3d7ce86614583bbbba430f94c47688f961d4223c638eef31f54b34f26db8c1dbe3c0cdeaa69ddceae86c559be211de962e1814045fc7acc9c55006d81806c404c2cae75fa8bf8b69fb3ef9f2d2b828ec1c0fbb1e7cd4c287cc38008922aa29856f952500dfeccb43d1b8eb0146231b80e65528573ef4b015afa42322656cf9aa8d18d3c88a4aac2f74603e616985381fb7263963607949d7261297ce207bf7436bf4e50e126a7fef93498aa4aec48da4fb5f915ab9ec6e2129f1919c66e2e15a51bdd9064c0a7eead4243a84c3a022d1bd2bc0fb3e6deea2e501f67639a92ce8598e6d252fe4325d5e359aa7bd0b7e982ee66d39836c3248766c8295c3d2a6e3a28da1908f67d9a423d11a5c0947e7988ba1ff2a51a6eccb1f41a3a1875319d6e3dcaa3feb1385c9be0e0fab9c8a689738bad4f2c9fb8d58f5e538e1ac2919877c87fa37b1bf53889c669cf8a1819d7e3766e50c9b0c9ce269f2662f490ac4880500703f8ef165d3903c3884c9caddbec5417bc247fa4bdb09f73b3ce389b810a1a60ee338d7a4c5a72f0563ab391636db716897437361a2e29c924c7f46fa0845a5c63fae64bacdacab227c3d9091a8ea4a8bf0b93a68628edeaee54eb2880535c3d34e5a137506fee9ede3ae7fa297762451a744636161ebc00b70125a6e9c0ea865fc46e46c548bfceeb14f27e7c4df370b7142a768fc0177b3313379ae0b8e9d3f396dafe9f71af10b0a1cd518718853d03f099c3255a9b1763ff7003b9418d6863297470180c156705872dda31b76756497a62b8182c6a091fc347caead585519be28ed6b3a8c57e2c5208f527046a2b2d038eb4bee078ec6c16d8a0cdafa20ccf965d7c8572679872ba5d103265d273dd4ce7d235b1ec42fa63d8ba6c07e922b226023e433485f921d4dc21fe728b5ab6eabe5a06a15ae081d69703ed800c3d01056cedd5ce1dc8e6505a832161700c4421470ec8605ac3444266615013d0f4a6bdc847d391a79dff5086a336f5b5e1a11430a2824aa210c524fa72a2fb049eddcf1f092d5c12a2275f64b7a26c2480bc6768fbb926623ca0e2d466a53b8c5461edbc197fb458c1b62f6c01daa6b1ff7f826dcd112e9ac8d71edfd2f692e61591d498787067ae43539df1ad2f9c0d9d2c4a085e9e681b8cca9029fc6fdaae39a947bd889e0b761474e08b315dc93c58e9c2a5a35e2a60eeda598c772f4fde8324238118f6fc021ebd0095423987cfa4a1ea051a3e799ca1a0f7ebea8e702086728e85347e26a2e70cb30a522de7a5385f51eee7bd91880403f47674a9b6f22ed5c2dff6d3cd1b1a6aa9f07ee763ee5cf6b1df3b1474f470bd86fc9313717884053347a447cc33e31fe0f0425da42b9d291662760873056b5c37ec17bd516694152e9e8cfd053b085b78c65dd05a018e1304f539275725377a1bbf153c0cc8888ba2b305d683d899f089fbfee559e43b5ff58432325daf4716a157ec5536d3e6e510c9be2cffbd68f3bf18f95a68e80099e80abe973c7865548944eb6e1a126d519a90dd975e2706a1cd0ea63a534b555dc3be4d48a576b927bc8b6bea379d3fefc4b13514fd3b2180a7bb038fb47ce273cde6a6739203660e3d145e83c6f022de165a1d2653e09228cec21d91e5d66a00d5469d50d82fb2aa447de537b349311ade289280731fb4661cf99d7913e21f3254779ed74cb97731335abe2e9960bdf3543e54ad7c0d672b0aa73ef8e5f555c0ed157d66341f2e56e89b5c4a46d6edb32b54a5ba9e6c37403869ea8a38bc1d7ed388952e47e5ccdef27ca3ddec8712938ff2db0735100b87c4aed086bc090cb9c2b17b6631472cec66eb4c02c64e8af9284d57d3e9fb9e979d549ee21b1884fb15c34bf8df10829dee31bbf45f07b5cfb8e1381aa9de9fb4b930e757929adec4ca9659f4098ad7e98633b3e1b6b7ad3319ed3df1a1673ce883be56129c271cc25d81d253bfc60240508ab1a675da1eb71c36671e21d566f40fda33ea91541c7cd674f87541d0ab3242bb21f8402f7fa1be6dd4a8c6fca4a33585cbbe741c3303c07186ccf161ea1df29418ed47971632b37d7e9ad96b6677c6858435ee4e1298086e6cce4a1dbe5f16f525bf197c67d4461183a4091b1bd1513ac943ff7f263fa203124742a2702bb6ad03917c6781d05eca5c6249525066cf616417cc498dd462bb07500bb5dd928467b251ff301e4ff176f9479a14570ddca948f03e5377a15bae45dad95547d683b511e048af3db38992b05133d77bfb544c020605ed1acac4e2188f3fe148bb63ce7ce4102b168177c06cdddc938b51d575290dc5f20792c75c1f8b90e87dee3070139ce6730c3d8c0bbed21118b9c15959d51a9e8663f6c1dacd93868729e038fb485e0cfeb5b70da40c46ac48827840f8e58543a57d436ffbb67a2f8014513ea160035ba40bf7c5059683f812f281c90623cd6a2a1ad42969e1009e3f79939c15194b36111c38f21594b0aedc468d2124970b85837d4d2ae3726bd3cbb5605f46728c8d209a046834939566f7189d25541617838ba9e657ed91a91bc08383b18d900d788a4cd202b768835d62e0e839b360a84754f0fb557edd2d56c86b4fa928f38fd71c1692f5f158e437009580306e3f4a9c562e013c2ec10836f0b66e780829fe9d18709abdaff95daf4b791d5a444538fd2cd4e942e3369e14f97fe23d2187ef5c50eb2fe01f2009773f801b42cf522eb57b7e21f0d8048de293a6a7f3055e241254561ce7f9e57772163be3212052dae8ebb3704d57a815c1743208ac04daac3ce0e887209dfd57e15c68a81f94b40c2a7866598997694649fa63530c7aac999788e1370a907802e5f533796dcfffaaaf528df2adea9ad6915a0e9948432cd72b05352baaff8c3958787efaf62b04e698c0346a75eef184f741050b213e416dbe99ce5d53c6787b0472485a1945c37e4b8b2245307f75a2a11bc1f7dd5f627a14bf29471cd912e63872a9cc7a627ce30f0d5bb8a60848ab86b73c5c2d440fabb22e267cdb88911a5a876775dfec1fe6381aecd355c4fff5037cddfd750c9644690b6cd6603c2ad0b27bf75c8b7621c642c3f236ce35f9f95ecf0603d054af9acdf32f07b4a12948656e9f0ae4051b54012d1f1b0ef0892558cac1afa19e1462f60f7d3b40ba3574b94cc6178dc512909e4483afd340298e406f4a99282321aa8f36a5f25538697a6f03cbbcace1854b2ffb8fb301d833fe8a1fe56c74a62e0c9955099ba6aa21371f13d24f822dc8608ca84895275179abb97cd9ad9c662e509a94b7f9600c62f997e9d2de01450bbb97c96df7c734c716aa7e15d46f2280f99f67b4145ad520247ee798e32c746ae80d81fc542a8f34f6b1fde30902fcff0a13a901c3fd399daf929f4451a0436b83375c047e5a6d31bcdaee1b19036ff9986074ecff8abe485d57f45517b0d5a4ed996a06b2553d6981a91dbb90858f05f8d25966e838271a2109e44f46620faf4be0fc045b3685b960491bcd17130df3a87c71c7dccaf84e2860d1d81be3f6c7018fdaf8b02e77585a6e293f033905b46ee1796463cf034990cdd08a9d687a41e715fd5896ca69c65c1e15abbec20b05979f761867acf74fa614c5f3069cc78106e85cc556f34ecff2bb511c7e445cca0551653f693324b96b082214e932406258c900ee4180c952bcf40b3cef48bdeea33488f078983f47bd1bedf783a45edd204c1d5a620ee5abc18e8d70d126495b95ed32bda743a6c89d6f20e8d93407d387ca480377a2febe84f0a7aa659ff1b11a2d05a95844d2e8363f1338245ec6ee452382ca2d6f0050e96919ec3277135fc9acc2a1139b7823a20442da3602f26204f63e120cf080c2a0d836307c9a71bb516a1768dfe3c79003e7a091ad0322f43bb369551da1baed51954ecf5d288a3", 0x1000}, {&(0x7f00000014c0)="ca158ec59580ac66575ca896acbf732e3b03299b8fca86fd3e45af218151fda35051d47e3a22bbabd109fb3ed5f16c4be911768361ca860e665a4a4a13a87165598060128c3794f71689a4356fd6849e50512b95cb309ca42bb3d1c63eae19f7ef34379ea43b1b0bfc7e9c0cdf91eaec43c0250cc3dc1ccf14a7c39c25b768555b8f10c302ccad550dd030efeb9d84e35d7e4f8cd42820a48de853f52686e1c8231638415e8567ed385bbbaabad48e39b0d709d1be982b444e79756efc07dace7a714f29f34dfd0f20d18a6e20b6d4", 0xcf}, {&(0x7f00000015c0)="b92c06ee5afe75bed22f20c75adf7f20f368e2065401c97e0b005f4f2bd7e95b34d15746af202c9950cfccb64b09058dfcbfa184555fa567022dd67c49a23bef69655daf12881f5fb499f53ae50a9dbe859b3da068cbf2a565a9154060bde803ba2f143fb4777c423adb785d", 0x6c}, {&(0x7f0000001640)="b5c0fb65e7d7a38f2599b7bb2ca520f05b68d597321928e84a1aff7c5eed1be48c415f2fd70da44e023b76e4af0eef805cdad303651c75c6e89e4d6659884b72be8f9a0625297bff7e743bad943d34aacbc4fdc32d82bf1df216fd9040b3d7daf0b09b2284aa42f2200c591bb317efac3b23cd6c2dc51abb2ce69a94ee1c1d41395afd4c90570bbc89bf624100c9af749b60aae50b35d51d32351f277f89009406a725b5dce0698b08ff50679c6bdb17fa50df513211cea8237e27110220866c6da96255ba38e3a3", 0xc8}, {&(0x7f0000001740)="b31eee77acdb7e02cd3716f322cdd93829714974b474a6eb9f7ef4402c808fdab9449ec62a6cc692c54b24ccd2bb4c815f2ce2d74be640333053b9bd914c75691e34934edaa3d16fd07f3bc49862ad3d6abdfb6f357f20fd564499718491e0c7bff08c281f0e27d129b5d44be9fd23bdc8e1525f4055db15f6bf10ee7fc226743fd3a4715de941f0648d338fd649c887e31ef996b50bde503457259849c12886d315de042805857bcbbe29d5f5c3e64a0834aa0624e3dac7098838c19958", 0xbe}], 0x9}, 0x0, 0x4020801, 0x0, {0x0, r4}}, 0x3)
io_uring_enter(0xffffffffffffffff, 0x302, 0x0, 0x0, 0x0, 0x0)

[  258.211180][T24847] loop4: detected capacity change from 0 to 3
[  258.218998][ T1041]  loop1: p2 < > p3 p4
[  258.223457][ T1041] loop1: p2 size 2 extends beyond EOD, truncated
[  258.230686][T24844]  loop3: p1 p3 p4
[  258.231786][T24847] tmpfs: Unsupported parameter 'huge'
[  258.234823][T24844] loop3: p1 size 11290111 extends beyond EOD, truncated
[  258.248483][ T1041] loop1: p3 start 225 is beyond EOD, truncated
09:17:59 executing program 1:
r0 = syz_io_uring_setup(0x2de1, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000002000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000240)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000001c0)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index, 0x0, 0x0, 0x0, 0x1}, 0x0)
r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000003000/0x4000)=nil, 0x4000, 0x2800002, 0x30, r0, 0x0)
r4 = syz_io_uring_setup(0x44c2, &(0x7f0000000000)={0x0, 0x7c6d, 0x4, 0x1, 0x354}, &(0x7f0000004000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=<r5=>0x0)
r6 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000280), 0x121001, 0x0)
openat(r6, &(0x7f0000000340)='./file0\x00', 0x80940, 0x88)
io_uring_enter(r4, 0x2a6b, 0xc29e, 0x0, &(0x7f0000000100)={[0x8]}, 0x8)
r7 = dup2(r0, r0)
syz_io_uring_submit(r3, r5, &(0x7f0000000200)=@IORING_OP_ACCEPT={0xd, 0x2, 0x0, r7, &(0x7f0000000180), 0x0, 0x0, 0x80000}, 0x5)
io_uring_enter(r0, 0x302, 0x0, 0x0, 0x0, 0x0)

09:17:59 executing program 4:
mkdir(&(0x7f0000002200)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000980)='./file0\x00', &(0x7f0000000440)='proc\x00', 0x0, 0x0)
r0 = open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
getdents(r0, &(0x7f0000000040)=""/188, 0xbc)

[  258.254707][ T1041] loop1: p4 size 3657465856 extends beyond EOD, truncated
[  258.256994][T24844] loop3: p3 size 1912633224 extends beyond EOD, truncated
[  258.273659][T24844] loop3: p4 size 3657465856 extends beyond EOD, truncated
[  258.347090][ T1041]  loop1: p2 < > p3 p4
[  258.354117][ T1041] loop1: p2 size 2 extends beyond EOD, truncated
[  258.379939][T24844] loop3: detected capacity change from 0 to 264192
[  258.380683][ T1041] loop1: p3 start 225 is beyond EOD, truncated
[  258.392980][ T1041] loop1: p4 size 3657465856 extends beyond EOD, truncated
[  258.410235][T24844]  loop3: p1 p3 p4
[  258.414096][T24844] loop3: p1 size 11290111 extends beyond EOD, truncated
[  258.431292][T24844] loop3: p3 size 1912633224 extends beyond EOD, truncated
[  258.439094][T24844] loop3: p4 size 3657465856 extends beyond EOD, truncated
09:18:00 executing program 5:
mlockall(0x1)
mremap(&(0x7f0000453000/0x4000)=nil, 0x4000, 0x1000, 0x3, &(0x7f000014a000/0x1000)=nil)
mbind(&(0x7f00003b5000/0x800000)=nil, 0x800004, 0x0, 0x0, 0x0, 0x0)

09:18:00 executing program 1:
r0 = syz_io_uring_setup(0x2de1, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000002000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000001c0)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index, 0x0, 0x0, 0x0, 0x1}, 0x0)
io_uring_enter(r0, 0x302, 0x0, 0x0, 0x0, 0x0)
r3 = openat$incfs(0xffffffffffffff9c, &(0x7f0000000000)='.log\x00', 0x2, 0x10)
io_uring_register$IORING_REGISTER_BUFFERS(r3, 0x0, &(0x7f0000000800)=[{&(0x7f0000000040)=""/101, 0x65}, {&(0x7f0000000600)=""/244, 0xf4}, {&(0x7f00000000c0)=""/46, 0x2e}, {&(0x7f0000000180)=""/14, 0xe}, {&(0x7f00000003c0)=""/218, 0xda}, {&(0x7f00000004c0)=""/187, 0xbb}, {&(0x7f00000002c0)=""/70, 0x46}, {&(0x7f00000008c0)=""/253, 0xfd}, {&(0x7f0000000340)=""/27, 0x1b}, {&(0x7f0000000700)=""/201, 0xc9}], 0xa)
r4 = syz_io_uring_setup(0x495a, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=<r5=>0x0, &(0x7f0000000100)=<r6=>0x0)
syz_io_uring_submit(r5, r6, &(0x7f0000000040)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x4, 0x0, @fd=r4}, 0x9)
syz_io_uring_submit(r5, r6, &(0x7f0000008540)=@IORING_OP_CLOSE, 0x10001)
syz_io_uring_submit(r5, r6, &(0x7f00000000c0)=@IORING_OP_WRITE_FIXED, 0x0)
pipe(&(0x7f0000000040)={<r7=>0xffffffffffffffff})
r8 = socket$inet_udp(0x2, 0x2, 0x0)
close(r8)
splice(r7, 0x0, r8, 0x0, 0x10005, 0x0)
syz_io_uring_submit(0x0, r6, &(0x7f0000000200)=@IORING_OP_CONNECT={0x10, 0x3, 0x0, r3, 0x80, &(0x7f0000000580)=@pppol2tp={0x18, 0x1, {0x0, r8, {0x2, 0x4e23, @multicast1}, 0x2, 0x4, 0x4, 0x2}}, 0x0, 0x0, 0x1}, 0x0)

09:18:00 executing program 4:
mkdir(&(0x7f0000002200)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000980)='./file0\x00', &(0x7f0000000440)='proc\x00', 0x0, 0x0)
r0 = open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
r1 = socket$inet_udplite(0x2, 0x2, 0x88)
getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000240)={0x0, <r2=>0x0}, &(0x7f0000000280)=0x5)
setuid(r2)
openat(r0, &(0x7f0000000400)='./file0\x00', 0x242000, 0x40)
pipe(&(0x7f0000000040)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
write$binfmt_misc(r3, &(0x7f0000000140)=ANY=[], 0x4240a2a0)
openat(r3, &(0x7f00000003c0)='./file0\x00', 0x410000, 0x140)
syz_mount_image$tmpfs(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x4, 0x6, &(0x7f00000006c0)=[{&(0x7f00000000c0)="96fae7ad0da9d62893c6f4e4dfeac34cf16d39e3e4f2d13634b5f2dea0a8804ff18e7c323a45444e868dd686957f252fc5be2a36", 0x34, 0x5}, {&(0x7f0000000100)="7048a65ecb0ede5c244b3d658497cf92b5a8a77b1418bc02ab9a4b4d4cd23406bc82df5fe34b43d419465f5c28a87e2d3e23f3d7914e5ba4cb7353262970bff14d0ac3f127e030d2275114b893e6ae89abbdd61bf9f2ac1cfcfd5a74b458da9fea4efd16059532ce01054035380f40f3b61ce621081629a2c40afb2ac696f1a33cf7b1dcc2b0e47197c9b8ab4be7376a581ed18d07287780cd942c3410c79d713aa96a01902189aa65b6f8", 0xab, 0xa2a}, {&(0x7f00000001c0)="770ef1353e6fd388ecb8ee78736846009abbf6eb5c03b5d9e6ec8e0c8e1ce2f900457f16a119d01345030271f98fda82723d8d36fc600b8a7adab42592728ccb5ed7d89aabadceeecf70757d8203c3815cd4c1fcf191f0bf5dcf4dfc3f42c81b5d80b838b64ae6bc13e12c9cc2d3fc8b4e3b88ae40af8a8e638aef5d5ffb97c1fa5cb1c29a50d2f26eee3e4ebd45ebf62ec5a1a3819b5ff3390028810afb8e894aecc9ee819c54060607b931efcfd89cafc993bba73059c4b488ff2426930f860b7fcc1fa4c6b9e56dc28719e8400cfadfa7b0953d7efca5ec39290e4b6a7e5ac7c29e55d4bd5a83cba08f9a", 0xec, 0x4}, {&(0x7f00000002c0)="a94764eaa94fed1345cbbdcd5c", 0xd, 0x955}, {&(0x7f0000000300)="340c690233aa3d8757f7b3dc7abb87bfd9426572f039541e9cc301b681edbf7dea4a0adca1e4982e266384cb1126347371b5df33d16335f4de8c139dff8f0102e2ee241760cec6b0f0e656bfa37b290cfe5b0c848269f4a486f24d10d3e1e0862eb319c4775f15452ec6e28c73798208c50c868620eef9871e6ca112e6bf4355699005e04a884f768eec08de9f58804474d3cee275b1b5", 0x97, 0x1ff}, {&(0x7f0000000480)="70702868c79d68a610152be621ecd599bc62d96be4f158b2752d06f57d2bf9bb44820386765bc9e098137f00ef61639a00aa0cc0d25b56847224e964a86c65de8634d23c915e8a9ae9ef6a8d514032544c4c71d3b4d60233fe0a04bb184384efd86142e2c3628f2dbcf3e7e7ca55b8e44d51f38a0b4ad4df4b61f3dea310ac2bfbd0f34134a11dc6b5667bac0168242ad5081b98e3ca5b18fbbb90b9dcd8c3a6ad1a20e1c4f2eddf5a95856769261ebc8d760a2004d8ddb7e62e562a479034188472c352841c24ea8fe3f502eab9ce6e92bcd0fbbe78a4945cd0dfb29fb87d8479bf9c6108", 0xe5, 0x400}], 0xa08832, &(0x7f0000000780)={[{@nr_blocks={'nr_blocks', 0x3d, [0x31]}}, {@uid={'uid', 0x3d, 0xee01}}, {@huge_advise}, {@huge_advise}, {@huge_advise}, {@mode={'mode', 0x3d, 0x3598}}], [{@uid_lt={'uid<', 0xee00}}, {@obj_role={'obj_role', 0x3d, '[][{\''}}, {@audit}, {@pcr={'pcr', 0x3d, 0x3e}}, {@fsuuid={'fsuuid', 0x3d, {[0x35, 0x37, 0x31, 0x64, 0x31, 0x63, 0x34, 0x37], 0x2d, [0x38, 0x30, 0x65, 0x35], 0x2d, [0x33, 0x34, 0x65, 0x62], 0x2d, [0x33, 0x66, 0x39, 0x32], 0x2d, [0x0, 0x53, 0x32, 0xa3d59109f50afb3e, 0x33, 0x65, 0x35, 0x32]}}}, {@fowner_lt={'fowner<', 0xffffffffffffffff}}, {@obj_role={'obj_role', 0x3d, ')'}}, {@smackfsdef={'smackfsdef', 0x3d, '\\$#/]!-%{*.-*%}'}}, {@permit_directio}]})
getdents(r0, &(0x7f00000005c0)=""/223, 0xfc61)

09:18:00 executing program 2:
r0 = open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x1800007, 0x11, r0, 0x0)
r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r2=>0x0)
ftruncate(r1, 0x81fd)
syz_open_dev$vcsu(&(0x7f0000001700), 0x0, 0x0)
sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000003980)=[{0x0}], 0x1}, 0x0)
io_submit(r2, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x2000000, 0x0, 0x1, 0x0, r1, &(0x7f0000000000), 0x16000}])

[  258.471441][ T1041]  loop1: p2 < > p3 p4
[  258.478756][ T1041] loop1: p2 size 2 extends beyond EOD, truncated
[  258.495666][ T1041] loop1: p3 start 225 is beyond EOD, truncated
[  258.501908][ T1041] loop1: p4 size 3657465856 extends beyond EOD, truncated
[  258.551690][T22078] blk_update_request: I/O error, dev loop3, sector 263946 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 0
[  258.564957][T22005] blk_update_request: I/O error, dev loop3, sector 264033 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 0
[  258.576930][ T1778] __loop_clr_fd: partition scan of loop3 failed (rc=-16)
[  258.577946][T22006] blk_update_request: I/O error, dev loop3, sector 264064 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 0
[  258.602549][T24908] loop4: detected capacity change from 0 to 10
[  258.609797][  T710] blk_update_request: I/O error, dev loop3, sector 263946 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  258.621253][  T710] Buffer I/O error on dev loop3p1, logical block 131968, async page read
[  258.623292][T24908] proc: Unknown parameter 'nr_blocks'
[  258.629966][  T710] blk_update_request: I/O error, dev loop3, sector 263948 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  258.646450][  T710] Buffer I/O error on dev loop3p1, logical block 131969, async page read
[  258.654985][  T710] blk_update_request: I/O error, dev loop3, sector 264033 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  258.666299][  T710] Buffer I/O error on dev loop3p3, logical block 263808, async page read
[  258.674846][  T710] blk_update_request: I/O error, dev loop3, sector 264034 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  258.686259][  T710] Buffer I/O error on dev loop3p3, logical block 263809, async page read
[  258.694700][  T710] blk_update_request: I/O error, dev loop3, sector 264035 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  258.700859][ T1041]  loop1: p2 < > p3 p4
[  258.706000][  T710] Buffer I/O error on dev loop3p3, logical block 263810, async page read
[  258.718894][  T710] blk_update_request: I/O error, dev loop3, sector 264036 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  258.730194][  T710] Buffer I/O error on dev loop3p3, logical block 263811, async page read
[  258.731274][ T1041] loop1: p2 size 2 extends beyond EOD, truncated
[  258.738680][  T710] blk_update_request: I/O error, dev loop3, sector 264037 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  258.756224][  T710] Buffer I/O error on dev loop3p3, logical block 263812, async page read
[  258.764737][  T710] Buffer I/O error on dev loop3p3, logical block 263813, async page read
[  258.773239][  T710] Buffer I/O error on dev loop3p3, logical block 263814, async page read
[  258.778808][ T1041] loop1: p3 start 225 is beyond EOD, truncated
[  258.781670][  T710] Buffer I/O error on dev loop3p3, logical block 263815, async page read
[  258.787907][ T1041] loop1: p4 size 3657465856 extends beyond EOD, truncated
09:18:00 executing program 0:
syz_read_part_table(0x100000, 0x1, &(0x7f0000000480)=[{&(0x7f0000000000)="020181ffffff0a000000ff45ac000000000063000800000000000000000000ffffffa9000000e10000008877007200300700a6ffffff00000000008000da55aa", 0x40, 0x1c0}])
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)

09:18:00 executing program 3:
syz_read_part_table(0xc000000, 0x1, &(0x7f0000000480)=[{&(0x7f0000000000)="020181ffffff0a000000ff45ac000000000063000800000000000000000000ffffffa9000000e10000008877007200300700a6ffffff00000000008000da55aa", 0x40, 0x1c0}])
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)

09:18:00 executing program 1:
ioctl$BLKGETSIZE64(0xffffffffffffffff, 0x80081272, &(0x7f0000000000))
r0 = syz_io_uring_setup(0x2de1, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000002000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000001c0)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index, 0x0, 0x0, 0x0, 0x1}, 0x0)
io_uring_enter(r0, 0x302, 0x0, 0x0, 0x0, 0x0)

09:18:00 executing program 2:
r0 = open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x1800007, 0x11, r0, 0x0)
r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r2=>0x0)
ftruncate(r1, 0x81fd)
syz_open_dev$vcsu(&(0x7f0000001700), 0x0, 0x0)
sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000003980)=[{0x0}], 0x1}, 0x0)
io_submit(r2, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x2040000, 0x0, 0x1, 0x0, r1, &(0x7f0000000000), 0x16000}])

09:18:00 executing program 4:
mkdir(&(0x7f0000002200)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000980)='./file0\x00', &(0x7f0000000440)='proc\x00', 0x0, 0x0)
r0 = open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x8)
getdents(r0, &(0x7f00000005c0)=""/223, 0xfc61)

[  259.343381][T24936] loop3: detected capacity change from 0 to 264192
09:18:01 executing program 0:
syz_read_part_table(0x100000, 0x1, &(0x7f0000000480)=[{&(0x7f0000000000)="020181ffffff0a000000ff45ac000000000063000800000000000000000000ffffffa9000000e10000008877007200300700a6ffffff00000000008000da55aa", 0x40, 0x1c0}])
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)

09:18:01 executing program 1:
syz_io_uring_setup(0x4207, &(0x7f0000000240)={0x0, 0xc9c2, 0x8, 0xffffffff, 0x16a, 0x0, 0x0}, &(0x7f0000002000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000040)=<r0=>0x0, &(0x7f0000000140)=<r1=>0x0)
syz_io_uring_submit(r0, r1, &(0x7f00000001c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x1, 0x0, 0x0, 0x0, 0x1}, 0x0)
r2 = syz_io_uring_setup(0x495a, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=<r3=>0x0, &(0x7f0000000100)=<r4=>0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000040)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x4, 0x0, @fd=r2}, 0x9)
syz_io_uring_submit(r3, r4, &(0x7f0000008540)=@IORING_OP_CLOSE, 0x10001)
syz_io_uring_submit(r3, r4, &(0x7f00000000c0)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r3, 0x0, &(0x7f0000000080)=@IORING_OP_STATX={0x15, 0x5, 0x0, 0xffffffffffffff9c, &(0x7f00000002c0), &(0x7f0000000000)='./file0\x00', 0x400, 0x4000, 0x1}, 0x3)

[  259.391190][T24936]  loop3: p1 p3 p4
[  259.395081][T24936] loop3: p1 size 11290111 extends beyond EOD, truncated
[  259.412154][ T1041]  loop1: p2 < > p3 p4
[  259.418046][T24936] loop3: p3 size 1912633224 extends beyond EOD, truncated
[  259.418092][ T1041] loop1: p2 size 2 extends beyond EOD, truncated
09:18:01 executing program 4:
mkdir(&(0x7f0000002200)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000980)='./file0\x00', &(0x7f0000000440)='proc\x00', 0x0, 0x0)
r0 = open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
getdents(r0, &(0x7f00000005c0)=""/223, 0xfc61)
chdir(&(0x7f0000000040)='./file0\x00')

[  259.449314][T24936] loop3: p4 size 3657465856 extends beyond EOD, truncated
09:18:01 executing program 5:
mlockall(0x1)
mremap(&(0x7f0000453000/0x4000)=nil, 0x4000, 0x1000, 0x3, &(0x7f000014a000/0x1000)=nil)
mbind(&(0x7f00003b5000/0x800000)=nil, 0x800004, 0x0, 0x0, 0x0, 0x0)

09:18:01 executing program 2:
r0 = open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x1800007, 0x11, r0, 0x0)
r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r2=>0x0)
ftruncate(r1, 0x81fd)
syz_open_dev$vcsu(&(0x7f0000001700), 0x0, 0x0)
sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000003980)=[{0x0}], 0x1}, 0x0)
io_submit(r2, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x2800300, 0x0, 0x1, 0x0, r1, &(0x7f0000000000), 0x16000}])

09:18:01 executing program 0:
syz_read_part_table(0x100000, 0x1, &(0x7f0000000480)=[{&(0x7f0000000000)="020181ffffff0a000000ff45ac000000000063000800000000000000000000ffffffa9000000e10000008877007200300700a6ffffff00000000008000da55aa", 0x40, 0x1c0}])
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)

09:18:01 executing program 3:
syz_read_part_table(0xd000000, 0x1, &(0x7f0000000480)=[{&(0x7f0000000000)="020181ffffff0a000000ff45ac000000000063000800000000000000000000ffffffa9000000e10000008877007200300700a6ffffff00000000008000da55aa", 0x40, 0x1c0}])
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)

09:18:01 executing program 4:
mkdir(&(0x7f0000002200)='./file0\x00', 0x0)
accept4$unix(0xffffffffffffffff, &(0x7f0000000180)=@abs, &(0x7f0000000000)=0x6e, 0x800)
mount(0x0, &(0x7f0000000980)='./file0\x00', &(0x7f0000000100)='proc\x00', 0x300040, 0x0)
r0 = open$dir(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
faccessat(r0, &(0x7f0000000200)='./file0\x00', 0x1a7)
getdents(r0, &(0x7f00000005c0)=""/223, 0xfc61)
setxattr$trusted_overlay_redirect(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x8, 0x0)

09:18:01 executing program 1:
r0 = syz_io_uring_setup(0x2de1, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000002000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000001c0)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index, 0x0, 0x0, 0x0, 0x1}, 0x0)
io_uring_enter(r0, 0x302, 0x0, 0x0, 0x0, 0x0)
io_pgetevents(0x0, 0x9, 0x8, &(0x7f0000000000)=[{}, {}, {}, {}, {}, {}, {}, {}], 0x0, &(0x7f0000000200)={&(0x7f0000000180)={[0x6]}, 0x8})
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1000002, 0x10, r3, 0x10000000)

[  259.496898][ T1041] loop1: p3 start 225 is beyond EOD, truncated
[  259.503203][ T1041] loop1: p4 size 3657465856 extends beyond EOD, truncated
09:18:01 executing program 0 (fault-call:2 fault-nth:0):
mlockall(0x1)
mremap(&(0x7f0000453000/0x4000)=nil, 0x4000, 0x1000, 0x3, &(0x7f000014a000/0x1000)=nil)
mbind(&(0x7f00003b5000/0x800000)=nil, 0x800004, 0x0, 0x0, 0x0, 0x2)

