program:
creat(&(0x7f0000000240)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000001900)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000500)=ANY=[@ANYBLOB="1500000065ffff048000000800395032303030"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2])
chmod(&(0x7f0000000140)='./file0\x00', 0x0)
r3 = open$dir(&(0x7f0000000140)='./file0\x00', 0x1, 0x0)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='blkio.throttle.io_serviced\x00', 0x275a, 0x0)
ftruncate(r4, 0x5)
sendfile(r3, r4, 0x0, 0x7ffff000) (fail_nth: 9)

[   57.863877][ T5350] FAULT_INJECTION: forcing a failure.
[   57.863877][ T5350] name failslab, interval 1, probability 0, space 0, times 1
[   57.869328][ T5350] CPU: 0 UID: 0 PID: 5350 Comm: syz.0.0 Not tainted 6.17.0-rc1-syzkaller-00211-g90d970cade8e #0 PREEMPT(full) 
[   57.869348][ T5350] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   57.869355][ T5350] Call Trace:
[   57.869361][ T5350]  <TASK>
[   57.869366][ T5350]  dump_stack_lvl+0x189/0x250
[   57.869462][ T5350]  ? __pfx____ratelimit+0x10/0x10
[   57.869509][ T5350]  ? __pfx_dump_stack_lvl+0x10/0x10
[   57.869522][ T5350]  ? __pfx__printk+0x10/0x10
[   57.869537][ T5350]  ? __pfx___might_resched+0x10/0x10
[   57.869580][ T5350]  ? lock_acquire+0x5f/0x360
[   57.869596][ T5350]  should_fail_ex+0x414/0x560
[   57.869609][ T5350]  should_failslab+0xa8/0x100
[   57.869625][ T5350]  kmem_cache_alloc_noprof+0x73/0x3c0
[   57.869638][ T5350]  ? p9_client_prepare_req+0x171/0xeb0
[   57.869652][ T5350]  p9_client_prepare_req+0x171/0xeb0
[   57.869665][ T5350]  ? splice_direct_to_actor+0x5a5/0xcc0
[   57.869678][ T5350]  ? do_splice_direct+0x181/0x270
[   57.869690][ T5350]  ? do_sendfile+0x4da/0x7e0
[   57.869711][ T5350]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   57.869725][ T5350]  ? __pfx_p9_client_prepare_req+0x10/0x10
[   57.869741][ T5350]  p9_client_rpc+0x188/0xa70
[   57.869751][ T5350]  ? percpu_ref_get_many+0x19/0x140
[   57.869765][ T5350]  ? rcu_is_watching+0x15/0xb0
[   57.869776][ T5350]  ? percpu_ref_get_many+0x19/0x140
[   57.869791][ T5350]  ? __pfx_p9_client_rpc+0x10/0x10
[   57.869802][ T5350]  ? __memcg_slab_post_alloc_hook+0x522/0x7f0
[   57.869815][ T5350]  ? do_raw_spin_lock+0x121/0x290
[   57.869829][ T5350]  p9_client_write+0x33b/0x740
[   57.869840][ T5350]  ? __pfx_mempool_alloc_slab+0x10/0x10
[   57.869857][ T5350]  ? __pfx_p9_client_write+0x10/0x10
[   57.869868][ T5350]  ? do_raw_spin_lock+0x121/0x290
[   57.869882][ T5350]  v9fs_issue_write+0xdd/0x180
[   57.869893][ T5350]  ? __pfx_v9fs_issue_write+0x10/0x10
[   57.869903][ T5350]  ? do_raw_spin_unlock+0x4d/0x240
[   57.869916][ T5350]  ? rcu_is_watching+0x15/0xb0
[   57.869927][ T5350]  netfs_end_issue_write+0x180/0x410
[   57.869939][ T5350]  netfs_unbuffered_write+0x20a/0x240
[   57.869952][ T5350]  netfs_unbuffered_write_iter_locked+0x42f/0x6f0
[   57.869971][ T5350]  netfs_unbuffered_write_iter+0x4c4/0x660
[   57.869986][ T5350]  iter_file_splice_write+0x9c6/0x10b0
[   57.870005][ T5350]  ? __pfx_iter_file_splice_write+0x10/0x10
[   57.870018][ T5350]  ? lock_acquire+0x5f/0x360
[   57.870033][ T5350]  ? shmem_file_splice_read+0xa74/0xbd0
[   57.870049][ T5350]  ? preempt_count_add+0x91/0x1a0
[   57.870066][ T5350]  ? __pfx_iter_file_splice_write+0x10/0x10
[   57.870079][ T5350]  direct_splice_actor+0x101/0x160
[   57.870093][ T5350]  splice_direct_to_actor+0x5a5/0xcc0
[   57.870111][ T5350]  ? __pfx_direct_splice_actor+0x10/0x10
