 0x54) write$P9_RSTAT(r0, &(0x7f0000000240)={0x54, 0x7d, 0x0, {0x0, 0x4d, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0, 0x0, '', 0x6, 'msdos\x00', 0xa, '/dev/vcsu\b', 0xa, '\\j}/*/|,\x13('}}, 0x54) 11:12:26 executing program 1: getpid() syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') open(&(0x7f00000001c0)='./file0\x00', 0x4e141, 0x0) r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(0xffffffffffffffff, r0, 0x0, 0x401ffc000) [ 276.599253][T25697] loop0: detected capacity change from 0 to 61 [ 276.609266][T25698] loop1: detected capacity change from 0 to 262160 [ 276.627978][T25706] loop4: detected capacity change from 0 to 61 [ 276.632793][T25697] attempt to access beyond end of device [ 276.632793][T25697] loop0: rw=2049, want=64, limit=61 11:12:26 executing program 0: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f00000000c0)='./file1\x00', 0x7aca, 0x1, &(0x7f00000002c0)=[{&(0x7f0000000180)="040005090000000066617400040409000200027400f801", 0x17}], 0x0, &(0x7f0000000100)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') r0 = open(&(0x7f00000000c0)='./file0\x00', 0x40c2, 0x0) write(r0, &(0x7f0000001400)="bb8f9f640903127a53527c6fbfe65d43b0e0586f2d40c7e7df58cac83420e83662d6e39bb6d5430622431454eedeeaee423d8f210bc3525fa7927c18d5fbc91ab13c2041136047d8da9375934d00f325499bfe77", 0x54) write$P9_RSTAT(r0, &(0x7f0000000240)={0x54, 0x7d, 0x0, {0x0, 0x4d, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0, 0x0, '', 0x6, 'msdos\x00', 0xa, '/dev/vcsu\x00', 0xa, '\\j}/*/|,\x13('}}, 0x54) 11:12:26 executing program 2: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getrlimit(0xf, &(0x7f0000000180)) r0 = getpid() sched_setattr(r0, &(0x7f00000001c0)={0x38, 0x6, 0x3, 0x0, 0x5}, 0x0) r1 = creat(&(0x7f0000000080)='./bus\x00', 0x0) capget(&(0x7f0000000100)={0x20080522}, &(0x7f0000000140)={0x40, 0x2, 0x1ff, 0xc2, 0x7fd62044, 0x2}) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000040)=0x8) r2 = creat(&(0x7f0000000380)='./bus\x00', 0x0) r3 = open(&(0x7f00000000c0)='./bus\x00', 0x14d842, 0x0) mmap(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x8, 0x1010, r2, 0x12aab000) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r3, r4, 0x0, 0x80000008) lseek(r2, 0x7ffffc, 0x0) write$binfmt_elf64(r2, &(0x7f0000000000)=ANY=[], 0xfd14) [ 276.698641][T25706] loop4: detected capacity change from 0 to 61 [ 276.735633][T25721] loop1: detected capacity change from 0 to 262160 11:12:26 executing program 4: ioctl$sock_inet6_SIOCSIFADDR(0xffffffffffffffff, 0x8916, &(0x7f0000000340)={@initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0x20}) syz_mount_image$msdos(&(0x7f0000000040), &(0x7f0000000080)='./file1\x00', 0x7aca, 0x1, &(0x7f00000002c0)=[{&(0x7f0000000180)="0400027400f80100"/23, 0x17}], 0x0, &(0x7f0000000080)=ANY=[]) open(&(0x7f0000000240)='./file1\x00', 0x40300, 0x0) chdir(&(0x7f0000000000)='./file1\x00') r0 = syz_open_dev$vcsu(&(0x7f0000000100), 0xd, 0x109000) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) renameat(r0, &(0x7f0000000140)='./file0\x00', r1, &(0x7f0000000200)='./file1\x00') pivot_root(&(0x7f0000000280)='./file1\x00', &(0x7f0000000300)='./file0\x00') r2 = open(&(0x7f00000000c0)='./file0\x00', 0x40c2, 0x0) write$binfmt_script(r2, 0x0, 0x8800000) recvmsg$unix(r0, &(0x7f0000000ac0)={0x0, 0x0, &(0x7f0000000980)=[{&(0x7f0000000380)=""/14, 0xe}, {&(0x7f00000003c0)=""/203, 0xcb}, {&(0x7f00000004c0)=""/151, 0x97}, {&(0x7f0000000580)=""/215, 0xd7}, {&(0x7f0000000680)=""/148, 0x94}, {&(0x7f0000000740)=""/64, 0x40}, {&(0x7f0000000780)=""/209, 0xd1}, {&(0x7f0000000880)=""/243, 0xf3}], 0x8, &(0x7f0000000a00)=[@cred={{0x1c}}, @cred={{0x1c}}, @rights={{0x20, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @cred={{0x1c}}], 0xa0}, 0x2000) sendmsg$IPVS_CMD_SET_INFO(r3, &(0x7f0000000c00)={&(0x7f0000000b00)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000bc0)={&(0x7f0000000b40)={0x48, 0x0, 0x10, 0x70bd2b, 0x25dfdbfe, {}, [@IPVS_CMD_ATTR_DEST={0x18, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_ADDR={0x14, 0x1, @ipv4=@initdev={0xac, 0x1e, 0x0, 0x0}}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x9df}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x7}, @IPVS_CMD_ATTR_DEST={0xc, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_U_THRESH={0x8, 0x5, 0x78bc}]}]}, 0x48}, 0x1, 0x0, 0x0, 0x40000}, 0x40c0) 11:12:27 executing program 1: getpid() syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') open(&(0x7f00000001c0)='./file0\x00', 0x4e141, 0x0) r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(0xffffffffffffffff, r0, 0x0, 0x401ffc000) [ 276.791696][T25739] loop0: detected capacity change from 0 to 61 [ 276.819617][T25743] loop4: detected capacity change from 0 to 61 [ 276.829921][T25743] FAT-fs (loop4): Unrecognized mount option "./file1" or missing value 11:12:27 executing program 4: r0 = fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000080)={0x0, @dev, @multicast2}, &(0x7f0000000100)=0xc) syz_mount_image$msdos(&(0x7f0000000040), &(0x7f00000000c0)='./file1\x00', 0x7aca, 0x1, &(0x7f00000002c0)=[{&(0x7f0000000180)="040005090000000066617400040409000200027400f801", 0x17}], 0x0, &(0x7f0000000080)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') write$binfmt_script(0xffffffffffffffff, 0x0, 0x8800000) [ 276.862496][T25739] attempt to access beyond end of device [ 276.862496][T25739] loop0: rw=2049, want=64, limit=61 [ 276.888790][T25750] loop1: detected capacity change from 0 to 262160 [ 276.946417][T25763] loop4: detected capacity change from 0 to 61 11:12:29 executing program 3: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f00000000c0)='./file1\x00', 0x7aca, 0x1, &(0x7f00000002c0)=[{&(0x7f0000000180)="040005090000000066617400040409000200027400f801", 0x17}], 0x0, &(0x7f0000000080)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') r0 = open(&(0x7f00000000c0)='./file0\x00', 0x40c2, 0x0) write(r0, &(0x7f0000001400)="bb", 0x1001) r1 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r1, &(0x7f0000000300)=ANY=[], 0x116) creat(&(0x7f0000000100)='./file1\x00', 0x1a2) sendfile(r1, r0, &(0x7f0000000080), 0x684aa014) write$binfmt_script(r0, 0x0, 0x60) ioctl$FS_IOC_GETFSMAP(0xffffffffffffffff, 0xc0c0583b, &(0x7f0000000300)=ANY=[@ANYBLOB="000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000300000001000000ff00000000000000d71f1e0500000000080000000000000039000000000000000000000000000000000000000000000000000000000000009e0f0000c70000000800000000000000000000000000000000000000000000000200"/320]) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() wait4(0x0, 0x0, 0x4000000a, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000002c0)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r2, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0, 0x34}, {&(0x7f0000000000)=""/3, 0x3}], 0x3, 0x0, 0x0, 0x0) tkill(r2, 0x3c) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x48, &(0x7f0000000300)="f43970da7cfeb6d42fd55103666c5762306aa6000000006e59b65f92b10000c571b846e84785185abde7d01894a79025a799ce07a8bdf0c91d32be313b558a8b5a3ae6a22cd7123b"}}], 0x1c) 11:12:29 executing program 1: getpid() syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') open(&(0x7f00000001c0)='./file0\x00', 0x4e141, 0x0) r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(0xffffffffffffffff, r0, 0x0, 0x401ffc000) 11:12:29 executing program 0: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f00000000c0)='./file1\x00', 0x7aca, 0x1, &(0x7f00000002c0)=[{&(0x7f0000000180)="040005090000000066617400040409000200027400f801", 0x17}], 0x0, &(0x7f0000000100)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') r0 = open(&(0x7f00000000c0)='./file0\x00', 0x40c2, 0x0) write(r0, &(0x7f0000001400)="bb8f9f640903127a53527c6fbfe65d43b0e0586f2d40c7e7df58cac83420e83662d6e39bb6d5430622431454eedeeaee423d8f210bc3525fa7927c18d5fbc91ab13c2041136047d8da9375934d00f325499bfe77", 0x54) write$P9_RSTAT(r0, &(0x7f0000000240)={0x54, 0x7d, 0x0, {0x0, 0x4d, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0, 0x0, '', 0x6, 'msdos\x00', 0xa, '/dev/vcsu\x00', 0xa, '\\j}/*/|,\x13('}}, 0x54) 11:12:29 executing program 5: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f00000000c0)='./file1\x00', 0x7aca, 0x1, &(0x7f00000002c0)=[{&(0x7f0000000180)="040005090000000066617400040409000200027400f801", 0x17}], 0x0, &(0x7f0000000080)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') r0 = open(&(0x7f00000000c0)='./file0\x00', 0x40c2, 0x0) write(r0, &(0x7f0000001400)="bb", 0x1001) r1 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r1, &(0x7f0000000300)=ANY=[], 0x116) sendfile(r1, r1, &(0x7f0000000240), 0x7fff) creat(&(0x7f0000000100)='./file1\x00', 0x1a2) sendfile(r1, r0, &(0x7f0000000080), 0x684aa014) write$binfmt_script(r0, 0x0, 0x60) ioctl$FS_IOC_GETFSMAP(0xffffffffffffffff, 0xc0c0583b, &(0x7f0000000300)=ANY=[@ANYBLOB="000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000300000001000000ff00000000000000d71f1e0500000000080000000000000039000000000000000000000000000000000000000000000000000000000000009e0f0000c70000000800000000000000000000000000000000000000000000000200"/320]) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) gettid() wait4(0x0, 0x0, 0x4000000a, 0x0) 11:12:29 executing program 2: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000240)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000040)=0x8) recvmsg$unix(r1, &(0x7f0000000200)={&(0x7f0000000100)=@abs, 0x6e, &(0x7f0000000600)=[{&(0x7f0000000180)=""/18, 0x12}, {&(0x7f00000001c0)=""/23, 0x17}, {&(0x7f00000002c0)=""/177, 0xb1}, {&(0x7f00000003c0)=""/141, 0x8d}, {&(0x7f0000000480)=""/118, 0x76}, {&(0x7f0000000500)=""/225, 0xe1}], 0x6, &(0x7f0000000680)=[@rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}, @rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}, @rights={{0x1c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x30, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}], 0x80}, 0x10060) ioctl$BTRFS_IOC_GET_DEV_STATS(r1, 0xc4089434, &(0x7f0000000700)={0x0, 0x7fff, 0x0, [0x1f, 0x9, 0x80000000, 0x2, 0x5], [0x81, 0x2, 0x10000, 0x8, 0x1, 0x7, 0x2, 0xffffffff00000001, 0x1, 0x200, 0x6, 0x101, 0x8, 0x5, 0x7, 0xf57d, 0x20, 0x0, 0x8001, 0x3f, 0x4, 0x6c, 0x6, 0x6, 0x8, 0x3, 0x2, 0x1, 0x4, 0x4, 0x1, 0x3, 0xfffffffffffffffa, 0x7, 0x2, 0x1, 0x8, 0xffffffffffffffc1, 0x7, 0x8, 0x1d9b, 0x6898b941, 0x3, 0x0, 0x7, 0x86, 0x7, 0x4, 0x5, 0x6, 0x10001, 0x8, 0x4f87, 0x2, 0x40, 0x8000, 0x0, 0x401, 0x198, 0x8, 0xade4, 0x43, 0xdc, 0x6, 0x8, 0x1, 0xac0f, 0x8000, 0x8, 0x93, 0x4, 0x3, 0x2, 0x55e, 0x983, 0x8, 0x5, 0x3, 0xeb9, 0x19, 0x5, 0x80, 0x8d, 0x1, 0x2, 0x80, 0x1c60ea39, 0x2, 0xfffffffffffff2b1, 0x68, 0x0, 0xffff, 0x1, 0x81, 0x7, 0x0, 0x80000001, 0x2b, 0x8001, 0x5, 0x3ff, 0x8000, 0x5, 0x93, 0x80000000, 0x8, 0x5, 0x5, 0x2, 0x6751, 0x6, 0x6, 0x1, 0x5, 0x5, 0x1, 0x3, 0x7, 0x0, 0x2, 0xffffffff]}) ioctl$BTRFS_IOC_RESIZE(r2, 0x50009403, &(0x7f0000000b40)={{r1}, {@val={r3}, @max}}) r4 = creat(&(0x7f0000000380)='./bus\x00', 0x0) r5 = open(&(0x7f00000000c0)='./bus\x00', 0x14d842, 0x0) r6 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r5, r6, 0x0, 0x80000008) lseek(r4, 0x7ffffc, 0x0) write$binfmt_elf64(r4, &(0x7f0000000000)=ANY=[], 0xfd14) 11:12:29 executing program 4: syz_mount_image$msdos(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0x7aca, 0x1, &(0x7f00000002c0)=[{&(0x7f0000000180)="040005090000000066617400040409000200027400f801", 0x17, 0x56f}], 0x0, &(0x7f0000000040)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') open(&(0x7f00000000c0)='./file0\x00', 0x40c2, 0x0) r0 = inotify_init() inotify_add_watch(r0, &(0x7f0000000000)='.\x00', 0x400017e) write$binfmt_script(r0, 0x0, 0x8800000) r1 = openat$full(0xffffffffffffff9c, &(0x7f0000000600), 0x40, 0x0) ioctl$KDSETMODE(r1, 0x4b3a, 0x1) [ 279.622516][T25783] loop1: detected capacity change from 0 to 262160 [ 279.633613][T25784] loop0: detected capacity change from 0 to 61 [ 279.640320][T25789] loop4: detected capacity change from 0 to 61 [ 279.672216][T25789] FAT-fs (loop4): bogus number of reserved sectors [ 279.678806][T25789] FAT-fs (loop4): Can't find a valid FAT filesystem [ 279.689290][T25784] attempt to access beyond end of device [ 279.689290][T25784] loop0: rw=2049, want=64, limit=61 11:12:29 executing program 1: getpid() syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = open(&(0x7f00000001c0)='./file0\x00', 0x4e141, 0x0) openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r0, 0xffffffffffffffff, 0x0, 0x401ffc000) 11:12:29 executing program 0: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f00000000c0)='./file1\x00', 0x7aca, 0x1, &(0x7f00000002c0)=[{&(0x7f0000000180)="040005090000000066617400040409000200027400f801", 0x17}], 0x0, &(0x7f0000000100)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') r0 = open(&(0x7f00000000c0)='./file0\x00', 0x40c2, 0x0) write(r0, &(0x7f0000001400)="bb8f9f640903127a53527c6fbfe65d43b0e0586f2d40c7e7df58cac83420e83662d6e39bb6d5430622431454eedeeaee423d8f210bc3525fa7927c18d5fbc91ab13c2041136047d8da9375934d00f325499bfe77", 0x54) write$P9_RSTAT(r0, &(0x7f0000000240)={0x54, 0x7d, 0x0, {0x0, 0x4d, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0, 0x0, '', 0x6, 'msdos\x00', 0xa, '/dev/vcsu\x00', 0xa, '\\j}/*/|,\x13('}}, 0x54) 11:12:29 executing program 4: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f00000000c0)='./file1\x00', 0x7aca, 0x1, &(0x7f00000002c0)=[{&(0x7f0000000180)="040005090000000066617400040409000200027400f801", 0x17}], 0x0, &(0x7f0000000080)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') r0 = open(&(0x7f00000000c0)='./file0\x00', 0x940c2, 0x0) write$binfmt_script(r0, 0x0, 0x8800000) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) ioctl$BTRFS_IOC_WAIT_SYNC(r1, 0x40089416, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r2, 0x0) preadv(r2, &(0x7f0000000280), 0x18, 0xd9f, 0x0) splice(r2, &(0x7f0000000080)=0x3, r0, &(0x7f0000000100)=0x1f, 0x1, 0x8) [ 279.729949][T25789] loop4: detected capacity change from 0 to 61 [ 279.741500][T25789] FAT-fs (loop4): bogus number of reserved sectors [ 279.748154][T25789] FAT-fs (loop4): Can't find a valid FAT filesystem 11:12:30 executing program 1: getpid() syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = open(&(0x7f00000001c0)='./file0\x00', 0x4e141, 0x0) openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r0, 0xffffffffffffffff, 0x0, 0x401ffc000) [ 279.792162][T25823] loop1: detected capacity change from 0 to 262160 [ 279.821474][T25828] loop0: detected capacity change from 0 to 61 [ 279.833417][T25831] loop4: detected capacity change from 0 to 61 [ 279.863694][T25828] attempt to access beyond end of device [ 279.863694][T25828] loop0: rw=2049, want=64, limit=61 [ 279.878525][T25836] loop1: detected capacity change from 0 to 262160 11:12:30 executing program 2: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000240)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000040)=0x8) r2 = creat(&(0x7f0000000380)='./bus\x00', 0x0) r3 = open(&(0x7f00000000c0)='./bus\x00', 0x14d842, 0x0) r4 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r4, &(0x7f0000000300)=ANY=[], 0x116) sendfile(r4, r4, &(0x7f0000000240), 0x7fff) recvmmsg(r4, &(0x7f00000051c0)=[{{&(0x7f0000000140)=@can, 0x80, &(0x7f0000000600)=[{&(0x7f00000001c0)}, {&(0x7f0000000200)=""/13, 0xd}, {&(0x7f00000002c0)=""/189, 0xbd}, {&(0x7f00000003c0)=""/207, 0xcf}, {&(0x7f00000004c0)=""/160, 0xa0}, {&(0x7f0000000580)=""/67, 0x43}], 0x6}, 0x55}, {{&(0x7f0000000680)=@rc, 0x80, &(0x7f0000004d00)=[{&(0x7f0000000700)=""/97, 0x61}, {&(0x7f0000000780)=""/10, 0xa}, {&(0x7f00000001c0)=""/21, 0x15}, {&(0x7f0000005400)=""/231, 0xe7}], 0x4, &(0x7f0000000800)=""/196, 0xc4}, 0x2}, {{&(0x7f0000000900)=@ieee802154={0x24, @short}, 0x80, &(0x7f0000000e40)=[{&(0x7f0000000980)=""/229, 0xe5}, {&(0x7f0000000a80)=""/228, 0xe4}, {&(0x7f0000001380)=""/242, 0xf2}, {&(0x7f0000000c80)=""/71, 0x47}, {&(0x7f0000000d00)=""/61, 0x3d}, {&(0x7f0000000d40)=""/136, 0x88}, {&(0x7f0000001080)=""/21, 0x15}], 0x7}, 0x1}, {{0x0, 0x0, &(0x7f0000002380)=[{&(0x7f0000000ec0)=""/227, 0xe3}, {&(0x7f0000000fc0)=""/48, 0x30}, {&(0x7f0000001000)=""/86, 0x56}, {&(0x7f0000005500)=""/4096, 0x1000}, {&(0x7f0000002080)=""/12, 0xc}, {&(0x7f0000001280)=""/245, 0xf5}, {&(0x7f0000001140)=""/260, 0x104}, {&(0x7f00000022c0)=""/99, 0x63}, {&(0x7f0000002340)=""/30, 0x1e}], 0x9}, 0x1}, {{0x0, 0x0, &(0x7f00000036c0)=[{&(0x7f0000002440)=""/153, 0x99}, {&(0x7f0000002500)=""/115, 0x73}, {&(0x7f00000010c0)=""/122, 0x7a}, {&(0x7f0000002600)=""/4096, 0x1000}, {&(0x7f0000000b80)=""/168, 0xa8}], 0x5, &(0x7f0000003740)=""/170, 0xaa}, 0xffff}, {{&(0x7f0000003800)=@pppoe, 0x80, &(0x7f0000004bc0)=[{&(0x7f0000001500)=""/83, 0x53}, {&(0x7f0000003900)=""/194, 0xc2}, {&(0x7f0000003a00)=""/4096, 0x1000}, {&(0x7f0000004a00)=""/169, 0xa9}, {&(0x7f0000004ac0)=""/54, 0x36}, {&(0x7f0000004b00)=""/152, 0x98}], 0x6, &(0x7f0000004c40)=""/179, 0xb3}, 0x4}, {{&(0x7f0000005380)=@sco={0x1f, @none}, 0x80, &(0x7f00000050c0)=[{&(0x7f0000004d80)=""/36, 0x24}, {&(0x7f0000004dc0)=""/2, 0x2}, {&(0x7f0000004e00)=""/205, 0xcd}, {&(0x7f0000004f00)=""/153, 0x99}, {&(0x7f0000004fc0)=""/166, 0xa6}, {&(0x7f0000005080)=""/59, 0x3b}], 0x6, &(0x7f0000001480)=""/68, 0x44}, 0x289}], 0x7, 0x10100, 0x0) r5 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) ioctl$sock_SIOCGPGRP(r3, 0x8904, &(0x7f00000007c0)=0x0) sched_setattr(r6, &(0x7f0000004d40)={0x38, 0x3, 0x4e, 0x0, 0x0, 0x0, 0x7fff, 0x8, 0x7fffffff, 0x40}, 0x0) sendfile(r3, r5, 0x0, 0x80000008) lseek(r2, 0x7ffffc, 0x0) ioctl$EVIOCGBITKEY(r3, 0x80404521, &(0x7f0000000100)=""/53) write$binfmt_elf64(r2, &(0x7f0000000000)=ANY=[], 0xfd14) 11:12:30 executing program 0: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f00000000c0)='./file1\x00', 0x7aca, 0x1, &(0x7f00000002c0)=[{&(0x7f0000000180)="040005090000000066617400040409000200027400f801", 0x17}], 0x0, &(0x7f0000000100)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') r0 = open(&(0x7f00000000c0)='./file0\x00', 0x40c2, 0x0) write(r0, &(0x7f0000001400)="bb8f9f640903127a53527c6fbfe65d43b0e0586f2d40c7e7df58cac83420e83662d6e39bb6d5430622431454eedeeaee423d8f210bc3525fa7927c18d5fbc91ab13c2041136047d8da9375934d00f325499bfe77", 0x54) write$P9_RSTAT(r0, &(0x7f0000000240)={0x54, 0x7d, 0x0, {0x0, 0x4d, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0, 0x0, '', 0x6, 'msdos\x00', 0xa, '/dev/vcsu\x00', 0xa, '\\j}/*/|,\x13('}}, 0x54) [ 280.019366][T25858] loop0: detected capacity change from 0 to 61 [ 280.038547][T25858] attempt to access beyond end of device [ 280.038547][T25858] loop0: rw=2049, want=64, limit=61 11:12:32 executing program 4: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f00000000c0)='./file1\x00', 0x7aca, 0x1, &(0x7f00000002c0)=[{&(0x7f0000000180)="040005090000000066617400040409000200027400f801", 0x17}], 0x0, &(0x7f0000000080)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') mount$bind(&(0x7f00000001c0)='./file0\x00', &(0x7f0000000200)='./file1\x00', &(0x7f0000000240), 0x14002, 0x0) r0 = open(&(0x7f00000000c0)='./file0\x00', 0x40c2, 0x0) getpeername(r0, &(0x7f0000000100)=@xdp, &(0x7f0000000080)=0x80) write$binfmt_script(r0, 0x0, 0x8800000) 11:12:32 executing program 1: getpid() syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = open(&(0x7f00000001c0)='./file0\x00', 0x4e141, 0x0) openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r0, 0xffffffffffffffff, 0x0, 0x401ffc000) 11:12:32 executing program 5: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f00000000c0)='./file1\x00', 0x7aca, 0x1, &(0x7f00000002c0)=[{&(0x7f0000000180)="040005090000000066617400040409000200027400f801", 0x17}], 0x0, &(0x7f0000000080)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') r0 = open(&(0x7f00000000c0)='./file0\x00', 0x40c2, 0x0) write(r0, &(0x7f0000001400)="bb", 0x1001) r1 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r1, &(0x7f0000000300)=ANY=[], 0x116) sendfile(r1, r1, &(0x7f0000000240), 0x7fff) creat(&(0x7f0000000100)='./file1\x00', 0x1a2) sendfile(r1, r0, &(0x7f0000000080), 0x684aa014) write$binfmt_script(r0, 0x0, 0x60) ioctl$FS_IOC_GETFSMAP(0xffffffffffffffff, 0xc0c0583b, &(0x7f0000000300)=ANY=[@ANYBLOB="000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000300000001000000ff00000000000000d71f1e0500000000080000000000000039000000000000000000000000000000000000000000000000000000000000009e0f0000c70000000800000000000000000000000000000000000000000000000200"/320]) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) gettid() vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000002c0)="0f34", 0x2}], 0x1, 0x0) 11:12:32 executing program 0: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f00000000c0)='./file1\x00', 0x7aca, 0x1, &(0x7f00000002c0)=[{&(0x7f0000000180)="040005090000000066617400040409000200027400f801", 0x17}], 0x0, &(0x7f0000000100)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') r0 = open(&(0x7f00000000c0)='./file0\x00', 0x40c2, 0x0) write(r0, &(0x7f0000001400)="bb8f9f640903127a53527c6fbfe65d43b0e0586f2d40c7e7df58cac83420e83662d6e39bb6d5430622431454eedeeaee423d8f210bc3525fa7927c18d5fbc91ab13c2041136047d8da9375934d00f325499bfe77", 0x54) write$P9_RSTAT(r0, &(0x7f0000000240)={0x54, 0x7d, 0x0, {0x0, 0x4d, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0, 0x0, '', 0x6, 'msdos\x00', 0xa, '/dev/vcsu\x00', 0xa, '\\j}/*/|,\x13('}}, 0x54) 11:12:32 executing program 3: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f00000000c0)='./file1\x00', 0x7aca, 0x1, &(0x7f00000002c0)=[{&(0x7f0000000180)="040005090000000066617400040409000200027400f801", 0x17}], 0x0, &(0x7f0000000080)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') r0 = open(&(0x7f00000000c0)='./file0\x00', 0x40c2, 0x0) write(r0, &(0x7f0000001400)="bb", 0x1001) r1 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) sendfile(r1, r1, &(0x7f0000000240), 0x7fff) creat(&(0x7f0000000100)='./file1\x00', 0x1a2) sendfile(r1, r0, &(0x7f0000000080), 0x684aa014) write$binfmt_script(r0, 0x0, 0x60) ioctl$FS_IOC_GETFSMAP(0xffffffffffffffff, 0xc0c0583b, &(0x7f0000000300)=ANY=[@ANYBLOB="000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000300000001000000ff00000000000000d71f1e0500000000080000000000000039000000000000000000000000000000000000000000000000000000000000009e0f0000c70000000800000000000000000000000000000000000000000000000200"/320]) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() wait4(0x0, 0x0, 0x4000000a, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000002c0)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r2, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0, 0x34}, {&(0x7f0000000000)=""/3, 0x3}], 0x3, 0x0, 0x0, 0x0) tkill(r2, 0x3c) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x48, &(0x7f0000000300)="f43970da7cfeb6d42fd55103666c5762306aa6000000006e59b65f92b10000c571b846e84785185abde7d01894a79025a799ce07a8bdf0c91d32be313b558a8b5a3ae6a22cd7123b"}}], 0x1c) 11:12:32 executing program 2: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000240)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = creat(&(0x7f0000000080)='./bus\x00', 0x0) r2 = gettid() ptrace$setopts(0x4206, r2, 0x0, 0x0) tkill(r2, 0x40) ptrace$setregs(0xd, r2, 0x0, &(0x7f0000000080)) prlimit64(r2, 0x5, &(0x7f0000000100)={0x5, 0xffff}, &(0x7f0000000140)) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000040)=0x8) r3 = creat(&(0x7f00000001c0)='./file0\x00', 0x0) r4 = open(&(0x7f00000000c0)='./bus\x00', 0x14d842, 0x0) r5 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r4, r5, 0x0, 0x80000008) lseek(r3, 0x7ffffc, 0x0) write$binfmt_elf64(r3, &(0x7f0000000000)=ANY=[], 0xfd14) [ 282.652207][T25879] loop4: detected capacity change from 0 to 61 [ 282.673498][T25878] loop1: detected capacity change from 0 to 262160 11:12:32 executing program 2: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000240)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = creat(&(0x7f0000000080)='./bus\x00', 0x1a2) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000040)=0x8) r2 = creat(&(0x7f00000003c0)='./bus\x00', 0xb6) r3 = open(&(0x7f00000000c0)='./bus\x00', 0x14d842, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r3, r4, 0x0, 0x80000008) llistxattr(&(0x7f0000000100)='./bus\x00', &(0x7f0000000140)=""/67, 0x43) sendto(r3, &(0x7f00000002c0)="37bb6f7e6144f3978446b5724e87f29e533d57c8de3331c2a4885c5e3f9c613c9320b4aefb16e5ff88d4d26e65d3bc6eef320ff57baeccdd509179782721a13efe684419e6e4516e6613f2dd3488cf9d8134cd14e9249b87afce5f84f99f68a3b8b89d1fe8ea08b64d0792469af9e7cba6c5f47de56dca981445c92ce2fcc662aaa0055d9003", 0x86, 0x20048010, &(0x7f00000001c0)=@ieee802154={0x24, @long={0x3, 0x1, {0xaaaaaaaaaaaa0002}}}, 0x80) r5 = open(&(0x7f00000000c0)='./file0\x00', 0x40c2, 0x0) write(r5, &(0x7f0000001400)="bb8f9f640903127a53527c6fbfe65d43b0e0586f2d40c7e7df58cac83420e83662d6e39bb6d5430622431454eedeeaee423d8f210bc3525fa7927c18d5fbc91ab13c2041136047d8da9375934d00f325499bfe7712208d387d41c31821c2a22d1325b556528e9b790b74053d1ed631c6ec8126d37c87216173138c00cef396868029af5b76bebac5e38b74d8bbc6ae66b6e202b6d505710377710ea7d43edf00e1a4c1c670bb4c263ce777da81abdd5ba5a5c82f67232f9b4d6f21b2e6afa8b38e4642b0daa2acbc0478d89b88e8b2094d4248855e5e81992e60be3afff0f3c3799350615489a901a659abdeca0c615a622ebf64175f990320e0356d4a11ed62eff72b709c23dd65942e8b534d7d775d370c1e435654a2634e6ee3649c4c3bcbe39e866f1eb9972af1a9cef42e701798a53dc92a242aadbac343e1765cf8ea5665e22deda69777e52b1e9e5d3edc022256939e1eee013448294911139d5b9c6241049fecdf9b31f4cdf6cff65d71b5071ef70e1798347c8846aa5b905e83050e3e606986ed3f603d18c5cdeb11cda1ce3abddea9376231af130e19fc7601ec1ab8cb5a7de9e2174547f18225b09a54fc8720dbb91eb69c1be88e601c3c9df4f2758f39a5151951b9c6dbb419ffd783a34c9fad10f201b8724d31865e2fc1fcf48db2be713053b43a0e3943c1e2b08e8a26e946c439d891db2a80b5ffa054bc8d0177d3214056250c61a537d2ec7630fb90395df2cd6aa9c5e573365db580520bdc3f1c6b2be992e1516a4b810a11935dc780699e461d9715f70c6d103ff49bf168f3cff4c0d0d6ba5671fcd2975450b0e1a3474139cb0f2d3476fcd87a8bccbeb2f5f8a821017b879aa5b9d1fafa9f4c429a74cd2da782114d97bf031746a817dd0293c4eddc3a9ecb5afe496f4971474ccd827449409f07cf94dda2e7dbe8520b5afff10a7e3b0b4289a167fc692635b5b7426d9e771b95860b09a3e752c867213c772e48ba30a78feecc7ff26e63e1749c62b52d377ac5cc52db830c965e04ccfcfb24ceacc69cfdc2094124dd27b2d68f699476a2562bab1de117ffc2b0702ee8b0b77f85fecec3a25b37ab7eb06232c9a73b4470f1727c82581d81942abf42d3ea37957927ad3dbd0ebe46678a9f4d25c47acaac83c14210a54b71fed40df017e2be27f01e3e6ea3ea381ca14efd202858e6535ad4f79a8cdf47e385b740a70c14e3651731a45cc0ca4a56f2e903cad0384efcc364caf67e09551d35c682ebc90a9286c4d274ba1b8ced742ede4e55a62db7ef9a96fde2add05b41599fd72a79ba280cc125cb266ef21b7eeafe3ee6aa78eef33fc66454549c3ec298cb683a55a32208cf6ce88b560166159d59e65f30540f62c5437652ea7f2a02f87ca242dd2250f58e75938a9a3ded51ae6598c2aba53287ff5cdaab17be7f4310f8e07e310d52778de79e1c2e4391b254be38910aa1cf6e1ca0e75d24be97d59f7025f16c6fbd549529b74e319c58f50438765ef0e3dc394eeb75dec41b3d80435b17520c97f5cd7ee692fb86d188fb0089fbf737dc1b96b9cc49be23a38a8cd92e5075f349993d7866369dd25eccbe1481477a05fee14e0edd1617921d7fcaa8fdc642e63b64388fa5b63442ff1466b1938d02546750b01ed9c980282ccbe10f204741249aed88c555ed6fdf7f68af9209807a71bbf4f31bef5a4223466da74ba8b034df529aef6ec6610a0d25973961e50e02af22d0ca8be1b9804a5918acbdb536e8f2f441ec9d640ed15133ee747440c86fc4526c9195954528673d25c8390170f3c19cb0b0c30b9e634c7ebae96946ae97c19eabca92226da925d22be37abbe0740938ea899ec42fd529a3b1063981e4c154219df5cf5af60a29b5a8ee530905725a14b28900eae937e705401ba8f632a7bca00d9724a992afdc9ed14aac71b8e3a7ee5ca095888feb195b4e083c3b611a1c2f8d092febe3b9f5f0df61e8d3c31a643c935b76bc1ad4265164e755484beb06610510bc51e8c6da8d71123bbe83a5e4128f41cf5c486d6a60496c300c406f990bee485cbdef794f2663ee66d2b18d8e55210c25c04b1a0c6d9c5f904e72806d2d4f5e5439bcdf146343cdffe4d0d70d42a9959cff9bd50c37cd478b0b0add16aae4dc839b46bca2ac7547144b6a422aed5e2db661bcb31a82bc0fc678e71a6cb090ef772860f3008b4152b5d281033be4a77b367baec3ab8ce7c83c601b11c8199bafcd15161a5454a6a982dbc3c2e3a5172b6a63e4904817075754eccbb0188c9cb2e5da9600f567485014887463b40f189b7ec3c5c0f36d502509e402c285765c78417ce6b3aab130ee79622dcd8ada842233e73a14554ee5e4995e32b3fe4075e247eb9bdeef64d1a7436c9b5782fb2f84f74e4c6e976289729c37b5bb8200a9480d181a6b11f5ec229b818134b8334967ae935ac1d81be4776fae4cb68b6fa330e93bd8de388b38455d569159bcd166df030a6dfedf28caf4608de7243f5df2c76f6680c301d819dc67d24d2f780432a931700a253b0a5b075195c6dbfd1fe17a1c11a3dffa872a07b877adc66d069fffb6d8326e1998c5a337c3d530250cae335ceffcf81dc438a47e73490d050a053813dbe6674e42c91ae94b4a88144f36adc1b08b4bcd6ddf4058c4e08d4dc83d5fbd843ee27eaf50b297c220350260d9abbeeb6deb921e50cae0ea590cfb6f00fb3c71520f565bb769705e2481ef27cf537d29f163c9fe3d39ed9fd18dc8b0c976cd302283e430807a9d751357f89092532d89fe280c69ad36e3541b5da9dea13fd19d0434c760fe295dfd9b9e63453c7853914c50b1b77ccd4b33c8b1f31fcb1aec040ffe2f9d728d8ea84297bac2e22230ebd1488c503b05b2e433cc37ce9fc123b7d3eb244b4549e9a841e73b664c8f6621ea5a4c9ff9c1da032255311f2c063a682baf4c97e7ba552bf71af4bd64f43872b846d15c65c487089be272cfa24a33f8c50930ea0bc4b089505fb8e97ded0e7e64a5ce897da6b940df4c3dddb8b4871d773f6ebf02058518c55c19aadb0f266caf18777ae68d2bfcfb2225961fcd10538ba664fd053a443320072707533ab761b9397bd0559126b84fe9196463ae50633017ea2d80940311d9c867102b1017f34af1965d8eb61be616a0d40656e2bbb750aee6f74f788c8acb2578e8686f5f8da6a19e979c152b7ee7c7f16902120588e2ff630144b5f929ffc593e946d9717c5968aa16c2d73d689fb5cce117acda3e23e5e0116de1cb6bddfa1a84cefb22c1e2c3753017696f27b9aec5d44f15411247643b84dd4410e784b4eb5b9c68fea671976f9b51c6526e2ddb40659611b0b3bcc7e249c77396fdb8c864ea9318f9de7fd3936fcbdc732c2f8b9556ec9afeb15d5e2df890351d66074d53dddc6e8dba8c91d733623ac95a49eb69c7de37ff2364ccddb01f6500750a012c2acf32a9f6bbd9e92d17ef858fbc34575db414ea42ad87a65b11ae5506469db256c421328f45aec73bdf18562447dc2840bbe9fc84dedd0fe6276fa174f21210d40193530ec7a70a9e60bfd6b00cba4d483be59950f16fa0dbd089b5fd0bb078badfcf42270cc62fe37be22b0d81f755263d74636fa466d2574ca62b58c649936d21e949de73ea45df3acade6609413f56fc218d6f11947bf1fd629d38d8acce90ee3c1a51117601ae126bec537e3e76ce7ecc53cfeefee8aaa104aa853a65aadf27bac9849ee0122793b11cd8e4f32fb07afa39e439cb738c30a6df958160aac15c26032a61aaf614b2e6601581fb0ab8d115e045005dee3df8ea42643cbcbb0b111130c42c94b7e874cfee50d5c2eb13b3a38c417fce9d740b7d43120431a7d44bc3934ee87b112401cbee3553837b6a0b4b3faaceb46eca4064301c8060870350e256ac9d5557f674536b9d9717a82fa211e7dfb52ca410d8a4f2f6b733c2a082f247538a6c40f56cf64204e62515db692f32733ff6f4b0787ef305d5e80881375467ae603ac3600e688c42f89a4fea4fdda09a8d59e19457c654a98c8129a8c65bae3310af2b170729e18400c915d0a2f4c4fc51747846630b95ec181228bda7ef48ad389815aa82de6c4a3b0746c28c01f9ec697ff17f095e1cf9d2fe78fdab9cbb1ca7aefc8af6a0cd98444735fad79e394a8f9c2fd358c3cde4ca6d57a620d0bb52dc6ff93f034b596f407c21511cc2c5ec8b0ede7f5c0acca61939ac7f2cad820c15133e69507eaa739e9a88936f4a74f0ad1574a1591f31f582a76157d89805cb3ba5e8d10509bf7a08e928653b4f05ba797a06765b74c8759fc34178624c08a2b99e59bcff5d33af2b0f9176b56c35f4da31c751a4c2fd88a1997cd9fc9bbf78220731d4c8cea23be1fd29c36b34d8458b7021ebcfafdc7e54096e517da3eb684298f742532d776164d9c9658e5faca0a3b08afca1bc27ed357884f49fe51bd0c38057f4288f1917e36e3865310b5eed140aef6150ae363293cf7467abd5e06cd7af5e2c49e7c5253a1155741e380bccb023a0faed93d9a64512d72436f1ef4ac0904a413e45164c23413bd57274a0a951c41a9a43aed094d4ea5c480ce64663cc9d36723179e2b19a48e9277a6591bbd888a06e0f2f142cd4495be4ba7274d69ba32a2788b935b2f18c5f336cb9de062829e2e0bb476efb36c3f53a766c14314f31637a464ac59d378ad7f51bef8d88715613653a427038e0d3e4dc3948bb1d70eb55c91c92f7510b1c0387253b458d2c90d17238f9eb239c680179a6c1e0759be367963e3b4d7395fd3911626582a094e6a8d0e746242f94267a4c57d5b2360ce3a6f7f3e3c10e124a54ed24d1585bc7b731cf731c94ee00ebf070b999b9bf28d76bfec9dcf12fcce2b9c4444c706ec6b943b5f39e9151a764ba1cd0cd6c1c7cdc3aa824cf17da705be27a18fbee41be39d6ae4dd4312f5f4bfee2c5bb21d941666f9d79b0f80c9b1bace84a05d2b0e3be1c3fd04d72b4b0124595c435813969d413960fddc858730a433383f3bc0472cb7683ea569e001f00"/3584, 0xe00) r6 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r6, 0x0) preadv(r6, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r7 = open(&(0x7f00000000c0)='./file0\x00', 0x40c2, 0x0) sendfile(0xffffffffffffffff, r7, &(0x7f0000000400)=0xf84a, 0x8000) lseek(r2, 0x7ffffc, 0x0) write$binfmt_elf64(r2, &(0x7f0000000000)=ANY=[], 0xfd14) 11:12:32 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000240)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) creat(&(0x7f0000000080)='./bus\x00', 0x0) syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) write$binfmt_script(0xffffffffffffffff, 0x0, 0x8800000) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0) ioctl$SG_IO(r1, 0x2285, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair(0x1, 0x0, 0x0, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8914, 0x0) r2 = open(&(0x7f00000001c0)='./file0\x00', 0x4e141, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r2, r3, 0x0, 0x401ffc000) [ 282.697715][T25887] loop0: detected capacity change from 0 to 61 11:12:32 executing program 1: getpid() syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = open(&(0x7f00000001c0)='./file0\x00', 0x4e141, 0x0) r1 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x0) [ 282.752246][T25887] attempt to access beyond end of device [ 282.752246][T25887] loop0: rw=2049, want=64, limit=61 [ 282.777344][T25905] loop4: detected capacity change from 0 to 262160 11:12:33 executing program 1: getpid() syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = open(&(0x7f00000001c0)='./file0\x00', 0x4e141, 0x0) r1 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x0) [ 282.808087][T25910] loop1: detected capacity change from 0 to 262160 11:12:33 executing program 0: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f00000000c0)='./file1\x00', 0x7aca, 0x1, &(0x7f00000002c0)=[{&(0x7f0000000180)="040005090000000066617400040409000200027400f801", 0x17}], 0x0, &(0x7f0000000100)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') r0 = open(&(0x7f00000000c0)='./file0\x00', 0x40c2, 0x0) write(r0, &(0x7f0000001400)="bb8f9f640903127a53527c6fbfe65d43b0e0586f2d40c7e7df58cac83420e83662d6e39bb6d5430622431454eedeeaee423d8f210bc3525fa7927c18d5fbc91ab13c2041136047d8da9375934d00f325499bfe77", 0x54) write$P9_RSTAT(r0, &(0x7f0000000240)={0x54, 0x7d, 0x0, {0x0, 0x4d, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0, 0x0, '', 0x6, 'msdos\x00', 0xa, '/dev/vcsu\x00', 0xa, '\\j}/*/|,\x13('}}, 0x54) [ 282.913600][T25919] loop1: detected capacity change from 0 to 262160 11:12:33 executing program 1: getpid() syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = open(&(0x7f00000001c0)='./file0\x00', 0x4e141, 0x0) r1 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x0) 11:12:33 executing program 5: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f00000000c0)='./file1\x00', 0x7aca, 0x1, &(0x7f00000002c0)=[{&(0x7f0000000180)="040005090000000066617400040409000200027400f801", 0x17}], 0x0, &(0x7f0000000080)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') r0 = open(&(0x7f00000000c0)='./file0\x00', 0x40c2, 0x0) write(r0, &(0x7f0000001400)="bb", 0x1001) r1 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r1, &(0x7f0000000300)=ANY=[], 0x116) sendfile(r1, r1, &(0x7f0000000240), 0x7fff) creat(&(0x7f0000000100)='./file1\x00', 0x1a2) sendfile(r1, r0, &(0x7f0000000080), 0x684aa014) write$binfmt_script(r0, 0x0, 0x60) ioctl$FS_IOC_GETFSMAP(0xffffffffffffffff, 0xc0c0583b, &(0x7f0000000300)=ANY=[@ANYBLOB="000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000300000001000000ff00000000000000d71f1e0500000000080000000000000039000000000000000000000000000000000000000000000000000000000000009e0f0000c70000000800000000000000000000000000000000000000000000000200"/320]) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) gettid() vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000002c0)="0f34", 0x2}], 0x1, 0x0) 11:12:33 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000240)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) creat(&(0x7f0000000080)='./bus\x00', 0x0) syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) write$binfmt_script(0xffffffffffffffff, 0x0, 0x8800000) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0) ioctl$SG_IO(r1, 0x2285, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair(0x1, 0x0, 0x0, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8914, 0x0) r2 = open(&(0x7f00000001c0)='./file0\x00', 0x4e141, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r2, r3, 0x0, 0x401ffc000) 11:12:33 executing program 0: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f00000000c0)='./file1\x00', 0x7aca, 0x1, &(0x7f00000002c0)=[{&(0x7f0000000180)="040005090000000066617400040409000200027400f801", 0x17}], 0x0, &(0x7f0000000100)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') r0 = open(&(0x7f00000000c0)='./file0\x00', 0x40c2, 0x0) write(r0, &(0x7f0000001400)="bb8f9f640903127a53527c6fbfe65d43b0e0586f2d40c7e7df58cac83420e83662d6e39bb6d5430622431454eedeeaee423d8f210bc3525fa7927c18d5fbc91ab13c2041136047d8da9375934d00f325499bfe77", 0x54) write$P9_RSTAT(r0, &(0x7f0000000240)={0x54, 0x7d, 0x0, {0x0, 0x4d, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0, 0x0, '', 0x6, 'msdos\x00', 0xa, '/dev/vcsu\x00', 0xa, '\\j}/*/|,\x13('}}, 0x54) [ 282.972900][T25928] loop0: detected capacity change from 0 to 61 [ 283.003802][T25928] attempt to access beyond end of device [ 283.003802][T25928] loop0: rw=2049, want=64, limit=61 11:12:33 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000240)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) creat(&(0x7f0000000080)='./bus\x00', 0x0) syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) write$binfmt_script(0xffffffffffffffff, 0x0, 0x8800000) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0) ioctl$SG_IO(r1, 0x2285, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair(0x1, 0x0, 0x0, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8914, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8923, 0x0) r2 = open(&(0x7f00000001c0)='./file0\x00', 0x4e141, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r2, r3, 0x0, 0x401ffc000) [ 283.106942][T25953] loop1: detected capacity change from 0 to 262160 [ 283.113811][T25955] loop0: detected capacity change from 0 to 61 [ 283.127342][T25951] loop4: detected capacity change from 0 to 262160 [ 283.159498][T25955] attempt to access beyond end of device [ 283.159498][T25955] loop0: rw=2049, want=64, limit=61 11:12:35 executing program 3: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f00000000c0)='./file1\x00', 0x7aca, 0x1, &(0x7f00000002c0)=[{&(0x7f0000000180)="040005090000000066617400040409000200027400f801", 0x17}], 0x0, &(0x7f0000000080)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') r0 = open(&(0x7f00000000c0)='./file0\x00', 0x40c2, 0x0) write(r0, &(0x7f0000001400)="bb", 0x1001) r1 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) sendfile(r1, r1, &(0x7f0000000240), 0x7fff) creat(&(0x7f0000000100)='./file1\x00', 0x1a2) sendfile(r1, r0, &(0x7f0000000080), 0x684aa014) write$binfmt_script(r0, 0x0, 0x60) ioctl$FS_IOC_GETFSMAP(0xffffffffffffffff, 0xc0c0583b, &(0x7f0000000300)=ANY=[@ANYBLOB="000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000300000001000000ff00000000000000d71f1e0500000000080000000000000039000000000000000000000000000000000000000000000000000000000000009e0f0000c70000000800000000000000000000000000000000000000000000000200"/320]) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() wait4(0x0, 0x0, 0x4000000a, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000002c0)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r2, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0, 0x34}, {&(0x7f0000000000)=""/3, 0x3}], 0x3, 0x0, 0x0, 0x0) tkill(r2, 0x3c) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x48, &(0x7f0000000300)="f43970da7cfeb6d42fd55103666c5762306aa6000000006e59b65f92b10000c571b846e84785185abde7d01894a79025a799ce07a8bdf0c91d32be313b558a8b5a3ae6a22cd7123b"}}], 0x1c) 11:12:35 executing program 2: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000240)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000040)=0x8) r2 = creat(&(0x7f0000000380)='./bus\x00', 0x0) r3 = open(&(0x7f00000000c0)='./bus\x00', 0x14d842, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r3, r4, 0x0, 0x80000008) lseek(r2, 0x7ffffc, 0x0) r5 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r5, 0x0) preadv(r5, &(0x7f0000000280), 0x18, 0xd9f, 0x0) ioctl$EXT4_IOC_SWAP_BOOT(r5, 0x6611) r6 = syz_open_dev$vcsn(&(0x7f0000000100), 0x6, 0x0) r7 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r7, &(0x7f0000000300)=ANY=[], 0x116) sendfile(r7, r7, &(0x7f0000000240), 0x7fff) r8 = open(&(0x7f00000000c0)='./file0\x00', 0x40c2, 0x0) write$binfmt_elf64(r6, &(0x7f0000000140)=ANY=[@ANYRESDEC=r7, @ANYRESDEC=r0, @ANYRESOCT=r8, @ANYRESHEX, @ANYRES16, @ANYRESHEX], 0xfd14) 11:12:35 executing program 0: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f00000000c0)='./file1\x00', 0x7aca, 0x1, &(0x7f00000002c0)=[{&(0x7f0000000180)="040005090000000066617400040409000200027400f801", 0x17}], 0x0, &(0x7f0000000100)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') r0 = open(&(0x7f00000000c0)='./file0\x00', 0x40c2, 0x0) write(r0, &(0x7f0000001400)="bb8f9f640903127a53527c6fbfe65d43b0e0586f2d40c7e7df58cac83420e83662d6e39bb6d5430622431454eedeeaee423d8f210bc3525fa7927c18d5fbc91ab13c2041136047d8da9375934d00f325499bfe77", 0x54) write$P9_RSTAT(r0, &(0x7f0000000240)={0x54, 0x7d, 0x0, {0x0, 0x4d, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0, 0x0, '', 0x6, 'msdos\x00', 0xa, '/dev/vcsu\x00', 0xa, '\\j}/*/|,\x13('}}, 0x54) 11:12:35 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000240)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) creat(&(0x7f0000000080)='./bus\x00', 0x0) syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) write$binfmt_script(0xffffffffffffffff, 0x0, 0x8800000) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0) ioctl$SG_IO(r1, 0x2285, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair(0x1, 0x0, 0x0, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8914, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8923, 0x0) r2 = open(&(0x7f00000001c0)='./file0\x00', 0x4e141, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r2, r3, 0x0, 0x401ffc000) 11:12:35 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000240)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) creat(&(0x7f0000000080)='./bus\x00', 0x0) syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) write$binfmt_script(0xffffffffffffffff, 0x0, 0x8800000) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0) ioctl$SG_IO(r1, 0x2285, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair(0x1, 0x0, 0x0, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8914, 0x0) r2 = open(&(0x7f00000001c0)='./file0\x00', 0x4e141, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r2, r3, 0x0, 0x401ffc000) 11:12:35 executing program 5: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f00000000c0)='./file1\x00', 0x7aca, 0x1, &(0x7f00000002c0)=[{&(0x7f0000000180)="040005090000000066617400040409000200027400f801", 0x17}], 0x0, &(0x7f0000000080)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') r0 = open(&(0x7f00000000c0)='./file0\x00', 0x40c2, 0x0) write(r0, &(0x7f0000001400)="bb", 0x1001) r1 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r1, &(0x7f0000000300)=ANY=[], 0x116) sendfile(r1, r1, &(0x7f0000000240), 0x7fff) creat(&(0x7f0000000100)='./file1\x00', 0x1a2) sendfile(r1, r0, &(0x7f0000000080), 0x684aa014) write$binfmt_script(r0, 0x0, 0x60) ioctl$FS_IOC_GETFSMAP(0xffffffffffffffff, 0xc0c0583b, &(0x7f0000000300)=ANY=[@ANYBLOB="000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000300000001000000ff00000000000000d71f1e0500000000080000000000000039000000000000000000000000000000000000000000000000000000000000009e0f0000c70000000800000000000000000000000000000000000000000000000200"/320]) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) gettid() vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000002c0)="0f34", 0x2}], 0x1, 0x0) [ 285.698987][T25982] loop1: detected capacity change from 0 to 262160 [ 285.702051][T25983] loop0: detected capacity change from 0 to 61 [ 285.733751][T25986] loop4: detected capacity change from 0 to 262160 [ 285.772047][T25983] attempt to access beyond end of device [ 285.772047][T25983] loop0: rw=2049, want=64, limit=61 11:12:36 executing program 0: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f00000000c0)='./file1\x00', 0x7aca, 0x1, &(0x7f00000002c0)=[{&(0x7f0000000180)="040005090000000066617400040409000200027400f801", 0x17}], 0x0, &(0x7f0000000100)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') r0 = open(&(0x7f00000000c0)='./file0\x00', 0x40c2, 0x0) write(r0, &(0x7f0000001400)="bb8f9f640903127a53527c6fbfe65d43b0e0586f2d40c7e7df58cac83420e83662d6e39bb6d5430622431454eedeeaee423d8f210bc3525fa7927c18d5fbc91ab13c2041136047d8da9375934d00f325499bfe77", 0x54) write$P9_RSTAT(r0, &(0x7f0000000240)={0x54, 0x7d, 0x0, {0x0, 0x4d, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0, 0x0, '', 0x6, 'msdos\x00', 0xa, '/dev/vcsu\x00', 0xa, '\\j}/*/|,\x13('}}, 0x54) 11:12:36 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000240)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = creat(&(0x7f0000000080)='./bus\x00', 0x0) clock_gettime(0x0, &(0x7f00000037c0)={0x0, 0x0}) recvmmsg$unix(r1, &(0x7f0000003600)=[{{0x0, 0x0, &(0x7f0000000400)=[{&(0x7f0000000100)=""/39, 0x27}, {&(0x7f0000000140)=""/41, 0x29}, {&(0x7f0000000180)=""/59, 0x3b}, {&(0x7f0000002280)=""/97, 0x61}, {&(0x7f00000002c0)=""/154, 0x9a}, {&(0x7f00000003c0)=""/58, 0x3a}], 0x6, &(0x7f0000000480)=ANY=[@ANYBLOB="1c000000000000000100000002000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="00000011000000010000000000ac000000000000", @ANYRES32, @ANYRES32, @ANYRES32, @ANYBLOB="000000001c000000000000000100000002000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00'], 0x60}}, {{&(0x7f0000000500), 0x6e, &(0x7f0000000780)=[{&(0x7f0000000580)=""/199, 0xc7}, {&(0x7f0000000680)=""/243, 0xf3}], 0x2, &(0x7f00000007c0)=[@cred={{0x1c, 0x1, 0x2, {0x0, 0x0}}}, @cred={{0x1c}}], 0x40}}, {{&(0x7f0000000800)=@abs, 0x6e, &(0x7f00000009c0)=[{&(0x7f0000000880)=""/138, 0x8a}, {&(0x7f0000000940)=""/51, 0x33}, {&(0x7f0000000980)=""/50, 0x32}], 0x3, &(0x7f0000000a00)=[@cred={{0x1c, 0x1, 0x2, {0x0}}}, @rights={{0x28, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @cred={{0x1c}}, @cred={{0x1c}}, @cred={{0x1c}}], 0xc8}}, {{&(0x7f0000000b00), 0x6e, &(0x7f0000000e00)=[{&(0x7f0000000b80)=""/18, 0x12}, {&(0x7f0000000bc0)=""/200, 0xc8}, {&(0x7f0000000cc0)=""/177, 0xb1}, {&(0x7f0000000d80)=""/89, 0x59}], 0x4}}, {{0x0, 0x0, &(0x7f0000002100)=[{&(0x7f0000000e40)=""/99, 0x63}, {&(0x7f0000000ec0)=""/198, 0xc6}, {&(0x7f0000000fc0)=""/241, 0xf1}, {&(0x7f00000010c0)=""/4096, 0x1000}, {&(0x7f00000020c0)=""/46, 0x2e}], 0x5, &(0x7f0000002180)=[@cred={{0x1c}}, @rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x20, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c, 0x1, 0x2, {0x0, 0x0, 0x0}}}], 0x78}}, {{&(0x7f0000002200)=@abs, 0x6e, &(0x7f0000002340)=[{&(0x7f0000003b00)=""/78, 0x4e}, {&(0x7f0000002300)=""/44, 0x2c}], 0x2, &(0x7f0000002380)=[@cred={{0x1c}}, @cred={{0x1c}}, @rights={{0x1c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c, 0x1, 0x2, {0x0, 0x0, 0x0}}}, @rights={{0x28, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @rights={{0x24, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}], 0xf0}}, {{0x0, 0x0, &(0x7f0000003480)=[{&(0x7f0000002480)=""/4096, 0x1000}], 0x1, &(0x7f0000003b80)=ANY=[@ANYBLOB="28000000000000000100000001000000", @ANYRES32, @ANYRES32, @ANYRES32, @ANYRES32, @ANYRES32, @ANYRES32, @ANYBLOB="30000000000000000100000001000000", @ANYRES32, @ANYRES32, @ANYRES32, @ANYRES32, @ANYRES32, @ANYRES32, @ANYRES32, @ANYRES32, @ANYBLOB="1c000000000000000100000002000000", @ANYRES32=0x0, @ANYRESOCT, @ANYRES32=0x0, @ANYBLOB="0000000028000000000000000100000001000000", @ANYRES32, @ANYRES32, @ANYRES32, @ANYRES32, @ANYRES32, @ANYRES32, @ANYBLOB="1c000000000000000100000002000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="000000001c000000000000000100000002000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="000000001c000000000000000143cc000200469de0412503eea855e9090000fb3c5b154c46c3b2ba9e7792d796e54ba69104862ffc10db5391449be16e0cf97085dbebe3e4f26ab143779fd6bfa3859bc4a6f783ec454451ae249a9757c4a3b7d638a5f5371544aef187f5ed6641f6b462a2907c55a1c53322d6e3bdf639091e0060882dae24bacdee2825fe71482182033d45e32757a7dc4d79c0a352faf69aef638a5b892b26afc70f47010077398e1bd353185a636d4c1628b3a54b50da77928ec700d573f92c8547786bbe32bdb92df6739329b39412cffdbe36c28bd62666073fd90216e2eb72e447c1010091ea82a730ab989fb24ebfa9cd456b8934fa17feaf0e32fee00668a7762878717fb371d5a3ba8a63784e24ad8eeb76a479f82015c348f25a27ea5b8d6e25a5012a3f66a480e3c85fec1fe3be3206e4f39e3a6a", @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="0000000014000000000000000100000001000000", @ANYRES64=r1, @ANYBLOB='\x00\x00\x00\x00'], 0x118}}], 0x7, 0x40000000, &(0x7f0000003800)={r2, r3+60000000}) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000040)=0x8) r8 = creat(&(0x7f0000000380)='./bus\x00', 0x0) r9 = open(&(0x7f00000000c0)='./bus\x00', 0x14d842, 0x0) r10 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r10, &(0x7f0000000300)=ANY=[], 0x116) sendfile(r10, r10, &(0x7f0000000240), 0x7fff) r11 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r11, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setreuid(0x0, r12) sendmsg$unix(r10, &(0x7f0000003ac0)={&(0x7f00000034c0)=@file={0x1, './bus\x00'}, 0x6e, &(0x7f0000003580)=[{&(0x7f0000003540)="bb53e908b84910ad70d2172c7d5436fb384f4f7d5b67882409a98550168472e4abbbbaabbeb025a0f935d45142cea9f4b45e4c6d76d3af5a7d6258ab2b", 0x3d}, {&(0x7f00000039c0)="309df4686aeb41d241a4576588e841848c8b24e94cf540fb5178e7707f719de02e768d14d2e068bdbcb3af8ae07b4fb8a7f341bf4ada2ec2263045fe106c5559a7d3a0bc41d09c1d392a0f23834e19895b5b0c4581add7cb2e2260529542e04410d6e7dc0a42daebbfaa2808140991c23381dc888862876429748699e00f3a505189edde4c19a9128e510582932029a5287c9eeae1c845698b87e5d5fd1ed060e6da26b99d1de20190c34167aec9323523add1bfa4a0f3b481ea296e06969b0fe12a7b4b1826ac073da7c4dd11f263f2661030d1cd94681cd05c88ab7090e1fd6c3a24817d5f158d5724a396784d58994af1e0", 0xf3}], 0x2, &(0x7f00000035c0)=[@cred={{0x1c, 0x1, 0x2, {r5, r12, r6}}}, @cred={{0x1c, 0x1, 0x2, {0x0, r4, r7}}}], 0x40, 0x4000041}, 0x14) r13 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r9, r13, 0x0, 0x80000008) lseek(r8, 0x7ffffc, 0x0) write$binfmt_elf64(r8, &(0x7f0000000000)=ANY=[], 0xfd14) 11:12:36 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000240)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) creat(&(0x7f0000000080)='./bus\x00', 0x0) syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) write$binfmt_script(0xffffffffffffffff, 0x0, 0x8800000) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0) ioctl$SG_IO(r1, 0x2285, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair(0x1, 0x0, 0x0, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8914, 0x0) r2 = open(&(0x7f00000001c0)='./file0\x00', 0x4e141, 0x0) sendfile(r2, 0xffffffffffffffff, 0x0, 0x401ffc000) 11:12:36 executing program 0: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f00000000c0)='./file1\x00', 0x7aca, 0x1, &(0x7f00000002c0)=[{&(0x7f0000000180)="040005090000000066617400040409000200027400f801", 0x17}], 0x0, &(0x7f0000000100)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') r0 = open(&(0x7f00000000c0)='./file0\x00', 0x40c2, 0x0) write(r0, &(0x7f0000001400)="bb8f9f640903127a53527c6fbfe65d43b0e0586f2d40c7e7df58cac83420e83662d6e39bb6d5430622431454eedeeaee423d8f210bc3525fa7927c18d5fbc91ab13c2041136047d8da9375934d00f325499bfe77", 0x54) write$P9_RSTAT(r0, &(0x7f0000000240)={0x54, 0x7d, 0x0, {0x0, 0x4d, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0, 0x0, '', 0x6, 'msdos\x00', 0xa, '/dev/vcsu\x00', 0xa, '\\j}/*/|,\x13('}}, 0x54) [ 285.907094][T26012] loop0: detected capacity change from 0 to 61 [ 285.924099][T26012] attempt to access beyond end of device [ 285.924099][T26012] loop0: rw=2049, want=64, limit=61 11:12:36 executing program 5: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f00000000c0)='./file1\x00', 0x7aca, 0x1, &(0x7f00000002c0)=[{&(0x7f0000000180)="040005090000000066617400040409000200027400f801", 0x17}], 0x0, &(0x7f0000000080)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') r0 = open(&(0x7f00000000c0)='./file0\x00', 0x40c2, 0x0) write(r0, &(0x7f0000001400)="bb", 0x1001) r1 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r1, &(0x7f0000000300)=ANY=[], 0x116) sendfile(r1, r1, &(0x7f0000000240), 0x7fff) creat(&(0x7f0000000100)='./file1\x00', 0x1a2) sendfile(r1, r0, &(0x7f0000000080), 0x684aa014) write$binfmt_script(r0, 0x0, 0x60) ioctl$FS_IOC_GETFSMAP(0xffffffffffffffff, 0xc0c0583b, &(0x7f0000000300)=ANY=[@ANYBLOB="000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000300000001000000ff00000000000000d71f1e0500000000080000000000000039000000000000000000000000000000000000000000000000000000000000009e0f0000c70000000800000000000000000000000000000000000000000000000200"/320]) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x4000000a, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000002c0)="0f34", 0x2}], 0x1, 0x0) [ 286.020987][T26026] loop0: detected capacity change from 0 to 61 [ 286.045970][T26026] attempt to access beyond end of device [ 286.045970][T26026] loop0: rw=2049, want=64, limit=61 11:12:36 executing program 0: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f00000000c0)='./file1\x00', 0x7aca, 0x1, &(0x7f00000002c0)=[{&(0x7f0000000180)="040005090000000066617400040409000200027400f801", 0x17}], 0x0, &(0x7f0000000100)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') r0 = open(&(0x7f00000000c0)='./file0\x00', 0x40c2, 0x0) write(r0, &(0x7f0000001400)="bb8f9f640903127a53527c6fbfe65d43b0e0586f2d40c7e7df58cac83420e83662d6e39bb6d5430622431454eedeeaee423d8f210bc3525fa7927c18d5fbc91ab13c2041136047d8da9375934d00f325499bfe77", 0x54) write$P9_RSTAT(r0, &(0x7f0000000240)={0x54, 0x7d, 0x0, {0x0, 0x4d, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0, 0x0, '', 0x6, 'msdos\x00', 0xa, '/dev/vcsu\x00', 0xa, '\\j}/*/|,\x13('}}, 0x54) [ 286.070067][T26035] loop4: detected capacity change from 0 to 262160 [ 286.130531][T26044] loop0: detected capacity change from 0 to 61 [ 286.164537][T26044] attempt to access beyond end of device [ 286.164537][T26044] loop0: rw=2049, want=64, limit=61 11:12:38 executing program 0: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f00000000c0)='./file1\x00', 0x7aca, 0x1, &(0x7f00000002c0)=[{&(0x7f0000000180)="040005090000000066617400040409000200027400f801", 0x17}], 0x0, &(0x7f0000000100)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') r0 = open(&(0x7f00000000c0)='./file0\x00', 0x40c2, 0x0) write(r0, &(0x7f0000001400)="bb8f9f640903127a53527c6fbfe65d43b0e0586f2d40c7e7df58cac83420e83662d6e39bb6d5430622431454eedeeaee423d8f210bc3525fa7927c18d5fbc91ab13c2041136047d8da9375934d00f325499bfe77", 0x54) write$P9_RSTAT(r0, &(0x7f0000000240)={0x54, 0x7d, 0x0, {0x0, 0x4d, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0, 0x0, '', 0x6, 'msdos\x00', 0xa, '/dev/vcsu\x00', 0xa, '\\j}/*/|,\x13('}}, 0x54) 11:12:38 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000240)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) creat(&(0x7f0000000080)='./bus\x00', 0x0) syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) write$binfmt_script(0xffffffffffffffff, 0x0, 0x8800000) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0) ioctl$SG_IO(r1, 0x2285, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair(0x1, 0x0, 0x0, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8914, 0x0) r2 = open(&(0x7f00000001c0)='./file0\x00', 0x4e141, 0x0) sendfile(r2, 0xffffffffffffffff, 0x0, 0x401ffc000) 11:12:38 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000240)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000040)=0x8) r2 = creat(&(0x7f0000000380)='./bus\x00', 0x0) r3 = open(&(0x7f00000000c0)='./bus\x00', 0x14d842, 0x0) sendfile(r3, 0xffffffffffffffff, 0x0, 0x80000001) lseek(r2, 0x7ffffc, 0x0) r4 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r4, &(0x7f0000000300)=ANY=[], 0x116) sendfile(r4, r4, &(0x7f0000000240), 0x7fff) r5 = inotify_init() inotify_add_watch(r5, &(0x7f0000000000)='.\x00', 0x400017e) r6 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r6, &(0x7f0000000300)=ANY=[], 0x116) sendfile(r6, r6, &(0x7f0000000240), 0x7fff) write$binfmt_elf64(r2, &(0x7f00000003c0)=ANY=[@ANYRESOCT=r4, @ANYRESDEC=r0, @ANYRESDEC, @ANYRESHEX=r0, @ANYRES32, @ANYRESHEX=r0, @ANYRESOCT=r5, @ANYRESHEX=r6, @ANYBLOB="4193394078133293b46b3458ae5efb1fe1af33bae0091dc86ee965e4fc929cfabcd5bef4730a9c6a5a22253fb373b677de28550a8932e4b4f8a6044b17ed54d849e352bad25f66bd628c55a9fea4295f90b0f94044e72d8c397e34687be5875b8927f6b4758542b4cc26bad1dcae2321399c2260683c3fdb7574466dd327e6f114a7bb537cc9b716f9cdc969a6a7be5be854eb859d1bbab0e38e0156272b089f4ad91e6da9f4f5b53f75eee7664eee376b8be3c053f4659e40531344dc6c6e8e175d2e0182af22dc203fa1ef3879980580a68d58bc3733849627ffa073217eb1800ef9e391b9f33920a4db1dd70e40bf4cdd9692afa005318af92181ed5ec660ae2ff6f004e0d64ed76356a99c3f62287f0fa1dc3efc398f700d406987ee69e6ea7f6870ae3388f4df9e58c7af5a2bd873e8475e1d688733bfbbb02a62eab24eacfd1bd68fbcb088bdc023ef2cd211c0484e2a79b75abff6203a1e094cc29756ec801c098128d83beda9cb8719195eb446b4289193f41f71f1983b2ace19a7f6f2d9276444561d999718ab6fa4d8460f641e738f839b8ee92bfe089f08dd93b40e7fa80d399e244c8993b5be8386433aa9583755b4fc409bb488d8fa21df58c4e9b4887adbf804082b181e5a5c66c4a51edd8825d7755daa2eec4a6614e9a2b8737c6f47e42d32511cb2238987beccd46e5830614ca2fe09069b0ded41a329b92e51db217f548ee92573f7ea331724b0c4d8f2081c1d2778e68904ae8fab28bc225f9892d3435619a154124a5e68aa70e1bc2d0b3c2362e1c78958fc78c6205a427ba8c959746b1f2ee22494452a529a9d65c898cb0707d192f063c1ea01975353828ea28ceaed73615493cc6847e27806203bfc129ef04724528dc81ab5131a8905a99b9c2f5f7a9316d7ef9e8490851f48e4b097280a16409c63c35df8b18ff3b7d945eeea58f17681a80744313c246407c0ecf4672b5dcabefb30a40be1cc62a00dacdbf7b10dc16f5ab4a8450092600c15f1b71bd47a7d7286f2814257d84cd93004ee8e8c5678f755f10ed3458b0c5e020c629fde16e01d094bb5905d17ae8cc6d95542573d7ff483743b2fda954411112f15e5f3cf3c39b7d457a2a63b0df2d974b73efa48b788783c2727b0a863afb755c907c7ec40a1f4866bdd1a2b7edba0bfc5305c8385a3a7300ab8866c38d90d57695fa5f618506311f30b8a00ca9456cc79a156de34e899ff014c291662f55ecd9fc6795e81a2be1bbbd12eccf76f91ea309b93cfe57c193c22458d8703d164c60324631e3544413ada51d33c833a1e736d48b1c7d6648b8f956fb9fade1e3091a0ade0782c948bf4c9db8829a580104115cda218069645144a02bf27808a32a1a1fb68a2a5fc9929ce503cf26c87715947d4b46c9229e22acbc752bcf7c069b49f7d77b75480975ecea187530bb46c3bab86eb67a9dc8dd1f8ca076fe5e17bd695dd0cc658efa55494f3c449cd8bed281aee1fe85b93133a1b47c4199518b0e915e9283402ef8c26cae02324d3f79c83fc58e49f642b7c4538b28883af3cec61c339621f9390e8d33371b4bd13fa8dacf848cb69103a972917bb4fd9bd9c72eaa0193c68389729ab29094c76fb873210f5df1bb394ec1d8366411089257acd0d937d5b593d79910342a0cf02ac9bbd3b6f4391005ad886642ceb71a24cd3e97a751943b73a2575902cc20d7c6cc1bd7b8d2142cdbf61f33cab548e49e07d23e00515c76a945e60c95d1d482c2926ced00076fcb97dec38ae5ed65b3a5038088251ebf509f5ec3f237c574673d006579ff76fee39fd88db900bc6ec5acba161a2d6e4b626a4c68098b2c42ca77d92bd7287a39e7b210d98ea542754d15fbf4208fc946b916e4d155692f3949e4999073f766b62208af3fd606b55ed8226e0593b62123802a8b0e00ca34f60144989922fb901b957a208cc18aec9b6c5cf4310729fc8850421e49139cf53c942b23154b1e4e9d1c4e075be515bd26dfb2e505139d7e220bda81b58fb9d91c0eb29e540fd691603fe006d844a8aafd8a91004051ce1655ce2646bcb91ef2db605f8194d8ad1534e2c513a26c2ba432502db3a6083f5eca2e48cda1cc56b784cfddacbaebe73d5fa4483d080a657e4211a90f02af2341eac40fab7c789819b599658c3a6513319c159948581aedc763564a361a60580709b82c4f152b618346b6d6a0db62f44eeeb4c6cb8108357da45b7d91e33b9db2a489b154adbe8274793dc43b90617bd692794739918dda94eea5407fe3984b72dc0e3b7e8c29ee7bf61a2ee628be027cabbcede3682d8d7aabf46f6c55f280cc6c81147475c610b73138451bd6b2a60beb0e098351eac81946c5f5b631b699b0d1dd3b36d9b89327ff640f3cad44d92bc8185e8246090ad25146f2816460437cc35978ee841b8bc3e6deca39db0fe65accf6c1cfb95e34d3f0673a16b03eda40dbc86c37be550cb06b920890d4a5663119f36d1a95e82067b027178a8d8413cce2e37bd15d4c34627e7cdb54e2b9a36c51f0619811bf475f23da66a423e1b6a77d1fc7e0a16ad71e9f3a22561dd3427c23e5ae3b72efe0aa77d4cea8eedbc440b597faacc826da0a0076edea8ef332fd7e3c6884ef839be8382e3154b3b5802b2721c81b3bc9434efc2bb5b5f9d30f3a566bd6b9278cd65d4192c444f0462c4ddf060945fce349d04523cd9b337e7cbab42e91edf31b1886045724393c567bfcc501f2dae8cb0a01533b6f962a291d4fd2da7c7b0cd07de1f011d204c063660cabe2a36c93104df0e3a5ef9ba450006f124d8a05b00f08173043d2fb30f4fc6eab1f050ae3565361781b9a5f51de8d775d29dfb82cc41223802e871db46223884ce475129a4fc14c7662b57b9a642583fcc2fa5415f5e731ed0f7d1ba6b0d0092a88372e5130b212cf736bfb7cd0f6fb9a32337a5cdd1f096ebcedc86e4d220c9a7ca35007c997657a45818984c61923e50dd502b72da52c1ba985f089b2352dc18de7d4fd87ad41819dba7bb9d6f71c40b07a20261990b6954661c01651ea18e272aafbd499101d141843afa7e4851b02a5c19a4e2260fe2bb2c5b0c6d131114475834f9c759f91c3c882c4aaa82d1e661c4b9458b35ff8b6a3ab432e65abf95e0e490894fb5c740c2f080ac2d2d001c999d60b8a208af9e55302358e352c6ce026b1ffdbc0c6494f755fa9ade700e77ca4a266f5bb7f9a376dc1dc15eb8f6f449850b970bfec11979f5b24529d9deb90ab76cb2ba522228378f429dbdde0e8dd65b17e7fa1c9de00a739581b8d0b9cffec47f07c8614a28a099a1c3a5711c2c3f679e1df699d8aab775db26dc48e4c00078749383831578c81d01f0da8830c1760df224efb9013a8f70e68ba2d1e971e2316099434d6d12be841de5d708e743c08a12b9b0d282ff0c7ac7fa358ce0dfe90be2ddbb54387f1e2b1228b7c354ab2fd4289b1283c6165199d54b409deaf5dad0a62c3386dc7b0052d468a2ac344403e27775dabf25c246c69a5263daff26524b770856b489e06d0640840ff20bf07c2dfc2eed3f0c01db2ee45b3faefe09b7214a51ae446da9073be8bf029d3c5f97f7f8b21ffccd2c596f3fc05333b5239b1036d89fea1ec3379942b97b89a39ce340809db699605c873049879ec3cf326576b618d77b8fa11d3a27a4d17fba6ac04f73b56cff78cce1458fbeac7ce7eec93be96a5e19d2da922851224915cdb20752a2198f974b7ba41fd6a73232c8fdf01b4f528362d7d231602a5198a36491f5541673a4657a65487e3beaf547c18b66f830df8aa0696ecde800accd565688aa1f0b5f7732abddd736c45f8a4901a4887f009b76654581aeb0a2706e927902d4571f7ea7079ef657a70e71d71471404ba5e5d90ee5297a2863c7ff70046927510208c0995886ca65a701bfcd60a2354d95d2de55fc22c82e373a516f51c34561ec1b12aaa860aa3233859342d3849e23503d83e71f8737670da2251a12c995082b99858e662ae0b3b74670e77ca53d3943f922a66638b68cab892cda6592d29e857372253c0f87f718d40515e0f685b4e6bece6c65a2efa8ff06ee76a2703174d4d3f4691f324bd0456e7afb27ced76974045c6cb2c0820ae6bd948641c09f580803496e2042e245c6e2e32251736356755bded4ee8d1afeea41e05c127300f204152678624b20e4a90fddf5b11657011fb28fe28caa74fad9269fe8ba0a77b27ba4ef5477a0d4f1953b454257045b3434f163cc141a5d7a748de679bf5731ca5d5f95ac91e435f4f05efd8c51e4533233e0c315d2d7a4f678d0b882210cd10a7531e5611b13746203827bee59479d1507194e99862360fc069b2840771787809bc617430de1cefe015f050019391ce07f34f03a184797e6f43c5562f26d226a3672e662b36714e47007c9dbd86e4af4e9d622b792e517c2e0d7d6a2523f8e7cac98deca3992fb5ee7bf5a222cc50c41aaad73df87e26ae413feea039fc4b218e911bbf6cd0e47b3546e5c58567426150f20dbc5fec2601d6d6bb363dcbc33b2c92ac8de4dba6f5f8ea9ed5d43013c3cdb6f743f4a3ddd4935cc58f2c2631ea9a33942262e084f94d18159d1b1b7fa9302cd27512c49d2341ce7d3e8a6e9faaf4aa795c8467962dbb55f832d3a4abd2afb3de9351600b21ef59d2b54e3d98f723e9258f5c0afafdabbd85a0183c694510a11a74ba79dc2250573f00e675c1bf53586c056387c7a080a77733cb1b7632d6574d5fd6d870a32c501d00a6a408a1ee940ce48c1e3ad3fe8b309b60527bab83d15c7e3857b964b1fc1761a9e1ecf360ffc80ca183c174a48731aaa27f062deb93080fd5171f909000dd96debc1ce38db303bd9096896222b83e566a9ddfef6120cb7212f839af33c8148c1ea2813ab89824517d585ba78f17281945a61711a7097962e803c636e667c208fce75761110d0d89372960e22b7afc880c19acd92ae00a5f4e6b013355266079b92501002964c3c48940f8f98170009255b093f6f0b297c845660784d1d96bb95a13b3cc23f21b64b8036e45c2dd392dd6b3adaae25cd75e5a035a988015bc1140cfb790ff5f9651feb7b8f57604ab64812c2904fe69853d47095f6ef95f0f13294e382c18cfa2166e2a27bfb90c38e21efbd73bdfead55a02065da260fa0362bc2d73230ea2377e3f7f9de99cd9aafd0613c34d74f5e9506ee79391ee571b391c1ae70fea4d1738edf206ffb69060ef3a607a24e6dcb6b5421a14f8a5e80e6d8d3cb473468f86f6b8944670bfa055d212f341dfc81ac39d8fdec489a50c815d3d3e8de1eb34e61cfc07b9b4b2dc19e4c55dab620be83af6076dd7b2121a1b3684473b3b7a469f772032e6468a4aebe5d10b866202371113b0bf52cfc04cb63e6e18fbc0899d407c93fc5c006f60bf3ff96de781831b36101895e801a2885c555408ae37ee768f4a3edf0c97b095a2c72cc068e7bdd1d4b9269bdb0ac3f34335d320c72dbf67c61994ed371ac4e191e2c7c520d7efe7630376794c17198bc1771fb7e30b25057a3164fd03f95ff69a1b9f156293c41926e1e81b91ee30cbea8172c7c31695e0fb5cd836981439658ad644925dcd67379cee016ea5335fd3911783430258b8e3b142c37cfe0373e6836ec008e84854930dcf4e61f8f86cd7020fb3fff6b2df8027752141536900e6a723cc336c6984e344cb340ba849b59072e890d23139251fa5db9c80dffa6a507085c454369c5c35c8b27f59d22a0eaed6fa9862364efa26989e6c0c56e1d00", @ANYRES64], 0xfd14) connect$unix(0xffffffffffffffff, 0x0, 0x0) 11:12:38 executing program 5: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f00000000c0)='./file1\x00', 0x7aca, 0x1, &(0x7f00000002c0)=[{&(0x7f0000000180)="040005090000000066617400040409000200027400f801", 0x17}], 0x0, &(0x7f0000000080)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') r0 = open(&(0x7f00000000c0)='./file0\x00', 0x40c2, 0x0) write(r0, &(0x7f0000001400)="bb", 0x1001) r1 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r1, &(0x7f0000000300)=ANY=[], 0x116) sendfile(r1, r1, &(0x7f0000000240), 0x7fff) creat(&(0x7f0000000100)='./file1\x00', 0x1a2) sendfile(r1, r0, &(0x7f0000000080), 0x684aa014) write$binfmt_script(r0, 0x0, 0x60) ioctl$FS_IOC_GETFSMAP(0xffffffffffffffff, 0xc0c0583b, &(0x7f0000000300)=ANY=[@ANYBLOB="000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000300000001000000ff00000000000000d71f1e0500000000080000000000000039000000000000000000000000000000000000000000000000000000000000009e0f0000c70000000800000000000000000000000000000000000000000000000200"/320]) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x4000000a, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000002c0)="0f34", 0x2}], 0x1, 0x0) 11:12:38 executing program 2: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000240)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000040)=0x8) r2 = creat(&(0x7f0000000380)='./bus\x00', 0x0) r3 = open(&(0x7f00000000c0)='./bus\x00', 0x14d842, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r3, r4, 0x0, 0x80000008) lseek(r2, 0x7ffffc, 0x0) write$binfmt_elf64(r2, &(0x7f0000000000)=ANY=[], 0xfd14) r5 = inotify_init() inotify_add_watch(r5, &(0x7f0000000000)='.\x00', 0x400017e) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r5, 0x81f8943c, &(0x7f00000003c0)) 11:12:38 executing program 3: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f00000000c0)='./file1\x00', 0x7aca, 0x1, &(0x7f00000002c0)=[{&(0x7f0000000180)="040005090000000066617400040409000200027400f801", 0x17}], 0x0, &(0x7f0000000080)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') r0 = open(&(0x7f00000000c0)='./file0\x00', 0x40c2, 0x0) write(r0, &(0x7f0000001400)="bb", 0x1001) r1 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) sendfile(r1, r1, &(0x7f0000000240), 0x7fff) creat(&(0x7f0000000100)='./file1\x00', 0x1a2) sendfile(r1, r0, &(0x7f0000000080), 0x684aa014) write$binfmt_script(r0, 0x0, 0x60) ioctl$FS_IOC_GETFSMAP(0xffffffffffffffff, 0xc0c0583b, &(0x7f0000000300)=ANY=[@ANYBLOB="000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000300000001000000ff00000000000000d71f1e0500000000080000000000000039000000000000000000000000000000000000000000000000000000000000009e0f0000c70000000800000000000000000000000000000000000000000000000200"/320]) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() wait4(0x0, 0x0, 0x4000000a, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000002c0)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r2, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0, 0x34}, {&(0x7f0000000000)=""/3, 0x3}], 0x3, 0x0, 0x0, 0x0) tkill(r2, 0x3c) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x48, &(0x7f0000000300)="f43970da7cfeb6d42fd55103666c5762306aa6000000006e59b65f92b10000c571b846e84785185abde7d01894a79025a799ce07a8bdf0c91d32be313b558a8b5a3ae6a22cd7123b"}}], 0x1c) 11:12:38 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000240)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) creat(&(0x7f0000000080)='./bus\x00', 0x0) syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) write$binfmt_script(0xffffffffffffffff, 0x0, 0x8800000) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0) ioctl$SG_IO(r1, 0x2285, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair(0x1, 0x0, 0x0, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8914, 0x0) r2 = open(&(0x7f00000001c0)='./file0\x00', 0x4e141, 0x0) sendfile(r2, 0xffffffffffffffff, 0x0, 0x401ffc000) [ 288.728888][T26077] loop0: detected capacity change from 0 to 61 [ 288.743729][T26078] loop4: detected capacity change from 0 to 262160 [ 288.764850][T26077] attempt to access beyond end of device [ 288.764850][T26077] loop0: rw=2049, want=64, limit=61 11:12:39 executing program 0: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f00000000c0)='./file1\x00', 0x7aca, 0x1, &(0x7f00000002c0)=[{&(0x7f0000000180)="040005090000000066617400040409000200027400f801", 0x17}], 0x0, &(0x7f0000000100)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') r0 = open(&(0x7f00000000c0)='./file0\x00', 0x40c2, 0x0) write(r0, &(0x7f0000001400)="bb8f9f640903127a53527c6fbfe65d43b0e0586f2d40c7e7df58cac83420e83662d6e39bb6d5430622431454eedeeaee423d8f210bc3525fa7927c18d5fbc91ab13c2041136047d8da9375934d00f325499bfe77", 0x54) write$P9_RSTAT(r0, &(0x7f0000000240)={0x54, 0x7d, 0x0, {0x0, 0x4d, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0, 0x0, '', 0x6, 'msdos\x00', 0xa, '/dev/vcsu\x00', 0xa, '\\j}/*/|,\x13('}}, 0x54) 11:12:39 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000240)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000040)=0x8) r2 = creat(&(0x7f0000000380)='./bus\x00', 0x0) r3 = open(&(0x7f00000000c0)='./bus\x00', 0x14d842, 0x0) sendfile(r3, 0xffffffffffffffff, 0x0, 0x80000001) lseek(r2, 0x7ffffc, 0x0) r4 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r4, &(0x7f0000000300)=ANY=[], 0x116) sendfile(r4, r4, &(0x7f0000000240), 0x7fff) r5 = inotify_init() inotify_add_watch(r5, &(0x7f0000000000)='.\x00', 0x400017e) r6 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r6, &(0x7f0000000300)=ANY=[], 0x116) sendfile(r6, r6, &(0x7f0000000240), 0x7fff) write$binfmt_elf64(r2, &(0x7f00000003c0)=ANY=[@ANYRESOCT=r4, @ANYRESDEC=r0, @ANYRESDEC, @ANYRESHEX=r0, @ANYRES32, @ANYRESHEX=r0, @ANYRESOCT=r5, @ANYRESHEX=r6, @ANYBLOB="4193394078133293b46b3458ae5efb1fe1af33bae0091dc86ee965e4fc929cfabcd5bef4730a9c6a5a22253fb373b677de28550a8932e4b4f8a6044b17ed54d849e352bad25f66bd628c55a9fea4295f90b0f94044e72d8c397e34687be5875b8927f6b4758542b4cc26bad1dcae2321399c2260683c3fdb7574466dd327e6f114a7bb537cc9b716f9cdc969a6a7be5be854eb859d1bbab0e38e0156272b089f4ad91e6da9f4f5b53f75eee7664eee376b8be3c053f4659e40531344dc6c6e8e175d2e0182af22dc203fa1ef3879980580a68d58bc3733849627ffa073217eb1800ef9e391b9f33920a4db1dd70e40bf4cdd9692afa005318af92181ed5ec660ae2ff6f004e0d64ed76356a99c3f62287f0fa1dc3efc398f700d406987ee69e6ea7f6870ae3388f4df9e58c7af5a2bd873e8475e1d688733bfbbb02a62eab24eacfd1bd68fbcb088bdc023ef2cd211c0484e2a79b75abff6203a1e094cc29756ec801c098128d83beda9cb8719195eb446b4289193f41f71f1983b2ace19a7f6f2d9276444561d999718ab6fa4d8460f641e738f839b8ee92bfe089f08dd93b40e7fa80d399e244c8993b5be8386433aa9583755b4fc409bb488d8fa21df58c4e9b4887adbf804082b181e5a5c66c4a51edd8825d7755daa2eec4a6614e9a2b8737c6f47e42d32511cb2238987beccd46e5830614ca2fe09069b0ded41a329b92e51db217f548ee92573f7ea331724b0c4d8f2081c1d2778e68904ae8fab28bc225f9892d3435619a154124a5e68aa70e1bc2d0b3c2362e1c78958fc78c6205a427ba8c959746b1f2ee22494452a529a9d65c898cb0707d192f063c1ea01975353828ea28ceaed73615493cc6847e27806203bfc129ef04724528dc81ab5131a8905a99b9c2f5f7a9316d7ef9e8490851f48e4b097280a16409c63c35df8b18ff3b7d945eeea58f17681a80744313c246407c0ecf4672b5dcabefb30a40be1cc62a00dacdbf7b10dc16f5ab4a8450092600c15f1b71bd47a7d7286f2814257d84cd93004ee8e8c5678f755f10ed3458b0c5e020c629fde16e01d094bb5905d17ae8cc6d95542573d7ff483743b2fda954411112f15e5f3cf3c39b7d457a2a63b0df2d974b73efa48b788783c2727b0a863afb755c907c7ec40a1f4866bdd1a2b7edba0bfc5305c8385a3a7300ab8866c38d90d57695fa5f618506311f30b8a00ca9456cc79a156de34e899ff014c291662f55ecd9fc6795e81a2be1bbbd12eccf76f91ea309b93cfe57c193c22458d8703d164c60324631e3544413ada51d33c833a1e736d48b1c7d6648b8f956fb9fade1e3091a0ade0782c948bf4c9db8829a580104115cda218069645144a02bf27808a32a1a1fb68a2a5fc9929ce503cf26c87715947d4b46c9229e22acbc752bcf7c069b49f7d77b75480975ecea187530bb46c3bab86eb67a9dc8dd1f8ca076fe5e17bd695dd0cc658efa55494f3c449cd8bed281aee1fe85b93133a1b47c4199518b0e915e9283402ef8c26cae02324d3f79c83fc58e49f642b7c4538b28883af3cec61c339621f9390e8d33371b4bd13fa8dacf848cb69103a972917bb4fd9bd9c72eaa0193c68389729ab29094c76fb873210f5df1bb394ec1d8366411089257acd0d937d5b593d79910342a0cf02ac9bbd3b6f4391005ad886642ceb71a24cd3e97a751943b73a2575902cc20d7c6cc1bd7b8d2142cdbf61f33cab548e49e07d23e00515c76a945e60c95d1d482c2926ced00076fcb97dec38ae5ed65b3a5038088251ebf509f5ec3f237c574673d006579ff76fee39fd88db900bc6ec5acba161a2d6e4b626a4c68098b2c42ca77d92bd7287a39e7b210d98ea542754d15fbf4208fc946b916e4d155692f3949e4999073f766b62208af3fd606b55ed8226e0593b62123802a8b0e00ca34f60144989922fb901b957a208cc18aec9b6c5cf4310729fc8850421e49139cf53c942b23154b1e4e9d1c4e075be515bd26dfb2e505139d7e220bda81b58fb9d91c0eb29e540fd691603fe006d844a8aafd8a91004051ce1655ce2646bcb91ef2db605f8194d8ad1534e2c513a26c2ba432502db3a6083f5eca2e48cda1cc56b784cfddacbaebe73d5fa4483d080a657e4211a90f02af2341eac40fab7c789819b599658c3a6513319c159948581aedc763564a361a60580709b82c4f152b618346b6d6a0db62f44eeeb4c6cb8108357da45b7d91e33b9db2a489b154adbe8274793dc43b90617bd692794739918dda94eea5407fe3984b72dc0e3b7e8c29ee7bf61a2ee628be027cabbcede3682d8d7aabf46f6c55f280cc6c81147475c610b73138451bd6b2a60beb0e098351eac81946c5f5b631b699b0d1dd3b36d9b89327ff640f3cad44d92bc8185e8246090ad25146f2816460437cc35978ee841b8bc3e6deca39db0fe65accf6c1cfb95e34d3f0673a16b03eda40dbc86c37be550cb06b920890d4a5663119f36d1a95e82067b027178a8d8413cce2e37bd15d4c34627e7cdb54e2b9a36c51f0619811bf475f23da66a423e1b6a77d1fc7e0a16ad71e9f3a22561dd3427c23e5ae3b72efe0aa77d4cea8eedbc440b597faacc826da0a0076edea8ef332fd7e3c6884ef839be8382e3154b3b5802b2721c81b3bc9434efc2bb5b5f9d30f3a566bd6b9278cd65d4192c444f0462c4ddf060945fce349d04523cd9b337e7cbab42e91edf31b1886045724393c567bfcc501f2dae8cb0a01533b6f962a291d4fd2da7c7b0cd07de1f011d204c063660cabe2a36c93104df0e3a5ef9ba450006f124d8a05b00f08173043d2fb30f4fc6eab1f050ae3565361781b9a5f51de8d775d29dfb82cc41223802e871db46223884ce475129a4fc14c7662b57b9a642583fcc2fa5415f5e731ed0f7d1ba6b0d0092a88372e5130b212cf736bfb7cd0f6fb9a32337a5cdd1f096ebcedc86e4d220c9a7ca35007c997657a45818984c61923e50dd502b72da52c1ba985f089b2352dc18de7d4fd87ad41819dba7bb9d6f71c40b07a20261990b6954661c01651ea18e272aafbd499101d141843afa7e4851b02a5c19a4e2260fe2bb2c5b0c6d131114475834f9c759f91c3c882c4aaa82d1e661c4b9458b35ff8b6a3ab432e65abf95e0e490894fb5c740c2f080ac2d2d001c999d60b8a208af9e55302358e352c6ce026b1ffdbc0c6494f755fa9ade700e77ca4a266f5bb7f9a376dc1dc15eb8f6f449850b970bfec11979f5b24529d9deb90ab76cb2ba522228378f429dbdde0e8dd65b17e7fa1c9de00a739581b8d0b9cffec47f07c8614a28a099a1c3a5711c2c3f679e1df699d8aab775db26dc48e4c00078749383831578c81d01f0da8830c1760df224efb9013a8f70e68ba2d1e971e2316099434d6d12be841de5d708e743c08a12b9b0d282ff0c7ac7fa358ce0dfe90be2ddbb54387f1e2b1228b7c354ab2fd4289b1283c6165199d54b409deaf5dad0a62c3386dc7b0052d468a2ac344403e27775dabf25c246c69a5263daff26524b770856b489e06d0640840ff20bf07c2dfc2eed3f0c01db2ee45b3faefe09b7214a51ae446da9073be8bf029d3c5f97f7f8b21ffccd2c596f3fc05333b5239b1036d89fea1ec3379942b97b89a39ce340809db699605c873049879ec3cf326576b618d77b8fa11d3a27a4d17fba6ac04f73b56cff78cce1458fbeac7ce7eec93be96a5e19d2da922851224915cdb20752a2198f974b7ba41fd6a73232c8fdf01b4f528362d7d231602a5198a36491f5541673a4657a65487e3beaf547c18b66f830df8aa0696ecde800accd565688aa1f0b5f7732abddd736c45f8a4901a4887f009b76654581aeb0a2706e927902d4571f7ea7079ef657a70e71d71471404ba5e5d90ee5297a2863c7ff70046927510208c0995886ca65a701bfcd60a2354d95d2de55fc22c82e373a516f51c34561ec1b12aaa860aa3233859342d3849e23503d83e71f8737670da2251a12c995082b99858e662ae0b3b74670e77ca53d3943f922a66638b68cab892cda6592d29e857372253c0f87f718d40515e0f685b4e6bece6c65a2efa8ff06ee76a2703174d4d3f4691f324bd0456e7afb27ced76974045c6cb2c0820ae6bd948641c09f580803496e2042e245c6e2e32251736356755bded4ee8d1afeea41e05c127300f204152678624b20e4a90fddf5b11657011fb28fe28caa74fad9269fe8ba0a77b27ba4ef5477a0d4f1953b454257045b3434f163cc141a5d7a748de679bf5731ca5d5f95ac91e435f4f05efd8c51e4533233e0c315d2d7a4f678d0b882210cd10a7531e5611b13746203827bee59479d1507194e99862360fc069b2840771787809bc617430de1cefe015f050019391ce07f34f03a184797e6f43c5562f26d226a3672e662b36714e47007c9dbd86e4af4e9d622b792e517c2e0d7d6a2523f8e7cac98deca3992fb5ee7bf5a222cc50c41aaad73df87e26ae413feea039fc4b218e911bbf6cd0e47b3546e5c58567426150f20dbc5fec2601d6d6bb363dcbc33b2c92ac8de4dba6f5f8ea9ed5d43013c3cdb6f743f4a3ddd4935cc58f2c2631ea9a33942262e084f94d18159d1b1b7fa9302cd27512c49d2341ce7d3e8a6e9faaf4aa795c8467962dbb55f832d3a4abd2afb3de9351600b21ef59d2b54e3d98f723e9258f5c0afafdabbd85a0183c694510a11a74ba79dc2250573f00e675c1bf53586c056387c7a080a77733cb1b7632d6574d5fd6d870a32c501d00a6a408a1ee940ce48c1e3ad3fe8b309b60527bab83d15c7e3857b964b1fc1761a9e1ecf360ffc80ca183c174a48731aaa27f062deb93080fd5171f909000dd96debc1ce38db303bd9096896222b83e566a9ddfef6120cb7212f839af33c8148c1ea2813ab89824517d585ba78f17281945a61711a7097962e803c636e667c208fce75761110d0d89372960e22b7afc880c19acd92ae00a5f4e6b013355266079b92501002964c3c48940f8f98170009255b093f6f0b297c845660784d1d96bb95a13b3cc23f21b64b8036e45c2dd392dd6b3adaae25cd75e5a035a988015bc1140cfb790ff5f9651feb7b8f57604ab64812c2904fe69853d47095f6ef95f0f13294e382c18cfa2166e2a27bfb90c38e21efbd73bdfead55a02065da260fa0362bc2d73230ea2377e3f7f9de99cd9aafd0613c34d74f5e9506ee79391ee571b391c1ae70fea4d1738edf206ffb69060ef3a607a24e6dcb6b5421a14f8a5e80e6d8d3cb473468f86f6b8944670bfa055d212f341dfc81ac39d8fdec489a50c815d3d3e8de1eb34e61cfc07b9b4b2dc19e4c55dab620be83af6076dd7b2121a1b3684473b3b7a469f772032e6468a4aebe5d10b866202371113b0bf52cfc04cb63e6e18fbc0899d407c93fc5c006f60bf3ff96de781831b36101895e801a2885c555408ae37ee768f4a3edf0c97b095a2c72cc068e7bdd1d4b9269bdb0ac3f34335d320c72dbf67c61994ed371ac4e191e2c7c520d7efe7630376794c17198bc1771fb7e30b25057a3164fd03f95ff69a1b9f156293c41926e1e81b91ee30cbea8172c7c31695e0fb5cd836981439658ad644925dcd67379cee016ea5335fd3911783430258b8e3b142c37cfe0373e6836ec008e84854930dcf4e61f8f86cd7020fb3fff6b2df8027752141536900e6a723cc336c6984e344cb340ba849b59072e890d23139251fa5db9c80dffa6a507085c454369c5c35c8b27f59d22a0eaed6fa9862364efa26989e6c0c56e1d00", @ANYRES64], 0xfd14) connect$unix(0xffffffffffffffff, 0x0, 0x0) [ 288.847491][T26097] loop4: detected capacity change from 0 to 262160 [ 288.883527][T26107] loop0: detected capacity change from 0 to 61 11:12:39 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000240)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) creat(&(0x7f0000000080)='./bus\x00', 0x0) syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) write$binfmt_script(0xffffffffffffffff, 0x0, 0x8800000) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0) ioctl$SG_IO(r1, 0x2285, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair(0x1, 0x0, 0x0, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8914, 0x0) r2 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(0xffffffffffffffff, r2, 0x0, 0x401ffc000) 11:12:39 executing program 0: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f00000000c0)='./file1\x00', 0x7aca, 0x1, &(0x7f00000002c0)=[{&(0x7f0000000180)="040005090000000066617400040409000200027400f801", 0x17}], 0x0, &(0x7f0000000100)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') r0 = open(&(0x7f00000000c0)='./file0\x00', 0x40c2, 0x0) write(r0, &(0x7f0000001400)="bb8f9f640903127a53527c6fbfe65d43b0e0586f2d40c7e7df58cac83420e83662d6e39bb6d5430622431454eedeeaee423d8f210bc3525fa7927c18d5fbc91ab13c2041136047d8da9375934d00f325499bfe77", 0x54) write$P9_RSTAT(r0, &(0x7f0000000240)={0x54, 0x7d, 0x0, {0x0, 0x4d, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0, 0x0, '', 0x6, 'msdos\x00', 0xa, '/dev/vcsu\x00', 0xa, '\\j}/*/|,\x13('}}, 0x54) [ 288.908751][T26107] attempt to access beyond end of device [ 288.908751][T26107] loop0: rw=2049, want=64, limit=61 [ 288.997898][T26115] loop4: detected capacity change from 0 to 262160 [ 289.022984][T26127] loop0: detected capacity change from 0 to 61 11:12:39 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000240)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) creat(&(0x7f0000000080)='./bus\x00', 0x0) syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) write$binfmt_script(0xffffffffffffffff, 0x0, 0x8800000) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0) ioctl$SG_IO(r1, 0x2285, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair(0x1, 0x0, 0x0, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8914, 0x0) r2 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(0xffffffffffffffff, r2, 0x0, 0x401ffc000) 11:12:39 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000240)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000040)=0x8) r2 = creat(&(0x7f0000000380)='./bus\x00', 0x0) r3 = open(&(0x7f00000000c0)='./bus\x00', 0x14d842, 0x0) sendfile(r3, 0xffffffffffffffff, 0x0, 0x80000001) lseek(r2, 0x7ffffc, 0x0) r4 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r4, &(0x7f0000000300)=ANY=[], 0x116) sendfile(r4, r4, &(0x7f0000000240), 0x7fff) r5 = inotify_init() inotify_add_watch(r5, &(0x7f0000000000)='.\x00', 0x400017e) r6 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r6, &(0x7f0000000300)=ANY=[], 0x116) sendfile(r6, r6, &(0x7f0000000240), 0x7fff) write$binfmt_elf64(r2, &(0x7f00000003c0)=ANY=[@ANYRESOCT=r4, @ANYRESDEC=r0, @ANYRESDEC, @ANYRESHEX=r0, @ANYRES32, @ANYRESHEX=r0, @ANYRESOCT=r5, @ANYRESHEX=r6, @ANYBLOB="4193394078133293b46b3458ae5efb1fe1af33bae0091dc86ee965e4fc929cfabcd5bef4730a9c6a5a22253fb373b677de28550a8932e4b4f8a6044b17ed54d849e352bad25f66bd628c55a9fea4295f90b0f94044e72d8c397e34687be5875b8927f6b4758542b4cc26bad1dcae2321399c2260683c3fdb7574466dd327e6f114a7bb537cc9b716f9cdc969a6a7be5be854eb859d1bbab0e38e0156272b089f4ad91e6da9f4f5b53f75eee7664eee376b8be3c053f4659e40531344dc6c6e8e175d2e0182af22dc203fa1ef3879980580a68d58bc3733849627ffa073217eb1800ef9e391b9f33920a4db1dd70e40bf4cdd9692afa005318af92181ed5ec660ae2ff6f004e0d64ed76356a99c3f62287f0fa1dc3efc398f700d406987ee69e6ea7f6870ae3388f4df9e58c7af5a2bd873e8475e1d688733bfbbb02a62eab24eacfd1bd68fbcb088bdc023ef2cd211c0484e2a79b75abff6203a1e094cc29756ec801c098128d83beda9cb8719195eb446b4289193f41f71f1983b2ace19a7f6f2d9276444561d999718ab6fa4d8460f641e738f839b8ee92bfe089f08dd93b40e7fa80d399e244c8993b5be8386433aa9583755b4fc409bb488d8fa21df58c4e9b4887adbf804082b181e5a5c66c4a51edd8825d7755daa2eec4a6614e9a2b8737c6f47e42d32511cb2238987beccd46e5830614ca2fe09069b0ded41a329b92e51db217f548ee92573f7ea331724b0c4d8f2081c1d2778e68904ae8fab28bc225f9892d3435619a154124a5e68aa70e1bc2d0b3c2362e1c78958fc78c6205a427ba8c959746b1f2ee22494452a529a9d65c898cb0707d192f063c1ea01975353828ea28ceaed73615493cc6847e27806203bfc129ef04724528dc81ab5131a8905a99b9c2f5f7a9316d7ef9e8490851f48e4b097280a16409c63c35df8b18ff3b7d945eeea58f17681a80744313c246407c0ecf4672b5dcabefb30a40be1cc62a00dacdbf7b10dc16f5ab4a8450092600c15f1b71bd47a7d7286f2814257d84cd93004ee8e8c5678f755f10ed3458b0c5e020c629fde16e01d094bb5905d17ae8cc6d95542573d7ff483743b2fda954411112f15e5f3cf3c39b7d457a2a63b0df2d974b73efa48b788783c2727b0a863afb755c907c7ec40a1f4866bdd1a2b7edba0bfc5305c8385a3a7300ab8866c38d90d57695fa5f618506311f30b8a00ca9456cc79a156de34e899ff014c291662f55ecd9fc6795e81a2be1bbbd12eccf76f91ea309b93cfe57c193c22458d8703d164c60324631e3544413ada51d33c833a1e736d48b1c7d6648b8f956fb9fade1e3091a0ade0782c948bf4c9db8829a580104115cda218069645144a02bf27808a32a1a1fb68a2a5fc9929ce503cf26c87715947d4b46c9229e22acbc752bcf7c069b49f7d77b75480975ecea187530bb46c3bab86eb67a9dc8dd1f8ca076fe5e17bd695dd0cc658efa55494f3c449cd8bed281aee1fe85b93133a1b47c4199518b0e915e9283402ef8c26cae02324d3f79c83fc58e49f642b7c4538b28883af3cec61c339621f9390e8d33371b4bd13fa8dacf848cb69103a972917bb4fd9bd9c72eaa0193c68389729ab29094c76fb873210f5df1bb394ec1d8366411089257acd0d937d5b593d79910342a0cf02ac9bbd3b6f4391005ad886642ceb71a24cd3e97a751943b73a2575902cc20d7c6cc1bd7b8d2142cdbf61f33cab548e49e07d23e00515c76a945e60c95d1d482c2926ced00076fcb97dec38ae5ed65b3a5038088251ebf509f5ec3f237c574673d006579ff76fee39fd88db900bc6ec5acba161a2d6e4b626a4c68098b2c42ca77d92bd7287a39e7b210d98ea542754d15fbf4208fc946b916e4d155692f3949e4999073f766b62208af3fd606b55ed8226e0593b62123802a8b0e00ca34f60144989922fb901b957a208cc18aec9b6c5cf4310729fc8850421e49139cf53c942b23154b1e4e9d1c4e075be515bd26dfb2e505139d7e220bda81b58fb9d91c0eb29e540fd691603fe006d844a8aafd8a91004051ce1655ce2646bcb91ef2db605f8194d8ad1534e2c513a26c2ba432502db3a6083f5eca2e48cda1cc56b784cfddacbaebe73d5fa4483d080a657e4211a90f02af2341eac40fab7c789819b599658c3a6513319c159948581aedc763564a361a60580709b82c4f152b618346b6d6a0db62f44eeeb4c6cb8108357da45b7d91e33b9db2a489b154adbe8274793dc43b90617bd692794739918dda94eea5407fe3984b72dc0e3b7e8c29ee7bf61a2ee628be027cabbcede3682d8d7aabf46f6c55f280cc6c81147475c610b73138451bd6b2a60beb0e098351eac81946c5f5b631b699b0d1dd3b36d9b89327ff640f3cad44d92bc8185e8246090ad25146f2816460437cc35978ee841b8bc3e6deca39db0fe65accf6c1cfb95e34d3f0673a16b03eda40dbc86c37be550cb06b920890d4a5663119f36d1a95e82067b027178a8d8413cce2e37bd15d4c34627e7cdb54e2b9a36c51f0619811bf475f23da66a423e1b6a77d1fc7e0a16ad71e9f3a22561dd3427c23e5ae3b72efe0aa77d4cea8eedbc440b597faacc826da0a0076edea8ef332fd7e3c6884ef839be8382e3154b3b5802b2721c81b3bc9434efc2bb5b5f9d30f3a566bd6b9278cd65d4192c444f0462c4ddf060945fce349d04523cd9b337e7cbab42e91edf31b1886045724393c567bfcc501f2dae8cb0a01533b6f962a291d4fd2da7c7b0cd07de1f011d204c063660cabe2a36c93104df0e3a5ef9ba450006f124d8a05b00f08173043d2fb30f4fc6eab1f050ae3565361781b9a5f51de8d775d29dfb82cc41223802e871db46223884ce475129a4fc14c7662b57b9a642583fcc2fa5415f5e731ed0f7d1ba6b0d0092a88372e5130b212cf736bfb7cd0f6fb9a32337a5cdd1f096ebcedc86e4d220c9a7ca35007c997657a45818984c61923e50dd502b72da52c1ba985f089b2352dc18de7d4fd87ad41819dba7bb9d6f71c40b07a20261990b6954661c01651ea18e272aafbd499101d141843afa7e4851b02a5c19a4e2260fe2bb2c5b0c6d131114475834f9c759f91c3c882c4aaa82d1e661c4b9458b35ff8b6a3ab432e65abf95e0e490894fb5c740c2f080ac2d2d001c999d60b8a208af9e55302358e352c6ce026b1ffdbc0c6494f755fa9ade700e77ca4a266f5bb7f9a376dc1dc15eb8f6f449850b970bfec11979f5b24529d9deb90ab76cb2ba522228378f429dbdde0e8dd65b17e7fa1c9de00a739581b8d0b9cffec47f07c8614a28a099a1c3a5711c2c3f679e1df699d8aab775db26dc48e4c00078749383831578c81d01f0da8830c1760df224efb9013a8f70e68ba2d1e971e2316099434d6d12be841de5d708e743c08a12b9b0d282ff0c7ac7fa358ce0dfe90be2ddbb54387f1e2b1228b7c354ab2fd4289b1283c6165199d54b409deaf5dad0a62c3386dc7b0052d468a2ac344403e27775dabf25c246c69a5263daff26524b770856b489e06d0640840ff20bf07c2dfc2eed3f0c01db2ee45b3faefe09b7214a51ae446da9073be8bf029d3c5f97f7f8b21ffccd2c596f3fc05333b5239b1036d89fea1ec3379942b97b89a39ce340809db699605c873049879ec3cf326576b618d77b8fa11d3a27a4d17fba6ac04f73b56cff78cce1458fbeac7ce7eec93be96a5e19d2da922851224915cdb20752a2198f974b7ba41fd6a73232c8fdf01b4f528362d7d231602a5198a36491f5541673a4657a65487e3beaf547c18b66f830df8aa0696ecde800accd565688aa1f0b5f7732abddd736c45f8a4901a4887f009b76654581aeb0a2706e927902d4571f7ea7079ef657a70e71d71471404ba5e5d90ee5297a2863c7ff70046927510208c0995886ca65a701bfcd60a2354d95d2de55fc22c82e373a516f51c34561ec1b12aaa860aa3233859342d3849e23503d83e71f8737670da2251a12c995082b99858e662ae0b3b74670e77ca53d3943f922a66638b68cab892cda6592d29e857372253c0f87f718d40515e0f685b4e6bece6c65a2efa8ff06ee76a2703174d4d3f4691f324bd0456e7afb27ced76974045c6cb2c0820ae6bd948641c09f580803496e2042e245c6e2e32251736356755bded4ee8d1afeea41e05c127300f204152678624b20e4a90fddf5b11657011fb28fe28caa74fad9269fe8ba0a77b27ba4ef5477a0d4f1953b454257045b3434f163cc141a5d7a748de679bf5731ca5d5f95ac91e435f4f05efd8c51e4533233e0c315d2d7a4f678d0b882210cd10a7531e5611b13746203827bee59479d1507194e99862360fc069b2840771787809bc617430de1cefe015f050019391ce07f34f03a184797e6f43c5562f26d226a3672e662b36714e47007c9dbd86e4af4e9d622b792e517c2e0d7d6a2523f8e7cac98deca3992fb5ee7bf5a222cc50c41aaad73df87e26ae413feea039fc4b218e911bbf6cd0e47b3546e5c58567426150f20dbc5fec2601d6d6bb363dcbc33b2c92ac8de4dba6f5f8ea9ed5d43013c3cdb6f743f4a3ddd4935cc58f2c2631ea9a33942262e084f94d18159d1b1b7fa9302cd27512c49d2341ce7d3e8a6e9faaf4aa795c8467962dbb55f832d3a4abd2afb3de9351600b21ef59d2b54e3d98f723e9258f5c0afafdabbd85a0183c694510a11a74ba79dc2250573f00e675c1bf53586c056387c7a080a77733cb1b7632d6574d5fd6d870a32c501d00a6a408a1ee940ce48c1e3ad3fe8b309b60527bab83d15c7e3857b964b1fc1761a9e1ecf360ffc80ca183c174a48731aaa27f062deb93080fd5171f909000dd96debc1ce38db303bd9096896222b83e566a9ddfef6120cb7212f839af33c8148c1ea2813ab89824517d585ba78f17281945a61711a7097962e803c636e667c208fce75761110d0d89372960e22b7afc880c19acd92ae00a5f4e6b013355266079b92501002964c3c48940f8f98170009255b093f6f0b297c845660784d1d96bb95a13b3cc23f21b64b8036e45c2dd392dd6b3adaae25cd75e5a035a988015bc1140cfb790ff5f9651feb7b8f57604ab64812c2904fe69853d47095f6ef95f0f13294e382c18cfa2166e2a27bfb90c38e21efbd73bdfead55a02065da260fa0362bc2d73230ea2377e3f7f9de99cd9aafd0613c34d74f5e9506ee79391ee571b391c1ae70fea4d1738edf206ffb69060ef3a607a24e6dcb6b5421a14f8a5e80e6d8d3cb473468f86f6b8944670bfa055d212f341dfc81ac39d8fdec489a50c815d3d3e8de1eb34e61cfc07b9b4b2dc19e4c55dab620be83af6076dd7b2121a1b3684473b3b7a469f772032e6468a4aebe5d10b866202371113b0bf52cfc04cb63e6e18fbc0899d407c93fc5c006f60bf3ff96de781831b36101895e801a2885c555408ae37ee768f4a3edf0c97b095a2c72cc068e7bdd1d4b9269bdb0ac3f34335d320c72dbf67c61994ed371ac4e191e2c7c520d7efe7630376794c17198bc1771fb7e30b25057a3164fd03f95ff69a1b9f156293c41926e1e81b91ee30cbea8172c7c31695e0fb5cd836981439658ad644925dcd67379cee016ea5335fd3911783430258b8e3b142c37cfe0373e6836ec008e84854930dcf4e61f8f86cd7020fb3fff6b2df8027752141536900e6a723cc336c6984e344cb340ba849b59072e890d23139251fa5db9c80dffa6a507085c454369c5c35c8b27f59d22a0eaed6fa9862364efa26989e6c0c56e1d00", @ANYRES64], 0xfd14) connect$unix(0xffffffffffffffff, 0x0, 0x0) [ 289.055683][T26127] attempt to access beyond end of device [ 289.055683][T26127] loop0: rw=2049, want=64, limit=61 11:12:39 executing program 2: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000240)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000040)=0x8) r2 = creat(&(0x7f0000000380)='./bus\x00', 0x0) r3 = open(&(0x7f00000000c0)='./bus\x00', 0x14d842, 0x0) r4 = openat(r3, &(0x7f0000000000)='./bus\x00', 0x0, 0x7a) sendfile(r3, r4, 0x0, 0x80000008) lseek(r2, 0x7ffffc, 0x0) write$binfmt_elf64(r2, &(0x7f0000000000)=ANY=[], 0xfd14) 11:12:39 executing program 5: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f00000000c0)='./file1\x00', 0x7aca, 0x1, &(0x7f00000002c0)=[{&(0x7f0000000180)="040005090000000066617400040409000200027400f801", 0x17}], 0x0, &(0x7f0000000080)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') r0 = open(&(0x7f00000000c0)='./file0\x00', 0x40c2, 0x0) write(r0, &(0x7f0000001400)="bb", 0x1001) r1 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r1, &(0x7f0000000300)=ANY=[], 0x116) sendfile(r1, r1, &(0x7f0000000240), 0x7fff) creat(&(0x7f0000000100)='./file1\x00', 0x1a2) sendfile(r1, r0, &(0x7f0000000080), 0x684aa014) write$binfmt_script(r0, 0x0, 0x60) ioctl$FS_IOC_GETFSMAP(0xffffffffffffffff, 0xc0c0583b, &(0x7f0000000300)=ANY=[@ANYBLOB="000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000300000001000000ff00000000000000d71f1e0500000000080000000000000039000000000000000000000000000000000000000000000000000000000000009e0f0000c70000000800000000000000000000000000000000000000000000000200"/320]) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x4000000a, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000002c0)="0f34", 0x2}], 0x1, 0x0) 11:12:39 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000240)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) creat(&(0x7f0000000080)='./bus\x00', 0x0) syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) write$binfmt_script(0xffffffffffffffff, 0x0, 0x8800000) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0) ioctl$SG_IO(r1, 0x2285, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair(0x1, 0x0, 0x0, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8914, 0x0) r2 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(0xffffffffffffffff, r2, 0x0, 0x401ffc000) 11:12:39 executing program 0: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f00000000c0)='./file1\x00', 0x7aca, 0x1, &(0x7f00000002c0)=[{&(0x7f0000000180)="040005090000000066617400040409000200027400f801", 0x17}], 0x0, &(0x7f0000000100)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') r0 = open(&(0x7f00000000c0)='./file0\x00', 0x40c2, 0x0) write(r0, &(0x7f0000001400)="bb8f9f640903127a53527c6fbfe65d43b0e0586f2d40c7e7df58cac83420e83662d6e39bb6d5430622431454eedeeaee423d8f210bc3525fa7927c18d5fbc91ab13c2041136047d8da9375934d00f325499bfe77", 0x54) write$P9_RSTAT(r0, &(0x7f0000000240)={0x54, 0x7d, 0x0, {0x0, 0x4d, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0, 0x0, '', 0x6, 'msdos\x00', 0xa, '/dev/vcsu\x00', 0xa, '\\j}/*/|,\x13('}}, 0x54) [ 289.201161][T26147] loop4: detected capacity change from 0 to 262160 [ 289.258394][T26162] loop0: detected capacity change from 0 to 61 [ 289.289395][T26162] attempt to access beyond end of device [ 289.289395][T26162] loop0: rw=2049, want=64, limit=61 11:12:41 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000240)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) creat(&(0x7f0000000080)='./bus\x00', 0x0) syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) write$binfmt_script(0xffffffffffffffff, 0x0, 0x8800000) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0) ioctl$SG_IO(r1, 0x2285, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair(0x1, 0x0, 0x0, 0x0) r2 = open(&(0x7f00000001c0)='./file0\x00', 0x4e141, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r2, r3, 0x0, 0x401ffc000) 11:12:41 executing program 2: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000240)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) sched_setattr(r0, &(0x7f0000000140)={0x38, 0x0, 0x0, 0x2, 0x401, 0x6, 0x461, 0x0, 0x85f, 0x8}, 0x0) r1 = creat(&(0x7f0000000080)='./bus\x00', 0x0) getpid() ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000040)=0x8) r2 = creat(&(0x7f0000000380)='./bus\x00', 0x0) r3 = open(&(0x7f00000000c0)='./bus\x00', 0x14d842, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r3, r4, 0x0, 0x80000008) lseek(r2, 0x7ffffc, 0x0) write$binfmt_elf64(r2, &(0x7f0000000000)=ANY=[], 0xfd14) sched_setattr(r0, &(0x7f0000000100)={0x38, 0x1, 0x2, 0x400, 0x80000000, 0x800000000000, 0x7, 0x80000000, 0x2, 0x8}, 0x0) 11:12:41 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000240)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000040)=0x8) r2 = creat(&(0x7f0000000380)='./bus\x00', 0x0) r3 = open(&(0x7f00000000c0)='./bus\x00', 0x14d842, 0x0) sendfile(r3, 0xffffffffffffffff, 0x0, 0x80000001) lseek(r2, 0x7ffffc, 0x0) r4 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r4, &(0x7f0000000300)=ANY=[], 0x116) sendfile(r4, r4, &(0x7f0000000240), 0x7fff) r5 = inotify_init() inotify_add_watch(r5, &(0x7f0000000000)='.\x00', 0x400017e) r6 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r6, &(0x7f0000000300)=ANY=[], 0x116) sendfile(r6, r6, &(0x7f0000000240), 0x7fff) write$binfmt_elf64(r2, &(0x7f00000003c0)=ANY=[@ANYRESOCT=r4, @ANYRESDEC=r0, @ANYRESDEC, @ANYRESHEX=r0, @ANYRES32, @ANYRESHEX=r0, @ANYRESOCT=r5, @ANYRESHEX=r6, @ANYBLOB="4193394078133293b46b3458ae5efb1fe1af33bae0091dc86ee965e4fc929cfabcd5bef4730a9c6a5a22253fb373b677de28550a8932e4b4f8a6044b17ed54d849e352bad25f66bd628c55a9fea4295f90b0f94044e72d8c397e34687be5875b8927f6b4758542b4cc26bad1dcae2321399c2260683c3fdb7574466dd327e6f114a7bb537cc9b716f9cdc969a6a7be5be854eb859d1bbab0e38e0156272b089f4ad91e6da9f4f5b53f75eee7664eee376b8be3c053f4659e40531344dc6c6e8e175d2e0182af22dc203fa1ef3879980580a68d58bc3733849627ffa073217eb1800ef9e391b9f33920a4db1dd70e40bf4cdd9692afa005318af92181ed5ec660ae2ff6f004e0d64ed76356a99c3f62287f0fa1dc3efc398f700d406987ee69e6ea7f6870ae3388f4df9e58c7af5a2bd873e8475e1d688733bfbbb02a62eab24eacfd1bd68fbcb088bdc023ef2cd211c0484e2a79b75abff6203a1e094cc29756ec801c098128d83beda9cb8719195eb446b4289193f41f71f1983b2ace19a7f6f2d9276444561d999718ab6fa4d8460f641e738f839b8ee92bfe089f08dd93b40e7fa80d399e244c8993b5be8386433aa9583755b4fc409bb488d8fa21df58c4e9b4887adbf804082b181e5a5c66c4a51edd8825d7755daa2eec4a6614e9a2b8737c6f47e42d32511cb2238987beccd46e5830614ca2fe09069b0ded41a329b92e51db217f548ee92573f7ea331724b0c4d8f2081c1d2778e68904ae8fab28bc225f9892d3435619a154124a5e68aa70e1bc2d0b3c2362e1c78958fc78c6205a427ba8c959746b1f2ee22494452a529a9d65c898cb0707d192f063c1ea01975353828ea28ceaed73615493cc6847e27806203bfc129ef04724528dc81ab5131a8905a99b9c2f5f7a9316d7ef9e8490851f48e4b097280a16409c63c35df8b18ff3b7d945eeea58f17681a80744313c246407c0ecf4672b5dcabefb30a40be1cc62a00dacdbf7b10dc16f5ab4a8450092600c15f1b71bd47a7d7286f2814257d84cd93004ee8e8c5678f755f10ed3458b0c5e020c629fde16e01d094bb5905d17ae8cc6d95542573d7ff483743b2fda954411112f15e5f3cf3c39b7d457a2a63b0df2d974b73efa48b788783c2727b0a863afb755c907c7ec40a1f4866bdd1a2b7edba0bfc5305c8385a3a7300ab8866c38d90d57695fa5f618506311f30b8a00ca9456cc79a156de34e899ff014c291662f55ecd9fc6795e81a2be1bbbd12eccf76f91ea309b93cfe57c193c22458d8703d164c60324631e3544413ada51d33c833a1e736d48b1c7d6648b8f956fb9fade1e3091a0ade0782c948bf4c9db8829a580104115cda218069645144a02bf27808a32a1a1fb68a2a5fc9929ce503cf26c87715947d4b46c9229e22acbc752bcf7c069b49f7d77b75480975ecea187530bb46c3bab86eb67a9dc8dd1f8ca076fe5e17bd695dd0cc658efa55494f3c449cd8bed281aee1fe85b93133a1b47c4199518b0e915e9283402ef8c26cae02324d3f79c83fc58e49f642b7c4538b28883af3cec61c339621f9390e8d33371b4bd13fa8dacf848cb69103a972917bb4fd9bd9c72eaa0193c68389729ab29094c76fb873210f5df1bb394ec1d8366411089257acd0d937d5b593d79910342a0cf02ac9bbd3b6f4391005ad886642ceb71a24cd3e97a751943b73a2575902cc20d7c6cc1bd7b8d2142cdbf61f33cab548e49e07d23e00515c76a945e60c95d1d482c2926ced00076fcb97dec38ae5ed65b3a5038088251ebf509f5ec3f237c574673d006579ff76fee39fd88db900bc6ec5acba161a2d6e4b626a4c68098b2c42ca77d92bd7287a39e7b210d98ea542754d15fbf4208fc946b916e4d155692f3949e4999073f766b62208af3fd606b55ed8226e0593b62123802a8b0e00ca34f60144989922fb901b957a208cc18aec9b6c5cf4310729fc8850421e49139cf53c942b23154b1e4e9d1c4e075be515bd26dfb2e505139d7e220bda81b58fb9d91c0eb29e540fd691603fe006d844a8aafd8a91004051ce1655ce2646bcb91ef2db605f8194d8ad1534e2c513a26c2ba432502db3a6083f5eca2e48cda1cc56b784cfddacbaebe73d5fa4483d080a657e4211a90f02af2341eac40fab7c789819b599658c3a6513319c159948581aedc763564a361a60580709b82c4f152b618346b6d6a0db62f44eeeb4c6cb8108357da45b7d91e33b9db2a489b154adbe8274793dc43b90617bd692794739918dda94eea5407fe3984b72dc0e3b7e8c29ee7bf61a2ee628be027cabbcede3682d8d7aabf46f6c55f280cc6c81147475c610b73138451bd6b2a60beb0e098351eac81946c5f5b631b699b0d1dd3b36d9b89327ff640f3cad44d92bc8185e8246090ad25146f2816460437cc35978ee841b8bc3e6deca39db0fe65accf6c1cfb95e34d3f0673a16b03eda40dbc86c37be550cb06b920890d4a5663119f36d1a95e82067b027178a8d8413cce2e37bd15d4c34627e7cdb54e2b9a36c51f0619811bf475f23da66a423e1b6a77d1fc7e0a16ad71e9f3a22561dd3427c23e5ae3b72efe0aa77d4cea8eedbc440b597faacc826da0a0076edea8ef332fd7e3c6884ef839be8382e3154b3b5802b2721c81b3bc9434efc2bb5b5f9d30f3a566bd6b9278cd65d4192c444f0462c4ddf060945fce349d04523cd9b337e7cbab42e91edf31b1886045724393c567bfcc501f2dae8cb0a01533b6f962a291d4fd2da7c7b0cd07de1f011d204c063660cabe2a36c93104df0e3a5ef9ba450006f124d8a05b00f08173043d2fb30f4fc6eab1f050ae3565361781b9a5f51de8d775d29dfb82cc41223802e871db46223884ce475129a4fc14c7662b57b9a642583fcc2fa5415f5e731ed0f7d1ba6b0d0092a88372e5130b212cf736bfb7cd0f6fb9a32337a5cdd1f096ebcedc86e4d220c9a7ca35007c997657a45818984c61923e50dd502b72da52c1ba985f089b2352dc18de7d4fd87ad41819dba7bb9d6f71c40b07a20261990b6954661c01651ea18e272aafbd499101d141843afa7e4851b02a5c19a4e2260fe2bb2c5b0c6d131114475834f9c759f91c3c882c4aaa82d1e661c4b9458b35ff8b6a3ab432e65abf95e0e490894fb5c740c2f080ac2d2d001c999d60b8a208af9e55302358e352c6ce026b1ffdbc0c6494f755fa9ade700e77ca4a266f5bb7f9a376dc1dc15eb8f6f449850b970bfec11979f5b24529d9deb90ab76cb2ba522228378f429dbdde0e8dd65b17e7fa1c9de00a739581b8d0b9cffec47f07c8614a28a099a1c3a5711c2c3f679e1df699d8aab775db26dc48e4c00078749383831578c81d01f0da8830c1760df224efb9013a8f70e68ba2d1e971e2316099434d6d12be841de5d708e743c08a12b9b0d282ff0c7ac7fa358ce0dfe90be2ddbb54387f1e2b1228b7c354ab2fd4289b1283c6165199d54b409deaf5dad0a62c3386dc7b0052d468a2ac344403e27775dabf25c246c69a5263daff26524b770856b489e06d0640840ff20bf07c2dfc2eed3f0c01db2ee45b3faefe09b7214a51ae446da9073be8bf029d3c5f97f7f8b21ffccd2c596f3fc05333b5239b1036d89fea1ec3379942b97b89a39ce340809db699605c873049879ec3cf326576b618d77b8fa11d3a27a4d17fba6ac04f73b56cff78cce1458fbeac7ce7eec93be96a5e19d2da922851224915cdb20752a2198f974b7ba41fd6a73232c8fdf01b4f528362d7d231602a5198a36491f5541673a4657a65487e3beaf547c18b66f830df8aa0696ecde800accd565688aa1f0b5f7732abddd736c45f8a4901a4887f009b76654581aeb0a2706e927902d4571f7ea7079ef657a70e71d71471404ba5e5d90ee5297a2863c7ff70046927510208c0995886ca65a701bfcd60a2354d95d2de55fc22c82e373a516f51c34561ec1b12aaa860aa3233859342d3849e23503d83e71f8737670da2251a12c995082b99858e662ae0b3b74670e77ca53d3943f922a66638b68cab892cda6592d29e857372253c0f87f718d40515e0f685b4e6bece6c65a2efa8ff06ee76a2703174d4d3f4691f324bd0456e7afb27ced76974045c6cb2c0820ae6bd948641c09f580803496e2042e245c6e2e32251736356755bded4ee8d1afeea41e05c127300f204152678624b20e4a90fddf5b11657011fb28fe28caa74fad9269fe8ba0a77b27ba4ef5477a0d4f1953b454257045b3434f163cc141a5d7a748de679bf5731ca5d5f95ac91e435f4f05efd8c51e4533233e0c315d2d7a4f678d0b882210cd10a7531e5611b13746203827bee59479d1507194e99862360fc069b2840771787809bc617430de1cefe015f050019391ce07f34f03a184797e6f43c5562f26d226a3672e662b36714e47007c9dbd86e4af4e9d622b792e517c2e0d7d6a2523f8e7cac98deca3992fb5ee7bf5a222cc50c41aaad73df87e26ae413feea039fc4b218e911bbf6cd0e47b3546e5c58567426150f20dbc5fec2601d6d6bb363dcbc33b2c92ac8de4dba6f5f8ea9ed5d43013c3cdb6f743f4a3ddd4935cc58f2c2631ea9a33942262e084f94d18159d1b1b7fa9302cd27512c49d2341ce7d3e8a6e9faaf4aa795c8467962dbb55f832d3a4abd2afb3de9351600b21ef59d2b54e3d98f723e9258f5c0afafdabbd85a0183c694510a11a74ba79dc2250573f00e675c1bf53586c056387c7a080a77733cb1b7632d6574d5fd6d870a32c501d00a6a408a1ee940ce48c1e3ad3fe8b309b60527bab83d15c7e3857b964b1fc1761a9e1ecf360ffc80ca183c174a48731aaa27f062deb93080fd5171f909000dd96debc1ce38db303bd9096896222b83e566a9ddfef6120cb7212f839af33c8148c1ea2813ab89824517d585ba78f17281945a61711a7097962e803c636e667c208fce75761110d0d89372960e22b7afc880c19acd92ae00a5f4e6b013355266079b92501002964c3c48940f8f98170009255b093f6f0b297c845660784d1d96bb95a13b3cc23f21b64b8036e45c2dd392dd6b3adaae25cd75e5a035a988015bc1140cfb790ff5f9651feb7b8f57604ab64812c2904fe69853d47095f6ef95f0f13294e382c18cfa2166e2a27bfb90c38e21efbd73bdfead55a02065da260fa0362bc2d73230ea2377e3f7f9de99cd9aafd0613c34d74f5e9506ee79391ee571b391c1ae70fea4d1738edf206ffb69060ef3a607a24e6dcb6b5421a14f8a5e80e6d8d3cb473468f86f6b8944670bfa055d212f341dfc81ac39d8fdec489a50c815d3d3e8de1eb34e61cfc07b9b4b2dc19e4c55dab620be83af6076dd7b2121a1b3684473b3b7a469f772032e6468a4aebe5d10b866202371113b0bf52cfc04cb63e6e18fbc0899d407c93fc5c006f60bf3ff96de781831b36101895e801a2885c555408ae37ee768f4a3edf0c97b095a2c72cc068e7bdd1d4b9269bdb0ac3f34335d320c72dbf67c61994ed371ac4e191e2c7c520d7efe7630376794c17198bc1771fb7e30b25057a3164fd03f95ff69a1b9f156293c41926e1e81b91ee30cbea8172c7c31695e0fb5cd836981439658ad644925dcd67379cee016ea5335fd3911783430258b8e3b142c37cfe0373e6836ec008e84854930dcf4e61f8f86cd7020fb3fff6b2df8027752141536900e6a723cc336c6984e344cb340ba849b59072e890d23139251fa5db9c80dffa6a507085c454369c5c35c8b27f59d22a0eaed6fa9862364efa26989e6c0c56e1d00", @ANYRES64], 0xfd14) connect$unix(0xffffffffffffffff, 0x0, 0x0) 11:12:41 executing program 0: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f00000000c0)='./file1\x00', 0x7aca, 0x1, &(0x7f00000002c0)=[{&(0x7f0000000180)="040005090000000066617400040409000200027400f801", 0x17}], 0x0, &(0x7f0000000100)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') r0 = open(&(0x7f00000000c0)='./file0\x00', 0x40c2, 0x0) write(r0, &(0x7f0000001400)="bb8f9f640903127a53527c6fbfe65d43b0e0586f2d40c7e7df58cac83420e83662d6e39bb6d5430622431454eedeeaee423d8f210bc3525fa7927c18d5fbc91ab13c2041136047d8da9375934d00f325499bfe77", 0x54) write$P9_RSTAT(r0, &(0x7f0000000240)={0x54, 0x7d, 0x0, {0x0, 0x4d, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0, 0x0, '', 0x6, 'msdos\x00', 0xa, '/dev/vcsu\x00', 0xa, '\\j}/*/|,\x13('}}, 0x54) 11:12:41 executing program 3: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f00000000c0)='./file1\x00', 0x7aca, 0x1, &(0x7f00000002c0)=[{&(0x7f0000000180)="040005090000000066617400040409000200027400f801", 0x17}], 0x0, &(0x7f0000000080)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') r0 = open(&(0x7f00000000c0)='./file0\x00', 0x40c2, 0x0) write(r0, &(0x7f0000001400)="bb", 0x1001) write$P9_RREADLINK(0xffffffffffffffff, &(0x7f0000000300)=ANY=[], 0x116) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000240), 0x7fff) creat(&(0x7f0000000100)='./file1\x00', 0x1a2) sendfile(0xffffffffffffffff, r0, &(0x7f0000000080), 0x684aa014) write$binfmt_script(r0, 0x0, 0x60) ioctl$FS_IOC_GETFSMAP(0xffffffffffffffff, 0xc0c0583b, &(0x7f0000000300)=ANY=[@ANYBLOB="000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000300000001000000ff00000000000000d71f1e0500000000080000000000000039000000000000000000000000000000000000000000000000000000000000009e0f0000c70000000800000000000000000000000000000000000000000000000200"/320]) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() wait4(0x0, 0x0, 0x4000000a, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000002c0)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r1, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0, 0x34}, {&(0x7f0000000000)=""/3, 0x3}], 0x3, 0x0, 0x0, 0x0) tkill(r1, 0x3c) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x48, &(0x7f0000000300)="f43970da7cfeb6d42fd55103666c5762306aa6000000006e59b65f92b10000c571b846e84785185abde7d01894a79025a799ce07a8bdf0c91d32be313b558a8b5a3ae6a22cd7123b"}}], 0x1c) 11:12:41 executing program 5: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f00000000c0)='./file1\x00', 0x7aca, 0x1, &(0x7f00000002c0)=[{&(0x7f0000000180)="040005090000000066617400040409000200027400f801", 0x17}], 0x0, &(0x7f0000000080)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') r0 = open(&(0x7f00000000c0)='./file0\x00', 0x40c2, 0x0) write(r0, &(0x7f0000001400)="bb", 0x1001) r1 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r1, &(0x7f0000000300)=ANY=[], 0x116) sendfile(r1, r1, &(0x7f0000000240), 0x7fff) creat(&(0x7f0000000100)='./file1\x00', 0x1a2) sendfile(r1, r0, &(0x7f0000000080), 0x684aa014) write$binfmt_script(r0, 0x0, 0x60) ioctl$FS_IOC_GETFSMAP(0xffffffffffffffff, 0xc0c0583b, &(0x7f0000000300)=ANY=[@ANYBLOB="000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000300000001000000ff00000000000000d71f1e0500000000080000000000000039000000000000000000000000000000000000000000000000000000000000009e0f0000c70000000800000000000000000000000000000000000000000000000200"/320]) gettid() wait4(0x0, 0x0, 0x4000000a, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000002c0)="0f34", 0x2}], 0x1, 0x0) [ 291.740906][T26184] loop4: detected capacity change from 0 to 262160 [ 291.765470][T26191] loop0: detected capacity change from 0 to 61 [ 291.791685][T26191] attempt to access beyond end of device [ 291.791685][T26191] loop0: rw=2049, want=64, limit=61 11:12:42 executing program 0: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f00000000c0)='./file1\x00', 0x7aca, 0x1, &(0x7f00000002c0)=[{&(0x7f0000000180)="040005090000000066617400040409000200027400f801", 0x17}], 0x0, &(0x7f0000000100)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') r0 = open(&(0x7f00000000c0)='./file0\x00', 0x40c2, 0x0) write(r0, &(0x7f0000001400)="bb8f9f640903127a53527c6fbfe65d43b0e0586f2d40c7e7df58cac83420e83662d6e39bb6d5430622431454eedeeaee423d8f210bc3525fa7927c18d5fbc91ab13c2041136047d8da9375934d00f325499bfe77", 0x54) write$P9_RSTAT(r0, &(0x7f0000000240)={0x54, 0x7d, 0x0, {0x0, 0x4d, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0, 0x0, '', 0x6, 'msdos\x00', 0xa, '/dev/vcsu\xff', 0xa, '\\j}/*/|,\x13('}}, 0x54) 11:12:42 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000240)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000040)=0x8) r2 = creat(&(0x7f0000000380)='./bus\x00', 0x0) r3 = open(&(0x7f00000000c0)='./bus\x00', 0x14d842, 0x0) sendfile(r3, 0xffffffffffffffff, 0x0, 0x80000001) lseek(r2, 0x7ffffc, 0x0) r4 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r4, &(0x7f0000000300)=ANY=[], 0x116) sendfile(r4, r4, &(0x7f0000000240), 0x7fff) r5 = inotify_init() inotify_add_watch(r5, &(0x7f0000000000)='.\x00', 0x400017e) r6 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r6, &(0x7f0000000300)=ANY=[], 0x116) sendfile(r6, r6, &(0x7f0000000240), 0x7fff) write$binfmt_elf64(r2, &(0x7f00000003c0)=ANY=[@ANYRESOCT=r4, @ANYRESDEC=r0, @ANYRESDEC, @ANYRESHEX=r0, @ANYRES32, @ANYRESHEX=r0, @ANYRESOCT=r5, @ANYRESHEX=r6, @ANYBLOB="4193394078133293b46b3458ae5efb1fe1af33bae0091dc86ee965e4fc929cfabcd5bef4730a9c6a5a22253fb373b677de28550a8932e4b4f8a6044b17ed54d849e352bad25f66bd628c55a9fea4295f90b0f94044e72d8c397e34687be5875b8927f6b4758542b4cc26bad1dcae2321399c2260683c3fdb7574466dd327e6f114a7bb537cc9b716f9cdc969a6a7be5be854eb859d1bbab0e38e0156272b089f4ad91e6da9f4f5b53f75eee7664eee376b8be3c053f4659e40531344dc6c6e8e175d2e0182af22dc203fa1ef3879980580a68d58bc3733849627ffa073217eb1800ef9e391b9f33920a4db1dd70e40bf4cdd9692afa005318af92181ed5ec660ae2ff6f004e0d64ed76356a99c3f62287f0fa1dc3efc398f700d406987ee69e6ea7f6870ae3388f4df9e58c7af5a2bd873e8475e1d688733bfbbb02a62eab24eacfd1bd68fbcb088bdc023ef2cd211c0484e2a79b75abff6203a1e094cc29756ec801c098128d83beda9cb8719195eb446b4289193f41f71f1983b2ace19a7f6f2d9276444561d999718ab6fa4d8460f641e738f839b8ee92bfe089f08dd93b40e7fa80d399e244c8993b5be8386433aa9583755b4fc409bb488d8fa21df58c4e9b4887adbf804082b181e5a5c66c4a51edd8825d7755daa2eec4a6614e9a2b8737c6f47e42d32511cb2238987beccd46e5830614ca2fe09069b0ded41a329b92e51db217f548ee92573f7ea331724b0c4d8f2081c1d2778e68904ae8fab28bc225f9892d3435619a154124a5e68aa70e1bc2d0b3c2362e1c78958fc78c6205a427ba8c959746b1f2ee22494452a529a9d65c898cb0707d192f063c1ea01975353828ea28ceaed73615493cc6847e27806203bfc129ef04724528dc81ab5131a8905a99b9c2f5f7a9316d7ef9e8490851f48e4b097280a16409c63c35df8b18ff3b7d945eeea58f17681a80744313c246407c0ecf4672b5dcabefb30a40be1cc62a00dacdbf7b10dc16f5ab4a8450092600c15f1b71bd47a7d7286f2814257d84cd93004ee8e8c5678f755f10ed3458b0c5e020c629fde16e01d094bb5905d17ae8cc6d95542573d7ff483743b2fda954411112f15e5f3cf3c39b7d457a2a63b0df2d974b73efa48b788783c2727b0a863afb755c907c7ec40a1f4866bdd1a2b7edba0bfc5305c8385a3a7300ab8866c38d90d57695fa5f618506311f30b8a00ca9456cc79a156de34e899ff014c291662f55ecd9fc6795e81a2be1bbbd12eccf76f91ea309b93cfe57c193c22458d8703d164c60324631e3544413ada51d33c833a1e736d48b1c7d6648b8f956fb9fade1e3091a0ade0782c948bf4c9db8829a580104115cda218069645144a02bf27808a32a1a1fb68a2a5fc9929ce503cf26c87715947d4b46c9229e22acbc752bcf7c069b49f7d77b75480975ecea187530bb46c3bab86eb67a9dc8dd1f8ca076fe5e17bd695dd0cc658efa55494f3c449cd8bed281aee1fe85b93133a1b47c4199518b0e915e9283402ef8c26cae02324d3f79c83fc58e49f642b7c4538b28883af3cec61c339621f9390e8d33371b4bd13fa8dacf848cb69103a972917bb4fd9bd9c72eaa0193c68389729ab29094c76fb873210f5df1bb394ec1d8366411089257acd0d937d5b593d79910342a0cf02ac9bbd3b6f4391005ad886642ceb71a24cd3e97a751943b73a2575902cc20d7c6cc1bd7b8d2142cdbf61f33cab548e49e07d23e00515c76a945e60c95d1d482c2926ced00076fcb97dec38ae5ed65b3a5038088251ebf509f5ec3f237c574673d006579ff76fee39fd88db900bc6ec5acba161a2d6e4b626a4c68098b2c42ca77d92bd7287a39e7b210d98ea542754d15fbf4208fc946b916e4d155692f3949e4999073f766b62208af3fd606b55ed8226e0593b62123802a8b0e00ca34f60144989922fb901b957a208cc18aec9b6c5cf4310729fc8850421e49139cf53c942b23154b1e4e9d1c4e075be515bd26dfb2e505139d7e220bda81b58fb9d91c0eb29e540fd691603fe006d844a8aafd8a91004051ce1655ce2646bcb91ef2db605f8194d8ad1534e2c513a26c2ba432502db3a6083f5eca2e48cda1cc56b784cfddacbaebe73d5fa4483d080a657e4211a90f02af2341eac40fab7c789819b599658c3a6513319c159948581aedc763564a361a60580709b82c4f152b618346b6d6a0db62f44eeeb4c6cb8108357da45b7d91e33b9db2a489b154adbe8274793dc43b90617bd692794739918dda94eea5407fe3984b72dc0e3b7e8c29ee7bf61a2ee628be027cabbcede3682d8d7aabf46f6c55f280cc6c81147475c610b73138451bd6b2a60beb0e098351eac81946c5f5b631b699b0d1dd3b36d9b89327ff640f3cad44d92bc8185e8246090ad25146f2816460437cc35978ee841b8bc3e6deca39db0fe65accf6c1cfb95e34d3f0673a16b03eda40dbc86c37be550cb06b920890d4a5663119f36d1a95e82067b027178a8d8413cce2e37bd15d4c34627e7cdb54e2b9a36c51f0619811bf475f23da66a423e1b6a77d1fc7e0a16ad71e9f3a22561dd3427c23e5ae3b72efe0aa77d4cea8eedbc440b597faacc826da0a0076edea8ef332fd7e3c6884ef839be8382e3154b3b5802b2721c81b3bc9434efc2bb5b5f9d30f3a566bd6b9278cd65d4192c444f0462c4ddf060945fce349d04523cd9b337e7cbab42e91edf31b1886045724393c567bfcc501f2dae8cb0a01533b6f962a291d4fd2da7c7b0cd07de1f011d204c063660cabe2a36c93104df0e3a5ef9ba450006f124d8a05b00f08173043d2fb30f4fc6eab1f050ae3565361781b9a5f51de8d775d29dfb82cc41223802e871db46223884ce475129a4fc14c7662b57b9a642583fcc2fa5415f5e731ed0f7d1ba6b0d0092a88372e5130b212cf736bfb7cd0f6fb9a32337a5cdd1f096ebcedc86e4d220c9a7ca35007c997657a45818984c61923e50dd502b72da52c1ba985f089b2352dc18de7d4fd87ad41819dba7bb9d6f71c40b07a20261990b6954661c01651ea18e272aafbd499101d141843afa7e4851b02a5c19a4e2260fe2bb2c5b0c6d131114475834f9c759f91c3c882c4aaa82d1e661c4b9458b35ff8b6a3ab432e65abf95e0e490894fb5c740c2f080ac2d2d001c999d60b8a208af9e55302358e352c6ce026b1ffdbc0c6494f755fa9ade700e77ca4a266f5bb7f9a376dc1dc15eb8f6f449850b970bfec11979f5b24529d9deb90ab76cb2ba522228378f429dbdde0e8dd65b17e7fa1c9de00a739581b8d0b9cffec47f07c8614a28a099a1c3a5711c2c3f679e1df699d8aab775db26dc48e4c00078749383831578c81d01f0da8830c1760df224efb9013a8f70e68ba2d1e971e2316099434d6d12be841de5d708e743c08a12b9b0d282ff0c7ac7fa358ce0dfe90be2ddbb54387f1e2b1228b7c354ab2fd4289b1283c6165199d54b409deaf5dad0a62c3386dc7b0052d468a2ac344403e27775dabf25c246c69a5263daff26524b770856b489e06d0640840ff20bf07c2dfc2eed3f0c01db2ee45b3faefe09b7214a51ae446da9073be8bf029d3c5f97f7f8b21ffccd2c596f3fc05333b5239b1036d89fea1ec3379942b97b89a39ce340809db699605c873049879ec3cf326576b618d77b8fa11d3a27a4d17fba6ac04f73b56cff78cce1458fbeac7ce7eec93be96a5e19d2da922851224915cdb20752a2198f974b7ba41fd6a73232c8fdf01b4f528362d7d231602a5198a36491f5541673a4657a65487e3beaf547c18b66f830df8aa0696ecde800accd565688aa1f0b5f7732abddd736c45f8a4901a4887f009b76654581aeb0a2706e927902d4571f7ea7079ef657a70e71d71471404ba5e5d90ee5297a2863c7ff70046927510208c0995886ca65a701bfcd60a2354d95d2de55fc22c82e373a516f51c34561ec1b12aaa860aa3233859342d3849e23503d83e71f8737670da2251a12c995082b99858e662ae0b3b74670e77ca53d3943f922a66638b68cab892cda6592d29e857372253c0f87f718d40515e0f685b4e6bece6c65a2efa8ff06ee76a2703174d4d3f4691f324bd0456e7afb27ced76974045c6cb2c0820ae6bd948641c09f580803496e2042e245c6e2e32251736356755bded4ee8d1afeea41e05c127300f204152678624b20e4a90fddf5b11657011fb28fe28caa74fad9269fe8ba0a77b27ba4ef5477a0d4f1953b454257045b3434f163cc141a5d7a748de679bf5731ca5d5f95ac91e435f4f05efd8c51e4533233e0c315d2d7a4f678d0b882210cd10a7531e5611b13746203827bee59479d1507194e99862360fc069b2840771787809bc617430de1cefe015f050019391ce07f34f03a184797e6f43c5562f26d226a3672e662b36714e47007c9dbd86e4af4e9d622b792e517c2e0d7d6a2523f8e7cac98deca3992fb5ee7bf5a222cc50c41aaad73df87e26ae413feea039fc4b218e911bbf6cd0e47b3546e5c58567426150f20dbc5fec2601d6d6bb363dcbc33b2c92ac8de4dba6f5f8ea9ed5d43013c3cdb6f743f4a3ddd4935cc58f2c2631ea9a33942262e084f94d18159d1b1b7fa9302cd27512c49d2341ce7d3e8a6e9faaf4aa795c8467962dbb55f832d3a4abd2afb3de9351600b21ef59d2b54e3d98f723e9258f5c0afafdabbd85a0183c694510a11a74ba79dc2250573f00e675c1bf53586c056387c7a080a77733cb1b7632d6574d5fd6d870a32c501d00a6a408a1ee940ce48c1e3ad3fe8b309b60527bab83d15c7e3857b964b1fc1761a9e1ecf360ffc80ca183c174a48731aaa27f062deb93080fd5171f909000dd96debc1ce38db303bd9096896222b83e566a9ddfef6120cb7212f839af33c8148c1ea2813ab89824517d585ba78f17281945a61711a7097962e803c636e667c208fce75761110d0d89372960e22b7afc880c19acd92ae00a5f4e6b013355266079b92501002964c3c48940f8f98170009255b093f6f0b297c845660784d1d96bb95a13b3cc23f21b64b8036e45c2dd392dd6b3adaae25cd75e5a035a988015bc1140cfb790ff5f9651feb7b8f57604ab64812c2904fe69853d47095f6ef95f0f13294e382c18cfa2166e2a27bfb90c38e21efbd73bdfead55a02065da260fa0362bc2d73230ea2377e3f7f9de99cd9aafd0613c34d74f5e9506ee79391ee571b391c1ae70fea4d1738edf206ffb69060ef3a607a24e6dcb6b5421a14f8a5e80e6d8d3cb473468f86f6b8944670bfa055d212f341dfc81ac39d8fdec489a50c815d3d3e8de1eb34e61cfc07b9b4b2dc19e4c55dab620be83af6076dd7b2121a1b3684473b3b7a469f772032e6468a4aebe5d10b866202371113b0bf52cfc04cb63e6e18fbc0899d407c93fc5c006f60bf3ff96de781831b36101895e801a2885c555408ae37ee768f4a3edf0c97b095a2c72cc068e7bdd1d4b9269bdb0ac3f34335d320c72dbf67c61994ed371ac4e191e2c7c520d7efe7630376794c17198bc1771fb7e30b25057a3164fd03f95ff69a1b9f156293c41926e1e81b91ee30cbea8172c7c31695e0fb5cd836981439658ad644925dcd67379cee016ea5335fd3911783430258b8e3b142c37cfe0373e6836ec008e84854930dcf4e61f8f86cd7020fb3fff6b2df8027752141536900e6a723cc336c6984e344cb340ba849b59072e890d23139251fa5db9c80dffa6a507085c454369c5c35c8b27f59d22a0eaed6fa9862364efa26989e6c0c56e1d00", @ANYRES64], 0xfd14) 11:12:42 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000240)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) creat(&(0x7f0000000080)='./bus\x00', 0x0) syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) write$binfmt_script(0xffffffffffffffff, 0x0, 0x8800000) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0) ioctl$SG_IO(r1, 0x2285, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair(0x1, 0x0, 0x0, 0x0) r2 = open(&(0x7f00000001c0)='./file0\x00', 0x4e141, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r2, r3, 0x0, 0x401ffc000) 11:12:42 executing program 0: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f00000000c0)='./file1\x00', 0x7aca, 0x1, &(0x7f00000002c0)=[{&(0x7f0000000180)="040005090000000066617400040409000200027400f801", 0x17}], 0x0, &(0x7f0000000100)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') r0 = open(&(0x7f00000000c0)='./file0\x00', 0x40c2, 0x0) write(r0, &(0x7f0000001400)="bb8f9f640903127a53527c6fbfe65d43b0e0586f2d40c7e7df58cac83420e83662d6e39bb6d5430622431454eedeeaee423d8f210bc3525fa7927c18d5fbc91ab13c2041136047d8da9375934d00f325499bfe77", 0x54) write$P9_RSTAT(r0, &(0x7f0000000240)={0x54, 0x7d, 0x0, {0x0, 0x4d, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0, 0x0, '', 0x6, 'msdos\x00', 0xa, '/dev/vcsu\x00', 0xa, '\\j}/*/|,\x13('}}, 0x8800000) [ 291.934837][T26212] loop0: detected capacity change from 0 to 61 [ 291.956911][T26212] attempt to access beyond end of device [ 291.956911][T26212] loop0: rw=2049, want=64, limit=61 11:12:42 executing program 5: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f00000000c0)='./file1\x00', 0x7aca, 0x1, &(0x7f00000002c0)=[{&(0x7f0000000180)="040005090000000066617400040409000200027400f801", 0x17}], 0x0, &(0x7f0000000080)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') r0 = open(&(0x7f00000000c0)='./file0\x00', 0x40c2, 0x0) write(r0, &(0x7f0000001400)="bb", 0x1001) r1 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r1, &(0x7f0000000300)=ANY=[], 0x116) sendfile(r1, r1, &(0x7f0000000240), 0x7fff) creat(&(0x7f0000000100)='./file1\x00', 0x1a2) sendfile(r1, r0, &(0x7f0000000080), 0x684aa014) write$binfmt_script(r0, 0x0, 0x60) ioctl$FS_IOC_GETFSMAP(0xffffffffffffffff, 0xc0c0583b, &(0x7f0000000300)=ANY=[@ANYBLOB="000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000300000001000000ff00000000000000d71f1e0500000000080000000000000039000000000000000000000000000000000000000000000000000000000000009e0f0000c70000000800000000000000000000000000000000000000000000000200"/320]) gettid() wait4(0x0, 0x0, 0x4000000a, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000002c0)="0f34", 0x2}], 0x1, 0x0) 11:12:42 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000240)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000040)=0x8) r2 = creat(&(0x7f0000000380)='./bus\x00', 0x0) r3 = open(&(0x7f00000000c0)='./bus\x00', 0x14d842, 0x0) sendfile(r3, 0xffffffffffffffff, 0x0, 0x80000001) lseek(r2, 0x7ffffc, 0x0) r4 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r4, &(0x7f0000000300)=ANY=[], 0x116) sendfile(r4, r4, &(0x7f0000000240), 0x7fff) r5 = inotify_init() inotify_add_watch(r5, &(0x7f0000000000)='.\x00', 0x400017e) r6 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r6, &(0x7f0000000300)=ANY=[], 0x116) sendfile(r6, r6, &(0x7f0000000240), 0x7fff) [ 292.021008][T26225] loop0: detected capacity change from 0 to 61 11:12:42 executing program 2: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000240)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = creat(&(0x7f0000000080)='./bus\x00', 0x0) setrlimit(0x7, &(0x7f00000001c0)={0x1, 0x9}) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000040)=0x8) r2 = creat(&(0x7f0000000180)='./bus\x00', 0x0) r3 = open(&(0x7f00000000c0)='./bus\x00', 0x14d842, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r3, r4, 0x0, 0x80000008) io_setup(0x0, &(0x7f0000000140)) lseek(r2, 0x7ffffc, 0x0) write$binfmt_elf64(r2, &(0x7f0000000000)=ANY=[], 0xfd14) setsockopt$inet6_int(r3, 0x29, 0x12, &(0x7f0000000100)=0xa2, 0x4) [ 292.097653][T26236] loop4: detected capacity change from 0 to 262160 [ 292.106514][T26225] attempt to access beyond end of device [ 292.106514][T26225] loop0: rw=2049, want=64, limit=61 11:12:42 executing program 2: prlimit64(0x0, 0x2, &(0x7f0000000180)={0x805, 0x8f}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000240)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000040)=0x8) r2 = creat(&(0x7f0000000380)='./bus\x00', 0x0) setrlimit(0x9, &(0x7f0000000100)={0x4, 0x6}) r3 = open(&(0x7f00000000c0)='./bus\x00', 0x14d842, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r3, r4, 0x0, 0x80000008) lseek(r2, 0x7ffffc, 0x0) r5 = gettid() ptrace$setopts(0x4206, r5, 0x0, 0x0) tkill(r5, 0x40) ptrace$setregs(0xd, r5, 0x0, &(0x7f0000000080)) rt_tgsigqueueinfo(0x0, r5, 0x3d, &(0x7f00000001c0)={0x36, 0x9, 0x6}) tkill(r0, 0x3e) write$binfmt_elf64(r2, &(0x7f0000000000)=ANY=[], 0xfd14) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000240), 0x7fff) mmap(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x1000008, 0x8010, 0xffffffffffffffff, 0x69369000) [ 292.157746][T26225] attempt to access beyond end of device [ 292.157746][T26225] loop0: rw=2049, want=230, limit=61 11:12:42 executing program 0: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f00000000c0)='./file1\x00', 0x7aca, 0x1, &(0x7f00000002c0)=[{&(0x7f0000000180)="040005090000000066617400040409000200027400f801", 0x17}], 0x0, &(0x7f0000000100)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') r0 = open(&(0x7f00000000c0)='./file0\x00', 0x40c2, 0x0) write(r0, &(0x7f0000001400)="bb8f9f640903127a53527c6fbfe65d43b0e0586f2d40c7e7df58cac83420e83662d6e39bb6d5430622431454eedeeaee423d8f210bc3525fa7927c18d5fbc91ab13c2041136047d8da9375934d00f325499bfe77", 0x54) write$P9_RSTAT(r0, &(0x7f0000000240)={0x54, 0x7d, 0x0, {0x0, 0x4d, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0, 0x0, '', 0x6, 'msdos\x00', 0xa, '/dev/vcsu\x00', 0xa, '\\j}/*/|,\x13('}}, 0x20000294) [ 292.285376][T26265] loop0: detected capacity change from 0 to 61 [ 292.320008][T26265] attempt to access beyond end of device [ 292.320008][T26265] loop0: rw=2049, want=64, limit=61 [ 292.344920][T26265] attempt to access beyond end of device [ 292.344920][T26265] loop0: rw=2049, want=230, limit=61 11:12:44 executing program 3: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f00000000c0)='./file1\x00', 0x7aca, 0x1, &(0x7f00000002c0)=[{&(0x7f0000000180)="040005090000000066617400040409000200027400f801", 0x17}], 0x0, &(0x7f0000000080)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') r0 = open(&(0x7f00000000c0)='./file0\x00', 0x40c2, 0x0) write(r0, &(0x7f0000001400)="bb", 0x1001) write$P9_RREADLINK(0xffffffffffffffff, &(0x7f0000000300)=ANY=[], 0x116) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000240), 0x7fff) creat(&(0x7f0000000100)='./file1\x00', 0x1a2) sendfile(0xffffffffffffffff, r0, &(0x7f0000000080), 0x684aa014) write$binfmt_script(r0, 0x0, 0x60) ioctl$FS_IOC_GETFSMAP(0xffffffffffffffff, 0xc0c0583b, &(0x7f0000000300)=ANY=[@ANYBLOB="000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000300000001000000ff00000000000000d71f1e0500000000080000000000000039000000000000000000000000000000000000000000000000000000000000009e0f0000c70000000800000000000000000000000000000000000000000000000200"/320]) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() wait4(0x0, 0x0, 0x4000000a, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000002c0)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r1, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0, 0x34}, {&(0x7f0000000000)=""/3, 0x3}], 0x3, 0x0, 0x0, 0x0) tkill(r1, 0x3c) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x48, &(0x7f0000000300)="f43970da7cfeb6d42fd55103666c5762306aa6000000006e59b65f92b10000c571b846e84785185abde7d01894a79025a799ce07a8bdf0c91d32be313b558a8b5a3ae6a22cd7123b"}}], 0x1c) 11:12:44 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000240)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000040)=0x8) r2 = creat(&(0x7f0000000380)='./bus\x00', 0x0) r3 = open(&(0x7f00000000c0)='./bus\x00', 0x14d842, 0x0) sendfile(r3, 0xffffffffffffffff, 0x0, 0x80000001) lseek(r2, 0x7ffffc, 0x0) r4 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r4, &(0x7f0000000300)=ANY=[], 0x116) sendfile(r4, r4, &(0x7f0000000240), 0x7fff) r5 = inotify_init() inotify_add_watch(r5, &(0x7f0000000000)='.