[  259.571472][T24982] loop3: detected capacity change from 0 to 264192
[  259.588063][ T1041]  loop1: p2 < > p3 p4
[  259.603452][ T1041] loop1: p2 size 2 extends beyond EOD, truncated
[  259.610868][T24982]  loop3: p1 p3 p4
[  259.614765][T24982] loop3: p1 size 11290111 extends beyond EOD, truncated
09:18:01 executing program 4:
mkdir(&(0x7f0000002200)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000980)='./file0\x00', &(0x7f0000000440)='proc\x00', 0x0, 0x0)
r0 = open(&(0x7f00000000c0)='./file0\x00', 0x20000, 0x100)
getpeername(r0, &(0x7f0000000200)=@pppol2tp={0x18, 0x1, {0x0, <r1=>0xffffffffffffffff, {0x2, 0x0, @multicast1}}}, &(0x7f0000000100)=0x80)
sendmmsg(r1, &(0x7f00000075c0)=[{{&(0x7f0000000280)=@tipc=@id={0x1e, 0x3, 0x3, {0x4e21, 0x1}}, 0x80, &(0x7f0000000340)=[{&(0x7f0000000300)="33ddda1b2199", 0x6}, {&(0x7f00000009c0)="1b5656f3166f719834850b401dc33a9ec4d832ae3db2d574ba995edc9a37d8e338d855e98b56001bc7eb66e507b26a7a4f4697338c860005f334a1e5cb48284038a4a66b372cf333913b2014f8098ce4fa0e708e95bd14b4530726d7ee5e29034e9d60d4f1b4a6be556d3a6a60f467a815f3aefbc60a5c616164d63de0a12a3bc21ab0de8a79801d5e91069ea7f8c39e5db6694dc17c400a61d7d467fdad31d9e71be85bfbb84a3e96d7af8db55cd9a3ae2c69c52dd561e4b03936fe99fece7de84cf6f7978bf6f9436708891d00f0eb38d21a386b1f3dfdee126c2d0ae01e586d3e15861fd16d3b294a0752f8f935caa9371fcf41f10781b38c1c815d4a8c6cbbd7efebdb9a52c9b846fc1ae52a20c36064cf4192fd392ac8617c7fe34f99f0cd57bf4ddd602785e94ac1dc815b15f6655006115170c15baae3b924fdd4e8f5a622694b022219bdf415cab91c20285783eafb49a972699108368836d65bc49dc049a54c3ab739e1289bdb7f6c2446a6459c9a4fe5488f3190d6accc297c8c13e6e37070325174ddadc4bc5f01da8f121e3ccc60f808337011de8e5fdc2af2b28c754d37cfbe85cbf927a169d2d0109886830994c3a1e2502cb5a14fac0193e69903a731be36699831f53fd5d5fc79e333229a5279a18bfa0e320e8443ebddab7eb27cfc49d7fdecbb6d41d8d383d394de0f30676f3a1cc539e31eb49aeb932f45a744452c80a25aab2415d3c3793e6ec6af4462aa395b58b791277a0fce8433bf179037acb65a59dfc53f8240b481efcd82d9fc42b20c50b408e0006e8876646be643204f1faf2b5c51fe9bab480512afbc515e6c0955f7970f376410cb8d43aed9de12b81b0b9d171477a5f911fa8976f2f8e3ff102bf47b867776b644077f7e9b8626a5e663571cf7bbb47e93f6dc597d16fdf6325767114fa987a8291bc8b6c4a8048ceb3bc5ac32f28769690fedc1fd03e3f4e373d9d320ff8fc7fbd35f36e758fb486a6037be6620014413aaa9da48ff6d3b1b97cafc0732207600383cfde30024cbfabfea8c14d1b67d078a3b61e8003d7989e15ec38fd53e85045cbbb0c76a2c20b979b29de871d310748e415baf6c711a8d645394e222afd292f727babca6dceea0339ebfc01a447affbabd06da50fb57eab4496b4cf34a635e0cee2ee209f8cdafee359abc5ad8f9a352209b8bb5851257a162b878d25ce537b4c0e99fa72cf8bfd20e3e942a1c8e308eeea77e1b710ff245d3ff93935af49201c8e0353fd5442795143e3c62f9d2cc3b6ccf85acd79666410e3bd61bb98867889cfec3c8191f10ef4b7ddc08c6a8d0819fb3b20d5176f67d44fc3468c8e22d07cf36664a3e9a2dc59b75af9f6bb30ea219fcd0363d43d79bf00d6a33497dd127908d4ab831bfb0f8458fb86634fa05125679ca44f92dff6ad0c81b74aee170ba17b0af1fcffbff54db8564f9a70e969de33eb95b2ecd020aa5683e371ed5a45b284502e12ba783259648d3b7f8ab4c752a49550e207d7a9b41d1ce445e3057ab386f82d799d255d66fb6ac24c6cd36f2ebfd5e4a7832ea752719b970f5c48dd298c7dfd1e206b5b14d87cd4c96d624a57a6f2e02526654178a9f650e3aea12634e0537b5c7276a4c24993f16d40f7582ce4ab93282875077491c1e3cd0824931a65313a6fcf745929e5f3971c6018d7a38594f2135227508875ab440189135142f7891c5c66d8293945873d961d9dcb67dc22e4a494ec5214022ed2556b0bb8e21b483f6db24a72fb8e7c81fb1dd74ad800ea448af641618099439400f5d16cec91a22ced1e468c41603baa2dd17f05d7b14b49214b26fd827fb85f4c0a3e2f6d3ca97b4a4982e39c80c89407c327f4e357044701c463f4e229d7bf32ef8e389730d4a7ada1b3c642856a285c166bb930d2170bf5122b3b39aff8beba9cb2af1a3b3688a6a32ab9d120f8a8c816953ce2d483451eb706b09462fa97d1f28cd4b6037160af0f399f2d74abaaa883aa4cf6a2855320db2dcb3b7718c8979321b64b0b053b2ff317686120677f73674d569cd310898b95399a84a17329657feb54e64d7007b1af5f483461b85d0ce481f23bcad9302d4b8b2569328eccdcdf4dba497b302048e71e4da607c85e6f823eb285da6615b8d4265b56a8f0281a7186611ab43d7bd68c0536296e59dffe8e0deb5817c287445c761acc04a6b83840a1fc094e25ef32c41780b4dd69bf0a8ce45fbf2a300d5f77c341e47333fd3be4d5910dc8029762fcd3e84dedb04afee340b39033d5243a7d9850d2d43ca51663120d244bc413fbb50768e39fff833fa40680e305c0f96586d3c51065147a96225c57b1430295ff96f95015119e7a1286c9df795b54537886b8fdbc3a68f18dbe0e5dd3fedffef0562884b6964955257b02506620efbcce5eaa69d9fcc766cbbc3466d31ad02eb9e6e05e62f1864c86c7ba430bd92d952e26e0d7f23ac29bfbbe1ac6e29f3635b2a3e05d7efd23ec0dc4376a9ef51e5848cdee82ef77fb956684254917b714d5d52d2d50415a400c98335939f6afa650ce0ddc8dbbd4a25b5911ef40e2e1241eee1c75bf6053324cd5d61c19c82c32ca841f263b82d3bfcf2a0635c67af759adcf99eabec051052f1b033fada1e80c8d9da46e54819171b130c0502d554250b23280f9d9c10e8e5a769578f9ce6f94f55f22a299e8abef3b9d6dc363bd8c711b32f86a7045d8f91c3dbe274fbeb58a045a538beb89ecc0d15990cf51005df2f2052c5cfb732662c507f9673f2ffafac5011b816224bf5503f1d82a2c8b9ca9965fe9187b9ad2a58f7d60e9274b565feee5b09774b16d89583f039c70467d39dca467b60e5c9dd56b2f960b117967e26710d07f2bc487b5bb8f3f8a8265a4303e5b50265fb346f77f0ca3dac22c3840906b0eb7b1f1b473a58c73983f7766b767f02d5610ff6421bf4feb142b0bcc21516a7941eee1ef101f2c13806584f84c7bb1926cdc435b221f5158b8cba0e10d1271f5e54157b0892fa0a1744a51df53d31992ea87b2db61704f4ebbb83517c9a50ea89bc5ee77c6c6ab28817247e45ec7c976a36777525ae9b871cd729ded99c093063a5ee389c62501034f2507b15cfd013e3bd9c93a37cfb49a446f84e5723d6f9d8d3fdfafcb792829f68b7af41ef68a188474f2144284b7f8590d225c961f2d33ae28d0af5d3bb1d9c8aa6a4dec4f85ef10bc964fd7abeef8e315dbaac0a2635d557248b58f63192de3ef004966e2bd396535c21ddceb36918ff0a35550fe9cf5c9f05c7aadb33b310abddcfc66fa874b5d2ab387f10a6d46b69418950be58ee0f5485bb2001d7d5ab1f6ba41f1d4055ac6b0dc05db2de3537e2f5a93408539a0154c443ee0889376a1d082b5b6d23faf4626ab97cd1152f9db6afa083021e0e620966c6536ca823e8fae996936b7b18467fc1910b49cacb73249ae7abed2e6efb2263b271174fffe483879e79b695a8dc50abff8a8d13830b0e10d144eea917f82bd6b4afb789014b799a1e597a4be69774e3e6e0a420ea123b4fb0ff96e193ca27d20d15fdff27b5c0699a377c91797a3f3f1c9cb9af9d929776fe452469301ca9aa96721313cae59f363de9cc5deb058c898bb7a975c806d13da0b1e77fe4e9b89e51721deb350be1b9d5cfbb0d7a57164d2f20a1b24145856042cdb4cab2ec00e884ce0301e09c6fd014271b04d44ff41d6212d2fb3786c3b5eacb902b474769b3891c16a5d6de5e3c38ad19be55fffd8833badfd2c7e38ce08c35611e0f75147eb2f4d4984eb3942d1a160204f3707100a8e2476b596599b6abacaa130f36349eb393fd0b02d1cb731faf6606543bbf5715d3672dda8c9f919870a0d5f4fcf2cbb39184982ac8b02c060e7587d7c074598cccb3ab74bccfcb16b8a965d5a2f55c60524b56a80136ba949d7b2e4cc9429cf7bcb0851bffde9f423740adf41e6977dc7feccae390e2128bcd16384deeb93d4d126e5db710deed8d60c0c635be038786424a2c1531bd817e901989082c39dae27abd9c70c5dd068237c18e475ce5204203dcbf4ecceb2a3f06c613bcbdb665e6fe8cf38f11f9297d1f4e51d92b738076594465da7577c74c58f764c19aa38b9157cf7fbdd5e993914796e91bf504c5320fee92e372c05ba6fcddd6d3e1204dfec29aa904b7f41e7ed86ff11447f52d21aab91d1678d03ed5c9ecffc07b43f4fb65713343e5c775a828020108a80003461e5d9e98f794cbed05939aca5766ab4885a6b435e17751af082d84e9e1263badf974d7946ea5655e8234c2ab55648768aa1c17c9cd9c1d6581cbe9296f2cf40e0f0cb0699f877d18f9cde88945ca68026a9270d5f2a0b45779772d3079c46eec049b6fa931abfd4608aca75eaaa2e9682a63343e50806e801572ac532ffe47efdf79e552312f783dffc83b09879c01bdfcb27951e542ea706470f62f65674cd7f91157d92e4836134a7d3a5666b5fe381fce0c6bacb3187834d8dc4e7939f5fdaf43048a9e8ebe634d551041314234e6d4c22fd869d303295ac78fc3d3c9a41b01c37b45738809459adc43400865583ff4a6f0a3da2ebb0a66f43447292fcd10110b4712a121ff22c2e75800053034be25f0258224d820004e23a310dfd6199f1d1ef568c90f9167b20d20f55be2cf1df564ce3c2d245111099543f8e0f3171a66b51fe99540bccdcc871f25e9c742c8753de63c09301fedb9cfc1e47b117dfa8602bd39861ea7c3cd004feea5d2513aa0af102b78fcc2b6f06e814a5306033cb3800c36740b140cfc43be7696ccf603a06494e531d172af7eacbd5973fe7981aac6960934f8cdb8869cbee5e9a3b55e4556c967b71cd597d410b2f95aed3b41824be33d292d32a892bde10887541b6fbb4cb4ca68a511f624db9c6d26528538c29311fcc493120aef6d834d7939b0a3a7f5538c3e9d052994ebb66fb388dbb1845980661aa17b1302cab5cfebb5c125e090c91dfb35b347b9ab024e05cb6344acb8d49743807e1ddd25f784302cd4db3ac622ad5ce78e6ad6a32167eb88037ad6127b470d6cfa1afe0855be3cd4ee7d8b99f905b00ae8e4d0cd8fc726ec0d602614d5ded0d41d2581539a194b275903a13b379fb0d7ceb0f051ea3114e0804aaf77437fd1de5a44eab21ad6aedb6ead59ca4ad9d3927096d7e56d2da38ada050f50ce336cafea6b7c66360223db00e4131a9b88aae8504630b4cd37a9588fb9fab5fffa12b562de437b6e5c9b435666a5b78a34be98ae481a3f111007ce43fbe8a09ee5f9e0e310be60e4240a270f81ea3be5f73eaf03777be69de9b4c510a9b4fece81d475b14fa6ce411c25b2c0fa8090c52c1a321aafecde182f08e0b37068e51b68acba98009cc9ec34913ab13807dc913d6a46aad9e46de9cb4ed547d59fb50c9635662d28471ae32acc43c8f820c6b55576c877600e33507fee09e50088d3ac9b26b02dabcb28ce95f85bab33514b97f9b6f1d56c48246379ef65c7762196a301ae423f81bd10474513e4fe75af7eb471a422f063da2eabfac9c6f5d56379b4e01a8f5f3d1ef60b56f4e5535042f68dd8648b9da33b3e4bb214a1d687e6d15322a752ab1d477fa3730afb9330690ae078f6d46b534dc4c5c2639f8009e7b1edfe3fd3a4aa8cd8b5a7ddfdd2e3607d85d0b76c9061bd7cb9582283a9ba48814519f00c688a1439cb878c692456007e66869eaa0c856059c79b0a60f4434664ceef594ddaac6dcde7a083244f6ebc1caf830dbdb0bddc39371287177273cc18d856d07d5099", 0x1000}], 0x2, &(0x7f00000006c0)=[{0x28, 0x104, 0x5729ca52, "fd8a97b2a8f54c52a02dd0f6f1dc792bc4023b"}, {0xf8, 0x100, 0x80, "57ce77d4605ca058ec26e2da7a350fb3923fa994a5c340023d444400e83cac1624df7832ce175ed4882ac5c1de9e3dee6c2fede7cfb843816f5d7e64eb03732f0badbe32430246796518d55eac82b01ff6d55797da6da577c21e7004f976029b6f32b0b7548a4643a7ad89b25651195506679a749dd24dd9d4318bc191b0697c90f9065832b703e1342fb1f280a1d70cc7f37fdd342367bdd5e309ef024052983fe27075e01b231e0b0078793b00894f01cfb663df60c799fad0998c870895f5eb7edeee6ec720380f5b02a964f1cd6f1dc15d413a97985daeb10f1705d4f5cc80e5516f2815"}, {0x68, 0x109, 0xff, "1aaf4a73a276dd17cc470311a1c95744f40a1ce81f97aaacba9d616ada95b04403080f1194a7347d634d20240ef3207c0bf76aed99e0b749db79661565f33008094576970f7e9b3e803c8a55ff4c21bdaedbf1b4b9"}], 0x188}}, {{&(0x7f0000000380)=@ll={0x11, 0x4, 0x0, 0x1, 0x7f, 0x6, @broadcast}, 0x80, &(0x7f0000000400)=[{&(0x7f0000000480)="5a4e47fca1e4c70e661f1f4638f7c0acb678c49c5200f5c15c1f2ed546b5f383b162643a93a7b1528811a550f0ee87729c50fb3e850846d8c107157d1d44124b13a593", 0x43}], 0x1, &(0x7f0000000500)=[{0x10, 0x0, 0x9}], 0x10}}, {{&(0x7f0000000540)=@alg={0x26, 'rng\x00', 0x0, 0x0, 'ansi_cprng\x00'}, 0x80, &(0x7f0000001c00)=[{&(0x7f0000000880)="796f4ea654d613c79119025f6aae4be8cfd85f2cb221cea025bbeb40ab80b5952bb915f4528aecd71980c5e451e0dff4cbff236e5f09054c6dddd94d6ba9ac551f12c2cc6beb8f57f124103fb6e9daac062695debd0e973fe4772f6c56dbb35a30c85b1227b7cee7568a1f828460c00dd434ca71be565cdbde0ff6e3dc64d3fa940fb4f6d778f1baa0bced6ce3611fc90e762e67cf2b1024f8e38a1f7a4a1e47c2ca7f0dff050dcfaea3142e4722bea6d68cc15f358239eceef30b3da3220b5266085cf34e1c9f24e946dbfb278820871dfdcc123521227098311d7d15160ed1edfca8c420f93531ce94fe85", 0xec}, {&(0x7f00000019c0)="ae1fb4982e3c3ae7a2aa7f0125816e6dff2dff284449cdccc89aa906b8b7f339b29fcfc067fc5a3dae3b2fec50393edfd6a96089c9a8421bd4f95773ef22dfaf6787ac5aed011a7e6bb54da42da126c4e9e4cd4076069eeb76c24df9fc6b", 0x5e}, {&(0x7f0000001a40)="ce5a134b1c6cbb45bad084d7d9b1ba73388d2e2ad3a98d752d533f4fa46637b50495b92981", 0x25}, {&(0x7f0000001a80)="299122b8df3312cf24d909bf3d3e3bad4a07249f11cafd471255f53f2d67cd0b69eb2f90e2c178ec111288cf", 0x2c}, {&(0x7f0000001ac0)="042e15cba9b725f7d8e524345aa2b04911d8bdb5a8d67ca022f4f7b0d05356fe44e459e1a41d5b6be6cccd1ec1e77f25a9695fdeeb79c2c6a0c3a853cc5e57dfd14b89e5d64a6b3107760315560379d378e95d83341dc369703a6f368727809536eaa621e5ec90d48d1e74381f04f6", 0x6f}, {&(0x7f0000001b40)="36fc06ad784f59e07416755b7f0ba01375c394018bc7f17bf95177511bde6bd037dd7b35faa1b77c05c99fff4c2d24ff35574f7b2f4fca9a267b9e101e8140f133c14588956423941d01672130344d5fbd30ee852499894c98bae14ba149b2311993ead05afb636f1a8a0bb46d1d91acee757399bf27decf484768c9438ba98b23549048be1f1d5ad421602bbd", 0x8d}], 0x6, &(0x7f0000001c80)=[{0xf0, 0x10f, 0x0, "c866547c5d8122856a7f28a040365b117198a09bf83f390996897457be696f27af31dd53db3cbd09f05600f681c3f539d839c56556cbc14c998bd517f11022f86f7bd8b5d5a9602068b2f4d1f610155c1149811cfd8bcb57dc6a3ffcfcce6b09616d832af5e4c507f7e23a957b67863ca41a6d8b6831238fce006d56ad874c977ef0a4d130f3d9aa0f5db5ee24be7271874cadffcfbcdce893a9c06b143306dae7efd8a4005ad9bde92f7dcac26ac56bdde71beaf7eb7839c24703f35585fdc25fde6f7c4c0d692d65fb42ead66162236676420aa408b5ca80c1830fca07"}, {0xb0, 0x117, 0x2, "5ea80bab0fbe4e07b4b94df68520c007f3e3ee786d203dcde602798fb45103963330a60d41d0c4ee6b3d93a7bbad2588bc2084be5a69b8a1899dc132bdb11f6d1c66ae4e607ea7ae635c7ce4787a4e8807386856ebc0f15d07e3a3b195e6ad83c5859ce89fc141496874aaed817f6085184197190550b3c5a522213fd1a66147f7ff5e37adcd21c107a552dd0b9a022073deaf08b33c4f06614d"}, {0xb8, 0x109, 0x4000000, "76503b2eb7063d44dc16d3b8047bc1eb44ff360a8304da9f5103e330a19c5b876f1dd97fc6e5466991764ef102e26ebbef227452e7fe99f1891b28770acbe07ccefff2e540e00ef5f557773c3c4db37d02d2477ae81f3db06b373e89d96907d85357d80735a09847ea29433127aece6c88f5aa81b8cba9556b16780b79d5426e01336236bfa3d72730bd7c3ec7231c66381e6eac3aa67d80841f8f9e48651e25be1a4a"}, {0x58, 0x119, 0x0, "ea390ce7a03908c20da824933d774cecae1bc5131ddb7a606af0459842d9e59f09afbcf0086ea304cb0540e2d8506162245d46be1a7e0baff8d06c561ca01cf4d0f3e4f92d1ac8"}, {0xc8, 0x10b, 0x614, "da992ba045712b85b526cd72551f4f0511d81727a6f7d1e8c9c919d7d334c61c34964e5bb70a9100e0ff0ca5bcf5f347cf638bed3e4ccc0bc959891e13d65daddd840a8d67f2f772d6fe56635e6c73d123d81a8a1e52ab459bfaaebe3acab0d21737c408d1592ca253bde043efc82bfcd8610f5d817667f3059ced19ab54a4e0a26d31046b9d6f0ace907698a24c71b0ae4429d03c2273a852a0294683dd7b2913b5f070fd42072f59a5d48b51fe90f99bccbf"}, {0x98, 0x10e, 0x20, "036dc0fa10b5f0969c015eb519d3b19555c76fde11949a9652da139ed40b474363acb5942cc1eb89fe3c420802ebc21f787bcb9e78cc5e7ebab79b47cb582d6fc971a76851ab2bdfcac0f1bc067d0be3d848c147ae66cb0e1325766817dac9c93c8791399d40e78feaed1a7cde7df65605eddaf89653b668c8aead21cead6247d0526965ab611c"}, {0x48, 0x10d, 0xffff, "30f0e3d6b50d1d51e4fadaaea8a18829165e673526634917bc9a023a00bb561b116459d53d5c43ef1867b20ca2aac2bea8"}, {0xe0, 0x1, 0x101, "f6c7a007238e87c6e6149971f366a23f56f18e521ec6949aafe4a053a7495525f61133f3a1db34809008c2adaddfa8d7982f3b6506b6d2cad2cef4835159f14e09bc3869507ccc69a216d6a0231b0613cb156a4606425217d51afd2f050c29b6f09e523315b1e17b2847a2602ec0060dcf21ad167d0dc693745081e2320564150f037a6a75fad0be1d420cdd6b22431e01b3c321b19fab6451ec0a1671c797b9d1aa2b9604a280c9683a4e7ca13bc4b47084f98af066bf0d8568cba2f1c1925b74ea1b0d5822d5f12c"}], 0x538}}, {{&(0x7f0000002240)=@un=@file={0x0, './file0\x00'}, 0x80, &(0x7f0000002840)=[{&(0x7f00000022c0)="34eac33a1929b4ba79a051bc56381df02d63ee90cfc9563551a576c86eead51d5b5095d55da554710e4dace6c6bc038db37e071e7f677ba67ad12d6f1585fa9de56afccf60d973622e0b19707171d935aa935f8e71fa273c2dd53bc4fb07d7d34de8069c760ba4affa3e98", 0x6b}, {&(0x7f00000021c0)="c5cf6ebb0d2ea5fdd1f177ed3dd5eeebd637338d6f43708cb7c20f3e3b", 0x1d}, {&(0x7f0000002340)="fa6a754444b2e38852c9a68fc23157b910d4ce1c2eb12c5100a89ce078bf04ae6cd9293551ded68c6782d0fd8a2066906dbf7bf825b01cb799e67092d5b54c36fe3e648ade22b80afa66873f5857f02c7f06aa425168645b3c303b2271564ee57ac420b096fa1f315bcd1b536db984029fb11d5d6ffadcb3815cf50bf23940702180e29c029e03e3653b4bb33d91a3e6230b0aaa416c8625ce440f493bca7ed6b384cb7d1e4238a476a7db73f90d02c290c3935c0e", 0xb5}, {&(0x7f0000002400)="9193d8abc21045cb9218eeca64d67e097bfc8c446a80a597d5234c672e62c872b57e583e3a949a39641ac36650b8a918b6666ea2b788de4177bab8796417fc6ff498917f11cb5db4d2ead1a480d5e5b0e2a951625c0117c365de0ac9eb8e08087e64fc99319e66d74a19977bca0d5a04ea2fe401e72f91ce803acdac86abcf259623ba394e07eccf3383961c1c40b72f83ae50b6981707630b183c9490ea4c6ffb99b8ba5409396b54c7a80a71126f712a5ddd51a07f1ce25acb4502e39b5e34415f4786c867894220e2bdfac8913efbb5351f17bc91e5a4", 0xd8}, {&(0x7f0000002500)="f90ec935bdb51067e1b7e0126d4e5e5a874c7d303a96523d993aa2898b5b1c4f6d6edfd4931860c3e8cc1ce2f4ee312b102dde30920d55d6ab20241fa136c703b2057e0033c3f59cde00c0b9c38702863bf7fd2b1fa70623cf07a87f6f56c06a583cad5efd8ac4b41a897d44e2cf2b39bf97e37e78156f6abfee26505752b855cd74e1af581211b46ad3", 0x8a}, {&(0x7f00000025c0)="f90f7269575c883045ab3a385e2ca63dab98019d184019ffb3e46d7ce8644d569eeff6dbdb2ca9a1160e11f70e3cf2c3076710055f8ccc6ff293ec8c39c2cd02ce805c814773739f38a1297becabc2494022e3d6bc9d646f1ac73e5610a42d89bb830097e1b928c6b7115cd2a62ff8f6029cdae3abe449d7e125c7f4cd09c7e3e32799691bc6d430243c4fbf39a80c9273f8a1abefb0d86d6ad275aff0888704507ccde5678e11306034b330a2501f82a50b8e9a0a0991b1ef0360c8e461954121196305510861656f0fa8d96fa4a7dcce92adc8a87d23f963b7505e99867f33f3213d899b7452d5a56538ad288c3fd5a5", 0xf1}, {&(0x7f00000026c0)="4716bc100cee1a2dd033f2e36f4083baa4f3eb2b549f551eeb786548144577a0cb1fcf3eae9dea74cdf8650b576efe5256c159cf6622872505c6a5c41156695af3d79b9d3aa88d22", 0x48}, {&(0x7f0000002740)="c4aed80c91db453daf1843f5498d508532e1d84a48104f7bf103353a5a1a52830c62d79eaee417a14e9efec92585a272aec4892f8742b0dfbfea724aabd993ff2c7a99b9f6236214cc8532dc600cd56dd3fc20bb29546836cfcadcf7a4c8721361591c0312bd5f2203cb4824162f0d6ae2cf957fb081c6c3528fa8ba7c982b933f646206572c480447e70e1a1d5ac906574fac1271cf86c61776d6f160b98212f53a281af945d8b8b94ca1518a002311db4f438fac696f086a36684e04c90a802e06d073b52678a9c966e2993a52efd429aa72f38838a426ae20f17d56dfa53ced4b9b816e9ef63e7745d16cf11d4d68bc", 0xf1}], 0x8, &(0x7f00000028c0)=ANY=[@ANYBLOB="b8000000000000000b0100000100008074ef4a16003e7250b10ca5687b4913c3437d03a681738b9e4fc0cdaec81700417e425342a1a4997fc19d3e6e9987c18f2fa56475b6effd1655330c7bb189d2f8109eba650ab4ec51f5cdfc6a59e7cb5606938b9f1983f0d2076071be1622d9d73b5458a2029cc7076f71f358e34f8bbc54843df2c0af22ce3cca099e35ba5c972665d02d606aaa8d7a63ec7a61ab902296dc3e45b13c751fe66dae03e72722adea7ee9162e38a3b71010000000000000010100000100010009aa1e46238bc2514113882762571c29f73a7aa0689fea99f054e88d2639956b7dbeb82a98ccc7ab7e9ce730f6420d7844919a0a96bec8caedfb87810a80f96429ecc1f0a22e953006779c805cde094c62af528a6449ccc7659de21e4dd777925d17fa825ca026d238af3bf7338400bd4a745eb6f2ef16eb9a417d4956c4b9f40ec174d72d5f87b23b91edcce79ea4b7cc7848cd7c78bb3180772f970967071558e250898c9e5a1e2dc5d99005de9f1c7b5ec09fea4a55bb4c67a80bb8149ea0b35118b90ba4ac4e7336d3981f2c22ecd6d751706c3b932f24d72d0b5bb095577010496977edae9753f4abbc9c2f953569145042a5184a0f10bc94f5a90b3a136a966e7381c74b695f9d1c276fa2f1ed9169cd21126bafd8804e7d6bf7f8d6cdaabdfecc2f115a66311be828f28840ec98c6c3ff11a7e7e40548a23f80a3547f47cb57b1806caf2984700d7cbc329af2a902a47a3d437f2031298977cf9f6db6b5d2b7bdc0cd97d091701d10241e4a2cb8d6c0c4e93f3a6124278465a1a67788f6ef9b0dd6e46c6dcb3f7e6a94f24628920500eb1cffcc78cf88f9a998aa65dfb782382c6196b5ccd4c920a387547d0854ca3301953106d66841891c0d0884209073fc1060b7f91ed24da9264e0c5640454cd1da56491345d534c5023d83a1d9dbd4eda7a478b645b9f7cf3ea916159f0b5c623f377357077f1f4bb15027cfaeb85ae657a216d76032e994cf4a02ad3caf319edde475202fb9ea5971abac94b19db3370aec1c0ae493dde5a4d0c7253637544a782f1c8bbc12c23d7e0431cef1280ee6aa6cc0abce0b28f58cbe69b983b7eb8242054602da324b85936a9806a49dc849c805ff95c133ba51ebcfecc864f12f72205dab6687257afd434aba8ac8eb70005991b0eab9fd0c587ba7af1ebc1991f931cb9fae596853c188eb8e566f1454f5a219b22fd2f06c085587a2f6c88f0a0c9c752d5e1a69b6e86e7bfee6db1f4e4d8fa2bc033e86a438bca10dc6cf95eebcefff76a393604f96ffeb07016401ba23ff39ddfb4ed6c201ada0e13b6e5224a1691f5fa937bde88ed8a5b12c6d815be5eedd929285cd58b05090f0444a0c78fad1a2f8d224c7daf54de3e8a3618ec8eba98291c394658c83789dce996b88ef24a445804b2fbbc0e84154651e954780bec265ddb3dfb0bd7fdaae9a66380679508bc3b6d0bb8ba01e9f97f87c2319255e040a51b061774f73f4365b86970d6ae95b34b5d8150fb12548e3a6b97222effca131b81197a30ea2f0cc8aa7228faf7012007895f0019f4bd81efc2e66877143799e7bc933c976cf7dba85800072b9ce33e699d261fc79e4d8f5f558ab9a47c7cd6a0cfeef8a87c70d8dc62b9fb1df1336cfdc1d28660a09d9631996bcbe30fc93d36be36fd2deba2bf2312f946a01a540fe0556cbd6d06c995706c0f3f08a5002ffd52b7e01dd8c152c23b98038b45d7b20e368fbc65675be591510d45008885a899c17a471700143593a29e8ad5fa241f295d699c82b8fc0fc3ea874407597c81cfcc504268bfe925769052af2aabff536bde533fffc6fcf017d481e92edd1f3a29a1702a5206f68a145352c55b703437a2b80694cd1c01fa1ca0c244b4474d6773e9a6bf2f555f60f09dcf0c76c672cbebd74245ae18ca7219b7cd0317559ddd2ac47a118f72c0a42d87fe5510ab448c0a155fb7f4f0a3916c1291ec8bb81d4327b5a061b4d65b4c4bd5949db0c672578d094246988ca12c7178e1710b239a5e7ba951b34be85b08881d5af4db862c83382c54cc29367a5b949a143e85fa4bff22ed84638df26f43c4dce50fdfd27c6305eef9534e94c071413fed8cf8644ff382422ef9ffe1317cb1fe4a6c30df888d12c2f78f40870ec4b5b9f2aa2d15edc1feee4ac5ccad82fa237adfa98e1dfb728c63382edb463a44384d78786d8999d87c942b38caf4cffbf46c755978dbf74ec74bededc9b6d535144a6c4f5406185d43dbfe6f6cf4a5ded3a36951470e8b956c36e552cdb37a95b2e9f2471852fcd0a719d24e2d9bb3a4188d4834982011c93a268d3413696c403befb990bb00fbe9a7003cd4af24340959d583688b217b6890b906ab74096495a7d307b38d7ae99dd8a6837320c78979d6e3a1ec680c43a1e7caa96bb7f97a4adb6e75d2190320043fcb68fc39211222a3a4a13fdb6938a58c58fd4c01db81be994f96897c5cb91d22e4d7a1cfcf6d9cd3fb3b0b8e2bd14db564c88f9a9d8763062dba3d6c0a1cbf4b59c0156ae33631e7aef092c48115de276babb7cc8642f36632a9d84e9e4df8c5444346079c990c7fd04103ce354b980efc40909026da515d01a185e20e748100319304fdedfc78d7a2d54249782531babd788118590469c96ae760aab3805b61cc894e02a6d8f13615891ce317a658aefa59d2151a8bdb88aa667711b75a4b7aba50ef3b19f380a39ea51510ef489e91ad94f9f0b11e40ba2c1a47bfd898ff52376835f0c36a552366ef8e8a0036c5751afc218bfb39a32193e6b94205e96e6651dc38ee78ad97c2c9c3967d5d9f2a199f835dececb27e3545813cf7f8bc605b2cbaa2225d17cd942ddd474feea44616753b603e70fbef05c57c362f287a4ce717180477f5a61f80612295c3888d44db9015f95be54edacbfbed768d007048bbabdf39aa2bca07c04b3289aabaf143d7be9791eac80dea4c6d6d39780e38cdda3de64081d1939c5fa76de2556a8b9753f7b0d38c0ca2a222ca5d0258374a142ff573352e9b5327e49904758e96261cce99fb54844cfb113eae8df6967ce012fcda2314d6e5168037fe03ef4308f6119758981a96104f07cb1fde092b294c9c7a901d01fe968ff1e4237d51464b7e0526379a25e97b692d4f15adf7e176d0ddef576919cd4faf522069d88ed953cf1394e395efa24ac8d9778c6a7e977947462a4674227210e61c53c8be1c6e73515d1961c82ebb86e2bfa0abe16ac4d75c7ceca9e85c37c7eac2c2a7a1d44262ca52178082c00de240718e06333ba8e39ccd00349c5f1a6e07e28f6d3bb8efc5b60c91b8f7d1052bea634766c4aed653c82438af6067615854e1e57768eb65495bfe2292bd80de093499ca19e4d9ec6229c6e1241d2bc6c23e8a51135d11837e15618fdbad4fbb618eb95a9e614313cc8eeb5101eff2e12d597af18fb24c3be204ff1f3d6ac33bb1467381e973f5edc78a06432a5d9608928916aaa0522781406b0749e311256af300495cdb942814d696dfc1af75acdcc26c9f32c832811f87df8fd839297e34491b280c96e0ea3633af39cde5d2d0f995cb6c682c917b6dd007e8f3cf4064d38061a0386e007df4f762a3948197c8f225ec1626902a6b6b08ff0197e8db7457616b1c56b960e3da2bd120b3e3c96148ab7a034b419cb099481db65c8382793bdcec3d3810aa23b19c2611294c6b1a3e1cf97e9124ae149d8a99ee99641f9ed85d376aa751ad8803ef9633054aa725868428b50aecafa86269b70567071d7901059d0a763e99ea2203c6c11d5f05577b85695f048d281c0e051066a9f8a3cacaff1795e85eb92a5a64afef2d057dec94cf5d961affcbd950795eedfe040de992ab34bbe0f7a2ba5ecb648afcbd183fb0be1ae4e2514112ce3af35579ccf409f9d7e3ab4db0ced90dffaadc5a0b5df0535ac94326008623e33c453692660068e148ad967c4625cc94aa7c727900c14efb638245d3b5cf56b972fc88eb2ea781345b432b3bd4981be24be6ee58f10298b3f6b39b862f383a47a94f761459d36bbc0174f18fa5c03429d08e380cc0b6049a21e93ff5e62d08a702f93f72f17b16a120dcaa2a729f704e2a07868881c04756b3100a024925fffade41adc3880aa517c6f5b6bb3e18589bff36c739f35627d708f81c77a1f789afd800588a05300a8355f8b0b5c93c0e7fc63959060a5015132fd0fd0d414a2e73a662d271da965bf5d96917afffc9b84b8a3030021b2fc4abc13585df4e193638643ce456aa0cc3a13f77758343a464ef5d26446759cfe5374352d52af00cfabb02eeca09c4de99b199ce5b3c99f663eb7d329860fffc090b7a6f4836de6da70cffa1b6558a262c31fbbcdf2167edd43d4042ce3850db8443a0fa85f36e65a7a3c1cbbf27827f46d1cf1eb03267197e6de6d31d5be72add01877ded1e21112e1431b972074d259994fbc221ae065421f009b68db11aba6d3c8d46f33a54edfa794d2b9f7f63f617b8c1df76b3633d002bcbff05918cf9435081da40f857feb190a9a5835acc7c81f4c336203d11d5a925c5e939a4e52f7e277cd489e563edc98909b4d2cd25a928624a8a784ebad95e0e09d9681d29001cd01e8e63f45f982c21f28f97371f8420ca48dbbbc469283b39ff354a435bf178590a9e7bf2ab6fa26a0fb3c04d1b148ad44ee93b23e42a575f6ae21bdf87a173690f3fe94b087356ed3a5b309c6ed99eb43026404fe988cc72718aae736dc9d6ea5ce09f30728aac1f20a5bc8b3c6ad56c274c3846b23763974e9e25ca7582c291ab1234c0b88afcaab32d75836c500c15af1dea2343edb5d880a42272c88c210d1741a5e77d5d1d94fc9291bc689bfeb88fb872c7c260c036502b749071fcba0e6c6d55a5fbad74a96b32135f64e8a554d57369e6c88c28822ed1a25400c106b3ee032c166a1a7cbc1f056c2b1ffbd09ef4270efc74d43be390904d648d6d0feb82549cc164bac42c5fb7acf027de17e3d5c549a21ca8242b58b9b99a9d376b29b265436dbbf2d8134a57bf5f736674de41cb44452eb9df78a358c9da9d2037aab53bf67c6e029e0dc23d63f665e3a74cd216dfd914b0bed11d7a5d4bcc23756ff9c5f58e691fb130af55d14870316b1661c273d2d4d76a0945651d065b11a218befc773843acf2768618a7fa991f346c60065edec72c7669dd4b8e658f755b7674e754c880fafaa58a36f9bca8f4ce1cb9e6630dc5518a6de7bacaf297fcdfafb305abe12d6a0492021f53070fb8de892d2c9fbcbf6a0b6b8c889e0a7a41ea2cc2b2918b07f6905a4ba0d8ff89aa6602760fa1227a8c0a8672acb676e58d386de5f75153da7f4d790f300fa16aa515c1baf9080ffe74d6902b554929f97b2ea9be16cd91a0ce48ddd0ec0486071f3c2e6fe292554365189e0c83fca48ef19df1a2cba0a822f832e92d7615ef83c59282353d8aa155bc10a7e73a5a9cf682c3b5db361b2f7130d2a150b4a17cdffcfdbe3ba59a6eb69459b065e9a93d49f89a65a4ddc52f42874169cd15b2382ad5f5e0f1ea205b529b0c5d6891e82f9c0c7833ac495157421e09b0c51de7ed3f1e399b9cc5373e415d6d6c2028ba67767fef2b0d4926e5887170ab139445f76d6d5906fbeb4c5e188101532037d9d889d25a89ab51fd4847bc14be88f20c0a5a7657894abcd5d578bdcf10fe7e13a18baaa77d441be72e8f8821071914592f02e435b81658bf23b4aab5ada483c0819e14b3823f10aef3ad731e41c23ea4be12aecff41d180d961dc95067af833015571dc31a319bf8fc6fb02127a368af1c905f808228b1c8158c5edbd3797ada935c83b124d6c1feff6c19e8605f842a826b1e76998b24e827d7a56c2b5b1a4f3eb43b26a0237f0356518eb7a40825491ca3cec6dc20f922e3d911ffe4c286f04f586280ab2ce8668e6df0a8ce9acc985e1343594a5a7c226607f0ff172b2269b400b47e23619253905e028e0cc201712aa8d19640ed712bfbbcf27ab61020aa91190f7618036323800b0af7976bd82272e7be4eca8ffa30b464ce1d80000000000000013010000060000000af7566d073634957f82abca659c75163b729bc7009e608c1e406e11be283f8bdb239dc9dc93cb7bcf78ad04a7c9dd0becedd5e6db8deaada60391ef00cdb82b6bea3158cae139c088872c9bfbd104929d2ce63787a4693c459df9499d8cd76798a05a284d9d7eb03891c354872556c2deec1fd6432aa03b598ae23fd89b824b058b688f610733d175fa0565de0698692b5c446bb6a2cb427f4d9c80e31c079a7d1a155ec1bfb2d6ad8767414fae4b5e8a799bc4a7e988ff8e5698ee0d6f9248065ab9396eaa25006000000000000000030100009b5300007b2f3f66b4ebb1333474b2ea2906e72fe6c47cbc258d5770ef077f223be862b0768503953f7ce8f6ff1eb13d14172d26e7eeb0ff1f496a9b9419991b7edc6b43def8372026fa13c8574c49000000000090000000000000008400000001000000b744e74f97fd3fa10526daf1c6cff96d004a2a4f64932ac17250a7277679cd67a93954786163f9c942bc35bcf120a2c3a0e64673a646511014dfb99715fb82d78e278df80d3cf38bdca4d3a778c7ed41aba5a0bf4848ccce26f6082847c426a46b0c2cd8dd54ccdeed442468822b047750764210aab128ba23406ec91c02000010010000000000000b0100000300000072db4b7ef7498457bc2f7c61fcb77d796f5d622eee8042377c4ad57708449689d8348f315fd7a2b0b4374c7ae9628dc425298fc5bcb294f87e279ea1f78344196697072d32ecebc11b137f7ba1d6068a21c76c3d5f32cc1a21b01d8aa4c6736375973c1859a0d69a6055b27dca32be5483bc9324aa194e33d0882d2c65245c68649b4a896d52a47a8f473c48cfce3078a1b6d653688351209b7c2f16f763373507be32074717ef461fa49822406c5b503649f3695171a34e8d0683bc89e1b9ecd7157e1923343bf1e94d50cc83e9609154b8389f2347409a45526f7dcb3535a2b40184f2d5eec7b7946bd9e404483efd36b8265d290bb330124b4747a3480000"], 0x13a0}}, {{&(0x7f0000003c80)=@rxrpc=@in6={0x21, 0x0, 0x2, 0x1c, {0xa, 0x4e23, 0x1, @remote, 0x40}}, 0x80, &(0x7f0000004d00)=[{&(0x7f0000003d00)="9d50b388036a480a247654e557c20dd0ff183a3bc302d5d1a715933ee4e315bfd230dccc5a073cff31796144a53c749e59772856b903e07353026ac2cbd92c50a14fc9b0f43cee8865092e20b0d3ab212d9de3426215166aca34703ddd1a5af1cff8ce38c36411cd39e503bca1de504e625094820e062a7731d2003644c7f10a18da512c5c57fdc3ce09917b4dc735784f622ea520b7473639b1ba39b1bb5cea37bb7a28eca171979d62565dcf06328b840fb520cdb3f4b2f235d09ce8cac38a66b72faaff6e1db441e56fa1d311f5f6a7f35c29fb6ca35571f0e8e43b48fd1180ba6c74187dcbce541759beed8ef458f2eeac43fad3893a2eed47ac3c8d47620fb6fa68f0921c7085ed4b039c1bf0a8ca9458dccfc790ed7631a22dc2ab8fecbe443ca2bdee064d221e58a4e8960ccfe3129ea5e85cd4ad16d4f34e8238f3731135c3a64d03873730827fccbe8357a6c0feb1f79f747f2505afdea528f56a34f9612d14a239b8c61f0181ea2740a71e16f88794f475f80a4c6183a5b4252369b5f957c1b5fbf2eb9345527cd71bcd7c2cdf468e8b8e2318e47e261c20143b99ede79f46fec18ee1968f633804e37ab16df44f9ed305efa468258f82c3f4629af020593f8e20586f413a72186bb6fa3b2b1c8d831282c03d50bd14869936482bfe65266370125cea7516890b25a7a44d47caadd5c689211a5c5a9a1548cf47e12f076cc6672f0f7a237c3d143026eed8b6c8ef9a8b38d2b7b6d85cc9cfd150925dcc194bb1be8e4881e20a87310bea8c23766b9accc9a1375f6d659f4730741bc28ef777ac4bfc9a67ca0344a2596b059ad1ad8dd57dddcfe274d652f09827f4f67486b562e77fa49b5994366836c5694c339cf016780b5fdcb24066ce3cff794ef3c5e29b31742a83ada529e128c37de0dd5011c5956f45eefe071d55046b6fcbf5903bcb7a178821139fd7efcb356837d029015c142b581606cc41535ed54aa93c2c1203e4d329896ce231611342c4ea84a26846b89789414270b6e05dc012157d49e9da10468e47e239624dcfaf988e2c0b471bb748969b30503ac68191db09c1f399763821be7cb2b76a1b7a5bccf0e5283a7a5be102b0f31825def3b05490e672ee08a8ed139d267a2fdbc4c8f885b9f514b8551400396ac645d02f1c6b478feb83189897f54fb92c532d3b88660a6fd1f24a36852b88af7740d2e9bb7abb95399e20f2ee63bd2e78736de041f1894f50567cf2d4f5d53e8757e2f72284ae89d65ade1dc52d7d345628fddb0ce28ced98ae3f70de8afe76fb2861d49bd4b2a3839e144dcc9fc86ecac5a0adaa2c6e7ded2faf4a9f1c37ffb8c8cc59002fc964e5cb3a14db4a5998f1f381fa7dec4231d02187fbee1f8a0d119656857cf7bd4246576338a42bcf93be48d2aed9edf25c0cd578fd292a0d6dfe597688699c7f2d730a08a999df25ff68541e4132ffcf5960c69f66dc89e40c357a5e7d144cec4a24b65ad2cb223c220c84dcd92edb711d698570c9e63ed1b2ac136624f0c65eac1d6626143f8916c275eced747c6436f565b20d39b2f44fe9cf7423751cb76e773538215ab0a9a7c5c4a766c0c17243aa2fc5d6f2aaa43c19f84745be739ebea29a02150a3a55d7dfc5b963cc8445fa1923a2238055259be3d49d5971f7ce71846445f93c0b465501bb9e82cdd936a66031591bf21daf149ec0bb5ec8a2a0a0f5324f162fee3b76cc3621fe92c34d626655fb434674b7fd9afec02f8174cbdf07136c52fc2572cd3036f2be1a025dd50e540cecd27e9329d6b1144c3e1da5e28298d74f90864a3ead45ee25acf1a06da82fcf1e3401b0e6f140bbb3f38bdc3bfc6c63aa728f66f5c63d978ea142ffd08fb36a6ff25c0d65add9ece29dec4459ba074396b7582d200a14fae316bc7ef269f3381e6faadbb967fc3c6d7f508626298edbea2ef72fa70754eaef7f410d9c96b2af94035d609dc0eba39a16155158b699386dc40647cbb649d30c0db7f958b4b65257290b73c09e2596e87f38ccd5e69c3b3abb76a4dec73702d9e1d8013d4377af7b7f6793f6cc418d873e4795cbdffe514c0956dadd8c122e9ba0b92bf0f04bae42eb24c479fe241818211671d639c134190873f2ec54c2fb9b3b6401b878b552dc318724e8c95998c75aefb50058ac685ab8724601f49c52c1f76a8c23d0b14822eeacbd4af675114825dbba04527469e4f97e5b48d8e5c2b630e0ce0d0c1ef45f99911a74075c941c0a99004217e616a3131d2ba023f5ab9abb8adea1658f8040bfe2669b1f648b834cb23bac6573fbe2b84fcfda22bc1b7da07e1fdf87ef2e42c7b8db3bdd82b36803cb2e58c14d0c8260259a83a944c77cc9f2866fc13c0a025402d7f977c9b0f7fcd315a5761adc6796b22236358a130a65e46ec13a98a975edb0c68ead3c5b77f6994679737b99092c280e59ba73a84e49b18b40fba5d444f6ae92f4d5d458ec0f3e78cd8af261b97d40fca43fb787e49d67118bfadce4b56f2e0fd6c1f21b6c920ad5851dbeaf8ee777dc25a467dc65a191961532b2c75a776886e5c1affb1a64980a81551fc8771129238a801774a30c723e205a4eb7b059b17cf5469914432bfcc0d6217871f0850b5e4babf91baf1f686e0e9624d3e922a64702523742e9b8616c61393dde10c6092013e00e893874ec1fe4db35922fe36835c11bdd6f0f087cba1c4ceb9aa0d12eaea279741054aa039cbd0c2cbcffde6d8a475d952764680e4b407704d2c15a8222e20e72acc6b47bc67f98af394c12726c893271f8925aeb0b98501682d86c1c57cee2982bdab90436dd2b23109c678cc6cf445d0ebe639b0941d93412984a3e7a483da9e065a308972d83dd4a8ac5f1009bcad59f071d693cf7273617a02b130cd70dc3cbfd45944818fdcc3a2ef67b6ea86731ee1aad365d761384ffd1b0524513f7ef4b9bd48f88fbcd0462b39cd5a321ae983096b97d4878e28e68c0244c9ed0b8423550a72cb5388c7355a277a9f428a443c0769fd469c7bafe7e8c5b68a83b9fa5f9395444843c138160cdbd84541789f256ae132ff17258451a8cae3eb00ea6dd94a0efd78ac63b404a3332eba2b5fe0e901beeab45b3a422cfd01c090eae3d0830e2ee47afb1d0f84591a3c01d424699f5f978ef272cf29491f19be14c8e454eef98107acb93877e5849914857345095012fa5e85df72a38a570c201106f140bdad8b1e90bcb7de336679a2237f212eda1dd39b9ad0d476045e03de7273625dde004ec8b2a7790d1ab0450f2a2ba13683bc1968b0ebc9496d6665705d4281c0f7f37cb3877581be8c8f68042461be750dc5bda4d5d13ed2ebedff49879e2d8357dcdfdca084354c643d7ee33225fc2d3afc85b7db2d2f73b023d1a53cf988f81a8610735e99b7a8259f6f4e24e69eb9abf5dd15ec5da5cdbf871f7e10ed52ffd95632052504bc10ff5743e2b34f7a7bb20bf9db0adab3fac30d03f91374daf1abeb0835db9dbd8780cf177640c60e57ff2e8445ba8e8eeae090c9bc3d4fe50d0d26ae598d4036285c37459d1a3676cb55df815cb97177e221e29773febd1a860eaab3341a66923e73784dd4d486d053b7042e6fd2a82d050a590e9bd054664beb35559ff3846bc81ac5752a9705aa71e6f3bf0f7247a8d12aa1820a7c084523f43f5c6cd6939dfa5323ef31dd418862bcee2d3d57a518c2e811334fa8b84c4c8b58063717ae0f137b883d0f53443b8783c9b363ac230796b666feafb0a30228ed1f45da396af9f316af8b888fc36c97e9b569864abfd1f79530a493af54659373694ec5a5992debe8f95479a03bd6e5f934fe169cb32d929d01ac0dcfbec39dd0cc8ec52e8391f944fa87933b9dc906f905d84ec2473da5704685a1fa0ab05dfb9462cc898bb6a4e7cc791f0db5df0a77fe699d60b2c487d1172b30adf4a4500554dcf9f92d257c95650151af5e9df397cd85678f54a8bf3b7548eebfb8676351e5f8a95aefa7b16e1485107ff4cdf5ab82c45812c2ada4e7247399f37b5a897b680b6bb8aacf8e55c3b6178dc111a536fe8dd23c594718515f43f038de82460037fccdea1f835c2951b366cec9d7165a5ef39117fc2413618f56af72b5921987c282660b15202256fb6618cb51e995e5068806b602a467698c2fe8cb1194649b5678e10bdc6e5e86fd34d8f56dd96369210e1496d47c09c9d832ec07ddbf2ec2d911aeaad1ff81c00bf4de23bbec0e9a567469f25e07521d16afb49cc485d39d197936e889ef6344df94aa8898b45c53c8ba5f2a2f59762c074a8a0c50a5a860aa038e922cc3c3ef14f9ee702870566c0f2fd7c4ad17f889995e24d67a4049deaff351054cdc298e52eb89a4ce106681d62ba327e9da984237d0c2505501cb2c49dc519848eb09ec2cc19dc07a46a058fcc4c4dd308ce170fd47a4c49847104ffa22a838ce97ba80af3418871922395a3ea7cf6607148da537ed93bb2505c25bbffee71573c43ed8d6b9fda51d37791d46c204adb3f65ac3e905e2211085edc531635e9a43fcf78b48be0d2a43845152c883d09614af466fba3ced8141aa54bb6f6815b2a5e7f79206e78620436532f8764ccdd1a278b5f8beaba58125e4c91dd020adc4ec411e01a8af3f87f96c6f98f6afc3e6ba818493e963340efe3c37b5929e5ff8481b426f7070eab5d336aeed6eb0a031bfbf50c58b12c9ad43c64112ead45e6b66966ce3013c99b29f81394fa6eec5a842e24c700404e584551c0bfaf4a2b53eee8eb254bb46de882f6f79c985d74d046cd0bc11076d7f8274ca4c0525e6bde202ad2256724ee703628beeddd561b1fce18dc33fd98de3d0ee7c742f42d802bf0dc882a23a486d98792ab145200801a9c318ab635c60bd790fa6a2e118a28abf6d324c2e79f083a332b5bcdc43039fa7d16c5e56df48f6ebbc9994994f867de01960c8a823110ba7586804b3bef07011d6b94986f8a65a3bb25cfd058adc57d301d4dfb16ed776f77abbc9df95e6d6a07953baaa31816a412c6df7c611e7ab9055190871d8c26891d8519568c3a725346451e52a925c88c87501f977ff0d6b7231318f5cba694675894250a79754c6ac62c8b38392c5c96e48632e52c8edd75f97a6272c04be8d7e48b17fc4b553cce48864bac99f45433f2dd7d023cd046969d820bfc11ae5ed9802cb265b34fdbb6b09fb36bbb4a7156143bc6a8ed13666fed91b0c262b5322b1e1550e5a4af60fec89960aba830c98c29a4446fb1181a05a94ccf4d834ea3127bfbfff9fa5dd7fbb4c5ea339662ec51bfa5305b70eeb4c5e4f9bfcfd8af7c0000df5e3c3311eec8504a7160095b6dc20bd2ab3c4a29615f3d615922030e65b77733b6a33c79f8a0bd95c98b8b750f8878d5870fb32f4712aad70ef03583ebbbdc57db0b059e27db04fab78c2beb643aa4c3d1d04c0e969db1c6be3ec02287cdc2db80a6fb4bcef1deaf73a4e086fea6c6a525020c83519b2fd80ca6c22c25dc2cab80c14f29cd481d11c4a109f48bd8baa70670253054c14ffcac42b3a8a0b1665ccb53ee46d46292928f64ae3e483215e53ee112f8369220166ee37e84e59b4f28cfc117da6deb9e1258b102b00d787ddfd4ff2fcf024fe6b3bfac5f16184c822140dccd26e860d2b40ee0c35a47ca5e20bb5257663cf72586ea525885d2237a7e920db28b0e82dec12cbc68b7ec8be8c821536ab33cdea4d97595048f35f554b6e6fe3dcb44fd91c7178fe80ee5f5b1e162c82d6524ef73e157b12b93af42b4d4a34c40ed2ac528", 0x1000}], 0x1, &(0x7f0000004d40)}}, {{0x0, 0x0, &(0x7f0000006200)=[{&(0x7f0000006100)="052cd4e6356b9c1b0baa2f", 0xb}, {&(0x7f0000006140)="b52f0a93da7fa1fa02c6a27b8448d17c316acb87f9980edd83da72dcf11a708af24376c8a8725cf6bdec9d29966798c5c87c31cb39b0c7f41c10b3692877029bcccf6be08d130673e66ded133d3a2919e28f051b7e522b883691c9809d58dbf20583165a6ca30e00adfe31c9550ad6baff010835893956bc20613fddc1bbb6ddc03bcc732d76df2844753df6b9e38870d48fd1f41daafae7401fdd2ff317140b9a100b83a97b80dca8b3fc2fdf3c3382946dec", 0xb3}], 0x2, &(0x7f0000006240)=[{0x20, 0x114, 0xcd, "bc7904e65a5cc98367"}, {0x10, 0x0, 0x3}, {0x88, 0x88, 0x8, "d448a13ca60c16604182f04c7d230ccca1b3e1fad4c2511e481184babc2190b37e525349188742da63643ea207bf2b94877ba399d4ff32890ac73397833a4f7a4676c6edcc4a745f4707f313edfe79902b65a3a52838c1a360ce06e373511dfee22b011ac8041d8812d64361709741d3d92355d560d509"}, {0x48, 0x6, 0xe2e7, "db379ae608da656bfc2f1912516c06432067fe6f54d0019197d91d7d0a1c0c59d96ade2b2fb9df0915f25811e628f60387d599f4"}, {0x100, 0x119, 0x1, "7713bae57266c09d03bfce17ae61c1f937deed9de0b812afb9f322d11016c265dbb4985c7a62b45d971ff0016cc8dc802708bcfd61609a104a44a9740ace9664824a23734ec0ea5d6a4393765345306d71c5e7423463b1a066134c43e8df69c7acc912dd4f44404c6bfbd5e97bb461eab29d73873ebe197e9253968f88ba3edade9f79398312c9c349e32e2c95bec345ed715b86ad08ab37f5dc0ee8dff683d6ea8dd79a875390a7cfd6ef2319c11f940c1ff5d803be7d735e6d1ac6b89c8cd984e0f4b08875bf3bfd67615ec666eb19a6e7bbd5cfa8c38bb5d848ed498a9d43af7d0cc9da5a6511bd9ebb2d41b6"}, {0x60, 0x102, 0x5, "ca92733e6a5aacb3f862e414e9a068db134d5139979a12c37d7c2f39379eeff62fcd406b708953c67c4e395940efb9bfaeeabc77dce7d0c267e3e92295d11ed4bfd6fdb2bd23a69cbcf37b"}, {0x1010, 0x6, 0xff, "6af4533e411d49a72b7c4872868d6850cb7d7c4991beb53f595362432b7f1c61fd34999d9a442f38644fce041380be6144f36e16776d991ae202f9946d03f131a44c2450aae984336579f440a500dd5f00ebfa88bbc830f8f8b419e8db8992d87eaaacdff5e299d74b64f067a3a26b1568ac9461cf3b68fd207b1e99af4e343f26ad84127dbb50a857bf38b6dca43c2dd9e6f15b1b1cd69cd779b351d818ae2e426ce73eaf2aa86149840ebbb9106cb75c9c9c5bad25f2e982bc61d446188db08214ce6bb8d922d72dc1eccbe6a97fd62ef859b3c9203f7854622bfc5a7dc1f65a0a9db538c994bfbb5145c4daf5e703dd1b404ec84ec58afdded5c855c3a34c9da043c814de68e6e91c82e4ac5c3781b67eae38b1a8dde6abeb4a6021e74f6187aa6a192949d064f94c7634544241823db2cdf518fdf98dcf833fd071dc5d3e884cb06c78d708a96426ab6e9f3b9956b3ee6f979e6ad3e29ea90c6b94ea314ad1c6d33dbc1f79d05e0b015cd1bbf35a8547bc892e3a23e6424639dae2570355c7061f1ba08d55e6907311ad22698d0e1ec627bd96908414f13aed644c9a68811b4b41780923c80d91b3889c30ce9c8518d04382c603ba5030207332d57b2f01c47c91755f6ca36548f0d7288ce2a4673463087ef42e995ed594234b914c95997d15b32e8372e3cb2d2caa1946e41b04a5d716668f922fa57d590c73059038ba9c1b40536a6e6e11548f521432af705744ff8457b2b54644fa366dbb7b476efbff32ade8704f97d415792bb6d0aa3b16ddd5e4c45918039013e308ed113b1304e9219cef8be91cce4da580f28d9483fafa7cc799dfb860e62fec620fc5327a044b062db1b5e712ff5ee71c93f9fc3bfdc84d0f64fc715ed224c14f2ddbed1df08e1ee457ce5e728735114a4d5ba0b94849361c978939a737e88a087eb1149b315a4216d1a61bc3e98de67b93652afa696d16d3fd40391cc0c2ab9b6325c3a61a2fc4af39645fda05b5218716d4409097ae59de60b1c769c3e066898676c022cb14b975863945d7f01d0d4bffefce7a6e806f71cf4a5a0ebb44e17e8232f5125d708d16c69038f4782a8b15c583724895563877ee795c57f1cdb664982cc060f26b126b3d31d48c7405e7015465fb1e9cf358e67708afc7eb364176853391a095207a8b1c8deed8bee159a8e3e3f83ef01f296f643d50731aac226ed5b631e0209a3e44dc77489e4902b1d00e6bfdb43082f93ede5993cdbeeaa9473d7b485dc2a7336738adccd6571f9af6a36f1d6f5aa25c13fd55c7ec410b75e1bb2ab8df4194f9a3956e91e20c5e94f8a8ba4a6b4e20c9d9b43c7afd62939a52107d9674cc2f40538f1cba0a7acbc3076d1f181d2b61ec4ede7387461d4ceefb6a6ed896589dce747eee06aef937f114acf003ce41913c760c16bd59c92b0a72989a584f95b9c2e77af31268a06ecc7dae51ce7a2b2eb40fdcc94a8925989dbdea40b2730d11e7aed65a1cc1a0e1a4def07bd127945574915f6cca336109283292a1fa959bb2a7866ae9ec7bf418e15abc6a4e96466c37e11aafbc935518edccad741bb2da0c607dd9d3ac61c8aafe36a0852688251f1f95f792be8c9880706d4c56d9f8b46330e2ae2df067e337165f17e8b65f3b988cf7c151b15dea3b288807de8321587b3f4b9ee6719539e78b676e50adb2dabd5c92834dcf7811f8c0a3bddb344eb6544d7a8e9c4e795b49af2e4b0cb9933d193ea54f017b8c2f3b1bf1e35a3c09ac4a46441d3de60f7b2e963c560b2720df8fba65feb7953e96834070c5c08b352983a70e1d27daa7e7b0a79dd8c295c2bdac8dbf28b40fd22a4b0a30a271f8e8aaf0deed743ca4503e4620b4922bd14a2166ef485f9dc4e0a1066b2b54b19e9c3c4ecbfacaa443bb506f552822611b69150b2376d1c4f8a7c0d697648cb27dac07d482fd7153a335bde12db34f20bcb00913834ef7362b9d2e7e0e976261e519f4378a5cc7cb1e32927f81c4d2487476ec0c4aa7ea5ef4dc9e24ad9b93a9884b80b624a884af2a6f3f43e30b6bff1d734182eba489ef5a8b425b55611e9f30cd4d1802390acbec197bc2c9cf0fba8f65d1b0932cd4226a0c640490eca9946a7c3b708077521cd8d3acca32be6001c997ac085d4399e429271af10f52670fea69b5d8324fd49099a29c2b7ce82a102bda56f25c5c4a97243c3a8102b71b6e3761f1feff1ddce2bf899eee537750bb8f244a963fbd61fc82c19d2d428a226ac12ae7efdb6d36664bbe18931a171b5880df2e78c4d71188fe0ce65be2edc27ab1b122d8f29e6ae42c99158d5345b55b2ca8dabbe45fc7bcdcc9ce5b9f18f40293c9c1f1c15aa814f7cb7fd35cfe1333897a6e69c9eac892ff803bbbb21466ccdd10289393b491d6dae9f57f7f6a06e23fcfb8b7973e5841437f872d10917f87b2f880a100c577355022354192f6e7442856ed6caef9cbc9588599eb301625e8b343c901924259c4894d447a63a8d45ff3a614c76742c9047ac30ed452399ce4232213eb54fc2a0a7a620fa6587ea314c2c527116bb69da308ab9a5dcf39c45f5fe22ea46debf999117f86e9af4dc3d402747a30a34f1f576feec5badf37d18dc43b6e90db5cfa470bfef0346a99954a8aa0b9a255d925cca4e2415804e0d8a78ea962d586e2feec30e5bd8ef9baaf573c6e5db0971a5279b756e51fbdf6b7ad44d799b9a9589b6b0d1b0fee0f3144c64cb52fb13a21f76df499d1ebfeb1b0b1d0c5c83a64948f0c4d50f090e3d4758235f31b4b0a65788a7d9abf8ce30c1c848e46a43bb50892fc760161b5e060b13c37bc0b04f0f7fba2d37fa143d9f457cd5e1c8e78c975c5eafcea041bb0025e995f9f5013a97ca14ea02772f116f7515dab735c3870ecf1f373b906f2dfbe39ba5764a5fe8fddec8495bdbe6408771dd4e20fdd2a4a768189bd836e642cdef454c53093c2d0420d63a6758417d658e12e513ee5fba7f66cf72a1bb8f77840389b247144cbd47440246f26efff87d1a880b33f79ecf2296abe6e400ebe412ef00481e59cbf32d17923296a66bf451529e7b92e6c5dcd74fd1103564438960eb147d18e6ed8760a551e2caa485178329c05f034a50a1e7087432b0d2dec021a0a3091fe3e8d11751c8d1934acd37ea64e263358cb0dea7449a423922713d29967492d6902889a7cc56fc5445c00cdd5624505f8adcd5e990bf26e5353fe42ec28e048cd8557639108c56b38a5b62f16cf3ca98733e4c83a527b3895a7f25c1dd9912d632bf477c82d3473fae617845f45ebb2d806a5c407133ca7cbff505aefbc452ad07c8c23163fd90e566f9e7a52c7a8988f3225052a0697b1eaf0e8bfaab8d5d466054c3d70fae6ba39ef0a3115245bbe375c98c8fe7ebb867ecc487d2ae66b46da51e4a28fcd736a099dddf7068e4fe6b0890aab2b6a8ba2af54160c09ea2b5c345e10adeccb6c00c810246f689b7682401f49347052611d1cdeb2ea0e7c26a6aad7fae4433d2b266d6631ccdbc199daf4d4c56f10624c72d6c2a58d2efe8b95910863283dee00fb08b2e5098947ab20c622abe136e7d28ad4336c32119baefa35aae7ee5606008c403e51aff29ef8a61107e9ebf29e55155cc9888ba598042fc4d33e4941c4d015f8228bfe78a168d7d19ee0fd0ac4a435d4afc777359b7ca8bedcf69dbfa9e7bc480ed845b2bd1a62b8494502e9013bc3137220a0d8eb2647e8a2dba2a679a7be23dc06df11086349319e76392f646da0c12ccfc96acf7cc06336ec76b483147845e3d4bf9bfec97b23049c5a24188bf6d86ecabcec5a54807a725a4cb98f100127c62b6fee373b69412f060619e3f688b8c08864a804bfe8c60bf4bd7594c2870c1c6583938f30662096c9244e02ac6c342ba760bddf427e76b30696e9338bb7d99508bbb615b7ba02efd5d7264ff156404049f3bbd1193a8e9e98b63654147cd226ac9fce178ce39f40c8587699310db92c416bba2330f6e49e195f0780b78ac12f472fd9cccc5dfbd2bdb292e5e7623c0bf42466c1ced1d959385dc27989e992d57d9cd97ba075558b3a8fa8b2173a0f4650c56d9305e7e80facd70aae6c7469caa1366f1495ad7bcd6b15f521b13c66153823b9a335c77425163e6763d76886d9b02e0f568254c609fbf389f12adf78953ec47be12899f7b028b29afd27e16677e81c8394f2e3b29f7784535040faf10f86d528c40ba16f8e6d7700009e2f77c3f29e8804c2f7445fd4f23c301b4154559a8f6affd50bb8043958f1c16db60a1223adee0cc6f207815f320175d63a0cf0a211a5e271eb18129cc1a2924fba6664b0b18e32535959d7d309089772315b8511ba1cf5be36ba9a250c96a1c09e73eaf91c2d53fd24cbaa0e2ac154f38d4c67bd752d65615e655efbfaa093e1ef1422157e6b12e194f4853b6f4594035e1dfe088f388876d61f3d7a9095a93f577961f64364663916efd2fa9f7560c4c83df25547cf74445a81b916acdac537aa5ff114b0c5217a0665552321030c99ab174e50e6c98cfe4031bda6ba9d70ae73ee50dbf1819544e0e33db212b3d6c13a538618c108a9dcda868d421dfefa0f63d7f8ef98de8b0d3c40e6c79ddb6ea0605b468c5d6d05c4262e31d5897651a960242914368e337af910545f5d717cb84524d4ce0f08428c406561cd18c11176fe0137609049e14cb31b1f18b6a5981a077befc959b64e1a1a654d95489dca1f7e4ec009a54a4c5cdecd83be740f430df5c91b4ab6fb6fd174d8d140f85e4c0ccd235522738be41f634d3b35214992ea21305d15d04f854c70338d3b71c35911d685c99dd6a7c46c1617e896f12ac6b7f884bacdb066945d1eb50832021f2dea85f885212f139cd13f2d3e6ca992c12874b553157a7293f354609eb3e69a8df52b8195ea2a616a0254cc6c4c4f6db5abbdba3e164884867d2df08f15bdc1204a2a04f5bd87d69d5757a8f1a2383faf3775790f1ca83b1352826257252e00b3d627390b759bb3ef5a8b2f29245e7aa13121f663ed9017b6cd72aa3907f95b985e1fbd0df152a4fa263edfdde62169010c680e870d88555482bc41899718b744c892ca6d8d525d79455f793940d278b90b73d4e85073a41f5714e306dcb0367cf91808ecc939c3c162d9f53704416d358718bdc566c856fdd03875eafdd8b4984c5086e10fa402a3dea64806964409368b6c5b9684b9cc65fa26b03cf52d92eb642be37dd6fa0364b828c8c333f45713ba37ecb5fa4e9475fa379d28390d3c73b13d96cad1818d5428e7d99c0df87b9eec122a892423b3d741219247fde2f8ac0d241fb1827aafbd9d6cffea2e8a1d86e9871d5a3c8dfc1af8d810be9d7cfd765996668dc0e1cab61ab8d88678283a9a5eee758af23f27b2308b48d5e4c2cf28151f72d1546f265c97b0b05c4cbbcf1dd3b2a5d5cef9fb80d5accc22fbe41b7865e361fd20eb146391c3a20826728758a524d957cafb57229f74904ec2b7232219309ce81fdea61f19686942644e2deec21eecd6fbd17c4f01c73bc350c653e433884f1e56afa9a2b0eb578da1a371ce9fc7404f3bc5f21cbd43f4de4e340e28b5d92d643cce062844c7aa6fb10470a0e02d462e34d269d5d891f909bc914063e0dd8c0f298633b3d84872d349829f2695e29bac9b2006dac45c74150dd1528d7471dcc860cbe71fed580a293827a8afa591deec62e80f0cdb527532ed4eb7080be10c3e895029ce5a25177c68303e26ea0fe97c083275bd0b7b568b6d13b630c5e08360b453a92907fcf795"}, {0xe8, 0x1, 0x804, "f6a389873fc51a0ddb1a48d8a8625da59753d77d9d6f5a3a9452eedef27da65bff66e5f41ac73726265d7fdf304ef27eebb1adcf9eb5ad3d5854430f938a7836957392c3a1703cc0e78c0d7f2bdd299fcca28ee1a521e4b9c85f4c410f5da6ab042c5ff174efa659e839616a35cea1993e387b377d35b0c7ed1a9c89c27ed7e0ee5e3d27ce871fe7816ab8e81a1067f794ccaecec9fe4a29c6c87c9ea3f2d77f8303ec4e3370abfe1beb771cc4aa509dc4e4810c620b591707ddf9d00760822c31e2459e950056cb120dda880fb5e6664dc834a316a82645"}], 0x1358}}], 0x6, 0x40810)
mount(&(0x7f0000000100)=ANY=[@ANYBLOB], &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='btrfs\x00', 0x80040, &(0x7f00000001c0)='proc\x00')
r2 = open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
getdents(r2, &(0x7f00000005c0)=""/223, 0xfc61)
chdir(&(0x7f0000004d40)='./file0\x00')
r3 = openat$ptp0(0xffffffffffffff9c, &(0x7f0000004d80), 0x1c0, 0x0)
r4 = openat$full(0xffffffffffffff9c, &(0x7f0000005240), 0x80005, 0x0)
dup2(r3, r4)
bind$unix(0xffffffffffffffff, &(0x7f0000000040)=@file={0x0, './file0\x00'}, 0x6e)

