program:
r0 = geteuid()
newfstatat(0xffffffffffffff9c, &(0x7f0000001880)='./file0\x00', &(0x7f00000018c0)={0x0, 0x0, 0x0, 0x0, <r1=>0x0}, 0x800)
setresuid(r0, r1, 0xee01)
creat(&(0x7f0000000240)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000001900)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r3, &(0x7f0000000500)=ANY=[@ANYBLOB="1500000065ffff048000000800395032303030"], 0x15)
r4 = dup(r3)
write$FUSE_BMAP(r4, &(0x7f0000000100)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r4, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000004c0), 0x10400, &(0x7f0000000700)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r2, @ANYBLOB=',wfdno=', @ANYRESHEX=r4, @ANYBLOB=',cache=mmap'])
chmod(&(0x7f0000000140)='./file0\x00', 0x0)
r5 = open$dir(&(0x7f0000000140)='./file0\x00', 0x1, 0x0)
r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='blkio.bfq.io_wait_time\x00', 0x275a, 0x0)
ftruncate(r6, 0x2000009)
sendfile(r5, r6, 0x0, 0x7ffff000)
lstat(&(0x7f00000002c0)='./file0\x00', 0x0) (fail_nth: 6)
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000740)='./file0\x00', 0x22000406, &(0x7f0000000900)={[{@dioread_lock}, {@noblock_validity}, {@data_err_abort}, {@init_itable}, {@auto_da_alloc}, {@grpjquota, 0x2e}, {@nouid32}, {@errors_remount}, {@jqfmt_vfsv1}, {@grpid}], [], 0x2c}, 0x84, 0x4bb, &(0x7f0000000280)="$eJzs3MtvG8UfAPDvbh59N2l//QF9QA0FEVFImrRADxwAgdQLEhIcyjGkoSpNW9QEiVYVDQiVI+IvAI5ISJy4cAIJIeAE4gp3hFShXlo4IKO1dxO7sR3HeRjqz0eyM7MPz3x3d9azO1kH0LNK2VsSsT0ifomIoWq2foFS9c+tG1em/rxxZSqJcvmlP5LKcjdvXJkqFi3W25ZnRtKI9L0k9jcod/bS5bOTMzPTF/P82Ny5N8ZmL11+7My5ydPTp6fPTxw/fuzo+JNPTDzeVhxXl5mfxXVz39sXDuw98cqHL0yV49XvP8vquz2fXxtH1XBb5bZSilKUc4tTByvvD6360/9ddtSkk/4uVoQV6YuIbHcNVNr/UPTF4s4biuffXch806UKAusm+27atWRqX/43Xfj+Au5EiTYOPar4xs+uf4vXRvY/uu36M9n7dCX+W/mrOqc/0uxadrh6xd7XZP27Wn98eWiZ8rdHxMn5vz7KXtHwPgQAwNr6Kuv/PNqo/5fW9W125mMowxFxOCJ2R8T/ImJPRPw/7wfdHRH3rLD80m35pf2fn7Z0FFibsv7fU/nYVn3/L82XSBZyOyrxDySvnZmZPpJvk5EY2JTlx1uU8fVzP3/QbF6ppv+XvbLyi75gXo/f+zfVr3Nqcm5yFSHXuf5OxL7+RvEnCyMB2RbYGxH7Ovj8bJudeeTTA1l657al85ePv4U1GGcqfxLxcHX/z8dt8ReSaknNxifHNsfM9JGx4qhY6ocfr71Ymx+oSdfFv7m9mDZ3GmwD2f7f2vD4z+MvmkExXju78jKu/fp+02uapfs/iZPztUvkx3/NWSA7/geTlyvpwXzaW5NzcxfHIwbzCXXTJxbXLfLF8ln8I4cat//dEX9/nK+3PyKyg/jeiLgvIg7mdb8/Ih6IiEMt4v/u2Qdfb72FOjz+10AW/6lW+z9iOKkdr+8g0Xf22y+bld/e+e9YJTWST2nn/NduBVez7QAAAOC/Iq2MQSfpaJGuuTm1J7amMxdm5w6X4s3zp6pj1cMxkBZ3uoZq7oeO5/eGi/zEbfmjEbGr8p9GWyr50akLMzu6GThQeVanrv1Hmo6OVuf91uyfXoA7x4rG0WqfDvz8i7WvDLChPK8JvUv7h96l/UPv0v6hdzVq/1cjbnWhKsAG8/0PvUv7h96l/UPv0v6hJy19JL74oYVOnvRfTOw+sarV1z1RHlqXT55f+Vp96xRp1P5oR9NEEhGdFRFp62UG2yi9a4l02WWeXm6zDKzqNzGyxME8sSki2l3r6oZt1eIMkSRdOzkBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACsgX8CAAD//zMG3Y4=")

[   63.143505][ T5101] Bluetooth: hci0: command tx timeout
[   63.322337][ T5117] FAULT_INJECTION: forcing a failure.