\x00', 0x400017e) r6 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r6, &(0x7f0000000300)=ANY=[], 0x116) 11:12:44 executing program 2: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() getpid() sched_setattr(r0, &(0x7f0000000240)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000040)=0x8) r2 = creat(&(0x7f0000000380)='./bus\x00', 0x0) r3 = open(&(0x7f00000000c0)='./bus\x00', 0x14d842, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r3, r4, 0x0, 0x80000008) r5 = fork() rt_tgsigqueueinfo(r5, r0, 0x28, &(0x7f0000000100)={0x2f, 0xb0e}) lseek(r2, 0x7ffffc, 0x0) write$binfmt_elf64(r2, &(0x7f0000000000)=ANY=[], 0xfd14) 11:12:44 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000240)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) creat(&(0x7f0000000080)='./bus\x00', 0x0) syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) write$binfmt_script(0xffffffffffffffff, 0x0, 0x8800000) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0) ioctl$SG_IO(r1, 0x2285, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair(0x1, 0x0, 0x0, 0x0) r2 = open(&(0x7f00000001c0)='./file0\x00', 0x4e141, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r2, r3, 0x0, 0x401ffc000) 11:12:44 executing program 0: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f00000000c0)='./file1\x00', 0x7aca, 0x1, &(0x7f00000002c0)=[{&(0x7f0000000180)="040005090000000066617400040409000200027400f801", 0x17}], 0x0, &(0x7f0000000100)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') r0 = open(&(0x7f00000000c0)='./file0\x00', 0x40c2, 0x0) write(r0, &(0x7f0000001400)="bb8f9f640903127a53527c6fbfe65d43b0e0586f2d40c7e7df58cac83420e83662d6e39bb6d5430622431454eedeeaee423d8f210bc3525fa7927c18d5fbc91ab13c2041136047d8da9375934d00f325499bfe77", 0x54) write$P9_RSTAT(r0, &(0x7f0000000240)={0x54, 0x7d, 0x0, {0x0, 0x4d, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0, 0x0, '', 0x6, 'msdos\x00', 0xa, '/dev/vcsu\x00', 0xa, '\\j}/*/|,\x13('}}, 0x7ffff000) 11:12:44 executing program 5: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f00000000c0)='./file1\x00', 0x7aca, 0x1, &(0x7f00000002c0)=[{&(0x7f0000000180)="040005090000000066617400040409000200027400f801", 0x17}], 0x0, &(0x7f0000000080)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') r0 = open(&(0x7f00000000c0)='./file0\x00', 0x40c2, 0x0) write(r0, &(0x7f0000001400)="bb", 0x1001) r1 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r1, &(0x7f0000000300)=ANY=[], 0x116) sendfile(r1, r1, &(0x7f0000000240), 0x7fff) creat(&(0x7f0000000100)='./file1\x00', 0x1a2) sendfile(r1, r0, &(0x7f0000000080), 0x684aa014) write$binfmt_script(r0, 0x0, 0x60) ioctl$FS_IOC_GETFSMAP(0xffffffffffffffff, 0xc0c0583b, &(0x7f0000000300)=ANY=[@ANYBLOB="000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000300000001000000ff00000000000000d71f1e0500000000080000000000000039000000000000000000000000000000000000000000000000000000000000009e0f0000c70000000800000000000000000000000000000000000000000000000200"/320]) gettid() wait4(0x0, 0x0, 0x4000000a, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000002c0)="0f34", 0x2}], 0x1, 0x0) [ 294.797727][T26289] loop0: detected capacity change from 0 to 61 [ 294.810630][T26290] loop4: detected capacity change from 0 to 262160 11:12:45 executing program 0: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f00000000c0)='./file1\x00', 0x7aca, 0x1, &(0x7f00000002c0)=[{&(0x7f0000000180)="040005090000000066617400040409000200027400f801", 0x17}], 0x0, &(0x7f0000000100)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') r0 = open(&(0x7f00000000c0)='./file0\x00', 0x40c2, 0x0) write(r0, &(0x7f0000001400)="bb8f9f640903127a53527c6fbfe65d43b0e0586f2d40c7e7df58cac83420e83662d6e39bb6d5430622431454eedeeaee423d8f210bc3525fa7927c18d5fbc91ab13c2041136047d8da9375934d00f325499bfe77", 0x54) write$P9_RSTAT(r0, &(0x7f0000000240)={0x54, 0x7d, 0x0, {0x0, 0x4d, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0, 0x0, '', 0x6, 'msdos\x00', 0xa, '/dev/vcsu\x00', 0xa, '\\j}/*/|,\x13('}}, 0xffffffffffffffff) [ 294.838958][T26289] attempt to access beyond end of device [ 294.838958][T26289] loop0: rw=2049, want=64, limit=61 [ 294.870436][T26289] attempt to access beyond end of device [ 294.870436][T26289] loop0: rw=2049, want=230, limit=61 11:12:45 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000240)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) creat(&(0x7f0000000080)='./bus\x00', 0x0) syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) write$binfmt_script(0xffffffffffffffff, 0x0, 0x8800000) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0) ioctl$SG_IO(r1, 0x2285, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8914, 0x0) r2 = open(&(0x7f00000001c0)='./file0\x00', 0x4e141, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r2, r3, 0x0, 0x401ffc000) 11:12:45 executing program 0: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f00000000c0)='./file1\x00', 0x7aca, 0x1, &(0x7f00000002c0)=[{&(0x7f0000000180)="040005090000000066617400040409000200027400f801", 0x17}], 0x0, &(0x7f0000000100)=ANY=[]) open(&(0x7f0000000080)='./file0\x00', 0x800, 0x104) chdir(&(0x7f0000000000)='./file1\x00') r0 = open(&(0x7f00000000c0)='./file0\x00', 0x40c2, 0x0) write(r0, &(0x7f0000001400)="bb8f9f640903127a53527c6fbfe65d43b0e0586f2d40c7e7df58cac83420e83662d6e39bb6d5430622431454eedeeaee423d8f210bc3525fa7927c18d5fbc91ab13c2041136047d8da9375934d00f325499bfe77", 0x54) write$P9_RSTAT(r0, &(0x7f0000000240)={0x54, 0x7d, 0x0, {0x0, 0x4d, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0, 0x0, '', 0x6, 'msdos\x00', 0xa, '/dev/vcsu\x00', 0xa, '\\j}/*/|,\x13('}}, 0x54) [ 294.973899][T26315] loop0: detected capacity change from 0 to 61 [ 294.996300][T26315] attempt to access beyond end of device [ 294.996300][T26315] loop0: rw=2049, want=64, limit=61 11:12:45 executing program 2: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000240)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000040)=0x1000) r2 = creat(&(0x7f0000000380)='./bus\x00', 0x0) r3 = open(&(0x7f0000000140)='./bus\x00', 0x14d842, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r3, r4, 0x0, 0x80000008) lseek(r2, 0x7ffffc, 0x0) write$binfmt_elf64(r2, &(0x7f0000000000)=ANY=[], 0xfd14) r5 = gettid() ptrace$setopts(0x4206, 0x0, 0x0, 0x0) tkill(0x0, 0x40) ptrace$setregs(0xd, 0x0, 0x0, &(0x7f0000000080)) ptrace$setopts(0x4200, 0x0, 0x2, 0x63) ptrace$setopts(0x4206, r5, 0x0, 0x0) tkill(r5, 0x40) ptrace$setregs(0xd, r5, 0x0, &(0x7f0000000080)) [ 295.059023][T26327] loop4: detected capacity change from 0 to 262160 11:12:45 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000240)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000040)=0x8) r2 = creat(&(0x7f0000000380)='./bus\x00', 0x0) r3 = open(&(0x7f00000000c0)='./bus\x00', 0x14d842, 0x0) sendfile(r3, 0xffffffffffffffff, 0x0, 0x80000001) lseek(r2, 0x7ffffc, 0x0) r4 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r4, &(0x7f0000000300)=ANY=[], 0x116) sendfile(r4, r4, &(0x7f0000000240), 0x7fff) r5 = inotify_init() inotify_add_watch(r5, &(0x7f0000000000)='.\x00', 0x400017e) r6 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r6, &(0x7f0000000300)=ANY=[], 0x116) 11:12:45 executing program 5: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f00000000c0)='./file1\x00', 0x7aca, 0x1, &(0x7f00000002c0)=[{&(0x7f0000000180)="040005090000000066617400040409000200027400f801", 0x17}], 0x0, &(0x7f0000000080)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') r0 = open(&(0x7f00000000c0)='./file0\x00', 0x40c2, 0x0) write(r0, &(0x7f0000001400)="bb", 0x1001) r1 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r1, &(0x7f0000000300)=ANY=[], 0x116) sendfile(r1, r1, &(0x7f0000000240), 0x7fff) creat(&(0x7f0000000100)='./file1\x00', 0x1a2) sendfile(r1, r0, &(0x7f0000000080), 0x684aa014) write$binfmt_script(r0, 0x0, 0x60) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) gettid() wait4(0x0, 0x0, 0x4000000a, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000002c0)="0f34", 0x2}], 0x1, 0x0) [ 295.140628][T26338] loop0: detected capacity change from 0 to 61 [ 295.192088][T26338] attempt to access beyond end of device [ 295.192088][T26338] loop0: rw=2049, want=64, limit=61 11:12:47 executing program 3: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f00000000c0)='./file1\x00', 0x7aca, 0x1, &(0x7f00000002c0)=[{&(0x7f0000000180)="040005090000000066617400040409000200027400f801", 0x17}], 0x0, &(0x7f0000000080)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') r0 = open(&(0x7f00000000c0)='./file0\x00', 0x40c2, 0x0) write(r0, &(0x7f0000001400)="bb", 0x1001) write$P9_RREADLINK(0xffffffffffffffff, &(0x7f0000000300)=ANY=[], 0x116) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000240), 0x7fff) creat(&(0x7f0000000100)='./file1\x00', 0x1a2) sendfile(0xffffffffffffffff, r0, &(0x7f0000000080), 0x684aa014) write$binfmt_script(r0, 0x0, 0x60) ioctl$FS_IOC_GETFSMAP(0xffffffffffffffff, 0xc0c0583b, &(0x7f0000000300)=ANY=[@ANYBLOB="000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000300000001000000ff00000000000000d71f1e0500000000080000000000000039000000000000000000000000000000000000000000000000000000000000009e0f0000c70000000800000000000000000000000000000000000000000000000200"/320]) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() wait4(0x0, 0x0, 0x4000000a, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000002c0)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r1, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0, 0x34}, {&(0x7f0000000000)=""/3, 0x3}], 0x3, 0x0, 0x0, 0x0) tkill(r1, 0x3c) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x48, &(0x7f0000000300)="f43970da7cfeb6d42fd55103666c5762306aa6000000006e59b65f92b10000c571b846e84785185abde7d01894a79025a799ce07a8bdf0c91d32be313b558a8b5a3ae6a22cd7123b"}}], 0x1c) 11:12:47 executing program 2: prlimit64(0x0, 0x0, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000180)={0x38, 0x1, 0x0, 0x0, 0x9}, 0x0) r1 = gettid() ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x40) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) tgkill(r1, 0xffffffffffffffff, 0x4) r2 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ioctl$FS_IOC_SETFLAGS(r2, 0x40086602, &(0x7f0000000040)=0x8) r3 = creat(&(0x7f0000000380)='./bus\x00', 0x0) r4 = socket(0x200000100000011, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'sit0\x00', 0x0}) bind$packet(r4, &(0x7f0000000200)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @multicast}, 0x14) sendmsg$ETHTOOL_MSG_EEE_SET(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000580)={&(0x7f0000000100)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000126bd7000fe0100000005000500010000001400028008000200090000000400050004a9010001045cfb890b94f00606319c2e14360379ff301acbbd2564968276a28ad131d05a26c99b848c08600bce4726b05e76f8b93730872e8121333cbb"], 0x38}, 0x1, 0x0, 0x0, 0x24004050}, 0x4004045) r6 = open(&(0x7f00000001c0)='./bus\x00', 0x64cd02, 0x0) io_submit(0x0, 0x6, &(0x7f0000001840)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x7, 0x5d, r4, &(0x7f00000002c0)="09e9d6af9032db77e84f64ec82db3dbf102d0d9fbd602e8118bf546831106dece4c08fa3d332ffd5d0913b5da9542a32f4d1e9eeafc996d29d27bb6b242a46ff0d846a5a3da7fe68296c3cf5930ce1b5c5596ed807e4fd28e695a0c6aede901d639b901fb234d7ab480c", 0x6a, 0x4, 0x0, 0x1, r3}, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x4, r3, &(0x7f0000000600)="7d2059e2ccabfd32f9c6beba13d78a63b5f436ba7b953a9a78a3ac05c8d2b76764a944004d7f82cfd883abbdeb0abdf41b613138ad7e32f1c01f5f894f3f8864f96ccf09e5d0a31017a2ee6f38147145217497d95394d902f18df48b0f52e94bdedb5c9977fde83b402589817084c9751ea3ba1dcad70ab7319ca971b6f3a1a47e70c8e8e37a25e1e648ed69051c08e4cc9e7e0c9ffb06db4da074d27c29720e2c60e6a17bef4c63bfe344664da1af1f8e77d900e191471d7330989ba303ec3c231edbe4adb5628bee476c9d0bc33bba17ff1cb5c62b580ac4dffb0f1e5b428da59699adccfd2a3c0f36fb85ba4c9f28b5958a0fa8f336e7203959539cdfbb8f76598df277eda613e3bbaed5b389a2a93013a3cf85567c2f0254ec8756976492c3c1c27ee02cf3b19331dadc8df654d89aa065e3692a1676ddb5256363be9aa3f7507b18d601f3832af853e4e2c71d6772cdcc1a3730628056c6e2eaa8a676fc89712f19a7d40a89d88206d5698a79fdd3a94865ca07ac3635243be62d027db6b6000af03b248366b1d6d0a1e21ac79f5b4c0db3db86546b1600d71d6ff11de29b02b68170436f8d36dff06cbc3df7d889462b56859350e2beb758aae73d45518a9861b0b072c323955b7ffd8726df2afb344be9846a15900c0707c1063cd3a9a6fcc0ac599a5d58e09571376cc8b06dbf9967829b7cc7c10ead5db6f0de76e627c21af469e59a345049a6954930ec9c453bb2fcca7ed2a43cc9504e9b626732c694af33ef378a54da4b601a2295d31f52ac60f7d6402811d235dc475ca4de08ca83beda65aba14fcbd4567a135e43ec2ab82b3aabb3e03531cf9111c965939a87cbb099c534625c461480f6c2330a2cf1c02baaaee26f822d8488cfa721f1dda717a996e54dd684b9e1e127f0ebf79917e839b86e6e164385106020e06b7fc00b2b55f3837e976b0d056f1031e0363f5633dc0a164946611a2b6a00bfa589d6b4e6e0a2536dcf91084738c92fb0b364f445b62b88bb29f5bf3ecd35f129ca5e9bc31c2e63aa4cfcd8f9710cdd0e21a04724085fa85f75aaf85467ee61dfd6dccea63be272e8df87a55314ab58a0fe055e01c3fb85b1030e65e8e54999366c10bb20205fb12c09c0eba8675c11d71c7f31e349755e48414f34d65a7f75652278b5eb592df5007d3848cebb9693fccc949d559366cd9b92c1892428f25aceeeb945b8aaa32852c7c4f1dfa5459a6b0fc3ae2a9b35f0426465b0329cd78e27c6cdedb33e0cd6a19302b4076115c5fbf98c7d0cfb13c0fcc3b439de4445e58a8eeee992010fb962f1403cd8f543e7fed3f18dd8468d23e6feed32f0f018b7a8ddc0b0854c83df20d31ee42101d48a38a35c7ffc4baaa9ffa405b5432d66cbac666964fe35f1500b21dacc90e0af50b8c926aaa877f7b5b81563fcb016e0fefbf0bda2fda678a317ecac89e9c1232b58b86022f9fcc076c3ca9d3efdfdfbe99ef1899ec0b1746d49d49869e5e56c7078606844060aa4c9c7bc16c8f26a6d99e580c37bf18fa310bba121e5a50dc74726d2e2121d6ef4a9bcc28ce6a685ac750ae2f456b74afd4c67d0e20b2fba7123466b33f5f8b47421faf6038e422d40a7029ed6585d5e8b6c7a973eb1114cbe6c624718794eaa154dffb36638904fbdbaa404c4103be660be614b8e88905958a42977b9a615cdacc39a982310cee9bea97b985abd3e720bc186434402b2e7b34bc1d5ce81dc30fb654ea300a36cf1a9f57c164a73299230f880845de6976b1d51c3457d519db7a360674fa7eb2db0c01bcf78d452009cfb764c2423686bc048c0353a46f07e08bcc2e97807d8f4e980c9b42f6c46029c502e4554d2e577c62cac9c02e5ce54eb3a2f973f93d7361bd7963bd7fb2b60356d4e16c3950f39ff477bbb85c7e884513702866699764d936ea71e02a0884d00e1dd884367dffa52dd4c740f40f61ab3d0ae4f7535cbf07954a890562654155765a12bbbe2acf59f3f18c481d0b9a2d3bdd3aecacb150b90c2238edafd03d37ba015ca37fb34f327e3b98638a11aa3a2b4fc5122d4b3b083b32792e3bd7151b8f6ff8b5f8903b513842ab83f47855973624e25ebf4779e8975da118fc281bfe8069cf85157080482b7a4ef0993576f3c532cbb34be3b2bdd50a8e0b22f1052ad710652a78c80e07098beeec106ad988dbfe2743a5614598478f19ef5ebcc3d02e7dd95085c29dac974b86d10af6992ad464fd24a0a1612dd92d9130567e403463c4551720c24b7e66b8f5f6181a4a358eb256479bf452619fe426c7828c58efdf44fef33f0833771bfc75f7f259a850e76a4a8268264ddf63b7c3efead00a78e201982e8df1bb15de9cd08f89b2d5eba212c5d4284d4176338249887fcc24945e47974d0b07123d3d8e9f670ed1a71c7245cd8561ea2b99f9ded9c7b8f5964a1ee1ccc342e036d22a6fa93c5d8b526c5daf1f58fedcc31f6bb86c98e97a5e4e4e0dde6649d05c45df5d8212a09102cd43505505e89e758c23c5ba9b419cf3ecffbb47849bd4e9583817a209a5945deff710b9e75b85b6a9f191357497f441fa44f4525b93d09fb0cd039c66c76c8fc3867358096abc91a83bff1ceb884d8fbc3a5c6d42f31a181302f551f9157059ca7a6a395f95d39d578013b0834b381409ece384987e22b066fda337db368a7cd4bbfddc7f60ce56db73b73f7cbc62736d53cbcf97a0bf92b0aa2d87e24cc02ece2beb85916c0163688f324a40424fc63cb0837f0f351bdd45edef3aa606f811381476adf0e46fd05927af7eb97f93b1a53a4ada03f3518f497ec11fddd71a90c344f3e9202ff1e7cc2ca3751ba19ee0c8b6706acd83ce36b700e800799483978a1b88fa8b27aa996868184b31e2ddc8ccdeaff3d4c927c0f3b7bc3944bcebd71f2cb4dd74cfc6ed148ab135ddd0caafed4fefd6a28786d6feecad1529eced8b882f275311a30db9271e7e2c989ee36b003d56086d79fb04bd128affa620ff3154ff060fb926b5c7ed2d810084fa2aab30dadf84b227a3ea96d36f0fc0ee14c0f00814372a09b3bb07e607929697fa6a9b52855e62420e6aee170a884a63458d57c250e0704911ed7bde4b6dee608d0492927102a653a78fda118528626a9c7544ef16cb0af3878d7d2a14a6bd326fe7e07d0369dcf917e6fc55ada7611317e4991f84cd422a4130e30132a0fabde19382d4ed226711db17b668fd32fece778a82eb8c54831ad5346a395a708045b917e5c1b2d5f58239d7c6e7077f4a0399fa4b12ac2565bee4c1cac28183e24a4325e600e9881054f6a9178423ed936923270d8c5f48d58f4aa632b759360ea43b3bc985fd8d9ce1ff4398849080cd29a1b0be60925bf10bff872882dd16313324dc3110468aab8e100e0004cf8aa619480a924194c6e037de4dec3818e397c5301f05e46a7fcafa9974880b827e5a0317cde11eaa9ec91ed3b696ed33f60097f301b7b43f93d38a5134e0613034835eba578f0ccbd09889f10f0ffdc20873aa8ea6623863bf493db3fe7b2061efed47af4493de5972da9b4ff36aa3851a53d396753854ef1c7e01bcf1db109924edcadcafbf7e5a7e8e78853396f8b34d853e84a43b166a8b89aee81b22497400878856f12c6c7fa3ba6562930f7665b0eeddb54f2495fca018b74e3e308be26f5b0cdb066ae9ea09b8124cc2c5baf93f9f3249fbed7df72ccc93b5f1a71ab7d2da823bc547527088a5477b57bba0dfc273aaf26e8f6e64771528dcf33ed4bc21c31d1a4408f5edbb4a627b3498c14aad6b70b9354a8228374e770ecd3a894d42d07540b84e3d378c12c8b3c082f6282b1d4d6e27fb47171818b41380d911dcda270fc947f0cdb3e8ca99524e626161b53eadf9eb226e918df83c7497d27efd92f6886b7eae766f8db8fcf8bbe482b2f887d7a24a97293ccbb4d9063e0a753bdf7da950ee4799356f659fef28d0168e77857acf7f42307100d235f85f551c2115a811b3d98351e1758f112c654536f03132e760477e2fc64cacd25c5ee8ad1dd6c3f6c24e6eb9633eca59f8313f632cdd1d3c906deb480c512b932a033bc2fdf80e06bcdcd769c28a3791d8103b019b482893aa11970a28760aef2f424eb31019d60d953d812b83ca2609ea97b5c058ae6c06330044e28e0e10411b82b8bcaede068e97b6c1a9cafdc6891d417493cf5be70bb11a4e4bcad47e020c4c452386f554befe2c889d930824183b4c03a6280e1d4bec0a6837486f76ea97525321fc17de86a89c3cb72571b5d68a50cffb52856826a7715308f62a88426170b776f11cfb9fa5935941b7f5ea888f9d1b3e6b4c6760bb1892872d18f9b6d4cf9a105b01d63fc24e7c0e11198ac335084d272494c026b82601e7112aa3330fa785a726dd78e22c0415d7a290e7fcc5b7027db771aa5a7bfa934dd5e140875bc351d8881aa7e9ec5fdc35c69ad9a0d6c0fbef00732682baf7e341f54c292fbcfa69af0212c08f84d67e06ade2db7d822ec8b4740ef78b4cc9d37dcbac8174381b13982fb3bb471cadea3efc36106d13d14db1fc3e10408a7524b8c697917c8ac46c3c6699de22d1086cbec4701be969b7fd14f60a90472d7d8aed04b830f10b7a20cfd7fb1b279fe4f045f292d1e21f20139dcf578887bbf31e54fe73f8c493c4ea1d4e230aa8dee5ae9a9508f34c02f476ef920e5a69c7a0da7059d0ba0e1958aef818924c30b8abd6567ff7a24c0537310bc589afd01ae4ad0d8c09560f5b17773aca1b1d2b9566ac7174ca279beee42a489faeb52b3cc33d42935779ee3ad02c4e4d351b0b48c383d8bd3b812fb02bd9d0401d8567692e905d4698d0c2002bed1cf4a884ea6c3e59c4b7745d5585023169d044fa20c702f644535ac527dc7acbd68b3805c9d9ab7336bc960679a5778e40753ce05ba4f7e5f68017c94a604f943baa0a44cd1d61eef7330e39699cb5c5f7749f2d884478029534df5f4b3ba87b1d3ecc183584aea90ea73ab21b88b14a897e34015e27d4c77e5412d3ed64c7ecc26bd5e6204e7dace942b50d16060858a969353ebbc32d21696f031b0f9858280dd4f6cd4886403e7d887de8f54a1d0ed6f625ee283b10e32eb5e6d249ae58593d23a400586c47abd28f41efd0501b12d9c02241c49cf87f92ac0d1c891ca66b2b659b4e5abe8604f5487deff98b561e979ab495c613eb4ab0f1a6f255ef5a3c34d2264d57b5d53ca166d16c15da4d5301a1b4df4d007e256aef5aa76d0d1aa9584759372634ecdaa8e54b578aeeeee88358359281b47cf95927fd2d523cf740165b1d26ccab813dbc9159b8a00b5c2ea4aec09cffc500a3d4336c2de6640654d81a351eb25ec28eb078104ce169f46cef1c3657650f681c74bb28aefa36ac596a3d298b1dfc1203b3b4647ff7beb279e9008c1660a573267370d43187da7234cf3347581fb43febe5d98afc74c7857d1e08754deac6012d3325b96ee46f6aece6d2115d7e1d3b66e5b187d8e179c1e62894bc2bbc5b8aac9a46780673a54a38610ccadb20aa4b93049b9f492f8d8395fd39b005060b99066ec5f27bf9522a4e2729d6f55e71fa31bab8a3f2f78d205601be81f6683c62d2b8babcd0c73d51881d1ccee074a3bcefaa2506f69641376349070c7463e9623f7e005f39826b1b2d35b87330eb454845a684a91ced8e16c79023e0848ffb3bde7455622bc8cbe879235d33baf93e1ed55b4890b1b2e89560352d0465d5b55506e20b3d48195c35dae82721f0211072aec91ac1924461c4ecdea71d75301", 0x1000, 0x9, 0x0, 0x0, r3}, &(0x7f0000000340)={0x0, 0x0, 0x0, 0x8, 0x200, r3, &(0x7f00000003c0)="0b538c6282d32a2bbea10aac2997f1fd46de7d4f7a5a9e45b2ad36f8542d4a9baf895654db9569451fe7adc7a3a0863ef4f438e1c8bfde391964b769e4ddba4f207b69ed187a5817af3f7088b563a068ed", 0x51, 0xb2, 0x0, 0x1}, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x2, 0x0, 0xffffffffffffffff, &(0x7f0000000480)="2f9ee5777fbe058b4e879a2b7fa5e3954c69009375d76ff0c37ca4ba9b671383a5527dd4545b187f6162efa1ad82c70cb675379b4b5fffdcecd91fdb78e543a9ab28ffdec2d62c826f834b9232db9a3b49e09cbc6c64823df3bb1db47ebcdea20b1539ea9ed941dca4c66079ce470451e44765", 0x73, 0x80000000, 0x0, 0x1}, &(0x7f0000001700)={0x0, 0x0, 0x0, 0x1, 0x4, r3, &(0x7f0000001600)="89d23f0234fa4ee14eb71ed507be4c370cb689ec0bd26d8fe6b2ade29c17e8cf42b5666f4c399e031e1de9c837d3c384b935720f347d355aa761c6bc64aea7f8a7c6763461ee225d17b45ed5c728bda110e327b1ab138131a7f3dc90017eb2ae0712d86e2b99c88e95b62cbf04d2d7a67e9baef26a0dc9eefacbb5ef85ab1db407e7c2c9dcc0a3bbcd974ad37e097f21678c5479e3c16e9c8a11478570daecbac964ef630eaf4b402b8240ce20dfe4b66f52342257a61966e94f90ce3b0506fd325a1f603420f28605de55c9fc7e41c195ce9b2b58954c0af79833d19c1a13e8752994734c7a5984442c87365f8728a691b6665f77238e", 0xf7, 0xab93, 0x0, 0x1}, &(0x7f0000001800)={0x0, 0x0, 0x0, 0x3, 0x16, 0xffffffffffffffff, &(0x7f0000001740)="d71480e502b2f2fb3a7041bb7ee256ddfec966cf956c8fe191787cafc0ecc4710f6e72769d56403dbc3488afbc47effaf61aeaf573fdbb1d712d701c29032180a2eea39bcdf225caa123b847baa449837d51491d2d077ec3a0e8e76bc4cb2455bd4d25e0e2c807326df529af5be9019c29c11bcb1a004014a12ee2c84c63c4beef6e0fdd", 0x84, 0x1, 0x0, 0x1}]) sendfile(r6, 0xffffffffffffffff, 0x0, 0x80000008) lseek(r3, 0x7ffffc, 0x0) write$binfmt_elf64(r3, &(0x7f0000000000)=ANY=[], 0xfd14) 11:12:47 executing program 0: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f00000000c0)='./file1\x00', 0x7aca, 0x1, &(0x7f00000002c0)=[{&(0x7f0000000180)="040005090000000066617400040409000200027400f801", 0x17}], 0x0, &(0x7f0000000100)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') r0 = open(&(0x7f00000000c0)='./file0\x00', 0x40c2, 0x0) write(r0, &(0x7f0000001400)="bb8f9f640903127a53527c6fbfe65d43b0e0586f2d40c7e7df58cac83420e83662d6e39bb6d5430622431454eedeeaee423d8f210bc3525fa7927c18d5fbc91ab13c2041136047d8da9375934d00f325499bfe77", 0x54) r1 = perf_event_open$cgroup(&(0x7f00000001c0)={0x4, 0x80, 0x10, 0x6b, 0x5, 0x81, 0x0, 0x6, 0x40000, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x2, @perf_bp={&(0x7f0000000140), 0x1}, 0x400c0, 0x0, 0x0, 0x0, 0x2, 0x0, 0xfff9, 0x0, 0x1, 0x0, 0xffffffff}, r0, 0x6, r0, 0xc) ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x40082406, &(0x7f0000000300)='/proc/asound/seq/clients\x00') r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/asound/seq/clients\x00', 0x0, 0x0) ioctl$RTC_ALM_READ(r2, 0x80247008, &(0x7f0000000100)) write$P9_RSTAT(r0, &(0x7f0000000240)={0x54, 0x7d, 0x0, {0x0, 0x4d, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0, 0x0, '', 0x6, 'msdos\x00', 0xa, '/dev/vcsu\x00', 0xa, '\\j}/*/|,\x13('}}, 0x54) 11:12:47 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000240)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) creat(&(0x7f0000000080)='./bus\x00', 0x0) syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) write$binfmt_script(0xffffffffffffffff, 0x0, 0x8800000) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0) ioctl$SG_IO(r1, 0x2285, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8914, 0x0) r2 = open(&(0x7f00000001c0)='./file0\x00', 0x4e141, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r2, r3, 0x0, 0x401ffc000) 11:12:47 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000240)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000040)=0x8) r2 = creat(&(0x7f0000000380)='./bus\x00', 0x0) r3 = open(&(0x7f00000000c0)='./bus\x00', 0x14d842, 0x0) sendfile(r3, 0xffffffffffffffff, 0x0, 0x80000001) lseek(r2, 0x7ffffc, 0x0) r4 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r4, &(0x7f0000000300)=ANY=[], 0x116) sendfile(r4, r4, &(0x7f0000000240), 0x7fff) r5 = inotify_init() inotify_add_watch(r5, &(0x7f0000000000)='.\x00', 0x400017e) r6 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r6, &(0x7f0000000300)=ANY=[], 0x116) 11:12:47 executing program 5: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f00000000c0)='./file1\x00', 0x7aca, 0x1, &(0x7f00000002c0)=[{&(0x7f0000000180)="040005090000000066617400040409000200027400f801", 0x17}], 0x0, &(0x7f0000000080)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') r0 = open(&(0x7f00000000c0)='./file0\x00', 0x40c2, 0x0) write(r0, &(0x7f0000001400)="bb", 0x1001) r1 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r1, &(0x7f0000000300)=ANY=[], 0x116) sendfile(r1, r1, &(0x7f0000000240), 0x7fff) creat(&(0x7f0000000100)='./file1\x00', 0x1a2) sendfile(r1, r0, &(0x7f0000000080), 0x684aa014) write$binfmt_script(r0, 0x0, 0x60) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) gettid() wait4(0x0, 0x0, 0x4000000a, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000002c0)="0f34", 0x2}], 0x1, 0x0) 11:12:48 executing program 2: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000240)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0xff}, 0x0) r1 = gettid() r2 = gettid() ptrace$setopts(0x4206, r2, 0x0, 0x0) tkill(r2, 0x40) ptrace$setregs(0xd, r2, 0x0, &(0x7f0000000080)) rt_tgsigqueueinfo(r1, r2, 0x16, &(0x7f0000000180)={0x2e, 0x5}) r3 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ioctl$FS_IOC_SETFLAGS(r3, 0x40086602, &(0x7f0000000040)=0x8) rt_sigqueueinfo(r2, 0x11, &(0x7f00000002c0)={0x35, 0x7db, 0x1}) r4 = creat(&(0x7f0000000380)='./bus\x00', 0x0) r5 = open(&(0x7f00000000c0)='./bus\x00', 0x14d842, 0x0) r6 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r5, r6, 0x0, 0x80000008) lseek(r4, 0x7ffffc, 0x0) getrlimit(0x2, &(0x7f0000000140)) fcntl$getown(0xffffffffffffffff, 0x9) fallocate(r4, 0x1, 0x401, 0x7fffffff) [ 297.837723][T26379] loop0: detected capacity change from 0 to 61 [ 297.844870][T26382] loop4: detected capacity change from 0 to 262160 [ 297.878012][T26379] attempt to access beyond end of device [ 297.878012][T26379] loop0: rw=2049, want=64, limit=61 11:12:48 executing program 2: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) setrlimit(0x3, &(0x7f0000000140)={0x1f, 0xa2}) r0 = getpid() sched_setattr(r0, &(0x7f0000000240)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000040)=0x8) r2 = signalfd(r1, &(0x7f0000001540)={[0x8]}, 0x8) sendmsg$SMC_PNETID_GET(r2, &(0x7f0000001640)={&(0x7f0000001580)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000001600)={&(0x7f00000015c0)={0x20, 0x0, 0x8, 0x70bd27, 0x25dfdbfd, {}, [@SMC_PNETID_IBNAME={0x9, 0x3, 'syz2\x00'}]}, 0x20}, 0x1, 0x0, 0x0, 0x24000000}, 0x4000084) setrlimit(0xd, &(0x7f0000000180)={0x0, 0x7}) r3 = creat(&(0x7f0000000380)='./bus\x00', 0xc) r4 = open(&(0x7f00000000c0)='./bus\x00', 0x14d842, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x15c) r5 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/mdstat\x00', 0x0, 0x0) signalfd(r4, &(0x7f0000000340)={[0x401]}, 0x8) sendfile(r4, r5, 0x0, 0x80000005) lseek(r3, 0x7ffffc, 0x0) r6 = openat$full(0xffffffffffffff9c, &(0x7f00000001c0), 0x80040, 0x0) getrlimit(0x0, &(0x7f0000000200)) ioctl$BTRFS_IOC_RM_DEV_V2(r2, 0x5000943a, &(0x7f00000003c0)={{r4}, 0x0, 0x0, @inherit={0x50, &(0x7f00000002c0)=ANY=[@ANYRES16=r6]}, @name="4d274b32251ea220d133665ccfb041e330216c3850c496c131ff8df99b5c51668eddacfcfd27aa4eca626a315f989f41235efa4ffa1032e5b950501d5919719460b062f96c1b703b0b03d5f34b5684868e9fdc5ee17b66660f8b1571b2ff8fa299fa63aae1aa1e3ce2ce821ea8ff30d870df93ab918b3b609d48681daafed20d065537f16cf33e130ce916e165e809c4b37592ce6691a7449eabd0b48357092352702a66bec0c0f18d63619f0250ae55e13e87d4addd409318b9c3962deb9c8fdab3981214590aed7bfc665f945fee6f91bcc0239d6f7c7fd7ebc71b4b1299e2c772e981a137e5c39034f05810abceb1f943aa35f6537f62d9bb45e15480e8a6551ead59df064cbbf8cedb7bf0cd8ef8bbdff40703a19967dd1310e83115244a718b87179ba0691beae47e168fa5c5408f6ce1a1a01b1779ccf33b8a84f4358e860c47f846bcbcc9c0e6602edcbd4c40740134a587dbeaec3634287a73d7f72935e998c5abf4748e1ad5d00fa13d1c9a643b80ef21403f0813f2d00b87ced7e132c88bc5a73b37bf0d4db0b44fc5c22a36fd10ef7b9f5e6de5bbe977ffae27a69f53f0fe5355a217e601b748a245e2431809f5bcbe5fada66c81d0b842d342fb16012b3dd599152c2779240bf0fe4b7ceb61371853a62540f243a75c28b3edbd8be71ea83846849b11ffa2e0f92d60d8b5be5b2a746ecc7c504d6235f7b64d1ea4213ce4a117ec258bc3953a0bd9189bcae8d47eb9d3eef889af2446337c98f4c1afb530a06af857f7ff8f75146dad3ded0b40a615884349877e778da571a7d57f9b7c1f0aa1a115bc9c0f5fa3c9e49762d17835b5f802bf30c3ad9808f1f69a68c03459c429fbbb1f9c91f82ab4ba284aa121e88941b6a58da8cf6c6cf2a4ab7810377d17cb8f0a6a7d2430a42610fb402c1885d6da21f00f5d6b0acec05923da98f67c0aebda6970bbaf34ce8435b5467bb2d279b9bcb1a2fb73694832e77c3d7bb4d666dd9c9075ee9f78b873acb2dba9adbcc910fab3759096cf0ac30b51d12353a40c92b9312909250c443277a0321eb68539df8b2347e1b426370251b348df251aea345f5adfb1ed6586a60c2f5d2cf6eac1e1aa05de4e59c325a768f24f62fae8d7c3c169f5f00eb8a521eb2ab181d353a01ce9cf43bf1adb88ad5075b0d78ce1ddfb4bd37e77d788397422a0182ad073738a047ad1017d63e08c6f3ab60f2a583c01b3fa8e0c3e9e6597e9b27a5dc838fb5d91d9cf3085c30d4fff2bb3d2b9bc88f35da18a0cbf5e123132341859b1d8992f455cfda608a824d9b4970787255e4293a4e2d66f8b47c71b01ce250f3e7d57f4d8119e9935220cc5ae6b9fde405ec7ee47d787730b14a764cc4cb7be6bd516a6e5af8345fa27479054de7b676e55f800d007002644e694cced414ee112ce436aff9fed128024bb6bd916f4231c09dadbf77225ff2a576b1a456abd3d9be37998dbcbdbaf6a2f38c9a12231886acb83d70ed27e035949c171235454867b4e8ffc03b3ad9c4c376c92df7712d0290b9924b8facfe69f1309e98506330b010050a9779c21e1adce3e8692c7c2550e728a60af8f3d663c883df8273a228a8de42c2bfa3daab252711afe8baa61308d68a2f3b589d85ea59931ba8cec37f478ce45cb3de41f029964d0b906b2d09479bc793a4402f80d06ab710870176880bdda564452d5a584089438bdb5698f596902a753aff7ad309160d7c6eef80dc0c7caa07d94d57f56e078074b10445cef3b83a1a5b0502da7759e4d578b950b93ed452f1af1e0646b3012a6eeefc8da455e1dba1ed4705a9d474fa9f1212092a6f596c3978d9a6e98697289539783e6711302c0152950ba7a2823a2e47b7dccde4534dc7d8a836315d2630cccc3f578a82a87e1482e2dbcd2a9906ae4331195c85563eb2548ffdb830cd7155a9ccde65825ec34af03564e0e4633744bb5eff4b83fd05335658ede97296230a6eb769d1d7264a8ee95f02db86bf79306283d2b34832d858bc2f848f33a2d46812f3cc3c3d655ca909fbb5cf68ad2d8f3591fdca107ec477eb515047570e638e143262693d9fadc093fe1e1e3226e2b216f30c658916460392c7e2733f39fafd6f2a2cbc67c4fbdfd1e1ee13fb5f2aa3a7f289e0ec7d4b2e701aef7354f9a7802ee931c30f22fd8d3fcc750f0b2f72da7bd14d819c2b612922f730a8fbf5315575cc0ffd204bd850b6e140e7aad10d6569f4f4151472aa8a6c5ac95b4a270b3f7c2f7e43b343e34ad858ba9a7fb6730fa0e12d78b766ef2e0e81b3f3df765fc43fa2835b2d2303fe2986dff05da77f25bc45a0b823b9f840f7bde06b93d7efc166ee6785f84c2a76208e39138e0ead354fa3ffd186c0161aca2428d79f0d88a727d3b0d55401d523d8591dee8064317cc886348c5c326ff422dc09c0ac5c9596bbb1b74ea13924cf60ef37c40feaedf601c65b0b4780625d647e99333553d6cb7ccd16153c0345715c205ddcdcc24593cc229974395c21bfae23e217ba486abb1ec50bc17cb410ff7eafabbfde1c1a2e9195714da0a49732ba8a14c5885ebb5e3104c6e411c6a09c28adda49cf0971903506981c69ca43a19e1ee6beef2b55ce69afc3e7cd4e9d059f6f2530b52efc73e8ccd8bd1806358258deaf6dabaa25620c3e95736a9318cc75142b8868da0561d638cce2b4896c8cc7c0606687764cb89deaacb1f84fcb4ae5f36592fdce06278933ac5be93614032e66bf9649cedb7974973e827a04d4a8fd95f14370a5abcbd84130363b82b439a3d6115ebc01c9eb39a6ebc6eb1f8d603987bcfe23e39140f5bb0d3b3bb67c7b284ec8aa6a22e54cad7b983231921f4bac774a2ff2ae94495f5f806e48146bf1a0e0bf818fb13a6897986ed6d995f52bab63f35ab4e7d7905d0c9f1c40412c0c40dee6f2ce41aa3e51040eaedd4e653b30c89846fc6b10d2514d7a400a57ca33641b210973b9f6d0ca61b2ffe165aa25938c22e21e09df0dc0e380b065187d0d208ed28a3a5caf2b6d2a9fe7d01593754eddddaa9d1e84913359b021aecbbc4bc3a5cd278d9a2f8b3de625fd3e8cda236e18b80b3784eba6ad81ffc12492da27a5af5eafb9f8fd725707876f9fdc80ec5be9013f5cccde7c6a921fe5e96932e32aa189c0b9c079eb7e5b9c5d693f70ddb083c67f062b277630da5f1f70e360852e29f340d613a5083f6d40f587663c9d09516256b9176834e0ad4d2ef257acd96fc54ee92d7b45bc1d0024d4601d48345acedf3ff5c12e02fedc14bb09498a1807b5249fa75a7e9352045b304565108ceb7892e6edac37abf4bc1f562f3f9bd9a9ca0bdd9ad3369d9f6752b6534fd92653c1e80ddbc95db30353d5fc4c032558497593dd2a78c4edd2ccb50d648607ebaccc3ea0a6548b40b0de68309c67584e0f53a36609587cc5a60a4dc1e84f67d4e9adef8c20ff3a6491c5f29fc7822e683254c797369d4355567169cd1fc1a87996cae003deb67ce64f3fb4af75d55ed9cafb56ace9722edabaf0157a790235a7f75639f2aacf3240144b4e50d6c5cc38ae20ea4de542d3b560dd9c475f4c2e468883cce10edc4b3e4bdbc93a3b9b695b03b8f7ac158480dcdc2f2fc733c7009a7f5108bf9ec9472e0d4d4660671456fc1a6c2d8b31bfac67a9da930fda96b9c3afb4b3587348ab644e5f4f96f6b1e038dba412fd19d2e8d5279cee40e83e8b4840e3e9fe7c3f1c85ed2fd5aacabf318a07034377bf1631f54b722abf82413ed0bc3cd058b5021911ea61d8f54e808258ba93cf0ce24082dc44cf7d458ef1a28906a7aa9fc11a2ace13205a4829b282cbe00aa7634617dff4c654c5d3f561b7c1f45536e5a1059b0448d721dee58ccec8f869552a508dd1da00df2794c5095aadb798a5f3cb7e1362346b11b436354df94db47dc79cca4a60264a388cddb0e92a51562c11d2d0f9814750aec0ea3973d3f5e73386ea0c5ea235d34b6906cc77c54404f84478e400eb7eec15193066aa3b4c0921c28008a4b589a9aaafafd7f2077fe0db23b66935dd41f8fa13e33b2bd7eda305897c2840dad19f44c6fd235ee99a4dfacc147207d98274bbd0a89517eb1d8fcd0779c1eb2996120435b812f39c48e6433938ed1920c1602d33f91c693685e0dc77a333956b1645a22e6a6f1d6dc15d8aacb929fc87985415ac852adb4c4302754572f7a7ca3565d6bd8802d8d68dd808833c93dad358ac4101d72aba01478832616e65e36dd0fde48654fd687b853719fb7edbce92a8791fb40c1d475a015b0eaf4c3843c97c723d0a039e1a37a73d409ec6c72eec2628ea001f0c291b8f28fd62af26264ff2a12dbe8292a30aaee5eb023d56f29dd1fa72b13e659632c09aa1d1c6a7cebbeb84669e1b660ea18185fbcc81b258c8f0c7fa81656c1090285a3ec0769a1e96bade4059501181b46baa941455b7669cb69ac98062668e52a281ea1050a55ed408a23befa7b92f973c164f5bd0b0eff876dc726b5a1f0f1e08667184f8e544b30b547ff7dab2d008eb39394fc05e97d3ba65dc98e05a97f911e45a947fa1ff141486a4fdeb00731c203d00f1748f8d84ea0b00a17cc98cefe9d15fc7997e992655735bc35305fb764e17d0e7637777ddcfa9f33316d746230f44340c4c01b8035225beaea5aea64df1bbfacfc9670656e9d6ca66bc866a0a424ea086b696cbf530ebfcef71c6ce1d70c60e9e683a3a7f272480034b515b9b63f4004b801f20f37d098f47ba99035ddb768e7d4fda0a03270d48acc3696f5c560f4d9886cc128f133954d8325e9661f6547c01a1602b55f769af3a82d3e5779b9f217e10a4599c6ff1f3c04cda3bc2679ad663045190cdb01dbb7c4641e47b906de8cf64857669a2217c12334c167efee39a27ee3ec296abf5685332f68acdbbf0c2b578012979630f3cc9bc3f3422371cb06f16778b8188c0674d8302fb80abfd347ab36fb913a6ee40c8b46055d5c63d1a88a4a2af5a9682b754dfbc3c81571a8f841af8d28e2361c86d922445177089f0fd264889505767d243c980eaf94076f16dc771314bbcb0844279956cf7d24ad1ed2a917a149171fdd40a3bc805a5a3376cf45ba80b7d0baad4f0a3cce0c28dff8f274ea1d97c9cbd9b54f1e314b8da25caa58393868564074c3add910699a69e046fb5a838a7fd3973d45b7a158ae3b72b27c7b02e07152821cd35de845d86a16ec503423b96e2b33235e31cfc5d096c9d0ac31d7c5226abd6d254e376019c2a6a71bd4e67319ca2e17e53ec4ed92da410c20cd58d64fc5ec874b4baf6784005186cdeade0043c9f9f303a91d6b4212d0104654b8423c4b00f06b29a37a6fb59053b93683fe019599ad7b37e5e4c47b2137df965aabf067a9207bfc527ca906a4fd2b2dc9cf3fffaa8b82a1d570bdb2e609f255c9dd6fc65cd543c9d1b26416875fd44f62b56cd51f11c067546c922127b5bb3c7cf97ed4540d9f5a2162d769a9ad46c3967a5703eb1bc46d6dc35068a4b80df52040f3b3b633a0b4fe4c0b3a9ef31bbea7d5d4fdac3d2a4d7d3553a3d54ab2baae92494dcab4aa278faeb89722f655236d7428728637328c142886dc2217df606bf45262a6dcb3940f872eb76bc7714d634799ac36f3031a149754f24b136943c51908664e54014b5d293453f4580ed52cce70436d19c5a3c468599ce25ccc67b0dd1f7fcdc796bfcf9619a8"}) write$binfmt_elf64(r3, &(0x7f0000000000)=ANY=[], 0xfd14) 11:12:48 executing program 0: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f00000000c0)='./file1\x00', 0x7aca, 0x1, &(0x7f00000002c0)=[{&(0x7f0000000180)="040005090000000066617400040409000200027400f801", 0x17}], 0x0, &(0x7f0000000100)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') mount$bind(&(0x7f0000000080)='./file0\x00', &(0x7f0000000100)='./file1\x00', &(0x7f0000000140), 0x0, 0x0) r0 = open(&(0x7f00000000c0)='./file0\x00', 0x40c2, 0x80) write(r0, &(0x7f0000001400)="bb8f9f640903127a53527c6fbfe65d43b0e0586f2d40c7e7df58cac83420e83662d6e39bb6d5430622431454eedeeaee423d8f210bc3525fa7927c18d5fbc91ab13c2041136047d8da9375934d00f325499bfe77", 0x54) write$P9_RSTAT(r0, &(0x7f0000000300)=ANY=[@ANYBLOB="540000007d000000004d00000000000000000000000000000000000000000000000000000000000000000000000000000000000006006d73646f73000a002f6465762f76637375000a005c6a7d2f2a2f7c2c13283bbdc95600c0458506d779706f0a99949d331885f32b63d9c08f352dde15fbe6783d9e0cdbdb7c159fe615b81b88d3b076c924f9e6fb1b85abee07d8a1cefc53206303b279"], 0x54) 11:12:48 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000240)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) creat(&(0x7f0000000080)='./bus\x00', 0x0) syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) write$binfmt_script(0xffffffffffffffff, 0x0, 0x8800000) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0) ioctl$SG_IO(r1, 0x2285, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8914, 0x0) r2 = open(&(0x7f00000001c0)='./file0\x00', 0x4e141, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r2, r3, 0x0, 0x401ffc000) 11:12:48 executing program 2: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000240)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000040)=0x8) sched_setattr(r0, &(0x7f0000000100)={0x38, 0x3, 0x2, 0x100, 0x7, 0x3, 0x3, 0x4, 0xfff, 0x9b}, 0x0) r2 = creat(&(0x7f0000000380)='./bus\x00', 0x23) r3 = open(&(0x7f00000000c0)='./bus\x00', 0x14d842, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x12) sendfile(r3, r4, 0x0, 0x80000008) lseek(r2, 0x7ffffc, 0x0) write$binfmt_elf64(r2, &(0x7f0000000000)=ANY=[], 0xfd14) [ 298.035895][T26413] loop0: detected capacity change from 0 to 61 [ 298.051451][T26413] attempt to access beyond end of device [ 298.051451][T26413] loop0: rw=2049, want=64, limit=61 11:12:48 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000240)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000040)=0x8) r2 = creat(&(0x7f0000000380)='./bus\x00', 0x0) r3 = open(&(0x7f00000000c0)='./bus\x00', 0x14d842, 0x0) sendfile(r3, 0xffffffffffffffff, 0x0, 0x80000001) lseek(r2, 0x7ffffc, 0x0) r4 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r4, &(0x7f0000000300)=ANY=[], 0x116) sendfile(r4, r4, &(0x7f0000000240), 0x7fff) r5 = inotify_init() inotify_add_watch(r5, &(0x7f0000000000)='.\x00', 0x400017e) r6 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) sendfile(r6, r6, &(0x7f0000000240), 0x7fff) [ 298.094328][T26422] loop4: detected capacity change from 0 to 262160 11:12:51 executing program 3: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f00000000c0)='./file1\x00', 0x7aca, 0x1, &(0x7f00000002c0)=[{&(0x7f0000000180)="040005090000000066617400040409000200027400f801", 0x17}], 0x0, &(0x7f0000000080)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') r0 = open(&(0x7f00000000c0)='./file0\x00', 0x40c2, 0x0) r1 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r1, &(0x7f0000000300)=ANY=[], 0x116) sendfile(r1, r1, &(0x7f0000000240), 0x7fff) creat(&(0x7f0000000100)='./file1\x00', 0x1a2) sendfile(r1, r0, &(0x7f0000000080), 0x684aa014) write$binfmt_script(r0, 0x0, 0x60) ioctl$FS_IOC_GETFSMAP(0xffffffffffffffff, 0xc0c0583b, &(0x7f0000000300)=ANY=[@ANYBLOB="000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000300000001000000ff00000000000000d71f1e0500000000080000000000000039000000000000000000000000000000000000000000000000000000000000009e0f0000c70000000800000000000000000000000000000000000000000000000200"/320]) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() wait4(0x0, 0x0, 0x4000000a, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000002c0)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r2, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0, 0x34}, {&(0x7f0000000000)=""/3, 0x3}], 0x3, 0x0, 0x0, 0x0) tkill(r2, 0x3c) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x48, &(0x7f0000000300)="f43970da7cfeb6d42fd55103666c5762306aa6000000006e59b65f92b10000c571b846e84785185abde7d01894a79025a799ce07a8bdf0c91d32be313b558a8b5a3ae6a22cd7123b"}}], 0x1c) 11:12:51 executing program 5: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f00000000c0)='./file1\x00', 0x7aca, 0x1, &(0x7f00000002c0)=[{&(0x7f0000000180)="040005090000000066617400040409000200027400f801", 0x17}], 0x0, &(0x7f0000000080)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') r0 = open(&(0x7f00000000c0)='./file0\x00', 0x40c2, 0x0) write(r0, &(0x7f0000001400)="bb", 0x1001) r1 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r1, &(0x7f0000000300)=ANY=[], 0x116) sendfile(r1, r1, &(0x7f0000000240), 0x7fff) creat(&(0x7f0000000100)='./file1\x00', 0x1a2) sendfile(r1, r0, &(0x7f0000000080), 0x684aa014) write$binfmt_script(r0, 0x0, 0x60) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) gettid() wait4(0x0, 0x0, 0x4000000a, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000002c0)="0f34", 0x2}], 0x1, 0x0) 11:12:51 executing program 0: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f00000000c0)='./file1\x00', 0x7aca, 0x1, &(0x7f00000002c0)=[{&(0x7f0000000180)="040005090000000066617400040409000200027400f801", 0x17}], 0x0, &(0x7f0000000100)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') r0 = creat(&(0x7f0000000080)='./file1\x00', 0x18) r1 = open(&(0x7f00000000c0)='./file0\x00', 0x40c2, 0x0) ioctl$F2FS_IOC_MOVE_RANGE(r1, 0xc020f509, &(0x7f0000000140)={r0, 0x4, 0x4, 0xfff}) pipe2(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}, 0x4800) ioctl$PERF_EVENT_IOC_PERIOD(r3, 0x40082404, &(0x7f0000000200)=0xa00000000) syz_genetlink_get_family_id$devlink(&(0x7f00000001c0), r2) write(r1, &(0x7f0000001400)="bb8f9f640903127a53527c6fbfe65d43b0e0586f2d40c7e7df58cac83420e83662d6e39bb6d5430622431454eedeeaee423d8f210bc3525fa7927c18d5fbc91ab13c2041136047d8da9375934d00f325499bfe77", 0x54) write$P9_RSTAT(r1, &(0x7f0000000240)={0x54, 0x7d, 0x6000, {0x0, 0x4d, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0, 0x0, '', 0x6, 'msdos\x00', 0xa, '/dev/vcsu\x00', 0xa, '\\j}/*/|,\x13('}}, 0x54) 11:12:51 executing program 2: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000240)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) creat(&(0x7f0000000080)='./bus\x00', 0x0) syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) write$binfmt_script(0xffffffffffffffff, 0x0, 0x8800000) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0) ioctl$SG_IO(r1, 0x2285, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair(0x1, 0x0, 0x0, 0x0) r2 = open(&(0x7f00000001c0)='./file0\x00', 0x4e141, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r2, r3, 0x0, 0x401ffc000) 11:12:51 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000240)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) creat(&(0x7f0000000080)='./bus\x00', 0x0) syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) write$binfmt_script(0xffffffffffffffff, 0x0, 0x8800000) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0) ioctl$SG_IO(r1, 0x2285, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8914, 0x0) r2 = open(&(0x7f00000001c0)='./file0\x00', 0x4e141, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r2, r3, 0x0, 0x401ffc000) 11:12:51 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000240)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000040)=0x8) r2 = creat(&(0x7f0000000380)='./bus\x00', 0x0) r3 = open(&(0x7f00000000c0)='./bus\x00', 0x14d842, 0x0) sendfile(r3, 0xffffffffffffffff, 0x0, 0x80000001) lseek(r2, 0x7ffffc, 0x0) r4 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r4, &(0x7f0000000300)=ANY=[], 0x116) sendfile(r4, r4, &(0x7f0000000240), 0x7fff) r5 = inotify_init() inotify_add_watch(r5, &(0x7f0000000000)='.\x00', 0x400017e) r6 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) sendfile(r6, r6, &(0x7f0000000240), 0x7fff) [ 300.851614][T26454] loop0: detected capacity change from 0 to 61 [ 300.856582][T26455] loop4: detected capacity change from 0 to 262160 11:12:51 executing program 2: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000240)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000040)=0x8) r2 = creat(&(0x7f0000000380)='./bus\x00', 0x0) r3 = open(&(0x7f00000000c0)='./bus\x00', 0x14d842, 0x0) sendfile(r3, 0xffffffffffffffff, 0x0, 0x80000001) lseek(r2, 0x7ffffc, 0x0) r4 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r4, &(0x7f0000000300)=ANY=[], 0x116) sendfile(r4, r4, &(0x7f0000000240), 0x7fff) r5 = inotify_init() inotify_add_watch(r5, &(0x7f0000000000)='.\x00', 0x400017e) r6 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r6, &(0x7f0000000300)=ANY=[], 0x116) sendfile(r6, r6, &(0x7f0000000240), 0x7fff) write$binfmt_elf64(r2, &(0x7f00000003c0)=ANY=[@ANYRESOCT=r4, @ANYRESDEC=r0, @ANYRESDEC, @ANYRESHEX=r0, @ANYRES32, @ANYRESHEX=r0, @ANYRESOCT=r5, @ANYRESHEX=r6, @ANYBLOB="4193394078133293b46b3458ae5efb1fe1af33bae0091dc86ee965e4fc929cfabcd5bef4730a9c6a5a22253fb373b677de28550a8932e4b4f8a6044b17ed54d849e352bad25f66bd628c55a9fea4295f90b0f94044e72d8c397e34687be5875b8927f6b4758542b4cc26bad1dcae2321399c2260683c3fdb7574466dd327e6f114a7bb537cc9b716f9cdc969a6a7be5be854eb859d1bbab0e38e0156272b089f4ad91e6da9f4f5b53f75eee7664eee376b8be3c053f4659e40531344dc6c6e8e175d2e0182af22dc203fa1ef3879980580a68d58bc3733849627ffa073217eb1800ef9e391b9f33920a4db1dd70e40bf4cdd9692afa005318af92181ed5ec660ae2ff6f004e0d64ed76356a99c3f62287f0fa1dc3efc398f700d406987ee69e6ea7f6870ae3388f4df9e58c7af5a2bd873e8475e1d688733bfbbb02a62eab24eacfd1bd68fbcb088bdc023ef2cd211c0484e2a79b75abff6203a1e094cc29756ec801c098128d83beda9cb8719195eb446b4289193f41f71f1983b2ace19a7f6f2d9276444561d999718ab6fa4d8460f641e738f839b8ee92bfe089f08dd93b40e7fa80d399e244c8993b5be8386433aa9583755b4fc409bb488d8fa21df58c4e9b4887adbf804082b181e5a5c66c4a51edd8825d7755daa2eec4a6614e9a2b8737c6f47e42d32511cb2238987beccd46e5830614ca2fe09069b0ded41a329b92e51db217f548ee92573f7ea331724b0c4d8f2081c1d2778e68904ae8fab28bc225f9892d3435619a154124a5e68aa70e1bc2d0b3c2362e1c78958fc78c6205a427ba8c959746b1f2ee22494452a529a9d65c898cb0707d192f063c1ea01975353828ea28ceaed73615493cc6847e27806203bfc129ef04724528dc81ab5131a8905a99b9c2f5f7a9316d7ef9e8490851f48e4b097280a16409c63c35df8b18ff3b7d945eeea58f17681a80744313c246407c0ecf4672b5dcabefb30a40be1cc62a00dacdbf7b10dc16f5ab4a8450092600c15f1b71bd47a7d7286f2814257d84cd93004ee8e8c5678f755f10ed3458b0c5e020c629fde16e01d094bb5905d17ae8cc6d95542573d7ff483743b2fda954411112f15e5f3cf3c39b7d457a2a63b0df2d974b73efa48b788783c2727b0a863afb755c907c7ec40a1f4866bdd1a2b7edba0bfc5305c8385a3a7300ab8866c38d90d57695fa5f618506311f30b8a00ca9456cc79a156de34e899ff014c291662f55ecd9fc6795e81a2be1bbbd12eccf76f91ea309b93cfe57c193c22458d8703d164c60324631e3544413ada51d33c833a1e736d48b1c7d6648b8f956fb9fade1e3091a0ade0782c948bf4c9db8829a580104115cda218069645144a02bf27808a32a1a1fb68a2a5fc9929ce503cf26c87715947d4b46c9229e22acbc752bcf7c069b49f7d77b75480975ecea187530bb46c3bab86eb67a9dc8dd1f8ca076fe5e17bd695dd0cc658efa55494f3c449cd8bed281aee1fe85b93133a1b47c4199518b0e915e9283402ef8c26cae02324d3f79c83fc58e49f642b7c4538b28883af3cec61c339621f9390e8d33371b4bd13fa8dacf848cb69103a972917bb4fd9bd9c72eaa0193c68389729ab29094c76fb873210f5df1bb394ec1d8366411089257acd0d937d5b593d79910342a0cf02ac9bbd3b6f4391005ad886642ceb71a24cd3e97a751943b73a2575902cc20d7c6cc1bd7b8d2142cdbf61f33cab548e49e07d23e00515c76a945e60c95d1d482c2926ced00076fcb97dec38ae5ed65b3a5038088251ebf509f5ec3f237c574673d006579ff76fee39fd88db900bc6ec5acba161a2d6e4b626a4c68098b2c42ca77d92bd7287a39e7b210d98ea542754d15fbf4208fc946b916e4d155692f3949e4999073f766b62208af3fd606b55ed8226e0593b62123802a8b0e00ca34f60144989922fb901b957a208cc18aec9b6c5cf4310729fc8850421e49139cf53c942b23154b1e4e9d1c4e075be515bd26dfb2e505139d7e220bda81b58fb9d91c0eb29e540fd691603fe006d844a8aafd8a91004051ce1655ce2646bcb91ef2db605f8194d8ad1534e2c513a26c2ba432502db3a6083f5eca2e48cda1cc56b784cfddacbaebe73d5fa4483d080a657e4211a90f02af2341eac40fab7c789819b599658c3a6513319c159948581aedc763564a361a60580709b82c4f152b618346b6d6a0db62f44eeeb4c6cb8108357da45b7d91e33b9db2a489b154adbe8274793dc43b90617bd692794739918dda94eea5407fe3984b72dc0e3b7e8c29ee7bf61a2ee628be027cabbcede3682d8d7aabf46f6c55f280cc6c81147475c610b73138451bd6b2a60beb0e098351eac81946c5f5b631b699b0d1dd3b36d9b89327ff640f3cad44d92bc8185e8246090ad25146f2816460437cc35978ee841b8bc3e6deca39db0fe65accf6c1cfb95e34d3f0673a16b03eda40dbc86c37be550cb06b920890d4a5663119f36d1a95e82067b027178a8d8413cce2e37bd15d4c34627e7cdb54e2b9a36c51f0619811bf475f23da66a423e1b6a77d1fc7e0a16ad71e9f3a22561dd3427c23e5ae3b72efe0aa77d4cea8eedbc440b597faacc826da0a0076edea8ef332fd7e3c6884ef839be8382e3154b3b5802b2721c81b3bc9434efc2bb5b5f9d30f3a566bd6b9278cd65d4192c444f0462c4ddf060945fce349d04523cd9b337e7cbab42e91edf31b1886045724393c567bfcc501f2dae8cb0a01533b6f962a291d4fd2da7c7b0cd07de1f011d204c063660cabe2a36c93104df0e3a5ef9ba450006f124d8a05b00f08173043d2fb30f4fc6eab1f050ae3565361781b9a5f51de8d775d29dfb82cc41223802e871db46223884ce475129a4fc14c7662b57b9a642583fcc2fa5415f5e731ed0f7d1ba6b0d0092a88372e5130b212cf736bfb7cd0f6fb9a32337a5cdd1f096ebcedc86e4d220c9a7ca35007c997657a45818984c61923e50dd502b72da52c1ba985f089b2352dc18de7d4fd87ad41819dba7bb9d6f71c40b07a20261990b6954661c01651ea18e272aafbd499101d141843afa7e4851b02a5c19a4e2260fe2bb2c5b0c6d131114475834f9c759f91c3c882c4aaa82d1e661c4b9458b35ff8b6a3ab432e65abf95e0e490894fb5c740c2f080ac2d2d001c999d60b8a208af9e55302358e352c6ce026b1ffdbc0c6494f755fa9ade700e77ca4a266f5bb7f9a376dc1dc15eb8f6f449850b970bfec11979f5b24529d9deb90ab76cb2ba522228378f429dbdde0e8dd65b17e7fa1c9de00a739581b8d0b9cffec47f07c8614a28a099a1c3a5711c2c3f679e1df699d8aab775db26dc48e4c00078749383831578c81d01f0da8830c1760df224efb9013a8f70e68ba2d1e971e2316099434d6d12be841de5d708e743c08a12b9b0d282ff0c7ac7fa358ce0dfe90be2ddbb54387f1e2b1228b7c354ab2fd4289b1283c6165199d54b409deaf5dad0a62c3386dc7b0052d468a2ac344403e27775dabf25c246c69a5263daff26524b770856b489e06d0640840ff20bf07c2dfc2eed3f0c01db2ee45b3faefe09b7214a51ae446da9073be8bf029d3c5f97f7f8b21ffccd2c596f3fc05333b5239b1036d89fea1ec3379942b97b89a39ce340809db699605c873049879ec3cf326576b618d77b8fa11d3a27a4d17fba6ac04f73b56cff78cce1458fbeac7ce7eec93be96a5e19d2da922851224915cdb20752a2198f974b7ba41fd6a73232c8fdf01b4f528362d7d231602a5198a36491f5541673a4657a65487e3beaf547c18b66f830df8aa0696ecde800accd565688aa1f0b5f7732abddd736c45f8a4901a4887f009b76654581aeb0a2706e927902d4571f7ea7079ef657a70e71d71471404ba5e5d90ee5297a2863c7ff70046927510208c0995886ca65a701bfcd60a2354d95d2de55fc22c82e373a516f51c34561ec1b12aaa860aa3233859342d3849e23503d83e71f8737670da2251a12c995082b99858e662ae0b3b74670e77ca53d3943f922a66638b68cab892cda6592d29e857372253c0f87f718d40515e0f685b4e6bece6c65a2efa8ff06ee76a2703174d4d3f4691f324bd0456e7afb27ced76974045c6cb2c0820ae6bd948641c09f580803496e2042e245c6e2e32251736356755bded4ee8d1afeea41e05c127300f204152678624b20e4a90fddf5b11657011fb28fe28caa74fad9269fe8ba0a77b27ba4ef5477a0d4f1953b454257045b3434f163cc141a5d7a748de679bf5731ca5d5f95ac91e435f4f05efd8c51e4533233e0c315d2d7a4f678d0b882210cd10a7531e5611b13746203827bee59479d1507194e99862360fc069b2840771787809bc617430de1cefe015f050019391ce07f34f03a184797e6f43c5562f26d226a3672e662b36714e47007c9dbd86e4af4e9d622b792e517c2e0d7d6a2523f8e7cac98deca3992fb5ee7bf5a222cc50c41aaad73df87e26ae413feea039fc4b218e911bbf6cd0e47b3546e5c58567426150f20dbc5fec2601d6d6bb363dcbc33b2c92ac8de4dba6f5f8ea9ed5d43013c3cdb6f743f4a3ddd4935cc58f2c2631ea9a33942262e084f94d18159d1b1b7fa9302cd27512c49d2341ce7d3e8a6e9faaf4aa795c8467962dbb55f832d3a4abd2afb3de9351600b21ef59d2b54e3d98f723e9258f5c0afafdabbd85a0183c694510a11a74ba79dc2250573f00e675c1bf53586c056387c7a080a77733cb1b7632d6574d5fd6d870a32c501d00a6a408a1ee940ce48c1e3ad3fe8b309b60527bab83d15c7e3857b964b1fc1761a9e1ecf360ffc80ca183c174a48731aaa27f062deb93080fd5171f909000dd96debc1ce38db303bd9096896222b83e566a9ddfef6120cb7212f839af33c8148c1ea2813ab89824517d585ba78f17281945a61711a7097962e803c636e667c208fce75761110d0d89372960e22b7afc880c19acd92ae00a5f4e6b013355266079b92501002964c3c48940f8f98170009255b093f6f0b297c845660784d1d96bb95a13b3cc23f21b64b8036e45c2dd392dd6b3adaae25cd75e5a035a988015bc1140cfb790ff5f9651feb7b8f57604ab64812c2904fe69853d47095f6ef95f0f13294e382c18cfa2166e2a27bfb90c38e21efbd73bdfead55a02065da260fa0362bc2d73230ea2377e3f7f9de99cd9aafd0613c34d74f5e9506ee79391ee571b391c1ae70fea4d1738edf206ffb69060ef3a607a24e6dcb6b5421a14f8a5e80e6d8d3cb473468f86f6b8944670bfa055d212f341dfc81ac39d8fdec489a50c815d3d3e8de1eb34e61cfc07b9b4b2dc19e4c55dab620be83af6076dd7b2121a1b3684473b3b7a469f772032e6468a4aebe5d10b866202371113b0bf52cfc04cb63e6e18fbc0899d407c93fc5c006f60bf3ff96de781831b36101895e801a2885c555408ae37ee768f4a3edf0c97b095a2c72cc068e7bdd1d4b9269bdb0ac3f34335d320c72dbf67c61994ed371ac4e191e2c7c520d7efe7630376794c17198bc1771fb7e30b25057a3164fd03f95ff69a1b9f156293c41926e1e81b91ee30cbea8172c7c31695e0fb5cd836981439658ad644925dcd67379cee016ea5335fd3911783430258b8e3b142c37cfe0373e6836ec008e84854930dcf4e61f8f86cd7020fb3fff6b2df8027752141536900e6a723cc336c6984e344cb340ba849b59072e890d23139251fa5db9c80dffa6a507085c454369c5c35c8b27f59d22a0eaed6fa9862364efa26989e6c0c56e1d00", @ANYRES64], 0xfd14) 11:12:51 executing program 0: r0 = syz_mount_image$msdos(&(0x7f0000000040), &(0x7f00000000c0)='./file1\x00', 0x7aca, 0x0, &(0x7f00000002c0), 0x0, &(0x7f0000000100)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') r1 = open(&(0x7f00000000c0)='./file0\x00', 0x40c2, 0x0) write(r1, &(0x7f0000001400)="bb8f9f640903127a53527c6fbfe65d43b0e0586f2d40c7e7df58cac83420e83662d6e39bb6d5430622431454eedeeaee423d8f210bc3525fa7927c18d5fbc91ab13c2041136047d8da9375934d00f325499bfe77", 0x54) write$binfmt_script(0xffffffffffffffff, &(0x7f0000000300)={'#! ', './file1', [{0x20, '[#'}, {0x20, '-.[[,!'}, {0x20, '\\j}/*/|,\x13('}, {0x20, 'msdos\x00'}, {0x20, '/dev/vcsu\x00'}, {0x20, '*'}], 0xa, "ced9aa2dbbefa058ea8cb4b92d272756693f2d07d8db31ff263d398a40084d5ac29ba74eb8d2626cc49d9baac984988d103fa4e870259fa1e3c1c888e15593ececccee831920930e58c3bfeacb9dd3f1d4549ea3550ba5d9d2fefec1aed6e56bb15ec52266f219094c7b13cd075cf3ff8347cfc205304dc61241ad9c0c1dac92edb783e3d3c76ea17164d8cf54bacde4239c230b0842d356ad868ed54bab86243729bcf12af14e7bfc648c12bf"}, 0xe1) close(r0) write$P9_RSTAT(r1, &(0x7f0000000240)={0x54, 0x7d, 0x0, {0x0, 0x4d, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0, 0x0, '', 0x6, 'msdos\x00', 0xa, '/dev/vcsu\x00', 0xa, '\\j}/*/|,\x13('}}, 0x54) [ 300.910443][T26454] attempt to access beyond end of device [ 300.910443][T26454] loop0: rw=2049, want=64, limit=61 11:12:51 executing program 2: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000240)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = creat(&(0x7f0000000080)='./bus\x00', 0x0) syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) write$binfmt_script(0xffffffffffffffff, 0x0, 0x8800000) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) r2 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0) ioctl$SG_IO(r2, 0x2285, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair(0x1, 0x0, 0x0, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8914, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8923, 0x0) r3 = open(&(0x7f00000001c0)='./file0\x00', 0x4e141, 0x0) r4 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r3, r4, 0x0, 0x401ffc000) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000040)=0x8) [ 301.051312][T26484] loop0: detected capacity change from 0 to 61 [ 301.064990][T26484] FAT-fs (loop0): bogus number of reserved sectors [ 301.071870][T26484] FAT-fs (loop0): Can't find a valid FAT filesystem 11:12:51 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000240)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000040)=0x8) r2 = creat(&(0x7f0000000380)='./bus\x00', 0x0) r3 = open(&(0x7f00000000c0)='./bus\x00', 0x14d842, 0x0) sendfile(r3, 0xffffffffffffffff, 0x0, 0x80000001) lseek(r2, 0x7ffffc, 0x0) r4 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r4, &(0x7f0000000300)=ANY=[], 0x116) sendfile(r4, r4, &(0x7f0000000240), 0x7fff) r5 = inotify_init() inotify_add_watch(r5, &(0x7f0000000000)='.\x00', 0x400017e) r6 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) sendfile(r6, r6, &(0x7f0000000240), 0x7fff) 11:12:51 executing program 5: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f00000000c0)='./file1\x00', 0x7aca, 0x1, &(0x7f00000002c0)=[{&(0x7f0000000180)="040005090000000066617400040409000200027400f801", 0x17}], 0x0, &(0x7f0000000080)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') r0 = open(&(0x7f00000000c0)='./file0\x00', 0x40c2, 0x0) write(r0, &(0x7f0000001400)="bb", 0x1001) r1 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r1, &(0x7f0000000300)=ANY=[], 0x116) sendfile(r1, r1, &(0x7f0000000240), 0x7fff) creat(&(0x7f0000000100)='./file1\x00', 0x1a2) sendfile(r1, r0, &(0x7f0000000080), 0x684aa014) ioctl$FS_IOC_GETFSMAP(0xffffffffffffffff, 0xc0c0583b, &(0x7f0000000300)=ANY=[@ANYBLOB="000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000300000001000000ff00000000000000d71f1e0500000000080000000000000039000000000000000000000000000000000000000000000000000000000000009e0f0000c70000000800000000000000000000000000000000000000000000000200"/320]) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) gettid() wait4(0x0, 0x0, 0x4000000a, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000002c0)="0f34", 0x2}], 0x1, 0x0) [ 301.120901][T26484] loop0: detected capacity change from 0 to 61 11:12:51 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000240)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) creat(&(0x7f0000000080)='./bus\x00', 0x0) syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) write$binfmt_script(0xffffffffffffffff, 0x0, 0x8800000) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8914, 0x0) r1 = open(&(0x7f00000001c0)='./file0\x00', 0x4e141, 0x0) r2 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x401ffc000) [ 301.168469][T26484] FAT-fs (loop0): bogus number of reserved sectors [ 301.175436][T26484] FAT-fs (loop0): Can't find a valid FAT filesystem [ 301.256397][T26515] loop4: detected capacity change from 0 to 262160 11:12:54 executing program 3: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f00000000c0)='./file1\x00', 0x7aca, 0x1, &(0x7f00000002c0)=[{&(0x7f0000000180)="040005090000000066617400040409000200027400f801", 0x17}], 0x0, &(0x7f0000000080)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') r0 = open(&(0x7f00000000c0)='./file0\x00', 0x40c2, 0x0) r1 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r1, &(0x7f0000000300)=ANY=[], 0x116) sendfile(r1, r1, &(0x7f0000000240), 0x7fff) creat(&(0x7f0000000100)='./file1\x00', 0x1a2) sendfile(r1, r0, &(0x7f0000000080), 0x684aa014) write$binfmt_script(r0, 0x0, 0x60) ioctl$FS_IOC_GETFSMAP(0xffffffffffffffff, 0xc0c0583b, &(0x7f0000000300)=ANY=[@ANYBLOB="000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000300000001000000ff00000000000000d71f1e0500000000080000000000000039000000000000000000000000000000000000000000000000000000000000009e0f0000c70000000800000000000000000000000000000000000000000000000200"/320]) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() wait4(0x0, 0x0, 0x4000000a, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000002c0)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r2, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0, 0x34}, {&(0x7f0000000000)=""/3, 0x3}], 0x3, 0x0, 0x0, 0x0) tkill(r2, 0x3c) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x48, &(0x7f0000000300)="f43970da7cfeb6d42fd55103666c5762306aa6000000006e59b65f92b10000c571b846e84785185abde7d01894a79025a799ce07a8bdf0c91d32be313b558a8b5a3ae6a22cd7123b"}}], 0x1c) 11:12:54 executing program 2: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000240)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) creat(&(0x7f0000000080)='./bus\x00', 0x0) syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) write$binfmt_script(0xffffffffffffffff, 0x0, 0x8800000) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0) ioctl$SG_IO(r1, 0x2285, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8914, 0x0) r2 = open(&(0x7f00000001c0)='./file0\x00', 0x4e141, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r2, r3, 0x0, 0x401ffc000) 11:12:54 executing program 0: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f00000000c0)='./file1\x00', 0x7aca, 0x1, &(0x7f00000002c0)=[{&(0x7f0000000180)="040005090000000066617400040409000200027400f801", 0x17}], 0x0, &(0x7f0000000100)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') mkdirat(0xffffffffffffffff, &(0x7f0000000080)='./file1\x00', 0x100) write(0xffffffffffffffff, &(0x7f0000001400)="bb8f9f640903127a53527c6fbfe65d43b0e0586f2d40c7e7df58cac83420e83662d6e39bb6d5430622431454eedeeaee423d8f210bc3525fa7927c18d5fbc91ab13c2041136047d8da9375934d00f325499bfe77", 0x54) write$P9_RSTAT(0xffffffffffffffff, &(0x7f0000000240)={0x54, 0x7d, 0x0, {0x0, 0x4d, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0, 0x0, '', 0x6, 'msdos\x00', 0xa, '/dev/vcsu\x00', 0xa, '\\j}/*/|,\x13('}}, 0x54) 11:12:54 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000240)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) creat(&(0x7f0000000080)='./bus\x00', 0x0) syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) write$binfmt_script(0xffffffffffffffff, 0x0, 0x8800000) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8914, 0x0) r1 = open(&(0x7f00000001c0)='./file0\x00', 0x4e141, 0x0) r2 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x401ffc000) 11:12:54 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000240)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000040)=0x8) r2 = creat(&(0x7f0000000380)='./bus\x00', 0x0) r3 = open(&(0x7f00000000c0)='./bus\x00', 0x14d842, 0x0) sendfile(r3, 0xffffffffffffffff, 0x0, 0x80000001) lseek(r2, 0x7ffffc, 0x0) r4 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r4, &(0x7f0000000300)=ANY=[], 0x116) sendfile(r4, r4, &(0x7f0000000240), 0x7fff) r5 = inotify_init() inotify_add_watch(r5, &(0x7f0000000000)='.\x00', 0x400017e) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000240), 0x7fff) 11:12:54 executing program 5: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f00000000c0)='./file1\x00', 0x7aca, 0x1, &(0x7f00000002c0)=[{&(0x7f0000000180)="040005090000000066617400040409000200027400f801", 0x17}], 0x0, &(0x7f0000000080)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') r0 = open(&(0x7f00000000c0)='./file0\x00', 0x40c2, 0x0) write(r0, &(0x7f0000001400)="bb", 0x1001) r1 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r1, &(0x7f0000000300)=ANY=[], 0x116) sendfile(r1, r1, &(0x7f0000000240), 0x7fff) creat(&(0x7f0000000100)='./file1\x00', 0x1a2) sendfile(r1, r0, &(0x7f0000000080), 0x684aa014) ioctl$FS_IOC_GETFSMAP(0xffffffffffffffff, 0xc0c0583b, &(0x7f0000000300)=ANY=[@ANYBLOB="000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000300000001000000ff00000000000000d71f1e0500000000080000000000000039000000000000000000000000000000000000000000000000000000000000009e0f0000c70000000800000000000000000000000000000000000000000000000200"/320]) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) gettid() wait4(0x0, 0x0, 0x4000000a, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000002c0)="0f34", 0x2}], 0x1, 0x0) [ 303.880728][T26537] loop4: detected capacity change from 0 to 262160 [ 303.887701][T26540] loop0: detected capacity change from 0 to 61 11:12:54 executing program 0: r0 = syz_mount_image$msdos(&(0x7f0000000040), &(0x7f00000000c0)='./file1\x00', 0x5eac7d72, 0x3, &(0x7f00000001c0)=[{&(0x7f0000000100)="e2f67422daa1f34da1c9ffa8471113e1e4a25300a7f2d9fe2482da00b744d5ea914bb5b5039294c6c328570a6e59cac291301cf36ebef340eeeb15d5e0887aa5e246e93c34c4c1a85a3891374bd7c125a349cf5db5fae501999b85c18498a55cc197dc8a266771bed9b147658e55d2f86d7ccebf8b7a4b961c0b0772c3bd31e6ad9860ac5e18e353463f91", 0x8b, 0xc7}, {&(0x7f00000002c0)="2ee2bd1eeaeaad2593e6ad1cc2adbc37e2fbfd8475d5f60c67d1a546be9a58f7a22aa8f44717e371c191004284bbacfdbaf67d3e0708fcffee373b3ed9112b644eb5fefc878dcab1e9cf75f72379657b1279c4d85f994158861d6efe4325c13e8be2cb7e1a605e0644788598d4f2248a829b40ce05e555fd86708a8c993bb9340ca63fc73f751d9e4c9d1cb8bab7a051", 0x90, 0x8000}, {&(0x7f0000000080)="1e36eff4ddc7c9830aef87c5467027cd748a1788a472ca907adc9fd3dca399b9b34f", 0x22, 0x100}], 0x1000000, &(0x7f0000000100)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') r1 = open(&(0x7f00000000c0)='./file0\x00', 0x40c2, 0x0) write(r1, &(0x7f0000001400)="bb8f9f640903127a53527c6fbfe65d43b0e0586f2d40c7e7df58cac83420e83662d6e39bb6d5430622431454eedeeaee423d8f210bc3525fa7927c18d5fbc91ab13c2041136047d8da9375934d00f325499bfe77", 0x54) sendmsg(r1, &(0x7f0000000900)={&(0x7f0000000240)=@pppol2tpv3={0x18, 0x1, {0x0, r0, {0x2, 0x4e22, @empty}, 0x0, 0x3, 0x1, 0x4}}, 0x80, &(0x7f0000000480)=[{&(0x7f0000000380)="70f91bc11b81015257d58165d4684123ebe8d055ecb550fcef1916316b54b7632daef534451af70f3c69ee98bccc4336621390b7d671b02e50b28c62eb04ff5954ec0ce4d81b2099ce9aa7446be62533613ee33788eaabbb4b772e38b4d789179493a069a7fc83ed5a94098362cbc356af1ff60ade5ff01b7340e4ae0ae5ea45775053d225b93aa6749463aabd39bdd5d64ac3dbe7b1a0052fe7f10c5e7c8c9ed320c8f69998ba7ce0666b8e3fd96d98f0822ba3c71697762b72bae30eefb6d72114cd18cb69a1d09ff39abb788efa0656f60aeab972ae69e6be82f4400c5a7ef7769edf43c5", 0xe6}, {&(0x7f0000001480)="31bad8dad3cc554b9258ab041aebfe1b4de072307643b3cecb89afdc2e796b60e606b8705a29cb4f0ddfc0928367a162b596a540e45bf7689c9a010cb15776fc6600ac940a9e51cae19408251aed388f163f3e325e071644ed19a0c36fe383c428d93699f6ead20ca449b434e30c67c56175a208c01282896b957c7c7d6801134afcd657b858d8f4e5847421246e169a4a692e4a3a9ea804a9d77dd05f8a10c2280f2600a602f3565fa5f91dc97b6d7c13b98b3598a2598f65df676fbf8b55a2685944dac9126449bf88be728af2604e288a5d406a233edafc63020619d9ee8b64857c53efecf5b12e6128b83085af16dbb290538b26b8e7665fa22a609a51e26d84298dba56f9acad4132b56ba8db4078e4f90ab99042daaf922fcc5da6121be2a416726846942b1dd7887acb2e4ae8e56f9fd5afe79dcb4a3f8b298c4258afcbde1a5b4d10421b6b408c20ae8dd07c85578c253e92241ff55622764f81f7c4e7b23a3016cf9f9e4e5e214a6a8e17daf2a55ca267dc5acc276665363636643c46c7490b4ae3fe6b59c08132cd7a581b297c672a0e1c8686ea19c98f1933ab8089e226fa8d7100bb9561adee818edbc24f8bfb2aff0056df63437e153d634a08235725725acb0398729c68511a7ad6cdd1a00e1c63e1a6f8e9282fbbf5774cf458aced2903c0d25ed0074161f7344c2f6f138f613d356446050087e2f3d7f9447a866fc91161fd03ab424653ca65ca38d379e3a519592a1975a4dbca70e88841ab0623d2785281c405535a4664d4d285d5c5b306283f67a9f936a3f21b9bce3d83a1e72ecfb63e93d634f9fed8f5281731bf1e26b6cc08b9ba4b83521cf30101365d3260f294ddb778a05b3c614e9d45a55ae2b173ca9d6a27fd3b4fc3d6eefde0ab15b6cb332c68abe8f9e99ed79919d3ec072d66414b9a055acc338a4377be1cd61071c960e6681af23fe37c52c3c1c0c7158401a4b5eed436251dd20452039c8625f115d20dfb2917786122a429ac7dc660e584dd556f2def18e6ba1c8e21c9a7f8c7743cd68c7c5e4a542a0c12975d86f728c7acc57c354ed8a1ec07f7753f95143664308bc3ebff1d515e61530cfd05bb076b6bf062e212b106df200732921853acb87ea2e9a2331665bcd037b1cc08468df6b72c7d28085a731f5360360a5118a2f21ef1950b21efd478cbb1aaef13f57354889da4f3785f599829d8969c5b4dd87caf78b5fbec00effbf8337ae53068ecf0346e8d4aa76db9e3746a7fe9bccc4bf708f5bb42af77067e0dbed46d8080c49e68fe76a83712852cf78765f7ed48553ea95db7db927b7bc05ac0fc16a9fb4f04ee80dcbe3c698f657417ab74faf72b54a042044df6808fabe9df45a8f9288dce709e34618e4eae9886e16f73c7d1aac98348af2faf22e5601238b89d30d207e3fbc2c0a545ed6488d58c9b7a84818599c8675bdee23d592fc8c947013ac01436bb10ee0769145bb4a8697764227816d36f0363ff4a64cc80b6edd9d3a034b78e5f768c11d2ef0cdd09c58f5dba314a4dc815fd85696a51a86b82cf4a9ab355d75664f7969204e2ac710f2b305edc06d4518b48e73acc29be6361ab0f7f016732a6c9ed5ad6b671d88339df800802e13e71f973e0a4edd28eb6f940449cc2f58a5eb2eef1e6a293a14c4b417655ae4f7addfcd4aba135ea7a550eb8241614fe21476217035fe5986fc25bf7594809ede3e1a5f87c1a79cade02b9bd0556ab6bf5f20b6901884544659ae7c0f0beb0f3c0fad94a1d5b78ec8631a0b45c7af538eb151e4e09fce2ac29d7d1548eaea29b67ca63ddb3e5296ab64b964c628f0882294fb73b9203ff0f5e81cb66cd262bd5e643b639067fcb36ffdd54e73ec408fdf328de305217301ee90ed7b780cb68a9f364ecf2ea5c261918efa0231554e2f9f612454b4b5e0a56589fe1c2655ed01886631a50f6b4e36243ff7e0c31eb664872c5b46d5a9840ab4ac695f3c3632cb9e5d4906c20713c73420f3406e7c795f9986bef217c3a170c25eeec03915d3fb5147cf4bd10e1ba1a5f53f73a546bc903d71881ef4d0aface1452ebab1372ee91ae99fd5d04044ee090a33c4127c234fa22526eef9fead35d3e4881a379d2a2a374ebae4d19798ec452246f544071834e5cbe7081812fe0a4e30d9698a2a4cf34e148ccf9e08578a306e9d3e7fd8afea689e7a622191d748edecef70a475aba5d236b5304321293abf83ec6745ff5b4f946857818c8542e63bce14dc7ae0f6ed1803cd70edf74fd913121c775e852d24ba4b5259138d8c0afeea58a1aa797d97cc15d6d232e89b8391e22e6e3fc267306d3965121ba0a0f980aac77e32fa90239b77528b3b8bf65c061389f6894f81aba195c60a23e107d1a7c079e92c01911e2c1ae68758be68cbf78a8bd379e45b3160c78738a4f15c3668c6e7f279931729d54636169291933b93175fefa2b15d9203778865734bb752663c982bd492aa3736c1cc54f938dbc61133888c6403bc82d0126daa033bc0d30119d65e5aaefc1fd2b58931c23b71a5bf9f2c6bbaeb7a3f17b4460cf58c51de76662e12d300778e1882fdf233d93e75391978bfc61f3c5b04f2ed5558c7757f946e0feb7330fe974f41fcf95734040b5955d96a942a3485ae69e8ae10bc2212768027655248aee3a150893d977624277fb85f2eda9b01902cb7899ff272e9816bbea88b40a28fb594a8ad058a186410f765e93b5a737a6f66195a57bcbe9dd4ecf39ef1f34fca10d1f054e4bfe652996091d2bb4e7a31208f506f9b4d3953ce45f5a6a23956e5e397a26c96a3e337707660b7bb013ff79e46308d1bb0269c57e7fc769c25d57cfbff5c8e4a7c8702eb73598d06a84df233bde5c3d418aab9ae250003c1a237ff0dca9f5e4eb81eed66c8308d8ba5173f29916ad47e0261d852eaee49dd92d9c48518a78a164d4a6a5ad8aa3a408f065029b33f71e7f0d10f0269b123a04cf03963a9bfd7ceece1b3ca91db5353f29b65e463365a051c553e524c22bf5384e12d829a2b3986b66836628103ce974e022317721bb2badf6ecf12046f2903947640e3d6e1f7ccb12bad99155825fe8aabe2142dfc2a298adcfeafef0c32642c51509273239a485efc87a0f6f97afd772074846c344978723bf14173b9437d24bc01fd466632a273e8bcf5b07463d6749097531d0cc4783754dcc81b4deeeab5a153930598bbb897b672a26b61f2ffeba7812e81b566a22b7458babbfd42a908396c2e5ea47d1c828166a138b0d37da60d696fd551d803400455563da032f71ebc31147fc771671fa5ad7b7a4acdfc9ee07bd80c910cfd61f49cd09770d60ed3393d86fb7f946b20dca72045f23d87b4097309861759eafabdb4b4d47829bdf2febb3899ec781c308dfaedf1688e6a3f0f103536e0382f031836acc8bf16a1a7c5804b9a701de6840de3f82b8d1eff12d0d155e6b437409436ab32071533a92f794331661ae5816d9ee857f5b876d68e60d6fefc6bd1aaf4711f0e311e6ecd36260415e4e561d0fe966370f9c2d81e18365c3eb4dff635155d6a28a468ffa478f4562bfbca024e809b65d42e0489395e3010c9bc6ff06877258b6fa60a63f64fb5c8631ee6aa16887e0db94c9ea881234969eb7ece3fca55e64fbca6df531cd49be1010231e87be67774cbc6e56b4427164a8744fce3319dbbfd8567e0d6f3d20bdc6b348adb798474e0003a24777e5cc57cfb6ccf53bd15da7adc2049b3efcfa3174da8e45601f9e8147cf551f3dec522284ca37e6a7a7e18e0d5dc4b462144038438dcb0f675797d731f5702ffa5a7f7ef338b0c680ec793105db95f3d6bef5c347b15be73242247f14d0d6a793634855da667b01001d6abe1247aa50c0bb7abe3712a25e298132ad39001ffb5accf593d8631a7a0314fbdb867d022d67c94691a2320acacb760c2f68f70da577a505b18741815e38d1b8f3b44e05078a59abec293ed46a84f650ed6826910f7eb16b43a24a7686f1c5289cf8172901bdd4d2536b041b170b3a302ec00210aa5c7ad6beefe0dc6aa2fc0c34f9019a5d010e58aa9501ff0b58ae8006e68f76ae0c2ab633a6e109b2d06eded2fabfd7cdd8fb7b8e3cb9fe9ebd63e7c8ba38d03c759ed2912ec9f70e796064f3e522d2859028b0646981414e58a101b845b10aa37d511cfdb80c9d9be687a064e1a802d11c2eee57eeaa32f7788eb7ec3564ff6e6e1656265ca927fa97dd1d70cd5b537186c34efcdf792dfcc508fd189d29d091f3b0ac7e11a515254f5a059d7ac4f28a15d625f94d8064f8e244f23b5d3f4ff11e94d65cef0e757ed30fe0bf4fda4b47386f3939c7e8f0d97512c03d730fd5736f71671bdbeffcef19cc0740d0790c7ee2e012aca2f0a09495db2b5fac9445abe34039963eb8047f686111d3b806920bf2ebbf397dac810153acb36a76da492ef2e51064455b010693ca0737004635b51208863c64954cab1b584eba66c3aa60df0c921946299dfa431cc8e292282e0109be5ce2a251e87fcce1d8b1af537986c8028d58d8b94f74673360d90fc3bf79e19e0fe2b101ba55342dd5a16883f07ab6e985be0eba9f6dc8d63564af3aff3d6a6948cb00eaee8719355f6540227a905ed9e5d3c6175fd5a4a7960a7662dd33a633e8ef0bddb57d7ce6323692ebf4ede495551831fe46e5e55c76f716f23225b014581e0d4bf6a8c0f88ff5902681dfab81c5149f43eaf0f7dfd0d2851e5f952eea2f9f2d7e4d25704b794141f075664bd774eb0fbc6ba4a891b6b2ddaec1ad7429d2dcc84882cff5749079cac6ac0ab0f89c467bff0bbad30c9f67b87ce1d3879ed139a31ac685fce3b86f5d9255b3677d4c2886da1b3d7044f546d190c46734b160fd1d6240a835744a89e5a2d28a7ce07d4cc37ebc8b7cd915d1b24ab07a9520ac225ad8c5a823e83946698571cca497d1b6c4bab48bc412ffcf613f50c8763178c2770d585dd1b09ff09d7f7675db3cfa7695f8f868e87d29448713a80bb90e3d4e550866b777a55fdcbc80065b84c231a1fca9799b041d4b13df95bc101cd3ed43c364f6bf739d48ac5c1561a03c073bb4c734458e86de685c50e39707a2f97da58dcd3faff9f4f86efb55af5345db68414443a49c8075e8f406337a8a3c70d1c26b74b54ee99bcc14f22c9fe0424b85c2ea3ec755dfd634e054160de579ea31642f6bd980cc934913778def5145eeb9ad289f09df51042389e969113894792aee19276eb0199ca3a1db173ca7a86e489fb521e1a90a4647039077aec4763b19faf8448010372f438bacfb78a360a585f27d5bde58732a1f3a8d9e3a83d42ad3364b1065cfe412cd66930b9f2fd5084bbeec15079c7a9a933118cb818034381f9dc87d78c549c12fd998009a700d46671507a57dcdebd87f6f9f7cf9e7f994a5e2a3b7ffadc8d9beb396cf1072faa291fbfe63d1be96a801f7e65b52cb0a84d23c9fb6bc5fc4e644a87fcb74f6e187cd44bceca3e4568fff6ed0d98956872ecb731efac02183b2ac7be0fa215f20918803c0b1599aaa5f92e207245150f59a6a930ee1e7884d6ecbc406d5f5b8663efed0a7195cd05f9c65cf31d7221e3b748de72c76c5792bcb4664795ed05c10096539aa85cc1741d04f804f9dc4b1d17b4a10e738f1d61e9ac012c93d815ebc138294fa03fe531cd797fc088dcf004231df280c43e1db3b2b997dcde352a10120535a11664ed613d9599ff65772d4e1350568212cbe3d10c52478d4eb56fd60b184e21c8409f59f5f93e123497b2f91ba", 0x1000}, {&(0x7f0000000600)="cd4da0b6241fe8f411499d7fcb4a6a9d5743c3c0c7a91ff3e69786a47264090857c0a36f35999f775dd12e0805fb6835971ea5dded2bccbb27d72e041ed5224c22a41a8ab66bbceed6350d19b9cfc81d9896c43ecec58b119c0b3d320dd54c67b771cc37f30beff768c58d58304f31c7546f6d66b6ca1ca89edd98b2e4e48b9ee7c955c5570b6125e12a68f9a3b6d22ad01345ef14c04c98f4e90ccce1cbd0ae5fd3b5b20de441acef7e06fc573d354faf8dd0ad527b1428d722fa48ee77b200d383cae666ea0e89f7de14eefcde07c8152333e05eb483e6de1be61b2b0e6d8180176873b77a35b632ff1b4229", 0xed}, {&(0x7f0000000700)="02d5c88357c8b4ef82b0cc3979ac7d279c944024e2eb3fdd9cecdbd516ace61ecc25c0cad65fac872f951dc85301957a022727d68d2d3c2b92156d8fef31501e10f33b3e0266b16af9dd056628a2c3e6ad5d68660cc7c3cc5698e4746c33ddc8caf08ff30a250b38e7be2fa1be9c727f1c455f9efd825c5a210f05dfc408d3af3976077439ebf14a4a33", 0x8a}, {&(0x7f0000002480)="6cefe883b33354aa5f49e71d94be1f8028a07842cb1fe5c4c5db3bae37b296c517d5cdebf196f79b8fa047b954099e55e58c8207f97e1445f0eb66fe4074a166ea4c173637db3e781782ea1e90883946be1ecb5ca3e3674c351be6ac1619897ce30b7e8d8f4efe27c32ee1b63a2bef8065b9f24d975838c238cad37ae3d0968d3abcf37cd9f463436a92f171e16de0bc0da68125efb117bcdef3ccac9c2f0db43fb92affa861eb64532c8fd9d1963e1cad12fbc8d93b00302c24949e67f6a29558527ddd4d0400627b3b9dc0f63db6eb0abe48efa2fcc7f9edeb0c4885299fdd2e21ab156aa6b412f31a1d82853dfaeb2839cac3df0626471c7542f2a8b47844cd112b70dde53c0ed8624f1b783cd50d93a186072890217f761b71be4b99ddf5a375c31c5d55d65181b4b270bc516b668d356d63af2f64bd27a13d53f7871674a14d43f3d331712034e7542c8b98a4f198b1a086a49d920995bf21c8b7426c1dd25d0694b1693a72ae5bfc11140fbd3f4f0edb91d27e63bf745b22cac3070dbb511318c6024a661d04e4b95281e028d4c3896b814c8646df589269146b295b586e0e7904f0d61701cb68ebabc18b2becbc08ce4e3288c0a0e73a0baac0edc24d892e9212314cf27a65e35793b9a9207750e35553a5d15bc8176abd4d8d30b76269315add2fc7deb239ca87f9245b404cc44ceed1d6347d13be7a49b29f4e90fb80a33cf1eab59354834808585f37a4aa95eb221fab1ce8a3c0435c2c21df6477d1794fe3708f9de943437109a3c00611d36b3fb3ac505ffb5db99b709f5d0f07d80d51b3c24d2ce71981c24c58d74b1f485186b9fb486b5d117f3288fc9dc311e0813553baf848f1537cdcb586d6c295be4a9fd1b4962d004eea0934c3aad4d5141cfacd27ca1af35fbb1577d3625df247d41a1244178f56096be2f9c622471220dabfa25d8bff5d6142b1fa9ca5701a76396a1de758234d1cb11401c54a080ff73a965e9d31af83cec8f145d6b06e27067c7c2a6b690f2b44395e3b6450375a33445f2e470915c55b09dc9eba6decc508ea574a8e4683bda60577232832108005ef4c9632c299d0404e531b49de6a3e0e7c6c152cebe5c07917e66f4f02ccfdfd13c97023ab7e63de5d03526ad7cb6f361968f2df37888ad44f8cf633439e34327e81a95a606252157a3c21ae9a493841a3d031b9e995495c5b746a01d11c183073c1649e385644c0619baac4d1ab56b367885ee4dc78bf0cc43b284f64cc660b8166fc278ae8aeb4005ac5852e10620a8180a9fd8c8741949d0e0cfee9d7ff3f8bc8ed44b637c43e5d976e926b14e0c4c0616440ef94941d820a683c09c342777cce1c8622cad1a819c22811838a571ed2cc68dc00f023def193b54de36bbf3a1e427f74d2861410fe8bdf1b8c24fae39fc6acb48ee86d58c51d47c816c55ad382ee4821a6484e2691b138af541ecc88d43d7f1ff262810a4bf914080b2bf36da18f9d621f654ba3d0aba0196f791ce052666e427f7496ce9bab9182213a34a191f798b9beeac1555c49b152738f6381214f57ded77421cd5f2ddb6f3f96cadc7d94bbe74c3e199264b4d4a1a57bb10453926c8087db17871c8dbc8a28497ccf024af8ed81c5bb037ecedee85575a0d14a35134c878545685071fa239536e96f5c3442f72a73a0c356ea67e44a091f50c645c336af13494370e5930c557cf461fa141b5c89e1e711fa38913fff9f828c174e82b2b42319bbb24d85d3e5589e74189ff333f7f350dff3686617abd5b393553086960428907ff2f85102639e45d4a2422437b4ec4ab00abfbaed38303c943d9fd6a044f365003a927683b76315071e32dab1cf75314afb91cfc47633316fe9cbfa06714baa84010c0ff050c9ad614080ae785744d09faa3a66fe6fe7431ef8dc86df3d7c90c7cd7f72e362f39452ceb8821978a8b46f217a76b9da7da5464893c1a6cc0cb73178d303d76da279c4cdc4b518ffeab9748a6ff89455987f9538f42a30750c9a0b8f740122878aa81f52f48f74afda9bbfa4721f956ccd778c3f8eee2c8d73cffc38c1eb3900623a92112ae4fb8cf3d3aadf1ba965b7ab2f5bea58f8f8d548eeac4c2387f60c65aa03f314750d9b62d7191677d2b4e4486320f4c19d7fba3888eeee006750efaa153e5c43753ccec867ed17618abd1643630635068313cb480accbb73fcc4b17ba8b9625926f96b169c7ec263a3f90d0e81e8d4870fdaa2f35322ddb1deb22f356d50b26940cd8d865ba910e0289b154aac4c28ec353d60c59d95bcf2027cc4c9bac50d41fd2c278ca22279062fc6012f7c68904ed7747cf9b30068358282e5cdeb46d6e5f5e10b18b088dc19ed72518a83cb2b3c06348d95b8551f1cf11acf8a39118dd0aee91b3762f65440c775b1ea0cc96faad367e8d0a7faec80e15f2b37a9f521fa753a6aa60634b00c6391b5b1678d257eaa6bd6a47af0389ba6d2af337b32a6e3457abe904b6c7b2b0cdd6bac37f5380761fd93e0cb278b119b68ebcdb7c05536b9c7f35bfcdfd855e4b1590efbdb841f792450170cd8d3ab6ddf390ba55d1b51630cf5b35a04054db3fc633308bf08e50cda1c84d24ecc48378952ac839988c7ba06cef3d2478b44c98a88e3c9c38138ff44f61d054ea162e38b3a5b1e4f8e4c24ea29aa75a85576df3bac015ef865e4e142208c8cddb4ef8ae62a17379b9a6affa7eaad44af9137f9f8b5173dd412d1ec672cb69db194ec0a3d3cfeecc44cdab55d795d34628f851b610112a932ed13afeb65acff2f76c6242969453ddb81f1c34c0f9d3fc875633abbdcd07ef288e3a0424722d77e08b4e4d1342e763551db97aa559018055f3030fc6a2fc9b427d114bb86589bdbe17c4d936713cb8aeac87b10d72e9f7099aba60835635af74e4363463bc25734a0c48ee41493a10d06681b061823c2ebf47c10248b69678fb514493855e360a6278d43bf610e37fcd47df2a73cf49de9c69ffd1bd1b6cd775b2547753f56e1c047f294b8349e212506f674ce0d5d0b1daf2c1ff9cf9e615456115ff0333377311b513a91b654bbc1528bdd4c59bd0b4f4058e998f4ab000b22a945a19a3ecf216070ea292e2367ef3d529e7aed875fad92bc872087e84b14b08217162217f3f1549201df2bbcd8b673eb40d77708cf7836a58d2558e5aecd2959663f46c39ea8fef7e51f89c71754d87dc5ac5af7abb498f527355bb7f9a2725710243f0de63821514bff86a4405684d5ba30f2e84fef1ca8f2fe7e74dd3a34be3064e17e298cf07b0ad23fdf587cf2c47ecded41f70841035543957b21c68cb1d3f2aa9313fb879a4fbf58069b0d73fb8e08c9a04fdbd2336aae6c99037003357a8588081c28fa6207e8e9897723ae15ec3ad03b35b9162ba4eec6307aa5457f1bc5e61936dec81d0b590474fb7ca5ba1e55a38d387d7fce4d9ec4be13c3a65f65fad02b0cd89777e23c44774588d2ddb014946d855b6629fa720cf8e6e9283d979498f3d501107548c27ba638d960d56c41c198bf486734cdaee189b43d9b542e616404e58368c08bb73d8f804838280050ed8a722fdff7f09a36c79c2925c5e4f263f8a93fa0a2326333477b467c27b58a82747075be3cb24c112fd62e6a34c120dcf218c6b640d15b44bb4f5f2cf80a3f0121479eef2b37e7a3bdd2e0609206c5efc4c0ffbd25d489710cb172a2235b2882c398722cb797baef21bac3df87b61461647c30571fc7d1c23723ed387e4652b42778b6d4a16a3d4b4380c567115c27fd2870d67ea50fb882673d800e608633e8a8052a5bd94297c26b04b191eff373380333600ac28eafacfcbbe8419906a2ee6e14d2789493b3f312efa1ae1a53ef6b762ecc4efbe12f112e1decdf9d0ba5f2a310852d2f6f1760ddfa8febc0c59f7438cadb99a2c683029c4a06c979a1871f705325dc515880623d9aa3f27eca9b8ebdacd2a0ca201ebd9eb7da7cc43fd27ac2a53bfc27c2ba4c7e5c2cc8943dd8a17565c407c01cdd09e9e64919ab0c3928ab6a4e6b43662a40f28978b892385003a0c94596d54bc1afba12aa5d253f61bd9b7858f5e45a30416bae23cab2479b3668fbbac377b61d5f2f783f999ab7a9fdb05498d8491e45469f7258ab68e228d0ddb46931de74aa1da3c0728ae6de4969f431b1dad3e8a534a32ec932e15230c6fca38cc5ab989a9e5e7977ac1ff7bc1488df05937471fa48af6cbe1ebb1e8eab0a970f357f7d7c3d6a369db69b54232ba02f44f7f2e9a75f8bd4636cfa62f2bf2881d9a23988748c5c5aa0490a15692dadb649aae7408b42165ff1652e7371b32b48eb9dbe8e9df8a8c66d81a3925f08131812fb9a3d2d17a487df181458d7c650c3b6b145ea3e608558bc0135d5fe7061bdcdf9d46efd67bd27819e470c703d0d2fd20ef7fba3b9c13bc1a1b9e225da75cfa93d867082894ce4386f4217a25966da18fa27488e78bcb12b4b7f3cc90fa6deb9f776c4c74d355de2745aba949b15760bd8aaa4630195fe9f51b6a8e449187ca49569c51767ef84200590acce0d29f4eed7af5c5ab1e516d0ec8d09d5f35f6fcf435c6588bb592158ff6334592190b937255b4633326c9da53d650ed2b624c06bb19fbdc9c0bd309daf12c3524c9b76ade907aa6b0f9c0ce2c3f22d4b9ac453dcb2e4d04be0910deb8f3c7d4e6d610dc00b3896ed87fdfea08a6cd162e0c7fec080317281afe8497487d492fdd537e0660dddca4e5b3590677d24b94a7bd6d5f0e5205d4a1b5b14447cc7d54a373b3c576fbf58709ab2c4f0fa40ce2be091330c2466785de154642e3f6b5471e287476f735ea52d20402660fcaf159165fea1d740bde2940cd4e97abf8957de3f746be67a1453cdb1337f778d8093e3400664e24f3fd4e5568a0db7328a06ab84125d1379e02a75d27a9ae24645f169698681e9d232df9dc66009e1823428403eef1a3346f97ac4b73499baf2b70d31097528928144a08cd3a5c5490e1f8ddeb06b8df2492549db6d8130ba838e5b2c477d4d5181d2acdf0f3d663ec31622f4473e5119874b7f6ea95a09ba0a87f891d64c67a1347d33df9cf3bc1c5ca8fb7c6c77d73340fdadafece685ff0fdbf8be9e057bd859f7852ad92f98fc61df167873fcb078296e94e9a675fb5d4e923002f7ed84e63eb04a9b87f9a32a1f6db18157297dd1cab3047106a7c1e6d1d1cb5d85fb9a430ab08bbcd1a7203f745487dbe129b4531c2afb43196591ebaf9588c83ffc4165bbe812bb8ad8b51ebe9af1d1f170d973da4ae38ea6914baf7014b0e12154bb9a9ae962b4c1b6b20a245ee84ad0449f7c111ac0585a788b5561bffe38e61da911a90ac1c7fa15160d15ad4ca8478081013c26a7a121d1441700b704d6f72d0f235b0f3db1cbf1a1354a2f5d69553b6b2400de2c5ec4250e52cccdec1653b70d9475edd33bc8cbb3091e3fe019228f838cfc7bb1654c3a99f9816a7bb2a02de288d3fec66e6d1c843412d22e445a15b365df036394c6e5115cee8f2ab13dc7d9625cfab9757bb4618a99cbe09d6305ae901fd59dd19986992d97f0d0914955eafd023c35b3594f1b48ba64cfa0946562a721d5fee6f2620e9d632e9f02b2b7199a737a75169e2da90db385e0c0037c53b1241359ac6d4fc9af5e8dc6d163247cfdd952a8c4e30bc08b1bc586936969c42ef83f1782f4e717aeb93af04d49711ce039f4afcd2d44f24bdeb99d3dac52032326fdd773fb7a8ca48ea8908dafac63d041110bfd2c2f8876a1066389e85440890386840f2c65d3", 0x1000}], 0x5, &(0x7f00000007c0)=[{0x108, 0x10d, 0x5, "bece069087f40d2b056dea548ef0b28b6f6186a6c02b71ea8f4a2104d09d07840b1284a7190f492c1e2e1f2cae1dd934ef9dd708c26dfe75c1a76634378ce272d22d23d573118372ef8ee061addc6962cf846f6c12925db7eacaa6e30d52b53ac555a2f6d6936d3c0921892bfbb0ec219ade4f2b24b2226da5103dbb9fa6ffd8168a5e707c79a713ff622f430808641b8c9a8bf8a0e387d8ae886392626fafe1a5107ae91d100f1efbe0f647b1ddc3ae6ba4f2915de6230b8e03adcfde84fce92a15268c034115d276fec4390b3437c932be30a2e16781dd39eeb7be0c38b8624cb0984b3f7f7a81fd881f3d1a24a0b28e77"}], 0x108}, 0x20000004) write$P9_RSTAT(r1, &(0x7f0000000500)={0xf2, 0x7d, 0x0, {0x0, 0xeb, 0x80, 0x3, {}, 0x0, 0x0, 0x0, 0x0, 0x48, 'H$\xf2\xb1+J\xd0A\v\xe1\xd7bQ\xc2W\x149\x12\xc2p\xe0\xfc>\xd9\rMZ\xa0e\x1b\rF;\xbe\xf5\x98\x13\x97\xbe\xe0\x10h\x97?\xa6(\xa2x\x86\xc6\xa7\x99\x00\x00\x00\x00\x00\x00\x00\x04\'\xe2\xdf\xfa\x03\xb2?2\xdf\xbcu\x85', 0x52, '\xa6l&\xd0\xc4A\xb3\xae\x8a\xf3\xd7\xbe\xfch\x9d\xe5\xa5\xd0D\xb0\xb10\xb6\xc5\xa2%\xffv\xe6\x96c\x9eI\x99f\xb3\xe5\x12\xf1\xd5\xd2@\xd3\x95\xd7&\xa96\xc4T,]V\nV\x98E\xf4}VX\xff\x84\xa7\x1e\x03\x81O\xddQ\xf1\xd4\xb8}q\x93{\xc9\xd5$\xc6\xd7', 0xa, '/dev/vcsu\x00', 0x14, '\\j}/\x94\xa3\x93\xd7\xd9\xb5\x9d8rS*/|,\x13('}}, 0xf2) 11:12:54 executing program 2: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000100)={0x38, 0x6, 0x30, 0x7f, 0x6, 0x8, 0x8000000000003, 0x9, 0x10000, 0xfff}, 0x0) sched_setattr(r0, &(0x7f0000000240)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000040)=0x8) r2 = creat(&(0x7f0000000380)='./bus\x00', 0x0) r3 = open(&(0x7f00000000c0)='./bus\x00', 0x14d842, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sched_setattr(r0, &(0x7f0000000140)={0x38, 0x6, 0x8, 0x3, 0x7, 0x5, 0x3, 0x0, 0x40, 0x2}, 0x0) sendfile(r3, r4, 0x0, 0x80000001) lseek(r2, 0x7ffffc, 0x0) write$binfmt_elf64(r2, &(0x7f0000000000)=ANY=[], 0xfd14) connect$unix(0xffffffffffffffff, 0x0, 0x0) 11:12:54 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000240)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) creat(&(0x7f0000000080)='./bus\x00', 0x0) syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) write$binfmt_script(0xffffffffffffffff, 0x0, 0x8800000) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8914, 0x0) r1 = open(&(0x7f00000001c0)='./file0\x00', 0x4e141, 0x0) r2 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x401ffc000) 11:12:54 executing program 0: r0 = syz_mount_image$msdos(&(0x7f0000000040), &(0x7f00000000c0)='./file1\x00', 0x7aca, 0x1, &(0x7f00000002c0)=[{&(0x7f0000000180)="040005090000000066617400040409000200027400f801", 0x17}], 0x0, &(0x7f0000000100)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') r1 = open(&(0x7f00000000c0)='./file0\x00', 0x44082, 0x0) write(r1, &(0x7f0000001400)="bb8f9f640903127a53527c6fbfe65d43b0e0586f2d40c7e7df58cac83420e83662d6e39bb6d5430622431454eedeeaee423d8f210bc3525fa7927c18d5fbc91ab13c2041136047d8da9375934d00f325499bfe77", 0x54) ioctl$BTRFS_IOC_SYNC(r0, 0x9408, 0x0) write$P9_RSTAT(r1, &(0x7f00000001c0)={0xf5, 0x7d, 0x0, {0x0, 0xee, 0x0, 0x0, {0x4, 0x0, 0x5}, 0x48000000, 0x0, 0x0, 0x0, 0x6a, '\x85-\xf4H\xaf\x7f\x94_P\xb8\xad\xa0\x86o\x9bS\f\xd4\xb9k\x10L^*w?)VP)\x84^\x1d\xe5@Z-Q{<\xeb\xcf\xa5%\x90\xd2\"8\x1f\xd7T\xb0-\xccf\x12d\xea\xa7\x98\xe0\x80\xef\xa2_(\xd7)\xfd#VN\x80\x171.\x82\x8e\x8d\xab\xf2\xac\x7fFmW\xa3^\xbf\xb8\x02u^N$`RF\rj\xec\xa9\\)\xc2\x1e', 0x6, 'msdos\x00', 0x41, '/dev/v\xb4QO\x9f\x11\xf7\'\x96\x82Xu\x1d\xbe\x02;\xc6\xbd(\xe6M\x00\xa7+\xe4\xda\xd9\xc4\x8c>\xc2}\xdf\xd0\xee%%\xc3\x80\\\xed\xac\xf6,\x86\xb8q\xf0\xab\xce\xa4\xddj\xeeK\x18\x82h\x00A', 0xa, '\\j}/*/|,\x13('}}, 0xf5) r2 = pidfd_getfd(r1, r0, 0x0) ioctl$LOOP_CHANGE_FD(r2, 0x4c06, r0) [ 304.031233][T26567] loop0: detected capacity change from 0 to 264192 [ 304.040392][T26567] FAT-fs (loop0): Unrecognized mount option "âöt"Ú¡óM¡Éÿ¨Gáä¢S" or missing value 11:12:54 executing program 5: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f00000000c0)='./file1\x00', 0x7aca, 0x1, &(0x7f00000002c0)=[{&(0x7f0000000180)="040005090000000066617400040409000200027400f801", 0x17}], 0x0, &(0x7f0000000080)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') r0 = open(&(0x7f00000000c0)='./file0\x00', 0x40c2, 0x0) write(r0, &(0x7f0000001400)="bb", 0x1001) r1 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r1, &(0x7f0000000300)=ANY=[], 0x116) sendfile(r1, r1, &(0x7f0000000240), 0x7fff) creat(&(0x7f0000000100)='./file1\x00', 0x1a2) sendfile(r1, r0, &(0x7f0000000080), 0x684aa014) ioctl$FS_IOC_GETFSMAP(0xffffffffffffffff, 0xc0c0583b, &(0x7f0000000300)=ANY=[@ANYBLOB="000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000300000001000000ff00000000000000d71f1e0500000000080000000000000039000000000000000000000000000000000000000000000000000000000000009e0f0000c70000000800000000000000000000000000000000000000000000000200"/320]) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) gettid() wait4(0x0, 0x0, 0x4000000a, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000002c0)="0f34", 0x2}], 0x1, 0x0) 11:12:54 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000240)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000040)=0x8) r2 = creat(&(0x7f0000000380)='./bus\x00', 0x0) r3 = open(&(0x7f00000000c0)='./bus\x00', 0x14d842, 0x0) sendfile(r3, 0xffffffffffffffff, 0x0, 0x80000001) lseek(r2, 0x7ffffc, 0x0) r4 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r4, &(0x7f0000000300)=ANY=[], 0x116) sendfile(r4, r4, &(0x7f0000000240), 0x7fff) r5 = inotify_init() inotify_add_watch(r5, &(0x7f0000000000)='.\x00', 0x400017e) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000240), 0x7fff) [ 304.163785][T26583] loop0: detected capacity change from 0 to 61 [ 304.178159][T26587] loop4: detected capacity change from 0 to 262160 11:12:57 executing program 2 (fault-call:5 fault-nth:0): getpid() syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = open(&(0x7f00000001c0)='./file0\x00', 0x4e141, 0x0) r1 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x401ffc000) 11:12:57 executing program 0: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f00000000c0)='./file1\x00', 0x7aca, 0x1, &(0x7f00000002c0)=[{&(0x7f0000000180)="040005090000000066617400040409000200027400f801", 0x17}], 0x0, &(0x7f0000000100)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') r0 = open(&(0x7f00000000c0)='./file0\x00', 0x40c2, 0x0) write(r0, &(0x7f0000001400)="bb8f9f640903127a53527c6fbfe65d43b0e0586f2d40c7e7df58cac83420e83662d6e39bb6d5430622431454eedeeaee423d8f210bc3525fa7927c18d5fbc91ab13c2041136047d8da9375934d00f325499bfe77", 0x54) r1 = open(&(0x7f00000000c0)='./file0\x00', 0x40c2, 0x0) write(r1, &(0x7f0000001400)="bb8f9f640903127a53527c6fbfe65d43b0e0586f2d40c7e7df58cac83420e83662d6e39bb6d5430622431454eedeeaee423d8f210bc3525fa7927c18d5fbc91ab13c2041136047d8da9375934d00f325499bfe7712208d387d41c31821c2a22d1325b556528e9b790b74053d1ed631c6ec8126d37c87216173138c00cef396868029af5b76bebac5e38b74d8bbc6ae66b6e202b6d505710377710ea7d43edf00e1a4c1c670bb4c263ce777da81abdd5ba5a5c82f67232f9b4d6f21b2e6afa8b38e4642b0daa2acbc0478d89b88e8b2094d4248855e5e81992e60be3afff0f3c3799350615489a901a659abdeca0c615a622ebf64175f990320e0356d4a11ed62eff72b709c23dd65942e8b534d7d775d370c1e435654a2634e6ee3649c4c3bcbe39e866f1eb9972af1a9cef42e701798a53dc92a242aadbac343e1765cf8ea5665e22deda69777e52b1e9e5d3edc022256939e1eee013448294911139d5b9c6241049fecdf9b31f4cdf6cff65d71b5071ef70e1798347c8846aa5b905e83050e3e606986ed3f603d18c5cdeb11cda1ce3abddea9376231af130e19fc7601ec1ab8cb5a7de9e2174547f18225b09a54fc8720dbb91eb69c1be88e601c3c9df4f2758f39a5151951b9c6dbb419ffd783a34c9fad10f201b8724d31865e2fc1fcf48db2be713053b43a0e3943c1e2b08e8a26e946c439d891db2a80b5ffa054bc8d0177d3214056250c61a537d2ec7630fb90395df2cd6aa9c5e573365db580520bdc3f1c6b2be992e1516a4b810a11935dc780699e461d9715f70c6d103ff49bf168f3cff4c0d0d6ba5671fcd2975450b0e1a3474139cb0f2d3476fcd87a8bccbeb2f5f8a821017b879aa5b9d1fafa9f4c429a74cd2da782114d97bf031746a817dd0293c4eddc3a9ecb5afe496f4971474ccd827449409f07cf94dda2e7dbe8520b5afff10a7e3b0b4289a167fc692635b5b7426d9e771b95860b09a3e752c867213c772e48ba30a78feecc7ff26e63e1749c62b52d377ac5cc52db830c965e04ccfcfb24ceacc69cfdc2094124dd27b2d68f699476a2562bab1de117ffc2b0702ee8b0b77f85fecec3a25b37ab7eb06232c9a73b4470f1727c82581d81942abf42d3ea37957927ad3dbd0ebe46678a9f4d25c47acaac83c14210a54b71fed40df017e2be27f01e3e6ea3ea381ca14efd202858e6535ad4f79a8cdf47e385b740a70c14e3651731a45cc0ca4a56f2e903cad0384efcc364caf67e09551d35c682ebc90a9286c4d274ba1b8ced742ede4e55a62db7ef9a96fde2add05b41599fd72a79ba280cc125cb266ef21b7eeafe3ee6aa78eef33fc66454549c3ec298cb683a55a32208cf6ce88b560166159d59e65f30540f62c5437652ea7f2a02f87ca242dd2250f58e75938a9a3ded51ae6598c2aba53287ff5cdaab17be7f4310f8e07e310d52778de79e1c2e4391b254be38910aa1cf6e1ca0e75d24be97d59f7025f16c6fbd549529b74e319c58f50438765ef0e3dc394eeb75dec41b3d80435b17520c97f5cd7ee692fb86d188fb0089fbf737dc1b96b9cc49be23a38a8cd92e5075f349993d7866369dd25eccbe1481477a05fee14e0edd1617921d7fcaa8fdc642e63b64388fa5b63442ff1466b1938d02546750b01ed9c980282ccbe10f204741249aed88c555ed6fdf7f68af9209807a71bbf4f31bef5a4223466da74ba8b034df529aef6ec6610a0d25973961e50e02af22d0ca8be1b9804a5918acbdb536e8f2f441ec9d640ed15133ee747440c86fc4526c9195954528673d25c8390170f3c19cb0b0c30b9e634c7ebae96946ae97c19eabca92226da925d22be37abbe0740938ea899ec42fd529a3b1063981e4c154219df5cf5af60a29b5a8ee530905725a14b28900eae937e705401ba8f632a7bca00d9724a992afdc9ed14aac71b8e3a7ee5ca095888feb195b4e083c3b611a1c2f8d092febe3b9f5f0df61e8d3c31a643c935b76bc1ad4265164e755484beb06610510bc51e8c6da8d71123bbe83a5e4128f41cf5c486d6a60496c300c406f990bee485cbdef794f2663ee66d2b18d8e55210c25c04b1a0c6d9c5f904e72806d2d4f5e5439bcdf146343cdffe4d0d70d42a9959cff9bd50c37cd478b0b0add16aae4dc839b46bca2ac7547144b6a422aed5e2db661bcb31a82bc0fc678e71a6cb090ef772860f3008b4152b5d281033be4a77b367baec3ab8ce7c83c601b11c8199bafcd15161a5454a6a982dbc3c2e3a5172b6a63e4904817075754eccbb0188c9cb2e5da9600f567485014887463b40f189b7ec3c5c0f36d502509e402c285765c78417ce6b3aab130ee79622dcd8ada842233e73a14554ee5e4995e32b3fe4075e247eb9bdeef64d1a7436c9b5782fb2f84f74e4c6e976289729c37b5bb8200a9480d181a6b11f5ec229b818134b8334967ae935ac1d81be4776fae4cb68b6fa330e93bd8de388b38455d569159bcd166df030a6dfedf28caf4608de7243f5df2c76f6680c301d819dc67d24d2f780432a931700a253b0a5b075195c6dbfd1fe17a1c11a3dffa872a07b877adc66d069fffb6d8326e1998c5a337c3d530250cae335ceffcf81dc438a47e73490d050a053813dbe6674e42c91ae94b4a88144f36adc1b08b4bcd6ddf4058c4e08d4dc83d5fbd843ee27eaf50b297c220350260d9abbeeb6deb921e50cae0ea590cfb6f00fb3c71520f565bb769705e2481ef27cf537d29f163c9fe3d39ed9fd18dc8b0c976cd302283e430807a9d751357f89092532d89fe280c69ad36e3541b5da9dea13fd19d0434c760fe295dfd9b9e63453c7853914c50b1b77ccd4b33c8b1f31fcb1aec040ffe2f9d728d8ea84297bac2e22230ebd1488c503b05b2e433cc37ce9fc123b7d3eb244b4549e9a841e73b664c8f6621ea5a4c9ff9c1da032255311f2c063a682baf4c97e7ba552bf71af4bd64f43872b846d15c65c487089be272cfa24a33f8c50930ea0bc4b089505fb8e97ded0e7e64a5ce897da6b940df4c3dddb8b4871d773f6ebf02058518c55c19aadb0f266caf18777ae68d2bfcfb2225961fcd10538ba664fd053a443320072707533ab761b9397bd0559126b84fe9196463ae50633017ea2d80940311d9c867102b1017f34af1965d8eb61be616a0d40656e2bbb750aee6f74f788c8acb2578e8686f5f8da6a19e979c152b7ee7c7f16902120588e2ff630144b5f929ffc593e946d9717c5968aa16c2d73d689fb5cce117acda3e23e5e0116de1cb6bddfa1a84cefb22c1e2c3753017696f27b9aec5d44f15411247643b84dd4410e784b4eb5b9c68fea671976f9b51c6526e2ddb40659611b0b3bcc7e249c77396fdb8c864ea9318f9de7fd3936fcbdc732c2f8b9556ec9afeb15d5e2df890351d66074d53dddc6e8dba8c91d733623ac95a49eb69c7de37ff2364ccddb01f6500750a012c2acf32a9f6bbd9e92d17ef858fbc34575db414ea42ad87a65b11ae5506469db256c421328f45aec73bdf18562447dc2840bbe9fc84dedd0fe6276fa174f21210d40193530ec7a70a9e60bfd6b00cba4d483be59950f16fa0dbd089b5fd0bb078badfcf42270cc62fe37be22b0d81f755263d74636fa466d2574ca62b58c649936d21e949de73ea45df3acade6609413f56fc218d6f11947bf1fd629d38d8acce90ee3c1a51117601ae126bec537e3e76ce7ecc53cfeefee8aaa104aa853a65aadf27bac9849ee0122793b11cd8e4f32fb07afa39e439cb738c30a6df958160aac15c26032a61aaf614b2e6601581fb0ab8d115e045005dee3df8ea42643cbcbb0b111130c42c94b7e874cfee50d5c2eb13b3a38c417fce9d740b7d43120431a7d44bc3934ee87b112401cbee3553837b6a0b4b3faaceb46eca4064301c8060870350e256ac9d5557f674536b9d9717a82fa211e7dfb52ca410d8a4f2f6b733c2a082f247538a6c40f56cf64204e62515db692f32733ff6f4b0787ef305d5e80881375467ae603ac3600e688c42f89a4fea4fdda09a8d59e19457c654a98c8129a8c65bae3310af2b170729e18400c915d0a2f4c4fc51747846630b95ec181228bda7ef48ad389815aa82de6c4a3b0746c28c01f9ec697ff17f095e1cf9d2fe78fdab9cbb1ca7aefc8af6a0cd98444735fad79e394a8f9c2fd358c3cde4ca6d57a620d0bb52dc6ff93f034b596f407c21511cc2c5ec8b0ede7f5c0acca61939ac7f2cad820c15133e69507eaa739e9a88936f4a74f0ad1574a1591f31f582a76157d89805cb3ba5e8d10509bf7a08e928653b4f05ba797a06765b74c8759fc34178624c08a2b99e59bcff5d33af2b0f9176b56c35f4da31c751a4c2fd88a1997cd9fc9bbf78220731d4c8cea23be1fd29c36b34d8458b7021ebcfafdc7e54096e517da3eb684298f742532d776164d9c9658e5faca0a3b08afca1bc27ed357884f49fe51bd0c38057f4288f1917e36e3865310b5eed140aef6150ae363293cf7467abd5e06cd7af5e2c49e7c5253a1155741e380bccb023a0faed93d9a64512d72436f1ef4ac0904a413e45164c23413bd57274a0a951c41a9a43aed094d4ea5c480ce64663cc9d36723179e2b19a48e9277a6591bbd888a06e0f2f142cd4495be4ba7274d69ba32a2788b935b2f18c5f336cb9de062829e2e0bb476efb36c3f53a766c14314f31637a464ac59d378ad7f51bef8d88715613653a427038e0d3e4dc3948bb1d70eb55c91c92f7510b1c0387253b458d2c90d17238f9eb239c680179a6c1e0759be367963e3b4d7395fd3911626582a094e6a8d0e746242f94267a4c57d5b2360ce3a6f7f3e3c10e124a54ed24d1585bc7b731cf731c94ee00ebf070b999b9bf28d76bfec9dcf12fcce2b9c4444c706ec6b943b5f39e9151a764ba1cd0cd6c1c7cdc3aa824cf17da705be27a18fbee41be39d6ae4dd4312f5f4bfee2c5bb21d941666f9d79b0f80c9b1bace84a05d2b0e3be1c3fd04d72b4b0124595c435813969d413960fddc858730a433383f3bc0472cb7683ea569e001f00"/3584, 0xe00) mmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x3000001, 0x110, r1, 0x34113000) write$P9_RSTAT(r0, &(0x7f0000000240)={0x54, 0x7d, 0x0, {0x0, 0x4d, 0x0, 0x0, {}, 0xaaa10000, 0x0, 0x0, 0x4, 0x0, '', 0x6, 'msdos\x00', 0xa, '/dev/vcsu\x00', 0xa, '\\j}/*/|,\x13('}}, 0x54) 11:12:57 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000240)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) creat(&(0x7f0000000080)='./bus\x00', 0x0) syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) write$binfmt_script(0xffffffffffffffff, 0x0, 0x8800000) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$SG_IO(0xffffffffffffffff, 0x2285, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8914, 0x0) r1 = open(&(0x7f00000001c0)='./file0\x00', 0x4e141, 0x0) r2 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x401ffc000) 11:12:57 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000240)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000040)=0x8) r2 = creat(&(0x7f0000000380)='./bus\x00', 0x0) r3 = open(&(0x7f00000000c0)='./bus\x00', 0x14d842, 0x0) sendfile(r3, 0xffffffffffffffff, 0x0, 0x80000001) lseek(r2, 0x7ffffc, 0x0) r4 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r4, &(0x7f0000000300)=ANY=[], 0x116) sendfile(r4, r4, &(0x7f0000000240), 0x7fff) r5 = inotify_init() inotify_add_watch(r5, &(0x7f0000000000)='.\x00', 0x400017e) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000240), 0x7fff) 11:12:57 executing program 3: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f00000000c0)='./file1\x00', 0x7aca, 0x1, &(0x7f00000002c0)=[{&(0x7f0000000180)="040005090000000066617400040409000200027400f801", 0x17}], 0x0, &(0x7f0000000080)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') r0 = open(&(0x7f00000000c0)='./file0\x00', 0x40c2, 0x0) r1 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r1, &(0x7f0000000300)=ANY=[], 0x116) sendfile(r1, r1, &(0x7f0000000240), 0x7fff) creat(&(0x7f0000000100)='./file1\x00', 0x1a2) sendfile(r1, r0, &(0x7f0000000080), 0x684aa014) write$binfmt_script(r0, 0x0, 0x60) ioctl$FS_IOC_GETFSMAP(0xffffffffffffffff, 0xc0c0583b, &(0x7f0000000300)=ANY=[@ANYBLOB="000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000300000001000000ff00000000000000d71f1e0500000000080000000000000039000000000000000000000000000000000000000000000000000000000000009e0f0000c70000000800000000000000000000000000000000000000000000000200"/320]) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() wait4(0x0, 0x0, 0x4000000a, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000002c0)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r2, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0, 0x34}, {&(0x7f0000000000)=""/3, 0x3}], 0x3, 0x0, 0x0, 0x0) tkill(r2, 0x3c) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x48, &(0x7f0000000300)="f43970da7cfeb6d42fd55103666c5762306aa6000000006e59b65f92b10000c571b846e84785185abde7d01894a79025a799ce07a8bdf0c91d32be313b558a8b5a3ae6a22cd7123b"}}], 0x1c) 11:12:57 executing program 5: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f00000000c0)='./file1\x00', 0x7aca, 0x1, &(0x7f00000002c0)=[{&(0x7f0000000180)="040005090000000066617400040409000200027400f801", 0x17}], 0x0, &(0x7f0000000080)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') r0 = open(&(0x7f00000000c0)='./file0\x00', 0x40c2, 0x0) write(r0, &(0x7f0000001400)="bb", 0x1001) r1 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r1, &(0x7f0000000300)=ANY=[], 0x116) sendfile(r1, r1, &(0x7f0000000240), 0x7fff) sendfile(r1, r0, &(0x7f0000000080), 0x684aa014) write$binfmt_script(r0, 0x0, 0x60) ioctl$FS_IOC_GETFSMAP(0xffffffffffffffff, 0xc0c0583b, &(0x7f0000000300)=ANY=[@ANYBLOB="000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000300000001000000ff00000000000000d71f1e0500000000080000000000000039000000000000000000000000000000000000000000000000000000000000009e0f0000c70000000800000000000000000000000000000000000000000000000200"/320]) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) gettid() wait4(0x0, 0x0, 0x4000000a, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000002c0)="0f34", 0x2}], 0x1, 0x0) [ 306.899520][T26612] loop0: detected capacity change from 0 to 61 [ 306.914813][T26612] attempt to access beyond end of device [ 306.914813][T26612] loop0: rw=2049, want=64, limit=61 [ 306.930150][T26621] loop4: detected capacity change from 0 to 262160 [ 306.947860][T26623] FAULT_INJECTION: forcing a failure. [ 306.947860][T26623] name failslab, interval 1, probability 0, space 0, times 0 [ 306.960513][T26623] CPU: 1 PID: 26623 Comm: syz-executor.2 Not tainted 5.15.0-rc1-syzkaller #0 [ 306.969346][T26623] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 306.979583][T26623] Call Trace: [ 306.982862][T26623] dump_stack_lvl+0xd6/0x122 [ 306.987462][T26623] dump_stack+0x11/0x1b [ 306.991633][T26623] should_fail+0x23c/0x250 11:12:57 executing program 0: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f00000000c0)='./file1\x00', 0x7aca, 0x1, &(0x7f00000002c0)=[{&(0x7f0000000180)="040005090000000066617400040409000200027400f801", 0x17}], 0x0, &(0x7f0000000100)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') r0 = open(&(0x7f00000000c0)='./file0\x00', 0x40c2, 0x0) write(r0, &(0x7f0000001400)="bb8f9f640903127a53527c6fbfe65d43b0e0586f2d40c7e7df58cac83420e83662d6e39bb6d5430622431454eedeeaee423d8f210bc3525fa7927c18d5fbc91ab13c2041136047d8da9375934d00f325499bfe77", 0x54) write$P9_RSTAT(r0, &(0x7f0000000240)={0x54, 0x7d, 0x0, {0x0, 0x4d, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0, 0x0, '', 0x6, 'msdos\x00', 0xa, '/dev/vcsu\x00', 0xa, '\\j}/*/|,\x13('}}, 0x54) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mmap(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x5000008, 0x4010, r1, 0xef433000) [ 306.996053][T26623] __should_failslab+0x81/0x90 [ 307.000848][T26623] ? alloc_pipe_info+0xac/0x350 [ 307.005707][T26623] should_failslab+0x5/0x20 [ 307.010224][T26623] kmem_cache_alloc_trace+0x52/0x320 [ 307.015677][T26623] alloc_pipe_info+0xac/0x350 [ 307.020614][T26623] splice_direct_to_actor+0x5f7/0x650 [ 307.025978][T26623] ? security_file_permission+0x7c/0xa0 [ 307.031538][T26623] ? do_splice_direct+0x190/0x190 [ 307.036890][T26623] ? security_file_permission+0x87/0xa0 [ 307.042623][T26623] do_splice_direct+0x106/0x190 [ 307.047760][T26623] do_sendfile+0x63e/0xbb0 [ 307.052216][T26623] __x64_sys_sendfile64+0x102/0x140 [ 307.057677][T26623] do_syscall_64+0x44/0xa0 [ 307.062155][T26623] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 307.068047][T26623] RIP: 0033:0x7fca7d004739 [ 307.072445][T26623] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 307.092227][T26623] RSP: 002b:00007fca7ad7c188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 11:12:57 executing program 5: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f00000000c0)='./file1\x00', 0x7aca, 0x1, &(0x7f00000002c0)=[{&(0x7f0000000180)="040005090000000066617400040409000200027400f801", 0x17}], 0x0, &(0x7f0000000080)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') r0 = open(&(0x7f00000000c0)='./file0\x00', 0x40c2, 0x0) write(r0, &(0x7f0000001400)="bb", 0x1001) r1 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r1, &(0x7f0000000300)=ANY=[], 0x116) sendfile(r1, r1, &(0x7f0000000240), 0x7fff) sendfile(r1, r0, &(0x7f0000000080), 0x684aa014) write$binfmt_script(r0, 0x0, 0x60) ioctl$FS_IOC_GETFSMAP(0xffffffffffffffff, 0xc0c0583b, &(0x7f0000000300)=ANY=[@ANYBLOB="000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000300000001000000ff00000000000000d71f1e0500000000080000000000000039000000000000000000000000000000000000000000000000000000000000009e0f0000c70000000800000000000000000000000000000000000000000000000200"/320]) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) gettid() wait4(0x0, 0x0, 0x4000000a, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000002c0)="0f34", 0x2}], 0x1, 0x0) [ 307.100625][T26623] RAX: ffffffffffffffda RBX: 00007fca7d108f80 RCX: 00007fca7d004739 [ 307.108670][T26623] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000003 [ 307.118128][T26623] RBP: 00007fca7ad7c1d0 R08: 0000000000000000 R09: 0000000000000000 [ 307.126084][T26623] R10: 0000000401ffc000 R11: 0000000000000246 R12: 0000000000000001 [ 307.134048][T26623] R13: 00007ffff87c0eff R14: 00007fca7ad7c300 R15: 0000000000022000 11:12:57 executing program 2 (fault-call:5 fault-nth:1): getpid() syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = open(&(0x7f00000001c0)='./file0\x00', 0x4e141, 0x0) r1 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x401ffc000) 11:12:57 executing program 0: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f00000000c0)='./file0\x00', 0x7aca, 0x1, &(0x7f00000002c0)=[{&(0x7f0000000180)="040005090000000066617400040409000200027400f801", 0x17}], 0x0, &(0x7f0000000080)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') r0 = open(&(0x7f00000000c0)='./file0\x00', 0x40c2, 0x0) write(r0, &(0x7f0000001400)="bb8f9f640903127a53527c6fbfe65d43b0e0586f2d40c7e7df58cac83420e83662d6e39bb6d5430622431454eedeeaee423d8f210bc3525fa7927c18d5fbc91ab13c2041136047d8da9375934d00f325499bfe77", 0x54) write$P9_RSTAT(r0, &(0x7f0000000240)={0x54, 0x7d, 0x0, {0x0, 0x4d, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0, 0x0, '', 0x6, 'msdos\x00', 0xa, '/dev/vcsu\x00', 0xa, '\\j}/*/|,\x13('}}, 0x54) [ 307.209685][T26648] loop0: detected capacity change from 0 to 61 [ 307.233424][T26648] attempt to access beyond end of device [ 307.233424][T26648] loop0: rw=2049, want=64, limit=61 [ 307.235556][T26651] FAULT_INJECTION: forcing a failure. [ 307.235556][T26651] name failslab, interval 1, probability 0, space 0, times 0 [ 307.257277][T26651] CPU: 1 PID: 26651 Comm: syz-executor.2 Not tainted 5.15.0-rc1-syzkaller #0 [ 307.266019][T26651] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 307.276152][T26651] Call Trace: [ 307.279439][T26651] dump_stack_lvl+0xd6/0x122 [ 307.284071][T26651] dump_stack+0x11/0x1b [ 307.288352][T26651] should_fail+0x23c/0x250 [ 307.292806][T26651] ? kcalloc+0x32/0x40 [ 307.296881][T26651] __should_failslab+0x81/0x90 [ 307.301629][T26651] should_failslab+0x5/0x20 [ 307.306178][T26651] __kmalloc+0x6f/0x350 [ 307.310369][T26651] ? alloc_pipe_info+0xac/0x350 [ 307.315207][T26651] kcalloc+0x32/0x40 [ 307.319191][T26651] alloc_pipe_info+0x1be/0x350 [ 307.324146][T26651] splice_direct_to_actor+0x5f7/0x650 [ 307.329610][T26651] ? security_file_permission+0x7c/0xa0 [ 307.335185][T26651] ? do_splice_direct+0x190/0x190 [ 307.340198][T26651] ? security_file_permission+0x87/0xa0 [ 307.345821][T26651] do_splice_direct+0x106/0x190 [ 307.350881][T26651] do_sendfile+0x63e/0xbb0 [ 307.355286][T26651] __x64_sys_sendfile64+0x102/0x140 [ 307.361111][T26651] do_syscall_64+0x44/0xa0 [ 307.365576][T26651] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 307.371460][T26651] RIP: 0033:0x7fca7d004739 [ 307.375860][T26651] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 307.395607][T26651] RSP: 002b:00007fca7ad7c188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 11:12:57 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000240)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) creat(&(0x7f0000000080)='./bus\x00', 0x0) syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) write$binfmt_script(0xffffffffffffffff, 0x0, 0x8800000) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$SG_IO(0xffffffffffffffff, 0x2285, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8914, 0x0) r1 = open(&(0x7f00000001c0)='./file0\x00', 0x4e141, 0x0) r2 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x401ffc000) 11:12:57 executing program 2 (fault-call:5 fault-nth:2): getpid() syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = open(&(0x7f00000001c0)='./file0\x00', 0x4e141, 0x0) r1 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x401ffc000) [ 307.404015][T26651] RAX: ffffffffffffffda RBX: 00007fca7d108f80 RCX: 00007fca7d004739 [ 307.411982][T26651] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000003 [ 307.420044][T26651] RBP: 00007fca7ad7c1d0 R08: 0000000000000000 R09: 0000000000000000 [ 307.427997][T26651] R10: 0000000401ffc000 R11: 0000000000000246 R12: 0000000000000001 [ 307.435951][T26651] R13: 00007ffff87c0eff R14: 00007fca7ad7c300 R15: 0000000000022000 [ 307.482635][T26657] FAULT_INJECTION: forcing a failure. [ 307.482635][T26657] name failslab, interval 1, probability 0, space 0, times 0 [ 307.495285][T26657] CPU: 0 PID: 26657 Comm: syz-executor.2 Not tainted 5.15.0-rc1-syzkaller #0 [ 307.504101][T26657] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 307.514172][T26657] Call Trace: [ 307.517591][T26657] dump_stack_lvl+0xd6/0x122 [ 307.522208][T26657] dump_stack+0x11/0x1b [ 307.526382][T26657] should_fail+0x23c/0x250 [ 307.530874][T26657] ? kmalloc_array+0x2d/0x40 [ 307.535627][T26657] __should_failslab+0x81/0x90 [ 307.540661][T26657] should_failslab+0x5/0x20 [ 307.545180][T26657] __kmalloc+0x6f/0x350 [ 307.549443][T26657] kmalloc_array+0x2d/0x40 [ 307.553865][T26657] iter_file_splice_write+0xd5/0x790 [ 307.559233][T26657] ? atime_needs_update+0x2ba/0x390 [ 307.564505][T26657] ? touch_atime+0xe0/0x250 [ 307.569013][T26657] ? generic_file_splice_read+0x2ac/0x340 [ 307.574736][T26657] ? splice_from_pipe+0xd0/0xd0 [ 307.579672][T26657] direct_splice_actor+0x80/0xa0 [ 307.584626][T26657] splice_direct_to_actor+0x345/0x650 [ 307.590081][T26657] ? do_splice_direct+0x190/0x190 [ 307.595449][T26657] do_splice_direct+0x106/0x190 [ 307.600471][T26657] do_sendfile+0x63e/0xbb0 [ 307.605782][T26657] __x64_sys_sendfile64+0x102/0x140 [ 307.611389][T26657] do_syscall_64+0x44/0xa0 [ 307.615812][T26657] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 307.621748][T26657] RIP: 0033:0x7fca7d004739 11:12:57 executing program 5: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f00000000c0)='./file1\x00', 0x7aca, 0x1, &(0x7f00000002c0)=[{&(0x7f0000000180)="040005090000000066617400040409000200027400f801", 0x17}], 0x0, &(0x7f0000000080)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') r0 = open(&(0x7f00000000c0)='./file0\x00', 0x40c2, 0x0) write(r0, &(0x7f0000001400)="bb", 0x1001) r1 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r1, &(0x7f0000000300)=ANY=[], 0x116) sendfile(r1, r1, &(0x7f0000000240), 0x7fff) sendfile(r1, r0, &(0x7f0000000080), 0x684aa014) write$binfmt_script(r0, 0x0, 0x60) ioctl$FS_IOC_GETFSMAP(0xffffffffffffffff, 0xc0c0583b, &(0x7f0000000300)=ANY=[@ANYBLOB="000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000300000001000000ff00000000000000d71f1e0500000000080000000000000039000000000000000000000000000000000000000000000000000000000000009e0f0000c70000000800000000000000000000000000000000000000000000000200"/320]) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) gettid() wait4(0x0, 0x0, 0x4000000a, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000002c0)="0f34", 0x2}], 0x1, 0x0) [ 307.626158][T26657] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 307.646087][T26657] RSP: 002b:00007fca7ad7c188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 307.654494][T26657] RAX: ffffffffffffffda RBX: 00007fca7d108f80 RCX: 00007fca7d004739 [ 307.662474][T26657] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000003 [ 307.670440][T26657] RBP: 00007fca7ad7c1d0 R08: 0000000000000000 R09: 0000000000000000 11:12:57 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000240)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000040)=0x8) r2 = creat(&(0x7f0000000380)='./bus\x00', 0x0) r3 = open(&(0x7f00000000c0)='./bus\x00', 0x14d842, 0x0) sendfile(r3, 0xffffffffffffffff, 0x0, 0x80000001) lseek(r2, 0x7ffffc, 0x0) r4 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r4, &(0x7f0000000300)=ANY=[], 0x116) sendfile(r4, r4, &(0x7f0000000240), 0x7fff) inotify_init() r5 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) sendfile(r5, r5, &(0x7f0000000240), 0x7fff) [ 307.678438][T26657] R10: 0000000401ffc000 R11: 0000000000000246 R12: 0000000000000001 [ 307.686416][T26657] R13: 00007ffff87c0eff R14: 00007fca7ad7c300 R15: 0000000000022000 11:12:57 executing program 2 (fault-call:5 fault-nth:3): getpid() syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = open(&(0x7f00000001c0)='./file0\x00', 0x4e141, 0x0) r1 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x401ffc000) 11:12:57 executing program 0: r0 = syz_mount_image$msdos(&(0x7f0000000040), &(0x7f00000000c0)='./file1\x00', 0x7aca, 0x1, &(0x7f00000002c0)=[{&(0x7f0000000180)="040005090000000066617400040409000200027400f801", 0x17}], 0x0, &(0x7f0000000100)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') r1 = open(&(0x7f00000000c0)='./file0\x00', 0x40c2, 0x0) fdatasync(r0) write(r1, &(0x7f0000001400)="bb8f9f640903127a53527c6fbfe65d43b0e0586f2d40c7e7df58cac83420e83662d6e39bb6d5430622431454eedeeaee423d8f210bc3525fa7927c18d5fbc91ab13c2041136047d8da9375934d00f325499bfe77", 0x54) write$P9_RSTAT(r1, &(0x7f0000000240)={0x54, 0x7d, 0x0, {0x0, 0x4d, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0, 0x0, '', 0x6, 'msdos\x00', 0xa, '/dev/vcsu\x00', 0xa, '\\j}/*/|,\x13('}}, 0x54) [ 307.734116][T26674] loop0: detected capacity change from 0 to 61 [ 307.743875][T26675] loop4: detected capacity change from 0 to 262160 [ 307.799649][T26689] FAULT_INJECTION: forcing a failure. [ 307.799649][T26689] name failslab, interval 1, probability 0, space 0, times 0 [ 307.812498][T26689] CPU: 0 PID: 26689 Comm: syz-executor.2 Not tainted 5.15.0-rc1-syzkaller #0 [ 307.821549][T26689] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 307.831787][T26689] Call Trace: [ 307.835067][T26689] dump_stack_lvl+0xd6/0x122 [ 307.839665][T26689] dump_stack+0x11/0x1b [ 307.843936][T26689] should_fail+0x23c/0x250 [ 307.848377][T26689] __should_failslab+0x81/0x90 [ 307.853229][T26689] ? __iomap_dio_rw+0x139/0x1010 [ 307.858234][T26689] should_failslab+0x5/0x20 [ 307.862766][T26689] kmem_cache_alloc_trace+0x52/0x320 [ 307.868073][T26689] __iomap_dio_rw+0x139/0x1010 [ 307.872902][T26689] ? finish_task_switch+0xce/0x290 [ 307.878087][T26689] ? ext4_xattr_security_get+0x2e/0x40 [ 307.883563][T26689] ? ext4_initxattrs+0xb0/0xb0 [ 307.888442][T26689] ? __vfs_getxattr+0x264/0x280 [ 307.893306][T26689] iomap_dio_rw+0x30/0x70 [ 307.897659][T26689] ? ext4_file_write_iter+0x4a1/0x11f0 [ 307.903249][T26689] ext4_file_write_iter+0xabe/0x11f0 [ 307.908549][T26689] ? ext4_file_write_iter+0x4a1/0x11f0 [ 307.914027][T26689] do_iter_readv_writev+0x2de/0x380 [ 307.919362][T26689] do_iter_write+0x192/0x5c0 [ 307.924339][T26689] ? splice_from_pipe_next+0x34f/0x3b0 [ 307.929812][T26689] ? kmalloc_array+0x2d/0x40 [ 307.934506][T26689] vfs_iter_write+0x4c/0x70 [ 307.939099][T26689] iter_file_splice_write+0x43a/0x790 [ 307.944497][T26689] ? splice_from_pipe+0xd0/0xd0 [ 307.949362][T26689] direct_splice_actor+0x80/0xa0 [ 307.954518][T26689] splice_direct_to_actor+0x345/0x650 [ 307.959971][T26689] ? do_splice_direct+0x190/0x190 [ 307.965029][T26689] do_splice_direct+0x106/0x190 [ 307.969888][T26689] do_sendfile+0x63e/0xbb0 [ 307.974349][T26689] __x64_sys_sendfile64+0x102/0x140 [ 307.979602][T26689] do_syscall_64+0x44/0xa0 [ 307.984141][T26689] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 307.990143][T26689] RIP: 0033:0x7fca7d004739 [ 307.994627][T26689] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 308.014452][T26689] RSP: 002b:00007fca7ad7c188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 308.022863][T26689] RAX: ffffffffffffffda RBX: 00007fca7d108f80 RCX: 00007fca7d004739 [ 308.030874][T26689] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000003 [ 308.039007][T26689] RBP: 00007fca7ad7c1d0 R08: 0000000000000000 R09: 0000000000000000 [ 308.047057][T26689] R10: 0000000401ffc000 R11: 0000000000000246 R12: 0000000000000001 [ 308.055013][T26689] R13: 00007ffff87c0eff R14: 00007fca7ad7c300 R15: 0000000000022000 [ 308.087271][T26694] loop0: detected capacity change from 0 to 61 [ 308.101517][T26694] attempt to access beyond end of device [ 308.101517][T26694] loop0: rw=2049, want=64, limit=61 11:13:00 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000240)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) creat(&(0x7f0000000080)='./bus\x00', 0x0) syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) write$binfmt_script(0xffffffffffffffff, 0x0, 0x8800000) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$SG_IO(0xffffffffffffffff, 0x2285, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8914, 0x0) r1 = open(&(0x7f00000001c0)='./file0\x00', 0x4e141, 0x0) r2 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x401ffc000) 11:13:00 executing program 5: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f00000000c0)='./file1\x00', 0x7aca, 0x1, &(0x7f00000002c0)=[{&(0x7f0000000180)="040005090000000066617400040409000200027400f801", 0x17}], 0x0, &(0x7f0000000080)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') r0 = open(&(0x7f00000000c0)='./file0\x00', 0x40c2, 0x0) write(r0, &(0x7f0000001400)="bb", 0x1001) r1 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r1, &(0x7f0000000300)=ANY=[], 0x116) creat(&(0x7f0000000100)='./file1\x00', 0x1a2) sendfile(r1, r0, &(0x7f0000000080), 0x684aa014) write$binfmt_script(r0, 0x0, 0x60) ioctl$FS_IOC_GETFSMAP(0xffffffffffffffff, 0xc0c0583b, &(0x7f0000000300)=ANY=[@ANYBLOB="000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000300000001000000ff00000000000000d71f1e0500000000080000000000000039000000000000000000000000000000000000000000000000000000000000009e0f0000c70000000800000000000000000000000000000000000000000000000200"/320]) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) gettid() wait4(0x0, 0x0, 0x4000000a, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000002c0)="0f34", 0x2}], 0x1, 0x0) 11:13:00 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000240)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000040)=0x8) r2 = creat(&(0x7f0000000380)='./bus\x00', 0x0) r3 = open(&(0x7f00000000c0)='./bus\x00', 0x14d842, 0x0) sendfile(r3, 0xffffffffffffffff, 0x0, 0x80000001) lseek(r2, 0x7ffffc, 0x0) r4 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r4, &(0x7f0000000300)=ANY=[], 0x116) sendfile(r4, r4, &(0x7f0000000240), 0x7fff) inotify_init() r5 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) sendfile(r5, r5, &(0x7f0000000240), 0x7fff) 11:13:00 executing program 2 (fault-call:5 fault-nth:4): getpid() syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = open(&(0x7f00000001c0)='./file0\x00', 0x4e141, 0x0) r1 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x401ffc000) 11:13:00 executing program 3: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f00000000c0)='./file1\x00', 0x7aca, 0x1, &(0x7f00000002c0)=[{&(0x7f0000000180)="040005090000000066617400040409000200027400f801", 0x17}], 0x0, &(0x7f0000000080)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') write(0xffffffffffffffff, &(0x7f0000001400)="bb", 0x1001) r0 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r0, &(0x7f0000000300)=ANY=[], 0x116) sendfile(r0, r0, &(0x7f0000000240), 0x7fff) creat(&(0x7f0000000100)='./file1\x00', 0x1a2) sendfile(r0, 0xffffffffffffffff, &(0x7f0000000080), 0x684aa014) write$binfmt_script(0xffffffffffffffff, 0x0, 0x60) ioctl$FS_IOC_GETFSMAP(0xffffffffffffffff, 0xc0c0583b, &(0x7f0000000300)=ANY=[@ANYBLOB="000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000300000001000000ff00000000000000d71f1e0500000000080000000000000039000000000000000000000000000000000000000000000000000000000000009e0f0000c70000000800000000000000000000000000000000000000000000000200"/320]) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() wait4(0x0, 0x0, 0x4000000a, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000002c0)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r1, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0, 0x34}, {&(0x7f0000000000)=""/3, 0x3}], 0x3, 0x0, 0x0, 0x0) tkill(r1, 0x3c) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x48, &(0x7f0000000300)="f43970da7cfeb6d42fd55103666c5762306aa6000000006e59b65f92b10000c571b846e84785185abde7d01894a79025a799ce07a8bdf0c91d32be313b558a8b5a3ae6a22cd7123b"}}], 0x1c) 11:13:00 executing program 0: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f00000000c0)='./file1\x00', 0x7aca, 0x1, &(0x7f00000002c0)=[{&(0x7f0000000180)="040005090000000066617400040409000200027400f801", 0x17}], 0x0, &(0x7f0000000100)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') utime(&(0x7f0000000080)='./file1\x00', &(0x7f0000000100)={0x8, 0x3}) r0 = open(&(0x7f00000000c0)='./file0\x00', 0x40c2, 0x0) write(r0, &(0x7f0000001400)="bb8f9f640903127a53527c6fbfe65d43b0e0586f2d40c7e7df58cac83420e83662d6e39bb6d5430622431454eedeeaee423d8f210bc3525fa7927c18d5fbc91ab13c2041136047d8da9375934d00f325499bfe77", 0x54) write$P9_RSTAT(r0, &(0x7f0000000240)={0x54, 0x7d, 0x0, {0x0, 0x4d, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0, 0x0, '', 0x6, 'msdos\x00', 0xa, '/dev/vcsu\x00', 0xa, '\\j}/*/|,\x13('}}, 0x54) [ 309.942343][T26715] loop0: detected capacity change from 0 to 61 [ 309.947388][T26717] loop4: detected capacity change from 0 to 262160 [ 309.952243][T26719] FAULT_INJECTION: forcing a failure. [ 309.952243][T26719] name failslab, interval 1, probability 0, space 0, times 0 [ 309.967699][T26719] CPU: 0 PID: 26719 Comm: syz-executor.2 Not tainted 5.15.0-rc1-syzkaller #0 [ 309.976469][T26719] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 309.986522][T26719] Call Trace: [ 309.989811][T26719] dump_stack_lvl+0xd6/0x122 [ 309.994413][T26719] dump_stack+0x11/0x1b [ 309.998555][T26719] should_fail+0x23c/0x250 [ 310.002962][T26719] ? kcalloc+0x32/0x50 [ 310.007049][T26719] __should_failslab+0x81/0x90 [ 310.011805][T26719] should_failslab+0x5/0x20 [ 310.016478][T26719] __kmalloc+0x6f/0x350 [ 310.020661][T26719] kcalloc+0x32/0x50 [ 310.024552][T26719] ext4_find_extent+0x21c/0x7f0 [ 310.029495][T26719] ext4_ext_map_blocks+0x115/0x1ff0 [ 310.034679][T26719] ? __find_get_block+0x72d/0x930 [ 310.039793][T26719] ? ext4_es_lookup_extent+0x206/0x490 [ 310.045239][T26719] ext4_map_blocks+0x1cf/0xf00 [ 310.050009][T26719] ext4_iomap_begin+0x4b0/0x630 [ 310.054952][T26719] ? ext4_alloc_da_blocks+0xd0/0xd0 [ 310.060142][T26719] iomap_iter+0x39c/0x470 [ 310.064514][T26719] __iomap_dio_rw+0x698/0x1010 [ 310.069300][T26719] ? __vfs_getxattr+0x264/0x280 [ 310.074257][T26719] iomap_dio_rw+0x30/0x70 [ 310.078632][T26719] ? ext4_file_write_iter+0x4a1/0x11f0 [ 310.084110][T26719] ext4_file_write_iter+0xabe/0x11f0 [ 310.089384][T26719] ? ext4_file_write_iter+0x4a1/0x11f0 [ 310.094830][T26719] do_iter_readv_writev+0x2de/0x380 [ 310.100021][T26719] do_iter_write+0x192/0x5c0 [ 310.104630][T26719] ? splice_from_pipe_next+0x34f/0x3b0 [ 310.110260][T26719] ? kmalloc_array+0x2d/0x40 [ 310.114853][T26719] vfs_iter_write+0x4c/0x70 [ 310.119364][T26719] iter_file_splice_write+0x43a/0x790 [ 310.124727][T26719] ? splice_from_pipe+0xd0/0xd0 [ 310.129566][T26719] direct_splice_actor+0x80/0xa0 [ 310.134600][T26719] splice_direct_to_actor+0x345/0x650 [ 310.139960][T26719] ? do_splice_direct+0x190/0x190 [ 310.144978][T26719] do_splice_direct+0x106/0x190 [ 310.149946][T26719] do_sendfile+0x63e/0xbb0 [ 310.154355][T26719] __x64_sys_sendfile64+0x102/0x140 [ 310.159654][T26719] do_syscall_64+0x44/0xa0 [ 310.164062][T26719] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 310.169961][T26719] RIP: 0033:0x7fca7d004739 11:13:00 executing program 5: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f00000000c0)='./file1\x00', 0x7aca, 0x1, &(0x7f00000002c0)=[{&(0x7f0000000180)="040005090000000066617400040409000200027400f801", 0x17}], 0x0, &(0x7f0000000080)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') r0 = open(&(0x7f00000000c0)='./file0\x00', 0x40c2, 0x0) write(r0, &(0x7f0000001400)="bb", 0x1001) r1 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r1, &(0x7f0000000300)=ANY=[], 0x116) creat(&(0x7f0000000100)='./file1\x00', 0x1a2) sendfile(r1, r0, &(0x7f0000000080), 0x684aa014) write$binfmt_script(r0, 0x0, 0x60) ioctl$FS_IOC_GETFSMAP(0xffffffffffffffff, 0xc0c0583b, &(0x7f0000000300)=ANY=[@ANYBLOB="000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000300000001000000ff00000000000000d71f1e0500000000080000000000000039000000000000000000000000000000000000000000000000000000000000009e0f0000c70000000800000000000000000000000000000000000000000000000200"/320]) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) gettid() wait4(0x0, 0x0, 0x4000000a, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000002c0)="0f34", 0x2}], 0x1, 0x0) [ 310.174367][T26719] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 310.194045][T26719] RSP: 002b:00007fca7ad7c188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 310.202442][T26719] RAX: ffffffffffffffda RBX: 00007fca7d108f80 RCX: 00007fca7d004739 [ 310.210399][T26719] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000003 [ 310.218367][T26719] RBP: 00007fca7ad7c1d0 R08: 0000000000000000 R09: 0000000000000000 [ 310.226327][T26719] R10: 0000000401ffc000 R11: 0000000000000246 R12: 0000000000000001 [ 310.234320][T26719] R13: 00007ffff87c0eff R14: 00007fca7ad7c300 R15: 0000000000022000 11:13:00 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000240)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) creat(&(0x7f0000000080)='./bus\x00', 0x0) syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) write$binfmt_script(0xffffffffffffffff, 0x0, 0x8800000) r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0) ioctl$SG_IO(r1, 0x2285, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8914, 0x0) r2 = open(&(0x7f00000001c0)='./file0\x00', 0x4e141, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r2, r3, 0x0, 0x401ffc000) 11:13:00 executing program 5: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f00000000c0)='./file1\x00', 0x7aca, 0x1, &(0x7f00000002c0)=[{&(0x7f0000000180)="040005090000000066617400040409000200027400f801", 0x17}], 0x0, &(0x7f0000000080)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') r0 = open(&(0x7f00000000c0)='./file0\x00', 0x40c2, 0x0) write(r0, &(0x7f0000001400)="bb", 0x1001) r1 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r1, &(0x7f0000000300)=ANY=[], 0x116) creat(&(0x7f0000000100)='./file1\x00', 0x1a2) sendfile(r1, r0, &(0x7f0000000080), 0x684aa014) write$binfmt_script(r0, 0x0, 0x60) ioctl$FS_IOC_GETFSMAP(0xffffffffffffffff, 