09:18:01 executing program 1:
r0 = syz_io_uring_setup(0x2de1, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000002000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x0, 0x4000010, r0, 0x0)
pipe(&(0x7f0000000040)={<r4=>0xffffffffffffffff})
r5 = socket$inet_udp(0x2, 0x2, 0x0)
close(r5)
splice(r4, 0x0, r5, 0x0, 0x10005, 0x0)
syz_io_uring_submit(r3, r2, &(0x7f0000000180)=@IORING_OP_FILES_UPDATE={0x14, 0x5, 0x0, 0x0, 0x10000, &(0x7f0000000080)=[r0, r0, r0, r0, r0, r4], 0x6, 0x0, 0x1}, 0x6f6)
syz_io_uring_submit(r1, r2, &(0x7f00000001c0)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index, 0x0, 0x0, 0x0, 0x1}, 0x0)
r6 = syz_io_uring_setup(0x495a, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=<r7=>0x0, &(0x7f0000000100)=<r8=>0x0)
syz_io_uring_submit(r7, r8, &(0x7f0000000040)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x4, 0x0, @fd=r6}, 0x9)
syz_io_uring_submit(r7, r8, &(0x7f0000008540)=@IORING_OP_CLOSE, 0x10001)
syz_io_uring_submit(r7, r8, &(0x7f00000000c0)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(0x0, r8, &(0x7f0000000000)=@IORING_OP_READ_FIXED={0x4, 0x1, 0x2007, @fd_index=0x1, 0xfffffffffffffff9, 0xee, 0x9, 0x0, 0x0, {0x2}}, 0x5)
io_uring_enter(r0, 0x302, 0x0, 0x0, 0x0, 0x0)