[   57.870124][ T5350]  ? __pfx_splice_direct_to_actor+0x10/0x10
[   57.870139][ T5350]  do_splice_direct+0x181/0x270
[   57.870153][ T5350]  ? __pfx_do_splice_direct+0x10/0x10
[   57.870165][ T5350]  ? common_file_perm+0x1b5/0x230
[   57.870183][ T5350]  ? __pfx_direct_file_splice_eof+0x10/0x10
[   57.870199][ T5350]  ? bpf_lsm_file_permission+0x9/0x20
[   57.870213][ T5350]  ? security_file_permission+0x75/0x290
[   57.870226][ T5350]  ? rw_verify_area+0x255/0x4d0
[   57.870240][ T5350]  do_sendfile+0x4da/0x7e0
[   57.870257][ T5350]  ? __pfx_vfs_write+0x10/0x10
[   57.870271][ T5350]  ? __pfx_do_sendfile+0x10/0x10
[   57.870287][ T5350]  ? __fget_files+0x3a0/0x420
[   57.870306][ T5350]  __se_sys_sendfile64+0x13e/0x190
[   57.870323][ T5350]  ? __pfx___se_sys_sendfile64+0x10/0x10
[   57.870340][ T5350]  ? rcu_is_watching+0x15/0xb0
[   57.870353][ T5350]  do_syscall_64+0xfa/0x3b0
[   57.870370][ T5350]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   57.870382][ T5350]  ? clear_bhb_loop+0x60/0xb0
[   57.870395][ T5350]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   57.870407][ T5350] RIP: 0033:0x7fb1ee78ebe9
[   57.870421][ T5350] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   57.870431][ T5350] RSP: 002b:00007fb1ef59d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[   57.870446][ T5350] RAX: ffffffffffffffda RBX: 00007fb1ee9b5fa0 RCX: 00007fb1ee78ebe9
[   57.870455][ T5350] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000007
[   57.870462][ T5350] RBP: 00007fb1ef59d090 R08: 0000000000000000 R09: 0000000000000000
[   57.870470][ T5350] R10: 000000007ffff000 R11: 0000000000000246 R12: 0000000000000001
[   57.870478][ T5350] R13: 00007fb1ee9b6038 R14: 00007fb1ee9b5fa0 R15: 00007ffc2461e578
[   57.870491][ T5350]  </TASK>
[   58.071746][ T5350] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000001: 0000 [#1] SMP KASAN NOPTI
[   58.076186][ T5350] KASAN: null-ptr-deref in range [0x0000000000000008-0x000000000000000f]
[   58.079649][ T5350] CPU: 0 UID: 0 PID: 5350 Comm: syz.0.0 Not tainted 6.17.0-rc1-syzkaller-00211-g90d970cade8e #0 PREEMPT(full) 
[   58.085231][ T5350] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   58.089721][ T5350] RIP: 0010:iter_file_splice_write+0xb2a/0x10b0
[   58.092372][ T5350] Code: 00 74 08 4c 89 f7 e8 65 24 e0 ff 49 8b 1e 49 c7 06 00 00 00 00 48 83 c3 08 48 89 d8 48 c1 e8 03 49 be 00 00 00 00 00 fc ff df <42> 80 3c 30 00 44 8b 64 24 04 74 08 48 89 df e8 32 24 e0 ff 4c 8b
[   58.100568][ T5350] RSP: 0018:ffffc9000d5f7820 EFLAGS: 00010202
[   58.103158][ T5350] RAX: 0000000000000001 RBX: 0000000000000008 RCX: ffff888000e92440
[   58.106568][ T5350] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 7ffffffffffffffa
[   58.110070][ T5350] RBP: ffffc9000d5f7a30 R08: ffff8880446100df R09: 1ffff110088c201b
[   58.113627][ T5350] R10: dffffc0000000000 R11: ffffffff8202d2f0 R12: dffffc0000000000
[   58.117218][ T5350] R13: 7ffffffffffffffa R14: dffffc0000000000 R15: ffff888043d9a828
[   58.120690][ T5350] FS:  00007fb1ef59d6c0(0000) GS:ffff88808d210000(0000) knlGS:0000000000000000
[   58.124436][ T5350] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   58.127227][ T5350] CR2: 00007fb1ee988558 CR3: 00000000431b9000 CR4: 0000000000352ef0
[   58.130604][ T5350] Call Trace:
[   58.132485][ T5350]  <TASK>
[   58.134023][ T5350]  ? __pfx_iter_file_splice_write+0x10/0x10
[   58.137258][ T5350]  ? lock_acquire+0x5f/0x360
[   58.139574][ T5350]  ? shmem_file_splice_read+0xa74/0xbd0