0xc0c0583b, &(0x7f0000000300)=ANY=[@ANYBLOB="000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000300000001000000ff00000000000000d71f1e0500000000080000000000000039000000000000000000000000000000000000000000000000000000000000009e0f0000c70000000800000000000000000000000000000000000000000000000200"/320]) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) gettid() wait4(0x0, 0x0, 0x4000000a, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000002c0)="0f34", 0x2}], 0x1, 0x0) [ 310.284002][T26715] FAT-fs (loop0): Unrecognized mount option "" or missing value 11:13:00 executing program 2 (fault-call:5 fault-nth:5): getpid() syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = open(&(0x7f00000001c0)='./file0\x00', 0x4e141, 0x0) r1 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x401ffc000) [ 310.336645][T26715] loop0: detected capacity change from 0 to 61 [ 310.351189][T26715] FAT-fs (loop0): Unrecognized mount option "" or missing value [ 310.388927][T26746] loop4: detected capacity change from 0 to 262160 [ 310.414430][T26753] FAULT_INJECTION: forcing a failure. [ 310.414430][T26753] name failslab, interval 1, probability 0, space 0, times 0 [ 310.427331][T26753] CPU: 0 PID: 26753 Comm: syz-executor.2 Not tainted 5.15.0-rc1-syzkaller #0 [ 310.436442][T26753] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 310.446700][T26753] Call Trace: [ 310.449971][T26753] dump_stack_lvl+0xd6/0x122 [ 310.454581][T26753] dump_stack+0x11/0x1b [ 310.458735][T26753] should_fail+0x23c/0x250 [ 310.463151][T26753] ? __es_insert_extent+0x51f/0xe70 [ 310.468378][T26753] __should_failslab+0x81/0x90 [ 310.473132][T26753] should_failslab+0x5/0x20 [ 310.477627][T26753] kmem_cache_alloc+0x4f/0x300 [ 310.482402][T26753] __es_insert_extent+0x51f/0xe70 [ 310.487534][T26753] ext4_es_insert_extent+0x1cb/0x1950 [ 310.492977][T26753] ext4_ext_map_blocks+0x100a/0x1ff0 [ 310.498427][T26753] ? __find_get_block+0x72d/0x930 [ 310.503445][T26753] ext4_map_blocks+0x1cf/0xf00 [ 310.508219][T26753] ? crypto_shash_update+0x13c/0x1a0 [ 310.513524][T26753] ext4_iomap_begin+0x4b0/0x630 [ 310.518401][T26753] ? ext4_alloc_da_blocks+0xd0/0xd0 [ 310.523609][T26753] iomap_iter+0x39c/0x470 [ 310.528005][T26753] __iomap_dio_rw+0x698/0x1010 [ 310.532763][T26753] ? __ext4_mark_inode_dirty+0x501/0x5c0 [ 310.538493][T26753] iomap_dio_rw+0x30/0x70 [ 310.542815][T26753] ? ext4_file_write_iter+0x4a1/0x11f0 [ 310.548360][T26753] ext4_file_write_iter+0xabe/0x11f0 [ 310.553728][T26753] ? ext4_file_write_iter+0x4a1/0x11f0 [ 310.559231][T26753] do_iter_readv_writev+0x2de/0x380 [ 310.564606][T26753] do_iter_write+0x192/0x5c0 [ 310.569199][T26753] ? splice_from_pipe_next+0x34f/0x3b0 [ 310.574643][T26753] ? kmalloc_array+0x2d/0x40 [ 310.579243][T26753] vfs_iter_write+0x4c/0x70 [ 310.583773][T26753] iter_file_splice_write+0x43a/0x790 [ 310.589276][T26753] ? splice_from_pipe+0xd0/0xd0 [ 310.594243][T26753] direct_splice_actor+0x80/0xa0 [ 310.599200][T26753] splice_direct_to_actor+0x345/0x650 [ 310.604570][T26753] ? do_splice_direct+0x190/0x190 [ 310.609590][T26753] do_splice_direct+0x106/0x190 [ 310.614542][T26753] do_sendfile+0x63e/0xbb0 [ 310.618968][T26753] __x64_sys_sendfile64+0x102/0x140 [ 310.624168][T26753] do_syscall_64+0x44/0xa0 [ 310.628763][T26753] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 310.634652][T26753] RIP: 0033:0x7fca7d004739 [ 310.639232][T26753] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 310.658850][T26753] RSP: 002b:00007fca7ad7c188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 310.667262][T26753] RAX: ffffffffffffffda RBX: 00007fca7d108f80 RCX: 00007fca7d004739 [ 310.675321][T26753] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000003 11:13:00 executing program 0: r0 = syz_mount_image$msdos(&(0x7f0000000040), &(0x7f00000000c0)='./file1\x00', 0x7aca, 0x1, &(0x7f00000002c0)=[{&(0x7f0000000180)="040005090000000066617400040409000200027400f801", 0x17}], 0x0, &(0x7f0000000100)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') r1 = open(&(0x7f0000000080)='./file0/file0\x00', 0x10100, 0x77) r2 = signalfd4(r0, &(0x7f00000001c0)={[0x8]}, 0x8, 0x80800) creat(&(0x7f0000000200)='./file1\x00', 0x10) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000300)={0x0, 0x0, 0x0}, &(0x7f0000000340)=0xc) mount$9p_fd(0x0, &(0x7f0000000100)='./file1\x00', &(0x7f0000000140), 0x200040, &(0x7f0000000480)=ANY=[@ANYBLOB="7472616e733d66642c7266646e6f3de3e9fa3c2cb0525f1ed92e990f16ba60ec8fafaadc088c548a2ac0f87cb33e46e2ef892bf1467a0aec0ef277699bf07431e393f2ab85df7382d1d89d34789a00"/90, @ANYRESHEX=r2, @ANYBLOB=',wfdno=', @ANYRESHEX=r1, @ANYBLOB=',access=user,nodevmap,dfltgid=', @ANYRESHEX=r3, @ANYBLOB=',access=user,rootcontext=staff_u,\x00']) r4 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000380), 0x410000, 0x0) epoll_pwait(r4, &(0x7f00000003c0)=[{}, {}, {}, {}, {}, {}, {}, {}, {}, {}], 0xa, 0x1, &(0x7f0000000440)={[0x200]}, 0x8) r5 = open(&(0x7f00000000c0)='./file0\x00', 0x40c2, 0x0) write(r5, &(0x7f0000001400)="bb8f9f640903127a53527c6fbfe65d43b0e0586f2d40c7e7df58cac83420e83662d6e39bb6d5430622431454eedeeaee423d8f210bc3525fa7927c18d5fbc91ab13c2041136047d8da9375934d00f325499bfe77", 0x54) write$P9_RSTAT(r5, &(0x7f0000000240)={0x54, 0x7d, 0x0, {0x0, 0x4d, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0, 0x0, '', 0x6, 'msdos\x00', 0xa, '/dev/vcsu\x00', 0xa, '\\j}/*/|,\x13('}}, 0x54) 11:13:00 executing program 5: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f00000000c0)='./file1\x00', 0x7aca, 0x1, &(0x7f00000002c0)=[{&(0x7f0000000180)="040005090000000066617400040409000200027400f801", 0x17}], 0x0, &(0x7f0000000080)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') r0 = open(&(0x7f00000000c0)='./file0\x00', 0x40c2, 0x0) write(r0, &(0x7f0000001400)="bb", 0x1001) r1 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) sendfile(r1, r1, &(0x7f0000000240), 0x7fff) creat(&(0x7f0000000100)='./file1\x00', 0x1a2) sendfile(r1, r0, &(0x7f0000000080), 0x684aa014) write$binfmt_script(r0, 0x0, 0x60) ioctl$FS_IOC_GETFSMAP(0xffffffffffffffff, 0xc0c0583b, &(0x7f0000000300)=ANY=[@ANYBLOB="000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000300000001000000ff00000000000000d71f1e0500000000080000000000000039000000000000000000000000000000000000000000000000000000000000009e0f0000c70000000800000000000000000000000000000000000000000000000200"/320]) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) gettid() wait4(0x0, 0x0, 0x4000000a, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000002c0)="0f34", 0x2}], 0x1, 0x0) 11:13:00 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000240)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000040)=0x8) r2 = creat(&(0x7f0000000380)='./bus\x00', 0x0) r3 = open(&(0x7f00000000c0)='./bus\x00', 0x14d842, 0x0) sendfile(r3, 0xffffffffffffffff, 0x0, 0x80000001) lseek(r2, 0x7ffffc, 0x0) r4 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r4, &(0x7f0000000300)=ANY=[], 0x116) sendfile(r4, r4, &(0x7f0000000240), 0x7fff) r5 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) sendfile(r5, r5, &(0x7f0000000240), 0x7fff) [ 310.683289][T26753] RBP: 00007fca7ad7c1d0 R08: 0000000000000000 R09: 0000000000000000 [ 310.691361][T26753] R10: 0000000401ffc000 R11: 0000000000000246 R12: 0000000000000001 [ 310.699326][T26753] R13: 00007ffff87c0eff R14: 00007fca7ad7c300 R15: 0000000000022000 11:13:00 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000240)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) creat(&(0x7f0000000080)='./bus\x00', 0x0) syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) write$binfmt_script(0xffffffffffffffff, 0x0, 0x8800000) r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0) ioctl$SG_IO(r1, 0x2285, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8914, 0x0) r2 = open(&(0x7f00000001c0)='./file0\x00', 0x4e141, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r2, r3, 0x0, 0x401ffc000) 11:13:00 executing program 2 (fault-call:5 fault-nth:6): getpid() syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = open(&(0x7f00000001c0)='./file0\x00', 0x4e141, 0x0) r1 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x401ffc000) 11:13:00 executing program 5: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f00000000c0)='./file1\x00', 0x7aca, 0x1, &(0x7f00000002c0)=[{&(0x7f0000000180)="040005090000000066617400040409000200027400f801", 0x17}], 0x0, &(0x7f0000000080)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') r0 = open(&(0x7f00000000c0)='./file0\x00', 0x40c2, 0x0) write(r0, &(0x7f0000001400)="bb", 0x1001) r1 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) sendfile(r1, r1, &(0x7f0000000240), 0x7fff) creat(&(0x7f0000000100)='./file1\x00', 0x1a2) sendfile(r1, r0, &(0x7f0000000080), 0x684aa014) write$binfmt_script(r0, 0x0, 0x60) ioctl$FS_IOC_GETFSMAP(0xffffffffffffffff, 0xc0c0583b, &(0x7f0000000300)=ANY=[@ANYBLOB="000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000300000001000000ff00000000000000d71f1e0500000000080000000000000039000000000000000000000000000000000000000000000000000000000000009e0f0000c70000000800000000000000000000000000000000000000000000000200"/320]) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) gettid() wait4(0x0, 0x0, 0x4000000a, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000002c0)="0f34", 0x2}], 0x1, 0x0) [ 310.775849][T26767] loop0: detected capacity change from 0 to 61 [ 310.805090][T26767] 9pnet: Insufficient options for proto=fd [ 310.833603][T26767] attempt to access beyond end of device [ 310.833603][T26767] loop0: rw=2049, want=64, limit=61 [ 310.834638][T26782] FAULT_INJECTION: forcing a failure. [ 310.834638][T26782] name failslab, interval 1, probability 0, space 0, times 0 [ 310.857416][T26782] CPU: 1 PID: 26782 Comm: syz-executor.2 Not tainted 5.15.0-rc1-syzkaller #0 [ 310.866269][T26782] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 310.876325][T26782] Call Trace: [ 310.879624][T26782] dump_stack_lvl+0xd6/0x122 [ 310.884228][T26782] dump_stack+0x11/0x1b [ 310.888388][T26782] should_fail+0x23c/0x250 [ 310.892805][T26782] ? kcalloc+0x32/0x50 [ 310.896924][T26782] __should_failslab+0x81/0x90 [ 310.901697][T26782] should_failslab+0x5/0x20 [ 310.905380][T26787] 9pnet: Insufficient options for proto=fd [ 310.906461][T26782] __kmalloc+0x6f/0x350 [ 310.906485][T26782] kcalloc+0x32/0x50 [ 310.920542][T26782] ext4_find_extent+0x21c/0x7f0 [ 310.925419][T26782] ? kfree+0xf8/0x1d0 [ 310.929456][T26782] ext4_ext_map_blocks+0x115/0x1ff0 [ 310.934714][T26782] ? finish_task_switch+0xce/0x290 [ 310.939844][T26782] ? __schedule+0x435/0x680 [ 310.944356][T26782] ? __find_get_block+0x85c/0x930 [ 310.947798][T26791] loop4: detected capacity change from 0 to 262160 [ 310.949438][T26782] ext4_map_blocks+0x71e/0xf00 [ 310.960787][T26782] ext4_iomap_begin+0x4b0/0x630 [ 310.965649][T26782] ? ext4_alloc_da_blocks+0xd0/0xd0 [ 310.970851][T26782] iomap_iter+0x39c/0x470 [ 310.975246][T26782] __iomap_dio_rw+0x698/0x1010 [ 310.980018][T26782] ? __vfs_getxattr+0x264/0x280 [ 310.984869][T26782] iomap_dio_rw+0x30/0x70 [ 310.989256][T26782] ? ext4_file_write_iter+0x4a1/0x11f0 [ 310.994793][T26782] ext4_file_write_iter+0xabe/0x11f0 [ 311.000106][T26782] ? ext4_file_write_iter+0x4a1/0x11f0 [ 311.005570][T26782] do_iter_readv_writev+0x2de/0x380 [ 311.010782][T26782] do_iter_write+0x192/0x5c0 [ 311.015375][T26782] ? splice_from_pipe_next+0x34f/0x3b0 [ 311.020943][T26782] ? kmalloc_array+0x2d/0x40 [ 311.025662][T26782] vfs_iter_write+0x4c/0x70 [ 311.030289][T26782] iter_file_splice_write+0x43a/0x790 [ 311.035675][T26782] ? splice_from_pipe+0xd0/0xd0 [ 311.040543][T26782] direct_splice_actor+0x80/0xa0 [ 311.045484][T26782] splice_direct_to_actor+0x345/0x650 [ 311.050913][T26782] ? do_splice_direct+0x190/0x190 [ 311.056030][T26782] do_splice_direct+0x106/0x190 [ 311.060889][T26782] do_sendfile+0x63e/0xbb0 [ 311.065359][T26782] __x64_sys_sendfile64+0x102/0x140 [ 311.070653][T26782] do_syscall_64+0x44/0xa0 [ 311.075098][T26782] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 311.081033][T26782] RIP: 0033:0x7fca7d004739 [ 311.085433][T26782] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 311.105199][T26782] RSP: 002b:00007fca7ad7c188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 311.113993][T26782] RAX: ffffffffffffffda RBX: 00007fca7d108f80 RCX: 00007fca7d004739 [ 311.122077][T26782] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000003 [ 311.130057][T26782] RBP: 00007fca7ad7c1d0 R08: 0000000000000000 R09: 0000000000000000 [ 311.138020][T26782] R10: 0000000401ffc000 R11: 0000000000000246 R12: 0000000000000001 [ 311.146075][T26782] R13: 00007ffff87c0eff R14: 00007fca7ad7c300 R15: 0000000000022000 11:13:03 executing program 3: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f00000000c0)='./file1\x00', 0x7aca, 0x1, &(0x7f00000002c0)=[{&(0x7f0000000180)="040005090000000066617400040409000200027400f801", 0x17}], 0x0, &(0x7f0000000080)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') write(0xffffffffffffffff, &(0x7f0000001400)="bb", 0x1001) r0 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r0, &(0x7f0000000300)=ANY=[], 0x116) sendfile(r0, r0, &(0x7f0000000240), 0x7fff) creat(&(0x7f0000000100)='./file1\x00', 0x1a2) sendfile(r0, 0xffffffffffffffff, &(0x7f0000000080), 0x684aa014) write$binfmt_script(0xffffffffffffffff, 0x0, 0x60) ioctl$FS_IOC_GETFSMAP(0xffffffffffffffff, 0xc0c0583b, &(0x7f0000000300)=ANY=[@ANYBLOB="000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000300000001000000ff00000000000000d71f1e0500000000080000000000000039000000000000000000000000000000000000000000000000000000000000009e0f0000c70000000800000000000000000000000000000000000000000000000200"/320]) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() wait4(0x0, 0x0, 0x4000000a, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000002c0)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r1, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0, 0x34}, {&(0x7f0000000000)=""/3, 0x3}], 0x3, 0x0, 0x0, 0x0) tkill(r1, 0x3c) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x48, &(0x7f0000000300)="f43970da7cfeb6d42fd55103666c5762306aa6000000006e59b65f92b10000c571b846e84785185abde7d01894a79025a799ce07a8bdf0c91d32be313b558a8b5a3ae6a22cd7123b"}}], 0x1c) 11:13:03 executing program 5: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f00000000c0)='./file1\x00', 0x7aca, 0x1, &(0x7f00000002c0)=[{&(0x7f0000000180)="040005090000000066617400040409000200027400f801", 0x17}], 0x0, &(0x7f0000000080)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') r0 = open(&(0x7f00000000c0)='./file0\x00', 0x40c2, 0x0) write(r0, &(0x7f0000001400)="bb", 0x1001) r1 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) sendfile(r1, r1, &(0x7f0000000240), 0x7fff) creat(&(0x7f0000000100)='./file1\x00', 0x1a2) sendfile(r1, r0, &(0x7f0000000080), 0x684aa014) write$binfmt_script(r0, 0x0, 0x60) ioctl$FS_IOC_GETFSMAP(0xffffffffffffffff, 0xc0c0583b, &(0x7f0000000300)=ANY=[@ANYBLOB="000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000300000001000000ff00000000000000d71f1e0500000000080000000000000039000000000000000000000000000000000000000000000000000000000000009e0f0000c70000000800000000000000000000000000000000000000000000000200"/320]) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) gettid() wait4(0x0, 0x0, 0x4000000a, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000002c0)="0f34", 0x2}], 0x1, 0x0) 11:13:03 executing program 0: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f00000000c0)='./file1\x00', 0x7aca, 0x1, &(0x7f00000002c0)=[{&(0x7f0000000180)="040005090000000066617400040409000200027400f801", 0x17}], 0x0, &(0x7f0000000100)=ANY=[]) set_mempolicy(0x1, 0x0, 0x0) ioperm(0x0, 0x400, 0x9) set_mempolicy(0x2, &(0x7f0000000080)=0x15e, 0x9) chdir(&(0x7f0000000000)='./file1\x00') r0 = open(&(0x7f00000000c0)='./file0\x00', 0x40c2, 0x0) write(r0, &(0x7f0000001400)="bb8f9f640903127a53527c6fbfe65d43b0e0586f2d40c7e7df58cac83420e83662d6e39bb6d5430622431454eedeeaee423d8f210bc3525fa7927c18d5fbc91ab13c2041136047d8da9375934d00f325499bfe77", 0x54) write$P9_RSTAT(r0, &(0x7f0000000240)={0x54, 0x7d, 0x0, {0x0, 0x4d, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0, 0x0, '', 0x6, 'msdos\x00', 0xa, '/dev/vcsu\x00', 0xa, '\\j}/*/|,\x13('}}, 0x54) ioperm(0x401, 0x6ecd, 0x8) 11:13:03 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000240)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) creat(&(0x7f0000000080)='./bus\x00', 0x0) syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) write$binfmt_script(0xffffffffffffffff, 0x0, 0x8800000) r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0) ioctl$SG_IO(r1, 0x2285, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8914, 0x0) r2 = open(&(0x7f00000001c0)='./file0\x00', 0x4e141, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r2, r3, 0x0, 0x401ffc000) 11:13:03 executing program 2 (fault-call:5 fault-nth:7): getpid() syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = open(&(0x7f00000001c0)='./file0\x00', 0x4e141, 0x0) r1 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x401ffc000) 11:13:03 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000240)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000040)=0x8) r2 = creat(&(0x7f0000000380)='./bus\x00', 0x0) r3 = open(&(0x7f00000000c0)='./bus\x00', 0x14d842, 0x0) sendfile(r3, 0xffffffffffffffff, 0x0, 0x80000001) lseek(r2, 0x7ffffc, 0x0) r4 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) sendfile(r4, r4, &(0x7f0000000240), 0x7fff) r5 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) sendfile(r5, r5, &(0x7f0000000240), 0x7fff) 11:13:03 executing program 5: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f00000000c0)='./file1\x00', 0x7aca, 0x1, &(0x7f00000002c0)=[{&(0x7f0000000180)="040005090000000066617400040409000200027400f801", 0x17}], 0x0, &(0x7f0000000080)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') r0 = open(&(0x7f00000000c0)='./file0\x00', 0x40c2, 0x0) write(r0, &(0x7f0000001400)="bb", 0x1001) write$P9_RREADLINK(0xffffffffffffffff, &(0x7f0000000300)=ANY=[], 0x116) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000240), 0x7fff) creat(&(0x7f0000000100)='./file1\x00', 0x1a2) sendfile(0xffffffffffffffff, r0, &(0x7f0000000080), 0x684aa014) write$binfmt_script(r0, 0x0, 0x60) ioctl$FS_IOC_GETFSMAP(0xffffffffffffffff, 0xc0c0583b, &(0x7f0000000300)=ANY=[@ANYBLOB="000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000300000001000000ff00000000000000d71f1e0500000000080000000000000039000000000000000000000000000000000000000000000000000000000000009e0f0000c70000000800000000000000000000000000000000000000000000000200"/320]) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) gettid() wait4(0x0, 0x0, 0x4000000a, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000002c0)="0f34", 0x2}], 0x1, 0x0) 11:13:03 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000240)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000040)=0x8) r2 = creat(&(0x7f0000000380)='./bus\x00', 0x0) r3 = open(&(0x7f00000000c0)='./bus\x00', 0x14d842, 0x0) sendfile(r3, 0xffffffffffffffff, 0x0, 0x80000001) lseek(r2, 0x7ffffc, 0x0) r4 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) sendfile(r4, r4, &(0x7f0000000240), 0x7fff) r5 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) sendfile(r5, r5, &(0x7f0000000240), 0x7fff) [ 312.958866][T26814] loop0: detected capacity change from 0 to 61 [ 312.970288][T26816] loop4: detected capacity change from 0 to 262160 [ 312.986115][T26818] FAULT_INJECTION: forcing a failure. [ 312.986115][T26818] name failslab, interval 1, probability 0, space 0, times 0 [ 312.998789][T26818] CPU: 1 PID: 26818 Comm: syz-executor.2 Not tainted 5.15.0-rc1-syzkaller #0 [ 313.007642][T26818] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 313.017696][T26818] Call Trace: [ 313.020979][T26818] dump_stack_lvl+0xd6/0x122 [ 313.025636][T26818] dump_stack+0x11/0x1b [ 313.029830][T26818] should_fail+0x23c/0x250 [ 313.034316][T26818] ? ext4_mb_new_blocks+0x317/0x1fc0 [ 313.039763][T26818] __should_failslab+0x81/0x90 [ 313.044718][T26818] should_failslab+0x5/0x20 [ 313.049225][T26818] kmem_cache_alloc+0x4f/0x300 [ 313.053994][T26818] ext4_mb_new_blocks+0x317/0x1fc0 [ 313.059109][T26818] ? ext4_find_extent+0x6cf/0x7f0 [ 313.064158][T26818] ? ext4_ext_search_right+0x300/0x540 [ 313.069602][T26818] ? ext4_inode_to_goal_block+0x1bd/0x1d0 [ 313.075372][T26818] ext4_ext_map_blocks+0x15ed/0x1ff0 [ 313.080710][T26818] ? __find_get_block+0x72d/0x930 [ 313.085726][T26818] ext4_map_blocks+0x71e/0xf00 [ 313.090604][T26818] ext4_iomap_begin+0x4b0/0x630 [ 313.095609][T26818] ? ext4_alloc_da_blocks+0xd0/0xd0 [ 313.101080][T26818] iomap_iter+0x39c/0x470 [ 313.105448][T26818] __iomap_dio_rw+0x698/0x1010 [ 313.110383][T26818] ? __vfs_getxattr+0x264/0x280 [ 313.115749][T26818] iomap_dio_rw+0x30/0x70 [ 313.120146][T26818] ? ext4_file_write_iter+0x4a1/0x11f0 [ 313.125712][T26818] ext4_file_write_iter+0xabe/0x11f0 [ 313.131076][T26818] ? ext4_file_write_iter+0x4a1/0x11f0 [ 313.136534][T26818] do_iter_readv_writev+0x2de/0x380 [ 313.141749][T26818] do_iter_write+0x192/0x5c0 [ 313.146431][T26818] ? splice_from_pipe_next+0x34f/0x3b0 [ 313.152034][T26818] ? kmalloc_array+0x2d/0x40 [ 313.156611][T26818] vfs_iter_write+0x4c/0x70 [ 313.161206][T26818] iter_file_splice_write+0x43a/0x790 [ 313.166586][T26818] ? splice_from_pipe+0xd0/0xd0 [ 313.171424][T26818] direct_splice_actor+0x80/0xa0 [ 313.176381][T26818] splice_direct_to_actor+0x345/0x650 [ 313.181830][T26818] ? do_splice_direct+0x190/0x190 [ 313.186860][T26818] do_splice_direct+0x106/0x190 [ 313.191932][T26818] do_sendfile+0x63e/0xbb0 [ 313.196342][T26818] __x64_sys_sendfile64+0x102/0x140 [ 313.201556][T26818] do_syscall_64+0x44/0xa0 [ 313.205968][T26818] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 313.211960][T26818] RIP: 0033:0x7fca7d004739 [ 313.216361][T26818] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 313.236013][T26818] RSP: 002b:00007fca7ad7c188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 313.244474][T26818] RAX: ffffffffffffffda RBX: 00007fca7d108f80 RCX: 00007fca7d004739 [ 313.252432][T26818] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000003 [ 313.260402][T26818] RBP: 00007fca7ad7c1d0 R08: 0000000000000000 R09: 0000000000000000 [ 313.268360][T26818] R10: 0000000401ffc000 R11: 0000000000000246 R12: 0000000000000001 [ 313.276325][T26818] R13: 00007ffff87c0eff R14: 00007fca7ad7c300 R15: 0000000000022000 11:13:03 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000240)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000040)=0x8) r2 = creat(&(0x7f0000000380)='./bus\x00', 0x0) r3 = open(&(0x7f00000000c0)='./bus\x00', 0x14d842, 0x0) sendfile(r3, 0xffffffffffffffff, 0x0, 0x80000001) lseek(r2, 0x7ffffc, 0x0) r4 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) sendfile(r4, r4, &(0x7f0000000240), 0x7fff) r5 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) sendfile(r5, r5, &(0x7f0000000240), 0x7fff) 11:13:03 executing program 5: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f00000000c0)='./file1\x00', 0x7aca, 0x1, &(0x7f00000002c0)=[{&(0x7f0000000180)="040005090000000066617400040409000200027400f801", 0x17}], 0x0, &(0x7f0000000080)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') r0 = open(&(0x7f00000000c0)='./file0\x00', 0x40c2, 0x0) write(r0, &(0x7f0000001400)="bb", 0x1001) write$P9_RREADLINK(0xffffffffffffffff, &(0x7f0000000300)=ANY=[], 0x116) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000240), 0x7fff) creat(&(0x7f0000000100)='./file1\x00', 0x1a2) sendfile(0xffffffffffffffff, r0, &(0x7f0000000080), 0x684aa014) write$binfmt_script(r0, 0x0, 0x60) ioctl$FS_IOC_GETFSMAP(0xffffffffffffffff, 0xc0c0583b, &(0x7f0000000300)=ANY=[@ANYBLOB="000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000300000001000000ff00000000000000d71f1e0500000000080000000000000039000000000000000000000000000000000000000000000000000000000000009e0f0000c70000000800000000000000000000000000000000000000000000000200"/320]) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) gettid() wait4(0x0, 0x0, 0x4000000a, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000002c0)="0f34", 0x2}], 0x1, 0x0) 11:13:03 executing program 2 (fault-call:5 fault-nth:8): getpid() syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = open(&(0x7f00000001c0)='./file0\x00', 0x4e141, 0x0) r1 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x401ffc000) 11:13:03 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000240)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000040)=0x8) r2 = creat(&(0x7f0000000380)='./bus\x00', 0x0) r3 = open(&(0x7f00000000c0)='./bus\x00', 0x14d842, 0x0) sendfile(r3, 0xffffffffffffffff, 0x0, 0x80000001) lseek(r2, 0x7ffffc, 0x0) write$P9_RREADLINK(0xffffffffffffffff, &(0x7f0000000300)=ANY=[], 0x116) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000240), 0x7fff) r4 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) sendfile(r4, r4, &(0x7f0000000240), 0x7fff) [ 313.410362][T26860] FAULT_INJECTION: forcing a failure. [ 313.410362][T26860] name failslab, interval 1, probability 0, space 0, times 0 [ 313.423097][T26860] CPU: 0 PID: 26860 Comm: syz-executor.2 Not tainted 5.15.0-rc1-syzkaller #0 [ 313.431866][T26860] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 313.441918][T26860] Call Trace: [ 313.445377][T26860] dump_stack_lvl+0xd6/0x122 [ 313.449971][T26860] dump_stack+0x11/0x1b [ 313.454181][T26860] should_fail+0x23c/0x250 [ 313.458612][T26860] ? __es_insert_extent+0x51f/0xe70 [ 313.463934][T26860] __should_failslab+0x81/0x90 [ 313.468762][T26860] should_failslab+0x5/0x20 [ 313.473260][T26860] kmem_cache_alloc+0x4f/0x300 [ 313.478328][T26860] __es_insert_extent+0x51f/0xe70 [ 313.483527][T26860] ext4_es_insert_extent+0x1cb/0x1950 [ 313.489127][T26860] ext4_map_blocks+0xa5d/0xf00 [ 313.493909][T26860] ext4_iomap_begin+0x4b0/0x630 [ 313.498858][T26860] ? ext4_alloc_da_blocks+0xd0/0xd0 [ 313.504224][T26860] iomap_iter+0x39c/0x470 [ 313.508595][T26860] __iomap_dio_rw+0x698/0x1010 [ 313.513561][T26860] ? __vfs_getxattr+0x264/0x280 [ 313.518598][T26860] iomap_dio_rw+0x30/0x70 [ 313.522951][T26860] ? ext4_file_write_iter+0x4a1/0x11f0 [ 313.528500][T26860] ext4_file_write_iter+0xabe/0x11f0 [ 313.533794][T26860] ? ext4_file_write_iter+0x4a1/0x11f0 [ 313.539342][T26860] do_iter_readv_writev+0x2de/0x380 [ 313.544738][T26860] do_iter_write+0x192/0x5c0 [ 313.549330][T26860] ? splice_from_pipe_next+0x34f/0x3b0 [ 313.554812][T26860] ? kmalloc_array+0x2d/0x40 [ 313.559537][T26860] vfs_iter_write+0x4c/0x70 [ 313.564456][T26860] iter_file_splice_write+0x43a/0x790 [ 313.569818][T26860] ? splice_from_pipe+0xd0/0xd0 [ 313.574662][T26860] direct_splice_actor+0x80/0xa0 [ 313.579697][T26860] splice_direct_to_actor+0x345/0x650 [ 313.585077][T26860] ? do_splice_direct+0x190/0x190 [ 313.590229][T26860] do_splice_direct+0x106/0x190 [ 313.595060][T26860] do_sendfile+0x63e/0xbb0 [ 313.599460][T26860] __x64_sys_sendfile64+0x102/0x140 [ 313.604665][T26860] do_syscall_64+0x44/0xa0 [ 313.609066][T26860] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 313.615037][T26860] RIP: 0033:0x7fca7d004739 [ 313.619431][T26860] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 313.639021][T26860] RSP: 002b:00007fca7ad7c188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 313.647428][T26860] RAX: ffffffffffffffda RBX: 00007fca7d108f80 RCX: 00007fca7d004739 [ 313.655772][T26860] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000003 [ 313.663763][T26860] RBP: 00007fca7ad7c1d0 R08: 0000000000000000 R09: 0000000000000000 [ 313.671725][T26860] R10: 0000000401ffc000 R11: 0000000000000246 R12: 0000000000000001 [ 313.679706][T26860] R13: 00007ffff87c0eff R14: 00007fca7ad7c300 R15: 0000000000022000 11:13:06 executing program 3: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f00000000c0)='./file1\x00', 0x7aca, 0x1, &(0x7f00000002c0)=[{&(0x7f0000000180)="040005090000000066617400040409000200027400f801", 0x17}], 0x0, &(0x7f0000000080)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') write(0xffffffffffffffff, &(0x7f0000001400)="bb", 0x1001) r0 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r0, &(0x7f0000000300)=ANY=[], 0x116) sendfile(r0, r0, &(0x7f0000000240), 0x7fff) creat(&(0x7f0000000100)='./file1\x00', 0x1a2) sendfile(r0, 0xffffffffffffffff, &(0x7f0000000080), 0x684aa014) write$binfmt_script(0xffffffffffffffff, 0x0, 0x60) ioctl$FS_IOC_GETFSMAP(0xffffffffffffffff, 0xc0c0583b, &(0x7f0000000300)=ANY=[@ANYBLOB="000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000300000001000000ff00000000000000d71f1e0500000000080000000000000039000000000000000000000000000000000000000000000000000000000000009e0f0000c70000000800000000000000000000000000000000000000000000000200"/320]) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() wait4(0x0, 0x0, 0x4000000a, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000002c0)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r1, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0, 0x34}, {&(0x7f0000000000)=""/3, 0x3}], 0x3, 0x0, 0x0, 0x0) tkill(r1, 0x3c) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x48, &(0x7f0000000300)="f43970da7cfeb6d42fd55103666c5762306aa6000000006e59b65f92b10000c571b846e84785185abde7d01894a79025a799ce07a8bdf0c91d32be313b558a8b5a3ae6a22cd7123b"}}], 0x1c) 11:13:06 executing program 5: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f00000000c0)='./file1\x00', 0x7aca, 0x1, &(0x7f00000002c0)=[{&(0x7f0000000180)="040005090000000066617400040409000200027400f801", 0x17}], 0x0, &(0x7f0000000080)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') r0 = open(&(0x7f00000000c0)='./file0\x00', 0x40c2, 0x0) write(r0, &(0x7f0000001400)="bb", 0x1001) write$P9_RREADLINK(0xffffffffffffffff, &(0x7f0000000300)=ANY=[], 0x116) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000240), 0x7fff) creat(&(0x7f0000000100)='./file1\x00', 0x1a2) sendfile(0xffffffffffffffff, r0, &(0x7f0000000080), 0x684aa014) write$binfmt_script(r0, 0x0, 0x60) ioctl$FS_IOC_GETFSMAP(0xffffffffffffffff, 0xc0c0583b, &(0x7f0000000300)=ANY=[@ANYBLOB="000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000300000001000000ff00000000000000d71f1e0500000000080000000000000039000000000000000000000000000000000000000000000000000000000000009e0f0000c70000000800000000000000000000000000000000000000000000000200"/320]) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) gettid() wait4(0x0, 0x0, 0x4000000a, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000002c0)="0f34", 0x2}], 0x1, 0x0) 11:13:06 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000240)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) creat(&(0x7f0000000080)='./bus\x00', 0x0) syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0) ioctl$SG_IO(r1, 0x2285, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8914, 0x0) r2 = open(&(0x7f00000001c0)='./file0\x00', 0x4e141, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r2, r3, 0x0, 0x401ffc000) 11:13:06 executing program 0: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f00000000c0)='./file1\x00', 0x7aca, 0x1, &(0x7f00000002c0)=[{&(0x7f0000000180)="040005090000000066617400040409000200027400f801", 0x17}], 0x0, &(0x7f0000000100)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') r0 = open(&(0x7f00000000c0)='./file0\x00', 0x40c2, 0x0) write(r0, &(0x7f0000001400)="bb8f9f640903127a53527c6fbfe65d43b0e0586f2d40c7e7df58cac83420e83662d6e39bb6d5430622431454eedeeaee423d8f210bc3525fa7927c18d5fbc91ab13c2041136047d8da9375934d00f325499bfe77", 0x54) write$P9_RSTAT(r0, &(0x7f0000000240)={0x54, 0x7d, 0x0, {0x0, 0x4d, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0, 0x0, '', 0x6, 'msdos\x00', 0xa, '/dev/vcsu\x00', 0xa, '\\j}/*/|,\x13('}}, 0x54) open(&(0x7f0000000080)='./file1\x00', 0x40, 0x0) 11:13:06 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000240)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000040)=0x8) r2 = creat(&(0x7f0000000380)='./bus\x00', 0x0) r3 = open(&(0x7f00000000c0)='./bus\x00', 0x14d842, 0x0) sendfile(r3, 0xffffffffffffffff, 0x0, 0x80000001) lseek(r2, 0x7ffffc, 0x0) write$P9_RREADLINK(0xffffffffffffffff, &(0x7f0000000300)=ANY=[], 0x116) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000240), 0x7fff) r4 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) sendfile(r4, r4, &(0x7f0000000240), 0x7fff) 11:13:06 executing program 2 (fault-call:5 fault-nth:9): getpid() syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = open(&(0x7f00000001c0)='./file0\x00', 0x4e141, 0x0) r1 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x401ffc000) [ 316.001486][T26882] FAULT_INJECTION: forcing a failure. [ 316.001486][T26882] name failslab, interval 1, probability 0, space 0, times 0 [ 316.010034][T26884] loop0: detected capacity change from 0 to 61 [ 316.014177][T26882] CPU: 1 PID: 26882 Comm: syz-executor.2 Not tainted 5.15.0-rc1-syzkaller #0 [ 316.014210][T26882] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 316.014220][T26882] Call Trace: [ 316.014227][T26882] dump_stack_lvl+0xd6/0x122 [ 316.047053][T26882] dump_stack+0x11/0x1b [ 316.051301][T26882] should_fail+0x23c/0x250 [ 316.055724][T26882] ? mempool_alloc_slab+0x16/0x20 [ 316.061062][T26882] __should_failslab+0x81/0x90 [ 316.065814][T26882] should_failslab+0x5/0x20 [ 316.070306][T26882] kmem_cache_alloc+0x4f/0x300 [ 316.075058][T26882] mempool_alloc_slab+0x16/0x20 [ 316.079896][T26882] ? mempool_free+0x130/0x130 [ 316.084557][T26882] mempool_alloc+0x9d/0x310 [ 316.089045][T26882] bio_alloc_bioset+0xcc/0x530 [ 316.093885][T26882] ? iov_iter_alignment+0x34b/0x370 [ 316.099154][T26882] iomap_dio_bio_iter+0x5e1/0xc00 [ 316.104187][T26882] __iomap_dio_rw+0x8d8/0x1010 [ 316.108972][T26882] iomap_dio_rw+0x30/0x70 [ 316.113310][T26882] ? ext4_file_write_iter+0x4a1/0x11f0 [ 316.118861][T26882] ext4_file_write_iter+0xabe/0x11f0 [ 316.124222][T26882] ? ext4_file_write_iter+0x4a1/0x11f0 [ 316.129747][T26882] do_iter_readv_writev+0x2de/0x380 [ 316.135378][T26882] do_iter_write+0x192/0x5c0 [ 316.139962][T26882] ? splice_from_pipe_next+0x34f/0x3b0 [ 316.145413][T26882] ? kmalloc_array+0x2d/0x40 [ 316.149992][T26882] vfs_iter_write+0x4c/0x70 [ 316.154573][T26882] iter_file_splice_write+0x43a/0x790 [ 316.160004][T26882] ? splice_from_pipe+0xd0/0xd0 [ 316.164849][T26882] direct_splice_actor+0x80/0xa0 [ 316.169773][T26882] splice_direct_to_actor+0x345/0x650 [ 316.175131][T26882] ? do_splice_direct+0x190/0x190 [ 316.180144][T26882] do_splice_direct+0x106/0x190 [ 316.184983][T26882] do_sendfile+0x63e/0xbb0 [ 316.189501][T26882] __x64_sys_sendfile64+0x102/0x140 [ 316.194727][T26882] do_syscall_64+0x44/0xa0 [ 316.199138][T26882] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 316.205031][T26882] RIP: 0033:0x7fca7d004739 [ 316.209479][T26882] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 316.229187][T26882] RSP: 002b:00007fca7ad7c188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 316.237604][T26882] RAX: ffffffffffffffda RBX: 00007fca7d108f80 RCX: 00007fca7d004739 11:13:06 executing program 5: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f00000000c0)='./file1\x00', 0x7aca, 0x1, &(0x7f00000002c0)=[{&(0x7f0000000180)="040005090000000066617400040409000200027400f801", 0x17}], 0x0, &(0x7f0000000080)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') r0 = open(&(0x7f00000000c0)='./file0\x00', 0x40c2, 0x0) r1 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r1, &(0x7f0000000300)=ANY=[], 0x116) sendfile(r1, r1, &(0x7f0000000240), 0x7fff) creat(&(0x7f0000000100)='./file1\x00', 0x1a2) sendfile(r1, r0, &(0x7f0000000080), 0x684aa014) write$binfmt_script(r0, 0x0, 0x60) ioctl$FS_IOC_GETFSMAP(0xffffffffffffffff, 0xc0c0583b, &(0x7f0000000300)=ANY=[@ANYBLOB="000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000300000001000000ff00000000000000d71f1e0500000000080000000000000039000000000000000000000000000000000000000000000000000000000000009e0f0000c70000000800000000000000000000000000000000000000000000000200"/320]) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) gettid() wait4(0x0, 0x0, 0x4000000a, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000002c0)="0f34", 0x2}], 0x1, 0x0) [ 316.245604][T26882] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000003 [ 316.253618][T26882] RBP: 00007fca7ad7c1d0 R08: 0000000000000000 R09: 0000000000000000 [ 316.261643][T26882] R10: 0000000401ffc000 R11: 0000000000000246 R12: 0000000000000002 [ 316.269614][T26882] R13: 00007ffff87c0eff R14: 00007fca7ad7c300 R15: 0000000000022000 [ 316.278305][T26881] loop4: detected capacity change from 0 to 262160 11:13:06 executing program 0: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f0000000080)='./file1/file0\x00', 0x7aca, 0x0, &(0x7f0000000300), 0x4040, &(0x7f0000000100)=ANY=[@ANYRESOCT]) chdir(&(0x7f0000000000)='./file1\x00') r0 = open(&(0x7f00000000c0)='./file0\x00', 0x40c2, 0x0) write(r0, &(0x7f0000001400)="bb8f9f640903127a53527c6fbfe65d43b0e0586f2d40c7e7df58cac83420e83662d6e39bb6d5430622431454eedeeaee423d8f210bc3525fa7927c18d5fbc91ab13c2041136047d8da9375934d00f325499bfe77", 0x54) write$P9_RSTAT(r0, &(0x7f0000000240)={0x54, 0x7d, 0x0, {0x0, 0x4d, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0, 0x0, '', 0x6, 'msdos\x00', 0xa, '/dev/vcsu\x00', 0xa, '\\j}/*/|,\x13('}}, 0x54) write$P9_RFLUSH(r0, &(0x7f0000000140)={0x7, 0x6d, 0x2}, 0x7) 11:13:06 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000240)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000040)=0x8) r2 = creat(&(0x7f0000000380)='./bus\x00', 0x0) r3 = open(&(0x7f00000000c0)='./bus\x00', 0x14d842, 0x0) sendfile(r3, 0xffffffffffffffff, 0x0, 0x80000001) lseek(r2, 0x7ffffc, 0x0) write$P9_RREADLINK(0xffffffffffffffff, &(0x7f0000000300)=ANY=[], 0x116) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000240), 0x7fff) r4 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) sendfile(r4, r4, &(0x7f0000000240), 0x7fff) 11:13:06 executing program 2 (fault-call:5 fault-nth:10): getpid() syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = open(&(0x7f00000001c0)='./file0\x00', 0x4e141, 0x0) r1 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x401ffc000) 11:13:06 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000240)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000040)=0x8) creat(&(0x7f0000000380)='./bus\x00', 0x0) r2 = open(&(0x7f00000000c0)='./bus\x00', 0x14d842, 0x0) sendfile(r2, 0xffffffffffffffff, 0x0, 0x80000001) r3 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r3, &(0x7f0000000300)=ANY=[], 0x116) sendfile(r3, r3, &(0x7f0000000240), 0x7fff) r4 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) sendfile(r4, r4, &(0x7f0000000240), 0x7fff) [ 316.446733][T26914] FAULT_INJECTION: forcing a failure. [ 316.446733][T26914] name failslab, interval 1, probability 0, space 0, times 0 [ 316.452486][T26920] loop0: detected capacity change from 0 to 61 [ 316.459653][T26914] CPU: 0 PID: 26914 Comm: syz-executor.2 Not tainted 5.15.0-rc1-syzkaller #0 [ 316.474719][T26914] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 316.484777][T26914] Call Trace: [ 316.488068][T26914] dump_stack_lvl+0xd6/0x122 [ 316.492656][T26914] dump_stack+0x11/0x1b [ 316.496836][T26914] should_fail+0x23c/0x250 [ 316.501249][T26914] __should_failslab+0x81/0x90 [ 316.506003][T26914] should_failslab+0x5/0x20 [ 316.510607][T26914] kmem_cache_alloc_node+0x61/0x2c0 [ 316.515808][T26914] ? create_task_io_context+0x36/0x210 [ 316.521300][T26914] create_task_io_context+0x36/0x210 [ 316.526668][T26914] submit_bio_checks+0x7c3/0x850 [ 316.531644][T26914] submit_bio_noacct+0x33/0x7d0 [ 316.536510][T26914] submit_bio+0x10c/0x190 [ 316.540837][T26914] iomap_dio_bio_iter+0x9c0/0xc00 [ 316.545859][T26914] __iomap_dio_rw+0x8d8/0x1010 [ 316.550782][T26914] iomap_dio_rw+0x30/0x70 [ 316.555198][T26914] ? ext4_file_write_iter+0x4a1/0x11f0 [ 316.560658][T26914] ext4_file_write_iter+0xabe/0x11f0 [ 316.565936][T26914] ? ext4_file_write_iter+0x4a1/0x11f0 [ 316.571555][T26914] ? kmalloc_array+0x2d/0x40 [ 316.576249][T26914] do_iter_readv_writev+0x2de/0x380 [ 316.581650][T26914] do_iter_write+0x192/0x5c0 [ 316.586247][T26914] ? splice_from_pipe_next+0x34f/0x3b0 [ 316.591722][T26914] ? kmalloc_array+0x2d/0x40 [ 316.596299][T26914] vfs_iter_write+0x4c/0x70 [ 316.600795][T26914] iter_file_splice_write+0x43a/0x790 [ 316.606267][T26914] ? splice_from_pipe+0xd0/0xd0 [ 316.611101][T26914] direct_splice_actor+0x80/0xa0 [ 316.616026][T26914] splice_direct_to_actor+0x345/0x650 [ 316.621388][T26914] ? do_splice_direct+0x190/0x190 [ 316.626401][T26914] do_splice_direct+0x106/0x190 [ 316.631238][T26914] do_sendfile+0x63e/0xbb0 [ 316.635646][T26914] __x64_sys_sendfile64+0x102/0x140 [ 316.640910][T26914] do_syscall_64+0x44/0xa0 [ 316.645342][T26914] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 316.651248][T26914] RIP: 0033:0x7fca7d004739 [ 316.655675][T26914] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 316.675372][T26914] RSP: 002b:00007fca7ad7c188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 316.683820][T26914] RAX: ffffffffffffffda RBX: 00007fca7d108f80 RCX: 00007fca7d004739 11:13:06 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000240)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000040)=0x8) creat(&(0x7f0000000380)='./bus\x00', 0x0) r2 = open(&(0x7f00000000c0)='./bus\x00', 0x14d842, 0x0) sendfile(r2, 0xffffffffffffffff, 0x0, 0x80000001) r3 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r3, &(0x7f0000000300)=ANY=[], 0x116) sendfile(r3, r3, &(0x7f0000000240), 0x7fff) r4 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) sendfile(r4, r4, &(0x7f0000000240), 0x7fff) [ 316.691799][T26914] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000003 [ 316.700378][T26914] RBP: 00007fca7ad7c1d0 R08: 0000000000000000 R09: 0000000000000000 [ 316.708340][T26914] R10: 0000000401ffc000 R11: 0000000000000246 R12: 0000000000000002 [ 316.716313][T26914] R13: 00007ffff87c0eff R14: 00007fca7ad7c300 R15: 0000000000022000 [ 316.773374][T26920] loop0: detected capacity change from 0 to 61 11:13:09 executing program 2 (fault-call:5 fault-nth:11): getpid() syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = open(&(0x7f00000001c0)='./file0\x00', 0x4e141, 0x0) r1 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x401ffc000) 11:13:09 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000240)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) creat(&(0x7f0000000080)='./bus\x00', 0x0) syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0) ioctl$SG_IO(r1, 0x2285, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8914, 0x0) r2 = open(&(0x7f00000001c0)='./file0\x00', 0x4e141, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r2, r3, 0x0, 0x401ffc000) 11:13:09 executing program 0: r0 = syz_mount_image$msdos(&(0x7f0000000040), &(0x7f00000000c0)='./file1\x00', 0x7aca, 0x1, &(0x7f00000002c0)=[{&(0x7f0000000180)="040005090000000066617400040409000200027400f801", 0x17}], 0x0, &(0x7f0000000100)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') r1 = open(&(0x7f00000000c0)='./file0\x00', 0x40c2, 0x0) write(r1, &(0x7f0000001400)="bb8f9f640903127a53527c6fbfe65d43b0e0586f2d40c7e7df58cac83420e83662d6e39bb6d5430622431454eedeeaee423d8f210bc3525fa7927c18d5fbc91ab13c2041136047d8da9375934d00f325499bfe77", 0x54) write$P9_RSTAT(r1, &(0x7f0000000240)={0x54, 0x7d, 0x0, {0x0, 0x4d, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0, 0x0, '', 0x6, 'msdos\x00', 0xa, '/dev/vcsu\x00', 0xa, '\\j}/*/|,\x13('}}, 0x54) r2 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000080), 0xc0800, 0x0) r3 = openat$thread_pidfd(0xffffffffffffff9c, &(0x7f0000000100), 0x101180, 0x0) ioctl$BTRFS_IOC_SET_RECEIVED_SUBVOL(r0, 0xc0c89425, &(0x7f0000000300)={"3a13917bc7e3c47ee1c6831773377ebe", 0x0, 0x0, {0x7fffffff, 0x4}, {0x8000, 0x1}, 0x6, [0x6, 0x96, 0x9, 0x8001, 0x80000000, 0x5, 0x8, 0x2, 0x2, 0x5, 0x401, 0x3, 0x2, 0xd7cd, 0x7cb, 0x3]}) ioctl$BTRFS_IOC_SUBVOL_CREATE_V2(r2, 0x50009418, &(0x7f0000000400)={{r3}, r4, 0x16, @unused=[0x101, 0x2, 0x2, 0xe08], @name="2720eb1a55ee84a891046386a955fb3e56e990b4b46d7dd77a01cae423233ff972bb084e1e12acbaed09a0360ea5a0f5e6d1ddb22aa3346c848a750320008314e86a2cbaa7320288bf1c213dde254f264e81c9648376087009362374ffb6a2dc09f08bfd4e9601c87089180b9ec5944867ce60c58e5ab3e24a1b80a5843846720fb6e2d2508e6542ae7a20c476182e1b77ca94b87ae115c429c7fd1c1719c07961f8822b4f52661462cc10dbd3d348493284fbdd7b78f3787a1cb0717d36fc72b0f757a1a5e0e0ecd54af7600f8a6eeaec0ffbee26940305b3a8367c2c286d1d44fc13694b481cad8da6d5d387d270b629d2061b6f7bf71c73d4d79b57e5edd7b5ce676a11626b9727b62842db7c7b9845b65882d419e4d59a154ac60befef2b0f855e627b2eac76c055170843ad28b04ba76eb3a285baafa5c42a56b21dd69a579a73b534bd5eb768a9330e9aad54de63d5bf78141c61dc719a620434ca9babc940ef478ae72dda57fc2bc90da92a6cad646a5b2272bd35d044599d8932e521da6b5c356bd281d15241fab48d8fe38dd1008568170fad8b51389dc888e78e428b8ddb6cfbbd8764003fd6382fa895885c257763f2d36ada4ce08a2da270151305c2e194cae0a85e25b819e1d1439cd686a87977cc8e1bb03a47ff5433a68e6976e07f593894801251b7dd2f4bc78ac5bc8ea533913363c97b5ff1a31030030d82ae34804f38e07b1f9f68dcc70d482566bd392d75dcf0901b80839b3556092e6ae77e826009e7c5347f11fac581aabb4774a77db9221b6e4183cd61be174dd66ae3a0e34495fb94922b210df78a79e317c06d9d86724c3fe96c4767bb50da7cff4fef146699c5f2e0d5210b593009f1955af5a3b408bea8db22e14fec4da29c27b6b3886ece2cab3e717b68432927cbf3b71d87d8a03f065cc8451bb411a3cbf7fdba2d9b19986ca773767cedd70ddcc355f25fe2042e919a23b3d6efd1849e78e822c6faf39bdb6364ec29f336b87de166886fef7dc2f279a55e9e1917b6ab8d697aca0631d1c92a5a0b766d61c106340a99fa3b4d59aada4fd3f5490b40ecbe3eb9f586f848c6968b3ac477587a36917d8baff843b05a98d011e612c47ff81cbe5fdf0d55c8c6db12e19326a340f63e65d6a416630f9b6e6bfb3d22329feeb75addf2c5d5d0a914175655342fce76a971ff0f5e3cb16e686ac679f3e4612fb17f2b7f00f10973f612af22e337e81f3357d1c42e4b6f60072b9c2dfa485c1876f3bd71d2617f7ffdf32a24fc14feed439569560e287ed27068c72d8519c47e65666d52453757a7af8fd7e0c909f007a1b675cf4afcf609070a77aa478983d71db29c7d4710de858ec6edc17f193d3203e3434538b8286c1fbc01755bd85892e93e9cf442714f1534745aeb2dfda587ac13d192dab3bd2302c823935efba34d94107695b8c2b159eab188029ede949d1235a2abc8f1d294a620b8dd348c6c80f97212558fa1a1d612b1b1e229ae9b06a196352b6e2905020dda671439b50db7d6bebf0e39977660524c9b4605adf75b7c5d8e6f26299f4b0905ba6786383c5025ddf14f483fb7d10dd1468e863b0ac7eceaaca05cf18125f37aaee479ed655207b1da31ce1610a4df192661afa404a38c1e707693eecfc002ca55e93b49eb68d1e479aeeb09bd11fd9176bfb8fffcdb3fd304f3c491774014f7f79230a386ef5691cbdc690fefd7df2816d0db507a18321356518506b8baa86f15d90e21b565e9b76cb113656467dd9a25459f83a34c4907c574948177acdd7a900efdd1c99d8466406cab721f65967845116b6bd867a286705999e6534c7d9e8777d4237d0d8535fc9d9f63cc35f8934aab14ec0a4ee681e202d352941b7c7150cbfadf5a286f1b613b5d40f3305d1951d476fbbb41c270b9fa5c924250b02641e452469ab59a365314686eef35d644ca31c0006fcdceb08dea92f99a4fa11fb75952063426854ccab9f524b75d37d50dd488bae3a4b8dd56f195ddb17f10db5649934e93bbfd6a11364c6397e3d7591f8a1809c095d9d1f4d8ea9d78257bc40b69a4192eae5a6a5304e4ce056d53c31adbc918c2b9472856fa27d96ff7027b5611193769f10cef8428b20485b5add29311ee0c0ff9fb530d7bda9238d4cfa5c8ab5f630209b2b6590bacec28273cb45a5917eed96a54fa368a69a27c276f0d238c9aef43f61a3f03b76a786ce1136a600690125681f0c87a3556c7cfebf2fa09a6846c7ef38c827524732367c98fd65c7dc89f67063b41ad3bef1a63f5f980acafd019495052380671bd0eec2c013829e0c3e7e3aceb3ce11b063a0396568f21febe2c806840e0061c8c33cfad015301e108ed0cd5bdbb7738e2fa27c5379fea478a9671ba6277ec8f880b3e04ccab225bf68baa10198cda375febafa1e992c0a5c2545ae572cb203c18a26e86f6c25292a5aee11b98070baff566f3f9e701a894c82f6bc96b225a2410387d4f1029dd05b61ddaf60f7d66171682c5878002bcce5ada75e0dd7401f98497a33666466580aa5c3f42dcb6aa1d9d232c3c1f33468bfc9ede30fc20d6a09a59795b4f85defedd14077609709189bd2232145029446e2845773f385d7a8d9bba2fad851740a92927b8c8fa52f70aa5ebcf44431fe55a4f913ceb6d7cad59ae0e7ff96e3e92181aa981ecd6c2929f57105b69cb89affd0340f468e1e7da807fd270fc2aa03b35ebc97a67e922e3d96e204e4c1e511efcc162167cf11ff7d578d62b84de8874604246d8332b1b724922ca5cef2a0e8f75a1914144466ca142a64f2185e5b3c480a63122289600b6b236b2f210a5ae1ba599d9d4676763c000d4acc32bcef4d6314eacd423a7c113ef02c2b88d2b6672715449d9d86120b3b27bae669de09f8cd5d81b6f4fb1d14dec96fdbd1ffa71b00999d90a9aac30bb8eeba29080003a0f10a3bf572558521afe790a507cd7a596f736460614658d98448d42d8dfe7e43a327b383e729246d85420d38efe534dc39f0d2c306b7f545da3f6ce130cf89e78fd4828fc90e6a40717fc2a35ef0791cb2c075ea09b2bda7afc17c4f26ed42b90400f59c1e5305b1c30484fbd63f63347bfa269bd07ea5f4657fdd6e9de237bcfe79b286851bd9f5ae6f0dbcb24058b37457a8b962a6c318d2f570ff75e2753ee525c843d2c812788a77da9e5771506b283ac269a62099c1c42e60660f363a68f2392a5af9222df9ba3fbfb72fbcab83c60c7c067369b94519bfb40c684394ec269fcfe59f2653b58139e2a4f4f30a0454f2a3200e21ad20e658e0583b3e24d0455b77af4a3a2b8dfb0f4df9b7881a8ced8400e89c248b2772b36f75a61a5b4ab4c14113c1591cca5afc653ca58e1a4b3950cf0191ce7943f5decc30af545b8cd6dfb4d6e0d222971fac7230b32403f29759b2658f8b0bc44a17175868575e590a8410fd4a90bbd63381f49d84397189ab8858799fa42aae9b8ea77fd437b37dc71e75a31b759e16aec42cc1a2dfe08d51e79d814d6ce6bf908f56fd5396297a352eefb786dedffd1e53fb278c2e7d751f19351ec1e145ba80779eda50f18513b9d4c278d8385ec768b6235527e4482a35086a822a0b119b4137a268050843e187ea6a0f492520ddd7466582ff192c8c363fa3d43a05f067efe62bfb03403f421eb814c5b96e2d184441780162862fdf29d2f8ce15b0662b8b35db80a696d57da1c84143230845ba279edee8485c81826ff96eeea9d36447f205e2cf0abf86d798bb07b3fcaed3581d65aa9e20467f5c1674605e71b3eddb75d9c57a30b6c4f4fcd34f34cb04bcbbbbdabc2f25d2b0bdcc6ee47233a37a401f17bf729c027d24a15f0c4fa2c401aff098b797650903ed6ea9d18c6b10bb78560ba56d913cc77051e467569fa7ad582f5332b5fdccb2dc4aab18f96a44867fce8a932214ded7717614b55361d7a318cf05637519c435f10dd06092e77e3cb4473624c1375fa136a3e79eefadf400c00a4ef454b86dbbb83930a3dca60c4e03c35835db65744801b20e8376ac5c7e8adfca84837c53ab577cd121baf6432ff136a4a787479cff1218543df1e043ba106b4afcfb3d422a9b8a2dcec4bcdc5d6f79ebab473bdd38a8122fef0e14fd98e581d4aad7c204b3ebda3beb15e5a9dfc9a0fdbdd5cc4526b4b79e13ba889d31d8dac3c38d025b43a278fdcbeb69463c2f7f1b406239812d758f1d82b5db506dd54c84545500a64da68570509e1e1c18078ebcd956ebb095eabd1370c25e9da7db14c83c5881953f5eca1449e6e1ab7be76f46bb9b0d4c25bd605ba8539a261ac9f1b328275b96587309de8e44f79c863e97768537bccd320d0f83838c188594db887407d7a117ecf32e3178dc4c94a3915f514c47fad1e7e0e728e82abb86095c57ce7fc1f9d2e9672af71d5567e2170ef27ea4e584f167552c4f5a09f3451a98b769f9df6b9fc7242a82e6580d01eefb580db301f37133b285f42d07e9ddba24a5df6eaa5058697ee7b6042904055588cbbddfae27f156c2a3ef01947402b2140b290f106bfc245097b05c397aeec8cd1eb6446a13d7c8e57aca40eee3af0063ce4e0398becb038d6efdfc2c993fa86fdb2f536f04978dd6618d345d4cf164256d294b09ad6b1cbc5f2d61f2864c691da4ea427d1f568a2c22194904fb9e6727c22b65d17dce09e22c54ddec07147639d1a135b429d8bb09d2162e2119094c86d75f0dea40c0aaa0a6e10fee9cd3fdfae72dd1990468983ed785981873f9ecd2e482073a14bdbe329bf022526f31f5c7e6eaf09490d1546f7bd04a8f3d0b0ad61455f3bea9caf275259ce23178200951cedc2b313f0cd66b1bb962844c0dc1e93a4c626b6fbf397ce329c0d31437d18d7cebbac42ea85a2b7d7b3ca0758280354350415c01c358d3a3c599f7e7a3f3f8c8b2a056bd6b0e4ca4c5a24c8d250f34180ba171bc4e635303398efdcb410e8a4f79953f75f76315bd5dfc012a22152a3486071573c87358125c931a071cbb15232b0f174ed41fd44a72e7fa9fc81543e1786744c853090329edf4a25b27cdd633128d9f62ab33990fbf0aa93c64e9b2be3606466a678f307a32b43c4d2110cb33a0b5f9aad6bb67b427a36e7c44af02c32386532e33c76243216c79b3ffd15c19902d14863a7b1e8e4453bc8889fbf78b1f025c2af9545e3dfa25421bc349924c999da07bebc801f8b928fab71d0b81c5c6a3dc591c0ff4ac9495bf28ef9f214a86946d4d57a01095db547c592d84395bfcadb4a7180f85129ac0a4929c8182b3e835d65d792885230dcf8d4cf23cab52b2921be6848f38cf8b2daf4e6c205741cb1da4f2eff0e947204168db8565b469be23e597ef665adbb17700167fbae0d814342f16ca9b173713e1171cc930c63e324b7b037324a78496bc52e9588533fa25e28b1c913873cd6adce8416b9b9c1446ab4c5a6638a2870bdb93d8d4c4b4e201951addf84de0cdbe8ff12da1468df48eaa6364c7930a95261a39aae55253fd05a095b9b86fe97b9c3668181b1793877f71aad2802ca7636c205ac10eb3dda8b0d33c24e60326645c1b3e4b584a20f15a83de71268c7ee2f8a7c5cea517f2bf976fb834e14ae77a34ad19a905b283a341b0b91b0b8a4c10c83dc3be5ee57b144c914e860b777b656d1a0dbfad6295e8a7a6df914fee5e22054f47bd4643fb778df3c118b"}) 11:13:09 executing program 3: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f00000000c0)='./file1\x00', 0x7aca, 0x1, &(0x7f00000002c0)=[{&(0x7f0000000180)="040005090000000066617400040409000200027400f801", 0x17}], 0x0, &(0x7f0000000080)=ANY=[]) r0 = open(&(0x7f00000000c0)='./file0\x00', 0x40c2, 0x0) write(r0, &(0x7f0000001400)="bb", 0x1001) r1 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r1, &(0x7f0000000300)=ANY=[], 0x116) sendfile(r1, r1, &(0x7f0000000240), 0x7fff) creat(&(0x7f0000000100)='./file1\x00', 0x1a2) sendfile(r1, r0, &(0x7f0000000080), 0x684aa014) write$binfmt_script(r0, 0x0, 0x60) ioctl$FS_IOC_GETFSMAP(0xffffffffffffffff, 0xc0c0583b, &(0x7f0000000300)=ANY=[@ANYBLOB="000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000300000001000000ff00000000000000d71f1e0500000000080000000000000039000000000000000000000000000000000000000000000000000000000000009e0f0000c70000000800000000000000000000000000000000000000000000000200"/320]) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() wait4(0x0, 0x0, 0x4000000a, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000002c0)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r2, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0, 0x34}, {&(0x7f0000000000)=""/3, 0x3}], 0x3, 0x0, 0x0, 0x0) tkill(r2, 0x3c) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x48, &(0x7f0000000300)="f43970da7cfeb6d42fd55103666c5762306aa6000000006e59b65f92b10000c571b846e84785185abde7d01894a79025a799ce07a8bdf0c91d32be313b558a8b5a3ae6a22cd7123b"}}], 0x1c) 11:13:09 executing program 5: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f00000000c0)='./file1\x00', 0x7aca, 0x1, &(0x7f00000002c0)=[{&(0x7f0000000180)="040005090000000066617400040409000200027400f801", 0x17}], 0x0, &(0x7f0000000080)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') r0 = open(&(0x7f00000000c0)='./file0\x00', 0x40c2, 0x0) r1 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r1, &(0x7f0000000300)=ANY=[], 0x116) sendfile(r1, r1, &(0x7f0000000240), 0x7fff) creat(&(0x7f0000000100)='./file1\x00', 0x1a2) sendfile(r1, r0, &(0x7f0000000080), 0x684aa014) write$binfmt_script(r0, 0x0, 0x60) ioctl$FS_IOC_GETFSMAP(0xffffffffffffffff, 0xc0c0583b, &(0x7f0000000300)=ANY=[@ANYBLOB="000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000300000001000000ff00000000000000d71f1e0500000000080000000000000039000000000000000000000000000000000000000000000000000000000000009e0f0000c70000000800000000000000000000000000000000000000000000000200"/320]) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) gettid() wait4(0x0, 0x0, 0x4000000a, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000002c0)="0f34", 0x2}], 0x1, 0x0) 11:13:09 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000240)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000040)=0x8) creat(&(0x7f0000000380)='./bus\x00', 0x0) open(&(0x7f00000000c0)='./bus\x00', 0x14d842, 0x0) r2 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r2, &(0x7f0000000300)=ANY=[], 0x116) sendfile(r2, r2, &(0x7f0000000240), 0x7fff) r3 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) sendfile(r3, r3, &(0x7f0000000240), 0x7fff) [ 319.025034][T26950] loop0: detected capacity change from 0 to 61 [ 319.038295][T26955] FAULT_INJECTION: forcing a failure. [ 319.038295][T26955] name failslab, interval 1, probability 0, space 0, times 0 [ 319.049248][T26957] loop4: detected capacity change from 0 to 262160 [ 319.051133][T26955] CPU: 0 PID: 26955 Comm: syz-executor.2 Not tainted 5.15.0-rc1-syzkaller #0 [ 319.066341][T26955] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 319.076490][T26955] Call Trace: [ 319.079769][T26955] dump_stack_lvl+0xd6/0x122 [ 319.084370][T26955] dump_stack+0x11/0x1b [ 319.088539][T26955] should_fail+0x23c/0x250 [ 319.093017][T26955] ? mempool_alloc_slab+0x16/0x20 [ 319.098102][T26955] __should_failslab+0x81/0x90 [ 319.102883][T26955] should_failslab+0x5/0x20 [ 319.107468][T26955] kmem_cache_alloc+0x4f/0x300 [ 319.112365][T26955] mempool_alloc_slab+0x16/0x20 [ 319.117219][T26955] ? mempool_free+0x130/0x130 [ 319.121908][T26955] mempool_alloc+0x9d/0x310 [ 319.126457][T26955] ? crypto_shash_update+0x13c/0x1a0 [ 319.131752][T26955] ? pagecache_get_page+0x7aa/0x910 [ 319.136985][T26955] sg_pool_alloc+0x74/0x90 [ 319.141423][T26955] __sg_alloc_table+0xce/0x290 [ 319.146298][T26955] sg_alloc_table_chained+0xaf/0x140 [ 319.151604][T26955] ? sg_alloc_table_chained+0x140/0x140 [ 319.157227][T26955] scsi_alloc_sgtables+0x184/0x510 [ 319.162466][T26955] sd_init_command+0x952/0x1610 [ 319.167447][T26955] scsi_queue_rq+0x10cd/0x15a0 [ 319.172279][T26955] blk_mq_dispatch_rq_list+0x63b/0x1080 [ 319.177893][T26955] blk_mq_do_dispatch_sched+0x3b5/0x640 [ 319.183478][T26955] __blk_mq_sched_dispatch_requests+0x1eb/0x290 [ 319.189901][T26955] ? rb_insert_color+0x2fa/0x310 [ 319.194913][T26955] blk_mq_sched_dispatch_requests+0x9f/0x110 [ 319.200977][T26955] __blk_mq_run_hw_queue+0xbc/0x140 [ 319.206192][T26955] __blk_mq_delay_run_hw_queue+0x163/0x2f0 [ 319.212013][T26955] blk_mq_run_hw_queue+0x22c/0x250 [ 319.217145][T26955] blk_mq_sched_insert_requests+0x12b/0x1f0 [ 319.223058][T26955] blk_mq_flush_plug_list+0x302/0x3d0 [ 319.228532][T26955] blk_flush_plug_list+0x235/0x260 [ 319.233761][T26955] blk_finish_plug+0x44/0x60 [ 319.238453][T26955] __iomap_dio_rw+0xca7/0x1010 [ 319.243240][T26955] iomap_dio_rw+0x30/0x70 [ 319.247591][T26955] ? ext4_file_write_iter+0x4a1/0x11f0 [ 319.253060][T26955] ext4_file_write_iter+0xabe/0x11f0 [ 319.258370][T26955] ? ext4_file_write_iter+0x4a1/0x11f0 [ 319.263861][T26955] do_iter_readv_writev+0x2de/0x380 [ 319.269073][T26955] do_iter_write+0x192/0x5c0 [ 319.273667][T26955] ? splice_from_pipe_next+0x34f/0x3b0 [ 319.279125][T26955] ? kmalloc_array+0x2d/0x40 [ 319.283723][T26955] vfs_iter_write+0x4c/0x70 [ 319.288379][T26955] iter_file_splice_write+0x43a/0x790 [ 319.293770][T26955] ? splice_from_pipe+0xd0/0xd0 [ 319.298657][T26955] direct_splice_actor+0x80/0xa0 [ 319.303583][T26955] splice_direct_to_actor+0x345/0x650 [ 319.308955][T26955] ? do_splice_direct+0x190/0x190 [ 319.314057][T26955] do_splice_direct+0x106/0x190 [ 319.318896][T26955] do_sendfile+0x63e/0xbb0 [ 319.323312][T26955] __x64_sys_sendfile64+0x102/0x140 [ 319.328596][T26955] do_syscall_64+0x44/0xa0 [ 319.333014][T26955] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 319.338941][T26955] RIP: 0033:0x7fca7d004739 [ 319.343641][T26955] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 319.363545][T26955] RSP: 002b:00007fca7ad7c188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 319.372033][T26955] RAX: ffffffffffffffda RBX: 00007fca7d108f80 RCX: 00007fca7d004739 [ 319.379993][T26955] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000003 [ 319.387964][T26955] RBP: 00007fca7ad7c1d0 R08: 0000000000000000 R09: 0000000000000000 [ 319.395923][T26955] R10: 0000000401ffc000 R11: 0000000000000246 R12: 0000000000000002 [ 319.404530][T26955] R13: 00007ffff87c0eff R14: 00007fca7ad7c300 R15: 0000000000022000 11:13:09 executing program 5: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f00000000c0)='./file1\x00', 0x7aca, 0x1, &(0x7f00000002c0)=[{&(0x7f0000000180)="040005090000000066617400040409000200027400f801", 0x17}], 0x0, &(0x7f0000000080)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') r0 = open(&(0x7f00000000c0)='./file0\x00', 0x40c2, 0x0) r1 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r1, &(0x7f0000000300)=ANY=[], 0x116) sendfile(r1, r1, &(0x7f0000000240), 0x7fff) creat(&(0x7f0000000100)='./file1\x00', 0x1a2) sendfile(r1, r0, &(0x7f0000000080), 0x684aa014) write$binfmt_script(r0, 0x0, 0x60) ioctl$FS_IOC_GETFSMAP(0xffffffffffffffff, 0xc0c0583b, &(0x7f0000000300)=ANY=[@ANYBLOB="000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000300000001000000ff00000000000000d71f1e0500000000080000000000000039000000000000000000000000000000000000000000000000000000000000009e0f0000c70000000800000000000000000000000000000000000000000000000200"/320]) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) gettid() wait4(0x0, 0x0, 0x4000000a, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000002c0)="0f34", 0x2}], 0x1, 0x0) 11:13:09 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000240)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) creat(&(0x7f0000000080)='./bus\x00', 0x0) syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0) ioctl$SG_IO(r1, 0x2285, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8914, 0x0) r2 = open(&(0x7f00000001c0)='./file0\x00', 0x4e141, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r2, r3, 0x0, 0x401ffc000) 11:13:09 executing program 0: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f00000000c0)='./file1\x00', 0x7aca, 0x1, &(0x7f00000002c0)=[{&(0x7f0000000080)="040005090000000066617400040409000200027400f801", 0x17, 0x2}], 0x0, &(0x7f0000000100)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') r0 = open(&(0x7f00000000c0)='./file0\x00', 0x40c2, 0x0) write(r0, &(0x7f0000001400)="bb8f9f640903127a53527c6fbfe65d43b0e0586f2d40c7e7df58cac83420e83662d6e39bb6d5430622431454eedeeaee423d8f210bc3525fa7927c18d5fbc91ab13c2041136047d8da9375934d00f325499bfe77", 0x54) write$P9_RSTAT(r0, &(0x7f0000000240)={0x54, 0x7d, 0x0, {0x0, 0x4d, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0, 0x0, '', 0x6, 'msdos\x00', 0xa, '/dev/vcsu\x00', 0xa, '\\j}/*/|,\x13('}}, 0x54) [ 319.441880][T26950] attempt to access beyond end of device [ 319.441880][T26950] loop0: rw=2049, want=64, limit=61 11:13:09 executing program 2 (fault-call:5 fault-nth:12): getpid() syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = open(&(0x7f00000001c0)='./file0\x00', 0x4e141, 0x0) r1 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x401ffc000) 11:13:09 executing program 0: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f00000000c0)='./file1\x00', 0x7aca, 0x1, &(0x7f00000002c0)=[{&(0x7f0000000180)="040005090000000066617400040409000200027400f801", 0x17}], 0x0, &(0x7f0000000100)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') r0 = open(&(0x7f0000000080)='./file1\x00', 0x40c2, 0x20) write(r0, &(0x7f0000001400)="bb8f9f640903127a53527c6fbfe65d43b0e0586f2d40c7e7df58cac83420e83662d6e39bb6d5430622431454eedeeaee423d8f210bc3525fa7927c18d5fbc91ab13c2041136047d8da9375934d00f325499bfe77", 0x54) write$P9_RSTAT(r0, &(0x7f0000000300)={0x11e, 0x7d, 0x1, {0x0, 0x117, 0x0, 0x0, {0x2, 0x0, 0x4}, 0x0, 0x0, 0x0, 0x6, 0x36, '', 0x6, 'msdos\x00', 0xd4, '/dev/vcsu\x00\x8b\xb1\v\x1f\x98\x8d\xe8\x90\x8da\x1c\xfc\x97\xd3m4\x98~\x89\xc9\xd3\xfa\xbay\xec\x98\xfeD\xbb\xd4\xc5\x8a\x82\x95\xfe^\xb0Z\x98b\x13<\xd7\xbe_\b1\xcf\\_\xdf\xf0\x94\xae\x92p\x8d4\x14\x05\x03\xd6\f\x89q\xdd\x8bf\x9a\x8f9_\x93wI\xbd\xd8\xd7\xd1\n\x9f\x1b\x03\x94<\xc5D\xa6\x8f\x8b+\xb9\x9dw\x03\xe8\x18K\x95\x15\xaaaQ\xedDaa\x93\xc5g\xccU\xcc\xfa\xab\x17 :\xefs\xda;Bg\xd5\x92\x88\x85\x86\xf6\xc17\xdc\x1auB\xebR\xc8\xe4\tifr@\xe7\xdb}\xb1c_\xa9\xdf\xbf\xc49\xe0\x8ek\xe5\x10\x98\xa6\x1c\xc2=\x05do8b\xa1\x88\aGLd\xda\xa4f\b\xa2j\x8c\xc4~\xa6\x9bVX\xaa\xf2\\\x0f\x94\x01\x00\xf7e\x82,\xb6', 0xa, '\\j}/*/|,\x13('}}, 0x11e) [ 319.574586][T26992] loop0: detected capacity change from 0 to 61 [ 319.584384][T26992] FAT-fs (loop0): invalid media value (0x74) [ 319.590491][T26992] FAT-fs (loop0): Can't find a valid FAT filesystem [ 319.601924][T26994] loop4: detected capacity change from 0 to 262160 [ 319.619508][T26997] FAULT_INJECTION: forcing a failure. [ 319.619508][T26997] name failslab, interval 1, probability 0, space 0, times 0 [ 319.632253][T26997] CPU: 1 PID: 26997 Comm: syz-executor.2 Not tainted 5.15.0-rc1-syzkaller #0 [ 319.641220][T26997] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 319.651406][T26997] Call Trace: [ 319.654683][T26997] dump_stack_lvl+0xd6/0x122 [ 319.659438][T26997] dump_stack+0x11/0x1b [ 319.663642][T26997] should_fail+0x23c/0x250 [ 319.668054][T26997] ? kmalloc_array+0x2d/0x40 [ 319.672630][T26997] __should_failslab+0x81/0x90 [ 319.677438][T26997] should_failslab+0x5/0x20 [ 319.681955][T26997] __kmalloc+0x6f/0x350 [ 319.686151][T26997] kmalloc_array+0x2d/0x40 [ 319.690573][T26997] iter_file_splice_write+0xd5/0x790 [ 319.695945][T26997] ? atime_needs_update+0x2ba/0x390 [ 319.701143][T26997] ? touch_atime+0xe0/0x250 [ 319.705715][T26997] ? generic_file_splice_read+0x2ac/0x340 [ 319.711436][T26997] ? splice_from_pipe+0xd0/0xd0 [ 319.716323][T26997] direct_splice_actor+0x80/0xa0 [ 319.721273][T26997] splice_direct_to_actor+0x345/0x650 [ 319.726860][T26997] ? do_splice_direct+0x190/0x190 [ 319.731870][T26997] do_splice_direct+0x106/0x190 [ 319.736884][T26997] do_sendfile+0x63e/0xbb0 [ 319.741412][T26997] __x64_sys_sendfile64+0x102/0x140 [ 319.746598][T26997] do_syscall_64+0x44/0xa0 [ 319.751005][T26997] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 319.756892][T26997] RIP: 0033:0x7fca7d004739 [ 319.761305][T26997] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 319.782207][T26997] RSP: 002b:00007fca7ad7c188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 319.790623][T26997] RAX: ffffffffffffffda RBX: 00007fca7d108f80 RCX: 00007fca7d004739 [ 319.798585][T26997] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000003 [ 319.806568][T26997] RBP: 00007fca7ad7c1d0 R08: 0000000000000000 R09: 0000000000000000 [ 319.814680][T26997] R10: 0000000401ffc000 R11: 0000000000000246 R12: 0000000000000002 11:13:10 executing program 2 (fault-call:5 fault-nth:13): getpid() syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = open(&(0x7f00000001c0)='./file0\x00', 0x4e141, 0x0) r1 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x401ffc000) [ 319.822728][T26997] R13: 00007ffff87c0eff R14: 00007fca7ad7c300 R15: 0000000000022000 11:13:10 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000240)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000040)=0x8) creat(&(0x7f0000000380)='./bus\x00', 0x0) open(&(0x7f00000000c0)='./bus\x00', 0x14d842, 0x0) r2 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r2, &(0x7f0000000300)=ANY=[], 0x116) sendfile(r2, r2, &(0x7f0000000240), 0x7fff) r3 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) sendfile(r3, r3, &(0x7f0000000240), 0x7fff) [ 319.862698][T27005] loop0: detected capacity change from 0 to 61 [ 319.896717][T27005] attempt to access beyond end of device [ 319.896717][T27005] loop0: rw=2049, want=64, limit=61 [ 319.901204][T27011] FAULT_INJECTION: forcing a failure. [ 319.901204][T27011] name failslab, interval 1, probability 0, space 0, times 0 [ 319.920080][T27011] CPU: 1 PID: 27011 Comm: syz-executor.2 Not tainted 5.15.0-rc1-syzkaller #0 [ 319.928853][T27011] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 319.938992][T27011] Call Trace: [ 319.942357][T27011] dump_stack_lvl+0xd6/0x122 [ 319.946961][T27011] dump_stack+0x11/0x1b [ 319.951131][T27011] should_fail+0x23c/0x250 [ 319.955557][T27011] __should_failslab+0x81/0x90 11:13:10 executing program 0: recvmmsg$unix(0xffffffffffffffff, &(0x7f0000008500)=[{{0x0, 0x0, &(0x7f0000006e80)=[{&(0x7f0000005a00)=""/243, 0xf3}, {&(0x7f0000005800)=""/2, 0x2}, {&(0x7f0000005b00)=""/201, 0xc9}, {&(0x7f0000005c00)=""/4096, 0x1000}, {&(0x7f0000006c00)=""/78, 0x4e}, {&(0x7f0000006c80)=""/19, 0x13}, {&(0x7f0000006cc0)=""/244, 0xf4}, {&(0x7f0000006dc0)=""/174, 0xae}], 0x8, &(0x7f0000006f00)=[@cred={{0x1c}}, @cred={{0x1c}}, @cred={{0x1c}}, @cred={{0x1c}}, @rights={{0x1c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}], 0xa0}}, {{0x0, 0x0, &(0x7f0000007200)=[{&(0x7f0000006fc0)=""/200, 0xc8}, {&(0x7f00000070c0)=""/69, 0x45}, {&(0x7f0000007140)=""/187, 0xbb}], 0x3}}, {{&(0x7f0000007240), 0x6e, &(0x7f0000007780)=[{&(0x7f00000072c0)=""/145, 0x91}, {&(0x7f0000007380)=""/191, 0xbf}, {&(0x7f0000007440)=""/240, 0xf0}, {&(0x7f0000007540)=""/57, 0x39}, {&(0x7f0000007580)=""/193, 0xc1}, {&(0x7f0000007680)=""/208, 0xd0}], 0x6, &(0x7f0000007800)=[@cred={{0x1c}}], 0x20}}, {{&(0x7f0000007840), 0x6e, &(0x7f0000007c80)=[{&(0x7f00000078c0)=""/236, 0xec}, {&(0x7f00000079c0)=""/109, 0x6d}, {&(0x7f0000007a40)=""/196, 0xc4}, {&(0x7f0000007b40)=""/69, 0x45}, {&(0x7f0000007bc0)=""/7, 0x7}, {&(0x7f0000007c00)=""/65, 0x41}], 0x6, &(0x7f0000007d00)=[@rights={{0x10}}, @cred={{0x1c}}, @cred={{0x1c}}, @cred={{0x1c}}, @cred={{0x1c}}, @rights={{0x38, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @cred={{0x1c}}, @cred={{0x1c}}], 0x128}}, {{&(0x7f0000007e40), 0x6e, &(0x7f0000008140)=[{&(0x7f0000007ec0)=""/212, 0xd4}, {&(0x7f0000007fc0)=""/255, 0xff}, {&(0x7f00000080c0)=""/97, 0x61}], 0x3, &(0x7f0000008180)=[@rights={{0x30, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @cred={{0x1c}}, @cred={{0x1c}}, @cred={{0x1c}}], 0xb0}}, {{0x0, 0x0, &(0x7f0000008340)=[{&(0x7f0000008240)=""/126, 0x7e}, {&(0x7f00000082c0)=""/66, 0x42}], 0x2}}, {{&(0x7f0000008380), 0x6e, &(0x7f0000008440)=[{&(0x7f0000008400)=""/60, 0x3c}], 0x1, &(0x7f0000008480)=[@cred={{0x1c}}, @cred={{0x1c}}, @rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}, @cred={{0x1c}}], 0x78}}], 0x7, 0x40, &(0x7f00000086c0)) sendmsg$IPSET_CMD_PROTOCOL(r0, &(0x7f00000087c0)={&(0x7f0000008700)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000008780)={&(0x7f0000008740)={0x34, 0x1, 0x6, 0x401, 0x0, 0x0, {0x0, 0x0, 0xa}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x34}, 0x1, 0x0, 0x0, 0x40010}, 0x20000090) syz_mount_image$msdos(&(0x7f0000000040), &(0x7f00000000c0)='./file1\x00', 0x7aca, 0x1, &(0x7f00000002c0)=[{&(0x7f0000000180)="040005090000000066617400040409000200027400f801", 0x17}], 0x0, &(0x7f0000000100)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') r3 = open(&(0x7f00000000c0)='./file0\x00', 0x40c2, 0x0) recvmmsg(r3, &(0x7f00000088c0)=[{{0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000300)=""/174, 0xae}, {&(0x7f0000000100)=""/90, 0x5a}, {&(0x7f00000003c0)=""/230, 0xe6}, {&(0x7f0000000080)=""/9, 0x9}], 0x4, &(0x7f00000004c0)=""/147, 0x93}, 0x7fffffff}, {{&(0x7f0000000580)=@in6={0xa, 0x0, 0x0, @empty}, 0x80, &(0x7f0000000200)=[{&(0x7f0000000600)=""/132, 0x84}, {&(0x7f00000006c0)=""/121, 0x79}], 0x2, &(0x7f0000000740)=""/14, 0xe}, 0x9}, {{&(0x7f0000000780)=@generic, 0x80, &(0x7f0000000c80)=[{&(0x7f0000000800)=""/5, 0x5}, {&(0x7f0000000840)=""/73, 0x49}, {&(0x7f00000008c0)=""/234, 0xea}, {&(0x7f0000001480)=""/4096, 0x1000}, {&(0x7f00000009c0)=""/68, 0x44}, {&(0x7f0000000a40)=""/160, 0xa0}, {&(0x7f0000000b00)=""/67, 0x43}, {&(0x7f0000000b80)=""/237, 0xed}], 0x8, &(0x7f0000002480)=""/4096, 0x1000}, 0xffffffa7}, {{&(0x7f0000000d00)=@qipcrtr, 0x80, &(0x7f0000001000)=[{&(0x7f0000004480)=""/180, 0xb4}, {&(0x7f0000000e40)=""/3, 0x3}, {&(0x7f0000000e80)=""/30, 0x1e}, {&(0x7f0000000ec0)=""/70, 0x46}, {&(0x7f0000000f40)=""/57, 0x39}, {&(0x7f0000000f80)=""/82, 0x52}], 0x6}, 0xffffffff}, {{&(0x7f0000001080)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10}, 0x80, &(0x7f0000001380)=[{&(0x7f0000001100)=""/143, 0x8f}, {&(0x7f00000011c0)=""/113, 0x71}, {&(0x7f0000003480)=""/4091, 0xffb}, {&(0x7f0000001240)=""/150, 0x96}, {&(0x7f0000001300)=""/77, 0x4d}, {&(0x7f0000008800)=""/186, 0xba}, {&(0x7f0000004540)=""/190, 0xbe}], 0x7, &(0x7f0000004600)=""/244, 0xf4}, 0x5}, {{0x0, 0x0, &(0x7f00000057c0)=[{&(0x7f0000004700)=""/140, 0x8c}, {&(0x7f00000047c0)=""/4096, 0x1000}], 0x2, &(0x7f0000005800)}, 0x4}], 0x6, 0x102, &(0x7f00000059c0)={0x77359400}) r4 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r4, &(0x7f0000000300)=ANY=[], 0x116) sendfile(r4, r4, &(0x7f0000000240), 0x7fff) ioctl$BTRFS_IOC_WAIT_SYNC(r1, 0x40089416, &(0x7f0000008e80)) recvmmsg$unix(r2, &(0x7f000000f240)=[{{0x0, 0x0, &(0x7f0000005840)=[{&(0x7f0000000dc0)=""/79, 0x4f}], 0x1, &(0x7f0000005880)=[@rights={{0x1c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}], 0x20}}, {{&(0x7f00000058c0), 0x6e, &(0x7f0000005980)=[{&(0x7f0000005940)=""/57, 0x39}, {&(0x7f0000008a40)=""/186, 0xba}, {&(0x7f0000008b00)=""/251, 0xfb}], 0x3}}, {{&(0x7f0000008c00)=@abs, 0x6e, &(0x7f00000091c0)=[{&(0x7f0000008c80)=""/138, 0x8a}, {&(0x7f0000008d40)=""/33, 0x21}, {&(0x7f0000008d80)=""/200, 0xc8}, {&(0x7f0000008e80)}, {&(0x7f0000008ec0)=""/131, 0x83}, {&(0x7f0000008f80)=""/81, 0x51}, {&(0x7f0000009000)=""/10, 0xa}, {&(0x7f0000009040)=""/86, 0x56}, {&(0x7f00000090c0)=""/36, 0x24}, {&(0x7f0000009100)=""/133, 0x85}], 0xa, &(0x7f0000009280)=[@rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}, @cred={{0x1c}}, @cred={{0x1c}}, @rights={{0x34, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @cred={{0x1c}}], 0xd0}}, {{&(0x7f0000009380)=@abs, 0x6e, &(0x7f00000095c0)=[{&(0x7f0000009400)=""/234, 0xea}, {&(0x7f0000009500)=""/150, 0x96}], 0x2, &(0x7f0000009600)=ANY=[@ANYBLOB="18000000000000000100000001000000", @ANYRES32, @ANYRES32, @ANYBLOB="24000000000000000100000001000000", @ANYRES32, @ANYRES32, @ANYRES32, @ANYRES32, @ANYRES32, @ANYBLOB="0000000028000000000000000100000001000000", @ANYRES32, @ANYRES32, @ANYRES32, @ANYRES32, @ANYRES32, @ANYRES32, @ANYBLOB="1c000000000000000100000001000000", @ANYRES32, @ANYRES32, @ANYRES32, @ANYBLOB="000000001c000000000000000100000002000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="000000001c000000000000000100000002000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="000000001c000000000000000100000002000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="000000001c000000000000000100000002000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="0000000014000000000000000100000001000000", @ANYRES32, @ANYBLOB="000000f6"], 0x120}}, {{&(0x7f0000009740)=@abs, 0x6e, &(0x7f0000009a00)=[{&(0x7f00000097c0)=""/62, 0x3e}, {&(0x7f0000009800)=""/252, 0xfc}, {&(0x7f0000009900)=""/225, 0xe1}], 0x3}}, {{0x0, 0x0, &(0x7f000000a0c0)=[{&(0x7f0000009a40)=""/47, 0x2f}, {&(0x7f0000009a80)=""/247, 0xf7}, {&(0x7f0000009b80)=""/70, 0x46}, {&(0x7f0000009c00)=""/215, 0xd7}, {&(0x7f0000009d00)=""/68, 0x44}, {&(0x7f0000009d80)=""/57, 0x39}, {&(0x7f0000009dc0)=""/133, 0x85}, {&(0x7f0000009e80)=""/171, 0xab}, {&(0x7f0000009f40)=""/132, 0x84}, {&(0x7f000000a000)=""/134, 0x86}], 0xa}}, {{&(0x7f000000a180)=@abs, 0x6e, &(0x7f000000d700)=[{&(0x7f000000a200)=""/4096, 0x1000}, {&(0x7f000000b200)=""/251, 0xfb}, {&(0x7f000000b300)=""/239, 0xef}, {&(0x7f000000b400)=""/4096, 0x1000}, {&(0x7f000000c400)=""/47, 0x2f}, {&(0x7f000000c440)=""/208, 0xd0}, {&(0x7f000000c540)=""/4096, 0x1000}, {&(0x7f000000d540)=""/206, 0xce}, {&(0x7f000000d640)}, {&(0x7f000000d680)=""/84, 0x54}], 0xa, &(0x7f000000d7c0)=[@rights={{0x38, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}, @cred={{0x1c}}, @rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @rights={{0x2c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x38, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}, @cred={{0x1c}}], 0x168}}, {{&(0x7f000000d940), 0x6e, &(0x7f000000ddc0)=[{&(0x7f000000d9c0)=""/200, 0xc8}, {&(0x7f000000dac0)=""/59, 0x3b}, {&(0x7f000000db00)=""/3, 0x3}, {&(0x7f000000db40)=""/123, 0x7b}, {&(0x7f000000dbc0)=""/122, 0x7a}, {&(0x7f000000dc40)=""/145, 0x91}, {&(0x7f000000dd00)=""/137, 0x89}], 0x7, &(0x7f000000de40)=[@cred={{0x1c}}, @rights={{0x2c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @cred={{0x1c}}, @cred={{0x1c}}, @cred={{0x1c}}, @cred={{0x1c}}, @cred={{0x1c}}, @cred={{0x1c, 0x1, 0x2, {0x0}}}], 0x130}}, {{0x0, 0x0, &(0x7f000000f1c0)=[{&(0x7f000000df80)=""/153, 0x99}, {&(0x7f000000e040)=""/129, 0x81}, {&(0x7f000000e100)=""/29, 0x1d}, {&(0x7f000000e140)=""/4096, 0x1000}, {&(0x7f000000f140)=""/85, 0x55}], 0x5}}], 0x9, 0x0, 0x0) sched_setattr(r5, &(0x7f000000f480)={0x38, 0x3, 0x10000043, 0x7, 0x343, 0xffffffffffffff32, 0x1, 0xc6, 0xff, 0x4}, 0x0) mknodat(r4, &(0x7f0000000d80)='./file1\x00', 0x2, 0x1) write(r3, &(0x7f0000001400)="bb8f9f640903127a53527c6fbfe65d43b0e0586f2d40c7e7df58cac83420e83662d6e39bb6d5430622431454eedeeaee423d8f210bc3525fa7927c18d5fbc91ab13c2041136047d8da9375934d00f325499bfe77", 0x54) write$P9_RSTAT(r3, &(0x7f0000000240)={0x54, 0x7d, 0x0, {0x0, 0x4d, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0, 0x0, '', 0x6, 'msdos\x00', 0xa, '/dev/vcsu\x00', 0xa, '\\j}/*/|,\x13('}}, 0x54) [ 319.960329][T27011] ? __iomap_dio_rw+0x139/0x1010 [ 319.965406][T27011] should_failslab+0x5/0x20 [ 319.969986][T27011] kmem_cache_alloc_trace+0x52/0x320 [ 319.975287][T27011] ? __getblk_gfp+0x3f/0x590 [ 319.979890][T27011] __iomap_dio_rw+0x139/0x1010 [ 319.984667][T27011] ? __brelse+0x2c/0x50 [ 319.988827][T27011] ? ext4_mark_iloc_dirty+0x161a/0x1700 [ 319.994374][T27011] iomap_dio_rw+0x30/0x70 [ 319.998713][T27011] ? ext4_file_write_iter+0x4a1/0x11f0 [ 320.004265][T27011] ext4_file_write_iter+0xabe/0x11f0 [ 320.009694][T27011] ? ext4_file_write_iter+0x4a1/0x11f0 [ 320.015182][T27011] do_iter_readv_writev+0x2de/0x380 [ 320.020506][T27011] do_iter_write+0x192/0x5c0 [ 320.025088][T27011] ? splice_from_pipe_next+0x34f/0x3b0 [ 320.030767][T27011] ? kmalloc_array+0x2d/0x40 [ 320.036084][T27011] vfs_iter_write+0x4c/0x70 [ 320.040614][T27011] iter_file_splice_write+0x43a/0x790 [ 320.045986][T27011] ? splice_from_pipe+0xd0/0xd0 [ 320.050996][T27011] direct_splice_actor+0x80/0xa0 [ 320.056099][T27011] splice_direct_to_actor+0x345/0x650 [ 320.061464][T27011] ? do_splice_direct+0x190/0x190 [ 320.066541][T27011] do_splice_direct+0x106/0x190 [ 320.071457][T27011] do_sendfile+0x63e/0xbb0 [ 320.075854][T27011] __x64_sys_sendfile64+0x102/0x140 [ 320.081322][T27011] do_syscall_64+0x44/0xa0 [ 320.085723][T27011] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 320.091630][T27011] RIP: 0033:0x7fca7d004739 [ 320.096038][T27011] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 320.115656][T27011] RSP: 002b:00007fca7ad7c188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 320.124105][T27011] RAX: ffffffffffffffda RBX: 00007fca7d108f80 RCX: 00007fca7d004739 [ 320.132142][T27011] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000003 [ 320.140129][T27011] RBP: 00007fca7ad7c1d0 R08: 0000000000000000 R09: 0000000000000000 [ 320.148195][T27011] R10: 0000000401ffc000 R11: 0000000000000246 R12: 0000000000000002 11:13:10 executing program 2 (fault-call:5 fault-nth:14): getpid() syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = open(&(0x7f00000001c0)='./file0\x00', 0x4e141, 0x0) r1 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x401ffc000) [ 320.156528][T27011] R13: 00007ffff87c0eff R14: 00007fca7ad7c300 R15: 0000000000022000 [ 320.200350][T27021] FAULT_INJECTION: forcing a failure. [ 320.200350][T27021] name failslab, interval 1, probability 0, space 0, times 0 [ 320.212994][T27021] CPU: 1 PID: 27021 Comm: syz-executor.2 Not tainted 5.15.0-rc1-syzkaller #0 [ 320.221811][T27021] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 320.231949][T27021] Call Trace: [ 320.232297][T27026] loop0: detected capacity change from 0 to 61 [ 320.235228][T27021] dump_stack_lvl+0xd6/0x122 [ 320.235259][T27021] dump_stack+0x11/0x1b [ 320.250390][T27021] should_fail+0x23c/0x250 [ 320.254813][T27021] ? kcalloc+0x32/0x50 [ 320.258887][T27021] __should_failslab+0x81/0x90 [ 320.263661][T27021] should_failslab+0x5/0x20 [ 320.268286][T27021] __kmalloc+0x6f/0x350 [ 320.272447][T27021] kcalloc+0x32/0x50 [ 320.276340][T27021] ext4_find_extent+0x21c/0x7f0 [ 320.281195][T27021] ext4_ext_map_blocks+0x115/0x1ff0 [ 320.286394][T27021] ? ext4_es_lookup_extent+0x36b/0x490 [ 320.291848][T27021] ext4_map_blocks+0x71e/0xf00 [ 320.296621][T27021] ext4_iomap_begin+0x4b0/0x630 [ 320.301469][T27021] ? ext4_alloc_da_blocks+0xd0/0xd0 [ 320.306661][T27021] iomap_iter+0x39c/0x470 [ 320.311054][T27021] __iomap_dio_rw+0x698/0x1010 [ 320.315814][T27021] iomap_dio_rw+0x30/0x70 [ 320.320136][T27021] ? ext4_file_write_iter+0x4a1/0x11f0 [ 320.325585][T27021] ext4_file_write_iter+0xabe/0x11f0 [ 320.330873][T27021] ? ext4_file_write_iter+0x4a1/0x11f0 [ 320.336436][T27021] do_iter_readv_writev+0x2de/0x380 [ 320.341631][T27021] do_iter_write+0x192/0x5c0 [ 320.346217][T27021] ? splice_from_pipe_next+0x34f/0x3b0 [ 320.351691][T27021] ? kmalloc_array+0x2d/0x40 [ 320.356267][T27021] vfs_iter_write+0x4c/0x70 [ 320.360825][T27021] iter_file_splice_write+0x43a/0x790 [ 320.366360][T27021] ? splice_from_pipe+0xd0/0xd0 [ 320.371371][T27021] direct_splice_actor+0x80/0xa0 [ 320.376488][T27021] splice_direct_to_actor+0x345/0x650 [ 320.382160][T27021] ? do_splice_direct+0x190/0x190 [ 320.387283][T27021] do_splice_direct+0x106/0x190 [ 320.392123][T27021] do_sendfile+0x63e/0xbb0 [ 320.396761][T27021] __x64_sys_sendfile64+0x102/0x140 [ 320.402105][T27021] do_syscall_64+0x44/0xa0 [ 320.406611][T27021] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 320.412595][T27021] RIP: 0033:0x7fca7d004739 [ 320.416999][T27021] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 320.436951][T27021] RSP: 002b:00007fca7ad7c188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 320.445436][T27021] RAX: ffffffffffffffda RBX: 00007fca7d108f80 RCX: 00007fca7d004739 [ 320.453393][T27021] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000003 [ 320.461462][T27021] RBP: 00007fca7ad7c1d0 R08: 0000000000000000 R09: 0000000000000000 [ 320.469420][T27021] R10: 0000000401ffc000 R11: 0000000000000246 R12: 0000000000000002 [ 320.477376][T27021] R13: 00007ffff87c0eff R14: 00007fca7ad7c300 R15: 0000000000022000 11:13:12 executing program 3: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f00000000c0)='./file1\x00', 0x7aca, 0x1, &(0x7f00000002c0)=[{&(0x7f0000000180)="040005090000000066617400040409000200027400f801", 0x17}], 0x0, &(0x7f0000000080)=ANY=[]) r0 = open(&(0x7f00000000c0)='./file0\x00', 0x40c2, 0x0) write(r0, &(0x7f0000001400)="bb", 0x1001) r1 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r1, &(0x7f0000000300)=ANY=[], 0x116) sendfile(r1, r1, &(0x7f0000000240), 0x7fff) creat(&(0x7f0000000100)='./file1\x00', 0x1a2) sendfile(r1, r0, &(0x7f0000000080), 0x684aa014) write$binfmt_script(r0, 0x0, 0x60) ioctl$FS_IOC_GETFSMAP(0xffffffffffffffff, 0xc0c0583b, &(0x7f0000000300)=ANY=[@ANYBLOB="000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000300000001000000ff00000000000000d71f1e0500000000080000000000000039000000000000000000000000000000000000000000000000000000000000009e0f0000c70000000800000000000000000000000000000000000000000000000200"/320]) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() wait4(0x0, 0x0, 0x4000000a, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000002c0)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r2, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0, 0x34}, {&(0x7f0000000000)=""/3, 0x3}], 0x3, 0x0, 0x0, 0x0) tkill(r2, 0x3c) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x48, &(0x7f0000000300)="f43970da7cfeb6d42fd55103666c5762306aa6000000006e59b65f92b10000c571b846e84785185abde7d01894a79025a799ce07a8bdf0c91d32be313b558a8b5a3ae6a22cd7123b"}}], 0x1c) 11:13:12 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000240)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000040)=0x8) creat(&(0x7f0000000380)='./bus\x00', 0x0) open(&(0x7f00000000c0)='./bus\x00', 0x14d842, 0x0) r2 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r2, &(0x7f0000000300)=ANY=[], 0x116) sendfile(r2, r2, &(0x7f0000000240), 0x7fff) r3 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) sendfile(r3, r3, &(0x7f0000000240), 0x7fff) 11:13:12 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000240)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) creat(&(0x7f0000000080)='./bus\x00', 0x0) syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') write$binfmt_script(0xffffffffffffffff, 0x0, 0x8800000) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0) ioctl$SG_IO(r1, 0x2285, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8914, 0x0) r2 = open(&(0x7f00000001c0)='./file0\x00', 0x4e141, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r2, r3, 0x0, 0x401ffc000) 11:13:12 executing program 5: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f00000000c0)='./file1\x00', 0x7aca, 0x1, &(0x7f00000002c0)=[{&(0x7f0000000180)="040005090000000066617400040409000200027400f801", 0x17}], 0x0, &(0x7f0000000080)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') write(0xffffffffffffffff, &(0x7f0000001400)="bb", 0x1001) r0 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r0, &(0x7f0000000300)=ANY=[], 0x116) sendfile(r0, r0, &(0x7f0000000240), 0x7fff) creat(&(0x7f0000000100)='./file1\x00', 0x1a2) sendfile(r0, 0xffffffffffffffff, &(0x7f0000000080), 0x684aa014) write$binfmt_script(0xffffffffffffffff, 0x0, 0x60) ioctl$FS_IOC_GETFSMAP(0xffffffffffffffff, 0xc0c0583b, &(0x7f0000000300)=ANY=[@ANYBLOB="000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000300000001000000ff00000000000000d71f1e0500000000080000000000000039000000000000000000000000000000000000000000000000000000000000009e0f0000c70000000800000000000000000000000000000000000000000000000200"/320]) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) gettid() wait4(0x0, 0x0, 0x4000000a, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000002c0)="0f34", 0x2}], 0x1, 0x0) 11:13:12 executing program 2 (fault-call:5 fault-nth:15): getpid() syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = open(&(0x7f00000001c0)='./file0\x00', 0x4e141, 0x0) r1 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x401ffc000) 11:13:12 executing program 0: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x3, 0x0, @fd=r1, 0x0, 0x0, 0x61, 0x7}, 0x6) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) preadv(r0, &(0x7f0000000300)=[{&(0x7f0000000140)=""/48, 0x30}, {&(0x7f0000000240)=""/3, 0x3}, {&(0x7f0000000280)=""/38, 0x26}], 0x3, 0x3a, 0x1) write$P9_RCLUNK(r0, &(0x7f0000000080)={0x7, 0x79, 0x1}, 0x7) syz_mount_image$msdos(&(0x7f0000000040), &(0x7f00000000c0)='./file1\x00', 0x7aca, 0x1, &(0x7f00000002c0)=[{&(0x7f0000000180)="040005090000000066617400040409000200027400f801", 0x17}], 0x0, &(0x7f0000000100)=ANY=[]) r2 = signalfd(r0, &(0x7f0000000200)={[0x4]}, 0x8) write$sndseq(r2, &(0x7f0000000440)=[{0x7, 0x1, 0x20, 0xc0, @time={0x80, 0x800}, {0x7f, 0x3}, {0xb6, 0xf5}, @control={0x2, 0x9, 0x6}}], 0x1c) inotify_init1(0x0) chdir(&(0x7f0000000000)='./file1\x00') r3 = open(&(0x7f00000000c0)='./file0\x00', 0x40c2, 0x0) write(r3, &(0x7f0000001400)="bb8f9f640903127a53527c6fbfe65d43b0e0586f2d40c7e7df58cac83420e83662d6e39bb6d5430622431454eedeeaee423d8f210bc3525fa7927c18d5fbc91ab13c2041136047d8da9375934d00f325499bfe77", 0x54) creat(&(0x7f0000000100)='./file1\x00', 0x41) write$P9_RSTAT(r3, &(0x7f0000000340)=ANY=[@ANYBLOB="540000007d000000004d00000000000000000000000000000000000000000800000000000000000000000000000000000000000009006d73646f73000a002f6465562f76637375000a005c6a7d2f2a2f446f73d5c867a86036c0ce6a9ce4e0ad616a05bac18b023a4934c448249022571a868d874dc83e7ae2eb700ea5a63ce9180875a67f3387207adb4d1d70f5e08b9a865e1ffbd7c8b3b5a0ff7aef1cd874a2623911935429d6e168af780ba773166ce8817811be86ca29ff2b2630eadc4880b9a31dfabc4647ad9848a3c038f1"], 0x54) [ 322.034531][T27047] FAULT_INJECTION: forcing a failure. [ 322.034531][T27047] name failslab, interval 1, probability 0, space 0, times 0 [ 322.047183][T27047] CPU: 1 PID: 27047 Comm: syz-executor.2 Not tainted 5.15.0-rc1-syzkaller #0 [ 322.056003][T27047] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 322.062199][T27053] loop4: detected capacity change from 0 to 262160 [ 322.066061][T27047] Call Trace: [ 322.066071][T27047] dump_stack_lvl+0xd6/0x122 [ 322.066097][T27047] dump_stack+0x11/0x1b [ 322.084664][T27047] should_fail+0x23c/0x250 [ 322.089174][T27047] ? ext4_mb_new_blocks+0x317/0x1fc0 [ 322.094633][T27047] __should_failslab+0x81/0x90 [ 322.099597][T27047] should_failslab+0x5/0x20 [ 322.104109][T27047] kmem_cache_alloc+0x4f/0x300 [ 322.109025][T27047] ext4_mb_new_blocks+0x317/0x1fc0 [ 322.114324][T27047] ? ext4_find_extent+0x7b2/0x7f0 [ 322.119386][T27047] ? ext4_ext_search_right+0x246/0x540 [ 322.124850][T27047] ext4_ext_map_blocks+0x15ed/0x1ff0 [ 322.130175][T27047] ? ext4_es_lookup_extent+0x36b/0x490 [ 322.135791][T27047] ext4_map_blocks+0x71e/0xf00 [ 322.140592][T27047] ? crypto_shash_update+0x13c/0x1a0 [ 322.145894][T27047] ext4_iomap_begin+0x4b0/0x630 [ 322.150846][T27047] ? ext4_alloc_da_blocks+0xd0/0xd0 [ 322.156360][T27047] iomap_iter+0x39c/0x470 [ 322.160794][T27047] __iomap_dio_rw+0x698/0x1010 [ 322.165608][T27047] ? __ext4_mark_inode_dirty+0x501/0x5c0 [ 322.171290][T27047] iomap_dio_rw+0x30/0x70 [ 322.173856][T27065] loop0: detected capacity change from 0 to 61 [ 322.175635][T27047] ? ext4_file_write_iter+0x4a1/0x11f0 [ 322.187333][T27047] ext4_file_write_iter+0xabe/0x11f0 [ 322.192625][T27047] ? ext4_file_write_iter+0x4a1/0x11f0 [ 322.198212][T27047] do_iter_readv_writev+0x2de/0x380 [ 322.203434][T27047] do_iter_write+0x192/0x5c0 [ 322.208045][T27047] ? splice_from_pipe_next+0x34f/0x3b0 [ 322.213511][T27047] ? kmalloc_array+0x2d/0x40 [ 322.218261][T27047] vfs_iter_write+0x4c/0x70 [ 322.222784][T27047] iter_file_splice_write+0x43a/0x790 [ 322.223208][T27065] FAT-fs (loop0): Unrecognized mount option "°" or missing value [ 322.228164][T27047] ? splice_from_pipe+0xd0/0xd0 [ 322.228189][T27047] direct_splice_actor+0x80/0xa0 [ 322.245917][T27047] splice_direct_to_actor+0x345/0x650 [ 322.251302][T27047] ? do_splice_direct+0x190/0x190 [ 322.256328][T27047] do_splice_direct+0x106/0x190 [ 322.261216][T27047] do_sendfile+0x63e/0xbb0 [ 322.265653][T27047] __x64_sys_sendfile64+0x102/0x140 [ 322.270883][T27047] do_syscall_64+0x44/0xa0 [ 322.275424][T27047] entry_SYSCALL_64_after_hwframe+0x44/0xae 11:13:12 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000240)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) creat(&(0x7f0000000080)='./bus\x00', 0x0) syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') write$binfmt_script(0xffffffffffffffff, 0x0, 0x8800000) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0) ioctl$SG_IO(r1, 0x2285, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8914, 0x0) r2 = open(&(0x7f00000001c0)='./file0\x00', 0x4e141, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r2, r3, 0x0, 0x401ffc000) [ 322.281403][T27047] RIP: 0033:0x7fca7d004739 [ 322.286108][T27047] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 322.305715][T27047] RSP: 002b:00007fca7ad7c188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 322.314171][T27047] RAX: ffffffffffffffda RBX: 00007fca7d108f80 RCX: 00007fca7d004739 [ 322.322170][T27047] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000003 11:13:12 executing program 3: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f00000000c0)='./file1\x00', 0x7aca, 0x1, &(0x7f00000002c0)=[{&(0x7f0000000180)="040005090000000066617400040409000200027400f801", 0x17}], 0x0, &(0x7f0000000080)=ANY=[]) r0 = open(&(0x7f00000000c0)='./file0\x00', 0x40c2, 0x0) write(r0, &(0x7f0000001400)="bb", 0x1001) r1 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r1, &(0x7f0000000300)=ANY=[], 0x116) sendfile(r1, r1, &(0x7f0000000240), 0x7fff) creat(&(0x7f0000000100)='./file1\x00', 0x1a2) sendfile(r1, r0, &(0x7f0000000080), 0x684aa014) write$binfmt_script(r0, 0x0, 0x60) ioctl$FS_IOC_GETFSMAP(0xffffffffffffffff, 0xc0c0583b, &(0x7f0000000300)=ANY=[@ANYBLOB="000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000300000001000000ff00000000000000d71f1e0500000000080000000000000039000000000000000000000000000000000000000000000000000000000000009e0f0000c70000000800000000000000000000000000000000000000000000000200"/320]) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() wait4(0x0, 0x0, 0x4000000a, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000002c0)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r2, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0, 0x34}, {&(0x7f0000000000)=""/3, 0x3}], 0x3, 0x0, 0x0, 0x0) tkill(r2, 0x3c) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x48, &(0x7f0000000300)="f43970da7cfeb6d42fd55103666c5762306aa6000000006e59b65f92b10000c571b846e84785185abde7d01894a79025a799ce07a8bdf0c91d32be313b558a8b5a3ae6a22cd7123b"}}], 0x1c) 11:13:12 executing program 5: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f00000000c0)='./file1\x00', 0x7aca, 0x1, &(0x7f00000002c0)=[{&(0x7f0000000180)="040005090000000066617400040409000200027400f801", 0x17}], 0x0, &(0x7f0000000080)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') write(0xffffffffffffffff, &(0x7f0000001400)="bb", 0x1001) r0 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r0, &(0x7f0000000300)=ANY=[], 0x116) sendfile(r0, r0, &(0x7f0000000240), 0x7fff) creat(&(0x7f0000000100)='./file1\x00', 0x1a2) sendfile(r0, 0xffffffffffffffff, &(0x7f0000000080), 0x684aa014) write$binfmt_script(0xffffffffffffffff, 0x0, 0x60) ioctl$FS_IOC_GETFSMAP(0xffffffffffffffff, 0xc0c0583b, &(0x7f0000000300)=ANY=[@ANYBLOB="000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000300000001000000ff00000000000000d71f1e0500000000080000000000000039000000000000000000000000000000000000000000000000000000000000009e0f0000c70000000800000000000000000000000000000000000000000000000200"/320]) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) gettid() wait4(0x0, 0x0, 0x4000000a, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000002c0)="0f34", 0x2}], 0x1, 0x0) 11:13:12 executing program 2 (fault-call:5 fault-nth:16): getpid() syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = open(&(0x7f00000001c0)='./file0\x00', 0x4e141, 0x0) r1 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x401ffc000) [ 322.330214][T27047] RBP: 00007fca7ad7c1d0 R08: 0000000000000000 R09: 0000000000000000 [ 322.338351][T27047] R10: 0000000401ffc000 R11: 0000000000000246 R12: 0000000000000002 [ 322.346317][T27047] R13: 00007ffff87c0eff R14: 00007fca7ad7c300 R15: 0000000000022000 11:13:12 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000240)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000040)=0x8) creat(&(0x7f0000000380)='./bus\x00', 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x80000001) r2 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r2, &(0x7f0000000300)=ANY=[], 0x116) sendfile(r2, r2, &(0x7f0000000240), 0x7fff) r3 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) sendfile(r3, r3, &(0x7f0000000240), 0x7fff) [ 322.415797][T27058] loop0: detected capacity change from 0 to 61 [ 322.422279][T27058] FAT-fs (loop0): Unrecognized mount option "°" or missing value [ 322.427858][T27086] FAULT_INJECTION: forcing a failure. [ 322.427858][T27086] name failslab, interval 1, probability 0, space 0, times 0 [ 322.442793][T27086] CPU: 1 PID: 27086 Comm: syz-executor.2 Not tainted 5.15.0-rc1-syzkaller #0 [ 322.451594][T27086] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 322.454892][T27098] loop4: detected capacity change from 0 to 262160 [ 322.461651][T27086] Call Trace: [ 322.461661][T27086] dump_stack_lvl+0xd6/0x122 [ 322.476118][T27086] dump_stack+0x11/0x1b [ 322.480273][T27086] should_fail+0x23c/0x250 [ 322.484690][T27086] ? ext4_mb_new_blocks+0x73f/0x1fc0 [ 322.490004][T27086] __should_failslab+0x81/0x90 [ 322.494872][T27086] should_failslab+0x5/0x20 [ 322.499379][T27086] kmem_cache_alloc+0x4f/0x300 [ 322.504337][T27086] ext4_mb_new_blocks+0x73f/0x1fc0 [ 322.509543][T27086] ? ext4_find_extent+0x7b2/0x7f0 [ 322.514672][T27086] ? ext4_ext_search_right+0x246/0x540 [ 322.520134][T27086] ext4_ext_map_blocks+0x15ed/0x1ff0 [ 322.525447][T27086] ? ext4_es_lookup_extent+0x36b/0x490 [ 322.531001][T27086] ext4_map_blocks+0x71e/0xf00 [ 322.535785][T27086] ext4_iomap_begin+0x4b0/0x630 [ 322.541161][T27086] ? ext4_alloc_da_blocks+0xd0/0xd0 [ 322.546401][T27086] iomap_iter+0x39c/0x470 [ 322.550893][T27086] __iomap_dio_rw+0x698/0x1010 [ 322.555683][T27086] iomap_dio_rw+0x30/0x70 [ 322.560194][T27086] ? ext4_file_write_iter+0x4a1/0x11f0 [ 322.565739][T27086] ext4_file_write_iter+0xabe/0x11f0 [ 322.571047][T27086] ? ext4_file_write_iter+0x4a1/0x11f0 [ 322.576543][T27086] do_iter_readv_writev+0x2de/0x380 [ 322.581853][T27086] do_iter_write+0x192/0x5c0 [ 322.586454][T27086] ? splice_from_pipe_next+0x34f/0x3b0 [ 322.591910][T27086] ? kmalloc_array+0x2d/0x40 [ 322.596599][T27086] vfs_iter_write+0x4c/0x70 [ 322.601349][T27086] iter_file_splice_write+0x43a/0x790 [ 322.606992][T27086] ? splice_from_pipe+0xd0/0xd0 [ 322.612071][T27086] direct_splice_actor+0x80/0xa0 [ 322.617110][T27086] splice_direct_to_actor+0x345/0x650 [ 322.622493][T27086] ? do_splice_direct+0x190/0x190 [ 322.627520][T27086] do_splice_direct+0x106/0x190 [ 322.632543][T27086] do_sendfile+0x63e/0xbb0 [ 322.637135][T27086] __x64_sys_sendfile64+0x102/0x140 [ 322.642333][T27086] do_syscall_64+0x44/0xa0 [ 322.646842][T27086] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 322.652852][T27086] RIP: 0033:0x7fca7d004739 11:13:12 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000240)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) creat(&(0x7f0000000080)='./bus\x00', 0x0) syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') write$binfmt_script(0xffffffffffffffff, 0x0, 0x8800000) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0) ioctl$SG_IO(r1, 0x2285, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8914, 0x0) r2 = open(&(0x7f00000001c0)='./file0\x00', 0x4e141, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r2, r3, 0x0, 0x401ffc000) [ 322.657353][T27086] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 322.677297][T27086] RSP: 002b:00007fca7ad7c188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 322.685801][T27086] RAX: ffffffffffffffda RBX: 00007fca7d108f80 RCX: 00007fca7d004739 [ 322.693802][T27086] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000003 [ 322.702006][T27086] RBP: 00007fca7ad7c1d0 R08: 0000000000000000 R09: 0000000000000000 11:13:12 executing program 5: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f00000000c0)='./file1\x00', 0x7aca, 0x1, &(0x7f00000002c0)=[{&(0x7f0000000180)="040005090000000066617400040409000200027400f801", 0x17}], 0x0, &(0x7f0000000080)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') write(0xffffffffffffffff, &(0x7f0000001400)="bb", 0x1001) r0 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r0, &(0x7f0000000300)=ANY=[], 0x116) sendfile(r0, r0, &(0x7f0000000240), 0x7fff) creat(&(0x7f0000000100)='./file1\x00', 0x1a2) sendfile(r0, 0xffffffffffffffff, &(0x7f0000000080), 0x684aa014) write$binfmt_script(0xffffffffffffffff, 0x0, 0x60) ioctl$FS_IOC_GETFSMAP(0xffffffffffffffff, 0xc0c0583b, &(0x7f0000000300)=ANY=[@ANYBLOB="000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000300000001000000ff00000000000000d71f1e0500000000080000000000000039000000000000000000000000000000000000000000000000000000000000009e0f0000c70000000800000000000000000000000000000000000000000000000200"/320]) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) gettid() wait4(0x0, 0x0, 0x4000000a, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000002c0)="0f34", 0x2}], 0x1, 0x0) 11:13:12 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000240)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000040)=0x8) creat(&(0x7f0000000380)='./bus\x00', 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x80000001) r2 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r2, &(0x7f0000000300)=ANY=[], 0x116) sendfile(r2, r2, &(0x7f0000000240), 0x7fff) r3 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) sendfile(r3, r3, &(0x7f0000000240), 0x7fff) 11:13:12 executing program 2 (fault-call:5 fault-nth:17): getpid() syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = open(&(0x7f00000001c0)='./file0\x00', 0x4e141, 0x0) r1 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x401ffc000) [ 322.710101][T27086] R10: 0000000401ffc000 R11: 0000000000000246 R12: 0000000000000002 [ 322.718155][T27086] R13: 00007ffff87c0eff R14: 00007fca7ad7c300 R15: 0000000000022000 11:13:12 executing program 0: r0 = syz_mount_image$msdos(&(0x7f0000000040), &(0x7f00000000c0)='./file1\x00', 0x7aca, 0x1, &(0x7f00000002c0)=[{&(0x7f0000000180)="040005090000000066617400040409000200027400f801", 0x17}], 0x0, &(0x7f0000000100)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') r1 = open(&(0x7f00000000c0)='./file0\x00', 0x40c2, 0x0) openat(r0, &(0x7f0000000200)='./file0\x00', 0x1350c0, 0x42) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0, 0x12b) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_TEE={0x21, 0x1, 0x0, @fd_index=0x3, 0x0, 0x0, 0xff, 0x0, 0x0, {0x0, 0x0, r0}}, 0x4) move_mount(r0, &(0x7f0000000080)='./file1\x00', r2, &(0x7f0000000140)='./file1\x00', 0x5) socketpair(0x18, 0x803, 0x200, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$FITHAW(r3, 0xc0045878) write(r1, &(0x7f0000001400)="bb8f9f640903127a53527c6fbfe65d43b0e0586f2d40c7e7df58cac83420e83662d6e39bb6d5430622431454eedeeaee423d8f210bc3525fa7927c18d5fbc91ab13c2041136047d8da9375934d00f325499bfe77", 0x54) write$P9_RSTAT(r1, &(0x7f0000000240)={0x54, 0x7d, 0x0, {0x0, 0x4d, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0, 0x0, '', 0x6, 'msdos\x00', 0xa, '/dev/vcsu\x00', 0xa, '\\j}/*/|,\x13('}}, 0x54) [ 322.806711][T27128] loop4: detected capacity change from 0 to 262160 [ 322.821475][T27135] loop0: detected capacity change from 0 to 61 [ 322.831608][T27130] FAULT_INJECTION: forcing a failure. [ 322.831608][T27130] name failslab, interval 1, probability 0, space 0, times 0 [ 322.845187][T27130] CPU: 1 PID: 27130 Comm: syz-executor.2 Not tainted 5.15.0-rc1-syzkaller #0 [ 322.853949][T27130] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 322.863998][T27130] Call Trace: [ 322.867275][T27130] dump_stack_lvl+0xd6/0x122 [ 322.871866][T27130] dump_stack+0x11/0x1b [ 322.876042][T27130] should_fail+0x23c/0x250 [ 322.880602][T27130] ? __es_insert_extent+0x51f/0xe70 [ 322.885788][T27130] __should_failslab+0x81/0x90 [ 322.890541][T27130] should_failslab+0x5/0x20 [ 322.895052][T27130] kmem_cache_alloc+0x4f/0x300 [ 322.899921][T27130] __es_insert_extent+0x51f/0xe70 [ 322.905009][T27130] ext4_es_insert_extent+0x1cb/0x1950 [ 322.910381][T27130] ext4_map_blocks+0xa5d/0xf00 [ 322.915157][T27130] ext4_iomap_begin+0x4b0/0x630 [ 322.920012][T27130] ? ext4_alloc_da_blocks+0xd0/0xd0 [ 322.925327][T27130] iomap_iter+0x39c/0x470 [ 322.929724][T27130] __iomap_dio_rw+0x698/0x1010 [ 322.934532][T27130] iomap_dio_rw+0x30/0x70 [ 322.938861][T27130] ? ext4_file_write_iter+0x4a1/0x11f0 [ 322.944351][T27130] ext4_file_write_iter+0xabe/0x11f0 [ 322.949736][T27130] ? ext4_file_write_iter+0x4a1/0x11f0 [ 322.955244][T27130] do_iter_readv_writev+0x2de/0x380 [ 322.960448][T27130] do_iter_write+0x192/0x5c0 [ 322.965116][T27130] ? splice_from_pipe_next+0x34f/0x3b0 [ 322.970572][T27130] ? kmalloc_array+0x2d/0x40 [ 322.975236][T27130] vfs_iter_write+0x4c/0x70 [ 322.979771][T27130] iter_file_splice_write+0x43a/0x790 [ 322.985217][T27130] ? splice_from_pipe+0xd0/0xd0 [ 322.990055][T27130] direct_splice_actor+0x80/0xa0 [ 322.995091][T27130] splice_direct_to_actor+0x345/0x650 [ 323.000448][T27130] ? do_splice_direct+0x190/0x190 [ 323.005460][T27130] do_splice_direct+0x106/0x190 [ 323.010378][T27130] do_sendfile+0x63e/0xbb0 [ 323.014808][T27130] __x64_sys_sendfile64+0x102/0x140 [ 323.020002][T27130] do_syscall_64+0x44/0xa0 [ 323.024451][T27130] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 323.030373][T27130] RIP: 0033:0x7fca7d004739 [ 323.034842][T27130] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 323.054525][T27130] RSP: 002b:00007fca7ad7c188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 323.062930][T27130] RAX: ffffffffffffffda RBX: 00007fca7d108f80 RCX: 00007fca7d004739 [ 323.070905][T27130] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000003 [ 323.078863][T27130] RBP: 00007fca7ad7c1d0 R08: 0000000000000000 R09: 0000000000000000 [ 323.086823][T27130] R10: 0000000401ffc000 R11: 0000000000000246 R12: 0000000000000002 [ 323.094852][T27130] R13: 00007ffff87c0eff R14: 00007fca7ad7c300 R15: 0000000000022000 11:13:13 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000240)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000040)=0x8) creat(&(0x7f0000000380)='./bus\x00', 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x80000001) r2 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r2, &(0x7f0000000300)=ANY=[], 0x116) sendfile(r2, r2, &(0x7f0000000240), 0x7fff) r3 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) sendfile(r3, r3, &(0x7f0000000240), 0x7fff) 11:13:13 executing program 2 (fault-call:5 fault-nth:18): getpid() syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = open(&(0x7f00000001c0)='./file0\x00', 0x4e141, 0x0) r1 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x401ffc000) 11:13:13 executing program 0: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f00000000c0)='./file1\x00', 0x7aca, 0x1, &(0x7f00000002c0)=[{&(0x7f0000000180)="040005090000000066617400040409000200027400f801", 0x17}], 0x0, &(0x7f0000000100)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') r0 = open(&(0x7f00000000c0)='./file0\x00', 0x40c2, 0x0) open(&(0x7f0000000100)='./file0\x00', 0x48201, 0xbe) creat(&(0x7f0000000080)='./file1\x00', 0x40) write(r0, &(0x7f0000001400)="bb8f9f640903127a53527c6fbfe65d43b0e0586f2d40c7e7df58cac83420e83662d6e39bb6d5430622431454eedeeaee423d8f210bc3525fa7927c18d5fbc91ab13c2041136047d8da9375934d00f325499bfe77", 0x54) write$P9_RSTAT(r0, &(0x7f0000000240)={0x54, 0x7d, 0x0, {0x0, 0x4d, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0, 0x0, '', 0x6, 'msdos\x00', 0xa, '/dev/vcsu\x00', 0xa, '\\j}/*/|,\x13('}}, 0x54) [ 323.246118][T27153] FAULT_INJECTION: forcing a failure. [ 323.246118][T27153] name failslab, interval 1, probability 0, space 0, times 0 [ 323.258917][T27153] CPU: 1 PID: 27153 Comm: syz-executor.2 Not tainted 5.15.0-rc1-syzkaller #0 [ 323.267709][T27153] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 323.277805][T27153] Call Trace: [ 323.279089][T27157] loop0: detected capacity change from 0 to 61 [ 323.281081][T27153] dump_stack_lvl+0xd6/0x122 [ 323.291819][T27153] dump_stack+0x11/0x1b [ 323.295980][T27153] should_fail+0x23c/0x250 [ 323.300427][T27153] ? mempool_alloc_slab+0x16/0x20 [ 323.305524][T27153] __should_failslab+0x81/0x90 [ 323.310280][T27153] should_failslab+0x5/0x20 [ 323.314773][T27153] kmem_cache_alloc+0x4f/0x300 [ 323.319526][T27153] mempool_alloc_slab+0x16/0x20 [ 323.324381][T27153] ? mempool_free+0x130/0x130 [ 323.329059][T27153] mempool_alloc+0x9d/0x310 [ 323.333547][T27153] bio_alloc_bioset+0xcc/0x530 [ 323.338300][T27153] ? iov_iter_alignment+0x34b/0x370 [ 323.343654][T27153] iomap_dio_bio_iter+0x5e1/0xc00 [ 323.348773][T27153] __iomap_dio_rw+0x8d8/0x1010 [ 323.353532][T27153] iomap_dio_rw+0x30/0x70 [ 323.357878][T27153] ? ext4_file_write_iter+0x4a1/0x11f0 [ 323.363363][T27153] ext4_file_write_iter+0xabe/0x11f0 [ 323.368682][T27153] ? ext4_file_write_iter+0x4a1/0x11f0 [ 323.374154][T27153] do_iter_readv_writev+0x2de/0x380 [ 323.379434][T27153] do_iter_write+0x192/0x5c0 [ 323.384047][T27153] ? splice_from_pipe_next+0x34f/0x3b0 [ 323.389498][T27153] ? kmalloc_array+0x2d/0x40 [ 323.394071][T27153] vfs_iter_write+0x4c/0x70 [ 323.398649][T27153] iter_file_splice_write+0x43a/0x790 [ 323.404017][T27153] ? splice_from_pipe+0xd0/0xd0 [ 323.409036][T27153] direct_splice_actor+0x80/0xa0 [ 323.414094][T27153] splice_direct_to_actor+0x345/0x650 [ 323.419453][T27153] ? do_splice_direct+0x190/0x190 [ 323.424469][T27153] do_splice_direct+0x106/0x190 [ 323.429348][T27153] do_sendfile+0x63e/0xbb0 [ 323.434077][T27153] __x64_sys_sendfile64+0x102/0x140 [ 323.439274][T27153] do_syscall_64+0x44/0xa0 [ 323.443905][T27153] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 323.449891][T27153] RIP: 0033:0x7fca7d004739 [ 323.454304][T27153] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 323.473903][T27153] RSP: 002b:00007fca7ad7c188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 323.482303][T27153] RAX: ffffffffffffffda RBX: 00007fca7d108f80 RCX: 00007fca7d004739 [ 323.490264][T27153] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000003 [ 323.498221][T27153] RBP: 00007fca7ad7c1d0 R08: 0000000000000000 R09: 0000000000000000 [ 323.506181][T27153] R10: 0000000401ffc000 R11: 0000000000000246 R12: 0000000000000002 [ 323.514139][T27153] R13: 00007ffff87c0eff R14: 00007fca7ad7c300 R15: 0000000000022000 [ 323.553182][T27157] attempt to access beyond end of device [ 323.553182][T27157] loop0: rw=2049, want=64, limit=61 [ 323.577925][ T1161] attempt to access beyond end of device [ 323.577925][ T1161] loop0: rw=1, want=72, limit=61 11:13:15 executing program 3: chdir(&(0x7f0000000000)='./file1\x00') r0 = open(&(0x7f00000000c0)='./file0\x00', 0x40c2, 0x0) write(r0, &(0x7f0000001400)="bb", 0x1001) r1 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r1, &(0x7f0000000300)=ANY=[], 0x116) sendfile(r1, r1, &(0x7f0000000240), 0x7fff) creat(&(0x7f0000000100)='./file1\x00', 0x1a2) sendfile(r1, r0, &(0x7f0000000080), 0x684aa014) write$binfmt_script(r0, 0x0, 0x60) ioctl$FS_IOC_GETFSMAP(0xffffffffffffffff, 0xc0c0583b, &(0x7f0000000300)=ANY=[@ANYBLOB="000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000300000001000000ff00000000000000d71f1e0500000000080000000000000039000000000000000000000000000000000000000000000000000000000000009e0f0000c70000000800000000000000000000000000000000000000000000000200"/320]) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() wait4(0x0, 0x0, 0x4000000a, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000002c0)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r2, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0, 0x34}, {&(0x7f0000000000)=""/3, 0x3}], 0x3, 0x0, 0x0, 0x0) tkill(r2, 0x3c) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x48, &(0x7f0000000300)="f43970da7cfeb6d42fd55103666c5762306aa6000000006e59b65f92b10000c571b846e84785185abde7d01894a79025a799ce07a8bdf0c91d32be313b558a8b5a3ae6a22cd7123b"}}], 0x1c) 11:13:15 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000240)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) creat(&(0x7f0000000080)='./bus\x00', 0x0) syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[]) write$binfmt_script(0xffffffffffffffff, 0x0, 0x8800000) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0) ioctl$SG_IO(r1, 0x2285, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8914, 0x0) r2 = open(&(0x7f00000001c0)='./file0\x00', 0x4e141, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r2, r3, 0x0, 0x401ffc000) 11:13:15 executing program 0: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f00000000c0)='./file1\x00', 0x7aca, 0x0, &(0x7f00000002c0), 0x20, &(0x7f0000000100)=ANY=[]) syz_mount_image$tmpfs(&(0x7f00000006c0), &(0x7f0000000700)='./file1\x00', 0x1, 0x2, &(0x7f0000000840)=[{&(0x7f0000000740)="bd77bbb22ccb5403352800a2aafe27f2628699a56f02676018861c66e3ffd2ece6ede4d87069e3e9bd4711b9ab60e2e4a8de5e449bd1f34bd169b58d61c92fef24bb197ef9c53bb2378d137a6bf58c533383fa6bd482868830770ed6352ed554", 0x60}, {&(0x7f00000007c0)="e96d02eb97ab50b61709076a5beefc789b8c01d321bb394e47c5470c7dda7bc55cb251030f3e501c581832a9d76cefbcc642a463cb09243ba17a9d1ad7c1c6b3949bfdc1097a96912fc3e04ac424f3e1e8fc7a3a14a9965c43666be4994b0743cfbac580", 0x64, 0x2}], 0x20, &(0x7f0000000880)={[{@size={'size', 0x3d, [0x70, 0x70, 0x32, 0x65, 0x38, 0x70, 0x33, 0x6d, 0x39, 0x25]}}, {@nr_blocks={'nr_blocks', 0x3d, [0x38, 0x2d, 0x6d, 0x30, 0x31, 0x30, 0x25, 0x65]}}], [{@fsuuid={'fsuuid', 0x3d, {[0x61, 0x38, 0x36, 0x37, 0x66, 0x62, 0x65, 0x64], 0x2d, [0x66, 0x39, 0x39, 0x63], 0x2d, [0x63, 0x30, 0x35, 0x61], 0x2d, [0x35, 0x38, 0x61, 0x35], 0x2d, [0x62, 0x31, 0x65, 0x30, 0x33, 0x66, 0x33, 0x66]}}}, {@fowner_gt}]}) openat$incfs(0xffffffffffffffff, &(0x7f0000000080)='.log\x00', 0x80200, 0x1a) syz_mount_image$nfs(&(0x7f0000000240), &(0x7f0000000280)='./file0\x00', 0x6, 0x5, &(0x7f0000000600)=[{&(0x7f00000002c0)="eb0172fb0ab8d1e2dd04d8f889f44707e155f0e21de2718a0629a2a4283b1ac09c7503893046ce5e8846386de38bde839870df5e5f4f870ad434ffa0f88300217446c42e6af288559406a48d4728139fb2d1d15a70231d581d3820b6fae78e9348e613c4c7d115ca366da6f934ed81fb8b", 0x71}, {&(0x7f0000000340)="bde274a30f62eac77a9f2de99a56866df1a8e6b3d13d14d0a2061a29c9f763d98a50c2e18dd978b73fdbfd766735d932de8c9e30aa98f26239481ec1d19b3b439e81375106a884699342ffff7dc72734347e69dd5c7a2b3d43f01116ab62bd17615ee276e1ec2c88222ab05adb18685c7f4b727fdc140a1e2dad87a78c0f0648b85127bb4ec01cce9f0d8d3e8bcb", 0x8e, 0x8}, {&(0x7f0000000400)="9ef04a04b98fc1de39b0d00382195495e17221a36b396dba93a52c3a01dfc42c72a49591e88ac3bb581ea248ebed184ab0923dd72439b46ade959827f7f5da65d8a23413333a72d9defd942474a5d7e7720b89d40d26e452f7be383d93302975ea1c79d6d54e5c550d2068ac09755c793673194c81863ed3ae1cd2a034438361289be535dc4f5ceac9c60f490b4b18b1b13ebe181f024bbb7a6d8aa1534fe6d8b5", 0xa1, 0x2}, {&(0x7f00000004c0)="ee85102096b87b03444a1b74d7507b947337cb29535ba96c46ba7361087dcc62d65211c88f13d7", 0x27, 0x80}, {&(0x7f0000000500)="f2c9b3734772c83247e816640f316f96d088d47a5672cdf19d99a3c72b123c3426446786f50b1027f64ea1a8dfe07d739dbecd678b5913368becff13a46e1b3cadda545416318e3f6d6a2882291e536c26063cbef832c12b0fa8a73cc5821c6119ab9745479dd68f81160a7cc9df8f45a81fc69ace3283cbee4a8d36852e442aaac1da98fc6d2ecb2e79ecdfc4ef44c7c382c462e03758648faab9efda5e7fa2236ba9aee47658e758ba0b892be0e58e5ab9f106a0d43c076149102cf90aba4e731f5a15ed999241c4", 0xc9}], 0x1000000, &(0x7f0000000680)={[{'^$:#@'}, {'-'}], [{@pcr={'pcr', 0x3d, 0x31}}]}) chdir(&(0x7f0000000000)='./file1\x00') r0 = open(&(0x7f00000000c0)='./file0\x00', 0x40c2, 0x0) write(r0, &(0x7f0000001400)="bb8f9f640903127a53527c6fbfe65d43b0e0586f2d40c7e7df58cac83420e83662d6e39bb6d5430622431454eedeeaee423d8f210bc3525fa7927c18d5fbc91ab13c2041136047d8da9375934d00f325499bfe77", 0x54) write$P9_RSTAT(r0, &(0x7f0000000100)={0x77, 0x7d, 0x0, {0x0, 0x70, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0, 0x23, '\xd9q\x1b?\x12\xef\xf8t:\xcccY\x8a\xe9\x94Z\x95m_\xe6\xbbe\xfc\xe9\xdb[).e\n\x00\xa8\xb2Gg', 0x6, 'msdos\x00', 0xa, '/dev/vcsu\x00', 0xa, '\\j}/*/|,\x13('}}, 0x77) pipe(&(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) faccessat(r1, &(0x7f0000000200)='./file0\x00', 0x111) openat(r2, &(0x7f00000001c0)='./file1\x00', 0x121800, 0x101) 11:13:15 executing program 5: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f00000000c0)='./file1\x00', 0x7aca, 0x1, &(0x7f00000002c0)=[{&(0x7f0000000180)="040005090000000066617400040409000200027400f801", 0x17}], 0x0, &(0x7f0000000080)=ANY=[]) r0 = open(&(0x7f00000000c0)='./file0\x00', 0x40c2, 0x0) write(r0, &(0x7f0000001400)="bb", 0x1001) r1 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r1, &(0x7f0000000300)=ANY=[], 0x116) sendfile(r1, r1, &(0x7f0000000240), 0x7fff) creat(&(0x7f0000000100)='./file1\x00', 0x1a2) sendfile(r1, r0, &(0x7f0000000080), 0x684aa014) write$binfmt_script(r0, 0x0, 0x60) ioctl$FS_IOC_GETFSMAP(0xffffffffffffffff, 0xc0c0583b, &(0x7f0000000300)=ANY=[@ANYBLOB="000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000300000001000000ff00000000000000d71f1e0500000000080000000000000039000000000000000000000000000000000000000000000000000000000000009e0f0000c70000000800000000000000000000000000000000000000000000000200"/320]) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) gettid() wait4(0x0, 0x0, 0x4000000a, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000002c0)="0f34", 0x2}], 0x1, 0x0) 11:13:15 executing program 2 (fault-call:5 fault-nth:19): getpid() syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = open(&(0x7f00000001c0)='./file0\x00', 0x4e141, 0x0) r1 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x401ffc000) 11:13:15 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000240)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000040)=0x8) r2 = open(&(0x7f00000000c0)='./bus\x00', 0x14d842, 0x0) sendfile(r2, 0xffffffffffffffff, 0x0, 0x80000001) r3 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r3, &(0x7f0000000300)=ANY=[], 0x116) sendfile(r3, r3, &(0x7f0000000240), 0x7fff) r4 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) sendfile(r4, r4, &(0x7f0000000240), 0x7fff) [ 325.439082][T27185] FAULT_INJECTION: forcing a failure. [ 325.439082][T27185] name failslab, interval 1, probability 0, space 0, times 0 [ 325.445671][T27186] loop4: detected capacity change from 0 to 262160 [ 325.451735][T27185] CPU: 1 PID: 27185 Comm: syz-executor.2 Not tainted 5.15.0-rc1-syzkaller #0 [ 325.467576][T27185] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 325.477638][T27185] Call Trace: [ 325.480961][T27185] dump_stack_lvl+0xd6/0x122 [ 325.485618][T27185] dump_stack+0x11/0x1b [ 325.489777][T27185] should_fail+0x23c/0x250 [ 325.494195][T27185] ? mempool_alloc_slab+0x16/0x20 [ 325.499212][T27185] __should_failslab+0x81/0x90 [ 325.504066][T27185] should_failslab+0x5/0x20 [ 325.508562][T27185] kmem_cache_alloc+0x4f/0x300 [ 325.513329][T27185] mempool_alloc_slab+0x16/0x20 [ 325.518166][T27185] ? mempool_free+0x130/0x130 [ 325.522830][T27185] mempool_alloc+0x9d/0x310 [ 325.527368][T27185] ? crypto_shash_update+0x13c/0x1a0 [ 325.532641][T27185] ? pagecache_get_page+0x7aa/0x910 [ 325.537867][T27185] sg_pool_alloc+0x74/0x90 [ 325.542446][T27185] __sg_alloc_table+0xce/0x290 [ 325.547229][T27185] sg_alloc_table_chained+0xaf/0x140 [ 325.552513][T27185] ? sg_alloc_table_chained+0x140/0x140 [ 325.558107][T27185] scsi_alloc_sgtables+0x184/0x510 [ 325.563217][T27185] sd_init_command+0x952/0x1610 [ 325.568096][T27185] scsi_queue_rq+0x10cd/0x15a0 [ 325.572892][T27185] blk_mq_dispatch_rq_list+0x63b/0x1080 [ 325.578443][T27185] blk_mq_do_dispatch_sched+0x3b5/0x640 [ 325.584073][T27185] __blk_mq_sched_dispatch_requests+0x1eb/0x290 [ 325.590397][T27185] ? rb_insert_color+0x2fa/0x310 [ 325.595401][T27185] blk_mq_sched_dispatch_requests+0x9f/0x110 [ 325.601385][T27185] __blk_mq_run_hw_queue+0xbc/0x140 [ 325.606591][T27185] __blk_mq_delay_run_hw_queue+0x163/0x2f0 [ 325.612416][T27185] blk_mq_run_hw_queue+0x22c/0x250 [ 325.617522][T27185] blk_mq_sched_insert_requests+0x12b/0x1f0 [ 325.623540][T27185] blk_mq_flush_plug_list+0x302/0x3d0 [ 325.628907][T27185] blk_flush_plug_list+0x235/0x260 [ 325.634073][T27185] blk_finish_plug+0x44/0x60 [ 325.638660][T27185] __iomap_dio_rw+0xca7/0x1010 [ 325.643525][T27185] iomap_dio_rw+0x30/0x70 [ 325.647901][T27185] ? ext4_file_write_iter+0x4a1/0x11f0 [ 325.653351][T27185] ext4_file_write_iter+0xabe/0x11f0 [ 325.658648][T27185] ? ext4_file_write_iter+0x4a1/0x11f0 [ 325.664109][T27185] do_iter_readv_writev+0x2de/0x380 [ 325.669312][T27185] do_iter_write+0x192/0x5c0 [ 325.673910][T27185] ? splice_from_pipe_next+0x34f/0x3b0 [ 325.679399][T27185] ? kmalloc_array+0x2d/0x40 [ 325.683977][T27185] vfs_iter_write+0x4c/0x70 [ 325.688472][T27185] iter_file_splice_write+0x43a/0x790 [ 325.693838][T27185] ? splice_from_pipe+0xd0/0xd0 [ 325.698676][T27185] direct_splice_actor+0x80/0xa0 [ 325.703619][T27185] splice_direct_to_actor+0x345/0x650 [ 325.708988][T27185] ? do_splice_direct+0x190/0x190 [ 325.714020][T27185] do_splice_direct+0x106/0x190 [ 325.718941][T27185] do_sendfile+0x63e/0xbb0 [ 325.723579][T27185] __x64_sys_sendfile64+0x102/0x140 [ 325.728775][T27185] do_syscall_64+0x44/0xa0 [ 325.733360][T27185] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 325.739539][T27185] RIP: 0033:0x7fca7d004739 [ 325.743938][T27185] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 325.763718][T27185] RSP: 002b:00007fca7ad7c188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 325.772303][T27185] RAX: ffffffffffffffda RBX: 00007fca7d108f80 RCX: 00007fca7d004739 [ 325.780357][T27185] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000003 [ 325.788327][T27185] RBP: 00007fca7ad7c1d0 R08: 0000000000000000 R09: 0000000000000000 [ 325.796400][T27185] R10: 0000000401ffc000 R11: 0000000000000246 R12: 0000000000000002 [ 325.804367][T27185] R13: 00007ffff87c0eff R14: 00007fca7ad7c300 R15: 0000000000022000 11:13:16 executing program 5: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f00000000c0)='./file1\x00', 0x7aca, 0x1, &(0x7f00000002c0)=[{&(0x7f0000000180)="040005090000000066617400040409000200027400f801", 0x17}], 0x0, &(0x7f0000000080)=ANY=[]) r0 = open(&(0x7f00000000c0)='./file0\x00', 0x40c2, 0x0) write(r0, &(0x7f0000001400)="bb", 0x1001) r1 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r1, &(0x7f0000000300)=ANY=[], 0x116) sendfile(r1, r1, &(0x7f0000000240), 0x7fff) creat(&(0x7f0000000100)='./file1\x00', 0x1a2) sendfile(r1, r0, &(0x7f0000000080), 0x684aa014) write$binfmt_script(r0, 0x0, 0x60) ioctl$FS_IOC_GETFSMAP(0xffffffffffffffff, 0xc0c0583b, &(0x7f0000000300)=ANY=[@ANYBLOB="000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000300000001000000ff00000000000000d71f1e0500000000080000000000000039000000000000000000000000000000000000000000000000000000000000009e0f0000c70000000800000000000000000000000000000000000000000000000200"/320]) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) gettid() wait4(0x0, 0x0, 0x4000000a, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000002c0)="0f34", 0x2}], 0x1, 0x0) 11:13:16 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000240)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) creat(&(0x7f0000000080)='./bus\x00', 0x0) syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[]) write$binfmt_script(0xffffffffffffffff, 0x0, 0x8800000) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0) ioctl$SG_IO(r1, 0x2285, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8914, 0x0) r2 = open(&(0x7f00000001c0)='./file0\x00', 0x4e141, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r2, r3, 0x0, 0x401ffc000) [ 325.844951][T27197] loop0: detected capacity change from 0 to 61 11:13:16 executing program 2 (fault-call:5 fault-nth:20): getpid() syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = open(&(0x7f00000001c0)='./file0\x00', 0x4e141, 0x0) r1 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x401ffc000) [ 325.905800][T27197] nfs: Unknown parameter '^$:#@' [ 325.941985][T27216] loop4: detected capacity change from 0 to 262160 [ 325.956678][T27197] loop0: detected capacity change from 0 to 61 [ 325.985998][T27223] FAULT_INJECTION: forcing a failure. [ 325.985998][T27223] name failslab, interval 1, probability 0, space 0, times 0 [ 325.998766][T27223] CPU: 0 PID: 27223 Comm: syz-executor.2 Not tainted 5.15.0-rc1-syzkaller #0 [ 326.007725][T27223] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 326.018048][T27223] Call Trace: [ 326.021330][T27223] dump_stack_lvl+0xd6/0x122 [ 326.026087][T27223] dump_stack+0x11/0x1b [ 326.030227][T27223] should_fail+0x23c/0x250 [ 326.034646][T27223] ? kmalloc_array+0x2d/0x40 [ 326.039224][T27223] __should_failslab+0x81/0x90 [ 326.044053][T27223] should_failslab+0x5/0x20 [ 326.048581][T27223] __kmalloc+0x6f/0x350 [ 326.052720][T27223] kmalloc_array+0x2d/0x40 [ 326.057124][T27223] iter_file_splice_write+0xd5/0x790 [ 326.062424][T27223] ? atime_needs_update+0x2ba/0x390 [ 326.067613][T27223] ? touch_atime+0xe0/0x250 [ 326.072119][T27223] ? generic_file_splice_read+0x2ac/0x340 [ 326.078014][T27223] ? splice_from_pipe+0xd0/0xd0 [ 326.082936][T27223] direct_splice_actor+0x80/0xa0 [ 326.087924][T27223] splice_direct_to_actor+0x345/0x650 [ 326.093288][T27223] ? do_splice_direct+0x190/0x190 [ 326.098297][T27223] do_splice_direct+0x106/0x190 [ 326.103291][T27223] do_sendfile+0x63e/0xbb0 [ 326.107699][T27223] __x64_sys_sendfile64+0x102/0x140 [ 326.112960][T27223] do_syscall_64+0x44/0xa0 [ 326.117388][T27223] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 326.123408][T27223] RIP: 0033:0x7fca7d004739 [ 326.127809][T27223] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 326.147518][T27223] RSP: 002b:00007fca7ad7c188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 326.156239][T27223] RAX: ffffffffffffffda RBX: 00007fca7d108f80 RCX: 00007fca7d004739 [ 326.164213][T27223] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000003 [ 326.172185][T27223] RBP: 00007fca7ad7c1d0 R08: 0000000000000000 R09: 0000000000000000 11:13:16 executing program 0: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f00000000c0)='./file1\x00', 0x7aca, 0x1, &(0x7f00000002c0)=[{&(0x7f0000000180)="040005090000000066617400040409000200027400f801", 0x17}], 0x0, &(0x7f0000000100)=ANY=[]) ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb704, &(0x7f0000000200)=0x0) r1 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setreuid(0x0, r2) lsetxattr$system_posix_acl(&(0x7f0000000080)='./file0\x00', &(0x7f00000001c0)='system.posix_acl_default\x00', &(0x7f0000000240)={{}, {0x1, 0x4}, [{0x2, 0x2, r0}, {0x2, 0x2, r2}, {0x2, 0x2}], {0x4, 0x2}, [], {0x10, 0x4}}, 0x3c, 0x1) chdir(&(0x7f0000000000)='./file1\x00') r3 = open(&(0x7f00000000c0)='./file0\x00', 0x40c2, 0x0) write(r3, &(0x7f0000001400)="bb8f9f640903127a53527c6fbfe65d43b0e0586f2d40c7e7df58cac83420e83662d6e39bb6d5430622431454eedeeaee423d8f210bc3525fa7927c18d5fbc91ab13c2041136047d8da9375934d00f325499bfe77", 0x54) setsockopt$inet6_MRT6_ADD_MFC_PROXY(r3, 0x29, 0xd2, &(0x7f0000000100)={{0xa, 0x4e22, 0x142, @private0={0xfc, 0x0, '\x00', 0x1}, 0x7}, {0xa, 0x4e23, 0xc083, @private2={0xfc, 0x2, '\x00', 0x1}, 0x1}, 0x9d, [0xa96, 0x63dd, 0x10000, 0x8, 0x7e4f67a1, 0x7, 0x9, 0x3]}, 0x5c) write$P9_RSTAT(r3, &(0x7f0000000300)={0xb2, 0x7d, 0x0, {0x0, 0xab, 0x0, 0x0, {}, 0x2200000, 0x0, 0x2007, 0x0, 0x5e, 'C\x0e{\xe7\x97\b\xb7\xe6D\xa1\x8a\xe0\xd4x\f\b\xab{.