09:18:01 executing program 2:
r0 = open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x1800007, 0x11, r0, 0x0)
r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r2=>0x0)
ftruncate(r1, 0x81fd)
syz_open_dev$vcsu(&(0x7f0000001700), 0x0, 0x0)
sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000003980)=[{0x0}], 0x1}, 0x0)
io_submit(r2, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x3000000, 0x0, 0x1, 0x0, r1, &(0x7f0000000000), 0x16000}])

09:18:01 executing program 4:
mkdir(&(0x7f0000002200)='./file0\x00', 0x0)
mount(&(0x7f0000000040)=@sg0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='virtiofs\x00', 0x40, &(0x7f0000000100)='\\\x00')
mount(0x0, &(0x7f0000000980)='./file0\x00', &(0x7f0000000440)='proc\x00', 0x0, 0x0)
r0 = open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
creat(&(0x7f0000000140)='./file0\x00', 0x100)
getdents(r0, &(0x7f00000005c0)=""/223, 0xfc61)
getdents64(r0, &(0x7f00000009c0)=""/4096, 0x1000)

[  259.627887][ T1041] loop1: p3 start 225 is beyond EOD, truncated
[  259.634214][ T1041] loop1: p4 size 3657465856 extends beyond EOD, truncated
[  259.646543][T24982] loop3: p3 size 1912633224 extends beyond EOD, truncated
[  259.668502][T24982] loop3: p4 size 3657465856 extends beyond EOD, truncated
09:18:01 executing program 1:
pipe(&(0x7f0000000040)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
write$binfmt_misc(r0, &(0x7f0000000140)=ANY=[], 0x4240a2a0)
r1 = syz_io_uring_setup(0x2de1, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x38e, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000100)=<r2=>0x0, &(0x7f0000000140)=<r3=>0x0)
syz_io_uring_submit(r2, r3, &(0x7f00000001c0)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index, 0x0, 0x0, 0x0, 0x1}, 0x0)
io_uring_enter(r1, 0x302, 0x0, 0x0, 0x0, 0x0)

[  259.742495][T24982] loop3: detected capacity change from 0 to 264192
[  259.757709][ T1041]  loop1: p2 < > p3 p4
[  259.772285][ T1041] loop1: p2 size 2 extends beyond EOD, truncated
[  259.792271][T24982]  loop3: p1 p3 p4
[  259.796403][T24982] loop3: p1 size 11290111 extends beyond EOD, truncated
[  259.808493][ T1041] loop1: p3 start 225 is beyond EOD, truncated
[  259.814787][ T1041] loop1: p4 size 3657465856 extends beyond EOD, truncated
[  259.825847][T24982] loop3: p3 size 1912633224 extends beyond EOD, truncated
[  259.841406][T24982] loop3: p4 size 3657465856 extends beyond EOD, truncated
[  259.952776][ T1041]  loop1: p2 < > p3 p4
[  259.962606][ T1041] loop1: p2 size 2 extends beyond EOD, truncated
[  259.977096][ T1041] loop1: p3 start 225 is beyond EOD, truncated
[  259.983393][ T1041] loop1: p4 size 3657465856 extends beyond EOD, truncated
[  259.999832][T24995] FAULT_INJECTION: forcing a failure.
[  259.999832][T24995] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  260.013214][T24995] CPU: 1 PID: 24995 Comm: syz-executor.0 Not tainted 5.14.0-rc4-syzkaller #0
[  260.022026][T24995] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  260.032619][T24995] Call Trace:
[  260.036024][T24995]  dump_stack_lvl+0xb7/0x103
[  260.040745][T24995]  dump_stack+0x11/0x1a
[  260.044911][T24995]  should_fail+0x23c/0x250
09:18:01 executing program 3:
syz_read_part_table(0xe000000, 0x1, &(0x7f0000000480)=[{&(0x7f0000000000)="020181ffffff0a000000ff45ac000000000063000800000000000000000000ffffffa9000000e10000008877007200300700a6ffffff00000000008000da55aa", 0x40, 0x1c0}])
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)

09:18:01 executing program 4:
mkdir(&(0x7f0000002200)='./file0\x00', 0x0)
r0 = socket$inet6(0xa, 0x3, 0x6)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000040)={@dev}, 0x20000060)
mount(0x0, &(0x7f0000000980)='./file0\x00', &(0x7f0000000440)='proc\x00', 0x0, 0x0)
r1 = open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
r2 = socket$inet_udplite(0x2, 0x2, 0x88)
getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000000240)={0x0, <r3=>0x0}, &(0x7f0000000280)=0x5)
setuid(r3)
chown(&(0x7f0000000080)='./file0\x00', r3, 0xee01)
getdents(r1, &(0x7f00000005c0)=""/223, 0xfc61)

09:18:01 executing program 2:
r0 = open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x1800007, 0x11, r0, 0x0)
r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r2=>0x0)
ftruncate(r1, 0x81fd)
syz_open_dev$vcsu(&(0x7f0000001700), 0x0, 0x0)
sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000003980)=[{0x0}], 0x1}, 0x0)
io_submit(r2, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x4000000, 0x0, 0x1, 0x0, r1, &(0x7f0000000000), 0x16000}])

09:18:01 executing program 5 (fault-call:2 fault-nth:0):
mlockall(0x1)
mremap(&(0x7f0000453000/0x4000)=nil, 0x4000, 0x1000, 0x3, &(0x7f000014a000/0x1000)=nil)
mbind(&(0x7f00003b5000/0x800000)=nil, 0x800004, 0x0, 0x0, 0x0, 0x2)

[  260.049348][T24995]  __alloc_pages+0x102/0x320
[  260.054117][T24995]  alloc_pages_vma+0x513/0x680
[  260.058910][T24995]  ? page_address_in_vma+0x264/0x300
[  260.064350][T24995]  new_page+0x124/0x170
[  260.068522][T24995]  migrate_pages+0x3b3/0x1530
[  260.073284][T24995]  ? do_mbind+0xf50/0xf50
[  260.077615][T24995]  ? walk_page_range+0x29f/0x2e0
[  260.082657][T24995]  do_mbind+0xd43/0xf50
[  260.086890][T24995]  __x64_sys_mbind+0x10a/0x130
[  260.091674][T24995]  do_syscall_64+0x3d/0x90
[  260.096250][T24995]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  260.102162][T24995] RIP: 0033:0x4665e9
[  260.106511][T24995] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  260.126877][T24995] RSP: 002b:00007f21c691d188 EFLAGS: 00000246 ORIG_RAX: 00000000000000ed
[  260.135448][T24995] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665e9
[  260.143595][T24995] RDX: 0000000000000000 RSI: 0000000000800004 RDI: 00000000203b5000
[  260.151660][T24995] RBP: 00007f21c691d1d0 R08: 0000000000000000 R09: 0000000000000002
[  260.159785][T24995] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  260.167916][T24995] R13: 00007ffd632b736f R14: 00007f21c691d300 R15: 0000000000022000
09:18:01 executing program 4:
mkdir(&(0x7f0000002200)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000980)='./file0\x00', &(0x7f0000000440)='proc\x00', 0x0, 0x0)
r0 = open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
fstat(r1, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, <r2=>0x0})
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f0000000080), 0x20000, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}, 0x2c, {[{@mmap}, {@dfltgid={'dfltgid', 0x3d, r2}}, {@mmap}, {@access_user}, {@nodevmap}]}})
getdents(r0, &(0x7f00000005c0)=""/223, 0xfc61)

[  260.213520][T25062] loop3: detected capacity change from 0 to 264192
09:18:01 executing program 2:
r0 = open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x1800007, 0x11, r0, 0x0)
r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r2=>0x0)
ftruncate(r1, 0x81fd)
syz_open_dev$vcsu(&(0x7f0000001700), 0x0, 0x0)
sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000003980)=[{0x0}], 0x1}, 0x0)
io_submit(r2, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x5000000, 0x0, 0x1, 0x0, r1, &(0x7f0000000000), 0x16000}])

[  260.270137][T25062]  loop3: p1 p3 p4
[  260.274975][T25062] loop3: p1 size 11290111 extends beyond EOD, truncated
[  260.299083][T25062] loop3: p3 size 1912633224 extends beyond EOD, truncated
[  260.316066][T25062] loop3: p4 size 3657465856 extends beyond EOD, truncated
[  260.605000][T25064] FAULT_INJECTION: forcing a failure.
[  260.605000][T25064] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  260.618601][T25064] CPU: 0 PID: 25064 Comm: syz-executor.5 Not tainted 5.14.0-rc4-syzkaller #0
[  260.627543][T25064] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  260.637607][T25064] Call Trace:
[  260.640911][T25064]  dump_stack_lvl+0xb7/0x103
[  260.645515][T25064]  dump_stack+0x11/0x1a
[  260.649951][T25064]  should_fail+0x23c/0x250
[  260.655008][T25064]  __alloc_pages+0x102/0x320
[  260.659902][T25064]  alloc_pages_vma+0x513/0x680
[  260.664677][T25064]  ? page_address_in_vma+0x264/0x300
[  260.670143][T25064]  new_page+0x124/0x170
[  260.674525][T25064]  migrate_pages+0x3b3/0x1530
[  260.679207][T25064]  ? do_mbind+0xf50/0xf50
[  260.683836][T25064]  ? walk_page_range+0x29f/0x2e0
[  260.688782][T25064]  do_mbind+0xd43/0xf50
[  260.692949][T25064]  __x64_sys_mbind+0x10a/0x130
[  260.697748][T25064]  do_syscall_64+0x3d/0x90
[  260.702169][T25064]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  260.708149][T25064] RIP: 0033:0x4665e9
[  260.712163][T25064] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  260.732920][T25064] RSP: 002b:00007f0bf3051188 EFLAGS: 00000246 ORIG_RAX: 00000000000000ed
[  260.741676][T25064] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665e9
09:18:02 executing program 0 (fault-call:2 fault-nth:1):
mlockall(0x1)
mremap(&(0x7f0000453000/0x4000)=nil, 0x4000, 0x1000, 0x3, &(0x7f000014a000/0x1000)=nil)
mbind(&(0x7f00003b5000/0x800000)=nil, 0x800004, 0x0, 0x0, 0x0, 0x2)

09:18:02 executing program 4:
mkdir(&(0x7f0000002200)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000980)='./file0\x00', &(0x7f0000000440)='proc\x00', 0x0, 0x0)
r0 = open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
getdents(r0, &(0x7f00000005c0)=""/223, 0xfc61)
clock_gettime(0x0, &(0x7f0000000080)={<r1=>0x0, <r2=>0x0})
utimes(&(0x7f0000000040)='./file0/file0\x00', &(0x7f00000000c0)={{r1, r2/1000+10000}})

09:18:02 executing program 3:
syz_read_part_table(0xf000000, 0x1, &(0x7f0000000480)=[{&(0x7f0000000000)="020181ffffff0a000000ff45ac000000000063000800000000000000000000ffffffa9000000e10000008877007200300700a6ffffff00000000008000da55aa", 0x40, 0x1c0}])
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)

09:18:02 executing program 2:
r0 = open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x1800007, 0x11, r0, 0x0)
r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r2=>0x0)
ftruncate(r1, 0x81fd)
syz_open_dev$vcsu(&(0x7f0000001700), 0x0, 0x0)
sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000003980)=[{0x0}], 0x1}, 0x0)
io_submit(r2, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x5820000, 0x0, 0x1, 0x0, r1, &(0x7f0000000000), 0x16000}])

09:18:02 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000000)={@dev={0xfe, 0x80, '\x00', 0x12}, 0x1, 0x0, 0x0, 0x2, 0x1, 0xc0}, 0x20)
r1 = syz_io_uring_setup(0x2de1, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000002000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000100)=<r2=>0x0, &(0x7f0000000140)=<r3=>0x0)
syz_io_uring_submit(r2, r3, &(0x7f00000001c0)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index, 0x0, 0x0, 0x0, 0x1}, 0x0)
io_uring_enter(r1, 0x302, 0x0, 0x0, 0x0, 0x0)

09:18:02 executing program 4:
mkdir(&(0x7f0000002200)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000980)='./file0\x00', &(0x7f0000000440)='proc\x00', 0x0, 0x0)
r0 = open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
truncate(&(0x7f0000000040)='./file0\x00', 0x5)
getdents(r0, &(0x7f00000005c0)=""/223, 0xfc61)

[  260.749681][T25064] RDX: 0000000000000000 RSI: 0000000000800004 RDI: 00000000203b5000
[  260.757781][T25064] RBP: 00007f0bf30511d0 R08: 0000000000000000 R09: 0000000000000002
[  260.765796][T25064] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  260.774164][T25064] R13: 00007fffa727060f R14: 00007f0bf3051300 R15: 0000000000022000
[  260.841135][T25100] loop3: detected capacity change from 0 to 264192
09:18:02 executing program 1:
r0 = syz_io_uring_setup(0x2de1, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0}, &(0x7f0000002000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000001c0)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index, 0x0, 0x0, 0x0, 0x1}, 0x0)
io_uring_enter(r0, 0x302, 0x0, 0x0, 0x0, 0x0)

09:18:02 executing program 2:
r0 = open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x1800007, 0x11, r0, 0x0)
r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r2=>0x0)
ftruncate(r1, 0x81fd)
syz_open_dev$vcsu(&(0x7f0000001700), 0x0, 0x0)
sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000003980)=[{0x0}], 0x1}, 0x0)
io_submit(r2, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x6000000, 0x0, 0x1, 0x0, r1, &(0x7f0000000000), 0x16000}])

09:18:02 executing program 4:
mkdir(&(0x7f0000002200)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000980)='./file0\x00', &(0x7f0000000440)='proc\x00', 0x0, 0x0)
r0 = open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
r1 = syz_mount_image$msdos(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x401, 0x5f, &(0x7f0000000340)=[{&(0x7f00000000c0)="2f43645e82c7caf941918233ec3f9908b9dd8178ebb00a425c32db338a6c2e7d1d23a55e95002f8a0bed5e2ba5d62128ef86a76d9a33768cb922be398a8c8e40f6fc3acc74695d49a0ae16656733fe22d102a909ef69558a494fcc7031592fad6dfeb3f140055e814e453c2806206429645756b5b0444bbdb6f7bc3c2aa9412582fd63426b052c0fb50333f1da58bcd5c6a68f10a574044242853bee61b7766303ebaf426a3a56e4d40a8346309e72529b886a0ce124238393ed47d4edbafd861107b7848ba5d5aacee33f5e8f78e8533172eecf", 0xd4, 0x7f}, {&(0x7f00000001c0)="63607f5963c371c35ceeaf9e5111b5796dacee084d0e57999dcf30954eb7f7261ddcbb", 0x23, 0xffffffffffff660b}, {&(0x7f0000000200)="9fc0f120b776241bc900544cad49f588dfd3bf13e41e8e1912a3c388c5db750b5129bc22b60ae2aaece57103c1d5e39eb41e31ca5434587f50ad2dee8fb8180b5425d8d9d2344c3e3bb65ee5571a4cf7aa20f35105a233512743d6bab99165e8b21c1c0180f01a78d04a599d44cfdc5ac65c237036b1a8219ef8d8380c7788d7680c3cd9552fcea6fa4a299d55e7a84d37066929e4adfebf6ecfefa64be5d36b4e93707e3d8932081261d8672d1cefdf3a9ef3e4e9eb25ec60c36d09f4364e7e94775838e8cf7e1d047ee603008cb7bfe3622852806ca8b01c150db18b7651803a6338aaf1e7d5321d551c5eee41ecff15f8a45795beda55cfe42c89d7f68b", 0xff, 0x6}, {&(0x7f0000000300)="dd33cee6f9b7e4b0bd221b311d10fdb982a061d5ff4b4b682f1a46035bd3a2da0b4ac08249df4996b3e275cac9bf636c7b422362219343", 0x37, 0x7f}], 0x86400, &(0x7f00000006c0)=ANY=[@ANYBLOB="6465636275672c61756469742c686173682c736d61636b6773666c6f6f723c3a5d255d2c7569643d6c4c108135283b2c8db7ee28c35938f6185504c57d40dd7df07a730e70e326ad6945f5ff9fc7583c40a1d531ab812400b0727927d69cdb354c12e922318d9c07337e92179f38eef80f7c4e25ff00000000000000b0c63c95a12a406d7339f06972871d9e874b40e0ffcabb79f268c0761fca789a55d1c09e66bc69d8a391c79a230f", @ANYRESDEC=0x0, @ANYBLOB="2c00a683b436664bcfa7af32e7315b4b2c4f22b8d20cf2c415e0f392b6e1fb7233892ff5c6bd735b145c2968f7630cfc726b3fcbb17d41525dcf5b525ce96b622d0bf6560dcbbda02dc2c5b94b0f62a0161a1103504406cf3b95ea03961e6d41b0a162b2d9474f5d6ff08203144973d604383bd01f6623cf36f86d3dece59763f63174872ede5fdfde32ff7e12ca5c000821e17ec0ce98694abd670d27f589c30b52220ffe09e46240ce09e48e9b8888da8664b0f10b04f20c344ccee184b081b59880c91d9cf7ceeb1d14c8a4350933b345a82e04c5c7a93da145db"])
openat(r1, &(0x7f0000000400)='./file0\x00', 0x1, 0x61)
mount(&(0x7f00000003c0)=@sr0, &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0)='nfs\x00', 0x1202800, &(0x7f0000000500)='\xdb+:)*}]+\xe2-\'@{{\x00')
getdents(r0, &(0x7f00000005c0)=""/223, 0xfc61)

[  260.890103][T25100]  loop3: p1 p3 p4
[  260.894477][T25100] loop3: p1 size 11290111 extends beyond EOD, truncated
[  260.915830][ T1041]  loop1: p2 < > p3 p4
[  260.937156][ T1041] loop1: p2 size 2 extends beyond EOD, truncated
[  260.947702][T25100] loop3: p3 size 1912633224 extends beyond EOD, truncated
[  260.961791][T25120] loop4: detected capacity change from 0 to 264192
[  260.963612][ T1041] loop1: p3 start 225 is beyond EOD, truncated
[  260.975096][ T1041] loop1: p4 size 3657465856 extends beyond EOD, truncated
[  260.989418][T25100] loop3: p4 size 3657465856 extends beyond EOD, truncated
[  261.030793][T25120] loop4: detected capacity change from 0 to 264192
[  261.039528][ T1041]  loop1: p2 < > p3 p4
[  261.047389][ T1041] loop1: p2 size 2 extends beyond EOD, truncated
[  261.056876][T25100] loop3: detected capacity change from 0 to 264192
[  261.074673][ T1041] loop1: p3 start 225 is beyond EOD, truncated
[  261.080896][ T1041] loop1: p4 size 3657465856 extends beyond EOD, truncated
[  261.110041][T25100]  loop3: p1 p3 p4
[  261.114127][T25100] loop3: p1 size 11290111 extends beyond EOD, truncated
[  261.140190][T25100] loop3: p3 size 1912633224 extends beyond EOD, truncated
[  261.143035][T25093] FAULT_INJECTION: forcing a failure.
[  261.143035][T25093] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  261.160868][T25093] CPU: 0 PID: 25093 Comm: syz-executor.0 Not tainted 5.14.0-rc4-syzkaller #0
[  261.169717][T25093] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  261.170290][T25100] loop3: p4 size 3657465856 extends beyond EOD, 
[  261.179782][T25093] Call Trace:
[  261.179795][T25093]  dump_stack_lvl+0xb7/0x103
[  261.179817][T25093]  dump_stack+0x11/0x1a
[  261.186315][T25100] truncated
[  261.201538][T25093]  should_fail+0x23c/0x250
[  261.205994][T25093]  __alloc_pages+0x102/0x320
[  261.210580][T25093]  alloc_pages_vma+0x513/0x680
[  261.215345][T25093]  ? page_address_in_vma+0x264/0x300
[  261.220641][T25093]  new_page+0x124/0x170
[  261.224967][T25093]  migrate_pages+0x3b3/0x1530
[  261.229661][T25093]  ? do_mbind+0xf50/0xf50
[  261.234112][T25093]  ? remove_migration_ptes+0x90/0x90
09:18:02 executing program 5 (fault-call:2 fault-nth:1):
mlockall(0x1)
mremap(&(0x7f0000453000/0x4000)=nil, 0x4000, 0x1000, 0x3, &(0x7f000014a000/0x1000)=nil)
mbind(&(0x7f00003b5000/0x800000)=nil, 0x800004, 0x0, 0x0, 0x0, 0x2)

09:18:02 executing program 1:
r0 = syz_io_uring_setup(0x2de1, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000002000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000001c0)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index, 0x0, 0x0, 0x0, 0x1}, 0x0)
syz_io_uring_setup(0x3ca3, &(0x7f0000000000)={0x0, 0x7b9e, 0x20, 0x3, 0x16c, 0x0, r0}, &(0x7f0000ff1000/0xf000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000080)=<r3=>0x0, &(0x7f00000000c0))
pipe(&(0x7f0000000040)={<r4=>0xffffffffffffffff})
r5 = socket$inet_udp(0x2, 0x2, 0x0)
close(r5)
splice(r4, 0x0, r5, 0x0, 0x10005, 0x0)
syz_io_uring_submit(r3, r2, &(0x7f0000000180)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x6000, @fd=r5, 0x2, &(0x7f00000002c0)=""/226, 0xe2, 0x12}, 0x7)
io_uring_enter(r0, 0x302, 0x0, 0x0, 0x0, 0x0)
pipe(&(0x7f0000000040)={<r6=>0xffffffffffffffff})
r7 = socket$inet_udp(0x2, 0x2, 0x0)
close(r7)
splice(r6, 0x0, r7, 0x0, 0x10005, 0x0)
bind$inet(r6, &(0x7f0000000200)={0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x33}}, 0x10)

09:18:02 executing program 4:
r0 = openat(0xffffffffffffffff, &(0x7f0000000040)='./file0\x00', 0x880, 0x10)
getpeername$packet(r0, &(0x7f0000000080)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @remote}, &(0x7f00000000c0)=0x14)
mkdir(&(0x7f0000002200)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000980)='./file0\x00', &(0x7f0000000440)='proc\x00', 0x0, 0x0)
r1 = open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
getdents(r1, &(0x7f00000005c0)=""/223, 0xfc61)

[  261.239410][T25093]  do_mbind+0xd43/0xf50
[  261.243825][T25093]  __x64_sys_mbind+0x10a/0x130
[  261.248882][T25093]  do_syscall_64+0x3d/0x90
[  261.253393][T25093]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  261.259382][T25093] RIP: 0033:0x4665e9
[  261.263429][T25093] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  261.283128][T25093] RSP: 002b:00007f21c691d188 EFLAGS: 00000246 ORIG_RAX: 00000000000000ed
[  261.291639][T25093] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665e9
[  261.299709][T25093] RDX: 0000000000000000 RSI: 0000000000800004 RDI: 00000000203b5000
[  261.307681][T25093] RBP: 00007f21c691d1d0 R08: 0000000000000000 R09: 0000000000000002
[  261.315717][T25093] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  261.323690][T25093] R13: 00007ffd632b736f R14: 00007f21c691d300 R15: 0000000000022000
[  261.463723][ T1041]  loop1: p2 < > p3 p4
[  261.472559][ T1041] loop1: p2 size 2 extends beyond EOD, truncated
[  261.488005][ T1041] loop1: p3 start 225 is beyond EOD, truncated
[  261.491033][T25173] FAULT_INJECTION: forcing a failure.
[  261.491033][T25173] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  261.494236][ T1041] loop1: p4 size 3657465856 extends beyond EOD, truncated
[  261.507505][T25173] CPU: 1 PID: 25173 Comm: syz-executor.5 Not tainted 5.14.0-rc4-syzkaller #0
[  261.523505][T25173] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  261.533733][T25173] Call Trace:
[  261.537094][T25173]  dump_stack_lvl+0xb7/0x103
[  261.541960][T25173]  dump_stack+0x11/0x1a
[  261.546113][T25173]  should_fail+0x23c/0x250
[  261.550534][T25173]  __alloc_pages+0x102/0x320
[  261.555200][T25173]  alloc_pages_vma+0x513/0x680
[  261.559984][T25173]  ? page_address_in_vma+0x264/0x300
[  261.565268][T25173]  new_page+0x124/0x170
[  261.569519][T25173]  migrate_pages+0x3b3/0x1530
[  261.574350][T25173]  ? do_mbind+0xf50/0xf50
[  261.578676][T25173]  ? remove_migration_ptes+0x90/0x90
[  261.583986][T25173]  do_mbind+0xd43/0xf50
[  261.588145][T25173]  __x64_sys_mbind+0x10a/0x130
[  261.592988][T25173]  do_syscall_64+0x3d/0x90
[  261.597525][T25173]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  261.603484][T25173] RIP: 0033:0x4665e9
[  261.607377][T25173] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  261.627163][T25173] RSP: 002b:00007f0bf3030188 EFLAGS: 00000246 ORIG_RAX: 00000000000000ed
[  261.635598][T25173] RAX: ffffffffffffffda RBX: 000000000056c038 RCX: 00000000004665e9
[  261.643581][T25173] RDX: 0000000000000000 RSI: 0000000000800004 RDI: 00000000203b5000
[  261.651901][T25173] RBP: 00007f0bf30301d0 R08: 0000000000000000 R09: 0000000000000002
09:18:03 executing program 0 (fault-call:2 fault-nth:2):
mlockall(0x1)
mremap(&(0x7f0000453000/0x4000)=nil, 0x4000, 0x1000, 0x3, &(0x7f000014a000/0x1000)=nil)
mbind(&(0x7f00003b5000/0x800000)=nil, 0x800004, 0x0, 0x0, 0x0, 0x2)

09:18:03 executing program 2:
r0 = open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x1800007, 0x11, r0, 0x0)
r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r2=>0x0)
ftruncate(r1, 0x81fd)
syz_open_dev$vcsu(&(0x7f0000001700), 0x0, 0x0)
sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000003980)=[{0x0}], 0x1}, 0x0)
io_submit(r2, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x6040000, 0x0, 0x1, 0x0, r1, &(0x7f0000000000), 0x16000}])

09:18:03 executing program 1:
syz_io_uring_setup(0x2de1, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000002000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000100)=<r0=>0x0, &(0x7f0000000140)=<r1=>0x0)
r2 = syz_io_uring_setup(0x495a, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=<r3=>0x0, &(0x7f0000000100)=<r4=>0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000040)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x4, 0x0, @fd=r2}, 0x9)
syz_io_uring_submit(r3, r4, &(0x7f0000008540)=@IORING_OP_CLOSE, 0x10001)
syz_io_uring_submit(r3, r4, &(0x7f00000000c0)=@IORING_OP_WRITE_FIXED, 0x0)
pipe(&(0x7f0000000040)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
r7 = socket$inet_udp(0x2, 0x2, 0x0)
close(r7)
r8 = syz_io_uring_setup(0x495a, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=<r9=>0x0, &(0x7f0000000100)=<r10=>0x0)
syz_io_uring_submit(r9, r10, &(0x7f0000000040)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x4, 0x0, @fd=r8}, 0x9)
syz_io_uring_submit(r9, r10, &(0x7f0000008540)=@IORING_OP_CLOSE, 0x10001)
syz_io_uring_submit(r9, r10, &(0x7f00000000c0)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_setup(0x7546, &(0x7f0000000400)={0x0, 0x58bf, 0x8, 0x2, 0x38f}, &(0x7f0000002000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200), &(0x7f0000000480)=<r11=>0x0)
r12 = accept$unix(r6, &(0x7f00000004c0), &(0x7f0000000580)=0x6e)
r13 = io_uring_register$IORING_REGISTER_PERSONALITY(r6, 0x9, 0x0, 0x0)
syz_io_uring_submit(r9, r11, &(0x7f0000000640)=@IORING_OP_CONNECT={0x10, 0x5, 0x0, r12, 0x80, &(0x7f00000005c0)=@un=@file={0x0, './file0\x00'}, 0x0, 0x0, 0x0, {0x0, r13}}, 0x3f)
splice(r5, 0x0, r7, 0x0, 0x10005, 0x0)
syz_io_uring_submit(r3, r1, &(0x7f0000000180)=@IORING_OP_READV=@pass_iovec={0x1, 0x1, 0x0, @fd=r5, 0x3, &(0x7f0000000380)=[{&(0x7f0000000000)=""/5, 0x5}, {&(0x7f0000000040)}, {&(0x7f0000000080)=""/11, 0xb}, {&(0x7f00000000c0)=""/25, 0x19}, {&(0x7f00000002c0)=""/168, 0xa8}], 0x5, 0x7, 0x1}, 0x1)
syz_io_uring_submit(r0, r1, &(0x7f00000001c0)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index, 0x0, 0x0, 0x0, 0x1}, 0x0)

09:18:03 executing program 4:
sendmsg$ETHTOOL_MSG_DEBUG_SET(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000180)={&(0x7f00000009c0)={0x3a8, 0x0, 0x100, 0x70bd27, 0x25dfdbfe, {}, [@ETHTOOL_A_DEBUG_MSGMASK={0x2dc, 0x2, 0x0, 0x1, [@ETHTOOL_A_BITSET_BITS={0xc, 0x3, 0x0, 0x1, [{0x8, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_VALUE={0x4}]}]}, @ETHTOOL_A_BITSET_NOMASK={0x4}, @ETHTOOL_A_BITSET_MASK={0x51, 0x5, "516184eaa975ceda1dd6010bfb0d683fc5358bcfc305a206a7f2755baec6d2e4f991e8b14e14377ac1c6a0fb24e94aa7299f7cf3e615c74d06dc5eb37793b03bf9e96f34594d5aa2c18561cdf3"}, @ETHTOOL_A_BITSET_MASK={0x53, 0x5, "f8650bba037fcd8c1d7a6fb86ec91b28d7d2b4f33380f1c93e4a0e7a6c054fb41c005f32a5ae10e2f3d65f2dee95389ab5ddd981d529e7306d5f42847b63c2df74b7364a04298ca79adab60d8e8963"}, @ETHTOOL_A_BITSET_BITS={0x5c, 0x3, 0x0, 0x1, [{0x34, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_NAME={0xb, 0x2, 'pipefs\x00'}, @ETHTOOL_A_BITSET_BIT_NAME={0xb, 0x2, 'pipefs\x00'}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x1}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x5}, @ETHTOOL_A_BITSET_BIT_NAME={0x6, 0x2, '\'\x00'}]}, {0x24, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x2}, @ETHTOOL_A_BITSET_BIT_NAME={0x9, 0x2, 'proc\x00'}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0xae4}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}]}]}, @ETHTOOL_A_BITSET_NOMASK={0x4}, @ETHTOOL_A_BITSET_VALUE={0x4b, 0x4, "54445e8af81fbbad6112945da0737182f48ed70ea927ba8fa6849543c529e67ddac7f7ae3af4c058e05e47887c7a5a054e46e32397d68e44312e1dfdedd2ce81b8aebf04ef4bb7"}, @ETHTOOL_A_BITSET_SIZE={0x8, 0x2, 0x4}, @ETHTOOL_A_BITSET_BITS={0x16c, 0x3, 0x0, 0x1, [{0x68, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_NAME={0x9, 0x2, '\'[\'}\x00'}, @ETHTOOL_A_BITSET_BIT_NAME={0x9, 0x2, 'proc\x00'}, @ETHTOOL_A_BITSET_BIT_NAME={0xb, 0x2, 'pipefs\x00'}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_NAME={0xb, 0x2, 'pipefs\x00'}, @ETHTOOL_A_BITSET_BIT_NAME={0x9, 0x2, 'proc\x00'}, @ETHTOOL_A_BITSET_BIT_NAME={0xb, 0x2, 'pipefs\x00'}, @ETHTOOL_A_BITSET_BIT_NAME={0xb, 0x2, 'pipefs\x00'}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x8000}]}, {0x20, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_NAME={0x7, 0x2, ')$\x00'}, @ETHTOOL_A_BITSET_BIT_NAME={0x5, 0x2, '\x00'}, @ETHTOOL_A_BITSET_BIT_NAME={0x7, 0x2, '*^\x00'}]}, {0x48, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_NAME={0xb, 0x2, 'pipefs\x00'}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x1}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x5}, @ETHTOOL_A_BITSET_BIT_NAME={0x8, 0x2, '@$-\x00'}, @ETHTOOL_A_BITSET_BIT_NAME={0xb, 0x2, 'pipefs\x00'}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_NAME={0x5, 0x2, '\x00'}]}, {0x48, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x6}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_NAME={0x9, 0x2, 'proc\x00'}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x20}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x2}, @ETHTOOL_A_BITSET_BIT_NAME={0xb, 0x2, 'pipefs\x00'}, @ETHTOOL_A_BITSET_BIT_NAME={0xb, 0x2, 'pipefs\x00'}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}]}, {0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_NAME={0x7, 0x2, '-!\x00'}]}, {0x20, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_NAME={0xb, 0x2, 'pipefs\x00'}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x100}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}]}, {0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x3}]}, {0x10, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_NAME={0xb, 0x2, 'pipefs\x00'}]}, {0x8, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_VALUE={0x4}]}]}]}, @ETHTOOL_A_DEBUG_MSGMASK={0xb8, 0x2, 0x0, 0x1, [@ETHTOOL_A_BITSET_VALUE={0xb2, 0x4, "405ae986f740f3914f52cf2239437cac21465f5ce9826928c6b940222d14f2a898220014ad4af41d912801a8d8bec944626ad0089fea724d287e558cba87905ab87be929bdf44d5e5708ec7376a4905ede92b5869bf8bb13120ed46a677a4fcf7968f653fce4cc690d24b1f25983f3cde0f62826ce97b3cfc9bd65a7ac1842f3a8b88dbd174f1f4e68b6b9088c5a7812c3e62dd1a43ad543d000973c69bd506cefddbbadbfd583e1976d2117512a"}]}]}, 0x3a8}, 0x1, 0x0, 0x0, 0x24000000}, 0x8000)
mkdir(&(0x7f0000002200)='./file0\x00', 0x0)
mount$bind(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080)='./file0/../file0\x00', &(0x7f00000000c0), 0x10000, 0x0)
mount(0x0, &(0x7f0000000980)='./file0\x00', &(0x7f0000000440)='proc\x00', 0x0, 0x0)
r0 = open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
getdents(r0, &(0x7f00000005c0)=""/223, 0xfc61)
chroot(&(0x7f0000000100)='./file0/../file0/../file0\x00')
rmdir(&(0x7f0000000200)='./file0/../file0\x00')

09:18:03 executing program 3:
syz_read_part_table(0x10000000, 0x1, &(0x7f0000000480)=[{&(0x7f0000000000)="020181ffffff0a000000ff45ac000000000063000800000000000000000000ffffffa9000000e10000008877007200300700a6ffffff00000000008000da55aa", 0x40, 0x1c0}])
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)