[   63.322337][ T5117] name failslab, interval 1, probability 0, space 0, times 1
[   63.329428][ T5117] CPU: 0 UID: 0 PID: 5117 Comm: syz.0.0 Not tainted 6.12.0-rc4-syzkaller-00047-gc2ee9f594da8 #0
[   63.333264][ T5117] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   63.337371][ T5117] Call Trace:
[   63.338868][ T5117]  <TASK>
[   63.339907][ T5117]  dump_stack_lvl+0x241/0x360
[   63.341735][ T5117]  ? __pfx_dump_stack_lvl+0x10/0x10
[   63.343683][ T5117]  ? __pfx__printk+0x10/0x10
[   63.345394][ T5117]  ? fs_reclaim_acquire+0x93/0x130
[   63.347315][ T5117]  ? __pfx___might_resched+0x10/0x10
[   63.349233][ T5117]  ? __folio_memcg_unlock+0x10c/0x120
[   63.350974][ T5117]  should_fail_ex+0x3b0/0x4e0
[   63.352549][ T5117]  should_failslab+0xac/0x100
[   63.354099][ T5117]  ? netfs_buffer_make_space+0x12b/0x4a0
[   63.355965][ T5117]  __kmalloc_cache_noprof+0x6c/0x2c0
[   63.357658][ T5117]  netfs_buffer_make_space+0x12b/0x4a0
[   63.359548][ T5117]  netfs_buffer_append_folio+0xff/0x560
[   63.361481][ T5117]  netfs_write_folio+0xe0a/0x2070
[   63.363228][ T5117]  ? _raw_spin_unlock+0x28/0x50
[   63.364956][ T5117]  ? v9fs_begin_writeback+0xe7/0x270
[   63.366930][ T5117]  netfs_writepages+0x8aa/0xb80
[   63.368453][ T5117]  ? __pfx_netfs_writepages+0x10/0x10
[   63.370431][ T5117]  ? __pfx_netfs_writepages+0x10/0x10
[   63.372464][ T5117]  do_writepages+0x35d/0x870
[   63.374243][ T5117]  ? __pfx_do_writepages+0x10/0x10
[   63.376182][ T5117]  ? filemap_fdatawrite_wbc+0x11a/0x180
[   63.378219][ T5117]  ? do_raw_spin_lock+0x14f/0x370
[   63.380065][ T5117]  ? __pfx_lock_release+0x10/0x10
[   63.381910][ T5117]  ? do_raw_spin_unlock+0x58/0x8b0
[   63.383916][ T5117]  ? wbc_attach_and_unlock_inode+0xbe/0x580
[   63.386130][ T5117]  filemap_fdatawrite_wbc+0x125/0x180
[   63.388088][ T5117]  filemap_fdatawrite+0xf5/0x150
[   63.389796][ T5117]  ? __pfx_filemap_fdatawrite+0x10/0x10
[   63.391898][ T5117]  v9fs_vfs_getattr+0x194/0x370
[   63.393762][ T5117]  vfs_statx+0x199/0x490
[   63.395298][ T5117]  ? __pfx_vfs_statx+0x10/0x10
[   63.396978][ T5117]  ? getname_flags+0x1e3/0x540
[   63.398784][ T5117]  __x64_sys_newlstat+0xf9/0x180
[   63.400605][ T5117]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[   63.402804][ T5117]  ? __pfx___x64_sys_newlstat+0x10/0x10
[   63.404842][ T5117]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[   63.407256][ T5117]  ? do_syscall_64+0x100/0x230
[   63.409116][ T5117]  ? do_syscall_64+0xb6/0x230
[   63.410885][ T5117]  do_syscall_64+0xf3/0x230
[   63.412644][ T5117]  ? clear_bhb_loop+0x35/0x90
[   63.414714][ T5117]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   63.417114][ T5117] RIP: 0033:0x7f6e0bf7dff9
[   63.418801][ T5117] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   63.426026][ T5117] RSP: 002b:00007f6e0cc97038 EFLAGS: 00000246 ORIG_RAX: 0000000000000006
[   63.429146][ T5117] RAX: ffffffffffffffda RBX: 00007f6e0c136058 RCX: 00007f6e0bf7dff9
[   63.432110][ T5117] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00000000200002c0
[   63.435064][ T5117] RBP: 00007f6e0cc97090 R08: 0000000000000000 R09: 0000000000000000
[   63.438138][ T5117] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   63.441090][ T5117] R13: 0000000000000001 R14: 00007f6e0c136058 R15: 00007ffdb0643808
[   63.444091][ T5117]  </TASK>
[   63.458621][ T5116] loop0: detected capacity change from 0 to 512
[   63.490941][ T5116] EXT4-fs warning (device loop0): dx_probe:878: Directory (ino: 2) htree depth 0x0002 exceedsupported value
[   63.496460][ T5116] EXT4-fs warning (device loop0): dx_probe:881: Enable large directory feature to access it