\xb1\x9c\xe9h\xff\xcdp\xf5\xd6\xd09\xeaA\xe7\xfe\xea\x8c\x06\xfd\x0f\xa2\x86b\xa2\x15\xfc_\xacZr\ve\xaa2Q\xdby\x97+y\xd9fI\xc4D\xbd\xf9\xf5w\x1c*\xf6\x9c\x90\xb1\xd7\x9d\xb0n\xab%\xa2iZ\x8bt\xbb\"\x1dI\x89\xce[\t\x15', 0x6, 'msdos\x00', 0xa, '/dev/vcsu\x00', 0xa, '\\j}/*/|,\x13('}}, 0xb2) 11:13:16 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000240)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) creat(&(0x7f0000000080)='./bus\x00', 0x0) syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[]) write$binfmt_script(0xffffffffffffffff, 0x0, 0x8800000) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0) ioctl$SG_IO(r1, 0x2285, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8914, 0x0) r2 = open(&(0x7f00000001c0)='./file0\x00', 0x4e141, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r2, r3, 0x0, 0x401ffc000) [ 326.180147][T27223] R10: 0000000401ffc000 R11: 0000000000000246 R12: 0000000000000002 [ 326.188105][T27223] R13: 00007ffff87c0eff R14: 00007fca7ad7c300 R15: 0000000000022000 11:13:16 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000240)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000040)=0x8) r2 = open(&(0x7f00000000c0)='./bus\x00', 0x14d842, 0x0) sendfile(r2, 0xffffffffffffffff, 0x0, 0x80000001) r3 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r3, &(0x7f0000000300)=ANY=[], 0x116) sendfile(r3, r3, &(0x7f0000000240), 0x7fff) r4 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) sendfile(r4, r4, &(0x7f0000000240), 0x7fff) [ 326.280382][T27236] loop0: detected capacity change from 0 to 61 [ 326.296163][T27238] loop4: detected capacity change from 0 to 262160 11:13:18 executing program 3: chdir(&(0x7f0000000000)='./file1\x00') r0 = open(&(0x7f00000000c0)='./file0\x00', 0x40c2, 0x0) write(r0, &(0x7f0000001400)="bb", 0x1001) r1 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r1, &(0x7f0000000300)=ANY=[], 0x116) sendfile(r1, r1, &(0x7f0000000240), 0x7fff) creat(&(0x7f0000000100)='./file1\x00', 0x1a2) sendfile(r1, r0, &(0x7f0000000080), 0x684aa014) write$binfmt_script(r0, 0x0, 0x60) ioctl$FS_IOC_GETFSMAP(0xffffffffffffffff, 0xc0c0583b, &(0x7f0000000300)=ANY=[@ANYBLOB="000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000300000001000000ff00000000000000d71f1e0500000000080000000000000039000000000000000000000000000000000000000000000000000000000000009e0f0000c70000000800000000000000000000000000000000000000000000000200"/320]) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() wait4(0x0, 0x0, 0x4000000a, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000002c0)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r2, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0, 0x34}, {&(0x7f0000000000)=""/3, 0x3}], 0x3, 0x0, 0x0, 0x0) tkill(r2, 0x3c) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x48, &(0x7f0000000300)="f43970da7cfeb6d42fd55103666c5762306aa6000000006e59b65f92b10000c571b846e84785185abde7d01894a79025a799ce07a8bdf0c91d32be313b558a8b5a3ae6a22cd7123b"}}], 0x1c) 11:13:18 executing program 2 (fault-call:5 fault-nth:21): getpid() syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = open(&(0x7f00000001c0)='./file0\x00', 0x4e141, 0x0) r1 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x401ffc000) 11:13:18 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000240)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) creat(&(0x7f0000000080)='./bus\x00', 0x0) chdir(&(0x7f0000000140)='./file0\x00') write$binfmt_script(0xffffffffffffffff, 0x0, 0x8800000) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0) ioctl$SG_IO(r1, 0x2285, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8914, 0x0) r2 = open(&(0x7f00000001c0)='./file0\x00', 0x4e141, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r2, r3, 0x0, 0x401ffc000) 11:13:18 executing program 0: r0 = syz_mount_image$msdos(&(0x7f0000000040), &(0x7f00000000c0)='./file1\x00', 0x7aca, 0x1, &(0x7f00000001c0)=[{&(0x7f0000000180)="040005090000000066617400040409000200027400f801", 0xfffffffffffffe1f}], 0x0, &(0x7f0000000100)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') r1 = open(&(0x7f00000000c0)='./file0\x00', 0x40c2, 0x0) write(r1, &(0x7f0000001400)="bb8f9f640903127a53527c6fbfe65d43b0e0586f2d40c7e7df58cac83420e83662d6e39bb6d5430622431454eedeeaee423d8f210bc3525fa7927c18d5fbc91ab13c2041136047d8da9375934d00f325499bfe77", 0x54) fcntl$F_SET_FILE_RW_HINT(r0, 0x40e, &(0x7f0000000080)=0x5) write$P9_RSTAT(r1, &(0x7f0000000100)={0x57, 0x7d, 0x0, {0x0, 0x50, 0x0, 0x0, {0x0, 0x1}, 0x10010000, 0x0, 0x6, 0x0, 0x3, '>@\xfb', 0x6, 'msdos\x00', 0xa, '/dev/vcsu\x00', 0xa, '\\\x83}/*/|,\x13('}}, 0x57) 11:13:18 executing program 5: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f00000000c0)='./file1\x00', 0x7aca, 0x1, &(0x7f00000002c0)=[{&(0x7f0000000180)="040005090000000066617400040409000200027400f801", 0x17}], 0x0, &(0x7f0000000080)=ANY=[]) r0 = open(&(0x7f00000000c0)='./file0\x00', 0x40c2, 0x0) write(r0, &(0x7f0000001400)="bb", 0x1001) r1 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r1, &(0x7f0000000300)=ANY=[], 0x116) sendfile(r1, r1, &(0x7f0000000240), 0x7fff) creat(&(0x7f0000000100)='./file1\x00', 0x1a2) sendfile(r1, r0, &(0x7f0000000080), 0x684aa014) write$binfmt_script(r0, 0x0, 0x60) ioctl$FS_IOC_GETFSMAP(0xffffffffffffffff, 0xc0c0583b, &(0x7f0000000300)=ANY=[@ANYBLOB="000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000300000001000000ff00000000000000d71f1e0500000000080000000000000039000000000000000000000000000000000000000000000000000000000000009e0f0000c70000000800000000000000000000000000000000000000000000000200"/320]) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) gettid() wait4(0x0, 0x0, 0x4000000a, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000002c0)="0f34", 0x2}], 0x1, 0x0) 11:13:18 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000240)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) creat(&(0x7f0000000080)='./bus\x00', 0x0) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x14d842, 0x0) sendfile(r1, 0xffffffffffffffff, 0x0, 0x80000001) r2 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r2, &(0x7f0000000300)=ANY=[], 0x116) sendfile(r2, r2, &(0x7f0000000240), 0x7fff) r3 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) sendfile(r3, r3, &(0x7f0000000240), 0x7fff) [ 328.431655][T27267] FAULT_INJECTION: forcing a failure. [ 328.431655][T27267] name failslab, interval 1, probability 0, space 0, times 0 [ 328.444401][T27267] CPU: 0 PID: 27267 Comm: syz-executor.2 Not tainted 5.15.0-rc1-syzkaller #0 [ 328.453256][T27267] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 328.463326][T27267] Call Trace: [ 328.466723][T27267] dump_stack_lvl+0xd6/0x122 [ 328.471326][T27267] dump_stack+0x11/0x1b [ 328.475582][T27267] should_fail+0x23c/0x250 [ 328.480133][T27267] __should_failslab+0x81/0x90 [ 328.484927][T27267] ? __iomap_dio_rw+0x139/0x1010 [ 328.489883][T27267] should_failslab+0x5/0x20 [ 328.494459][T27267] kmem_cache_alloc_trace+0x52/0x320 [ 328.499923][T27267] ? __getblk_gfp+0x3f/0x590 [ 328.504616][T27267] __iomap_dio_rw+0x139/0x1010 [ 328.509578][T27267] ? __brelse+0x2c/0x50 [ 328.513748][T27267] ? ext4_mark_iloc_dirty+0x161a/0x1700 [ 328.519321][T27267] iomap_dio_rw+0x30/0x70 [ 328.523852][T27267] ? ext4_file_write_iter+0x4a1/0x11f0 [ 328.529497][T27267] ext4_file_write_iter+0xabe/0x11f0 [ 328.535098][T27267] ? ext4_file_write_iter+0x4a1/0x11f0 [ 328.540595][T27267] do_iter_readv_writev+0x2de/0x380 [ 328.545962][T27267] do_iter_write+0x192/0x5c0 [ 328.550985][T27267] ? splice_from_pipe_next+0x34f/0x3b0 [ 328.556496][T27267] ? kmalloc_array+0x2d/0x40 [ 328.561105][T27267] vfs_iter_write+0x4c/0x70 [ 328.565689][T27267] iter_file_splice_write+0x43a/0x790 [ 328.571205][T27267] ? splice_from_pipe+0xd0/0xd0 [ 328.576057][T27267] direct_splice_actor+0x80/0xa0 [ 328.580994][T27267] splice_direct_to_actor+0x345/0x650 [ 328.586429][T27267] ? do_splice_direct+0x190/0x190 [ 328.591493][T27267] do_splice_direct+0x106/0x190 [ 328.596354][T27267] do_sendfile+0x63e/0xbb0 [ 328.600785][T27267] __x64_sys_sendfile64+0x102/0x140 [ 328.605999][T27267] do_syscall_64+0x44/0xa0 [ 328.610609][T27267] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 328.616721][T27267] RIP: 0033:0x7fca7d004739 [ 328.621150][T27267] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 328.641315][T27267] RSP: 002b:00007fca7ad7c188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 328.655255][T27267] RAX: ffffffffffffffda RBX: 00007fca7d108f80 RCX: 00007fca7d004739 [ 328.663324][T27267] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000003 [ 328.671303][T27267] RBP: 00007fca7ad7c1d0 R08: 0000000000000000 R09: 0000000000000000 11:13:18 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000240)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) creat(&(0x7f0000000080)='./bus\x00', 0x0) chdir(&(0x7f0000000140)='./file0\x00') write$binfmt_script(0xffffffffffffffff, 0x0, 0x8800000) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0) ioctl$SG_IO(r1, 0x2285, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8914, 0x0) r2 = open(&(0x7f00000001c0)='./file0\x00', 0x4e141, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r2, r3, 0x0, 0x401ffc000) 11:13:18 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000240)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) creat(&(0x7f0000000080)='./bus\x00', 0x0) chdir(&(0x7f0000000140)='./file0\x00') write$binfmt_script(0xffffffffffffffff, 0x0, 0x8800000) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0) ioctl$SG_IO(r1, 0x2285, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8914, 0x0) r2 = open(&(0x7f00000001c0)='./file0\x00', 0x4e141, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r2, r3, 0x0, 0x401ffc000) 11:13:18 executing program 3: chdir(&(0x7f0000000000)='./file1\x00') r0 = open(&(0x7f00000000c0)='./file0\x00', 0x40c2, 0x0) write(r0, &(0x7f0000001400)="bb", 0x1001) r1 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r1, &(0x7f0000000300)=ANY=[], 0x116) sendfile(r1, r1, &(0x7f0000000240), 0x7fff) creat(&(0x7f0000000100)='./file1\x00', 0x1a2) sendfile(r1, r0, &(0x7f0000000080), 0x684aa014) write$binfmt_script(r0, 0x0, 0x60) ioctl$FS_IOC_GETFSMAP(0xffffffffffffffff, 0xc0c0583b, &(0x7f0000000300)=ANY=[@ANYBLOB="000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000300000001000000ff00000000000000d71f1e0500000000080000000000000039000000000000000000000000000000000000000000000000000000000000009e0f0000c70000000800000000000000000000000000000000000000000000000200"/320]) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() wait4(0x0, 0x0, 0x4000000a, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000002c0)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r2, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0, 0x34}, {&(0x7f0000000000)=""/3, 0x3}], 0x3, 0x0, 0x0, 0x0) tkill(r2, 0x3c) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x48, &(0x7f0000000300)="f43970da7cfeb6d42fd55103666c5762306aa6000000006e59b65f92b10000c571b846e84785185abde7d01894a79025a799ce07a8bdf0c91d32be313b558a8b5a3ae6a22cd7123b"}}], 0x1c) [ 328.679781][T27267] R10: 0000000401ffc000 R11: 0000000000000246 R12: 0000000000000002 [ 328.688230][T27267] R13: 00007ffff87c0eff R14: 00007fca7ad7c300 R15: 0000000000022000 [ 328.719212][T27268] loop0: detected capacity change from 0 to 32760 11:13:18 executing program 2 (fault-call:5 fault-nth:22): getpid() syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = open(&(0x7f00000001c0)='./file0\x00', 0x4e141, 0x0) r1 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x401ffc000) 11:13:18 executing program 5: chdir(&(0x7f0000000000)='./file1\x00') r0 = open(&(0x7f00000000c0)='./file0\x00', 0x40c2, 0x0) write(r0, &(0x7f0000001400)="bb", 0x1001) r1 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r1, &(0x7f0000000300)=ANY=[], 0x116) sendfile(r1, r1, &(0x7f0000000240), 0x7fff) creat(&(0x7f0000000100)='./file1\x00', 0x1a2) sendfile(r1, r0, &(0x7f0000000080), 0x684aa014) write$binfmt_script(r0, 0x0, 0x60) ioctl$FS_IOC_GETFSMAP(0xffffffffffffffff, 0xc0c0583b, &(0x7f0000000300)=ANY=[@ANYBLOB="000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000300000001000000ff00000000000000d71f1e0500000000080000000000000039000000000000000000000000000000000000000000000000000000000000009e0f0000c70000000800000000000000000000000000000000000000000000000200"/320]) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) gettid() wait4(0x0, 0x0, 0x4000000a, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000002c0)="0f34", 0x2}], 0x1, 0x0) [ 328.747970][T27268] FAT-fs (loop0): Unrecognized mount option "W" or missing value [ 328.790316][T27300] FAULT_INJECTION: forcing a failure. [ 328.790316][T27300] name failslab, interval 1, probability 0, space 0, times 0 [ 328.803328][T27300] CPU: 0 PID: 27300 Comm: syz-executor.2 Not tainted 5.15.0-rc1-syzkaller #0 [ 328.812202][T27300] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 328.822245][T27300] Call Trace: [ 328.825536][T27300] dump_stack_lvl+0xd6/0x122 [ 328.830133][T27300] dump_stack+0x11/0x1b [ 328.834365][T27300] should_fail+0x23c/0x250 [ 328.838842][T27300] ? kcalloc+0x32/0x50 [ 328.842959][T27300] __should_failslab+0x81/0x90 [ 328.847734][T27300] should_failslab+0x5/0x20 [ 328.852268][T27300] __kmalloc+0x6f/0x350 [ 328.856676][T27300] kcalloc+0x32/0x50 [ 328.860631][T27300] ext4_find_extent+0x21c/0x7f0 [ 328.866392][T27300] ext4_ext_map_blocks+0x115/0x1ff0 [ 328.871862][T27300] ? ext4_es_lookup_extent+0x36b/0x490 [ 328.877460][T27300] ext4_map_blocks+0x71e/0xf00 [ 328.882391][T27300] ext4_iomap_begin+0x4b0/0x630 [ 328.887438][T27300] ? ext4_alloc_da_blocks+0xd0/0xd0 [ 328.892651][T27300] iomap_iter+0x39c/0x470 [ 328.897120][T27300] __iomap_dio_rw+0x698/0x1010 [ 328.901930][T27300] iomap_dio_rw+0x30/0x70 [ 328.906278][T27300] ? ext4_file_write_iter+0x4a1/0x11f0 [ 328.911747][T27300] ext4_file_write_iter+0xabe/0x11f0 [ 328.917042][T27300] ? ext4_file_write_iter+0x4a1/0x11f0 [ 328.922505][T27300] do_iter_readv_writev+0x2de/0x380 [ 328.927802][T27300] do_iter_write+0x192/0x5c0 [ 328.932462][T27300] ? kcsan_setup_watchpoint+0x94/0x3f0 [ 328.938269][T27300] vfs_iter_write+0x4c/0x70 [ 328.942769][T27300] iter_file_splice_write+0x43a/0x790 [ 328.948129][T27300] ? splice_from_pipe+0xd0/0xd0 [ 328.952969][T27300] direct_splice_actor+0x80/0xa0 [ 328.957916][T27300] splice_direct_to_actor+0x345/0x650 [ 328.963312][T27300] ? do_splice_direct+0x190/0x190 [ 328.968349][T27300] do_splice_direct+0x106/0x190 [ 328.973186][T27300] do_sendfile+0x63e/0xbb0 [ 328.978083][T27300] __x64_sys_sendfile64+0x102/0x140 [ 328.983271][T27300] do_syscall_64+0x44/0xa0 [ 328.987707][T27300] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 328.993596][T27300] RIP: 0033:0x7fca7d004739 [ 328.998084][T27300] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 329.017960][T27300] RSP: 002b:00007fca7ad7c188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 329.026382][T27300] RAX: ffffffffffffffda RBX: 00007fca7d108f80 RCX: 00007fca7d004739 11:13:19 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000240)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') write$binfmt_script(0xffffffffffffffff, 0x0, 0x8800000) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0) ioctl$SG_IO(r1, 0x2285, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8914, 0x0) r2 = open(&(0x7f00000001c0)='./file0\x00', 0x4e141, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r2, r3, 0x0, 0x401ffc000) [ 329.034429][T27300] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000003 [ 329.042660][T27300] RBP: 00007fca7ad7c1d0 R08: 0000000000000000 R09: 0000000000000000 [ 329.050633][T27300] R10: 0000000401ffc000 R11: 0000000000000246 R12: 0000000000000002 [ 329.058681][T27300] R13: 00007ffff87c0eff R14: 00007fca7ad7c300 R15: 0000000000022000 11:13:19 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000240)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) creat(&(0x7f0000000080)='./bus\x00', 0x0) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x14d842, 0x0) sendfile(r1, 0xffffffffffffffff, 0x0, 0x80000001) r2 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r2, &(0x7f0000000300)=ANY=[], 0x116) sendfile(r2, r2, &(0x7f0000000240), 0x7fff) r3 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) sendfile(r3, r3, &(0x7f0000000240), 0x7fff) [ 329.094212][T27312] loop4: detected capacity change from 0 to 262160 11:13:19 executing program 2 (fault-call:5 fault-nth:23): getpid() syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = open(&(0x7f00000001c0)='./file0\x00', 0x4e141, 0x0) r1 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x401ffc000) 11:13:19 executing program 5: chdir(&(0x7f0000000000)='./file1\x00') r0 = open(&(0x7f00000000c0)='./file0\x00', 0x40c2, 0x0) write(r0, &(0x7f0000001400)="bb", 0x1001) r1 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r1, &(0x7f0000000300)=ANY=[], 0x116) sendfile(r1, r1, &(0x7f0000000240), 0x7fff) creat(&(0x7f0000000100)='./file1\x00', 0x1a2) sendfile(r1, r0, &(0x7f0000000080), 0x684aa014) write$binfmt_script(r0, 0x0, 0x60) ioctl$FS_IOC_GETFSMAP(0xffffffffffffffff, 0xc0c0583b, &(0x7f0000000300)=ANY=[@ANYBLOB="000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000300000001000000ff00000000000000d71f1e0500000000080000000000000039000000000000000000000000000000000000000000000000000000000000009e0f0000c70000000800000000000000000000000000000000000000000000000200"/320]) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) gettid() wait4(0x0, 0x0, 0x4000000a, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000002c0)="0f34", 0x2}], 0x1, 0x0) [ 329.241724][T27326] FAULT_INJECTION: forcing a failure. [ 329.241724][T27326] name failslab, interval 1, probability 0, space 0, times 0 [ 329.254474][T27326] CPU: 1 PID: 27326 Comm: syz-executor.2 Not tainted 5.15.0-rc1-syzkaller #0 [ 329.263334][T27326] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 329.273392][T27326] Call Trace: [ 329.276697][T27326] dump_stack_lvl+0xd6/0x122 [ 329.281398][T27326] dump_stack+0x11/0x1b [ 329.285648][T27326] should_fail+0x23c/0x250 [ 329.290078][T27326] ? ext4_mb_new_blocks+0x317/0x1fc0 [ 329.295372][T27326] __should_failslab+0x81/0x90 [ 329.300378][T27326] should_failslab+0x5/0x20 [ 329.304958][T27326] kmem_cache_alloc+0x4f/0x300 [ 329.309732][T27326] ext4_mb_new_blocks+0x317/0x1fc0 [ 329.314851][T27326] ? ext4_find_extent+0x7b2/0x7f0 [ 329.319893][T27326] ? ext4_ext_search_right+0x246/0x540 [ 329.325421][T27326] ext4_ext_map_blocks+0x15ed/0x1ff0 [ 329.330719][T27326] ? ext4_es_lookup_extent+0x36b/0x490 [ 329.336208][T27326] ext4_map_blocks+0x71e/0xf00 [ 329.341093][T27326] ext4_iomap_begin+0x4b0/0x630 [ 329.345969][T27326] ? ext4_alloc_da_blocks+0xd0/0xd0 [ 329.351182][T27326] iomap_iter+0x39c/0x470 [ 329.355520][T27326] __iomap_dio_rw+0x698/0x1010 [ 329.360321][T27326] iomap_dio_rw+0x30/0x70 [ 329.364665][T27326] ? ext4_file_write_iter+0x4a1/0x11f0 [ 329.370200][T27326] ext4_file_write_iter+0xabe/0x11f0 [ 329.375486][T27326] ? ext4_file_write_iter+0x4a1/0x11f0 [ 329.380987][T27326] do_iter_readv_writev+0x2de/0x380 [ 329.386196][T27326] do_iter_write+0x192/0x5c0 11:13:19 executing program 0: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f00000000c0)='./file1\x00', 0x7aca, 0x1, &(0x7f00000002c0)=[{&(0x7f0000000180)="040005090000000066617400040409000200027400f801", 0x17}], 0x0, &(0x7f0000000100)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') r0 = open(&(0x7f00000000c0)='./file0\x00', 0x40c2, 0x0) write(r0, &(0x7f0000001400)="bb8f9f640903127a53527c6fbfe65d43b0e0586f2d40c7e7df5acac83420e83662d6e39bb6d5430622431454eedeeaee423d8f210bc3525fa7927c18d5fbc91ab13c2041136047d8da9375934d00f325499bfe77", 0x54) write$P9_RSTAT(r0, &(0x7f0000000240)=ANY=[@ANYBLOB="54000000000000000000420e0400000027ef0000000000000000004000000000000000000000000006006d73646f7300f306000000765229c72f8cf8418f2f766373752f2a2f7c2e00"/84], 0x54) r1 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r1, &(0x7f0000000300)=ANY=[], 0x116) sendfile(r1, r1, &(0x7f0000000240), 0x7fff) r2 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000140)='/sys/kernel/config', 0x84000, 0x80) sendto$unix(r2, &(0x7f0000000300)="239f59673d23a3711aa7a75f29c3a2a8e3db551b13c3890229b7f547aff4e6d07f4132c76e09b0b565b2ebe68036769b2aaef43b5080e124423b0550bf1a6b751dbd22708dbeb61e800510190c5b17315349cf974176f3aa26d2479487fce61941d4e73e5784e16ecfc6b22b32cd35520fde2226561048d5f369b21a3c11c772c0df15266f13e0b4a68a36b9b35996be13b3", 0x92, 0x8000, 0x0, 0x0) ioctl$BTRFS_IOC_SUBVOL_GETFLAGS(r1, 0x80089419, &(0x7f0000000080)) creat(&(0x7f0000000100)='./file1\x00', 0x1) 11:13:19 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000240)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') write$binfmt_script(0xffffffffffffffff, 0x0, 0x8800000) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0) ioctl$SG_IO(r1, 0x2285, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8914, 0x0) r2 = open(&(0x7f00000001c0)='./file0\x00', 0x4e141, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r2, r3, 0x0, 0x401ffc000) [ 329.390859][T27326] ? splice_from_pipe_next+0x34f/0x3b0 [ 329.396368][T27326] ? kmalloc_array+0x2d/0x40 [ 329.400950][T27326] vfs_iter_write+0x4c/0x70 [ 329.405492][T27326] iter_file_splice_write+0x43a/0x790 [ 329.410873][T27326] ? splice_from_pipe+0xd0/0xd0 [ 329.415868][T27326] direct_splice_actor+0x80/0xa0 [ 329.420883][T27326] splice_direct_to_actor+0x345/0x650 [ 329.426312][T27326] ? do_splice_direct+0x190/0x190 [ 329.431352][T27326] do_splice_direct+0x106/0x190 [ 329.436216][T27326] do_sendfile+0x63e/0xbb0 [ 329.440689][T27326] __x64_sys_sendfile64+0x102/0x140 [ 329.446009][T27326] do_syscall_64+0x44/0xa0 [ 329.450501][T27326] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 329.450541][T27338] loop0: detected capacity change from 0 to 61 [ 329.462682][T27326] RIP: 0033:0x7fca7d004739 [ 329.467160][T27326] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 11:13:19 executing program 5: chdir(&(0x7f0000000000)='./file1\x00') r0 = open(&(0x7f00000000c0)='./file0\x00', 0x40c2, 0x0) write(r0, &(0x7f0000001400)="bb", 0x1001) r1 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r1, &(0x7f0000000300)=ANY=[], 0x116) sendfile(r1, r1, &(0x7f0000000240), 0x7fff) creat(&(0x7f0000000100)='./file1\x00', 0x1a2) sendfile(r1, r0, &(0x7f0000000080), 0x684aa014) write$binfmt_script(r0, 0x0, 0x60) ioctl$FS_IOC_GETFSMAP(0xffffffffffffffff, 0xc0c0583b, &(0x7f0000000300)=ANY=[@ANYBLOB="000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000300000001000000ff00000000000000d71f1e0500000000080000000000000039000000000000000000000000000000000000000000000000000000000000009e0f0000c70000000800000000000000000000000000000000000000000000000200"/320]) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) gettid() wait4(0x0, 0x0, 0x4000000a, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000002c0)="0f34", 0x2}], 0x1, 0x0) [ 329.486904][T27326] RSP: 002b:00007fca7ad7c188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 329.495573][T27326] RAX: ffffffffffffffda RBX: 00007fca7d108f80 RCX: 00007fca7d004739 [ 329.503708][T27326] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000003 [ 329.511854][T27326] RBP: 00007fca7ad7c1d0 R08: 0000000000000000 R09: 0000000000000000 [ 329.519818][T27326] R10: 0000000401ffc000 R11: 0000000000000246 R12: 0000000000000002 [ 329.527777][T27326] R13: 00007ffff87c0eff R14: 00007fca7ad7c300 R15: 0000000000022000 11:13:19 executing program 2 (fault-call:5 fault-nth:24): getpid() syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = open(&(0x7f00000001c0)='./file0\x00', 0x4e141, 0x0) r1 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x401ffc000) [ 329.628862][T27354] loop4: detected capacity change from 0 to 262160 [ 329.637027][T27353] FAULT_INJECTION: forcing a failure. [ 329.637027][T27353] name failslab, interval 1, probability 0, space 0, times 0 [ 329.649776][T27353] CPU: 0 PID: 27353 Comm: syz-executor.2 Not tainted 5.15.0-rc1-syzkaller #0 [ 329.658797][T27353] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 329.668856][T27353] Call Trace: [ 329.672188][T27353] dump_stack_lvl+0xd6/0x122 [ 329.677226][T27353] dump_stack+0x11/0x1b [ 329.681397][T27353] should_fail+0x23c/0x250 [ 329.685827][T27353] ? ext4_mb_new_blocks+0x73f/0x1fc0 [ 329.691211][T27353] __should_failslab+0x81/0x90 [ 329.696088][T27353] should_failslab+0x5/0x20 [ 329.700693][T27353] kmem_cache_alloc+0x4f/0x300 [ 329.705469][T27353] ext4_mb_new_blocks+0x73f/0x1fc0 [ 329.710600][T27353] ? ext4_find_extent+0x7b2/0x7f0 [ 329.715647][T27353] ? ext4_ext_search_right+0x246/0x540 [ 329.721106][T27353] ext4_ext_map_blocks+0x15ed/0x1ff0 [ 329.726401][T27353] ? ext4_es_lookup_extent+0x36b/0x490 [ 329.732010][T27353] ext4_map_blocks+0x71e/0xf00 [ 329.736790][T27353] ext4_iomap_begin+0x4b0/0x630 [ 329.741655][T27353] ? ext4_alloc_da_blocks+0xd0/0xd0 [ 329.746868][T27353] iomap_iter+0x39c/0x470 [ 329.751217][T27353] __iomap_dio_rw+0x698/0x1010 [ 329.756093][T27353] iomap_dio_rw+0x30/0x70 [ 329.760436][T27353] ? ext4_file_write_iter+0x4a1/0x11f0 [ 329.765925][T27353] ext4_file_write_iter+0xabe/0x11f0 [ 329.771496][T27353] ? ext4_file_write_iter+0x4a1/0x11f0 [ 329.776969][T27353] do_iter_readv_writev+0x2de/0x380 [ 329.782278][T27353] do_iter_write+0x192/0x5c0 [ 329.786897][T27353] ? splice_from_pipe_next+0x34f/0x3b0 [ 329.792645][T27353] ? kmalloc_array+0x2d/0x40 [ 329.797250][T27353] vfs_iter_write+0x4c/0x70 [ 329.801758][T27353] iter_file_splice_write+0x43a/0x790 [ 329.807207][T27353] ? splice_from_pipe+0xd0/0xd0 [ 329.812077][T27353] direct_splice_actor+0x80/0xa0 [ 329.817031][T27353] splice_direct_to_actor+0x345/0x650 [ 329.822515][T27353] ? do_splice_direct+0x190/0x190 11:13:19 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000240)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) creat(&(0x7f0000000080)='./bus\x00', 0x0) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x14d842, 0x0) sendfile(r1, 0xffffffffffffffff, 0x0, 0x80000001) r2 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r2, &(0x7f0000000300)=ANY=[], 0x116) sendfile(r2, r2, &(0x7f0000000240), 0x7fff) r3 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) sendfile(r3, r3, &(0x7f0000000240), 0x7fff) [ 329.827584][T27353] do_splice_direct+0x106/0x190 [ 329.832432][T27353] do_sendfile+0x63e/0xbb0 [ 329.837335][T27353] __x64_sys_sendfile64+0x102/0x140 [ 329.842547][T27353] do_syscall_64+0x44/0xa0 [ 329.847007][T27353] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 329.853092][T27353] RIP: 0033:0x7fca7d004739 [ 329.857508][T27353] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 329.877582][T27353] RSP: 002b:00007fca7ad7c188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 329.886236][T27353] RAX: ffffffffffffffda RBX: 00007fca7d108f80 RCX: 00007fca7d004739 [ 329.894226][T27353] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000003 [ 329.902303][T27353] RBP: 00007fca7ad7c1d0 R08: 0000000000000000 R09: 0000000000000000 [ 329.910359][T27353] R10: 0000000401ffc000 R11: 0000000000000246 R12: 0000000000000002 [ 329.919008][T27353] R13: 00007ffff87c0eff R14: 00007fca7ad7c300 R15: 0000000000022000 11:13:21 executing program 5: syz_mount_image$msdos(0x0, &(0x7f00000000c0)='./file1\x00', 0x7aca, 0x1, &(0x7f00000002c0)=[{&(0x7f0000000180)="040005090000000066617400040409000200027400f801", 0x17}], 0x0, &(0x7f0000000080)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') r0 = open(&(0x7f00000000c0)='./file0\x00', 0x40c2, 0x0) write(r0, &(0x7f0000001400)="bb", 0x1001) r1 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r1, &(0x7f0000000300)=ANY=[], 0x116) sendfile(r1, r1, &(0x7f0000000240), 0x7fff) creat(&(0x7f0000000100)='./file1\x00', 0x1a2) sendfile(r1, r0, &(0x7f0000000080), 0x684aa014) write$binfmt_script(r0, 0x0, 0x60) ioctl$FS_IOC_GETFSMAP(0xffffffffffffffff, 0xc0c0583b, &(0x7f0000000300)=ANY=[@ANYBLOB="000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000300000001000000ff00000000000000d71f1e0500000000080000000000000039000000000000000000000000000000000000000000000000000000000000009e0f0000c70000000800000000000000000000000000000000000000000000000200"/320]) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) gettid() wait4(0x0, 0x0, 0x4000000a, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000002c0)="0f34", 0x2}], 0x1, 0x0) 11:13:21 executing program 0: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f00000000c0)='./file1\x00', 0x7aca, 0x1, &(0x7f00000002c0)=[{&(0x7f0000000180)="040005090000000066617400040409000200027400f801", 0x17}], 0x0, &(0x7f0000000100)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') r0 = creat(&(0x7f0000000080)='./file1\x00', 0x13) r1 = open(&(0x7f00000000c0)='./file0\x00', 0x40c2, 0x0) write(r1, &(0x7f0000001400)="bb8f9f640903127a53527c6fbfe65d43b0e0586f2d40c7e7df58cac83420e83662d6e39bb6d5430622431454eedeeaee423d8f210bc3525fa7927c18d5fbc91ab13c2041136047d8da9375934d00f325499bfe77", 0x54) sendfile(r1, r0, 0x0, 0x0) write$P9_RSTAT(r1, &(0x7f0000000240)={0x54, 0x7d, 0x0, {0x0, 0x4d, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0, 0x0, '', 0x6, 'msdos\x00', 0xa, '/dev/vcsu\x00', 0xa, '\\j}/*/|,\x13('}}, 0x54) 11:13:21 executing program 2 (fault-call:5 fault-nth:25): getpid() syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = open(&(0x7f00000001c0)='./file0\x00', 0x4e141, 0x0) r1 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x401ffc000) 11:13:21 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getpid() syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') write$binfmt_script(0xffffffffffffffff, 0x0, 0x8800000) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0) ioctl$SG_IO(r0, 0x2285, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8914, 0x0) r1 = open(&(0x7f00000001c0)='./file0\x00', 0x4e141, 0x0) r2 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x401ffc000) 11:13:21 executing program 3: syz_mount_image$msdos(0x0, &(0x7f00000000c0)='./file1\x00', 0x7aca, 0x1, &(0x7f00000002c0)=[{&(0x7f0000000180)="040005090000000066617400040409000200027400f801", 0x17}], 0x0, &(0x7f0000000080)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') r0 = open(&(0x7f00000000c0)='./file0\x00', 0x40c2, 0x0) write(r0, &(0x7f0000001400)="bb", 0x1001) r1 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r1, &(0x7f0000000300)=ANY=[], 0x116) sendfile(r1, r1, &(0x7f0000000240), 0x7fff) creat(&(0x7f0000000100)='./file1\x00', 0x1a2) sendfile(r1, r0, &(0x7f0000000080), 0x684aa014) write$binfmt_script(r0, 0x0, 0x60) ioctl$FS_IOC_GETFSMAP(0xffffffffffffffff, 0xc0c0583b, &(0x7f0000000300)=ANY=[@ANYBLOB="000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000300000001000000ff00000000000000d71f1e0500000000080000000000000039000000000000000000000000000000000000000000000000000000000000009e0f0000c70000000800000000000000000000000000000000000000000000000200"/320]) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() wait4(0x0, 0x0, 0x4000000a, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000002c0)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r2, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0, 0x34}, {&(0x7f0000000000)=""/3, 0x3}], 0x3, 0x0, 0x0, 0x0) tkill(r2, 0x3c) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x48, &(0x7f0000000300)="f43970da7cfeb6d42fd55103666c5762306aa6000000006e59b65f92b10000c571b846e84785185abde7d01894a79025a799ce07a8bdf0c91d32be313b558a8b5a3ae6a22cd7123b"}}], 0x1c) 11:13:21 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000240)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x14d842, 0x0) sendfile(r1, 0xffffffffffffffff, 0x0, 0x80000001) r2 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r2, &(0x7f0000000300)=ANY=[], 0x116) sendfile(r2, r2, &(0x7f0000000240), 0x7fff) r3 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) sendfile(r3, r3, &(0x7f0000000240), 0x7fff) [ 331.759054][T27384] loop4: detected capacity change from 0 to 262160 [ 331.762415][T27388] loop0: detected capacity change from 0 to 61 [ 331.774065][T27386] FAULT_INJECTION: forcing a failure. [ 331.774065][T27386] name failslab, interval 1, probability 0, space 0, times 0 [ 331.787079][T27386] CPU: 0 PID: 27386 Comm: syz-executor.2 Not tainted 5.15.0-rc1-syzkaller #0 [ 331.796889][T27386] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 331.807039][T27386] Call Trace: [ 331.810327][T27386] dump_stack_lvl+0xd6/0x122 [ 331.814933][T27386] dump_stack+0x11/0x1b [ 331.819093][T27386] should_fail+0x23c/0x250 [ 331.823515][T27386] ? mempool_alloc_slab+0x16/0x20 [ 331.828529][T27386] __should_failslab+0x81/0x90 [ 331.833318][T27386] should_failslab+0x5/0x20 [ 331.837886][T27386] kmem_cache_alloc+0x4f/0x300 [ 331.842715][T27386] mempool_alloc_slab+0x16/0x20 [ 331.847557][T27386] ? mempool_free+0x130/0x130 [ 331.852251][T27386] mempool_alloc+0x9d/0x310 [ 331.856759][T27386] bio_alloc_bioset+0xcc/0x530 [ 331.861653][T27386] ? iov_iter_alignment+0x34b/0x370 [ 331.866859][T27386] iomap_dio_bio_iter+0x5e1/0xc00 [ 331.871883][T27386] __iomap_dio_rw+0x8d8/0x1010 [ 331.876962][T27386] iomap_dio_rw+0x30/0x70 [ 331.881549][T27386] ? ext4_file_write_iter+0x4a1/0x11f0 [ 331.887007][T27386] ext4_file_write_iter+0xabe/0x11f0 [ 331.892282][T27386] ? ext4_file_write_iter+0x4a1/0x11f0 [ 331.897752][T27386] do_iter_readv_writev+0x2de/0x380 [ 331.902953][T27386] do_iter_write+0x192/0x5c0 [ 331.907618][T27386] ? splice_from_pipe_next+0x34f/0x3b0 [ 331.913067][T27386] ? kmalloc_array+0x2d/0x40 [ 331.917642][T27386] vfs_iter_write+0x4c/0x70 [ 331.922141][T27386] iter_file_splice_write+0x43a/0x790 [ 331.927502][T27386] ? splice_from_pipe+0xd0/0xd0 [ 331.932342][T27386] direct_splice_actor+0x80/0xa0 [ 331.937371][T27386] splice_direct_to_actor+0x345/0x650 [ 331.942749][T27386] ? do_splice_direct+0x190/0x190 [ 331.947922][T27386] do_splice_direct+0x106/0x190 [ 331.952772][T27386] do_sendfile+0x63e/0xbb0 [ 331.957393][T27386] __x64_sys_sendfile64+0x102/0x140 [ 331.962586][T27386] do_syscall_64+0x44/0xa0 [ 331.967000][T27386] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 331.972975][T27386] RIP: 0033:0x7fca7d004739 [ 331.977380][T27386] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 331.996978][T27386] RSP: 002b:00007fca7ad7c188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 332.005395][T27386] RAX: ffffffffffffffda RBX: 00007fca7d108f80 RCX: 00007fca7d004739 [ 332.013357][T27386] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000003 [ 332.021316][T27386] RBP: 00007fca7ad7c1d0 R08: 0000000000000000 R09: 0000000000000000 [ 332.029396][T27386] R10: 0000000401ffc000 R11: 0000000000000246 R12: 0000000000000002 [ 332.037354][T27386] R13: 00007ffff87c0eff R14: 00007fca7ad7c300 R15: 0000000000022000 11:13:22 executing program 2 (fault-call:5 fault-nth:26): getpid() syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = open(&(0x7f00000001c0)='./file0\x00', 0x4e141, 0x0) r1 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x401ffc000) [ 332.191022][T27408] FAULT_INJECTION: forcing a failure. [ 332.191022][T27408] name failslab, interval 1, probability 0, space 0, times 0 [ 332.203800][T27408] CPU: 0 PID: 27408 Comm: syz-executor.2 Not tainted 5.15.0-rc1-syzkaller #0 [ 332.212601][T27408] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 332.222693][T27408] Call Trace: [ 332.225980][T27408] dump_stack_lvl+0xd6/0x122 [ 332.230762][T27408] dump_stack+0x11/0x1b [ 332.235037][T27408] should_fail+0x23c/0x250 [ 332.240009][T27408] ? mempool_alloc_slab+0x16/0x20 [ 332.245118][T27408] __should_failslab+0x81/0x90 [ 332.249900][T27408] should_failslab+0x5/0x20 [ 332.254458][T27408] kmem_cache_alloc+0x4f/0x300 [ 332.259331][T27408] mempool_alloc_slab+0x16/0x20 [ 332.264255][T27408] ? mempool_free+0x130/0x130 [ 332.268945][T27408] mempool_alloc+0x9d/0x310 [ 332.273509][T27408] sg_pool_alloc+0x74/0x90 [ 332.278049][T27408] __sg_alloc_table+0xce/0x290 [ 332.282869][T27408] sg_alloc_table_chained+0xaf/0x140 [ 332.288194][T27408] ? sg_alloc_table_chained+0x140/0x140 [ 332.294332][T27408] scsi_alloc_sgtables+0x184/0x510 [ 332.299462][T27408] sd_init_command+0x952/0x1610 [ 332.304427][T27408] scsi_queue_rq+0x10cd/0x15a0 [ 332.309209][T27408] blk_mq_dispatch_rq_list+0x63b/0x1080 [ 332.314787][T27408] blk_mq_do_dispatch_sched+0x3b5/0x640 [ 332.320357][T27408] __blk_mq_sched_dispatch_requests+0x1eb/0x290 [ 332.326923][T27408] ? rb_insert_color+0x2fa/0x310 [ 332.331868][T27408] blk_mq_sched_dispatch_requests+0x9f/0x110 11:13:22 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getpid() syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') write$binfmt_script(0xffffffffffffffff, 0x0, 0x8800000) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0) ioctl$SG_IO(r0, 0x2285, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8914, 0x0) r1 = open(&(0x7f00000001c0)='./file0\x00', 0x4e141, 0x0) r2 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x401ffc000) 11:13:22 executing program 5: syz_mount_image$msdos(0x0, &(0x7f00000000c0)='./file1\x00', 0x7aca, 0x1, &(0x7f00000002c0)=[{&(0x7f0000000180)="040005090000000066617400040409000200027400f801", 0x17}], 0x0, &(0x7f0000000080)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') r0 = open(&(0x7f00000000c0)='./file0\x00', 0x40c2, 0x0) write(r0, &(0x7f0000001400)="bb", 0x1001) r1 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r1, &(0x7f0000000300)=ANY=[], 0x116) sendfile(r1, r1, &(0x7f0000000240), 0x7fff) creat(&(0x7f0000000100)='./file1\x00', 0x1a2) sendfile(r1, r0, &(0x7f0000000080), 0x684aa014) write$binfmt_script(r0, 0x0, 0x60) ioctl$FS_IOC_GETFSMAP(0xffffffffffffffff, 0xc0c0583b, &(0x7f0000000300)=ANY=[@ANYBLOB="000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000300000001000000ff00000000000000d71f1e0500000000080000000000000039000000000000000000000000000000000000000000000000000000000000009e0f0000c70000000800000000000000000000000000000000000000000000000200"/320]) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) gettid() wait4(0x0, 0x0, 0x4000000a, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000002c0)="0f34", 0x2}], 0x1, 0x0) [ 332.337947][T27408] __blk_mq_run_hw_queue+0xbc/0x140 [ 332.343160][T27408] __blk_mq_delay_run_hw_queue+0x163/0x2f0 [ 332.348999][T27408] blk_mq_run_hw_queue+0x22c/0x250 [ 332.354154][T27408] blk_mq_sched_insert_requests+0x12b/0x1f0 [ 332.360071][T27408] blk_mq_flush_plug_list+0x302/0x3d0 [ 332.365558][T27408] blk_flush_plug_list+0x235/0x260 [ 332.370775][T27408] blk_finish_plug+0x44/0x60 [ 332.375473][T27408] __iomap_dio_rw+0xca7/0x1010 [ 332.380289][T27408] iomap_dio_rw+0x30/0x70 [ 332.384652][T27408] ? ext4_file_write_iter+0x4a1/0x11f0 [ 332.390312][T27408] ext4_file_write_iter+0xabe/0x11f0 [ 332.395610][T27408] ? ext4_file_write_iter+0x4a1/0x11f0 [ 332.401108][T27408] do_iter_readv_writev+0x2de/0x380 [ 332.406560][T27408] do_iter_write+0x192/0x5c0 [ 332.411177][T27408] ? splice_from_pipe_next+0x34f/0x3b0 [ 332.416654][T27408] ? kmalloc_array+0x2d/0x40 [ 332.421259][T27408] vfs_iter_write+0x4c/0x70 [ 332.425880][T27408] iter_file_splice_write+0x43a/0x790 [ 332.431274][T27408] ? splice_from_pipe+0xd0/0xd0 [ 332.436139][T27408] direct_splice_actor+0x80/0xa0 [ 332.441226][T27408] splice_direct_to_actor+0x345/0x650 [ 332.447045][T27408] ? do_splice_direct+0x190/0x190 [ 332.452193][T27408] do_splice_direct+0x106/0x190 [ 332.457106][T27408] do_sendfile+0x63e/0xbb0 [ 332.461567][T27408] __x64_sys_sendfile64+0x102/0x140 [ 332.466893][T27408] do_syscall_64+0x44/0xa0 [ 332.471351][T27408] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 332.477271][T27408] RIP: 0033:0x7fca7d004739 [ 332.481696][T27408] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 332.501583][T27408] RSP: 002b:00007fca7ad7c188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 332.510292][T27408] RAX: ffffffffffffffda RBX: 00007fca7d108f80 RCX: 00007fca7d004739 [ 332.518285][T27408] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000003 [ 332.526288][T27408] RBP: 00007fca7ad7c1d0 R08: 0000000000000000 R09: 0000000000000000 [ 332.534317][T27408] R10: 0000000401ffc000 R11: 0000000000000246 R12: 0000000000000002 11:13:22 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getpid() r0 = open(&(0x7f00000000c0)='./bus\x00', 0x14d842, 0x0) sendfile(r0, 0xffffffffffffffff, 0x0, 0x80000001) r1 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r1, &(0x7f0000000300)=ANY=[], 0x116) sendfile(r1, r1, &(0x7f0000000240), 0x7fff) r2 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) sendfile(r2, r2, &(0x7f0000000240), 0x7fff) [ 332.542298][T27408] R13: 00007ffff87c0eff R14: 00007fca7ad7c300 R15: 0000000000022000 11:13:22 executing program 2 (fault-call:5 fault-nth:27): getpid() syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = open(&(0x7f00000001c0)='./file0\x00', 0x4e141, 0x0) r1 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x401ffc000) [ 332.607713][T27427] loop4: detected capacity change from 0 to 262160 [ 332.718972][T27433] FAULT_INJECTION: forcing a failure. [ 332.718972][T27433] name failslab, interval 1, probability 0, space 0, times 0 [ 332.731922][T27433] CPU: 0 PID: 27433 Comm: syz-executor.2 Not tainted 5.15.0-rc1-syzkaller #0 [ 332.740801][T27433] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 332.751121][T27433] Call Trace: [ 332.754404][T27433] dump_stack_lvl+0xd6/0x122 [ 332.759099][T27433] dump_stack+0x11/0x1b [ 332.763309][T27433] should_fail+0x23c/0x250 [ 332.767753][T27433] ? kmalloc_array+0x2d/0x40 [ 332.772554][T27433] __should_failslab+0x81/0x90 [ 332.777332][T27433] should_failslab+0x5/0x20 [ 332.781925][T27433] __kmalloc+0x6f/0x350 [ 332.786530][T27433] kmalloc_array+0x2d/0x40 [ 332.790956][T27433] iter_file_splice_write+0xd5/0x790 [ 332.796296][T27433] ? atime_needs_update+0x2ba/0x390 [ 332.801629][T27433] ? touch_atime+0xe0/0x250 [ 332.806147][T27433] ? generic_file_splice_read+0x2ac/0x340 [ 332.811884][T27433] ? splice_from_pipe+0xd0/0xd0 [ 332.816995][T27433] direct_splice_actor+0x80/0xa0 [ 332.822209][T27433] splice_direct_to_actor+0x345/0x650 [ 332.827670][T27433] ? do_splice_direct+0x190/0x190 [ 332.832712][T27433] do_splice_direct+0x106/0x190 [ 332.837695][T27433] do_sendfile+0x63e/0xbb0 [ 332.842160][T27433] __x64_sys_sendfile64+0x102/0x140 [ 332.847380][T27433] do_syscall_64+0x44/0xa0 [ 332.851953][T27433] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 332.857871][T27433] RIP: 0033:0x7fca7d004739 11:13:23 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getpid() syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') write$binfmt_script(0xffffffffffffffff, 0x0, 0x8800000) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0) ioctl$SG_IO(r0, 0x2285, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8914, 0x0) r1 = open(&(0x7f00000001c0)='./file0\x00', 0x4e141, 0x0) r2 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x401ffc000) [ 332.862292][T27433] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 332.882098][T27433] RSP: 002b:00007fca7ad7c188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 332.890583][T27433] RAX: ffffffffffffffda RBX: 00007fca7d108f80 RCX: 00007fca7d004739 [ 332.898646][T27433] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000003 [ 332.906888][T27433] RBP: 00007fca7ad7c1d0 R08: 0000000000000000 R09: 0000000000000000 11:13:23 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getpid() r0 = open(&(0x7f00000000c0)='./bus\x00', 0x14d842, 0x0) sendfile(r0, 0xffffffffffffffff, 0x0, 0x80000001) r1 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r1, &(0x7f0000000300)=ANY=[], 0x116) sendfile(r1, r1, &(0x7f0000000240), 0x7fff) r2 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) sendfile(r2, r2, &(0x7f0000000240), 0x7fff) 11:13:23 executing program 5: syz_mount_image$msdos(0x0, &(0x7f00000000c0)='./file1\x00', 0x7aca, 0x1, &(0x7f00000002c0)=[{&(0x7f0000000180)="040005090000000066617400040409000200027400f801", 0x17}], 0x0, &(0x7f0000000080)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') r0 = open(&(0x7f00000000c0)='./file0\x00', 0x40c2, 0x0) write(r0, &(0x7f0000001400)="bb", 0x1001) r1 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r1, &(0x7f0000000300)=ANY=[], 0x116) sendfile(r1, r1, &(0x7f0000000240), 0x7fff) creat(&(0x7f0000000100)='./file1\x00', 0x1a2) sendfile(r1, r0, &(0x7f0000000080), 0x684aa014) write$binfmt_script(r0, 0x0, 0x60) ioctl$FS_IOC_GETFSMAP(0xffffffffffffffff, 0xc0c0583b, &(0x7f0000000300)=ANY=[@ANYBLOB="000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000300000001000000ff00000000000000d71f1e0500000000080000000000000039000000000000000000000000000000000000000000000000000000000000009e0f0000c70000000800000000000000000000000000000000000000000000000200"/320]) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) gettid() wait4(0x0, 0x0, 0x4000000a, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000002c0)="0f34", 0x2}], 0x1, 0x0) [ 332.915049][T27433] R10: 0000000401ffc000 R11: 0000000000000246 R12: 0000000000000002 [ 332.923299][T27433] R13: 00007ffff87c0eff R14: 00007fca7ad7c300 R15: 0000000000022000 [ 332.977644][T27442] loop4: detected capacity change from 0 to 262160 11:13:23 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000240)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') write$binfmt_script(0xffffffffffffffff, 0x0, 0x8800000) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0) ioctl$SG_IO(r0, 0x2285, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8914, 0x0) r1 = open(&(0x7f00000001c0)='./file0\x00', 0x4e141, 0x0) r2 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x401ffc000) 11:13:23 executing program 5: syz_mount_image$msdos(&(0x7f0000000040), 0x0, 0x7aca, 0x1, &(0x7f00000002c0)=[{&(0x7f0000000180)="040005090000000066617400040409000200027400f801", 0x17}], 0x0, &(0x7f0000000080)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') r0 = open(&(0x7f00000000c0)='./file0\x00', 0x40c2, 0x0) write(r0, &(0x7f0000001400)="bb", 0x1001) r1 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r1, &(0x7f0000000300)=ANY=[], 0x116) sendfile(r1, r1, &(0x7f0000000240), 0x7fff) creat(&(0x7f0000000100)='./file1\x00', 0x1a2) sendfile(r1, r0, &(0x7f0000000080), 0x684aa014) write$binfmt_script(r0, 0x0, 0x60) ioctl$FS_IOC_GETFSMAP(0xffffffffffffffff, 0xc0c0583b, &(0x7f0000000300)=ANY=[@ANYBLOB="000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000300000001000000ff00000000000000d71f1e0500000000080000000000000039000000000000000000000000000000000000000000000000000000000000009e0f0000c70000000800000000000000000000000000000000000000000000000200"/320]) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) gettid() wait4(0x0, 0x0, 0x4000000a, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000002c0)="0f34", 0x2}], 0x1, 0x0) [ 333.214748][T27459] loop4: detected capacity change from 0 to 262160 11:13:24 executing program 3: syz_mount_image$msdos(0x0, &(0x7f00000000c0)='./file1\x00', 0x7aca, 0x1, &(0x7f00000002c0)=[{&(0x7f0000000180)="040005090000000066617400040409000200027400f801", 0x17}], 0x0, &(0x7f0000000080)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') r0 = open(&(0x7f00000000c0)='./file0\x00', 0x40c2, 0x0) write(r0, &(0x7f0000001400)="bb", 0x1001) r1 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r1, &(0x7f0000000300)=ANY=[], 0x116) sendfile(r1, r1, &(0x7f0000000240), 0x7fff) creat(&(0x7f0000000100)='./file1\x00', 0x1a2) sendfile(r1, r0, &(0x7f0000000080), 0x684aa014) write$binfmt_script(r0, 0x0, 0x60) ioctl$FS_IOC_GETFSMAP(0xffffffffffffffff, 0xc0c0583b, &(0x7f0000000300)=ANY=[@ANYBLOB="000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000300000001000000ff00000000000000d71f1e0500000000080000000000000039000000000000000000000000000000000000000000000000000000000000009e0f0000c70000000800000000000000000000000000000000000000000000000200"/320]) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() wait4(0x0, 0x0, 0x4000000a, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000002c0)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r2, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0, 0x34}, {&(0x7f0000000000)=""/3, 0x3}], 0x3, 0x0, 0x0, 0x0) tkill(r2, 0x3c) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x48, &(0x7f0000000300)="f43970da7cfeb6d42fd55103666c5762306aa6000000006e59b65f92b10000c571b846e84785185abde7d01894a79025a799ce07a8bdf0c91d32be313b558a8b5a3ae6a22cd7123b"}}], 0x1c) 11:13:24 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getpid() r0 = open(&(0x7f00000000c0)='./bus\x00', 0x14d842, 0x0) sendfile(r0, 0xffffffffffffffff, 0x0, 0x80000001) r1 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r1, &(0x7f0000000300)=ANY=[], 0x116) sendfile(r1, r1, &(0x7f0000000240), 0x7fff) r2 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) sendfile(r2, r2, &(0x7f0000000240), 0x7fff) 11:13:24 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000240)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') write$binfmt_script(0xffffffffffffffff, 0x0, 0x8800000) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0) ioctl$SG_IO(r0, 0x2285, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8914, 0x0) r1 = open(&(0x7f00000001c0)='./file0\x00', 0x4e141, 0x0) r2 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x401ffc000) 11:13:24 executing program 2 (fault-call:5 fault-nth:28): getpid() syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = open(&(0x7f00000001c0)='./file0\x00', 0x4e141, 0x0) r1 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x401ffc000) 11:13:24 executing program 5: syz_mount_image$msdos(&(0x7f0000000040), 0x0, 0x7aca, 0x1, &(0x7f00000002c0)=[{&(0x7f0000000180)="040005090000000066617400040409000200027400f801", 0x17}], 0x0, &(0x7f0000000080)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') r0 = open(&(0x7f00000000c0)='./file0\x00', 0x40c2, 0x0) write(r0, &(0x7f0000001400)="bb", 0x1001) r1 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r1, &(0x7f0000000300)=ANY=[], 0x116) sendfile(r1, r1, &(0x7f0000000240), 0x7fff) creat(&(0x7f0000000100)='./file1\x00', 0x1a2) sendfile(r1, r0, &(0x7f0000000080), 0x684aa014) write$binfmt_script(r0, 0x0, 0x60) ioctl$FS_IOC_GETFSMAP(0xffffffffffffffff, 0xc0c0583b, &(0x7f0000000300)=ANY=[@ANYBLOB="000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000300000001000000ff00000000000000d71f1e0500000000080000000000000039000000000000000000000000000000000000000000000000000000000000009e0f0000c70000000800000000000000000000000000000000000000000000000200"/320]) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) gettid() wait4(0x0, 0x0, 0x4000000a, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000002c0)="0f34", 0x2}], 0x1, 0x0) 11:13:24 executing program 0: r0 = syz_mount_image$msdos(&(0x7f0000000040), &(0x7f00000000c0)='./file1\x00', 0x7aca, 0x1, &(0x7f00000002c0)=[{&(0x7f0000000180)="040005090000000066617400040409000200027400f801", 0x17}], 0x0, &(0x7f0000000100)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') r1 = open(&(0x7f00000000c0)='./file0\x00', 0x40c2, 0x0) write(r1, &(0x7f0000000300)="bb8f9f640903127a53527c6fbfe65d43b0e0587d2d40c7e7df58cac83420e83662d6e39bb6d5430622431454eedeeaee423d8f210bc3525fa7927c18d5fbc91ab13c2041136047d8da9375934d00f325499bfe77846739d5a902c66c1a3d72840cbfa0ee29ebc60b83a7ec217b80339887e673a5c0af10cb3cddd313434880cc7d203ae08c1180e445b63762072e47cabcb35b1d684ffd3ed8f0674b3e0476a555d2e6015d8ca9129bfa", 0xaa) r2 = fspick(r0, &(0x7f0000000080)='./file1\x00', 0x0) lseek(r2, 0x0, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8923, &(0x7f0000000680)='lo\x00\x96o8\x0fd\xa1\xe3\xd7]b}\x1f\xa1Y\xad4\x90\x9d`\xd2\x98\x00\x00\x00 \'Y\x17]\x15c\xcaR\xdd\x98OC\x89\x1b\xe7\x84\xe2\x05\x80w\xd2|D\x8dK\x14Bx\xcbuH\xc2\xeec\xbf<>Y\x1a\xfc\x1f9OB\x81\x89\x186\xc5q@n\xb4\xb6s\xb0\x00\x00\x00\x00\x00\b\x00\x00\xda\xef\xecE\xec\xd5I\xb2\x9b\xfe\x8d\x90?\x00\xe9\xe4~g:\xc1\xb2aj\x96\xbb\xa7\xe2\xc0\xdc\xf9Q\b\xeb\x16\x7fT\x11\xd3\r7\xe6\"f\xcf\x8e\xabd\x0ftp\x82\xae\xd2\x15\x8e+c\xf6\xbf\xe14>\xa6-\xa5c\xde\xd7\xab\xea\x1f\xf8s2\x9cVF\xd5\x18\xfe\x0e\x8f \x01\x00\x00y.\xfc*\x82\xa5\xa1p5\xc8{\xf7\xef\xab\xe8\x99\xebw#\x8at\x1c\x80\xfc\xb0\x95\xa2\xa7\xd7,Y]E8\x83X\xf5F\xdc\x88-\xf5\xb0\xb5^\xdb\x1a\xb6\xaa\x14\xe2\xb9\rh^J-\xd1\xbaUn\x04\'l\x1b\xe0o\xdb\xc8\x91%\x1c\xb5\xbf\xb6\x90\xb4\xc2\x7f]/\xb3\xe7\xc9\'\x94\xcfIo\xdf\x04\x95\xb5\x06\x84\x1fH>\xda\xc5\x04 \x94\x88\xeb\'\xd4;6\x7f\xd9\x99-\x1b|G\x8d\xd4\xb9%\xaaQ\xa0K\x10\x03\x93\xe1\xcc\xe7m\x80\'\xf0\xa5\xed(\r\xa8\x0f&\xb1\xf3\xff0\f\x82%_\x92\x8bD\xb9\xd9\xe7\xf2\xe4\xc1i#\xdc\x87A\xb9\xc7\r\x92\xfa\x11\x11\xb5\x1f\x03\x9d\xdd\x1bj\xdf\xacg\xe3\xa0S\xd3\x8a\xe1n\x97\xea\xf5\xa0\'\v\xe9\xa0\xf1 f\xaan\xcf\xb5i\xb6d\xbc\x92\v\xd58\x16\b\xb3_:\xa4!\ny\xc4&\nWMM\xa8\xc4\v\x9f\x01o\xf4\xab&\xb6\x17\x02P\xc3!N\xa1\x86\"\xd7\x04\xf1\xc0!\xed\xff\xee$\xc89\x8cB0\xd1dD\xe0IP\x88\xa2\xf2Y\x9af$$\xf1\x81\x96\xf7P\xac\xca\x80:!\xb4\x94#\xcb^\x9f\'\x03\xe3\x93\xb9\x82\xbf\xcf\xc4\xe3\xf7\x03Oh\xf2r\xca\x8ff\xbb/\x9f*\xaf\x1a \xa5\xa0?%M\xa5\x86\x98\xfa4\'1\xc7\f<\xcc@\xe8\x8a\xac.\xde\xe4\xc7\xf5\x9ck\xa40!\xe9\x14$\xb3\x05m\xb5m\xed\ft\x93\xd8\xa3\x80\'Y\xb9\x05\xbbt|\xbe\xbcz\n\xf3\xf5p\xf8\x9f~\x1b\xd0\v\x1cQ') sendmsg$NLBL_CIPSOV4_C_REMOVE(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000200)={&(0x7f0000001840)=ANY=[@ANYRES32, @ANYRES32, @ANYRESOCT, @ANYRES32, @ANYRES32, @ANYRES64, @ANYRESHEX], 0x3}, 0x1, 0x0, 0x0, 0x4}, 0x40025) r3 = perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa64f, 0x0, @perf_bp, 0x0, 0x200, 0x0, 0x0, 0x1f}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = perf_event_open(&(0x7f00000018c0)={0x3, 0x80, 0xb8, 0x2, 0x0, 0x0, 0x0, 0x2, 0x1001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext={0x7, 0x1}, 0x10, 0x9, 0xb4c, 0x0, 0x0, 0x0, 0x0, 0x0, 0xdbe, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, &(0x7f0000001640)={0x0, ""/256, 0x0, 0x0, 0x0, 0x0, ""/16, ""/16, ""/16, 0x0, 0x0, 0x0, 0x0}) ioctl$BTRFS_IOC_SUBVOL_CREATE_V2(r4, 0x50009418, &(0x7f0000000400)={{}, r6, 0x14, @inherit={0x88, &(0x7f0000001580)=ANY=[@ANYRES16=r7]}, @devid}) ioctl$BTRFS_IOC_BALANCE_PROGRESS(r3, 0x84009422, &(0x7f0000001940)={0x0, 0x0, {0x0, @usage, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}, {0x0, @usage, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}, {0x0, @usage, 0x0}}) socketpair(0x1, 0x20000000000001, 0x0, &(0x7f0000001400)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_SET_FILTER(r9, 0x8914, &(0x7f0000000040)='lo\x00\x96o\xd6Q\xb9Y\xa9\xc8J,\x00\xd2\x97\x04\x03\xdc\r') ioctl$PERF_EVENT_IOC_SET_FILTER(r9, 0x8923, &(0x7f0000000680)='lo\x00\x96o8\x0fd\xa1\xe3\xd7]b}\x1f\xa1Y\xad4\x90\x9d`\xd2\x98\x00\x00\x00 \'Y\x17]\x15c\xcaR\xdd\x98OC\x89\x1b\xe7\x84\xe2\x05\x80w\xd2|D\x8dK\x14Bx\xcbuH\xc2\xeec\xbf<>Y\x1a\xfc\x1f9OB\x81\x89\x186\xc5q@n\xb4\xb6s\xb0\x00\x00\x00\x00\x00\b\x00\x00\xda\xef\xecE\xec\xd5I\xb2\x9b\xfe\x8d\x90?\x00\xe9\xe4~g:\xc1\xb2aj\x96\xbb\xa7\xe2\xc0\xdc\xf9Q\b\xeb\x16\x7fT\x11\xd3\r7\xe6\"f\xcf\x8e\xabd\x0ftp\x82\xae\xd2\x15\x8e+c\xf6\xbf\xe14>\xa6-\xa5c\xde\xd7\xab\xea\x1f\xf8s2\x9cVF\xd5\x18\xfe\x0e\x8f \x01\x00\x00y.\xfc*\x82\xa5\xa1p5\xc8{\xf7\xef\xab\xe8\x99\xebw#\x8at\x1c\x80\xfc\xb0\x95\xa2\xa7\xd7,Y]E8\x83X\xf5F\xdc\x88-\xf5\xb0\xb5^\xdb\x1a\xb6\xaa\x14\xe2\xb9\rh^J-\xd1\xbaUn\x04\'l\x1b\xe0o\xdb\xc8\x91%\x1c\xb5\xbf\xb6\x90\xb4\xc2\x7f]/\xb3\xe7\xc9\'\x94\xcfIo\xdf\x04\x95\xb5\x06\x84\x1fH>\xda\xc5\x04 \x94\x88\xeb\'\xd4;6\x7f\xd9\x99-\x1b|G\x8d\xd4\xb9%\xaaQ\xa0K\x10\x03\x93\xe1\xcc\xe7m\x80\'\xf0\xa5\xed(\r\xa8\x0f&\xb1\xf3\xff0\f\x82%_\x92\x8bD\xb9\xd9\xe7\xf2\xe4\xc1i#\xdc\x87A\xb9\xc7\r\x92\xfa\x11\x11\xb5\x1f\x03\x9d\xdd\x1bj\xdf\xacg\xe3\xa0S\xd3\x8a\xe1n\x97\xea\xf5\xa0\'\v\xe9\xa0\xf1 f\xaan\xcf\xb5i\xb6d\xbc\x92\v\xd58\x16\b\xb3_:\xa4!\ny\xc4&\nWMM\xa8\xc4\v\x9f\x01o\xf4\xab&\xb6\x17\x02P\xc3!N\xa1\x86\"\xd7\x04\xf1\xc0!\xed\xff\xee$\xc89\x8cB0\xd1dD\xe0IP\x88\xa2\xf2Y\x9af$$\xf1\x81\x96\xf7P\xac\xca\x80:!\xb4\x94#\xcb^\x9f\'\x03\xe3\x93\xb9\x82\xbf\xcf\xc4\xe3\xf7\x03Oh\xf2r\xca\x8ff\xbb/\x9f*\xaf\x1a \xa5\xa0?%M\xa5\x86\x98\xfa4\'1\xc7\f<\xcc@\xe8\x8a\xac.\xde\xe4\xc7\xf5\x9ck\xa40!\xe9\x14$\xb3\x05m\xb5m\xed\ft\x93\xd8\xa3\x80\'Y\xb9\x05\xbbt|\xbe\xbcz\n\xf3\xf5p\xf8\x9f~\x1b\xd0\v\x1cQ') sendmsg$NLBL_CIPSOV4_C_REMOVE(r9, &(0x7f0000000240)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000200)={&(0x7f0000001840)=ANY=[@ANYRES32=r8, @ANYRES32=r7, @ANYRESOCT, @ANYRES32=r5, @ANYRES32, @ANYRES64, @ANYRESHEX=r3], 0x3}, 0x1, 0x0, 0x0, 0x4}, 0x40025) ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(r2, 0xd000943d, &(0x7f000004e740)={0xb87, [{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, r5}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, r5}], 0xfe, "ad0730bd87e580"}) write$P9_RSTAT(r1, &(0x7f0000001d40)=ANY=[@ANYBLOB="540000007d000000004d00000000000000000001000000000000000000000000000000000000000000000000000000000000000006006d73646f73000a002f6465762f76637375000a005c6a7d2f2a2c3269182117e1940c7b925eae5d4631cc5a913fd2d36b17ca939c96bd55a9edf299556067be4845ffc2c1b93f46d588ff0e2bf5074707f73789a8751076111132ac72aac7f26149b2f304f7ef7d2bb402ab1e311a79e22316744e6957a91f545267ca8ceb1389fb01bbda496400967dc4c44e7bd0d86ccdc935c911a424449eefa756dc41eac8580b8314ffe217682b5b13f3cc57ed2866db00a87cfd608ea510d63272049ae302db74c46b939e0b9b07008fc341d34ac5610e099db800e4b1e408980d581dc9576d5f1f7a1a79b094c4add8536ff1fa4164c1dc55b20ee969c4bdd464e4982d988a1b014f5bb15e3eff549f254d9627511a15cd4d039e06aa2da58da5a6"], 0x54) open(&(0x7f0000000100)='./file0\x00', 0x950c2, 0x50) [ 334.795851][T27483] loop0: detected capacity change from 0 to 61 [ 334.803436][T27485] loop4: detected capacity change from 0 to 262160 [ 334.813385][T27481] FAULT_INJECTION: forcing a failure. [ 334.813385][T27481] name failslab, interval 1, probability 0, space 0, times 0 [ 334.826062][T27481] CPU: 0 PID: 27481 Comm: syz-executor.2 Not tainted 5.15.0-rc1-syzkaller #0 [ 334.834830][T27481] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 334.845082][T27481] Call Trace: [ 334.848359][T27481] dump_stack_lvl+0xd6/0x122 [ 334.852953][T27481] dump_stack+0x11/0x1b [ 334.857179][T27481] should_fail+0x23c/0x250 [ 334.861611][T27481] __should_failslab+0x81/0x90 [ 334.866504][T27481] ? __iomap_dio_rw+0x139/0x1010 [ 334.871455][T27481] should_failslab+0x5/0x20 [ 334.875960][T27481] kmem_cache_alloc_trace+0x52/0x320 [ 334.881245][T27481] __iomap_dio_rw+0x139/0x1010 [ 334.886003][T27481] ? __ext4_mark_inode_dirty+0x502/0x5c0 [ 334.891635][T27481] ? ext4_dirty_inode+0x58/0xa0 [ 334.896489][T27481] iomap_dio_rw+0x30/0x70 [ 334.900879][T27481] ? ext4_file_write_iter+0x4a1/0x11f0 [ 334.906405][T27481] ext4_file_write_iter+0xabe/0x11f0 [ 334.911750][T27481] ? ext4_file_write_iter+0x4a1/0x11f0 [ 334.917530][T27481] do_iter_readv_writev+0x2de/0x380 [ 334.923447][T27481] do_iter_write+0x192/0x5c0 [ 334.928114][T27481] ? splice_from_pipe_next+0x34f/0x3b0 [ 334.933730][T27481] ? kmalloc_array+0x2d/0x40 [ 334.938318][T27481] vfs_iter_write+0x4c/0x70 [ 334.943074][T27481] iter_file_splice_write+0x43a/0x790 [ 334.948530][T27481] ? splice_from_pipe+0xd0/0xd0 [ 334.953469][T27481] direct_splice_actor+0x80/0xa0 [ 334.958392][T27481] splice_direct_to_actor+0x345/0x650 [ 334.963777][T27481] ? do_splice_direct+0x190/0x190 [ 334.970124][T27481] do_splice_direct+0x106/0x190 [ 334.974964][T27481] do_sendfile+0x63e/0xbb0 [ 334.979441][T27481] __x64_sys_sendfile64+0x102/0x140 [ 334.984643][T27481] do_syscall_64+0x44/0xa0 [ 334.989095][T27481] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 334.994996][T27481] RIP: 0033:0x7fca7d004739 [ 334.999396][T27481] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 335.018992][T27481] RSP: 002b:00007fca7ad7c188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 335.027395][T27481] RAX: ffffffffffffffda RBX: 00007fca7d108f80 RCX: 00007fca7d004739 [ 335.035354][T27481] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000003 11:13:25 executing program 5: syz_mount_image$msdos(&(0x7f0000000040), 0x0, 0x7aca, 0x1, &(0x7f00000002c0)=[{&(0x7f0000000180)="040005090000000066617400040409000200027400f801", 0x17}], 0x0, &(0x7f0000000080)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') r0 = open(&(0x7f00000000c0)='./file0\x00', 0x40c2, 0x0) write(r0, &(0x7f0000001400)="bb", 0x1001) r1 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r1, &(0x7f0000000300)=ANY=[], 0x116) sendfile(r1, r1, &(0x7f0000000240), 0x7fff) creat(&(0x7f0000000100)='./file1\x00', 0x1a2) sendfile(r1, r0, &(0x7f0000000080), 0x684aa014) write$binfmt_script(r0, 0x0, 0x60) ioctl$FS_IOC_GETFSMAP(0xffffffffffffffff, 0xc0c0583b, &(0x7f0000000300)=ANY=[@ANYBLOB="000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000300000001000000ff00000000000000d71f1e0500000000080000000000000039000000000000000000000000000000000000000000000000000000000000009e0f0000c70000000800000000000000000000000000000000000000000000000200"/320]) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) gettid() wait4(0x0, 0x0, 0x4000000a, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000002c0)="0f34", 0x2}], 0x1, 0x0) [ 335.043426][T27481] RBP: 00007fca7ad7c1d0 R08: 0000000000000000 R09: 0000000000000000 [ 335.051381][T27481] R10: 0000000401ffc000 R11: 0000000000000246 R12: 0000000000000002 [ 335.059524][T27481] R13: 00007ffff87c0eff R14: 00007fca7ad7c300 R15: 0000000000022000 11:13:25 executing program 2 (fault-call:5 fault-nth:29): getpid() syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = open(&(0x7f00000001c0)='./file0\x00', 0x4e141, 0x0) r1 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x401ffc000) 11:13:25 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000240)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') write$binfmt_script(0xffffffffffffffff, 0x0, 0x8800000) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0) ioctl$SG_IO(r0, 0x2285, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8914, 0x0) r1 = open(&(0x7f00000001c0)='./file0\x00', 0x4e141, 0x0) r2 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x401ffc000) 11:13:25 executing program 0: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f00000000c0)='./file1\x00', 0x7aca, 0x1, &(0x7f00000002c0)=[{&(0x7f0000000180)="040005090000000066617400040409000200027400f801", 0x17}], 0x0, &(0x7f0000000100)=ANY=[]) open(&(0x7f0000000080)='./file0\x00', 0x400000, 0x0) chdir(&(0x7f0000000000)='./file1\x00') r0 = open(&(0x7f00000000c0)='./file0\x00', 0x40c2, 0x0) r1 = syz_mount_image$nfs4(&(0x7f0000000140), &(0x7f00000001c0)='./file1\x00', 0xffff, 0x4, &(0x7f0000000680)=[{&(0x7f00000003c0)="54bbe567f88ae6f69e331e6634ed9e0baf7dd064e4756451bd25a9ace8335c059a9b9a6d1a6a08e07cc1383a04f5f5e7db2824276329ea9dea3c0228583c226e6cf087c021109208aa4a30b2d27acc5a28139918f0fdae3fa1312e4745d5b0c502b58fd4ee8f4d42a8a46e81ba875251b4f82e9b2256aef1a48cb74a2a9ae5a7", 0x80, 0x7}, {&(0x7f0000000440)="3b307fc5a744ed72a3f9e370142aac3ba74c1afb4f597c631b92767046db46ca1bbde1c194cf3c87c8aa16792fa7f4dd372e953c4f4955e3b85bea0c23f2762252e52a4155fd35fd7e3fe31d39f868626635e715fcda0026274d8128579a86347bbf943f6b06016930db10c5410e6de38e7bc2e9700eb6d9458d7a6246657da6af2d39904aa283992fb92cf85e88fc6fd1c0ec26d3ccd5d03f4717b0a970e70dfe15c5db0511b5e57dca3f750f48324176c7749dac7733972cd6f58515b3", 0xbe, 0x8}, {&(0x7f0000000500)="9cf44c0b78f12394d443b8d511200c3f9fc32ae2d9b4b3049312b05e9c1eafc89c86a6ae421faa5a19f1acf388096b88a589234bb03e29a01973ecc839509cf9974846f4b4fc786ddc55a913404ff8da26439b05e51534cda1e8d8bf00dfde36c36e1fb1e890e315f5978b1f7791a53596e7726d23f319ec67a94ac90c0ae6fbeea48ac5f4d3576f2a4d04abec58dfcff24fe59039351bf7937b2fc04bfc1f8355648b57c7211522f51c7ff77184dbedfc1fb3ca92464a9a75bc723236b597314b20f49105d35c3c854918eb82a536931248bac444f2b5d3f85d7d3fce3a7a", 0xdf, 0x7f}, {&(0x7f0000000600)="2183b76a9ed8caf3c89f9ec8c5a9fdb45096bf54347ff5f7742bdcb9998112991e4b6c2c97ea6576936e74a0c75e591c1ebb3a56082f87402d3dceda5fa9199879f7646d8345cb97fbf88c", 0x4b, 0xff}], 0x10, &(0x7f0000000700)={[{'#&{'}, {'&+^$]\xcb\x9e'}, {'\\j}/*/|,\x13('}, {}, {'\\j}/*/|,\x13('}], [{@smackfsfloor={'smackfsfloor', 0x3d, '/dev/vcsu\x00'}}, {@dont_measure}, {@mask={'mask', 0x3d, 'MAY_EXEC'}}, {@smackfsdef={'smackfsdef', 0x3d, 'nl80211\x00'}}, {@fowner_gt={'fowner>', 0xee01}}, {@appraise}]}) write(r1, &(0x7f0000000300)="bb8f9f640903127a53527c6fbfe65d43b0e0586f2d40c7e7df58cac834d5430622431454eedeeaee423d8f210bc3525fa7927c18d5fbc91ab13c2041136047d8da9375934d00f325499bfe770000000000000000e4c7386e58898b319fd394fa9e81f8c3f6c546ae9119b160626a3ad534ad054fa73ad548da113db8c046e2da3ee49a45d377fd02c7a6362a143889db99d580d0fd798df8be304a2c721c9a9b7713cf5c17c28ee9e248dfbe3f404e8c", 0xb0) write$P9_RSTAT(r0, &(0x7f0000000240)={0x54, 0x7d, 0x0, {0x0, 0x4d, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0, 0x0, '', 0x6, 'msdos\x00', 0xa, '/dev/vcsu\x00', 0xa, '\\j}/*/|,\x13('}}, 0x54) syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r2, 0x0) preadv(r2, &(0x7f0000000280), 0x18, 0xd9f, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), r2) [ 335.187946][T27514] FAULT_INJECTION: forcing a failure. [ 335.187946][T27514] name failslab, interval 1, probability 0, space 0, times 0 [ 335.200772][T27514] CPU: 1 PID: 27514 Comm: syz-executor.2 Not tainted 5.15.0-rc1-syzkaller #0 [ 335.209525][T27514] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 335.219642][T27514] Call Trace: [ 335.222909][T27514] dump_stack_lvl+0xd6/0x122 [ 335.227517][T27514] dump_stack+0x11/0x1b [ 335.231667][T27514] should_fail+0x23c/0x250 [ 335.236075][T27514] ? kcalloc+0x32/0x50 [ 335.240217][T27514] __should_failslab+0x81/0x90 [ 335.245063][T27514] should_failslab+0x5/0x20 [ 335.249549][T27514] __kmalloc+0x6f/0x350 [ 335.253769][T27514] kcalloc+0x32/0x50 [ 335.257669][T27514] ext4_find_extent+0x21c/0x7f0 [ 335.262515][T27514] ext4_ext_map_blocks+0x115/0x1ff0 [ 335.267816][T27514] ? ext4_es_lookup_extent+0x36b/0x490 [ 335.273272][T27514] ext4_map_blocks+0x71e/0xf00 [ 335.278018][T27514] ext4_iomap_begin+0x4b0/0x630 [ 335.282914][T27514] ? ext4_alloc_da_blocks+0xd0/0xd0 [ 335.288098][T27514] iomap_iter+0x39c/0x470 [ 335.292553][T27514] __iomap_dio_rw+0x698/0x1010 [ 335.297343][T27514] iomap_dio_rw+0x30/0x70 [ 335.301673][T27514] ? ext4_file_write_iter+0x4a1/0x11f0 [ 335.307146][T27514] ext4_file_write_iter+0xabe/0x11f0 [ 335.312462][T27514] ? ext4_file_write_iter+0x4a1/0x11f0 [ 335.317906][T27514] do_iter_readv_writev+0x2de/0x380 [ 335.323092][T27514] do_iter_write+0x192/0x5c0 [ 335.327708][T27514] ? splice_from_pipe_next+0x34f/0x3b0 [ 335.333195][T27514] ? kmalloc_array+0x2d/0x40 [ 335.337881][T27514] vfs_iter_write+0x4c/0x70 [ 335.342366][T27514] iter_file_splice_write+0x43a/0x790 [ 335.347802][T27514] ? splice_from_pipe+0xd0/0xd0 [ 335.352637][T27514] direct_splice_actor+0x80/0xa0 [ 335.357559][T27514] splice_direct_to_actor+0x345/0x650 [ 335.362920][T27514] ? do_splice_direct+0x190/0x190 [ 335.368072][T27514] do_splice_direct+0x106/0x190 [ 335.372945][T27514] do_sendfile+0x63e/0xbb0 [ 335.377366][T27514] __x64_sys_sendfile64+0x102/0x140 [ 335.382721][T27514] do_syscall_64+0x44/0xa0 [ 335.387136][T27514] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 335.393077][T27514] RIP: 0033:0x7fca7d004739 [ 335.397489][T27514] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 335.417267][T27514] RSP: 002b:00007fca7ad7c188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 335.425815][T27514] RAX: ffffffffffffffda RBX: 00007fca7d108f80 RCX: 00007fca7d004739 11:13:25 executing program 2 (fault-call:5 fault-nth:30): getpid() syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = open(&(0x7f00000001c0)='./file0\x00', 0x4e141, 0x0) r1 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x401ffc000) [ 335.433769][T27514] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000003 [ 335.441857][T27514] RBP: 00007fca7ad7c1d0 R08: 0000000000000000 R09: 0000000000000000 [ 335.450019][T27514] R10: 0000000401ffc000 R11: 0000000000000246 R12: 0000000000000002 [ 335.457997][T27514] R13: 00007ffff87c0eff R14: 00007fca7ad7c300 R15: 0000000000022000 [ 335.501129][T27521] FAULT_INJECTION: forcing a failure. [ 335.501129][T27521] name failslab, interval 1, probability 0, space 0, times 0 [ 335.513778][T27521] CPU: 0 PID: 27521 Comm: syz-executor.2 Not tainted 5.15.0-rc1-syzkaller #0 [ 335.522714][T27521] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 335.532947][T27521] Call Trace: [ 335.536236][T27521] dump_stack_lvl+0xd6/0x122 [ 335.540941][T27521] dump_stack+0x11/0x1b [ 335.545105][T27521] should_fail+0x23c/0x250 [ 335.549686][T27521] ? kcalloc+0x32/0x50 [ 335.553783][T27521] __should_failslab+0x81/0x90 [ 335.558572][T27521] should_failslab+0x5/0x20 [ 335.563140][T27521] __kmalloc+0x6f/0x350 [ 335.567495][T27521] kcalloc+0x32/0x50 [ 335.571440][T27521] ext4_find_extent+0x21c/0x7f0 [ 335.576334][T27521] ext4_ext_map_blocks+0x115/0x1ff0 [ 335.581534][T27521] ? ext4_es_lookup_extent+0x36b/0x490 [ 335.587010][T27521] ext4_map_blocks+0x71e/0xf00 [ 335.591801][T27521] ext4_iomap_begin+0x4b0/0x630 [ 335.596689][T27521] ? ext4_alloc_da_blocks+0xd0/0xd0 [ 335.602089][T27521] iomap_iter+0x39c/0x470 [ 335.606416][T27521] __iomap_dio_rw+0x698/0x1010 [ 335.611187][T27521] iomap_dio_rw+0x30/0x70 [ 335.615643][T27521] ? ext4_file_write_iter+0x4a1/0x11f0 [ 335.621173][T27521] ext4_file_write_iter+0xabe/0x11f0 [ 335.626456][T27521] ? ext4_file_write_iter+0x4a1/0x11f0 [ 335.632156][T27521] do_iter_readv_writev+0x2de/0x380 [ 335.637361][T27521] do_iter_write+0x192/0x5c0 [ 335.642208][T27521] ? splice_from_pipe_next+0x34f/0x3b0 11:13:25 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000240)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r0 = open(&(0x7f00000000c0)='./bus\x00', 0x14d842, 0x0) sendfile(r0, 0xffffffffffffffff, 0x0, 0x80000001) r1 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r1, &(0x7f0000000300)=ANY=[], 0x116) sendfile(r1, r1, &(0x7f0000000240), 0x7fff) r2 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) sendfile(r2, r2, &(0x7f0000000240), 0x7fff) [ 335.647751][T27521] ? kmalloc_array+0x2d/0x40 [ 335.652340][T27521] vfs_iter_write+0x4c/0x70 [ 335.656911][T27521] iter_file_splice_write+0x43a/0x790 [ 335.662289][T27521] ? splice_from_pipe+0xd0/0xd0 [ 335.667180][T27521] direct_splice_actor+0x80/0xa0 [ 335.672463][T27521] splice_direct_to_actor+0x345/0x650 [ 335.677823][T27521] ? do_splice_direct+0x190/0x190 [ 335.682831][T27521] do_splice_direct+0x106/0x190 [ 335.687730][T27521] do_sendfile+0x63e/0xbb0 [ 335.692339][T27521] __x64_sys_sendfile64+0x102/0x140 [ 335.697740][T27521] do_syscall_64+0x44/0xa0 [ 335.702173][T27521] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 335.708380][T27521] RIP: 0033:0x7fca7d004739 [ 335.712792][T27521] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 335.732580][T27521] RSP: 002b:00007fca7ad7c188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 335.741137][T27521] RAX: ffffffffffffffda RBX: 00007fca7d108f80 RCX: 00007fca7d004739 [ 335.749209][T27521] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000003 [ 335.757253][T27521] RBP: 00007fca7ad7c1d0 R08: 0000000000000000 R09: 0000000000000000 [ 335.765413][T27521] R10: 0000000401ffc000 R11: 0000000000000246 R12: 0000000000000002 [ 335.773625][T27521] R13: 00007ffff87c0eff R14: 00007fca7ad7c300 R15: 0000000000022000 [ 335.789085][T27518] loop4: detected capacity change from 0 to 262160 [ 335.806803][T27529] loop0: detected capacity change from 0 to 61 [ 335.837399][T27529] attempt to access beyond end of device [ 335.837399][T27529] loop0: rw=2049, want=64, limit=61 11:13:27 executing program 4: r0 = getpid() sched_setattr(r0, &(0x7f0000000240)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') write$binfmt_script(0xffffffffffffffff, 0x0, 0x8800000) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0) ioctl$SG_IO(r1, 0x2285, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8914, 0x0) r2 = open(&(0x7f00000001c0)='./file0\x00', 0x4e141, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r2, r3, 0x0, 0x401ffc000) 11:13:27 executing program 5: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f00000000c0)='./file1\x00', 0x0, 0x1, &(0x7f00000002c0)=[{&(0x7f0000000180)="040005090000000066617400040409000200027400f801", 0x17}], 0x0, &(0x7f0000000080)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') r0 = open(&(0x7f00000000c0)='./file0\x00', 0x40c2, 0x0) write(r0, &(0x7f0000001400)="bb", 0x1001) r1 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r1, &(0x7f0000000300)=ANY=[], 0x116) sendfile(r1, r1, &(0x7f0000000240), 0x7fff) creat(&(0x7f0000000100)='./file1\x00', 0x1a2) sendfile(r1, r0, &(0x7f0000000080), 0x684aa014) write$binfmt_script(r0, 0x0, 0x60) ioctl$FS_IOC_GETFSMAP(0xffffffffffffffff, 0xc0c0583b, &(0x7f0000000300)=ANY=[@ANYBLOB="000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000300000001000000ff00000000000000d71f1e0500000000080000000000000039000000000000000000000000000000000000000000000000000000000000009e0f0000c70000000800000000000000000000000000000000000000000000000200"/320]) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) gettid() wait4(0x0, 0x0, 0x4000000a, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000002c0)="0f34", 0x2}], 0x1, 0x0) 11:13:27 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000240)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r0 = open(&(0x7f00000000c0)='./bus\x00', 0x14d842, 0x0) sendfile(r0, 0xffffffffffffffff, 0x0, 0x80000001) r1 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r1, &(0x7f0000000300)=ANY=[], 0x116) sendfile(r1, r1, &(0x7f0000000240), 0x7fff) r2 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) sendfile(r2, r2, &(0x7f0000000240), 0x7fff) 11:13:27 executing program 2 (fault-call:5 fault-nth:31): getpid() syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = open(&(0x7f00000001c0)='./file0\x00', 0x4e141, 0x0) r1 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x401ffc000) 11:13:27 executing program 0: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f00000000c0)='./file1\x00', 0x9, 0x4, &(0x7f0000000a00)=[{&(0x7f0000003480)="79ea36d53f0fee9ba7f6bc5c2f25962c0dd66b40dfd95ba503a759828058cb99bb4e0ce485db202f2ff99cc78cc9c1b570f19fe53c05de2680fe607daca512bfad0a678489c747fe675eee32b21efeafe2b26a293e8919b1bfdaea5c3003fed1c75bf1a6e5f8180b280626df5346626c41b41ab8cbb2aa907995af365fbf14676c7ef154c92183c930a3c76d77f4e6c04a655b572f9938157c0d553278c80d0f19048f2742492771b4cb2dcc50e2abb9820d51c4e602319e59b77ffa6dd705efa81d75e0256ce3bd732f5b4f713efc0cca9aeea0f2fe3b398161f107a4ce4877c6703df30dbe9fbd5775e688579d5feb867ffc4690ff01016d3dc799fca9e03c723242df902864f5b0ca6a88cdea804de274fd0f32d88b1c0bdba356643fdbdedf990bcd9bf9c7f13b036a1a83e6c6f94d852815d9e427bc7b27fe587c49c2fc127acbcca74f6f90f93ee9c0bb76de51056c17424fc770efde03cd94e279676b3ed513788035631b9420c898b99a81312e49191bf2724a9f4f0d3516c29869b1382f686c40a3a341cb53c501f09dd2f8d055a248838918b30ac849398d7a05ebdc9f7f77b1afb5eb60c9bfa941b34bc49890d0893e4a75c2c5bd81b8a171a24c4cf397e5ad48b843a10c35a2bda2be6744108b2a613e1267c49664206429b6398c45af7afb19b24a5f0d86eee43c7b6e403ff67a25789854d99a4d8f955202162b1f8bde932b0d7991ed17e672a667621afd5770bf368019f9173376fe33b14a61467e4441c39682e12bf37c4d2d6fe15ece1f14b10cfa0864f6fa009fa33811991215458eadfa18c4dd6279f8051e1dc83832b116a6447fc12197c5d81797583c3b4257523e6317e69a60fdb979a57441aa15f251dcdb66c3eea249f085333c7f3a2e9ef713a17a99ebd5c1e0834edaa3d714a4711ec9233f2bd072a7025c7f0238d92b0fcb888011f8fafb578b2ae79d46c8be00ca6075c64b25f0ad3f8512208936b58257569ec9eb9dd4ff03dee40067ac639857d831d951439562d1092be63564544ce507420a8b04db144bea009ee79ddf13342e2f57b53fffb6f24b9573d06639c34ce94c1f06679d71400c84237de372e1c4c9663110e785be779610808fde7ddca2f3f3485467a5b4fb407ce450e770427dfc18e3d332984b95a535519cc22cd250ca517d4a7e529dff8fbe919658a54590af67568b765e22d84291500a18c2da7b9cf44a2ba964b0596479cc394b7430de5a6ff289f0c43c9557850e4d77b0ec19ce17692e09262fb67e81c1a85007831ed01ca19843520ba27f61546ea4bbf3e0afc36229ec8be8865462ec1a7b29f380bb6683df8cdd75bef768bdb1be49f463e6f4958fe3df8a2e70b35c39a52927ccf7a5acfe025f6d69b5161368d3ec063b99a4849e52333234c9da80887de8de6498110b53c492561936c69f1e5f4f8fc9208ef8175e80b301b6e4254359a584390eaf0aa1bf090f148d5878ba6290ba9a086a7367b3a4277cdfda200bba3fbbef09b88aad75cccf6a34ccc294cae289f5c75c256ac117d4c604e6754816e7a56aa5a3eccbda14a5a015bade1d75ebd1520940546d72e8058a3b5c8fa77bd7f95a94950c7da2a89862a4c6c04a7d8c37c6603c9be6063ef1ab76b6542d6229bde621320d642ea8ca68c81893d6eddfb57d3794fa03123b572ac04899871fba62376070e5f9efc5a380de909e2e71ce675798a101e3dc46561a333913d2a31025cfc9a9e338d8d364be6aefed8ad89c3dc947919181c0e2e2bb4359ed280d440bd05fd9cf5510fa358fb4cc125ab48db367e4a909064f1c1e8001d40d67dc5f1aef3fe6d91d070bbf3814d66e5cf8dcfddad8d89aa775bf0cedf98dbf241efbe893cce1bcb6fc157631a8c50f84600624c33214448f888917b96bd3b46074de16b8241e1164697809205b77b6dc82da348fb7c5aa54684c55b2253937c18f56b09ab93b513cf230609b9abbec6d255879ed4dddea732357a3d9de8916a7bbc00934df4410ce7e51d397e1c852165a347987389f7d8cb6cca8592759aeeb7c336f64e58d20706234149abc1052b14af936fe2caa9c8f5e9f1e07f9aacae9a2a2acc2c78a2bf2a819dbaea041868b839029f4e632d8ec5e088ae23f2c973e925bbb0de6e929d4d3cc85621c98c791e40025ba94c102bce1f9808af1a0e68e84a80d6fce678996e3c4db15e9bf85cbb1d0c200e4d476bdfc923930eb7110138520a8f48084d69d06e328c2030cf693112537813750800fea2f4a400b294e8d6c3f6abdd53d680821dea34e800af113af03a836461c366fe51d79bf0481bb10820614433fc1666a5d7761e20b9ef49a5249f1b9052ca204e11aad3f76bac7a6ade14783a5d88a603ff2c2d8a6a11de18a44b6d19005afd1e55217d87d571169fe009f1f2b256a58a05c6dbd13057723d74e8579a53afb925968bf4ff74bb8ce884353ca9438283e38f701c2cdb9f54776d9680dff6271313099c55264f46fe8b440774b27f4970695287152fad203851d47d9f2a2e0ec3b102bf646aab61fe74c4638862a79bbf28184795e1a8fce585ceb00a510cf4b66dc3adf0e4efc9229dcd6a08caac70c4f916151a41fd9fce8afc3e9f08512059780e99e6c1bf13503d81cf6975a07a6910920befe0c1e83021a20a64e67df43b725405fa5228d72ce73c9f3e71d203a3e7ba5558e9672ddb3ec7fe0ec1bd968dc296a655a6fcbc312953adcbd9bc2e39f1a574b5504853f27acd2a47997e96813e957ac2dab5b0192bfa1fcdbefa26a184aee72735033339344329056e4d579d2a4f50e92f64ac7067a88e83eb5f676edc3b9045a0be3b8de260130a1a87fac4b95dcd0e04be461b008800e48520f30f0820430a61bb70aca1d2ec8afeaa5804ed33d8198aca9be7fb88dacbf7fc2504f7024c6b257fd686ae082456430c70919919f8b7309e47971fa08aec7303cc2f37fb8e87f4fd58715ba05cb86bf82b46b571b4390d0b7178e446ad0cfd9afe6d963064cbb04e3831904fdd68a595dc3878a89aab09ff3ac08ab288f74b6f075277c00554864a859239f36cad7bc94dd37d0b4d54000a78563d495736170f2776fbf522d6967665ed437cdbb140e1bd1cdce6597577f5212ab66178f7ab7fff28af18da52c389d6fb09568d743f826114f35c4ae77f40b44b5995875cf174a40d64a05d71930ebe419506b41ee6b57fb570870f87a14d28a66bf6e85d67a32dfeb3d57b4778169c5ebf5bf519f4d01e116439addaefd2c2109cabc4df3d454fd20aa40fb949d23cc96ce3e0651f97a55a9b83074bdfe0fcbf0ad344dd99d590541109362592dfe2cef4a6316ad29a26ef38d440a4d73bfbe3c563151f27b56894a93c86d3e63d33d35d61e5c73b0c6ebf7055a4cf77224cbcf603c830104144f440b04e7c4406d4c08f3abcea043025652615c0ea445f7d235fa3fc2759fc9e36f982259f519fc903526be85f8737689f7595ebf485a9c6a36f02d64161bb4acdaee8d63a47602552dcc0c66f659fab717ca5032c8baaa6ce27a884ff56432648df48b5244e9d2be30347a4490a980276a41b06047e5f3fd7a542d28dcb04ef716af53c6fc0053f9373863e71cbfe245c842e98460d282fb848cf29a4141b71a2b04b60e2de131c0653b5b1231c94e27a215b9d3f2df6529461eb67dbb4870681862bd8a7fa0b7edf2f2ded6f55849a49a1de174ae3d8eae356f59ac68bc5a92f0f7beeb25047e89db6a1ee03b97fba45c87146019e82253f6c282dedc3500165b1ccb0da3f5da8eac51a5a0b4c80d2ee0e49778f0a9b9de4711a272ffdd06f5d60a4adb5e79cd0d8c3bc5c681f853343a8adcb32aac318bd59ff78d5fa85a4fedfda61ac42cdeb66e34c7b8bd73de3b3763983e0298220b00565c811de7cf2234181f99977113ce0b1845600b8a426a3541cacb52ec6f3593c5a8dcb58220f0e6bc6e19c7ad43c83547104136f8811cc57b47aa454f13ff604ec8de9e1cb26c3756e816bcfd413391ec64359367530750efb22d023826e659bdb12a2a7c092472a7edd303ddc37e7ab15fa5e81343c870895b379e512b1dad6077b450283835e2f2d158f518027aa4f4c0f8f9699d70d68bd56ce85226875498b812b590951b4e9d83a9fe3db4b82134c9d3d8568aaace8c90880bb3c1cb3ce09e7f3e0dce4f3f7447f0a6efd6a929ab274f9ca14bf9831a15984f1d380963bd8cb841d7819dc703f81b17feea6661f4fc6a3e25935155474a9e8ce8f7ad17abb8c8bcd1c223463c4b5d7e70e52bfeab24fcc41f3e22849026c4de8f4349c84bdabaffd46db102579bbfe54f7ca45b514ba14f2b0c1849457cb774641879b862ac265ceba55c0a53dfec2048a440cc6db4bf3799d3c9368889b0d0676924ae1a3c5a9ac6cbe0fbdb42f717d4f7561bd40242d3aba37366220834b8f7db3ed3a7da3c56370b5a78c4505738f24b625611489473326d0178cc76322a78138706968f023ab184c8758c99024e1a128bc3afabe9db03b83731077076896366fbd7d8b2851c48bfa30d8b161029c2a1b3bd1ab694d787b2686d20e8f62d359e0b188357900bf6343cf141053b9dcea71374829ec8503d7cde25dc6412033951e028e4d2d8a03e3bef6e2054ee936777a3ffbc4c6c91ca00a307ddb53c07384f2d3da01e23d9cb15142cce6c853eab9ccf848e125cb25308a83bde0ac56c16da514353dfaa49aa7bf916f05f40e3521a87ae801a6a9a3b26ddbfa391e2844353a59628eed1a607bb08e256212121e435753cf37a48e4dc300022c6a795e3860a8a1cc3b0b7c5f49b8a30d43ccfe2fbbf1086e3e91134d853d0d5bf6f96a74bf2acb01eefe7b0259fa55760e3332f6caca5736bcc22698db8d4b728ba9c3b74006c4875d9d566e5282bdf1edb73534de2e1ad377e9a985f11302c68c3b56154e04e1435cf07bc0fbc955b3f79de0e30af4200d97c51faa8670ac7c6aeee8dc356fbac2c945458e559ca7ba986634fb8f27315f1b7aa2f2ae90a7bfea960a25432b4849e3b8a7a5f193f184fce5b2bdde179d865f0bac425c4992e4266bca376b5ff8c1147543434f0d0ab34f921c3567c3c4540bd1dd0dcfcd041608eec29db0031326649d73c5d5e6d1a0b0010526a6f5251bb25b3f1e5293f98091a00b0652dfec017ad791c518d3258bd858ce4602b65dc686400e3d10de4cfac8bb133fa757873330a45fcd9345e24b5ab90df4b8bbf1965de268084efd62ee011b39b99905abfb0c566e9356eb4affa1fd17132cb1c404bb7ad8009598e4ee753936b2f8bb5888773d4d2a3ba89f47dc0fba8adb7365f5cc9423a29103462d271a45621b7b6d98fdbb6027e71dd9761c8fc089f4e1aaa57156f57111d8bd2eb1f0fc6b6b3ca4cc776d3f3eecef696910fd3234308f0cf3b3213122dc8865f0045fb91cae8fafd30f5fbb1f961b5da347d048b4a8a29812bd99791b01216ad1046fd5b1536a52018185d5c0bcb6af1964f2153a07fffee7ed3daa23c01664bcf470748a297acf36fdeff7e07f9560e058e59ac4c34b28dd37360cd25fac8116383f1a2beb16fb9bb12aeaa5fcb23d52fec6f044e8123f88e9da58122b7f401b59730d333f022e70737842e3b8cd22c4f013398d10ecd4d39f8aa421936907a568f03587cbde8dff0037da21c9389628ab7358e2b3f12997199a8ad25749048631367469a5968554f437a68d9cf68954505a01003c62b22a5b24544bb52290551fe0471090c978f842c7c54803cfcaaae5f735ca997", 0x1000, 0x11e}, {&(0x7f0000000240)="5946702803921c259e42ee23cec223c6d9df532b400ce8d37982f0a41903287b89230ac7e1453655157f327deb7b8ebf337395b54e884c96d7c34788451647699bf6f1758655039d2a094d3abb7b19b5192b73e42a1c7012e42aa32442a028", 0x5f, 0x1fa3b367}, {&(0x7f0000000080)="a794bef6a6fc0b8546481ffaf7af76d9e38aa7300c84631b164a0480b4894165d902df90d1ff01", 0x27}, {&(0x7f0000000780)="0dbb2869577b25db4750b198c5cfcfe4fbb315fcd04c8e4effe3736383e29a5044f1e64fb0016336ee3cea3004a3b245a4b79582e1849945f4f3f2b3d25a73cd3375c4fe58b0fd48a7f9a039a15d86dbe80c9b7ab26f0223252270373d254ce34732ad85ae0e8ae4fd41cba2e85f20e8759f34b3ee8e13781f55ef1edf3af279efe17c18340325f5377d3675e2f7e678af2f856e16f69a8a44862caa16fcf08d6b85d7439a764e7adf433a4c6818d5140dabb636563cacd8786e1a357e76243ed03d1b7a0242db1afb15bd3dcd2419a008dfdc9c85f77b5c15794c7c59", 0xdd, 0x2}], 0x0, &(0x7f0000000100)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') r0 = open(&(0x7f00000000c0)='./file0\x00', 0x40c2, 0x0) mkdir(&(0x7f0000000180)='./file0\x00', 0x85) write(r0, &(0x7f0000001400)="bb8f9f640903127a53527c6fbfe65d43b0e0586f2d40c7e7df58cac83420e83662d6e39bb6d5430622431454eedeeaee423d8f210bc3525fa7927c18d5fbc91ab13c2041136047d8da9375934d00f325499bfe77", 0x54) r1 = epoll_create1(0x0) vmsplice(r1, &(0x7f00000001c0)=[{&(0x7f0000000300)="753b31c5fba82bf3518ccacafe231112100692bf45819b0eae9c8692fbc544d0dbb2a6f18a7934f557f208bd0498dccb7c7ce9bfcbb841f5ac8b6e88ed7e17932635adc42b8888db3b8599683e50ba91195784a1c6e03db353db91d6352a462b90be1f713d324da51c52eb1d9e22fbeb702ee37500b6a7734cd5790400befc8cec3ae621ca60626666eb279aff42f5e1741b1bcd612687951dc6e4a8a3ea154a523e88fa71418fe8798b51ebf5a9cfa3f74f1bb0e5ee0607c1724a3bae7108378f726ccc188851127b9c9e4daa005894", 0xd0}, {&(0x7f0000000400)="6eae181658c06d2a896077dd2ef4d9acaaa04830152655252534890addb668dd9857a418371365df7f92e71f6eb81e752e06c18af5263751e4cb9b76e720fd2d22522b91edaaceb514a5241628b17c51dbf49c44d3866e9e604c97f205f97edc9d9b70817aceeef01746592a607b8ad6483615a0df557dd1f85e002e5e064f29d604599105a17a6145a04ca5f0d2d070b31d8ee0c787d586ecd8403f8ac4a43f46714a0de4dd462e31e05d8cb46241682e33a8ad4b383560c68c3af7b7b1921a2cb62ec26a90b0cc4c55434dfe6d14bbc7bf8ab16cde5a2e6ca786f133396ba5424ac4ab67c62047fbecbef73ef79729f75f1055fc5edb4c42", 0xf9}, {&(0x7f0000001480)="111c5aef2db8ec63a5ae29e3ddc574833738a3b53852636d90ad2f491546855a224ea1cea37e28ba6d01dc93fad80481d712d8120740822f18851d90336cad7fece651fcb19826f635e5ca4e2007ea9eb12d140293d627347ce8c9236110c9d1a8144ac0f3bf6bd6ef34eb7aa4a40d8e4dff93c2b6862ebfb7c963cd1791dd89469bfd01bc6e5b932455bc2b4da0c4d1a3993714247f2f4ce3926b456069b15fb5f76590b535b99d8f630e6781b21d101a3c6b95cac0a53f64d7e60433c9bd2809304c0133e7749d5ad7a7be4d45a3cd1ded5e5645b53f09fdf029190b9c0fd46656f1b682a7fc3e04476f306497eeb181f258dde3759769c8bab13ee51ee8a9686dda0c2aad0784a1d1d7df4c0132b8fd4b037cb98e1a53ca90d6c3e31fba56f7525470165ed9f88b5691d8ecff5ccfac61d69c40e50d1034f852c788a3a7a779262e89f7f6468af18acf583ea475e50f5f531d153aea3871d28318f9215f7f42642783b1aced80f4ea135383d8eef7c681c0f4603cf080fd445a10ae2eafeb45b6dc2b1a5b9e66d21ca9e260feb14b4164112c077ef851b95ba7a1f7e917acf1a1c75a6750111cf7b2477feb847fda113248408452798c23fd026eb419a4220a991908313b41200e53c8fd4a8cf41da493079437498753f2d8a89f1c4d7302d46d16355b9e4645ab78516fb9584200a737c6a5d31088c4c5d9cd5c09a4d6787625329e4e2d827c470fe9e31e42ab9c0ca9d5093fd25b52bcd7319e6c87f8e96a8f653032e85185e37a5d2318266cb9c30c0e1b2fa11045d6e584fe8072f08f08180618e6049075d7543f4db4469be69e104f25e9084c42e9ccd7118e6bb58601694e80d6019d8fe79ab560dd6da497b7e61960d5141a7d2d2433289a083311466750647388f65d82d9d854e8b2b086fe1ec8e46c9c8ab6ebefaddc4e0e7e9d329260c2c52e742e3683a9c8a8e187c8da06a35a308e848d05c0d5a890b45627ee5bf23c00f02968c10f77a613c1a8f2219e5ccf8f60faf9ea7121df8e27153ab9a295c30393ddaba9ae03f63fe11e179b0c813ab48aeb2ad717beb2d86ab7f7f80dc77cda8cae1727d4414f0e26b5f0b5e1bbfc5ef46ce7532e131cacdb6bb4cd59aa09f0b370b62963957ee3105516d6c9e5abe572f24f750c9468c028fbd20fb5c290c32cdf148d4616e8956e24728260f6e98d7e6e59308992256b9cf00353781c7ad3f08cee13c1ac2312c024b2d105e5080ff0556720be5e998097c39cea0b5730bfae0ca5d3bffc2028f6d8df721c04904980992b55d4a060f7905929ac2ca8c0dab2277c41ba48ec81c4f38dfc85b076fdaf67e600ba9ba3e90860ca2c028955071e0e7878191359817fac1ca9af505278f07026ad1b1f26d4c2adeda8fec9762a2dc6cd15935381de4073579fcbce9d41fce497075050fbdf578e10b86267e88ac5a7e2dc1e97a9375744c92a404d4cce5419d1152a43f569b349bf8aceeaed38a0157b3a1c2b5da9a1f91048d4eee2537707628ed203b2cc57122983edfe404a2cb79dc7c77b4dc00229a309d65b95a14cf0a5ee5ba31f8c6be69b97b4ff451710fab668196cb1681639fdac29825c4c2e4249c5455f18ab0baa8f41373518f0617638e27de277bfec5187a8f82787d1cff4e38a57bd7d921986e0f87935eb95daf6717f952155a69377f83afc5291c827f5104918ccd657364af5f64a0686789a3e4e81b61b79118e9f18b046625e69219b3c9cab41ae61b490f284fa13c3db6f4ef2ff856f08d88448ab0c71e23613b5e4b1bcc370a28f5cdda5ea008e93cbb62a1b1bb118f8dc661f69165cbd98770f53ada3b2c6275e8d7f33251c7c4e3cf7bddbe18dd056b711a56b5de69d794d329900ec5bfbba85bfdcb3b2de98f1753123b01192c84294eb6eae360527b2cb35568eb5867954b878fa21b0d15236224f6318792fabb145415c9b7c53b15d3a84f74ee47c36198dd4cb06565733720fbce46cad5bc343290021815826e31a8ae2b0eb4576e6a29fbbbf613d6a88eab3b1e4812aa14053ebb78b0841ee63c369043327fa11bb8df19796cb7056762581541509d1f53cde977ce81cfadc521677cd025f0ddf509b11d42b89240776210d76c66efb99cc6aa43993030f888b5c44759aa4c7a0e6679932aef4d7b431bde93a31266b05aff16683e9d92a9b768b42329c2bd5b75402013d304c6ba0b1c4b68687cbc6b70b47a70aa929e2756ff53fad1e6af600b3a51864ff4d69275cc7a713ffaf9440ddd9faf8167b7e807bdaed5ac82a01618da79923fb26119eeeb278731833ad4c2fb1acfd422462fe1d208a3c217942bc2514648f01e76a6740e9fe4fff316a10dae0ba86e414da443986ea171f733eb00d909b3b2aa56e56672d46428078b2c1c4a7a5c95ec93798002a36a457d2ddcdc0cdbfd25223bd40347ad364bb9b4067c324a42a9442f4f3b3c353c39dda4e310ee7ea410b29532ff54377ed05e4ddef560f88625cd4824b8e48f0025951c6b9165e842a1a8c7c447320363be71a3ae8f58cfa102ae8f02945f9e4de4a7a3e37db0728b178e0243122ee2681811de2f0306591a056e092ceff1ae651c2247708656dfb38fc2e23f6394b648da01df066098c29610f0bbf4c5e6f7d8bc5bc7205e36c36d89e017c0d1446901875e3db195a6a0eb98c1283ce3665c1cc20bbe573748d3e2b306741df4c5a18471702061313dc250afa5fcd07e18d1c9750eb8d66cb5f9f963a97f27236aeb80dc7300507f3a27b09e960aa960933629dd135fe2c157c209feb0e9b89cf23799abdd002887f060e1b6ecf766f9e6efecab3a018778150f86f31eb9a2765c28038304a36127437e70cc264503649802527d94a5bc392f6ca47c3993f0b3642fad58484f2070c02160f325c7adf08dd256a62e22bf576e72491db9b3f674fc64ef9e81c707b16738310cd72bc77479abc28e08efd328b413abc2a7ae808ef0d91acc0bebe437209a78f3b0cb6ae537ec1ff3167bed6cea2bfd755e7c0f00947aaaeb131c121f649f01fb1c99cf39857782d434a9a301c5ba73e05f8b23493eceb4998e673f0bb1b98e85413ddb0d48b0736b20e03bab82b40255763862acf88a11c46e42c6a40c558b612b9186d4d23098038c89293af8dc57730fafe984882a67bd07e812dddc17962c34d0cb8aa59609b14008d279ce4951003d836b6599cbefefc1eb0f2573cd6dd840b30d3ae4fd99fab6ffb43a20f7311b130bbb86490c2a69f8b0b1f6b37bf2911fa3240356de751a86151b3d4cbd46832f09dae5adb41e005a349ef191a12b9d4d08ef22aa28aecd4374d7f6201b48f3a20a2b2babe87c10dbd7e544214a49691acc67751e00febfe8777d4a2f634c21bb7502acf8abaa8196b50b463c9b2eabf461106eaee26f529f0699d281ffb68ffd6fabee2bed8f94b253acb95adfcfe1f97c6b24f793eae6d0fefd85db7539516780916fc3919a754a2750c46e28c503117afe4994d1466d8b9e90fd7769df6b78ec62cb4dd3c7e6414e2edfdbd46528ab3c935fe0a4ec736b5f1f5bb1ceca9c9042c5812c3a1789d1a14a003c2ee8f6fd0e0184376340ee989847b51f7d31174777e6682665ca1d0b076eee61e195c725cc7c4ebc62d93db9db8219c8bd7aa37ac840163ae07a522aaead0bae3e74237a85f3c1d59a6f5801d1acb3f128a43a46ef8f4b5abdabb370a49c2b64a0d77f38a57ec32e0e5610c6881114a0d5b6730d0b7fcb94bb6946ff18e83d6b806661e96975907f4f41c8a4561c69b875a8e85ffad60cd39e80e119a6b8010ac2fc8dabc4d41589ee6b9884858c60dcf6a277808a0b6bfe026ff6c2b5361e205478ea1cc265c95bd394b0e137943ae06b9e238f107b92c43fcc6989adae058c7954fc054815f832d0b7fc8fe44fe49a5fc4b4a3ce85d22ea54e7aeaaa6ad11530441bca6b501e41afa5386a0d5cccc44e846f3f6faafa0e5927bf316f3c441aaade5ca8ce4cb8a8be7956a6343257bac954a5771f50f479241fd115dcb96e215ee9af843652f5bc4491ca5afd287b450f3ea1a6e5fb9d9db57a2133110720716ef0f4fd542a7438f4b862a324eecd2295cbfa7ae42bb7cf48685ed1788ec480a366d626310ec69a19c5ef6c0a4624fab213957bc45f13449d5fac0d4347be1ad402e5e14f1d8035825bc455f19ce81c53b6ae97c6e07ffe05ff476079c9adab166fbd33e7ff297cfcb2586e300f55816c76346f2f7f5e64f6552b75ec7dc0d61f0792849f7f2a7523825b6013702ff532f9525ba12641d5c2756a503cadaac45a31be311ef37d76098c1f69d82046465e91bb9c5bdb13bfec14ef6fbac1cae5994195da2db94fdb44c6b34dc25ca3adfa1657491b999a9c70a4ba94c5041e2c1fe1ffd21a6f31a965978b3035387b2cfbfb89f259c78f2fc3ce736b950d64aa3df62bbfa86a32f0de9412c98ad6269db276486ce3cc50ea0301b37a020350aec86ce1b6e732e82aa886223a53824781fb56d19e765749b7146be09e0915e4536ed59e1b7f8624adb3e5618db9f738d6bf1e59d5708a683de135cc78f22d0198e3c2ff54069a0e7e5416b5cf818e7a7361997cb8b3b393d4d633a161467d7ae5f7de5f9de4bfeeada6cef981825636467f07679d6aac42b8f614ac0228148af2f1c0a5172fb6b020415af9efecad7aa166d1b2484c8ae17fe5f04ed4aff6509acf48ae8e022536e7449d0616f3f5b22683bcc0b655c07d8f97ae4050ebd7e91d02f61b9f6f03cc6b447d24aee4b99e6de0d495ce57ec8dd6e7d082259b165dbb7117b5f55268192ec4fc2870c861c1a32e9d359b5aa2788c189dc571f5def0c17c0f2f06b9ac650f5359b7f7bc59ce19f36de40107ebbc0c4a79abfef3b1b3967baadb17e16c038e58deb6edc6745ae382108c84170d23da27e5287284da7897d7a40badffe4c36ce643d8f157bf4fa754de4de38fce5956e6b2e83e5e560f1dda47cfbdc78a4dadaac5afaba77b782cf98d4a23fd08048bfd42dc3cc940610a5964f8a6aaead1c504ba6aadaf1020dea9a0587c07afb4b61f98cb73b98a5881111405aa3765f7ee223e6e8ee3f587bd00f3a7cdfd608a3d4c7012f294c4cbd12e264160257035a111f31e63d11bdd1c165551ccb5a0e98ed0aedd614c8f7df89faf15a4b1d5629763074a5a55d16cac4d2ca411d06627f533b45be34283575af4b4676344aa7dbd42dbdb97cea98cfad7c3583a904438e5a41dfe8cfbca85edfbe34ffe60499511a3d5b9e1376eeeaf91f5ad24ef609bd75ccc4a5beb2b2e98e9bdc034ee4a0df27e3aaeb358ab782b0e1010ef6a40cec66ea9cdeb04a85e08144695252667e901ed08ed4bc095e80a74bbd63605114152099b53a8b19bced70297a8c9aa11b5b8715ec0863402172028a33a69311328c30ad1335ccaa0a91491a8f45f06162e08dcd5584cf223fdca1a9ddcc95dcb4ade21d39fb50c5eeb7f9b60819c7dec0e310c35f1a548cb0b4ad885b3bc0c78292bb5bdf536786c0edeecbb7c817365c13ad9da9eba0ec720d4ca51e7523fa3454897a1dbea50b66c2be4fbaab647075d6c9249db5fe904b9eb17c57acd23b22a056b932cb76fa7b68fe0f352c73e6cbf8d52d8ccd3368a2876b281b1a7eafe207ce2260b44f7852a6fb757eaff9cf89f60c3754d02cdbcde4d262f491ad766c6268033aca482496ce43a2d16ca8bdf50222026917a44c2c24175f847ad10d274338b9907d10d743c53a54fc3c7a218af9a30c0791a2d1c8f50e78f1bbfd", 0x1000}, {&(0x7f0000000500)="dad99d15550ac99eed424413a4df4701f16d3c29b0c1a580df2df8c742d6f6d04bbc503b6930141d801da4b94439b68e5a3c17f4720748be4fce5847e947267fb83d872cae5b9d554bfc13c6ea6ee4d3de6106b9456a93ab87f35277421382be0c3a54e4834574841f8dffc2ec837817776f630cfdfd8637d1f9cb9a816c134a9dcb53c6014b4e5d8016925903d59633c0879f70dd34cc3dce532b0187827eb803c203a0962b482c825d836637d4d8593842c8051165431678c6b69bb6", 0xbd}, {&(0x7f00000005c0)="3252f689f962517c3019d829db5551418f26bdb6b4e0f3444a78267b70ec4b504301ea39d34caa0be34b5e6b7f6a5f41809358a4f4ffc13ce595274a3384deffc667b2c64454ba5791eb7b3f9f9d4c06a084c4d29f0d8c7a80ee513bb7b1cbaeeb8d4cec7435a226c549804b2dc06615a1da900c44c8b0bb683d81050b584fd7280f76a30e2ff5b8e7c95af3e904a3ae95a445ea6cd0ce9fdf7fa3a6d81cfb1480f197d26450fbddc5163943d8a4f30f8b62be2307c321162dfc59949fa0305a34b16ab3d1ecb580edda1293784150230dfde5a852b1fffbe6dc515321", 0xdd}, {&(0x7f0000000100)="8f9fdb07f69e21ba08851b4338e4952c55acada38c093994d1a1d2a6616c2861d456006d117827016633711b0c2c321901cf08f41a440002f987c5aa65fef6a8fac2f233b03049f25480a59a613be4207d", 0x51}, {&(0x7f0000002480)="a176d41634fe65dd1a62722e63e047a71c46a5bdb164442119bc7beb371b38dea111398db9867c29b60bffb509db4e0df736dbcf1d525afaf8adb3eeb055a4f038a05ab9864ac3525854049ecf3158a1e3888deb10647afc279552f3e330a11975d7250431d8855760c8c27d8732ba9bf4356fbbe2249248851f1dec82bd1b48940ad1db0bbede7b19cf753fcbdc9d28531be0a134d1b59ece562f8b964ca6ddbb1aaa054e4622fcda9fc1086095299403ef074bf8faa23bc2055947b2955921718a49a8ad5bfd5e56baa2a266aa9130e9018d5822d063bf29d983a0d13762fe6b97aff9fa31cef3882076d0e45496093f68a181198ce1c880fb31b6309a32cf677d6d174580822c1ce0f4e8e381706649eaa25673b7649cb1f3bbaa702be6580d5f5d1e846800fa7c6999ad3e2da53141f28e69a692af587f074d8edbc79103edeb7b264843cdcbe744fdf7f09a8e783de3ab3d04e5b542bdb896843127d54ca0a5c4728038afad800595185a96f6e56e302fb7efac1824f4adce62024c0559a880b0efaa345f4af951ce0979ceaa8f7d363196248b090c3c7fe516195ce8e2f004d748dfb6d7c1f71e2d579b0df0b40cb0d291cfa8390b017e4d56ada67f9564d18fe7ca9ca07b58be1ada394a68be716d670fbfe69ed6024ac92d0425cd98f40a17ba547b65025f5a34b8523ceb34ea20179dd30dc44635d84484cdc9fce9bb3f64885d6ae0024fe94cc1560ba1286e8937769d61c3ba10b20d4a949025fd70827e73f7465dc608da548f007199f7d13561c352f6830c27ae829a7d4622bf7541f587f16c3d145775b04850cdfa423337ddcfa7eddd2f07cb647bc6c0b830ef11f9df3b69c2d0a52fe6f96478cef293456376d6c559c96afbf1cc34937598f7a7bee83d6cd6ce30f462d83d5159fd908450ce41052e58f8ad3f7f5e1ebee32fd8efb7e1e7de6261401db44871fdcc6b7ef0e7ac5ab2fe57491111883c27668c32b4046954009ad3c3fbd589674174cbd48d710b5de4269a76aa9d975492fcc8434872ce9d61b8a67889950aa24d21b4d4ac4c8c0a1a34598fe5cb04f819a64e952566e3f50a9fe6f6e0a419f65d00d8c28a5c8200a6a308a830ff57af2d13b2b731e4d19bbf1a75b35474f426c10efefddaa0445b05879f8c7b26c66270048f802e5cf520e90b2c9d7e66ef1450612717c20e14d235bd10892ce0e2829d62bfa14e234f291afa0ffbb448fc3726021a91686c96a00574c360da56254bd1dc52f164e7dfd7c0d53204a930fad9c4b68b8510657bedc556d67d823e9fcf5447e80baa98120fd1159cf5a42f1aec96fbc6da15f49c972a9b1af7c44fdb1dbe9d722ff171205b073304ec626ca77e229596bbe9a3b18278f447a126fe218fc1e9f47bc338a56ba8de78697f246b41e31032fada6cfed7aa9e378b8ea3f1f2853e268c1c8b0263cb115386e780d8f5ad26562126f40e1d000b1d344d8d4b988cc2d267aa55f8237bfe6123836949bf6e9f801ac7f1cb7071c2643fe15999c2bfb51816b82e1ca95e65e1d444cd62b2975b24a71d016aba671ee470214c30ecfd0ba18ba02079f4d584a65c4a82ec84ab0bebf717ec8413e32bac1c4548d82134968499055fb3f4660e4e18efdbc8be42a211b3b5b6de62e3e784b49f27761c983af7800d02d1b8021ccc86c5d30c9a12887ec6db5186f03ed8e101716befd31d860dbfba515d5f68cfcb00f129c7aa1052e3d6a6c8367924722ff5b896ff1d17193c55a4260f8750a8e9aa7a644f7b8c516e454a053dd4c4a08bb8e8de422a2412e822b1bb54dc3a0bde553fd615efbff0bc1674c8e5b461225b64986fbdff5b39590a2590480eb7d4cf190ad7f48c0c57965fd9b6b2dd4a16740bc01abddbbc37e2c88d958f2d28173aeed4ebfbe7e37389c463453837deb7f4c79f49c67c58e5f04a0d01f774594d15c4153a438eedd6ce2be822201f97de2dd75ba23219975ec31ddce887432d58de00903a6f9a2f33945f3a49bbb97b069aca3fb63e39c2d1224010abd6c76e1084021b8e3bc67ec052ba8f22d4067612a5f867a756aafcd129cde92b7ba1ea4dd495496da216d53718752c51f263d32b30a65716749986624348bd859ff64e5776d825b270c4d3a29f4dba1f14d4dd26256be81933a4c2755c18dd5c140ee9609630e802cbd925ebedfe164e527f785502a2a41bf4d48d3120ae879424ede7660ebed140eedf94f2f442aed612c103ff76f5172b67b57601d35a977e215abbc27ff42f2b5ca0ecef31bc358c6d39cb5fa3c892c6dd81250affa55065a80449313edc47773e74a3af07163e1b1ef7807782635260d3cf50bf3d7880e1469c1ef801b040a562a0b817798b0ea759f8059198bf592afc2e4f484a4d8d57f3191e5ddadf98a268d594e77940427a653de65281a64f4b7b38d21f4bf2da0816a98b1d6ef07b532c01b6e8c941b96d3e5fcc966a19de228fd6ad5ad01dd5e04658712244208120d5b73b9816f9fe9ce882ddd20b15ff9ccf08fecb22ad4f8bd816f1a9adeb3ff5b3452c403b376a644c52e6cb62079bd8d5e85f33aba84f74aeba4f4355f3cc6bc505267007c676bd0d4960165bc755d15d05f9d1479969bd5e6369eca9f05967a7f307e4461e5fd552e6fb477a68d3725681b3d412e3778969a744a9b5e29fa8b59d71e220746e361a0a26a496d64b05779aadfcba2ca7872ad6cc4f918c3a46ede027e61f172e33be90b39304c1cafe801ed79be006209ed581103f806caa5511e0a1d90dad92c68ed2d1132479285e1ec1bb8431864139eebf8bfc1796e092d9680ea04a3415fb27ad87b8f4ca92ad6dc3607906a52940b06bb8aa97fb544dbcbe0a41b90b679099c25f0cec84d6bf5997895ed926a4d464569362d526a43b634dc85085b2cf23924e2996a21493959fb017560d2462e50536a0ba61ab753deeab2077a8d7f941d781e67feaad0a40044c686ab9c54c15b45ca0d6ef817ac59531a7991e01b87d923b898f5892098d0b696963fd247a73e33c469177636a9e4c7c6ca1d22832ca09e1fc474c59fe947c42cf9291a708932402703563681639e50c8ca23e6802b9482ed54244a9b8a1fc63e2fb41b795508d7a52338734ed279f6c0e095715928ed7a0e1b308123288d737eaa17f5e123acad7040fef6cf166d2c270c29b6fa260316e360d5f69f7b4612a284c18cb155b9746a68968356ff44e26dbd905154d8339b5fd506af025507b0c07548e47625baab71f3aeb84263f95ed7f029e1ba009124aa9140824721f73356c14435fbae6cd1d6c98871d68bf975598e197c792a145d2cc0bd440cd04149c05f1957db83f9a49a42b9f6bcddff840e47e63b7613498922facecef1e49ce94fcca476d8d909483e5377a9787bcd337aaa59b6789c6c6ca08a998133b4087acaf1749229ce0845825523a18c5c399a3b3d658076515dd8419ccfcb839743edfddd33ca826611cb21b7f329e105f9503482919a08ce83688c2cd9b5aa644a9524120eccf9ffb361c4a9696a8bae825481a0b15ee942d45f17c9ae53b72680180be2aee42f6cd37fdbdc8999ab0e5958911486347fed4eb4bd9aa4b3333f01326c1bbe025b3220449f57dbc154637311de51401200df02d7bcb44b314e344005072b088e0558fc89d47c0abe9b74c8882d5b748585ae29455d6616219cbd582f7cf9e86c108420dfd7d6407298d8ac31fddbefcfd0e5102fa5690af762b2776819ebda5078cc68b2bf405d3902a819696e5817c16911fdfbd1a884c0e2c266deb8eb8cafe4d8efc67856a540e502aeba72357ef426474626bd70fff4459ca10010d6c9ca51d1a727e5b094e767dcfa5e678fbd5f425b99da64174113b2b1cc9ff67454e931470257d1a393006f9f3c015f414491e99a8dd326397ef943c362af5daabb21e82b92fb626df02fb7457748d23fd92f1fc3ffb0d3f0272513cac48778552fff9978c4e3d7e60df395bd35d212f19d072b48ac3e5fcfe90ef9e1d6e1bbf6572145bd8c7318abab1a47bb60770120d202a4186feffaaa729a29e1976b1ceee825db3f2283ade3e96d20e1afc5dd1d4b4d34441f80a4de7552d790996ca736c055e58b80921344115d5b6c015f5833dd946119e113440fd2945b09eb702ab28e036fd5f3d4b55a1a6b4cdc37b05cc257f5c9f9261c9725aaa221265c6f098b9d5a782ffbe0696777bcd23510bf4807123fed9b6aca12a47f86cbf4b63a1b0bf696385b93c82debc0b98f8ff5473a402add75adb3b2e26b34c6c47809f6f2d3d36e6ff1e0002859eafb558d6d9ddcb33b218345f3e498223973c6fb33652615fa5b95219f1178c72a083b1d1b091a19ff28ce2cd15100b1abb857d04259e411be86f6eeaa70d7b93a64ad7c4668826d5540741a1c944cc6ff6230d7c36c59b015017f87884bbc84441d98733a287f9323581319e3e01e52a72cac32140bd18b1fa67f5488bee880afd9b64ab267cdf758d134e8634d466e855f81ab61087a60c1e2ed6d93b58f5ebe7e19138208db9f3803b1991b413acb8bb728a50bb4aa452e6889fac90de2d7a8337add684a4af94b6e4f984f9149746eea6f49ad3a9b22679b0c465e1a1a6fed823ee55e248222dd6fb836477560b2aca38bf65eae22c6e00fb665742c1987ac19d973227c2c71d809b5a618ad81285e3098068d7e74968d8d032a6dd9952d19a150b149aaf4d3754ca72efbf338b9eaecc9f7ad018d6ef3207fd084a2f4a3c20b4783d1a19b38b3a82174c1d0aa46b27e28102b94134d9f3d6c17157f023cf6b6a7b82095ac32ef24c56f385c4be3a957e86d0ab28d9f82bcd0d80dcbc62c463cd9d204370d7e924aef2b82e88ec18fa9bb9d3c6e6e25289e9eb16b8be8f178dd0ae21272395c6375fb5d4d9e6ff1e8d86fa08eaef7b3c51332e41cc9352438ac98c86ad8c1f58262bc997b7dec582a7fd4043a0f811b5f20f9d02a62e56ac1ba4660a9057e78c6d8a4ed599229fd04388c1a5588e710364d45ac0b0ccf8b1de98fc3a6bb607accaa08ec720b51c429dd3035d23c07c9dc5029b1868204f8d52075a8b5d58586d67b286de4808e14a3d59616eb64a6fb79ad984ae729def9636a6cbf3ed751b84c78de2383671e297a8683517ad4757ea7139a0174ea2a954217fb85bdf8575e6f22836ffbad914bb0bdb1eb1d46bba68e74565470a12365ebd474f37614dc7cc850d9b2291e7d61d4ae0d2c3bf858cbf58929899c6aa1b9263d15f205cedbb365acb8ab55a852e853b9a4ce5e7c224e5dd2fd83990a12a41f815ba9c8fe321b1be83d26c43b1bdc50d4debcd44c63d19c01b7354863fe8c21e0ba867c0806d9fc84095d1d60c16aca5365a7791376306ba43648a2e8e0d86b1d5c1e2321282f13f7d650fd45c84b42368e8b7851009ee34694c1ea54e2f9f7a4aa98802d3543281be87952dff673d3447a12e350f7ed11d2c176880ef06b96d2caf44b7d87845b21d3efb057ec8bacff50cb5d51ae31b7f2de424facfeca335409b5dda7465d785cb9a2aef61278c5ea1e7904229ed4eb725ce14990cabaed116f0b86122a20e335935257a96b0e42b5dc1204f383cfad38216e652dc24f7d2c31eecdd7210c64170deb5a46b154275e4d4186290c7af0c1b3ce1a67e5499f0b71d5640aaf1163234235dfd4edcc0bf7fe665c469dc4d7fcb04ae29a5762193aa6e2f3d1bb062c7b2d4a2dc7258e25dd8df6f4da2d3f788b4574e906624a37d5358829a27fd9b6670173d702ead9a0cabddabd1ae4fd4", 0x1000}, {&(0x7f00000006c0)="31a3279f0f7eb0ee9644a4693019fd0103fc6bd1d69dbb8e4a80148846411ec02ec383ac83e29b5132851d9cec5c6c01b18a1fc04a422fd108d228dcdc190ddeeec8fe2fa652cb30786cddc6adbb0df505da16118977389ebe1d57122ada20e4034b3fef7a93b92c44e99b9755003d03171c7a57e8083285a603d0d93ce8b808a7c36a2de78bf650ae956abc0387b5bb4c573474cd5f07dbcb34345c81ffe2882d584dc037c22e3fb39dd777bad7421bf7bbba3a5f750e68f1c1fa13d85c98", 0xbf}], 0x8, 0x1) write$P9_RSTAT(r0, &(0x7f0000000880)={0xffffff1a, 0x7d, 0x0, {0x0, 0x140, 0x0, 0x0, {0x0, 0x2}, 0x0, 0x0, 0x0, 0x0, 0x0, '', 0x6, 'msdos\x00', 0x9d, '/`ev/vcs\xf5\x00en-\xb4\xc9\xda\b\xf5_K\x9bL\xf7\x05\xbb\xb4\xbd\xf9;]\t\xd9-\xc2\x13i\xc3\xd3\xbe\xeb`>\xc99?E\xbe\r\xdb\xcb>\xa9\xa8\xdf\x9bo\xa6\xb0\xc6Hm\x8f\xf2`\rW\xf6\xda\x02\xe3`\xed\xad]i}2\\\x82\xbd)L\x8dR\x87C\xe5.\xf0\xe2E\"N\xcb\xee\xb3Q\x87\xd7\xf0\x97;\xd9/Q\xb9=\x12\xe3i\xe9#W/\xc0\xf60@\x97\xa5r \x03\x11\x04\x1bU\x19\x1bY\x7f\x1c\xb3KL\xb2S\x0f;\x83\xb6\x88v\xcb\xfa\x17\b+\x9bT\t\xb5\x8b\xd4!\xc0\xa0', 0x6a, '\x81\x18\xa6\x84\x06#4\xc5\x15\xb8w=\x7f{\x15\x8cZ&\xb3\x0e%\x8b%\xac&\xc9y\x86<1k\xda\xb5\x1bC\xd8\xa9\r\xfbe\xb6?\x99\v\xe2M\x9a\rx\x8f\x7f\xd9\x1e\xd8\xaa\xbe\x82\xdd\x8b%.\xdf\xa6W\xb4\x03fi\vvf\xc7\xc9\x14d\tF2\x91\xbe\xf6\xc4 \x18\xd8\xf7\xc80\x05\x80\xef\x85\b\xe4q\x00@r\xba\xf7\x95\x84\x1fQK\xa0'}}, 0x147) 11:13:27 executing program 3: syz_mount_image$msdos(0x0, &(0x7f00000000c0)='./file1\x00', 0x7aca, 0x1, &(0x7f00000002c0)=[{&(0x7f0000000180)="040005090000000066617400040409000200027400f801", 0x17}], 0x0, &(0x7f0000000080)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') r0 = open(&(0x7f00000000c0)='./file0\x00', 0x40c2, 0x0) write(r0, &(0x7f0000001400)="bb", 0x1001) r1 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r1, &(0x7f0000000300)=ANY=[], 0x116) sendfile(r1, r1, &(0x7f0000000240), 0x7fff) creat(&(0x7f0000000100)='./file1\x00', 0x1a2) sendfile(r1, r0, &(0x7f0000000080), 0x684aa014) write$binfmt_script(r0, 0x0, 0x60) ioctl$FS_IOC_GETFSMAP(0xffffffffffffffff, 0xc0c0583b, &(0x7f0000000300)=ANY=[@ANYBLOB="000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000300000001000000ff00000000000000d71f1e0500000000080000000000000039000000000000000000000000000000000000000000000000000000000000009e0f0000c70000000800000000000000000000000000000000000000000000000200"/320]) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() wait4(0x0, 0x0, 0x4000000a, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000002c0)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r2, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0, 0x34}, {&(0x7f0000000000)=""/3, 0x3}], 0x3, 0x0, 0x0, 0x0) tkill(r2, 0x3c) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x48, &(0x7f0000000300)="f43970da7cfeb6d42fd55103666c5762306aa6000000006e59b65f92b10000c571b846e84785185abde7d01894a79025a799ce07a8bdf0c91d32be313b558a8b5a3ae6a22cd7123b"}}], 0x1c) [ 337.838422][T27560] loop4: detected capacity change from 0 to 262160 [ 337.845810][T27562] loop0: detected capacity change from 0 to 264192 [ 337.850482][T27559] FAULT_INJECTION: forcing a failure. [ 337.850482][T27559] name failslab, interval 1, probability 0, space 0, times 0 [ 337.865005][T27559] CPU: 1 PID: 27559 Comm: syz-executor.2 Not tainted 5.15.0-rc1-syzkaller #0 [ 337.873922][T27559] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 337.883261][T27562] FAT-fs (loop0): bogus logical sector size 45392 [ 337.884186][T27559] Call Trace: [ 337.884194][T27559] dump_stack_lvl+0xd6/0x122 [ 337.890978][T27562] FAT-fs (loop0): Can't find a valid FAT filesystem [ 337.894240][T27559] dump_stack+0x11/0x1b [ 337.894266][T27559] should_fail+0x23c/0x250 [ 337.914106][T27559] ? mempool_alloc_slab+0x16/0x20 [ 337.919279][T27559] __should_failslab+0x81/0x90 [ 337.924048][T27559] should_failslab+0x5/0x20 [ 337.928626][T27559] kmem_cache_alloc+0x4f/0x300 [ 337.933534][T27559] mempool_alloc_slab+0x16/0x20 [ 337.938563][T27559] ? mempool_free+0x130/0x130 [ 337.943296][T27559] mempool_alloc+0x9d/0x310 [ 337.947838][T27559] bio_alloc_bioset+0xcc/0x530 [ 337.952919][T27559] ? iov_iter_alignment+0x34b/0x370 [ 337.958125][T27559] iomap_dio_bio_iter+0x5e1/0xc00 [ 337.963160][T27559] __iomap_dio_rw+0x8d8/0x1010 [ 337.967933][T27559] iomap_dio_rw+0x30/0x70 [ 337.972311][T27559] ? ext4_file_write_iter+0x4a1/0x11f0 [ 337.977767][T27559] ext4_file_write_iter+0xabe/0x11f0 [ 337.983057][T27559] ? ext4_file_write_iter+0x4a1/0x11f0 11:13:28 executing program 4: r0 = getpid() sched_setattr(r0, &(0x7f0000000240)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') write$binfmt_script(0xffffffffffffffff, 0x0, 0x8800000) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0) ioctl$SG_IO(r1, 0x2285, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8914, 0x0) r2 = open(&(0x7f00000001c0)='./file0\x00', 0x4e141, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r2, r3, 0x0, 0x401ffc000) [ 337.988514][T27559] do_iter_readv_writev+0x2de/0x380 [ 337.993721][T27559] do_iter_write+0x192/0x5c0 [ 337.998359][T27559] ? splice_from_pipe_next+0x34f/0x3b0 [ 338.003818][T27559] ? kmalloc_array+0x2d/0x40 [ 338.008406][T27559] vfs_iter_write+0x4c/0x70 [ 338.012934][T27559] iter_file_splice_write+0x43a/0x790 [ 338.018339][T27559] ? splice_from_pipe+0xd0/0xd0 [ 338.023302][T27559] direct_splice_actor+0x80/0xa0 [ 338.028484][T27559] splice_direct_to_actor+0x345/0x650 [ 338.033871][T27559] ? do_splice_direct+0x190/0x190 [ 338.038911][T27559] do_splice_direct+0x106/0x190 [ 338.043876][T27559] do_sendfile+0x63e/0xbb0 [ 338.048373][T27559] __x64_sys_sendfile64+0x102/0x140 [ 338.053792][T27559] do_syscall_64+0x44/0xa0 [ 338.058200][T27559] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 338.064117][T27559] RIP: 0033:0x7fca7d004739 [ 338.068556][T27559] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 11:13:28 executing program 5: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f00000000c0)='./file1\x00', 0x0, 0x1, &(0x7f00000002c0)=[{&(0x7f0000000180)="040005090000000066617400040409000200027400f801", 0x17}], 0x0, &(0x7f0000000080)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') r0 = open(&(0x7f00000000c0)='./file0\x00', 0x40c2, 0x0) write(r0, &(0x7f0000001400)="bb", 0x1001) r1 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r1, &(0x7f0000000300)=ANY=[], 0x116) sendfile(r1, r1, &(0x7f0000000240), 0x7fff) creat(&(0x7f0000000100)='./file1\x00', 0x1a2) sendfile(r1, r0, &(0x7f0000000080), 0x684aa014) write$binfmt_script(r0, 0x0, 0x60) ioctl$FS_IOC_GETFSMAP(0xffffffffffffffff, 0xc0c0583b, &(0x7f0000000300)=ANY=[@ANYBLOB="000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000300000001000000ff00000000000000d71f1e0500000000080000000000000039000000000000000000000000000000000000000000000000000000000000009e0f0000c70000000800000000000000000000000000000000000000000000000200"/320]) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) gettid() wait4(0x0, 0x0, 0x4000000a, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000002c0)="0f34", 0x2}], 0x1, 0x0) 11:13:28 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000240)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r0 = open(&(0x7f00000000c0)='./bus\x00', 0x14d842, 0x0) sendfile(r0, 0xffffffffffffffff, 0x0, 0x80000001) r1 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r1, &(0x7f0000000300)=ANY=[], 0x116) sendfile(r1, r1, &(0x7f0000000240), 0x7fff) r2 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) sendfile(r2, r2, &(0x7f0000000240), 0x7fff) [ 338.088174][T27559] RSP: 002b:00007fca7ad7c188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 338.096766][T27559] RAX: ffffffffffffffda RBX: 00007fca7d108f80 RCX: 00007fca7d004739 [ 338.104733][T27559] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000003 [ 338.112719][T27559] RBP: 00007fca7ad7c1d0 R08: 0000000000000000 R09: 0000000000000000 [ 338.120861][T27559] R10: 0000000401ffc000 R11: 0000000000000246 R12: 0000000000000002 [ 338.129308][T27559] R13: 00007ffff87c0eff R14: 00007fca7ad7c300 R15: 0000000000022000 11:13:28 executing program 0: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f00000000c0)='./file1\x00', 0x7aca, 0x1, &(0x7f00000002c0)=[{&(0x7f0000000180)="040005090000000066617400040409000200027400f801", 0x17}], 0x0, &(0x7f0000000100)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') r0 = open(&(0x7f00000000c0)='./file0\x00', 0x40c2, 0x0) write$P9_RSTAT(r0, &(0x7f0000000240)={0x54, 0x7d, 0x0, {0x0, 0x4d, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0, 0x0, '', 0x6, 'msdos\x00', 0xa, '/dev/vcsu\x00', 0xa, '\\j}/*/|,\x13('}}, 0x54) 11:13:28 executing program 2 (fault-call:5 fault-nth:32): getpid() syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = open(&(0x7f00000001c0)='./file0\x00', 0x4e141, 0x0) r1 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x401ffc000) [ 338.217449][T27599] loop0: detected capacity change from 0 to 61 [ 338.227999][T27602] loop4: detected capacity change from 0 to 262160 [ 338.241759][T27599] attempt to access beyond end of device [ 338.241759][T27599] loop0: rw=2049, want=64, limit=61 [ 338.254293][T27607] FAULT_INJECTION: forcing a failure. [ 338.254293][T27607] name failslab, interval 1, probability 0, space 0, times 0 [ 338.266990][T27607] CPU: 1 PID: 27607 Comm: syz-executor.2 Not tainted 5.15.0-rc1-syzkaller #0 [ 338.276023][T27607] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 338.286092][T27607] Call Trace: [ 338.289370][T27607] dump_stack_lvl+0xd6/0x122 [ 338.293987][T27607] dump_stack+0x11/0x1b [ 338.298153][T27607] should_fail+0x23c/0x250 [ 338.302582][T27607] ? mempool_alloc_slab+0x16/0x20 [ 338.307636][T27607] __should_failslab+0x81/0x90 [ 338.312416][T27607] should_failslab+0x5/0x20 11:13:28 executing program 4: r0 = getpid() sched_setattr(r0, &(0x7f0000000240)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') write$binfmt_script(0xffffffffffffffff, 0x0, 0x8800000) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0) ioctl$SG_IO(r1, 0x2285, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8914, 0x0) r2 = open(&(0x7f00000001c0)='./file0\x00', 0x4e141, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r2, r3, 0x0, 0x401ffc000) 11:13:28 executing program 0: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f00000000c0)='./file1\x00', 0x7aca, 0x1, &(0x7f00000002c0)=[{&(0x7f0000000180)="040005090000000066617400040409000200027400f801", 0x17}], 0x0, &(0x7f0000000100)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') r0 = open(&(0x7f00000000c0)='./file0\x00', 0x40c2, 0x0) write(r0, &(0x7f0000001400)="bb8f9f640903127a53527c6fbfe65d43b0e0586f2d40c7e7df58cac83420e83662d6e39bb6d5430622431454eedeeaee423d8f210bc3525fa7927c18d5fbc91ab13c2041136047d8da9375934d00f325499bfe77", 0x54) write$P9_RSTAT(r0, &(0x7f0000000240)={0x54, 0x7d, 0x0, {0x0, 0x4d, 0x0, 0x0, {0x0, 0x0, 0x2000000000000}, 0x0, 0x0, 0x0, 0x0, 0x0, '', 0x6, 'msdos\x00', 0xa, '/dev/vcsu\x00', 0xa, '\\j}/*/|,\x13('}}, 0x54) open(&(0x7f0000000080)='./file0\x00', 0x400401, 0x8) [ 338.316969][T27607] kmem_cache_alloc+0x4f/0x300 [ 338.321828][T27607] mempool_alloc_slab+0x16/0x20 [ 338.326681][T27607] ? mempool_free+0x130/0x130 [ 338.331519][T27607] mempool_alloc+0x9d/0x310 [ 338.336097][T27607] ? crypto_shash_update+0x13c/0x1a0 [ 338.341394][T27607] ? pagecache_get_page+0x7aa/0x910 [ 338.346635][T27607] sg_pool_alloc+0x74/0x90 [ 338.351071][T27607] __sg_alloc_table+0xce/0x290 [ 338.355955][T27607] sg_alloc_table_chained+0xaf/0x140 [ 338.361303][T27607] ? sg_alloc_table_chained+0x140/0x140 [ 338.367007][T27607] scsi_alloc_sgtables+0x184/0x510 [ 338.372463][T27607] sd_init_command+0x952/0x1610 [ 338.380630][T27607] scsi_queue_rq+0x10cd/0x15a0 [ 338.385482][T27607] blk_mq_dispatch_rq_list+0x63b/0x1080 [ 338.391026][T27607] blk_mq_do_dispatch_sched+0x3b5/0x640 [ 338.396557][T27607] __blk_mq_sched_dispatch_requests+0x1eb/0x290 [ 338.402951][T27607] ? rb_insert_color+0x2fa/0x310 [ 338.407895][T27607] blk_mq_sched_dispatch_requests+0x9f/0x110 [ 338.413990][T27607] __blk_mq_run_hw_queue+0xbc/0x140 [ 338.419179][T27607] __blk_mq_delay_run_hw_queue+0x163/0x2f0 [ 338.425054][T27607] blk_mq_run_hw_queue+0x22c/0x250 [ 338.430185][T27607] blk_mq_sched_insert_requests+0x12b/0x1f0 [ 338.436081][T27607] blk_mq_flush_plug_list+0x302/0x3d0 [ 338.441488][T27607] blk_flush_plug_list+0x235/0x260 [ 338.446684][T27607] blk_finish_plug+0x44/0x60 [ 338.451328][T27607] __iomap_dio_rw+0xca7/0x1010 [ 338.456097][T27607] ? __ext4_mark_inode_dirty+0x501/0x5c0 [ 338.461758][T27607] iomap_dio_rw+0x30/0x70 [ 338.466083][T27607] ? ext4_file_write_iter+0x4a1/0x11f0 [ 338.471525][T27607] ext4_file_write_iter+0xabe/0x11f0 [ 338.476797][T27607] ? ext4_file_write_iter+0x4a1/0x11f0 [ 338.482253][T27607] do_iter_readv_writev+0x2de/0x380 [ 338.487489][T27607] do_iter_write+0x192/0x5c0 [ 338.492069][T27607] ? splice_from_pipe_next+0x34f/0x3b0 [ 338.497541][T27607] ? kmalloc_array+0x2d/0x40 [ 338.502208][T27607] vfs_iter_write+0x4c/0x70 [ 338.506703][T27607] iter_file_splice_write+0x43a/0x790 [ 338.512192][T27607] ? splice_from_pipe+0xd0/0xd0 [ 338.517022][T27607] direct_splice_actor+0x80/0xa0 [ 338.521950][T27607] splice_direct_to_actor+0x345/0x650 [ 338.527307][T27607] ? do_splice_direct+0x190/0x190 [ 338.532341][T27607] do_splice_direct+0x106/0x190 [ 338.537225][T27607] do_sendfile+0x63e/0xbb0 [ 338.541707][T27607] __x64_sys_sendfile64+0x102/0x140 [ 338.546915][T27607] do_syscall_64+0x44/0xa0 [ 338.551515][T27607] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 338.557475][T27607] RIP: 0033:0x7fca7d004739 [ 338.561872][T27607] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 338.581557][T27607] RSP: 002b:00007fca7ad7c188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 338.590441][T27607] RAX: ffffffffffffffda RBX: 00007fca7d108f80 RCX: 00007fca7d004739 [ 338.598836][T27607] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000003 [ 338.606877][T27607] RBP: 00007fca7ad7c1d0 R08: 0000000000000000 R09: 0000000000000000 [ 338.615033][T27607] R10: 0000000401ffc000 R11: 0000000000000246 R12: 0000000000000002 [ 338.623086][T27607] R13: 00007ffff87c0eff R14: 00007fca7ad7c300 R15: 0000000000022000 11:13:28 executing program 2 (fault-call:5 fault-nth:33): getpid() syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = open(&(0x7f00000001c0)='./file0\x00', 0x4e141, 0x0) r1 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x401ffc000) [ 338.695383][T27619] loop0: detected capacity change from 0 to 61 [ 338.713648][T27619] attempt to access beyond end of device [ 338.713648][T27619] loop0: rw=2049, want=64, limit=61 [ 338.726111][T27625] loop4: detected capacity change from 0 to 262160 [ 338.740061][T27628] FAULT_INJECTION: forcing a failure. [ 338.740061][T27628] name failslab, interval 1, probability 0, space 0, times 0 [ 338.752734][T27628] CPU: 1 PID: 27628 Comm: syz-executor.2 Not tainted 5.15.0-rc1-syzkaller #0 [ 338.761506][T27628] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 338.771800][T27628] Call Trace: [ 338.775166][T27628] dump_stack_lvl+0xd6/0x122 [ 338.779788][T27628] dump_stack+0x11/0x1b [ 338.784001][T27628] should_fail+0x23c/0x250 [ 338.788432][T27628] ? kmalloc_array+0x2d/0x40 [ 338.793063][T27628] __should_failslab+0x81/0x90 [ 338.797844][T27628] should_failslab+0x5/0x20 [ 338.802366][T27628] __kmalloc+0x6f/0x350 [ 338.806526][T27628] kmalloc_array+0x2d/0x40 [ 338.810985][T27628] iter_file_splice_write+0xd5/0x790 [ 338.816275][T27628] ? atime_needs_update+0x2ba/0x390 [ 338.821476][T27628] ? touch_atime+0xe0/0x250 [ 338.826086][T27628] ? generic_file_splice_read+0x2ac/0x340 [ 338.831908][T27628] ? splice_from_pipe+0xd0/0xd0 [ 338.836787][T27628] direct_splice_actor+0x80/0xa0 11:13:29 executing program 4: prlimit64(0x0, 0x0, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000240)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') write$binfmt_script(0xffffffffffffffff, 0x0, 0x8800000) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0) ioctl$SG_IO(r1, 0x2285, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8914, 0x0) r2 = open(&(0x7f00000001c0)='./file0\x00', 0x4e141, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r2, r3, 0x0, 0x401ffc000) 11:13:29 executing program 0: sendmsg$NL802154_CMD_SET_SHORT_ADDR(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x38, 0x0, 0x400, 0x70bd2b, 0x25dfdbfe, {}, [@NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000002}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x200000002}]}, 0x38}, 0x1, 0x0, 0x0, 0x20000000}, 0x4000094) syz_mount_image$msdos(&(0x7f0000000040), &(0x7f00000000c0)='./file1\x00', 0x7aca, 0x1, &(0x7f00000002c0)=[{&(0x7f0000000180)="040005090000000066617400040409000200027400f801", 0x17}], 0x0, &(0x7f0000000100)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') r0 = open(&(0x7f00000000c0)='./file0\x00', 0x40c2, 0x0) write(r0, &(0x7f0000001400)="bb8f9f640903127a53527c6fbfe65d43b0e0586f2d40c7e7df58cac83420e83662d6e39bb6d5430622431454eedeeaee423d8f210bc3525fa7927c18d5fbc91ab13c2041136047d8da9375934d00f325499bfe77", 0x54) write$P9_RSTAT(r0, &(0x7f0000000240)={0x54, 0x7d, 0x0, {0x0, 0x4d, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0, 0x0, '', 0x6, 'msdos\x00', 0xa, '/dev/vcsu\x00', 0xa, '\\j}/*/|,\x13('}}, 0x54) [ 338.841764][T27628] splice_direct_to_actor+0x345/0x650 [ 338.847163][T27628] ? do_splice_direct+0x190/0x190 [ 338.852195][T27628] do_splice_direct+0x106/0x190 [ 338.857271][T27628] do_sendfile+0x63e/0xbb0 [ 338.861700][T27628] __x64_sys_sendfile64+0x102/0x140 [ 338.866994][T27628] do_syscall_64+0x44/0xa0 [ 338.871773][T27628] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 338.877685][T27628] RIP: 0033:0x7fca7d004739 [ 338.882084][T27628] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 338.901854][T27628] RSP: 002b:00007fca7ad7c188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 338.910280][T27628] RAX: ffffffffffffffda RBX: 00007fca7d108f80 RCX: 00007fca7d004739 [ 338.918349][T27628] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000003 [ 338.926337][T27628] RBP: 00007fca7ad7c1d0 R08: 0000000000000000 R09: 0000000000000000 [ 338.934301][T27628] R10: 0000000401ffc000 R11: 0000000000000246 R12: 0000000000000002 11:13:29 executing program 2 (fault-call:5 fault-nth:34): getpid() syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = open(&(0x7f00000001c0)='./file0\x00', 0x4e141, 0x0) r1 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x401ffc000) [ 338.942392][T27628] R13: 00007ffff87c0eff R14: 00007fca7ad7c300 R15: 0000000000022000 [ 338.982272][T27632] FAULT_INJECTION: forcing a failure. [ 338.982272][T27632] name failslab, interval 1, probability 0, space 0, times 0 [ 338.995111][T27632] CPU: 0 PID: 27632 Comm: syz-executor.2 Not tainted 5.15.0-rc1-syzkaller #0 [ 339.003889][T27632] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 339.013942][T27632] Call Trace: [ 339.017420][T27632] dump_stack_lvl+0xd6/0x122 [ 339.022074][T27632] dump_stack+0x11/0x1b [ 339.026246][T27632] should_fail+0x23c/0x250 [ 339.030674][T27632] __should_failslab+0x81/0x90 [ 339.035438][T27632] ? __iomap_dio_rw+0x139/0x1010 [ 339.040506][T27632] should_failslab+0x5/0x20 [ 339.045081][T27632] kmem_cache_alloc_trace+0x52/0x320 [ 339.050465][T27632] __iomap_dio_rw+0x139/0x1010 [ 339.055247][T27632] ? __ext4_mark_inode_dirty+0x502/0x5c0 [ 339.060915][T27632] ? ext4_dirty_inode+0x58/0xa0 [ 339.065808][T27632] iomap_dio_rw+0x30/0x70 [ 339.070165][T27632] ? ext4_file_write_iter+0x4a1/0x11f0 [ 339.075635][T27632] ext4_file_write_iter+0xabe/0x11f0 [ 339.080994][T27632] ? ext4_file_write_iter+0x4a1/0x11f0 [ 339.086446][T27632] do_iter_readv_writev+0x2de/0x380 [ 339.091670][T27632] do_iter_write+0x192/0x5c0 [ 339.096301][T27632] ? splice_from_pipe_next+0x34f/0x3b0 [ 339.101761][T27632] ? kmalloc_array+0x2d/0x40 [ 339.106334][T27632] vfs_iter_write+0x4c/0x70 [ 339.110820][T27632] iter_file_splice_write+0x43a/0x790 [ 339.116291][T27632] ? splice_from_pipe+0xd0/0xd0 [ 339.121120][T27632] direct_splice_actor+0x80/0xa0 [ 339.126034][T27632] splice_direct_to_actor+0x345/0x650 [ 339.131457][T27632] ? do_splice_direct+0x190/0x190 [ 339.136499][T27632] do_splice_direct+0x106/0x190 [ 339.141335][T27632] do_sendfile+0x63e/0xbb0 [ 339.145812][T27632] __x64_sys_sendfile64+0x102/0x140 [ 339.151114][T27632] do_syscall_64+0x44/0xa0 [ 339.155756][T27632] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 339.161724][T27632] RIP: 0033:0x7fca7d004739 [ 339.166123][T27632] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 339.185729][T27632] RSP: 002b:00007fca7ad7c188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 339.194125][T27632] RAX: ffffffffffffffda RBX: 00007fca7d108f80 RCX: 00007fca7d004739 [ 339.202189][T27632] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000003 [ 339.210140][T27632] RBP: 00007fca7ad7c1d0 R08: 0000000000000000 R09: 0000000000000000 [ 339.218096][T27632] R10: 0000000401ffc000 R11: 0000000000000246 R12: 0000000000000002 [ 339.226059][T27632] R13: 00007ffff87c0eff R14: 00007fca7ad7c300 R15: 0000000000022000 [ 339.260311][T27647] loop4: detected capacity change from 0 to 262160 [ 339.274862][T27648] loop0: detected capacity change from 0 to 61 [ 339.289782][T27648] FAT-fs (loop0): Unrecognized mount option "8" or missing value [ 339.329984][T27648] loop0: detected capacity change from 0 to 61 11:13:31 executing program 3: syz_mount_image$msdos(&(0x7f0000000040), 0x0, 0x7aca, 0x1, &(0x7f00000002c0)=[{&(0x7f0000000180)="040005090000000066617400040409000200027400f801", 0x17}], 0x0, &(0x7f0000000080)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') r0 = open(&(0x7f00000000c0)='./file0\x00', 0x40c2, 0x0) write(r0, &(0x7f0000001400)="bb", 0x1001) r1 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r1, &(0x7f0000000300)=ANY=[], 0x116) sendfile(r1, r1, &(0x7f0000000240), 0x7fff) creat(&(0x7f0000000100)='./file1\x00', 0x1a2) sendfile(r1, r0, &(0x7f0000000080), 0x684aa014) write$binfmt_script(r0, 0x0, 0x60) ioctl$FS_IOC_GETFSMAP(0xffffffffffffffff, 0xc0c0583b, &(0x7f0000000300)=ANY=[@ANYBLOB="000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000300000001000000ff00000000000000d71f1e0500000000080000000000000039000000000000000000000000000000000000000000000000000000000000009e0f0000c70000000800000000000000000000000000000000000000000000000200"/320]) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() wait4(0x0, 0x0, 0x4000000a, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000002c0)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r2, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0, 0x34}, {&(0x7f0000000000)=""/3, 0x3}], 0x3, 0x0, 0x0, 0x0) tkill(r2, 0x3c) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x48, &(0x7f0000000300)="f43970da7cfeb6d42fd55103666c5762306aa6000000006e59b65f92b10000c571b846e84785185abde7d01894a79025a799ce07a8bdf0c91d32be313b558a8b5a3ae6a22cd7123b"}}], 0x1c) 11:13:31 executing program 5: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f00000000c0)='./file1\x00', 0x0, 0x1, &(0x7f00000002c0)=[{&(0x7f0000000180)="040005090000000066617400040409000200027400f801", 0x17}], 0x0, &(0x7f0000000080)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') r0 = open(&(0x7f00000000c0)='./file0\x00', 0x40c2, 0x0) write(r0, &(0x7f0000001400)="bb", 0x1001) r1 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r1, &(0x7f0000000300)=ANY=[], 0x116) sendfile(r1, r1, &(0x7f0000000240), 0x7fff) creat(&(0x7f0000000100)='./file1\x00', 0x1a2) sendfile(r1, r0, &(0x7f0000000080), 0x684aa014) write$binfmt_script(r0, 0x0, 0x60) ioctl$FS_IOC_GETFSMAP(0xffffffffffffffff, 0xc0c0583b, &(0x7f0000000300)=ANY=[@ANYBLOB="000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000300000001000000ff00000000000000d71f1e0500000000080000000000000039000000000000000000000000000000000000000000000000000000000000009e0f0000c70000000800000000000000000000000000000000000000000000000200"/320]) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) gettid() wait4(0x0, 0x0, 0x4000000a, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000002c0)="0f34", 0x2}], 0x1, 0x0) 11:13:31 executing program 1: r0 = getpid() sched_setattr(r0, &(0x7f0000000240)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x14d842, 0x0) sendfile(r1, 0xffffffffffffffff, 0x0, 0x80000001) r2 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r2, &(0x7f0000000300)=ANY=[], 0x116) sendfile(r2, r2, &(0x7f0000000240), 0x7fff) r3 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) sendfile(r3, r3, &(0x7f0000000240), 0x7fff) 11:13:31 executing program 2 (fault-call:5 fault-nth:35): getpid() syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = open(&(0x7f00000001c0)='./file0\x00', 0x4e141, 0x0) r1 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x401ffc000) 11:13:31 executing program 0: r0 = inotify_init() r1 = inotify_add_watch(r0, &(0x7f0000000000)='.\x00', 0x400017e) r2 = inotify_init() r3 = inotify_add_watch(r2, &(0x7f0000000000)='.\x00', 0x400017e) syz_mount_image$msdos(&(0x7f0000000040), &(0x7f00000000c0)='./file1\x00', 0x7aca, 0x1, &(0x7f00000002c0)=[{&(0x7f0000000180)="040005090000000066617400040409000200027400f801", 0x17}], 0x0, &(0x7f0000000080)=ANY=[@ANYRES32=0x0, @ANYRES64=r0, @ANYRESDEC=r1, @ANYRES16=r2, @ANYRESDEC]) chdir(&(0x7f0000000000)='./file1\x00') r4 = open(&(0x7f00000000c0)='./file1\x00', 0x48c2, 0x0) write(r4, &(0x7f0000001400)="bb8f9f640903127a53527c6fbfe65d43b0e0586f2d40c7e7df58cac83420e83662d6e39bb6d5430622431454eedeeaee423d8f210bc3525fa7927c18d5fbc91ab13c2041136047d8da9375934d00f325499bfe77", 0x54) creat(&(0x7f0000000140)='./file0\x00', 0x4) r5 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r5, 0x0) preadv(r5, &(0x7f0000000280), 0x18, 0xd9f, 0x0) inotify_add_watch(r5, &(0x7f0000000100)='./file1\x00', 0x1000104) r6 = inotify_init() inotify_add_watch(r6, &(0x7f0000000000)='.