09:18:03 executing program 1:
r0 = syz_io_uring_setup(0x2de1, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0}, &(0x7f0000002000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000001c0)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index, 0x0, 0x0, 0x0, 0x1}, 0x0)
syz_io_uring_setup(0x54be, &(0x7f00000002c0)={0x0, 0x42cf, 0x4, 0x1, 0xe4, 0x0, r0}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000180)=<r3=>0x0, &(0x7f0000000200))
r4 = mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000002, 0x810, r0, 0x10000000)
r5 = io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000340)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x4, 0x0, 0x0, 0x0, 0x12345, 0x0, 0x0, 0x1, {0x0, r5}}, 0x8)
io_uring_enter(r0, 0x302, 0x0, 0x0, 0x0, 0x0)
ioctl$FS_IOC_SETFSLABEL(r0, 0x41009432, &(0x7f0000000000)="566a43bc89d1f8817cb7949c3362d21d26a06dbde19985c8a240ecff7dfd01428b480ebb2d69408cbf21e6594bb3897c2aa70c24e7cd32df35c5a43abd3aac1d14822d331f642a2fe1eb4fb65df59a84031c48c1cb33216841574e1d122751d12bfe5a9103a480d93d655e33e41facd212ec82a1a8102784533545f217b1b096bd50d479530a2dfe10c38996b0f86d0583b7199868c8245a707fec4bd7bbe078512eecee8b8fc5f51b6c029785f070a1a5ed9d450581ef3d1f5120f2e5b027d5455865baf8e24875f00d7bc877f38045425f23749c88b4986d6e70d45c0fbb3f87f10a42b6fa4830129a99f0d0d633cec623e1a5cd1a50d3fa247d492565fc19")

[  261.659911][T25173] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  261.668002][T25173] R13: 00007fffa727060f R14: 00007f0bf3030300 R15: 0000000000022000
[  261.696441][T25179] loop3: detected capacity change from 0 to 264192
[  261.740277][ T1041]  loop1: p2 < > p3 p4
[  261.745095][ T1041] loop1: p2 size 2 extends beyond EOD, truncated
[  261.779270][ T1041] loop1: p3 start 225 is beyond EOD, truncated
09:18:03 executing program 4:
mkdir(&(0x7f0000002200)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000980)='./file0\x00', &(0x7f0000000440)='proc\x00', 0x0, 0x0)
r0 = open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
sendto$unix(r1, &(0x7f0000000040)="e305481daa01eca0b4ff2a626424e391474b754bb97dba0d943de3446d5d4cbe788963743c6374064563433615974d5bd3acc8a6261c89dd961bc4e1f1fec21b91e4d890b4117e88d7ea330cef898cf2426a1e8d713fd66ce93620438cc95b7db5ce55e07409d9e8194859e571c53ed193", 0x71, 0x30020001, &(0x7f00000000c0)=@file={0x0, './file1\x00'}, 0x6e)
getdents(r0, &(0x7f00000005c0)=""/223, 0xfc61)

09:18:03 executing program 1:
r0 = syz_io_uring_setup(0x2de1, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000002000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = syz_io_uring_setup(0x1249, &(0x7f0000000240), &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000100)=<r4=>0x0, &(0x7f0000000080)=<r5=>0x0)
r6 = io_uring_register$IORING_REGISTER_PERSONALITY(r3, 0x9, 0x0, 0x0)
syz_io_uring_submit(r4, r5, &(0x7f0000000040)=@IORING_OP_FALLOCATE={0x11, 0x0, 0x0, @fd=r3, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, r6}}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000001c0)=@IORING_OP_READV=@pass_iovec={0x1, 0x5, 0x4004, @fd=r0, 0x200000000000001, &(0x7f0000000600)=[{&(0x7f0000000340)=""/102, 0x66}, {&(0x7f0000000200)=""/46, 0x2e}, {&(0x7f00000003c0)=""/61, 0x3d}, {&(0x7f0000000440)=""/219, 0xdb}, {&(0x7f0000000540)=""/89, 0x59}, {&(0x7f00000005c0)=""/14, 0xe}], 0x6, 0x1f, 0x1, {0x0, r6}}, 0x0)
io_uring_enter(r0, 0x302, 0x0, 0x0, 0x0, 0x0)
r7 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000000), 0x10a40, 0x0)
accept4$unix(r7, &(0x7f0000000040), &(0x7f00000000c0)=0x6e, 0x80000)
r8 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000180), 0x311041)
fstat(r8, &(0x7f00000002c0))

[  261.785732][ T1041] loop1: p4 size 3657465856 extends beyond EOD, truncated
[  261.804204][T25179]  loop3: p1 p3 p4
[  261.808059][T25179] loop3: p1 size 11290111 extends beyond EOD, truncated
09:18:03 executing program 4:
mkdir(&(0x7f0000002200)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000980)='./file0\x00', &(0x7f0000000440)='proc\x00', 0x0, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x3, 0x14c)
r1 = open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
recvmsg(r0, &(0x7f0000000340)={&(0x7f0000000080)=@rc={0x1f, @fixed}, 0x80, &(0x7f0000000280)=[{&(0x7f0000000100)=""/169, 0xa9}, {&(0x7f00000001c0)=""/144, 0x90}], 0x2, &(0x7f00000002c0)=""/69, 0x45}, 0x40000140)
getdents(r1, &(0x7f00000005c0)=""/223, 0xfc61)

[  261.836636][T25179] loop3: p3 size 1912633224 extends beyond EOD, truncated
[  261.849746][ T1041]  loop1: p2 < > p3 p4
[  261.864055][ T1041] loop1: p2 size 2 extends beyond EOD, truncated
[  261.881024][T25179] loop3: p4 size 3657465856 extends beyond EOD, truncated
[  261.897145][ T1041] loop1: p3 start 225 is beyond EOD, truncated
[  261.903360][ T1041] loop1: p4 size 3657465856 extends beyond EOD, truncated
[  261.965527][T25179] loop3: detected capacity change from 0 to 264192
[  261.989894][ T1041]  loop1: p2 < > p3 p4
[  261.997219][ T1041] loop1: p2 size 2 extends beyond EOD, truncated
[  262.014858][ T1041] loop1: p3 start 225 is beyond EOD, truncated
[  262.021292][ T1041] loop1: p4 size 3657465856 extends beyond EOD, truncated
[  262.029009][T25179]  loop3: p1 p3 p4
[  262.029202][T25182] FAULT_INJECTION: forcing a failure.
[  262.029202][T25182] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  262.033344][T25179] loop3: p1 size 11290111 extends beyond EOD, 
[  262.046606][T25182] CPU: 0 PID: 25182 Comm: syz-executor.0 Not tainted 5.14.0-rc4-syzkaller #0
[  262.046673][T25182] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  262.046684][T25182] Call Trace:
[  262.046623][T25179] truncated
[  262.046692][T25182]  dump_stack_lvl+0xb7/0x103
[  262.082886][T25182]  dump_stack+0x11/0x1a
[  262.083461][T25179] loop3: p3 size 1912633224 extends beyond EOD, 
[  262.087228][T25182]  should_fail+0x23c/0x250
[  262.087240][T25179] truncated
[  262.101279][T25182]  __alloc_pages+0x102/0x320
[  262.105900][T25182]  alloc_pages_vma+0x513/0x680
09:18:03 executing program 5 (fault-call:2 fault-nth:2):
mlockall(0x1)
mremap(&(0x7f0000453000/0x4000)=nil, 0x4000, 0x1000, 0x3, &(0x7f000014a000/0x1000)=nil)
mbind(&(0x7f00003b5000/0x800000)=nil, 0x800004, 0x0, 0x0, 0x0, 0x2)

09:18:03 executing program 2:
r0 = open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x1800007, 0x11, r0, 0x0)
r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r2=>0x0)
ftruncate(r1, 0x81fd)
syz_open_dev$vcsu(&(0x7f0000001700), 0x0, 0x0)
sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000003980)=[{0x0}], 0x1}, 0x0)
io_submit(r2, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x7000000, 0x0, 0x1, 0x0, r1, &(0x7f0000000000), 0x16000}])

09:18:03 executing program 1:
r0 = syz_io_uring_setup(0x79da, &(0x7f0000000080)={0x0, 0x3f5b, 0x1, 0x0, 0x169, 0x0, 0x0}, &(0x7f0000002000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000040)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000001c0)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index, 0x0, 0x0, 0x0, 0x1}, 0x0)
r3 = syz_io_uring_setup(0x495a, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=<r4=>0x0, &(0x7f0000000100)=<r5=>0x0)
syz_io_uring_submit(r4, r5, &(0x7f0000000040)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x4, 0x0, @fd=r3}, 0x9)
syz_io_uring_submit(r4, r5, &(0x7f0000008540)=@IORING_OP_CLOSE, 0x10001)
syz_io_uring_submit(r4, r5, &(0x7f00000000c0)=@IORING_OP_WRITE_FIXED, 0x0)
pipe(&(0x7f0000000040)={<r6=>0xffffffffffffffff})
r7 = socket$inet_udp(0x2, 0x2, 0x0)
close(r7)
splice(r6, 0x0, r7, 0x0, 0x10005, 0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000140)=@IORING_OP_ASYNC_CANCEL={0xe, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x5)
syz_io_uring_submit(r1, r5, &(0x7f0000000000)=@IORING_OP_TEE={0x21, 0x4, 0x0, @fd=r0, 0x0, 0x0, 0x3f, 0x3, 0x1, {0x0, 0x0, r6}}, 0xfffffffe)

[  262.106266][T25179] loop3: p4 size 3657465856 extends beyond EOD, 
[  262.110743][T25182]  ? page_address_in_vma+0x264/0x300
[  262.110769][T25182]  new_page+0x124/0x170
[  262.117068][T25179] truncated
[  262.122420][T25182]  migrate_pages+0x3b3/0x1530
[  262.122444][T25182]  ? do_mbind+0xf50/0xf50
[  262.122464][T25182]  ? remove_migration_ptes+0x90/0x90
[  262.144184][T25182]  do_mbind+0xd43/0xf50
[  262.148343][T25182]  __x64_sys_mbind+0x10a/0x130
[  262.153145][T25182]  do_syscall_64+0x3d/0x90
[  262.157658][T25182]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  262.163664][T25182] RIP: 0033:0x4665e9
[  262.167562][T25182] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  262.187205][T25182] RSP: 002b:00007f21c691d188 EFLAGS: 00000246 ORIG_RAX: 00000000000000ed
[  262.195806][T25182] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665e9
[  262.204033][T25182] RDX: 0000000000000000 RSI: 0000000000800004 RDI: 00000000203b5000
[  262.212034][T25182] RBP: 00007f21c691d1d0 R08: 0000000000000000 R09: 0000000000000002
[  262.220094][T25182] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  262.228151][T25182] R13: 00007ffd632b736f R14: 00007f21c691d300 R15: 0000000000022000
[  262.306615][ T1041]  loop1: p2 < > p3 p4
[  262.311430][ T1041] loop1: p2 size 2 extends beyond EOD, truncated
[  262.318401][ T1041] loop1: p3 start 225 is beyond EOD, truncated
[  262.324812][ T1041] loop1: p4 size 3657465856 extends beyond EOD, truncated
[  262.425326][T25239] FAULT_INJECTION: forcing a failure.
[  262.425326][T25239] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  262.438611][T25239] CPU: 0 PID: 25239 Comm: syz-executor.5 Not tainted 5.14.0-rc4-syzkaller #0
[  262.447471][T25239] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  262.457995][T25239] Call Trace:
[  262.461269][T25239]  dump_stack_lvl+0xb7/0x103
[  262.466122][T25239]  dump_stack+0x11/0x1a
[  262.470273][T25239]  should_fail+0x23c/0x250
[  262.474836][T25239]  __alloc_pages+0x102/0x320
[  262.479473][T25239]  alloc_pages_vma+0x513/0x680
[  262.484315][T25239]  ? page_address_in_vma+0x264/0x300
[  262.489681][T25239]  new_page+0x124/0x170
[  262.493989][T25239]  migrate_pages+0x3b3/0x1530
[  262.498756][T25239]  ? do_mbind+0xf50/0xf50
[  262.503199][T25239]  ? remove_migration_ptes+0x90/0x90
[  262.508476][T25239]  do_mbind+0xd43/0xf50
[  262.512656][T25239]  __x64_sys_mbind+0x10a/0x130
[  262.517414][T25239]  do_syscall_64+0x3d/0x90
09:18:04 executing program 0 (fault-call:2 fault-nth:3):
mlockall(0x1)
mremap(&(0x7f0000453000/0x4000)=nil, 0x4000, 0x1000, 0x3, &(0x7f000014a000/0x1000)=nil)
mbind(&(0x7f00003b5000/0x800000)=nil, 0x800004, 0x0, 0x0, 0x0, 0x2)

09:18:04 executing program 4:
mkdir(&(0x7f0000002200)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000440)='affs\x00', 0x0, 0x0)
r0 = open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
name_to_handle_at(r1, &(0x7f00000002c0)='./file1\x00', &(0x7f0000000300)=ANY=[@ANYBLOB="1c00000082000000fbffffffffffffff08000000000000000300f0ca6b00000009000000"], &(0x7f0000000340), 0x400)
getdents(r0, &(0x7f00000005c0)=""/223, 0xfc61)
mount$9p_virtio(&(0x7f00000000c0), &(0x7f0000000100)='./file0\x00', &(0x7f0000000140), 0x20064, &(0x7f0000000180)={'trans=virtio,', {[{@dfltuid={'dfltuid', 0x3d, 0xee00}}, {@msize={'msize', 0x3d, 0x81}}, {@nodevmap}, {@cachetag={'cachetag', 0x3d, ')%{*@'}}, {@dfltgid}, {@cache_loose}, {@noextend}, {@noextend}, {@mmap}, {@cache_loose}], [{@appraise_type}, {@fsname={'fsname', 0x3d, 'affs\x00'}}, {@fsmagic={'fsmagic', 0x3d, 0xfff}}, {@mask={'mask', 0x3d, 'MAY_READ'}}, {@permit_directio}, {@fscontext={'fscontext', 0x3d, 'unconfined_u'}}]}})
pipe(&(0x7f0000000040)={<r2=>0xffffffffffffffff})
r3 = socket$inet_udp(0x2, 0x2, 0x0)
close(r3)
splice(r2, 0x0, r3, 0x0, 0x10005, 0x0)
ioctl$FS_IOC_FIEMAP(r2, 0xc020660b, &(0x7f0000000480)={0xa6, 0x100000000, 0x4, 0x3d5, 0x3, [{0x6363, 0x100000000, 0x7f, '\x00', 0x82}, {0x80000001, 0x5, 0x8, '\x00', 0x400}, {0x0, 0x8, 0x6, '\x00', 0x1c02}]})
r4 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000380), 0x0, 0x0)
dup3(r2, r4, 0x0)
open(&(0x7f0000000040)='./file0\x00', 0x10000, 0x8)

09:18:04 executing program 1:
r0 = syz_io_uring_setup(0x2de1, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000002000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000008540)=@IORING_OP_CLOSE, 0x10001)
syz_io_uring_submit(0x0, 0x0, &(0x7f00000000c0)=@IORING_OP_WRITE_FIXED, 0x0)
pipe(&(0x7f0000000040)={<r3=>0xffffffffffffffff})
r4 = socket$inet_udp(0x2, 0x2, 0x0)
close(r4)
splice(r3, 0x0, r4, 0x0, 0x10005, 0x0)
r5 = io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000780)=@IORING_OP_OPENAT2={0x1c, 0x2, 0x0, r3, &(0x7f0000000700)={0x20102, 0x102, 0x18}, &(0x7f0000000740)='./file0\x00', 0x18, 0x0, 0x12345, {0x0, r5}}, 0x200)
syz_io_uring_submit(r1, r2, &(0x7f00000001c0)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index, 0x0, 0x0, 0x0, 0x1}, 0x0)
r6 = socket$inet_udplite(0x2, 0x2, 0x88)
syz_io_uring_setup(0x3a43, &(0x7f00000005c0)={0x0, 0xae69, 0x1, 0x3, 0x332}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000640)=<r7=>0x0, &(0x7f0000000680))
r8 = syz_io_uring_setup(0x495a, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=<r9=>0x0, &(0x7f0000000100)=<r10=>0x0)
syz_io_uring_submit(r9, r10, &(0x7f0000000040)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x4, 0x0, @fd=r8}, 0x9)
syz_io_uring_submit(r9, r10, &(0x7f0000008540)=@IORING_OP_CLOSE, 0x10001)
syz_io_uring_submit(r9, r10, &(0x7f00000000c0)=@IORING_OP_WRITE_FIXED, 0x0)
r11 = io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0)
syz_io_uring_submit(r7, r10, &(0x7f00000006c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, {0x0, r11}}, 0x4d4)
sendmsg(r6, &(0x7f0000000580)={&(0x7f0000000000)=@xdp={0x2c, 0xa, 0x0, 0xe}, 0x80, &(0x7f0000000200)=[{&(0x7f0000000080)="150a88e087b2e0eace01195ac4c19ac7de16df20f84e189b36a97217fa9913c67d3b0cb51d4fdf51e9ea9e0e58c0e5af4dcfb66aaea84ddec402942f97cb33cb0fb7bbbd0c21b3d73874b4589dae2a6a5490b6cdcfebf866a91ecea993", 0x5d}, {&(0x7f0000000180)="9a8242d7b835eca9b56b119f5bc29caa07ba81", 0x13}], 0x2, &(0x7f00000002c0)=[{0xb0, 0x124, 0x3f673511, "36a34e3e830c6079d665ae22096041dc727c1f3ccd9924746daf787d0bd9ac08770cff66cf24039a6a8c4b5521fc787e022d845d15b771fcce5175bd7f47abf87fe04756754fe9c15ad9648ae2861aa115da2f42954bd6641b37528e8564cc18330992ce86bf198466b258e8ca3c343c14ca94bc1ab955475d8b4ea8ebf9e1665978d800127336c91ed048680ddefac3613ea93059bfa0825909df0e8a36"}, {0x10, 0x112, 0x7fffffff}, {0xe0, 0x113, 0x7fffffff, "11046d01cb026755811311c2024770462169bc594037a80fb4481b6eafc5b072730f01e90cf9d8d83455177d800b838cbf27e3f5002f24ef4805b0cb1f4a85460a9ce413ce068eda825af2f336d5b6368c3d80292e5189a11aea8bfcca1f1939ba87bca648aef1bc74e94eb048d2552ffc25b93dd88dc9d1e852e9391bcede6f86b14f562e769e448895866ee649de5e1efb7911d652e92d3341c529a8ca9c8515cc418402e15358d012f82ec9ac372e289edc775ecd6e78cae9a6ecf4d2ffc263ddd846acd0aeaeb2cac94ab2"}, {0xf8, 0x10b, 0x7, "6fa85521ce0de480d97091688cbbefff6e9b9304bf41b18692f0cfba8977a5d29097c49168704879016aec096100794992748259c6b7c85f2451d1e9ecdc6af95c2ef1276fd70ccf51ced449a627425002d476e2e34cc6a4d16bc2289c20b66cefd3ce68ddfabc1738aa0f0734deebcd324708ea5f19ee00f0f4b3eac3d8d09bbe714e8dbe03ee917442aef15862a206e13fc815f6505ad6e608a6802350667c9a4f6170614aca152de7311263f3439f682daaef9340d6504e317aae09317c8b2ff3b82e569cddea6375071e36ff75888d7c71c4d18a22a0013438d6a1c5df54d0770cdf"}], 0x298}, 0x0)
io_uring_enter(r0, 0x302, 0x0, 0x0, 0x0, 0x0)

09:18:04 executing program 3:
syz_read_part_table(0x11000000, 0x1, &(0x7f0000000480)=[{&(0x7f0000000000)="020181ffffff0a000000ff45ac000000000063000800000000000000000000ffffffa9000000e10000008877007200300700a6ffffff00000000008000da55aa", 0x40, 0x1c0}])
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)

09:18:04 executing program 2:
r0 = open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x1800007, 0x11, r0, 0x0)
r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r2=>0x0)
ftruncate(r1, 0x81fd)
syz_open_dev$vcsu(&(0x7f0000001700), 0x0, 0x0)
sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000003980)=[{0x0}], 0x1}, 0x0)
io_submit(r2, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x8000000, 0x0, 0x1, 0x0, r1, &(0x7f0000000000), 0x16000}])

[  262.522023][T25239]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  262.528045][T25239] RIP: 0033:0x4665e9
[  262.531960][T25239] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  262.551582][T25239] RSP: 002b:00007f0bf3051188 EFLAGS: 00000246 ORIG_RAX: 00000000000000ed
[  262.560095][T25239] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665e9
[  262.568383][T25239] RDX: 0000000000000000 RSI: 0000000000800004 RDI: 00000000203b5000
[  262.576447][T25239] RBP: 00007f0bf30511d0 R08: 0000000000000000 R09: 0000000000000002
[  262.584509][T25239] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  262.592588][T25239] R13: 00007fffa727060f R14: 00007f0bf3051300 R15: 0000000000022000
[  262.642148][T25263] loop3: detected capacity change from 0 to 264192
09:18:04 executing program 4:
mkdir(&(0x7f0000002200)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000980)='./file0\x00', &(0x7f0000000440)='proc\x00', 0x0, 0x0)
r0 = open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
getdents(r0, &(0x7f00000005c0)=""/223, 0xfc61)
openat2(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080)={0x604140, 0x13a, 0x12}, 0x18)

09:18:04 executing program 1:
r0 = syz_io_uring_setup(0x2de1, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000002000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000001c0)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index, 0x0, 0x0, 0x0, 0x1}, 0x0)
io_uring_enter(r0, 0x302, 0x0, 0x0, 0x0, 0x0)
r3 = syz_io_uring_setup(0x1249, &(0x7f0000000240), &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000100)=<r4=>0x0, &(0x7f0000000080)=<r5=>0x0)
r6 = io_uring_register$IORING_REGISTER_PERSONALITY(r3, 0x9, 0x0, 0x0)
syz_io_uring_submit(r4, r5, &(0x7f0000000040)=@IORING_OP_FALLOCATE={0x11, 0x0, 0x0, @fd=r3, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, r6}}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_CONNECT={0x10, 0x5, 0x0, 0xffffffffffffffff, 0x80, &(0x7f0000000000)=@nfc_llcp={0x27, 0x0, 0x1, 0x6, 0x8, 0x1, "9de03699889dae5111a4d5f9d56bb86aaeb84aa7bae75d6cad01b3c0c469a5e142bc1811207632c9e8067f1952f813240b0e47f50ce6a442144cdb5df7e164", 0x2d}, 0x0, 0x0, 0x0, {0x0, r6}}, 0x20)

[  262.710264][T25263]  loop3: p1 p3 p4
[  262.714235][T25263] loop3: p1 size 11290111 extends beyond EOD, truncated
[  262.740849][ T1041]  loop1: p2 < > p3 p4
[  262.753376][ T1041] loop1: p2 size 2 extends beyond EOD, truncated
09:18:04 executing program 2:
r0 = open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x1800007, 0x11, r0, 0x0)
r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r2=>0x0)
ftruncate(r1, 0x81fd)
syz_open_dev$vcsu(&(0x7f0000001700), 0x0, 0x0)
sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000003980)=[{0x0}], 0x1}, 0x0)
io_submit(r2, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x8040000, 0x0, 0x1, 0x0, r1, &(0x7f0000000000), 0x16000}])

[  262.761528][T25263] loop3: p3 size 1912633224 extends beyond EOD, truncated
[  262.773485][ T1041] loop1: p3 start 225 is beyond EOD, truncated
[  262.779814][ T1041] loop1: p4 size 3657465856 extends beyond EOD, truncated
[  262.792936][T25263] loop3: p4 size 3657465856 extends beyond EOD, truncated
[  262.884544][T25263] loop3: detected capacity change from 0 to 264192
[  262.914377][ T1041]  loop1: p2 < > p3 p4
[  262.918723][ T1041] loop1: p2 size 2 extends beyond EOD, truncated
09:18:04 executing program 2:
r0 = open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x1800007, 0x11, r0, 0x0)
r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r2=>0x0)
ftruncate(r1, 0x81fd)
syz_open_dev$vcsu(&(0x7f0000001700), 0x0, 0x0)
sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000003980)=[{0x0}], 0x1}, 0x0)
io_submit(r2, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x8800000, 0x0, 0x1, 0x0, r1, &(0x7f0000000000), 0x16000}])

[  262.940803][ T1041] loop1: p3 start 225 is beyond EOD, truncated
[  262.947105][ T1041] loop1: p4 size 3657465856 extends beyond EOD, truncated
[  262.955475][T25263]  loop3: p1 p3 p4
[  262.959314][T25263] loop3: p1 size 11290111 extends beyond EOD, truncated
[  262.986292][T25267] FAULT_INJECTION: forcing a failure.
[  262.986292][T25267] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  262.987035][T25263] loop3: p3 size 1912633224 extends beyond EOD, truncated
[  262.999581][T25267] CPU: 0 PID: 25267 Comm: syz-executor.0 Not tainted 5.14.0-rc4-syzkaller #0
[  263.015833][T25267] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  263.026034][T25267] Call Trace:
[  263.029371][T25267]  dump_stack_lvl+0xb7/0x103
[  263.033978][T25267]  dump_stack+0x11/0x1a
[  263.038134][T25267]  should_fail+0x23c/0x250
[  263.042684][T25267]  __alloc_pages+0x102/0x320
[  263.046576][T25263] loop3: p4 size 3657465856 extends beyond EOD, truncated
[  263.047810][T25267]  alloc_pages_vma+0x513/0x680
[  263.059774][T25267]  ? page_address_in_vma+0x264/0x300
[  263.065119][T25267]  new_page+0x124/0x170
[  263.069518][T25267]  migrate_pages+0x3b3/0x1530
[  263.074208][T25267]  ? do_mbind+0xf50/0xf50
[  263.078762][T25267]  ? remove_migration_ptes+0x90/0x90
[  263.084410][T25267]  do_mbind+0xd43/0xf50
[  263.088696][T25267]  __x64_sys_mbind+0x10a/0x130
[  263.093606][T25267]  do_syscall_64+0x3d/0x90
[  263.098048][T25267]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  263.104169][T25267] RIP: 0033:0x4665e9
[  263.108161][T25267] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  263.127899][T25267] RSP: 002b:00007f21c691d188 EFLAGS: 00000246 ORIG_RAX: 00000000000000ed
09:18:04 executing program 5 (fault-call:2 fault-nth:3):
mlockall(0x1)
mremap(&(0x7f0000453000/0x4000)=nil, 0x4000, 0x1000, 0x3, &(0x7f000014a000/0x1000)=nil)
mbind(&(0x7f00003b5000/0x800000)=nil, 0x800004, 0x0, 0x0, 0x0, 0x2)

09:18:04 executing program 3:
syz_read_part_table(0x12000000, 0x1, &(0x7f0000000480)=[{&(0x7f0000000000)="020181ffffff0a000000ff45ac000000000063000800000000000000000000ffffffa9000000e10000008877007200300700a6ffffff00000000008000da55aa", 0x40, 0x1c0}])
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)

[  263.136575][T25267] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665e9
[  263.144577][T25267] RDX: 0000000000000000 RSI: 0000000000800004 RDI: 00000000203b5000
[  263.152658][T25267] RBP: 00007f21c691d1d0 R08: 0000000000000000 R09: 0000000000000002
[  263.160843][T25267] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  263.168910][T25267] R13: 00007ffd632b736f R14: 00007f21c691d300 R15: 0000000000022000
09:18:04 executing program 2:
r0 = open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x1800007, 0x11, r0, 0x0)
r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r2=>0x0)
ftruncate(r1, 0x81fd)
syz_open_dev$vcsu(&(0x7f0000001700), 0x0, 0x0)
sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000003980)=[{0x0}], 0x1}, 0x0)
io_submit(r2, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x8800300, 0x0, 0x1, 0x0, r1, &(0x7f0000000000), 0x16000}])

[  263.304762][ T1778] __loop_clr_fd: partition scan of loop3 failed (rc=-16)
[  263.412572][T25329] loop3: detected capacity change from 0 to 264192
[  263.481120][T25329]  loop3: p1 p3 p4
[  263.485097][T25329] loop3: p1 size 11290111 extends beyond EOD, truncated
[  263.506687][T25329] loop3: p3 size 1912633224 extends beyond EOD, truncated
[  263.531667][T25329] loop3: p4 size 3657465856 extends beyond EOD, truncated
09:18:05 executing program 0 (fault-call:2 fault-nth:4):
mlockall(0x1)
mremap(&(0x7f0000453000/0x4000)=nil, 0x4000, 0x1000, 0x3, &(0x7f000014a000/0x1000)=nil)
mbind(&(0x7f00003b5000/0x800000)=nil, 0x800004, 0x0, 0x0, 0x0, 0x2)

09:18:05 executing program 1:
r0 = syz_io_uring_setup(0x2de1, &(0x7f0000000240)={0x0, 0x4201, 0x4}, &(0x7f0000ee7000/0x3000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000140))
r2 = syz_io_uring_setup(0x495a, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=<r3=>0x0, &(0x7f0000000100)=<r4=>0x0)
pipe(&(0x7f0000000040)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
write$binfmt_misc(r6, &(0x7f0000000140)=ANY=[], 0x4240a2a0)
io_uring_register$IORING_REGISTER_EVENTFD(r6, 0x4, &(0x7f0000000200), 0x1)
syz_io_uring_submit(r3, r4, &(0x7f0000000040)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x4, 0x0, @fd=r2}, 0x9)
syz_io_uring_submit(r3, r4, &(0x7f0000008540)=@IORING_OP_CLOSE, 0x10001)
syz_io_uring_submit(r3, r4, &(0x7f00000000c0)=@IORING_OP_WRITE_FIXED={0x5, 0x0, 0x2000, @fd, 0x0, 0x0, 0x0, 0x0, 0x0, {0x10}}, 0x0)
r7 = syz_io_uring_setup(0x1249, &(0x7f0000000240), &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000100)=<r8=>0x0, &(0x7f0000000080)=<r9=>0x0)
r10 = io_uring_register$IORING_REGISTER_PERSONALITY(r7, 0x9, 0x0, 0x0)
syz_io_uring_submit(r8, r9, &(0x7f0000000040)=@IORING_OP_FALLOCATE={0x11, 0x0, 0x0, @fd=r7, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, r10}}, 0x0)
io_uring_enter(0xffffffffffffffff, 0x1d8e, 0x40c9, 0x1, &(0x7f00000015c0)={[0xfed]}, 0x8)
syz_io_uring_submit(r1, r9, &(0x7f00000001c0)=@IORING_OP_READV=@pass_iovec={0x1, 0x3, 0x6000, @fd_index=0x5, 0x1, &(0x7f00000004c0)=[{&(0x7f0000000340)=""/171, 0xab}, {&(0x7f0000000400)=""/166, 0xa6}, {&(0x7f0000000580)=""/4096, 0x1000}, {&(0x7f0000000000)=""/62, 0x3e}, {&(0x7f0000000080)=""/32, 0x20}, {&(0x7f0000000180)=""/37, 0x25}, {&(0x7f0000001680)=""/197, 0xc5}], 0x7, 0x19, 0x0, {0x0, r10}}, 0x0)
setsockopt$inet6_tcp_TLS_TX(r5, 0x6, 0x1, &(0x7f0000001580)=@ccm_128={{0x303}, "047de546b1162ff6", "05675434281175b500c8d820668308e3", "ee65634f", "7aa7937f277a1aaa"}, 0x28)
io_uring_enter(r0, 0x302, 0x0, 0x0, 0x0, 0x0)

09:18:05 executing program 2:
r0 = open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x1800007, 0x11, r0, 0x0)
r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r2=>0x0)
ftruncate(r1, 0x81fd)
syz_open_dev$vcsu(&(0x7f0000001700), 0x0, 0x0)
sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000003980)=[{0x0}], 0x1}, 0x0)
io_submit(r2, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x9000000, 0x0, 0x1, 0x0, r1, &(0x7f0000000000), 0x16000}])

[  263.618556][T25329] loop3: detected capacity change from 0 to 264192
[  263.651717][T25318] FAULT_INJECTION: forcing a failure.
[  263.651717][T25318] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  263.665260][T25318] CPU: 1 PID: 25318 Comm: syz-executor.5 Not tainted 5.14.0-rc4-syzkaller #0
[  263.674090][T25318] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  263.684240][T25318] Call Trace:
[  263.687528][T25318]  dump_stack_lvl+0xb7/0x103
[  263.692231][T25318]  dump_stack+0x11/0x1a
[  263.696510][T25318]  should_fail+0x23c/0x250
[  263.701056][T25318]  __alloc_pages+0x102/0x320
[  263.706011][T25318]  alloc_pages_vma+0x513/0x680
[  263.710870][T25318]  ? page_address_in_vma+0x264/0x300
[  263.716170][T25318]  new_page+0x124/0x170
[  263.720332][T25318]  migrate_pages+0x3b3/0x1530
[  263.725013][T25318]  ? do_mbind+0xf50/0xf50
[  263.729468][T25318]  ? remove_migration_ptes+0x90/0x90
[  263.735001][T25318]  do_mbind+0xd43/0xf50
[  263.739270][T25318]  __x64_sys_mbind+0x10a/0x130
[  263.744081][T25318]  do_syscall_64+0x3d/0x90
[  263.748551][T25318]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  263.754553][T25318] RIP: 0033:0x4665e9
09:18:05 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), 0xffffffffffffffff)
sendmsg$NL80211_CMD_GET_WIPHY(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000040)=ANY=[@ANYBLOB="3000009970b5ce00", @ANYRES16=r1, @ANYBLOB="1907000000000000000001000000080001000000000008000300", @ANYRES32=0x0, @ANYBLOB="0c0099000000000000000000"], 0x30}}, 0x0)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000900), 0xffffffffffffffff)
r3 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r3, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d)
bind$inet(r3, &(0x7f0000000280)={0x2, 0x4e23, @local}, 0x10)
setsockopt$SO_ATTACH_FILTER(r3, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000400)=[{0x6, 0x0, 0x0, 0xe5}]}, 0x10)
sendto$inet(r3, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
setsockopt$sock_int(r3, 0x1, 0x8, &(0x7f0000000600)=0xda6, 0x4)
writev(r3, &(0x7f0000000780)=[{&(0x7f0000000100)="dff548771d77ce8786aca76dda6fb054ab8ea73799d7293eda90ba41a2db81fab55b5415692300a8e64bca2f60e1717f85f06a6bbca90f392b04f34940db7ffccc33ed6ea82296de9683c9e360cd1c477304bd8f9bd74d44a4c7d1c7e625a86cd54b72c5745f475a772b84977a6b05381dbe6259bc510f0f70c3e9946a78c7b5a19e97447799d930f9", 0x89}, {&(0x7f00000001c0)="96431fb1cb119741590ad657dc5e5ce3e5fe9f1f639e6a18bc7b6c1d0b424eb306f34cf2429c62c0fdefbae36740a7169721af852826d7f14b6cae8af86507ff78a1dda991aea5952f43e7e0146a3c035f0113d617240e8940c60cdf3400193bbe3a0c0b1eae5799db27b4ee9c13475210defa4dac9d784e0c89135b82b321f8e43d7a5db9ab1bfd319f472a", 0x8c}, {&(0x7f0000001340)="f15c93cb35c215fe339d1e9060c5b23e77cb58a87329a00288504db389cc6e395885fa906ac30eeae99fa388c31b5717e641e1586a90961b5f99b26c939d944f6cb1cf6817b7e51402a8459f9db642e97d3c05db56250a665d3ff188eb47e5b036d508aa5a5796fb8806b6a41487e0bfc3df087c18269bd7d2f477104c5d5db497ceaf3e1b11a5d63a2b7035dc69fa701f3b46fe701880800a7d38dccd4b3e8014aa15c96968359533ce2c5ffdd5f0d3297018bd7c025150940cdead92eb1e6bc6ba45eecf067b32425b6000b2f376ef9172426ae7fa97e5a84ef4dc540bbf5dd458ffcb75724135bd32fa04db6d6a75aedda7ab6e8501fc94e209dc3b2525ae24c954255d3247ca9c1b9525ce68179a52a87333aa2b0a8c1baa6ba6160c6d2018e67bac5402d0d89c5f798b8d1a87b0dc3306f546c61724530d9f4b6f0ee68677c7b261de5afa02d708a8ec979791de8f4831cc354ba453bc253e2435207f25494a594d4e5be39902358d362cb318ad965b7e7480a5ca5b6fe74e101c400c77392ee4419ad788f494230487811046f21f0f9665dfbaa9e94ed305a02e3fa47039e67dde19f89c8f1741aad752cdfe458ddf54e8fc10ff79b5", 0x1b9}], 0x3)
sendto$inet(r3, &(0x7f00000012c0)="1a268a927f1f6588b967482941ba78600453f65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95425a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0xfe6a, 0x11, 0x0, 0x27)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_KEY(0xffffffffffffffff, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000200)={0x1c, 0x0, 0x101, 0x70bd28, 0x0, {{}, {@val={0x8}, @void}}}, 0x1c}, 0x1, 0x0, 0x0, 0x4000000}, 0x0)
sendmsg$NL80211_CMD_START_SCHED_SCAN(r0, &(0x7f00000001c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000180)={&(0x7f00000000c0)={0x44, r2, 0x2, 0x70bd2a, 0x25dfdbfc, {{}, {@void, @val={0xc, 0x99, {0xfff, 0x16}}}}, [@NL80211_ATTR_MEASUREMENT_DURATION={0x6}, @NL80211_ATTR_TX_NO_CCK_RATE={0x4}, @NL80211_ATTR_BSSID={0xa, 0xf5, @from_mac=@device_b}, @NL80211_ATTR_MAC={0xa}]}, 0x44}, 0x1, 0x0, 0x0, 0x4000}, 0x20000000)
mkdir(&(0x7f0000002200)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000980)='./file0\x00', &(0x7f0000000440)='proc\x00', 0x0, 0x0)
r4 = open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
getdents(r4, &(0x7f00000005c0)=""/223, 0xfc61)