[   58.141888][ T5350]  ? preempt_count_add+0x91/0x1a0
[   58.144179][ T5350]  ? __pfx_iter_file_splice_write+0x10/0x10
[   58.146892][ T5350]  direct_splice_actor+0x101/0x160
[   58.149217][ T5350]  splice_direct_to_actor+0x5a5/0xcc0
[   58.151637][ T5350]  ? __pfx_direct_splice_actor+0x10/0x10
[   58.153902][ T5350]  ? __pfx_splice_direct_to_actor+0x10/0x10
[   58.156676][ T5350]  do_splice_direct+0x181/0x270
[   58.158936][ T5350]  ? __pfx_do_splice_direct+0x10/0x10
[   58.161198][ T5350]  ? common_file_perm+0x1b5/0x230
[   58.163469][ T5350]  ? __pfx_direct_file_splice_eof+0x10/0x10
[   58.166307][ T5350]  ? bpf_lsm_file_permission+0x9/0x20
[   58.168769][ T5350]  ? security_file_permission+0x75/0x290
[   58.171213][ T5350]  ? rw_verify_area+0x255/0x4d0
[   58.173278][ T5350]  do_sendfile+0x4da/0x7e0
[   58.175210][ T5350]  ? __pfx_vfs_write+0x10/0x10
[   58.177218][ T5350]  ? __pfx_do_sendfile+0x10/0x10
[   58.179428][ T5350]  ? __fget_files+0x3a0/0x420
[   58.181381][ T5350]  __se_sys_sendfile64+0x13e/0x190
[   58.183461][ T5350]  ? __pfx___se_sys_sendfile64+0x10/0x10
[   58.186252][ T5350]  ? rcu_is_watching+0x15/0xb0
[   58.188728][ T5350]  do_syscall_64+0xfa/0x3b0
[   58.191040][ T5350]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   58.193967][ T5350]  ? clear_bhb_loop+0x60/0xb0
[   58.196162][ T5350]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   58.198804][ T5350] RIP: 0033:0x7fb1ee78ebe9
[   58.200664][ T5350] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   58.208414][ T5350] RSP: 002b:00007fb1ef59d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[   58.211902][ T5350] RAX: ffffffffffffffda RBX: 00007fb1ee9b5fa0 RCX: 00007fb1ee78ebe9
[   58.215294][ T5350] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000007
[   58.218780][ T5350] RBP: 00007fb1ef59d090 R08: 0000000000000000 R09: 0000000000000000
[   58.222387][ T5350] R10: 000000007ffff000 R11: 0000000000000246 R12: 0000000000000001
[   58.226009][ T5350] R13: 00007fb1ee9b6038 R14: 00007fb1ee9b5fa0 R15: 00007ffc2461e578
[   58.229508][ T5350]  </TASK>
[   58.230754][ T5350] Modules linked in:
[   58.233309][ T5350] ---[ end trace 0000000000000000 ]---
[   58.248426][ T5330] Bluetooth: hci0: command tx timeout
[   58.253495][ T5350] RIP: 0010:iter_file_splice_write+0xb2a/0x10b0
[   58.256505][ T5350] Code: 00 74 08 4c 89 f7 e8 65 24 e0 ff 49 8b 1e 49 c7 06 00 00 00 00 48 83 c3 08 48 89 d8 48 c1 e8 03 49 be 00 00 00 00 00 fc ff df <42> 80 3c 30 00 44 8b 64 24 04 74 08 48 89 df e8 32 24 e0 ff 4c 8b
[   58.265315][ T5350] RSP: 0018:ffffc9000d5f7820 EFLAGS: 00010202
[   58.268237][ T5350] RAX: 0000000000000001 RBX: 0000000000000008 RCX: ffff888000e92440
[   58.272288][ T5350] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 7ffffffffffffffa
[   58.275845][ T5350] RBP: ffffc9000d5f7a30 R08: ffff8880446100df R09: 1ffff110088c201b
[   58.279084][ T5350] R10: dffffc0000000000 R11: ffffffff8202d2f0 R12: dffffc0000000000
[   58.282726][ T5350] R13: 7ffffffffffffffa R14: dffffc0000000000 R15: ffff888043d9a828
[   58.286903][ T5350] FS:  00007fb1ef59d6c0(0000) GS:ffff88808d210000(0000) knlGS:0000000000000000
[   58.293908][ T5350] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   58.299686][ T5350] CR2: 00007fc57744a492 CR3: 00000000431b9000 CR4: 0000000000352ef0
[   58.303579][ T5350] Kernel panic - not syncing: Fatal exception
[   58.306610][ T5350] Kernel Offset: disabled
[   58.308423][ T5350] Rebooting in 86400 seconds..