\x00', 0x400017e) write$binfmt_elf32(r6, &(0x7f0000000300)={{0x7f, 0x45, 0x4c, 0x46, 0x80, 0xff, 0x80, 0x9d, 0xf14, 0x3, 0x3, 0x8, 0x39f, 0x38, 0x3c6, 0xfffffff8, 0x82a, 0x20, 0x2, 0x3, 0x40, 0xc0c}, [{0x4, 0x80000000, 0x200, 0x3, 0xfffffff8, 0x8001, 0x1ff}, {0x0, 0x38000000, 0x1, 0x7fffffff, 0x4, 0x6, 0xb599, 0xc16}], "6027ab54e86523fafb0c27df5f3eea559c1ec124616be76c7c6de18a23bba6c21902400032488b7114d441af2fe712d12910d1e17e400a36a595aa8a537adc68aef8c603e49311e657d0c52738c71d0f75bdd23807fbedd461bf9218cf25b7701788b05e1ef76779e7264aafe5b3348f6d9e048d49be0745319fbcbfdec0c07744ed9486328d448bbf6ea6064ef2473ee3", ['\x00', '\x00', '\x00', '\x00']}, 0x509) r7 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000240)='/sys/module/nf_conntrack_ftp', 0x940, 0x10) inotify_rm_watch(r7, r3) write$P9_RSTAT(r4, &(0x7f00000001c0)=ANY=[@ANYBLOB="540000007d000000004d0000000000000000000000008245f100000000000000000000000000000000000000000000000000000000000006006d73646f73000a002f6465762f76637375000a005c6a7d2f2a2f7c2c1328"], 0x54) 11:13:31 executing program 4: prlimit64(0x0, 0x0, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000240)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') write$binfmt_script(0xffffffffffffffff, 0x0, 0x8800000) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0) ioctl$SG_IO(r1, 0x2285, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8914, 0x0) r2 = open(&(0x7f00000001c0)='./file0\x00', 0x4e141, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r2, r3, 0x0, 0x401ffc000) [ 340.830289][T27670] loop0: detected capacity change from 0 to 61 [ 340.845680][T27670] attempt to access beyond end of device [ 340.845680][T27670] loop0: rw=2049, want=64, limit=61 [ 340.866323][T27675] FAULT_INJECTION: forcing a failure. [ 340.866323][T27675] name failslab, interval 1, probability 0, space 0, times 0 11:13:31 executing program 0: r0 = syz_mount_image$msdos(&(0x7f0000000040), &(0x7f00000000c0)='./file1\x00', 0x7aca, 0x1, &(0x7f00000002c0)=[{&(0x7f0000000180)="040005090000000066617400040409000200027400f801", 0x17}], 0x0, &(0x7f0000000100)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') r1 = openat$zero(0xffffffffffffff9c, &(0x7f00000001c0), 0x14401, 0x0) creat(&(0x7f0000000280)='./file0\x00', 0x8d) renameat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', r1, &(0x7f0000000200)='./file1\x00') r2 = open(&(0x7f00000000c0)='./file0\x00', 0x40c2, 0x0) r3 = inotify_init1(0x80800) ioctl$FS_IOC_SETFSLABEL(r3, 0x41009432, &(0x7f0000000300)="04de0089a6aa26e05507973c949c5cdb9c05cf143d049d77e6cb8c9abc2106f44e28999adbe35a8605ca1b7cd28d9c04e0b9d64901986ff3e86dc1bc269741f4f37596cbf4a3ed80d127dc75f12d879e733f5725f1c9c62d7cdc8934cb4d030c620de2d5733c0a6c18078e4c4d7323fd5178efebdccec3b2596e884b155b3b7219b9dd08f06513b0a6783b5b7bc8afc97e9a13592c2264cf71a22852a3f18afb170da188e203248888b22b6eba4ad1cbe3713f62ba0abbb3e4890dd6270f19b25cb2873730b1af2eea750f6902e2be1ab57bff0df0c3a73f2c356113dde677ea9dff708f442aa158b593d6af623e38a7a52a87c4682ec35c788439fe97fc5e44") write(r2, &(0x7f0000001400)="bb8f9f640903127a53527c6fbfe65d43b0e0586f2d40c7e7df58cac83420e83662d6e39bb6d5430622431454eedeeaee423d8f210bc3525fa7927c18d5fbc91ab13c2041136047d8da9375934d00f325499bfe77", 0x54) write$P9_RSTAT(r2, &(0x7f0000000100)={0x56, 0x7d, 0x0, {0x0, 0x4f, 0x1, 0x6, {0x0, 0x0, 0x3}, 0x80100000, 0x7, 0xfffffffe, 0x0, 0x2, '\'\xb4', 0x6, 'msdos\x00', 0xa, '/dev/vcsu\x00', 0xa, '\\j}/*/|,\x13('}}, 0x56) r4 = open_tree(0xffffffffffffff9c, &(0x7f0000000240)='./file1\x00', 0x88000) renameat(r4, &(0x7f0000000400)='./file0\x00', r0, &(0x7f0000000440)='./file1\x00') [ 340.879085][T27675] CPU: 1 PID: 27675 Comm: syz-executor.2 Not tainted 5.15.0-rc1-syzkaller #0 [ 340.887848][T27675] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 340.898015][T27675] Call Trace: [ 340.901342][T27675] dump_stack_lvl+0xd6/0x122 [ 340.905953][T27675] dump_stack+0x11/0x1b [ 340.910124][T27675] should_fail+0x23c/0x250 [ 340.914816][T27675] ? kcalloc+0x32/0x50 [ 340.917510][T27684] loop4: detected capacity change from 0 to 262160 [ 340.918899][T27675] __should_failslab+0x81/0x90 [ 340.930180][T27675] should_failslab+0x5/0x20 [ 340.934694][T27675] __kmalloc+0x6f/0x350 [ 340.938896][T27675] kcalloc+0x32/0x50 [ 340.942859][T27675] ext4_find_extent+0x21c/0x7f0 [ 340.947790][T27675] ext4_ext_map_blocks+0x115/0x1ff0 [ 340.953119][T27675] ? ext4_es_lookup_extent+0x36b/0x490 [ 340.958577][T27675] ext4_map_blocks+0x71e/0xf00 [ 340.963582][T27675] ext4_iomap_begin+0x4b0/0x630 [ 340.968446][T27675] ? ext4_alloc_da_blocks+0xd0/0xd0 [ 340.973801][T27675] iomap_iter+0x39c/0x470 [ 340.978145][T27675] __iomap_dio_rw+0x698/0x1010 [ 340.983092][T27675] iomap_dio_rw+0x30/0x70 [ 340.987557][T27675] ? ext4_file_write_iter+0x4a1/0x11f0 [ 340.993054][T27675] ext4_file_write_iter+0xabe/0x11f0 [ 340.998437][T27675] ? ext4_file_write_iter+0x4a1/0x11f0 [ 341.003963][T27675] do_iter_readv_writev+0x2de/0x380 [ 341.009210][T27675] do_iter_write+0x192/0x5c0 [ 341.013850][T27675] ? splice_from_pipe_next+0x34f/0x3b0 [ 341.019312][T27675] ? kmalloc_array+0x2d/0x40 [ 341.024000][T27675] vfs_iter_write+0x4c/0x70 11:13:31 executing program 4: prlimit64(0x0, 0x0, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000240)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') write$binfmt_script(0xffffffffffffffff, 0x0, 0x8800000) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0) ioctl$SG_IO(r1, 0x2285, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8914, 0x0) r2 = open(&(0x7f00000001c0)='./file0\x00', 0x4e141, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r2, r3, 0x0, 0x401ffc000) [ 341.028617][T27675] iter_file_splice_write+0x43a/0x790 [ 341.034046][T27675] ? splice_from_pipe+0xd0/0xd0 [ 341.038895][T27675] direct_splice_actor+0x80/0xa0 [ 341.043925][T27675] splice_direct_to_actor+0x345/0x650 [ 341.049395][T27675] ? do_splice_direct+0x190/0x190 [ 341.054419][T27675] do_splice_direct+0x106/0x190 [ 341.059311][T27675] do_sendfile+0x63e/0xbb0 [ 341.063900][T27675] __x64_sys_sendfile64+0x102/0x140 [ 341.069114][T27675] do_syscall_64+0x44/0xa0 [ 341.073560][T27675] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 341.079577][T27675] RIP: 0033:0x7fca7d004739 [ 341.084015][T27675] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 341.103612][T27675] RSP: 002b:00007fca7ad7c188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 341.112010][T27675] RAX: ffffffffffffffda RBX: 00007fca7d108f80 RCX: 00007fca7d004739 [ 341.119966][T27675] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000003 11:13:31 executing program 2 (fault-call:5 fault-nth:36): getpid() syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = open(&(0x7f00000001c0)='./file0\x00', 0x4e141, 0x0) r1 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x401ffc000) 11:13:31 executing program 1: r0 = getpid() sched_setattr(r0, &(0x7f0000000240)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x14d842, 0x0) sendfile(r1, 0xffffffffffffffff, 0x0, 0x80000001) r2 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r2, &(0x7f0000000300)=ANY=[], 0x116) sendfile(r2, r2, &(0x7f0000000240), 0x7fff) r3 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) sendfile(r3, r3, &(0x7f0000000240), 0x7fff) 11:13:31 executing program 5: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f00000000c0)='./file1\x00', 0x7aca, 0x0, 0x0, 0x0, &(0x7f0000000080)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') r0 = open(&(0x7f00000000c0)='./file0\x00', 0x40c2, 0x0) write(r0, &(0x7f0000001400)="bb", 0x1001) r1 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r1, &(0x7f0000000300)=ANY=[], 0x116) sendfile(r1, r1, &(0x7f0000000240), 0x7fff) creat(&(0x7f0000000100)='./file1\x00', 0x1a2) sendfile(r1, r0, &(0x7f0000000080), 0x684aa014) write$binfmt_script(r0, 0x0, 0x60) ioctl$FS_IOC_GETFSMAP(0xffffffffffffffff, 0xc0c0583b, &(0x7f0000000300)=ANY=[@ANYBLOB="000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000300000001000000ff00000000000000d71f1e0500000000080000000000000039000000000000000000000000000000000000000000000000000000000000009e0f0000c70000000800000000000000000000000000000000000000000000000200"/320]) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) gettid() wait4(0x0, 0x0, 0x4000000a, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000002c0)="0f34", 0x2}], 0x1, 0x0) [ 341.128053][T27675] RBP: 00007fca7ad7c1d0 R08: 0000000000000000 R09: 0000000000000000 [ 341.136007][T27675] R10: 0000000401ffc000 R11: 0000000000000246 R12: 0000000000000002 [ 341.144003][T27675] R13: 00007ffff87c0eff R14: 00007fca7ad7c300 R15: 0000000000022000 [ 341.153086][ T57] attempt to access beyond end of device [ 341.153086][ T57] loop0: rw=1, want=72, limit=61 [ 341.223125][T27713] FAULT_INJECTION: forcing a failure. [ 341.223125][T27713] name failslab, interval 1, probability 0, space 0, times 0 [ 341.228300][T27719] loop0: detected capacity change from 0 to 61 [ 341.235958][T27713] CPU: 1 PID: 27713 Comm: syz-executor.2 Not tainted 5.15.0-rc1-syzkaller #0 [ 341.243736][T27721] loop4: detected capacity change from 0 to 262160 [ 341.250839][T27713] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 341.250854][T27713] Call Trace: [ 341.250861][T27713] dump_stack_lvl+0xd6/0x122 [ 341.275451][T27713] dump_stack+0x11/0x1b [ 341.279692][T27713] should_fail+0x23c/0x250 [ 341.284210][T27713] ? ext4_mb_new_blocks+0x317/0x1fc0 [ 341.289511][T27713] __should_failslab+0x81/0x90 [ 341.294274][T27713] should_failslab+0x5/0x20 [ 341.298771][T27713] kmem_cache_alloc+0x4f/0x300 [ 341.303566][T27713] ext4_mb_new_blocks+0x317/0x1fc0 [ 341.308663][T27713] ? ext4_find_extent+0x7b2/0x7f0 [ 341.313727][T27713] ? ext4_ext_search_right+0x246/0x540 [ 341.319176][T27713] ext4_ext_map_blocks+0x15ed/0x1ff0 [ 341.324458][T27713] ? ext4_es_lookup_extent+0x36b/0x490 [ 341.329939][T27713] ext4_map_blocks+0x71e/0xf00 [ 341.334785][T27713] ext4_iomap_begin+0x4b0/0x630 [ 341.339694][T27713] ? ext4_alloc_da_blocks+0xd0/0xd0 [ 341.344891][T27713] iomap_iter+0x39c/0x470 [ 341.349237][T27713] __iomap_dio_rw+0x698/0x1010 [ 341.353995][T27713] ? __ext4_mark_inode_dirty+0x501/0x5c0 [ 341.359625][T27713] iomap_dio_rw+0x30/0x70 [ 341.364037][T27713] ? ext4_file_write_iter+0x4a1/0x11f0 [ 341.369489][T27713] ext4_file_write_iter+0xabe/0x11f0 [ 341.374802][T27713] ? ext4_file_write_iter+0x4a1/0x11f0 [ 341.380252][T27713] do_iter_readv_writev+0x2de/0x380 [ 341.385448][T27713] do_iter_write+0x192/0x5c0 [ 341.390089][T27713] ? splice_from_pipe_next+0x34f/0x3b0 [ 341.395535][T27713] ? kmalloc_array+0x2d/0x40 [ 341.400198][T27713] vfs_iter_write+0x4c/0x70 [ 341.404795][T27713] iter_file_splice_write+0x43a/0x790 [ 341.410153][T27713] ? splice_from_pipe+0xd0/0xd0 [ 341.414995][T27713] direct_splice_actor+0x80/0xa0 [ 341.420009][T27713] splice_direct_to_actor+0x345/0x650 [ 341.425645][T27713] ? do_splice_direct+0x190/0x190 [ 341.430659][T27713] do_splice_direct+0x106/0x190 [ 341.435499][T27713] do_sendfile+0x63e/0xbb0 [ 341.439930][T27713] __x64_sys_sendfile64+0x102/0x140 [ 341.445166][T27713] do_syscall_64+0x44/0xa0 [ 341.449648][T27713] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 341.455546][T27713] RIP: 0033:0x7fca7d004739 [ 341.459951][T27713] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 341.479634][T27713] RSP: 002b:00007fca7ad7c188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 341.488036][T27713] RAX: ffffffffffffffda RBX: 00007fca7d108f80 RCX: 00007fca7d004739 [ 341.496101][T27713] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000003 [ 341.504061][T27713] RBP: 00007fca7ad7c1d0 R08: 0000000000000000 R09: 0000000000000000 [ 341.512109][T27713] R10: 0000000401ffc000 R11: 0000000000000246 R12: 0000000000000002 [ 341.520216][T27713] R13: 00007ffff87c0eff R14: 00007fca7ad7c300 R15: 0000000000022000 11:13:31 executing program 2 (fault-call:5 fault-nth:37): getpid() syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = open(&(0x7f00000001c0)='./file0\x00', 0x4e141, 0x0) r1 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x401ffc000) [ 341.615238][T27734] FAULT_INJECTION: forcing a failure. [ 341.615238][T27734] name failslab, interval 1, probability 0, space 0, times 0 [ 341.628002][T27734] CPU: 1 PID: 27734 Comm: syz-executor.2 Not tainted 5.15.0-rc1-syzkaller #0 [ 341.636775][T27734] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 341.646830][T27734] Call Trace: [ 341.650117][T27734] dump_stack_lvl+0xd6/0x122 [ 341.654724][T27734] dump_stack+0x11/0x1b [ 341.658918][T27734] should_fail+0x23c/0x250 [ 341.663505][T27734] ? ext4_mb_new_blocks+0x73f/0x1fc0 [ 341.668799][T27734] __should_failslab+0x81/0x90 [ 341.673586][T27734] should_failslab+0x5/0x20 [ 341.678099][T27734] kmem_cache_alloc+0x4f/0x300 [ 341.682876][T27734] ext4_mb_new_blocks+0x73f/0x1fc0 [ 341.688087][T27734] ? ext4_find_extent+0x7b2/0x7f0 [ 341.693182][T27734] ? kcsan_setup_watchpoint+0x241/0x3f0 [ 341.698715][T27734] ext4_ext_map_blocks+0x15ed/0x1ff0 [ 341.704017][T27734] ? ext4_es_lookup_extent+0x36b/0x490 [ 341.709524][T27734] ext4_map_blocks+0x71e/0xf00 [ 341.714320][T27734] ext4_iomap_begin+0x4b0/0x630 [ 341.719259][T27734] ? ext4_alloc_da_blocks+0xd0/0xd0 [ 341.724439][T27734] iomap_iter+0x39c/0x470 [ 341.728861][T27734] __iomap_dio_rw+0x698/0x1010 [ 341.733714][T27734] iomap_dio_rw+0x30/0x70 [ 341.738040][T27734] ? ext4_file_write_iter+0x4a1/0x11f0 [ 341.743550][T27734] ext4_file_write_iter+0xabe/0x11f0 [ 341.748823][T27734] ? ext4_file_write_iter+0x4a1/0x11f0 [ 341.754388][T27734] do_iter_readv_writev+0x2de/0x380 [ 341.759765][T27734] do_iter_write+0x192/0x5c0 [ 341.764440][T27734] ? splice_from_pipe_next+0x34f/0x3b0 [ 341.769949][T27734] ? kmalloc_array+0x2d/0x40 [ 341.774634][T27734] vfs_iter_write+0x4c/0x70 [ 341.779217][T27734] iter_file_splice_write+0x43a/0x790 [ 341.784585][T27734] ? splice_from_pipe+0xd0/0xd0 [ 341.789567][T27734] direct_splice_actor+0x80/0xa0 [ 341.794547][T27734] splice_direct_to_actor+0x345/0x650 [ 341.799911][T27734] ? do_splice_direct+0x190/0x190 [ 341.805090][T27734] do_splice_direct+0x106/0x190 [ 341.809933][T27734] do_sendfile+0x63e/0xbb0 [ 341.814352][T27734] __x64_sys_sendfile64+0x102/0x140 [ 341.819539][T27734] do_syscall_64+0x44/0xa0 [ 341.823962][T27734] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 341.829906][T27734] RIP: 0033:0x7fca7d004739 [ 341.834323][T27734] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 341.853928][T27734] RSP: 002b:00007fca7ad7c188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 341.862336][T27734] RAX: ffffffffffffffda RBX: 00007fca7d108f80 RCX: 00007fca7d004739 [ 341.870329][T27734] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000003 [ 341.878294][T27734] RBP: 00007fca7ad7c1d0 R08: 0000000000000000 R09: 0000000000000000 [ 341.886250][T27734] R10: 0000000401ffc000 R11: 0000000000000246 R12: 0000000000000002 [ 341.894230][T27734] R13: 00007ffff87c0eff R14: 00007fca7ad7c300 R15: 0000000000022000 11:13:34 executing program 3: syz_mount_image$msdos(&(0x7f0000000040), 0x0, 0x7aca, 0x1, &(0x7f00000002c0)=[{&(0x7f0000000180)="040005090000000066617400040409000200027400f801", 0x17}], 0x0, &(0x7f0000000080)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') r0 = open(&(0x7f00000000c0)='./file0\x00', 0x40c2, 0x0) write(r0, &(0x7f0000001400)="bb", 0x1001) r1 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r1, &(0x7f0000000300)=ANY=[], 0x116) sendfile(r1, r1, &(0x7f0000000240), 0x7fff) creat(&(0x7f0000000100)='./file1\x00', 0x1a2) sendfile(r1, r0, &(0x7f0000000080), 0x684aa014) write$binfmt_script(r0, 0x0, 0x60) ioctl$FS_IOC_GETFSMAP(0xffffffffffffffff, 0xc0c0583b, &(0x7f0000000300)=ANY=[@ANYBLOB="000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000300000001000000ff00000000000000d71f1e0500000000080000000000000039000000000000000000000000000000000000000000000000000000000000009e0f0000c70000000800000000000000000000000000000000000000000000000200"/320]) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() wait4(0x0, 0x0, 0x4000000a, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000002c0)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r2, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0, 0x34}, {&(0x7f0000000000)=""/3, 0x3}], 0x3, 0x0, 0x0, 0x0) tkill(r2, 0x3c) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x48, &(0x7f0000000300)="f43970da7cfeb6d42fd55103666c5762306aa6000000006e59b65f92b10000c571b846e84785185abde7d01894a79025a799ce07a8bdf0c91d32be313b558a8b5a3ae6a22cd7123b"}}], 0x1c) 11:13:34 executing program 0: r0 = syz_mount_image$msdos(&(0x7f0000000040), &(0x7f00000000c0)='./file1\x00', 0x7aca, 0x1, &(0x7f00000002c0)=[{&(0x7f0000000180)="040005090000000066617400040409000200027400f801", 0x17}], 0x0, &(0x7f0000000100)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') creat(&(0x7f0000000200)='./file0\x00', 0x120) r1 = open(&(0x7f00000000c0)='./file0\x00', 0x40c2, 0x0) write(r1, &(0x7f0000001400)="bb8f9f640903127a53527c6fbfe65d43b0e0586f2d40c7e7df58cac83420e83662d6e39bb6d5430622431454eedeeaee423d8f210bc3525fa7927c18d5fbc91ab13c2041136047d8da9375934d00f325499bfe77", 0x54) write$P9_RSTAT(r1, &(0x7f0000000100)=ANY=[@ANYBLOB="540000007d000000004d0012000000000000000000000001000000000000000000000000000000000000000000000000000d0b844020340c3ea3356700000006006d73646f73000a002f6465762f76637375000a005c6a7d2f2a2f7c2c130f"], 0x54) r2 = open(&(0x7f00000000c0)='./file0\x00', 0x40c2, 0x0) write(r2, &(0x7f0000001400)="bb8f9f640903127a53527c6fbfe65d43b0e0586f2d40c7e7df58cac83420e83662d6e39bb6d5430622431454eedeeaee423d8f210bc3525fa7927c18d5fbc91ab13c2041136047d8da9375934d00f325499bfe7712208d387d41c31821c2a22d1325b556528e9b790b74053d1ed631c6ec8126d37c87216173138c00cef396868029af5b76bebac5e38b74d8bbc6ae66b6e202b6d505710377710ea7d43edf00e1a4c1c670bb4c263ce777da81abdd5ba5a5c82f67232f9b4d6f21b2e6afa8b38e4642b0daa2acbc0478d89b88e8b2094d4248855e5e81992e60be3afff0f3c3799350615489a901a659abdeca0c615a622ebf64175f990320e0356d4a11ed62eff72b709c23dd65942e8b534d7d775d370c1e435654a2634e6ee3649c4c3bcbe39e866f1eb9972af1a9cef42e701798a53dc92a242aadbac343e1765cf8ea5665e22deda69777e52b1e9e5d3edc022256939e1eee013448294911139d5b9c6241049fecdf9b31f4cdf6cff65d71b5071ef70e1798347c8846aa5b905e83050e3e606986ed3f603d18c5cdeb11cda1ce3abddea9376231af130e19fc7601ec1ab8cb5a7de9e2174547f18225b09a54fc8720dbb91eb69c1be88e601c3c9df4f2758f39a5151951b9c6dbb419ffd783a34c9fad10f201b8724d31865e2fc1fcf48db2be713053b43a0e3943c1e2b08e8a26e946c439d891db2a80b5ffa054bc8d0177d3214056250c61a537d2ec7630fb90395df2cd6aa9c5e573365db580520bdc3f1c6b2be992e1516a4b810a11935dc780699e461d9715f70c6d103ff49bf168f3cff4c0d0d6ba5671fcd2975450b0e1a3474139cb0f2d3476fcd87a8bccbeb2f5f8a821017b879aa5b9d1fafa9f4c429a74cd2da782114d97bf031746a817dd0293c4eddc3a9ecb5afe496f4971474ccd827449409f07cf94dda2e7dbe8520b5afff10a7e3b0b4289a167fc692635b5b7426d9e771b95860b09a3e752c867213c772e48ba30a78feecc7ff26e63e1749c62b52d377ac5cc52db830c965e04ccfcfb24ceacc69cfdc2094124dd27b2d68f699476a2562bab1de117ffc2b0702ee8b0b77f85fecec3a25b37ab7eb06232c9a73b4470f1727c82581d81942abf42d3ea37957927ad3dbd0ebe46678a9f4d25c47acaac83c14210a54b71fed40df017e2be27f01e3e6ea3ea381ca14efd202858e6535ad4f79a8cdf47e385b740a70c14e3651731a45cc0ca4a56f2e903cad0384efcc364caf67e09551d35c682ebc90a9286c4d274ba1b8ced742ede4e55a62db7ef9a96fde2add05b41599fd72a79ba280cc125cb266ef21b7eeafe3ee6aa78eef33fc66454549c3ec298cb683a55a32208cf6ce88b560166159d59e65f30540f62c5437652ea7f2a02f87ca242dd2250f58e75938a9a3ded51ae6598c2aba53287ff5cdaab17be7f4310f8e07e310d52778de79e1c2e4391b254be38910aa1cf6e1ca0e75d24be97d59f7025f16c6fbd549529b74e319c58f50438765ef0e3dc394eeb75dec41b3d80435b17520c97f5cd7ee692fb86d188fb0089fbf737dc1b96b9cc49be23a38a8cd92e5075f349993d7866369dd25eccbe1481477a05fee14e0edd1617921d7fcaa8fdc642e63b64388fa5b63442ff1466b1938d02546750b01ed9c980282ccbe10f204741249aed88c555ed6fdf7f68af9209807a71bbf4f31bef5a4223466da74ba8b034df529aef6ec6610a0d25973961e50e02af22d0ca8be1b9804a5918acbdb536e8f2f441ec9d640ed15133ee747440c86fc4526c9195954528673d25c8390170f3c19cb0b0c30b9e634c7ebae96946ae97c19eabca92226da925d22be37abbe0740938ea899ec42fd529a3b1063981e4c154219df5cf5af60a29b5a8ee530905725a14b28900eae937e705401ba8f632a7bca00d9724a992afdc9ed14aac71b8e3a7ee5ca095888feb195b4e083c3b611a1c2f8d092febe3b9f5f0df61e8d3c31a643c935b76bc1ad4265164e755484beb06610510bc51e8c6da8d71123bbe83a5e4128f41cf5c486d6a60496c300c406f990bee485cbdef794f2663ee66d2b18d8e55210c25c04b1a0c6d9c5f904e72806d2d4f5e5439bcdf146343cdffe4d0d70d42a9959cff9bd50c37cd478b0b0add16aae4dc839b46bca2ac7547144b6a422aed5e2db661bcb31a82bc0fc678e71a6cb090ef772860f3008b4152b5d281033be4a77b367baec3ab8ce7c83c601b11c8199bafcd15161a5454a6a982dbc3c2e3a5172b6a63e4904817075754eccbb0188c9cb2e5da9600f567485014887463b40f189b7ec3c5c0f36d502509e402c285765c78417ce6b3aab130ee79622dcd8ada842233e73a14554ee5e4995e32b3fe4075e247eb9bdeef64d1a7436c9b5782fb2f84f74e4c6e976289729c37b5bb8200a9480d181a6b11f5ec229b818134b8334967ae935ac1d81be4776fae4cb68b6fa330e93bd8de388b38455d569159bcd166df030a6dfedf28caf4608de7243f5df2c76f6680c301d819dc67d24d2f780432a931700a253b0a5b075195c6dbfd1fe17a1c11a3dffa872a07b877adc66d069fffb6d8326e1998c5a337c3d530250cae335ceffcf81dc438a47e73490d050a053813dbe6674e42c91ae94b4a88144f36adc1b08b4bcd6ddf4058c4e08d4dc83d5fbd843ee27eaf50b297c220350260d9abbeeb6deb921e50cae0ea590cfb6f00fb3c71520f565bb769705e2481ef27cf537d29f163c9fe3d39ed9fd18dc8b0c976cd302283e430807a9d751357f89092532d89fe280c69ad36e3541b5da9dea13fd19d0434c760fe295dfd9b9e63453c7853914c50b1b77ccd4b33c8b1f31fcb1aec040ffe2f9d728d8ea84297bac2e22230ebd1488c503b05b2e433cc37ce9fc123b7d3eb244b4549e9a841e73b664c8f6621ea5a4c9ff9c1da032255311f2c063a682baf4c97e7ba552bf71af4bd64f43872b846d15c65c487089be272cfa24a33f8c50930ea0bc4b089505fb8e97ded0e7e64a5ce897da6b940df4c3dddb8b4871d773f6ebf02058518c55c19aadb0f266caf18777ae68d2bfcfb2225961fcd10538ba664fd053a443320072707533ab761b9397bd0559126b84fe9196463ae50633017ea2d80940311d9c867102b1017f34af1965d8eb61be616a0d40656e2bbb750aee6f74f788c8acb2578e8686f5f8da6a19e979c152b7ee7c7f16902120588e2ff630144b5f929ffc593e946d9717c5968aa16c2d73d689fb5cce117acda3e23e5e0116de1cb6bddfa1a84cefb22c1e2c3753017696f27b9aec5d44f15411247643b84dd4410e784b4eb5b9c68fea671976f9b51c6526e2ddb40659611b0b3bcc7e249c77396fdb8c864ea9318f9de7fd3936fcbdc732c2f8b9556ec9afeb15d5e2df890351d66074d53dddc6e8dba8c91d733623ac95a49eb69c7de37ff2364ccddb01f6500750a012c2acf32a9f6bbd9e92d17ef858fbc34575db414ea42ad87a65b11ae5506469db256c421328f45aec73bdf18562447dc2840bbe9fc84dedd0fe6276fa174f21210d40193530ec7a70a9e60bfd6b00cba4d483be59950f16fa0dbd089b5fd0bb078badfcf42270cc62fe37be22b0d81f755263d74636fa466d2574ca62b58c649936d21e949de73ea45df3acade6609413f56fc218d6f11947bf1fd629d38d8acce90ee3c1a51117601ae126bec537e3e76ce7ecc53cfeefee8aaa104aa853a65aadf27bac9849ee0122793b11cd8e4f32fb07afa39e439cb738c30a6df958160aac15c26032a61aaf614b2e6601581fb0ab8d115e045005dee3df8ea42643cbcbb0b111130c42c94b7e874cfee50d5c2eb13b3a38c417fce9d740b7d43120431a7d44bc3934ee87b112401cbee3553837b6a0b4b3faaceb46eca4064301c8060870350e256ac9d5557f674536b9d9717a82fa211e7dfb52ca410d8a4f2f6b733c2a082f247538a6c40f56cf64204e62515db692f32733ff6f4b0787ef305d5e80881375467ae603ac3600e688c42f89a4fea4fdda09a8d59e19457c654a98c8129a8c65bae3310af2b170729e18400c915d0a2f4c4fc51747846630b95ec181228bda7ef48ad389815aa82de6c4a3b0746c28c01f9ec697ff17f095e1cf9d2fe78fdab9cbb1ca7aefc8af6a0cd98444735fad79e394a8f9c2fd358c3cde4ca6d57a620d0bb52dc6ff93f034b596f407c21511cc2c5ec8b0ede7f5c0acca61939ac7f2cad820c15133e69507eaa739e9a88936f4a74f0ad1574a1591f31f582a76157d89805cb3ba5e8d10509bf7a08e928653b4f05ba797a06765b74c8759fc34178624c08a2b99e59bcff5d33af2b0f9176b56c35f4da31c751a4c2fd88a1997cd9fc9bbf78220731d4c8cea23be1fd29c36b34d8458b7021ebcfafdc7e54096e517da3eb684298f742532d776164d9c9658e5faca0a3b08afca1bc27ed357884f49fe51bd0c38057f4288f1917e36e3865310b5eed140aef6150ae363293cf7467abd5e06cd7af5e2c49e7c5253a1155741e380bccb023a0faed93d9a64512d72436f1ef4ac0904a413e45164c23413bd57274a0a951c41a9a43aed094d4ea5c480ce64663cc9d36723179e2b19a48e9277a6591bbd888a06e0f2f142cd4495be4ba7274d69ba32a2788b935b2f18c5f336cb9de062829e2e0bb476efb36c3f53a766c14314f31637a464ac59d378ad7f51bef8d88715613653a427038e0d3e4dc3948bb1d70eb55c91c92f7510b1c0387253b458d2c90d17238f9eb239c680179a6c1e0759be367963e3b4d7395fd3911626582a094e6a8d0e746242f94267a4c57d5b2360ce3a6f7f3e3c10e124a54ed24d1585bc7b731cf731c94ee00ebf070b999b9bf28d76bfec9dcf12fcce2b9c4444c706ec6b943b5f39e9151a764ba1cd0cd6c1c7cdc3aa824cf17da705be27a18fbee41be39d6ae4dd4312f5f4bfee2c5bb21d941666f9d79b0f80c9b1bace84a05d2b0e3be1c3fd04d72b4b0124595c435813969d413960fddc858730a433383f3bc0472cb7683ea569e001f00"/3584, 0xe00) renameat(r2, &(0x7f0000000080)='./file0\x00', r0, &(0x7f00000001c0)='./file1\x00') 11:13:34 executing program 4: prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000240)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') write$binfmt_script(0xffffffffffffffff, 0x0, 0x8800000) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0) ioctl$SG_IO(r1, 0x2285, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8914, 0x0) r2 = open(&(0x7f00000001c0)='./file0\x00', 0x4e141, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r2, r3, 0x0, 0x401ffc000) 11:13:34 executing program 2 (fault-call:5 fault-nth:38): getpid() syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = open(&(0x7f00000001c0)='./file0\x00', 0x4e141, 0x0) r1 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x401ffc000) 11:13:34 executing program 5: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f00000000c0)='./file1\x00', 0x7aca, 0x0, 0x0, 0x0, &(0x7f0000000080)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') r0 = open(&(0x7f00000000c0)='./file0\x00', 0x40c2, 0x0) write(r0, &(0x7f0000001400)="bb", 0x1001) r1 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r1, &(0x7f0000000300)=ANY=[], 0x116) sendfile(r1, r1, &(0x7f0000000240), 0x7fff) creat(&(0x7f0000000100)='./file1\x00', 0x1a2) sendfile(r1, r0, &(0x7f0000000080), 0x684aa014) write$binfmt_script(r0, 0x0, 0x60) ioctl$FS_IOC_GETFSMAP(0xffffffffffffffff, 0xc0c0583b, &(0x7f0000000300)=ANY=[@ANYBLOB="000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000300000001000000ff00000000000000d71f1e0500000000080000000000000039000000000000000000000000000000000000000000000000000000000000009e0f0000c70000000800000000000000000000000000000000000000000000000200"/320]) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) gettid() wait4(0x0, 0x0, 0x4000000a, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000002c0)="0f34", 0x2}], 0x1, 0x0) 11:13:34 executing program 1: r0 = getpid() sched_setattr(r0, &(0x7f0000000240)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x14d842, 0x0) sendfile(r1, 0xffffffffffffffff, 0x0, 0x80000001) r2 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r2, &(0x7f0000000300)=ANY=[], 0x116) sendfile(r2, r2, &(0x7f0000000240), 0x7fff) r3 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) sendfile(r3, r3, &(0x7f0000000240), 0x7fff) [ 343.912663][T27756] loop0: detected capacity change from 0 to 61 [ 343.922975][T27759] loop4: detected capacity change from 0 to 262160 [ 343.946357][T27755] FAULT_INJECTION: forcing a failure. [ 343.946357][T27755] name failslab, interval 1, probability 0, space 0, times 0 11:13:34 executing program 0: seccomp$SECCOMP_GET_NOTIF_SIZES(0x3, 0x0, &(0x7f0000000080)) syz_mount_image$msdos(&(0x7f0000000140), &(0x7f0000000040)='./file1\x00', 0x7ac7, 0x1, &(0x7f00000002c0)=[{&(0x7f0000000180)="040005090000000066617400040409000200027400f801", 0x17}], 0x0, &(0x7f0000000100)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') r0 = open(&(0x7f00000000c0)='./file0\x00', 0x40c2, 0x0) write(r0, &(0x7f0000001400)="bb8f9f640903127a53527c6fbfe65d43b0e0586f2d40c7e7df58cac83420e83662d6e39bb6d5430622431454eedeeaee423d8f210bc3525fa7927c18d5fbc91ab13c2041136047d8da9375934d00f325499bfe77", 0x54) write$P9_RSTAT(r0, &(0x7f0000000240)={0x54, 0x7d, 0x0, {0x0, 0x4d, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0, 0x0, '', 0x6, 'msdos\x00', 0x20, '/dev/vcsu\x00', 0xa, '\\j}/*/|,\x13('}}, 0x54) [ 343.959128][T27755] CPU: 1 PID: 27755 Comm: syz-executor.2 Not tainted 5.15.0-rc1-syzkaller #0 [ 343.967890][T27755] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 343.978035][T27755] Call Trace: [ 343.981321][T27755] dump_stack_lvl+0xd6/0x122 [ 343.985923][T27755] dump_stack+0x11/0x1b [ 343.990296][T27755] should_fail+0x23c/0x250 [ 343.994712][T27755] ? mempool_alloc_slab+0x16/0x20 [ 343.999875][T27755] __should_failslab+0x81/0x90 [ 344.004642][T27755] should_failslab+0x5/0x20 [ 344.009135][T27755] kmem_cache_alloc+0x4f/0x300 [ 344.014027][T27755] mempool_alloc_slab+0x16/0x20 [ 344.018864][T27755] ? mempool_free+0x130/0x130 [ 344.023625][T27755] mempool_alloc+0x9d/0x310 [ 344.028142][T27755] bio_alloc_bioset+0xcc/0x530 [ 344.033046][T27755] ? iov_iter_alignment+0x34b/0x370 [ 344.038244][T27755] iomap_dio_bio_iter+0x5e1/0xc00 [ 344.043331][T27755] __iomap_dio_rw+0x8d8/0x1010 [ 344.048198][T27755] iomap_dio_rw+0x30/0x70 [ 344.052646][T27755] ? ext4_file_write_iter+0x4a1/0x11f0 [ 344.058119][T27755] ext4_file_write_iter+0xabe/0x11f0 [ 344.063404][T27755] ? ext4_file_write_iter+0x4a1/0x11f0 [ 344.069010][T27755] do_iter_readv_writev+0x2de/0x380 [ 344.074303][T27755] do_iter_write+0x192/0x5c0 [ 344.078889][T27755] ? splice_from_pipe_next+0x34f/0x3b0 [ 344.084410][T27755] ? kmalloc_array+0x2d/0x40 [ 344.089250][T27755] vfs_iter_write+0x4c/0x70 [ 344.093746][T27755] iter_file_splice_write+0x43a/0x790 [ 344.099215][T27755] ? splice_from_pipe+0xd0/0xd0 [ 344.104203][T27755] direct_splice_actor+0x80/0xa0 [ 344.109247][T27755] splice_direct_to_actor+0x345/0x650 [ 344.114606][T27755] ? do_splice_direct+0x190/0x190 [ 344.119738][T27755] do_splice_direct+0x106/0x190 [ 344.124581][T27755] do_sendfile+0x63e/0xbb0 [ 344.129114][T27755] __x64_sys_sendfile64+0x102/0x140 [ 344.134375][T27755] do_syscall_64+0x44/0xa0 [ 344.138807][T27755] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 344.144771][T27755] RIP: 0033:0x7fca7d004739 [ 344.149178][T27755] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 344.168871][T27755] RSP: 002b:00007fca7ad7c188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 344.177366][T27755] RAX: ffffffffffffffda RBX: 00007fca7d108f80 RCX: 00007fca7d004739 [ 344.185503][T27755] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000003 [ 344.193545][T27755] RBP: 00007fca7ad7c1d0 R08: 0000000000000000 R09: 0000000000000000 [ 344.201604][T27755] R10: 0000000401ffc000 R11: 0000000000000246 R12: 0000000000000002 11:13:34 executing program 3: syz_mount_image$msdos(&(0x7f0000000040), 0x0, 0x7aca, 0x1, &(0x7f00000002c0)=[{&(0x7f0000000180)="040005090000000066617400040409000200027400f801", 0x17}], 0x0, &(0x7f0000000080)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') r0 = open(&(0x7f00000000c0)='./file0\x00', 0x40c2, 0x0) write(r0, &(0x7f0000001400)="bb", 0x1001) r1 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r1, &(0x7f0000000300)=ANY=[], 0x116) sendfile(r1, r1, &(0x7f0000000240), 0x7fff) creat(&(0x7f0000000100)='./file1\x00', 0x1a2) sendfile(r1, r0, &(0x7f0000000080), 0x684aa014) write$binfmt_script(r0, 0x0, 0x60) ioctl$FS_IOC_GETFSMAP(0xffffffffffffffff, 0xc0c0583b, &(0x7f0000000300)=ANY=[@ANYBLOB="000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000300000001000000ff00000000000000d71f1e0500000000080000000000000039000000000000000000000000000000000000000000000000000000000000009e0f0000c70000000800000000000000000000000000000000000000000000000200"/320]) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() wait4(0x0, 0x0, 0x4000000a, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000002c0)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r2, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0, 0x34}, {&(0x7f0000000000)=""/3, 0x3}], 0x3, 0x0, 0x0, 0x0) tkill(r2, 0x3c) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x48, &(0x7f0000000300)="f43970da7cfeb6d42fd55103666c5762306aa6000000006e59b65f92b10000c571b846e84785185abde7d01894a79025a799ce07a8bdf0c91d32be313b558a8b5a3ae6a22cd7123b"}}], 0x1c) [ 344.209564][T27755] R13: 00007ffff87c0eff R14: 00007fca7ad7c300 R15: 0000000000022000 11:13:34 executing program 2 (fault-call:5 fault-nth:39): getpid() syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = open(&(0x7f00000001c0)='./file0\x00', 0x4e141, 0x0) r1 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x401ffc000) 11:13:34 executing program 4: prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000240)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') write$binfmt_script(0xffffffffffffffff, 0x0, 0x8800000) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0) ioctl$SG_IO(r1, 0x2285, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8914, 0x0) r2 = open(&(0x7f00000001c0)='./file0\x00', 0x4e141, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r2, r3, 0x0, 0x401ffc000) [ 344.316944][T27783] loop0: detected capacity change from 0 to 61 [ 344.343186][T27788] FAULT_INJECTION: forcing a failure. [ 344.343186][T27788] name failslab, interval 1, probability 0, space 0, times 0 [ 344.349643][T27783] attempt to access beyond end of device [ 344.349643][T27783] loop0: rw=2049, want=64, limit=61 11:13:34 executing program 0: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f00000000c0)='./file1\x00', 0x7aca, 0x1, &(0x7f00000002c0)=[{&(0x7f0000000180)="040005090000000066617400040409000200027400f801", 0x17}], 0x0, &(0x7f0000000100)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') r0 = open(&(0x7f00000000c0)='./file0\x00', 0x40c2, 0x0) write(r0, &(0x7f0000001400)="bb8f9f640903127a53527c6fbfe65d43b0e0586f2d40c7e7df58cac83420e83662d6e39bb6d5430622431454eedeeaee423d8f210bc3525fa7927c18d5fbc91ab13c2041136047d8da9375934d00f325499bfe77", 0x54) write$P9_RSTAT(r0, &(0x7f0000000240)=ANY=[@ANYBLOB="540000007d000000004d000000000000000000000000000000000000000000000000000000000000000000000000000000000000060008cc9381853f2bf3edd7182fbf6d73646f73000a002f6465762f76637375"], 0x54) [ 344.355906][T27788] CPU: 1 PID: 27788 Comm: syz-executor.2 Not tainted 5.15.0-rc1-syzkaller #0 [ 344.375326][T27788] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 344.386178][T27788] Call Trace: [ 344.389560][T27788] dump_stack_lvl+0xd6/0x122 [ 344.394166][T27788] dump_stack+0x11/0x1b [ 344.398331][T27788] should_fail+0x23c/0x250 [ 344.402769][T27788] ? __es_insert_extent+0x51f/0xe70 [ 344.408034][T27788] __should_failslab+0x81/0x90 [ 344.412790][T27788] should_failslab+0x5/0x20 [ 344.417294][T27788] kmem_cache_alloc+0x4f/0x300 [ 344.422062][T27788] __es_insert_extent+0x51f/0xe70 [ 344.427086][T27788] ext4_es_insert_extent+0x1cb/0x1950 [ 344.432444][T27788] ext4_map_blocks+0xa5d/0xf00 [ 344.437258][T27788] ext4_iomap_begin+0x4b0/0x630 [ 344.442136][T27788] ? ext4_alloc_da_blocks+0xd0/0xd0 [ 344.447357][T27788] iomap_iter+0x39c/0x470 [ 344.451420][T27802] loop4: detected capacity change from 0 to 262160 [ 344.451696][T27788] __iomap_dio_rw+0x698/0x1010 [ 344.463096][T27788] ? __ext4_mark_inode_dirty+0x501/0x5c0 [ 344.468864][T27788] iomap_dio_rw+0x30/0x70 [ 344.473269][T27788] ? ext4_file_write_iter+0x4a1/0x11f0 [ 344.478773][T27788] ext4_file_write_iter+0xabe/0x11f0 [ 344.484055][T27788] ? ext4_file_write_iter+0x4a1/0x11f0 [ 344.489515][T27788] do_iter_readv_writev+0x2de/0x380 [ 344.494724][T27788] do_iter_write+0x192/0x5c0 [ 344.499344][T27788] ? splice_from_pipe_next+0x34f/0x3b0 [ 344.504806][T27788] ? kmalloc_array+0x2d/0x40 [ 344.509391][T27788] vfs_iter_write+0x4c/0x70 11:13:34 executing program 4: prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000240)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') write$binfmt_script(0xffffffffffffffff, 0x0, 0x8800000) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0) ioctl$SG_IO(r1, 0x2285, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8914, 0x0) r2 = open(&(0x7f00000001c0)='./file0\x00', 0x4e141, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r2, r3, 0x0, 0x401ffc000) [ 344.513991][T27788] iter_file_splice_write+0x43a/0x790 [ 344.519626][T27788] ? splice_from_pipe+0xd0/0xd0 [ 344.524523][T27788] direct_splice_actor+0x80/0xa0 [ 344.529618][T27788] splice_direct_to_actor+0x345/0x650 [ 344.535174][T27788] ? do_splice_direct+0x190/0x190 [ 344.540270][T27788] do_splice_direct+0x106/0x190 [ 344.545124][T27788] do_sendfile+0x63e/0xbb0 [ 344.549609][T27788] __x64_sys_sendfile64+0x102/0x140 [ 344.554908][T27788] do_syscall_64+0x44/0xa0 [ 344.559403][T27788] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 344.565403][T27788] RIP: 0033:0x7fca7d004739 [ 344.569797][T27788] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 344.589575][T27788] RSP: 002b:00007fca7ad7c188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 344.598085][T27788] RAX: ffffffffffffffda RBX: 00007fca7d108f80 RCX: 00007fca7d004739 [ 344.606060][T27788] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000003 [ 344.614037][T27788] RBP: 00007fca7ad7c1d0 R08: 0000000000000000 R09: 0000000000000000 [ 344.622015][T27788] R10: 0000000401ffc000 R11: 0000000000000246 R12: 0000000000000002 [ 344.629988][T27788] R13: 00007ffff87c0eff R14: 00007fca7ad7c300 R15: 0000000000022000 11:13:34 executing program 2 (fault-call:5 fault-nth:40): getpid() syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = open(&(0x7f00000001c0)='./file0\x00', 0x4e141, 0x0) r1 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x401ffc000) 11:13:34 executing program 1: prlimit64(0x0, 0x0, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000240)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x14d842, 0x0) sendfile(r1, 0xffffffffffffffff, 0x0, 0x80000001) r2 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r2, &(0x7f0000000300)=ANY=[], 0x116) sendfile(r2, r2, &(0x7f0000000240), 0x7fff) r3 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) sendfile(r3, r3, &(0x7f0000000240), 0x7fff) 11:13:34 executing program 5: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f00000000c0)='./file1\x00', 0x7aca, 0x0, 0x0, 0x0, &(0x7f0000000080)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') r0 = open(&(0x7f00000000c0)='./file0\x00', 0x40c2, 0x0) write(r0, &(0x7f0000001400)="bb", 0x1001) r1 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r1, &(0x7f0000000300)=ANY=[], 0x116) sendfile(r1, r1, &(0x7f0000000240), 0x7fff) creat(&(0x7f0000000100)='./file1\x00', 0x1a2) sendfile(r1, r0, &(0x7f0000000080), 0x684aa014) write$binfmt_script(r0, 0x0, 0x60) ioctl$FS_IOC_GETFSMAP(0xffffffffffffffff, 0xc0c0583b, &(0x7f0000000300)=ANY=[@ANYBLOB="000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000300000001000000ff00000000000000d71f1e0500000000080000000000000039000000000000000000000000000000000000000000000000000000000000009e0f0000c70000000800000000000000000000000000000000000000000000000200"/320]) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) gettid() wait4(0x0, 0x0, 0x4000000a, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000002c0)="0f34", 0x2}], 0x1, 0x0) [ 344.697091][T27810] loop0: detected capacity change from 0 to 61 [ 344.714343][T27810] attempt to access beyond end of device [ 344.714343][T27810] loop0: rw=2049, want=64, limit=61 [ 344.735800][T27819] loop4: detected capacity change from 0 to 262160 11:13:35 executing program 0: r0 = gettid() ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x40) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) capset(&(0x7f0000000080)={0x19980330, r0}, &(0x7f0000000100)={0x20, 0x3, 0x4, 0x0, 0x425, 0x4}) syz_mount_image$msdos(&(0x7f0000000040), &(0x7f00000000c0)='./file1\x00', 0x7aca, 0x1, &(0x7f00000002c0)=[{&(0x7f0000000180)="040005090000000066617400040409000200027400f801", 0x17}], 0x0, &(0x7f0000000100)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') r1 = open(&(0x7f00000000c0)='./file0\x00', 0x40c2, 0x0) wait4(r0, &(0x7f0000000140), 0x1000000, 0x0) write(r1, &(0x7f0000001400)="bb8f9f640903127a53527c6fbfe65d43b0e0586f2d40c7e7df58cac83420e83662d6e39bb6d5430622431454eedeeaee423d8f210bc3525fa7927c18d5fbc91ab13c2041136047d8da9375934d00f325499bfe77", 0x54) write$P9_RSTAT(r1, &(0x7f0000000240)={0x54, 0x7d, 0x0, {0x0, 0x4d, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0, 0x0, '', 0x6, 'msdos\x00', 0xa, '/dev/vcsu\x00', 0xa, '\\j}/*/|,\x13('}}, 0x54) [ 344.824808][T27828] FAULT_INJECTION: forcing a failure. [ 344.824808][T27828] name failslab, interval 1, probability 0, space 0, times 0 [ 344.837737][T27828] CPU: 1 PID: 27828 Comm: syz-executor.2 Not tainted 5.15.0-rc1-syzkaller #0 [ 344.846504][T27828] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 344.856569][T27828] Call Trace: [ 344.859854][T27828] dump_stack_lvl+0xd6/0x122 [ 344.864545][T27828] dump_stack+0x11/0x1b [ 344.868829][T27828] should_fail+0x23c/0x250 [ 344.873317][T27828] ? kmalloc_array+0x2d/0x40 [ 344.877911][T27828] __should_failslab+0x81/0x90 [ 344.882708][T27828] should_failslab+0x5/0x20 [ 344.887258][T27828] __kmalloc+0x6f/0x350 [ 344.891419][T27828] kmalloc_array+0x2d/0x40 [ 344.895939][T27828] iter_file_splice_write+0xd5/0x790 [ 344.901223][T27828] ? atime_needs_update+0x2ba/0x390 [ 344.906616][T27828] ? touch_atime+0xe0/0x250 [ 344.911136][T27828] ? generic_file_splice_read+0x2ac/0x340 [ 344.916900][T27828] ? splice_from_pipe+0xd0/0xd0 11:13:35 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x0, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000240)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') write$binfmt_script(0xffffffffffffffff, 0x0, 0x8800000) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0) ioctl$SG_IO(r1, 0x2285, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8914, 0x0) r2 = open(&(0x7f00000001c0)='./file0\x00', 0x4e141, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r2, r3, 0x0, 0x401ffc000) [ 344.921782][T27828] direct_splice_actor+0x80/0xa0 [ 344.926770][T27828] splice_direct_to_actor+0x345/0x650 [ 344.932147][T27828] ? do_splice_direct+0x190/0x190 [ 344.937300][T27828] do_splice_direct+0x106/0x190 [ 344.942143][T27828] do_sendfile+0x63e/0xbb0 [ 344.946871][T27828] __x64_sys_sendfile64+0x102/0x140 [ 344.952345][T27828] do_syscall_64+0x44/0xa0 [ 344.956810][T27828] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 344.962722][T27828] RIP: 0033:0x7fca7d004739 [ 344.967226][T27828] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 344.987319][T27828] RSP: 002b:00007fca7ad7c188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 344.995738][T27828] RAX: ffffffffffffffda RBX: 00007fca7d108f80 RCX: 00007fca7d004739 [ 345.003706][T27828] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000003 [ 345.011681][T27828] RBP: 00007fca7ad7c1d0 R08: 0000000000000000 R09: 0000000000000000 11:13:35 executing program 5: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f00000000c0)='./file1\x00', 0x7aca, 0x0, &(0x7f00000002c0), 0x0, &(0x7f0000000080)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') r0 = open(&(0x7f00000000c0)='./file0\x00', 0x40c2, 0x0) write(r0, &(0x7f0000001400)="bb", 0x1001) r1 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r1, &(0x7f0000000300)=ANY=[], 0x116) sendfile(r1, r1, &(0x7f0000000240), 0x7fff) creat(&(0x7f0000000100)='./file1\x00', 0x1a2) sendfile(r1, r0, &(0x7f0000000080), 0x684aa014) write$binfmt_script(r0, 0x0, 0x60) ioctl$FS_IOC_GETFSMAP(0xffffffffffffffff, 0xc0c0583b, &(0x7f0000000300)=ANY=[@ANYBLOB="000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000300000001000000ff00000000000000d71f1e0500000000080000000000000039000000000000000000000000000000000000000000000000000000000000009e0f0000c70000000800000000000000000000000000000000000000000000000200"/320]) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) gettid() wait4(0x0, 0x0, 0x4000000a, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000002c0)="0f34", 0x2}], 0x1, 0x0) 11:13:35 executing program 2 (fault-call:5 fault-nth:41): getpid() syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = open(&(0x7f00000001c0)='./file0\x00', 0x4e141, 0x0) r1 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x401ffc000) [ 345.019743][T27828] R10: 0000000401ffc000 R11: 0000000000000246 R12: 0000000000000002 [ 345.027783][T27828] R13: 00007ffff87c0eff R14: 00007fca7ad7c300 R15: 0000000000022000 [ 345.128936][T27853] FAULT_INJECTION: forcing a failure. [ 345.128936][T27853] name failslab, interval 1, probability 0, space 0, times 0 [ 345.141626][T27853] CPU: 1 PID: 27853 Comm: syz-executor.2 Not tainted 5.15.0-rc1-syzkaller #0 [ 345.150397][T27853] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 345.160536][T27853] Call Trace: [ 345.163915][T27853] dump_stack_lvl+0xd6/0x122 [ 345.164217][T27856] loop4: detected capacity change from 0 to 262160 [ 345.168560][T27853] dump_stack+0x11/0x1b [ 345.168588][T27853] should_fail+0x23c/0x250 [ 345.183847][T27853] __should_failslab+0x81/0x90 [ 345.188734][T27853] ? __iomap_dio_rw+0x139/0x1010 [ 345.193713][T27853] should_failslab+0x5/0x20 [ 345.198227][T27853] kmem_cache_alloc_trace+0x52/0x320 [ 345.203607][T27853] ? __getblk_gfp+0x3f/0x590 [ 345.208209][T27853] __iomap_dio_rw+0x139/0x1010 [ 345.213000][T27853] ? __brelse+0x2c/0x50 [ 345.217174][T27853] ? ext4_mark_iloc_dirty+0x161a/0x1700 [ 345.222715][T27853] iomap_dio_rw+0x30/0x70 [ 345.227112][T27853] ? ext4_file_write_iter+0x4a1/0x11f0 [ 345.232557][T27853] ext4_file_write_iter+0xabe/0x11f0 [ 345.237832][T27853] ? ext4_file_write_iter+0x4a1/0x11f0 [ 345.243280][T27853] do_iter_readv_writev+0x2de/0x380 [ 345.248478][T27853] do_iter_write+0x192/0x5c0 [ 345.253081][T27853] ? splice_from_pipe_next+0x34f/0x3b0 [ 345.258526][T27853] ? kmalloc_array+0x2d/0x40 [ 345.263101][T27853] vfs_iter_write+0x4c/0x70 [ 345.267598][T27853] iter_file_splice_write+0x43a/0x790 [ 345.273013][T27853] ? splice_from_pipe+0xd0/0xd0 [ 345.277867][T27853] direct_splice_actor+0x80/0xa0 [ 345.282955][T27853] splice_direct_to_actor+0x345/0x650 [ 345.288341][T27853] ? do_splice_direct+0x190/0x190 [ 345.293552][T27853] do_splice_direct+0x106/0x190 [ 345.298472][T27853] do_sendfile+0x63e/0xbb0 [ 345.302905][T27853] __x64_sys_sendfile64+0x102/0x140 [ 345.308121][T27853] do_syscall_64+0x44/0xa0 [ 345.312603][T27853] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 345.318492][T27853] RIP: 0033:0x7fca7d004739 [ 345.322896][T27853] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 345.342585][T27853] RSP: 002b:00007fca7ad7c188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 345.351025][T27853] RAX: ffffffffffffffda RBX: 00007fca7d108f80 RCX: 00007fca7d004739 [ 345.359072][T27853] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000003 [ 345.367155][T27853] RBP: 00007fca7ad7c1d0 R08: 0000000000000000 R09: 0000000000000000 [ 345.375216][T27853] R10: 0000000401ffc000 R11: 0000000000000246 R12: 0000000000000002 [ 345.383176][T27853] R13: 00007ffff87c0eff R14: 00007fca7ad7c300 R15: 0000000000022000 11:13:37 executing program 3: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f00000000c0)='./file1\x00', 0x0, 0x1, &(0x7f00000002c0)=[{&(0x7f0000000180)="040005090000000066617400040409000200027400f801", 0x17}], 0x0, &(0x7f0000000080)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') r0 = open(&(0x7f00000000c0)='./file0\x00', 0x40c2, 0x0) write(r0, &(0x7f0000001400)="bb", 0x1001) r1 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r1, &(0x7f0000000300)=ANY=[], 0x116) sendfile(r1, r1, &(0x7f0000000240), 0x7fff) creat(&(0x7f0000000100)='./file1\x00', 0x1a2) sendfile(r1, r0, &(0x7f0000000080), 0x684aa014) write$binfmt_script(r0, 0x0, 0x60) ioctl$FS_IOC_GETFSMAP(0xffffffffffffffff, 0xc0c0583b, &(0x7f0000000300)=ANY=[@ANYBLOB="000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000300000001000000ff00000000000000d71f1e0500000000080000000000000039000000000000000000000000000000000000000000000000000000000000009e0f0000c70000000800000000000000000000000000000000000000000000000200"/320]) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() wait4(0x0, 0x0, 0x4000000a, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000002c0)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r2, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0, 0x34}, {&(0x7f0000000000)=""/3, 0x3}], 0x3, 0x0, 0x0, 0x0) tkill(r2, 0x3c) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x48, &(0x7f0000000300)="f43970da7cfeb6d42fd55103666c5762306aa6000000006e59b65f92b10000c571b846e84785185abde7d01894a79025a799ce07a8bdf0c91d32be313b558a8b5a3ae6a22cd7123b"}}], 0x1c) 11:13:37 executing program 0: syz_mount_image$msdos(&(0x7f0000000100), &(0x7f00000000c0)='./file1\x00', 0x7aca, 0x5, &(0x7f0000000440)=[{&(0x7f0000000180)="040005090000000066617400040409000200027400f801", 0x17}, {&(0x7f00000004c0)="af26bd2af9a8c7bfb1220cc3bbd8ff7f000088d33954a5945ab10e3fe46527d8964d54dd99808573630919f6a6461746f50ecc6aba9c555e13be9b49f038d9b41c39504df65b8c0e6908b460885d6db1ac4632fe2a35ff89de924dcb93abb28fd807c92b6e58b5020479e18ff5bb2bc07d2bd2380cc2c8064a29a21c3b2fd34b49078823eaf848266717c31114bb08cc36534d27cdd9d52aeaeedec941350e966209f3cdeab7b3e7dec9a36b3e", 0xad, 0x1ff}, {&(0x7f00000001c0)="fa72ff186efacd602f1a47de8be963a443a0e622811dbcb18d809f614cf05afd5adfc54f573684b75347741e69338057a2b5a0339c87eba42c28bf3348a76c611b8ada5b902489f15743c563d2448cfa396ccb184d967fdd8d10921f1ef28202485317efa17af0a11c", 0x69, 0x5}, {&(0x7f0000000580)="a044276232b776b1d0442c8fce6b86ffb359826153a4eab4544411f944fa41cc5de4dacc0e8be777779c888031d7e8ffe8a9807eeadf8686720d954a4e4a0c1ee57975954e7982689d32235a4d7e0e", 0x4f, 0x7}, {&(0x7f0000000380)="6b487250564522ff556bb90d272937ca87d5de5ee9b3c50ae713a4245763a1d1eea91b60ed91c1d828e1a1915af41b2d46537f08de9275ff120672355ad4b36fb98e1383faf397e9bcdd314413d449c434233a689c53eac25f0477a22b1b0a1efcd71dcc76896dfcbaf0ceaf41bfabd34ebf0633561660f2f6828de3f371156188d66c65389fd3a95cfea428967d86ae2a6439b0da1079becb09a6966fe7698d6a7a8a1443cc83f47c407396", 0xac, 0xc94c}], 0x102000, &(0x7f0000000100)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') chdir(&(0x7f0000000080)='./file1\x00') r0 = open(&(0x7f00000000c0)='./file0\x00', 0x40c2, 0x0) write(r0, &(0x7f0000001400)="bb8f9f640903127a53527c6fbfe65d43b0e0586f2d40c7e7df58cac83420e83662d6e39bb6d5430622431454eedeeaee423d8f210bc3525fa7927c18d5fbc91ab13c2041136047d8da9375934d00f325499bfe77", 0x54) write$P9_RSTAT(r0, &(0x7f0000000600)=ANY=[@ANYBLOB="540000d37df3ffffff4c00000000000000000800000000000000000000000000000000000000000000000000000000000000000006006d73646f73000a002f6465762f76637375000a005c6a7d2f2a2f7c2c1328f1d71f39e59f56434bb73b6951dc7c73a2b0ee62ef44c4160a60f8059b8a0a0f755049e306e9f773500f69b93e679c9a77d2ed508bb09f98d368d83da7a5d01cec46097fdbcad952"], 0x54) 11:13:37 executing program 2 (fault-call:5 fault-nth:42): getpid() syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = open(&(0x7f00000001c0)='./file0\x00', 0x4e141, 0x0) r1 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x401ffc000) 11:13:37 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x0, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000240)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') write$binfmt_script(0xffffffffffffffff, 0x0, 0x8800000) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0) ioctl$SG_IO(r1, 0x2285, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8914, 0x0) r2 = open(&(0x7f00000001c0)='./file0\x00', 0x4e141, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r2, r3, 0x0, 0x401ffc000) 11:13:37 executing program 1: prlimit64(0x0, 0x0, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000240)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x14d842, 0x0) sendfile(r1, 0xffffffffffffffff, 0x0, 0x80000001) r2 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r2, &(0x7f0000000300)=ANY=[], 0x116) sendfile(r2, r2, &(0x7f0000000240), 0x7fff) r3 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) sendfile(r3, r3, &(0x7f0000000240), 0x7fff) 11:13:37 executing program 5: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f00000000c0)='./file1\x00', 0x7aca, 0x0, &(0x7f00000002c0), 0x0, &(0x7f0000000080)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') r0 = open(&(0x7f00000000c0)='./file0\x00', 0x40c2, 0x0) write(r0, &(0x7f0000001400)="bb", 0x1001) r1 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r1, &(0x7f0000000300)=ANY=[], 0x116) sendfile(r1, r1, &(0x7f0000000240), 0x7fff) creat(&(0x7f0000000100)='./file1\x00', 0x1a2) sendfile(r1, r0, &(0x7f0000000080), 0x684aa014) write$binfmt_script(r0, 0x0, 0x60) ioctl$FS_IOC_GETFSMAP(0xffffffffffffffff, 0xc0c0583b, &(0x7f0000000300)=ANY=[@ANYBLOB="000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000300000001000000ff00000000000000d71f1e0500000000080000000000000039000000000000000000000000000000000000000000000000000000000000009e0f0000c70000000800000000000000000000000000000000000000000000000200"/320]) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) gettid() wait4(0x0, 0x0, 0x4000000a, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000002c0)="0f34", 0x2}], 0x1, 0x0) [ 347.276865][T27884] loop4: detected capacity change from 0 to 262160 [ 347.294539][T27889] loop0: detected capacity change from 0 to 201 [ 347.305875][T27885] FAULT_INJECTION: forcing a failure. [ 347.305875][T27885] name failslab, interval 1, probability 0, space 0, times 0 [ 347.318537][T27885] CPU: 0 PID: 27885 Comm: syz-executor.2 Not tainted 5.15.0-rc1-syzkaller #0 [ 347.327695][T27885] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 347.337758][T27885] Call Trace: [ 347.341197][T27885] dump_stack_lvl+0xd6/0x122 [ 347.345803][T27885] dump_stack+0x11/0x1b [ 347.349971][T27885] should_fail+0x23c/0x250 [ 347.354486][T27885] ? kcalloc+0x32/0x50 [ 347.358563][T27885] __should_failslab+0x81/0x90 [ 347.363336][T27885] should_failslab+0x5/0x20 [ 347.368006][T27885] __kmalloc+0x6f/0x350 [ 347.372208][T27885] kcalloc+0x32/0x50 [ 347.376119][T27885] ext4_find_extent+0x21c/0x7f0 [ 347.381080][T27885] ext4_ext_map_blocks+0x115/0x1ff0 [ 347.386290][T27885] ? ext4_es_lookup_extent+0x36b/0x490 [ 347.391800][T27885] ext4_map_blocks+0x71e/0xf00 [ 347.396631][T27885] ext4_iomap_begin+0x4b0/0x630 [ 347.401503][T27885] ? ext4_alloc_da_blocks+0xd0/0xd0 [ 347.406720][T27885] iomap_iter+0x39c/0x470 [ 347.411082][T27885] __iomap_dio_rw+0x698/0x1010 [ 347.415871][T27885] iomap_dio_rw+0x30/0x70 [ 347.420294][T27885] ? ext4_file_write_iter+0x4a1/0x11f0 11:13:37 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x0, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000240)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') write$binfmt_script(0xffffffffffffffff, 0x0, 0x8800000) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0) ioctl$SG_IO(r1, 0x2285, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8914, 0x0) r2 = open(&(0x7f00000001c0)='./file0\x00', 0x4e141, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r2, r3, 0x0, 0x401ffc000) [ 347.425774][T27885] ext4_file_write_iter+0xabe/0x11f0 [ 347.431067][T27885] ? ext4_file_write_iter+0x4a1/0x11f0 [ 347.436536][T27885] do_iter_readv_writev+0x2de/0x380 [ 347.441747][T27885] do_iter_write+0x192/0x5c0 [ 347.446353][T27885] ? splice_from_pipe_next+0x34f/0x3b0 [ 347.451850][T27885] ? kmalloc_array+0x2d/0x40 [ 347.456539][T27885] vfs_iter_write+0x4c/0x70 [ 347.461145][T27885] iter_file_splice_write+0x43a/0x790 [ 347.466686][T27885] ? splice_from_pipe+0xd0/0xd0 [ 347.471544][T27885] direct_splice_actor+0x80/0xa0 [ 347.476581][T27885] splice_direct_to_actor+0x345/0x650 [ 347.482016][T27885] ? do_splice_direct+0x190/0x190 [ 347.487043][T27885] do_splice_direct+0x106/0x190 [ 347.492113][T27885] do_sendfile+0x63e/0xbb0 [ 347.496813][T27885] __x64_sys_sendfile64+0x102/0x140 [ 347.502301][T27885] do_syscall_64+0x44/0xa0 [ 347.506976][T27885] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 347.513081][T27885] RIP: 0033:0x7fca7d004739 11:13:37 executing program 1: prlimit64(0x0, 0x0, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000240)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x14d842, 0x0) sendfile(r1, 0xffffffffffffffff, 0x0, 0x80000001) r2 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r2, &(0x7f0000000300)=ANY=[], 0x116) sendfile(r2, r2, &(0x7f0000000240), 0x7fff) r3 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) sendfile(r3, r3, &(0x7f0000000240), 0x7fff) 11:13:37 executing program 5: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f00000000c0)='./file1\x00', 0x7aca, 0x0, &(0x7f00000002c0), 0x0, &(0x7f0000000080)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') r0 = open(&(0x7f00000000c0)='./file0\x00', 0x40c2, 0x0) write(r0, &(0x7f0000001400)="bb", 0x1001) r1 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r1, &(0x7f0000000300)=ANY=[], 0x116) sendfile(r1, r1, &(0x7f0000000240), 0x7fff) creat(&(0x7f0000000100)='./file1\x00', 0x1a2) sendfile(r1, r0, &(0x7f0000000080), 0x684aa014) write$binfmt_script(r0, 0x0, 0x60) ioctl$FS_IOC_GETFSMAP(0xffffffffffffffff, 0xc0c0583b, &(0x7f0000000300)=ANY=[@ANYBLOB="000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000300000001000000ff00000000000000d71f1e0500000000080000000000000039000000000000000000000000000000000000000000000000000000000000009e0f0000c70000000800000000000000000000000000000000000000000000000200"/320]) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) gettid() wait4(0x0, 0x0, 0x4000000a, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000002c0)="0f34", 0x2}], 0x1, 0x0) [ 347.517589][T27885] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 347.537518][T27885] RSP: 002b:00007fca7ad7c188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 347.545936][T27885] RAX: ffffffffffffffda RBX: 00007fca7d108f80 RCX: 00007fca7d004739 [ 347.554025][T27885] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000003 [ 347.562004][T27885] RBP: 00007fca7ad7c1d0 R08: 0000000000000000 R09: 0000000000000000 [ 347.570173][T27885] R10: 0000000401ffc000 R11: 0000000000000246 R12: 0000000000000002 11:13:37 executing program 2 (fault-call:5 fault-nth:43): getpid() syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = open(&(0x7f00000001c0)='./file0\x00', 0x4e141, 0x0) r1 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x401ffc000) [ 347.578137][T27885] R13: 00007ffff87c0eff R14: 00007fca7ad7c300 R15: 0000000000022000 [ 347.616906][T27889] loop0: detected capacity change from 0 to 201 11:13:37 executing program 0: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f00000000c0)='./file1\x00', 0x7aca, 0x1, &(0x7f00000002c0)=[{&(0x7f0000000180)="040005090000000066617400040409000200027400f801", 0x17}], 0x0, &(0x7f0000000100)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') r0 = open(&(0x7f00000000c0)='./file0\x00', 0x40c2, 0x0) write(r0, &(0x7f0000001400)="bb8f9f640903127a53527c6fbfe65d43b0e0586f2d40c7e7df58cac83420e83662d6e39bb6d5430622431454eedeeaee423d8f210bc3525fa7927c18d5fbc91ab13c2041136047d8da9375934d00f325499bfe77", 0x54) umount2(&(0x7f0000000080)='./file1\x00', 0x4) write$P9_RSTAT(r0, &(0x7f0000000240)={0x54, 0x7d, 0x0, {0x0, 0x4d, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0, 0x0, '', 0x6, 'msdos\x00', 0xa, '/dev/vcsu\x00', 0xa, '\\j}/*/|,\x13('}}, 0x54) [ 347.670374][T27924] loop4: detected capacity change from 0 to 262160 [ 347.679071][T27921] FAULT_INJECTION: forcing a failure. [ 347.679071][T27921] name failslab, interval 1, probability 0, space 0, times 0 [ 347.691730][T27921] CPU: 1 PID: 27921 Comm: syz-executor.2 Not tainted 5.15.0-rc1-syzkaller #0 [ 347.700506][T27921] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 347.710577][T27921] Call Trace: [ 347.713856][T27921] dump_stack_lvl+0xd6/0x122 [ 347.718531][T27921] dump_stack+0x11/0x1b [ 347.722683][T27921] should_fail+0x23c/0x250 [ 347.727216][T27921] ? ext4_mb_new_blocks+0x317/0x1fc0 [ 347.732747][T27921] __should_failslab+0x81/0x90 [ 347.737539][T27921] should_failslab+0x5/0x20 [ 347.742040][T27921] kmem_cache_alloc+0x4f/0x300 [ 347.746793][T27921] ext4_mb_new_blocks+0x317/0x1fc0 [ 347.751972][T27921] ? ext4_find_extent+0x7b2/0x7f0 [ 347.757030][T27921] ? ext4_ext_search_right+0x246/0x540 [ 347.762528][T27921] ext4_ext_map_blocks+0x15ed/0x1ff0 [ 347.767840][T27921] ? ext4_es_lookup_extent+0x36b/0x490 [ 347.773362][T27921] ext4_map_blocks+0x71e/0xf00 [ 347.778247][T27921] ext4_iomap_begin+0x4b0/0x630 [ 347.783109][T27921] ? ext4_alloc_da_blocks+0xd0/0xd0 [ 347.788343][T27921] iomap_iter+0x39c/0x470 [ 347.792790][T27921] __iomap_dio_rw+0x698/0x1010 [ 347.797708][T27921] iomap_dio_rw+0x30/0x70 [ 347.802043][T27921] ? ext4_file_write_iter+0x4a1/0x11f0 [ 347.807542][T27921] ext4_file_write_iter+0xabe/0x11f0 [ 347.812818][T27921] ? ext4_file_write_iter+0x4a1/0x11f0 [ 347.818311][T27921] do_iter_readv_writev+0x2de/0x380 [ 347.823697][T27921] do_iter_write+0x192/0x5c0 [ 347.828289][T27921] ? splice_from_pipe_next+0x34f/0x3b0 [ 347.833740][T27921] ? kmalloc_array+0x2d/0x40 [ 347.838425][T27921] vfs_iter_write+0x4c/0x70 [ 347.842937][T27921] iter_file_splice_write+0x43a/0x790 [ 347.848298][T27921] ? splice_from_pipe+0xd0/0xd0 [ 347.853141][T27921] direct_splice_actor+0x80/0xa0 [ 347.858239][T27921] splice_direct_to_actor+0x345/0x650 [ 347.863606][T27921] ? do_splice_direct+0x190/0x190 [ 347.868616][T27921] do_splice_direct+0x106/0x190 [ 347.873539][T27921] do_sendfile+0x63e/0xbb0 [ 347.877958][T27921] __x64_sys_sendfile64+0x102/0x140 [ 347.883162][T27921] do_syscall_64+0x44/0xa0 [ 347.887570][T27921] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 347.893460][T27921] RIP: 0033:0x7fca7d004739 [ 347.897866][T27921] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 347.917592][T27921] RSP: 002b:00007fca7ad7c188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 347.926002][T27921] RAX: ffffffffffffffda RBX: 00007fca7d108f80 RCX: 00007fca7d004739 [ 347.934056][T27921] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000003 [ 347.942014][T27921] RBP: 00007fca7ad7c1d0 R08: 0000000000000000 R09: 0000000000000000 [ 347.950162][T27921] R10: 0000000401ffc000 R11: 0000000000000246 R12: 0000000000000002 [ 347.958119][T27921] R13: 00007ffff87c0eff R14: 00007fca7ad7c300 R15: 0000000000022000 11:13:38 executing program 2 (fault-call:5 fault-nth:44): getpid() syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = open(&(0x7f00000001c0)='./file0\x00', 0x4e141, 0x0) r1 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x401ffc000) [ 347.983810][T27935] loop0: detected capacity change from 0 to 61 [ 348.001254][T27935] attempt to access beyond end of device [ 348.001254][T27935] loop0: rw=2049, want=64, limit=61 [ 348.101807][T27941] FAULT_INJECTION: forcing a failure. [ 348.101807][T27941] name failslab, interval 1, probability 0, space 0, times 0 [ 348.114657][T27941] CPU: 0 PID: 27941 Comm: syz-executor.2 Not tainted 5.15.0-rc1-syzkaller #0 [ 348.123643][T27941] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 348.133814][T27941] Call Trace: [ 348.137086][T27941] dump_stack_lvl+0xd6/0x122 [ 348.141692][T27941] dump_stack+0x11/0x1b [ 348.145920][T27941] should_fail+0x23c/0x250 [ 348.150352][T27941] ? ext4_mb_new_blocks+0x317/0x1fc0 [ 348.155650][T27941] __should_failslab+0x81/0x90 [ 348.160431][T27941] should_failslab+0x5/0x20 [ 348.165043][T27941] kmem_cache_alloc+0x4f/0x300 [ 348.170013][T27941] ext4_mb_new_blocks+0x317/0x1fc0 [ 348.175315][T27941] ? ext4_find_extent+0x7b2/0x7f0 [ 348.180373][T27941] ? ext4_ext_search_right+0x246/0x540 [ 348.185833][T27941] ext4_ext_map_blocks+0x15ed/0x1ff0 [ 348.191125][T27941] ? ext4_es_lookup_extent+0x36b/0x490 [ 348.196588][T27941] ext4_map_blocks+0x71e/0xf00 [ 348.201453][T27941] ? crypto_shash_update+0x13c/0x1a0 [ 348.206796][T27941] ext4_iomap_begin+0x4b0/0x630 [ 348.211682][T27941] ? ext4_alloc_da_blocks+0xd0/0xd0 [ 348.216879][T27941] iomap_iter+0x39c/0x470 [ 348.221197][T27941] __iomap_dio_rw+0x698/0x1010 [ 348.226074][T27941] ? __ext4_mark_inode_dirty+0x501/0x5c0 [ 348.231948][T27941] iomap_dio_rw+0x30/0x70 [ 348.236266][T27941] ? ext4_file_write_iter+0x4a1/0x11f0 [ 348.241705][T27941] ext4_file_write_iter+0xabe/0x11f0 [ 348.247051][T27941] ? ext4_file_write_iter+0x4a1/0x11f0 [ 348.252514][T27941] do_iter_readv_writev+0x2de/0x380 [ 348.257701][T27941] do_iter_write+0x192/0x5c0 [ 348.262285][T27941] ? splice_from_pipe_next+0x34f/0x3b0 [ 348.267744][T27941] ? kmalloc_array+0x2d/0x40 [ 348.272314][T27941] vfs_iter_write+0x4c/0x70 [ 348.276799][T27941] iter_file_splice_write+0x43a/0x790 [ 348.282170][T27941] ? splice_from_pipe+0xd0/0xd0 [ 348.287096][T27941] direct_splice_actor+0x80/0xa0 [ 348.292016][T27941] splice_direct_to_actor+0x345/0x650 [ 348.297499][T27941] ? do_splice_direct+0x190/0x190 [ 348.302526][T27941] do_splice_direct+0x106/0x190 [ 348.307355][T27941] do_sendfile+0x63e/0xbb0 [ 348.311766][T27941] __x64_sys_sendfile64+0x102/0x140 [ 348.316958][T27941] do_syscall_64+0x44/0xa0 [ 348.321368][T27941] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 348.327251][T27941] RIP: 0033:0x7fca7d004739 [ 348.331662][T27941] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 348.351417][T27941] RSP: 002b:00007fca7ad7c188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 348.359834][T27941] RAX: ffffffffffffffda RBX: 00007fca7d108f80 RCX: 00007fca7d004739 [ 348.367785][T27941] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000003 [ 348.375759][T27941] RBP: 00007fca7ad7c1d0 R08: 0000000000000000 R09: 0000000000000000 [ 348.383712][T27941] R10: 0000000401ffc000 R11: 0000000000000246 R12: 0000000000000002 [ 348.391733][T27941] R13: 00007ffff87c0eff R14: 00007fca7ad7c300 R15: 0000000000022000 11:13:40 executing program 0: r0 = syz_open_dev$vcsa(&(0x7f0000000100), 0x7, 0x272000) ioctl$TCSETS(r0, 0x5402, &(0x7f0000000080)={0x0, 0xad75, 0x8001, 0x5, 0xf, "311185b1a80c1e29e197d7b1912c046d5643ae"}) syz_mount_image$msdos(&(0x7f0000000040), &(0x7f00000000c0)='./file1\x00', 0x7aca, 0x1, &(0x7f00000002c0)=[{&(0x7f0000000180)="040005090000000066617400040409000200027400f801", 0x17}], 0x0, &(0x7f0000000100)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') r1 = open(&(0x7f00000000c0)='./file0\x00', 0x40c2, 0x0) write(r1, &(0x7f0000001400)="bb8f9f640903127a53527c6fbfe65d43b0e0586f2d40c7e7df58cac83420e83662d6e39bb6d5430622431454eedeeaee423d8f210bc3525fa7927c18d5fbc91ab13c2041136047d8da9375934d00f325499bfe77", 0x54) write$P9_RSTAT(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="540000007d00000000cd00000000000000000000200000000000000000000000000000000064978dabc5c22d320000000000000e994d544423aa08000a002f6465762f76637375000a005c6a7d2f2a2f7c2c13286d737656da177209ac0d8b2d6b449b84788ac9ac774ac21bd4792759e1dab1d5a8c30f01fd5cc472b3e28c77cebf8660f99072a40351ea9180b2cf72f63093e1d304a54dec76c630a46f33660d1979df608c9721d889bf43cab72667a31e685c38fb3e09135d7c1c092a994d5d5fdcd19f9a5e3d466c932d3fbfa97f8f8b78fdb5767410"], 0x54) 11:13:40 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000240)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') write$binfmt_script(0xffffffffffffffff, 0x0, 0x8800000) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0) ioctl$SG_IO(r1, 0x2285, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8914, 0x0) r2 = open(&(0x7f00000001c0)='./file0\x00', 0x4e141, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r2, r3, 0x0, 0x401ffc000) 11:13:40 executing program 1: prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000240)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x14d842, 0x0) sendfile(r1, 0xffffffffffffffff, 0x0, 0x80000001) r2 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r2, &(0x7f0000000300)=ANY=[], 0x116) sendfile(r2, r2, &(0x7f0000000240), 0x7fff) r3 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) sendfile(r3, r3, &(0x7f0000000240), 0x7fff) 11:13:40 executing program 5: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f00000000c0)='./file1\x00', 0x7aca, 0x1, &(0x7f00000002c0)=[{0x0}], 0x0, &(0x7f0000000080)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') r0 = open(&(0x7f00000000c0)='./file0\x00', 0x40c2, 0x0) write(r0, &(0x7f0000001400)="bb", 0x1001) r1 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r1, &(0x7f0000000300)=ANY=[], 0x116) sendfile(r1, r1, &(0x7f0000000240), 0x7fff) creat(&(0x7f0000000100)='./file1\x00', 0x1a2) sendfile(r1, r0, &(0x7f0000000080), 0x684aa014) write$binfmt_script(r0, 0x0, 0x60) ioctl$FS_IOC_GETFSMAP(0xffffffffffffffff, 0xc0c0583b, &(0x7f0000000300)=ANY=[@ANYBLOB="000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000300000001000000ff00000000000000d71f1e0500000000080000000000000039000000000000000000000000000000000000000000000000000000000000009e0f0000c70000000800000000000000000000000000000000000000000000000200"/320]) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) gettid() wait4(0x0, 0x0, 0x4000000a, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000002c0)="0f34", 0x2}], 0x1, 0x0) 11:13:40 executing program 3: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f00000000c0)='./file1\x00', 0x0, 0x1, &(0x7f00000002c0)=[{&(0x7f0000000180)="040005090000000066617400040409000200027400f801", 0x17}], 0x0, &(0x7f0000000080)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') r0 = open(&(0x7f00000000c0)='./file0\x00', 0x40c2, 0x0) write(r0, &(0x7f0000001400)="bb", 0x1001) r1 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r1, &(0x7f0000000300)=ANY=[], 0x116) sendfile(r1, r1, &(0x7f0000000240), 0x7fff) creat(&(0x7f0000000100)='./file1\x00', 0x1a2) sendfile(r1, r0, &(0x7f0000000080), 0x684aa014) write$binfmt_script(r0, 0x0, 0x60) ioctl$FS_IOC_GETFSMAP(0xffffffffffffffff, 0xc0c0583b, &(0x7f0000000300)=ANY=[@ANYBLOB="000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000300000001000000ff00000000000000d71f1e0500000000080000000000000039000000000000000000000000000000000000000000000000000000000000009e0f0000c70000000800000000000000000000000000000000000000000000000200"/320]) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() wait4(0x0, 0x0, 0x4000000a, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000002c0)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r2, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0, 0x34}, {&(0x7f0000000000)=""/3, 0x3}], 0x3, 0x0, 0x0, 0x0) tkill(r2, 0x3c) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x48, &(0x7f0000000300)="f43970da7cfeb6d42fd55103666c5762306aa6000000006e59b65f92b10000c571b846e84785185abde7d01894a79025a799ce07a8bdf0c91d32be313b558a8b5a3ae6a22cd7123b"}}], 0x1c) 11:13:40 executing program 2 (fault-call:5 fault-nth:45): getpid() syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = open(&(0x7f00000001c0)='./file0\x00', 0x4e141, 0x0) r1 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x401ffc000) [ 350.309468][T27956] loop0: detected capacity change from 0 to 61 [ 350.323796][T27954] loop4: detected capacity change from 0 to 262160 [ 350.325134][T27956] FAT-fs (loop0): Unrecognized mount option "/dev/vcsa#" or missing value [ 350.342640][T27957] FAULT_INJECTION: forcing a failure. [ 350.342640][T27957] name failslab, interval 1, probability 0, space 0, times 0 [ 350.355284][T27957] CPU: 0 PID: 27957 Comm: syz-executor.2 Not tainted 5.15.0-rc1-syzkaller #0 [ 350.364162][T27957] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 350.374221][T27957] Call Trace: [ 350.377571][T27957] dump_stack_lvl+0xd6/0x122 [ 350.382268][T27957] dump_stack+0x11/0x1b [ 350.386632][T27957] should_fail+0x23c/0x250 [ 350.391053][T27957] ? mempool_alloc_slab+0x16/0x20 [ 350.396131][T27957] __should_failslab+0x81/0x90 [ 350.400916][T27957] should_failslab+0x5/0x20 [ 350.405438][T27957] kmem_cache_alloc+0x4f/0x300 [ 350.410240][T27957] mempool_alloc_slab+0x16/0x20 [ 350.415099][T27957] ? mempool_free+0x130/0x130 [ 350.419785][T27957] mempool_alloc+0x9d/0x310 [ 350.424299][T27957] ? crypto_shash_update+0x13c/0x1a0 [ 350.429595][T27957] ? pagecache_get_page+0x7aa/0x910 [ 350.434844][T27957] sg_pool_alloc+0x74/0x90 [ 350.439294][T27957] __sg_alloc_table+0xce/0x290 [ 350.444087][T27957] sg_alloc_table_chained+0xaf/0x140 [ 350.449433][T27957] ? sg_alloc_table_chained+0x140/0x140 [ 350.455034][T27957] scsi_alloc_sgtables+0x184/0x510 [ 350.460163][T27957] sd_init_command+0x952/0x1610 [ 350.465049][T27957] scsi_queue_rq+0x10cd/0x15a0 [ 350.469831][T27957] blk_mq_dispatch_rq_list+0x63b/0x1080 [ 350.475430][T27957] blk_mq_do_dispatch_sched+0x3b5/0x640 [ 350.480989][T27957] __blk_mq_sched_dispatch_requests+0x1eb/0x290 [ 350.487240][T27957] ? rb_insert_color+0x2fa/0x310 [ 350.492190][T27957] blk_mq_sched_dispatch_requests+0x9f/0x110 [ 350.498254][T27957] __blk_mq_run_hw_queue+0xbc/0x140 [ 350.503480][T27957] __blk_mq_delay_run_hw_queue+0x163/0x2f0 [ 350.509315][T27957] blk_mq_run_hw_queue+0x22c/0x250 [ 350.514516][T27957] blk_mq_sched_insert_requests+0x12b/0x1f0 [ 350.520496][T27957] blk_mq_flush_plug_list+0x302/0x3d0 [ 350.525927][T27957] blk_flush_plug_list+0x235/0x260 [ 350.531237][T27957] blk_finish_plug+0x44/0x60 [ 350.535846][T27957] __iomap_dio_rw+0xca7/0x1010 [ 350.540808][T27957] ? __ext4_mark_inode_dirty+0x501/0x5c0 [ 350.546454][T27957] iomap_dio_rw+0x30/0x70 [ 350.550910][T27957] ? ext4_file_write_iter+0x4a1/0x11f0 [ 350.556381][T27957] ext4_file_write_iter+0xabe/0x11f0 [ 350.561703][T27957] ? ext4_file_write_iter+0x4a1/0x11f0 [ 350.567239][T27957] do_iter_readv_writev+0x2de/0x380 [ 350.572470][T27957] do_iter_write+0x192/0x5c0 [ 350.577139][T27957] ? splice_from_pipe_next+0x34f/0x3b0 [ 350.582679][T27957] ? kmalloc_array+0x2d/0x40 [ 350.587315][T27957] vfs_iter_write+0x4c/0x70 [ 350.591930][T27957] iter_file_splice_write+0x43a/0x790 [ 350.597319][T27957] ? splice_from_pipe+0xd0/0xd0 [ 350.602344][T27957] direct_splice_actor+0x80/0xa0 11:13:40 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000240)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') write$binfmt_script(0xffffffffffffffff, 0x0, 0x8800000) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0) ioctl$SG_IO(r1, 0x2285, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8914, 0x0) r2 = open(&(0x7f00000001c0)='./file0\x00', 0x4e141, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r2, r3, 0x0, 0x401ffc000) 11:13:40 executing program 1: prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000240)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x14d842, 0x0) sendfile(r1, 0xffffffffffffffff, 0x0, 0x80000001) r2 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r2, &(0x7f0000000300)=ANY=[], 0x116) sendfile(r2, r2, &(0x7f0000000240), 0x7fff) r3 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) sendfile(r3, r3, &(0x7f0000000240), 0x7fff) [ 350.607338][T27957] splice_direct_to_actor+0x345/0x650 [ 350.612782][T27957] ? do_splice_direct+0x190/0x190 [ 350.617900][T27957] do_splice_direct+0x106/0x190 [ 350.622764][T27957] do_sendfile+0x63e/0xbb0 [ 350.627238][T27957] __x64_sys_sendfile64+0x102/0x140 [ 350.632492][T27957] do_syscall_64+0x44/0xa0 [ 350.636993][T27957] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 350.642905][T27957] RIP: 0033:0x7fca7d004739 11:13:40 executing program 5: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f00000000c0)='./file1\x00', 0x7aca, 0x1, &(0x7f00000002c0)=[{0x0}], 0x0, &(0x7f0000000080)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') r0 = open(&(0x7f00000000c0)='./file0\x00', 0x40c2, 0x0) write(r0, &(0x7f0000001400)="bb", 0x1001) r1 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r1, &(0x7f0000000300)=ANY=[], 0x116) sendfile(r1, r1, &(0x7f0000000240), 0x7fff) creat(&(0x7f0000000100)='./file1\x00', 0x1a2) sendfile(r1, r0, &(0x7f0000000080), 0x684aa014) write$binfmt_script(r0, 0x0, 0x60) ioctl$FS_IOC_GETFSMAP(0xffffffffffffffff, 0xc0c0583b, &(0x7f0000000300)=ANY=[@ANYBLOB="000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000300000001000000ff00000000000000d71f1e0500000000080000000000000039000000000000000000000000000000000000000000000000000000000000009e0f0000c70000000800000000000000000000000000000000000000000000000200"/320]) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) gettid() wait4(0x0, 0x0, 0x4000000a, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000002c0)="0f34", 0x2}], 0x1, 0x0) [ 350.647352][T27957] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 350.667314][T27957] RSP: 002b:00007fca7ad7c188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 350.675873][T27957] RAX: ffffffffffffffda RBX: 00007fca7d108f80 RCX: 00007fca7d004739 [ 350.683869][T27957] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000003 [ 350.692312][T27957] RBP: 00007fca7ad7c1d0 R08: 0000000000000000 R09: 0000000000000000 [ 350.700282][T27957] R10: 0000000401ffc000 R11: 0000000000000246 R12: 0000000000000002 [ 350.708292][T27957] R13: 00007ffff87c0eff R14: 00007fca7ad7c300 R15: 0000000000022000 [ 350.734447][T27988] loop0: detected capacity change from 0 to 61 [ 350.745179][T27988] FAT-fs (loop0): Unrecognized mount option "/dev/vcsa#" or missing value 11:13:41 executing program 0: r0 = syz_mount_image$msdos(&(0x7f0000000040), &(0x7f00000000c0)='./file1\x00', 0x7aca, 0x1, &(0x7f00000002c0)=[{&(0x7f0000000180)="040005090000000066617400040409000200027400f801", 0x17}], 0x0, &(0x7f0000000100)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') r1 = open(&(0x7f00000000c0)='./file0\x00', 0x40c2, 0x0) write(r1, &(0x7f0000001400)="bb8f9f640903127a53527c6fbfe65d43b0e0586f2d40c7e7df58cac83420e83662d6e39bb6d5430622431454eedeeaee423d8f210bc3525fa7927c18d5fbc91ab13c2041136047d8da9375934d00f325499bfe77", 0x54) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f0000000080)={0x0, 0x3, 0x4, 0xb56}) write$P9_RSTAT(r1, &(0x7f0000000240)={0x54, 0x7d, 0x0, {0x0, 0x4d, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0, 0x0, '', 0x6, 'msdos\x00', 0xa, '/dev/vcsu\x00', 0xa, '\\j}/*/|,\x13('}}, 0x54) 11:13:41 executing program 2 (fault-call:5 fault-nth:46): getpid() syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = open(&(0x7f00000001c0)='./file0\x00', 0x4e141, 0x0) r1 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x401ffc000) [ 350.782668][T28001] loop4: detected capacity change from 0 to 262160 [ 350.832652][T28009] loop0: detected capacity change from 0 to 61 [ 350.874344][T28013] FAULT_INJECTION: forcing a failure. [ 350.874344][T28013] name failslab, interval 1, probability 0, space 0, times 0 [ 350.887081][T28013] CPU: 0 PID: 28013 Comm: syz-executor.2 Not tainted 5.15.0-rc1-syzkaller #0 [ 350.895925][T28013] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 350.906050][T28013] Call Trace: [ 350.909377][T28013] dump_stack_lvl+0xd6/0x122 [ 350.914046][T28013] dump_stack+0x11/0x1b [ 350.918274][T28013] should_fail+0x23c/0x250 [ 350.922813][T28013] ? kmalloc_array+0x2d/0x40 [ 350.927447][T28013] __should_failslab+0x81/0x90 [ 350.932260][T28013] should_failslab+0x5/0x20 [ 350.936814][T28013] __kmalloc+0x6f/0x350 [ 350.941041][T28013] kmalloc_array+0x2d/0x40 [ 350.945444][T28013] iter_file_splice_write+0xd5/0x790 [ 350.950744][T28013] ? atime_needs_update+0x2ba/0x390 [ 350.955947][T28013] ? touch_atime+0xe0/0x250 [ 350.960552][T28013] ? generic_file_splice_read+0x2ac/0x340 [ 350.966259][T28013] ? splice_from_pipe+0xd0/0xd0 [ 350.971097][T28013] direct_splice_actor+0x80/0xa0 [ 350.976117][T28013] splice_direct_to_actor+0x345/0x650 [ 350.981478][T28013] ? do_splice_direct+0x190/0x190 [ 350.986837][T28013] do_splice_direct+0x106/0x190 [ 350.991672][T28013] do_sendfile+0x63e/0xbb0 [ 350.996286][T28013] __x64_sys_sendfile64+0x102/0x140 [ 351.001631][T28013] do_syscall_64+0x44/0xa0 [ 351.006111][T28013] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 351.012107][T28013] RIP: 0033:0x7fca7d004739 [ 351.016507][T28013] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 351.036302][T28013] RSP: 002b:00007fca7ad7c188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 351.045064][T28013] RAX: ffffffffffffffda RBX: 00007fca7d108f80 RCX: 00007fca7d004739 [ 351.053032][T28013] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000003 [ 351.061000][T28013] RBP: 00007fca7ad7c1d0 R08: 0000000000000000 R09: 0000000000000000 11:13:41 executing program 2 (fault-call:5 fault-nth:47): getpid() syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = open(&(0x7f00000001c0)='./file0\x00', 0x4e141, 0x0) r1 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x401ffc000) [ 351.068965][T28013] R10: 0000000401ffc000 R11: 0000000000000246 R12: 0000000000000002 [ 351.077019][T28013] R13: 00007ffff87c0eff R14: 00007fca7ad7c300 R15: 0000000000022000 [ 351.099241][T28009] attempt to access beyond end of device [ 351.099241][T28009] loop0: rw=2049, want=64, limit=61 11:13:41 executing program 0: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f00000000c0)='./file1\x00', 0x7aca, 0x1, &(0x7f00000002c0)=[{&(0x7f0000000180)="040005090000000066617400040409000200027400f801", 0x17}], 0x0, &(0x7f0000000100)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') r0 = open(&(0x7f00000000c0)='./file0\x00', 0x40c2, 0x0) write(r0, &(0x7f0000001400)="bb8f9f640903127a53527c6fbfe65d43b0e0586f2d40c7e7df58cac83420e83662d6e39bb6d5430622431454eedeeaee423d8f210bc3525fa7927c18d5fbc91ab13c2041136047d8da9375934d00f325499bfe77", 0x54) write$P9_RSTAT(r0, &(0x7f0000000240)=ANY=[@ANYBLOB="540000007d000000004d000000000000000000000000000000000000000000000000000000009eba5d94d3225bb3000000000000000000000000000006006d73646f73000a002f6465762f76637375000a005c6a"], 0x54) 11:13:41 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000240)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') write$binfmt_script(0xffffffffffffffff, 0x0, 0x8800000) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0) ioctl$SG_IO(r1, 0x2285, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8914, 0x0) r2 = open(&(0x7f00000001c0)='./file0\x00', 0x4e141, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r2, r3, 0x0, 0x401ffc000) [ 351.153734][T28021] FAULT_INJECTION: forcing a failure. [ 351.153734][T28021] name failslab, interval 1, probability 0, space 0, times 0 [ 351.166372][T28021] CPU: 1 PID: 28021 Comm: syz-executor.2 Not tainted 5.15.0-rc1-syzkaller #0 [ 351.175153][T28021] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 351.185202][T28021] Call Trace: [ 351.188464][T28021] dump_stack_lvl+0xd6/0x122 [ 351.193097][T28021] dump_stack+0x11/0x1b [ 351.197265][T28021] should_fail+0x23c/0x250 [ 351.201682][T28021] __should_failslab+0x81/0x90 [ 351.206429][T28021] ? __iomap_dio_rw+0x139/0x1010 [ 351.211389][T28021] should_failslab+0x5/0x20 [ 351.215923][T28021] kmem_cache_alloc_trace+0x52/0x320 [ 351.221312][T28021] ? __getblk_gfp+0x3f/0x590 [ 351.225900][T28021] __iomap_dio_rw+0x139/0x1010 [ 351.230762][T28021] ? __brelse+0x2c/0x50 [ 351.234907][T28021] ? ext4_mark_iloc_dirty+0x161a/0x1700 [ 351.240544][T28021] iomap_dio_rw+0x30/0x70 [ 351.244932][T28021] ? ext4_file_write_iter+0x4a1/0x11f0 [ 351.250387][T28021] ext4_file_write_iter+0xabe/0x11f0 [ 351.255674][T28021] ? ext4_file_write_iter+0x4a1/0x11f0 [ 351.261119][T28021] do_iter_readv_writev+0x2de/0x380 [ 351.266393][T28021] do_iter_write+0x192/0x5c0 [ 351.270984][T28021] ? splice_from_pipe_next+0x34f/0x3b0 [ 351.276547][T28021] ? kmalloc_array+0x2d/0x40 [ 351.281123][T28021] vfs_iter_write+0x4c/0x70 [ 351.285681][T28021] iter_file_splice_write+0x43a/0x790 [ 351.291047][T28021] ? splice_from_pipe+0xd0/0xd0 [ 351.295948][T28021] direct_splice_actor+0x80/0xa0 [ 351.300865][T28021] splice_direct_to_actor+0x345/0x650 [ 351.306228][T28021] ? do_splice_direct+0x190/0x190 [ 351.311297][T28021] do_splice_direct+0x106/0x190 [ 351.316405][T28021] do_sendfile+0x63e/0xbb0 [ 351.320815][T28021] __x64_sys_sendfile64+0x102/0x140 [ 351.326104][T28021] do_syscall_64+0x44/0xa0 [ 351.330682][T28021] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 351.336700][T28021] RIP: 0033:0x7fca7d004739 [ 351.341193][T28021] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 351.360786][T28021] RSP: 002b:00007fca7ad7c188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 351.369702][T28021] RAX: ffffffffffffffda RBX: 00007fca7d108f80 RCX: 00007fca7d004739 [ 351.377782][T28021] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000003 [ 351.385750][T28021] RBP: 00007fca7ad7c1d0 R08: 0000000000000000 R09: 0000000000000000 [ 351.393723][T28021] R10: 0000000401ffc000 R11: 0000000000000246 R12: 0000000000000002 11:13:41 executing program 2 (fault-call:5 fault-nth:48): getpid() syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = open(&(0x7f00000001c0)='./file0\x00', 0x4e141, 0x0) r1 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x401ffc000) [ 351.401701][T28021] R13: 00007ffff87c0eff R14: 00007fca7ad7c300 R15: 0000000000022000 [ 351.459921][T28023] FAULT_INJECTION: forcing a failure. [ 351.459921][T28023] name failslab, interval 1, probability 0, space 0, times 0 [ 351.472704][T28023] CPU: 1 PID: 28023 Comm: syz-executor.2 Not tainted 5.15.0-rc1-syzkaller #0 [ 351.481580][T28023] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 351.487154][T28032] loop0: detected capacity change from 0 to 61 [ 351.491637][T28023] Call Trace: [ 351.491647][T28023] dump_stack_lvl+0xd6/0x122 [ 351.491680][T28023] dump_stack+0x11/0x1b [ 351.498639][T28033] loop4: detected capacity change from 0 to 262160 [ 351.501084][T28023] should_fail+0x23c/0x250 [ 351.501118][T28023] ? kcalloc+0x32/0x50 [ 351.525302][T28023] __should_failslab+0x81/0x90 [ 351.530163][T28023] should_failslab+0x5/0x20 [ 351.534664][T28023] __kmalloc+0x6f/0x350 [ 351.538894][T28023] kcalloc+0x32/0x50 [ 351.542826][T28023] ext4_find_extent+0x21c/0x7f0 [ 351.547736][T28023] ext4_ext_map_blocks+0x115/0x1ff0 [ 351.553024][T28023] ? ext4_es_lookup_extent+0x36b/0x490 [ 351.558739][T28023] ext4_map_blocks+0x71e/0xf00 [ 351.563541][T28023] ext4_iomap_begin+0x4b0/0x630 [ 351.568460][T28023] ? ext4_alloc_da_blocks+0xd0/0xd0 [ 351.573821][T28023] iomap_iter+0x39c/0x470 [ 351.578162][T28023] __iomap_dio_rw+0x698/0x1010 [ 351.582938][T28023] iomap_dio_rw+0x30/0x70 [ 351.587313][T28023] ? ext4_file_write_iter+0x4a1/0x11f0 [ 351.592789][T28023] ext4_file_write_iter+0xabe/0x11f0 [ 351.598072][T28023] ? ext4_file_write_iter+0x4a1/0x11f0 [ 351.603521][T28023] do_iter_readv_writev+0x2de/0x380 [ 351.608831][T28023] do_iter_write+0x192/0x5c0 [ 351.614163][T28023] ? splice_from_pipe_next+0x34f/0x3b0 [ 351.619858][T28023] ? kmalloc_array+0x2d/0x40 [ 351.624475][T28023] vfs_iter_write+0x4c/0x70 [ 351.628976][T28023] iter_file_splice_write+0x43a/0x790 [ 351.634357][T28023] ? splice_from_pipe+0xd0/0xd0 [ 351.639222][T28023] direct_splice_actor+0x80/0xa0 [ 351.644149][T28023] splice_direct_to_actor+0x345/0x650 [ 351.649550][T28023] ? do_splice_direct+0x190/0x190 [ 351.654615][T28023] do_splice_direct+0x106/0x190 [ 351.659567][T28023] do_sendfile+0x63e/0xbb0 [ 351.664030][T28023] __x64_sys_sendfile64+0x102/0x140 [ 351.669233][T28023] do_syscall_64+0x44/0xa0 [ 351.673730][T28023] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 351.679712][T28023] RIP: 0033:0x7fca7d004739 [ 351.684113][T28023] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 11:13:41 executing program 5: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f00000000c0)='./file1\x00', 0x7aca, 0x1, &(0x7f00000002c0)=[{0x0}], 0x0, &(0x7f0000000080)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') r0 = open(&(0x7f00000000c0)='./file0\x00', 0x40c2, 0x0) write(r0, &(0x7f0000001400)="bb", 0x1001) r1 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r1, &(0x7f0000000300)=ANY=[], 0x116) sendfile(r1, r1, &(0x7f0000000240), 0x7fff) creat(&(0x7f0000000100)='./file1\x00', 0x1a2) sendfile(r1, r0, &(0x7f0000000080), 0x684aa014) write$binfmt_script(r0, 0x0, 0x60) ioctl$FS_IOC_GETFSMAP(0xffffffffffffffff, 0xc0c0583b, &(0x7f0000000300)=ANY=[@ANYBLOB="000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000300000001000000ff00000000000000d71f1e0500000000080000000000000039000000000000000000000000000000000000000000000000000000000000009e0f0000c70000000800000000000000000000000000000000000000000000000200"/320]) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) gettid() wait4(0x0, 0x0, 0x4000000a, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000002c0)="0f34", 0x2}], 0x1, 0x0) [ 351.703819][T28023] RSP: 002b:00007fca7ad7c188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 351.712293][T28023] RAX: ffffffffffffffda RBX: 00007fca7d108f80 RCX: 00007fca7d004739 [ 351.720261][T28023] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000003 [ 351.728272][T28023] RBP: 00007fca7ad7c1d0 R08: 0000000000000000 R09: 0000000000000000 [ 351.736509][T28023] R10: 0000000401ffc000 R11: 0000000000000246 R12: 0000000000000002 [ 351.744482][T28023] R13: 00007ffff87c0eff R14: 00007fca7ad7c300 R15: 0000000000022000 11:13:43 executing program 3: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f00000000c0)='./file1\x00', 0x0, 0x1, &(0x7f00000002c0)=[{&(0x7f0000000180)="040005090000000066617400040409000200027400f801", 0x17}], 0x0, &(0x7f0000000080)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') r0 = open(&(0x7f00000000c0)='./file0\x00', 0x40c2, 0x0) write(r0, &(0x7f0000001400)="bb", 0x1001) r1 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r1, &(0x7f0000000300)=ANY=[], 0x116) sendfile(r1, r1, &(0x7f0000000240), 0x7fff) creat(&(0x7f0000000100)='./file1\x00', 0x1a2) sendfile(r1, r0, &(0x7f0000000080), 0x684aa014) write$binfmt_script(r0, 0x0, 0x60) ioctl$FS_IOC_GETFSMAP(0xffffffffffffffff, 0xc0c0583b, &(0x7f0000000300)=ANY=[@ANYBLOB="000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000300000001000000ff00000000000000d71f1e0500000000080000000000000039000000000000000000000000000000000000000000000000000000000000009e0f0000c70000000800000000000000000000000000000000000000000000000200"/320]) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() wait4(0x0, 0x0, 0x4000000a, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000002c0)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r2, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0, 0x34}, {&(0x7f0000000000)=""/3, 0x3}], 0x3, 0x0, 0x0, 0x0) tkill(r2, 0x3c) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x48, &(0x7f0000000300)="f43970da7cfeb6d42fd55103666c5762306aa6000000006e59b65f92b10000c571b846e84785185abde7d01894a79025a799ce07a8bdf0c91d32be313b558a8b5a3ae6a22cd7123b"}}], 0x1c) 11:13:43 executing program 1: prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000240)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x14d842, 0x0) sendfile(r1, 0xffffffffffffffff, 0x0, 0x80000001) r2 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r2, &(0x7f0000000300)=ANY=[], 0x116) sendfile(r2, r2, &(0x7f0000000240), 0x7fff) r3 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) sendfile(r3, r3, &(0x7f0000000240), 0x7fff) 11:13:43 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getpid() sched_setattr(0x0, &(0x7f0000000240)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') write$binfmt_script(0xffffffffffffffff, 0x0, 0x8800000) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0) ioctl$SG_IO(r0, 0x2285, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8914, 0x0) r1 = open(&(0x7f00000001c0)='./file0\x00', 0x4e141, 0x0) r2 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x401ffc000) 11:13:43 executing program 2 (fault-call:5 fault-nth:49): getpid() syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = open(&(0x7f00000001c0)='./file0\x00', 0x4e141, 0x0) r1 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x401ffc000) 11:13:43 executing program 5: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f00000000c0)='./file1\x00', 0x7aca, 0x1, &(0x7f00000002c0)=[{&(0x7f0000000180)}], 0x0, &(0x7f0000000080)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') r0 = open(&(0x7f00000000c0)='./file0\x00', 0x40c2, 0x0) write(r0, &(0x7f0000001400)="bb", 0x1001) r1 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r1, &(0x7f0000000300)=ANY=[], 0x116) sendfile(r1, r1, &(0x7f0000000240), 0x7fff) creat(&(0x7f0000000100)='./file1\x00', 0x1a2) sendfile(r1, r0, &(0x7f0000000080), 0x684aa014) write$binfmt_script(r0, 0x0, 0x60) ioctl$FS_IOC_GETFSMAP(0xffffffffffffffff, 0xc0c0583b, &(0x7f0000000300)=ANY=[@ANYBLOB="000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000300000001000000ff00000000000000d71f1e0500000000080000000000000039000000000000000000000000000000000000000000000000000000000000009e0f0000c70000000800000000000000000000000000000000000000000000000200"/320]) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) gettid() wait4(0x0, 0x0, 0x4000000a, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000002c0)="0f34", 0x2}], 0x1, 0x0) 11:13:43 executing program 0: r0 = syz_mount_image$msdos(&(0x7f0000000040), &(0x7f00000000c0)='./file1\x00', 0x7aca, 0x1, &(0x7f00000002c0)=[{&(0x7f0000000180)="040005090000000066617400040409000200027400f801", 0x17}], 0x0, &(0x7f0000000100)=ANY=[]) r1 = syz_open_dev$sg(&(0x7f0000000080), 0x1, 0x1) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, &(0x7f0000001640)={0x0, ""/256, 0x0, 0x0, 0x0, 0x0, ""/16, ""/16, ""/16, 0x0, 0x0, 0x0, 0x0}) ioctl$BTRFS_IOC_SUBVOL_CREATE_V2(0xffffffffffffffff, 0x50009418, &(0x7f0000000400)={{}, r3, 0x14, @inherit={0x88, &(0x7f0000001580)=ANY=[@ANYRES16=r4]}, @devid}) ioctl$BTRFS_IOC_BALANCE_PROGRESS(0xffffffffffffffff, 0x84009422, &(0x7f0000001940)={0x0, 0x0, {0x0, @usage, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}, {0x0, @usage, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}, {0x0, @usage, 0x0}}) socketpair(0x1, 0x20000000000001, 0x0, &(0x7f0000001400)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_SET_FILTER(r6, 0x8914, &(0x7f0000000040)='lo\x00\x96o\xd6Q\xb9Y\xa9\xc8J,\x00\xd2\x97\x04\x03\xdc\r') ioctl$PERF_EVENT_IOC_SET_FILTER(r6, 0x8923, &(0x7f0000000680)='lo\x00\x96o8\x0fd\xa1\xe3\xd7]b}\x1f\xa1Y\xad4\x90\x9d`\xd2\x98\x00\x00\x00 \'Y\x17]\x15c\xcaR\xdd\x98OC\x89\x1b\xe7\x84\xe2\x05\x80w\xd2|D\x8dK\x14Bx\xcbuH\xc2\xeec\xbf<>Y\x1a\xfc\x1f9OB\x81\x89\x186\xc5q@n\xb4\xb6s\xb0\x00\x00\x00\x00\x00\b\x00\x00\xda\xef\xecE\xec\xd5I\xb2\x9b\xfe\x8d\x90?\x00\xe9\xe4~g:\xc1\xb2aj\x96\xbb\xa7\xe2\xc0\xdc\xf9Q\b\xeb\x16\x7fT\x11\xd3\r7\xe6\"f\xcf\x8e\xabd\x0ftp\x82\xae\xd2\x15\x8e+c\xf6\xbf\xe14>\xa6-\xa5c\xde\xd7\xab\xea\x1f\xf8s2\x9cVF\xd5\x18\xfe\x0e\x8f \x01\x00\x00y.\xfc*\x82\xa5\xa1p5\xc8{\xf7\xef\xab\xe8\x99\xebw#\x8at\x1c\x80\xfc\xb0\x95\xa2\xa7\xd7,Y]E8\x83X\xf5F\xdc\x88-\xf5\xb0\xb5^\xdb\x1a\xb6\xaa\x14\xe2\xb9\rh^J-\xd1\xbaUn\x04\'l\x1b\xe0o\xdb\xc8\x91%\x1c\xb5\xbf\xb6\x90\xb4\xc2\x7f]/\xb3\xe7\xc9\'\x94\xcfIo\xdf\x04\x95\xb5\x06\x84\x1fH>\xda\xc5\x04 \x94\x88\xeb\'\xd4;6\x7f\xd9\x99-\x1b|G\x8d\xd4\xb9%\xaaQ\xa0K\x10\x03\x93\xe1\xcc\xe7m\x80\'\xf0\xa5\xed(\r\xa8\x0f&\xb1\xf3\xff0\f\x82%_\x92\x8bD\xb9\xd9\xe7\xf2\xe4\xc1i#\xdc\x87A\xb9\xc7\r\x92\xfa\x11\x11\xb5\x1f\x03\x9d\xdd\x1bj\xdf\xacg\xe3\xa0S\xd3\x8a\xe1n\x97\xea\xf5\xa0\'\v\xe9\xa0\xf1 f\xaan\xcf\xb5i\xb6d\xbc\x92\v\xd58\x16\b\xb3_:\xa4!\ny\xc4&\nWMM\xa8\xc4\v\x9f\x01o\xf4\xab&\xb6\x17\x02P\xc3!N\xa1\x86\"\xd7\x04\xf1\xc0!\xed\xff\xee$\xc89\x8cB0\xd1dD\xe0IP\x88\xa2\xf2Y\x9af$$\xf1\x81\x96\xf7P\xac\xca\x80:!\xb4\x94#\xcb^\x9f\'\x03\xe3\x93\xb9\x82\xbf\xcf\xc4\xe3\xf7\x03Oh\xf2r\xca\x8ff\xbb/\x9f*\xaf\x1a \xa5\xa0?%M\xa5\x86\x98\xfa4\'1\xc7\f<\xcc@\xe8\x8a\xac.\xde\xe4\xc7\xf5\x9ck\xa40!\xe9\x14$\xb3\x05m\xb5m\xed\ft\x93\xd8\xa3\x80\'Y\xb9\x05\xbbt|\xbe\xbcz\n\xf3\xf5p\xf8\x9f~\x1b\xd0\v\x1cQ') sendmsg$NLBL_CIPSOV4_C_REMOVE(r6, &(0x7f0000000240)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000200)={&(0x7f0000001840)=ANY=[@ANYRES32=r5, @ANYRES32=r4, @ANYRESOCT, @ANYRES32=r2, @ANYRES32, @ANYRES64, @ANYRESHEX], 0x3}, 0x1, 0x0, 0x0, 0x4}, 0x40025) ioctl$BTRFS_IOC_TREE_SEARCH_V2(r1, 0xc0709411, &(0x7f000004d3c0)={{0x0, 0x5, 0x9, 0x8, 0x1ff, 0xae, 0x2, 0xfff, 0x7, 0x5b, 0x2, 0x8001, 0x533, 0x99, 0x5}, 0x8, [0x0]}) ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(r1, 0xd000943d, &(0x7f000004d440)={0x4dd, [{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x0}], 0x0, "ad6795a46fc8bc"}) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, &(0x7f000004e440)={0x0, ""/256, 0x0, 0x0}) ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(r0, 0xd000943d, &(0x7f000004e640)={0x32, [{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0}], 0x25, "02d1563bccfe2c"}) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r1, 0x81f8943c, &(0x7f000004f640)={0x0, ""/256, 0x0}) ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(0xffffffffffffffff, 0xd000943d, &(0x7f000004f840)={0x5, [{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, r2}, {}, {}, {}, {r7, r8}, {0x0, r9}, {}, {r10}, {r11}], 0x1f, "f18f2c49c48d7b"}) chdir(&(0x7f0000000000)='./file1\x00') r12 = open(&(0x7f00000000c0)='./file0\x00', 0x40c2, 0x0) openat(r0, &(0x7f0000000100)='./file1\x00', 0x8000, 0x1) write(r12, &(0x7f0000001400)="bb8f9f640903127a53527c6fbfe65d43b0e0586f2d40c7e7df58cac83420e83662d6e39bb6d5430622431454eedeeaee423d8f210bc3525fa7927c18d5fbc91ab13c2041136047d8da9375934d00f325499bfe77", 0x54) write$P9_RSTAT(r12, &(0x7f0000000240)={0x54, 0x7d, 0x0, {0x0, 0x4d, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0, 0x0, '', 0x6, 'msdos\x00', 0xa, '/dev/vcsu\x00', 0xa, '\\j}/*/|,\x13('}}, 0x54) [ 353.385153][T28069] loop4: detected capacity change from 0 to 262160 [ 353.391559][T28070] loop0: detected capacity change from 0 to 61 [ 353.430061][T28076] FAULT_INJECTION: forcing a failure. [ 353.430061][T28076] name failslab, interval 1, probability 0, space 0, times 0 [ 353.442819][T28076] CPU: 1 PID: 28076 Comm: syz-executor.2 Not tainted 5.15.0-rc1-syzkaller #0 [ 353.451587][T28076] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 353.461656][T28076] Call Trace: [ 353.464937][T28076] dump_stack_lvl+0xd6/0x122 [ 353.469533][T28076] dump_stack+0x11/0x1b [ 353.473705][T28076] should_fail+0x23c/0x250 [ 353.478209][T28084] attempt to access beyond end of device [ 353.478209][T28084] loop0: rw=2049, want=64, limit=61 [ 353.478128][T28076] ? kcalloc+0x32/0x50 [ 353.478236][T28076] __should_failslab+0x81/0x90 [ 353.478256][T28076] should_failslab+0x5/0x20 [ 353.502470][T28076] __kmalloc+0x6f/0x350 [ 353.506739][T28076] kcalloc+0x32/0x50 [ 353.510727][T28076] ext4_find_extent+0x21c/0x7f0 [ 353.515614][T28076] ext4_ext_map_blocks+0x115/0x1ff0 [ 353.520848][T28076] ? ext4_es_lookup_extent+0x36b/0x490 11:13:43 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getpid() sched_setattr(0x0, &(0x7f0000000240)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') write$binfmt_script(0xffffffffffffffff, 0x0, 0x8800000) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0) ioctl$SG_IO(r0, 0x2285, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8914, 0x0) r1 = open(&(0x7f00000001c0)='./file0\x00', 0x4e141, 0x0) r2 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x401ffc000) [ 353.526313][T28076] ext4_map_blocks+0x71e/0xf00 [ 353.531087][T28076] ext4_iomap_begin+0x4b0/0x630 [ 353.535953][T28076] ? ext4_alloc_da_blocks+0xd0/0xd0 [ 353.541164][T28076] iomap_iter+0x39c/0x470 [ 353.545505][T28076] __iomap_dio_rw+0x698/0x1010 [ 353.550351][T28076] iomap_dio_rw+0x30/0x70 [ 353.554688][T28076] ? ext4_file_write_iter+0x4a1/0x11f0 [ 353.560243][T28076] ext4_file_write_iter+0xabe/0x11f0 [ 353.565571][T28076] ? ext4_file_write_iter+0x4a1/0x11f0 [ 353.571043][T28076] do_iter_readv_writev+0x2de/0x380 [ 353.576279][T28076] do_iter_write+0x192/0x5c0 11:13:43 executing program 0: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f00000000c0)='./file1\x00', 0x7aca, 0x1, &(0x7f00000002c0)=[{&(0x7f0000000180)="040005090000000066617400040409000200027400f801", 0x17}], 0x0, &(0x7f0000000100)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') r0 = open(&(0x7f00000000c0)='./file0\x00', 0x40c2, 0x0) write(r0, &(0x7f0000001400)="bb8f9f640903127a53527c6fbfe65d43b0e0586f2d40c7e7df58cac83420e83662d6e39bb6d5430622431454eedeeaee423d8f210bc3525fa7927c18d5fbc91ab13c2041136047d8da9375934d00f325499bfe77", 0x54) write$P9_RSTAT(r0, &(0x7f0000000240)=ANY=[@ANYBLOB="540000007d000000004d00000000000000000000000000000000000000000000000000000000000000000000000000000000000006006d73646f73000a002f5d65762f76637375000a005c6a7d2f2a2f7c2c1328"], 0x54) [ 353.580875][T28076] ? splice_from_pipe_next+0x34f/0x3b0 [ 353.586339][T28076] ? kmalloc_array+0x2d/0x40 [ 353.590936][T28076] vfs_iter_write+0x4c/0x70 [ 353.595532][T28076] iter_file_splice_write+0x43a/0x790 [ 353.600918][T28076] ? splice_from_pipe+0xd0/0xd0 [ 353.606132][T28076] direct_splice_actor+0x80/0xa0 [ 353.611073][T28076] splice_direct_to_actor+0x345/0x650 [ 353.616632][T28076] ? do_splice_direct+0x190/0x190 [ 353.621751][T28076] do_splice_direct+0x106/0x190 [ 353.626709][T28076] do_sendfile+0x63e/0xbb0 [ 353.631204][T28076] __x64_sys_sendfile64+0x102/0x140 [ 353.637400][T28076] do_syscall_64+0x44/0xa0 [ 353.641805][T28076] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 353.647697][T28076] RIP: 0033:0x7fca7d004739 [ 353.652463][T28076] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 353.672162][T28076] RSP: 002b:00007fca7ad7c188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 11:13:43 executing program 2 (fault-call:5 fault-nth:50): getpid() syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = open(&(0x7f00000001c0)='./file0\x00', 0x4e141, 0x0) r1 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x401ffc000) [ 353.680573][T28076] RAX: ffffffffffffffda RBX: 00007fca7d108f80 RCX: 00007fca7d004739 [ 353.688611][T28076] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000003 [ 353.696563][T28076] RBP: 00007fca7ad7c1d0 R08: 0000000000000000 R09: 0000000000000000 [ 353.704534][T28076] R10: 0000000401ffc000 R11: 0000000000000246 R12: 0000000000000002 [ 353.712489][T28076] R13: 00007ffff87c0eff R14: 00007fca7ad7c300 R15: 0000000000022000 [ 353.774214][T28100] FAULT_INJECTION: forcing a failure. [ 353.774214][T28100] name failslab, interval 1, probability 0, space 0, times 0 [ 353.786964][T28100] CPU: 1 PID: 28100 Comm: syz-executor.2 Not tainted 5.15.0-rc1-syzkaller #0 [ 353.787383][T28110] loop0: detected capacity change from 0 to 61 [ 353.795739][T28100] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 353.795755][T28100] Call Trace: [ 353.795763][T28100] dump_stack_lvl+0xd6/0x122 [ 353.820022][T28100] dump_stack+0x11/0x1b [ 353.824234][T28100] should_fail+0x23c/0x250 [ 353.828721][T28100] ? mempool_alloc_slab+0x16/0x20 [ 353.833737][T28100] __should_failslab+0x81/0x90 [ 353.838490][T28100] should_failslab+0x5/0x20 [ 353.842983][T28100] kmem_cache_alloc+0x4f/0x300 [ 353.847761][T28100] mempool_alloc_slab+0x16/0x20 [ 353.852603][T28100] ? mempool_free+0x130/0x130 [ 353.857284][T28100] mempool_alloc+0x9d/0x310 [ 353.861773][T28100] bio_alloc_bioset+0xcc/0x530 [ 353.866525][T28100] ? iov_iter_alignment+0x34b/0x370 [ 353.871759][T28100] iomap_dio_bio_iter+0x5e1/0xc00 [ 353.876780][T28100] __iomap_dio_rw+0x8d8/0x1010 [ 353.881541][T28100] iomap_dio_rw+0x30/0x70 [ 353.885902][T28100] ? ext4_file_write_iter+0x4a1/0x11f0 [ 353.891451][T28100] ext4_file_write_iter+0xabe/0x11f0 [ 353.896726][T28100] ? ext4_file_write_iter+0x4a1/0x11f0 [ 353.902190][T28100] do_iter_readv_writev+0x2de/0x380 [ 353.907445][T28100] do_iter_write+0x192/0x5c0 [ 353.912043][T28100] ? splice_from_pipe_next+0x34f/0x3b0 [ 353.917498][T28100] ? kmalloc_array+0x2d/0x40 [ 353.922146][T28100] vfs_iter_write+0x4c/0x70 [ 353.926721][T28100] iter_file_splice_write+0x43a/0x790 [ 353.932087][T28100] ? splice_from_pipe+0xd0/0xd0 [ 353.936939][T28100] direct_splice_actor+0x80/0xa0 [ 353.942299][T28100] splice_direct_to_actor+0x345/0x650 [ 353.947710][T28100] ? do_splice_direct+0x190/0x190 [ 353.953355][T28100] do_splice_direct+0x106/0x190 [ 353.958281][T28100] do_sendfile+0x63e/0xbb0 [ 353.962693][T28100] __x64_sys_sendfile64+0x102/0x140 [ 353.968036][T28100] do_syscall_64+0x44/0xa0 [ 353.972447][T28100] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 353.978347][T28100] RIP: 0033:0x7fca7d004739 [ 353.982748][T28100] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 354.002479][T28100] RSP: 002b:00007fca7ad7c188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 354.010983][T28100] RAX: ffffffffffffffda RBX: 00007fca7d108f80 RCX: 00007fca7d004739 [ 354.018956][T28100] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000003 [ 354.026914][T28100] RBP: 00007fca7ad7c1d0 R08: 0000000000000000 R09: 0000000000000000 [ 354.035031][T28100] R10: 0000000401ffc000 R11: 0000000000000246 R12: 0000000000000002 [ 354.043112][T28100] R13: 00007ffff87c0eff R14: 00007fca7ad7c300 R15: 0000000000022000 [ 354.061077][T28115] loop4: detected capacity change from 0 to 262160 11:13:44 executing program 2 (fault-call:5 fault-nth:51): getpid() syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = open(&(0x7f00000001c0)='./file0\x00', 0x4e141, 0x0) r1 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x401ffc000) 11:13:44 executing program 0: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f00000000c0)='./file1\x00', 0x7aca, 0x1, &(0x7f00000002c0)=[{&(0x7f0000000180)="040005090000000066617400040409000200027400f801", 0x17}], 0x0, &(0x7f0000000100)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') r0 = open(&(0x7f0000000100)='./file1/file0\x00', 0x19f800, 0x30) write(r0, &(0x7f0000001400)="bb8f9f640903127a53527c6fbfe65d43b0e0586f2d40c7e7df58cac83420e83662d6e39bb6d5430622431454eedeeaee423d8f210bc3525fa7927c18d5fbc91ab13c2041136047d8da9375934d00f325499bfe77", 0x54) write$P9_RSTAT(r0, &(0x7f0000000240)={0x54, 0x7d, 0x0, {0x0, 0x4d, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0, 0x0, '', 0x6, 'msdos\x00', 0xa, '/dev/vcsu\x00', 0xa, '\\j}/*/|,\x13('}}, 0x54) [ 354.188939][T28121] FAULT_INJECTION: forcing a failure. [ 354.188939][T28121] name failslab, interval 1, probability 0, space 0, times 0 [ 354.201596][T28121] CPU: 1 PID: 28121 Comm: syz-executor.2 Not tainted 5.15.0-rc1-syzkaller #0 [ 354.210424][T28121] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 354.220503][T28121] Call Trace: [ 354.224044][T28121] dump_stack_lvl+0xd6/0x122 [ 354.228715][T28121] dump_stack+0x11/0x1b [ 354.232864][T28121] should_fail+0x23c/0x250 [ 354.237327][T28121] ? mempool_alloc_slab+0x16/0x20 [ 354.242341][T28121] __should_failslab+0x81/0x90 [ 354.247106][T28121] should_failslab+0x5/0x20 [ 354.251608][T28121] kmem_cache_alloc+0x4f/0x300 [ 354.256367][T28121] mempool_alloc_slab+0x16/0x20 [ 354.261476][T28121] ? mempool_free+0x130/0x130 [ 354.266142][T28121] mempool_alloc+0x9d/0x310 [ 354.270631][T28121] ? crypto_shash_update+0x13c/0x1a0 [ 354.275948][T28121] sg_pool_alloc+0x74/0x90 [ 354.280393][T28121] __sg_alloc_table+0xce/0x290 [ 354.285157][T28121] sg_alloc_table_chained+0xaf/0x140 [ 354.290437][T28121] ? sg_alloc_table_chained+0x140/0x140 [ 354.296072][T28121] scsi_alloc_sgtables+0x184/0x510 [ 354.301355][T28121] sd_init_command+0x952/0x1610 [ 354.306195][T28121] scsi_queue_rq+0x10cd/0x15a0 [ 354.310951][T28121] blk_mq_dispatch_rq_list+0x63b/0x1080 [ 354.316522][T28121] blk_mq_do_dispatch_sched+0x3b5/0x640 [ 354.322340][T28121] __blk_mq_sched_dispatch_requests+0x1eb/0x290 [ 354.328583][T28121] ? rb_insert_color+0x2fa/0x310 [ 354.333506][T28121] blk_mq_sched_dispatch_requests+0x9f/0x110 [ 354.339538][T28121] __blk_mq_run_hw_queue+0xbc/0x140 [ 354.344793][T28121] __blk_mq_delay_run_hw_queue+0x163/0x2f0 [ 354.350602][T28121] ? dd_has_work+0x77/0x250 [ 354.355218][T28121] blk_mq_run_hw_queue+0x22c/0x250 [ 354.360632][T28121] blk_mq_sched_insert_requests+0x12b/0x1f0 [ 354.366630][T28121] blk_mq_flush_plug_list+0x302/0x3d0 [ 354.371996][T28121] blk_flush_plug_list+0x235/0x260 [ 354.377182][T28121] blk_finish_plug+0x44/0x60 [ 354.381765][T28121] __iomap_dio_rw+0xca7/0x1010 [ 354.386584][T28121] iomap_dio_rw+0x30/0x70 [ 354.390939][T28121] ? ext4_file_write_iter+0x4a1/0x11f0 [ 354.396385][T28121] ext4_file_write_iter+0xabe/0x11f0 [ 354.401671][T28121] ? ext4_file_write_iter+0x4a1/0x11f0 [ 354.407117][T28121] do_iter_readv_writev+0x2de/0x380 [ 354.412479][T28121] do_iter_write+0x192/0x5c0 [ 354.417058][T28121] ? splice_from_pipe_next+0x34f/0x3b0 [ 354.422514][T28121] ? kmalloc_array+0x2d/0x40 [ 354.427100][T28121] vfs_iter_write+0x4c/0x70 [ 354.431589][T28121] iter_file_splice_write+0x43a/0x790 [ 354.436971][T28121] ? splice_from_pipe+0xd0/0xd0 [ 354.441806][T28121] direct_splice_actor+0x80/0xa0 [ 354.446735][T28121] splice_direct_to_actor+0x345/0x650 [ 354.452101][T28121] ? do_splice_direct+0x190/0x190 [ 354.457108][T28121] do_splice_direct+0x106/0x190 [ 354.461958][T28121] do_sendfile+0x63e/0xbb0 [ 354.466371][T28121] __x64_sys_sendfile64+0x102/0x140 [ 354.471566][T28121] do_syscall_64+0x44/0xa0 [ 354.476191][T28121] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 354.482090][T28121] RIP: 0033:0x7fca7d004739 [ 354.486486][T28121] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 354.506173][T28121] RSP: 002b:00007fca7ad7c188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 354.514568][T28121] RAX: ffffffffffffffda RBX: 00007fca7d108f80 RCX: 00007fca7d004739 [ 354.522531][T28121] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000003 [ 354.530510][T28121] RBP: 00007fca7ad7c1d0 R08: 0000000000000000 R09: 0000000000000000 11:13:44 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x0, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000240)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x14d842, 0x0) sendfile(r1, 0xffffffffffffffff, 0x0, 0x80000001) r2 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r2, &(0x7f0000000300)=ANY=[], 0x116) sendfile(r2, r2, &(0x7f0000000240), 0x7fff) r3 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) sendfile(r3, r3, &(0x7f0000000240), 0x7fff) [ 354.538540][T28121] R10: 0000000401ffc000 R11: 0000000000000246 R12: 0000000000000002 [ 354.546731][T28121] R13: 00007ffff87c0eff R14: 00007fca7ad7c300 R15: 0000000000022000 [ 354.624883][T28131] loop0: detected capacity change from 0 to 61 11:13:46 executing program 3: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f00000000c0)='./file1\x00', 0x7aca, 0x0, 0x0, 0x0, &(0x7f0000000080)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') r0 = open(&(0x7f00000000c0)='./file0\x00', 0x40c2, 0x0) write(r0, &(0x7f0000001400)="bb", 0x1001) r1 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r1, &(0x7f0000000300)=ANY=[], 0x116) sendfile(r1, r1, &(0x7f0000000240), 0x7fff) creat(&(0x7f0000000100)='./file1\x00', 0x1a2) sendfile(r1, r0, &(0x7f0000000080), 0x684aa014) write$binfmt_script(r0, 0x0, 0x60) ioctl$FS_IOC_GETFSMAP(0xffffffffffffffff, 0xc0c0583b, &(0x7f0000000300)=ANY=[@ANYBLOB="000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000300000001000000ff00000000000000d71f1e0500000000080000000000000039000000000000000000000000000000000000000000000000000000000000009e0f0000c70000000800000000000000000000000000000000000000000000000200"/320]) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() wait4(0x0, 0x0, 0x4000000a, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000002c0)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r2, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0, 0x34}, {&(0x7f0000000000)=""/3, 0x3}], 0x3, 0x0, 0x0, 0x0) tkill(r2, 0x3c) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x48, &(0x7f0000000300)="f43970da7cfeb6d42fd55103666c5762306aa6000000006e59b65f92b10000c571b846e84785185abde7d01894a79025a799ce07a8bdf0c91d32be313b558a8b5a3ae6a22cd7123b"}}], 0x1c) 11:13:46 executing program 5: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f00000000c0)='./file1\x00', 0x7aca, 0x1, &(0x7f00000002c0)=[{&(0x7f0000000180)}], 0x0, &(0x7f0000000080)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') r0 = open(&(0x7f00000000c0)='./file0\x00', 0x40c2, 0x0) write(r0, &(0x7f0000001400)="bb", 0x1001) r1 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r1, &(0x7f0000000300)=ANY=[], 0x116) sendfile(r1, r1, &(0x7f0000000240), 0x7fff) creat(&(0x7f0000000100)='./file1\x00', 0x1a2) sendfile(r1, r0, &(0x7f0000000080), 0x684aa014) write$binfmt_script(r0, 0x0, 0x60) ioctl$FS_IOC_GETFSMAP(0xffffffffffffffff, 0xc0c0583b, &(0x7f0000000300)=ANY=[@ANYBLOB="000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000300000001000000ff00000000000000d71f1e0500000000080000000000000039000000000000000000000000000000000000000000000000000000000000009e0f0000c70000000800000000000000000000000000000000000000000000000200"/320]) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) gettid() wait4(0x0, 0x0, 0x4000000a, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000002c0)="0f34", 0x2}], 0x1, 0x0) 11:13:46 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getpid() sched_setattr(0x0, &(0x7f0000000240)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') write$binfmt_script(0xffffffffffffffff, 0x0, 0x8800000) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0) ioctl$SG_IO(r0, 0x2285, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8914, 0x0) r1 = open(&(0x7f00000001c0)='./file0\x00', 0x4e141, 0x0) r2 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x401ffc000) 11:13:46 executing program 2 (fault-call:5 fault-nth:52): getpid() syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = open(&(0x7f00000001c0)='./file0\x00', 0x4e141, 0x0) r1 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x401ffc000) 11:13:46 executing program 0: r0 = syz_mount_image$msdos(&(0x7f0000000040), &(0x7f00000000c0)='./file0\x00', 0x7aca, 0x3, &(0x7f00000002c0)=[{&(0x7f0000000180)="040005090000000066617400040409000200027400f801", 0x17}, {&(0x7f0000000100)="693ea4c184de3995fd7abb6d431e7b5708a8a945b6c736f1a0df87c7158a403ee50a36b34fd45f290a6722c21708b4b84595f110fe10d691335fd2924deb7b19", 0x40, 0x5692}, {&(0x7f00000001c0)="d0562fa2954d2e869072b0a752b03a9db985c60b23d64e0db1cfc2561ac5f4e8c030a49c395bdd5921ef78ac3ee99e7a10142e7034a69fa70e475708a32a602fa7d7d34a801743d9435c", 0x4a, 0x3}], 0x0, &(0x7f0000000100)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') r1 = open(&(0x7f00000000c0)='./file0\x00', 0x40c2, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) write$binfmt_script(r2, &(0x7f0000000340)={'#! ', './file2', [{0x20, '/dev/vcsu\x00'}, {0x20, '\\j}/*/|,\x13('}, {0x20, '{--'}, {0x20, '^:*-{%'}, {0x20, '*\''}, {0x20, '\\j}/*/|,\x13('}], 0xa, "db861fcbf08db8f35c994118695d12d365bf94eb743307ab5a3ae20a57c45e945f6bc6dfb39a77033a050cb6b040b20180b0a57df6c88b2b961108d2830d059c3efa549c4ea7e87995485676fd4be44a8f6cb13bdcce80dbe4294aea4a24390f59814e79a8a0d7302915e2d0640cde441b2d29ef08e317a74b1478f7b9176b709a660e62be45c50993b6f2acb978d019c96ab730fdc72cb4712ecc4a0b941d8bae53277db295270b62302a2dc44c7afb9504b2ee0ecf9bd0851e1a264a9e8e708ba89b378ad9faa2899970ff42f2869d048b81e8ef"}, 0x10f) write(r1, &(0x7f0000001400)="bb8f9f640903127a53527c6fbfe65d43b0e0586f2d40c7e7df58cac83420e83662d6e39bb6d5430622431454eedeeaee423d8f210bc3525fa7927c18d5fbc91ab13c2041136047d8da9375934d00f325499bfe77", 0x54) faccessat2(r0, &(0x7f0000000080)='./file1\x00', 0x10, 0x200) write$P9_RSTAT(r1, &(0x7f0000000480)=ANY=[@ANYBLOB="540000007d000000004d0000000000000000000000000000000000000000000000000000c8f1245750285a76a2ddce5d570000000000000000000000000000000006006d73646465762f76637375000a005c6a7d2f2a2f7c2c0028000000000000"], 0x54) 11:13:46 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x0, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000240)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x14d842, 0x0) sendfile(r1, 0xffffffffffffffff, 0x0, 0x80000001) r2 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r2, &(0x7f0000000300)=ANY=[], 0x116) sendfile(r2, r2, &(0x7f0000000240), 0x7fff) r3 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) sendfile(r3, r3, &(0x7f0000000240), 0x7fff) [ 356.396447][T28157] loop0: detected capacity change from 0 to 86 [ 356.405395][T28164] loop4: detected capacity change from 0 to 262160 [ 356.415037][T28159] FAULT_INJECTION: forcing a failure. [ 356.415037][T28159] name failslab, interval 1, probability 0, space 0, times 0 [ 356.427684][T28159] CPU: 1 PID: 28159 Comm: syz-executor.2 Not tainted 5.15.0-rc1-syzkaller #0 [ 356.436443][T28159] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 356.446529][T28159] Call Trace: [ 356.449809][T28159] dump_stack_lvl+0xd6/0x122 [ 356.454415][T28159] dump_stack+0x11/0x1b [ 356.458578][T28159] should_fail+0x23c/0x250 [ 356.463049][T28159] ? kmalloc_array+0x2d/0x40 [ 356.467731][T28159] __should_failslab+0x81/0x90 [ 356.472490][T28159] should_failslab+0x5/0x20 [ 356.477111][T28159] __kmalloc+0x6f/0x350 [ 356.481274][T28159] kmalloc_array+0x2d/0x40 [ 356.485709][T28159] iter_file_splice_write+0xd5/0x790 [ 356.491003][T28159] ? atime_needs_update+0x2ba/0x390 11:13:46 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, 0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') write$binfmt_script(0xffffffffffffffff, 0x0, 0x8800000) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0) ioctl$SG_IO(r1, 0x2285, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8914, 0x0) r2 = open(&(0x7f00000001c0)='./file0\x00', 0x4e141, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r2, r3, 0x0, 0x401ffc000) [ 356.496212][T28159] ? touch_atime+0xe0/0x250 [ 356.500715][T28159] ? generic_file_splice_read+0x2ac/0x340 [ 356.502378][T28157] FAT-fs (loop0): Unrecognized mount option "i>¤Á„Þ9•ýz»mC{W¨©E¶Ç6ñ ß‡ÇŠ@>å [ 356.502378][T28157] 6³OÔ_) [ 356.502378][T28157] g"´¸E•ñþÖ‘3_Ò’Më{" or missing value [ 356.506496][T28159] ? splice_from_pipe+0xd0/0xd0 [ 356.528963][T28159] direct_splice_actor+0x80/0xa0 [ 356.534080][T28159] splice_direct_to_actor+0x345/0x650 [ 356.539585][T28159] ? do_splice_direct+0x190/0x190 [ 356.544700][T28159] do_splice_direct+0x106/0x190 [ 356.549571][T28159] do_sendfile+0x63e/0xbb0 [ 356.554011][T28159] __x64_sys_sendfile64+0x102/0x140 [ 356.559220][T28159] do_syscall_64+0x44/0xa0 [ 356.563759][T28159] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 356.569672][T28159] RIP: 0033:0x7fca7d004739 [ 356.574088][T28159] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 11:13:46 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x0, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000240)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x14d842, 0x0) sendfile(r1, 0xffffffffffffffff, 0x0, 0x80000001) r2 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r2, &(0x7f0000000300)=ANY=[], 0x116) sendfile(r2, r2, &(0x7f0000000240), 0x7fff) r3 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) sendfile(r3, r3, &(0x7f0000000240), 0x7fff) 11:13:46 executing program 2 (fault-call:5 fault-nth:53): getpid() syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = open(&(0x7f00000001c0)='./file0\x00', 0x4e141, 0x0) r1 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x401ffc000) [ 356.593695][T28159] RSP: 002b:00007fca7ad7c188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 356.602207][T28159] RAX: ffffffffffffffda RBX: 00007fca7d108f80 RCX: 00007fca7d004739 [ 356.610294][T28159] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000003 [ 356.618265][T28159] RBP: 00007fca7ad7c1d0 R08: 0000000000000000 R09: 0000000000000000 [ 356.626323][T28159] R10: 0000000401ffc000 R11: 0000000000000246 R12: 0000000000000002 [ 356.634389][T28159] R13: 00007ffff87c0eff R14: 00007fca7ad7c300 R15: 0000000000022000 [ 356.675411][T28157] loop0: detected capacity change from 0 to 86 [ 356.688198][T28157] FAT-fs (loop0): Unrecognized mount option "i>¤Á„Þ9•ýz»mC{W¨©E¶Ç6ñ ß‡ÇŠ@>å [ 356.688198][T28157] 6³OÔ_) [ 356.688198][T28157] g"´¸E•ñþÖ‘3_Ò’Më{" or missing value 11:13:46 executing program 0: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f00000000c0)='./file1\x00', 0x7aca, 0x1, &(0x7f00000002c0)=[{&(0x7f0000000180)="040005090000000066617400040409000200027400f801", 0x17}], 0x0, &(0x7f0000000100)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') r0 = open(&(0x7f00000000c0)='./file0\x00', 0x40c2, 0x0) write(r0, &(0x7f0000001400)="bb8f9f640903127a53527c6fbfe65d43b0e0586f2d40c7e7df58cac83420e83662d6e39bb6d5430622431454eede15ae423d8f210b03525fa7927c18d5fbc91ab13c2041136047d8da9375934d00f325499bfe77", 0x54) write$P9_RSTAT(r0, &(0x7f0000000240)={0x54, 0x7d, 0x0, {0x0, 0x4d, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0, 0x0, '', 0x6, 'msdos\x00', 0xa, '/dev/vcsu\x00', 0xa, '\\j}/*/|,\x13('}}, 0x54) [ 356.727317][T28195] loop4: detected capacity change from 0 to 262160 [ 356.753747][T28194] FAULT_INJECTION: forcing a failure. [ 356.753747][T28194] name failslab, interval 1, probability 0, space 0, times 0 [ 356.766459][T28194] CPU: 0 PID: 28194 Comm: syz-executor.2 Not tainted 5.15.0-rc1-syzkaller #0 [ 356.775550][T28194] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 356.775862][T28202] loop0: detected capacity change from 0 to 61 [ 356.785607][T28194] Call Trace: [ 356.785664][T28194] dump_stack_lvl+0xd6/0x122 [ 356.785691][T28194] dump_stack+0x11/0x1b [ 356.803924][T28194] should_fail+0x23c/0x250 [ 356.808379][T28194] __should_failslab+0x81/0x90 [ 356.813165][T28194] ? __iomap_dio_rw+0x139/0x1010 [ 356.818201][T28194] should_failslab+0x5/0x20 [ 356.822711][T28194] kmem_cache_alloc_trace+0x52/0x320 [ 356.827995][T28194] ? __getblk_gfp+0x3f/0x590 [ 356.832605][T28194] __iomap_dio_rw+0x139/0x1010 [ 356.837432][T28194] ? __brelse+0x2c/0x50 [ 356.841582][T28194] ? ext4_mark_iloc_dirty+0x161a/0x1700 [ 356.847122][T28194] iomap_dio_rw+0x30/0x70 [ 356.851445][T28194] ? ext4_file_write_iter+0x4a1/0x11f0 [ 356.856906][T28194] ext4_file_write_iter+0xabe/0x11f0 [ 356.862179][T28194] ? ext4_file_write_iter+0x4a1/0x11f0 [ 356.867753][T28194] do_iter_readv_writev+0x2de/0x380 [ 356.873056][T28194] do_iter_write+0x192/0x5c0 [ 356.877662][T28194] ? splice_from_pipe_next+0x34f/0x3b0 [ 356.883133][T28194] ? kmalloc_array+0x2d/0x40 [ 356.887718][T28194] vfs_iter_write+0x4c/0x70 [ 356.892232][T28194] iter_file_splice_write+0x43a/0x790 [ 356.897610][T28194] ? splice_from_pipe+0xd0/0xd0 [ 356.902450][T28194] direct_splice_actor+0x80/0xa0 [ 356.907374][T28194] splice_direct_to_actor+0x345/0x650 [ 356.912734][T28194] ? do_splice_direct+0x190/0x190 [ 356.917786][T28194] do_splice_direct+0x106/0x190 [ 356.922636][T28194] do_sendfile+0x63e/0xbb0 [ 356.927047][T28194] __x64_sys_sendfile64+0x102/0x140 [ 356.932262][T28194] do_syscall_64+0x44/0xa0 [ 356.936674][T28194] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 356.942577][T28194] RIP: 0033:0x7fca7d004739 [ 356.946978][T28194] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 356.966750][T28194] RSP: 002b:00007fca7ad7c188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 11:13:47 executing program 2 (fault-call:5 fault-nth:54): getpid() syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = open(&(0x7f00000001c0)='./file0\x00', 0x4e141, 0x0) r1 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x401ffc000) [ 356.975165][T28194] RAX: ffffffffffffffda RBX: 00007fca7d108f80 RCX: 00007fca7d004739 [ 356.983222][T28194] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000003 [ 356.991188][T28194] RBP: 00007fca7ad7c1d0 R08: 0000000000000000 R09: 0000000000000000 [ 356.999148][T28194] R10: 0000000401ffc000 R11: 0000000000000246 R12: 0000000000000002 [ 357.007108][T28194] R13: 00007ffff87c0eff R14: 00007fca7ad7c300 R15: 0000000000022000 11:13:47 executing program 0: r0 = syz_mount_image$msdos(&(0x7f0000000040), &(0x7f00000000c0)='./file1\x00', 0x7aca, 0x1, &(0x7f00000002c0)=[{&(0x7f0000000180)="040005090000000066617400040409000200027400f801", 0x17}], 0x0, &(0x7f0000000100)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') r1 = open(&(0x7f00000000c0)='./file0\x00', 0x40c2, 0x0) write(r1, &(0x7f0000001400)="bb8f9f640903127a53527c6fbfe65d43b0e0586f2d40c7e7df58cac83420e83662d6e39bb6d5430622431454eedeeaee423d8f210bc3525fa7927c18d5fbc91ab13c2041136047d8da9375934d00f325499bfe77", 0x54) write$P9_RSTAT(r1, &(0x7f0000000240)={0x54, 0x7d, 0x0, {0x0, 0x4d, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0, 0x0, '', 0x6, 'msdos\x00', 0xa, '/dev/vcsu\x00', 0xa, '\\j}/*/|,\x13('}}, 0x54) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r2, 0x0) preadv(r2, &(0x7f0000000280), 0x18, 0xd9f, 0x0) splice(r0, &(0x7f0000000080)=0x4d7, r2, &(0x7f0000000100)=0x4, 0x6d3, 0x5) [ 357.079046][T28209] FAULT_INJECTION: forcing a failure. [ 357.079046][T28209] name failslab, interval 1, probability 0, space 0, times 0 [ 357.091712][T28209] CPU: 0 PID: 28209 Comm: syz-executor.2 Not tainted 5.15.0-rc1-syzkaller #0 [ 357.100484][T28209] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 357.110553][T28209] Call Trace: [ 357.113839][T28209] dump_stack_lvl+0xd6/0x122 [ 357.118442][T28209] dump_stack+0x11/0x1b [ 357.122667][T28209] should_fail+0x23c/0x250 [ 357.127095][T28209] ? kcalloc+0x32/0x50 [ 357.131211][T28209] __should_failslab+0x81/0x90 [ 357.136098][T28209] should_failslab+0x5/0x20 [ 357.140620][T28209] __kmalloc+0x6f/0x350 [ 357.144788][T28209] kcalloc+0x32/0x50 [ 357.148873][T28209] ext4_find_extent+0x21c/0x7f0 [ 357.153744][T28209] ext4_ext_map_blocks+0x115/0x1ff0 [ 357.158967][T28209] ? ext4_es_lookup_extent+0x36b/0x490 [ 357.164439][T28209] ext4_map_blocks+0x71e/0xf00 [ 357.169283][T28209] ext4_iomap_begin+0x4b0/0x630 [ 357.174145][T28209] ? ext4_alloc_da_blocks+0xd0/0xd0 [ 357.179364][T28209] iomap_iter+0x39c/0x470 [ 357.183714][T28209] __iomap_dio_rw+0x698/0x1010 [ 357.188870][T28209] iomap_dio_rw+0x30/0x70 [ 357.193224][T28209] ? ext4_file_write_iter+0x4a1/0x11f0 [ 357.198819][T28209] ext4_file_write_iter+0xabe/0x11f0 [ 357.204121][T28209] ? ext4_file_write_iter+0x4a1/0x11f0 [ 357.209630][T28209] do_iter_readv_writev+0x2de/0x380 [ 357.214847][T28209] do_iter_write+0x192/0x5c0 [ 357.219428][T28209] ? splice_from_pipe_next+0x34f/0x3b0 [ 357.225101][T28209] ? kmalloc_array+0x2d/0x40 [ 357.229703][T28209] vfs_iter_write+0x4c/0x70 [ 357.234235][T28209] iter_file_splice_write+0x43a/0x790 [ 357.239619][T28209] ? splice_from_pipe+0xd0/0xd0 [ 357.244646][T28209] direct_splice_actor+0x80/0xa0 [ 357.249723][T28209] splice_direct_to_actor+0x345/0x650 [ 357.255463][T28209] ? do_splice_direct+0x190/0x190 [ 357.260524][T28209] do_splice_direct+0x106/0x190 [ 357.265494][T28209] do_sendfile+0x63e/0xbb0 [ 357.269900][T28209] __x64_sys_sendfile64+0x102/0x140 [ 357.275158][T28209] do_syscall_64+0x44/0xa0 [ 357.279569][T28209] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 357.285506][T28209] RIP: 0033:0x7fca7d004739 [ 357.289925][T28209] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 357.309540][T28209] RSP: 002b:00007fca7ad7c188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 357.317956][T28209] RAX: ffffffffffffffda RBX: 00007fca7d108f80 RCX: 00007fca7d004739 [ 357.325940][T28209] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000003 [ 357.333980][T28209] RBP: 00007fca7ad7c1d0 R08: 0000000000000000 R09: 0000000000000000 [ 357.341997][T28209] R10: 0000000401ffc000 R11: 0000000000000246 R12: 0000000000000002 [ 357.350218][T28209] R13: 00007ffff87c0eff R14: 00007fca7ad7c300 R15: 0000000000022000 [ 357.428646][T28221] loop0: detected capacity change from 0 to 61 [ 357.441723][T28221] attempt to access beyond end of device [ 357.441723][T28221] loop0: rw=2049, want=64, limit=61 11:13:49 executing program 3: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f00000000c0)='./file1\x00', 0x7aca, 0x0, 0x0, 0x0, &(0x7f0000000080)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') r0 = open(&(0x7f00000000c0)='./file0\x00', 0x40c2, 0x0) write(r0, &(0x7f0000001400)="bb", 0x1001) r1 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r1, &(0x7f0000000300)=ANY=[], 0x116) sendfile(r1, r1, &(0x7f0000000240), 0x7fff) creat(&(0x7f0000000100)='./file1\x00', 0x1a2) sendfile(r1, r0, &(0x7f0000000080), 0x684aa014) write$binfmt_script(r0, 0x0, 0x60) ioctl$FS_IOC_GETFSMAP(0xffffffffffffffff, 0xc0c0583b, &(0x7f0000000300)=ANY=[@ANYBLOB="000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000300000001000000ff00000000000000d71f1e0500000000080000000000000039000000000000000000000000000000000000000000000000000000000000009e0f0000c70000000800000000000000000000000000000000000000000000000200"/320]) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() wait4(0x0, 0x0, 0x4000000a, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000002c0)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r2, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0, 0x34}, {&(0x7f0000000000)=""/3, 0x3}], 0x3, 0x0, 0x0, 0x0) tkill(r2, 0x3c) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x48, &(0x7f0000000300)="f43970da7cfeb6d42fd55103666c5762306aa6000000006e59b65f92b10000c571b846e84785185abde7d01894a79025a799ce07a8bdf0c91d32be313b558a8b5a3ae6a22cd7123b"}}], 0x1c) 11:13:49 executing program 5: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f00000000c0)='./file1\x00', 0x7aca, 0x1, &(0x7f00000002c0)=[{&(0x7f0000000180)}], 0x0, &(0x7f0000000080)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') r0 = open(&(0x7f00000000c0)='./file0\x00', 0x40c2, 0x0) write(r0, &(0x7f0000001400)="bb", 0x1001) r1 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r1, &(0x7f0000000300)=ANY=[], 0x116) sendfile(r1, r1, &(0x7f0000000240), 0x7fff) creat(&(0x7f0000000100)='./file1\x00', 0x1a2) sendfile(r1, r0, &(0x7f0000000080), 0x684aa014) write$binfmt_script(r0, 0x0, 0x60) ioctl$FS_IOC_GETFSMAP(0xffffffffffffffff, 0xc0c0583b, &(0x7f0000000300)=ANY=[@ANYBLOB="000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000300000001000000ff00000000000000d71f1e0500000000080000000000000039000000000000000000000000000000000000000000000000000000000000009e0f0000c70000000800000000000000000000000000000000000000000000000200"/320]) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) gettid() wait4(0x0, 0x0, 0x4000000a, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000002c0)="0f34", 0x2}], 0x1, 0x0) 11:13:49 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, 0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') write$binfmt_script(0xffffffffffffffff, 0x0, 0x8800000) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0) ioctl$SG_IO(r1, 0x2285, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8914, 0x0) r2 = open(&(0x7f00000001c0)='./file0\x00', 0x4e141, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r2, r3, 0x0, 0x401ffc000) 11:13:49 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000240)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x14d842, 0x0) sendfile(r1, 0xffffffffffffffff, 0x0, 0x80000001) r2 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r2, &(0x7f0000000300)=ANY=[], 0x116) sendfile(r2, r2, &(0x7f0000000240), 0x7fff) r3 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) sendfile(r3, r3, &(0x7f0000000240), 0x7fff) 11:13:49 executing program 2 (fault-call:5 fault-nth:55): getpid() syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = open(&(0x7f00000001c0)='./file0\x00', 0x4e141, 0x0) r1 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x401ffc000) 11:13:49 executing program 0: r0 = syz_mount_image$msdos(&(0x7f0000000040), &(0x7f00000000c0)='./file1\x00', 0x7aca, 0x1, &(0x7f00000002c0)=[{&(0x7f0000000180)="040005090000000066617400040409000200027400f801", 0x17}], 0x0, &(0x7f0000000100)=ANY=[]) open(&(0x7f0000000100)='./file1\x00', 0xc000, 0x40) chdir(&(0x7f0000000000)='./file1\x00') r1 = open(&(0x7f00000000c0)='./file0\x00', 0x40c2, 0x0) pipe2$9p(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}, 0x800) dup3(0xffffffffffffffff, r2, 0x0) writev(r3, &(0x7f0000000240)=[{&(0x7f0000000300)="8b04e2c853d08ccbf2f5ace463a779a13114ed798be60125f33cb87b4ad7cd2001cd60da10d6e8a4e76bc41c8c6bcff6fe27a26d58bb15b5df6be20c60f0f75bd9f74bcf957d663863882c41c7533398f460d4948aa0ea89bb029f567238e0db738ab46e14e9e3453021cf85dc817c3e565a5d7ce78b8fd9e801423c1c5ea4bcf3ae23ca75a58943b97aff034f09a5590fd728248be698a5b3a8757cf4b72ee5e53e5559994f169523335aa682b8cf9ad96bf0d88ab0356779662d04a9bd65c7f86b34b8737e3a7e9ab77ae46c71f81f01ea3a18ff20a89af473d9dbbe28cd1fd5785e057b523f1dea1704fd981d9acf4132e66252c51b600e891744853272d8e1f7de8d2ae1cc1e7b8b02c72a323c011e3b5e7afb956687ebbc313358a1cfce691d846f8f9fe7e6803c5d577d70d9456c2729f66b04dff6b171df3506c368404c7b89979384e75439e761dae3346fa7ef31c3dc3a2568f5655327718f37a9cee7fef4e062eb3a9e4f1e85b47ebabc2c08a97488c666aa4ca62850dc79158ee86ce1742f64f56bd78593b2ace8517909b3937e77f5cc40d371cec84d311ec427487b70f8d71145623d931bebdbf4377740fa05c2fbfff0f2912bcaa49e3071837abe8d7178111f4f02281c9e69fd1c5c58e036da4595fd16c97bba85d4189ca79d1320fd13e662415cc28a3d68656aef42bdefb032d5748afc2c556ba552c3980d237bc24d1b28c16b89315ad3f108566b6657059b759e0e5cb77c4e0850e673c7a51722adbd812a189dfc6bd96c6df2af08ae6782ec554acd1ace786fa4827844ead0048043480f9347fd10be852c1249b9ace82a42fec16a6183cef03894fbacd1f916acc7f15bea12388b1809d9dbe2d5777fc663112eda079acf8b4bdbbdf96984855faf0a91b76b44dc48480b8d0f0f4fccea7aab4b43689f129cdfac5300fe6314f55b05a35b9d1090a065b7b8881c10fa99c29a0064dcea8e24bbcfaa02f56819acdf44201461b1a7251a6fc8ddd73b75fd07eb0750446438fc0dba100a7baaab80cfd9b691c97f098f7a71ab7fc638ace4ab8c15e9d13f7ff4974b502e971789ff496b98bd56d3d72374ed9d04fefb05728383a228988ddb1739b801c2a01fcb84d5f438c5d79ce8bf016fe85e01bd16425658759df179bb93a68c426b0d0d29b9c10a3f62d11867950973c4ab2b4d23ca9ba45799ab8c8343305d0d092847d7c9f761794c6c28ae002d39b2360b4cf5ac134edc171c46902de8d742f86744071eae49916b385f1840659147e5225fef893ea5bb0297a04ba0b089580999a7e251d2cfe432a44383460c879b85c3db9d395d516bf7820fa0c74a349eb67cfd72e6d360ea1fe9916849e0e7d754767d2f80562beb49643d2abdb303dca952079f6b68df719a03f14c8976176da389f2a078c0a24a855916b02753a2ba27efbe10be290dc9a905bd1a732c0f8b4a335a1388ef3cfdc488fa710795f8675b926f731791d385ca4437f6d9349510e1f97a646182ecbdb4805c71005ca80dfb7fffd0fda597b437282fe220fd96cf005abe3ffe2e4c066cb83cbeb959a281e726ed9b3ff35d10e0ca055f754c87c974612ee24c6805bd31c8ba31fee7a101574e2df9b32d3d677a14871ffc9adb874aa6cfc6f373f916ac39b0cfbcc2ddd532b527df33d14d390300a85fd0ccc2d212b581d1254f933946b67234bbdb07336d7fda88652ab83c7d2f0e28a9a02516742efbc4d6f7023bf2b9b81cb4249ee141d8fbdcdf8ae8e2568e418573c94112ebf81ff21a16b422da3a158e2c36c9186c069de7fb7e64fde895eab716de0b2ad637e958d2582a72a69393e1d543d71181b34d07f2cd10505e752f208c775dd53f96076c7a029924ca2e7d330493459f8c8ca5fb333b387d873389ebeb720828d3342be47c89bb818676a823796b4ec46717e4bd896ac70a5d3f906032a6f6a77fe22b5f1fc29585a96da61d982d4d4a69932cb3b841a1ca94cdb17a336dcfff031564704f0ba3da58f3cf1bc689dd469558cf8988feb35ce8c5a046d93086880080d9f27bd828e7e48f83ec902ddaccfb598d4bc887c9e0a66e647261f58e3e3eb975879bb307d058c3bf3b1080e31d7eb83519721f896d7451d1f981456c8304a0c8841b8446ea7af7d9e236fc214aac92db70c5e9fbe6c61dbe5c9ab3d24fdc47a4d6454de95c80f836b2014a7dc2a6d4aacf2b3343495b37fcddc2bd1b2c87fee3cd5d1db959b59ba0edd38f530628473672d559743427bb7b07a91b01e8287e2c1ebcd685bdd79ee4b13f8e2c2f179244e90d8a53648644901b5088f698f8c12a6cadc5678b9258b197f52a0e5239ee5643f1f2475fc9e0637f512d3e2f43e4f88d35a4ff554bf13eb1d7dc7aca7f02e56215e7c0db0388d6ef195d58dda15398ceb7d5051f1424835a9f7bb16dafee1c18e5d8e909b1eaeff83818f74e2d293bdab3cd44faa961a0625903f6e68d6cb228b5d81a81e4dfe3bcd5eb082ec34d7f298d6b3635a724208ebb5f1b9f392b80fc5669be4aea2357a9aef8cf34002e6401c05823419d38517938a2e73fceb6cf0901fe89678b8e20df532661f1f0a19880c72e6e35021454b001609e5c0583dbc25845ff10e7f72113b615a23eff473a5089897b4e6e3d4aa73d73346defc666289c20d36e53c155fa904ab8036701ea174237fcfaf71926665e279a784c45c91c3abe15c501c2783e0f52004ee8405bd1458a16118e4614681296cdcabbe9df2cc86d218688d4dd2a24df044efeaae662ebd0684751abac505a6721bff4851121387fdf625fa485b60196223150db4d3cda7a5e937658078726866260e25adcf41b5498d9c85adcd3d02903f9fbf1dc023458b37375b4fba945b2329d8693d6072741c71ffa486bf9bf42e71c20121dfbd57e50a2d96e0fe7d788c5ca8d8d792c888938c9af01abb36fc6e126f8443e6abd08cee12b4bc931603644dfaa25bb0aa0509be287d40dd5f66ee4a2fccd07f7469f307a07c1d95710d85f4ed1dab7ff398470426b2c9ae55b0fc310b4949cab75867c5467897357450d0d5ed712d1164a85805832f3f7e823795421772f132639f318cb60a1b04cce625928961fb3312bb9be3ecd094dbd83147ff649e8079b024e2bf8246c861db8500f1ce14393f4ec3f35ee8be2c7fcd8510019811ef2bee69f0b72bb113c7ae110e85c20a71e3f2f22da2773dad758b565b5a644dbe812981aa9e3cb060bb3af4bf382fce153f2e9f433b6fb4ca314079d8fd3f01e618edd2d61dc447da20a7571b0970b3d2a03d4bf87028cc86747ffced7f3f3c9672cfacc84e22b506305b665ac6e92aa6cf343d88ab3c10e079f1d6864082d294e4976d7854307a863c935120e1dce7dca5d6005e91b9d5e6a8850df0c607c36dc78585cc50d7bbda6d287424e92c7849d9ea9feed08e28768c67ea6fffd006f939845b9bb836c86a4f848c1d659a452f16b6c390400c381b5666171a1596fd06f3cbba7072d7b18b18b31b7816ebcaf10a4bcd6bd7eba7a6616687153771dcc5ad62ce83a2c08b149252473c94c5f4a3a2d7dfc640c3533504bcde15fd09c7c7863c94534686e8842eaef8330718f2408b180baa131b8a9313092b499f22ce3433fc2513b8561a79cfe7b285d84590240990dbc8fc081c933a4a198a200725979057d3252fe5a94508dce622fba4ed0bd838193a64c3c0723332eb95fa7606eada04cf64b0067bcb84d524f05eb9b0431768a3ef6808b72a2220b1c2f2e30ec79a0dcb0a7c38aac46411115a99aeef66264029026750f26711599696947d605ef5ba678df1853acb9c9fdc286a923bc7a33e8e09b42587a5c9a672c64d226ac49380b9cb30bc19dd9c53fc1c0733427cfa9c02ce9735a16fd0c9af4c83603595b852a382a24072dd1ac2375cf2b89eee2a45cad416c20ff996c9f7894417c7270732195c8c5aee57f1fae270af5f050ada31d88840172bb45c6fe6f79795996c00a00abb2c59e3ec6ea80a2d07b36c0d7307ff840c76828a474507b42dea24cc12739182f4bd2bd4414b489f4c2a79098a827585ac6d831ec06f38408739536e2559e2b77715348bad37e223b5c89b46196957fac474c0bd0bfebe223f60afd920ea3eb1b3afd2e7d1894bbb33a6b5bef4d5f64b2348cf1f44510e9089d6355225d30867251c5722c277b45d7fbf142f93233312ca0275b4cd63161cbb4d37105f10a6d24a3ebbb4391ad754a3250f10aaa3df4b8516a2b2529a54b223ca910a02706853a643101e8854fe9868fbaa0f7058317410dac70f44f532272d09a1d86275d1730adf3c5f8e22e75d139936ddeddad25958c47634ce1904f807ac55f8c694a25b500192347777e80de35296a3a7ce1be296d4004542e5bd419ee4790960319b9254879b14ec8e71ac8a228dc793e239e25647e230911f6135a913f20f461ee5bc0c84e1b1cdc8a23f598989de762103f5d2f1b84784d871814673fccf323e8d0050eefe80a4ce848667df94a97a0cb33ac9c0331d21eb037bc2593e5606d80b1630dc8dc7fc2a73fa3576e20d9a4f0d7d2af59e9a65ae1dbed386a9fe345287f31945ddfa99e26374c66b804e88f3001edaf168dde4faedca47a1fc991e75ae5b842fdb06d373e4fe610320c74a2b82dfb498ba21681eeb8305c95a9fc9d7e633094ba663af112d9cc958c15506f08f95a88284f5f5f0e9348f8e6dda6e97a6031562920298ba350c2b4a195094d9533990f161730e16b46b6e18e85ef65b50ce3319a11b178a32bffa3dc2a35f2b05a254548131eee417c5b441499509ad3ec63d34afe42b73800094ae1ecc311ea725d328494e11a4b039c4f2f58a8e80dc205fb6ee16ff8f057944b2817fd731c29986d37935d5ac82b2608caba71d0b9fa7e7f5a484687a7a5fa64b62b8d88c5da773c3eb5e37247b0b3398d507677cf674925f714bc257d1c3876eccb3678c4d5c67da02e9f94804a2e56644b138b7b4b3bebde93a6730a62160fd50e16f14b0d1a4434f2f67e2047ed49655569a5282b7fc0bcb7ca92c7c6b4229f8edc2fceaa0457f0063c6b53dd8d9f0792075bdc2c9d45446be10dd558c698eaf088e4de32b19b824f49cfd7c58d6bc441bd0fd3d098cb11fe9c7fcbf2d57181858a737df6198fa28f61049b16fb9ac06352930ae107180a40f54c6412b6efb2f376fdc06978aa3696e0d307b87acfaa6e560e379f727756cb0b5f9b2939c6b96ad48aa637304500c20fcacd0945dbdbbe1b162c4171121e855c457490cd4ee543f8956ede5ffda263593d9b02373984aa8d7ce386a2c6575b926d953c484bd675b386b62c9764aa6f62443e92847743e0ef1e49c9e4b665aa7a87dce6c727a1fbebdebf27e83f1db0b257aac688aaf4367c97a2ae1ae221b3b59ebdc39e5b6a3ffa5a7cfadbd8aa6312ab6eb4fe1ec282d305aeff3e623799a463a39f4446a4f021375dcadcb3d322bb8fe979d3e5617bd7e2ca9675af4cf086871ebdd5c07839e4763dce19236d28808b38fc4e6a1b7e2308d6ad8bd4f6dc8073dd67ac88b011d25a8d646a30686aa004dfac0b9ccd59ddf05ef1bfa1cb60228323c96d1c65b3bcec41d0af898e86ad77a5510ac84ba8cf8a968969ca57b13ab3f5ccad220511b1cc705286ba253d749dc2cfd5e2e836decc81d2b1a9fbe41b923da54c182648bc77ef41b8275a3876dd71328b77a47f5dc149bc2705451967529bd2ddac8f40530b47e2371b49c30542b303ef91e112cca5d93da6428763385afca42b3e", 0x1000}], 0x1) write(r1, &(0x7f0000001400)="bb8f9f640903127a53527c6fbfe65d43b0e0586f2d40c7e7df58cac83420e83662d6e39bb6d5430622431454eedeeaee423d8f210bc3525fa7927c18d5fbc91ab13c2041136047d8da9375934d00f325499bfe77", 0x54) open(&(0x7f0000000200)='./file1\x00', 0x200, 0x87783a23f0ee8165) ioctl$F2FS_IOC_DEFRAGMENT(r0, 0xc010f508, &(0x7f0000000080)={0x3, 0x10001}) creat(&(0x7f0000000280)='./file0\x00', 0x8) r4 = inotify_init() inotify_add_watch(r4, &(0x7f0000000000)='.