[  263.758436][T25318] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  263.778315][T25318] RSP: 002b:00007f0bf3051188 EFLAGS: 00000246 ORIG_RAX: 00000000000000ed
[  263.786744][T25318] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665e9
[  263.794892][T25318] RDX: 0000000000000000 RSI: 0000000000800004 RDI: 00000000203b5000
[  263.802861][T25318] RBP: 00007f0bf30511d0 R08: 0000000000000000 R09: 0000000000000002
[  263.810858][T25318] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  263.818966][T25318] R13: 00007fffa727060f R14: 00007f0bf3051300 R15: 0000000000022000
[  263.834210][T25329]  loop3: p1 p3 p4
[  263.839334][T25329] loop3: p1 size 11290111 extends beyond EOD, truncated
[  263.852233][T25329] loop3: p3 size 1912633224 extends beyond EOD, truncated
[  263.880017][T25329] loop3: p4 size 3657465856 extends beyond EOD, truncated
[  263.901936][T25353] FAULT_INJECTION: forcing a failure.
[  263.901936][T25353] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  263.915542][T25353] CPU: 0 PID: 25353 Comm: syz-executor.0 Not tainted 5.14.0-rc4-syzkaller #0
[  263.924513][T25353] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  263.935148][T25353] Call Trace:
[  263.938700][T25353]  dump_stack_lvl+0xb7/0x103
[  263.943465][T25353]  dump_stack+0x11/0x1a
[  263.947816][T25353]  should_fail+0x23c/0x250
[  263.952421][T25353]  __alloc_pages+0x102/0x320
[  263.957020][T25353]  alloc_pages_vma+0x513/0x680
[  263.961804][T25353]  ? page_address_in_vma+0x264/0x300
[  263.967342][T25353]  new_page+0x124/0x170
[  263.971503][T25353]  migrate_pages+0x3b3/0x1530
[  263.976180][T25353]  ? do_mbind+0xf50/0xf50
[  263.980569][T25353]  ? remove_migration_ptes+0x90/0x90
[  263.985854][T25353]  do_mbind+0xd43/0xf50
[  263.990045][T25353]  __x64_sys_mbind+0x10a/0x130
[  263.994908][T25353]  do_syscall_64+0x3d/0x90
[  263.999363][T25353]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  264.005293][T25353] RIP: 0033:0x4665e9
[  264.009271][T25353] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
09:18:05 executing program 5 (fault-call:2 fault-nth:4):
mlockall(0x1)
mremap(&(0x7f0000453000/0x4000)=nil, 0x4000, 0x1000, 0x3, &(0x7f000014a000/0x1000)=nil)
mbind(&(0x7f00003b5000/0x800000)=nil, 0x800004, 0x0, 0x0, 0x0, 0x2)

[  264.029661][T25353] RSP: 002b:00007f21c68fc188 EFLAGS: 00000246 ORIG_RAX: 00000000000000ed
[  264.038363][T25353] RAX: ffffffffffffffda RBX: 000000000056c038 RCX: 00000000004665e9
[  264.046351][T25353] RDX: 0000000000000000 RSI: 0000000000800004 RDI: 00000000203b5000
[  264.054440][T25353] RBP: 00007f21c68fc1d0 R08: 0000000000000000 R09: 0000000000000002
[  264.062421][T25353] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  264.070394][T25353] R13: 00007ffd632b736f R14: 00007f21c68fc300 R15: 0000000000022000
09:18:05 executing program 3:
syz_read_part_table(0x13000000, 0x1, &(0x7f0000000480)=[{&(0x7f0000000000)="020181ffffff0a000000ff45ac000000000063000800000000000000000000ffffffa9000000e10000008877007200300700a6ffffff00000000008000da55aa", 0x40, 0x1c0}])
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)

09:18:05 executing program 2:
r0 = open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x1800007, 0x11, r0, 0x0)
r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r2=>0x0)
ftruncate(r1, 0x81fd)
syz_open_dev$vcsu(&(0x7f0000001700), 0x0, 0x0)
sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000003980)=[{0x0}], 0x1}, 0x0)
io_submit(r2, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x9800300, 0x0, 0x1, 0x0, r1, &(0x7f0000000000), 0x16000}])

[  264.110066][ T1041]  loop3: p1 p3 p4
[  264.113953][ T1041] loop3: p1 size 11290111 extends beyond EOD, truncated
[  264.138182][ T1041] loop3: p3 size 1912633224 extends beyond EOD, truncated
[  264.162298][ T1041] loop3: p4 size 3657465856 extends beyond EOD, truncated
[  264.196790][T25366] FAULT_INJECTION: forcing a failure.
[  264.196790][T25366] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  264.210136][T25366] CPU: 0 PID: 25366 Comm: syz-executor.5 Not tainted 5.14.0-rc4-syzkaller #0
[  264.218930][T25366] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  264.230324][T25366] Call Trace:
[  264.233768][T25366]  dump_stack_lvl+0xb7/0x103
[  264.238650][T25366]  dump_stack+0x11/0x1a
[  264.243012][T25366]  should_fail+0x23c/0x250
[  264.247744][T25366]  __alloc_pages+0x102/0x320
[  264.252572][T25366]  alloc_pages_vma+0x513/0x680
[  264.257413][T25366]  ? page_address_in_vma+0x264/0x300
[  264.262834][T25366]  new_page+0x124/0x170
[  264.267019][T25366]  migrate_pages+0x3b3/0x1530
[  264.271813][T25366]  ? do_mbind+0xf50/0xf50
[  264.276138][T25366]  ? remove_migration_ptes+0x90/0x90
[  264.281412][T25366]  do_mbind+0xd43/0xf50
[  264.285656][T25366]  __x64_sys_mbind+0x10a/0x130
[  264.290423][T25366]  do_syscall_64+0x3d/0x90
[  264.294972][T25366]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  264.300870][T25366] RIP: 0033:0x4665e9
[  264.304789][T25366] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  264.324399][T25366] RSP: 002b:00007f0bf3051188 EFLAGS: 00000246 ORIG_RAX: 00000000000000ed
[  264.332813][T25366] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665e9
[  264.340794][T25366] RDX: 0000000000000000 RSI: 0000000000800004 RDI: 00000000203b5000
[  264.348858][T25366] RBP: 00007f0bf30511d0 R08: 0000000000000000 R09: 0000000000000002
09:18:05 executing program 0 (fault-call:2 fault-nth:5):
mlockall(0x1)
mremap(&(0x7f0000453000/0x4000)=nil, 0x4000, 0x1000, 0x3, &(0x7f000014a000/0x1000)=nil)
mbind(&(0x7f00003b5000/0x800000)=nil, 0x800004, 0x0, 0x0, 0x0, 0x2)

[  264.357102][T25366] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  264.365305][T25366] R13: 00007fffa727060f R14: 00007f0bf3051300 R15: 0000000000022000
09:18:06 executing program 2:
r0 = open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x1800007, 0x11, r0, 0x0)
r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r2=>0x0)
ftruncate(r1, 0x81fd)
syz_open_dev$vcsu(&(0x7f0000001700), 0x0, 0x0)
sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000003980)=[{0x0}], 0x1}, 0x0)
io_submit(r2, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0xa000000, 0x0, 0x1, 0x0, r1, &(0x7f0000000000), 0x16000}])

09:18:06 executing program 1:
r0 = syz_io_uring_setup(0x2de1, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000002000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
syz_io_uring_setup(0x18f0, &(0x7f0000000000)={0x0, 0x3d46, 0x10, 0x2, 0x2a4, 0x0, r0}, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000002000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000080)=<r3=>0x0)
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000180)=@IORING_OP_FADVISE={0x18, 0x4, 0x0, @fd_index=0x4, 0x8001, 0x0, 0x2364, 0x4, 0x1, {0x0, r4}}, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f00000001c0)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index, 0x0, 0x0, 0x0, 0x1}, 0x0)
io_uring_enter(r0, 0x302, 0x0, 0x0, 0x0, 0x0)

[  264.506037][T25388] loop3: detected capacity change from 0 to 264192
[  264.514354][ T1041]  loop1: p2 < > p3 p4
[  264.518695][ T1041] loop1: p2 size 2 extends beyond EOD, truncated
[  264.542843][T25379] FAULT_INJECTION: forcing a failure.
[  264.542843][T25379] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  264.556240][T25379] CPU: 0 PID: 25379 Comm: syz-executor.0 Not tainted 5.14.0-rc4-syzkaller #0
[  264.565160][T25379] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  264.575305][T25379] Call Trace:
[  264.578586][T25379]  dump_stack_lvl+0xb7/0x103
[  264.583194][T25379]  dump_stack+0x11/0x1a
[  264.587502][T25379]  should_fail+0x23c/0x250
[  264.592075][T25379]  __alloc_pages+0x102/0x320
[  264.596755][T25379]  alloc_pages_vma+0x513/0x680
[  264.601626][T25379]  ? page_address_in_vma+0x264/0x300
[  264.606997][T25379]  new_page+0x124/0x170
[  264.611304][T25379]  migrate_pages+0x3b3/0x1530
[  264.615987][T25379]  ? do_mbind+0xf50/0xf50
[  264.620421][T25379]  ? remove_migration_ptes+0x90/0x90
[  264.625836][T25379]  do_mbind+0xd43/0xf50
[  264.630119][T25379]  __x64_sys_mbind+0x10a/0x130
[  264.631491][ T1041] loop1: p3 start 225 is beyond EOD, 
[  264.634893][T25379]  do_syscall_64+0x3d/0x90
[  264.640297][ T1041] truncated
[  264.644669][T25379]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  264.647758][ T1041] loop1: p4 size 3657465856 extends beyond EOD, 
[  264.653638][T25379] RIP: 0033:0x4665e9
[  264.653654][T25379] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  264.660181][ T1041] truncated
[  264.664083][T25379] RSP: 002b:00007f21c691d188 EFLAGS: 00000246 ORIG_RAX: 00000000000000ed
[  264.695364][T25379] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665e9
09:18:06 executing program 1:
r0 = io_uring_setup(0x6d61, &(0x7f0000000180))
io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000100)=[{0x0}], 0x1)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
io_uring_register$IORING_REGISTER_PROBE(r0, 0x10, &(0x7f0000000080)=ANY=[@ANYRES64=r1], 0x20)
r2 = syz_io_uring_setup(0x2de1, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000002000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000100)=<r3=>0x0, &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r3, r4, &(0x7f00000001c0)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index, 0x0, 0x0, 0x0, 0x1}, 0x0)
r5 = syz_open_dev$tty1(0xc, 0x4, 0x2)
io_uring_register$IORING_REGISTER_FILES_UPDATE(r2, 0x6, &(0x7f0000000040)={0x7, 0x0, &(0x7f0000000000)=[r5, r0]}, 0x2)
io_uring_enter(r2, 0x302, 0x0, 0x0, 0x0, 0x0)

09:18:06 executing program 5 (fault-call:2 fault-nth:5):
mlockall(0x1)
mremap(&(0x7f0000453000/0x4000)=nil, 0x4000, 0x1000, 0x3, &(0x7f000014a000/0x1000)=nil)
mbind(&(0x7f00003b5000/0x800000)=nil, 0x800004, 0x0, 0x0, 0x0, 0x2)

[  264.703329][T25379] RDX: 0000000000000000 RSI: 0000000000800004 RDI: 00000000203b5000
[  264.711687][T25379] RBP: 00007f21c691d1d0 R08: 0000000000000000 R09: 0000000000000002
[  264.719661][T25379] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  264.727831][T25379] R13: 00007ffd632b736f R14: 00007f21c691d300 R15: 0000000000022000
[  264.750043][ T1041]  loop1: p2 < > p3 p4
09:18:06 executing program 1:
r0 = syz_io_uring_setup(0x2de1, &(0x7f0000000240)={0x0, 0xf097, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000002000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000001c0)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index, 0x0, 0x0, 0x0, 0x1}, 0x0)
io_uring_enter(r0, 0x302, 0x0, 0x0, 0x0, 0x0)

[  264.754328][ T1041] loop1: p2 size 2 extends beyond EOD, truncated
[  264.764974][ T1041] loop1: p3 start 225 is beyond EOD, truncated
[  264.771190][ T1041] loop1: p4 size 3657465856 extends beyond EOD, truncated
[  264.778683][T25388]  loop3: p1 p3 p4
[  264.783524][T25388] loop3: p1 size 11290111 extends beyond EOD, truncated
[  264.806319][T25388] loop3: p3 size 1912633224 extends beyond EOD, truncated
[  264.830863][ T1041]  loop1: p2 < > p3 p4
[  264.835802][T25388] loop3: p4 size 3657465856 extends beyond EOD, truncated
[  264.838348][ T1041] loop1: p2 size 2 extends beyond EOD, truncated
09:18:06 executing program 2:
r0 = open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x1800007, 0x11, r0, 0x0)
r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r2=>0x0)
ftruncate(r1, 0x81fd)
syz_open_dev$vcsu(&(0x7f0000001700), 0x0, 0x0)
sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000003980)=[{0x0}], 0x1}, 0x0)
io_submit(r2, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0xb000000, 0x0, 0x1, 0x0, r1, &(0x7f0000000000), 0x16000}])

09:18:06 executing program 4:
mkdir(&(0x7f0000002200)='./file0\x00', 0x0)
symlink(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080)='./file0\x00')
mount(0x0, &(0x7f0000000980)='./file0\x00', &(0x7f0000000440)='ext4\x00', 0x20000, 0x0)
r0 = open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
mount(&(0x7f00000001c0)=@sg0, &(0x7f0000000200)='./file0/file0\x00', &(0x7f0000000240)='iso9660\x00', 0x1000406, &(0x7f0000000280)='\xd2}%\\\x00')
setxattr$incfs_id(&(0x7f00000002c0)='./file0\x00', &(0x7f0000000300), &(0x7f0000000340)={'0000000000000000000000000000000', 0x31}, 0x20, 0x2)
getdents(r0, &(0x7f00000005c0)=""/223, 0xfc61)
mount(&(0x7f00000000c0)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000000100)='./file0/file0\x00', &(0x7f0000000140)='cpuset\x00', 0x20c1408, &(0x7f0000000180)='\x00')

09:18:06 executing program 1:
r0 = syz_io_uring_setup(0x2de1, &(0x7f0000000240)={0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0}, &(0x7f0000fed000/0x13000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = syz_io_uring_setup(0x495a, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=<r4=>0x0, &(0x7f0000000100)=<r5=>0x0)
syz_io_uring_submit(r4, r5, &(0x7f0000000040)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x4, 0x0, @fd=r3}, 0x9)
syz_io_uring_submit(r4, r5, &(0x7f0000008540)=@IORING_OP_CLOSE, 0x10001)
syz_io_uring_submit(r4, r5, &(0x7f00000000c0)=@IORING_OP_WRITE_FIXED, 0x0)
pipe(&(0x7f0000000040)={<r6=>0xffffffffffffffff})
r7 = socket$inet_udp(0x2, 0x2, 0x0)
close(r7)
splice(r6, 0x0, r7, 0x0, 0x10005, 0x0)
r8 = syz_io_uring_setup(0x1249, &(0x7f0000000240), &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000100)=<r9=>0x0, &(0x7f0000000080)=<r10=>0x0)
r11 = io_uring_register$IORING_REGISTER_PERSONALITY(r8, 0x9, 0x0, 0x0)
syz_io_uring_submit(r9, r10, &(0x7f0000000040)=@IORING_OP_FALLOCATE={0x11, 0x0, 0x0, @fd=r8, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, r11}}, 0x0)
syz_io_uring_submit(r4, 0x0, &(0x7f00000000c0)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, r7, &(0x7f0000000000)=0x80, &(0x7f0000000040)=@nfc_llcp, 0x0, 0x0, 0x0, {0x0, r11}}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000001c0)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index, 0x0, 0x0, 0x0, 0x1}, 0x0)
io_uring_enter(r0, 0x302, 0x0, 0x0, 0x0, 0x0)

[  264.857669][ T1041] loop1: p3 start 225 is beyond EOD, truncated
[  264.863923][ T1041] loop1: p4 size 3657465856 extends beyond EOD, truncated
[  264.942547][T25388] loop3: detected capacity change from 0 to 264192
[  264.955999][ T1041]  loop1: p2 < > p3 p4
[  264.972458][ T1041] loop1: p2 size 2 extends beyond EOD, truncated
09:18:06 executing program 1:
r0 = syz_io_uring_setup(0x2de1, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000002000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000001c0)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index, 0x0, 0x0, 0x0, 0x1}, 0x0)
r3 = syz_io_uring_setup(0x495a, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=<r4=>0x0, &(0x7f0000000100)=<r5=>0x0)
syz_io_uring_submit(r4, r5, &(0x7f0000000040)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x4, 0x0, @fd=r3}, 0x9)
syz_io_uring_submit(r4, r5, &(0x7f0000008540)=@IORING_OP_CLOSE, 0x10001)
syz_io_uring_submit(r4, r5, &(0x7f00000000c0)=@IORING_OP_WRITE_FIXED, 0x0)
r6 = socket(0xa, 0x800, 0x624a)
ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, &(0x7f0000000200)={'syztnl0\x00', &(0x7f0000000340)={'syztnl2\x00', <r7=>0x0, 0x4, 0xaf, 0x7f, 0x9, 0x1, @mcast2, @loopback, 0x8000, 0x10, 0x7fffffff, 0x5}})
r8 = socket$packet(0x11, 0x2, 0x300)
syz_io_uring_submit(r1, 0x0, &(0x7f00000003c0)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x5, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x1, {0x2}}, 0x7fffffff)
r9 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000280)={'sit0\x00', <r10=>0x0})
sendto$packet(r8, 0x0, 0x0, 0x0, &(0x7f00000000c0)={0x11, 0x8848, r10, 0x1, 0x0, 0x6, @random="b52aa03ef753"}, 0x14)
sendmsg$ETHTOOL_MSG_DEBUG_GET(r6, &(0x7f0000000580)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000500)={&(0x7f00000005c0)=ANY=[@ANYBLOB="3c57f09f", @ANYRES16=0x0, @ANYBLOB="01002dbd7000fbdbdf25070000000c0001800800030003000000680001801400020076657468315f766c616e0000000000001400020076657468315f746f5f626f6e6400000008000100", @ANYRES32=0x0, @ANYBLOB="08000100", @ANYRES32=r7, @ANYBLOB="0800030002000000080003000100000008000100", @ANYRES32=0x0, @ANYBLOB="14000200697036746e6c3000000000000000000004000180400001801400020076657468305f746f5f626f6e640000001400020069703667726530000000000000000000140002007665746831000000000000000000000018000180140002006c6f000000000000000000000000000018000180140002006d616376746170300000000000000000"], 0xfc}, 0x1, 0x0, 0x0, 0x1010}, 0x20008858)
r11 = io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0)
syz_io_uring_submit(r1, r5, &(0x7f00000000c0)=@IORING_OP_PROVIDE_BUFFERS={0x1f, 0x0, 0x0, 0x3ff, 0x1, &(0x7f0000000000)="480597cdee89378f50d21c6dd4d93ea3cbfd3242eebd4554fb6529a46a5c55e0a2d65373b3e65ec913208c1d015c3bff12aa9cb7e8600229fb9d040bb174508f1c26cda87862089d9ffbe09b87e2be4b133a44bff52b4cd493a9db432b89002445cbcf9c4b6bf6e16a1667a133037a2ada2f2c5cf857737927925eced5955538043620ab29aae5f6eba65f7ba207ae66b6839548d2f6eed9995d32af005de76263ded7be772964fedc2af0f35d5b0d85a20c", 0x99f7, 0x0, 0x1, {0x1, r11}}, 0x8)
io_uring_enter(r0, 0x302, 0x0, 0x0, 0x0, 0x0)

[  264.989814][T25388]  loop3: p1 p3 p4
[  264.993946][T25388] loop3: p1 size 11290111 extends beyond EOD, truncated
[  265.002983][ T1041] loop1: p3 start 225 is beyond EOD, truncated
[  265.009151][T25388] loop3: p3 size 1912633224 extends beyond EOD, truncated
[  265.009163][ T1041] loop1: p4 size 3657465856 extends beyond EOD, truncated
[  265.053234][T25388] loop3: p4 size 3657465856 extends beyond EOD, truncated
09:18:06 executing program 3:
syz_read_part_table(0x20000000, 0x1, &(0x7f0000000480)=[{&(0x7f0000000000)="020181ffffff0a000000ff45ac000000000063000800000000000000000000ffffffa9000000e10000008877007200300700a6ffffff00000000008000da55aa", 0x40, 0x1c0}])
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)

09:18:06 executing program 4:
mkdir(&(0x7f0000002200)='\x00', 0x40)
mount(0x0, &(0x7f0000000980)='./file0\x00', &(0x7f0000000440)='proc\x00', 0x0, 0x0)
mount(&(0x7f0000000040)=@nullb, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='overlay\x00', 0x200006, 0x0)
r0 = open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
getdents(r0, &(0x7f00000005c0)=""/223, 0xfc61)

09:18:06 executing program 0 (fault-call:2 fault-nth:6):
mlockall(0x1)
mremap(&(0x7f0000453000/0x4000)=nil, 0x4000, 0x1000, 0x3, &(0x7f000014a000/0x1000)=nil)
mbind(&(0x7f00003b5000/0x800000)=nil, 0x800004, 0x0, 0x0, 0x0, 0x2)

09:18:06 executing program 2:
r0 = open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x1800007, 0x11, r0, 0x0)
r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r2=>0x0)
ftruncate(r1, 0x81fd)
syz_open_dev$vcsu(&(0x7f0000001700), 0x0, 0x0)
sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000003980)=[{0x0}], 0x1}, 0x0)
io_submit(r2, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0xc000000, 0x0, 0x1, 0x0, r1, &(0x7f0000000000), 0x16000}])

09:18:06 executing program 1:
r0 = syz_io_uring_setup(0x2de1, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000002000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000001c0)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index, 0x0, 0x0, 0x0, 0x1}, 0x0)
r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x4, 0x13, r0, 0x8000000)
syz_io_uring_setup(0x2097, &(0x7f0000000000)={0x0, 0xcfe4, 0x8, 0x0, 0xe5}, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=<r4=>0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000200)=@IORING_OP_SEND={0x1a, 0x4, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000180)="53682c0e4ad3872d38", 0x9, 0x800}, 0x80)
io_uring_enter(r0, 0x302, 0x0, 0x0, 0x0, 0x0)

09:18:06 executing program 4:
mkdir(&(0x7f0000002200)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000980)='./file0\x00', &(0x7f0000000440)='proc\x00', 0x0, 0x0)
r0 = open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
getdents(r0, &(0x7f00000005c0)=""/223, 0xfc61)
r1 = openat$random(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
r2 = syz_io_uring_setup(0x1249, &(0x7f0000000240), &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000100)=<r3=>0x0, &(0x7f0000000080)=<r4=>0x0)
r5 = io_uring_register$IORING_REGISTER_PERSONALITY(r2, 0x9, 0x0, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000040)=@IORING_OP_FALLOCATE={0x11, 0x0, 0x0, @fd=r2, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, r5}}, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000080)=@IORING_OP_FSYNC={0x3, 0x3, 0x0, @fd=r1, 0x0, 0x0, 0x0, 0x1, 0x1, {0x0, r5}}, 0x40)

[  265.191692][T25462] loop3: detected capacity change from 0 to 264192
[  265.207742][ T1041]  loop1: p2 < > p3 p4
[  265.226980][ T1041] loop1: p2 size 2 extends beyond EOD, truncated
[  265.249778][T25462]  loop3: p1 p3 p4
[  265.253974][T25462] loop3: p1 size 11290111 extends beyond EOD, truncated
[  265.254085][ T1041] loop1: p3 start 225 is beyond EOD, truncated
[  265.267197][ T1041] loop1: p4 size 3657465856 extends beyond EOD, truncated
[  265.285216][T25462] loop3: p3 size 1912633224 extends beyond EOD, truncated
[  265.319615][T25462] loop3: p4 size 3657465856 extends beyond EOD, truncated
[  265.368477][T25419] FAULT_INJECTION: forcing a failure.
[  265.368477][T25419] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  265.381759][T25419] CPU: 0 PID: 25419 Comm: syz-executor.5 Not tainted 5.14.0-rc4-syzkaller #0
[  265.390700][T25419] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  265.401199][T25419] Call Trace:
[  265.404486][T25419]  dump_stack_lvl+0xb7/0x103
[  265.409098][T25419]  dump_stack+0x11/0x1a
[  265.413266][T25419]  should_fail+0x23c/0x250
[  265.417743][T25419]  __alloc_pages+0x102/0x320
[  265.422330][T25419]  alloc_pages_vma+0x513/0x680
[  265.427621][T25419]  ? page_address_in_vma+0x264/0x300
[  265.434102][T25419]  new_page+0x124/0x170
[  265.438487][T25419]  migrate_pages+0x3b3/0x1530
[  265.443609][T25419]  ? do_mbind+0xf50/0xf50
[  265.448023][T25419]  ? remove_migration_ptes+0x90/0x90
[  265.454545][T25419]  do_mbind+0xd43/0xf50
[  265.458794][T25419]  __x64_sys_mbind+0x10a/0x130
[  265.463648][T25419]  do_syscall_64+0x3d/0x90
[  265.468152][T25419]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  265.474043][T25419] RIP: 0033:0x4665e9
[  265.478054][T25419] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  265.498109][T25419] RSP: 002b:00007f0bf3051188 EFLAGS: 00000246 ORIG_RAX: 00000000000000ed
[  265.499356][ T1041]  loop1: p2 < > p3 p4
[  265.506643][T25419] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665e9
[  265.506659][T25419] RDX: 0000000000000000 RSI: 0000000000800004 RDI: 00000000203b5000
[  265.506671][T25419] RBP: 00007f0bf30511d0 R08: 0000000000000000 R09: 0000000000000002
[  265.511026][ T1041] loop1: p2 size 2 extends beyond EOD, 
[  265.518784][T25419] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  265.518801][T25419] R13: 00007fffa727060f R14: 00007f0bf3051300 R15: 0000000000022000
[  265.526820][ T1041] truncated
[  265.548489][T25482] FAULT_INJECTION: forcing a failure.
[  265.548489][T25482] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  265.548559][T25482] CPU: 0 PID: 25482 Comm: syz-executor.0 Not tainted 5.14.0-rc4-syzkaller #0
[  265.560865][ T1041] loop1: p3 start 225 is beyond EOD, 
[  265.573080][T25482] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  265.573093][T25482] Call Trace:
[  265.573100][T25482]  dump_stack_lvl+0xb7/0x103
[  265.581967][ T1041] truncated
[  265.587447][T25482]  dump_stack+0x11/0x1a
[  265.597494][ T1041] loop1: p4 size 3657465856 extends beyond EOD, 
[  265.600745][T25482]  should_fail+0x23c/0x250
[  265.600769][T25482]  __alloc_pages+0x102/0x320
[  265.600788][T25482]  alloc_pages_vma+0x513/0x680
[  265.605394][ T1041] truncated
[  265.635946][T25482]  ? page_address_in_vma+0x264/0x300
[  265.641237][T25482]  new_page+0x124/0x170
[  265.645388][T25482]  migrate_pages+0x3b3/0x1530
[  265.650142][T25482]  ? do_mbind+0xf50/0xf50
[  265.654572][T25482]  ? remove_migration_ptes+0x90/0x90
[  265.659866][T25482]  do_mbind+0xd43/0xf50
[  265.664116][T25482]  __x64_sys_mbind+0x10a/0x130
[  265.668874][T25482]  do_syscall_64+0x3d/0x90
[  265.673286][T25482]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  265.679406][T25482] RIP: 0033:0x4665e9
[  265.683464][T25482] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  265.703555][T25482] RSP: 002b:00007f21c691d188 EFLAGS: 00000246 ORIG_RAX: 00000000000000ed
[  265.712057][T25482] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665e9
09:18:07 executing program 5 (fault-call:2 fault-nth:6):
mlockall(0x1)
mremap(&(0x7f0000453000/0x4000)=nil, 0x4000, 0x1000, 0x3, &(0x7f000014a000/0x1000)=nil)
mbind(&(0x7f00003b5000/0x800000)=nil, 0x800004, 0x0, 0x0, 0x0, 0x2)

09:18:07 executing program 1:
r0 = syz_io_uring_setup(0x2de1, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000002000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = accept$packet(0xffffffffffffffff, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @local}, &(0x7f0000000040)=0x14)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_SEND={0x1a, 0x5, 0x0, r3, 0x0, &(0x7f00000002c0)="9abd69b56521a43176206654df2fcf55efb7aecdefd32b73182d21522e6892cc1d1dc2ef8712ea19e76ef25ce2a5d0b388cdd14c7c6bfd6eb4e32c16e6a48768ee4bb59d38edc1ef97d64bfb930c6784cb10f0cb19f4dc18f05c1400198bdd3970f8ed4b5efa3735dfe13fd2bbc5946340bcec9a490725d197b37f8a58feb228495a036e6631e9f20c084ce08f7bc1aafbbf8b11008c07d9e3d9805790f284a57659bfc37029766ac6726ed8ebf6eefb2898aa21457f3c9cb4a51151c66183cad8cb216e9c8b28d31f0abf9cc18100a95f7d514fe6a4bae210a7872716045c8a7f", 0xe1, 0x20000000, 0x1}, 0x3)
syz_io_uring_submit(r1, r2, &(0x7f00000001c0)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index, 0x0, 0x0, 0x0, 0x1}, 0x0)
io_uring_enter(r0, 0x302, 0x0, 0x0, 0x0, 0x0)

09:18:07 executing program 4:
mkdir(&(0x7f0000002200)='./file0\x00', 0x0)
openat$dir(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x248102, 0x17c)
openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x212200, 0xc0)
mount(0x0, &(0x7f0000000980)='./file0\x00', &(0x7f0000000440)='proc\x00', 0x0, 0x0)
r0 = open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
r1 = syz_open_dev$vcsn(&(0x7f0000000080), 0x3, 0x121800)
openat(r1, &(0x7f00000000c0)='./file0\x00', 0x80001, 0x3)
open(&(0x7f0000000140)='./file0\x00', 0x2, 0x100)
getdents(r0, &(0x7f00000005c0)=""/223, 0xfc61)

09:18:07 executing program 2:
r0 = open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x1800007, 0x11, r0, 0x0)
r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r2=>0x0)
ftruncate(r1, 0x81fd)
syz_open_dev$vcsu(&(0x7f0000001700), 0x0, 0x0)
sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000003980)=[{0x0}], 0x1}, 0x0)
io_submit(r2, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0xd000000, 0x0, 0x1, 0x0, r1, &(0x7f0000000000), 0x16000}])