[   63.500299][ T5116] EXT4-fs warning (device loop0): dx_probe:966: inode #2: comm syz.0.0: Corrupt directory, running e2fsck is recommended
[   63.509998][ T5116] EXT4-fs (loop0): Cannot turn on journaled quota: type 1: error -117
[   63.513451][ T5116] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2240: inode #15: comm syz.0.0: corrupted in-inode xattr: invalid ea_ino
[   63.519617][ T1030] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000001: 0000 [#1] PREEMPT SMP KASAN NOPTI
[   63.524236][ T1030] KASAN: null-ptr-deref in range [0x0000000000000008-0x000000000000000f]
[   63.527090][ T1030] CPU: 0 UID: 0 PID: 1030 Comm: kworker/u4:6 Not tainted 6.12.0-rc4-syzkaller-00047-gc2ee9f594da8 #0
[   63.530940][ T1030] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   63.534895][ T1030] Workqueue: events_unbound netfs_write_collection_worker
[   63.537488][ T1030] RIP: 0010:netfs_write_collection_worker+0x16cc/0x4950
[   63.540074][ T1030] Code: 23 06 00 00 e8 b5 da 4b ff 44 89 64 24 1c 48 89 9c 24 98 00 00 00 49 8d 5c df 08 48 89 d8 48 c1 e8 03 48 89 84 24 b0 00 00 00 <42> 80 3c 28 00 74 08 48 89 df e8 f5 9f b5 ff 4c 89 7c 24 10 48 89
[   63.546501][ T1030] RSP: 0018:ffffc900022a7940 EFLAGS: 00010202
[   63.548579][ T1030] RAX: 0000000000000001 RBX: 0000000000000008 RCX: ffff88803549c880
[   63.551430][ T1030] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000000001f
[   63.554213][ T1030] RBP: ffffc900022a7bb0 R08: ffffffff8248fd1c R09: 1ffffffff2039fdd
[   63.556914][ T1030] R10: dffffc0000000000 R11: fffffbfff2039fde R12: 000000000000002c
[   63.559755][ T1030] R13: dffffc0000000000 R14: 0000000000000000 R15: 0000000000000000
[   63.562602][ T1030] FS:  0000000000000000(0000) GS:ffff88801fc00000(0000) knlGS:0000000000000000
[   63.565666][ T1030] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   63.568093][ T1030] CR2: 00007fd1ff407ed8 CR3: 00000000411e0000 CR4: 0000000000352ef0
[   63.571033][ T1030] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   63.573868][ T1030] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   63.576880][ T1030] Call Trace:
[   63.578122][ T1030]  <TASK>
[   63.579284][ T1030]  ? __die_body+0x5f/0xb0
[   63.580896][ T1030]  ? die_addr+0xb0/0xe0
[   63.582369][ T1030]  ? exc_general_protection+0x3dd/0x5d0
[   63.584401][ T1030]  ? asm_exc_general_protection+0x26/0x30
[   63.586434][ T1030]  ? netfs_write_collection_worker+0x169c/0x4950
[   63.588677][ T1030]  ? netfs_write_collection_worker+0x16cc/0x4950
[   63.591012][ T1030]  ? __pfx_netfs_write_collection_worker+0x10/0x10
[   63.593335][ T1030]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[   63.595546][ T1030]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[   63.597877][ T1030]  ? process_scheduled_works+0x976/0x1850
[   63.599933][ T1030]  process_scheduled_works+0xa63/0x1850
[   63.601911][ T1030]  ? __pfx_process_scheduled_works+0x10/0x10
[   63.604137][ T1030]  ? assign_work+0x364/0x3d0
[   63.605854][ T1030]  worker_thread+0x870/0xd30
[   63.607525][ T1030]  ? __kthread_parkme+0x169/0x1d0
[   63.609443][ T1030]  ? __pfx_worker_thread+0x10/0x10
[   63.611345][ T1030]  kthread+0x2f0/0x390
[   63.612773][ T1030]  ? __pfx_worker_thread+0x10/0x10
[   63.614727][ T1030]  ? __pfx_kthread+0x10/0x10
[   63.616484][ T1030]  ret_from_fork+0x4b/0x80
[   63.618269][ T1030]  ? __pfx_kthread+0x10/0x10
[   63.620165][ T1030]  ret_from_fork_asm+0x1a/0x30
[   63.621936][ T1030]  </TASK>
[   63.623101][ T1030] Modules linked in:
[   63.624983][ T1030] ---[ end trace 0000000000000000 ]---
[   63.635470][ T5116] EXT4-fs (loop0): Remounting filesystem read-only
[   63.638469][ T5116] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   63.643571][ T5116] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.