\x00', 0x400017e) r5 = open(&(0x7f0000001300)='./file1\x00', 0x141042, 0x101) write$P9_RREADLINK(r5, &(0x7f0000000300)=ANY=[], 0x116) sendfile(r5, r5, &(0x7f0000000240), 0x7fff) r6 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r6, 0x0) preadv(r6, &(0x7f0000000280), 0x18, 0xd9f, 0x0) write$P9_RSTAT(r6, &(0x7f00000001c0)=ANY=[], 0x54) [ 359.421792][T28234] FAULT_INJECTION: forcing a failure. [ 359.421792][T28234] name failslab, interval 1, probability 0, space 0, times 0 [ 359.426224][T28241] loop4: detected capacity change from 0 to 262160 [ 359.434443][T28234] CPU: 0 PID: 28234 Comm: syz-executor.2 Not tainted 5.15.0-rc1-syzkaller #0 [ 359.449778][T28234] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 359.459881][T28234] Call Trace: [ 359.463162][T28234] dump_stack_lvl+0xd6/0x122 [ 359.467771][T28234] dump_stack+0x11/0x1b [ 359.471940][T28234] should_fail+0x23c/0x250 [ 359.476365][T28234] ? ext4_mb_new_blocks+0x317/0x1fc0 [ 359.481747][T28234] __should_failslab+0x81/0x90 [ 359.486535][T28234] should_failslab+0x5/0x20 [ 359.491045][T28234] kmem_cache_alloc+0x4f/0x300 [ 359.495852][T28234] ext4_mb_new_blocks+0x317/0x1fc0 [ 359.500979][T28234] ? ext4_find_extent+0x7b2/0x7f0 [ 359.501659][T28242] loop0: detected capacity change from 0 to 61 [ 359.506012][T28234] ? ext4_ext_search_right+0x246/0x540 [ 359.506037][T28234] ext4_ext_map_blocks+0x15ed/0x1ff0 [ 359.506066][T28234] ? ext4_es_lookup_extent+0x36b/0x490 [ 359.506085][T28234] ext4_map_blocks+0x71e/0xf00 [ 359.506107][T28234] ? crypto_shash_update+0x13c/0x1a0 [ 359.539420][T28234] ext4_iomap_begin+0x4b0/0x630 [ 359.544292][T28234] ? ext4_alloc_da_blocks+0xd0/0xd0 [ 359.549527][T28234] iomap_iter+0x39c/0x470 [ 359.553901][T28234] __iomap_dio_rw+0x698/0x1010 [ 359.558774][T28234] ? __ext4_mark_inode_dirty+0x501/0x5c0 [ 359.564524][T28234] iomap_dio_rw+0x30/0x70 [ 359.568867][T28234] ? ext4_file_write_iter+0x4a1/0x11f0 [ 359.574140][T28242] FAT-fs (loop0): Unrecognized mount option "./file1" or missing value [ 359.574332][T28234] ext4_file_write_iter+0xabe/0x11f0 [ 359.574361][T28234] ? ext4_file_write_iter+0x4a1/0x11f0 [ 359.593277][T28234] do_iter_readv_writev+0x2de/0x380 [ 359.598592][T28234] do_iter_write+0x192/0x5c0 [ 359.603191][T28234] ? splice_from_pipe_next+0x34f/0x3b0 [ 359.608659][T28234] ? kmalloc_array+0x2d/0x40 [ 359.613276][T28234] vfs_iter_write+0x4c/0x70 [ 359.617859][T28234] iter_file_splice_write+0x43a/0x790 [ 359.623242][T28234] ? splice_from_pipe+0xd0/0xd0 [ 359.628099][T28234] direct_splice_actor+0x80/0xa0 [ 359.633084][T28234] splice_direct_to_actor+0x345/0x650 [ 359.638457][T28234] ? do_splice_direct+0x190/0x190 [ 359.643505][T28234] do_splice_direct+0x106/0x190 [ 359.648357][T28234] do_sendfile+0x63e/0xbb0 [ 359.652858][T28234] __x64_sys_sendfile64+0x102/0x140 [ 359.658334][T28234] do_syscall_64+0x44/0xa0 [ 359.662914][T28234] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 359.668822][T28234] RIP: 0033:0x7fca7d004739 [ 359.673239][T28234] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 359.693027][T28234] RSP: 002b:00007fca7ad7c188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 359.701496][T28234] RAX: ffffffffffffffda RBX: 00007fca7d108f80 RCX: 00007fca7d004739 [ 359.709511][T28234] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000003 11:13:49 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, 0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') write$binfmt_script(0xffffffffffffffff, 0x0, 0x8800000) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0) ioctl$SG_IO(r1, 0x2285, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8914, 0x0) r2 = open(&(0x7f00000001c0)='./file0\x00', 0x4e141, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r2, r3, 0x0, 0x401ffc000) 11:13:49 executing program 2 (fault-call:5 fault-nth:56): getpid() syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = open(&(0x7f00000001c0)='./file0\x00', 0x4e141, 0x0) r1 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x401ffc000) [ 359.717663][T28234] RBP: 00007fca7ad7c1d0 R08: 0000000000000000 R09: 0000000000000000 [ 359.725732][T28234] R10: 0000000401ffc000 R11: 0000000000000246 R12: 0000000000000002 [ 359.733726][T28234] R13: 00007ffff87c0eff R14: 00007fca7ad7c300 R15: 0000000000022000 [ 359.799752][T28267] FAULT_INJECTION: forcing a failure. [ 359.799752][T28267] name failslab, interval 1, probability 0, space 0, times 0 [ 359.812599][T28267] CPU: 0 PID: 28267 Comm: syz-executor.2 Not tainted 5.15.0-rc1-syzkaller #0 [ 359.821358][T28267] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 359.831402][T28267] Call Trace: [ 359.834671][T28267] dump_stack_lvl+0xd6/0x122 [ 359.839246][T28267] dump_stack+0x11/0x1b [ 359.843564][T28267] should_fail+0x23c/0x250 [ 359.848010][T28267] ? mempool_alloc_slab+0x16/0x20 [ 359.853038][T28267] __should_failslab+0x81/0x90 [ 359.857795][T28267] should_failslab+0x5/0x20 [ 359.862378][T28267] kmem_cache_alloc+0x4f/0x300 [ 359.867130][T28267] mempool_alloc_slab+0x16/0x20 [ 359.872219][T28267] ? mempool_free+0x130/0x130 [ 359.875715][T28264] loop4: detected capacity change from 0 to 262160 [ 359.876893][T28267] mempool_alloc+0x9d/0x310 [ 359.876915][T28267] bio_alloc_bioset+0xcc/0x530 [ 359.892935][T28267] ? iov_iter_alignment+0x34b/0x370 [ 359.898136][T28267] iomap_dio_bio_iter+0x5e1/0xc00 [ 359.903185][T28267] __iomap_dio_rw+0x8d8/0x1010 [ 359.907967][T28267] iomap_dio_rw+0x30/0x70 [ 359.912395][T28267] ? ext4_file_write_iter+0x4a1/0x11f0 [ 359.917864][T28267] ext4_file_write_iter+0xabe/0x11f0 [ 359.923155][T28267] ? ext4_file_write_iter+0x4a1/0x11f0 [ 359.928623][T28267] do_iter_readv_writev+0x2de/0x380 [ 359.933930][T28267] do_iter_write+0x192/0x5c0 [ 359.938606][T28267] ? splice_from_pipe_next+0x34f/0x3b0 [ 359.944076][T28267] ? kmalloc_array+0x2d/0x40 [ 359.948680][T28267] vfs_iter_write+0x4c/0x70 [ 359.953330][T28267] iter_file_splice_write+0x43a/0x790 [ 359.958707][T28267] ? splice_from_pipe+0xd0/0xd0 [ 359.964065][T28267] direct_splice_actor+0x80/0xa0 [ 359.969207][T28267] splice_direct_to_actor+0x345/0x650 [ 359.974583][T28267] ? do_splice_direct+0x190/0x190 [ 359.974553][T28242] loop0: detected capacity change from 0 to 61 [ 359.979606][T28267] do_splice_direct+0x106/0x190 [ 359.990574][T28267] do_sendfile+0x63e/0xbb0 11:13:50 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000240)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x14d842, 0x0) sendfile(r1, 0xffffffffffffffff, 0x0, 0x80000001) r2 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r2, &(0x7f0000000300)=ANY=[], 0x116) sendfile(r2, r2, &(0x7f0000000240), 0x7fff) r3 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) sendfile(r3, r3, &(0x7f0000000240), 0x7fff) 11:13:50 executing program 5: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f00000000c0)='./file1\x00', 0x7aca, 0x1, &(0x7f00000002c0)=[{&(0x7f0000000180)="040005090000000066617400", 0xc}], 0x0, &(0x7f0000000080)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') r0 = open(&(0x7f00000000c0)='./file0\x00', 0x40c2, 0x0) write(r0, &(0x7f0000001400)="bb", 0x1001) r1 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r1, &(0x7f0000000300)=ANY=[], 0x116) sendfile(r1, r1, &(0x7f0000000240), 0x7fff) creat(&(0x7f0000000100)='./file1\x00', 0x1a2) sendfile(r1, r0, &(0x7f0000000080), 0x684aa014) write$binfmt_script(r0, 0x0, 0x60) ioctl$FS_IOC_GETFSMAP(0xffffffffffffffff, 0xc0c0583b, &(0x7f0000000300)=ANY=[@ANYBLOB="000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000300000001000000ff00000000000000d71f1e0500000000080000000000000039000000000000000000000000000000000000000000000000000000000000009e0f0000c70000000800000000000000000000000000000000000000000000000200"/320]) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) gettid() wait4(0x0, 0x0, 0x4000000a, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000002c0)="0f34", 0x2}], 0x1, 0x0) [ 359.994913][T28242] FAT-fs (loop0): Unrecognized mount option "°" or missing value [ 359.995093][T28267] __x64_sys_sendfile64+0x102/0x140 [ 360.008162][T28267] do_syscall_64+0x44/0xa0 [ 360.012593][T28267] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 360.018570][T28267] RIP: 0033:0x7fca7d004739 [ 360.023256][T28267] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 360.042869][T28267] RSP: 002b:00007fca7ad7c188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 360.051349][T28267] RAX: ffffffffffffffda RBX: 00007fca7d108f80 RCX: 00007fca7d004739 [ 360.059376][T28267] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000003 [ 360.067346][T28267] RBP: 00007fca7ad7c1d0 R08: 0000000000000000 R09: 0000000000000000 [ 360.075496][T28267] R10: 0000000401ffc000 R11: 0000000000000246 R12: 0000000000000002 [ 360.083573][T28267] R13: 00007ffff87c0eff R14: 00007fca7ad7c300 R15: 0000000000022000 11:13:50 executing program 0: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f0000000080)='./file0/file0\x00', 0x7aca, 0x1, &(0x7f00000002c0)=[{&(0x7f0000000180)="040005090000000066617400040409000200027400f801", 0x17}], 0x80052, &(0x7f0000000100)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') r0 = open(&(0x7f00000000c0)='./file0\x00', 0x40c2, 0x0) write(r0, &(0x7f0000001400)="bb8f9f640903127a53527c6fbfe65d43b0e0586f2d40c7e7df58cac83420e83662d6e39bb6d5430622431454eedeeaee423d8f210bc3525fa7927c18d5fbc91ab13c2041136047d8da9375934d00f325499bfe77", 0x54) write$P9_RSTAT(r0, &(0x7f0000000240)={0x54, 0x7d, 0x0, {0x0, 0x4d, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0, 0x0, '', 0x6, 'msdos\x00', 0xa, '/dev/vcsu\x00', 0xa, '\\j}/*/|,\x13('}}, 0x54) 11:13:50 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000240)={0x38, 0x0, 0x0, 0x0, 0x5}, 0x0) syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') write$binfmt_script(0xffffffffffffffff, 0x0, 0x8800000) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0) ioctl$SG_IO(r1, 0x2285, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8914, 0x0) r2 = open(&(0x7f00000001c0)='./file0\x00', 0x4e141, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r2, r3, 0x0, 0x401ffc000) [ 360.175072][T28299] loop0: detected capacity change from 0 to 61 [ 360.197087][T28306] loop4: detected capacity change from 0 to 262160 [ 360.224443][T28299] loop0: detected capacity change from 0 to 61 11:13:52 executing program 3: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f00000000c0)='./file1\x00', 0x7aca, 0x0, 0x0, 0x0, &(0x7f0000000080)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') r0 = open(&(0x7f00000000c0)='./file0\x00', 0x40c2, 0x0) write(r0, &(0x7f0000001400)="bb", 0x1001) r1 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r1, &(0x7f0000000300)=ANY=[], 0x116) sendfile(r1, r1, &(0x7f0000000240), 0x7fff) creat(&(0x7f0000000100)='./file1\x00', 0x1a2) sendfile(r1, r0, &(0x7f0000000080), 0x684aa014) write$binfmt_script(r0, 0x0, 0x60) ioctl$FS_IOC_GETFSMAP(0xffffffffffffffff, 0xc0c0583b, &(0x7f0000000300)=ANY=[@ANYBLOB="000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000300000001000000ff00000000000000d71f1e0500000000080000000000000039000000000000000000000000000000000000000000000000000000000000009e0f0000c70000000800000000000000000000000000000000000000000000000200"/320]) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() wait4(0x0, 0x0, 0x4000000a, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000002c0)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r2, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0, 0x34}, {&(0x7f0000000000)=""/3, 0x3}], 0x3, 0x0, 0x0, 0x0) tkill(r2, 0x3c) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x48, &(0x7f0000000300)="f43970da7cfeb6d42fd55103666c5762306aa6000000006e59b65f92b10000c571b846e84785185abde7d01894a79025a799ce07a8bdf0c91d32be313b558a8b5a3ae6a22cd7123b"}}], 0x1c) 11:13:52 executing program 2 (fault-call:5 fault-nth:57): getpid() syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = open(&(0x7f00000001c0)='./file0\x00', 0x4e141, 0x0) r1 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x401ffc000) 11:13:52 executing program 0: r0 = syz_mount_image$msdos(&(0x7f0000000040), &(0x7f00000000c0)='./file1\x00', 0x7aca, 0x1, &(0x7f00000002c0)=[{&(0x7f0000000180)="040005090000000066617400040409000200027400f801", 0x17}], 0x0, &(0x7f0000000100)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') r1 = open(&(0x7f00000000c0)='./file0\x00', 0x40c2, 0x0) write(r1, &(0x7f0000001400)="bb43b0e0586f2d40c7e7df58ca34487b06643e8d9b0249568763aac83420e83662d6e39bb6d5430622431454c547ff3f423d8f210bc3525fa7927c18d5fbc91ab13c2041136047d8da93755fe4095125499bfe77", 0x54) ioctl$F2FS_IOC_RELEASE_VOLATILE_WRITE(r0, 0xf504, 0x0) write$P9_RSTAT(r1, &(0x7f0000000240)={0x54, 0x7d, 0x0, {0x0, 0x4d, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0, 0x0, '', 0x6, 'msdos\x00', 0xa, '/dev/vcsu\x00', 0xa, '\\j}/*/|,\x13('}}, 0x54) 11:13:52 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000240)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x14d842, 0x0) sendfile(r1, 0xffffffffffffffff, 0x0, 0x80000001) r2 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r2, &(0x7f0000000300)=ANY=[], 0x116) sendfile(r2, r2, &(0x7f0000000240), 0x7fff) r3 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) sendfile(r3, r3, &(0x7f0000000240), 0x7fff) 11:13:52 executing program 5: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f00000000c0)='./file1\x00', 0x7aca, 0x1, &(0x7f00000002c0)=[{&(0x7f0000000180)="040005090000000066617400", 0xc}], 0x0, &(0x7f0000000080)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') r0 = open(&(0x7f00000000c0)='./file0\x00', 0x40c2, 0x0) write(r0, &(0x7f0000001400)="bb", 0x1001) r1 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r1, &(0x7f0000000300)=ANY=[], 0x116) sendfile(r1, r1, &(0x7f0000000240), 0x7fff) creat(&(0x7f0000000100)='./file1\x00', 0x1a2) sendfile(r1, r0, &(0x7f0000000080), 0x684aa014) write$binfmt_script(r0, 0x0, 0x60) ioctl$FS_IOC_GETFSMAP(0xffffffffffffffff, 0xc0c0583b, &(0x7f0000000300)=ANY=[@ANYBLOB="000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000300000001000000ff00000000000000d71f1e0500000000080000000000000039000000000000000000000000000000000000000000000000000000000000009e0f0000c70000000800000000000000000000000000000000000000000000000200"/320]) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) gettid() wait4(0x0, 0x0, 0x4000000a, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000002c0)="0f34", 0x2}], 0x1, 0x0) 11:13:52 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000240)={0x38, 0x0, 0x0, 0x0, 0x5}, 0x0) syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') write$binfmt_script(0xffffffffffffffff, 0x0, 0x8800000) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0) ioctl$SG_IO(r1, 0x2285, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8914, 0x0) r2 = open(&(0x7f00000001c0)='./file0\x00', 0x4e141, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r2, r3, 0x0, 0x401ffc000) [ 362.445426][T28325] loop4: detected capacity change from 0 to 262160 [ 362.452401][T28327] loop0: detected capacity change from 0 to 61 [ 362.481417][T28327] attempt to access beyond end of device [ 362.481417][T28327] loop0: rw=2049, want=64, limit=61 [ 362.497724][T28337] FAULT_INJECTION: forcing a failure. [ 362.497724][T28337] name failslab, interval 1, probability 0, space 0, times 0 [ 362.510414][T28337] CPU: 1 PID: 28337 Comm: syz-executor.2 Not tainted 5.15.0-rc1-syzkaller #0 [ 362.519215][T28337] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 362.529277][T28337] Call Trace: [ 362.532556][T28337] dump_stack_lvl+0xd6/0x122 [ 362.537161][T28337] dump_stack+0x11/0x1b [ 362.541328][T28337] should_fail+0x23c/0x250 [ 362.545806][T28337] ? mempool_alloc_slab+0x16/0x20 [ 362.550840][T28337] __should_failslab+0x81/0x90 [ 362.555616][T28337] should_failslab+0x5/0x20 [ 362.560145][T28337] kmem_cache_alloc+0x4f/0x300 [ 362.565031][T28337] mempool_alloc_slab+0x16/0x20 [ 362.569905][T28337] ? mempool_free+0x130/0x130 [ 362.574685][T28337] mempool_alloc+0x9d/0x310 [ 362.579195][T28337] bio_alloc_bioset+0xcc/0x530 [ 362.584000][T28337] ? iov_iter_alignment+0x34b/0x370 [ 362.589207][T28337] iomap_dio_bio_iter+0x5e1/0xc00 11:13:52 executing program 0: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f00000000c0)='./file1\x00', 0x7aca, 0x1, &(0x7f00000002c0)=[{&(0x7f0000000180)="040005090000000066617400040409000200027400f801", 0x17}], 0x0, &(0x7f0000000100)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') open$dir(&(0x7f0000000080)='./file0\x00', 0x105102, 0x0) r0 = open(&(0x7f00000000c0)='./file0\x00', 0x40c2, 0x0) write(r0, &(0x7f0000001400)="bb8f9f640903127a53527c6fbfe65d43b0e0586f2d40c7e7df58cac83420e83662d6e39bb6d5430622431454eedeeaee423d8f210bc3525fa7927c18d5fbc91ab13c2041136047d8da9375934d00f325499bfe77", 0x54) write$P9_RSTAT(r0, &(0x7f0000000100)={0x4e, 0x7d, 0x0, {0x0, 0x47, 0x0, 0x0, {}, 0x0, 0x4, 0x0, 0x3, 0x0, '', 0x0, '', 0xa, '/dev/vcsu\x00', 0xa, '\\j}/*/|,\x13('}}, 0x4e) 11:13:52 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000240)={0x38, 0x0, 0x0, 0x0, 0x5}, 0x0) syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') write$binfmt_script(0xffffffffffffffff, 0x0, 0x8800000) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0) ioctl$SG_IO(r1, 0x2285, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8914, 0x0) r2 = open(&(0x7f00000001c0)='./file0\x00', 0x4e141, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r2, r3, 0x0, 0x401ffc000) [ 362.594297][T28337] __iomap_dio_rw+0x8d8/0x1010 [ 362.599228][T28337] iomap_dio_rw+0x30/0x70 [ 362.603575][T28337] ? ext4_file_write_iter+0x4a1/0x11f0 [ 362.609066][T28337] ext4_file_write_iter+0xabe/0x11f0 [ 362.614364][T28337] ? ext4_file_write_iter+0x4a1/0x11f0 [ 362.619947][T28337] do_iter_readv_writev+0x2de/0x380 [ 362.625179][T28337] do_iter_write+0x192/0x5c0 [ 362.629770][T28337] ? splice_from_pipe_next+0x34f/0x3b0 [ 362.635407][T28337] ? kmalloc_array+0x2d/0x40 [ 362.640249][T28337] vfs_iter_write+0x4c/0x70 [ 362.644891][T28337] iter_file_splice_write+0x43a/0x790 [ 362.651210][T28337] ? splice_from_pipe+0xd0/0xd0 [ 362.656064][T28337] direct_splice_actor+0x80/0xa0 [ 362.661001][T28337] splice_direct_to_actor+0x345/0x650 [ 362.667023][T28337] ? do_splice_direct+0x190/0x190 [ 362.672042][T28337] do_splice_direct+0x106/0x190 [ 362.676879][T28337] do_sendfile+0x63e/0xbb0 [ 362.681418][T28337] __x64_sys_sendfile64+0x102/0x140 [ 362.686838][T28337] do_syscall_64+0x44/0xa0 [ 362.691430][T28337] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 362.697405][T28337] RIP: 0033:0x7fca7d004739 [ 362.701925][T28337] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 362.721624][T28337] RSP: 002b:00007fca7ad7c188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 362.730027][T28337] RAX: ffffffffffffffda RBX: 00007fca7d108f80 RCX: 00007fca7d004739 [ 362.738102][T28337] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000003 [ 362.746076][T28337] RBP: 00007fca7ad7c1d0 R08: 0000000000000000 R09: 0000000000000000 [ 362.754032][T28337] R10: 0000000401ffc000 R11: 0000000000000246 R12: 0000000000000002 [ 362.761987][T28337] R13: 00007ffff87c0eff R14: 00007fca7ad7c300 R15: 0000000000022000 11:13:53 executing program 2 (fault-call:5 fault-nth:58): getpid() syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = open(&(0x7f00000001c0)='./file0\x00', 0x4e141, 0x0) r1 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x401ffc000) [ 362.843757][T28353] loop0: detected capacity change from 0 to 61 [ 362.846381][T28359] FAULT_INJECTION: forcing a failure. [ 362.846381][T28359] name failslab, interval 1, probability 0, space 0, times 0 [ 362.862622][T28359] CPU: 1 PID: 28359 Comm: syz-executor.2 Not tainted 5.15.0-rc1-syzkaller #0 [ 362.862661][T28364] loop4: detected capacity change from 0 to 262160 [ 362.871478][T28359] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 362.871493][T28359] Call Trace: [ 362.871501][T28359] dump_stack_lvl+0xd6/0x122 [ 362.896023][T28359] dump_stack+0x11/0x1b [ 362.900184][T28359] should_fail+0x23c/0x250 [ 362.904590][T28359] ? mempool_alloc_slab+0x16/0x20 [ 362.909665][T28359] __should_failslab+0x81/0x90 [ 362.914444][T28359] should_failslab+0x5/0x20 [ 362.919048][T28359] kmem_cache_alloc+0x4f/0x300 [ 362.923799][T28359] mempool_alloc_slab+0x16/0x20 [ 362.928814][T28359] ? mempool_free+0x130/0x130 [ 362.933567][T28359] mempool_alloc+0x9d/0x310 [ 362.938060][T28359] ? crypto_shash_update+0x13c/0x1a0 [ 362.943333][T28359] ? pagecache_get_page+0x7aa/0x910 [ 362.948530][T28359] sg_pool_alloc+0x74/0x90 [ 362.954100][T28359] __sg_alloc_table+0xce/0x290 [ 362.958930][T28359] sg_alloc_table_chained+0xaf/0x140 [ 362.964272][T28359] ? sg_alloc_table_chained+0x140/0x140 [ 362.969914][T28359] scsi_alloc_sgtables+0x184/0x510 [ 362.975161][T28359] sd_init_command+0x952/0x1610 [ 362.980002][T28359] scsi_queue_rq+0x10cd/0x15a0 [ 362.984819][T28359] blk_mq_dispatch_rq_list+0x63b/0x1080 [ 362.990363][T28359] blk_mq_do_dispatch_sched+0x3b5/0x640 [ 362.995900][T28359] __blk_mq_sched_dispatch_requests+0x1eb/0x290 [ 363.002257][T28359] ? rb_insert_color+0x2fa/0x310 [ 363.007241][T28359] blk_mq_sched_dispatch_requests+0x9f/0x110 [ 363.013357][T28359] __blk_mq_run_hw_queue+0xbc/0x140 [ 363.018567][T28359] __blk_mq_delay_run_hw_queue+0x163/0x2f0 [ 363.024448][T28359] blk_mq_run_hw_queue+0x22c/0x250 [ 363.029557][T28359] blk_mq_sched_insert_requests+0x12b/0x1f0 [ 363.035441][T28359] blk_mq_flush_plug_list+0x302/0x3d0 [ 363.040808][T28359] blk_flush_plug_list+0x235/0x260 [ 363.045917][T28359] blk_finish_plug+0x44/0x60 [ 363.050501][T28359] __iomap_dio_rw+0xca7/0x1010 [ 363.055333][T28359] iomap_dio_rw+0x30/0x70 [ 363.059816][T28359] ? ext4_file_write_iter+0x4a1/0x11f0 [ 363.065344][T28359] ext4_file_write_iter+0xabe/0x11f0 [ 363.070635][T28359] ? ext4_file_write_iter+0x4a1/0x11f0 [ 363.076087][T28359] do_iter_readv_writev+0x2de/0x380 [ 363.081281][T28359] do_iter_write+0x192/0x5c0 [ 363.085863][T28359] ? splice_from_pipe_next+0x34f/0x3b0 [ 363.091435][T28359] ? kmalloc_array+0x2d/0x40 [ 363.096069][T28359] vfs_iter_write+0x4c/0x70 [ 363.100603][T28359] iter_file_splice_write+0x43a/0x790 [ 363.106083][T28359] ? splice_from_pipe+0xd0/0xd0 [ 363.110920][T28359] direct_splice_actor+0x80/0xa0 [ 363.115917][T28359] splice_direct_to_actor+0x345/0x650 [ 363.121280][T28359] ? do_splice_direct+0x190/0x190 [ 363.126292][T28359] do_splice_direct+0x106/0x190 [ 363.131240][T28359] do_sendfile+0x63e/0xbb0 [ 363.135676][T28359] __x64_sys_sendfile64+0x102/0x140 [ 363.140892][T28359] do_syscall_64+0x44/0xa0 [ 363.145310][T28359] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 363.151274][T28359] RIP: 0033:0x7fca7d004739 [ 363.155788][T28359] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 363.175647][T28359] RSP: 002b:00007fca7ad7c188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 363.184046][T28359] RAX: ffffffffffffffda RBX: 00007fca7d108f80 RCX: 00007fca7d004739 11:13:53 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000240)={0x38, 0x2}, 0x0) syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') write$binfmt_script(0xffffffffffffffff, 0x0, 0x8800000) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0) ioctl$SG_IO(r1, 0x2285, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8914, 0x0) r2 = open(&(0x7f00000001c0)='./file0\x00', 0x4e141, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r2, r3, 0x0, 0x401ffc000) [ 363.192005][T28359] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000003 [ 363.200023][T28359] RBP: 00007fca7ad7c1d0 R08: 0000000000000000 R09: 0000000000000000 [ 363.208053][T28359] R10: 0000000401ffc000 R11: 0000000000000246 R12: 0000000000000002 [ 363.216018][T28359] R13: 00007ffff87c0eff R14: 00007fca7ad7c300 R15: 0000000000022000 11:13:53 executing program 0: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f00000000c0)='./file1\x00', 0x7aca, 0x1, &(0x7f00000002c0)=[{&(0x7f0000000180)="040005090000000066617400040409000200027400f801", 0x17}], 0x0, &(0x7f0000000100)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') r0 = open(&(0x7f00000000c0)='./file0\x00', 0x40c2, 0x0) write(r0, &(0x7f0000001400)="bb8f9f640903127a53527c6fbfe65d43b0e0586f2d40c7e7df58cac83420e83662d6e39bb6d5430622431454eedeeaee423d8f210bc3525fa7927c18d5fbc91ab13c2041136047d8da9375934d00f325499bfe77", 0x54) write$P9_RSTAT(r0, &(0x7f0000000400)=ANY=[@ANYBLOB="540000007d000000004d00000000000000000000000000000000000000000000000000000000000000000000000000000000000006006d73646f73000a002f6465762f76637375000a005c6a7d2f2a2f7c2c26287c2a2d55ed6f31ee5156a5329ff64f54c0354fb345fd0e87d7370e06393c892de3b7f944aef0718a8afcb720965180d6e530501b6336a7c37de0d54f0fc7eac01ab75556213402a28411efeca4e7d442a5c1a637355a79ef27181cb0071a45ca99c831fe96ec6a3de74e22171c5c542c7df49648a1a069d4dd9ed7a422de0832da37b7f4d047cfa34d519705d2bfc43326a30748963a9bc6d60e464769c425f5e8f2a986138d649cde14bdc9cdb8d93e34605f8a4138f72f406aa451e3487fb47134eacbc1396db0000000000000000000001cd16bc4853b931c0fc5c992f3d8bcbde64047f1f4d0e2720f87463ee5e86d5fbf54c3f4761338a0713c068575efd15f0103d04ffb805b92382d412e2f33b0b87e8badef8fa7cc336bf03cdbd544c66b794b7831368d6f38d226d2346edd74189a9eb8725edc3c77de5d076a2b0a514790d98a5cd480e0a52dd09266d3e30579f4c66a3b3f2ab221129b9ca8b5"], 0x54) 11:13:53 executing program 5: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f00000000c0)='./file1\x00', 0x7aca, 0x1, &(0x7f00000002c0)=[{&(0x7f0000000180)="040005090000000066617400", 0xc}], 0x0, &(0x7f0000000080)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') r0 = open(&(0x7f00000000c0)='./file0\x00', 0x40c2, 0x0) write(r0, &(0x7f0000001400)="bb", 0x1001) r1 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r1, &(0x7f0000000300)=ANY=[], 0x116) sendfile(r1, r1, &(0x7f0000000240), 0x7fff) creat(&(0x7f0000000100)='./file1\x00', 0x1a2) sendfile(r1, r0, &(0x7f0000000080), 0x684aa014) write$binfmt_script(r0, 0x0, 0x60) ioctl$FS_IOC_GETFSMAP(0xffffffffffffffff, 0xc0c0583b, &(0x7f0000000300)=ANY=[@ANYBLOB="000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000300000001000000ff00000000000000d71f1e0500000000080000000000000039000000000000000000000000000000000000000000000000000000000000009e0f0000c70000000800000000000000000000000000000000000000000000000200"/320]) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) gettid() wait4(0x0, 0x0, 0x4000000a, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000002c0)="0f34", 0x2}], 0x1, 0x0) [ 363.338029][T28384] loop4: detected capacity change from 0 to 262160 [ 363.345967][T28386] loop0: detected capacity change from 0 to 61 [ 363.401588][T28386] attempt to access beyond end of device [ 363.401588][T28386] loop0: rw=2049, want=64, limit=61 11:13:55 executing program 3: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f00000000c0)='./file1\x00', 0x7aca, 0x0, &(0x7f00000002c0), 0x0, &(0x7f0000000080)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') r0 = open(&(0x7f00000000c0)='./file0\x00', 0x40c2, 0x0) write(r0, &(0x7f0000001400)="bb", 0x1001) r1 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r1, &(0x7f0000000300)=ANY=[], 0x116) sendfile(r1, r1, &(0x7f0000000240), 0x7fff) creat(&(0x7f0000000100)='./file1\x00', 0x1a2) sendfile(r1, r0, &(0x7f0000000080), 0x684aa014) write$binfmt_script(r0, 0x0, 0x60) ioctl$FS_IOC_GETFSMAP(0xffffffffffffffff, 0xc0c0583b, &(0x7f0000000300)=ANY=[@ANYBLOB="000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000300000001000000ff00000000000000d71f1e0500000000080000000000000039000000000000000000000000000000000000000000000000000000000000009e0f0000c70000000800000000000000000000000000000000000000000000000200"/320]) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() wait4(0x0, 0x0, 0x4000000a, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000002c0)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r2, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0, 0x34}, {&(0x7f0000000000)=""/3, 0x3}], 0x3, 0x0, 0x0, 0x0) tkill(r2, 0x3c) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x48, &(0x7f0000000300)="f43970da7cfeb6d42fd55103666c5762306aa6000000006e59b65f92b10000c571b846e84785185abde7d01894a79025a799ce07a8bdf0c91d32be313b558a8b5a3ae6a22cd7123b"}}], 0x1c) 11:13:55 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getpid() sched_setattr(0x0, &(0x7f0000000240)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r0 = open(&(0x7f00000000c0)='./bus\x00', 0x14d842, 0x0) sendfile(r0, 0xffffffffffffffff, 0x0, 0x80000001) r1 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r1, &(0x7f0000000300)=ANY=[], 0x116) sendfile(r1, r1, &(0x7f0000000240), 0x7fff) r2 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) sendfile(r2, r2, &(0x7f0000000240), 0x7fff) 11:13:55 executing program 2 (fault-call:5 fault-nth:59): getpid() syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = open(&(0x7f00000001c0)='./file0\x00', 0x4e141, 0x0) r1 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x401ffc000) 11:13:55 executing program 0: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f00000000c0)='./file1\x00', 0x7aca, 0x1, &(0x7f00000002c0)=[{&(0x7f0000000180)="040005090000000066617400040409000200027400f801", 0x17}], 0x0, &(0x7f0000000100)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') r0 = open(&(0x7f00000000c0)='./file0\x00', 0x40c2, 0x0) write(r0, &(0x7f0000001400)="bb8f9f640903127a53527c6fbfe65d43b0e0586f2d40c7e7df58cac83420e83662d6e39bb6d5430622431454eedeeaee423d8f210bc3525fa7927c18d5fbc91ab13c2041136047d8da9375934d00f325499bfe77", 0x54) write$P9_RSTAT(r0, &(0x7f0000000240)={0x54, 0x7d, 0x0, {0x0, 0x4d, 0x0, 0x0, {0x0, 0x0, 0x2}, 0x0, 0x0, 0x40000000, 0x0, 0x0, '', 0x6, 'msdos\x00', 0xa, '/dev/vcsu\x00', 0xa, '\\j}/*/|,\'('}}, 0x54) open(&(0x7f0000000080)='./file1\x00', 0x88000, 0x40) 11:13:55 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000240)={0x38, 0x2}, 0x0) syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') write$binfmt_script(0xffffffffffffffff, 0x0, 0x8800000) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0) ioctl$SG_IO(r1, 0x2285, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8914, 0x0) r2 = open(&(0x7f00000001c0)='./file0\x00', 0x4e141, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r2, r3, 0x0, 0x401ffc000) 11:13:55 executing program 5: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f00000000c0)='./file1\x00', 0x7aca, 0x1, &(0x7f00000002c0)=[{&(0x7f0000000180)="040005090000000066617400040409000200", 0x12}], 0x0, &(0x7f0000000080)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') r0 = open(&(0x7f00000000c0)='./file0\x00', 0x40c2, 0x0) write(r0, &(0x7f0000001400)="bb", 0x1001) r1 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r1, &(0x7f0000000300)=ANY=[], 0x116) sendfile(r1, r1, &(0x7f0000000240), 0x7fff) creat(&(0x7f0000000100)='./file1\x00', 0x1a2) sendfile(r1, r0, &(0x7f0000000080), 0x684aa014) write$binfmt_script(r0, 0x0, 0x60) ioctl$FS_IOC_GETFSMAP(0xffffffffffffffff, 0xc0c0583b, &(0x7f0000000300)=ANY=[@ANYBLOB="000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000300000001000000ff00000000000000d71f1e0500000000080000000000000039000000000000000000000000000000000000000000000000000000000000009e0f0000c70000000800000000000000000000000000000000000000000000000200"/320]) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) gettid() wait4(0x0, 0x0, 0x4000000a, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000002c0)="0f34", 0x2}], 0x1, 0x0) [ 365.511978][T28410] loop0: detected capacity change from 0 to 61 [ 365.518640][T28412] FAULT_INJECTION: forcing a failure. [ 365.518640][T28412] name failslab, interval 1, probability 0, space 0, times 0 [ 365.519663][T28420] loop4: detected capacity change from 0 to 262160 [ 365.531302][T28412] CPU: 1 PID: 28412 Comm: syz-executor.2 Not tainted 5.15.0-rc1-syzkaller #0 [ 365.546541][T28412] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 365.556599][T28412] Call Trace: [ 365.559873][T28412] dump_stack_lvl+0xd6/0x122 [ 365.564473][T28412] dump_stack+0x11/0x1b [ 365.568631][T28412] should_fail+0x23c/0x250 [ 365.573049][T28412] ? kmalloc_array+0x2d/0x40 [ 365.577647][T28412] __should_failslab+0x81/0x90 [ 365.582409][T28412] should_failslab+0x5/0x20 [ 365.586925][T28412] __kmalloc+0x6f/0x350 [ 365.591149][T28412] kmalloc_array+0x2d/0x40 [ 365.595566][T28412] iter_file_splice_write+0xd5/0x790 [ 365.600857][T28412] ? atime_needs_update+0x2ba/0x390 [ 365.606227][T28412] ? touch_atime+0xe0/0x250 [ 365.610740][T28412] ? generic_file_splice_read+0x2ac/0x340 [ 365.616463][T28412] ? splice_from_pipe+0xd0/0xd0 [ 365.621329][T28412] direct_splice_actor+0x80/0xa0 [ 365.626275][T28412] splice_direct_to_actor+0x345/0x650 [ 365.631755][T28412] ? do_splice_direct+0x190/0x190 [ 365.636784][T28412] do_splice_direct+0x106/0x190 [ 365.641636][T28412] do_sendfile+0x63e/0xbb0 [ 365.646172][T28412] __x64_sys_sendfile64+0x102/0x140 [ 365.651379][T28412] do_syscall_64+0x44/0xa0 [ 365.655789][T28412] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 365.661733][T28412] RIP: 0033:0x7fca7d004739 [ 365.666138][T28412] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 365.685736][T28412] RSP: 002b:00007fca7ad7c188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 365.694147][T28412] RAX: ffffffffffffffda RBX: 00007fca7d108f80 RCX: 00007fca7d004739 [ 365.702173][T28412] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000003 11:13:55 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000240)={0x38, 0x2}, 0x0) syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') write$binfmt_script(0xffffffffffffffff, 0x0, 0x8800000) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0) ioctl$SG_IO(r1, 0x2285, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8914, 0x0) r2 = open(&(0x7f00000001c0)='./file0\x00', 0x4e141, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r2, r3, 0x0, 0x401ffc000) 11:13:55 executing program 5: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f00000000c0)='./file1\x00', 0x7aca, 0x1, &(0x7f00000002c0)=[{&(0x7f0000000180)="040005090000000066617400040409000200", 0x12}], 0x0, &(0x7f0000000080)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') r0 = open(&(0x7f00000000c0)='./file0\x00', 0x40c2, 0x0) write(r0, &(0x7f0000001400)="bb", 0x1001) r1 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r1, &(0x7f0000000300)=ANY=[], 0x116) sendfile(r1, r1, &(0x7f0000000240), 0x7fff) creat(&(0x7f0000000100)='./file1\x00', 0x1a2) sendfile(r1, r0, &(0x7f0000000080), 0x684aa014) write$binfmt_script(r0, 0x0, 0x60) ioctl$FS_IOC_GETFSMAP(0xffffffffffffffff, 0xc0c0583b, &(0x7f0000000300)=ANY=[@ANYBLOB="000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000300000001000000ff00000000000000d71f1e0500000000080000000000000039000000000000000000000000000000000000000000000000000000000000009e0f0000c70000000800000000000000000000000000000000000000000000000200"/320]) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) gettid() wait4(0x0, 0x0, 0x4000000a, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000002c0)="0f34", 0x2}], 0x1, 0x0) 11:13:55 executing program 2 (fault-call:5 fault-nth:60): getpid() syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = open(&(0x7f00000001c0)='./file0\x00', 0x4e141, 0x0) r1 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x401ffc000) [ 365.710146][T28412] RBP: 00007fca7ad7c1d0 R08: 0000000000000000 R09: 0000000000000000 [ 365.718151][T28412] R10: 0000000401ffc000 R11: 0000000000000246 R12: 0000000000000002 [ 365.726131][T28412] R13: 00007ffff87c0eff R14: 00007fca7ad7c300 R15: 0000000000022000 11:13:56 executing program 0: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f00000000c0)='./file1\x00', 0x7aca, 0x1, &(0x7f00000002c0)=[{&(0x7f0000000180)="040005090000000066617400040409000200027400f801", 0x17}], 0x0, &(0x7f0000000100)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') r0 = open(&(0x7f00000000c0)='./file0\x00', 0x40c2, 0x0) write(r0, &(0x7f0000001400)="bb8f9f640903127a53527c6fbfe65d43b0e0586f2d40c7e7df58cac83420e83662d6e39bb6d5430622431454eedeeaee423d8f210bc3525fa7927c18d5fbc91ab13c2041136047d8da9375934d00f325499bfe77", 0x54) write$P9_RSTAT(r0, &(0x7f0000000240)={0x54, 0x7d, 0x0, {0x0, 0x4d, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0, 0x0, '', 0x6, 'msdos\x00', 0xa, '/dev/vcsu\x00', 0xa, '\\j}/*/|,\x13('}}, 0x54) r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000080), 0x4000, 0x0) ioctl$BTRFS_IOC_SNAP_DESTROY_V2(r1, 0x5000943f, &(0x7f0000000300)={{}, 0x0, 0x8, @inherit={0x58, &(0x7f0000000100)={0x0, 0x2, 0x100000001, 0x86, {0x13, 0x4cb5, 0x8001, 0x6, 0xfff}, [0x0, 0x48000000000000]}}, @name="e107d941f4a10d88459dbe62e5c56bf1e722d2516e354ba26e3225d8d33ab769a8336b9026ebb8a20cb2f5d95cf9a39d350b29532466f3946fda740e286adcb003cca477c9576a1b574a8d1a3fa399784ac9f6fe0572fbde6108d456f217a4f3ee86060aa22cdad4e66c6a48a179dc97f12560e8fc1e65c92f0fb8e90e807af711fbb6cfdbd75bccc605ebdf69c3d1f69f004c54f5a1715161e4bd4926f48d76a652513ee376f5ba65b8e0ce18be2f2853ecfeabb28fe8d15b8cd6bde355ff7547089301c3b70f10d8194075378775635a261184ff4511a61246bfe8ecefb2e1cb18c5ddc62eea307f24d5d8f2ea8cb5991d08101624d8f919f7b162cbb58f084a85d4de964d2753e1f72265c5e6c600317523e807bd340160025ba5a22cb75fc1ca94e1d9b473318bdb92e42d962e2e7de0d3dccc2d702d92dd12f6dc2d489e1e919e6280669523c8ff93f29ad55a6b58d0000f6805333f606c7adbe0ab1ce4f17bff836e3e4522b19676b2ca0ab242ac60e5e2461a0b37dc5098749ae80ab5224efae0c9a14c365c96e29bee877440614c3be082fdeaf7696ebb037c2aed049b1c2fd92083e816ef0f13570c459204b4c6346462620541f0abb7d599c0c3b1a168a6774fd587c22fcbab2f1fbdb6f411d11ad219dbb1a5e4f8c1e674fe5dad7eb085c68b13bea741445057223518109dc15b9a69acb6043aaa1bb400e86341fc5000502945321337d108479d0dd7f59404b35152e04f324d0fc5e5b53358fb693061db9610f166027f21917e45c26fc5144f8ad4dbf32e6211ea33f12ebe184bc135be4715c3a0c4c0cbe5adf5c0eb4c0f4193b721d6826111f20ef414cb3b723111f4b0768e78dc1ece60a04c9c0406c4cd6db9b9e0b355d76f49ed82735a7518f00ccdfebc18ead12af56d3d8640c14ca21f47bd36bb11d1a50a05cb38780d05c40438ec194241f688fba715a338ce921b354c1c614a1ec465056fb139818bbad1d7913c37ebae5af4584f7558b5d70151a295b49fb7d1e7b5baaf9ab4c7efc8a1f6aa74a877aacfd82baa46f5fcaecb057a68fc641f8cfe8d774bb0acbf63ee003f105f671cbd1a7934723011b72efbfbb2df12168ea00e8feb9d9d831ffe2805770961f0274c8e85fc6c2a96b2217bb46120a7b704adc2680d8130278e878af215b9be0c735337eadd1d7ee4573554d24ce21f0edd987522969b3dfd0b7121eed8e0de74b77a8477b7f5bb15fcb0961a18b2e577ee7a37c4718c57ac5dce9ba5a7222dea6c8fe7bc9ce01cb0f03b49f5bd393e2c4ff6fcc70722b6dca5d25fae2285dce1ffbaa4c43fe05f3691480d152d0a6c2b79aebcd169a6c4f995b4cd158973913e13e194762f1021f4e5e1709d17f29d74133c46cf8e41592a7b04d1e21b44e1ebfc4db482a34224da16142ba923f4946c12e666d35456984b9119dda425fe5012532f9f559abddeb46086985362a116a058c874f012f436e1b220d4734b8867d4455a4b3dafa9539195f119fa1f53ba06d5200e75f9fbc9d71563a7423f74df4ff849fe198b439a40c54fe3255cc270c3461d6eebeac581c0e1a736a4fb91153346afa0bcbfa47233920f247340b83011c2c73f692deb4db67f2c1271b029a44b7a6e9cc942b74fc671721d267983155b4c7e7a1aaeca9f34fcb271073cd2fddef00fc1e275fce3a129b413f365435b5f4310adb3b854ab9ba9c25901c6a398e408987d1c72b543c80059823acf42544593ea50de64b2837c6afdd27c6a16aeb55ee4663b3dcbc89aebc7a6f029d97a9dfccdf2bf886e7b9ce81cd82fe2100dd7ad086f627b6af9d119233513f1415f9a301894a5c54cf75f401b576fe49fd9024fb2bccc3f874decb8b4727609ff281ea62d0f06ed495d1b815e920fa494fb32b1a5f9392040f0c685e06822aa3cd8ffdbf6d776643bef5aa3b3502235bb2a8d816197a25e1ad738eedca3e9830da8a3d3543f8c595c289231bb159c7ca1a9585d504c3bd55781ffd8fae1739258e1a8f93cd6a94b72dfdd4efc6433df389089ae836857372daef66a5084bdea5ce1da766531587db3faee124aa3ebd444b813d9c78865a87469a84c3fdd72b3ab1a865f405ceea9c962a0979cff295cfc2cc0d47ba6edbf806274b7b3f28fb5a943fdab5aac6d5ef4a76d6c4b76c97606ba7957a091329fe7a50ce5f53205394e3b878569dad8093f638f86e639be878280737bc58fc4b5e740dc41b0b96f618213ec3e95824a0d99b2c9f08a968ebaebeb246c5bafb3481124742fac07b60439000d1817794d8fb88b81df63858e20fb4e2c2e7b4c713342f050e03c07b2c44c5c8255f551a99794fc8959c350ee71ebe2eefd1f92ee35adeebe834bb634ef37a77e786cc646369f2f96637f3d21e772a8d9f2f75561ede5b2a42d3121c1f550fcd7a71d6f521db8ed8f9ea0f47f4fff8f278a1722f1fdf0e68dfe37bde3a404557ada1830b550f62be9d55eb18d9b57f794f5fb0a9ea6f890d413b5c279ad7258783e4e9555b75eb45e2628bb2f61b387330d6d3c226a4196d021803fdc0dd265fd8a05534a864b834fce3ff7f8a9d232442003864c8e4c0864e908210801dbc8145dcca4f3763963abda132c2385103771d0a4d1c016d5339e90967bbf673588e7f15f1a3822c3ae0c9108dbe9c61111ae168779f4b7898aa5a4147776d080957f45c32012be2aa2306c37acec529d4eab3512c29131e581b53dcb3959ee990a891b0d257f3893c86f1c165a5bc9eb69582371a5e6862666b577cba2e75dc07184d0c96db99cdc3f56587e54577d20dd7d383ec0cd6df4f1dc6c4289788df7a2637cc9a37c4e2582184813d339844d5cb3cb2653060dd1f603e4b6d244e67c00f0d0cba5551085d6dfd078e9a2b23dfc07fca7a5cd8266551eafabe6a58b438efe993ec5bad56430a91bc56c1320c5e53ec5126afcbef0f4cf8eacb1aba4c35992847cf22f16f0eda001e9327e052d9c9c8f04b96373d8ad1b5ecda2e2cdc80ee3cc7d1230b4be42a0e9075ff2c522afe0878391ba1fc7cf9302c30e153702999617f06082341b18108cddd3fef950f31145d487d6f9fe07e3e025a60e6e65898c41b75dd02be3ae713fd459f444d9be76e4cbc06e915d08f81b24cc5e95c9f882709dbf349f12a84619fc5ac2e2aceda0ff1d3ba1fc8d2d20925f3018a3d9a233738ae85762697e4a9fbd31fb636fe6a0820eb8d92a3ce40663ff48c2712cccd51f916d8aa63c68598321d7bab68e56f3e8262d923bc32a0411f239dff2ae14a3246bf9c2866ff6f4bfa32b36a41b6a1815bc30c2aabcf12fe0d9a810187640bf56f5c8baf3e9d9c92d40394d039c574e8d8f1b9828a7c40056c362dff15da6dbeb255971c22837d4441afd049555fc1c50099f7c714a8f642028e36dc42b2039e5dbcd1706a3179ed2f9bcb7e86a47b9999e3deecf3d800218ade6d4dac16551dee9c7fd0f5caae2f60d492c1ea6d75a31137874a65f813f08bb94c129ccc1b0d6ff03e231406a9900f70e9370a6770f09ea9177bd29b74d5b90732a42782b3263202ff9cb9fbd99583e4c83b5f185d745351c193ce31fbb16d91620956df901ada88ef16cf2ac011cbe5a11adda85ef47c578f4b10cf2df252509357a281227bc55e0ca6f7b1a82826549b6ffcf2c4de2e53867b7774c6337491bb82e477ee7e1b9387fe82dd43a42b4132d5e752a0be6aafcd58ceaedbe80008420c9038c281a32e42c1efe8695783f66141ded65a28291f3dbd71746e6802abf88472453955b16c375e1a2f4aa2a8d3c0432a969e54c4fd88c08fa72a54a84a4607a41fccb368bcd54dfbcdd82eb4b2ceb02765ef455974d3bd6bd7808af98f016f52d89a3d744432c32e9ff6b4667ad59e3d8ad483368b923aa01d46d5c0e0d45950a3d8fff6a6dc693d63a432a2e8f6c7b368a7106eaf728f8d3829dbfff4cbae83e7dc78fa30647fdea545e9070cd5afa54e4ddcd6e16204f74ebc825e91df0dba65cf68d06f9170659520bdb7fe7ece168c81244f7f7dc579c9bade2b37dec90a1029fd7ca3c9bd135c2ec2068457f2814e701f59a9263bbcd3337398b77845a2a4a4a9d5334a311f44370df58ba3aae20f6754e47c520f048039787b11e58c331918a0e7c54794bce0c068aab6164a4b23c68518bd96e31d2d1d583d39d547b7369c0db1409cc75e1c3a0e684d1a7fcd28f8a5b5124f5fba4bd33464d2b1d49a9524a1aaf080f630e92bc23ad9d866bf14adaac76c0b577c14e20932ad5728504129224017fc0c6c29fa76619c5f6b0dcc3d72d3d583c0314d953f111036a2ee087685acee80685a2b579ab082b6b60bf98afdb0817aca67f295c1a2431f727bb04bbdcd0514760b90eebc0337c8d9652b666e01f7eb741bea7ad9c4eaa2a640d9a2b3273f1c37b1436f4eb2e3632de167948d5f4e4797ef0f1d8c53789daed211695a9848bfe5568ce4ff6949d255edf1a920f1547e6af03d36996e98d3562c147b3cb2e12349b0acb85fdd0681d28ef7f746f46e30bf19832434fa6638fab22991e218a0ac19b050c14899600fccaa57e506ad8e995b663a044a06ba49bab89faaabd3f7d42f482393573ac62480bae4cd4db0d8be027aaf512e6e235e4aabe87a5f070eca2586b6c78add02e081beee95ee1fd8d88ba3867ea2b0b794037ada8f962fb9138f9e096c49e1efc05e18cd5dc00a80abec4fdab65119b1f2199ea636ff31e344995a6ea70c4c87e15cfd404372396f3fc4934266bfacd791297d3e2b5d14de5118d7b02d1dc2bbb2660ef7ea1162a9cea96feb2f5f338e91f705bde09ebdb3be163d34f81489392832ed2ffe303c0a4db734130f438138478ccbbd6a798082c4e40020fafe87ed56e9d2bd38cabc20b6ad137b7ad397abdf8bf2b8f573eabe2b440b38452ac94258ca393238fb8b3edc68ece3d46a0011b5b2615ef1ba49f7bfb8af9d37f9c5aa553bba2fe49f2835f6d8bf71ac0e79105257a9d385a502f86d7af33b17fbe4747d996e627d930c9de1d742940f04b4b24a97b85aec473ebc9036a7ed94e6ffcb37612c738034a87f18cdcb614dc12ca3b45ae33d6ef8c08b76ecc57b9ce13ae218b12e3c510e6b4d4ac0be3c67e9a9a3a0319e1672939a356babee9db8d84bfc32aef5baa10f32989e82567cff4e3df96e906e857d970fe31228c4c775dfe1fa449df090bb9110388e2608d3069a57a8ab93f338ddcb454080494822cf028b4a01acb8222b6c617c06e0de7afabfe93a83a7b385706ff9c85877f072ba3dc70ac9b0e3973644b232460a4318c4a89356f12aeb928cd1344b2432e5d1e33da3d267a3b40a7ff31ec852aff5d626969299008150355c97804b7fb78577d17914faf2d14f911a7a1333b786fe177002522d7f2fc2f0449643b8b7a22813eca864c47ef4ff9d5199c5c817f660ac279b914985fff0d71f543c8cae50f15ec8788751247f3fa07b2fd18e9df19c16aa0b14893cb4a9a88b680d2562c18775c744ec8a255f102404826c62b11f326d30698fefffbd797540d0b846283c9bc2c6d12dfe47776dcc557817bbdf51f38b289f81e403e344279fed8464d1d884bfdf531238f598e436bb172a8505138bbed27bea2c738eead38f304ab284eea0fb98cd7b9b90929fada6d309c871b8631fd1fdbc58f1df7ec435f4087048834f3b3d5dd1bb99ee4ad9d2c8d"}) [ 365.802669][T28438] loop4: detected capacity change from 0 to 262160 [ 365.827270][T28444] FAULT_INJECTION: forcing a failure. [ 365.827270][T28444] name failslab, interval 1, probability 0, space 0, times 0 [ 365.840115][T28444] CPU: 1 PID: 28444 Comm: syz-executor.2 Not tainted 5.15.0-rc1-syzkaller #0 [ 365.848971][T28444] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 365.859029][T28444] Call Trace: [ 365.862314][T28444] dump_stack_lvl+0xd6/0x122 [ 365.866917][T28444] dump_stack+0x11/0x1b [ 365.871164][T28444] should_fail+0x23c/0x250 [ 365.875603][T28444] __should_failslab+0x81/0x90 [ 365.880464][T28444] ? __iomap_dio_rw+0x139/0x1010 [ 365.885438][T28444] should_failslab+0x5/0x20 [ 365.889995][T28444] kmem_cache_alloc_trace+0x52/0x320 [ 365.895431][T28444] ? __getblk_gfp+0x3f/0x590 11:13:56 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000240)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) syz_mount_image$vfat(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') write$binfmt_script(0xffffffffffffffff, 0x0, 0x8800000) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0) ioctl$SG_IO(r1, 0x2285, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8914, 0x0) r2 = open(&(0x7f00000001c0)='./file0\x00', 0x4e141, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r2, r3, 0x0, 0x401ffc000) [ 365.900108][T28444] __iomap_dio_rw+0x139/0x1010 [ 365.904893][T28444] ? __brelse+0x2c/0x50 [ 365.909056][T28444] ? ext4_mark_iloc_dirty+0x161a/0x1700 [ 365.914627][T28444] iomap_dio_rw+0x30/0x70 [ 365.918973][T28444] ? ext4_file_write_iter+0x4a1/0x11f0 [ 365.924437][T28444] ext4_file_write_iter+0xabe/0x11f0 [ 365.929741][T28444] ? ext4_file_write_iter+0x4a1/0x11f0 [ 365.935252][T28444] do_iter_readv_writev+0x2de/0x380 [ 365.940529][T28444] do_iter_write+0x192/0x5c0 [ 365.945112][T28444] ? splice_from_pipe_next+0x34f/0x3b0 [ 365.950652][T28444] ? kmalloc_array+0x2d/0x40 [ 365.955234][T28444] vfs_iter_write+0x4c/0x70 [ 365.959768][T28444] iter_file_splice_write+0x43a/0x790 [ 365.965122][T28444] ? splice_from_pipe+0xd0/0xd0 [ 365.969957][T28444] direct_splice_actor+0x80/0xa0 [ 365.974889][T28444] splice_direct_to_actor+0x345/0x650 [ 365.980260][T28444] ? do_splice_direct+0x190/0x190 [ 365.985265][T28444] do_splice_direct+0x106/0x190 [ 365.990110][T28444] do_sendfile+0x63e/0xbb0 [ 365.994525][T28444] __x64_sys_sendfile64+0x102/0x140 [ 365.999816][T28444] do_syscall_64+0x44/0xa0 [ 366.004274][T28444] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 366.010269][T28444] RIP: 0033:0x7fca7d004739 [ 366.014673][T28444] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 366.034273][T28444] RSP: 002b:00007fca7ad7c188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 366.042701][T28444] RAX: ffffffffffffffda RBX: 00007fca7d108f80 RCX: 00007fca7d004739 [ 366.050668][T28444] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000003 [ 366.058635][T28444] RBP: 00007fca7ad7c1d0 R08: 0000000000000000 R09: 0000000000000000 [ 366.066633][T28444] R10: 0000000401ffc000 R11: 0000000000000246 R12: 0000000000000002 [ 366.074590][T28444] R13: 00007ffff87c0eff R14: 00007fca7ad7c300 R15: 0000000000022000 11:13:56 executing program 2 (fault-call:5 fault-nth:61): getpid() syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = open(&(0x7f00000001c0)='./file0\x00', 0x4e141, 0x0) r1 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x401ffc000) [ 366.115012][T28455] loop0: detected capacity change from 0 to 61 [ 366.130077][T28455] attempt to access beyond end of device [ 366.130077][T28455] loop0: rw=2049, want=64, limit=61 [ 366.160557][T28465] loop4: detected capacity change from 0 to 262160 [ 366.165803][T28459] FAULT_INJECTION: forcing a failure. [ 366.165803][T28459] name failslab, interval 1, probability 0, space 0, times 0 [ 366.179789][T28459] CPU: 1 PID: 28459 Comm: syz-executor.2 Not tainted 5.15.0-rc1-syzkaller #0 [ 366.188571][T28459] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 366.198803][T28459] Call Trace: [ 366.202189][T28459] dump_stack_lvl+0xd6/0x122 [ 366.206794][T28459] dump_stack+0x11/0x1b [ 366.211177][T28459] should_fail+0x23c/0x250 [ 366.215607][T28459] ? ext4_mb_new_blocks+0x317/0x1fc0 [ 366.220906][T28459] __should_failslab+0x81/0x90 [ 366.225923][T28459] should_failslab+0x5/0x20 [ 366.230502][T28459] kmem_cache_alloc+0x4f/0x300 [ 366.235274][T28459] ext4_mb_new_blocks+0x317/0x1fc0 [ 366.240372][T28459] ? ext4_find_extent+0x7b2/0x7f0 [ 366.245434][T28459] ? ext4_ext_search_right+0x246/0x540 [ 366.250876][T28459] ext4_ext_map_blocks+0x15ed/0x1ff0 [ 366.256320][T28459] ? ext4_es_lookup_extent+0x36b/0x490 [ 366.261768][T28459] ext4_map_blocks+0x71e/0xf00 [ 366.266534][T28459] ext4_iomap_begin+0x4b0/0x630 [ 366.271387][T28459] ? ext4_alloc_da_blocks+0xd0/0xd0 [ 366.276659][T28459] iomap_iter+0x39c/0x470 [ 366.281056][T28459] __iomap_dio_rw+0x698/0x1010 [ 366.286187][T28459] iomap_dio_rw+0x30/0x70 [ 366.290512][T28459] ? ext4_file_write_iter+0x4a1/0x11f0 [ 366.296111][T28459] ext4_file_write_iter+0xabe/0x11f0 [ 366.301384][T28459] ? ext4_file_write_iter+0x4a1/0x11f0 [ 366.307031][T28459] do_iter_readv_writev+0x2de/0x380 [ 366.312358][T28459] do_iter_write+0x192/0x5c0 [ 366.316939][T28459] ? splice_from_pipe_next+0x34f/0x3b0 [ 366.322406][T28459] ? kmalloc_array+0x2d/0x40 [ 366.327064][T28459] vfs_iter_write+0x4c/0x70 [ 366.331589][T28459] iter_file_splice_write+0x43a/0x790 [ 366.336962][T28459] ? splice_from_pipe+0xd0/0xd0 [ 366.341797][T28459] direct_splice_actor+0x80/0xa0 [ 366.346717][T28459] splice_direct_to_actor+0x345/0x650 [ 366.352077][T28459] ? do_splice_direct+0x190/0x190 [ 366.357206][T28459] do_splice_direct+0x106/0x190 [ 366.362042][T28459] do_sendfile+0x63e/0xbb0 [ 366.366639][T28459] __x64_sys_sendfile64+0x102/0x140 [ 366.371858][T28459] do_syscall_64+0x44/0xa0 [ 366.376351][T28459] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 366.382236][T28459] RIP: 0033:0x7fca7d004739 [ 366.386654][T28459] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 366.406309][T28459] RSP: 002b:00007fca7ad7c188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 366.414768][T28459] RAX: ffffffffffffffda RBX: 00007fca7d108f80 RCX: 00007fca7d004739 [ 366.422764][T28459] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000003 [ 366.430832][T28459] RBP: 00007fca7ad7c1d0 R08: 0000000000000000 R09: 0000000000000000 [ 366.438816][T28459] R10: 0000000401ffc000 R11: 0000000000000246 R12: 0000000000000002 [ 366.446875][T28459] R13: 00007ffff87c0eff R14: 00007fca7ad7c300 R15: 0000000000022000 11:13:58 executing program 3: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f00000000c0)='./file1\x00', 0x7aca, 0x0, &(0x7f00000002c0), 0x0, &(0x7f0000000080)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') r0 = open(&(0x7f00000000c0)='./file0\x00', 0x40c2, 0x0) write(r0, &(0x7f0000001400)="bb", 0x1001) r1 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r1, &(0x7f0000000300)=ANY=[], 0x116) sendfile(r1, r1, &(0x7f0000000240), 0x7fff) creat(&(0x7f0000000100)='./file1\x00', 0x1a2) sendfile(r1, r0, &(0x7f0000000080), 0x684aa014) write$binfmt_script(r0, 0x0, 0x60) ioctl$FS_IOC_GETFSMAP(0xffffffffffffffff, 0xc0c0583b, &(0x7f0000000300)=ANY=[@ANYBLOB="000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000300000001000000ff00000000000000d71f1e0500000000080000000000000039000000000000000000000000000000000000000000000000000000000000009e0f0000c70000000800000000000000000000000000000000000000000000000200"/320]) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() wait4(0x0, 0x0, 0x4000000a, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000002c0)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r2, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0, 0x34}, {&(0x7f0000000000)=""/3, 0x3}], 0x3, 0x0, 0x0, 0x0) tkill(r2, 0x3c) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x48, &(0x7f0000000300)="f43970da7cfeb6d42fd55103666c5762306aa6000000006e59b65f92b10000c571b846e84785185abde7d01894a79025a799ce07a8bdf0c91d32be313b558a8b5a3ae6a22cd7123b"}}], 0x1c) 11:13:58 executing program 0: syz_mount_image$msdos(&(0x7f0000000180), &(0x7f0000000140)='./file0\x00', 0x0, 0x1, &(0x7f00000002c0)=[{&(0x7f00000001c0)="78a33655dd29d6d305090000000066617400140409000200027404f801000000000000000000", 0x26, 0x2}], 0x0, &(0x7f0000000100)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') r0 = open(&(0x7f00000000c0)='./file0\x00', 0x40c2, 0x0) creat(&(0x7f0000000040)='./file1/file0\x00', 0x30) unlink(&(0x7f0000000200)='./file0\x00') write(r0, &(0x7f0000001400)="bb8f9f640903127a53527c6fbfe65d43b0e0586f2d40c7e7df58cac83420e83662d6e39bb6d5430622431454eedeeaee423d8f210bc3525fa7927c18d5fbc91ab13c2041136047d8da9375934d00f325499bfe77", 0x54) write$P9_RSTAT(r0, &(0x7f0000000240)={0x54, 0x7d, 0x0, {0x0, 0x4d, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0, 0x0, '', 0x6, 'msdos\x00', 0xa, '/dev/vcsu\x00', 0xa, '\\j}/*/|,\x13('}}, 0x54) open(&(0x7f0000000300)='./file1\x00', 0x701200, 0x20) pipe2$9p(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80000) write$P9_RREADDIR(r1, &(0x7f0000000100)={0x2a, 0x29, 0x2, {0x7, [{{0x2, 0x4f, 0x4}, 0x2, 0xbc, 0x7, './file2'}]}}, 0x2a) 11:13:58 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getpid() sched_setattr(0x0, &(0x7f0000000240)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r0 = open(&(0x7f00000000c0)='./bus\x00', 0x14d842, 0x0) sendfile(r0, 0xffffffffffffffff, 0x0, 0x80000001) r1 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r1, &(0x7f0000000300)=ANY=[], 0x116) sendfile(r1, r1, &(0x7f0000000240), 0x7fff) r2 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) sendfile(r2, r2, &(0x7f0000000240), 0x7fff) 11:13:58 executing program 2 (fault-call:5 fault-nth:62): getpid() syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = open(&(0x7f00000001c0)='./file0\x00', 0x4e141, 0x0) r1 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x401ffc000) 11:13:58 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000240)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) syz_mount_image$vfat(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') write$binfmt_script(0xffffffffffffffff, 0x0, 0x8800000) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0) ioctl$SG_IO(r1, 0x2285, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8914, 0x0) r2 = open(&(0x7f00000001c0)='./file0\x00', 0x4e141, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r2, r3, 0x0, 0x401ffc000) 11:13:58 executing program 5: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f00000000c0)='./file1\x00', 0x7aca, 0x1, &(0x7f00000002c0)=[{&(0x7f0000000180)="040005090000000066617400040409000200", 0x12}], 0x0, &(0x7f0000000080)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') r0 = open(&(0x7f00000000c0)='./file0\x00', 0x40c2, 0x0) write(r0, &(0x7f0000001400)="bb", 0x1001) r1 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r1, &(0x7f0000000300)=ANY=[], 0x116) sendfile(r1, r1, &(0x7f0000000240), 0x7fff) creat(&(0x7f0000000100)='./file1\x00', 0x1a2) sendfile(r1, r0, &(0x7f0000000080), 0x684aa014) write$binfmt_script(r0, 0x0, 0x60) ioctl$FS_IOC_GETFSMAP(0xffffffffffffffff, 0xc0c0583b, &(0x7f0000000300)=ANY=[@ANYBLOB="000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000300000001000000ff00000000000000d71f1e0500000000080000000000000039000000000000000000000000000000000000000000000000000000000000009e0f0000c70000000800000000000000000000000000000000000000000000000200"/320]) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) gettid() wait4(0x0, 0x0, 0x4000000a, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000002c0)="0f34", 0x2}], 0x1, 0x0) [ 368.516911][T28485] loop4: detected capacity change from 0 to 262160 [ 368.532033][T28484] FAT-fs (loop0): bogus number of reserved sectors [ 368.538709][T28484] FAT-fs (loop0): Can't find a valid FAT filesystem 11:13:58 executing program 0: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f00000000c0)='./file1\x00', 0x7aca, 0x1, &(0x7f00000002c0)=[{&(0x7f0000000180)="040005090000000066617400040409000200027400f801", 0x17}], 0x0, &(0x7f0000000100)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') open(&(0x7f0000000080)='./file0\x00', 0x200, 0x4b) r0 = open(&(0x7f00000000c0)='./file0\x00', 0x40c2, 0x0) write(r0, &(0x7f0000001400)="bb8f9f640903127a53527c6fbfe65d43b0e0586f2d40c7e7df58cac83420e83662d6e39bb6d5430622431454eedeeaee423d8f210bc3525fa7927c18d5fbc91ab13c2041136047d8da9375934d00f325499bfe77", 0x54) write$P9_RSTAT(r0, &(0x7f0000000240)={0x54, 0x7d, 0x0, {0x0, 0x4d, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0, 0x0, '', 0x6, 'msdos\x00', 0xa, '/dev/vcsu\x00', 0xa, '\\j}/*/|,\x13('}}, 0x54) [ 368.577956][T28495] FAULT_INJECTION: forcing a failure. [ 368.577956][T28495] name failslab, interval 1, probability 0, space 0, times 0 [ 368.590718][T28495] CPU: 1 PID: 28495 Comm: syz-executor.2 Not tainted 5.15.0-rc1-syzkaller #0 [ 368.599538][T28495] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 368.609726][T28495] Call Trace: [ 368.613106][T28495] dump_stack_lvl+0xd6/0x122 [ 368.617728][T28495] dump_stack+0x11/0x1b [ 368.621928][T28495] should_fail+0x23c/0x250 [ 368.626625][T28495] ? kcalloc+0x32/0x50 [ 368.630703][T28495] __should_failslab+0x81/0x90 [ 368.635540][T28495] should_failslab+0x5/0x20 [ 368.640073][T28495] __kmalloc+0x6f/0x350 [ 368.644390][T28495] kcalloc+0x32/0x50 [ 368.648322][T28495] ext4_find_extent+0x21c/0x7f0 [ 368.653240][T28495] ext4_ext_map_blocks+0x115/0x1ff0 [ 368.658449][T28495] ? ext4_es_lookup_extent+0x36b/0x490 [ 368.663900][T28495] ext4_map_blocks+0x71e/0xf00 [ 368.668734][T28495] ext4_iomap_begin+0x4b0/0x630 [ 368.673613][T28495] ? ext4_alloc_da_blocks+0xd0/0xd0 [ 368.678812][T28495] iomap_iter+0x39c/0x470 [ 368.683241][T28495] __iomap_dio_rw+0x698/0x1010 [ 368.688005][T28495] iomap_dio_rw+0x30/0x70 [ 368.692443][T28495] ? ext4_file_write_iter+0x4a1/0x11f0 [ 368.697885][T28495] ext4_file_write_iter+0xabe/0x11f0 [ 368.703169][T28495] ? ext4_file_write_iter+0x4a1/0x11f0 [ 368.708651][T28495] do_iter_readv_writev+0x2de/0x380 [ 368.713838][T28495] do_iter_write+0x192/0x5c0 [ 368.718440][T28495] ? splice_from_pipe_next+0x34f/0x3b0 [ 368.723889][T28495] ? kmalloc_array+0x2d/0x40 [ 368.728469][T28495] vfs_iter_write+0x4c/0x70 [ 368.733004][T28495] iter_file_splice_write+0x43a/0x790 [ 368.738386][T28495] ? splice_from_pipe+0xd0/0xd0 [ 368.743383][T28495] direct_splice_actor+0x80/0xa0 [ 368.748313][T28495] splice_direct_to_actor+0x345/0x650 [ 368.753937][T28495] ? do_splice_direct+0x190/0x190 [ 368.759163][T28495] do_splice_direct+0x106/0x190 [ 368.764017][T28495] do_sendfile+0x63e/0xbb0 [ 368.768469][T28495] __x64_sys_sendfile64+0x102/0x140 [ 368.773758][T28495] do_syscall_64+0x44/0xa0 [ 368.778191][T28495] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 368.784081][T28495] RIP: 0033:0x7fca7d004739 [ 368.788485][T28495] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 368.808092][T28495] RSP: 002b:00007fca7ad7c188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 368.816671][T28495] RAX: ffffffffffffffda RBX: 00007fca7d108f80 RCX: 00007fca7d004739 11:13:59 executing program 2 (fault-call:5 fault-nth:63): getpid() syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = open(&(0x7f00000001c0)='./file0\x00', 0x4e141, 0x0) r1 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x401ffc000) [ 368.824963][T28495] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000003 [ 368.832966][T28495] RBP: 00007fca7ad7c1d0 R08: 0000000000000000 R09: 0000000000000000 [ 368.840937][T28495] R10: 0000000401ffc000 R11: 0000000000000246 R12: 0000000000000002 [ 368.848947][T28495] R13: 00007ffff87c0eff R14: 00007fca7ad7c300 R15: 0000000000022000 [ 368.898331][T28512] loop0: detected capacity change from 0 to 61 [ 368.910172][T28512] attempt to access beyond end of device [ 368.910172][T28512] loop0: rw=2049, want=64, limit=61 [ 368.922236][T28514] FAULT_INJECTION: forcing a failure. [ 368.922236][T28514] name failslab, interval 1, probability 0, space 0, times 0 [ 368.934891][T28514] CPU: 1 PID: 28514 Comm: syz-executor.2 Not tainted 5.15.0-rc1-syzkaller #0 11:13:59 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000240)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) syz_mount_image$vfat(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') write$binfmt_script(0xffffffffffffffff, 0x0, 0x8800000) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0) ioctl$SG_IO(r1, 0x2285, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8914, 0x0) r2 = open(&(0x7f00000001c0)='./file0\x00', 0x4e141, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r2, r3, 0x0, 0x401ffc000) 11:13:59 executing program 0: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f0000000240)='./file0/file0\x00', 0x7aca, 0x1, &(0x7f00000002c0)=[{&(0x7f0000000180)="040005090000000066617400040409000200027400f801", 0x17}], 0x0, &(0x7f0000000100)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') r0 = open(&(0x7f00000000c0)='./file0\x00', 0x40c2, 0x0) lgetxattr(&(0x7f0000000080)='./file0\x00', &(0x7f00000001c0)=@random={'btrfs.', '}@$\x00'}, &(0x7f0000000300)=""/4096, 0x1000) write(r0, &(0x7f0000001400)="bb8f9f640903127a53527c6fbfe65d43b0e0586f2d40c7e7df58cac83420e83662d6e39bb6d5430622431454eedeeaee423d8f210bc3525fa7927c18d5fbc91ab13c2041136047d8da9375934d00f325499bfe77", 0x54) write$P9_RSTAT(r0, &(0x7f0000000100)=ANY=[@ANYBLOB="5415655d584f67d5f8d1720000007d000000004d00000000000000000000000000000000000000000000000000000000000000000000000000000000000006006d73646f73000a002f6465762f76637375000a005c6a7d2f2a2f7c2c1328"], 0x54) open(&(0x7f0000000200)='./file1\x00', 0x24300, 0x41) [ 368.943714][T28514] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 368.953900][T28514] Call Trace: [ 368.957168][T28514] dump_stack_lvl+0xd6/0x122 [ 368.961745][T28514] dump_stack+0x11/0x1b [ 368.965941][T28514] should_fail+0x23c/0x250 [ 368.970338][T28514] ? ext4_mb_new_blocks+0x73f/0x1fc0 [ 368.975623][T28514] __should_failslab+0x81/0x90 [ 368.980416][T28514] should_failslab+0x5/0x20 [ 368.984906][T28514] kmem_cache_alloc+0x4f/0x300 [ 368.989774][T28514] ext4_mb_new_blocks+0x73f/0x1fc0 [ 368.995005][T28514] ? ext4_find_extent+0x7b2/0x7f0 [ 369.000032][T28514] ? ext4_ext_search_right+0x246/0x540 [ 369.005468][T28514] ext4_ext_map_blocks+0x15ed/0x1ff0 [ 369.010735][T28514] ? ext4_es_lookup_extent+0x36b/0x490 [ 369.016211][T28514] ext4_map_blocks+0x71e/0xf00 [ 369.021019][T28514] ? crypto_shash_update+0x13c/0x1a0 [ 369.026356][T28514] ext4_iomap_begin+0x4b0/0x630 [ 369.031237][T28514] ? ext4_alloc_da_blocks+0xd0/0xd0 [ 369.036423][T28514] iomap_iter+0x39c/0x470 [ 369.040740][T28514] __iomap_dio_rw+0x698/0x1010 [ 369.045486][T28514] ? __ext4_mark_inode_dirty+0x501/0x5c0 [ 369.051207][T28514] iomap_dio_rw+0x30/0x70 [ 369.055649][T28514] ? ext4_file_write_iter+0x4a1/0x11f0 [ 369.061104][T28514] ext4_file_write_iter+0xabe/0x11f0 [ 369.066471][T28514] ? ext4_file_write_iter+0x4a1/0x11f0 [ 369.072063][T28514] do_iter_readv_writev+0x2de/0x380 [ 369.077382][T28514] do_iter_write+0x192/0x5c0 [ 369.081995][T28514] ? iter_file_splice_write+0x2d7/0x790 [ 369.087746][T28514] vfs_iter_write+0x4c/0x70 [ 369.092250][T28514] iter_file_splice_write+0x43a/0x790 [ 369.097676][T28514] ? splice_from_pipe+0xd0/0xd0 [ 369.102508][T28514] direct_splice_actor+0x80/0xa0 [ 369.107432][T28514] splice_direct_to_actor+0x345/0x650 [ 369.112787][T28514] ? do_splice_direct+0x190/0x190 [ 369.118055][T28514] do_splice_direct+0x106/0x190 [ 369.122891][T28514] do_sendfile+0x63e/0xbb0 [ 369.127388][T28514] __x64_sys_sendfile64+0x102/0x140 [ 369.132686][T28514] do_syscall_64+0x44/0xa0 [ 369.137103][T28514] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 369.143134][T28514] RIP: 0033:0x7fca7d004739 [ 369.147558][T28514] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 369.167370][T28514] RSP: 002b:00007fca7ad7c188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 369.175897][T28514] RAX: ffffffffffffffda RBX: 00007fca7d108f80 RCX: 00007fca7d004739 [ 369.183951][T28514] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000003 11:13:59 executing program 2 (fault-call:5 fault-nth:64): getpid() syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = open(&(0x7f00000001c0)='./file0\x00', 0x4e141, 0x0) r1 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x401ffc000) [ 369.192091][T28514] RBP: 00007fca7ad7c1d0 R08: 0000000000000000 R09: 0000000000000000 [ 369.200071][T28514] R10: 0000000401ffc000 R11: 0000000000000246 R12: 0000000000000002 [ 369.208040][T28514] R13: 00007ffff87c0eff R14: 00007fca7ad7c300 R15: 0000000000022000 [ 369.268106][T28520] FAULT_INJECTION: forcing a failure. [ 369.268106][T28520] name failslab, interval 1, probability 0, space 0, times 0 [ 369.280809][T28520] CPU: 1 PID: 28520 Comm: syz-executor.2 Not tainted 5.15.0-rc1-syzkaller #0 [ 369.283291][T28524] loop4: detected capacity change from 0 to 262160 [ 369.289746][T28520] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 369.289761][T28520] Call Trace: [ 369.289769][T28520] dump_stack_lvl+0xd6/0x122 [ 369.314487][T28520] dump_stack+0x11/0x1b [ 369.318727][T28520] should_fail+0x23c/0x250 [ 369.323212][T28520] ? mempool_alloc_slab+0x16/0x20 [ 369.328220][T28520] __should_failslab+0x81/0x90 [ 369.332985][T28520] should_failslab+0x5/0x20 [ 369.337493][T28520] kmem_cache_alloc+0x4f/0x300 [ 369.342306][T28520] mempool_alloc_slab+0x16/0x20 [ 369.347150][T28520] ? mempool_free+0x130/0x130 [ 369.351820][T28520] mempool_alloc+0x9d/0x310 [ 369.356320][T28520] bio_alloc_bioset+0xcc/0x530 [ 369.361068][T28520] ? iov_iter_alignment+0x34b/0x370 [ 369.366247][T28520] iomap_dio_bio_iter+0x5e1/0xc00 [ 369.371308][T28520] __iomap_dio_rw+0x8d8/0x1010 [ 369.376146][T28520] ? __perf_event_task_sched_out+0xdf1/0xec0 [ 369.382216][T28520] iomap_dio_rw+0x30/0x70 [ 369.386606][T28520] ? ext4_file_write_iter+0x4a1/0x11f0 [ 369.392151][T28520] ext4_file_write_iter+0xabe/0x11f0 [ 369.397446][T28520] ? ext4_file_write_iter+0x4a1/0x11f0 [ 369.402884][T28520] do_iter_readv_writev+0x2de/0x380 [ 369.408071][T28520] do_iter_write+0x192/0x5c0 [ 369.412655][T28520] ? splice_from_pipe_next+0x34f/0x3b0 [ 369.418106][T28520] ? kmalloc_array+0x2d/0x40 [ 369.422690][T28520] vfs_iter_write+0x4c/0x70 [ 369.427238][T28520] iter_file_splice_write+0x43a/0x790 [ 369.432612][T28520] ? splice_from_pipe+0xd0/0xd0 [ 369.437448][T28520] direct_splice_actor+0x80/0xa0 [ 369.442385][T28520] splice_direct_to_actor+0x345/0x650 [ 369.447845][T28520] ? do_splice_direct+0x190/0x190 [ 369.452874][T28520] do_splice_direct+0x106/0x190 [ 369.457795][T28520] do_sendfile+0x63e/0xbb0 [ 369.462384][T28520] __x64_sys_sendfile64+0x102/0x140 [ 369.467741][T28520] do_syscall_64+0x44/0xa0 [ 369.472251][T28520] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 369.478169][T28520] RIP: 0033:0x7fca7d004739 [ 369.482572][T28520] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 369.502697][T28520] RSP: 002b:00007fca7ad7c188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 369.511181][T28520] RAX: ffffffffffffffda RBX: 00007fca7d108f80 RCX: 00007fca7d004739 11:13:59 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getpid() sched_setattr(0x0, &(0x7f0000000240)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r0 = open(&(0x7f00000000c0)='./bus\x00', 0x14d842, 0x0) sendfile(r0, 0xffffffffffffffff, 0x0, 0x80000001) r1 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r1, &(0x7f0000000300)=ANY=[], 0x116) sendfile(r1, r1, &(0x7f0000000240), 0x7fff) r2 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) sendfile(r2, r2, &(0x7f0000000240), 0x7fff) [ 369.519237][T28520] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000003 [ 369.527329][T28520] RBP: 00007fca7ad7c1d0 R08: 0000000000000000 R09: 0000000000000000 [ 369.535335][T28520] R10: 0000000401ffc000 R11: 0000000000000246 R12: 0000000000000002 [ 369.543306][T28520] R13: 00007ffff87c0eff R14: 00007fca7ad7c300 R15: 0000000000022000 [ 369.586518][T28532] loop0: detected capacity change from 0 to 61 [ 369.649755][T28532] loop0: detected capacity change from 0 to 61 11:14:01 executing program 3: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f00000000c0)='./file1\x00', 0x7aca, 0x0, &(0x7f00000002c0), 0x0, &(0x7f0000000080)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') r0 = open(&(0x7f00000000c0)='./file0\x00', 0x40c2, 0x0) write(r0, &(0x7f0000001400)="bb", 0x1001) r1 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r1, &(0x7f0000000300)=ANY=[], 0x116) sendfile(r1, r1, &(0x7f0000000240), 0x7fff) creat(&(0x7f0000000100)='./file1\x00', 0x1a2) sendfile(r1, r0, &(0x7f0000000080), 0x684aa014) write$binfmt_script(r0, 0x0, 0x60) ioctl$FS_IOC_GETFSMAP(0xffffffffffffffff, 0xc0c0583b, &(0x7f0000000300)=ANY=[@ANYBLOB="000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000300000001000000ff00000000000000d71f1e0500000000080000000000000039000000000000000000000000000000000000000000000000000000000000009e0f0000c70000000800000000000000000000000000000000000000000000000200"/320]) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() wait4(0x0, 0x0, 0x4000000a, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000002c0)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r2, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0, 0x34}, {&(0x7f0000000000)=""/3, 0x3}], 0x3, 0x0, 0x0, 0x0) tkill(r2, 0x3c) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x48, &(0x7f0000000300)="f43970da7cfeb6d42fd55103666c5762306aa6000000006e59b65f92b10000c571b846e84785185abde7d01894a79025a799ce07a8bdf0c91d32be313b558a8b5a3ae6a22cd7123b"}}], 0x1c) 11:14:01 executing program 5: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f00000000c0)='./file1\x00', 0x7aca, 0x1, &(0x7f00000002c0)=[{&(0x7f0000000180)="040005090000000066617400040409000200027400", 0x15}], 0x0, &(0x7f0000000080)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') r0 = open(&(0x7f00000000c0)='./file0\x00', 0x40c2, 0x0) write(r0, &(0x7f0000001400)="bb", 0x1001) r1 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r1, &(0x7f0000000300)=ANY=[], 0x116) sendfile(r1, r1, &(0x7f0000000240), 0x7fff) creat(&(0x7f0000000100)='./file1\x00', 0x1a2) sendfile(r1, r0, &(0x7f0000000080), 0x684aa014) write$binfmt_script(r0, 0x0, 0x60) ioctl$FS_IOC_GETFSMAP(0xffffffffffffffff, 0xc0c0583b, &(0x7f0000000300)=ANY=[@ANYBLOB="000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000300000001000000ff00000000000000d71f1e0500000000080000000000000039000000000000000000000000000000000000000000000000000000000000009e0f0000c70000000800000000000000000000000000000000000000000000000200"/320]) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) gettid() wait4(0x0, 0x0, 0x4000000a, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000002c0)="0f34", 0x2}], 0x1, 0x0) 11:14:01 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000240)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) syz_mount_image$vfat(&(0x7f0000000000), 0x0, 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') write$binfmt_script(0xffffffffffffffff, 0x0, 0x8800000) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0) ioctl$SG_IO(r1, 0x2285, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8914, 0x0) r2 = open(&(0x7f00000001c0)='./file0\x00', 0x4e141, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r2, r3, 0x0, 0x401ffc000) 11:14:01 executing program 2 (fault-call:5 fault-nth:65): getpid() syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = open(&(0x7f00000001c0)='./file0\x00', 0x4e141, 0x0) r1 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x401ffc000) 11:14:01 executing program 0: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f00000000c0)='./file1\x00', 0x7aca, 0x1, &(0x7f00000002c0)=[{&(0x7f0000000180)="040005090000000066617400040409000200027400f801", 0x17}], 0x0, &(0x7f0000000100)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') r0 = open(&(0x7f00000000c0)='./file0\x00', 0x40c2, 0x0) fsetxattr$trusted_overlay_upper(r0, &(0x7f0000000080), &(0x7f0000000300)={0x0, 0xfb, 0x1015, 0x1, 0x4, "bbaf86f5d3f68c1dfc5f798aca674abf", "59b6bbd8f50bda124d9423eef30862c217b1b96410b56f2f9f51462d569bab741f3506df675fe22054256621b44a95198eb2ffc9694a17024bb77ab80ecbe5f3edaaafd33209d80bd05dc4176031c118ab7c3e936a7fda55340d1ae170e77da44ee8a6caaf80115d0ae127167c4fe41a9db6d954c52957de4c1b87881a7ebe44b19f007d9bafe6f2b0135a8e7cdfc1643c3d23fcf9d1e6f57096d80d1dd220662ead4ccb597f16b658666992c5989aa10e40f8202b252d92208d7dafa6b75be143ec2c492377ff1981618e1cd912a3420ad1db7b8b22d61a91cabdda00d2e551f495eb46a5a104706776278b3120929c65e6585353d7b8d2deb112d2b56b381453d745257a74992853adae60b2f93a713f1874b82af82623721473ef909b7666012c2b727c69c1e96929b01a8dbeefad7276997e839eb4c0492af97faf4ed77945e30ae24d59e22acc8ddf62b031f5966561642f3322d52f643805848ad34f9cb8722f738334156a22a9501e2ee4f941b4e9873bc7c0be4a3ca2205e64a2e28f6769083a8dafb3a5b853e0bfa2c3d1e03d04ffb32a8f08e74279abeafaa387fd5aa8e177c65be0210ab909c08fea88b3ffedd96a59edcecc6f5c03d40068598b23e28b6582ea39958faf89bb2fb62582e3e9418e118cdc157edebade84af0b75b593225c1148d67fcce045c8c278535aaabb43430f71e9b24d2281061ba935f9275575f7645fc64830b1933a119fc2e1e05c73b89d5e0247e1926b076510556e202deb7668bf2a9e8a06b690e2ac7e2412407391b0bfc12ac50d1c397ff53b46043a4602af224c611b89911c486bfe5e6f18d996ff4ab85cb597f42a229b504e4d21395a3b0e3522c48827f98cec95664d71d63f28f363b5bc68d7a6bad9581976bac9ef9aa9e0126fa2c4d4a9f9bb704167337184a5b1fe5c320bef8b87b7bf8aedd732bd039ad84506900c1cbbbb3279993c4cf7a1b1152f249a79a70d8fd69ba6b788ea6a4bd8ad97727f23e482f642fc36518edac986b01637a33aedfad722e467dd3ef87f8d29d96d36bd461347b2d8901b2ef83e4716a5ee629be2df8208f7879cc325284218b6b4469fb64b443a2076a11c91f1e6d6ae6039f16c8105cd0ca5962f9c7783a86fae451a08526040fca976993fdabb6847e0b662c7fe72b9fe871833b52f28a0ed984e5a1291a12d5d8d9ada68f42a132e5c4788807f5135b43e530b99720c0a63f7a6235c0d8f67c1d963526131a7363778b7940252979278e353a8eadccddf6c836465a986cb8f0f394c8d4f692a3c68217423817300544b4980ca67d07e8c3b95bc20801d1d20ef1d0b559232ff104a8b1be06b5874a5a90cbf800d0bd3be7f43c95ea04e44c023e17e49a9b5877bcef5d7210673ea5f4a36c401417f81da91d6d9670bce38db2198916c46dfc106d5c368d945446ef0945056770f1948001f657e4c2496df6fe161e18991f1989e1b8ab4aff8416e26c685f88c562781955f6a8fef17ef64ef0f9bb7230cb2f662624d33f4257e08f46259babe70bfa69bae10a22fb521a92efd41968a1d677d4b21f4b4f78f0bb9f6a354f2faa0b025dca6696de74b6260ada96cdbb20de0539e756b5db679cb2ebd523842237c00bbaeedc75a64132765d7060a94126a14a2dafba60259a0f08b05d612e96edab085b3ce856adf21dfe2192de248ca83c385158065b85870cf6b3e5a4959198ab4f6873744180776d1a5e67ce835b2e4c2c73b9526fda2b7b9c5ff89127b282abb242940a29fd0dd77b55192bcba69b240dbb4e58061601fca5825b3545594071f25c897e1e0239578bd072ce048f72824486d9b980c8cdcfa3185276a4c4cd4699f2f119bae9931ef836b5d1814d356dcd898cd03a47deaee114956ecdaafa399dccfd0990b79086d30e1847e88b3fcb7d54b8a11ac850f372aa0b69904bcb25f80330068946a43d345d96c447184eb8787d33ce05ada68512f6d533f9c782a9189c34dba866609d90b2a67c8d182fd3869038ea42a216385e1635e1f3e4a4293b48f734a0014ea411de89370ec516205c4b310150eeb5f7315965781ede23d8fcee90d2789146500362c17bd9cba4b32eb2effefd91b5a0d641ecacf911f8eb2a134bff98ba7288249d538d69fca9154f88d4bb4c62043decb009a1387213930cc174aa2a1e27e3ceb4843bfa9e8c706307053b3c24b7c091e6614eb615503fce3c7b064f7acdb20bb5466a5b3f5015ce56d25e8bcb50d1c4ecea121195652d7b66a6fa76ab04b22ca33e1e859208f65a0b193397251bd765dc531dbf697cc44b7f4b0085ed01befa70b02972295ad4bfd9cbeb4178cacb2fa0b5f65d1c7ac6d1de63eccd072c9cc403e080a63a82b20f4ec1080afabe412cd6e8422864241a3d4171431d4df430db4dea4f5a95bb1bfded68428428f20a438c03d866a8d0288e16b1c7dfc594dbf21be033333fbc3902d44546bde02e093be88655ae119ba07e0d9f65a54ec42bfe56a295ee2fb33308c9ddac1532b98b4881fe72244797b1708c713b693e7ff26f7f9e2e3de0ae5bf464d7d02fa11b1e97a45919cd8339dbd8d68b46cba381c21ef9a4f4a9d4518cb3879edae06ae66a01f4567e2cddeb126862510c4b8992dc26de18a5c8bcc962e8c9cead008897aa4477d87377c6040b42d3893735c08c97b7e89a57ad31fbc15b1528dbd953acb4c74ce754ee3f7ff4d7a0e376d4e497c301d5724733827a38406eae9e249ba61db16962be3ba064207f0c5861cf9b71915f352ed0cd583f916ef5e28c0b6e3176dae6a77a9b15cba32f3de3e18938563667da505ae0a5614895b1d4b775864aa7d2c74fd9fac5d8c4c537bffdad1e8dbebbe255136dcde51240a6f7d207bb8722323448967a8258ee8c000e7dad63e6db59c1b90d473a77f40ca18dc21a1f25b14bc4f7ad0c51b9ab3a8547506166011e71692032d57246588eb8d588d8715468040b969e1692cf7b9fff77279552f31af76581b07ad5f32aab3d2d9d6e5fc77f9c308f5117ec5fc6345d63e8cb287c666ec8b3c31204466702481eb55bed811e7e2937407d0d71b9fdd61b6856a705a86a1db732944e554e5bb9ff7f3235b65cafebf793dc98bff5aee7592549395dc2b0ff77e8503496be3b883fef86db72e76da242ee3a4a2c7b00ba0678691d2d3be79b0029a3f5fa7b8ceb29355a53f385d72dc0ad675b6c431709ae91bea2231eabc357f6048d77e813964fbae86b5faa95a4347d8781e82253b1fa05100bfc52601c83933c25ae46dbe4428296af6e2a576d9a1fb61762f60abe796d97aefb27cd3c082aecb89acc7f7fdbf5309f7f3d0707bece447122b4661e1e7ad79c9d52ceb69184cdd9d5d8457dab9c6a4ede3b9cf5e7a608129763b71c6886dbee4226ff3a5ecd31c638543b1c3d8399d647140ab7e281564bd01f3d8d8eda68edbfa018231dd124ce8a25418cb10bd34d01179cc09be4108f50bda0acb64af8d511ed2ac891c040960b98bf6d9459ade0e3924a8972ffbe543fd981c4cf75b003732adff809f020360b77803995dfcc05c1e488defffe6923eac21c70520e19f216f56b4965043fd193bca1c5a7c33d64bfd4781e81839678bde6e46bf81f566a0cbedfc474f1d5b7235718463df5735172d73917971ea8f7d8cd84bfc5cbcafcd5d5f4b7c88ac5175008b7df75fee3e246cdff1d05f2f0c57d5ff43f6d8903be4e2b2f5c1b2c9c3983636b5df026365ecedf87075d0c0716c851d853eb58f0412a380d45f32ee08006941534ee82a5f19f9dfbe6e76b2eeb6172d9826c9ef99af4b87d3aeab7f39ca45ed81306675bcd45c3bbaec13473f44a2a14c8b4465ec658087d1e7106ba13a9fbeace4a249ac054ae1dba19b9aca06c4ff623565f822a47425afe5c84f3f4bb3221a07a1b634121f144074876fd91f0095daba1ec76d1ae3c023011943cbe62467c1bef9433d04ec6e162ed319cefc732a3faeae0fc8b2770d3f006d1c82d26e97f244b8eeac9416a5122a2bf3c022234011ecea702908d6a7249314b14936365a8adf5202fbe72acf3c5553fd6216a7702567124910700f29157031a8068bd80f643ea55f46358e3df53d992be745be7155563102232b12efc0aaa8931b56d94361ae681f86e6b81a59765a946437601429ea27631a1296cca0411c413b9b7e0f2b5779d2e68d7fbc03bf93f2916510a7cf68dddf3e910047a4d338f0e49cc9f97c0551e953d01f4fe54b489194187511853551602ecf743d87c774b7fe4f4975c23b6e035c93e51fa3d7fa2d0d413f8cfa08ae2f912e13a1461e87d4577b731860ea7752977e94afcae2422139d6c02e33266e86945bd798f73232dc7a87886a0485498d1d01d61fa46ffb5260806b8ae3e99fb925de421626b12c2e54779b26da6ee8abcd485063972479a6f0f658fe5fabc0f1236b3edf658d9951179ee0c3caa29ae8940eb790112daa9833e5f91fcfe5330bff11238a85455bf49d1db642d534ad661a509fa46832953811a72e2540be6a17ece3460396e222ac0a64c3de0b88d9668887f1879dff702999109ac10604e8b5b7c940757db589568bc89bc586d1cc43cc2c8a71bd7593a95c6ab94e38319555fbf650f3ae173a5091fd59c95f6e60b17a28af33abfd79636e157de29b8c2a08b2a81bb8ce4f5734f7522ec0bc617d6a04ee69ce8d5965c619f91cbfa4a45064b817056597da4ee45cd9956d12d56f1b8cdf3db23a92ccfce33e86ea9f697e6b32922786056dbe3b9e14a28692859fd3cb45f3838bad20054d540c76e0f93556c5b1097464b067458c145e1abd58eefef60fd9540d39a7674e8ac8207179b2629b0b1bf7907e4a2c6ba27dec6387d4dfa016b735b5b0391b17c05ec82ec0a5d76ff0f7c4387ce3de6e4802b90492c165ff17b38359e9df85c2b1d5e9451ed1ead697b006f8cfa877b47120ff00ab642feb460735b317e0719b493af01cb7d4ef6edf1b4b1b6509afff35ae1bfca0501b3cb310aa6a09ab9e88f11282b487d17ac311f54f74c83eb4feed24a839155f119532641e786242e99a08fafd299a40bcfc04360ea1c5494a62e2f399c5f68da334d766ebb1df6be2fcd2ea1ba264369eea001cc47aaf4aca4b2db449250e6ddbff17b2cb5e009acb7ddda09d8e41b43102dfe639a112827880c16d6d61584bcdd45960d357a7d2a01b4d4291402bdf8259cda8d086401621efd6f4cca6bb06d064722bc0668cd0abacd62d60d50341fabee22ddde6e1df8e93b2e73837176b7320c0548ee8b223d3d5c7466164c584e4d03df71910f23bf623a3749f8be00766f88e28c134a268db5cae91efe433b664400ed18c7b0f0b7e8e528c0f25ca1eee3f0d83847eb09d1a572e5befda66b83dff82b6a78c8cb6b6034bd01e0b8ded5901b498924fe5f2d7c599ae2bad22cb17dbd5a8e2d402b8cdb135ce80cff6dd0de88676f383356fa5b51c312bca5a4b899a84cb1503eb30fde0569b49890315b1c69a33c8c2f313b9dfc80f4fd5501720831ad0801ab535921eab9e5dfe0babb91f6bad739207d99c729d811111b1bc03e5dabff8ada58c2e7ab1ba5567b0476b629680e363523df95f76c19436252638628bf8312d25c86ebf4f5cbfe575d60c3fb166b88b07e72de2a028c8316d6d30242935b93f4ff7afe733e103ba53c37af4aa910452b7598981ecc4e6183e43a3721485b93f7fcfd37dd99af477b913577bf844863cb52a233eec1bbacfcba18edf37d1bb00618f0c6359e85f829bccb855b3050f91"}, 0x1015, 0x1) recvmmsg(r0, &(0x7f0000007780)=[{{&(0x7f0000000100)=@pppol2tpv3={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @multicast1}}}, 0x80, &(0x7f0000000200)=[{&(0x7f00000001c0)=""/56, 0x38}], 0x1, &(0x7f0000001480)=""/236, 0xec}, 0x101}, {{0x0, 0x0, &(0x7f0000001380)=[{&(0x7f0000001580)=""/204, 0xcc}, {&(0x7f0000001680)=""/4096, 0x1000}, {&(0x7f0000001340)=""/47, 0x2f}, {&(0x7f0000002680)=""/175, 0xaf}], 0x4, &(0x7f0000002740)=""/4096, 0x1000}}, {{&(0x7f0000003740)=@xdp, 0x80, &(0x7f0000003880)=[{&(0x7f00000013c0)=""/1, 0x1}, {&(0x7f00000037c0)=""/166, 0xa6}], 0x2, &(0x7f00000038c0)=""/101, 0x65}, 0x1}, {{&(0x7f0000003940)=@vsock={0x28, 0x0, 0x0, @local}, 0x80, &(0x7f00000049c0)=[{&(0x7f00000039c0)=""/4096, 0x1000}], 0x1, &(0x7f0000004a00)=""/63, 0x3f}, 0x9}, {{&(0x7f0000004a40)=@in6={0xa, 0x0, 0x0, @private0}, 0x80, &(0x7f0000004bc0)=[{&(0x7f0000004ac0)=""/70, 0x46}, {&(0x7f0000004b40)=""/85, 0x55}], 0x2, &(0x7f0000004c00)=""/4096, 0x1000}, 0x7}, {{&(0x7f0000005c00)=@ipx, 0x80, &(0x7f0000007140)=[{&(0x7f0000005c80)=""/127, 0x7f}, {&(0x7f0000005d00)=""/4096, 0x1000}, {&(0x7f0000006d00)=""/136, 0x88}, {&(0x7f0000006dc0)=""/191, 0xbf}, {&(0x7f0000006e80)=""/163, 0xa3}, {&(0x7f0000006f40)=""/80, 0x50}, {&(0x7f0000006fc0)=""/86, 0x56}, {&(0x7f0000007040)=""/240, 0xf0}], 0x8, &(0x7f00000071c0)=""/236, 0xec}, 0x5}, {{&(0x7f00000072c0)=@in6={0xa, 0x0, 0x0, @dev}, 0x80, &(0x7f00000076c0)=[{&(0x7f0000007340)=""/238, 0xee}, {&(0x7f0000007440)=""/138, 0x8a}, {&(0x7f0000007500)=""/58, 0x3a}, {&(0x7f0000007540)=""/133, 0x85}, {&(0x7f0000007600)=""/96, 0x60}, {&(0x7f0000007680)=""/19, 0x13}], 0x6, &(0x7f0000007740)=""/34, 0x22}, 0x7}], 0x7, 0x1, &(0x7f0000007940)={0x0, 0x989680}) write(r0, &(0x7f0000001400)="bb8f9f640903127a53527c6fbfe65d43b0e0586f2d40c7e7df58cac83420e83662d6e39bb6d5430622431454eedeeaee423d8f210bc3525fa7927c18d5fbc91ab13c2041136047d8da9375934d00f325499bfe77", 0x54) write$P9_RSTAT(r0, &(0x7f0000000240)={0x54, 0x7d, 0x0, {0x0, 0x4d, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0, 0x0, '', 0x6, 'msdos\x00', 0xa, '/dev/vcsu\x00', 0xa, '\\j}/*/|,\x13('}}, 0x54) 11:14:01 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, 0x0, 0x0) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x14d842, 0x0) sendfile(r1, 0xffffffffffffffff, 0x0, 0x80000001) r2 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r2, &(0x7f0000000300)=ANY=[], 0x116) sendfile(r2, r2, &(0x7f0000000240), 0x7fff) r3 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) sendfile(r3, r3, &(0x7f0000000240), 0x7fff) [ 371.583292][T28565] loop4: detected capacity change from 0 to 262160 [ 371.594274][T28566] loop0: detected capacity change from 0 to 61 [ 371.620867][T28571] FAULT_INJECTION: forcing a failure. [ 371.620867][T28571] name failslab, interval 1, probability 0, space 0, times 0 [ 371.633621][T28571] CPU: 0 PID: 28571 Comm: syz-executor.2 Not tainted 5.15.0-rc1-syzkaller #0 [ 371.638013][T28566] attempt to access beyond end of device [ 371.638013][T28566] loop0: rw=2049, want=64, limit=61 [ 371.642391][T28571] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 371.642405][T28571] Call Trace: [ 371.642413][T28571] dump_stack_lvl+0xd6/0x122 [ 371.642474][T28571] dump_stack+0x11/0x1b [ 371.675236][T28571] should_fail+0x23c/0x250 [ 371.679705][T28571] ? mempool_alloc_slab+0x16/0x20 [ 371.684882][T28571] __should_failslab+0x81/0x90 [ 371.689652][T28571] should_failslab+0x5/0x20 [ 371.694149][T28571] kmem_cache_alloc+0x4f/0x300 [ 371.698908][T28571] mempool_alloc_slab+0x16/0x20 [ 371.703766][T28571] ? mempool_free+0x130/0x130 [ 371.708440][T28571] mempool_alloc+0x9d/0x310 [ 371.712940][T28571] bio_alloc_bioset+0xcc/0x530 [ 371.717944][T28571] ? iov_iter_alignment+0x34b/0x370 [ 371.723178][T28571] iomap_dio_bio_iter+0x5e1/0xc00 [ 371.728198][T28571] __iomap_dio_rw+0x8d8/0x1010 [ 371.732991][T28571] iomap_dio_rw+0x30/0x70 [ 371.737316][T28571] ? ext4_file_write_iter+0x4a1/0x11f0 [ 371.742837][T28571] ext4_file_write_iter+0xabe/0x11f0 [ 371.748128][T28571] ? ext4_file_write_iter+0x4a1/0x11f0 [ 371.753690][T28571] do_iter_readv_writev+0x2de/0x380 [ 371.759013][T28571] do_iter_write+0x192/0x5c0 [ 371.763616][T28571] ? splice_from_pipe_next+0x34f/0x3b0 [ 371.769163][T28571] ? kmalloc_array+0x2d/0x40 [ 371.773795][T28571] vfs_iter_write+0x4c/0x70 [ 371.778305][T28571] iter_file_splice_write+0x43a/0x790 [ 371.783854][T28571] ? splice_from_pipe+0xd0/0xd0 [ 371.788745][T28571] direct_splice_actor+0x80/0xa0 [ 371.793682][T28571] splice_direct_to_actor+0x345/0x650 [ 371.799043][T28571] ? do_splice_direct+0x190/0x190 [ 371.804054][T28571] do_splice_direct+0x106/0x190 [ 371.808978][T28571] do_sendfile+0x63e/0xbb0 [ 371.813439][T28571] __x64_sys_sendfile64+0x102/0x140 [ 371.818642][T28571] do_syscall_64+0x44/0xa0 [ 371.823062][T28571] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 371.828987][T28571] RIP: 0033:0x7fca7d004739 [ 371.833386][T28571] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 371.853074][T28571] RSP: 002b:00007fca7ad7c188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 371.861553][T28571] RAX: ffffffffffffffda RBX: 00007fca7d108f80 RCX: 00007fca7d004739 [ 371.869521][T28571] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000003 [ 371.877482][T28571] RBP: 00007fca7ad7c1d0 R08: 0000000000000000 R09: 0000000000000000 [ 371.885444][T28571] R10: 0000000401ffc000 R11: 0000000000000246 R12: 0000000000000002 [ 371.893406][T28571] R13: 00007ffff87c0eff R14: 00007fca7ad7c300 R15: 0000000000022000 11:14:02 executing program 0: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f00000000c0)='./file1\x00', 0x7aca, 0x1, &(0x7f00000002c0)=[{&(0x7f0000000180)="040005090000000066617400040409000200027400f801", 0x17}], 0x0, &(0x7f0000000100)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') open(&(0x7f00000001c0)='./file1\x00', 0x842, 0x5a) r0 = open(&(0x7f00000000c0)='./file1\x00', 0x40002, 0x14a) write(r0, &(0x7f0000001400)="bb8f9f640903127a53527c6fbfe65d43b0e0586f2d40c7e7df58cac83420e83662d6e39bb6d5430622431454eedeeaee423d8f210bc3525fa7927c18d5fbc91ab13c2041136047d8da9375934d00f325499bfe77", 0x54) perf_event_open(&(0x7f0000000640)={0x5, 0x80, 0x1, 0x7, 0xff, 0x4, 0x0, 0xfffffffffffff722, 0x25000, 0xc, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0xfff, 0x2, @perf_config_ext={0x1}, 0x400c5, 0xdb3, 0x0, 0x1, 0x6, 0x8fa, 0x0, 0x0, 0x3d5b, 0x0, 0x30d}, 0x0, 0x4, r0, 0x3) creat(&(0x7f0000000080)='./file1\x00', 0x100) r1 = syz_mount_image$iso9660(&(0x7f0000000100), &(0x7f0000000140)='./file1\x00', 0x1, 0x4, &(0x7f0000000500)=[{&(0x7f00000003c0)="0057ccfb8866c956a42e9324752ae1dc155f6c19b1049e6f2728d57c0ecd0144d2a9d43d7cf5bc6626301a25491d1e859240cef169a4efcce343e978514d2e653ed5eba827b4085de49e9805bbcb", 0x4e, 0x2}, {&(0x7f0000000300)="79bed44cb02e3448fe83a9800758b09101a15328ef75a661c85c081768de9cad5560ce4f15cca0471eeda567fc5136639537bac384412195710c665a0ff1eabdeaf7ac54c64499997d0fa4aaf20670621f3cdd811f1c4a7eab32ec406ac4b77f2dd2760538b4c880de6a826338be200bef90c85871330dd003100e7feacb076a20e6cec5f2849f6061324f49265efeed57bf3f6b63ec85ed06", 0x99, 0x7}, {&(0x7f0000000580)="75a0e881744788511fcc5b55e422e0c191fe39e7b684d7d2b36e039e5093f0cf4c37f6e4f18a09b5ac3c952871efc25dcb1856e6725d2b2b88b2d1020b948695d5ae613eae291003e427d44ecc6638d54ec15483a43149ecb030eb2a235244040631bde7aa218e57c3c3bff0423b2b54d21da42038b401c5a18b68195c6b90de5e1c17dc659aa4db8178e6c1065cb8ec7eb0dea712d1b649d91f95b70e01c37fc9ca9a67166c7a6a78ceab36f5", 0xad, 0x5}, {&(0x7f0000000780)="121cbfe8d35862e029583cb769be91ce5c6be2bb56c5ba7541ce901538cb21a872b70fc3128d870b894c7e08ae9390eea886896401cb0154cb4ab7f26bbb8da7b1186fa72c6fb3b838766c880ed4fa81f6e9e912", 0x54, 0x6}], 0x80, &(0x7f00000006c0)={[{@utf8}, {@sbsector={'sbsector', 0x3d, 0x200}}, {@check_relaxed}, {}, {@mode={'mode', 0x3d, 0x1}}, {}, {@uid={'uid', 0x3d, 0xee01}}], [{@uid_gt={'uid>', 0xee00}}]}) fchmodat(r1, &(0x7f0000000200)='./file1\x00', 0x80) write$P9_RSTAT(r0, &(0x7f0000000240)=ANY=[@ANYBLOB="540000007d000000004d00000000000000000000000000000000000000000000000000000000000000dfff00000000000000000006006d73646f73000a002f6465762f76637375000a005c6a7d2f2a2f7c2c1328"], 0x54) 11:14:02 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000240)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) syz_mount_image$vfat(&(0x7f0000000000), 0x0, 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') write$binfmt_script(0xffffffffffffffff, 0x0, 0x8800000) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0) ioctl$SG_IO(r1, 0x2285, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8914, 0x0) r2 = open(&(0x7f00000001c0)='./file0\x00', 0x4e141, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r2, r3, 0x0, 0x401ffc000) [ 371.976101][T28588] loop4: detected capacity change from 0 to 262160 11:14:02 executing program 2 (fault-call:5 fault-nth:66): getpid() syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = open(&(0x7f00000001c0)='./file0\x00', 0x4e141, 0x0) r1 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x401ffc000) 11:14:02 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000240)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) syz_mount_image$vfat(&(0x7f0000000000), 0x0, 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') write$binfmt_script(0xffffffffffffffff, 0x0, 0x8800000) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0) ioctl$SG_IO(r1, 0x2285, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8914, 0x0) r2 = open(&(0x7f00000001c0)='./file0\x00', 0x4e141, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r2, r3, 0x0, 0x401ffc000) [ 372.032014][T28599] loop0: detected capacity change from 0 to 61 [ 372.094131][T28606] loop4: detected capacity change from 0 to 262160 [ 372.102433][T28603] FAULT_INJECTION: forcing a failure. [ 372.102433][T28603] name failslab, interval 1, probability 0, space 0, times 0 [ 372.115179][T28603] CPU: 0 PID: 28603 Comm: syz-executor.2 Not tainted 5.15.0-rc1-syzkaller #0 [ 372.124123][T28603] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 372.134194][T28603] Call Trace: [ 372.137470][T28603] dump_stack_lvl+0xd6/0x122 [ 372.142072][T28603] dump_stack+0x11/0x1b [ 372.146244][T28603] should_fail+0x23c/0x250 [ 372.150781][T28603] ? kmalloc_array+0x2d/0x40 [ 372.155496][T28603] __should_failslab+0x81/0x90 [ 372.160253][T28603] should_failslab+0x5/0x20 [ 372.164797][T28603] __kmalloc+0x6f/0x350 [ 372.168955][T28603] kmalloc_array+0x2d/0x40 [ 372.173379][T28603] iter_file_splice_write+0xd5/0x790 [ 372.178691][T28603] ? atime_needs_update+0x2ba/0x390 [ 372.183898][T28603] ? touch_atime+0xe0/0x250 [ 372.188387][T28603] ? generic_file_splice_read+0x2ac/0x340 [ 372.194120][T28603] ? splice_from_pipe+0xd0/0xd0 [ 372.198979][T28603] direct_splice_actor+0x80/0xa0 [ 372.203993][T28603] splice_direct_to_actor+0x345/0x650 [ 372.209391][T28603] ? do_splice_direct+0x190/0x190 [ 372.214422][T28603] do_splice_direct+0x106/0x190 [ 372.219281][T28603] do_sendfile+0x63e/0xbb0 [ 372.223741][T28603] __x64_sys_sendfile64+0x102/0x140 [ 372.229046][T28603] do_syscall_64+0x44/0xa0 [ 372.233460][T28603] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 372.239395][T28603] RIP: 0033:0x7fca7d004739 [ 372.243798][T28603] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 372.263420][T28603] RSP: 002b:00007fca7ad7c188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 372.271913][T28603] RAX: ffffffffffffffda RBX: 00007fca7d108f80 RCX: 00007fca7d004739 [ 372.279873][T28603] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000003 11:14:02 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000240)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x3014014, &(0x7f0000000180)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') write$binfmt_script(0xffffffffffffffff, 0x0, 0x8800000) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0) ioctl$SG_IO(r1, 0x2285, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8914, 0x0) r2 = open(&(0x7f00000001c0)='./file0\x00', 0x4e141, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r2, r3, 0x0, 0x401ffc000) 11:14:02 executing program 5: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f00000000c0)='./file1\x00', 0x7aca, 0x1, &(0x7f00000002c0)=[{&(0x7f0000000180)="040005090000000066617400040409000200027400", 0x15}], 0x0, &(0x7f0000000080)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') r0 = open(&(0x7f00000000c0)='./file0\x00', 0x40c2, 0x0) write(r0, &(0x7f0000001400)="bb", 0x1001) r1 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r1, &(0x7f0000000300)=ANY=[], 0x116) sendfile(r1, r1, &(0x7f0000000240), 0x7fff) creat(&(0x7f0000000100)='./file1\x00', 0x1a2) sendfile(r1, r0, &(0x7f0000000080), 0x684aa014) write$binfmt_script(r0, 0x0, 0x60) ioctl$FS_IOC_GETFSMAP(0xffffffffffffffff, 0xc0c0583b, &(0x7f0000000300)=ANY=[@ANYBLOB="000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000300000001000000ff00000000000000d71f1e0500000000080000000000000039000000000000000000000000000000000000000000000000000000000000009e0f0000c70000000800000000000000000000000000000000000000000000000200"/320]) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) gettid() wait4(0x0, 0x0, 0x4000000a, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000002c0)="0f34", 0x2}], 0x1, 0x0) [ 372.287831][T28603] RBP: 00007fca7ad7c1d0 R08: 0000000000000000 R09: 0000000000000000 [ 372.295854][T28603] R10: 0000000401ffc000 R11: 0000000000000246 R12: 0000000000000002 [ 372.303854][T28603] R13: 00007ffff87c0eff R14: 00007fca7ad7c300 R15: 0000000000022000 11:14:04 executing program 3: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f00000000c0)='./file1\x00', 0x7aca, 0x1, &(0x7f00000002c0)=[{0x0}], 0x0, &(0x7f0000000080)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') r0 = open(&(0x7f00000000c0)='./file0\x00', 0x40c2, 0x0) write(r0, &(0x7f0000001400)="bb", 0x1001) r1 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r1, &(0x7f0000000300)=ANY=[], 0x116) sendfile(r1, r1, &(0x7f0000000240), 0x7fff) creat(&(0x7f0000000100)='./file1\x00', 0x1a2) sendfile(r1, r0, &(0x7f0000000080), 0x684aa014) write$binfmt_script(r0, 0x0, 0x60) ioctl$FS_IOC_GETFSMAP(0xffffffffffffffff, 0xc0c0583b, &(0x7f0000000300)=ANY=[@ANYBLOB="000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000300000001000000ff00000000000000d71f1e0500000000080000000000000039000000000000000000000000000000000000000000000000000000000000009e0f0000c70000000800000000000000000000000000000000000000000000000200"/320]) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() wait4(0x0, 0x0, 0x4000000a, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000002c0)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r2, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0, 0x34}, {&(0x7f0000000000)=""/3, 0x3}], 0x3, 0x0, 0x0, 0x0) tkill(r2, 0x3c) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x48, &(0x7f0000000300)="f43970da7cfeb6d42fd55103666c5762306aa6000000006e59b65f92b10000c571b846e84785185abde7d01894a79025a799ce07a8bdf0c91d32be313b558a8b5a3ae6a22cd7123b"}}], 0x1c) 11:14:04 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, 0x0, 0x0) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x14d842, 0x0) sendfile(r1, 0xffffffffffffffff, 0x0, 0x80000001) r2 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r2, &(0x7f0000000300)=ANY=[], 0x116) sendfile(r2, r2, &(0x7f0000000240), 0x7fff) r3 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) sendfile(r3, r3, &(0x7f0000000240), 0x7fff) 11:14:04 executing program 2 (fault-call:5 fault-nth:67): getpid() syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = open(&(0x7f00000001c0)='./file0\x00', 0x4e141, 0x0) r1 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x401ffc000) 11:14:04 executing program 0: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f00000000c0)='./file1\x00', 0x7aca, 0x1, &(0x7f00000002c0)=[{&(0x7f0000000180)="040005090000000066617400040409000200027400f801", 0x17}], 0x0, &(0x7f0000000100)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') r0 = open(&(0x7f00000000c0)='./file0\x00', 0x40c2, 0x0) r1 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x1000000, 0x110, r0, 0x0) syz_io_uring_setup(0x371b, &(0x7f0000000100)={0x0, 0x1ad6, 0x10, 0x2, 0x293, 0x0, r0}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000001c0)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_FADVISE={0x18, 0x1, 0x0, @fd_index=0x6, 0x9, 0x0, 0x1000, 0x3, 0x1}, 0x4) write(r0, &(0x7f0000001400)="bb8f9f640903127a53527c6fbfe65d43b0e0586f2d40c7e7df58cac83420e83662d6e39bb6d5430622431454eedeeaee423d8f210bc3525fa7927c18d5fbc91ab13c2041136047d8da9375934d00f325499bfe77", 0x54) write$P9_RSTAT(r0, &(0x7f0000000300)={0xab, 0x7d, 0x0, {0x0, 0xa4, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0, 0x57, '\x95z\xe4\xa6\x9629\xeb\xac\x04\xd3\xac\xf0\xfe\xc6os\b\xe7yF\xcaK\x8alr\xeb\x11qk+-\xd1\xfe\x80\xa5\aI\xf4\x88\x12\xe2p_\xd4W \xad\x1ea\x81\x13{\x0fQ\xba\xf5hPb\xe3\x97\xc64\xb7zK\"h\b\x1a~jO\xcb\xba\xf7\x8f\x9b\x8a\x8e,\xc3B6\x9c ', 0x6, 'msdos\x00', 0xa, '/dev/vcsu\x00', 0xa, '\\j}/*/|,\x13('}}, 0xab) 11:14:04 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000240)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x3014014, &(0x7f0000000180)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') write$binfmt_script(0xffffffffffffffff, 0x0, 0x8800000) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0) ioctl$SG_IO(r1, 0x2285, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8914, 0x0) r2 = open(&(0x7f00000001c0)='./file0\x00', 0x4e141, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r2, r3, 0x0, 0x401ffc000) 11:14:04 executing program 5: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f00000000c0)='./file1\x00', 0x7aca, 0x1, &(0x7f00000002c0)=[{&(0x7f0000000180)="040005090000000066617400040409000200027400", 0x15}], 0x0, &(0x7f0000000080)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') r0 = open(&(0x7f00000000c0)='./file0\x00', 0x40c2, 0x0) write(r0, &(0x7f0000001400)="bb", 0x1001) r1 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r1, &(0x7f0000000300)=ANY=[], 0x116) sendfile(r1, r1, &(0x7f0000000240), 0x7fff) creat(&(0x7f0000000100)='./file1\x00', 0x1a2) sendfile(r1, r0, &(0x7f0000000080), 0x684aa014) write$binfmt_script(r0, 0x0, 0x60) ioctl$FS_IOC_GETFSMAP(0xffffffffffffffff, 0xc0c0583b, &(0x7f0000000300)=ANY=[@ANYBLOB="000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000300000001000000ff00000000000000d71f1e0500000000080000000000000039000000000000000000000000000000000000000000000000000000000000009e0f0000c70000000800000000000000000000000000000000000000000000000200"/320]) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) gettid() wait4(0x0, 0x0, 0x4000000a, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000002c0)="0f34", 0x2}], 0x1, 0x0) [ 374.616358][T28642] loop0: detected capacity change from 0 to 61 [ 374.644312][T28640] FAULT_INJECTION: forcing a failure. [ 374.644312][T28640] name failslab, interval 1, probability 0, space 0, times 0 [ 374.657102][T28640] CPU: 0 PID: 28640 Comm: syz-executor.2 Not tainted 5.15.0-rc1-syzkaller #0 [ 374.665878][T28640] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 374.676253][T28640] Call Trace: [ 374.679547][T28640] dump_stack_lvl+0xd6/0x122 [ 374.684204][T28640] dump_stack+0x11/0x1b [ 374.688440][T28640] should_fail+0x23c/0x250 [ 374.693069][T28640] ? ext4_mb_new_blocks+0x73f/0x1fc0 [ 374.698395][T28640] __should_failslab+0x81/0x90 [ 374.703292][T28640] should_failslab+0x5/0x20 [ 374.707887][T28640] kmem_cache_alloc+0x4f/0x300 [ 374.711961][T28642] attempt to access beyond end of device [ 374.711961][T28642] loop0: rw=2049, want=64, limit=61 [ 374.712664][T28640] ext4_mb_new_blocks+0x73f/0x1fc0 [ 374.712703][T28640] ? mark_buffer_dirty+0x151/0x200 [ 374.733784][T28640] ? __ext4_handle_dirty_metadata+0x20c/0x5a0 [ 374.740018][T28640] ext4_new_meta_blocks+0x84/0x180 [ 374.745405][T28640] ext4_ext_insert_extent+0xa20/0x2d90 [ 374.750981][T28640] ? ext4_find_extent+0x7b2/0x7f0 [ 374.756017][T28640] ? ext4_ext_search_right+0x246/0x540 [ 374.761514][T28640] ext4_ext_map_blocks+0x1714/0x1ff0 11:14:05 executing program 0: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f00000000c0)='./file1\x00', 0x7aca, 0x1, &(0x7f00000002c0)=[{&(0x7f0000000180)="040005090000000066617400040409000200027400f801", 0x17}], 0x0, &(0x7f0000000100)=ANY=[]) utime(&(0x7f0000000080)='./file1\x00', &(0x7f0000000100)={0xffffffffffff8001, 0xfffffffffffffff9}) umount2(&(0x7f0000000680)='./file1\x00', 0x8) chdir(&(0x7f0000000140)='./file0\x00') sendto(0xffffffffffffffff, &(0x7f00000006c0)="06197a0656eb22ae1729e4442c733a9a8cfd2f7142285e5d93d4561a3b3beb9cab102eb9944ab1db9a6efb45b7584a265866bd57134dab6922cdcc4835ccba8bf4ab2f02e6cee32b59f102ddbaa7", 0x4e, 0x4000040, &(0x7f0000000fc0)=@in6={0xa, 0x4a21, 0x1, @local, 0xffffff80}, 0x80) r0 = open(&(0x7f00000000c0)='./file0\x00', 0x40c2, 0x0) syz_mount_image$nfs(&(0x7f0000000000), &(0x7f00000001c0)='./file1\x00', 0x1, 0x7, &(0x7f00000005c0)=[{&(0x7f0000000200)="45568d5f9e6576a179e8f3642c4353d0452ac6e084b5a9e8f663706e1bd00507c82827daee39bcaf8cf029bc00", 0x2d, 0x3}, {&(0x7f0000000300)="ed49aa4de245aa06b2fb034163f5f739f6bf619f7aceee15d257b8ac33eab27f5daefd4e402c9226f1f0ee3e7674dbb27298555ab2d43194289a7ef1e593a14f103e1aa21141ac4b68b69f0b9af63f444ecc269da07554d3f8502401f3aeb562fd2e6a20a22e936ed759da98d5fa2cee37a88dbede5138f4a037486e0fa6cadf10cf358384771611dc8c73012a10ead8fb22ffa14a6f4632df12db8799f25e2a1a4d6d91eef8899ded69c2b6afbb532b6d4060977c72167312d4e3476ece42b963e4443f0f639423732ef5d623715260aa", 0xd1, 0x80000001}, {&(0x7f0000000400)="422fd2b6ffa9a041c8c6a74a7d6e49d3d9860a30d7cbb430a5a8af65d778569416d052539599c500abb0379fd39a3cd4a61663966459e56958fc07d8adfa689692c9761a70435c5fc77b1ee41ebad0c9e65337c1", 0x54}, {&(0x7f0000000480)="e85208d114449f4d897a2fe9e61def1eff5e65261b24f82f0f464f8223c4", 0x1e}, {&(0x7f00000004c0)="3a32b429758a989e8d55a29fc9c9ac0ba5b927975f251508e41d9709daaff04a436d3e992e0dbc91a9a6180838257734fdc13bb9e71733d4ac343a8b1d84e0fc0e67211847fb13a3357c3f8ec5e95f5b56a732d2ee79010f3267922674561592895d58d94a762e24528c26bd9409fb638d53f3df6155b29b1e54ca74260f0e8faf1cccda50ea2131d48083658177724fc566d4fcd009632e7c7c9b", 0x9b, 0x401}, {&(0x7f0000001480)="f1e22d8e932ce2a9baf3f913172fc9cd028db7e1a907852759685defbb8425a827e06911b3b833c41bc587c4d720037a0ea8d200406311494afd239a2c7dfda29b2c6b7c41822d8d04220ed9dc6dc62778b4eb99720e19db00ae5bdc9326d001fc8ffacf050a3ac087e1495dfe2f2aed2034ec38185c44b7712081593e8f6ba6f50d23644810afbefbcb9d2ec1b749f00cc76316447dd8ac30d2a4691a90628aca2532d5e6ede185f4d424eb9604a666671321b144abd01387150e614e055d95d01ce321b260fa00fdcd31ae6884894610f203ec02a3c51a5ecc526a73341ed3f0318a361f966adc50b28310bac006a5d672eac27b44c7b6449353f9e9b7c4fe161e77f51d740639501276c175e90631f13142c40b054355bc8ed64082e5728330e6d1f6f10d9ca99a875d34122cd68653ef23b7c0a5417fb47008b6968e20ad1a507198a88be17f921dd7a9a45d54c956cbd2142ca759a5e49939de2b2f0260ed785f9cd111e1b317d555723f2a8b2ae666e8f6d7deb834291d7413d3199f6e4980fc6856fd7afe873a07d59000a6e1678a58412067f901c7cddfe2ce0e41c420f6ad8106637d361257eec862499fa9da4d49f665a0c2c8cc0f705e1e4a2e1cf000b2ae06e64a9add3321b31a769dbcbae525c73f496ad5b0ee18741ca61eb854cd84ac931bacfd40d6004f2bafee06eb2305376a5922886031ae9177dcd94ea0e916203ebbd28d9fa4efaaa11b8ab378182da95cb09b7a9066a5ff1ecdc250a71f55945132c3d85fb8f2649476c5d4d8e382f04bbb81c2b9a9160d50df0627717421f838440ac3f726c0ce1d6a8af1b67e7fee1544ee8b339de4055caae046ab845a65400e501398ddad510ef5fd04eda45a09a457383b1c75c410f665d3b20b50779baf0aa2d3fab0e24c33d793ae171c813dcb6847c5fbabd533538da3410dd30699c34ef5fe23d5a6bc4f9435b9780b8f1f8f1f3e7de56e3382ef334b9c39d41d4f009f614aaa166d6e8d48384f51dd39cb0a4a9ebcbb5f8c6043861c93cadd496dd8ee0865a04d1dd92c65972a7fb7e3c8296bc7dcd0e43f1bdf8e39b82b1df9ec254cdf165d841c44961e424061c29a5acb0fcf5aa3ad053eaffeb05ad05b39df0a57b09848c2140d84a814d342aa0c5838174d21a4b1226598b24ab605631aa286b697d2743cb9d1cd5784dc995c379d3cfffa4e574a20a985e269a10f2d739d631b7e3e9da95f59ef62dbd278ee49666b83640da16f1e2f3681782debbe9b4b174001d3c279a9d63ccdec26a22e073841f08a5744036778da5384adfe88b529c8ade8dae3d2557990a757fa0cdfe733401cf3d9975db4d2ec51f42232d7a8603171d356523ae073ad7a5d320221caf42db9d48a681e2941882db682cf4e4590c8844926f7c2341c60e968841d221e6ad5d2efcf338030ebe76e29b7202c39e92ba7a2da34beaca1657f37130675135e8ce714ac26cde23a8fc43a33401370a14116aaac8dc46120b44dbb6b40f5237829742d6087613730b4a36069a0c6569f73e4148df7a5004d1486b935d90b9a84fca83ef80322ce31ada6a524c6b07c76580f8c99f246f4c1c40f95e1ba3cd7d04dfe960fa443a97e27b1b382f1ce839b982e5cc4c593d3b3a6fc5550116dafe6069902ba7dd987fab643f45d9bc426407c4bb4817e04d185e265443b2b7e76cb6eb6381b78c7d8b12471ee037e67452741912f8cb744aec3c7e956e2c78ce14db86aacf0cc164bd7d9802d68827abd79fed08dcf3b4a6a5c181bdbcd9e508b11f8104a44d1ccf687aa042b765724bce2b8cad013a5d93d7f801d28a2c3b04cc9096a24874968419cd4b01b70e823c414feed32bec2933c7083c8148b107ade7becdfd2660b1a24a5a7d0e186498963fb6731dacdaea43a64964bcee021848f800b3bc1e57137c0e0dc4e3fe452d3f7bfd0dbbf9c7c2067654ff0e707e6610a488627692f47f884a4c0756a653df31be228fe97dfd1b9512e263c85f62dfd26bbb2e5500075e7f96c66f0b25bb42b0f369d9e6b77f736aa55513a208eb9d261633f769a0ccb9ead56674c0753689f1bd9e7ecf5d6c5d721c714ff4366f1c8cdb0aba69ed1fbd574e545401742a163d8f88db93d6f6976ed88a4c5a7cf978ab2fe6a8927d1d2a2c245b09cc9da56547a54bee0ea2d172646872f01fe38563e57fdfeaca367715aac29d175405a7a6c117d3addc176c22adbee1632e21e92b317f2cdd3789adcebd4c49e3a4ae3da550aa7003506c9284036858f1055fea967f438ce57010e4ede9022d2c003ef0c5a6ebb27ad16f5a41ed8265f1362455a663283a7e588e56a5f5af72a8924281a57024c5e30d4f6f4a91938f17ce1aa5b616c4556555f1e4008ea05d187a526bc849d9a9fc77348a676350df21f258c664eb00bdedb966f99c66758fcf75fe63e3648ba72cc0f8d52bf5f7266fd2ec190406f69d87efc9a196e554979c7823534746466de076a6465cf891ae19a9129b05049df919074ba48f170a3cb98224293bdca2e491f0aa5d5a427a5abf5d8f459cd1fe90bf7fc62f4f0d86af81d047d9f9b66998f2e385aac1f1e7313275707e75bb9c9e8e7cd8e8d0d01b56e439a64984f2d16c25aa2b3e44748eddf7a08e934656702b74a7ad7951fc8e189ba86ac23654aac029e6ba6e78b5e1040fa63c69f592378254c355f5de5baadd67b844a681e7a3071d9a34a79a6d0debf3e1534a2f9d3ee2c3096e011184ec109d3022a34be5dd47631230ec37b6c8151a067c7aa4c05a8d660ade47f6657115c3204775f5d0e81e79e78138f012bb748e3fe4647497ecee2dbfc5685d76420e7d1626bb5ac2298676f5dcd536a9d7b85ffbeb0335b2f164b2f08e04c5e3bef0a94f54554bf86e67dfd076bf1f246c2deec26dc14f4200aa4e32bd64383fb8ff1b249409474a606d600cdc13a16b7ed6a3c83f6466c4b123f2e003330200463b42a6af86abf544683255637047b95a57a151331ee4a4d98a0e92c7556a78cf98aa9555e3eaeba25e3a27891fedba6f7e388f2dceb7a634959a605dc0194b52f868054dd32b0d75e55e7c3f78a39d3d1dfb99a16fd80104804ea7380354e6a6e180a21ef8aaca0d32432f9bf20479dddd15ed1ac9228f62b2b773f72ec549e3f42548f742118072d56ed565203588db725be775edd92e0b6666f84e272eaf856416c0c189d4a95dcffb6d2f0ff9f10559cc87cbecc22f179edc68e9ed63e706e032b257b34d1f5cfdebe77ae57816c2d0e30215c9405cb65c2146da132594a42b93dd264125daf92d6b3707e96a3f5628c1f74d98104dd7f84d29be7308f5f31b5ec72b86aaad32a1aa9926602b93be6fe45531a48b49ee6d6f7e09e28751f613e9d57a6efb97997b7ab8e02197e4c38ee629dae2b5d98c51ddf056c81d7469e15e80591785113f2789101b2fb1f08c856dd883c39eb7abf45237550058bee4214791e32652a97d3a3a69d58c77e3c4ae921f45655f1af581e9e0a8fdee8292798570bf511dcd5f9c9961e27fd4b64de39a51b2ecd45902d798c4db438bd056332aa08e07d58c3528f0ab9fd8843c9b89457a1ae117039c10c9696e3084e6019299ff2b07c2af667ab11d4521943bfc20f6bf2cfc7397acc308ca3f715ae93c85f13a780b9a286b3033b27fda25d109326b8831aae912c916ed20af656fac3dd33ef8b2a86a49c45eee29fee52cd0be530739da6139ac11e592289dec43ea9467bf48aa8dacf9b1ce3de63d2916f38fd4d657a6c9b0fc31d7be381d185150d3eea38a33223d2646ec6eaa03f8239c5b0db99de4bfec364522078c532d30082bcf3c0d5f3fb8d32fde59c5b7acc9b31695827ab0d7db3c238bccf1cf3ff5477c6f33e7f32050f1792fa9630096b84e00caf8a34f66f75252ea0cf721fbbb37aea5e8e824edfa5a3e6143c84d7ed0c8ee41dcdc005618ea1c73c038aef4cf3b2e2c3b6472c5bb2445df30655b72ba62b3278fa4b84d9735522dfeb83c1a6b88201179edf14e8ce66d0ba86dea64fa266b986d77285139a58ed22871d9ae89bb4520032d12164436d2c4740c20a96665060a6b0ad584c771e8a0b7d80762dc23c0f1155eed177096aa0ddd0d0e060316cb8769c501eada5345e30517f952bdcb2f23b20ca8dca4ba299d1ec6218757b77995e5f1224360152e94061d1d1cfe26b7a9d4d5149f6d2ed7efcb2dec8eb0ee7800146db1ea8997309f5c63b84efebfc7007afce9ac6f64a7ae34ad136724c8c652891edab909dd534720003b2e0b223f5f4b51cac4883679dc0a1816e3ec37bd0c8e7cabb395a64e90a8a8d8963dc4ea35e3b002630f961446eda5c516d883e9b03b70c9c1e0a0a62fcfe96349f54cec38a83ef5d61af6c1eb9fd13810c0b96bca632cdad5979fce05c073b1664540698638fb8efded6ece8f7dc85a6ddb15448a9a1e0e3929d057ac2de24cb59f78079009961298243dfc99be0cf9ab9ed854b7a0325b50bf1d59a2c81c7e68ff4facccb1e1d09c134593899584e21f23c6fd8aabe3a781ef6dc116bdce2b8133858aa89ea8998c9d34641cbe050249edbc79bee3af364e3b7f146a08691a306955462748befb5ee44b657e75898ccf327e94ad5811c6aaa8914c55e651c574b7f8b779dccc3107ef50b9b1f134086eca562ff8ed3011b70acd6881685d4556ec07f6e919edbc6496c57498565045a249446a6cb09487ddaf3311d138ace5ca5e44f31d983ea11ac359d05f92c0702b980607d4ebe7a5fd286dd0ced2b1cce3486f6f54a2980ac52fd60101ce1de2922f33923662494197e7f9d29ec81ccd299909317fff0cd3c95d6fbf98118954f728529f9744c1e3a9cd766beb41ea176523cef9ce95a180e8472c18f210a281688f5ad81a33da430a31a217cbfb7f236bda68f6f0b7be09fbc8b2224512ee7791f6499ff5a3642d60fe75d51be4c567de6daead8f1dc0c6b6e4d57ce177167f2d5724dcbfec4aa9c5b23a2e6a866edc4a8a519246a9f0ee6b54c22e5b1c07d91d2c219ead6b0f1fa11d0de4bfcf1e40f685720004de01cf7ed5e2ad23bf54dc063554180b56dbd8360bd754c0fc1e9f44621044d569aa30e74256d1468e5c140a8324a78c3c62e7bae816a0f05fcdfe7b4dd7555336a6bc2e33a249dae6f9a5b92af57bedc15e5ba07b7e76a9baa6a41067196985f664bc512e0c40b0448d33a5bd72b96cf0b8deb47a039f7f7174c35a34049b37c64a97fe909f61fbcc79fae82e9f896cfb607728780521e975c208c6b8f8e10105b2d820690021859455dd0e712ef3811ec5e723cc106e50276f94071a0de9a98bb5fc51aefb0f9318ee70f6b6c2564dc1792175c43e88350de57f6e6cf3e19e91bcd6bd1b45b3c3ef788e001187ec4e3a4172cdd925d8ec1947991ca2b6da2d46048bacd5711aa2c4c1582eb30f20e3b4044ffafdea5cb58cc985455b8b7b60ca422abc716145ca4a88ddd1c2f6bd9ce73044e9888eacb79853c0cc034a9e84487d7ad70ba1c89224682cb8d16dc04283486db6fb9c23a2382c4081c121ee95db8db2e275f006dcfa0048fd64c1761a1a8e325b843fed896d2a4791faa090519ba1d3921e4a53223fe1906b504be9772f7c47c06c715e34bd996d43478de43bf50635a6fe7916fff75854380a5b3f435a575ac02a4baef992517f7617b29ee29df28f44937bb87fd98c56cc59a9952e6b6f6fc9c80ad6518d3053a4b5a090fbef42517891ed3098e79f5e0ec9350e2578d4c7185f2301bf4312d46869088893fc343d3", 0x1000, 0x4}, {&(0x7f0000000580)="98f5642ac8d8163658a12aa9d0f7", 0xe, 0x2}], 0x0, &(0x7f0000000ec0)=ANY=[@ANYBLOB="2f646576a9c6416b244fa06e6d73646f73002c27265b2c5d5e5d4917ec3b805fad472c7375626a5f757365723d2d2c00d537b25bd15d20be503615a85ffb2907ba6a647fbae0b26ec068b4439cdcdd416001eaffb3aebbc465484a1d084289ca75dce1a771d7a7c032d33ee6189b48dc1eb6d2a818b4991808dd3a7e97e1265e12c0718ee2c7db0e57458ca70d28c8e5561cb317656ecd173938ec869454fc9956d8a4ca1d0ab5ca3513236cdb9b0f2545b3ec780538db1135014fce3c5149cca8448226f306a16727ad28708c503d1fffc4"]) write(r0, &(0x7f0000001400)="bb8f9f640903127a53527c6fbfe65d43b0e0586f2d40c7e7df58cac83420e83662d6e39bb6d5430622431454eedeeaee423d8f210bc3525fa7927c18d5fbc91ab13c2041136047d8da9375934d00f325499bfe77", 0x54) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r2, 0x0) preadv(r2, &(0x7f0000000280), 0x18, 0xd9f, 0x0) accept4(r2, &(0x7f0000000ac0)=@pppoe={0x18, 0x0, {0x0, @local}}, &(0x7f0000001040)=0x80, 0x80800) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) openat(r2, &(0x7f0000001080)='./file1\x00', 0xc8200, 0x20) umount2(&(0x7f0000000840)='./file0\x00', 0xa) recvmmsg(r1, &(0x7f0000000e40)=[{{&(0x7f00000007c0)=@l2={0x1f, 0x0, @none}, 0x80, &(0x7f0000000900)=[{&(0x7f0000000840)}, {&(0x7f0000000880)=""/103, 0x67}], 0x2, &(0x7f0000002480)=""/4096, 0x1000}, 0x100}, {{&(0x7f0000000940)=@vsock={0x28, 0x0, 0x0, @local}, 0x80, &(0x7f0000000cc0)=[{&(0x7f00000009c0)=""/222, 0xde}, {&(0x7f0000000740)=""/85, 0x55}, {&(0x7f0000000b40)=""/185, 0xb9}, {&(0x7f0000003480)=""/4096, 0x1000}, {&(0x7f0000000c00)=""/38, 0x26}, {&(0x7f0000000c40)=""/74, 0x4a}], 0x6, &(0x7f0000000d40)=""/208, 0xd0}, 0xac7f}], 0x2, 0x0, 0x0) write$P9_RSTAT(r0, &(0x7f0000000240)=ANY=[@ANYBLOB="540000007d000000004d00000000000000000000000000000000000000000000000000000000000000000000000000000000000006006d73646f73000a002f6465762f766373750000005c6a7d2f2a2f7c2c1328"], 0x54) ioctl$NS_GET_PARENT(0xffffffffffffffff, 0xb702, 0x0) [ 374.766985][T28640] ? ext4_es_lookup_extent+0x36b/0x490 [ 374.772499][T28640] ext4_map_blocks+0x71e/0xf00 [ 374.777450][T28640] ext4_iomap_begin+0x4b0/0x630 [ 374.782474][T28640] ? ext4_alloc_da_blocks+0xd0/0xd0 [ 374.787889][T28640] iomap_iter+0x39c/0x470 [ 374.792240][T28640] __iomap_dio_rw+0x698/0x1010 [ 374.797722][T28640] iomap_dio_rw+0x30/0x70 [ 374.802075][T28640] ? ext4_file_write_iter+0x4a1/0x11f0 [ 374.807555][T28640] ext4_file_write_iter+0xabe/0x11f0 [ 374.813009][T28640] ? ext4_file_write_iter+0x4a1/0x11f0 [ 374.818887][T28640] do_iter_readv_writev+0x2de/0x380 [ 374.824322][T28640] do_iter_write+0x192/0x5c0 [ 374.828944][T28640] ? splice_from_pipe_next+0x34f/0x3b0 [ 374.834632][T28640] ? kcsan_setup_watchpoint+0x241/0x3f0 [ 374.840270][T28640] vfs_iter_write+0x4c/0x70 [ 374.844793][T28640] iter_file_splice_write+0x43a/0x790 [ 374.850378][T28640] ? splice_from_pipe+0xd0/0xd0 [ 374.855564][T28640] direct_splice_actor+0x80/0xa0 [ 374.860684][T28640] splice_direct_to_actor+0x345/0x650 11:14:05 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, 0x0, 0x0) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x14d842, 0x0) sendfile(r1, 0xffffffffffffffff, 0x0, 0x80000001) r2 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r2, &(0x7f0000000300)=ANY=[], 0x116) sendfile(r2, r2, &(0x7f0000000240), 0x7fff) r3 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) sendfile(r3, r3, &(0x7f0000000240), 0x7fff) [ 374.866118][T28640] ? do_splice_direct+0x190/0x190 [ 374.871168][T28640] do_splice_direct+0x106/0x190 [ 374.876038][T28640] do_sendfile+0x63e/0xbb0 [ 374.880501][T28640] __x64_sys_sendfile64+0x102/0x140 [ 374.885770][T28640] do_syscall_64+0x44/0xa0 [ 374.890220][T28640] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 374.896350][T28640] RIP: 0033:0x7fca7d004739 [ 374.900810][T28640] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 374.921044][T28640] RSP: 002b:00007fca7ad7c188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 374.929689][T28640] RAX: ffffffffffffffda RBX: 00007fca7d108f80 RCX: 00007fca7d004739 [ 374.937802][T28640] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000003 [ 374.945781][T28640] RBP: 00007fca7ad7c1d0 R08: 0000000000000000 R09: 0000000000000000 [ 374.953753][T28640] R10: 0000000401ffc000 R11: 0000000000000246 R12: 0000000000000002 11:14:05 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000240)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x3014014, &(0x7f0000000180)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') write$binfmt_script(0xffffffffffffffff, 0x0, 0x8800000) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0) ioctl$SG_IO(r1, 0x2285, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8914, 0x0) r2 = open(&(0x7f00000001c0)='./file0\x00', 0x4e141, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r2, r3, 0x0, 0x401ffc000) 11:14:05 executing program 5: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f00000000c0)='./file1\x00', 0x7aca, 0x1, &(0x7f00000002c0)=[{&(0x7f0000000180)="040005090000000066617400040409000200027400f8", 0x16}], 0x0, &(0x7f0000000080)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') r0 = open(&(0x7f00000000c0)='./file0\x00', 0x40c2, 0x0) write(r0, &(0x7f0000001400)="bb", 0x1001) r1 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r1, &(0x7f0000000300)=ANY=[], 0x116) sendfile(r1, r1, &(0x7f0000000240), 0x7fff) creat(&(0x7f0000000100)='./file1\x00', 0x1a2) sendfile(r1, r0, &(0x7f0000000080), 0x684aa014) write$binfmt_script(r0, 0x0, 0x60) ioctl$FS_IOC_GETFSMAP(0xffffffffffffffff, 0xc0c0583b, &(0x7f0000000300)=ANY=[@ANYBLOB="000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000300000001000000ff00000000000000d71f1e0500000000080000000000000039000000000000000000000000000000000000000000000000000000000000009e0f0000c70000000800000000000000000000000000000000000000000000000200"/320]) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) gettid() wait4(0x0, 0x0, 0x4000000a, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000002c0)="0f34", 0x2}], 0x1, 0x0) [ 374.961819][T28640] R13: 00007ffff87c0eff R14: 00007fca7ad7c300 R15: 0000000000022000 11:14:05 executing program 2 (fault-call:5 fault-nth:68): getpid() syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = open(&(0x7f00000001c0)='./file0\x00', 0x4e141, 0x0) r1 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x401ffc000) [ 375.039853][T28680] loop0: detected capacity change from 0 to 61 [ 375.099394][T28685] FAULT_INJECTION: forcing a failure. [ 375.099394][T28685] name failslab, interval 1, probability 0, space 0, times 0 [ 375.112721][T28685] CPU: 0 PID: 28685 Comm: syz-executor.2 Not tainted 5.15.0-rc1-syzkaller #0 [ 375.121804][T28685] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 375.131863][T28685] Call Trace: [ 375.135143][T28685] dump_stack_lvl+0xd6/0x122 [ 375.139727][T28685] dump_stack+0x11/0x1b [ 375.143949][T28685] should_fail+0x23c/0x250 [ 375.148470][T28685] ? mempool_alloc_slab+0x16/0x20 [ 375.153556][T28685] __should_failslab+0x81/0x90 [ 375.158486][T28685] should_failslab+0x5/0x20 [ 375.163030][T28685] kmem_cache_alloc+0x4f/0x300 [ 375.168016][T28685] mempool_alloc_slab+0x16/0x20 [ 375.172947][T28685] ? mempool_free+0x130/0x130 [ 375.177808][T28685] mempool_alloc+0x9d/0x310 [ 375.182325][T28685] bio_alloc_bioset+0xcc/0x530 [ 375.187115][T28685] ? iov_iter_alignment+0x34b/0x370 [ 375.192495][T28685] iomap_dio_bio_iter+0x5e1/0xc00 11:14:05 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000240)={0x38, 0x0, 0x0, 0x0, 0x5}, 0x0) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x14d842, 0x0) sendfile(r1, 0xffffffffffffffff, 0x0, 0x80000001) r2 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r2, &(0x7f0000000300)=ANY=[], 0x116) sendfile(r2, r2, &(0x7f0000000240), 0x7fff) r3 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) sendfile(r3, r3, &(0x7f0000000240), 0x7fff) [ 375.197588][T28685] __iomap_dio_rw+0x8d8/0x1010 [ 375.202387][T28685] iomap_dio_rw+0x30/0x70 [ 375.206772][T28685] ? ext4_file_write_iter+0x4a1/0x11f0 [ 375.212320][T28685] ext4_file_write_iter+0xabe/0x11f0 [ 375.217608][T28685] ? ext4_file_write_iter+0x4a1/0x11f0 [ 375.223165][T28685] do_iter_readv_writev+0x2de/0x380 [ 375.228597][T28685] do_iter_write+0x192/0x5c0 [ 375.233438][T28685] ? splice_from_pipe_next+0x34f/0x3b0 [ 375.238978][T28685] ? kmalloc_array+0x2d/0x40 [ 375.243585][T28685] vfs_iter_write+0x4c/0x70 [ 375.248106][T28685] iter_file_splice_write+0x43a/0x790 [ 375.253563][T28685] ? splice_from_pipe+0xd0/0xd0 [ 375.258457][T28685] direct_splice_actor+0x80/0xa0 [ 375.263601][T28685] splice_direct_to_actor+0x345/0x650 [ 375.269020][T28685] ? do_splice_direct+0x190/0x190 [ 375.274162][T28685] do_splice_direct+0x106/0x190 [ 375.279282][T28685] do_sendfile+0x63e/0xbb0 [ 375.283700][T28685] __x64_sys_sendfile64+0x102/0x140 [ 375.288986][T28685] do_syscall_64+0x44/0xa0 [ 375.293556][T28685] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 375.299555][T28685] RIP: 0033:0x7fca7d004739 [ 375.303970][T28685] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 375.323958][T28685] RSP: 002b:00007fca7ad7c188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 375.332457][T28685] RAX: ffffffffffffffda RBX: 00007fca7d108f80 RCX: 00007fca7d004739 [ 375.340523][T28685] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000003 [ 375.348573][T28685] RBP: 00007fca7ad7c1d0 R08: 0000000000000000 R09: 0000000000000000 [ 375.356643][T28685] R10: 0000000401ffc000 R11: 0000000000000246 R12: 0000000000000002 [ 375.364636][T28685] R13: 00007ffff87c0eff R14: 00007fca7ad7c300 R15: 0000000000022000 [ 375.387697][T28687] loop0: detected capacity change from 0 to 264192 [ 375.395281][T28687] nfs: Unknown parameter '/dev©ÆAk$O nmsdos' 11:14:07 executing program 3: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f00000000c0)='./file1\x00', 0x7aca, 0x1, &(0x7f00000002c0)=[{0x0}], 0x0, &(0x7f0000000080)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') r0 = open(&(0x7f00000000c0)='./file0\x00', 0x40c2, 0x0) write(r0, &(0x7f0000001400)="bb", 0x1001) r1 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r1, &(0x7f0000000300)=ANY=[], 0x116) sendfile(r1, r1, &(0x7f0000000240), 0x7fff) creat(&(0x7f0000000100)='./file1\x00', 0x1a2) sendfile(r1, r0, &(0x7f0000000080), 0x684aa014) write$binfmt_script(r0, 0x0, 0x60) ioctl$FS_IOC_GETFSMAP(0xffffffffffffffff, 0xc0c0583b, &(0x7f0000000300)=ANY=[@ANYBLOB="000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000300000001000000ff00000000000000d71f1e0500000000080000000000000039000000000000000000000000000000000000000000000000000000000000009e0f0000c70000000800000000000000000000000000000000000000000000000200"/320]) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() wait4(0x0, 0x0, 0x4000000a, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000002c0)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r2, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0, 0x34}, {&(0x7f0000000000)=""/3, 0x3}], 0x3, 0x0, 0x0, 0x0) tkill(r2, 0x3c) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x48, &(0x7f0000000300)="f43970da7cfeb6d42fd55103666c5762306aa6000000006e59b65f92b10000c571b846e84785185abde7d01894a79025a799ce07a8bdf0c91d32be313b558a8b5a3ae6a22cd7123b"}}], 0x1c) 11:14:07 executing program 5: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f00000000c0)='./file1\x00', 0x7aca, 0x1, &(0x7f00000002c0)=[{&(0x7f0000000180)="040005090000000066617400040409000200027400f8", 0x16}], 0x0, &(0x7f0000000080)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') r0 = open(&(0x7f00000000c0)='./file0\x00', 0x40c2, 0x0) write(r0, &(0x7f0000001400)="bb", 0x1001) r1 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r1, &(0x7f0000000300)=ANY=[], 0x116) sendfile(r1, r1, &(0x7f0000000240), 0x7fff) creat(&(0x7f0000000100)='./file1\x00', 0x1a2) sendfile(r1, r0, &(0x7f0000000080), 0x684aa014) write$binfmt_script(r0, 0x0, 0x60) ioctl$FS_IOC_GETFSMAP(0xffffffffffffffff, 0xc0c0583b, &(0x7f0000000300)=ANY=[@ANYBLOB="000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000300000001000000ff00000000000000d71f1e0500000000080000000000000039000000000000000000000000000000000000000000000000000000000000009e0f0000c70000000800000000000000000000000000000000000000000000000200"/320]) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) gettid() wait4(0x0, 0x0, 0x4000000a, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000002c0)="0f34", 0x2}], 0x1, 0x0) 11:14:07 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000240)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}], 0x3014014, &(0x7f0000000180)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') write$binfmt_script(0xffffffffffffffff, 0x0, 0x8800000) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0) ioctl$SG_IO(r1, 0x2285, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8914, 0x0) r2 = open(&(0x7f00000001c0)='./file0\x00', 0x4e141, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r2, r3, 0x0, 0x401ffc000) 11:14:07 executing program 0: r0 = inotify_init() inotify_add_watch(r0, &(0x7f0000000000)='.