[  265.720228][T25482] RDX: 0000000000000000 RSI: 0000000000800004 RDI: 00000000203b5000
[  265.728355][T25482] RBP: 00007f21c691d1d0 R08: 0000000000000000 R09: 0000000000000002
[  265.736342][T25482] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  265.744320][T25482] R13: 00007ffd632b736f R14: 00007f21c691d300 R15: 0000000000022000
[  265.787303][T22006] print_req_error: 324 callbacks suppressed
[  265.787315][T22006] blk_update_request: I/O error, dev loop3, sector 264064 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 0
[  265.805967][T25462] __loop_clr_fd: partition scan of loop3 failed (rc=-16)
09:18:07 executing program 1:
r0 = syz_io_uring_setup(0x2002de1, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000200)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000001c0)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index, 0x0, 0x0, 0x0, 0x1}, 0x0)
r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x8, 0x100010, r0, 0x8000000)
r4 = mmap$IORING_OFF_SQES(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x8, 0x10, r0, 0x10000000)
pipe(&(0x7f00000008c0)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
ioctl$FS_IOC_SETFLAGS(r6, 0x40086602, &(0x7f0000000140)=0x1000)
r7 = socket$inet_udp(0x2, 0x2, 0x0)
accept4$packet(r5, &(0x7f0000000080)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @multicast}, &(0x7f00000000c0)=0x14, 0x80800)
close(r7)
splice(r5, 0x0, r7, 0x0, 0x10005, 0x0)
r8 = io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0)
r9 = syz_io_uring_setup(0x495a, &(0x7f00000002c0)={0x0, 0x0, 0x1}, &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=<r10=>0x0, &(0x7f0000000100)=<r11=>0x0)
syz_io_uring_submit(r10, r11, &(0x7f0000000040)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x4, 0x0, @fd=r9}, 0x9)
syz_io_uring_submit(r10, r11, &(0x7f0000008540)=@IORING_OP_CLOSE, 0x10001)
syz_io_uring_submit(r10, r11, &(0x7f00000000c0)=@IORING_OP_SENDMSG={0x9, 0x5, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000002ec0)={&(0x7f0000000700)=@x25={0x9, @remote={'\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc', 0x1}}, 0x80, &(0x7f0000002b00)=[{&(0x7f0000000780)="e1ef48c527c907", 0x7}, {&(0x7f00000007c0)="742ceb45aa5b6e596146724732aa46b7289c3b445a448e68259a3cd8021ceca99eb2005c2f86f4ec0ab1a7371efdc8b4fd55684b1e368358be66711bd6a210c550b71c9844356a2c45b52f952a797eb703e6faf0a4ebe1f79b0067e2ce41", 0x5e}, {&(0x7f0000000840)="a9c9ce1af3d153a8da451c0f36bb27534f876816da92fec63892280949b96e76d623adfaf912cfb8382b7af75420aafb2248c681cecfb23ca8957613b8789be624bb1d596dbb735e53781dbdaef15e", 0x4f}, {&(0x7f0000002fc0)="4dc2fc6b4edc26d72ee46c4ad84525d60f751f9cd4aca3df89cfa85b427c1511bf3808a0d4a473c07074d79b038eeaef1cae303afa77a11fcbdb1eea29a5611d6ce257bacc70bb932f83fbf542215988e7a61115b0ec75fac6a051844643f278585834cc4c7f624ff22bf8714884e033552eb905e3267490bccd3a7346ae7270aa5f44878a70a059171ff1cedaf83de21e03ccb23f828fc8be659a940c5c38f27305c14df502e2e33a463811b45896a4356704e40e2364c24e4b730ddc7c8f092607a5e23c076733e399bac836a332f9ecf43aab6112faa0bc03a583018592be024c996ad4b58c38323c936f7e030a8cff59093571d39491a20718719da1c2932cd89b113f082209895d195fae481f2fbb797b8b212df472688a08b5a1fb93cdf2b35fdbf2d773c44d3aa4508902f227e19bdaf974e1331b37fa217cadeccc734e0957cae0ead24cc3a57c6bbeea35c3f8c1d87d53a22ba765446793710124ee7a25dc7e03e89e7221c52ada761321e4dab54d5e5475f0b79bfe4e05bd194dfc6ecc6b75635cf5b60cba8a15d2754673cdcc7f17ba92938ceab9d1dfc003b21fbc25e4bcfa04aa59d02de0f90938477d9ccf741bae3c752a16e48def3a5193dafe79f56c09a9603dc46a381dab8f7cec38adfc92ecedae9f52e1616ec58c0c7e1823779269c78415765e136ad4b8a22a0237b7c6af89e52263acba4b7264fdfa31eb3b00d1713a765fe3369ec0476b90ae1fa9efb91a4d3f19bf1840b3fdcf8746960b795259bf1d7cb143772b781e40c8ebc62f942b02eebba15b4e4cac4bb8a9af6a8d351c77aa2eef72bc62d2a8e9cdbbc5ca283363f00a7297db9042dd8386f52c26597979598cd28f3fd996d8336399c2b02aa7c82742ca206c578b24e11ce2552202c735612b73995294a8096aab9e0766ed057bc1922ba5b3ba3493b25524874c877526c20fe6af1301198b99c5ce3b95a970ff71f921b1273cfbb19fd6d19bc09a108b68550f56d5731b84e809b87ed9937e391c0affde7ecb1eff274c7c3486028c47c5be44af3c66026f2a82e5d5b614f98f437b10f31fc60cab152fc385adc9926d1f689cbd6fa30808336235cf4924353489c2d2f0131b505091985402e5f6214d31d8d3874fe4e6f7bc7b80416c8c4dfa7c20213545fcbe36218d61569ae52064352a4f10d95156384b12b3e5dc60c9ae19b14660105e2566d4c168cd04d34b3dec4e23d24523b07198fc02814d534eece2e49587303b6c64cae7c375b5879d6c1662e61baa6f4ab3067df7dbca0436e26c5b4def463e601c58740268e751c0523f670f977a2114260805bfa14c3e7d47e3213623fc283b5ee08b542330ef358bc82766a31414efc118f2b5752de235883546d79414b1f41192cdf4cc94ee189518317f8f24703f19212c4f67a1d0bbbf525f705c0afc580e8a48e4a3df34e93fbc8304f58bf8c036e307ac58a2d9f28473f9f4fbf09ca3983c893f94e6eed3a5c1a0123a424ddcf0640fdff312ab34116370da348c09fd9fe8395944280523ca42c8e1e59a833e4f5169364db4b64d9a400dfde8e52158cab614f46b57861f218a56ac67648543f338b82e077bd3a7136c6894270cb3a95aad2cb6aef209e08a8b28b7be356757bb035db5e78411e77be1105bce0a5219e74ae91439cd911bb4b05cb1feea28a67b737e81a054fc54680ca85e95b653b7ec5a6c9f815276e6466f25ec579054b35f3ffc6eaa4533b76becf39b00f5a8bcf92bc390bcdc1ae7b04ac7727c48cee588c4e7f27b191c643e5828182fa3258acab3e6fa8bfc4a40ba304c81228346f809ad60197f63794575a712925bcbff13441fecbf2b3135572ca17df8d37abbbba2bf8806741be97b1a6b7fe5c277a84f4b1ae6f4b5aa27a4c454de81ce545316a8b418fcdef1f29891eaab649f543e8b4782b39f0697d8ec812403e0edfb0072a85b4e69f6504da86d52632a34b6486b3aafb3386f740820a18f8d8ac96d0971df7b3a8e0c48d82a45bfb677c89786bd8f0615109bc4e4db95959257bcdf69777fbc0c51e13ea1dc59a1fe8083440dd81814708002eda74b404bf03de6c6f2bf1cb7412f1537d914525cd20c0701009e6765bcf34975496999d848418a473409d851a0c5f9a42dda3af0b1d70adfe6bfdd143815945608cf80ca5f9f9250b74b92d0728846ca7a9224db66707d4abea4d89502844a6f99050d9c0eb6a66fbac02b37d562ec0d66be8c7378110d846ecd4d6fb4559b62337e944cea0f0932b6c271776a4d958565e6f723c53b8bcaac61a0f099bcdb13db315514efa1f09715756e4e2e0b42e08a5d5f7b18fed08a9e98ae329be34fe524f2690d659d6c819338cf4a8fa74b1ba81983126ac116d36aa85a19d57fb7126ca26d0da09b124cd6d50ff93d63c451117f1ba3927a3cde37332d94b077a9685dc266af4d66e408880111d04377fcd695bbb7a9df184a996f4c6c496def221e1864a07a1490416f58bba2c51ba4785b5dc54baa33174bdd601c53c265d9938bbfe18b97a1b0c1328561325b96d86991aa70db2928f555e508a4a5ff6ff4dabdb0c0014ac7be00d2fe1ee4d503adca7d2604f201380fac4f2cb3eceec8923f07f5170954e6f459dc69f7923561306eb7c672d7bc6419b22fbc80755772f64ae0c61f1643a5e7bfd1c2b60f010a1920555850d967a64a6cefaa5a945b0e593c7838b6ffdc73eb788c46415837380fff38603f5ee9f2271415d1de53b63e445172bf6d6e6293381669e9125d7215b470a9aafd8d187240f050d71d58c29944fb9d3d93a31f8480763d50e08f7cfda7c8f610ca15c9da821c2d74c2b0c408b3ec05f7374b4534a985540b4fc8a7d87938fa495d2356f2dd28c82de8c2b8d5b6685c36f35add01f0f6b454e0d85f144718346719828a1725f5cf0b9d75a2dc99c611dcebbccc660fbb47a5255be72e842bb4d1031dd356cfc001716684a0c94d2214e7c0dc3b42c356e05805058cb4c2366ce22f07bb2bf0d4409b460cca4bf6867686473d365bf76a6a7a4f51e8e0b8c0c472eafb7db323327e769b4b12865488b95b65ede81d4db926afd6916abefb67a337c42a77ee806fe75a94b10d8cd47232b7f48b48f9fc59cbd74256be04d4c9b659b790339e1e03c3cb8a03f62ff1c74bdaff117cb962d705c5466c86cedb2485fa9c0ebb1d14b2257da06202da4d8dece979d87b674604af65440c406c53ce951f7b49b5064a7cf0fd65689d268f8ba49db66bc4f20529fe9d3ce2001b99087adc5296ec583dcf2ee7827488d7bdaf75f7cec9d0f0fc2e7dd01c6db91ad96f5bcc94959be5b1a82b94126ec9d751a34318717d3163983e19bd132ba04541a880d9326a10538da0b7fcacc76b66474df64e6dc6a96ced235aa1cda2a2a3b48731e76270662bb1dc720f204ec0dcba7570847435c33cb4f5319c5a704fbf50d2afbe4d6625f7c99de6da9bc559fcfd035cba4019106c485cd8deecca133dfb8b39a58fb0f062ac2b164c4c9ac8b54eb590d66ffa361b5df0c679da8c0d0f4f471f9cb466b8c72651825f5aa17be00a545c3cf97982a796e151562e364b3a5f86ed2b4763cba27c5bd58eb9fa4b84bdc68d028ddddcee1db466035ad87e52973936a12acfdd04e255001cf5fe7b441736460e7f711b6dce7b1f0e76ff72309fb3bf400c98a3530d29a24081e1766c07de679217d9c9456a05b47b5cb946420f4beda13bc7700f8b606c017fcb0057ad9dde73340f6b014a42f597d50cdbb27e7cb50fd1f8dece61bd2ff717707e3b69c5641da32fd775e7f982976b087d45086e4673a2478c92fcb5669721fb399ce265b96f9b88a9e84eaaf6ebdf28791b3269e58bc1fb45014188f81feab61509c4711281e2c50ce7cc16a6669d347a817512277bd1edae594edb6661c5ec12629808a285899c8406814d0058f0c45f7648ad8b2166716703167d3be5073bc31fac923ee2b7905cc8fc473318e578ff1f4e731f4593c17cfbf2e080f10651087019e31435b3a7893fdce71b47897ccc56689c31e31c3b8e7078e3501f20a15fbfbd8b9d39198700e957bd8fe64dc14dc93a9dfde2dbcde014c25a021ae4fae0d6ceb4e9a30c00b975388afea8e480e79a5f287a30092168a9d07829780c5de39861f47383d8a1e8dafcde8e4b65d08b58abc592f8b23f14891d128d940634dfcee94c86b8f1d4ab24d115737ac2c1407b44623febdaacdb378806a7a3b24a8ec16929b853526a6832249b2ac6c18d59ca91f55974f148f1bdc43f26c6b45d1135f6e6979bb09429624e7f78c1d214ac633447c7f0ecae944ea467279c1d4ac15c79a468cb3a77deb05fef5c28b01a78beaae637cd93a7f308f3139480b3ad2d4ed4de498f3fc9ddd9ebb85a5a7d146157b8397fc89c6c6faf905e4776e9045dd7aac4d92b5c9fe32552c9397f556cdbbe45abb7e59ce42a7c452d4b49e198460b8fc89f8bc0b8bcfdc8285d5df2634c770f04561373e9059ccb39a6f4a75fc4fed1a536f9a1258e3725f086a0777e8e824c2135801c7bf4f5049f1e0f2ddb3c92371257aad27c847f8ed28eea4d4c77ef1ad6edc28062e337843d17f346c318ee1922d574fb45ae25797d9e7caf8efc0d3d1e39894b3039c9f05393413640c9c38ff513fca4c9bdd8b746d691ce31a31aa33d5a39e33c272518b51799bc0cb18fc8eeb763789596e3f99a5207c49766f4c65f302ac77f781f38580e47dec5243d30bd671a929f8fc01f997931b52e2fa360fc5a1b7ced222bb4511a20478f76f9605bbe08642173f0fc91b7373b487ba58536e53f9cc4a2f9a28eaf40ba198b8851838d6e76f9ac26c4784530c2e1b8947faf0d334c3cb3aedd491964aefad3665a233a09bbfc28e183e780307174b62c9b028853353095061a760fa741d63d4b0eea5a4e081c654cb293856bd17ba5762f34f53377b29047da91ec72e42e2345a3037afac23ad71cc183e6fb732d5e78169352df9564ef7f9ea3f6aada93275e02b0a2122b340a35a87e9ff812c298758822eec63cb852dbeb44dadcc5ae008c6629f64c0d8e60f93b8b30da5bfc87f5f207d9910f54cd1ee9a03d05515358cf1d7eb282942fb29dba621ed0d4388fb53389325963835d53ff45602d8fc6632689f8980ab0a65071ab2c13ed35f4f2ab41274babb6f96f1757242dd582fca5f54aee0220b77a7402e9ffb65f5b33d8366e885120166901a03958f9f9deef2f8d73c93e4cfc29159e6737a397780f528c9fd9ebd6762aacb940ca5e6934ce4c61f1742de5f21855e8d054f565131c9583f6c6d0f7333299ab79fedd67041786353fcfbfb5eb34af596f38eedfd531a5324af917ede4c8d6a35568778d5b372c2f1d4d8df405249b156f24446d286916747f3730be8d1f2a0fd5c68eccd44f55cf88e0ccc042c137e1ad792f28293c9d1a6254ec76aef1c5e537537e769d74eba018c77bd5d7bd7a479c871ded934e6095ed5707feb2cef9a2f14da454119efb1fab4686d623205c1499d6d72f5f32e10663e4327c46d8cc6827c2c6cff9e683bb99f88ac4414cdc68b2aa2bf26ce8f16c547b18c9a0309aad5af84695257f7009f3d5a3e3c0a529213ab28aae270e93908acde4bb3a1f55caf08157eb26ef09b2e75ee150f8ea1ba84af80299b2b074d197d7b4caa99412f8767f94b07f9fa4e607843546f0e0595e24bf2f9f48bcac05e44c030cf19fe28da2899c9ddaa998ff568403d2ea0ca95a8ad698e8011164c700000000000000000000000000000075c911e60a615a6a29a3ed18af913f1976c09126c64e3276b9fad38d056608e04f80f6b86ad894873a407a90338bdda2a39c728319fd9fad691a79c446bdc7c35293f837da9ac7d56a8a154c8c9c1ce9452cb4f59f51ebbe665d53a870fd81c4602c7fd03514a70228bca8079d39823ded4da7c88ebc7e40df4df5557af554fcef236ea14a6e5f85652b5c52d7aaec3ab8b6d3fec70adb5168734d71082a00"/4267, 0x10ab}, {&(0x7f0000002f00)="c2249b2ab68b7fcc854466b4255eda8638dbf36cdda35b325f487ac685047d144472d308117399ec14564dc2411edd4fafb1860d87691d4ff2a4fbec02346ba71139c73c18ea9232f881bbad62468f693233bd04a1219046b717aa1383419a0cc28e75fc475973b39cde5fbf47300900000000000000579c21cc81db75c3738a9a18b5335cfe9991443b66d74f8ffff70e6bc609f0af7c46c5b70eea07fdadf952cd541078c81bceb434a492252f", 0xae}, {&(0x7f0000001980)="f829679be019758b341c8822d895618a9100f7036e8de0199a4ada330a984a670273cc78cd859658a5bfc099f76b451e96fbf72ddfefe457d5136f58a44baff28193b71db80e8f784920ce2399ff35073d4ac4462014ad2c3538d9425b7afd96c5ea25e840cdb74d72553b608b92db7a83fa0a80e4dfa2d9e9abeb2ed2ba6b749ee5db80c23677ceb00554c432ff79222d78496278c146fb80cc3a35ca3377872962efe0abaa29d02b0a4fc15fad35d5dcac3d2f005a61972f2d9a774ef6525dcdd968af5d1b066c7a9b640e5a4f84c657aac1899cddd97b7a229c1dd0de31d08d095b73cd3a96b721f43d3f4961589355084d27de43cba75ba565f206b07bf3f5bea2b4cdd9b9c9d4e0ea19fc5227c43392003eca3f4c56929800ba9e1f6d2ef3b8c2bdd2687363d4344365f74be426d0b51df86b396d87c4fa3ad863979bdfcbf0f33ec2046f5461c9e9133c65f1d913bb4641cbe01c2208d3eeb3ded31f8ad12ecb1c324704b6de1d97ba935364183f10e22882f27d2c1f092def2a3526ee72fa7a9f30647f47c0f02f2174c29ac5d2c3a50a200bf324d4955157d0249f5bafd001e6ff536bdefbd6503e08b44021e2b33987c9acbb8e975db0ef848448608b672b09b444c116bc8d0720b029eabf3a70349a0ea596ccf17e187853cd228cd8cb44ad9df22a5bbd98ffebcc82643f58f626aa65723582b9555fe550822895ab409b801f5ffe780aa135ce25396e7f94164fe96be483cd4d167af7dc8ac7230c8d05b3daa89f0b9dc3f231faa9c73e36e7105fdf9fe94fd998a8cdff105950ecdaa5cd75b1fe2596af0138855cea6934db68bc5a90b9a3f9f3ef1819a483ea027a56265b406b503f90f6c748405eb08bc9313aa912619f01b950a152ddba678c0b88afad194b23ecdfa2245b6f53bdea6a275a8f14bc545a3049d46d24b51c588ae05e18b0833d45a3b8eb57062bdca5741622faad7fa116d418abb8054a060b079c795581fa2de4d3be3c825ffecb5b95e810e9571eaac1a8bcdada1b9d89a415f1f7d1867446d246434b78ccf05004222dbd6fe3eeaa27f7cdca1f43098da247d7d2548f42618d0817be9286580541e96f9bdb81f62ea6a41883c578963b58fcc5ac057251fd68b124d54660511fcdcd16a190b3241a2e3ae0c30f2c7a5447925bde9975560b4316d7f12f58a3ae583a01841140595acbfca208e9004fdf28d78f3596145a8d84e30deb6a4068b67c02b82166a796fee8404b95e6b56f51694d8704a21d7635d3451e48ec37038b1ca904f4e91ba10f1d27b706bcf64f1eaddea9ea5ffe691d1e434385395efdc8d79ecbab3e35d38b11345697be7790fd0b7191496aff645ebfad8fabff1d1e8916ed2f1e6cd2ae1a3711c3e871a94e70c5d5341875689fdf9bf1c9319c75e1704c49201102c4ab48db249e136f17289f2006082d10dac1e9807836d57e5f64eb41dbcfa07e0f1edabf3df89b42dae6e36c6df224e09c97b3bbadc5c9acb037d0ac8d97d4529b3f427c812a78a369ec29eb127ab394bb0fe1b22d26ac45746bd24a6e3cc050cff80f60a2fc287458ed4feff4ba21e310b963fb00cbc8415880e4f677c1fb1a19e1a8a4fedae9763163744482b693c906b334c1da71463eadf4a53979ac66a38b6c4fce7c131e584587f065c27779a5e84137bf1f5f3d63a66083f9169a047b18a262110d5b5d29bd4900432ec526ecaa85121c07fb9fd81c281bc63cac3b5bcb9e65170f4fe289ba84aa959f9ddc38b7f59af9d9361e58c46638dbed30c42d31bdf910e4c53655529139fa2da739c18602f0eb940ff6199bf4ce14372903db8f7cd8be9924eedbc96570f3dd542522793d02ad7d7a7afb41a64179547edb7cfe46585b78889fe54a39dce69d84685bc6e11289bfcca24493b9f14b18cfea97826537d980f845f04e020d1a214091509230851878618faecc5d2f385e8f95a2da3e5f0714839140d794d8e0bb24c66e6b174a5ac9d42049c75131415a244747ee20e16ea19d8172b9023c38945846dcfa96af66a56d4276fbf4e02a674688bafe420c346127493eb386885b894b3018d5a626461ef8c59d9174c503fc4f2cce83a86e53679ce255476e92694d414e58d20172ab35573b198c45a154999386f8d9c713c1b1e0f215a8e3141684d78fc2974edb3d5469ff95531b69d8c6d8e66e95111324422cce6eaa98ff40a58093023fed3b864d45230cfa527c5e22fcc1f7d19374147165ec2449b16c17ae6df3441bdee24925a92415c6bb862607af862d060ebd3628d33cb96d33daf75346dfc5596ce6b00f5676a4543a43e9eac2bfa16e6defc31113a46995b0ca9d2b837031398dfa0dccdd304178a8406577907661aead93cb8441778a36f03c43bc0eb80256cfd30f954de3f5de8c4caa7455a815d50af75263cde29b644be3d4e588299873623e0cff2968a1be977c001c85654afa7e4a2520076ff70105b847ba8f193381b76948c5addb8f49eda70c16b4e5dac421cfeebe53b081a17dab63cb12396f3910863221ef4399752bdc2ab18853a764fa5fe999b192bcde545e979eedc591f4a82e1a20e204ea96c65f3cece0dc5fa0a4044bd52fcede91a5e81bfbff3478ed6b8d4e4a90beb18a818d5948729b250114eec60f5bfe77a600b6b3ce40710d2ff6fa52451fecd7ad3b48112156216f41322a80d4fe323f0ac52d213d0fe538de711b6c3e8c0ee510d7291f1c07ff6f7892e972956cc37a7b548fdeeae0eb3c43c037529726860b44273c5513a7a53b688ea95407da3d32f7eca76eeb05a53b455a226fb3f27caef9948342647a2a04d7d369528f906a403697783824e2f4d06144d813f9415036493247136c01d7075363260be64620959185253b645c91df717488755b01caab7581a712aa54cc38b14545e8596b2df61ffe866676e1a1284e8b407de25f4e2431a4575be6cbbb483a62fb95b702374c582830ad7d3a39ae6112503aa210495b2332f982ae82f70e3f002d3e2e3da566949f981131d7353373dd5243300ef152920fd87c8cb5af061f421b3d7e148d9770ac7bed92b559605c7cb878c6f80b2c928623501efe07b6cc52858cd22ab057977cefd78c104b1a4d5bdc0f1bba828935027b968d700df14b01f66026d3e0f33f1e1f909bf26cffa74f3eb8aa7e7f926c3bd59131aaa714a8351e3483575c125ec332afc5d4ac6491d1e13630bfd2e3e976fdf0c99b44a27ef40f5c5471cc86278676042124042ed62773bb59c93cff21de309a900c7266e969c6eb423d9d2ff759568c9ad4ec409aef524412c20ceb8d9cfea3ecdb2b9ba698b0618551574f2ae9ec11eb00fe3dffa4abc14393928139003447616215fdd030000f8e5392ead8cf96c595e8f1311fc6334f2d71d61b9271c9499a847f992dd3c7ebf4c3cbcfa6f1a7776a5246a3ae4d5d3b1f83fe235ecfe967ce6f14f90561c88ea894d69cd27ba11e4f5377f52259a0d01c91db3bd924d5374928354d2f3c22eb6a1a312889ecb549d7fe7e3de846533c7f12ab8e2f873040e7bd62ad31d2d013b7dcbe8a579a5d13a116e38585c3a25cc0913c6ce988e24eb6c54424f67b4376a3f33a4d387854e7d0b4d78862b647a783db7d10ae63db89abc75f6cbc807b7b9697fb34ebc84d1ba03648b8c10cd979ddbfec96c37b9cba07c5d8c3140442e1d47d03428205d52285e0ac8ce07facaaa3d587a08272fd5813c20752a126af9108632824075e3b98a4f242867259a55c1058ff076c80e141196120a37764af8dba5b67f61919d73f2b3cadcd256e51a94b42e8fd73fe4c8d42259a8006a9e2143e57cf574c8e7c66a2071e760c559c6b9ff1f0facfccfd50a04761b7f54f97cf0dc2f870da7236070f7e5ba82b817f52fa5c6cc438626842fe86049d7f0383d2500caa1b3bab75c2f6401dbe2ae94a960cc20950107aea7b11a8ccafd70a50748671e9d3e9d85f6f5e02df927fd28a5f31257d704fb30ee258dea6238959166d7b63cebd2ecef4777c17c706bcfb3826f915296870c05a7ec6474af0eddf405cd039d14b59f52a618fb3296a95f53a73a1a760ecb980f59ebdc9822b81efdb001b6f5caf26f9761e7c17f0de7914e1085b44624a0337f9cca516592bf03844e89aad87f661c30c7c1506a2ba92c9a8c24fc747f59317bcc31b56d85366d5cfd6faa29212e75f0f378d40639a25b16b25a8d0d9085881d6dec9b805efa60d642abe31dcc9c9669192389278807e289fc540e4dd8ae1a4bbd18b8e18887cf26d7416c62b13b5dfd9d394452ab3eadd3ea3554f3009eb241244320b3a2320f278f22be35fdbcbb29939cf899dee0878db6c0662acc3f7be10a897934f0ecea1bef579634e075c05fde6e0d61b8e6add95958026f1fe445e0fdb34dec5f8d88c0ff002b89f8102cdd3fb95a9ccd0b4903b00ee0da6bbd33b44e026d4d81fe5d96cde67dcf498640e67c6539552e5e1c9965edc997f0b13028222e6dc84ad5ef590779f57794e1250539903eece1a37c9b221a887444b71fd7e1341edcab6bed5ab7d40520acafb683a42a3c7e3b8d3127f73ac82421485e4b823fa959304c0d4437389d0f5e067941a7ad10b3e77484c697582bd394949aba7abf45835efe42eb55921a8dbf7a4b9e3e60d385c3df7cd9bb8b7fec39f11026d1bf92ec6315dccf27dfb24a77c98688ab54b50814679bc5d17e41bdd2fa7c8023a813140933ea048e82efed287352ec61f27f23c7a904ef4b951e6288769c548fb6de5739b91edb0e6a22b422ca9ba21051b529df0e223221bb20c08b0fced49e5a46259a4db0405c271d7e08f9432aba3e2066658f270389e04e44c444c73f0bfa4f9b9db3ef83712c2ab56aed9077aff3aade240a8971b8a8dc9bfe90e6ccf19e04ddfbcfa7725825b79d39d419c5f0dc76b575fabf9484c24a13fc34af107f80c26f365a7ae139be20832690dfb03343aea730d19a2dd9eb7ec1bf8186060bf902a362faf8c3504230ab39a0c5528bcb29613c8b88df00521689e6e0f617cfe3de58cc313c7a3965a4911aaff2139fb5c5cc9ebe2c8f29a4dd42dfffd6e46546d513f2853dee61c48c0e4a795395b3bccf9b1bfbcdd6689cd0c89b32bf1ff51ae3f7bb96cfdc30b7f7df9dd664398dc4197995d78d0910535d2342e51bcfe53105576bee35a154dfe12e8d4629526196e4251611db6710b251e9bd84ea4db4236321435fab166b20152eba84a4959d195bf8723b9d38eb739b4a99b0de8e2afde00a6bbcdb7871e422d4bc2b7e26864c3ac1e934c367813900134a6d9867c86e29f8b3d3818d7af291939a3d2b1b75a8e5e0bd52e3e0def346214456c901ee910be97d102a9197cf6313a2d486bf963ae5f456ef861aedd8b675625988a696aaa7c4dd19d630b31582b3299d749a320c6219e5fd6923a50199d5e968fb7443490ef6189bf263b7c6b42b5949317e8185facc88774bd5369d981092d533de54f9401e996ed72378731a8032d6c0fd80d890b7d728608b67a09431c0bdfd45f910b07c9f62a6a4d8d29dd4fcc96dc714aa4929cef7b4171fa69dc41909d65d0a84aafd68f01659f9f09f7a6d10714c4023473ada484ef6ab89929d9556e9245c7b7095b191169b930e37be152552feefe027bf188dfefd3392b4bde47af01c70dc61c51f99851f9eaeb7091c9d984295f8c48f87dae71b6db93755d8617c2705c53473a49cd6651d09a8a11ee4ce6905897f3ff40691e33a746b61b499a1784dab18d1c40e51de40a575e0597c1f798", 0x1000}, {&(0x7f0000002980)="dc", 0x1}, {&(0x7f00000029c0)="b02fd297ef7c8bdf42b047b986460ee92e1d594b076c9292ec7e1e04fc7a2b9cc5f369863acdf5f4d7794296db7814aac277748c1b16837bf997e5a7caa124de7758efd017128fe90e16f315ce90392a9f11c31bed1c2c19cfbbedd5f2abbe1d049b6257dc4d3add30df9be3baefcd625db9ba4d84d6caf8a19ca1fc6f926d68ee6cac93abd1c306657342b02c19a247fae93592074098066f865f5067d3e9a36eef0217aa320e5482fe53783ad4e3f53dd24b131f41ddd61a364f177d6eaf095d1e088649df6db5c65f92a07df22e1423b82e7f1ea8cf7193061cdb6af31d5b1e8a844426", 0xe5}, {&(0x7f0000002ac0)="956e583dafccf8f03c76d59178d22b027c4887cf2068765e31740c8c05de1d3e7d7ad1603f1511a294da490c3bc1", 0x2e}], 0x9, &(0x7f0000002bc0)=ANY=[@ANYBLOB="10010000000000001101000000001100b07cfc3db6d6ff244519bb24a3b48338ef5885d88804d4dac3874ddfcab1b4a0ede5a414327967052f0fd084216aef5c330ad5379175a523737ab8af22b17cd3704d60ab4e5eb2d2fa9a6fdd17eb706423f68f8c636b2fad21cb363bc47bd813af47359e8a925c05a5ef2015afc018e19b14ef7ebf22b32259c1032d529de714f7977b8e2846923d373098cc52e4410e809e2691ef67b51655efa6af8ca3bda6ad7e64e625a77fd34ea86616af5750f332b7fbd33f4501e198cdbce108d58c3a14384a1077f47c5dd78c010566967b4ec52d97ea49c68ebccb2967c1b3d827d4f20f4264d8c9b9ba70481ce59d55df63469d09c2c9deee87c77e284fa7000000e80000000000000084000000ffffff7fec74ed915bdd598d0813f03df73f1d58ed5f713fec4e9bbdc90a13f4c8eaf1becddface46272ab391fbba6f12c444cb65fe167739ef5ce9fe3518fbed7838f5191d304b68e430fbfee6c64a8c98a4f97ed03f618e4e1643c9c382668dc7fd96f983fc357dbff530d472ddd682cb73a7cfedff02dc25001efb207054d4f5bdec16a851f1b6fc901e4b3855081d405af41d292efa99f1f1f3f5f390a4bdf3517730eaaf433636eb5484a206055b815e8c2bb55f9c1801a5759a5f9ab0059e849db82034fe9486d92aa9b979b774add1fcbc78f19b098a4000010000000000000001001000008000000f8000000000000000a010000810000004678c2178e51a32f7cc3942aa630aa40bc0d03aa7fada76e4f61c417a5bc68823cb9b83a6071b813b0320ceffc6151a00af02f59cec2f0e9121851170550d9345d3f482333d96bb2c27fb028b3f01ce5063de7e090a8eea334cb39076ff1a41e74040068b4114195298bf48bbc2c233aa7edd0687312a6aa9b1c55c3c275c12b3cb64293ec2146af52572039b25b6057cf32e64a4d82015b1c1f830cc4e9987af272cf587a1aa7d097423a4f445ed4ae33a6ff4ab1b0a9db19044215cfec9d757b8d57e3aa4a6e6f0b771dfd7ee9aaf3b1bdbad7e2d104bad962b66b4824b9ceb3fa000000000000"], 0x300}, 0x0, 0x8080, 0x0, {0x0, r8}}, 0x1)
syz_io_uring_submit(r3, r11, &(0x7f0000000180)=@IORING_OP_ASYNC_CANCEL={0xe, 0x5, 0x0, 0x0, 0x0, 0x12345, 0x0, 0x0, 0x1, {0x0, r8}}, 0x9)
syz_io_uring_submit(r3, r4, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x3, 0x0, @fd=r7, 0x0, 0x0, 0x0, 0x1, 0x1, {0x0, r8}}, 0x2800000)
ioctl$BTRFS_IOC_FS_INFO(r6, 0x8400941f, &(0x7f00000002c0))
io_uring_enter(r0, 0x302, 0x0, 0x0, 0x0, 0x0)
socketpair(0x8, 0x800, 0x8, &(0x7f00000006c0))

[  265.855867][T25462] loop3: detected capacity change from 0 to 264192
[  265.880060][  T710] blk_update_request: I/O error, dev loop3, sector 264064 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  265.891618][  T710] buffer_io_error: 263 callbacks suppressed
[  265.891632][  T710] Buffer I/O error on dev loop3p4, logical block 33008, async page read
09:18:07 executing program 2:
r0 = open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x1800007, 0x11, r0, 0x0)
r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r2=>0x0)
ftruncate(r1, 0x81fd)
syz_open_dev$vcsu(&(0x7f0000001700), 0x0, 0x0)
sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000003980)=[{0x0}], 0x1}, 0x0)
io_submit(r2, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0xf000000, 0x0, 0x1, 0x0, r1, &(0x7f0000000000), 0x16000}])

[  265.908419][ T1041]  loop1: p2 < > p3 p4
[  265.918465][ T1041] loop1: p2 size 2 extends beyond EOD, truncated
[  265.927302][T25462]  loop3: p1 p3 p4
[  265.939035][T25462] loop3: p1 size 11290111 extends beyond EOD, truncated
[  265.939348][ T1041] loop1: p3 start 225 is beyond EOD, truncated
[  265.953025][ T1041] loop1: p4 size 3657465856 extends beyond EOD, truncated
[  265.959706][T25462] loop3: p3 size 1912633224 extends beyond EOD, truncated
[  265.970134][T25462] loop3: p4 size 3657465856 extends beyond EOD, truncated
09:18:07 executing program 3:
syz_read_part_table(0x22000000, 0x1, &(0x7f0000000480)=[{&(0x7f0000000000)="020181ffffff0a000000ff45ac000000000063000800000000000000000000ffffffa9000000e10000008877007200300700a6ffffff00000000008000da55aa", 0x40, 0x1c0}])
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)

09:18:07 executing program 4:
mkdir(&(0x7f0000002200)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000980)='./file0\x00', &(0x7f0000000440)='proc\x00', 0x0, 0x0)
r0 = open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
getdents(r0, &(0x7f00000005c0)=""/223, 0xfc61)
openat$incfs(r0, &(0x7f0000000080)='.pending_reads\x00', 0x600001, 0x134)

[  266.035759][ T1041]  loop3: p1 p3 p4
[  266.039960][ T1041] loop3: p1 size 11290111 extends beyond EOD, truncated
[  266.053930][T25509] FAULT_INJECTION: forcing a failure.
[  266.053930][T25509] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  266.067347][T25509] CPU: 1 PID: 25509 Comm: syz-executor.5 Not tainted 5.14.0-rc4-syzkaller #0
[  266.076194][T25509] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  266.086659][T25509] Call Trace:
[  266.089936][T25509]  dump_stack_lvl+0xb7/0x103
[  266.094519][T25509]  dump_stack+0x11/0x1a
[  266.098764][T25509]  should_fail+0x23c/0x250
[  266.103436][T25509]  __alloc_pages+0x102/0x320
[  266.108110][T25509]  alloc_pages_vma+0x513/0x680
[  266.112848][ T1041] loop3: p3 size 1912633224 extends beyond EOD, truncated
[  266.112876][T25509]  ? page_address_in_vma+0x264/0x300
[  266.125896][T25509]  new_page+0x124/0x170
[  266.130238][T25509]  migrate_pages+0x3b3/0x1530
[  266.131432][ T1041] loop3: p4 size 3657465856 extends beyond EOD, 
[  266.134923][T25509]  ? do_mbind+0xf50/0xf50
[  266.141615][ T1041] truncated
[  266.146070][T25509]  ? remove_migration_ptes+0x90/0x90
[  266.154521][T25509]  do_mbind+0xd43/0xf50
[  266.158873][T25509]  __x64_sys_mbind+0x10a/0x130
[  266.163692][T25509]  do_syscall_64+0x3d/0x90
[  266.168122][T25509]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  266.174016][T25509] RIP: 0033:0x4665e9
09:18:07 executing program 0 (fault-call:2 fault-nth:7):
mlockall(0x1)
mremap(&(0x7f0000453000/0x4000)=nil, 0x4000, 0x1000, 0x3, &(0x7f000014a000/0x1000)=nil)
mbind(&(0x7f00003b5000/0x800000)=nil, 0x800004, 0x0, 0x0, 0x0, 0x2)

09:18:07 executing program 1:
r0 = syz_io_uring_setup(0x2de1, &(0x7f0000000240)={0x0, 0x96c, 0x0, 0x0, 0x2c9, 0x0, 0x0}, &(0x7f0000002000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000040)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000001c0)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index, 0x0, 0x0, 0x0, 0x1}, 0x0)
io_uring_enter(r0, 0x302, 0x0, 0x0, 0x0, 0x0)