\x00', 0x400017e) r1 = inotify_init() inotify_add_watch(r1, &(0x7f0000000000)='.\x00', 0x400017e) syz_mount_image$msdos(&(0x7f0000000100), &(0x7f00000000c0)='./file1\x00', 0x7aca, 0x1, &(0x7f00000002c0)=[{&(0x7f0000000180)="040005090000000066617400040409000200027400f801", 0x17}], 0x0, &(0x7f0000000040)=ANY=[@ANYRES64=r0, @ANYRES64=r1]) chdir(&(0x7f0000000000)='./file1\x00') r2 = open(&(0x7f00000000c0)='./file0\x00', 0x40c2, 0x0) write(r2, &(0x7f0000001400)="bb8f9f640903127a53527c6fbfe65d43b0e0586f2d40c7e7df58cac83420e83662d6e39bb6d5430622431454eedeeaee423d8f210bc3525fa7927c18d5fbc91ab13c2041136047d8da9375934d00f325499bfe77", 0x54) write$P9_RSTAT(r2, &(0x7f0000000300)={0x112, 0x7d, 0x0, {0x0, 0x10b, 0x0, 0x0, {0x10}, 0x80000, 0x0, 0xfff, 0x0, 0xbe, '\x9b\xa1\xbb(\x00\xc5\xd2\x06\xff;\x06%\xaaRK\x00\xaf\xaf\xef\xf8~+\xf8Q\xd0\xf6\x1c\xa3nAVG\xe2\x9f\v\xc0X\x06B\x05Xt\xbe\x03\xcecd\xca\xc6\xa0,G\xad:\xbc^Y\xb4\x89\xf1\xf9V\xca\xd2\xb7\x1c\x80\xac\xcf?\xd8\xb7\xb1\x9a\xc3\x83\xb4\xa0,\xe1\xf48H\xac7\xe6O\xdb\x91\x7f\xb7\xee\xd2\xa7tpdl\xe7\x82\x8c?\xb9\xb6\xa1\v\x0f\xbc\xdb_&Fw\x91O\xf4\x81?:\xf9%VM\xf63\xb6B\xf6Ue\xf8\x06\xd0}~\x8e\xdb\xbb-\xc0\by\x7f\x8e\x84\x05G\x87\xbb\a\x00\x00\x00\x00\x00\x00\x00\xe8\xf39\x8b\x9ft\x11;Ln8`\x1d#\xa6WR\xf0I/4\xb4p\x97\x89\xe9\xd2\x82\x0e\xe3\xba\xc1y', 0x6, 'msdos\x00', 0xa, '/dev/vcsu\x00', 0xa, '\\j}/*/|,\x13('}}, 0x112) 11:14:07 executing program 2 (fault-call:5 fault-nth:69): getpid() syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = open(&(0x7f00000001c0)='./file0\x00', 0x4e141, 0x0) r1 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x401ffc000) 11:14:07 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000240)={0x38, 0x0, 0x0, 0x0, 0x5}, 0x0) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x14d842, 0x0) sendfile(r1, 0xffffffffffffffff, 0x0, 0x80000001) r2 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r2, &(0x7f0000000300)=ANY=[], 0x116) sendfile(r2, r2, &(0x7f0000000240), 0x7fff) r3 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) sendfile(r3, r3, &(0x7f0000000240), 0x7fff) [ 377.649338][T28716] FAT-fs (loop4): bogus number of reserved sectors [ 377.649563][T28723] loop0: detected capacity change from 0 to 61 [ 377.655916][T28716] FAT-fs (loop4): Can't find a valid FAT filesystem [ 377.685303][T28723] FAT-fs (loop0): Unrecognized mount option "" or missing value [ 377.702272][T28717] FAULT_INJECTION: forcing a failure. [ 377.702272][T28717] name failslab, interval 1, probability 0, space 0, times 0 [ 377.715044][T28717] CPU: 1 PID: 28717 Comm: syz-executor.2 Not tainted 5.15.0-rc1-syzkaller #0 [ 377.723808][T28717] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 377.734045][T28717] Call Trace: [ 377.737984][T28717] dump_stack_lvl+0xd6/0x122 [ 377.742743][T28717] dump_stack+0x11/0x1b [ 377.746979][T28717] should_fail+0x23c/0x250 [ 377.751407][T28717] ? kcalloc+0x32/0x50 [ 377.755752][T28717] __should_failslab+0x81/0x90 [ 377.760642][T28717] should_failslab+0x5/0x20 [ 377.765162][T28717] __kmalloc+0x6f/0x350 [ 377.769318][T28717] kcalloc+0x32/0x50 [ 377.773543][T28717] ext4_find_extent+0x21c/0x7f0 [ 377.778742][T28717] ext4_ext_map_blocks+0x115/0x1ff0 [ 377.783954][T28717] ? ext4_es_lookup_extent+0x36b/0x490 [ 377.789508][T28717] ext4_map_blocks+0x71e/0xf00 [ 377.794290][T28717] ? crypto_shash_update+0x13c/0x1a0 [ 377.799758][T28717] ext4_iomap_begin+0x4b0/0x630 [ 377.804753][T28717] ? ext4_alloc_da_blocks+0xd0/0xd0 [ 377.809946][T28717] iomap_iter+0x39c/0x470 [ 377.814277][T28717] __iomap_dio_rw+0x698/0x1010 [ 377.819058][T28717] ? __ext4_mark_inode_dirty+0x501/0x5c0 [ 377.825012][T28717] iomap_dio_rw+0x30/0x70 [ 377.829388][T28717] ? ext4_file_write_iter+0x4a1/0x11f0 [ 377.835000][T28717] ext4_file_write_iter+0xabe/0x11f0 [ 377.840433][T28717] ? ext4_file_write_iter+0x4a1/0x11f0 [ 377.846126][T28717] do_iter_readv_writev+0x2de/0x380 [ 377.851518][T28717] do_iter_write+0x192/0x5c0 [ 377.856282][T28717] ? splice_from_pipe_next+0x34f/0x3b0 [ 377.861746][T28717] ? kmalloc_array+0x2d/0x40 [ 377.866620][T28717] vfs_iter_write+0x4c/0x70 [ 377.871193][T28717] iter_file_splice_write+0x43a/0x790 [ 377.876644][T28717] ? splice_from_pipe+0xd0/0xd0 [ 377.881622][T28717] direct_splice_actor+0x80/0xa0 [ 377.886583][T28717] splice_direct_to_actor+0x345/0x650 [ 377.892177][T28717] ? do_splice_direct+0x190/0x190 [ 377.897201][T28717] do_splice_direct+0x106/0x190 [ 377.902094][T28717] do_sendfile+0x63e/0xbb0 [ 377.906574][T28717] __x64_sys_sendfile64+0x102/0x140 [ 377.911868][T28717] do_syscall_64+0x44/0xa0 [ 377.916376][T28717] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 377.922423][T28717] RIP: 0033:0x7fca7d004739 [ 377.927003][T28717] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 377.946630][T28717] RSP: 002b:00007fca7ad7c188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 377.955053][T28717] RAX: ffffffffffffffda RBX: 00007fca7d108f80 RCX: 00007fca7d004739 [ 377.963015][T28717] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000003 [ 377.970978][T28717] RBP: 00007fca7ad7c1d0 R08: 0000000000000000 R09: 0000000000000000 [ 377.978935][T28717] R10: 0000000401ffc000 R11: 0000000000000246 R12: 0000000000000002 [ 377.986899][T28717] R13: 00007ffff87c0eff R14: 00007fca7ad7c300 R15: 0000000000022000 11:14:08 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000240)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}], 0x3014014, &(0x7f0000000180)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') write$binfmt_script(0xffffffffffffffff, 0x0, 0x8800000) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0) ioctl$SG_IO(r1, 0x2285, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8914, 0x0) r2 = open(&(0x7f00000001c0)='./file0\x00', 0x4e141, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r2, r3, 0x0, 0x401ffc000) 11:14:08 executing program 2 (fault-call:5 fault-nth:70): getpid() syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = open(&(0x7f00000001c0)='./file0\x00', 0x4e141, 0x0) r1 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x401ffc000) [ 378.039415][T28737] loop0: detected capacity change from 0 to 61 [ 378.065846][T28747] FAT-fs (loop4): bogus number of reserved sectors [ 378.072412][T28747] FAT-fs (loop4): Can't find a valid FAT filesystem [ 378.086014][T28737] FAT-fs (loop0): Unrecognized mount option "" or missing value [ 378.130355][T28754] FAULT_INJECTION: forcing a failure. [ 378.130355][T28754] name failslab, interval 1, probability 0, space 0, times 0 [ 378.143187][T28754] CPU: 0 PID: 28754 Comm: syz-executor.2 Not tainted 5.15.0-rc1-syzkaller #0 [ 378.152455][T28754] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 378.162693][T28754] Call Trace: [ 378.165973][T28754] dump_stack_lvl+0xd6/0x122 [ 378.170849][T28754] dump_stack+0x11/0x1b [ 378.175093][T28754] should_fail+0x23c/0x250 11:14:08 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000240)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}], 0x3014014, &(0x7f0000000180)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') write$binfmt_script(0xffffffffffffffff, 0x0, 0x8800000) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0) ioctl$SG_IO(r1, 0x2285, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8914, 0x0) r2 = open(&(0x7f00000001c0)='./file0\x00', 0x4e141, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r2, r3, 0x0, 0x401ffc000) [ 378.179548][T28754] ? kmalloc_array+0x2d/0x40 [ 378.184164][T28754] __should_failslab+0x81/0x90 [ 378.189019][T28754] should_failslab+0x5/0x20 [ 378.193607][T28754] __kmalloc+0x6f/0x350 [ 378.197823][T28754] kmalloc_array+0x2d/0x40 [ 378.202247][T28754] iter_file_splice_write+0xd5/0x790 [ 378.202238][T28760] FAT-fs (loop4): bogus number of reserved sectors [ 378.207584][T28754] ? atime_needs_update+0x2ba/0x390 [ 378.207611][T28754] ? touch_atime+0xe0/0x250 [ 378.207627][T28754] ? generic_file_splice_read+0x2ac/0x340 [ 378.207646][T28754] ? splice_from_pipe+0xd0/0xd0 [ 378.214373][T28760] FAT-fs (loop4): Can't find a valid FAT filesystem [ 378.219534][T28754] direct_splice_actor+0x80/0xa0 [ 378.219560][T28754] splice_direct_to_actor+0x345/0x650 [ 378.251552][T28754] ? do_splice_direct+0x190/0x190 [ 378.256923][T28754] do_splice_direct+0x106/0x190 [ 378.262294][T28754] do_sendfile+0x63e/0xbb0 [ 378.266806][T28754] __x64_sys_sendfile64+0x102/0x140 [ 378.272066][T28754] do_syscall_64+0x44/0xa0 11:14:08 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000240)={0x38, 0x0, 0x0, 0x0, 0x5}, 0x0) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x14d842, 0x0) sendfile(r1, 0xffffffffffffffff, 0x0, 0x80000001) r2 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r2, &(0x7f0000000300)=ANY=[], 0x116) sendfile(r2, r2, &(0x7f0000000240), 0x7fff) r3 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) sendfile(r3, r3, &(0x7f0000000240), 0x7fff) [ 378.276482][T28754] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 378.282511][T28754] RIP: 0033:0x7fca7d004739 [ 378.287106][T28754] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 378.307271][T28754] RSP: 002b:00007fca7ad7c188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 378.315695][T28754] RAX: ffffffffffffffda RBX: 00007fca7d108f80 RCX: 00007fca7d004739 11:14:08 executing program 5: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f00000000c0)='./file1\x00', 0x7aca, 0x1, &(0x7f00000002c0)=[{&(0x7f0000000180)="040005090000000066617400040409000200027400f8", 0x16}], 0x0, &(0x7f0000000080)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') r0 = open(&(0x7f00000000c0)='./file0\x00', 0x40c2, 0x0) write(r0, &(0x7f0000001400)="bb", 0x1001) r1 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r1, &(0x7f0000000300)=ANY=[], 0x116) sendfile(r1, r1, &(0x7f0000000240), 0x7fff) creat(&(0x7f0000000100)='./file1\x00', 0x1a2) sendfile(r1, r0, &(0x7f0000000080), 0x684aa014) write$binfmt_script(r0, 0x0, 0x60) ioctl$FS_IOC_GETFSMAP(0xffffffffffffffff, 0xc0c0583b, &(0x7f0000000300)=ANY=[@ANYBLOB="000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000300000001000000ff00000000000000d71f1e0500000000080000000000000039000000000000000000000000000000000000000000000000000000000000009e0f0000c70000000800000000000000000000000000000000000000000000000200"/320]) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) gettid() wait4(0x0, 0x0, 0x4000000a, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000002c0)="0f34", 0x2}], 0x1, 0x0) [ 378.323851][T28754] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000003 [ 378.331917][T28754] RBP: 00007fca7ad7c1d0 R08: 0000000000000000 R09: 0000000000000000 [ 378.339987][T28754] R10: 0000000401ffc000 R11: 0000000000000246 R12: 0000000000000002 [ 378.347960][T28754] R13: 00007ffff87c0eff R14: 00007fca7ad7c300 R15: 0000000000022000 11:14:08 executing program 0: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = syz_mount_image$msdos(&(0x7f0000000040), &(0x7f00000000c0)='./file1\x00', 0x7aca, 0x1, &(0x7f00000002c0)=[{&(0x7f0000000180)="040005090000000066617400040409000200027400f801", 0x17}], 0x0, &(0x7f0000000500)=ANY=[@ANYRESHEX=r0, @ANYRESHEX=r0, @ANYRES32, @ANYRESHEX, @ANYRESDEC=r0, @ANYRESDEC=r0, @ANYBLOB="73f39f00010eaefda21e7d74e8af2087e742caa95b6fc7ac6ab5cc9d6838fe63f2890e08f4", @ANYRES32=r0, @ANYRES16]) chdir(&(0x7f0000000000)='./file1\x00') sendfile(r1, r1, &(0x7f0000000080), 0xffffffff80000000) r2 = open(&(0x7f00000000c0)='./file0\x00', 0x40c2, 0x0) write(r2, &(0x7f0000001400)="bb8f9f640903127a53527c6fbfe65d43b0e0586f2d40c7e7df58cac83420e83662d6e39bb6d5430622431454eedeeaee423d8f210bc3525fa7927c18d5fbc91ab13c2041136047d8da9375934d00f325499bfe77", 0x54) mmap(&(0x7f00001cf000/0x4000)=nil, 0x4000, 0x600000c, 0x40010, r0, 0x8431c000) write$P9_RSTAT(r2, &(0x7f0000000240)={0x54, 0x7d, 0x0, {0x0, 0x4d, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0, 0x0, '', 0x6, 'msdos\x00', 0xa, '/dev/vcsu\x00', 0xa, '\\j}/*/|,\x13('}}, 0x54) [ 378.421521][T28778] loop0: detected capacity change from 0 to 61 [ 378.434936][T28778] FAT-fs (loop0): Unrecognized mount option "0x00000000000000030x0000000000000003ÿÿÿÿ0xffffffffffffffff0000000000000000000300000000000000000003sóŸ" or missing value 11:14:10 executing program 3: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f00000000c0)='./file1\x00', 0x7aca, 0x1, &(0x7f00000002c0)=[{0x0}], 0x0, &(0x7f0000000080)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') r0 = open(&(0x7f00000000c0)='./file0\x00', 0x40c2, 0x0) write(r0, &(0x7f0000001400)="bb", 0x1001) r1 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r1, &(0x7f0000000300)=ANY=[], 0x116) sendfile(r1, r1, &(0x7f0000000240), 0x7fff) creat(&(0x7f0000000100)='./file1\x00', 0x1a2) sendfile(r1, r0, &(0x7f0000000080), 0x684aa014) write$binfmt_script(r0, 0x0, 0x60) ioctl$FS_IOC_GETFSMAP(0xffffffffffffffff, 0xc0c0583b, &(0x7f0000000300)=ANY=[@ANYBLOB="000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000300000001000000ff00000000000000d71f1e0500000000080000000000000039000000000000000000000000000000000000000000000000000000000000009e0f0000c70000000800000000000000000000000000000000000000000000000200"/320]) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() wait4(0x0, 0x0, 0x4000000a, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000002c0)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r2, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0, 0x34}, {&(0x7f0000000000)=""/3, 0x3}], 0x3, 0x0, 0x0, 0x0) tkill(r2, 0x3c) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x48, &(0x7f0000000300)="f43970da7cfeb6d42fd55103666c5762306aa6000000006e59b65f92b10000c571b846e84785185abde7d01894a79025a799ce07a8bdf0c91d32be313b558a8b5a3ae6a22cd7123b"}}], 0x1c) 11:14:10 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000240)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0}], 0x3014014, &(0x7f0000000180)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') write$binfmt_script(0xffffffffffffffff, 0x0, 0x8800000) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0) ioctl$SG_IO(r1, 0x2285, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8914, 0x0) r2 = open(&(0x7f00000001c0)='./file0\x00', 0x4e141, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r2, r3, 0x0, 0x401ffc000) 11:14:10 executing program 2 (fault-call:5 fault-nth:71): getpid() syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = open(&(0x7f00000001c0)='./file0\x00', 0x4e141, 0x0) r1 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x401ffc000) 11:14:10 executing program 0: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f00000000c0)='./file1\x00', 0x7aca, 0x1, &(0x7f00000002c0)=[{&(0x7f0000000180)="040005090000000066617400040409000200027400f801", 0x17}], 0x0, &(0x7f0000000100)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') r0 = open(&(0x7f00000000c0)='./file0\x00', 0x40c2, 0x0) write(r0, &(0x7f0000001400)="bb8f9f640903127a53527c6fbfe65d43b0e0586f2d40c7e7df58cac83420e83662d6e39bb6d5430622431454eedeeaee423d8f210bc3525fa7927c18d5fbc91ab13c2041136047d8da9375934d00f325499bfe77", 0x54) write$P9_RSTAT(r0, &(0x7f0000000100)=ANY=[@ANYBLOB="540000007d000000004d00ffffffff000078077379c77edea726543b00b143e90300000000000000000000000000000000000004fcffffff0000000000000000000006006dffffffff000a002f6465762f76637375000a005c6a7d2f2a2f7c2c1328cb70e9e9b357bcff6bbde42d7e"], 0x54) 11:14:10 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000240)={0x38, 0x2}, 0x0) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x14d842, 0x0) sendfile(r1, 0xffffffffffffffff, 0x0, 0x80000001) r2 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r2, &(0x7f0000000300)=ANY=[], 0x116) sendfile(r2, r2, &(0x7f0000000240), 0x7fff) r3 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) sendfile(r3, r3, &(0x7f0000000240), 0x7fff) 11:14:10 executing program 5: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f00000000c0)='./file1\x00', 0x7aca, 0x1, &(0x7f00000002c0)=[{&(0x7f0000000180)="040005090000000066617400040409000200027400f801", 0x17}], 0x0, 0x0) chdir(&(0x7f0000000000)='./file1\x00') r0 = open(&(0x7f00000000c0)='./file0\x00', 0x40c2, 0x0) write(r0, &(0x7f0000001400)="bb", 0x1001) r1 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r1, &(0x7f0000000300)=ANY=[], 0x116) sendfile(r1, r1, &(0x7f0000000240), 0x7fff) creat(&(0x7f0000000100)='./file1\x00', 0x1a2) sendfile(r1, r0, &(0x7f0000000080), 0x684aa014) write$binfmt_script(r0, 0x0, 0x60) ioctl$FS_IOC_GETFSMAP(0xffffffffffffffff, 0xc0c0583b, &(0x7f0000000300)=ANY=[@ANYBLOB="000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000300000001000000ff00000000000000d71f1e0500000000080000000000000039000000000000000000000000000000000000000000000000000000000000009e0f0000c70000000800000000000000000000000000000000000000000000000200"/320]) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) gettid() wait4(0x0, 0x0, 0x4000000a, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000002c0)="0f34", 0x2}], 0x1, 0x0) [ 380.677130][T28809] loop0: detected capacity change from 0 to 61 [ 380.694878][T28813] FAT-fs (loop4): bogus number of reserved sectors [ 380.701492][T28813] FAT-fs (loop4): Can't find a valid FAT filesystem [ 380.710518][T28809] attempt to access beyond end of device [ 380.710518][T28809] loop0: rw=2049, want=64, limit=61 11:14:10 executing program 0: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f00000000c0)='./file1\x00', 0x7aca, 0x1, &(0x7f00000002c0)=[{&(0x7f0000000180)="040005090000000066617400040409000200027400f801", 0x17}], 0x0, &(0x7f0000000100)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') getsockname$unix(0xffffffffffffffff, &(0x7f0000000300), &(0x7f0000000200)=0x6e) r0 = open(&(0x7f00000000c0)='./file0\x00', 0x40c2, 0x0) write(r0, &(0x7f0000001400)="bb8f9f640903127a53527c6fbfe65d43b0e0586f2d40c7e7df58cac83420e83662d6e39bb6d5430622431454eedeeaee423d8f210bc3525fa7927c18d5fbc91ab13c2041136047d8da9375934d00f325499bfe77", 0x54) r1 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r1, &(0x7f0000000300)=ANY=[], 0x116) sendfile(r1, r1, &(0x7f0000000240), 0x7fff) getpeername$unix(r1, &(0x7f0000000100)=@abs, &(0x7f00000001c0)=0x6e) mkdirat(r0, &(0x7f0000000080)='./file1\x00', 0x4) write$P9_RSTAT(r0, &(0x7f0000000240)={0x54, 0x7d, 0x0, {0x0, 0x4d, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0, 0x0, '', 0x6, 'msdos\x00', 0xa, '/dev/vcsu\x00', 0xa, '\\j}/*/|,\x13('}}, 0x54) [ 380.734943][T28812] FAULT_INJECTION: forcing a failure. [ 380.734943][T28812] name failslab, interval 1, probability 0, space 0, times 0 [ 380.747748][T28812] CPU: 0 PID: 28812 Comm: syz-executor.2 Not tainted 5.15.0-rc1-syzkaller #0 [ 380.756619][T28812] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 380.766846][T28812] Call Trace: [ 380.770178][T28812] dump_stack_lvl+0xd6/0x122 [ 380.774775][T28812] dump_stack+0x11/0x1b [ 380.779096][T28812] should_fail+0x23c/0x250 [ 380.783650][T28812] ? mempool_alloc_slab+0x16/0x20 [ 380.788670][T28812] __should_failslab+0x81/0x90 [ 380.793443][T28812] should_failslab+0x5/0x20 [ 380.798066][T28812] kmem_cache_alloc+0x4f/0x300 [ 380.802842][T28812] mempool_alloc_slab+0x16/0x20 [ 380.807706][T28812] ? mempool_free+0x130/0x130 [ 380.812412][T28812] mempool_alloc+0x9d/0x310 [ 380.816901][T28812] bio_alloc_bioset+0xcc/0x530 [ 380.821663][T28812] ? iov_iter_alignment+0x34b/0x370 [ 380.826940][T28812] iomap_dio_bio_iter+0x5e1/0xc00 [ 380.831974][T28812] __iomap_dio_rw+0x8d8/0x1010 [ 380.836907][T28812] iomap_dio_rw+0x30/0x70 [ 380.841253][T28812] ? ext4_file_write_iter+0x4a1/0x11f0 [ 380.846795][T28812] ext4_file_write_iter+0xabe/0x11f0 [ 380.852165][T28812] ? ext4_file_write_iter+0x4a1/0x11f0 [ 380.857630][T28812] do_iter_readv_writev+0x2de/0x380 [ 380.862838][T28812] do_iter_write+0x192/0x5c0 [ 380.867542][T28812] ? splice_from_pipe_next+0x34f/0x3b0 [ 380.873106][T28812] ? kmalloc_array+0x2d/0x40 [ 380.877769][T28812] vfs_iter_write+0x4c/0x70 11:14:11 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000240)={0x38, 0x2}, 0x0) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x14d842, 0x0) sendfile(r1, 0xffffffffffffffff, 0x0, 0x80000001) r2 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r2, &(0x7f0000000300)=ANY=[], 0x116) sendfile(r2, r2, &(0x7f0000000240), 0x7fff) r3 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) sendfile(r3, r3, &(0x7f0000000240), 0x7fff) [ 380.882281][T28812] iter_file_splice_write+0x43a/0x790 [ 380.887840][T28812] ? splice_from_pipe+0xd0/0xd0 [ 380.892757][T28812] direct_splice_actor+0x80/0xa0 [ 380.897726][T28812] splice_direct_to_actor+0x345/0x650 [ 380.903310][T28812] ? do_splice_direct+0x190/0x190 [ 380.908329][T28812] do_splice_direct+0x106/0x190 [ 380.913201][T28812] do_sendfile+0x63e/0xbb0 [ 380.917642][T28812] __x64_sys_sendfile64+0x102/0x140 [ 380.922861][T28812] do_syscall_64+0x44/0xa0 [ 380.927287][T28812] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 380.933215][T28812] RIP: 0033:0x7fca7d004739 [ 380.937645][T28812] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 380.957254][T28812] RSP: 002b:00007fca7ad7c188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 380.965667][T28812] RAX: ffffffffffffffda RBX: 00007fca7d108f80 RCX: 00007fca7d004739 [ 380.973631][T28812] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000003 11:14:11 executing program 5: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f00000000c0)='./file1\x00', 0x7aca, 0x1, &(0x7f00000002c0)=[{&(0x7f0000000180)="040005090000000066617400040409000200027400f801", 0x17}], 0x0, 0x0) chdir(&(0x7f0000000000)='./file1\x00') r0 = open(&(0x7f00000000c0)='./file0\x00', 0x40c2, 0x0) write(r0, &(0x7f0000001400)="bb", 0x1001) r1 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r1, &(0x7f0000000300)=ANY=[], 0x116) sendfile(r1, r1, &(0x7f0000000240), 0x7fff) creat(&(0x7f0000000100)='./file1\x00', 0x1a2) sendfile(r1, r0, &(0x7f0000000080), 0x684aa014) write$binfmt_script(r0, 0x0, 0x60) ioctl$FS_IOC_GETFSMAP(0xffffffffffffffff, 0xc0c0583b, &(0x7f0000000300)=ANY=[@ANYBLOB="000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000300000001000000ff00000000000000d71f1e0500000000080000000000000039000000000000000000000000000000000000000000000000000000000000009e0f0000c70000000800000000000000000000000000000000000000000000000200"/320]) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) gettid() wait4(0x0, 0x0, 0x4000000a, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000002c0)="0f34", 0x2}], 0x1, 0x0) [ 380.981605][T28812] RBP: 00007fca7ad7c1d0 R08: 0000000000000000 R09: 0000000000000000 [ 380.989639][T28812] R10: 0000000401ffc000 R11: 0000000000000246 R12: 0000000000000002 [ 380.997686][T28812] R13: 00007ffff87c0eff R14: 00007fca7ad7c300 R15: 0000000000022000 11:14:11 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000240)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0}], 0x3014014, &(0x7f0000000180)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') write$binfmt_script(0xffffffffffffffff, 0x0, 0x8800000) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0) ioctl$SG_IO(r1, 0x2285, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8914, 0x0) r2 = open(&(0x7f00000001c0)='./file0\x00', 0x4e141, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r2, r3, 0x0, 0x401ffc000) 11:14:11 executing program 2 (fault-call:5 fault-nth:72): getpid() syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = open(&(0x7f00000001c0)='./file0\x00', 0x4e141, 0x0) r1 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x401ffc000) [ 381.075302][T28847] loop0: detected capacity change from 0 to 61 [ 381.117689][T28852] FAT-fs (loop4): bogus number of reserved sectors [ 381.124272][T28852] FAT-fs (loop4): Can't find a valid FAT filesystem [ 381.139293][T28847] attempt to access beyond end of device [ 381.139293][T28847] loop0: rw=2049, want=64, limit=61 [ 381.155554][T28847] attempt to access beyond end of device [ 381.155554][T28847] loop0: rw=2049, want=72, limit=61 [ 381.166998][T28859] FAULT_INJECTION: forcing a failure. [ 381.166998][T28859] name failslab, interval 1, probability 0, space 0, times 0 [ 381.167838][T28847] attempt to access beyond end of device [ 381.167838][T28847] loop0: rw=2049, want=72, limit=61 [ 381.179791][T28859] CPU: 1 PID: 28859 Comm: syz-executor.2 Not tainted 5.15.0-rc1-syzkaller #0 [ 381.179814][T28859] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 381.179824][T28859] Call Trace: [ 381.179831][T28859] dump_stack_lvl+0xd6/0x122 11:14:11 executing program 0: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f00000000c0)='./file1\x00', 0x7aca, 0x1, &(0x7f00000002c0)=[{&(0x7f0000000180)="040005090000000066617400040409000200027400f801", 0x17}], 0x0, &(0x7f0000000100)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') r0 = open(&(0x7f00000000c0)='./bus\x00', 0x40c2, 0xb4) write(r0, &(0x7f0000001400)="bb8f9f640903127a53527c6fbfe65d43b0e0586f2d40c7e7df58cac83420e83662d6e39bb6d5430622431454eedeeaee423d8f210bc3525fa7927c18d5fbc91ab13c2041136047d8da9375934d00f325499bfe77", 0x54) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='net/ip_tables_names\x00') getsockname$unix(r1, &(0x7f00000001c0), &(0x7f0000000300)=0x6e) r2 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) ioctl$LOOP_SET_CAPACITY(r1, 0x4c07) write$P9_RREADLINK(r2, &(0x7f0000000300)=ANY=[], 0x116) sendfile(r2, r2, &(0x7f0000000240), 0x7fff) syz_mount_image$nfs4(&(0x7f0000000340), &(0x7f0000000380)='./bus\x00', 0x86, 0x5, &(0x7f0000001600)=[{&(0x7f00000003c0)="1c444da5a27e09c62e62146a909562dcc6f2293a7d8a3e852e20891e29180de185", 0x21, 0x6}, {&(0x7f0000000400)="b5112fba74edd3207bf649e7c574f12b7655df51c45897aac76e5458c52cee5ccc997788b51005e3404841224f83aa73a833b0e819afb0ed079d8bb4861f266489e17673d1c5c1692e58d33188ba564657b3cd4ab47498ca72588778b762d74706b6971f15301781cfd2d7f4b081e181b77ff548d9a40e4c258bc315b57cb60cde290bb60b9eb00146d8ee9e857ed634e14418e5bf3c9ceaa4df01845dbc1eab1e06838db42f62132764003a2547c2307d89420c1b2994476af2eccb46819c24d5f003a8363f513f24667a087c7812eeb0be233fc21f2111354d25a6a54f64846e4235f0ae7df6e5208de7c28d90adaaa8ed47520eafaafe58fe9946793081c8a649ef71f48a629e203bf0b66cad8a554548c0eeb9c545c27fe3c9f77d429671f8e651657d56d5e994f7ca518fab8ebc52b44881e06895ae617c3281cb3e17064c6f8509ceb7bb1536fd71770462b9a7a6158b28d2bc9bb48992e2982fb909eef9793ad4c352a138dfb01f55d571ecf877bd7d867c17c5f51c8d6478b26969c887dd2b0c4755f18284e363b1c8c4b6da74f6e132a5627885e558c9102d7a71ccf7662a291e0ecbcf09461207a5f9df0bdd0b3390ff0ecd10ab1ce7413dcb4c723c2467fde0f14ffacdb412a5f79ab0488fa8f1dfd5889fb3e4cf8a2cddd00e3cdd165eea040cb2099a1754ebe46f41a774e8cc1e425bf6607b3bdd430a094f28b7083ae891e8283a59493055d691adb52677722fbf824821152f13e8e32804d318f079ce3e4afffe4e1250d1199af12eb4981b8cc5a277f22ee19d6dd09971bd1f661fd91742455ba18ab6af0b09c44526d58eaf22dc984052e7f9bd3d088a6fb8d5d0ff15a5dc17abd279a80c21e48043d9caff2c5bfc68a63308e482c3ceb892ef46329781fa053e5eb0b4fc5ddc11fc37c544bcf742f81f1097ead1ef2840bbea69b3f866cca7ddb98952cb84c1c87fc4b1df9db7d83d2790beca697d40e6c1742a48c016909de3821098c21f4d03f1326c41a2ee3e758691c9c821aea68f719a5ffc7e868ae68bd26e0fabb305ef80f5fc1e26a1f757e89b9cb1a7031b5faef876804ea56e1ec47c76028bcc3acdb1fa1456122530922d461477d673b682a62a1fa96f11c26d8790389061f617b4913c2f3bed5f5c344b73b8f6207d1e6070e988ca0abc87978015a32afd7d431aaa66b92e88c1409d593ad02fe08dd26a8e1647823a847ab97c429d666bc85ed0b778c389c55a685bfa74caf7eaa392dd67953f475502449160718598901080216dda70269b2c2f5b8170df7bf213632881824093fb770d78f590879b4d8b96cf5646133b6f941b5639c051b80bd572ba41b99874323fefb7ed47e5943b5575b8a33efba65f860cad2b48fbc2012be8d5e01c3eb4979371c258ea43928cd8881a8553cc045ff60b6f3e55e39b8a1c7ffc55ab1e1a2df170009dfba342aa860ff86ae288758f1cb51a3aabbeb3ced73e76f119f7f4476120fe463feb0b1187bb452b9809f5310ec4a63c11bd15606f32f4cbf02634489f68f74ca05f9c65622593483d07cb25001c03d35d59ad334da5fb23e54f4b16b0fc9ae68a8fa7c18d43f8e10146070582a590e88f2a818e6f9b77c0304702d4c459b76e4b46e391dcd24675822204eaccf57272fdde553102cd9f888cb38769e088d1e5371fea85b7598afe0f32627094b85f60ef4ec5a4d7fa4fa4264629e14bacc629b3685ed9f056b6930cb8c5cf2ea896ebf62c6858090e07a7ea7193275a8b4a0bdbfcf720dd3de50ca660fbacd98c91d3efd41581b5194304ef06c56b2c9de829c7a8af1f4be5ffc1068abcd1052f98905cc50cbfeb6cd06c952a498c20b9989d4b4380d31bdb30a85e5b9ae386d7a78f10080cb9b7162cdf8a94887bbcf54f78ab2168c9655eb2eac70e4dd63ff75193e95106a080c1d38bbebd5670941fe07f4a5fe47a6e1b57f5373b6171464329e0fb01661a770fe92200aab618c7ef2c20201f8c77a6242db3f06c346231f9a52b26416761b03c4330fe4c2cc1716375881628dcd2751d780541ba3b49aa7ee20bb667ff785721e8a146926ce7eb4d34a2fd55b98d03a8b2c868b00b8449a7a73bf3aa53016ccdbd4bd3540dc814bf0808708ebc78d82b7be218110cc057b50dbaeb57ef0b8306be674c3a5c73b95282225b8b21a018846f8a182a75598782d7a87a80b485910627b9597bbcfbc1bd1ddf76f0016235a3100f683b8acf99cde4e1990d45acbbf1bc4ce712f22d54493091d3a294e541d29c80ac8ff47f862c33a55c46ab844862b45d09e23c3e473f944c362bfc8daf792cb613344d7226ae598c3dfd2dbbb8e40c71ed2c83c392448a69cb0712edd6bc3b812cf6dcc5dc6d2c3edd367ffba99bef1dd925b4d4cb2846458ac3a7c98743858038c9712dde7437d3e1c35c297870405e558cd1ec4544656c9b5d288dbb5002e9e84d97ee8d7b36c4cd7fe429287a69e20f6b84d0dd0015f281d73b2fd4b342406dd73edabd863206e6c6c0bf4677b30896a07bed48289b45dad5dca6640e05ce99afaaf02b19b27270202ff99a672995d1410cc1054dab8a11d959a4dc479933721f4beba358a9130cde480a703d4bfb81fb63e45be3d9c0dd902d22eaa0fd62ade2beccbae51c1f66e82349fe85d78b8671fb201d6e55fa4d0c65f66a4823bae8c6b4426edfd0f01242ebe8fa80e6c2e05dc16e2cbf4ca4d0bed14997e98d6bcc8710099a39d49a71d8c0c904039cc516b57198ba2ce6d75f45ffe5595c86b62c26fbf4cb1cbb30979163288b5bce443e8e3a054cbef48132c53eca44d0667799b6fe18306f24606d0177a09ca47303949e665eddba9c56e359f68b4d562e5a4f44cdb6ca822c3c33e839eb6b17e3408c9a99b03e330f482ec39935dcbf7df4c3d1e9256b2a3451acda4e34c74cb04b600597953e60bcb0c82aad33a24c2f9245dcc55568ac899f3564dac6719a936c8880e85fabac6019a2c8572035ec1f630d8dbbbb9a699ec418cd9cb129a9084a9c0a55781e3d0877ab87883cce6d0fefb6fbca82a3f417d07b0191f7fc91017d36a5c175008bbf46e113a5208c0b8f4efe6b2d5a3b11a0e5b2156b8c3a5335757ebfb56453cacaa83c05be029ba08348550a34f7c4edd2421d0aca48480dba8f98686542336069f15c941e13a1b711e2788b0161b4a64b327f6081f7af514153a41d79905dbbd8f0677fef4e5dd826a0f9706342cb09f87a8d63549f263c73087f041998de10c7b6ffdbb1c02ff0971b0afec877247506f00c8aed11a61c1dd38194be2f69d096cfaed5670984ca359899f7f424117424892fac54d6ad0b2f3ffdcaada2567e9f0a777093af79b4da0044c65aa6e6ddb246e062879d98e8f4b503887b03e336ae799af47300c02e77a1fa47fa8191d1af7897db8123a4f703e030c2bdd0d04f7f28a9d5a66d3e96c5749d819065cda99fcb24291e155ed706104a6150883d15d17e76e037562c37b6e3583d8b704a6fea3090604fbc88732c09b9512b51661ae81f4e830134906cc8a2554caad42203517b34477c1993887af13f39f92d20004b1bf150aa18e03cbd0ddbb42714c9325549c92849f351f99e3c556b091e6fb1e157c08c49aefcacf39f2f7bf8e5b59a405f4763033c1bfd34d5aa4504143619f639b64b5431e20c93b7897fadef9f8e3004d0267604aef7cdc937ff56d1deadca08e32638a12cdc667f83cb80772582bad2f3b05cffc65df5679bde7698d9f526e10a7998635c16ddb787edade62e17885b53e8283b4d717ad8a791dd38e24d8177a3450e2370d48949bdf617257d59efb48d849b1708d2034df485e03b122dc341947c4a54017d3b139e051cebf2dcd9ea4b129261ff348252edadb5aaad52e795b8199d1e2a9862e20584d3cf467eea6321e07afec692e9fe4817c2aa60e14a328ed968092422d6785d6d94353ec1e5fd305ddce46c16b13bcd90197ade94da924f872be594d442f3478962ce0b41f4fe628ad491bcb63c8b0894bd2c451e8c9cf36676a5f42ce0ad61aba6b8bb814b769937420483236038d4030f0aaa777f9883c075d3dcd497c73a9b4221dbd728586b37c65ede9fe4e5839c645f88ed39baaea5708bf05d79006563559b0de0e5326bf78a3e8079e95f4c461c17b6c4e73731bbf1ad05820913d09bb6eeac07d7b124f71bbc2fa01387146a996ea41c646624213315cce2d348144e2cc619c574a3a41c19e33df5333e9c19090021a05573debe13539077d67c9ae82f477b5ccb7f713a3d41152d7893a4c254a41ec5a79338c74eb9958b068780d87d8f54ffad6f5bacefc6e12b3320d9adf6d14a103f5cde68b3091c22f90978580063eac9c56bf39f43b358c0defc4472dbc9e8f461438264bf65fd855991d8b369df2f9699c0e4707f092d6f1e20e75bd8c7b9069d3dc64350224040313becfb17d93c00c148c0cdb4c6cd7a10ed3244b9b1d3bc2fe8e4b5e6c20bd23f13607b8119f9c94c801db1e28c89243323456a788cb504199b7ec0296c4b143073def936bba5e7c8b75da7bf9fa4d34c4112266d959c770fbad75c994898951f965294e2bef15fef57168120f972c2496e278be706bb3fa67e1c3d8076fa1aadba2b49003717a9fca95c07f960c40a4f7e0d77201195fdd46ec47f5dad159f773689bce8d1fe0d793418d4df568c99d8fa0d60148fbd174142eba600f0431c3fd226f698e8ae23fa8a6e70cab33e9e75e7b72e03adb6d15f7d8590bd6e4bbaa3e48018412148d2578224fd6385f7e784a1a99a5dc9c17ac8279a4c7aa42c04e77b8d7b9017889e04cd9aa328bd39f27cfecc0676f66d179210d0ebb2489b106e57769512c5f3c8bb9272b946a278475d48a81ea7c637866640e69457d6b86ad294cfec22330d007ab3d3c0c4ac90ac4c0576ee04e033247f4c78d37b9c743c9a87dc5448496cc4cf7bf29dbb77e87c7ba233b6f46bac2a199dfd870d1057ecc2afd27d27f4e6a1721275a77c00f0e479fa014860b7fbffe02e644eb5ffe3ce1d1f1ac466cd196caff965e03b8d4d29278ba1222b8dee62739e554be9ab395fe2ed4939272d5432bae65e04893de6775adbeb2ff6ba890497d94981c45a2a141b0fcfe7757e0a8151d0b7c2d1d29cc44e47a7d5bd60e7ef66904a72b7f911fe6f047a262ab1c86ee924d389135bcf6025c029834ddb27c8fbe2364dac45e032fcf457cc6a60bf328285af149f0b097a0cb3ca525ffab9540b3ef6321e4428d2d936fb11fed75dd1464ab1669e8445d68abaefa8b3dc3aab3d41f724e305edc1e839018ec741e1f46d40192c9949168429cccb96061b069cacb430d860c649278fdc1db4d0ee34f8aa374edf1397358a0f08194a09dcf9003df0d39e14c714215758f33704069ec4b63ed524ee5ad2300f30468759034529278656fe28d3226dbf792084e11cecddba8a1f76455c6e82cd0978303fe36dfbb0d723df7b845794318624ec660e6485adf3e143e2886479922987f0f90a7bdff01650156fe77213fbd7048fa7bb6e60247e6529c94393eaf97c648eb6e7c90ab0d4cad47957770e324bb7c26cfcfe225369530000eae4561ab4225a7a20321fb007156c82ebc6ad5e8ccb0c74a7cd11d72f3b5ab8162cac7382d059dac05126f8e0972b0acb892d52183680bf3c7b3e79d8e420e21cf869c0b43f7784345873043d2ccc75355985dca061dd5bf9e3c22e1f6e777bd90ea77037fac57b08749b3991cca5b6cb01081edff43c7e17dd74b311b0974ba4746127", 0x1000, 0x80}, {&(0x7f0000001480)="1151c062966cb7ec848ed1c6c815a419241176104f9e0ff33015ef8d46057ab7122d869c483032a0869f252684df0d", 0x2f, 0xfffffffffffffffe}, {&(0x7f00000014c0)="33cf85a3620d45b311429642c5568299acededbe12772ad856f78ba2bd10999f9cfa2f1c951de2fe7aca4fd502a275d743b68cbc0b1984f00fd9541160ced2e91e7aad7cf50096fb9ceb175b2bffff66e99b98d885a283f068c9e73f1eb014f50561886c5b9734a222a2f353c9159cb0eda8fa0aa32e3a4acc6aaa87d92baeee7c9b835be7047620af269066c24f", 0x8e, 0x3}, {&(0x7f0000001580)="67daf9b451cbd77eaf6538a6f3c0d8144eef0125528dbca4abe7dd6b48f99cd9d9bbe6eaf76a2afba28bc20e87a818b8c21bb5ab36949d38655c9a285c0e39f92b985e2a", 0x44, 0x15}], 0x80, &(0x7f0000001680)={[{'\\j}/*/|,\x13('}, {'\\j}/*/|,\x13('}, {'/dev/vcsu\x00'}], [{@hash}]}) futimesat(r2, &(0x7f0000000080)='./file0\x00', &(0x7f0000000100)={{0x0, 0xea60}, {0x77359400}}) write$P9_RSTAT(r0, &(0x7f0000000240)={0x54, 0x7d, 0x0, {0x0, 0x4d, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0, 0x0, '', 0x6, 'msdos\x00', 0xa, '/dev/vcsu\x00', 0xa, '\\j}/*/|,\x13('}}, 0x54) [ 381.179854][T28859] dump_stack+0x11/0x1b [ 381.207093][T28847] attempt to access beyond end of device [ 381.207093][T28847] loop0: rw=2049, want=72, limit=61 [ 381.209394][T28859] should_fail+0x23c/0x250 [ 381.209421][T28859] ? mempool_alloc_slab+0x16/0x20 [ 381.213230][T28863] attempt to access beyond end of device [ 381.213230][T28863] loop0: rw=2049, want=72, limit=61 [ 381.217284][T28859] __should_failslab+0x81/0x90 [ 381.217312][T28859] should_failslab+0x5/0x20 [ 381.217333][T28859] kmem_cache_alloc+0x4f/0x300 [ 381.266439][T28859] mempool_alloc_slab+0x16/0x20 [ 381.271289][T28859] ? mempool_free+0x130/0x130 [ 381.276066][T28859] mempool_alloc+0x9d/0x310 [ 381.280571][T28859] ? crypto_shash_update+0x13c/0x1a0 [ 381.285848][T28859] ? pagecache_get_page+0x7aa/0x910 [ 381.291144][T28859] sg_pool_alloc+0x74/0x90 [ 381.295610][T28859] __sg_alloc_table+0xce/0x290 [ 381.300364][T28859] sg_alloc_table_chained+0xaf/0x140 [ 381.305646][T28859] ? sg_alloc_table_chained+0x140/0x140 [ 381.311362][T28859] scsi_alloc_sgtables+0x184/0x510 [ 381.316914][T28859] sd_init_command+0x952/0x1610 [ 381.321835][T28859] scsi_queue_rq+0x10cd/0x15a0 [ 381.326636][T28859] blk_mq_dispatch_rq_list+0x63b/0x1080 [ 381.332179][T28859] blk_mq_do_dispatch_sched+0x3b5/0x640 [ 381.337717][T28859] __blk_mq_sched_dispatch_requests+0x1eb/0x290 [ 381.344009][T28859] ? rb_insert_color+0x2fa/0x310 [ 381.348936][T28859] blk_mq_sched_dispatch_requests+0x9f/0x110 [ 381.355008][T28859] __blk_mq_run_hw_queue+0xbc/0x140 [ 381.360203][T28859] __blk_mq_delay_run_hw_queue+0x163/0x2f0 [ 381.365998][T28859] blk_mq_run_hw_queue+0x22c/0x250 [ 381.371158][T28859] blk_mq_sched_insert_requests+0x12b/0x1f0 [ 381.377116][T28859] blk_mq_flush_plug_list+0x302/0x3d0 [ 381.382481][T28859] blk_flush_plug_list+0x235/0x260 [ 381.387626][T28859] blk_finish_plug+0x44/0x60 [ 381.392220][T28859] __iomap_dio_rw+0xca7/0x1010 [ 381.397016][T28859] iomap_dio_rw+0x30/0x70 [ 381.401443][T28859] ? ext4_file_write_iter+0x4a1/0x11f0 [ 381.406910][T28859] ext4_file_write_iter+0xabe/0x11f0 [ 381.412198][T28859] ? ext4_file_write_iter+0x4a1/0x11f0 [ 381.417676][T28859] do_iter_readv_writev+0x2de/0x380 [ 381.423065][T28859] do_iter_write+0x192/0x5c0 [ 381.427747][T28859] ? splice_from_pipe_next+0x34f/0x3b0 [ 381.433213][T28859] ? kmalloc_array+0x2d/0x40 [ 381.437803][T28859] vfs_iter_write+0x4c/0x70 [ 381.442334][T28859] iter_file_splice_write+0x43a/0x790 [ 381.447713][T28859] ? splice_from_pipe+0xd0/0xd0 [ 381.452589][T28859] direct_splice_actor+0x80/0xa0 [ 381.457529][T28859] splice_direct_to_actor+0x345/0x650 [ 381.462982][T28859] ? do_splice_direct+0x190/0x190 [ 381.468017][T28859] do_splice_direct+0x106/0x190 [ 381.472905][T28859] do_sendfile+0x63e/0xbb0 [ 381.477372][T28859] __x64_sys_sendfile64+0x102/0x140 [ 381.482710][T28859] do_syscall_64+0x44/0xa0 [ 381.487122][T28859] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 381.493032][T28859] RIP: 0033:0x7fca7d004739 [ 381.497467][T28859] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 381.517176][T28859] RSP: 002b:00007fca7ad7c188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 381.525580][T28859] RAX: ffffffffffffffda RBX: 00007fca7d108f80 RCX: 00007fca7d004739 [ 381.533672][T28859] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000003 [ 381.541814][T28859] RBP: 00007fca7ad7c1d0 R08: 0000000000000000 R09: 0000000000000000 [ 381.550089][T28859] R10: 0000000401ffc000 R11: 0000000000000246 R12: 0000000000000002 [ 381.558208][T28859] R13: 00007ffff87c0eff R14: 00007fca7ad7c300 R15: 0000000000022000 [ 381.637869][T28872] loop0: detected capacity change from 0 to 61 [ 381.655206][T28872] attempt to access beyond end of device [ 381.655206][T28872] loop0: rw=2049, want=64, limit=61 [ 381.667081][T28872] attempt to access beyond end of device [ 381.667081][T28872] loop0: rw=2049, want=64, limit=61 [ 381.678812][T28872] attempt to access beyond end of device [ 381.678812][T28872] loop0: rw=2049, want=64, limit=61 [ 381.701063][T28881] attempt to access beyond end of device [ 381.701063][T28881] loop0: rw=0, want=64, limit=61 [ 381.711994][T28872] Buffer I/O error on dev loop0, logical block 31, async page read 11:14:13 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000240)={0x38, 0x2}, 0x0) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x14d842, 0x0) sendfile(r1, 0xffffffffffffffff, 0x0, 0x80000001) r2 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r2, &(0x7f0000000300)=ANY=[], 0x116) sendfile(r2, r2, &(0x7f0000000240), 0x7fff) r3 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) sendfile(r3, r3, &(0x7f0000000240), 0x7fff) 11:14:13 executing program 2 (fault-call:5 fault-nth:73): getpid() syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = open(&(0x7f00000001c0)='./file0\x00', 0x4e141, 0x0) r1 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x401ffc000) 11:14:13 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000240)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0}], 0x3014014, &(0x7f0000000180)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') write$binfmt_script(0xffffffffffffffff, 0x0, 0x8800000) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0) ioctl$SG_IO(r1, 0x2285, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8914, 0x0) r2 = open(&(0x7f00000001c0)='./file0\x00', 0x4e141, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r2, r3, 0x0, 0x401ffc000) 11:14:13 executing program 0: r0 = syz_mount_image$msdos(&(0x7f0000000040), &(0x7f00000000c0)='./file1\x00', 0x7aca, 0x1, &(0x7f00000002c0)=[{&(0x7f0000000180)="040005090000000066617400040409000200027400f801", 0x17}], 0x0, &(0x7f0000000100)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') chdir(&(0x7f0000000140)='./file0\x00') ioctl$EXT4_IOC_ALLOC_DA_BLKS(r0, 0x660c) r1 = open(&(0x7f00000000c0)='./file0\x00', 0x432082, 0x21) ioctl$SNDRV_TIMER_IOCTL_GPARAMS(r1, 0x40485404, &(0x7f00000001c0)={{0x0, 0x3, 0x2, 0x0, 0x3f}, 0x2, 0x1}) ioctl$SNDRV_TIMER_IOCTL_PARAMS(r1, 0x40505412, &(0x7f0000000240)={0x1, 0x6, 0x3, 0x0, 0xc}) open(&(0x7f0000000300)='./file0/file0\x00', 0x2000, 0x108) write$P9_RREADLINK(r1, &(0x7f0000000540)=ANY=[@ANYBLOB="01000000000000000007002e2f66696c65300000000000000000"], 0x10) open$dir(&(0x7f0000000080)='./file1\x00', 0x6cc2c3, 0x103) r2 = openat$vcsu(0xffffffffffffff9c, &(0x7f0000000500), 0x408840, 0x0) r3 = accept$inet(r1, &(0x7f0000000680)={0x2, 0x0, @private}, &(0x7f00000006c0)=0x10) write(0xffffffffffffffff, &(0x7f0000001400)="bb8f9f640903127a53527c6fbfe65d43b0e0586f2d40c7e7df58cac83420e83662d6e39bb6d5430622431454eedeeaee423d8f210bc3525fa7927c18d5fbc91ab13c2041136047d8da9375934d00f325499bfe7712208d387d41c31821c2a22d1325b556528e9b790b74053d1ed631c6ec8126d37c87216173138c00cef396868029af5b76bebac5e38b74d8bbc6ae66b6e202b6d505710377710ea7d43edf00e1a4c1c670bb4c263ce777da81abdd5ba5a5c82f67232f9b4d6f21b2e6afa8b38e4642b0daa2acbc0478d89b88e8b2094d4248855e5e81992e60be3afff0f3c3799350615489a901a659abdeca0c615a622ebf64175f990320e0356d4a11ed62eff72b709c23dd65942e8b534d7d775d370c1e435654a2634e6ee3649c4c3bcbe39e866f1eb9972af1a9cef42e701798a53dc92a242aadbac343e1765cf8ea5665e22deda69777e52b1e9e5d3edc022256939e1eee013448294911139d5b9c6241049fecdf9b31f4cdf6cff65d71b5071ef70e1798347c8846aa5b905e83050e3e606986ed3f603d18c5cdeb11cda1ce3abddea9376231af130e19fc7601ec1ab8cb5a7de9e2174547f18225b09a54fc8720dbb91eb69c1be88e601c3c9df4f2758f39a5151951b9c6dbb419ffd783a34c9fad10f201b8724d31865e2fc1fcf48db2be713053b43a0e3943c1e2b08e8a26e946c439d891db2a80b5ffa054bc8d0177d3214056250c61a537d2ec7630fb90395df2cd6aa9c5e573365db580520bdc3f1c6b2be992e1516a4b810a11935dc780699e461d9715f70c6d103ff49bf168f3cff4c0d0d6ba5671fcd2975450b0e1a3474139cb0f2d3476fcd87a8bccbeb2f5f8a821017b879aa5b9d1fafa9f4c429a74cd2da782114d97bf031746a817dd0293c4eddc3a9ecb5afe496f4971474ccd827449409f07cf94dda2e7dbe8520b5afff10a7e3b0b4289a167fc692635b5b7426d9e771b95860b09a3e752c867213c772e48ba30a78feecc7ff26e63e1749c62b52d377ac5cc52db830c965e04ccfcfb24ceacc69cfdc2094124dd27b2d68f699476a2562bab1de117ffc2b0702ee8b0b77f85fecec3a25b37ab7eb06232c9a73b4470f1727c82581d81942abf42d3ea37957927ad3dbd0ebe46678a9f4d25c47acaac83c14210a54b71fed40df017e2be27f01e3e6ea3ea381ca14efd202858e6535ad4f79a8cdf47e385b740a70c14e3651731a45cc0ca4a56f2e903cad0384efcc364caf67e09551d35c682ebc90a9286c4d274ba1b8ced742ede4e55a62db7ef9a96fde2add05b41599fd72a79ba280cc125cb266ef21b7eeafe3ee6aa78eef33fc66454549c3ec298cb683a55a32208cf6ce88b560166159d59e65f30540f62c5437652ea7f2a02f87ca242dd2250f58e75938a9a3ded51ae6598c2aba53287ff5cdaab17be7f4310f8e07e310d52778de79e1c2e4391b254be38910aa1cf6e1ca0e75d24be97d59f7025f16c6fbd549529b74e319c58f50438765ef0e3dc394eeb75dec41b3d80435b17520c97f5cd7ee692fb86d188fb0089fbf737dc1b96b9cc49be23a38a8cd92e5075f349993d7866369dd25eccbe1481477a05fee14e0edd1617921d7fcaa8fdc642e63b64388fa5b63442ff1466b1938d02546750b01ed9c980282ccbe10f204741249aed88c555ed6fdf7f68af9209807a71bbf4f31bef5a4223466da74ba8b034df529aef6ec6610a0d25973961e50e02af22d0ca8be1b9804a5918acbdb536e8f2f441ec9d640ed15133ee747440c86fc4526c9195954528673d25c8390170f3c19cb0b0c30b9e634c7ebae96946ae97c19eabca92226da925d22be37abbe0740938ea899ec42fd529a3b1063981e4c154219df5cf5af60a29b5a8ee530905725a14b28900eae937e705401ba8f632a7bca00d9724a992afdc9ed14aac71b8e3a7ee5ca095888feb195b4e083c3b611a1c2f8d092febe3b9f5f0df61e8d3c31a643c935b76bc1ad4265164e755484beb06610510bc51e8c6da8d71123bbe83a5e4128f41cf5c486d6a60496c300c406f990bee485cbdef794f2663ee66d2b18d8e55210c25c04b1a0c6d9c5f904e72806d2d4f5e5439bcdf146343cdffe4d0d70d42a9959cff9bd50c37cd478b0b0add16aae4dc839b46bca2ac7547144b6a422aed5e2db661bcb31a82bc0fc678e71a6cb090ef772860f3008b4152b5d281033be4a77b367baec3ab8ce7c83c601b11c8199bafcd15161a5454a6a982dbc3c2e3a5172b6a63e4904817075754eccbb0188c9cb2e5da9600f567485014887463b40f189b7ec3c5c0f36d502509e402c285765c78417ce6b3aab130ee79622dcd8ada842233e73a14554ee5e4995e32b3fe4075e247eb9bdeef64d1a7436c9b5782fb2f84f74e4c6e976289729c37b5bb8200a9480d181a6b11f5ec229b818134b8334967ae935ac1d81be4776fae4cb68b6fa330e93bd8de388b38455d569159bcd166df030a6dfedf28caf4608de7243f5df2c76f6680c301d819dc67d24d2f780432a931700a253b0a5b075195c6dbfd1fe17a1c11a3dffa872a07b877adc66d069fffb6d8326e1998c5a337c3d530250cae335ceffcf81dc438a47e73490d050a053813dbe6674e42c91ae94b4a88144f36adc1b08b4bcd6ddf4058c4e08d4dc83d5fbd843ee27eaf50b297c220350260d9abbeeb6deb921e50cae0ea590cfb6f00fb3c71520f565bb769705e2481ef27cf537d29f163c9fe3d39ed9fd18dc8b0c976cd302283e430807a9d751357f89092532d89fe280c69ad36e3541b5da9dea13fd19d0434c760fe295dfd9b9e63453c7853914c50b1b77ccd4b33c8b1f31fcb1aec040ffe2f9d728d8ea84297bac2e22230ebd1488c503b05b2e433cc37ce9fc123b7d3eb244b4549e9a841e73b664c8f6621ea5a4c9ff9c1da032255311f2c063a682baf4c97e7ba552bf71af4bd64f43872b846d15c65c487089be272cfa24a33f8c50930ea0bc4b089505fb8e97ded0e7e64a5ce897da6b940df4c3dddb8b4871d773f6ebf02058518c55c19aadb0f266caf18777ae68d2bfcfb2225961fcd10538ba664fd053a443320072707533ab761b9397bd0559126b84fe9196463ae50633017ea2d80940311d9c867102b1017f34af1965d8eb61be616a0d40656e2bbb750aee6f74f788c8acb2578e8686f5f8da6a19e979c152b7ee7c7f16902120588e2ff630144b5f929ffc593e946d9717c5968aa16c2d73d689fb5cce117acda3e23e5e0116de1cb6bddfa1a84cefb22c1e2c3753017696f27b9aec5d44f15411247643b84dd4410e784b4eb5b9c68fea671976f9b51c6526e2ddb40659611b0b3bcc7e249c77396fdb8c864ea9318f9de7fd3936fcbdc732c2f8b9556ec9afeb15d5e2df890351d66074d53dddc6e8dba8c91d733623ac95a49eb69c7de37ff2364ccddb01f6500750a012c2acf32a9f6bbd9e92d17ef858fbc34575db414ea42ad87a65b11ae5506469db256c421328f45aec73bdf18562447dc2840bbe9fc84dedd0fe6276fa174f21210d40193530ec7a70a9e60bfd6b00cba4d483be59950f16fa0dbd089b5fd0bb078badfcf42270cc62fe37be22b0d81f755263d74636fa466d2574ca62b58c649936d21e949de73ea45df3acade6609413f56fc218d6f11947bf1fd629d38d8acce90ee3c1a51117601ae126bec537e3e76ce7ecc53cfeefee8aaa104aa853a65aadf27bac9849ee0122793b11cd8e4f32fb07afa39e439cb738c30a6df958160aac15c26032a61aaf614b2e6601581fb0ab8d115e045005dee3df8ea42643cbcbb0b111130c42c94b7e874cfee50d5c2eb13b3a38c417fce9d740b7d43120431a7d44bc3934ee87b112401cbee3553837b6a0b4b3faaceb46eca4064301c8060870350e256ac9d5557f674536b9d9717a82fa211e7dfb52ca410d8a4f2f6b733c2a082f247538a6c40f56cf64204e62515db692f32733ff6f4b0787ef305d5e80881375467ae603ac3600e688c42f89a4fea4fdda09a8d59e19457c654a98c8129a8c65bae3310af2b170729e18400c915d0a2f4c4fc51747846630b95ec181228bda7ef48ad389815aa82de6c4a3b0746c28c01f9ec697ff17f095e1cf9d2fe78fdab9cbb1ca7aefc8af6a0cd98444735fad79e394a8f9c2fd358c3cde4ca6d57a620d0bb52dc6ff93f034b596f407c21511cc2c5ec8b0ede7f5c0acca61939ac7f2cad820c15133e69507eaa739e9a88936f4a74f0ad1574a1591f31f582a76157d89805cb3ba5e8d10509bf7a08e928653b4f05ba797a06765b74c8759fc34178624c08a2b99e59bcff5d33af2b0f9176b56c35f4da31c751a4c2fd88a1997cd9fc9bbf78220731d4c8cea23be1fd29c36b34d8458b7021ebcfafdc7e54096e517da3eb684298f742532d776164d9c9658e5faca0a3b08afca1bc27ed357884f49fe51bd0c38057f4288f1917e36e3865310b5eed140aef6150ae363293cf7467abd5e06cd7af5e2c49e7c5253a1155741e380bccb023a0faed93d9a64512d72436f1ef4ac0904a413e45164c23413bd57274a0a951c41a9a43aed094d4ea5c480ce64663cc9d36723179e2b19a48e9277a6591bbd888a06e0f2f142cd4495be4ba7274d69ba32a2788b935b2f18c5f336cb9de062829e2e0bb476efb36c3f53a766c14314f31637a464ac59d378ad7f51bef8d88715613653a427038e0d3e4dc3948bb1d70eb55c91c92f7510b1c0387253b458d2c90d17238f9eb239c680179a6c1e0759be367963e3b4d7395fd3911626582a094e6a8d0e746242f94267a4c57d5b2360ce3a6f7f3e3c10e124a54ed24d1585bc7b731cf731c94ee00ebf070b999b9bf28d76bfec9dcf12fcce2b9c4444c706ec6b943b5f39e9151a764ba1cd0cd6c1c7cdc3aa824cf17da705be27a18fbee41be39d6ae4dd4312f5f4bfee2c5bb21d941666f9d79b0f80c9b1bace84a05d2b0e3be1c3fd04d72b4b0124595c435813969d413960fddc858730a433383f3bc0472cb7683ea569e001f00"/3584, 0xe00) syz_genetlink_get_family_id$wireguard(&(0x7f0000000440), 0xffffffffffffffff) epoll_ctl$EPOLL_CTL_MOD(r2, 0x3, r3, &(0x7f0000000700)={0x2002}) r4 = open(&(0x7f00000000c0)='./file0\x00', 0x40c2, 0x0) write(r4, &(0x7f0000001400)="bb8f9f640903127a53527c6fbfe65d43b0e0586f2d40c7e7df58cac83420e83662d6e39bb6d5430622431454eedeeaee423d8f210bc3525fa7927c18d5fbc91ab13c2041136047d8da9375934d00f325499bfe7712208d387d41c31821c2a22d1325b556528e9b790b74053d1ed631c6ec8126d37c87216173138c00cef396868029af5b76bebac5e38b74d8bbc6ae66b6e202b6d505710377710ea7d43edf00e1a4c1c670bb4c263ce777da81abdd5ba5a5c82f67232f9b4d6f21b2e6afa8b38e4642b0daa2acbc0478d89b88e8b2094d4248855e5e81992e60be3afff0f3c3799350615489a901a659abdeca0c615a622ebf64175f990320e0356d4a11ed62eff72b709c23dd65942e8b534d7d775d370c1e435654a2634e6ee3649c4c3bcbe39e866f1eb9972af1a9cef42e701798a53dc92a242aadbac343e1765cf8ea5665e22deda69777e52b1e9e5d3edc022256939e1eee013448294911139d5b9c6241049fecdf9b31f4cdf6cff65d71b5071ef70e1798347c8846aa5b905e83050e3e606986ed3f603d18c5cdeb11cda1ce3abddea9376231af130e19fc7601ec1ab8cb5a7de9e2174547f18225b09a54fc8720dbb91eb69c1be88e601c3c9df4f2758f39a5151951b9c6dbb419ffd783a34c9fad10f201b8724d31865e2fc1fcf48db2be713053b43a0e3943c1e2b08e8a26e946c439d891db2a80b5ffa054bc8d0177d3214056250c61a537d2ec7630fb90395df2cd6aa9c5e573365db580520bdc3f1c6b2be992e1516a4b810a11935dc780699e461d9715f70c6d103ff49bf168f3cff4c0d0d6ba5671fcd2975450b0e1a3474139cb0f2d3476fcd87a8bccbeb2f5f8a821017b879aa5b9d1fafa9f4c429a74cd2da782114d97bf031746a817dd0293c4eddc3a9ecb5afe496f4971474ccd827449409f07cf94dda2e7dbe8520b5afff10a7e3b0b4289a167fc692635b5b7426d9e771b95860b09a3e752c867213c772e48ba30a78feecc7ff26e63e1749c62b52d377ac5cc52db830c965e04ccfcfb24ceacc69cfdc2094124dd27b2d68f699476a2562bab1de117ffc2b0702ee8b0b77f85fecec3a25b37ab7eb06232c9a73b4470f1727c82581d81942abf42d3ea37957927ad3dbd0ebe46678a9f4d25c47acaac83c14210a54b71fed40df017e2be27f01e3e6ea3ea381ca14efd202858e6535ad4f79a8cdf47e385b740a70c14e3651731a45cc0ca4a56f2e903cad0384efcc364caf67e09551d35c682ebc90a9286c4d274ba1b8ced742ede4e55a62db7ef9a96fde2add05b41599fd72a79ba280cc125cb266ef21b7eeafe3ee6aa78eef33fc66454549c3ec298cb683a55a32208cf6ce88b560166159d59e65f30540f62c5437652ea7f2a02f87ca242dd2250f58e75938a9a3ded51ae6598c2aba53287ff5cdaab17be7f4310f8e07e310d52778de79e1c2e4391b254be38910aa1cf6e1ca0e75d24be97d59f7025f16c6fbd549529b74e319c58f50438765ef0e3dc394eeb75dec41b3d80435b17520c97f5cd7ee692fb86d188fb0089fbf737dc1b96b9cc49be23a38a8cd92e5075f349993d7866369dd25eccbe1481477a05fee14e0edd1617921d7fcaa8fdc642e63b64388fa5b63442ff1466b1938d02546750b01ed9c980282ccbe10f204741249aed88c555ed6fdf7f68af9209807a71bbf4f31bef5a4223466da74ba8b034df529aef6ec6610a0d25973961e50e02af22d0ca8be1b9804a5918acbdb536e8f2f441ec9d640ed15133ee747440c86fc4526c9195954528673d25c8390170f3c19cb0b0c30b9e634c7ebae96946ae97c19eabca92226da925d22be37abbe0740938ea899ec42fd529a3b1063981e4c154219df5cf5af60a29b5a8ee530905725a14b28900eae937e705401ba8f632a7bca00d9724a992afdc9ed14aac71b8e3a7ee5ca095888feb195b4e083c3b611a1c2f8d092febe3b9f5f0df61e8d3c31a643c935b76bc1ad4265164e755484beb06610510bc51e8c6da8d71123bbe83a5e4128f41cf5c486d6a60496c300c406f990bee485cbdef794f2663ee66d2b18d8e55210c25c04b1a0c6d9c5f904e72806d2d4f5e5439bcdf146343cdffe4d0d70d42a9959cff9bd50c37cd478b0b0add16aae4dc839b46bca2ac7547144b6a422aed5e2db661bcb31a82bc0fc678e71a6cb090ef772860f3008b4152b5d281033be4a77b367baec3ab8ce7c83c601b11c8199bafcd15161a5454a6a982dbc3c2e3a5172b6a63e4904817075754eccbb0188c9cb2e5da9600f567485014887463b40f189b7ec3c5c0f36d502509e402c285765c78417ce6b3aab130ee79622dcd8ada842233e73a14554ee5e4995e32b3fe4075e247eb9bdeef64d1a7436c9b5782fb2f84f74e4c6e976289729c37b5bb8200a9480d181a6b11f5ec229b818134b8334967ae935ac1d81be4776fae4cb68b6fa330e93bd8de388b38455d569159bcd166df030a6dfedf28caf4608de7243f5df2c76f6680c301d819dc67d24d2f780432a931700a253b0a5b075195c6dbfd1fe17a1c11a3dffa872a07b877adc66d069fffb6d8326e1998c5a337c3d530250cae335ceffcf81dc438a47e73490d050a053813dbe6674e42c91ae94b4a88144f36adc1b08b4bcd6ddf4058c4e08d4dc83d5fbd843ee27eaf50b297c220350260d9abbeeb6deb921e50cae0ea590cfb6f00fb3c71520f565bb769705e2481ef27cf537d29f163c9fe3d39ed9fd18dc8b0c976cd302283e430807a9d751357f89092532d89fe280c69ad36e3541b5da9dea13fd19d0434c760fe295dfd9b9e63453c7853914c50b1b77ccd4b33c8b1f31fcb1aec040ffe2f9d728d8ea84297bac2e22230ebd1488c503b05b2e433cc37ce9fc123b7d3eb244b4549e9a841e73b664c8f6621ea5a4c9ff9c1da032255311f2c063a682baf4c97e7ba552bf71af4bd64f43872b846d15c65c487089be272cfa24a33f8c50930ea0bc4b089505fb8e97ded0e7e64a5ce897da6b940df4c3dddb8b4871d773f6ebf02058518c55c19aadb0f266caf18777ae68d2bfcfb2225961fcd10538ba664fd053a443320072707533ab761b9397bd0559126b84fe9196463ae50633017ea2d80940311d9c867102b1017f34af1965d8eb61be616a0d40656e2bbb750aee6f74f788c8acb2578e8686f5f8da6a19e979c152b7ee7c7f16902120588e2ff630144b5f929ffc593e946d9717c5968aa16c2d73d689fb5cce117acda3e23e5e0116de1cb6bddfa1a84cefb22c1e2c3753017696f27b9aec5d44f15411247643b84dd4410e784b4eb5b9c68fea671976f9b51c6526e2ddb40659611b0b3bcc7e249c77396fdb8c864ea9318f9de7fd3936fcbdc732c2f8b9556ec9afeb15d5e2df890351d66074d53dddc6e8dba8c91d733623ac95a49eb69c7de37ff2364ccddb01f6500750a012c2acf32a9f6bbd9e92d17ef858fbc34575db414ea42ad87a65b11ae5506469db256c421328f45aec73bdf18562447dc2840bbe9fc84dedd0fe6276fa174f21210d40193530ec7a70a9e60bfd6b00cba4d483be59950f16fa0dbd089b5fd0bb078badfcf42270cc62fe37be22b0d81f755263d74636fa466d2574ca62b58c649936d21e949de73ea45df3acade6609413f56fc218d6f11947bf1fd629d38d8acce90ee3c1a51117601ae126bec537e3e76ce7ecc53cfeefee8aaa104aa853a65aadf27bac9849ee0122793b11cd8e4f32fb07afa39e439cb738c30a6df958160aac15c26032a61aaf614b2e6601581fb0ab8d115e045005dee3df8ea42643cbcbb0b111130c42c94b7e874cfee50d5c2eb13b3a38c417fce9d740b7d43120431a7d44bc3934ee87b112401cbee3553837b6a0b4b3faaceb46eca4064301c8060870350e256ac9d5557f674536b9d9717a82fa211e7dfb52ca410d8a4f2f6b733c2a082f247538a6c40f56cf64204e62515db692f32733ff6f4b0787ef305d5e80881375467ae603ac3600e688c42f89a4fea4fdda09a8d59e19457c654a98c8129a8c65bae3310af2b170729e18400c915d0a2f4c4fc51747846630b95ec181228bda7ef48ad389815aa82de6c4a3b0746c28c01f9ec697ff17f095e1cf9d2fe78fdab9cbb1ca7aefc8af6a0cd98444735fad79e394a8f9c2fd358c3cde4ca6d57a620d0bb52dc6ff93f034b596f407c21511cc2c5ec8b0ede7f5c0acca61939ac7f2cad820c15133e69507eaa739e9a88936f4a74f0ad1574a1591f31f582a76157d89805cb3ba5e8d10509bf7a08e928653b4f05ba797a06765b74c8759fc34178624c08a2b99e59bcff5d33af2b0f9176b56c35f4da31c751a4c2fd88a1997cd9fc9bbf78220731d4c8cea23be1fd29c36b34d8458b7021ebcfafdc7e54096e517da3eb684298f742532d776164d9c9658e5faca0a3b08afca1bc27ed357884f49fe51bd0c38057f4288f1917e36e3865310b5eed140aef6150ae363293cf7467abd5e06cd7af5e2c49e7c5253a1155741e380bccb023a0faed93d9a64512d72436f1ef4ac0904a413e45164c23413bd57274a0a951c41a9a43aed094d4ea5c480ce64663cc9d36723179e2b19a48e9277a6591bbd888a06e0f2f142cd4495be4ba7274d69ba32a2788b935b2f18c5f336cb9de062829e2e0bb476efb36c3f53a766c14314f31637a464ac59d378ad7f51bef8d88715613653a427038e0d3e4dc3948bb1d70eb55c91c92f7510b1c0387253b458d2c90d17238f9eb239c680179a6c1e0759be367963e3b4d7395fd3911626582a094e6a8d0e746242f94267a4c57d5b2360ce3a6f7f3e3c10e124a54ed24d1585bc7b731cf731c94ee00ebf070b999b9bf28d76bfec9dcf12fcce2b9c4444c706ec6b943b5f39e9151a764ba1cd0cd6c1c7cdc3aa824cf17da705be27a18fbee41be39d6ae4dd4312f5f4bfee2c5bb21d941666f9d79b0f80c9b1bace84a05d2b0e3be1c3fd04d72b4b0124595c435813969d413960fddc858730a433383f3bc0472cb7683ea569e001f00"/3584, 0xe00) sendmsg$IPVS_CMD_ZERO(r4, &(0x7f00000004c0)={&(0x7f0000000340), 0xc, &(0x7f0000000480)={&(0x7f0000000380)={0xac, 0x0, 0x2, 0x70bd29, 0x0, {}, [@IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x7}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x3}, @IPVS_CMD_ATTR_DEST={0x2c, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_INACT_CONNS={0x8, 0x8, 0xb89}, @IPVS_DEST_ATTR_FWD_METHOD={0x8, 0x3, 0x1}, @IPVS_DEST_ATTR_TUN_FLAGS={0x6, 0xf, 0x7}, @IPVS_DEST_ATTR_FWD_METHOD={0x8, 0x3, 0x95fc8426bd08865c}, @IPVS_DEST_ATTR_TUN_FLAGS={0x6, 0xf, 0x3622}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x3}, @IPVS_CMD_ATTR_DEST={0x44, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_FWD_METHOD={0x8, 0x3, 0x1}, @IPVS_DEST_ATTR_TUN_TYPE={0x5}, @IPVS_DEST_ATTR_TUN_FLAGS={0x6, 0xf, 0x3}, @IPVS_DEST_ATTR_PORT={0x6, 0x2, 0x4e20}, @IPVS_DEST_ATTR_TUN_FLAGS={0x6, 0xf, 0xd4}, @IPVS_DEST_ATTR_ADDR_FAMILY={0x6, 0xb, 0x2}, @IPVS_DEST_ATTR_INACT_CONNS={0x8, 0x8, 0x5}, @IPVS_DEST_ATTR_PORT={0x6, 0x2, 0x4e20}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x40}]}, 0xac}, 0x1, 0x0, 0x0, 0x4004004}, 0x48000) write(r1, &(0x7f0000001400)="bb8f9f640903127a53527c6fbfe65d43b0e0586f2d40c7e7df58cac83420e83662d6e39bb6d5430622431454eedeeaee423d8f210bc3525fa7927c18d5fbc91ab13c2041136047d8da9375934d00f325499bfe77", 0x54) write$P9_RSTAT(r1, &(0x7f0000000300)=ANY=[], 0xffffffffffffff9d) 11:14:13 executing program 3: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f00000000c0)='./file1\x00', 0x7aca, 0x1, &(0x7f00000002c0)=[{&(0x7f0000000180)}], 0x0, &(0x7f0000000080)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') r0 = open(&(0x7f00000000c0)='./file0\x00', 0x40c2, 0x0) write(r0, &(0x7f0000001400)="bb", 0x1001) r1 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r1, &(0x7f0000000300)=ANY=[], 0x116) sendfile(r1, r1, &(0x7f0000000240), 0x7fff) creat(&(0x7f0000000100)='./file1\x00', 0x1a2) sendfile(r1, r0, &(0x7f0000000080), 0x684aa014) write$binfmt_script(r0, 0x0, 0x60) ioctl$FS_IOC_GETFSMAP(0xffffffffffffffff, 0xc0c0583b, &(0x7f0000000300)=ANY=[@ANYBLOB="000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000300000001000000ff00000000000000d71f1e0500000000080000000000000039000000000000000000000000000000000000000000000000000000000000009e0f0000c70000000800000000000000000000000000000000000000000000000200"/320]) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() wait4(0x0, 0x0, 0x4000000a, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000002c0)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r2, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0, 0x34}, {&(0x7f0000000000)=""/3, 0x3}], 0x3, 0x0, 0x0, 0x0) tkill(r2, 0x3c) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x48, &(0x7f0000000300)="f43970da7cfeb6d42fd55103666c5762306aa6000000006e59b65f92b10000c571b846e84785185abde7d01894a79025a799ce07a8bdf0c91d32be313b558a8b5a3ae6a22cd7123b"}}], 0x1c) 11:14:13 executing program 5: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f00000000c0)='./file1\x00', 0x7aca, 0x1, &(0x7f00000002c0)=[{&(0x7f0000000180)="040005090000000066617400040409000200027400f801", 0x17}], 0x0, 0x0) chdir(&(0x7f0000000000)='./file1\x00') r0 = open(&(0x7f00000000c0)='./file0\x00', 0x40c2, 0x0) write(r0, &(0x7f0000001400)="bb", 0x1001) r1 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r1, &(0x7f0000000300)=ANY=[], 0x116) sendfile(r1, r1, &(0x7f0000000240), 0x7fff) creat(&(0x7f0000000100)='./file1\x00', 0x1a2) sendfile(r1, r0, &(0x7f0000000080), 0x684aa014) write$binfmt_script(r0, 0x0, 0x60) ioctl$FS_IOC_GETFSMAP(0xffffffffffffffff, 0xc0c0583b, &(0x7f0000000300)=ANY=[@ANYBLOB="000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000300000001000000ff00000000000000d71f1e0500000000080000000000000039000000000000000000000000000000000000000000000000000000000000009e0f0000c70000000800000000000000000000000000000000000000000000000200"/320]) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) gettid() wait4(0x0, 0x0, 0x4000000a, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000002c0)="0f34", 0x2}], 0x1, 0x0) [ 383.693855][T28899] FAT-fs (loop4): bogus number of reserved sectors [ 383.700427][T28899] FAT-fs (loop4): Can't find a valid FAT filesystem [ 383.711279][T28905] loop0: detected capacity change from 0 to 61 [ 383.740544][T28898] FAULT_INJECTION: forcing a failure. [ 383.740544][T28898] name failslab, interval 1, probability 0, space 0, times 0 [ 383.753219][T28898] CPU: 0 PID: 28898 Comm: syz-executor.2 Not tainted 5.15.0-rc1-syzkaller #0 [ 383.762120][T28898] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 383.772176][T28898] Call Trace: [ 383.775578][T28898] dump_stack_lvl+0xd6/0x122 [ 383.780278][T28898] dump_stack+0x11/0x1b [ 383.784790][T28898] should_fail+0x23c/0x250 [ 383.789322][T28898] ? kmalloc_array+0x2d/0x40 [ 383.794181][T28898] __should_failslab+0x81/0x90 [ 383.798989][T28898] should_failslab+0x5/0x20 [ 383.803534][T28898] __kmalloc+0x6f/0x350 [ 383.807869][T28898] kmalloc_array+0x2d/0x40 [ 383.812490][T28898] iter_file_splice_write+0xd5/0x790 [ 383.818172][T28898] ? atime_needs_update+0x2ba/0x390 [ 383.823468][T28898] ? touch_atime+0xe0/0x250 [ 383.828039][T28898] ? generic_file_splice_read+0x2ac/0x340 [ 383.833945][T28898] ? splice_from_pipe+0xd0/0xd0 [ 383.838893][T28898] direct_splice_actor+0x80/0xa0 [ 383.843838][T28898] splice_direct_to_actor+0x345/0x650 [ 383.849219][T28898] ? do_splice_direct+0x190/0x190 [ 383.854255][T28898] do_splice_direct+0x106/0x190 [ 383.859208][T28898] do_sendfile+0x63e/0xbb0 [ 383.863718][T28898] __x64_sys_sendfile64+0x102/0x140 [ 383.868946][T28898] do_syscall_64+0x44/0xa0 [ 383.873384][T28898] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 383.879679][T28898] RIP: 0033:0x7fca7d004739 11:14:14 executing program 0: ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TEMPO(0xffffffffffffffff, 0xc02c5341, &(0x7f00000003c0)) chdir(&(0x7f0000000000)='./file1\x00') r0 = open(&(0x7f00000000c0)='./file0\x00', 0x40c2, 0x0) write(r0, &(0x7f0000001400)="bb8f9f640903127a53527c6fbfe65d43b0e0586f2d40c7e7df58cac83420e83662d6e39bb6d5430622431454eedeeaee423d8f210bc3525fa7927c18d5fbc91ab13c2041136047d8da9375934d00f325499bfe77", 0x54) creat(&(0x7f0000000040)='./file0\x00', 0x8c) r1 = syz_open_dev$vcsa(&(0x7f0000000440), 0x2, 0x80402) ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(r1, 0x80045301, &(0x7f0000000480)) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) setxattr$trusted_overlay_upper(&(0x7f00000001c0)='./file0\x00', &(0x7f0000000200), &(0x7f00000004c0)=ANY=[@ANYBLOB="00fb8404018f2c24294681c094a826ce867e13b7a2c24b353374656e1558358549a9d106cc29390a4c226c416d004c4a8a9bac5162b96ee3abc0293692c651a123fbc41f5c6087a414c6b94d0a6f8c5a6efac12446cb8447658be4a3b6f545b06d20a0d80eb0070de4019efa4ef4dd4a15b7e46968c5af7c52626f523000df7d62a100d0d32ea7aba1f3be8b61"], 0x84, 0x2) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = gettid() write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @ext={0x12, &(0x7f0000000280)="8de208f1679d9126a25750cb0700edff5f83"}}], 0x1c) wait4(0x0, 0x0, 0x80000000, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)}, {&(0x7f0000000000)="0832f497d38350418e4bb321019511dc5df26e9a0b7ecb6974f527cc14538d1efb1ffe03284f6d33265be9c604b293f20e96beeb2aa4c457ac37a3a3f1ce8682500fcecd80", 0x45}], 0x2, 0x0) ptrace$setopts(0x4206, r3, 0x0, 0x0) tkill(r3, 0x38) ptrace$setregs(0xd, r3, 0x0, &(0x7f0000000080)) ptrace$cont(0x18, r3, 0x0, 0x0) ptrace$cont(0x7, r3, 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r2, 0x0) [ 383.884106][T28898] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 383.903747][T28898] RSP: 002b:00007fca7ad7c188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 383.912299][T28898] RAX: ffffffffffffffda RBX: 00007fca7d108f80 RCX: 00007fca7d004739 [ 383.920281][T28898] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000003 [ 383.928261][T28898] RBP: 00007fca7ad7c1d0 R08: 0000000000000000 R09: 0000000000000000 11:14:14 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000240)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000240)=[{0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') write$binfmt_script(0xffffffffffffffff, 0x0, 0x8800000) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0) ioctl$SG_IO(r1, 0x2285, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8914, 0x0) r2 = open(&(0x7f00000001c0)='./file0\x00', 0x4e141, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r2, r3, 0x0, 0x401ffc000) 11:14:14 executing program 5: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f00000000c0)='./file1\x00', 0x7aca, 0x1, &(0x7f00000002c0)=[{&(0x7f0000000180)="040005090000000066617400040409000200027400f801", 0x17}], 0x0, &(0x7f0000000080)=ANY=[]) chdir(0x0) r0 = open(&(0x7f00000000c0)='./file0\x00', 0x40c2, 0x0) write(r0, &(0x7f0000001400)="bb", 0x1001) r1 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r1, &(0x7f0000000300)=ANY=[], 0x116) sendfile(r1, r1, &(0x7f0000000240), 0x7fff) creat(&(0x7f0000000100)='./file1\x00', 0x1a2) sendfile(r1, r0, &(0x7f0000000080), 0x684aa014) write$binfmt_script(r0, 0x0, 0x60) ioctl$FS_IOC_GETFSMAP(0xffffffffffffffff, 0xc0c0583b, &(0x7f0000000300)=ANY=[@ANYBLOB="000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000300000001000000ff00000000000000d71f1e0500000000080000000000000039000000000000000000000000000000000000000000000000000000000000009e0f0000c70000000800000000000000000000000000000000000000000000000200"/320]) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) gettid() wait4(0x0, 0x0, 0x4000000a, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000002c0)="0f34", 0x2}], 0x1, 0x0) [ 383.936232][T28898] R10: 0000000401ffc000 R11: 0000000000000246 R12: 0000000000000002 [ 383.944292][T28898] R13: 00007ffff87c0eff R14: 00007fca7ad7c300 R15: 0000000000022000 11:14:14 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000240)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = open(0x0, 0x14d842, 0x0) sendfile(r1, 0xffffffffffffffff, 0x0, 0x80000001) r2 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r2, &(0x7f0000000300)=ANY=[], 0x116) sendfile(r2, r2, &(0x7f0000000240), 0x7fff) r3 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) sendfile(r3, r3, &(0x7f0000000240), 0x7fff) 11:14:14 executing program 2 (fault-call:5 fault-nth:74): getpid() syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = open(&(0x7f00000001c0)='./file0\x00', 0x4e141, 0x0) r1 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x401ffc000) [ 384.026810][T28936] loop4: detected capacity change from 0 to 262160 [ 384.069243][T28936] FAT-fs (loop4): bogus number of reserved sectors [ 384.075877][T28936] FAT-fs (loop4): Can't find a valid FAT filesystem [ 384.102961][T28951] FAULT_INJECTION: forcing a failure. [ 384.102961][T28951] name failslab, interval 1, probability 0, space 0, times 0 [ 384.115726][T28951] CPU: 1 PID: 28951 Comm: syz-executor.2 Not tainted 5.15.0-rc1-syzkaller #0 [ 384.124606][T28951] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 384.134650][T28951] Call Trace: [ 384.137924][T28951] dump_stack_lvl+0xd6/0x122 [ 384.142569][T28951] dump_stack+0x11/0x1b [ 384.146735][T28951] should_fail+0x23c/0x250 [ 384.151145][T28951] __should_failslab+0x81/0x90 [ 384.156081][T28951] ? __iomap_dio_rw+0x139/0x1010 [ 384.161007][T28951] should_failslab+0x5/0x20 [ 384.165503][T28951] kmem_cache_alloc_trace+0x52/0x320 [ 384.170787][T28951] ? __getblk_gfp+0x3f/0x590 [ 384.175494][T28951] __iomap_dio_rw+0x139/0x1010 [ 384.180266][T28951] ? __brelse+0x2c/0x50 [ 384.184542][T28951] ? ext4_mark_iloc_dirty+0x161a/0x1700 [ 384.190178][T28951] iomap_dio_rw+0x30/0x70 [ 384.194547][T28951] ? ext4_file_write_iter+0x4a1/0x11f0 [ 384.199999][T28951] ext4_file_write_iter+0xabe/0x11f0 [ 384.205350][T28951] ? ext4_file_write_iter+0x4a1/0x11f0 [ 384.210803][T28951] do_iter_readv_writev+0x2de/0x380 [ 384.216076][T28951] do_iter_write+0x192/0x5c0 [ 384.220735][T28951] ? splice_from_pipe_next+0x34f/0x3b0 [ 384.226333][T28951] ? kmalloc_array+0x2d/0x40 [ 384.230917][T28951] vfs_iter_write+0x4c/0x70 [ 384.235429][T28951] iter_file_splice_write+0x43a/0x790 [ 384.240803][T28951] ? splice_from_pipe+0xd0/0xd0 [ 384.245654][T28951] direct_splice_actor+0x80/0xa0 [ 384.250678][T28951] splice_direct_to_actor+0x345/0x650 [ 384.256121][T28951] ? do_splice_direct+0x190/0x190 [ 384.261169][T28951] do_splice_direct+0x106/0x190 [ 384.266022][T28951] do_sendfile+0x63e/0xbb0 [ 384.270452][T28951] __x64_sys_sendfile64+0x102/0x140 [ 384.275634][T28951] do_syscall_64+0x44/0xa0 [ 384.280076][T28951] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 384.286014][T28951] RIP: 0033:0x7fca7d004739 [ 384.290415][T28951] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 384.310016][T28951] RSP: 002b:00007fca7ad7c188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 11:14:14 executing program 2 (fault-call:5 fault-nth:75): getpid() syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = open(&(0x7f00000001c0)='./file0\x00', 0x4e141, 0x0) r1 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x401ffc000) [ 384.318699][T28951] RAX: ffffffffffffffda RBX: 00007fca7d108f80 RCX: 00007fca7d004739 [ 384.326656][T28951] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000003 [ 384.335020][T28951] RBP: 00007fca7ad7c1d0 R08: 0000000000000000 R09: 0000000000000000 [ 384.342978][T28951] R10: 0000000401ffc000 R11: 0000000000000246 R12: 0000000000000002 [ 384.350938][T28951] R13: 00007ffff87c0eff R14: 00007fca7ad7c300 R15: 0000000000022000 11:14:14 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000240)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000240)=[{0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') write$binfmt_script(0xffffffffffffffff, 0x0, 0x8800000) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0) ioctl$SG_IO(r1, 0x2285, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8914, 0x0) r2 = open(&(0x7f00000001c0)='./file0\x00', 0x4e141, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r2, r3, 0x0, 0x401ffc000) [ 384.428204][T28960] FAULT_INJECTION: forcing a failure. [ 384.428204][T28960] name failslab, interval 1, probability 0, space 0, times 0 [ 384.441085][T28960] CPU: 1 PID: 28960 Comm: syz-executor.2 Not tainted 5.15.0-rc1-syzkaller #0 [ 384.443512][T28964] loop4: detected capacity change from 0 to 262160 [ 384.449898][T28960] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 384.449912][T28960] Call Trace: [ 384.449920][T28960] dump_stack_lvl+0xd6/0x122 [ 384.474634][T28960] dump_stack+0x11/0x1b [ 384.478832][T28960] should_fail+0x23c/0x250 [ 384.483407][T28960] ? mempool_alloc_slab+0x16/0x20 [ 384.488441][T28960] __should_failslab+0x81/0x90 [ 384.493275][T28960] should_failslab+0x5/0x20 [ 384.497805][T28960] kmem_cache_alloc+0x4f/0x300 [ 384.502561][T28960] mempool_alloc_slab+0x16/0x20 [ 384.507411][T28960] ? mempool_free+0x130/0x130 [ 384.512075][T28960] mempool_alloc+0x9d/0x310 [ 384.516579][T28960] bio_alloc_bioset+0xcc/0x530 [ 384.521356][T28960] ? iov_iter_alignment+0x34b/0x370 [ 384.526542][T28960] iomap_dio_bio_iter+0x5e1/0xc00 [ 384.531669][T28960] __iomap_dio_rw+0x8d8/0x1010 [ 384.536557][T28960] iomap_dio_rw+0x30/0x70 [ 384.540882][T28960] ? ext4_file_write_iter+0x4a1/0x11f0 [ 384.546389][T28960] ext4_file_write_iter+0xabe/0x11f0 [ 384.551831][T28960] ? ext4_file_write_iter+0x4a1/0x11f0 [ 384.557278][T28960] do_iter_readv_writev+0x2de/0x380 [ 384.562500][T28960] do_iter_write+0x192/0x5c0 [ 384.567094][T28960] ? splice_from_pipe_next+0x34f/0x3b0 [ 384.572540][T28960] ? kmalloc_array+0x2d/0x40 [ 384.577230][T28960] vfs_iter_write+0x4c/0x70 [ 384.581792][T28960] iter_file_splice_write+0x43a/0x790 [ 384.587162][T28960] ? splice_from_pipe+0xd0/0xd0 [ 384.592049][T28960] direct_splice_actor+0x80/0xa0 [ 384.597018][T28960] splice_direct_to_actor+0x345/0x650 [ 384.602378][T28960] ? do_splice_direct+0x190/0x190 [ 384.607479][T28960] do_splice_direct+0x106/0x190 [ 384.612315][T28960] do_sendfile+0x63e/0xbb0 [ 384.616863][T28960] __x64_sys_sendfile64+0x102/0x140 [ 384.622055][T28960] do_syscall_64+0x44/0xa0 [ 384.626520][T28960] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 384.632430][T28960] RIP: 0033:0x7fca7d004739 [ 384.636845][T28960] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 384.656495][T28960] RSP: 002b:00007fca7ad7c188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 384.666030][T28960] RAX: ffffffffffffffda RBX: 00007fca7d108f80 RCX: 00007fca7d004739 [ 384.674092][T28960] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000003 [ 384.682260][T28960] RBP: 00007fca7ad7c1d0 R08: 0000000000000000 R09: 0000000000000000 [ 384.690219][T28960] R10: 0000000401ffc000 R11: 0000000000000246 R12: 0000000000000002 [ 384.698380][T28960] R13: 00007ffff87c0eff R14: 00007fca7ad7c300 R15: 0000000000022000 11:14:14 executing program 2 (fault-call:5 fault-nth:76): getpid() syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = open(&(0x7f00000001c0)='./file0\x00', 0x4e141, 0x0) r1 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x401ffc000) 11:14:14 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000240)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000240)=[{0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') write$binfmt_script(0xffffffffffffffff, 0x0, 0x8800000) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0) ioctl$SG_IO(r1, 0x2285, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8914, 0x0) r2 = open(&(0x7f00000001c0)='./file0\x00', 0x4e141, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r2, r3, 0x0, 0x401ffc000) [ 384.727489][T28964] FAT-fs (loop4): bogus number of reserved sectors [ 384.734332][T28964] FAT-fs (loop4): Can't find a valid FAT filesystem [ 384.802129][T28970] FAULT_INJECTION: forcing a failure. [ 384.802129][T28970] name failslab, interval 1, probability 0, space 0, times 0 [ 384.814857][T28970] CPU: 0 PID: 28970 Comm: syz-executor.2 Not tainted 5.15.0-rc1-syzkaller #0 [ 384.823793][T28970] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 384.833839][T28970] Call Trace: [ 384.837384][T28970] dump_stack_lvl+0xd6/0x122 [ 384.841967][T28970] dump_stack+0x11/0x1b [ 384.846117][T28970] should_fail+0x23c/0x250 11:14:15 executing program 5: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f00000000c0)='./file1\x00', 0x7aca, 0x1, &(0x7f00000002c0)=[{&(0x7f0000000180)="040005090000000066617400040409000200027400f801", 0x17}], 0x0, &(0x7f0000000080)=ANY=[]) chdir(0x0) r0 = open(&(0x7f00000000c0)='./file0\x00', 0x40c2, 0x0) write(r0, &(0x7f0000001400)="bb", 0x1001) r1 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r1, &(0x7f0000000300)=ANY=[], 0x116) sendfile(r1, r1, &(0x7f0000000240), 0x7fff) creat(&(0x7f0000000100)='./file1\x00', 0x1a2) sendfile(r1, r0, &(0x7f0000000080), 0x684aa014) write$binfmt_script(r0, 0x0, 0x60) ioctl$FS_IOC_GETFSMAP(0xffffffffffffffff, 0xc0c0583b, &(0x7f0000000300)=ANY=[@ANYBLOB="000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000300000001000000ff00000000000000d71f1e0500000000080000000000000039000000000000000000000000000000000000000000000000000000000000009e0f0000c70000000800000000000000000000000000000000000000000000000200"/320]) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) gettid() wait4(0x0, 0x0, 0x4000000a, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000002c0)="0f34", 0x2}], 0x1, 0x0) [ 384.850622][T28970] ? kmalloc_array+0x2d/0x40 [ 384.855223][T28970] __should_failslab+0x81/0x90 [ 384.860028][T28970] should_failslab+0x5/0x20 [ 384.864536][T28970] __kmalloc+0x6f/0x350 [ 384.868748][T28970] kmalloc_array+0x2d/0x40 [ 384.873339][T28970] iter_file_splice_write+0xd5/0x790 [ 384.878723][T28970] ? atime_needs_update+0x2ba/0x390 [ 384.883934][T28970] ? touch_atime+0xe0/0x250 [ 384.888436][T28970] ? generic_file_splice_read+0x2ac/0x340 [ 384.894426][T28970] ? splice_from_pipe+0xd0/0xd0 [ 384.899320][T28970] direct_splice_actor+0x80/0xa0 [ 384.904351][T28970] splice_direct_to_actor+0x345/0x650 [ 384.909797][T28970] ? do_splice_direct+0x190/0x190 [ 384.914835][T28970] do_splice_direct+0x106/0x190 [ 384.919758][T28970] do_sendfile+0x63e/0xbb0 [ 384.924215][T28970] __x64_sys_sendfile64+0x102/0x140 [ 384.929499][T28970] do_syscall_64+0x44/0xa0 [ 384.933924][T28970] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 384.939967][T28970] RIP: 0033:0x7fca7d004739 [ 384.944453][T28970] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 384.964070][T28970] RSP: 002b:00007fca7ad7c188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 384.972761][T28970] RAX: ffffffffffffffda RBX: 00007fca7d108f80 RCX: 00007fca7d004739 [ 384.980749][T28970] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000003 [ 384.988777][T28970] RBP: 00007fca7ad7c1d0 R08: 0000000000000000 R09: 0000000000000000 [ 384.996828][T28970] R10: 0000000401ffc000 R11: 0000000000000246 R12: 0000000000000002 [ 385.005018][T28970] R13: 00007ffff87c0eff R14: 00007fca7ad7c300 R15: 0000000000022000 [ 385.051307][T28983] loop4: detected capacity change from 0 to 262160 [ 385.062689][T28983] FAT-fs (loop4): bogus number of reserved sectors [ 385.069328][T28983] FAT-fs (loop4): Can't find a valid FAT filesystem 11:14:16 executing program 3: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f00000000c0)='./file1\x00', 0x7aca, 0x1, &(0x7f00000002c0)=[{&(0x7f0000000180)}], 0x0, &(0x7f0000000080)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') r0 = open(&(0x7f00000000c0)='./file0\x00', 0x40c2, 0x0) write(r0, &(0x7f0000001400)="bb", 0x1001) r1 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r1, &(0x7f0000000300)=ANY=[], 0x116) sendfile(r1, r1, &(0x7f0000000240), 0x7fff) creat(&(0x7f0000000100)='./file1\x00', 0x1a2) sendfile(r1, r0, &(0x7f0000000080), 0x684aa014) write$binfmt_script(r0, 0x0, 0x60) ioctl$FS_IOC_GETFSMAP(0xffffffffffffffff, 0xc0c0583b, &(0x7f0000000300)=ANY=[@ANYBLOB="000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000300000001000000ff00000000000000d71f1e0500000000080000000000000039000000000000000000000000000000000000000000000000000000000000009e0f0000c70000000800000000000000000000000000000000000000000000000200"/320]) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() wait4(0x0, 0x0, 0x4000000a, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000002c0)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r2, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0, 0x34}, {&(0x7f0000000000)=""/3, 0x3}], 0x3, 0x0, 0x0, 0x0) tkill(r2, 0x3c) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x48, &(0x7f0000000300)="f43970da7cfeb6d42fd55103666c5762306aa6000000006e59b65f92b10000c571b846e84785185abde7d01894a79025a799ce07a8bdf0c91d32be313b558a8b5a3ae6a22cd7123b"}}], 0x1c) 11:14:16 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000240)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = open(0x0, 0x14d842, 0x0) sendfile(r1, 0xffffffffffffffff, 0x0, 0x80000001) r2 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r2, &(0x7f0000000300)=ANY=[], 0x116) sendfile(r2, r2, &(0x7f0000000240), 0x7fff) r3 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) sendfile(r3, r3, &(0x7f0000000240), 0x7fff) 11:14:17 executing program 0: r0 = syz_mount_image$msdos(&(0x7f0000000040), &(0x7f00000000c0)='./file1\x00', 0x7aca, 0x1, &(0x7f00000002c0)=[{&(0x7f0000000180)="040005090000000066617400040409000200027400f801", 0x17}], 0x0, &(0x7f0000000100)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') chdir(&(0x7f0000000140)='./file1\x00') r1 = eventfd(0x12) sendfile(0xffffffffffffffff, r1, &(0x7f0000000080)=0xb42d00000000, 0xd7) r2 = fspick(r0, &(0x7f0000000100)='./file1\x00', 0x1) lseek(r2, 0x5, 0x0) r3 = syz_open_dev$char_usb(0xc, 0xb4, 0x7fffffff) ioctl$F2FS_IOC_RELEASE_VOLATILE_WRITE(r3, 0xf504, 0x0) write(0xffffffffffffffff, &(0x7f0000001400)="bb8f9f640903127a53527c6fbfe65d43b0e0586f2d40c7e7df58cac83420e83662d6e39bb6d5430622431454eedeeaee423d8f210bc3525fa7927c18d5fbc91ab13c2041136047d8da9375934d00f325499bfe77", 0x54) write$P9_RSTAT(0xffffffffffffffff, &(0x7f0000000240)={0x54, 0x7d, 0x0, {0x0, 0x4d, 0x0, 0x0, {}, 0x8040000, 0x0, 0x0, 0x0, 0x0, '', 0x6, '\x00\x00\x00\x00\x00\x00', 0xa, '/dev/vcsu\x00', 0xa, '\\j}/*/|,\x13('}}, 0x54) 11:14:17 executing program 2 (fault-call:5 fault-nth:77): getpid() syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = open(&(0x7f00000001c0)='./file0\x00', 0x4e141, 0x0) r1 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x401ffc000) 11:14:17 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000240)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{0x0}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') write$binfmt_script(0xffffffffffffffff, 0x0, 0x8800000) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0) ioctl$SG_IO(r1, 0x2285, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8914, 0x0) r2 = open(&(0x7f00000001c0)='./file0\x00', 0x4e141, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r2, r3, 0x0, 0x401ffc000) 11:14:17 executing program 5: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f00000000c0)='./file1\x00', 0x7aca, 0x1, &(0x7f00000002c0)=[{&(0x7f0000000180)="040005090000000066617400040409000200027400f801", 0x17}], 0x0, &(0x7f0000000080)=ANY=[]) chdir(0x0) r0 = open(&(0x7f00000000c0)='./file0\x00', 0x40c2, 0x0) write(r0, &(0x7f0000001400)="bb", 0x1001) r1 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r1, &(0x7f0000000300)=ANY=[], 0x116) sendfile(r1, r1, &(0x7f0000000240), 0x7fff) creat(&(0x7f0000000100)='./file1\x00', 0x1a2) sendfile(r1, r0, &(0x7f0000000080), 0x684aa014) write$binfmt_script(r0, 0x0, 0x60) ioctl$FS_IOC_GETFSMAP(0xffffffffffffffff, 0xc0c0583b, &(0x7f0000000300)=ANY=[@ANYBLOB="000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000300000001000000ff00000000000000d71f1e0500000000080000000000000039000000000000000000000000000000000000000000000000000000000000009e0f0000c70000000800000000000000000000000000000000000000000000000200"/320]) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) gettid() wait4(0x0, 0x0, 0x4000000a, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000002c0)="0f34", 0x2}], 0x1, 0x0) 11:14:17 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000240)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = open(0x0, 0x0, 0x0) sendfile(r1, 0xffffffffffffffff, 0x0, 0x80000001) r2 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r2, &(0x7f0000000300)=ANY=[], 0x116) sendfile(r2, r2, &(0x7f0000000240), 0x7fff) r3 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) sendfile(r3, r3, &(0x7f0000000240), 0x7fff) [ 387.019873][T29012] loop4: detected capacity change from 0 to 262160 [ 387.027152][T29014] loop0: detected capacity change from 0 to 61 [ 387.040963][T29012] FAT-fs (loop4): bogus number of reserved sectors [ 387.047709][T29012] FAT-fs (loop4): Can't find a valid FAT filesystem 11:14:17 executing program 0: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f00000000c0)='./file1\x00', 0x7aca, 0x1, &(0x7f00000002c0)=[{&(0x7f0000000180)="040005090000000066617400040409000200027400f801", 0x17}], 0x0, &(0x7f0000000100)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') r0 = open(&(0x7f00000000c0)='./file0\x00', 0x40c2, 0x0) write(r0, &(0x7f0000001400)="bb8f9f640903127a53527c6fbfe65d43b0e0586f2d40c7e7df58cac83420e83662d6e39bb6d5430622431454eedeeaee423d8f210bc3525fa7927c18d5fbc91ab13c2041136047d8da9375934d00f325499bfe77", 0x54) r1 = open(&(0x7f00000000c0)='./file0\x00', 0x40c2, 0x0) write(r1, &(0x7f0000001400)="bb8f9f640903127a53527c6fbfe65d43b0e0586f2d40c7e7df58cac83420e83662d6e39bb6d5430622431454eedeeaee423d8f210bc3525fa7927c18d5fbc91ab13c2041136047d8da9375934d00f325499bfe7712208d387d41c31821c2a22d1325b556528e9b790b74053d1ed631c6ec8126d37c87216173138c00cef396868029af5b76bebac5e38b74d8bbc6ae66b6e202b6d505710377710ea7d43edf00e1a4c1c670bb4c263ce777da81abdd5ba5a5c82f67232f9b4d6f21b2e6afa8b38e4642b0daa2acbc0478d89b88e8b2094d4248855e5e81992e60be3afff0f3c3799350615489a901a659abdeca0c615a622ebf64175f990320e0356d4a11ed62eff72b709c23dd65942e8b534d7d775d370c1e435654a2634e6ee3649c4c3bcbe39e866f1eb9972af1a9cef42e701798a53dc92a242aadbac343e1765cf8ea5665e22deda69777e52b1e9e5d3edc022256939e1eee013448294911139d5b9c6241049fecdf9b31f4cdf6cff65d71b5071ef70e1798347c8846aa5b905e83050e3e606986ed3f603d18c5cdeb11cda1ce3abddea9376231af130e19fc7601ec1ab8cb5a7de9e2174547f18225b09a54fc8720dbb91eb69c1be88e601c3c9df4f2758f39a5151951b9c6dbb419ffd783a34c9fad10f201b8724d31865e2fc1fcf48db2be713053b43a0e3943c1e2b08e8a26e946c439d891db2a80b5ffa054bc8d0177d3214056250c61a537d2ec7630fb90395df2cd6aa9c5e573365db580520bdc3f1c6b2be992e1516a4b810a11935dc780699e461d9715f70c6d103ff49bf168f3cff4c0d0d6ba5671fcd2975450b0e1a3474139cb0f2d3476fcd87a8bccbeb2f5f8a821017b879aa5b9d1fafa9f4c429a74cd2da782114d97bf031746a817dd0293c4eddc3a9ecb5afe496f4971474ccd827449409f07cf94dda2e7dbe8520b5afff10a7e3b0b4289a167fc692635b5b7426d9e771b95860b09a3e752c867213c772e48ba30a78feecc7ff26e63e1749c62b52d377ac5cc52db830c965e04ccfcfb24ceacc69cfdc2094124dd27b2d68f699476a2562bab1de117ffc2b0702ee8b0b77f85fecec3a25b37ab7eb06232c9a73b4470f1727c82581d81942abf42d3ea37957927ad3dbd0ebe46678a9f4d25c47acaac83c14210a54b71fed40df017e2be27f01e3e6ea3ea381ca14efd202858e6535ad4f79a8cdf47e385b740a70c14e3651731a45cc0ca4a56f2e903cad0384efcc364caf67e09551d35c682ebc90a9286c4d274ba1b8ced742ede4e55a62db7ef9a96fde2add05b41599fd72a79ba280cc125cb266ef21b7eeafe3ee6aa78eef33fc66454549c3ec298cb683a55a32208cf6ce88b560166159d59e65f30540f62c5437652ea7f2a02f87ca242dd2250f58e75938a9a3ded51ae6598c2aba53287ff5cdaab17be7f4310f8e07e310d52778de79e1c2e4391b254be38910aa1cf6e1ca0e75d24be97d59f7025f16c6fbd549529b74e319c58f50438765ef0e3dc394eeb75dec41b3d80435b17520c97f5cd7ee692fb86d188fb0089fbf737dc1b96b9cc49be23a38a8cd92e5075f349993d7866369dd25eccbe1481477a05fee14e0edd1617921d7fcaa8fdc642e63b64388fa5b63442ff1466b1938d02546750b01ed9c980282ccbe10f204741249aed88c555ed6fdf7f68af9209807a71bbf4f31bef5a4223466da74ba8b034df529aef6ec6610a0d25973961e50e02af22d0ca8be1b9804a5918acbdb536e8f2f441ec9d640ed15133ee747440c86fc4526c9195954528673d25c8390170f3c19cb0b0c30b9e634c7ebae96946ae97c19eabca92226da925d22be37abbe0740938ea899ec42fd529a3b1063981e4c154219df5cf5af60a29b5a8ee530905725a14b28900eae937e705401ba8f632a7bca00d9724a992afdc9ed14aac71b8e3a7ee5ca095888feb195b4e083c3b611a1c2f8d092febe3b9f5f0df61e8d3c31a643c935b76bc1ad4265164e755484beb06610510bc51e8c6da8d71123bbe83a5e4128f41cf5c486d6a60496c300c406f990bee485cbdef794f2663ee66d2b18d8e55210c25c04b1a0c6d9c5f904e72806d2d4f5e5439bcdf146343cdffe4d0d70d42a9959cff9bd50c37cd478b0b0add16aae4dc839b46bca2ac7547144b6a422aed5e2db661bcb31a82bc0fc678e71a6cb090ef772860f3008b4152b5d281033be4a77b367baec3ab8ce7c83c601b11c8199bafcd15161a5454a6a982dbc3c2e3a5172b6a63e4904817075754eccbb0188c9cb2e5da9600f567485014887463b40f189b7ec3c5c0f36d502509e402c285765c78417ce6b3aab130ee79622dcd8ada842233e73a14554ee5e4995e32b3fe4075e247eb9bdeef64d1a7436c9b5782fb2f84f74e4c6e976289729c37b5bb8200a9480d181a6b11f5ec229b818134b8334967ae935ac1d81be4776fae4cb68b6fa330e93bd8de388b38455d569159bcd166df030a6dfedf28caf4608de7243f5df2c76f6680c301d819dc67d24d2f780432a931700a253b0a5b075195c6dbfd1fe17a1c11a3dffa872a07b877adc66d069fffb6d8326e1998c5a337c3d530250cae335ceffcf81dc438a47e73490d050a053813dbe6674e42c91ae94b4a88144f36adc1b08b4bcd6ddf4058c4e08d4dc83d5fbd843ee27eaf50b297c220350260d9abbeeb6deb921e50cae0ea590cfb6f00fb3c71520f565bb769705e2481ef27cf537d29f163c9fe3d39ed9fd18dc8b0c976cd302283e430807a9d751357f89092532d89fe280c69ad36e3541b5da9dea13fd19d0434c760fe295dfd9b9e63453c7853914c50b1b77ccd4b33c8b1f31fcb1aec040ffe2f9d728d8ea84297bac2e22230ebd1488c503b05b2e433cc37ce9fc123b7d3eb244b4549e9a841e73b664c8f6621ea5a4c9ff9c1da032255311f2c063a682baf4c97e7ba552bf71af4bd64f43872b846d15c65c487089be272cfa24a33f8c50930ea0bc4b089505fb8e97ded0e7e64a5ce897da6b940df4c3dddb8b4871d773f6ebf02058518c55c19aadb0f266caf18777ae68d2bfcfb2225961fcd10538ba664fd053a443320072707533ab761b9397bd0559126b84fe9196463ae50633017ea2d80940311d9c867102b1017f34af1965d8eb61be616a0d40656e2bbb750aee6f74f788c8acb2578e8686f5f8da6a19e979c152b7ee7c7f16902120588e2ff630144b5f929ffc593e946d9717c5968aa16c2d73d689fb5cce117acda3e23e5e0116de1cb6bddfa1a84cefb22c1e2c3753017696f27b9aec5d44f15411247643b84dd4410e784b4eb5b9c68fea671976f9b51c6526e2ddb40659611b0b3bcc7e249c77396fdb8c864ea9318f9de7fd3936fcbdc732c2f8b9556ec9afeb15d5e2df890351d66074d53dddc6e8dba8c91d733623ac95a49eb69c7de37ff2364ccddb01f6500750a012c2acf32a9f6bbd9e92d17ef858fbc34575db414ea42ad87a65b11ae5506469db256c421328f45aec73bdf18562447dc2840bbe9fc84dedd0fe6276fa174f21210d40193530ec7a70a9e60bfd6b00cba4d483be59950f16fa0dbd089b5fd0bb078badfcf42270cc62fe37be22b0d81f755263d74636fa466d2574ca62b58c649936d21e949de73ea45df3acade6609413f56fc218d6f11947bf1fd629d38d8acce90ee3c1a51117601ae126bec537e3e76ce7ecc53cfeefee8aaa104aa853a65aadf27bac9849ee0122793b11cd8e4f32fb07afa39e439cb738c30a6df958160aac15c26032a61aaf614b2e6601581fb0ab8d115e045005dee3df8ea42643cbcbb0b111130c42c94b7e874cfee50d5c2eb13b3a38c417fce9d740b7d43120431a7d44bc3934ee87b112401cbee3553837b6a0b4b3faaceb46eca4064301c8060870350e256ac9d5557f674536b9d9717a82fa211e7dfb52ca410d8a4f2f6b733c2a082f247538a6c40f56cf64204e62515db692f32733ff6f4b0787ef305d5e80881375467ae603ac3600e688c42f89a4fea4fdda09a8d59e19457c654a98c8129a8c65bae3310af2b170729e18400c915d0a2f4c4fc51747846630b95ec181228bda7ef48ad389815aa82de6c4a3b0746c28c01f9ec697ff17f095e1cf9d2fe78fdab9cbb1ca7aefc8af6a0cd98444735fad79e394a8f9c2fd358c3cde4ca6d57a620d0bb52dc6ff93f034b596f407c21511cc2c5ec8b0ede7f5c0acca61939ac7f2cad820c15133e69507eaa739e9a88936f4a74f0ad1574a1591f31f582a76157d89805cb3ba5e8d10509bf7a08e928653b4f05ba797a06765b74c8759fc34178624c08a2b99e59bcff5d33af2b0f9176b56c35f4da31c751a4c2fd88a1997cd9fc9bbf78220731d4c8cea23be1fd29c36b34d8458b7021ebcfafdc7e54096e517da3eb684298f742532d776164d9c9658e5faca0a3b08afca1bc27ed357884f49fe51bd0c38057f4288f1917e36e3865310b5eed140aef6150ae363293cf7467abd5e06cd7af5e2c49e7c5253a1155741e380bccb023a0faed93d9a64512d72436f1ef4ac0904a413e45164c23413bd57274a0a951c41a9a43aed094d4ea5c480ce64663cc9d36723179e2b19a48e9277a6591bbd888a06e0f2f142cd4495be4ba7274d69ba32a2788b935b2f18c5f336cb9de062829e2e0bb476efb36c3f53a766c14314f31637a464ac59d378ad7f51bef8d88715613653a427038e0d3e4dc3948bb1d70eb55c91c92f7510b1c0387253b458d2c90d17238f9eb239c680179a6c1e0759be367963e3b4d7395fd3911626582a094e6a8d0e746242f94267a4c57d5b2360ce3a6f7f3e3c10e124a54ed24d1585bc7b731cf731c94ee00ebf070b999b9bf28d76bfec9dcf12fcce2b9c4444c706ec6b943b5f39e9151a764ba1cd0cd6c1c7cdc3aa824cf17da705be27a18fbee41be39d6ae4dd4312f5f4bfee2c5bb21d941666f9d79b0f80c9b1bace84a05d2b0e3be1c3fd04d72b4b0124595c435813969d413960fddc858730a433383f3bc0472cb7683ea569e001f00"/3584, 0xe00) write$P9_RSTAT(r1, &(0x7f0000000300)={0xa5, 0x7d, 0x0, {0x0, 0x9e, 0x0, 0x0, {0x8, 0x0, 0xffffc}, 0x48000000, 0x0, 0x0, 0x0, 0x0, '', 0x57, 'msdos\x00\x1fI\xdfEg\x7f!>K\xad\x8a\x92}$e\x85\x8do\xe3\xe7\x1b\xe9\xa4Z\\\xf1.\xe3fG#\x8a-\xf3m\x19\x9eWu\x8f\xa8z_\xda\xf6\xcf=\xeaS%\xc0\x0f\xc3m\xa6\xd8\xde7N\xfd\xfar\xa3\xa7\xb4O\xb2 \xed\xd2?\xfaA(?\xf5\x93\xa3\x130J', 0xa, '/dev/vcsu\x00', 0xa, '\\j}/*/|,\x13('}}, 0xa5) [ 387.088652][T29021] FAULT_INJECTION: forcing a failure. [ 387.088652][T29021] name failslab, interval 1, probability 0, space 0, times 0 [ 387.101302][T29021] CPU: 1 PID: 29021 Comm: syz-executor.2 Not tainted 5.15.0-rc1-syzkaller #0 [ 387.110047][T29021] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 387.120104][T29021] Call Trace: [ 387.123488][T29021] dump_stack_lvl+0xd6/0x122 [ 387.128063][T29021] dump_stack+0x11/0x1b [ 387.132201][T29021] should_fail+0x23c/0x250 [ 387.136616][T29021] ? mempool_alloc_slab+0x16/0x20 [ 387.141624][T29021] __should_failslab+0x81/0x90 [ 387.146393][T29021] should_failslab+0x5/0x20 [ 387.151274][T29021] kmem_cache_alloc+0x4f/0x300 [ 387.156026][T29021] mempool_alloc_slab+0x16/0x20 [ 387.160856][T29021] ? mempool_free+0x130/0x130 [ 387.165543][T29021] mempool_alloc+0x9d/0x310 [ 387.170027][T29021] bio_alloc_bioset+0xcc/0x530 [ 387.174809][T29021] ? iov_iter_alignment+0x34b/0x370 [ 387.180255][T29021] iomap_dio_bio_iter+0x5e1/0xc00 [ 387.185458][T29021] __iomap_dio_rw+0x8d8/0x1010 [ 387.190315][T29021] iomap_dio_rw+0x30/0x70 [ 387.194682][T29021] ? ext4_file_write_iter+0x4a1/0x11f0 [ 387.200301][T29021] ext4_file_write_iter+0xabe/0x11f0 [ 387.205574][T29021] ? ext4_file_write_iter+0x4a1/0x11f0 [ 387.211097][T29021] do_iter_readv_writev+0x2de/0x380 [ 387.216290][T29021] do_iter_write+0x192/0x5c0 [ 387.220910][T29021] ? splice_from_pipe_next+0x34f/0x3b0 [ 387.226409][T29021] ? kmalloc_array+0x2d/0x40 [ 387.230982][T29021] vfs_iter_write+0x4c/0x70 [ 387.235533][T29021] iter_file_splice_write+0x43a/0x790 [ 387.241265][T29021] ? splice_from_pipe+0xd0/0xd0 [ 387.246318][T29021] direct_splice_actor+0x80/0xa0 [ 387.251329][T29021] splice_direct_to_actor+0x345/0x650 [ 387.256729][T29021] ? do_splice_direct+0x190/0x190 [ 387.261857][T29021] do_splice_direct+0x106/0x190 [ 387.266693][T29021] do_sendfile+0x63e/0xbb0 [ 387.271205][T29021] __x64_sys_sendfile64+0x102/0x140 [ 387.276387][T29021] do_syscall_64+0x44/0xa0 [ 387.280819][T29021] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 387.286706][T29021] RIP: 0033:0x7fca7d004739 [ 387.291188][T29021] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 387.310963][T29021] RSP: 002b:00007fca7ad7c188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 387.319363][T29021] RAX: ffffffffffffffda RBX: 00007fca7d108f80 RCX: 00007fca7d004739 [ 387.327405][T29021] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000003 [ 387.335729][T29021] RBP: 00007fca7ad7c1d0 R08: 0000000000000000 R09: 0000000000000000 [ 387.343922][T29021] R10: 0000000401ffc000 R11: 0000000000000246 R12: 0000000000000002 [ 387.352136][T29021] R13: 00007ffff87c0eff R14: 00007fca7ad7c300 R15: 0000000000022000 11:14:17 executing program 2 (fault-call:5 fault-nth:78): getpid() syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = open(&(0x7f00000001c0)='./file0\x00', 0x4e141, 0x0) r1 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x401ffc000) 11:14:17 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000240)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{0x0}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') write$binfmt_script(0xffffffffffffffff, 0x0, 0x8800000) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0) ioctl$SG_IO(r1, 0x2285, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8914, 0x0) r2 = open(&(0x7f00000001c0)='./file0\x00', 0x4e141, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r2, r3, 0x0, 0x401ffc000) [ 387.431792][T29038] loop0: detected capacity change from 0 to 61 [ 387.446842][T29038] handle_bad_sector: 2 callbacks suppressed [ 387.446869][T29038] attempt to access beyond end of device [ 387.446869][T29038] loop0: rw=2049, want=64, limit=61 11:14:17 executing program 0: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f00000000c0)='./file1\x00', 0x7aca, 0x1, &(0x7f00000002c0)=[{&(0x7f0000000180)="040005090000000066617400040409000200027400f801", 0x17}], 0x0, &(0x7f0000000100)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') setxattr$security_evm(&(0x7f0000000080)='./file0\x00', &(0x7f0000000100), &(0x7f0000000140)=@v1={0x2, "196dd722abe8011633d1b2c24cef3e36e28b"}, 0x13, 0x3) r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknodat$null(r0, &(0x7f00000001c0)='./file1\x00', 0x20, 0x103) r1 = open(&(0x7f00000000c0)='./file0\x00', 0x40c2, 0x0) write(r1, &(0x7f0000001400)="bb8f9f640903127a53527c6fbfe65d43b0e0586f2d40c7e7df58cac83420e83662d6e39bb6d5430622431454eedeeaee423d8f210bc3525fa7927c18d5fbc91ab13c2041136047d8da9375934d00f325499bfe77", 0x54) write$P9_RSTAT(r1, &(0x7f0000000240)={0x54, 0x7d, 0x0, {0x0, 0x4d, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0, 0x0, '', 0x6, 'msdos\x00', 0xa, '/dev/vcsu\x00', 0xa, '\\j}/*/|,\x13('}}, 0x54) [ 387.501504][T29045] loop4: detected capacity change from 0 to 262160 [ 387.512456][T29050] FAULT_INJECTION: forcing a failure. [ 387.512456][T29050] name failslab, interval 1, probability 0, space 0, times 0 [ 387.525148][T29050] CPU: 1 PID: 29050 Comm: syz-executor.2 Not tainted 5.15.0-rc1-syzkaller #0 [ 387.533934][T29050] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 387.544212][T29050] Call Trace: [ 387.545185][T29045] FAT-fs (loop4): bogus number of reserved sectors [ 387.547553][T29050] dump_stack_lvl+0xd6/0x122 [ 387.554096][T29045] FAT-fs (loop4): Can't find a valid FAT filesystem [ 387.558762][T29050] dump_stack+0x11/0x1b [ 387.569476][T29050] should_fail+0x23c/0x250 [ 387.573956][T29050] ? mempool_alloc_slab+0x16/0x20 [ 387.579203][T29050] __should_failslab+0x81/0x90 [ 387.583980][T29050] should_failslab+0x5/0x20 [ 387.588497][T29050] kmem_cache_alloc+0x4f/0x300 [ 387.593329][T29050] mempool_alloc_slab+0x16/0x20 [ 387.598177][T29050] ? mempool_free+0x130/0x130 [ 387.602862][T29050] mempool_alloc+0x9d/0x310 [ 387.607366][T29050] ? crypto_shash_update+0x13c/0x1a0 [ 387.612700][T29050] ? pagecache_get_page+0x7aa/0x910 [ 387.617902][T29050] sg_pool_alloc+0x74/0x90 [ 387.622408][T29050] __sg_alloc_table+0xce/0x290 [ 387.627283][T29050] sg_alloc_table_chained+0xaf/0x140 [ 387.632598][T29050] ? sg_alloc_table_chained+0x140/0x140 [ 387.638244][T29050] scsi_alloc_sgtables+0x184/0x510 [ 387.643347][T29050] sd_init_command+0x952/0x1610 [ 387.648257][T29050] scsi_queue_rq+0x10cd/0x15a0 [ 387.653030][T29050] blk_mq_dispatch_rq_list+0x63b/0x1080 [ 387.658619][T29050] blk_mq_do_dispatch_sched+0x3b5/0x640 [ 387.664229][T29050] __blk_mq_sched_dispatch_requests+0x1eb/0x290 [ 387.670599][T29050] ? rb_insert_color+0x2fa/0x310 [ 387.675662][T29050] blk_mq_sched_dispatch_requests+0x9f/0x110 [ 387.681759][T29050] __blk_mq_run_hw_queue+0xbc/0x140 [ 387.686963][T29050] __blk_mq_delay_run_hw_queue+0x163/0x2f0 [ 387.692911][T29050] blk_mq_run_hw_queue+0x22c/0x250 [ 387.698011][T29050] blk_mq_sched_insert_requests+0x12b/0x1f0 [ 387.703989][T29050] blk_mq_flush_plug_list+0x302/0x3d0 [ 387.709369][T29050] blk_flush_plug_list+0x235/0x260 [ 387.714467][T29050] blk_finish_plug+0x44/0x60 [ 387.719182][T29050] __iomap_dio_rw+0xca7/0x1010 [ 387.724118][T29050] iomap_dio_rw+0x30/0x70 [ 387.728431][T29050] ? ext4_file_write_iter+0x4a1/0x11f0 [ 387.734143][T29050] ext4_file_write_iter+0xabe/0x11f0 [ 387.739426][T29050] ? ext4_file_write_iter+0x4a1/0x11f0 [ 387.744883][T29050] do_iter_readv_writev+0x2de/0x380 [ 387.750068][T29050] do_iter_write+0x192/0x5c0 [ 387.754655][T29050] ? splice_from_pipe_next+0x34f/0x3b0 [ 387.760155][T29050] ? kmalloc_array+0x2d/0x40 [ 387.764736][T29050] vfs_iter_write+0x4c/0x70 [ 387.769600][T29050] iter_file_splice_write+0x43a/0x790 [ 387.775022][T29050] ? splice_from_pipe+0xd0/0xd0 [ 387.779855][T29050] direct_splice_actor+0x80/0xa0 [ 387.784918][T29050] splice_direct_to_actor+0x345/0x650 [ 387.790429][T29050] ? do_splice_direct+0x190/0x190 [ 387.795678][T29050] do_splice_direct+0x106/0x190 [ 387.800602][T29050] do_sendfile+0x63e/0xbb0 [ 387.805067][T29050] __x64_sys_sendfile64+0x102/0x140 [ 387.810263][T29050] do_syscall_64+0x44/0xa0 [ 387.814789][T29050] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 387.820864][T29050] RIP: 0033:0x7fca7d004739 [ 387.825312][T29050] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 387.844911][T29050] RSP: 002b:00007fca7ad7c188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 11:14:18 executing program 5: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f00000000c0)='./file1\x00', 0x7aca, 0x1, &(0x7f00000002c0)=[{&(0x7f0000000180)="040005090000000066617400040409000200027400f801", 0x17}], 0x0, &(0x7f0000000080)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') r0 = open(0x0, 0x40c2, 0x0) write(r0, &(0x7f0000001400)="bb", 0x1001) r1 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r1, &(0x7f0000000300)=ANY=[], 0x116) sendfile(r1, r1, &(0x7f0000000240), 0x7fff) creat(&(0x7f0000000100)='./file1\x00', 0x1a2) sendfile(r1, r0, &(0x7f0000000080), 0x684aa014) write$binfmt_script(r0, 0x0, 0x60) ioctl$FS_IOC_GETFSMAP(0xffffffffffffffff, 0xc0c0583b, &(0x7f0000000300)=ANY=[@ANYBLOB="000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000300000001000000ff00000000000000d71f1e0500000000080000000000000039000000000000000000000000000000000000000000000000000000000000009e0f0000c70000000800000000000000000000000000000000000000000000000200"/320]) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) gettid() wait4(0x0, 0x0, 0x4000000a, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000002c0)="0f34", 0x2}], 0x1, 0x0) [ 387.853366][T29050] RAX: ffffffffffffffda RBX: 00007fca7d108f80 RCX: 00007fca7d004739 [ 387.861377][T29050] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000003 [ 387.869628][T29050] RBP: 00007fca7ad7c1d0 R08: 0000000000000000 R09: 0000000000000000 [ 387.877630][T29050] R10: 0000000401ffc000 R11: 0000000000000246 R12: 0000000000000002 [ 387.885592][T29050] R13: 00007ffff87c0eff R14: 00007fca7ad7c300 R15: 0000000000022000 [ 387.980501][T29065] loop0: detected capacity change from 0 to 61 [ 388.008636][T29065] attempt to access beyond end of device [ 388.008636][T29065] loop0: rw=2049, want=64, limit=61 11:14:19 executing program 3: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f00000000c0)='./file1\x00', 0x7aca, 0x1, &(0x7f00000002c0)=[{&(0x7f0000000180)}], 0x0, &(0x7f0000000080)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') r0 = open(&(0x7f00000000c0)='./file0\x00', 0x40c2, 0x0) write(r0, &(0x7f0000001400)="bb", 0x1001) r1 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r1, &(0x7f0000000300)=ANY=[], 0x116) sendfile(r1, r1, &(0x7f0000000240), 0x7fff) creat(&(0x7f0000000100)='./file1\x00', 0x1a2) sendfile(r1, r0, &(0x7f0000000080), 0x684aa014) write$binfmt_script(r0, 0x0, 0x60) ioctl$FS_IOC_GETFSMAP(0xffffffffffffffff, 0xc0c0583b, &(0x7f0000000300)=ANY=[@ANYBLOB="000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000300000001000000ff00000000000000d71f1e0500000000080000000000000039000000000000000000000000000000000000000000000000000000000000009e0f0000c70000000800000000000000000000000000000000000000000000000200"/320]) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() wait4(0x0, 0x0, 0x4000000a, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000002c0)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r2, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0, 0x34}, {&(0x7f0000000000)=""/3, 0x3}], 0x3, 0x0, 0x0, 0x0) tkill(r2, 0x3c) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x48, &(0x7f0000000300)="f43970da7cfeb6d42fd55103666c5762306aa6000000006e59b65f92b10000c571b846e84785185abde7d01894a79025a799ce07a8bdf0c91d32be313b558a8b5a3ae6a22cd7123b"}}], 0x1c) 11:14:19 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000240)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = open(0x0, 0x0, 0x0) sendfile(r1, 0xffffffffffffffff, 0x0, 0x80000001) r2 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r2, &(0x7f0000000300)=ANY=[], 0x116) sendfile(r2, r2, &(0x7f0000000240), 0x7fff) r3 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) sendfile(r3, r3, &(0x7f0000000240), 0x7fff) 11:14:19 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000240)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{0x0}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') write$binfmt_script(0xffffffffffffffff, 0x0, 0x8800000) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0) ioctl$SG_IO(r1, 0x2285, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8914, 0x0) r2 = open(&(0x7f00000001c0)='./file0\x00', 0x4e141, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r2, r3, 0x0, 0x401ffc000) 11:14:19 executing program 2 (fault-call:5 fault-nth:79): getpid() syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = open(&(0x7f00000001c0)='./file0\x00', 0x4e141, 0x0) r1 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x401ffc000) 11:14:19 executing program 0: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f00000000c0)='./file1\x00', 0x7aca, 0x1, &(0x7f00000002c0)=[{&(0x7f0000000180)="040005090000000066617400040409000200027400f801", 0x17}], 0x0, &(0x7f0000000100)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') r0 = open(&(0x7f00000000c0)='./file0\x00', 0x40c2, 0x0) write(r0, &(0x7f0000001400)="bb8f9f640903127a53527c6fbfe65d43b0e0586f2d40c7e7df58cac83420e83662d6e39bb6d5430622431454eedeeaee423d8f210bc3525fa7927c18d5fbc91ab13c2041136047d8da9375934d00f325499bfe77", 0x54) rename(&(0x7f0000000080)='./file0\x00', &(0x7f0000000100)='./file1\x00') write$P9_RSTAT(r0, &(0x7f0000000240)={0x54, 0x7d, 0x0, {0x0, 0x4d, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0, 0x0, '', 0x6, 'msdos\x00', 0xa, '/dev/vcsu\x00', 0xa, '\\j}/*/|,\x13('}}, 0x54) 11:14:19 executing program 5: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f00000000c0)='./file1\x00', 0x7aca, 0x1, &(0x7f00000002c0)=[{&(0x7f0000000180)="040005090000000066617400040409000200027400f801", 0x17}], 0x0, &(0x7f0000000080)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') r0 = open(0x0, 0x40c2, 0x0) write(r0, &(0x7f0000001400)="bb", 0x1001) r1 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r1, &(0x7f0000000300)=ANY=[], 0x116) sendfile(r1, r1, &(0x7f0000000240), 0x7fff) creat(&(0x7f0000000100)='./file1\x00', 0x1a2) sendfile(r1, r0, &(0x7f0000000080), 0x684aa014) write$binfmt_script(r0, 0x0, 0x60) ioctl$FS_IOC_GETFSMAP(0xffffffffffffffff, 0xc0c0583b, &(0x7f0000000300)=ANY=[@ANYBLOB="000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000300000001000000ff00000000000000d71f1e0500000000080000000000000039000000000000000000000000000000000000000000000000000000000000009e0f0000c70000000800000000000000000000000000000000000000000000000200"/320]) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) gettid() wait4(0x0, 0x0, 0x4000000a, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000002c0)="0f34", 0x2}], 0x1, 0x0) [ 389.741655][T29092] loop0: detected capacity change from 0 to 61 [ 389.748279][T29095] loop4: detected capacity change from 0 to 262160 [ 389.767224][T29091] FAULT_INJECTION: forcing a failure. [ 389.767224][T29091] name failslab, interval 1, probability 0, space 0, times 0 [ 389.779886][T29091] CPU: 1 PID: 29091 Comm: syz-executor.2 Not tainted 5.15.0-rc1-syzkaller #0 [ 389.788643][T29091] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 389.796791][T29092] attempt to access beyond end of device [ 389.796791][T29092] loop0: rw=2049, want=64, limit=61 [ 389.798784][T29091] Call Trace: [ 389.798793][T29091] dump_stack_lvl+0xd6/0x122 [ 389.817298][T29091] dump_stack+0x11/0x1b [ 389.821459][T29091] should_fail+0x23c/0x250 [ 389.825876][T29091] ? kmalloc_array+0x2d/0x40 [ 389.830451][T29091] __should_failslab+0x81/0x90 [ 389.835205][T29091] should_failslab+0x5/0x20 [ 389.839700][T29091] __kmalloc+0x6f/0x350 [ 389.844081][T29091] kmalloc_array+0x2d/0x40 [ 389.848517][T29091] iter_file_splice_write+0xd5/0x790 [ 389.854065][T29091] ? atime_needs_update+0x2ba/0x390 [ 389.859263][T29091] ? touch_atime+0xe0/0x250 [ 389.863764][T29091] ? generic_file_splice_read+0x2ac/0x340 [ 389.869550][T29091] ? splice_from_pipe+0xd0/0xd0 [ 389.874464][T29091] direct_splice_actor+0x80/0xa0 [ 389.879405][T29091] splice_direct_to_actor+0x345/0x650 [ 389.884773][T29091] ? do_splice_direct+0x190/0x190 [ 389.890221][T29091] do_splice_direct+0x106/0x190 [ 389.895065][T29091] do_sendfile+0x63e/0xbb0 [ 389.902442][T29091] __x64_sys_sendfile64+0x102/0x140 [ 389.907738][T29091] do_syscall_64+0x44/0xa0 [ 389.912195][T29091] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 389.918085][T29091] RIP: 0033:0x7fca7d004739 [ 389.922490][T29091] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 11:14:20 executing program 5: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f00000000c0)='./file1\x00', 0x7aca, 0x1, &(0x7f00000002c0)=[{&(0x7f0000000180)="040005090000000066617400040409000200027400f801", 0x17}], 0x0, &(0x7f0000000080)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') r0 = open(0x0, 0x40c2, 0x0) write(r0, &(0x7f0000001400)="bb", 0x1001) r1 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r1, &(0x7f0000000300)=ANY=[], 0x116) sendfile(r1, r1, &(0x7f0000000240), 0x7fff) creat(&(0x7f0000000100)='./file1\x00', 0x1a2) sendfile(r1, r0, &(0x7f0000000080), 0x684aa014) write$binfmt_script(r0, 0x0, 0x60) ioctl$FS_IOC_GETFSMAP(0xffffffffffffffff, 0xc0c0583b, &(0x7f0000000300)=ANY=[@ANYBLOB="000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000300000001000000ff00000000000000d71f1e0500000000080000000000000039000000000000000000000000000000000000000000000000000000000000009e0f0000c70000000800000000000000000000000000000000000000000000000200"/320]) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) gettid() wait4(0x0, 0x0, 0x4000000a, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000002c0)="0f34", 0x2}], 0x1, 0x0) [ 389.942094][T29091] RSP: 002b:00007fca7ad7c188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 389.950594][T29091] RAX: ffffffffffffffda RBX: 00007fca7d108f80 RCX: 00007fca7d004739 [ 389.958551][T29091] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000003 [ 389.966508][T29091] RBP: 00007fca7ad7c1d0 R08: 0000000000000000 R09: 0000000000000000 [ 389.974477][T29091] R10: 0000000401ffc000 R11: 0000000000000246 R12: 0000000000000002 [ 389.982453][T29091] R13: 00007ffff87c0eff R14: 00007fca7ad7c300 R15: 0000000000022000 11:14:20 executing program 2 (fault-call:5 fault-nth:80): getpid() syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = open(&(0x7f00000001c0)='./file0\x00', 0x4e141, 0x0) r1 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x401ffc000) 11:14:20 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000240)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') write$binfmt_script(0xffffffffffffffff, 0x0, 0x8800000) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0) ioctl$SG_IO(r1, 0x2285, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8914, 0x0) r2 = open(&(0x7f00000001c0)='./file0\x00', 0x4e141, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r2, r3, 0x0, 0x401ffc000) 11:14:20 executing program 0: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f00000000c0)='./file1\x00', 0x7aca, 0x1, &(0x7f00000002c0)=[{&(0x7f0000000180)="040005090000000066617400040409000200027400f801", 0x17}], 0x0, &(0x7f0000000100)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') r0 = open(&(0x7f00000000c0)='./file0\x00', 0x40c2, 0x0) write(r0, &(0x7f0000001400)="bb8f9f640903127a53527c6fbfe65d43b0e0586f2d40c7e7df58cac83420e83662d6e39bb6d5430622431454eedeeaee423d8f210bc3525fa7927c18d5fbc91ab13c2041136047d8da9375934d00f325499bfe77", 0x54) r1 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r1, &(0x7f0000000300)=ANY=[], 0x116) sendfile(r1, r1, &(0x7f0000000240), 0x7fff) write$P9_RSTAT(r1, &(0x7f00000004c0)=ANY=[@ANYBLOB="540000007d000000004d00000000000000cddf0741ff00000000040000000000000000000000000000010000000000000000000006006d73646f73000a002f6465762f76637375000a005c6a7d2f2a2f7c2c13283137c3c8f7563aca8a7f766af08dbddd5c1946df3761b4315da1ea1b2c70f7040a683e0c8df24280a1e0d399a41fdf5197fb86eb581c561e1630238c4e2d41433739c59e3160d320b11bfae002e5a1404719fa6fe9795c6faaac92caa6886b8dd9d2041c15353c0aff04954c696f6df39511aa48f9368e147aca4150e1df4c93ad3557bb8de3ccbe3c98f9e62c2b606741ea3a0d973da4dc2926902f00dc21a74e7759768b706cdb784384837a9445554e13622d088aa3168f230d9cba1f96c687e0df611b2bf89829d864beed832c243b88", @ANYRES16=r1, @ANYRESHEX=r0], 0x4d) [ 390.037395][T29092] attempt to access beyond end of device [ 390.037395][T29092] loop0: rw=2049, want=72, limit=61 [ 390.055625][T29095] FAT-fs (loop4): bogus number of reserved sectors [ 390.062503][T29095] FAT-fs (loop4): Can't find a valid FAT filesystem [ 390.108275][T29119] FAULT_INJECTION: forcing a failure. [ 390.108275][T29119] name failslab, interval 1, probability 0, space 0, times 0 [ 390.121044][T29119] CPU: 1 PID: 29119 Comm: syz-executor.2 Not tainted 5.15.0-rc1-syzkaller #0 [ 390.129866][T29119] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 390.139914][T29119] Call Trace: [ 390.143184][T29119] dump_stack_lvl+0xd6/0x122 [ 390.147763][T29119] dump_stack+0x11/0x1b [ 390.152017][T29119] should_fail+0x23c/0x250 [ 390.156436][T29119] ? mempool_alloc_slab+0x16/0x20 [ 390.161527][T29119] __should_failslab+0x81/0x90 [ 390.166311][T29119] should_failslab+0x5/0x20 [ 390.170958][T29119] kmem_cache_alloc+0x4f/0x300 [ 390.175708][T29119] mempool_alloc_slab+0x16/0x20 [ 390.180564][T29119] ? mempool_free+0x130/0x130 [ 390.185310][T29119] mempool_alloc+0x9d/0x310 [ 390.189806][T29119] bio_alloc_bioset+0xcc/0x530 [ 390.194601][T29119] ? iov_iter_alignment+0x34b/0x370 [ 390.199791][T29119] iomap_dio_bio_iter+0x5e1/0xc00 [ 390.204851][T29119] __iomap_dio_rw+0x8d8/0x1010 [ 390.209707][T29119] iomap_dio_rw+0x30/0x70 [ 390.214025][T29119] ? ext4_file_write_iter+0x4a1/0x11f0 [ 390.219549][T29119] ext4_file_write_iter+0xabe/0x11f0 [ 390.224881][T29119] ? ext4_file_write_iter+0x4a1/0x11f0 [ 390.230326][T29119] do_iter_readv_writev+0x2de/0x380 [ 390.235511][T29119] do_iter_write+0x192/0x5c0 [ 390.240169][T29119] ? splice_from_pipe_next+0x34f/0x3b0 [ 390.245674][T29119] ? kcsan_setup_watchpoint+0x241/0x3f0 [ 390.251290][T29119] vfs_iter_write+0x4c/0x70 [ 390.255883][T29119] iter_file_splice_write+0x43a/0x790 [ 390.261276][T29119] ? splice_from_pipe+0xd0/0xd0 [ 390.266107][T29119] direct_splice_actor+0x80/0xa0 [ 390.271102][T29119] splice_direct_to_actor+0x345/0x650 [ 390.276453][T29119] ? do_splice_direct+0x190/0x190 [ 390.281456][T29119] do_splice_direct+0x106/0x190 [ 390.286289][T29119] do_sendfile+0x63e/0xbb0 [ 390.290857][T29119] __x64_sys_sendfile64+0x102/0x140 [ 390.296089][T29119] do_syscall_64+0x44/0xa0 [ 390.300508][T29119] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 390.306428][T29119] RIP: 0033:0x7fca7d004739 [ 390.310822][T29119] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 390.330460][T29119] RSP: 002b:00007fca7ad7c188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 390.338856][T29119] RAX: ffffffffffffffda RBX: 00007fca7d108f80 RCX: 00007fca7d004739 [ 390.346927][T29119] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000003 [ 390.355058][T29119] RBP: 00007fca7ad7c1d0 R08: 0000000000000000 R09: 0000000000000000 [ 390.363026][T29119] R10: 0000000401ffc000 R11: 0000000000000246 R12: 0000000000000002 [ 390.371068][T29119] R13: 00007ffff87c0eff R14: 00007fca7ad7c300 R15: 0000000000022000 [ 390.416209][T29131] loop4: detected capacity change from 0 to 262160 [ 390.423973][T29133] loop0: detected capacity change from 0 to 61 [ 390.447435][T29133] attempt to access beyond end of device [ 390.447435][T29133] loop0: rw=2049, want=64, limit=61 [ 390.459833][T29133] attempt to access beyond end of device 11:14:20 executing program 2 (fault-call:5 fault-nth:81): getpid() syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = open(&(0x7f00000001c0)='./file0\x00', 0x4e141, 0x0) r1 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x401ffc000) [ 390.459833][T29133] loop0: rw=2049, want=72, limit=61 [ 390.472093][T29133] attempt to access beyond end of device [ 390.472093][T29133] loop0: rw=2049, want=72, limit=61 [ 390.499449][T29133] attempt to access beyond end of device [ 390.499449][T29133] loop0: rw=2049, want=72, limit=61 [ 390.503431][T29131] FAT-fs (loop4): bogus number of reserved sectors [ 390.513489][T29133] attempt to access beyond end of device [ 390.513489][T29133] loop0: rw=2049, want=72, limit=61 [ 390.516812][T29131] FAT-fs (loop4): Can't find a valid FAT filesystem [ 390.534729][T29139] attempt to access beyond end of device [ 390.534729][T29139] loop0: rw=2049, want=72, limit=61 [ 390.564087][T29138] FAULT_INJECTION: forcing a failure. [ 390.564087][T29138] name failslab, interval 1, probability 0, space 0, times 0 [ 390.576888][T29138] CPU: 0 PID: 29138 Comm: syz-executor.2 Not tainted 5.15.0-rc1-syzkaller #0 [ 390.585776][T29138] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 390.595822][T29138] Call Trace: [ 390.599101][T29138] dump_stack_lvl+0xd6/0x122 [ 390.603750][T29138] dump_stack+0x11/0x1b [ 390.607911][T29138] should_fail+0x23c/0x250 [ 390.612424][T29138] ? kmalloc_array+0x2d/0x40 [ 390.617054][T29138] __should_failslab+0x81/0x90 [ 390.621838][T29138] should_failslab+0x5/0x20 [ 390.626396][T29138] __kmalloc+0x6f/0x350 [ 390.630664][T29138] kmalloc_array+0x2d/0x40 [ 390.635108][T29138] iter_file_splice_write+0xd5/0x790 [ 390.640398][T29138] ? atime_needs_update+0x2ba/0x390 [ 390.645663][T29138] ? touch_atime+0xe0/0x250 [ 390.650164][T29138] ? generic_file_splice_read+0x2ac/0x340 [ 390.655892][T29138] ? splice_from_pipe+0xd0/0xd0 [ 390.660738][T29138] direct_splice_actor+0x80/0xa0 [ 390.665718][T29138] splice_direct_to_actor+0x345/0x650 [ 390.671070][T29138] ? do_splice_direct+0x190/0x190 [ 390.676074][T29138] do_splice_direct+0x106/0x190 [ 390.680909][T29138] do_sendfile+0x63e/0xbb0 [ 390.685411][T29138] __x64_sys_sendfile64+0x102/0x140 [ 390.690672][T29138] do_syscall_64+0x44/0xa0 [ 390.695144][T29138] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 390.701089][T29138] RIP: 0033:0x7fca7d004739 [ 390.705507][T29138] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 390.725176][T29138] RSP: 002b:00007fca7ad7c188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 390.733580][T29138] RAX: ffffffffffffffda RBX: 00007fca7d108f80 RCX: 00007fca7d004739 [ 390.741780][T29138] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000003 [ 390.749734][T29138] RBP: 00007fca7ad7c1d0 R08: 0000000000000000 R09: 0000000000000000 [ 390.757707][T29138] R10: 0000000401ffc000 R11: 0000000000000246 R12: 0000000000000002 11:14:20 executing program 0: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f00000000c0)='./file1\x00', 0x7aca, 0x1, &(0x7f00000002c0)=[{&(0x7f0000000180)="040005090000000066617400040409000200027400f801", 0x17}], 0x0, &(0x7f0000000100)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') r0 = open(&(0x7f00000000c0)='./file0\x00', 0x40c2, 0x0) write(r0, &(0x7f0000001400)="bb8f9f640903127a53527c6fbfe65d43b0e0586f2d40c7e7df58cac83420e83662d6e39bb6d5430622431454eedeeaee423d8f210bc3525fa7927c18d5fbc91ab13c2041136047d8da9375934d00f325499bfe77", 0x54) write$P9_RSTAT(r0, &(0x7f0000000240)=ANY=[@ANYBLOB="540000007d000000004d00000000000000000000000000000000000000000000000000000000000000000000000000000000000006008773646f730a002f6465762f76637375000a005c6a7d2f2a2f7c2c1328"], 0x54) [ 390.765766][T29138] R13: 00007ffff87c0eff R14: 00007fca7ad7c300 R15: 0000000000022000 [ 390.835055][T29151] loop0: detected capacity change from 0 to 61 11:14:22 executing program 3: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f00000000c0)='./file1\x00', 0x7aca, 0x1, &(0x7f00000002c0)=[{&(0x7f0000000180)="040005090000000066617400", 0xc}], 0x0, &(0x7f0000000080)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') r0 = open(&(0x7f00000000c0)='./file0\x00', 0x40c2, 0x0) write(r0, &(0x7f0000001400)="bb", 0x1001) r1 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r1, &(0x7f0000000300)=ANY=[], 0x116) sendfile(r1, r1, &(0x7f0000000240), 0x7fff) creat(&(0x7f0000000100)='./file1\x00', 0x1a2) sendfile(r1, r0, &(0x7f0000000080), 0x684aa014) write$binfmt_script(r0, 0x0, 0x60) ioctl$FS_IOC_GETFSMAP(0xffffffffffffffff, 0xc0c0583b, &(0x7f0000000300)=ANY=[@ANYBLOB="000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000300000001000000ff00000000000000d71f1e0500000000080000000000000039000000000000000000000000000000000000000000000000000000000000009e0f0000c70000000800000000000000000000000000000000000000000000000200"/320]) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() wait4(0x0, 0x0, 0x4000000a, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000002c0)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r2, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0, 0x34}, {&(0x7f0000000000)=""/3, 0x3}], 0x3, 0x0, 0x0, 0x0) tkill(r2, 0x3c) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x48, &(0x7f0000000300)="f43970da7cfeb6d42fd55103666c5762306aa6000000006e59b65f92b10000c571b846e84785185abde7d01894a79025a799ce07a8bdf0c91d32be313b558a8b5a3ae6a22cd7123b"}}], 0x1c) 11:14:22 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000240)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = open(0x0, 0x0, 0x0) sendfile(r1, 0xffffffffffffffff, 0x0, 0x80000001) r2 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r2, &(0x7f0000000300)=ANY=[], 0x116) sendfile(r2, r2, &(0x7f0000000240), 0x7fff) r3 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) sendfile(r3, r3, &(0x7f0000000240), 0x7fff) 11:14:22 executing program 5: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f00000000c0)='./file1\x00', 0x7aca, 0x1, &(0x7f00000002c0)=[{&(0x7f0000000180)="040005090000000066617400040409000200027400f801", 0x17}], 0x0, &(0x7f0000000080)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') r0 = open(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) write(r0, &(0x7f0000001400)="bb", 0x1001) r1 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r1, &(0x7f0000000300)=ANY=[], 0x116) sendfile(r1, r1, &(0x7f0000000240), 0x7fff) creat(&(0x7f0000000100)='./file1\x00', 0x1a2) sendfile(r1, r0, &(0x7f0000000080), 0x684aa014) write$binfmt_script(r0, 0x0, 0x60) ioctl$FS_IOC_GETFSMAP(0xffffffffffffffff, 0xc0c0583b, &(0x7f0000000300)=ANY=[@ANYBLOB="000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000300000001000000ff00000000000000d71f1e0500000000080000000000000039000000000000000000000000000000000000000000000000000000000000009e0f0000c70000000800000000000000000000000000000000000000000000000200"/320]) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) gettid() wait4(0x0, 0x0, 0x4000000a, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000002c0)="0f34", 0x2}], 0x1, 0x0) 11:14:22 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000240)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') write$binfmt_script(0xffffffffffffffff, 0x0, 0x8800000) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0) ioctl$SG_IO(r1, 0x2285, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8914, 0x0) r2 = open(&(0x7f00000001c0)='./file0\x00', 0x4e141, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r2, r3, 0x0, 0x401ffc000) 11:14:22 executing program 2 (fault-call:5 fault-nth:82): getpid() syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = open(&(0x7f00000001c0)='./file0\x00', 0x4e141, 0x0) r1 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x401ffc000) 11:14:22 executing program 0: r0 = syz_mount_image$msdos(&(0x7f0000000040), &(0x7f00000000c0)='./file1\x00', 0x7aca, 0x1, &(0x7f00000002c0)=[{&(0x7f0000000180)="040005090000000066617400040409000200027400f801", 0x17}], 0x0, &(0x7f0000000100)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') r1 = open(&(0x7f00000000c0)='./file0\x00', 0x40c2, 0x0) unlinkat(r0, &(0x7f0000000080)='./file0\x00', 0x0) write(r1, &(0x7f0000001400)="bb8f9f640903127a53527c6fbfe65d43b0e0586f2d40c7e7df58cac83420e83662d6e39bb6d5430622431454eedeeaee423d8f210bc3525fa7927c18d5fbc91ab13c2041136047d8da9375934d00f325499bfe77", 0x54) write$P9_RSTAT(r1, &(0x7f0000000100)=ANY=[@ANYBLOB="540000007d000000004df8a70e8c136d000400007de01a60a16300000000000000000000000000000000000000000000000000000000000000000000000000000000000006006d736450000000002f6465762f76637375000a005c6a7d2f2a2f7c2c1328"], 0x54) [ 392.757820][T29173] loop4: detected capacity change from 0 to 262160 [ 392.760991][T29171] loop0: detected capacity change from 0 to 61 [ 392.771716][T29173] FAT-fs (loop4): bogus number of reserved sectors [ 392.778256][T29173] FAT-fs (loop4): Can't find a valid FAT filesystem [ 392.785960][T29170] FAULT_INJECTION: forcing a failure. [ 392.785960][T29170] name failslab, interval 1, probability 0, space 0, times 0 [ 392.798804][T29170] CPU: 1 PID: 29170 Comm: syz-executor.2 Not tainted 5.15.0-rc1-syzkaller #0 [ 392.807574][T29170] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 392.817725][T29170] Call Trace: [ 392.820998][T29170] dump_stack_lvl+0xd6/0x122 [ 392.825594][T29170] dump_stack+0x11/0x1b [ 392.829739][T29170] should_fail+0x23c/0x250 [ 392.834143][T29170] ? ext4_mb_new_blocks+0x317/0x1fc0 [ 392.839531][T29170] __should_failslab+0x81/0x90 [ 392.844328][T29170] should_failslab+0x5/0x20 [ 392.848830][T29170] kmem_cache_alloc+0x4f/0x300 [ 392.853587][T29170] ext4_mb_new_blocks+0x317/0x1fc0 [ 392.858778][T29170] ? ext4_find_extent+0x7b2/0x7f0 [ 392.863802][T29170] ? ext4_ext_search_right+0x246/0x540 [ 392.869247][T29170] ext4_ext_map_blocks+0x15ed/0x1ff0 [ 392.874520][T29170] ? ext4_es_lookup_extent+0x36b/0x490 [ 392.879963][T29170] ext4_map_blocks+0x71e/0xf00 [ 392.884727][T29170] ? crypto_shash_update+0x13c/0x1a0 [ 392.890086][T29170] ext4_iomap_begin+0x4b0/0x630 [ 392.895032][T29170] ? ext4_alloc_da_blocks+0xd0/0xd0 [ 392.900335][T29170] iomap_iter+0x39c/0x470 [ 392.904692][T29170] __iomap_dio_rw+0x698/0x1010 [ 392.909786][T29170] ? __ext4_mark_inode_dirty+0x501/0x5c0 [ 392.915514][T29170] iomap_dio_rw+0x30/0x70 [ 392.919843][T29170] ? ext4_file_write_iter+0x4a1/0x11f0 [ 392.925379][T29170] ext4_file_write_iter+0xabe/0x11f0 [ 392.930651][T29170] ? ext4_file_write_iter+0x4a1/0x11f0 [ 392.936107][T29170] do_iter_readv_writev+0x2de/0x380 [ 392.941328][T29170] do_iter_write+0x192/0x5c0 [ 392.946088][T29170] ? splice_from_pipe_next+0x34f/0x3b0 [ 392.951629][T29170] ? kmalloc_array+0x2d/0x40 [ 392.956204][T29170] vfs_iter_write+0x4c/0x70 [ 392.960706][T29170] iter_file_splice_write+0x43a/0x790 [ 392.966167][T29170] ? splice_from_pipe+0xd0/0xd0 [ 392.971016][T29170] direct_splice_actor+0x80/0xa0 [ 392.975974][T29170] splice_direct_to_actor+0x345/0x650 [ 392.981344][T29170] ? do_splice_direct+0x190/0x190 [ 392.986516][T29170] do_splice_direct+0x106/0x190 [ 392.991400][T29170] do_sendfile+0x63e/0xbb0 [ 392.996018][T29170] __x64_sys_sendfile64+0x102/0x140 [ 393.001430][T29170] do_syscall_64+0x44/0xa0 [ 393.005893][T29170] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 393.012358][T29170] RIP: 0033:0x7fca7d004739 [ 393.016847][T29170] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 393.037003][T29170] RSP: 002b:00007fca7ad7c188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 393.045663][T29170] RAX: ffffffffffffffda RBX: 00007fca7d108f80 RCX: 00007fca7d004739 11:14:23 executing program 2 (fault-call:5 fault-nth:83): getpid() syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = open(&(0x7f00000001c0)='./file0\x00', 0x4e141, 0x0) r1 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x401ffc000) [ 393.053632][T29170] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000003 [ 393.061766][T29170] RBP: 00007fca7ad7c1d0 R08: 0000000000000000 R09: 0000000000000000 [ 393.069722][T29170] R10: 0000000401ffc000 R11: 0000000000000246 R12: 0000000000000002 [ 393.077763][T29170] R13: 00007ffff87c0eff R14: 00007fca7ad7c300 R15: 0000000000022000 [ 393.094853][T29171] FAT-fs (loop0): Unrecognized mount option "T" or missing value 11:14:23 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000240)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') write$binfmt_script(0xffffffffffffffff, 0x0, 0x8800000) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0) ioctl$SG_IO(r1, 0x2285, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8914, 0x0) r2 = open(&(0x7f00000001c0)='./file0\x00', 0x4e141, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r2, r3, 0x0, 0x401ffc000) [ 393.141293][T29171] loop0: detected capacity change from 0 to 61 [ 393.149261][T29171] FAT-fs (loop0): Unrecognized mount option "T" or missing value [ 393.170541][T29190] FAULT_INJECTION: forcing a failure. [ 393.170541][T29190] name failslab, interval 1, probability 0, space 0, times 0 11:14:23 executing program 0: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f00000000c0)='./file1\x00', 0x7aca, 0x1, &(0x7f00000002c0)=[{&(0x7f0000000180)="040005090000000066617400040409000200027400f801", 0x17}], 0x0, &(0x7f0000000100)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') r0 = open(&(0x7f00000000c0)='./file0\x00', 0x40c2, 0x0) write(r0, &(0x7f0000001400)="bb8f9f640903127a53527c6fbfe65d43b0e0586f2d40c7e7df58cac83420e83662d6e39bb6d5430622431454eedeeaee423d8f210bc3525fa7927c18d5fbc91ab13c2041136047d8da9375934d00f325499bfe77", 0x54) setxattr$trusted_overlay_nlink(&(0x7f0000000100)='./file0\x00', &(0x7f0000000140), &(0x7f00000001c0)={'L-', 0x1}, 0x16, 0x1) ioctl$EVIOCGABS3F(r0, 0x8018457f, &(0x7f0000000080)=""/57) write$P9_RSTAT(r0, &(0x7f0000000240)={0x54, 0x7d, 0x0, {0x0, 0x4d, 0x0, 0x0, {}, 0x8000000, 0x0, 0x0, 0x0, 0x0, '', 0x6, 'msdos\x00', 0xa, '/dev/vcsu\x00', 0xa, '\\j}/*/|,\x13('}}, 0x54) [ 393.183495][T29190] CPU: 1 PID: 29190 Comm: syz-executor.2 Not tainted 5.15.0-rc1-syzkaller #0 [ 393.192354][T29190] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 393.202786][T29190] Call Trace: [ 393.206120][T29190] dump_stack_lvl+0xd6/0x122 [ 393.210763][T29190] dump_stack+0x11/0x1b [ 393.214931][T29190] should_fail+0x23c/0x250 [ 393.219350][T29190] __should_failslab+0x81/0x90 [ 393.224317][T29190] ? __iomap_dio_rw+0x139/0x1010 [ 393.229436][T29190] should_failslab+0x5/0x20 [ 393.234118][T29190] kmem_cache_alloc_trace+0x52/0x320 [ 393.239392][T29190] __iomap_dio_rw+0x139/0x1010 [ 393.244195][T29190] ? __ext4_mark_inode_dirty+0x502/0x5c0 [ 393.250135][T29190] ? ext4_dirty_inode+0x58/0xa0 [ 393.253363][T29201] loop4: detected capacity change from 0 to 262160 [ 393.255128][T29190] iomap_dio_rw+0x30/0x70 [ 393.265991][T29190] ? ext4_file_write_iter+0x4a1/0x11f0 [ 393.271462][T29190] ext4_file_write_iter+0xabe/0x11f0 [ 393.276753][T29190] ? ext4_file_write_iter+0x4a1/0x11f0 [ 393.282422][T29190] do_iter_readv_writev+0x2de/0x380 [ 393.284029][T29201] FAT-fs (loop4): bogus number of reserved sectors [ 393.287854][T29190] do_iter_write+0x192/0x5c0 [ 393.294530][T29201] FAT-fs (loop4): Can't find a valid FAT filesystem [ 393.299078][T29190] ? splice_from_pipe_next+0x34f/0x3b0 [ 393.311080][T29190] ? kmalloc_array+0x2d/0x40 [ 393.316571][T29190] vfs_iter_write+0x4c/0x70 [ 393.321088][T29190] iter_file_splice_write+0x43a/0x790 [ 393.326504][T29190] ? splice_from_pipe+0xd0/0xd0 [ 393.331369][T29190] direct_splice_actor+0x80/0xa0 [ 393.336458][T29190] splice_direct_to_actor+0x345/0x650 [ 393.341821][T29190] ? do_splice_direct+0x190/0x190 [ 393.346854][T29190] do_splice_direct+0x106/0x190 [ 393.351698][T29190] do_sendfile+0x63e/0xbb0 [ 393.356157][T29190] __x64_sys_sendfile64+0x102/0x140 [ 393.361375][T29190] do_syscall_64+0x44/0xa0 [ 393.365797][T29190] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 393.371699][T29190] RIP: 0033:0x7fca7d004739 [ 393.376095][T29190] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 393.395693][T29190] RSP: 002b:00007fca7ad7c188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 393.404229][T29190] RAX: ffffffffffffffda RBX: 00007fca7d108f80 RCX: 00007fca7d004739 [ 393.412307][T29190] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000003 [ 393.420278][T29190] RBP: 00007fca7ad7c1d0 R08: 0000000000000000 R09: 0000000000000000 [ 393.428240][T29190] R10: 0000000401ffc000 R11: 0000000000000246 R12: 0000000000000002 [ 393.436259][T29190] R13: 00007ffff87c0eff R14: 00007fca7ad7c300 R15: 0000000000022000 11:14:23 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000240)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400", 0xc}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') write$binfmt_script(0xffffffffffffffff, 0x0, 0x8800000) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0) ioctl$SG_IO(r1, 0x2285, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8914, 0x0) r2 = open(&(0x7f00000001c0)='./file0\x00', 0x4e141, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r2, r3, 0x0, 0x401ffc000) 11:14:23 executing program 2 (fault-call:5 fault-nth:84): getpid() syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = open(&(0x7f00000001c0)='./file0\x00', 0x4e141, 0x0) r1 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x401ffc000) 11:14:23 executing program 5: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f00000000c0)='./file1\x00', 0x7aca, 0x1, &(0x7f00000002c0)=[{&(0x7f0000000180)="040005090000000066617400040409000200027400f801", 0x17}], 0x0, &(0x7f0000000080)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') r0 = open(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) write(r0, &(0x7f0000001400)="bb", 0x1001) r1 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r1, &(0x7f0000000300)=ANY=[], 0x116) sendfile(r1, r1, &(0x7f0000000240), 0x7fff) creat(&(0x7f0000000100)='./file1\x00', 0x1a2) sendfile(r1, r0, &(0x7f0000000080), 0x684aa014) write$binfmt_script(r0, 0x0, 0x60) ioctl$FS_IOC_GETFSMAP(0xffffffffffffffff, 0xc0c0583b, &(0x7f0000000300)=ANY=[@ANYBLOB="000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000300000001000000ff00000000000000d71f1e0500000000080000000000000039000000000000000000000000000000000000000000000000000000000000009e0f0000c70000000800000000000000000000000000000000000000000000000200"/320]) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) gettid() wait4(0x0, 0x0, 0x4000000a, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000002c0)="0f34", 0x2}], 0x1, 0x0) [ 393.523593][T29211] loop0: detected capacity change from 0 to 61 [ 393.549267][T29215] loop4: detected capacity change from 0 to 262160 [ 393.553553][T29211] handle_bad_sector: 1 callbacks suppressed [ 393.553567][T29211] attempt to access beyond end of device [ 393.553567][T29211] loop0: rw=2049, want=64, limit=61 [ 393.592091][T29215] FAT-fs (loop4): bogus number of reserved sectors [ 393.598750][T29215] FAT-fs (loop4): Can't find a valid FAT filesystem [ 393.613189][T29222] FAULT_INJECTION: forcing a failure. [ 393.613189][T29222] name failslab, interval 1, probability 0, space 0, times 0 [ 393.625855][T29222] CPU: 1 PID: 29222 Comm: syz-executor.2 Not tainted 5.15.0-rc1-syzkaller #0 [ 393.634603][T29222] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 393.644925][T29222] Call Trace: [ 393.648209][T29222] dump_stack_lvl+0xd6/0x122 [ 393.652886][T29222] dump_stack+0x11/0x1b [ 393.657087][T29222] should_fail+0x23c/0x250 [ 393.661805][T29222] ? mempool_alloc_slab+0x16/0x20 [ 393.666840][T29222] __should_failslab+0x81/0x90 [ 393.671633][T29222] should_failslab+0x5/0x20 [ 393.676146][T29222] kmem_cache_alloc+0x4f/0x300 [ 393.680987][T29222] mempool_alloc_slab+0x16/0x20 [ 393.685823][T29222] ? mempool_free+0x130/0x130 [ 393.690477][T29222] mempool_alloc+0x9d/0x310 [ 393.694965][T29222] ? crypto_shash_update+0x13c/0x1a0 [ 393.700439][T29222] sg_pool_alloc+0x74/0x90 [ 393.704845][T29222] __sg_alloc_table+0xce/0x290 [ 393.709618][T29222] sg_alloc_table_chained+0xaf/0x140 [ 393.715017][T29222] ? sg_alloc_table_chained+0x140/0x140 [ 393.720700][T29222] scsi_alloc_sgtables+0x184/0x510 [ 393.726048][T29222] sd_init_command+0x952/0x1610 [ 393.730910][T29222] scsi_queue_rq+0x10cd/0x15a0 [ 393.735783][T29222] blk_mq_dispatch_rq_list+0x63b/0x1080 [ 393.741333][T29222] blk_mq_do_dispatch_sched+0x3b5/0x640 [ 393.746867][T29222] __blk_mq_sched_dispatch_requests+0x1eb/0x290 [ 393.753134][T29222] ? rb_insert_color+0x2fa/0x310 [ 393.758321][T29222] blk_mq_sched_dispatch_requests+0x9f/0x110 [ 393.764396][T29222] __blk_mq_run_hw_queue+0xbc/0x140 [ 393.769770][T29222] __blk_mq_delay_run_hw_queue+0x163/0x2f0 [ 393.775850][T29222] blk_mq_run_hw_queue+0x22c/0x250 [ 393.781131][T29222] blk_mq_sched_insert_requests+0x12b/0x1f0 [ 393.787053][T29222] blk_mq_flush_plug_list+0x302/0x3d0 [ 393.792502][T29222] blk_flush_plug_list+0x235/0x260 [ 393.797624][T29222] blk_finish_plug+0x44/0x60 [ 393.802341][T29222] __iomap_dio_rw+0xca7/0x1010 [ 393.807140][T29222] iomap_dio_rw+0x30/0x70 [ 393.811510][T29222] ? ext4_file_write_iter+0x4a1/0x11f0 [ 393.817214][T29222] ext4_file_write_iter+0xabe/0x11f0 [ 393.822743][T29222] ? ext4_file_write_iter+0x4a1/0x11f0 [ 393.828218][T29222] do_iter_readv_writev+0x2de/0x380 [ 393.833538][T29222] do_iter_write+0x192/0x5c0 [ 393.838213][T29222] ? splice_from_pipe_next+0x34f/0x3b0 [ 393.843726][T29222] ? kmalloc_array+0x2d/0x40 [ 393.848310][T29222] vfs_iter_write+0x4c/0x70 [ 393.852919][T29222] iter_file_splice_write+0x43a/0x790 [ 393.858418][T29222] ? splice_from_pipe+0xd0/0xd0 [ 393.863360][T29222] direct_splice_actor+0x80/0xa0 [ 393.868307][T29222] splice_direct_to_actor+0x345/0x650 [ 393.873681][T29222] ? do_splice_direct+0x190/0x190 [ 393.878833][T29222] do_splice_direct+0x106/0x190 [ 393.883677][T29222] do_sendfile+0x63e/0xbb0 [ 393.888090][T29222] __x64_sys_sendfile64+0x102/0x140 [ 393.893475][T29222] do_syscall_64+0x44/0xa0 [ 393.897887][T29222] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 393.903875][T29222] RIP: 0033:0x7fca7d004739 [ 393.908390][T29222] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 393.928191][T29222] RSP: 002b:00007fca7ad7c188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 393.936625][T29222] RAX: ffffffffffffffda RBX: 00007fca7d108f80 RCX: 00007fca7d004739 [ 393.944589][T29222] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000003 [ 393.952623][T29222] RBP: 00007fca7ad7c1d0 R08: 0000000000000000 R09: 0000000000000000 [ 393.960636][T29222] R10: 0000000401ffc000 R11: 0000000000000246 R12: 0000000000000002 [ 393.968610][T29222] R13: 00007ffff87c0eff R14: 00007fca7ad7c300 R15: 0000000000022000 11:14:25 executing program 3: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f00000000c0)='./file1\x00', 0x7aca, 0x1, &(0x7f00000002c0)=[{&(0x7f0000000180)="040005090000000066617400", 0xc}], 0x0, &(0x7f0000000080)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') r0 = open(&(0x7f00000000c0)='./file0\x00', 0x40c2, 0x0) write(r0, &(0x7f0000001400)="bb", 0x1001) r1 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r1, &(0x7f0000000300)=ANY=[], 0x116) sendfile(r1, r1, &(0x7f0000000240), 0x7fff) creat(&(0x7f0000000100)='./file1\x00', 0x1a2) sendfile(r1, r0, &(0x7f0000000080), 0x684aa014) write$binfmt_script(r0, 0x0, 0x60) ioctl$FS_IOC_GETFSMAP(0xffffffffffffffff, 0xc0c0583b, &(0x7f0000000300)=ANY=[@ANYBLOB="000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000300000001000000ff00000000000000d71f1e0500000000080000000000000039000000000000000000000000000000000000000000000000000000000000009e0f0000c70000000800000000000000000000000000000000000000000000000200"/320]) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() wait4(0x0, 0x0, 0x4000000a, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000002c0)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r2, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0, 0x34}, {&(0x7f0000000000)=""/3, 0x3}], 0x3, 0x0, 0x0, 0x0) tkill(r2, 0x3c) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x48, &(0x7f0000000300)="f43970da7cfeb6d42fd55103666c5762306aa6000000006e59b65f92b10000c571b846e84785185abde7d01894a79025a799ce07a8bdf0c91d32be313b558a8b5a3ae6a22cd7123b"}}], 0x1c) 11:14:25 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000240)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) open(0x0, 0x14d842, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x80000001) r1 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r1, &(0x7f0000000300)=ANY=[], 0x116) sendfile(r1, r1, &(0x7f0000000240), 0x7fff) r2 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) sendfile(r2, r2, &(0x7f0000000240), 0x7fff) 11:14:25 executing program 0: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f00000000c0)='./file1\x00', 0x7aca, 0x1, &(0x7f00000002c0)=[{&(0x7f0000000180)="040005090000000066617400040409000200027400f801", 0x17}], 0x0, &(0x7f0000000100)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') r0 = open(&(0x7f00000000c0)='./file0\x00', 0x40c2, 0x0) write(r0, &(0x7f0000001400)="bb8f9f640903127a53527c6fbfe65d43b0e0586f2d40c7e7df58cac83420e83662d6e39bb6d5430622431454eedeeaee423d8f210bc3525fa7927c18d5fbc91ab13c2041136047d8da9375934d00f325499bfe77", 0x54) write$P9_RSTAT(r0, &(0x7f0000000240)={0x54, 0x7d, 0x0, {0x0, 0x4d, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0, 0x0, '', 0x6, 'msdos\x00', 0xa, '/dev/vcsu\x00', 0xa, '\\j}/*/|,\x13('}}, 0x54) open(&(0x7f0000000080)='./file0\x00', 0x20000, 0x3a1) 11:14:25 executing program 5: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f00000000c0)='./file1\x00', 0x7aca, 0x1, &(0x7f00000002c0)=[{&(0x7f0000000180)="040005090000000066617400040409000200027400f801", 0x17}], 0x0, &(0x7f0000000080)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') r0 = open(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) write(r0, &(0x7f0000001400)="bb", 0x1001) r1 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r1, &(0x7f0000000300)=ANY=[], 0x116) sendfile(r1, r1, &(0x7f0000000240), 0x7fff) creat(&(0x7f0000000100)='./file1\x00', 0x1a2) sendfile(r1, r0, &(0x7f0000000080), 0x684aa014) write$binfmt_script(r0, 0x0, 0x60) ioctl$FS_IOC_GETFSMAP(0xffffffffffffffff, 0xc0c0583b, &(0x7f0000000300)=ANY=[@ANYBLOB="000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000300000001000000ff00000000000000d71f1e0500000000080000000000000039000000000000000000000000000000000000000000000000000000000000009e0f0000c70000000800000000000000000000000000000000000000000000000200"/320]) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) gettid() wait4(0x0, 0x0, 0x4000000a, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000002c0)="0f34", 0x2}], 0x1, 0x0) 11:14:25 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000240)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400", 0xc}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') write$binfmt_script(0xffffffffffffffff, 0x0, 0x8800000) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0) ioctl$SG_IO(r1, 0x2285, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8914, 0x0) r2 = open(&(0x7f00000001c0)='./file0\x00', 0x4e141, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r2, r3, 0x0, 0x401ffc000) 11:14:25 executing program 2 (fault-call:5 fault-nth:85): getpid() syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = open(&(0x7f00000001c0)='./file0\x00', 0x4e141, 0x0) r1 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x401ffc000) [ 395.757712][T29252] loop4: detected capacity change from 0 to 262160 [ 395.765159][T29251] loop0: detected capacity change from 0 to 61 [ 395.771051][T29252] FAT-fs (loop4): bogus number of reserved sectors [ 395.777858][T29252] FAT-fs (loop4): Can't find a valid FAT filesystem [ 395.810448][T29253] FAULT_INJECTION: forcing a failure. [ 395.810448][T29253] name failslab, interval 1, probability 0, space 0, times 0 [ 395.823181][T29253] CPU: 1 PID: 29253 Comm: syz-executor.2 Not tainted 5.15.0-rc1-syzkaller #0 [ 395.831943][T29253] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 395.833988][T29251] attempt to access beyond end of device [ 395.833988][T29251] loop0: rw=2049, want=64, limit=61 [ 395.841995][T29253] Call Trace: [ 395.842006][T29253] dump_stack_lvl+0xd6/0x122 11:14:26 executing program 0: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f00000000c0)='./file1\x00', 0x7aca, 0x1, &(0x7f00000002c0)=[{&(0x7f0000000180)="040005090000000066617400040409000200027400f801", 0x17}], 0x0, &(0x7f0000000100)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') r0 = open(&(0x7f00000000c0)='./file1\x00', 0x20e1c2, 0x0) write(r0, &(0x7f0000000100)="bb8fbf640903127a53527c6fbfe65d43b0e0586f2d40c7e7df01cac83420e89106e96e396ebccd0622431454eedeeaee423d8f210bc3525fa7927c18d5fbc90700000000000000d8da9375934d00f4f325499bfe7766212a", 0x58) write$P9_RSTAT(r0, &(0x7f0000000240)=ANY=[@ANYBLOB="540000007d000000004d00000000000000000000000000000000000000000000000000000000000000df0000000000000000000006006d73646f73000a002f6465762f76637375000a005c6a7d2f2a2f7c2c1328"], 0x54) mount(&(0x7f0000000080)=@filename='./file1\x00', &(0x7f00000001c0)='./file1\x00', &(0x7f0000000200)='affs\x00', 0x10, &(0x7f0000000300)='\x00') [ 395.842031][T29253] dump_stack+0x11/0x1b [ 395.864705][T29253] should_fail+0x23c/0x250 [ 395.869133][T29253] ? kmalloc_array+0x2d/0x40 [ 395.873826][T29253] __should_failslab+0x81/0x90 [ 395.878970][T29253] should_failslab+0x5/0x20 [ 395.883674][T29253] __kmalloc+0x6f/0x350 [ 395.887851][T29253] kmalloc_array+0x2d/0x40 [ 395.892280][T29253] iter_file_splice_write+0xd5/0x790 [ 395.897760][T29253] ? atime_needs_update+0x2ba/0x390 [ 395.902959][T29253] ? touch_atime+0xe0/0x250 [ 395.907642][T29253] ? generic_file_splice_read+0x2ac/0x340 [ 395.913616][T29253] ? splice_from_pipe+0xd0/0xd0 [ 395.918720][T29253] direct_splice_actor+0x80/0xa0 [ 395.923980][T29253] splice_direct_to_actor+0x345/0x650 [ 395.929964][T29253] ? do_splice_direct+0x190/0x190 [ 395.934981][T29253] do_splice_direct+0x106/0x190 [ 395.939922][T29253] do_sendfile+0x63e/0xbb0 [ 395.944410][T29253] __x64_sys_sendfile64+0x102/0x140 [ 395.949782][T29253] do_syscall_64+0x44/0xa0 [ 395.954309][T29253] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 395.960474][T29253] RIP: 0033:0x7fca7d004739 [ 395.964910][T29253] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 395.984569][T29253] RSP: 002b:00007fca7ad7c188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 395.993055][T29253] RAX: ffffffffffffffda RBX: 00007fca7d108f80 RCX: 00007fca7d004739 [ 396.001174][T29253] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000003 [ 396.009305][T29253] RBP: 00007fca7ad7c1d0 R08: 0000000000000000 R09: 0000000000000000 [ 396.017466][T29253] R10: 0000000401ffc000 R11: 0000000000000246 R12: 0000000000000002 [ 396.025469][T29253] R13: 00007ffff87c0eff R14: 00007fca7ad7c300 R15: 0000000000022000 [ 396.034732][T29263] ================================================================== [ 396.042938][T29263] BUG: KCSAN: data-race in ext4_sync_file / writeback_single_inode [ 396.050820][T29263] [ 396.053130][T29263] write to 0xffff8881310931f0 of 8 bytes by task 29270 on cpu 0: 11:14:26 executing program 2 (fault-call:5 fault-nth:86): getpid() syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = open(&(0x7f00000001c0)='./file0\x00', 0x4e141, 0x0) r1 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x401ffc000) [ 396.060877][T29263] writeback_single_inode+0x148/0x3e0 [ 396.066258][T29263] sync_inode_metadata+0x57/0x80 [ 396.071209][T29263] ext4_sync_file+0x359/0x670 [ 396.075884][T29263] vfs_fsync_range+0x107/0x120 [ 396.080633][T29263] ext4_buffered_write_iter+0x3af/0x400 [ 396.086163][T29263] ext4_file_write_iter+0x2f4/0x11f0 [ 396.091427][T29263] do_iter_readv_writev+0x2de/0x380 [ 396.096624][T29263] do_iter_write+0x192/0x5c0 [ 396.101234][T29263] vfs_iter_write+0x4c/0x70 [ 396.106037][T29263] iter_file_splice_write+0x43a/0x790 [ 396.111419][T29263] direct_splice_actor+0x80/0xa0 [ 396.116450][T29263] splice_direct_to_actor+0x345/0x650 [ 396.122005][T29263] do_splice_direct+0x106/0x190 [ 396.126872][T29263] do_sendfile+0x63e/0xbb0 [ 396.131740][T29263] __x64_sys_sendfile64+0xb9/0x140 [ 396.136858][T29263] do_syscall_64+0x44/0xa0 [ 396.141280][T29263] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 396.147690][T29263] [ 396.150010][T29263] read to 0xffff8881310931f0 of 8 bytes by task 29263 on cpu 1: [ 396.157616][T29263] ext4_sync_file+0x294/0x670 [ 396.162275][T29263] vfs_fsync_range+0x107/0x120 [ 396.167029][T29263] ext4_buffered_write_iter+0x3af/0x400 [ 396.172558][T29263] ext4_file_write_iter+0x2f4/0x11f0 [ 396.177833][T29263] do_iter_readv_writev+0x2de/0x380 [ 396.183059][T29263] do_iter_write+0x192/0x5c0 [ 396.187654][T29263] vfs_iter_write+0x4c/0x70 [ 396.192175][T29263] iter_file_splice_write+0x43a/0x790 [ 396.197537][T29263] direct_splice_actor+0x80/0xa0 [ 396.202757][T29263] splice_direct_to_actor+0x345/0x650 [ 396.208115][T29263] do_splice_direct+0x106/0x190 [ 396.212949][T29263] do_sendfile+0x63e/0xbb0 [ 396.217547][T29263] __x64_sys_sendfile64+0xb9/0x140 [ 396.222835][T29263] do_syscall_64+0x44/0xa0 [ 396.227386][T29263] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 396.233729][T29263] [ 396.236043][T29263] value changed: 0x0000000000000007 -> 0x0000000000000080 [ 396.243221][T29263] [ 396.245544][T29263] Reported by Kernel Concurrency Sanitizer on: [ 396.251686][T29263] CPU: 1 PID: 29263 Comm: syz-executor.1 Not tainted 5.15.0-rc1-syzkaller #0 [ 396.260534][T29263] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 396.270575][T29263] ================================================================== 11:14:26 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000240)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400", 0xc}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') write$binfmt_script(0xffffffffffffffff, 0x0, 0x8800000) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0) ioctl$SG_IO(r1, 0x2285, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8914, 0x0) r2 = open(&(0x7f00000001c0)='./file0\x00', 0x4e141, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r2, r3, 0x0, 0x401ffc000) [ 396.317230][T29278] FAULT_INJECTION: forcing a failure. [ 396.317230][T29278] name failslab, interval 1, probability 0, space 0, times 0 [ 396.329965][T29278] CPU: 1 PID: 29278 Comm: syz-executor.2 Not tainted 5.15.0-rc1-syzkaller #0 [ 396.338903][T29278] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 396.348988][T29278] Call Trace: [ 396.352271][T29278] dump_stack_lvl+0xd6/0x122 [ 396.356891][T29278] dump_stack+0x11/0x1b [ 396.361079][T29278] should_fail+0x23c/0x250 [ 396.365571][T29278] ? mempool_alloc_slab+0x16/0x20 [ 396.370577][T29278] __should_failslab+0x81/0x90 [ 396.373960][T29288] loop4: detected capacity change from 0 to 262160 [ 396.375343][T29278] should_failslab+0x5/0x20 [ 396.375370][T29278] kmem_cache_alloc+0x4f/0x300 [ 396.383761][T29288] FAT-fs (loop4): bogus number of reserved sectors [ 396.386511][T29278] mempool_alloc_slab+0x16/0x20 [ 396.386536][T29278] ? mempool_free+0x130/0x130 [ 396.391319][T29288] FAT-fs (loop4): Can't find a valid FAT filesystem [ 396.397765][T29278] mempool_alloc+0x9d/0x310 [ 396.418529][T29278] bio_alloc_bioset+0xcc/0x530 [ 396.423285][T29278] ? iov_iter_alignment+0x34b/0x370 [ 396.428493][T29278] iomap_dio_bio_iter+0x5e1/0xc00 [ 396.433852][T29278] __iomap_dio_rw+0x8d8/0x1010 [ 396.438633][T29278] iomap_dio_rw+0x30/0x70 [ 396.443068][T29278] ? ext4_file_write_iter+0x4a1/0x11f0 [ 396.448646][T29278] ext4_file_write_iter+0xabe/0x11f0 [ 396.454106][T29278] ? ext4_file_write_iter+0x4a1/0x11f0 [ 396.455678][T29292] loop0: detected capacity change from 0 to 61 [ 396.459641][T29278] do_iter_readv_writev+0x2de/0x380 [ 396.459676][T29278] do_iter_write+0x192/0x5c0 [ 396.459745][T29278] ? splice_from_pipe_next+0x34f/0x3b0 [ 396.481146][T29278] ? kmalloc_array+0x2d/0x40 [ 396.485738][T29278] vfs_iter_write+0x4c/0x70 [ 396.490255][T29278] iter_file_splice_write+0x43a/0x790 [ 396.495615][T29278] ? splice_from_pipe+0xd0/0xd0 [ 396.500450][T29278] direct_splice_actor+0x80/0xa0 [ 396.505380][T29278] splice_direct_to_actor+0x345/0x650 [ 396.510821][T29278] ? do_splice_direct+0x190/0x190 [ 396.515842][T29278] do_splice_direct+0x106/0x190 [ 396.520688][T29278] do_sendfile+0x63e/0xbb0 [ 396.525173][T29278] __x64_sys_sendfile64+0x102/0x140 [ 396.530379][T29278] do_syscall_64+0x44/0xa0 [ 396.534805][T29278] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 396.540694][T29278] RIP: 0033:0x7fca7d004739 [ 396.545125][T29278] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 11:14:26 executing program 5: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f00000000c0)='./file1\x00', 0x7aca, 0x1, &(0x7f00000002c0)=[{&(0x7f0000000180)="040005090000000066617400040409000200027400f801", 0x17}], 0x0, &(0x7f0000000080)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') r0 = open(&(0x7f00000000c0)='./file0\x00', 0x40c2, 0x0) write(0xffffffffffffffff, &(0x7f0000001400)="bb", 0x1001) r1 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r1, &(0x7f0000000300)=ANY=[], 0x116) sendfile(r1, r1, &(0x7f0000000240), 0x7fff) creat(&(0x7f0000000100)='./file1\x00', 0x1a2) sendfile(r1, r0, &(0x7f0000000080), 0x684aa014) write$binfmt_script(r0, 0x0, 0x60) ioctl$FS_IOC_GETFSMAP(0xffffffffffffffff, 0xc0c0583b, &(0x7f0000000300)=ANY=[@ANYBLOB="000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000300000001000000ff00000000000000d71f1e0500000000080000000000000039000000000000000000000000000000000000000000000000000000000000009e0f0000c70000000800000000000000000000000000000000000000000000000200"/320]) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) gettid() wait4(0x0, 0x0, 0x4000000a, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000002c0)="0f34", 0x2}], 0x1, 0x0) 11:14:26 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000240)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) open(0x0, 0x14d842, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x80000001) r1 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r1, &(0x7f0000000300)=ANY=[], 0x116) sendfile(r1, r1, &(0x7f0000000240), 0x7fff) r2 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) sendfile(r2, r2, &(0x7f0000000240), 0x7fff) [ 396.564737][T29278] RSP: 002b:00007fca7ad7c188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 396.573138][T29278] RAX: ffffffffffffffda RBX: 00007fca7d108f80 RCX: 00007fca7d004739 [ 396.581211][T29278] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000003 [ 396.589280][T29278] RBP: 00007fca7ad7c1d0 R08: 0000000000000000 R09: 0000000000000000 [ 396.597305][T29278] R10: 0000000401ffc000 R11: 0000000000000246 R12: 0000000000000002 [ 396.605266][T29278] R13: 00007ffff87c0eff R14: 00007fca7ad7c300 R15: 0000000000022000 11:14:26 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000240)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240", 0x12}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') write$binfmt_script(0xffffffffffffffff, 0x0, 0x8800000) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0) ioctl$SG_IO(r1, 0x2285, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8914, 0x0) r2 = open(&(0x7f00000001c0)='./file0\x00', 0x4e141, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r2, r3, 0x0, 0x401ffc000) [ 396.685180][T29308] loop4: detected capacity change from 0 to 262160 [ 396.698863][T29308] FAT-fs (loop4): invalid media value (0x00) [ 396.704912][T29308] FAT-fs (loop4): Can't find a valid FAT filesystem 11:14:28 executing program 2 (fault-call:5 fault-nth:87): getpid() syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = open(&(0x7f00000001c0)='./file0\x00', 0x4e141, 0x0) r1 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x401ffc000) 11:14:28 executing program 0: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f00000000c0)='./file1\x00', 0x7aca, 0x1, &(0x7f00000002c0)=[{&(0x7f0000000180)="040005090000000066617400040409000200027400f801", 0x17}], 0x0, &(0x7f0000000100)=ANY=[]) chdir(&(0x7f0000000080)='./file0\x00') mount(&(0x7f0000000000)=@md0, &(0x7f00000001c0)='./file2\x00', &(0x7f0000000200)='nfs4\x00', 0x200019, &(0x7f0000000240)='msdos\x00') r0 = open(&(0x7f00000000c0)='./file0\x00', 0x40c2, 0x0) write(r0, &(0x7f0000001400)="bb8f9f640903127a53527c6fbfe65d43b0e0586f2d40c7e7df58cac83420e83662d6e39bb6d5430622431454eedeeaee423d8f210bc3525fa7927c18d5fbc91ab13c2041136047d8da9375934d00f325499bfe77", 0x54) write$P9_RSTAT(r0, &(0x7f0000000100)=ANY=[@ANYBLOB="5a00f7ff7c000000005300000000000000010000000000000000000040000000000000000000000000000000000000000000000006006d73646f730010000f008b59d2d724d9a57d000000c194274ed186feec2f2a2f7c2c1328"], 0x5a) mount(&(0x7f0000000280)=@loop={'/dev/loop', 0x0}, &(0x7f0000000300)='./file2\x00', &(0x7f0000000340)='efs\x00', 0x80041, &(0x7f0000000380)='%]]%-}).\x00') 11:14:28 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000240)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240", 0x12}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') write$binfmt_script(0xffffffffffffffff, 0x0, 0x8800000) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0) ioctl$SG_IO(r1, 0x2285, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8914, 0x0) r2 = open(&(0x7f00000001c0)='./file0\x00', 0x4e141, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r2, r3, 0x0, 0x401ffc000) 11:14:28 executing program 5: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f00000000c0)='./file1\x00', 0x7aca, 0x1, &(0x7f00000002c0)=[{&(0x7f0000000180)="040005090000000066617400040409000200027400f801", 0x17}], 0x0, &(0x7f0000000080)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') r0 = open(&(0x7f00000000c0)='./file0\x00', 0x40c2, 0x0) write(0xffffffffffffffff, &(0x7f0000001400)="bb", 0x1001) r1 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r1, &(0x7f0000000300)=ANY=[], 0x116) sendfile(r1, r1, &(0x7f0000000240), 0x7fff) creat(&(0x7f0000000100)='./file1\x00', 0x1a2) sendfile(r1, r0, &(0x7f0000000080), 0x684aa014) write$binfmt_script(r0, 0x0, 0x60) ioctl$FS_IOC_GETFSMAP(0xffffffffffffffff, 0xc0c0583b, &(0x7f0000000300)=ANY=[@ANYBLOB="000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000300000001000000ff00000000000000d71f1e0500000000080000000000000039000000000000000000000000000000000000000000000000000000000000009e0f0000c70000000800000000000000000000000000000000000000000000000200"/320]) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) gettid() wait4(0x0, 0x0, 0x4000000a, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000002c0)="0f34", 0x2}], 0x1, 0x0) 11:14:28 executing program 3: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f00000000c0)='./file1\x00', 0x7aca, 0x1, &(0x7f00000002c0)=[{&(0x7f0000000180)="040005090000000066617400", 0xc}], 0x0, &(0x7f0000000080)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') r0 = open(&(0x7f00000000c0)='./file0\x00', 0x40c2, 0x0) write(r0, &(0x7f0000001400)="bb", 0x1001) r1 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r1, &(0x7f0000000300)=ANY=[], 0x116) sendfile(r1, r1, &(0x7f0000000240), 0x7fff) creat(&(0x7f0000000100)='./file1\x00', 0x1a2) sendfile(r1, r0, &(0x7f0000000080), 0x684aa014) write$binfmt_script(r0, 0x0, 0x60) ioctl$FS_IOC_GETFSMAP(0xffffffffffffffff, 0xc0c0583b, &(0x7f0000000300)=ANY=[@ANYBLOB="000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000300000001000000ff00000000000000d71f1e0500000000080000000000000039000000000000000000000000000000000000000000000000000000000000009e0f0000c70000000800000000000000000000000000000000000000000000000200"/320]) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() wait4(0x0, 0x0, 0x4000000a, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000002c0)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r2, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0, 0x34}, {&(0x7f0000000000)=""/3, 0x3}], 0x3, 0x0, 0x0, 0x0) tkill(r2, 0x3c) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x48, &(0x7f0000000300)="f43970da7cfeb6d42fd55103666c5762306aa6000000006e59b65f92b10000c571b846e84785185abde7d01894a79025a799ce07a8bdf0c91d32be313b558a8b5a3ae6a22cd7123b"}}], 0x1c) 11:14:28 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000240)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) open(0x0, 0x14d842, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x80000001) r1 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r1, &(0x7f0000000300)=ANY=[], 0x116) sendfile(r1, r1, &(0x7f0000000240), 0x7fff) r2 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) sendfile(r2, r2, &(0x7f0000000240), 0x7fff) [ 398.795256][T29332] loop4: detected capacity change from 0 to 262160 [ 398.798746][T29338] loop0: detected capacity change from 0 to 61 [ 398.812365][T29332] FAT-fs (loop4): invalid media value (0x00) [ 398.818601][T29332] FAT-fs (loop4): Can't find a valid FAT filesystem [ 398.827102][T29333] FAULT_INJECTION: forcing a failure. [ 398.827102][T29333] name failslab, interval 1, probability 0, space 0, times 0 [ 398.839754][T29333] CPU: 1 PID: 29333 Comm: syz-executor.2 Not tainted 5.15.0-rc1-syzkaller #0 [ 398.848517][T29333] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 398.858654][T29333] Call Trace: [ 398.861935][T29333] dump_stack_lvl+0xd6/0x122 [ 398.866550][T29333] dump_stack+0x11/0x1b [ 398.870719][T29333] should_fail+0x23c/0x250 [ 398.875240][T29333] ? kcalloc+0x32/0x50 [ 398.879365][T29333] __should_failslab+0x81/0x90 [ 398.884137][T29333] should_failslab+0x5/0x20 [ 398.888686][T29333] __kmalloc+0x6f/0x350 11:14:29 executing program 0: r0 = inotify_init() r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x800003, 0x12, r1, 0x2000) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r3 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r3, &(0x7f0000000300)=ANY=[], 0x116) sendfile(r3, r3, &(0x7f0000000240), 0x7fff) inotify_add_watch(r3, &(0x7f0000000240)='./file0/file0\x00', 0x8) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r2, 0x0) preadv(r2, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r4 = openat$cgroup_ro(r2, &(0x7f0000000100)='cpu.stat\x00', 0x0, 0x0) r5 = inotify_add_watch(r0, &(0x7f0000000140)='./file0/file0\x00', 0xc4000f10) syz_mount_image$msdos(&(0x7f0000000040), &(0x7f00000000c0)='./file1\x00', 0x7aca, 0x1, &(0x7f00000002c0)=[{&(0x7f0000000180)="040005090000000066080000040409000000027400f801", 0x17}], 0x0, &(0x7f0000000080)=ANY=[@ANYRES64, @ANYRESHEX=r5]) getpeername$inet(r4, &(0x7f0000000300)={0x2, 0x0, @empty}, &(0x7f0000000340)=0x10) rename(&(0x7f00000001c0)='./file0/file0\x00', &(0x7f0000000200)='./file0/file1\x00') chdir(&(0x7f0000000000)='./file1\x00') r6 = open(&(0x7f00000000c0)='./file0\x00', 0x40c2, 0x0) write(r6, &(0x7f0000001400)="bb8f9f640903127a53527c6fbfe65d43b0e0586f2d40c7e7df58cac83420e83662d6e39bb6d5430622431454eedeeaee423d8f210bc3525fa7927c18d5fbc91ab13c2041136047d8da9375934d00f325499bfe77", 0x54) write$P9_RSTAT(r6, &(0x7f0000000380)={0xbd, 0x7d, 0x0, {0x0, 0xb6, 0x0, 0x0, {0x0, 0x0, 0x3}, 0x0, 0x0, 0x3, 0x0, 0x69, '\xa1\xdb\xc0\xc9\xa1W\x8fR]\xd7\x8a\'\xff\xdc:J4lB\xcf\x8b\xc4\x95<\"\xa40-\xb1N\xfa:\xba\xe4[t\xdb\xb8\\\x92\xf7\xf0\xaa\xd2\xd5\xd3,\x89r\x06\x16\x0eU\xe9\t\n\x1e\x0f\x1dF\xd7\xae\xe4\xe7\xa0\x00\xae\xc7[[\xae\b\xe3\xeb\xb9\\\xb2\xe7\xac\x88\xc3\x83\x02\xe7\xf9\x86+\x8e\x9cn\x9b2\x87b\x18\xbbc\xa2\x9bcVO\x94\xc8l', 0x6, 'msdos\x00', 0xa, '/dev/vcsu\x00', 0xa, '\\j}/*/|,\x13('}}, 0xbd) [ 398.892854][T29333] kcalloc+0x32/0x50 [ 398.896769][T29333] ext4_find_extent+0x21c/0x7f0 [ 398.901684][T29333] ext4_ext_map_blocks+0x115/0x1ff0 [ 398.906997][T29333] ? ext4_es_lookup_extent+0x36b/0x490 [ 398.912479][T29333] ext4_map_blocks+0x71e/0xf00 [ 398.917304][T29333] ext4_iomap_begin+0x4b0/0x630 [ 398.922527][T29333] ? ext4_alloc_da_blocks+0xd0/0xd0 [ 398.927789][T29333] iomap_iter+0x39c/0x470 [ 398.932141][T29333] __iomap_dio_rw+0x698/0x1010 [ 398.936936][T29333] iomap_dio_rw+0x30/0x70 [ 398.941301][T29333] ? ext4_file_write_iter+0x4a1/0x11f0 [ 398.946894][T29333] ext4_file_write_iter+0xabe/0x11f0 [ 398.952182][T29333] ? ext4_file_write_iter+0x4a1/0x11f0 [ 398.957682][T29333] do_iter_readv_writev+0x2de/0x380 [ 398.962907][T29333] do_iter_write+0x192/0x5c0 [ 398.967487][T29333] ? splice_from_pipe_next+0x34f/0x3b0 [ 398.972976][T29333] ? kmalloc_array+0x2d/0x40 [ 398.977570][T29333] vfs_iter_write+0x4c/0x70 [ 398.982086][T29333] iter_file_splice_write+0x43a/0x790 [ 398.987456][T29333] ? splice_from_pipe+0xd0/0xd0 [ 398.992561][T29333] direct_splice_actor+0x80/0xa0 [ 398.997480][T29333] splice_direct_to_actor+0x345/0x650 [ 399.002833][T29333] ? do_splice_direct+0x190/0x190 [ 399.007853][T29333] do_splice_direct+0x106/0x190 [ 399.012718][T29333] do_sendfile+0x63e/0xbb0 [ 399.017168][T29333] __x64_sys_sendfile64+0x102/0x140 [ 399.022374][T29333] do_syscall_64+0x44/0xa0 [ 399.026825][T29333] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 399.032774][T29333] RIP: 0033:0x7fca7d004739 [ 399.037180][T29333] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 399.056917][T29333] RSP: 002b:00007fca7ad7c188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 399.065341][T29333] RAX: ffffffffffffffda RBX: 00007fca7d108f80 RCX: 00007fca7d004739 [ 399.073306][T29333] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000003 [ 399.081351][T29333] RBP: 00007fca7ad7c1d0 R08: 0000000000000000 R09: 0000000000000000 11:14:29 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000240)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = open(0x0, 0x14d842, 0x0) sendfile(r1, 0xffffffffffffffff, 0x0, 0x0) r2 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r2, &(0x7f0000000300)=ANY=[], 0x116) sendfile(r2, r2, &(0x7f0000000240), 0x7fff) r3 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) sendfile(r3, r3, &(0x7f0000000240), 0x7fff) 11:14:29 executing program 5: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f00000000c0)='./file1\x00', 0x7aca, 0x1, &(0x7f00000002c0)=[{&(0x7f0000000180)="040005090000000066617400040409000200027400f801", 0x17}], 0x0, &(0x7f0000000080)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') r0 = open(&(0x7f00000000c0)='./file0\x00', 0x40c2, 0x0) write(0xffffffffffffffff, &(0x7f0000001400)="bb", 0x1001) r1 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r1, &(0x7f0000000300)=ANY=[], 0x116) sendfile(r1, r1, &(0x7f0000000240), 0x7fff) creat(&(0x7f0000000100)='./file1\x00', 0x1a2) sendfile(r1, r0, &(0x7f0000000080), 0x684aa014) write$binfmt_script(r0, 0x0, 0x60) ioctl$FS_IOC_GETFSMAP(0xffffffffffffffff, 0xc0c0583b, &(0x7f0000000300)=ANY=[@ANYBLOB="000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000300000001000000ff00000000000000d71f1e0500000000080000000000000039000000000000000000000000000000000000000000000000000000000000009e0f0000c70000000800000000000000000000000000000000000000000000000200"/320]) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) gettid() wait4(0x0, 0x0, 0x4000000a, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000002c0)="0f34", 0x2}], 0x1, 0x0) 11:14:29 executing program 2 (fault-call:5 fault-nth:88): getpid() syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = open(&(0x7f00000001c0)='./file0\x00', 0x4e141, 0x0) r1 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x401ffc000) [ 399.089317][T29333] R10: 0000000401ffc000 R11: 0000000000000246 R12: 0000000000000002 [ 399.097373][T29333] R13: 00007ffff87c0eff R14: 00007fca7ad7c300 R15: 0000000000022000 11:14:29 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000240)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240", 0x12}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') write$binfmt_script(0xffffffffffffffff, 0x0, 0x8800000) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0) ioctl$SG_IO(r1, 0x2285, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8914, 0x0) r2 = open(&(0x7f00000001c0)='./file0\x00', 0x4e141, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r2, r3, 0x0, 0x401ffc000) [ 399.201623][T29380] loop4: detected capacity change from 0 to 262160 [ 399.211630][T29380] FAT-fs (loop4): invalid media value (0x00) [ 399.217741][T29380] FAT-fs (loop4): Can't find a valid FAT filesystem [ 399.218198][T29377] FAULT_INJECTION: forcing a failure. [ 399.218198][T29377] name failslab, interval 1, probability 0, space 0, times 0 [ 399.237008][T29377] CPU: 1 PID: 29377 Comm: syz-executor.2 Not tainted 5.15.0-rc1-syzkaller #0 [ 399.245799][T29377] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 399.255952][T29377] Call Trace: [ 399.259223][T29377] dump_stack_lvl+0xd6/0x122 [ 399.263878][T29377] dump_stack+0x11/0x1b [ 399.268024][T29377] should_fail+0x23c/0x250 [ 399.272434][T29377] ? ext4_mb_new_blocks+0x317/0x1fc0 [ 399.277720][T29377] __should_failslab+0x81/0x90 [ 399.282502][T29377] should_failslab+0x5/0x20 [ 399.287065][T29377] kmem_cache_alloc+0x4f/0x300 [ 399.291860][T29377] ext4_mb_new_blocks+0x317/0x1fc0 [ 399.297030][T29377] ? ext4_find_extent+0x7b2/0x7f0 [ 399.302048][T29377] ? ext4_ext_search_right+0x246/0x540 [ 399.307491][T29377] ext4_ext_map_blocks+0x15ed/0x1ff0 [ 399.312812][T29377] ? ext4_es_lookup_extent+0x36b/0x490 [ 399.318281][T29377] ext4_map_blocks+0x71e/0xf00 [ 399.323255][T29377] ext4_iomap_begin+0x4b0/0x630 [ 399.328223][T29377] ? ext4_alloc_da_blocks+0xd0/0xd0 [ 399.333457][T29377] iomap_iter+0x39c/0x470 [ 399.337888][T29377] __iomap_dio_rw+0x698/0x1010 [ 399.342686][T29377] iomap_dio_rw+0x30/0x70 [ 399.347006][T29377] ? ext4_file_write_iter+0x4a1/0x11f0 [ 399.352456][T29377] ext4_file_write_iter+0xabe/0x11f0 [ 399.357737][T29377] ? ext4_file_write_iter+0x4a1/0x11f0 [ 399.363200][T29377] do_iter_readv_writev+0x2de/0x380 [ 399.368453][T29377] do_iter_write+0x192/0x5c0 [ 399.373041][T29377] ? splice_from_pipe_next+0x34f/0x3b0 [ 399.379194][T29377] ? kmalloc_array+0x2d/0x40 [ 399.383772][T29377] vfs_iter_write+0x4c/0x70 [ 399.388265][T29377] iter_file_splice_write+0x43a/0x790 [ 399.393629][T29377] ? splice_from_pipe+0xd0/0xd0 [ 399.398535][T29377] direct_splice_actor+0x80/0xa0 [ 399.403460][T29377] splice_direct_to_actor+0x345/0x650 [ 399.408875][T29377] ? do_splice_direct+0x190/0x190 [ 399.413901][T29377] do_splice_direct+0x106/0x190 [ 399.418751][T29377] do_sendfile+0x63e/0xbb0 [ 399.423210][T29377] __x64_sys_sendfile64+0x102/0x140 [ 399.428449][T29377] do_syscall_64+0x44/0xa0 [ 399.432861][T29377] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 399.438763][T29377] RIP: 0033:0x7fca7d004739 [ 399.443167][T29377] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 399.462875][T29377] RSP: 002b:00007fca7ad7c188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 399.471277][T29377] RAX: ffffffffffffffda RBX: 00007fca7d108f80 RCX: 00007fca7d004739 [ 399.479238][T29377] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000003 [ 399.487195][T29377] RBP: 00007fca7ad7c1d0 R08: 0000000000000000 R09: 0000000000000000 [ 399.495175][T29377] R10: 0000000401ffc000 R11: 0000000000000246 R12: 0000000000000002 11:14:29 executing program 2 (fault-call:5 fault-nth:89): getpid() syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = open(&(0x7f00000001c0)='./file0\x00', 0x4e141, 0x0) r1 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x401ffc000) [ 399.503162][T29377] R13: 00007ffff87c0eff R14: 00007fca7ad7c300 R15: 0000000000022000 [ 399.536069][T29385] loop0: detected capacity change from 0 to 61 11:14:29 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000240)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080", 0x15}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') write$binfmt_script(0xffffffffffffffff, 0x0, 0x8800000) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0) ioctl$SG_IO(r1, 0x2285, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8914, 0x0) r2 = open(&(0x7f00000001c0)='./file0\x00', 0x4e141, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r2, r3, 0x0, 0x401ffc000) [ 399.558942][T29385] FAT-fs (loop0): Unrecognized mount option "ÿÿÿÿÿÿÿÿ0xffffffffffffffff" or missing value [ 399.593875][T29394] loop4: detected capacity change from 0 to 262160 [ 399.605681][T29392] FAULT_INJECTION: forcing a failure. [ 399.605681][T29392] name failslab, interval 1, probability 0, space 0, times 0 [ 399.618454][T29392] CPU: 0 PID: 29392 Comm: syz-executor.2 Not tainted 5.15.0-rc1-syzkaller #0 [ 399.627390][T29392] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 399.637770][T29392] Call Trace: [ 399.641039][T29392] dump_stack_lvl+0xd6/0x122 [ 399.645751][T29392] dump_stack+0x11/0x1b [ 399.649939][T29392] should_fail+0x23c/0x250 [ 399.654596][T29392] ? kcalloc+0x32/0x50 [ 399.658693][T29392] __should_failslab+0x81/0x90 [ 399.663580][T29392] should_failslab+0x5/0x20 [ 399.668079][T29392] __kmalloc+0x6f/0x350 [ 399.672230][T29392] kcalloc+0x32/0x50 [ 399.676231][T29392] ext4_find_extent+0x21c/0x7f0 [ 399.681166][T29392] ext4_ext_map_blocks+0x115/0x1ff0 [ 399.686542][T29392] ? ext4_es_lookup_extent+0x36b/0x490 [ 399.692191][T29392] ext4_map_blocks+0x71e/0xf00 [ 399.696990][T29392] ext4_iomap_begin+0x4b0/0x630 [ 399.701924][T29392] ? ext4_alloc_da_blocks+0xd0/0xd0 [ 399.707218][T29392] iomap_iter+0x39c/0x470 [ 399.711701][T29392] __iomap_dio_rw+0x698/0x1010 [ 399.716615][T29392] iomap_dio_rw+0x30/0x70 [ 399.720961][T29392] ? ext4_file_write_iter+0x4a1/0x11f0 [ 399.726580][T29392] ext4_file_write_iter+0xabe/0x11f0 [ 399.731996][T29392] ? ext4_file_write_iter+0x4a1/0x11f0 [ 399.737516][T29392] do_iter_readv_writev+0x2de/0x380 [ 399.742805][T29392] do_iter_write+0x192/0x5c0 [ 399.747497][T29392] ? splice_from_pipe_next+0x34f/0x3b0 [ 399.752979][T29392] ? kmalloc_array+0x2d/0x40 [ 399.757712][T29392] vfs_iter_write+0x4c/0x70 [ 399.762252][T29392] iter_file_splice_write+0x43a/0x790 [ 399.767632][T29392] ? splice_from_pipe+0xd0/0xd0 [ 399.772488][T29392] direct_splice_actor+0x80/0xa0 [ 399.777841][T29392] splice_direct_to_actor+0x345/0x650 [ 399.783576][T29392] ? do_splice_direct+0x190/0x190 [ 399.788624][T29392] do_splice_direct+0x106/0x190 [ 399.793496][T29392] do_sendfile+0x63e/0xbb0 [ 399.797932][T29392] __x64_sys_sendfile64+0x102/0x140 [ 399.803174][T29392] do_syscall_64+0x44/0xa0 [ 399.804378][T29375] loop0: detected capacity change from 0 to 61 [ 399.807671][T29392] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 399.819837][T29392] RIP: 0033:0x7fca7d004739 [ 399.824256][T29392] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 399.843963][T29392] RSP: 002b:00007fca7ad7c188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 399.852374][T29392] RAX: ffffffffffffffda RBX: 00007fca7d108f80 RCX: 00007fca7d004739 11:14:29 executing program 5: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f00000000c0)='./file1\x00', 0x7aca, 0x1, &(0x7f00000002c0)=[{&(0x7f0000000180)="040005090000000066617400040409000200027400f801", 0x17}], 0x0, &(0x7f0000000080)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') r0 = open(&(0x7f00000000c0)='./file0\x00', 0x40c2, 0x0) write(r0, 0x0, 0x0) r1 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r1, &(0x7f0000000300)=ANY=[], 0x116) sendfile(r1, r1, &(0x7f0000000240), 0x7fff) creat(&(0x7f0000000100)='./file1\x00', 0x1a2) sendfile(r1, r0, &(0x7f0000000080), 0x684aa014) write$binfmt_script(r0, 0x0, 0x60) ioctl$FS_IOC_GETFSMAP(0xffffffffffffffff, 0xc0c0583b, &(0x7f0000000300)=ANY=[@ANYBLOB="000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000300000001000000ff00000000000000d71f1e0500000000080000000000000039000000000000000000000000000000000000000000000000000000000000009e0f0000c70000000800000000000000000000000000000000000000000000000200"/320]) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) gettid() wait4(0x0, 0x0, 0x4000000a, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000002c0)="0f34", 0x2}], 0x1, 0x0) 11:14:30 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000240)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = open(0x0, 0x14d842, 0x0) sendfile(r1, 0xffffffffffffffff, 0x0, 0x0) r2 = open(0x0, 0x141042, 0x0) write$P9_RREADLINK(r2, &(0x7f0000000300)=ANY=[], 0x116) sendfile(r2, r2, &(0x7f0000000240), 0x7fff) r3 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) sendfile(r3, r3, &(0x7f0000000240), 0x7fff) [ 399.860372][T29392] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000003 [ 399.868331][T29392] RBP: 00007fca7ad7c1d0 R08: 0000000000000000 R09: 0000000000000000 [ 399.876554][T29392] R10: 0000000401ffc000 R11: 0000000000000246 R12: 0000000000000002 [ 399.884780][T29392] R13: 00007ffff87c0eff R14: 00007fca7ad7c300 R15: 0000000000022000 11:14:30 executing program 0: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f00000000c0)='./file1\x00', 0x7aca, 0x1, &(0x7f00000002c0)=[{&(0x7f0000000180)="040005090000000066617400040409000200027400f801", 0x17}], 0x0, &(0x7f0000000100)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') r0 = open(&(0x7f00000000c0)='./file0\x00', 0x40c2, 0x0) write(r0, &(0x7f0000001400)="bb8f9f640903127a53527c6fbfe65d43b0e0586f2d40c7e7df58cac83420e83662d6e39bb6d5430622431454eedeeaee423d8f210bc3525fa7927c18d5fbc91ab13c2041136047d8da9375934d00f325499bfe77", 0x54) write$P9_RSTAT(r0, &(0x7f0000000240)={0x54, 0x7d, 0x0, {0x0, 0x4d, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0, 0x0, '', 0x6, 'msdos\x00', 0xa, '/dev/vcsu\x00', 0xa, '\\j}/*/|,\x13('}}, 0x54) open(&(0x7f0000000080)='./file1\x00', 0x200000, 0x8) [ 400.039521][T29428] loop0: detected capacity change from 0 to 61 [ 400.055938][T29428] attempt to access beyond end of device [ 400.055938][T29428] loop0: rw=2049, want=64, limit=61 11:14:31 executing program 2 (fault-call:5 fault-nth:90): getpid() syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = open(&(0x7f00000001c0)='./file0\x00', 0x4e141, 0x0) r1 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x401ffc000) 11:14:31 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000240)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080", 0x15}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') write$binfmt_script(0xffffffffffffffff, 0x0, 0x8800000) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0) ioctl$SG_IO(r1, 0x2285, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8914, 0x0) r2 = open(&(0x7f00000001c0)='./file0\x00', 0x4e141, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r2, r3, 0x0, 0x401ffc000) 11:14:31 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000240)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = open(0x0, 0x14d842, 0x0) sendfile(r1, 0xffffffffffffffff, 0x0, 0x0) r2 = open(0x0, 0x141042, 0x0) write$P9_RREADLINK(r2, &(0x7f0000000300)=ANY=[], 0x116) sendfile(r2, r2, &(0x7f0000000240), 0x7fff) r3 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) sendfile(r3, r3, &(0x7f0000000240), 0x7fff) 11:14:31 executing program 0: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f00000000c0)='./file1\x00', 0x7aca, 0x1, &(0x7f00000002c0)=[{&(0x7f0000000180)="040005090000000066617400040409000200027400f801", 0x17}], 0x0, &(0x7f0000000100)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') r0 = open(&(0x7f00000000c0)='./file0\x00', 0x40c2, 0x0) write(r0, &(0x7f0000001400)="bb8f9f640903127a53527c6fbfe65d43b0e0586f2d40c7e7df58cac83420e83662d6e39bb6d5430622431454eedeeaee423d8f210bc3525fa7927c18d5fbc91ab13c2041136047d8da9375934d00f325499bfe77", 0x54) write$P9_RSTAT(r0, &(0x7f0000000240)=ANY=[@ANYBLOB="5400009d210000005d731ec00000000000000000000000000000000000000000000000000000000000000000000000000000000006006d73646f73000a002f6465762f76637375000a005c6a7d2f2a2f7c2c1328"], 0x54) 11:14:31 executing program 3: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f00000000c0)='./file1\x00', 0x7aca, 0x1, &(0x7f00000002c0)=[{&(0x7f0000000180)="040005090000000066617400040409000200", 0x12}], 0x0, &(0x7f0000000080)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') r0 = open(&(0x7f00000000c0)='./file0\x00', 0x40c2, 0x0) write(r0, &(0x7f0000001400)="bb", 0x1001) r1 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r1, &(0x7f0000000300)=ANY=[], 0x116) sendfile(r1, r1, &(0x7f0000000240), 0x7fff) creat(&(0x7f0000000100)='./file1\x00', 0x1a2) sendfile(r1, r0, &(0x7f0000000080), 0x684aa014) write$binfmt_script(r0, 0x0, 0x60) ioctl$FS_IOC_GETFSMAP(0xffffffffffffffff, 0xc0c0583b, &(0x7f0000000300)=ANY=[@ANYBLOB="000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000300000001000000ff00000000000000d71f1e0500000000080000000000000039000000000000000000000000000000000000000000000000000000000000009e0f0000c70000000800000000000000000000000000000000000000000000000200"/320]) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() wait4(0x0, 0x0, 0x4000000a, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000002c0)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r2, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0, 0x34}, {&(0x7f0000000000)=""/3, 0x3}], 0x3, 0x0, 0x0, 0x0) tkill(r2, 0x3c) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x48, &(0x7f0000000300)="f43970da7cfeb6d42fd55103666c5762306aa6000000006e59b65f92b10000c571b846e84785185abde7d01894a79025a799ce07a8bdf0c91d32be313b558a8b5a3ae6a22cd7123b"}}], 0x1c) 11:14:31 executing program 5: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f00000000c0)='./file1\x00', 0x7aca, 0x1, &(0x7f00000002c0)=[{&(0x7f0000000180)="040005090000000066617400040409000200027400f801", 0x17}], 0x0, &(0x7f0000000080)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') r0 = open(&(0x7f00000000c0)='./file0\x00', 0x40c2, 0x0) write(r0, 0x0, 0x0) r1 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r1, &(0x7f0000000300)=ANY=[], 0x116) sendfile(r1, r1, &(0x7f0000000240), 0x7fff) creat(&(0x7f0000000100)='./file1\x00', 0x1a2) sendfile(r1, r0, &(0x7f0000000080), 0x684aa014) write$binfmt_script(r0, 0x0, 0x60) ioctl$FS_IOC_GETFSMAP(0xffffffffffffffff, 0xc0c0583b, &(0x7f0000000300)=ANY=[@ANYBLOB="000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000300000001000000ff00000000000000d71f1e0500000000080000000000000039000000000000000000000000000000000000000000000000000000000000009e0f0000c70000000800000000000000000000000000000000000000000000000200"/320]) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) gettid() wait4(0x0, 0x0, 0x4000000a, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000002c0)="0f34", 0x2}], 0x1, 0x0) [ 401.824340][T29451] loop0: detected capacity change from 0 to 61 [ 401.824771][T29448] loop4: detected capacity change from 0 to 262160 [ 401.850531][T29451] attempt to access beyond end of device [ 401.850531][T29451] loop0: rw=2049, want=64, limit=61 [ 401.862851][T29448] FAT-fs (loop4): invalid media value (0x00) [ 401.869092][T29448] FAT-fs (loop4): Can't find a valid FAT filesystem [ 401.884001][T29446] FAULT_INJECTION: forcing a failure. [ 401.884001][T29446] name failslab, interval 1, probability 0, space 0, times 0 [ 401.896663][T29446] CPU: 0 PID: 29446 Comm: syz-executor.2 Not tainted 5.15.0-rc1-syzkaller #0 [ 401.905643][T29446] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 401.915842][T29446] Call Trace: [ 401.919123][T29446] dump_stack_lvl+0xd6/0x122 11:14:32 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000240)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = open(0x0, 0x14d842, 0x0) sendfile(r1, 0xffffffffffffffff, 0x0, 0x0) r2 = open(0x0, 0x141042, 0x0) write$P9_RREADLINK(r2, &(0x7f0000000300)=ANY=[], 0x116) sendfile(r2, r2, &(0x7f0000000240), 0x7fff) r3 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) sendfile(r3, r3, &(0x7f0000000240), 0x7fff) [ 401.923725][T29446] dump_stack+0x11/0x1b [ 401.927922][T29446] should_fail+0x23c/0x250 [ 401.932351][T29446] ? mempool_alloc_slab+0x16/0x20 [ 401.937479][T29446] __should_failslab+0x81/0x90 [ 401.942355][T29446] should_failslab+0x5/0x20 [ 401.946870][T29446] kmem_cache_alloc+0x4f/0x300 [ 401.951736][T29446] mempool_alloc_slab+0x16/0x20 [ 401.956628][T29446] ? mempool_free+0x130/0x130 [ 401.961393][T29446] mempool_alloc+0x9d/0x310 [ 401.965913][T29446] ? crypto_shash_update+0x13c/0x1a0 11:14:32 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000240)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = open(0x0, 0x14d842, 0x0) sendfile(r1, 0xffffffffffffffff, 0x0, 0x0) r2 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) write$P9_RREADLINK(r2, &(0x7f0000000300)=ANY=[], 0x116) sendfile(r2, r2, &(0x7f0000000240), 0x7fff) r3 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) sendfile(r3, r3, &(0x7f0000000240), 0x7fff) [ 401.971210][T29446] ? pagecache_get_page+0x7aa/0x910 [ 401.976419][T29446] sg_pool_alloc+0x74/0x90 [ 401.980855][T29446] __sg_alloc_table+0xce/0x290 [ 401.985690][T29446] sg_alloc_table_chained+0xaf/0x140 [ 401.990988][T29446] ? sg_alloc_table_chained+0x140/0x140 [ 401.996588][T29446] scsi_alloc_sgtables+0x184/0x510 [ 402.001715][T29446] sd_init_command+0x952/0x1610 [ 402.006572][T29446] scsi_queue_rq+0x10cd/0x15a0 [ 402.011349][T29446] blk_mq_dispatch_rq_list+0x63b/0x1080 [ 402.017082][T29446] blk_mq_do_dispatch_sched+0x3b5/0x640 [ 402.022672][T29446] __blk_mq_sched_dispatch_requests+0x1eb/0x290 [ 402.028922][T29446] ? rb_insert_color+0x2fa/0x310 [ 402.033870][T29446] blk_mq_sched_dispatch_requests+0x9f/0x110 [ 402.039911][T29446] __blk_mq_run_hw_queue+0xbc/0x140 [ 402.045114][T29446] __blk_mq_delay_run_hw_queue+0x163/0x2f0 [ 402.050935][T29446] blk_mq_run_hw_queue+0x22c/0x250 [ 402.056061][T29446] blk_mq_sched_insert_requests+0x12b/0x1f0 [ 402.061959][T29446] blk_mq_flush_plug_list+0x302/0x3d0 [ 402.067341][T29446] blk_flush_plug_list+0x235/0x260 [ 402.072588][T29446] blk_finish_plug+0x44/0x60 [ 402.077281][T29446] __iomap_dio_rw+0xca7/0x1010 [ 402.082421][T29446] iomap_dio_rw+0x30/0x70 [ 402.086890][T29446] ? ext4_file_write_iter+0x4a1/0x11f0 [ 402.092494][T29446] ext4_file_write_iter+0xabe/0x11f0 [ 402.097797][T29446] ? ext4_file_write_iter+0x4a1/0x11f0 [ 402.103259][T29446] do_iter_readv_writev+0x2de/0x380 [ 402.108479][T29446] do_iter_write+0x192/0x5c0 [ 402.113082][T29446] ? splice_from_pipe_next+0x34f/0x3b0 [ 402.118581][T29446] ? kmalloc_array+0x2d/0x40 [ 402.123174][T29446] vfs_iter_write+0x4c/0x70 [ 402.127857][T29446] iter_file_splice_write+0x43a/0x790 [ 402.133354][T29446] ? splice_from_pipe+0xd0/0xd0 [ 402.138239][T29446] direct_splice_actor+0x80/0xa0 [ 402.143186][T29446] splice_direct_to_actor+0x345/0x650 [ 402.148568][T29446] ? do_splice_direct+0x190/0x190 [ 402.153766][T29446] do_splice_direct+0x106/0x190 [ 402.158621][T29446] do_sendfile+0x63e/0xbb0 [ 402.163031][T29446] __x64_sys_sendfile64+0x102/0x140 [ 402.168390][T29446] do_syscall_64+0x44/0xa0 [ 402.172833][T29446] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 402.178844][T29446] RIP: 0033:0x7fca7d004739 [ 402.183259][T29446] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 402.203347][T29446] RSP: 002b:00007fca7ad7c188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 402.212113][T29446] RAX: ffffffffffffffda RBX: 00007fca7d108f80 RCX: 00007fca7d004739 11:14:32 executing program 0: r0 = syz_mount_image$msdos(&(0x7f0000000040), &(0x7f00000000c0)='./file1\x00', 0x7aca, 0x1, &(0x7f00000002c0)=[{&(0x7f0000000180)="040005090000000066617400040409000200027400f801", 0x17}], 0x0, &(0x7f0000000100)=ANY=[]) r1 = open(&(0x7f00000000c0)='./file0\x00', 0x40c2, 0x0) write(r1, &(0x7f0000001400)="bb8f9f640903127a53527c6fbfe65d43b0e0586f2d40c7e7df58cac83420e83662d6e39bb6d5430622431454eedeeaee423d8f210bc3525fa7927c18d5fbc91ab13c2041136047d8da9375934d00f325499bfe77", 0x54) r2 = creat(&(0x7f0000000100)='./file0\x00', 0x4) r3 = creat(&(0x7f0000000080)='./file0\x00', 0x81) r4 = fsmount(r3, 0x1, 0xf0) renameat2(r4, &(0x7f0000000280)='./file0\x00', r2, &(0x7f0000000300)='./file0\x00', 0x1) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) io_setup(0x3f, &(0x7f00000000c0)=0x0) io_submit(r5, 0x2, &(0x7f0000000800)=[&(0x7f0000000100)={0x0, 0x0, 0x0, 0x1, 0x0, 0xffffffffffffffff, &(0x7f00000002c0)='+', 0x94}]) pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r7 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r7, &(0x7f0000000300)=ANY=[], 0xfffffffffffffca0) sendfile(r7, r7, &(0x7f0000000240), 0x7fff) r8 = accept4(r3, &(0x7f0000000840)=@ax25={{0x3, @null}, [@rose, @remote, @null, @bcast, @rose, @default, @null, @null]}, &(0x7f00000008c0)=0x80, 0x80000) r9 = open(&(0x7f00000000c0)='./file0\x00', 0x40c2, 0x0) write(r9, &(0x7f0000001400)="bb8f9f640903127a53527c6fbfe65d43b0e0586f2d40c7e7df58cac83420e83662d6e39bb6d5430622431454eedeeaee423d8f210bc3525fa7927c18d5fbc91ab13c2041136047d8da9375934d00f325499bfe7712208d387d41c31821c2a22d1325b556528e9b790b74053d1ed631c6ec8126d37c87216173138c00cef396868029af5b76bebac5e38b74d8bbc6ae66b6e202b6d505710377710ea7d43edf00e1a4c1c670bb4c263ce777da81abdd5ba5a5c82f67232f9b4d6f21b2e6afa8b38e4642b0daa2acbc0478d89b88e8b2094d4248855e5e81992e60be3afff0f3c3799350615489a901a659abdeca0c615a622ebf64175f990320e0356d4a11ed62eff72b709c23dd65942e8b534d7d775d370c1e435654a2634e6ee3649c4c3bcbe39e866f1eb9972af1a9cef42e701798a53dc92a242aadbac343e1765cf8ea5665e22deda69777e52b1e9e5d3edc022256939e1eee013448294911139d5b9c6241049fecdf9b31f4cdf6cff65d71b5071ef70e1798347c8846aa5b905e83050e3e606986ed3f603d18c5cdeb11cda1ce3abddea9376231af130e19fc7601ec1ab8cb5a7de9e2174547f18225b09a54fc8720dbb91eb69c1be88e601c3c9df4f2758f39a5151951b9c6dbb419ffd783a34c9fad10f201b8724d31865e2fc1fcf48db2be713053b43a0e3943c1e2b08e8a26e946c439d891db2a80b5ffa054bc8d0177d3214056250c61a537d2ec7630fb90395df2cd6aa9c5e573365db580520bdc3f1c6b2be992e1516a4b810a11935dc780699e461d9715f70c6d103ff49bf168f3cff4c0d0d6ba5671fcd2975450b0e1a3474139cb0f2d3476fcd87a8bccbeb2f5f8a821017b879aa5b9d1fafa9f4c429a74cd2da782114d97bf031746a817dd0293c4eddc3a9ecb5afe496f4971474ccd827449409f07cf94dda2e7dbe8520b5afff10a7e3b0b4289a167fc692635b5b7426d9e771b95860b09a3e752c867213c772e48ba30a78feecc7ff26e63e1749c62b52d377ac5cc52db830c965e04ccfcfb24ceacc69cfdc2094124dd27b2d68f699476a2562bab1de117ffc2b0702ee8b0b77f85fecec3a25b37ab7eb06232c9a73b4470f1727c82581d81942abf42d3ea37957927ad3dbd0ebe46678a9f4d25c47acaac83c14210a54b71fed40df017e2be27f01e3e6ea3ea381ca14efd202858e6535ad4f79a8cdf47e385b740a70c14e3651731a45cc0ca4a56f2e903cad0384efcc364caf67e09551d35c682ebc90a9286c4d274ba1b8ced742ede4e55a62db7ef9a96fde2add05b41599fd72a79ba280cc125cb266ef21b7eeafe3ee6aa78eef33fc66454549c3ec298cb683a55a32208cf6ce88b560166159d59e65f30540f62c5437652ea7f2a02f87ca242dd2250f58e75938a9a3ded51ae6598c2aba53287ff5cdaab17be7f4310f8e07e310d52778de79e1c2e4391b254be38910aa1cf6e1ca0e75d24be97d59f7025f16c6fbd549529b74e319c58f50438765ef0e3dc394eeb75dec41b3d80435b17520c97f5cd7ee692fb86d188fb0089fbf737dc1b96b9cc49be23a38a8cd92e5075f349993d7866369dd25eccbe1481477a05fee14e0edd1617921d7fcaa8fdc642e63b64388fa5b63442ff1466b1938d02546750b01ed9c980282ccbe10f204741249aed88c555ed6fdf7f68af9209807a71bbf4f31bef5a4223466da74ba8b034df529aef6ec6610a0d25973961e50e02af22d0ca8be1b9804a5918acbdb536e8f2f441ec9d640ed15133ee747440c86fc4526c9195954528673d25c8390170f3c19cb0b0c30b9e634c7ebae96946ae97c19eabca92226da925d22be37abbe0740938ea899ec42fd529a3b1063981e4c154219df5cf5af60a29b5a8ee530905725a14b28900eae937e705401ba8f632a7bca00d9724a992afdc9ed14aac71b8e3a7ee5ca095888feb195b4e083c3b611a1c2f8d092febe3b9f5f0df61e8d3c31a643c935b76bc1ad4265164e755484beb06610510bc51e8c6da8d71123bbe83a5e4128f41cf5c486d6a60496c300c406f990bee485cbdef794f2663ee66d2b18d8e55210c25c04b1a0c6d9c5f904e72806d2d4f5e5439bcdf146343cdffe4d0d70d42a9959cff9bd50c37cd478b0b0add16aae4dc839b46bca2ac7547144b6a422aed5e2db661bcb31a82bc0fc678e71a6cb090ef772860f3008b4152b5d281033be4a77b367baec3ab8ce7c83c601b11c8199bafcd15161a5454a6a982dbc3c2e3a5172b6a63e4904817075754eccbb0188c9cb2e5da9600f567485014887463b40f189b7ec3c5c0f36d502509e402c285765c78417ce6b3aab130ee79622dcd8ada842233e73a14554ee5e4995e32b3fe4075e247eb9bdeef64d1a7436c9b5782fb2f84f74e4c6e976289729c37b5bb8200a9480d181a6b11f5ec229b818134b8334967ae935ac1d81be4776fae4cb68b6fa330e93bd8de388b38455d569159bcd166df030a6dfedf28caf4608de7243f5df2c76f6680c301d819dc67d24d2f780432a931700a253b0a5b075195c6dbfd1fe17a1c11a3dffa872a07b877adc66d069fffb6d8326e1998c5a337c3d530250cae335ceffcf81dc438a47e73490d050a053813dbe6674e42c91ae94b4a88144f36adc1b08b4bcd6ddf4058c4e08d4dc83d5fbd843ee27eaf50b297c220350260d9abbeeb6deb921e50cae0ea590cfb6f00fb3c71520f565bb769705e2481ef27cf537d29f163c9fe3d39ed9fd18dc8b0c976cd302283e430807a9d751357f89092532d89fe280c69ad36e3541b5da9dea13fd19d0434c760fe295dfd9b9e63453c7853914c50b1b77ccd4b33c8b1f31fcb1aec040ffe2f9d728d8ea84297bac2e22230ebd1488c503b05b2e433cc37ce9fc123b7d3eb244b4549e9a841e73b664c8f6621ea5a4c9ff9c1da032255311f2c063a682baf4c97e7ba552bf71af4bd64f43872b846d15c65c487089be272cfa24a33f8c50930ea0bc4b089505fb8e97ded0e7e64a5ce897da6b940df4c3dddb8b4871d773f6ebf02058518c55c19aadb0f266caf18777ae68d2bfcfb2225961fcd10538ba664fd053a443320072707533ab761b9397bd0559126b84fe9196463ae50633017ea2d80940311d9c867102b1017f34af1965d8eb61be616a0d40656e2bbb750aee6f74f788c8acb2578e8686f5f8da6a19e979c152b7ee7c7f16902120588e2ff630144b5f929ffc593e946d9717c5968aa16c2d73d689fb5cce117acda3e23e5e0116de1cb6bddfa1a84cefb22c1e2c3753017696f27b9aec5d44f15411247643b84dd4410e784b4eb5b9c68fea671976f9b51c6526e2ddb40659611b0b3bcc7e249c77396fdb8c864ea9318f9de7fd3936fcbdc732c2f8b9556ec9afeb15d5e2df890351d66074d53dddc6e8dba8c91d733623ac95a49eb69c7de37ff2364ccddb01f6500750a012c2acf32a9f6bbd9e92d17ef858fbc34575db414ea42ad87a65b11ae5506469db256c421328f45aec73bdf18562447dc2840bbe9fc84dedd0fe6276fa174f21210d40193530ec7a70a9e60bfd6b00cba4d483be59950f16fa0dbd089b5fd0bb078badfcf42270cc62fe37be22b0d81f755263d74636fa466d2574ca62b58c649936d21e949de73ea45df3acade6609413f56fc218d6f11947bf1fd629d38d8acce90ee3c1a51117601ae126bec537e3e76ce7ecc53cfeefee8aaa104aa853a65aadf27bac9849ee0122793b11cd8e4f32fb07afa39e439cb738c30a6df958160aac15c26032a61aaf614b2e6601581fb0ab8d115e045005dee3df8ea42643cbcbb0b111130c42c94b7e874cfee50d5c2eb13b3a38c417fce9d740b7d43120431a7d44bc3934ee87b112401cbee3553837b6a0b4b3faaceb46eca4064301c8060870350e256ac9d5557f674536b9d9717a82fa211e7dfb52ca410d8a4f2f6b733c2a082f247538a6c40f56cf64204e62515db692f32733ff6f4b0787ef305d5e80881375467ae603ac3600e688c42f89a4fea4fdda09a8d59e19457c654a98c8129a8c65bae3310af2b170729e18400c915d0a2f4c4fc51747846630b95ec181228bda7ef48ad389815aa82de6c4a3b0746c28c01f9ec697ff17f095e1cf9d2fe78fdab9cbb1ca7aefc8af6a0cd98444735fad79e394a8f9c2fd358c3cde4ca6d57a620d0bb52dc6ff93f034b596f407c21511cc2c5ec8b0ede7f5c0acca61939ac7f2cad820c15133e69507eaa739e9a88936f4a74f0ad1574a1591f31f582a76157d89805cb3ba5e8d10509bf7a08e928653b4f05ba797a06765b74c8759fc34178624c08a2b99e59bcff5d33af2b0f9176b56c35f4da31c751a4c2fd88a1997cd9fc9bbf78220731d4c8cea23be1fd29c36b34d8458b7021ebcfafdc7e54096e517da3eb684298f742532d776164d9c9658e5faca0a3b08afca1bc27ed357884f49fe51bd0c38057f4288f1917e36e3865310b5eed140aef6150ae363293cf7467abd5e06cd7af5e2c49e7c5253a1155741e380bccb023a0faed93d9a64512d72436f1ef4ac0904a413e45164c23413bd57274a0a951c41a9a43aed094d4ea5c480ce64663cc9d36723179e2b19a48e9277a6591bbd888a06e0f2f142cd4495be4ba7274d69ba32a2788b935b2f18c5f336cb9de062829e2e0bb476efb36c3f53a766c14314f31637a464ac59d378ad7f51bef8d88715613653a427038e0d3e4dc3948bb1d70eb55c91c92f7510b1c0387253b458d2c90d17238f9eb239c680179a6c1e0759be367963e3b4d7395fd3911626582a094e6a8d0e746242f94267a4c57d5b2360ce3a6f7f3e3c10e124a54ed24d1585bc7b731cf731c94ee00ebf070b999b9bf28d76bfec9dcf12fcce2b9c4444c706ec6b943b5f39e9151a764ba1cd0cd6c1c7cdc3aa824cf17da705be27a18fbee41be39d6ae4dd4312f5f4bfee2c5bb21d941666f9d79b0f80c9b1bace84a05d2b0e3be1c3fd04d72b4b0124595c435813969d413960fddc858730a433383f3bc0472cb7683ea569e001f00"/3584, 0xe00) io_submit(r5, 0x5, &(0x7f00000009c0)=[&(0x7f0000000340)={0x0, 0x0, 0x0, 0x9, 0x2, r0, &(0x7f0000001480)="0f779e5425944511c94ded819191c8c99a879299efe3cf8ddeccb89c66c984e8e7f4ceb62bf035c5799e730c1794badd3719902aeb177efe1790ece0a2705a1422aeffb22a80973ecf184560a9d279871347cba0d277e195e4fab033536e48899d896da9156c3feb9937e20b3ce5f9855217ee378567937b41523d5c4742660611ff0282e0a17a16c41ad5837db2a03f9a7d876644df4ef631113cc452aebc3410414ff02bf3a1c5af2a56c366cbcef280755aaf63a72f68d7a4190b1de1f31adb6d2ae3fce531f00704c7147cdfd932909eefe64c325bf614203d49c6842e0e7250471d84ab143273b086d6ad26ae7d021bd9a547e664c42ec4eeba54f0f4d4f2624d0a9c7c93ba8ab43b71f3a6fa6f9036f4c0100ca2154ae61e566d0d47680a9f877a5c7a02dcd503efb1edbda6ff720a56ac67e8116f6cd72ffe565878c7435982b3c1d363933ded4d3765c15ec4bd9b7bfcea09b8e88b1afb4c9a6e4d759e6abf9969f9a66e757df6272a342393aa02d7d13629ae77590a84e9438a8d4e349552884e7763a76974b6801d993ae229292ba77e0c06f68d33d53dd4522b8a1cf4556a3dd8a5cf949a73da8a8e2a2061583e2a2f393e9ec2a09ca61176c8e224e7cb90368e8f7dbdb8188ba4954fd4990ff225c7d2bdc61d3a5c3d585db1b91f79465f1ac29c86511bad924d9cc9510117445db129c0595a728b8dab4ad3c775e5bf61c2d968ae76f70cc5f3523a05b92bd3297fa26f378e75144ae918a32b58d577c63f7e23e212440d8627c17823b8ac5632aae4b65d7abbc811d74fa8fc7419c1b56d2dac935109e84033e6a2b06c301f516392414d6692b1aa7444306d3c5befa090301b8236789b8dde6237e8fd3003ae7d3987843b2d195cf0ae1c0a8778b903c26bef2816cd179b7dfd67c467c5bf3da0cd767a38555558f077ad5c9028db5628154bd50ed2947e0f4eda3ed2e89528e21e6e89ca44cdc649d317c8aacf0154966e24d8d6a4acd98b0bfb1bf9131e51f8c90ad1d0fb155fcd0a9b60d49b91d3c641e982e1f3bdd9eff99c4c36a6df8a3f68b9cd978edfff4009d0d99250086f5152ee7083b035f2587a3c533dd0942208f142405290022aa6e76d1672e40ecf0eb093763c5589902ac34b34c947bcc3f99a743703508ed30a55cfea73ffcadadebf16290e0192763885cdab174dbf099cd2f2da5740c33c3128ba9513ba3bbbcdf74dcb02a203a5506fb3c1a4301c00ad3346656854cf099a25ca428784ab60287f165c882adf071997ad8f15de2521ebd3db5b0045cc6ef4f6c5aa1dea7980110360b368868cba1a4e3b6bf80c25c65fe0fed7f00a1f2eed5dc379a89282fe22888de307c06cf8fb6c66c2cb82a1387d45e67ee35a8eef63185a30b14c9c6dc95b717346867b32f808edc48900430fe0cd3877b6b631912b1b84b8418c101c62e4384d670a696a8e6b2a3232d07a38a98ff1b11120564768215c603a0961cab1986efff86a1ba7bff5bc06256509d6a2cc76b0b09892e2eedc7c6aad10a7d7869620c653b0e2db6fd3a6d002b85c7b039f19719b9a8e3dc00b4d4290d7af82e2058068d16305b78e6b2d74c0e6e3ba5d3c2fdb4016ecedbef49a0c971bf75b7ed01558aa76daf6ca134882efddb65644dedd9017503bb756c29322a9d694934f97662d64e886ff5496a631db3c3bdd135251c7461a3001fe4bbb78c7e7acb5f67b62344f8c97fd912545c0a9ac400038a90cc811211d5ca61877ee3a858563a46c6efc4bfaf60bedcaddc2f670893c3b3fd6a9c99bdf6caaa6657eed65566b252ca2464a4a3540df065956a1d6b5f33bd06e029235d1b23da634d402342511a7ce67c755bdfae252633d5674595a5a93bc693efb0ecae9b25a5690a1b739d0188b4f57a46e7182dc8a28b3108d9be6403f63b85432b023e540ad39210a27adcdf20f9d21d18ce7b7fc5e8b1324fab8742445d3f8d48dac9efb82a059cfb6f26af0b36b30caa717b00929645454dff1f6f30818a93849e54b99febc82b9b794155b08ec91a9c6733c236dab6f69df31654272be6d2724b7270f2cbaec16f809d4601e536949bf8170b20d5fa8e3e85ae93ce0cb891e9532235c67cc45550c697f4e0595f2f02837f354a88dcd60a771377fc86e421868ea01b275faac6ff19a409bf33f2f5655fabae6115d8a132bb64c240393506979229ea37f02e823d5d77bc8b475c3fe2dcd1fa468ff56a36ca2578d4c4a21e3ad5dfaad94efa210c723b5052fafc57740c2f19f1fdf91e4c7199d5003050ed5ff9d9d6043693f21aafeca788dcbc2bd9d3e8e0f73e00a9c43d13dbfa320bd7719f409145d999474efac50e2243e3d147b4ca25a02a80662a558bfe1a16404c3ad95f32d73d675fb2b658717ba5bc98b14b9b9f26a0075de35bb342ecda48620e7867e8a66fd831febc236e6ab432173deb3235584eca1cfd15646043b5f6a56377e750bbfa57b9f3f672aff958b4163155f456cdf57aafcab51485ddf1de52da77ef98776526362f3f6099ead2c56c917bd81a8e45037e74c04ed916239595f575446765ed84437c92131ae59521fe8670a48e46429ae29230d818890c596e05bd4e59793a285dc06100fc68a984518ef9a28d76f8a602b4c02628caef84ba4e3eb68561d0d44e750ec4540974d4f4315dfa4f6b6e43ff514e5ce397b20009370dbe4c2e375142fadea9fa486f9deb8596b58476ad1f2efce8368ba211f4c07fe2da7f8eba35f3f32bee40f3945d27645891f1ce1846410e26ca5ebcf0e8e79aefafa662b8b0b9d8c03ad43ccee7512089f82dd1679227ed75fe77cb9a418af1f7dafa6f5ddbc57c23b47f96f6c29116de8879e7014f95a90355a33183fc38b4861f9442961106291c0ad514a71c7aca1e4a26633e6bb439359397b5c1a547b813fcdad63d06730f021650be5cc8319e1c80753d606bb2c91b25e127ae271b41a8a67afb0a97eba93a35c871d83b6be174f288e2461032c4d3e90d735ccb0ae03f14d9dd21bfa51c68c9d55cbde4ea09f9dd17ab3a8216f9e9c1148d3e8b7c966b48323f99f0814cc90ae83ae3e1e2e6090804cc23a1880d10578ecefa8dc8b155418ed360ce1ba128488986ae7968dcaefcdc7d87c882658d00ee714471ad213e2e9638521a50e0eade433b691cc2cb83d096e4736274e6ec9c251648a668e0711b4df76aaee112a27420bbaf6b893fcc2d7b14efb4062b0821de85e742fd7a66116fb75e50f25c0174c148fe1cad845015363449e40451dc5ef7af5d091af32206f0864b606a706c93fe4bf7e8e332ea494529a04a038873625a06a4f22ba9757d3c6f851a6fb93bcb1f49dbc45871360f746075ba5290cdc013ba403b05e3d10d79fe088c3f72356dc3d048c96c86c849931ee0a034756b41e008f253ea6f5e5143052f8dfea91d04b6a9bf2d01ed3ae98e74ca7c92b224d183e48451e7a02462713ef47161f90e1cc028435c0cc253e2c887796382dbc75113790b58c7a783346ead41c64d8139e10a535648a30b2b8d9a047c516baf3dde65f53b7253c079dffede35b65d5380e6e484a4242bffa5f581eb16999bc9593e2642b07feb6c1a3bbc255ad3b72209591562e31ea7460c67df77fd9f5f29166031c231d5b79d240687fef503bcd48cb08bc686ae2994fb5fd85828634dd06ed46f888d72daeb0dd4b8a2f565b6374ce30950c946190a21ef643daf2ac3730eeefc93361478ee80da520a717bd36eab92d4bac6caf5242df770a869ccc56505dd13957580717083a32fc01563bf368bcc003cc123e1f6efc38ea370e25719df0e3c54c0da7eba93a5e4990ca625ccf7ed436c2fe0436ca2bd54c75f274635e20b801cf35e3c3bd72dcffa371e8ffba5acbdc15df562b174aadfa92f68c027524e6e48eec2df0e435dbd24050dae24aa260959e72e586cc87e9c228fcdb37dbb0fa5ef127ce5714134c8f2a9224ac411d2b4c4bc294c8a68e6b933eddd493432e7da69d4904fe574a29031825e8049f7699b9adef4913b7dcaeafb5179ea9960b1c6d46cff9eaab0395743070985f0549f800ef416a2a70888e99866fb80ce591b78f093c6c07f1b81a6b29ea176d4f7d037eabfe3a8d903c70e9bee85ddbfbda33221b3e1be172b2e8dbc08c43d220904190b7e68c35bb9d8ccc01a28ec22a8e5c2b53eeccd67641c3313cdd09b92d4fe481829194bb4ca08165a436f46e38d0ba7939735c4147a1cab5d438ea98ba3a5ebd8d65fe504857a4ca09a6b83fb3d85a5a0253854b102c7afff372e01ed3c08f82d65e0a019e7d1d287a097cfd3063e1a9dabcece8cdf49bd90a3e1c6c18a7b37f93b1f3f396409bc42563bfe0215254bc01d83c0cfced7940b0a3b6e83253d4b20a2879b6b631eb71c92edfdbe185d6ec70d32b51b0b6ca910a1becd7b7055366b0888ef44a042146deca2d2df3e7ad2408eef82bce2b4be446c1e2d9a176e7e5c0f3b1ccce6eaf99451edca9d45299269c06780dcdf8bb603afab5a6a604969c8dfed86a9770386a62f56949bf6688ca67e5943c130627bc235c0502905b2369c0b47e6ef56c859e24e91539a71d1817e2ca207cc8f1c0297c626dde28651c66e5e9c59f21beab5151a08e3af58b73b516947c068a7b54a620449a21fb74db276c4173f3474916b20d19e37d0eb686db8f7e4ab43cfcc6adf3dd654b7b059aa3a7def2b613a24010cc7ea17a8dd1a882b57775b166723f3f360e62793bed2f6a9c57035457a9e80b363ca52b0c1938629e38195eec91042bc1a311297d421a745e5659f8d89a78f28ee652c788b263448d7ee0a30796934cd802766e4a1f34f9e69cb79fba39be89c21b5526071e1c852fc4f10817f872c8be2d227c206e0b4715e61a2fea7ba87177d8a34cb1c272dc6b86e8836d2de469dbfa556f93b867780bd20f04c4a2a0ae2cdc69ea9347ea2da62cbc70270fd8ae893b5764b7aa9bc4161d57b0b839db7f11da3d69b85c8837a501cb3752099a6cdd9573afca371c2b9ba2ca38a316485548af06c5af589f2f163817e9350b7b538f16d210ccf337086d23399654bd616be4e74b9e1c367fd41604203957de581548b6175cb4eb8e36e7b3c7be080b3c49e5ef4d1652954731bd21a21480d1a8db7d165b79ec9b9b0ec1a939b7db09ba7f343da1428d5febf5314b3e26ec74748231aa536a6f3b31f7f6817276e4a35bb9af98e398c09fdb35d122a9b38c33796e2d78038779dcd127ada87aa83a02693bf69e090401f75a7c1a4137cbe5b40db38c64b05b5105292264fa7a32878f73c3330827485640dc6f6604fedd300f86e76f0eb50a617b2dab2057f98aded7a81dcd66e52bb651d138cb8e2a25a874991579c780e46e4ef815367d6b62a78b74fc6147de32155301841030dfdd3fcbd36bb24eb19720d3c15fe395a70c56baa99f3ca5507a2de50b1ad28d9f018815e6decd51c57304389c65bddba441f8032faab5d7f10de728a1a4ca63b951395db15d8e8010488a2dbdb3723115ea5e9683b6f461946a3072772a8c0b5e76b4a2b7ad5c9a891c48270292d3240251c92d854001d324e13b17bee66e6c32d9e824e291c711121e85ef09788dd576005c753eafabd2a410a0b13f6f5fc60767393e2d2bdf08c887461c6bb9d3743a10665ea79b99df2c390db549b7a0459e82c91bdb4cc5aa7672678a3ac30c1da3b817ee994802c434bd287e005c6f125f1082509f674bf0e20699c198e61ee6bd14a151e510ee1d1331a7e02b649b1f01d98f8cf450f6b7", 0x1000, 0x8, 0x0, 0x2, r6}, &(0x7f0000000680)={0x0, 0x0, 0x0, 0x0, 0x81, r7, &(0x7f0000000580)="b17b88805b61b4829ea9e510ab5556f15fbe81fb44a7cb84cd39ef4c9eafaf59ba9cd1dcecd05feac2a5c297debdefda4beaed3ae7f843b6ead39bba98ed67112f40aed8dd2107a772b5e6c81a4a9eeeda0bdc8c374600389447f2e27ae0df82e8ee8e991ed9267df45f5ea63cfa5dfc6337c020d46c52c1e1bd22444e9539c6d690bc6dab06ec23ede20c9ef6d12c0dedff74aa2be079c9a6d6738789d2979071e8a1980f64af8a0829c6a374086439d6a48e770da492bb2b53901a1e9d203a3631502772f8", 0xc6, 0x1, 0x0, 0x2}, &(0x7f0000000700)={0x0, 0x0, 0x0, 0x0, 0x816d, r4, &(0x7f00000006c0)="b8fde75e663123e21f4ab82a19492403de49489995444840b012e6450f8a6de921d6aa45ee73e980b84fd52c621fe38d4364a5ec56f454e05c3f", 0x3a, 0x1, 0x0, 0x3}, &(0x7f0000000800)={0x0, 0x0, 0x0, 0x6, 0x3fd, r4, &(0x7f0000000740)="b397a8a7462a9a3bf0079a8226058ec19145f7d93ea35da549289bb84742d26185d5d0eb866ec35226f1ff5e79fa741900c7d1e7477d67c37b19c5749db0025da850614a95b3085f26295db68246e8cb6969fbdb022865dd6d8cd3ce2545ad233b7518784f17dd83b60ba5a3640c2f03d6329f100c04f89a9037da7342bf46a5c98da4d691ecf8e3674ea7f0e612bd5a66e4a7b65aab1f8044f3cb", 0x9b, 0x2, 0x0, 0x7}, &(0x7f0000000980)={0x0, 0x0, 0x0, 0x6, 0xffff, r8, &(0x7f0000000900)="87e504e313e6df487eaa41a5e533cf7217437b8f72d3de1b74e8e31cfcefb1d8a16bccd1439ec6d807188d6f02a2822202826643442fefdceae9f8b396a8e71db48cea9ee6530fc038251e73ace18ed13b66cbd404c26c937f253a569dc703b2af85a845149224fc042da1", 0x6b, 0x0, 0x0, 0x1, r9}]) write$P9_RSTAT(r1, &(0x7f0000000380)=ANY=[@ANYBLOB="540000007d000000004d00000000000000000000000000000000000000000000000000000000000000000000000000000000000006006d73646f73000a002f6465762f76637375000a005c6a7d2f2a2f7c2c13288143e2c45f9bb88e2b1229dd3352ec45fbe9c0c489de2c53dd005e19f9bf29df542617888802491b9974c7d38f176ffe41de69d74193c2e3743791d917b715af527807832be771c52d017bbd6157b83eb7f4d1f8dea779b54e42be155074ab3bbed17bcb1a69846b3a6d12a49ce93064071d65b5380c87697f2b07538afdfa0f7fffd4194d12e2e856895baf6f8b9146db00681038db22787e54e2c1f7404ee0630b5cbe1f8f26074c0bd6374c86"], 0x54) 11:14:32 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000240)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = open(0x0, 0x14d842, 0x0) sendfile(r1, 0xffffffffffffffff, 0x0, 0x0) r2 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) write$P9_RREADLINK(r2, &(0x7f0000000300)=ANY=[], 0x116) sendfile(r2, r2, &(0x7f0000000240), 0x7fff) r3 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) sendfile(r3, r3, &(0x7f0000000240), 0x7fff) 11:14:32 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000240)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = open(0x0, 0x14d842, 0x0) sendfile(r1, 0xffffffffffffffff, 0x0, 0x0) r2 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) write$P9_RREADLINK(r2, &(0x7f0000000300)=ANY=[], 0x116) sendfile(r2, r2, &(0x7f0000000240), 0x7fff) r3 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) sendfile(r3, r3, &(0x7f0000000240), 0x7fff) 11:14:32 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000240)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = open(0x0, 0x14d842, 0x0) sendfile(r1, 0xffffffffffffffff, 0x0, 0x0) r2 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(0xffffffffffffffff, &(0x7f0000000300)=ANY=[], 0x116) sendfile(r2, r2, &(0x7f0000000240), 0x7fff) r3 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) sendfile(r3, r3, &(0x7f0000000240), 0x7fff) 11:14:32 executing program 2 (fault-call:5 fault-nth:91): getpid() syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = open(&(0x7f00000001c0)='./file0\x00', 0x4e141, 0x0) r1 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x401ffc000) [ 402.220125][T29446] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000003 [ 402.228090][T29446] RBP: 00007fca7ad7c1d0 R08: 0000000000000000 R09: 0000000000000000 [ 402.236163][T29446] R10: 0000000401ffc000 R11: 0000000000000246 R12: 0000000000000002 [ 402.244125][T29446] R13: 00007ffff87c0eff R14: 00007fca7ad7c300 R15: 0000000000022000 11:14:32 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000240)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080", 0x15}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') write$binfmt_script(0xffffffffffffffff, 0x0, 0x8800000) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0) ioctl$SG_IO(r1, 0x2285, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8914, 0x0) r2 = open(&(0x7f00000001c0)='./file0\x00', 0x4e141, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r2, r3, 0x0, 0x401ffc000) 11:14:32 executing program 5: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f00000000c0)='./file1\x00', 0x7aca, 0x1, &(0x7f00000002c0)=[{&(0x7f0000000180)="040005090000000066617400040409000200027400f801", 0x17}], 0x0, &(0x7f0000000080)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') r0 = open(&(0x7f00000000c0)='./file0\x00', 0x40c2, 0x0) write(r0, 0x0, 0x0) r1 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r1, &(0x7f0000000300)=ANY=[], 0x116) sendfile(r1, r1, &(0x7f0000000240), 0x7fff) creat(&(0x7f0000000100)='./file1\x00', 0x1a2) sendfile(r1, r0, &(0x7f0000000080), 0x684aa014) write$binfmt_script(r0, 0x0, 0x60) ioctl$FS_IOC_GETFSMAP(0xffffffffffffffff, 0xc0c0583b, &(0x7f0000000300)=ANY=[@ANYBLOB="000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000300000001000000ff00000000000000d71f1e0500000000080000000000000039000000000000000000000000000000000000000000000000000000000000009e0f0000c70000000800000000000000000000000000000000000000000000000200"/320]) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) gettid() wait4(0x0, 0x0, 0x4000000a, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000002c0)="0f34", 0x2}], 0x1, 0x0) 11:14:32 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000240)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = open(0x0, 0x14d842, 0x0) sendfile(r1, 0xffffffffffffffff, 0x0, 0x0) r2 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(0xffffffffffffffff, &(0x7f0000000300)=ANY=[], 0x116) sendfile(r2, r2, &(0x7f0000000240), 0x7fff) r3 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) sendfile(r3, r3, &(0x7f0000000240), 0x7fff) [ 402.323112][T29492] loop0: detected capacity change from 0 to 61 [ 402.361671][T29495] FAULT_INJECTION: forcing a failure. [ 402.361671][T29495] name failslab, interval 1, probability 0, space 0, times 0 [ 402.368087][T29505] loop4: detected capacity change from 0 to 262160 [ 402.374316][T29495] CPU: 1 PID: 29495 Comm: syz-executor.2 Not tainted 5.15.0-rc1-syzkaller #0 [ 402.388811][T29505] FAT-fs (loop4): invalid media value (0x00) [ 402.389572][T29495] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 402.389585][T29495] Call Trace: [ 402.389592][T29495] dump_stack_lvl+0xd6/0x122 [ 402.395586][T29505] FAT-fs (loop4): Can't find a valid FAT filesystem [ 402.405727][T29495] dump_stack+0x11/0x1b [ 402.424587][T29495] should_fail+0x23c/0x250 [ 402.429199][T29495] ? kmalloc_array+0x2d/0x40 [ 402.433889][T29495] __should_failslab+0x81/0x90 [ 402.438684][T29495] should_failslab+0x5/0x20 [ 402.443248][T29495] __kmalloc+0x6f/0x350 [ 402.447405][T29495] kmalloc_array+0x2d/0x40 [ 402.451827][T29495] iter_file_splice_write+0xd5/0x790 [ 402.457124][T29495] ? atime_needs_update+0x2ba/0x390 [ 402.462326][T29495] ? touch_atime+0xe0/0x250 [ 402.466920][T29495] ? generic_file_splice_read+0x2ac/0x340 [ 402.472623][T29495] ? splice_from_pipe+0xd0/0xd0 [ 402.477456][T29495] direct_splice_actor+0x80/0xa0 [ 402.482375][T29495] splice_direct_to_actor+0x345/0x650 [ 402.487756][T29495] ? do_splice_direct+0x190/0x190 [ 402.492761][T29495] do_splice_direct+0x106/0x190 [ 402.497591][T29495] do_sendfile+0x63e/0xbb0 [ 402.501990][T29495] __x64_sys_sendfile64+0x102/0x140 [ 402.507252][T29495] do_syscall_64+0x44/0xa0 [ 402.511667][T29495] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 402.517576][T29495] RIP: 0033:0x7fca7d004739 [ 402.521995][T29495] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 402.541994][T29495] RSP: 002b:00007fca7ad7c188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 402.550571][T29495] RAX: ffffffffffffffda RBX: 00007fca7d108f80 RCX: 00007fca7d004739 [ 402.558605][T29495] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000003 [ 402.566575][T29495] RBP: 00007fca7ad7c1d0 R08: 0000000000000000 R09: 0000000000000000 [ 402.574715][T29495] R10: 0000000401ffc000 R11: 0000000000000246 R12: 0000000000000002 [ 402.582766][T29495] R13: 00007ffff87c0eff R14: 00007fca7ad7c300 R15: 0000000000022000 11:14:35 executing program 3: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f00000000c0)='./file1\x00', 0x7aca, 0x1, &(0x7f00000002c0)=[{&(0x7f0000000180)="040005090000000066617400040409000200", 0x12}], 0x0, &(0x7f0000000080)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') r0 = open(&(0x7f00000000c0)='./file0\x00', 0x40c2, 0x0) write(r0, &(0x7f0000001400)="bb", 0x1001) r1 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r1, &(0x7f0000000300)=ANY=[], 0x116) sendfile(r1, r1, &(0x7f0000000240), 0x7fff) creat(&(0x7f0000000100)='./file1\x00', 0x1a2) sendfile(r1, r0, &(0x7f0000000080), 0x684aa014) write$binfmt_script(r0, 0x0, 0x60) ioctl$FS_IOC_GETFSMAP(0xffffffffffffffff, 0xc0c0583b, &(0x7f0000000300)=ANY=[@ANYBLOB="000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000300000001000000ff00000000000000d71f1e0500000000080000000000000039000000000000000000000000000000000000000000000000000000000000009e0f0000c70000000800000000000000000000000000000000000000000000000200"/320]) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() wait4(0x0, 0x0, 0x4000000a, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000002c0)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r2, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0, 0x34}, {&(0x7f0000000000)=""/3, 0x3}], 0x3, 0x0, 0x0, 0x0) tkill(r2, 0x3c) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x48, &(0x7f0000000300)="f43970da7cfeb6d42fd55103666c5762306aa6000000006e59b65f92b10000c571b846e84785185abde7d01894a79025a799ce07a8bdf0c91d32be313b558a8b5a3ae6a22cd7123b"}}], 0x1c) 11:14:35 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000240)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = open(0x0, 0x14d842, 0x0) sendfile(r1, 0xffffffffffffffff, 0x0, 0x0) r2 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(0xffffffffffffffff, &(0x7f0000000300)=ANY=[], 0x116) sendfile(r2, r2, &(0x7f0000000240), 0x7fff) r3 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) sendfile(r3, r3, &(0x7f0000000240), 0x7fff) 11:14:35 executing program 0: r0 = open(&(0x7f00000000c0)='./file0\x00', 0x40c2, 0x0) write(r0, &(0x7f0000001400)="bb8f9f640903127a53527c6fbfe65d43b0e0586f2d40c7e7df58cac83420e83662d6e39bb6d5430622431454eedeeaee423d8f210bc3525fa7927c18d5fbc91ab13c2041136047d8da9375934d00f325499bfe7712208d387d41c31821c2a22d1325b556528e9b790b74053d1ed631c6ec8126d37c87216173138c00cef396868029af5b76bebac5e38b74d8bbc6ae66b6e202b6d505710377710ea7d43edf00e1a4c1c670bb4c263ce777da81abdd5ba5a5c82f67232f9b4d6f21b2e6afa8b38e4642b0daa2acbc0478d89b88e8b2094d4248855e5e81992e60be3afff0f3c3799350615489a901a659abdeca0c615a622ebf64175f990320e0356d4a11ed62eff72b709c23dd65942e8b534d7d775d370c1e435654a2634e6ee3649c4c3bcbe39e866f1eb9972af1a9cef42e701798a53dc92a242aadbac343e1765cf8ea5665e22deda69777e52b1e9e5d3edc022256939e1eee013448294911139d5b9c6241049fecdf9b31f4cdf6cff65d71b5071ef70e1798347c8846aa5b905e83050e3e606986ed3f603d18c5cdeb11cda1ce3abddea9376231af130e19fc7601ec1ab8cb5a7de9e2174547f18225b09a54fc8720dbb91eb69c1be88e601c3c9df4f2758f39a5151951b9c6dbb419ffd783a34c9fad10f201b8724d31865e2fc1fcf48db2be713053b43a0e3943c1e2b08e8a26e946c439d891db2a80b5ffa054bc8d0177d3214056250c61a537d2ec7630fb90395df2cd6aa9c5e573365db580520bdc3f1c6b2be992e1516a4b810a11935dc780699e461d9715f70c6d103ff49bf168f3cff4c0d0d6ba5671fcd2975450b0e1a3474139cb0f2d3476fcd87a8bccbeb2f5f8a821017b879aa5b9d1fafa9f4c429a74cd2da782114d97bf031746a817dd0293c4eddc3a9ecb5afe496f4971474ccd827449409f07cf94dda2e7dbe8520b5afff10a7e3b0b4289a167fc692635b5b7426d9e771b95860b09a3e752c867213c772e48ba30a78feecc7ff26e63e1749c62b52d377ac5cc52db830c965e04ccfcfb24ceacc69cfdc2094124dd27b2d68f699476a2562bab1de117ffc2b0702ee8b0b77f85fecec3a25b37ab7eb06232c9a73b4470f1727c82581d81942abf42d3ea37957927ad3dbd0ebe46678a9f4d25c47acaac83c14210a54b71fed40df017e2be27f01e3e6ea3ea381ca14efd202858e6535ad4f79a8cdf47e385b740a70c14e3651731a45cc0ca4a56f2e903cad0384efcc364caf67e09551d35c682ebc90a9286c4d274ba1b8ced742ede4e55a62db7ef9a96fde2add05b41599fd72a79ba280cc125cb266ef21b7eeafe3ee6aa78eef33fc66454549c3ec298cb683a55a32208cf6ce88b560166159d59e65f30540f62c5437652ea7f2a02f87ca242dd2250f58e75938a9a3ded51ae6598c2aba53287ff5cdaab17be7f4310f8e07e310d52778de79e1c2e4391b254be38910aa1cf6e1ca0e75d24be97d59f7025f16c6fbd549529b74e319c58f50438765ef0e3dc394eeb75dec41b3d80435b17520c97f5cd7ee692fb86d188fb0089fbf737dc1b96b9cc49be23a38a8cd92e5075f349993d7866369dd25eccbe1481477a05fee14e0edd1617921d7fcaa8fdc642e63b64388fa5b63442ff1466b1938d02546750b01ed9c980282ccbe10f204741249aed88c555ed6fdf7f68af9209807a71bbf4f31bef5a4223466da74ba8b034df529aef6ec6610a0d25973961e50e02af22d0ca8be1b9804a5918acbdb536e8f2f441ec9d640ed15133ee747440c86fc4526c9195954528673d25c8390170f3c19cb0b0c30b9e634c7ebae96946ae97c19eabca92226da925d22be37abbe0740938ea899ec42fd529a3b1063981e4c154219df5cf5af60a29b5a8ee530905725a14b28900eae937e705401ba8f632a7bca00d9724a992afdc9ed14aac71b8e3a7ee5ca095888feb195b4e083c3b611a1c2f8d092febe3b9f5f0df61e8d3c31a643c935b76bc1ad4265164e755484beb06610510bc51e8c6da8d71123bbe83a5e4128f41cf5c486d6a60496c300c406f990bee485cbdef794f2663ee66d2b18d8e55210c25c04b1a0c6d9c5f904e72806d2d4f5e5439bcdf146343cdffe4d0d70d42a9959cff9bd50c37cd478b0b0add16aae4dc839b46bca2ac7547144b6a422aed5e2db661bcb31a82bc0fc678e71a6cb090ef772860f3008b4152b5d281033be4a77b367baec3ab8ce7c83c601b11c8199bafcd15161a5454a6a982dbc3c2e3a5172b6a63e4904817075754eccbb0188c9cb2e5da9600f567485014887463b40f189b7ec3c5c0f36d502509e402c285765c78417ce6b3aab130ee79622dcd8ada842233e73a14554ee5e4995e32b3fe4075e247eb9bdeef64d1a7436c9b5782fb2f84f74e4c6e976289729c37b5bb8200a9480d181a6b11f5ec229b818134b8334967ae935ac1d81be4776fae4cb68b6fa330e93bd8de388b38455d569159bcd166df030a6dfedf28caf4608de7243f5df2c76f6680c301d819dc67d24d2f780432a931700a253b0a5b075195c6dbfd1fe17a1c11a3dffa872a07b877adc66d069fffb6d8326e1998c5a337c3d530250cae335ceffcf81dc438a47e73490d050a053813dbe6674e42c91ae94b4a88144f36adc1b08b4bcd6ddf4058c4e08d4dc83d5fbd843ee27eaf50b297c220350260d9abbeeb6deb921e50cae0ea590cfb6f00fb3c71520f565bb769705e2481ef27cf537d29f163c9fe3d39ed9fd18dc8b0c976cd302283e430807a9d751357f89092532d89fe280c69ad36e3541b5da9dea13fd19d0434c760fe295dfd9b9e63453c7853914c50b1b77ccd4b33c8b1f31fcb1aec040ffe2f9d728d8ea84297bac2e22230ebd1488c503b05b2e433cc37ce9fc123b7d3eb244b4549e9a841e73b664c8f6621ea5a4c9ff9c1da032255311f2c063a682baf4c97e7ba552bf71af4bd64f43872b846d15c65c487089be272cfa24a33f8c50930ea0bc4b089505fb8e97ded0e7e64a5ce897da6b940df4c3dddb8b4871d773f6ebf02058518c55c19aadb0f266caf18777ae68d2bfcfb2225961fcd10538ba664fd053a443320072707533ab761b9397bd0559126b84fe9196463ae50633017ea2d80940311d9c867102b1017f34af1965d8eb61be616a0d40656e2bbb750aee6f74f788c8acb2578e8686f5f8da6a19e979c152b7ee7c7f16902120588e2ff630144b5f929ffc593e946d9717c5968aa16c2d73d689fb5cce117acda3e23e5e0116de1cb6bddfa1a84cefb22c1e2c3753017696f27b9aec5d44f15411247643b84dd4410e784b4eb5b9c68fea671976f9b51c6526e2ddb40659611b0b3bcc7e249c77396fdb8c864ea9318f9de7fd3936fcbdc732c2f8b9556ec9afeb15d5e2df890351d66074d53dddc6e8dba8c91d733623ac95a49eb69c7de37ff2364ccddb01f6500750a012c2acf32a9f6bbd9e92d17ef858fbc34575db414ea42ad87a65b11ae5506469db256c421328f45aec73bdf18562447dc2840bbe9fc84dedd0fe6276fa174f21210d40193530ec7a70a9e60bfd6b00cba4d483be59950f16fa0dbd089b5fd0bb078badfcf42270cc62fe37be22b0d81f755263d74636fa466d2574ca62b58c649936d21e949de73ea45df3acade6609413f56fc218d6f11947bf1fd629d38d8acce90ee3c1a51117601ae126bec537e3e76ce7ecc53cfeefee8aaa104aa853a65aadf27bac9849ee0122793b11cd8e4f32fb07afa39e439cb738c30a6df958160aac15c26032a61aaf614b2e6601581fb0ab8d115e045005dee3df8ea42643cbcbb0b111130c42c94b7e874cfee50d5c2eb13b3a38c417fce9d740b7d43120431a7d44bc3934ee87b112401cbee3553837b6a0b4b3faaceb46eca4064301c8060870350e256ac9d5557f674536b9d9717a82fa211e7dfb52ca410d8a4f2f6b733c2a082f247538a6c40f56cf64204e62515db692f32733ff6f4b0787ef305d5e80881375467ae603ac3600e688c42f89a4fea4fdda09a8d59e19457c654a98c8129a8c65bae3310af2b170729e18400c915d0a2f4c4fc51747846630b95ec181228bda7ef48ad389815aa82de6c4a3b0746c28c01f9ec697ff17f095e1cf9d2fe78fdab9cbb1ca7aefc8af6a0cd98444735fad79e394a8f9c2fd358c3cde4ca6d57a620d0bb52dc6ff93f034b596f407c21511cc2c5ec8b0ede7f5c0acca61939ac7f2cad820c15133e69507eaa739e9a88936f4a74f0ad1574a1591f31f582a76157d89805cb3ba5e8d10509bf7a08e928653b4f05ba797a06765b74c8759fc34178624c08a2b99e59bcff5d33af2b0f9176b56c35f4da31c751a4c2fd88a1997cd9fc9bbf78220731d4c8cea23be1fd29c36b34d8458b7021ebcfafdc7e54096e517da3eb684298f742532d776164d9c9658e5faca0a3b08afca1bc27ed357884f49fe51bd0c38057f4288f1917e36e3865310b5eed140aef6150ae363293cf7467abd5e06cd7af5e2c49e7c5253a1155741e380bccb023a0faed93d9a64512d72436f1ef4ac0904a413e45164c23413bd57274a0a951c41a9a43aed094d4ea5c480ce64663cc9d36723179e2b19a48e9277a6591bbd888a06e0f2f142cd4495be4ba7274d69ba32a2788b935b2f18c5f336cb9de062829e2e0bb476efb36c3f53a766c14314f31637a464ac59d378ad7f51bef8d88715613653a427038e0d3e4dc3948bb1d70eb55c91c92f7510b1c0387253b458d2c90d17238f9eb239c680179a6c1e0759be367963e3b4d7395fd3911626582a094e6a8d0e746242f94267a4c57d5b2360ce3a6f7f3e3c10e124a54ed24d1585bc7b731cf731c94ee00ebf070b999b9bf28d76bfec9dcf12fcce2b9c4444c706ec6b943b5f39e9151a764ba1cd0cd6c1c7cdc3aa824cf17da705be27a18fbee41be39d6ae4dd4312f5f4bfee2c5bb21d941666f9d79b0f80c9b1bace84a05d2b0e3be1c3fd04d72b4b0124595c435813969d413960fddc858730a433383f3bc0472cb7683ea569e001f00"/3584, 0xe00) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000100)={&(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000000300)="7791ae72ea6513f007f39f5ed01a5ab26aaba65f832b0a6cef46ca9c7b0ec7226c2ba9c412149536bee94829d53c9fb4c254322e6272b1060e658dd6c26717a512c3621f3af31f2abf486f000e5aacfa30b65098538dee902c77d12a6e8260679d5c036d4e4a3445a3b0ebb091be361e2da0f12dac8c0a88ec5bfc33392b76c316c2b162344983e4a19f9c60f1e2847e2f2ce48212726aa0ee558a1f5d85f1fe5b4b6fca52574aadedc73c7296aa3deff7cf151b06613f6826d4a8e59cd0c98a94245291413d4f7fca7f131df6658d9129863f438688b45ffac03cfb518ddaeaa185e83052beee5e25fa97019a332f87b5", 0xf1, r0}, 0x68) syz_mount_image$msdos(&(0x7f0000000040), &(0x7f00000000c0)='./file1\x00', 0x7aca, 0x1, &(0x7f00000002c0)=[{&(0x7f0000000180)="040005090000000066617400040409000200027400f801", 0x17}], 0x0, &(0x7f0000000100)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') r1 = open(&(0x7f00000000c0)='./file0\x00', 0x1050c2, 0x0) write(r1, &(0x7f0000001400)="bb8f9f640903127a53527c6fbfe65d43b0e0586f2d40c7e7df58cac83420e83662d6e39bb6d5430622431454eedeeaee423d8f210bc3525fa7927c18d5fbc91ab13c2041136047d8da9375934d00f325499bfe77", 0x54) write$P9_RSTAT(r1, &(0x7f0000000240)={0x54, 0x7d, 0x0, {0x0, 0x4d, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0, 0x0, '', 0x6, 'msdos\x00', 0xa, '/dev/vcsu\x00', 0xa, '\\j}/*/|,\x13('}}, 0x54) 11:14:35 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000240)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f8", 0x16}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') write$binfmt_script(0xffffffffffffffff, 0x0, 0x8800000) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0) ioctl$SG_IO(r1, 0x2285, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8914, 0x0) r2 = open(&(0x7f00000001c0)='./file0\x00', 0x4e141, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r2, r3, 0x0, 0x401ffc000) 11:14:35 executing program 2 (fault-call:5 fault-nth:92): getpid() syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = open(&(0x7f00000001c0)='./file0\x00', 0x4e141, 0x0) r1 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x401ffc000) 11:14:35 executing program 5: syz_mount_image$msdos(&(0x7f0000000040), &(0x7f00000000c0)='./file1\x00', 0x7aca, 0x1, &(0x7f00000002c0)=[{&(0x7f0000000180)="040005090000000066617400040409000200027400f801", 0x17}], 0x0, &(0x7f0000000080)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') r0 = open(&(0x7f00000000c0)='./file0\x00', 0x40c2, 0x0) write(r0, &(0x7f0000001400), 0x0) r1 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r1, &(0x7f0000000300)=ANY=[], 0x116) sendfile(r1, r1, &(0x7f0000000240), 0x7fff) creat(&(0x7f0000000100)='./file1\x00', 0x1a2) sendfile(r1, r0, &(0x7f0000000080), 0x684aa014) write$binfmt_script(r0, 0x0, 0x60) ioctl$FS_IOC_GETFSMAP(0xffffffffffffffff, 0xc0c0583b, &(0x7f0000000300)=ANY=[@ANYBLOB="000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000300000001000000ff00000000000000d71f1e0500000000080000000000000039000000000000000000000000000000000000000000000000000000000000009e0f0000c70000000800000000000000000000000000000000000000000000000200"/320]) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) gettid() wait4(0x0, 0x0, 0x4000000a, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000002c0)="0f34", 0x2}], 0x1, 0x0) 11:14:35 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000240)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = open(0x0, 0x14d842, 0x0) sendfile(r1, 0xffffffffffffffff, 0x0, 0x0) r2 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r2, 0x0, 0x116) sendfile(r2, r2, &(0x7f0000000240), 0x7fff) r3 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) sendfile(r3, r3, &(0x7f0000000240), 0x7fff) [ 404.855390][T29534] loop4: detected capacity change from 0 to 262160 [ 404.891676][T29536] FAULT_INJECTION: forcing a failure. [ 404.891676][T29536] name failslab, interval 1, probability 0, space 0, times 0 [ 404.893547][T29533] loop0: detected capacity change from 0 to 61 [ 404.904357][T29536] CPU: 0 PID: 29536 Comm: syz-executor.2 Not tainted 5.15.0-rc1-syzkaller #0 [ 404.919460][T29536] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 404.929606][T29536] Call Trace: [ 404.933233][T29536] dump_stack_lvl+0xd6/0x122 [ 404.938154][T29536] dump_stack+0x11/0x1b [ 404.942407][T29536] should_fail+0x23c/0x250 [ 404.946842][T29536] ? kcalloc+0x32/0x50 [ 404.951100][T29536] __should_failslab+0x81/0x90 [ 404.955883][T29536] should_failslab+0x5/0x20 [ 404.960399][T29536] __kmalloc+0x6f/0x350 [ 404.964556][T29536] kcalloc+0x32/0x50 [ 404.968570][T29536] ext4_find_extent+0x21c/0x7f0 [ 404.973509][T29536] ext4_ext_map_blocks+0x115/0x1ff0 [ 404.978726][T29536] ? ext4_es_lookup_extent+0x36b/0x490 [ 404.984184][T29536] ext4_map_blocks+0x71e/0xf00 [ 404.989132][T29536] ext4_iomap_begin+0x4b0/0x630 [ 404.993991][T29536] ? ext4_alloc_da_blocks+0xd0/0xd0 [ 404.999268][T29536] iomap_iter+0x39c/0x470 [ 405.003592][T29536] __iomap_dio_rw+0x698/0x1010 [ 405.008369][T29536] iomap_dio_rw+0x30/0x70 [ 405.012695][T29536] ? ext4_file_write_iter+0x4a1/0x11f0 [ 405.018145][T29536] ext4_file_write_iter+0xabe/0x11f0 [ 405.023421][T29536] ? ext4_file_write_iter+0x4a1/0x11f0 [ 405.028872][T29536] do_iter_readv_writev+0x2de/0x380 [ 405.034113][T29536] do_iter_write+0x192/0x5c0 [ 405.038726][T29536] ? splice_from_pipe_next+0x34f/0x3b0 [ 405.044263][T29536] ? kmalloc_array+0x2d/0x40 [ 405.048843][T29536] vfs_iter_write+0x4c/0x70 [ 405.053435][T29536] iter_file_splice_write+0x43a/0x790 [ 405.058853][T29536] ? splice_from_pipe+0xd0/0xd0 [ 405.063689][T29536] direct_splice_actor+0x80/0xa0 [ 405.068616][T29536] splice_direct_to_actor+0x345/0x650 [ 405.073983][T29536] ? do_splice_direct+0x190/0x190 [ 405.079006][T29536] do_splice_direct+0x106/0x190 [ 405.083907][T29536] do_sendfile+0x63e/0xbb0 [ 405.088330][T29536] __x64_sys_sendfile64+0x102/0x140 [ 405.093555][T29536] do_syscall_64+0x44/0xa0 [ 405.097965][T29536] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 405.103967][T29536] RIP: 0033:0x7fca7d004739 [ 405.108377][T29536] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 405.128131][T29536] RSP: 002b:00007fca7ad7c188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 405.136532][T29536] RAX: ffffffffffffffda RBX: 00007fca7d108f80 RCX: 00007fca7d004739 [ 405.144597][T29536] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000003 11:14:35 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000240)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = open(0x0, 0x14d842, 0x0) sendfile(r1, 0xffffffffffffffff, 0x0, 0x0) r2 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r2, 0x0, 0x116) sendfile(r2, r2, &(0x7f0000000240), 0x7fff) r3 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) sendfile(r3, r3, &(0x7f0000000240), 0x7fff) [ 405.152594][T29536] RBP: 00007fca7ad7c1d0 R08: 0000000000000000 R09: 0000000000000000 [ 405.160555][T29536] R10: 0000000401ffc000 R11: 0000000000000246 R12: 0000000000000002 [ 405.168515][T29536] R13: 00007ffff87c0eff R14: 00007fca7ad7c300 R15: 0000000000022000 11:14:35 executing program 2 (fault-call:5 fault-nth:93): getpid() syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = open(&(0x7f00000001c0)='./file0\x00', 0x4e141, 0x0) r1 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x401ffc000) 11:14:35 executing program 0: r0 = syz_mount_image$msdos(&(0x7f0000000040), &(0x7f00000000c0)='./file1\x00', 0x773, 0x1, &(0x7f00000002c0)=[{&(0x7f0000000180)="040005090000000066617400040409000200027400f801", 0x17}], 0x0, &(0x7f0000000100)=ANY=[]) mount$bind(&(0x7f00000001c0)='./file0\x00', &(0x7f00000003c0)='./file1\x00', &(0x7f0000000300), 0x42003, 0x0) mount$bind(&(0x7f0000000200)='./file2\x00', &(0x7f0000000400)='./file2\x00', &(0x7f0000000440), 0x31010, 0x0) chdir(&(0x7f0000000000)='./file1\x00') r1 = open(&(0x7f00000000c0)='./file0\x00', 0x40c2, 0x0) write(r1, &(0x7f0000001400)="bb8f9f640903127a53527c6fbfe65d43b0e0586f2d40c7e7df58cac83420e83662d6e39bb6d5430622431454eedeeaee423d8f210bc3525fa7927c18d5fbc91ab13c2041136047d8da9375934d00f325499bfe77", 0x54) write$P9_RSTAT(r1, &(0x7f0000000240)={0x54, 0x7d, 0x0, {0x0, 0x4d, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0, 0x0, '', 0x6, 'msdos\x00', 0xa, '/dev/vcsu\x00', 0xa, '\\j}/*/|,\x13('}}, 0x54) symlink(&(0x7f0000000340)='./file0\x00', &(0x7f0000000380)='./file0\x00') getsockname(r0, &(0x7f0000000100)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @empty}}}, &(0x7f0000000080)=0x80) r3 = open(&(0x7f00000000c0)='./file0\x00', 0x40c2, 0x0) write(r3, &(0x7f0000001400)="bb8f9f640903127a53527c6fbfe65d43b0e0586f2d40c7e7df58cac83420e83662d6e39bb6d5430622431454eedeeaee423d8f210bc3525fa7927c18d5fbc91ab13c2041136047d8da9375934d00f325499bfe7712208d387d41c31821c2a22d1325b556528e9b790b74053d1ed631c6ec8126d37c87216173138c00cef396868029af5b76bebac5e38b74d8bbc6ae66b6e202b6d505710377710ea7d43edf00e1a4c1c670bb4c263ce777da81abdd5ba5a5c82f67232f9b4d6f21b2e6afa8b38e4642b0daa2acbc0478d89b88e8b2094d4248855e5e81992e60be3afff0f3c3799350615489a901a659abdeca0c615a622ebf64175f990320e0356d4a11ed62eff72b709c23dd65942e8b534d7d775d370c1e435654a2634e6ee3649c4c3bcbe39e866f1eb9972af1a9cef42e701798a53dc92a242aadbac343e1765cf8ea5665e22deda69777e52b1e9e5d3edc022256939e1eee013448294911139d5b9c6241049fecdf9b31f4cdf6cff65d71b5071ef70e1798347c8846aa5b905e83050e3e606986ed3f603d18c5cdeb11cda1ce3abddea9376231af130e19fc7601ec1ab8cb5a7de9e2174547f18225b09a54fc8720dbb91eb69c1be88e601c3c9df4f2758f39a5151951b9c6dbb419ffd783a34c9fad10f201b8724d31865e2fc1fcf48db2be713053b43a0e3943c1e2b08e8a26e946c439d891db2a80b5ffa054bc8d0177d3214056250c61a537d2ec7630fb90395df2cd6aa9c5e573365db580520bdc3f1c6b2be992e1516a4b810a11935dc780699e461d9715f70c6d103ff49bf168f3cff4c0d0d6ba5671fcd2975450b0e1a3474139cb0f2d3476fcd87a8bccbeb2f5f8a821017b879aa5b9d1fafa9f4c429a74cd2da782114d97bf031746a817dd0293c4eddc3a9ecb5afe496f4971474ccd827449409f07cf94dda2e7dbe8520b5afff10a7e3b0b4289a167fc692635b5b7426d9e771b95860b09a3e752c867213c772e48ba30a78feecc7ff26e63e1749c62b52d377ac5cc52db830c965e04ccfcfb24ceacc69cfdc2094124dd27b2d68f699476a2562bab1de117ffc2b0702ee8b0b77f85fecec3a25b37ab7eb06232c9a73b4470f1727c82581d81942abf42d3ea37957927ad3dbd0ebe46678a9f4d25c47acaac83c14210a54b71fed40df017e2be27f01e3e6ea3ea381ca14efd202858e6535ad4f79a8cdf47e385b740a70c14e3651731a45cc0ca4a56f2e903cad0384efcc364caf67e09551d35c682ebc90a9286c4d274ba1b8ced742ede4e55a62db7ef9a96fde2add05b41599fd72a79ba280cc125cb266ef21b7eeafe3ee6aa78eef33fc66454549c3ec298cb683a55a32208cf6ce88b560166159d59e65f30540f62c5437652ea7f2a02f87ca242dd2250f58e75938a9a3ded51ae6598c2aba53287ff5cdaab17be7f4310f8e07e310d52778de79e1c2e4391b254be38910aa1cf6e1ca0e75d24be97d59f7025f16c6fbd549529b74e319c58f50438765ef0e3dc394eeb75dec41b3d80435b17520c97f5cd7ee692fb86d188fb0089fbf737dc1b96b9cc49be23a38a8cd92e5075f349993d7866369dd25eccbe1481477a05fee14e0edd1617921d7fcaa8fdc642e63b64388fa5b63442ff1466b1938d02546750b01ed9c980282ccbe10f204741249aed88c555ed6fdf7f68af9209807a71bbf4f31bef5a4223466da74ba8b034df529aef6ec6610a0d25973961e50e02af22d0ca8be1b9804a5918acbdb536e8f2f441ec9d640ed15133ee747440c86fc4526c9195954528673d25c8390170f3c19cb0b0c30b9e634c7ebae96946ae97c19eabca92226da925d22be37abbe0740938ea899ec42fd529a3b1063981e4c154219df5cf5af60a29b5a8ee530905725a14b28900eae937e705401ba8f632a7bca00d9724a992afdc9ed14aac71b8e3a7ee5ca095888feb195b4e083c3b611a1c2f8d092febe3b9f5f0df61e8d3c31a643c935b76bc1ad4265164e755484beb06610510bc51e8c6da8d71123bbe83a5e4128f41cf5c486d6a60496c300c406f990bee485cbdef794f2663ee66d2b18d8e55210c25c04b1a0c6d9c5f904e72806d2d4f5e5439bcdf146343cdffe4d0d70d42a9959cff9bd50c37cd478b0b0add16aae4dc839b46bca2ac7547144b6a422aed5e2db661bcb31a82bc0fc678e71a6cb090ef772860f3008b4152b5d281033be4a77b367baec3ab8ce7c83c601b11c8199bafcd15161a5454a6a982dbc3c2e3a5172b6a63e4904817075754eccbb0188c9cb2e5da9600f567485014887463b40f189b7ec3c5c0f36d502509e402c285765c78417ce6b3aab130ee79622dcd8ada842233e73a14554ee5e4995e32b3fe4075e247eb9bdeef64d1a7436c9b5782fb2f84f74e4c6e976289729c37b5bb8200a9480d181a6b11f5ec229b818134b8334967ae935ac1d81be4776fae4cb68b6fa330e93bd8de388b38455d569159bcd166df030a6dfedf28caf4608de7243f5df2c76f6680c301d819dc67d24d2f780432a931700a253b0a5b075195c6dbfd1fe17a1c11a3dffa872a07b877adc66d069fffb6d8326e1998c5a337c3d530250cae335ceffcf81dc438a47e73490d050a053813dbe6674e42c91ae94b4a88144f36adc1b08b4bcd6ddf4058c4e08d4dc83d5fbd843ee27eaf50b297c220350260d9abbeeb6deb921e50cae0ea590cfb6f00fb3c71520f565bb769705e2481ef27cf537d29f163c9fe3d39ed9fd18dc8b0c976cd302283e430807a9d751357f89092532d89fe280c69ad36e3541b5da9dea13fd19d0434c760fe295dfd9b9e63453c7853914c50b1b77ccd4b33c8b1f31fcb1aec040ffe2f9d728d8ea84297bac2e22230ebd1488c503b05b2e433cc37ce9fc123b7d3eb244b4549e9a841e73b664c8f6621ea5a4c9ff9c1da032255311f2c063a682baf4c97e7ba552bf71af4bd64f43872b846d15c65c487089be272cfa24a33f8c50930ea0bc4b089505fb8e97ded0e7e64a5ce897da6b940df4c3dddb8b4871d773f6ebf02058518c55c19aadb0f266caf18777ae68d2bfcfb2225961fcd10538ba664fd053a443320072707533ab761b9397bd0559126b84fe9196463ae50633017ea2d80940311d9c867102b1017f34af1965d8eb61be616a0d40656e2bbb750aee6f74f788c8acb2578e8686f5f8da6a19e979c152b7ee7c7f16902120588e2ff630144b5f929ffc593e946d9717c5968aa16c2d73d689fb5cce117acda3e23e5e0116de1cb6bddfa1a84cefb22c1e2c3753017696f27b9aec5d44f15411247643b84dd4410e784b4eb5b9c68fea671976f9b51c6526e2ddb40659611b0b3bcc7e249c77396fdb8c864ea9318f9de7fd3936fcbdc732c2f8b9556ec9afeb15d5e2df890351d66074d53dddc6e8dba8c91d733623ac95a49eb69c7de37ff2364ccddb01f6500750a012c2acf32a9f6bbd9e92d17ef858fbc34575db414ea42ad87a65b11ae5506469db256c421328f45aec73bdf18562447dc2840bbe9fc84dedd0fe6276fa174f21210d40193530ec7a70a9e60bfd6b00cba4d483be59950f16fa0dbd089b5fd0bb078badfcf42270cc62fe37be22b0d81f755263d74636fa466d2574ca62b58c649936d21e949de73ea45df3acade6609413f56fc218d6f11947bf1fd629d38d8acce90ee3c1a51117601ae126bec537e3e76ce7ecc53cfeefee8aaa104aa853a65aadf27bac9849ee0122793b11cd8e4f32fb07afa39e439cb738c30a6df958160aac15c26032a61aaf614b2e6601581fb0ab8d115e045005dee3df8ea42643cbcbb0b111130c42c94b7e874cfee50d5c2eb13b3a38c417fce9d740b7d43120431a7d44bc3934ee87b112401cbee3553837b6a0b4b3faaceb46eca4064301c8060870350e256ac9d5557f674536b9d9717a82fa211e7dfb52ca410d8a4f2f6b733c2a082f247538a6c40f56cf64204e62515db692f32733ff6f4b0787ef305d5e80881375467ae603ac3600e688c42f89a4fea4fdda09a8d59e19457c654a98c8129a8c65bae3310af2b170729e18400c915d0a2f4c4fc51747846630b95ec181228bda7ef48ad389815aa82de6c4a3b0746c28c01f9ec697ff17f095e1cf9d2fe78fdab9cbb1ca7aefc8af6a0cd98444735fad79e394a8f9c2fd358c3cde4ca6d57a620d0bb52dc6ff93f034b596f407c21511cc2c5ec8b0ede7f5c0acca61939ac7f2cad820c15133e69507eaa739e9a88936f4a74f0ad1574a1591f31f582a76157d89805cb3ba5e8d10509bf7a08e928653b4f05ba797a06765b74c8759fc34178624c08a2b99e59bcff5d33af2b0f9176b56c35f4da31c751a4c2fd88a1997cd9fc9bbf78220731d4c8cea23be1fd29c36b34d8458b7021ebcfafdc7e54096e517da3eb684298f742532d776164d9c9658e5faca0a3b08afca1bc27ed357884f49fe51bd0c38057f4288f1917e36e3865310b5eed140aef6150ae363293cf7467abd5e06cd7af5e2c49e7c5253a1155741e380bccb023a0faed93d9a64512d72436f1ef4ac0904a413e45164c23413bd57274a0a951c41a9a43aed094d4ea5c480ce64663cc9d36723179e2b19a48e9277a6591bbd888a06e0f2f142cd4495be4ba7274d69ba32a2788b935b2f18c5f336cb9de062829e2e0bb476efb36c3f53a766c14314f31637a464ac59d378ad7f51bef8d88715613653a427038e0d3e4dc3948bb1d70eb55c91c92f7510b1c0387253b458d2c90d17238f9eb239c680179a6c1e0759be367963e3b4d7395fd3911626582a094e6a8d0e746242f94267a4c57d5b2360ce3a6f7f3e3c10e124a54ed24d1585bc7b731cf731c94ee00ebf070b999b9bf28d76bfec9dcf12fcce2b9c4444c706ec6b943b5f39e9151a764ba1cd0cd6c1c7cdc3aa824cf17da705be27a18fbee41be39d6ae4dd4312f5f4bfee2c5bb21d941666f9d79b0f80c9b1bace84a05d2b0e3be1c3fd04d72b4b0124595c435813969d413960fddc858730a433383f3bc0472cb7683ea569e001f00"/3584, 0xe00) ioctl$EXT4_IOC_PRECACHE_EXTENTS(r2, 0x6612) 11:14:35 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000240)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f8", 0x16}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') write$binfmt_script(0xffffffffffffffff, 0x0, 0x8800000) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0) ioctl$SG_IO(r1, 0x2285, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8914, 0x0) r2 = open(&(0x7f00000001c0)='./file0\x00', 0x4e141, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r2, r3, 0x0, 0x401ffc000) 11:14:35 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000240)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = open(0x0, 0x14d842, 0x0) sendfile(r1, 0xffffffffffffffff, 0x0, 0x0) r2 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r2, 0x0, 0x116) sendfile(r2, r2, &(0x7f0000000240), 0x7fff) r3 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) sendfile(r3, r3, &(0x7f0000000240), 0x7fff) [ 405.307224][T29578] loop0: detected capacity change from 0 to 3 [ 405.318780][T29578] FAT-fs (loop0): Directory bread(block 11) failed [ 405.323906][T29580] loop4: detected capacity change from 0 to 262160 [ 405.326601][T29578] FAT-fs (loop0): Directory bread(block 12) failed [ 405.339450][T29578] FAT-fs (loop0): Directory bread(block 13) failed [ 405.347141][T29578] FAT-fs (loop0): Directory bread(block 14) failed [ 405.358191][T29578] FAT-fs (loop0): Directory bread(block 15) failed [ 405.366657][T29578] FAT-fs (loop0): Directory bread(block 16) failed [ 405.373528][T29573] FAULT_INJECTION: forcing a failure. [ 405.373528][T29573] name failslab, interval 1, probability 0, space 0, times 0 [ 405.385066][T29580] FAT-fs (loop4): bogus number of FAT sectors [ 405.386147][T29573] CPU: 0 PID: 29573 Comm: syz-executor.2 Not tainted 5.15.0-rc1-syzkaller #0 [ 405.392248][T29580] FAT-fs (loop4): Can't find a valid FAT filesystem [ 405.400966][T29573] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 405.400979][T29573] Call Trace: [ 405.400986][T29573] dump_stack_lvl+0xd6/0x122 [ 405.410555][T29578] FAT-fs (loop0): Directory bread(block 17) failed [ 405.417781][T29573] dump_stack+0x11/0x1b [ 405.417809][T29573] should_fail+0x23c/0x250 [ 405.432017][T29578] FAT-fs (loop0): Directory bread(block 18) failed [ 405.432550][T29573] ? kcalloc+0x32/0x50 [ 405.436917][T29578] FAT-fs (loop0): Directory bread(block 19) failed [ 405.441084][T29573] __should_failslab+0x81/0x90 [ 405.441108][T29573] should_failslab+0x5/0x20 [ 405.448452][T29578] FAT-fs (loop0): Directory bread(block 20) failed [ 405.451670][T29573] __kmalloc+0x6f/0x350 [ 405.451695][T29573] kcalloc+0x32/0x50 [ 405.451731][T29573] ext4_find_extent+0x21c/0x7f0 [ 405.451757][T29573] ext4_ext_map_blocks+0x115/0x1ff0 [ 405.492161][T29573] ? _raw_spin_lock_irqsave+0x38/0xa0 [ 405.497551][T29573] ? ext4_es_lookup_extent+0x36b/0x490 [ 405.503064][T29573] ext4_map_blocks+0x71e/0xf00 [ 405.507852][T29573] ? crypto_shash_update+0x13c/0x1a0 [ 405.513148][T29573] ext4_iomap_begin+0x4b0/0x630 [ 405.518019][T29573] ? ext4_alloc_da_blocks+0xd0/0xd0 [ 405.523233][T29573] iomap_iter+0x39c/0x470 [ 405.527764][T29573] __iomap_dio_rw+0x698/0x1010 [ 405.532653][T29573] ? __ext4_mark_inode_dirty+0x501/0x5c0 [ 405.538298][T29573] iomap_dio_rw+0x30/0x70 [ 405.542614][T29573] ? ext4_file_write_iter+0x4a1/0x11f0 [ 405.548061][T29573] ext4_file_write_iter+0xabe/0x11f0 [ 405.553330][T29573] ? ext4_file_write_iter+0x4a1/0x11f0 [ 405.558770][T29573] do_iter_readv_writev+0x2de/0x380 [ 405.563998][T29573] do_iter_write+0x192/0x5c0 [ 405.568594][T29573] ? splice_from_pipe_next+0x34f/0x3b0 [ 405.574061][T29573] ? kmalloc_array+0x2d/0x40 [ 405.578747][T29573] vfs_iter_write+0x4c/0x70 [ 405.583305][T29573] iter_file_splice_write+0x43a/0x790 [ 405.588674][T29573] ? splice_from_pipe+0xd0/0xd0 [ 405.593577][T29573] direct_splice_actor+0x80/0xa0 [ 405.598551][T29573] splice_direct_to_actor+0x345/0x650 [ 405.604110][T29573] ? do_splice_direct+0x190/0x190 [ 405.609205][T29573] do_splice_direct+0x106/0x190 [ 405.614051][T29573] do_sendfile+0x63e/0xbb0 [ 405.618635][T29573] __x64_sys_sendfile64+0x102/0x140 [ 405.624103][T29573] do_syscall_64+0x44/0xa0 [ 405.628521][T29573] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 405.634864][T29573] RIP: 0033:0x7fca7d004739 [ 405.639292][T29573] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 405.659239][T29573] RSP: 002b:00007fca7ad7c188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 405.667882][T29573] RAX: ffffffffffffffda RBX: 00007fca7d108f80 RCX: 00007fca7d004739 [ 405.675902][T29573] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000003 [ 405.683858][T29573] RBP: 00007fca7ad7c1d0 R08: 0000000000000000 R09: 0000000000000000 [ 405.691883][T29573] R10: 0000000401ffc000 R11: 0000000000000246 R12: 0000000000000002 [ 405.700068][T29573] R13: 00007ffff87c0eff R14: 00007fca7ad7c300 R15: 0000000000022000