[  266.177897][T25509] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  266.197731][T25509] RSP: 002b:00007f0bf3051188 EFLAGS: 00000246 ORIG_RAX: 00000000000000ed
[  266.206189][T25509] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665e9
[  266.214280][T25509] RDX: 0000000000000000 RSI: 0000000000800004 RDI: 00000000203b5000
[  266.222702][T25509] RBP: 00007f0bf30511d0 R08: 0000000000000000 R09: 0000000000000002
09:18:07 executing program 4:
sendmsg$TIPC_NL_LINK_SET(0xffffffffffffffff, &(0x7f00000003c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000380)={&(0x7f0000000100)={0x268, 0x0, 0x2, 0x70bd2a, 0x25dfdbfb, {}, [@TIPC_NLA_MON={0x1c, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_REF={0x8, 0x2, 0xfffeffff}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x63956eef}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x62}]}, @TIPC_NLA_BEARER={0x50, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x4}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x10000}, @TIPC_NLA_BEARER_PROP={0x2c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x7}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xffff}]}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x40}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x5}]}, @TIPC_NLA_LINK={0x48, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x13, 0x1, 'broadcast-link\x00'}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz0\x00'}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz0\x00'}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz0\x00'}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}]}, @TIPC_NLA_PUBL={0x1c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_TYPE={0x8}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x80000000}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x2}]}, @TIPC_NLA_PUBL={0x1c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x6}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0xee1}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x8}]}, @TIPC_NLA_NODE={0xf4, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x4}, @TIPC_NLA_NODE_ID={0x3e, 0x3, "ea06ed776d62504999d7e57d45adfbcc5f10b462532941ab96ea7b4cf50f1386c0f42ec0ddfaa19a69598d7c66b7b90a6078c53163db0d5ac4e1"}, @TIPC_NLA_NODE_KEY={0x42, 0x4, {'gcm(aes)\x00', 0x1a, "a4cb1fc355bbb1d1d6d143e80c849096e1fb1559610eb349339d"}}, @TIPC_NLA_NODE_KEY={0x3e, 0x4, {'gcm(aes)\x00', 0x16, "f54156073cd91e94f1e1c03b072bd77e7b18317e6adb"}}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0xffffffff}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x3}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x7}]}, @TIPC_NLA_SOCK={0x74, 0x2, 0x0, 0x1, [@TIPC_NLA_SOCK_REF={0x8, 0x2, 0x400}, @TIPC_NLA_SOCK_CON={0x1c, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_NODE={0x8, 0x2, 0xfffffff8}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0xda7f}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x5}]}, @TIPC_NLA_SOCK_CON={0x4c, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_FLAG={0x8, 0x1, 0x4}, @TIPC_NLA_CON_NODE={0x8}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x8001}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x9}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x7}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x1}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0xb5}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x5}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x27b8}]}]}]}, 0x268}, 0x1, 0x0, 0x0, 0x10}, 0x20000080)
mkdir(&(0x7f0000002200)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000980)='./file0\x00', &(0x7f0000000440)='proc\x00', 0x0, 0x0)
rmdir(&(0x7f0000000040)='./file0\x00')
mkdir(&(0x7f0000000080)='./file0/file0\x00', 0x0)
open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)

[  266.231101][T25509] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  266.239279][T25509] R13: 00007fffa727060f R14: 00007f0bf3051300 R15: 0000000000022000
09:18:07 executing program 2:
r0 = open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x1800007, 0x11, r0, 0x0)
r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r2=>0x0)
ftruncate(r1, 0x81fd)
syz_open_dev$vcsu(&(0x7f0000001700), 0x0, 0x0)
sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000003980)=[{0x0}], 0x1}, 0x0)
io_submit(r2, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x10000000, 0x0, 0x1, 0x0, r1, &(0x7f0000000000), 0x16000}])

[  266.310370][ T1041]  loop1: p2 < > p3 p4
[  266.314741][ T1041] loop1: p2 size 2 extends beyond EOD, truncated
[  266.342128][ T1041] loop1: p3 start 225 is beyond EOD, truncated
[  266.344873][T25572] loop3: detected capacity change from 0 to 264192
[  266.348457][ T1041] loop1: p4 size 3657465856 extends beyond EOD, truncated
[  266.379846][T25572]  loop3: p1 p3 p4
[  266.385909][T25572] loop3: p1 size 11290111 extends beyond EOD, truncated
[  266.393993][ T1041]  loop1: p2 < > p3 p4
[  266.398232][ T1041] loop1: p2 size 2 extends beyond EOD, truncated
[  266.405283][T25572] loop3: p3 size 1912633224 extends beyond EOD, truncated
[  266.419167][ T1041] loop1: p3 start 225 is beyond EOD, truncated
[  266.421761][T25572] loop3: p4 size 3657465856 extends beyond EOD, truncated
[  266.425505][ T1041] loop1: p4 size 3657465856 extends beyond EOD, truncated
[  266.503518][T25572] loop3: detected capacity change from 0 to 264192
[  266.509020][T25558] FAULT_INJECTION: forcing a failure.
[  266.509020][T25558] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  266.523514][T25558] CPU: 1 PID: 25558 Comm: syz-executor.0 Not tainted 5.14.0-rc4-syzkaller #0
[  266.532704][T25558] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  266.543323][T25558] Call Trace:
[  266.546780][T25558]  dump_stack_lvl+0xb7/0x103
09:18:08 executing program 5 (fault-call:2 fault-nth:7):
mlockall(0x1)
mremap(&(0x7f0000453000/0x4000)=nil, 0x4000, 0x1000, 0x3, &(0x7f000014a000/0x1000)=nil)
mbind(&(0x7f00003b5000/0x800000)=nil, 0x800004, 0x0, 0x0, 0x0, 0x2)

09:18:08 executing program 1:
r0 = syz_io_uring_setup(0x2de1, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000002000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000001c0)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index, 0x0, 0x0, 0x0, 0x1}, 0x0)
io_uring_enter(r0, 0x302, 0x0, 0x0, 0x0, 0x0)
pipe(&(0x7f0000000040)={<r3=>0xffffffffffffffff})
r4 = socket$inet_udp(0x2, 0x2, 0x0)
close(r4)
splice(r3, 0x0, r4, 0x0, 0x10005, 0x0)
r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000040)=@IORING_OP_FALLOCATE={0x11, 0x0, 0x0, @fd, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, r5}}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000004c0)=@IORING_OP_STATX={0x15, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000380), &(0x7f0000000480)='./file0\x00', 0x100, 0x100, 0x1, {0x0, r5}}, 0x1000)
ioctl$sock_SIOCDELDLCI(r4, 0x8981, &(0x7f0000000340)={'gretap0\x00', 0xff01})
r6 = openat$full(0xffffffffffffff9c, &(0x7f0000000000), 0x80000, 0x0)
io_uring_register$IORING_REGISTER_EVENTFD(r6, 0x4, &(0x7f0000000040), 0x1)
r7 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
pipe(&(0x7f0000000040)={0xffffffffffffffff, <r8=>0xffffffffffffffff})
write$binfmt_misc(r8, &(0x7f0000000140)=ANY=[], 0x4240a2a0)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x100000b, 0x8010, r8, 0xf3a41000)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x2, 0x40010, r7, 0x10000000)
r9 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='timerslack_ns\x00')
syz_io_uring_setup(0x1ee4, &(0x7f00000002c0)={0x0, 0xc61, 0x10, 0x1, 0x1cb, 0x0, r9}, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000001000/0x4000)=nil, &(0x7f00000000c0), &(0x7f0000000180))

09:18:08 executing program 4:
mkdir(&(0x7f0000002200)='./file0\x00', 0x0)
creat(&(0x7f0000000080)='./file0\x00', 0x22)
mount(0x0, &(0x7f0000000980)='./file0\x00', &(0x7f0000000240)='nfsd\x00', 0x14809, 0x0)
r0 = open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
getdents(r0, &(0x7f00000005c0)=""/223, 0xfc61)
readv(r0, &(0x7f0000000040)=[{&(0x7f00000000c0)=""/163, 0xa3}, {&(0x7f0000000180)=""/163, 0xa3}], 0x2)

09:18:08 executing program 2:
r0 = open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x1800007, 0x11, r0, 0x0)
r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r2=>0x0)
ftruncate(r1, 0x81fd)
syz_open_dev$vcsu(&(0x7f0000001700), 0x0, 0x0)
sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000003980)=[{0x0}], 0x1}, 0x0)
io_submit(r2, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x11000000, 0x0, 0x1, 0x0, r1, &(0x7f0000000000), 0x16000}])

[  266.551451][T25558]  dump_stack+0x11/0x1a
[  266.555611][T25558]  should_fail+0x23c/0x250
[  266.560060][T25558]  __alloc_pages+0x102/0x320
[  266.564691][T25558]  alloc_pages_vma+0x513/0x680
[  266.569690][T25558]  ? page_address_in_vma+0x264/0x300
[  266.574987][T25558]  new_page+0x124/0x170
[  266.579541][T25558]  migrate_pages+0x3b3/0x1530
[  266.584225][T25558]  ? do_mbind+0xf50/0xf50
[  266.588560][T25558]  ? remove_migration_ptes+0x90/0x90
[  266.594107][T25558]  do_mbind+0xd43/0xf50
[  266.598465][T25558]  __x64_sys_mbind+0x10a/0x130
[  266.603320][T25558]  do_syscall_64+0x3d/0x90
[  266.607938][T25558]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  266.613946][T25558] RIP: 0033:0x4665e9
[  266.617842][T25558] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  266.637578][T25558] RSP: 002b:00007f21c691d188 EFLAGS: 00000246 ORIG_RAX: 00000000000000ed
[  266.646608][T25558] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665e9
[  266.654768][T25558] RDX: 0000000000000000 RSI: 0000000000800004 RDI: 00000000203b5000
[  266.662741][T25558] RBP: 00007f21c691d1d0 R08: 0000000000000000 R09: 0000000000000002
[  266.670724][T25558] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  266.678692][T25558] R13: 00007ffd632b736f R14: 00007f21c691d300 R15: 0000000000022000
[  266.702316][T25572]  loop3: p1 p3 p4
[  266.706975][T25572] loop3: p1 size 11290111 extends beyond EOD, truncated
[  266.726901][T25572] loop3: p3 size 1912633224 extends beyond EOD, truncated
[  266.741479][T25572] loop3: p4 size 3657465856 extends beyond EOD, truncated
09:18:08 executing program 4:
mkdir(&(0x7f0000000040)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000980)='./file0\x00', &(0x7f0000000440)='proc\x00', 0x0, 0x0)
r0 = open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
getdents(r0, &(0x7f00000005c0)=""/223, 0xfc61)
open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0)

09:18:08 executing program 3:
syz_read_part_table(0x24000000, 0x1, &(0x7f0000000480)=[{&(0x7f0000000000)="020181ffffff0a000000ff45ac000000000063000800000000000000000000ffffffa9000000e10000008877007200300700a6ffffff00000000008000da55aa", 0x40, 0x1c0}])
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)

09:18:08 executing program 2:
r0 = open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x1800007, 0x11, r0, 0x0)
r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r2=>0x0)
ftruncate(r1, 0x81fd)
syz_open_dev$vcsu(&(0x7f0000001700), 0x0, 0x0)
sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000003980)=[{0x0}], 0x1}, 0x0)
io_submit(r2, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x12000000, 0x0, 0x1, 0x0, r1, &(0x7f0000000000), 0x16000}])

09:18:08 executing program 4:
mkdir(&(0x7f0000002200)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000980)='./file0\x00', &(0x7f0000000440)='proc\x00', 0x1005, 0x0)
r0 = open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
getdents(r0, &(0x7f00000005c0)=""/223, 0xfc61)
rmdir(&(0x7f0000000100)='./file0\x00')
mount(&(0x7f0000000140)=@sg0, &(0x7f0000000180)='./file0\x00', &(0x7f00000001c0)='hpfs\x00', 0x1382020, 0x0)
mount(&(0x7f0000000040)=@sr0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='affs\x00', 0x2000000, 0x0)

[  266.919775][T25602] FAULT_INJECTION: forcing a failure.
[  266.919775][T25602] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  266.933241][T25602] CPU: 1 PID: 25602 Comm: syz-executor.5 Not tainted 5.14.0-rc4-syzkaller #0
[  266.942120][T25602] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  266.952526][T25602] Call Trace:
[  266.955817][T25602]  dump_stack_lvl+0xb7/0x103
[  266.960508][T25602]  dump_stack+0x11/0x1a
[  266.964675][T25602]  should_fail+0x23c/0x250
[  266.969508][T25602]  __alloc_pages+0x102/0x320
[  266.974106][T25602]  alloc_pages_vma+0x513/0x680
[  266.978974][T25602]  ? page_address_in_vma+0x264/0x300
[  266.984295][T25602]  new_page+0x124/0x170
[  266.988548][T25602]  migrate_pages+0x3b3/0x1530
[  266.993241][T25602]  ? do_mbind+0xf50/0xf50
[  266.997754][T25602]  ? remove_migration_ptes+0x90/0x90
[  267.003092][T25602]  do_mbind+0xd43/0xf50
[  267.007252][T25602]  __x64_sys_mbind+0x10a/0x130
[  267.012030][T25602]  do_syscall_64+0x3d/0x90
[  267.016535][T25602]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  267.022523][T25602] RIP: 0033:0x4665e9
[  267.026412][T25602] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  267.046438][T25602] RSP: 002b:00007f0bf3051188 EFLAGS: 00000246 ORIG_RAX: 00000000000000ed
[  267.054863][T25602] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665e9
[  267.062845][T25602] RDX: 0000000000000000 RSI: 0000000000800004 RDI: 00000000203b5000
[  267.070812][T25602] RBP: 00007f0bf30511d0 R08: 0000000000000000 R09: 0000000000000002
[  267.079348][T25602] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  267.087334][T25602] R13: 00007fffa727060f R14: 00007f0bf3051300 R15: 0000000000022000
[  267.110666][T25637] loop3: detected capacity change from 0 to 264192
09:18:08 executing program 0 (fault-call:2 fault-nth:8):
mlockall(0x1)
mremap(&(0x7f0000453000/0x4000)=nil, 0x4000, 0x1000, 0x3, &(0x7f000014a000/0x1000)=nil)
mbind(&(0x7f00003b5000/0x800000)=nil, 0x800004, 0x0, 0x0, 0x0, 0x2)

09:18:08 executing program 4:
mkdir(&(0x7f0000002200)='./file0\x00', 0x0)
mkdir(&(0x7f0000000040)='./file0\x00', 0x48)
mount(0x0, &(0x7f0000000980)='./file0\x00', &(0x7f0000000440)='proc\x00', 0x0, 0x0)
r0 = open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
getdents(r0, &(0x7f00000005c0)=""/223, 0xfc61)

09:18:08 executing program 2:
r0 = open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x1800007, 0x11, r0, 0x0)
r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r2=>0x0)
ftruncate(r1, 0x81fd)
syz_open_dev$vcsu(&(0x7f0000001700), 0x0, 0x0)
sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000003980)=[{0x0}], 0x1}, 0x0)
io_submit(r2, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x15000000, 0x0, 0x1, 0x0, r1, &(0x7f0000000000), 0x16000}])

09:18:08 executing program 3:
syz_read_part_table(0x25000000, 0x1, &(0x7f0000000480)=[{&(0x7f0000000000)="020181ffffff0a000000ff45ac000000000063000800000000000000000000ffffffa9000000e10000008877007200300700a6ffffff00000000008000da55aa", 0x40, 0x1c0}])
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)

[  267.293412][T25652] loop3: detected capacity change from 0 to 264192
[  267.361783][T25652]  loop3: p1 p3 p4
[  267.365713][T25652] loop3: p1 size 11290111 extends beyond EOD, truncated
[  267.380112][T25652] loop3: p3 size 1912633224 extends beyond EOD, truncated
[  267.396937][T25652] loop3: p4 size 3657465856 extends beyond EOD, truncated
09:18:09 executing program 5 (fault-call:2 fault-nth:8):
mlockall(0x1)
mremap(&(0x7f0000453000/0x4000)=nil, 0x4000, 0x1000, 0x3, &(0x7f000014a000/0x1000)=nil)
mbind(&(0x7f00003b5000/0x800000)=nil, 0x800004, 0x0, 0x0, 0x0, 0x2)

[  267.485226][T25652] loop3: detected capacity change from 0 to 264192
09:18:09 executing program 1:
r0 = syz_io_uring_setup(0x2de1, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000002000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000001c0)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x3, 0x0, @fd=r0, 0x3, 0x0, 0x0, 0x6, 0x0, {0x2, r3}}, 0xfffffffe)
io_uring_enter(r0, 0x302, 0x0, 0x0, 0x0, 0x0)

09:18:09 executing program 4:
mkdir(&(0x7f0000002200)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000980)='./file0\x00', &(0x7f0000000440)='proc\x00', 0x0, 0x0)
r0 = open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
getdents(r0, &(0x7f00000005c0)=""/223, 0xfc61)
r1 = open(&(0x7f0000000040)='./file1\x00', 0x54000, 0xac)
r2 = socket$packet(0x11, 0x2, 0x300)
r3 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000280)={'sit0\x00', <r4=>0x0})
sendto$packet(r2, 0x0, 0x0, 0x0, &(0x7f00000000c0)={0x11, 0x8848, r4, 0x1, 0x0, 0x6, @random="b52aa03ef753"}, 0x14)
bind(r1, &(0x7f0000000080)=@xdp={0x2c, 0xc, r4}, 0x80)
r5 = openat$vcsu(0xffffffffffffff9c, &(0x7f0000000100), 0x8200, 0x0)
r6 = socket$packet(0x11, 0x2, 0x300)
r7 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000280)={'sit0\x00', <r8=>0x0})
sendto$packet(r6, 0x0, 0x0, 0x0, &(0x7f00000000c0)={0x11, 0x8848, r8, 0x1, 0x0, 0x6, @random="b52aa03ef753"}, 0x14)
setsockopt$packet_add_memb(r5, 0x107, 0x1, &(0x7f0000000140)={r8, 0x1, 0x6, @random="0c22c2b10fe9"}, 0x10)

09:18:09 executing program 2:
r0 = open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x1800007, 0x11, r0, 0x0)
r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r2=>0x0)
ftruncate(r1, 0x81fd)
syz_open_dev$vcsu(&(0x7f0000001700), 0x0, 0x0)
sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000003980)=[{0x0}], 0x1}, 0x0)
io_submit(r2, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x1d000000, 0x0, 0x1, 0x0, r1, &(0x7f0000000000), 0x16000}])

[  267.537156][T25652]  loop3: p1 p3 p4
[  267.541699][T25652] loop3: p1 size 11290111 extends beyond EOD, truncated
[  267.554646][T25652] loop3: p3 size 1912633224 extends beyond EOD, truncated
[  267.562131][ T1041]  loop1: p2 < > p3 p4
[  267.566371][ T1041] loop1: p2 size 2 extends beyond EOD, truncated
[  267.576643][T25651] FAULT_INJECTION: forcing a failure.
[  267.576643][T25651] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  267.589883][T25651] CPU: 1 PID: 25651 Comm: syz-executor.0 Not tainted 5.14.0-rc4-syzkaller #0
[  267.591294][T25652] loop3: p4 size 3657465856 extends beyond EOD, 
[  267.598787][T25651] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  267.598802][T25651] Call Trace:
[  267.598809][T25651]  dump_stack_lvl+0xb7/0x103
[  267.605287][T25652] truncated
[  267.615316][T25651]  dump_stack+0x11/0x1a
[  267.615340][T25651]  should_fail+0x23c/0x250
[  267.621297][ T1041] loop1: p3 start 225 is beyond EOD, 
[  267.623548][T25651]  __alloc_pages+0x102/0x320
[  267.623604][T25651]  alloc_pages_vma+0x513/0x680
[  267.626738][ T1041] truncated
[  267.626745][ T1041] loop1: p4 size 3657465856 extends beyond EOD, 
[  267.630957][T25651]  ? page_address_in_vma+0x264/0x300
[  267.630983][T25651]  new_page+0x124/0x170
[  267.640846][ T1041] truncated
[  267.646380][T25651]  migrate_pages+0x3b3/0x1530
[  267.682459][T25651]  ? do_mbind+0xf50/0xf50
09:18:09 executing program 3:
syz_read_part_table(0x2e000000, 0x1, &(0x7f0000000480)=[{&(0x7f0000000000)="020181ffffff0a000000ff45ac000000000063000800000000000000000000ffffffa9000000e10000008877007200300700a6ffffff00000000008000da55aa", 0x40, 0x1c0}])
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)

[  267.686913][T25651]  ? remove_migration_ptes+0x90/0x90
[  267.692263][T25651]  do_mbind+0xd43/0xf50
[  267.696428][T25651]  __x64_sys_mbind+0x10a/0x130
[  267.700113][ T1041]  loop3: p1 p3 p4
[  267.701196][T25651]  do_syscall_64+0x3d/0x90
[  267.705036][ T1041] loop3: p1 size 11290111 extends beyond EOD, 
[  267.709321][T25651]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  267.709347][T25651] RIP: 0033:0x4665e9
[  267.715672][ T1041] truncated
[  267.724601][ T1041] loop3: p3 size 1912633224 extends beyond EOD, 
[  267.727607][T25651] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  267.727629][T25651] RSP: 002b:00007f21c691d188 EFLAGS: 00000246 ORIG_RAX: 00000000000000ed
[  267.727650][T25651] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665e9
[  267.727661][T25651] RDX: 0000000000000000 RSI: 0000000000800004 RDI: 00000000203b5000
09:18:09 executing program 1:
r0 = syz_io_uring_setup(0x2de1, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000002000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000001c0)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index, 0x0, 0x0, 0x0, 0x1}, 0x0)
io_uring_enter(r0, 0x302, 0x0, 0x0, 0x0, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000140)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x380000a, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
unshare(0x40000)
r4 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000000)='io.stat\x00', 0x0, 0x0)
preadv(r3, &(0x7f00000005c0)=[{&(0x7f0000000080)=""/89, 0x59}, {&(0x7f0000000180)=""/35, 0x23}, {&(0x7f00000002c0)=""/205, 0xcd}, {&(0x7f00000003c0)=""/81, 0x51}, {&(0x7f0000000440)=""/216, 0xd8}, {&(0x7f0000000200)=""/26, 0x1a}, {&(0x7f0000000540)=""/15, 0xf}, {&(0x7f0000000580)=""/44, 0x2c}], 0x8, 0x1f, 0xfff)
openat(r4, &(0x7f0000000040)='./file0\x00', 0x800, 0x10)

09:18:09 executing program 4:
mkdir(&(0x7f0000002200)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000980)='./file0\x00', &(0x7f0000000440)='proc\x00', 0x204000, 0x0)
symlink(&(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='./file0\x00')
mount(&(0x7f0000000240)=ANY=[@ANYBLOB="2f6465762f6e756c6c6230008b94ad09514fb89496bf08decd8c0000000000000000"], &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='fuseblk\x00', 0x800000, &(0x7f00000001c0)='\\{:\\{:][]#./\x00')
r0 = open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
mount(&(0x7f0000000100)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000000280)='./file0/file0/file0\x00', &(0x7f00000002c0)='mqueue\x00', 0x0, &(0x7f0000000300)='-\x00')
faccessat(r1, &(0x7f0000000200)='./file0/file0\x00', 0x22)
open(&(0x7f0000000040)='./file0\x00', 0x200000, 0x28)
getdents(r0, &(0x7f00000005c0)=""/223, 0xfc61)

[  267.727673][T25651] RBP: 00007f21c691d1d0 R08: 0000000000000000 R09: 0000000000000002
[  267.731266][ T1041] truncated
[  267.737708][T25651] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  267.762485][ T1041] loop3: p4 size 3657465856 extends beyond EOD, 
[  267.767901][T25651] R13: 00007ffd632b736f R14: 00007f21c691d300 R15: 0000000000022000
[  267.818010][ T1041] truncated
[  267.880077][T25692] loop3: detected capacity change from 0 to 264192
[  267.888782][ T1041]  loop1: p2 < > p3 p4
[  267.894293][ T1041] loop1: p2 size 2 extends beyond EOD, truncated
[  267.901683][ T1041] loop1: p3 start 225 is beyond EOD, truncated
[  267.907932][ T1041] loop1: p4 size 3657465856 extends beyond EOD, truncated
09:18:09 executing program 2:
r0 = open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x1800007, 0x11, r0, 0x0)
r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r2=>0x0)
ftruncate(r1, 0x81fd)
syz_open_dev$vcsu(&(0x7f0000001700), 0x0, 0x0)
sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000003980)=[{0x0}], 0x1}, 0x0)
io_submit(r2, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x20000000, 0x0, 0x1, 0x0, r1, &(0x7f0000000000), 0x16000}])

[  267.934837][T25692]  loop3: p1 p3 p4
[  267.938761][T25692] loop3: p1 size 11290111 extends beyond EOD, truncated
[  267.989047][ T1041]  loop1: p2 < > p3 p4
[  267.994454][ T1041] loop1: p2 size 2 extends beyond EOD, truncated
[  267.995849][T25692] loop3: p3 size 1912633224 extends beyond EOD, truncated
[  268.002592][ T1041] loop1: p3 start 225 is beyond EOD, truncated
[  268.014656][ T1041] loop1: p4 size 3657465856 extends beyond EOD, truncated
[  268.022319][T25692] loop3: p4 size 3657465856 extends beyond EOD, truncated
[  268.049944][T25667] FAULT_INJECTION: forcing a failure.
[  268.049944][T25667] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  268.064200][T25667] CPU: 1 PID: 25667 Comm: syz-executor.5 Not tainted 5.14.0-rc4-syzkaller #0
[  268.073255][T25667] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  268.083661][T25667] Call Trace:
[  268.087045][T25667]  dump_stack_lvl+0xb7/0x103
[  268.091827][T25667]  dump_stack+0x11/0x1a
[  268.096076][T25667]  should_fail+0x23c/0x250
[  268.100803][T25667]  __alloc_pages+0x102/0x320
[  268.105467][T25667]  alloc_pages_vma+0x513/0x680
[  268.110251][T25667]  ? page_address_in_vma+0x264/0x300
[  268.115563][T25667]  new_page+0x124/0x170
[  268.119747][T25667]  migrate_pages+0x3b3/0x1530
[  268.124483][T25667]  ? do_mbind+0xf50/0xf50
[  268.128885][T25667]  ? remove_migration_ptes+0x90/0x90
[  268.134177][T25667]  do_mbind+0xd43/0xf50
[  268.138557][T25667]  __x64_sys_mbind+0x10a/0x130
[  268.143444][T25667]  do_syscall_64+0x3d/0x90
[  268.147856][T25667]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  268.154184][T25667] RIP: 0033:0x4665e9
[  268.158072][T25667] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  268.178084][T25667] RSP: 002b:00007f0bf3051188 EFLAGS: 00000246 ORIG_RAX: 00000000000000ed
[  268.186944][T25667] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665e9
09:18:09 executing program 0 (fault-call:2 fault-nth:9):
mlockall(0x1)
mremap(&(0x7f0000453000/0x4000)=nil, 0x4000, 0x1000, 0x3, &(0x7f000014a000/0x1000)=nil)
mbind(&(0x7f00003b5000/0x800000)=nil, 0x800004, 0x0, 0x0, 0x0, 0x2)

09:18:09 executing program 1:
r0 = syz_io_uring_setup(0x2de1, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000002000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ff6000/0xa000)=nil, 0xa000, 0x0, 0x10010, r0, 0x8000000)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r4, 0x0)
preadv(r4, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
syz_io_uring_submit(r3, 0x0, &(0x7f0000000200)=@IORING_OP_STATX={0x15, 0x3, 0x0, r4, &(0x7f0000000000), &(0x7f0000000180)='./file0\x00', 0x1}, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f00000001c0)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index, 0x0, 0x0, 0x0, 0x1}, 0x0)
io_uring_enter(r0, 0x302, 0x0, 0x0, 0x0, 0x0)

09:18:09 executing program 3:
syz_read_part_table(0x3f000000, 0x1, &(0x7f0000000480)=[{&(0x7f0000000000)="020181ffffff0a000000ff45ac000000000063000800000000000000000000ffffffa9000000e10000008877007200300700a6ffffff00000000008000da55aa", 0x40, 0x1c0}])
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)

09:18:09 executing program 4:
mkdir(&(0x7f0000002200)='./file0\x00', 0x0)
open$dir(&(0x7f0000000000)='./file0\x00', 0x101080, 0xf21a06e59656d526)
mount(0x0, &(0x7f0000000980)='./file0\x00', &(0x7f0000000440)='proc\x00', 0x0, 0x0)
r0 = open$dir(&(0x7f0000000040)='./file0\x00', 0x40000, 0x94)
getdents(r0, &(0x7f00000005c0)=""/223, 0xfc61)

[  268.194924][T25667] RDX: 0000000000000000 RSI: 0000000000800004 RDI: 00000000203b5000
[  268.203072][T25667] RBP: 00007f0bf30511d0 R08: 0000000000000000 R09: 0000000000000002
[  268.211230][T25667] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  268.219255][T25667] R13: 00007fffa727060f R14: 00007f0bf3051300 R15: 0000000000022000
[  268.300316][T25746] loop3: detected capacity change from 0 to 264192
[  268.373234][ T1041]  loop1: p2 < > p3 p4
[  268.377421][ T1041] loop1: p2 size 2 extends beyond EOD, truncated
[  268.386045][T25746]  loop3: p1 p3 p4
[  268.390119][T25746] loop3: p1 size 11290111 extends beyond EOD, truncated
[  268.400491][ T1041] loop1: p3 start 225 is beyond EOD, truncated
[  268.407343][ T1041] loop1: p4 size 3657465856 extends beyond EOD, truncated
[  268.415055][T25746] loop3: p3 size 1912633224 extends beyond EOD, truncated
[  268.425373][T25746] loop3: p4 size 3657465856 extends beyond EOD, truncated
09:18:10 executing program 5 (fault-call:2 fault-nth:9):
mlockall(0x1)
mremap(&(0x7f0000453000/0x4000)=nil, 0x4000, 0x1000, 0x3, &(0x7f000014a000/0x1000)=nil)
mbind(&(0x7f00003b5000/0x800000)=nil, 0x800004, 0x0, 0x0, 0x0, 0x2)

09:18:10 executing program 2:
r0 = open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x1800007, 0x11, r0, 0x0)
r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r2=>0x0)
ftruncate(r1, 0x81fd)
syz_open_dev$vcsu(&(0x7f0000001700), 0x0, 0x0)
sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000003980)=[{0x0}], 0x1}, 0x0)
io_submit(r2, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x20001000, 0x0, 0x1, 0x0, r1, &(0x7f0000000000), 0x16000}])

09:18:10 executing program 4:
mkdir(&(0x7f0000002200)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000980)='./file0\x00', &(0x7f0000000440)='proc\x00', 0x0, 0x0)
creat(&(0x7f0000000040)='./file1\x00', 0x40)
r0 = open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
getdents(r0, &(0x7f00000005c0)=""/223, 0xfc61)
unlink(&(0x7f0000000080)='./file0\x00')

09:18:10 executing program 1:
r0 = syz_io_uring_setup(0x2de1, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000002000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000001c0)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index, 0x0, 0x0, 0x0, 0x1}, 0x0)
io_uring_enter(r0, 0x302, 0x0, 0x0, 0x0, 0x0)
r3 = open(&(0x7f0000000000)='./file0\x00', 0x0, 0x8)
io_uring_register$IORING_REGISTER_EVENTFD(r3, 0x4, &(0x7f0000000040), 0x1)

09:18:10 executing program 3:
syz_read_part_table(0x40000000, 0x1, &(0x7f0000000480)=[{&(0x7f0000000000)="020181ffffff0a000000ff45ac000000000063000800000000000000000000ffffffa9000000e10000008877007200300700a6ffffff00000000008000da55aa", 0x40, 0x1c0}])
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)

09:18:10 executing program 4:
mkdir(&(0x7f0000002200)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000980)='./file0\x00', &(0x7f0000000440)='proc\x00', 0x0, 0x0)
r0 = open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
getdents(r0, &(0x7f00000005c0)=""/223, 0xfc61)
pipe(&(0x7f0000000040)={<r1=>0xffffffffffffffff})
r2 = socket$inet_udp(0x2, 0x2, 0x0)
close(r2)
splice(r1, 0x0, r2, 0x0, 0x10005, 0x0)
getdents(r1, &(0x7f00000009c0)=""/4096, 0x1000)

[  268.621513][T25781] loop3: detected capacity change from 0 to 264192
[  268.667875][T25787] FAULT_INJECTION: forcing a failure.
[  268.667875][T25787] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  268.681399][T25787] CPU: 1 PID: 25787 Comm: syz-executor.0 Not tainted 5.14.0-rc4-syzkaller #0
[  268.690173][T25787] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  268.700267][T25787] Call Trace:
[  268.703577][T25787]  dump_stack_lvl+0xb7/0x103
[  268.708272][T25787]  dump_stack+0x11/0x1a
[  268.712435][T25787]  should_fail+0x23c/0x250
[  268.717000][T25787]  __alloc_pages+0x102/0x320
[  268.721602][T25787]  alloc_pages_vma+0x513/0x680
[  268.726517][T25787]  ? page_address_in_vma+0x264/0x300
[  268.732003][T25787]  new_page+0x124/0x170
[  268.736187][T25787]  migrate_pages+0x3b3/0x1530
[  268.740876][T25787]  ? do_mbind+0xf50/0xf50
[  268.745210][T25787]  ? remove_migration_ptes+0x90/0x90
[  268.750494][T25787]  do_mbind+0xd43/0xf50
[  268.754735][T25787]  __x64_sys_mbind+0x10a/0x130
[  268.759548][T25787]  do_syscall_64+0x3d/0x90
[  268.763302][ T1041]  loop1: p2 < > p3 p4
[  268.763965][T25787]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  268.768266][ T1041] loop1: p2 size 2 extends beyond EOD, 
[  268.773906][T25787] RIP: 0033:0x4665e9
[  268.773925][T25787] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  268.773941][T25787] RSP: 002b:00007f21c68fc188 EFLAGS: 00000246 ORIG_RAX: 00000000000000ed
[  268.779507][ T1041] truncated
[  268.783346][T25787] RAX: ffffffffffffffda RBX: 000000000056c038 RCX: 00000000004665e9
[  268.822556][T25787] RDX: 0000000000000000 RSI: 0000000000800004 RDI: 00000000203b5000
[  268.830624][T25787] RBP: 00007f21c68fc1d0 R08: 0000000000000000 R09: 0000000000000002
[  268.838678][T25787] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  268.846740][T25787] R13: 00007ffd632b736f R14: 00007f21c68fc300 R15: 0000000000022000
09:18:10 executing program 4:
mkdir(&(0x7f0000002200)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000980)='./file0\x00', &(0x7f0000000440)='proc\x00', 0x0, 0x0)
setxattr$security_selinux(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080), &(0x7f00000000c0)='system_u:object_r:semanage_trans_lock_t:s0\x00', 0x2b, 0x2)
r0 = open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
getdents(r0, &(0x7f00000005c0)=""/223, 0xfc61)

09:18:10 executing program 1:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000400)=[{&(0x7f0000000a40)=""/4096, 0x1000}, {&(0x7f0000001a40)=""/4096, 0x1000}, {&(0x7f0000000380)}, {&(0x7f00000003c0)=""/46, 0x2e}], 0x4, 0x2, 0x8)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = accept(r0, &(0x7f00000002c0)=@isdn, &(0x7f0000000080)=0x80)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000900), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_KEY(0xffffffffffffffff, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f00000001c0)={0x14, r2, 0x1, 0x0, 0x0, {{}, {@void, @void}}}, 0x14}}, 0x0)
sendmsg$NL80211_CMD_TDLS_CHANNEL_SWITCH(r1, &(0x7f0000000340)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000200)={&(0x7f0000000180)={0x3c, r2, 0x100, 0x70bd2a, 0x25dfdbfc, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_OPER_CLASS={0x5, 0xd6, 0x3}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}]}, 0x3c}, 0x1, 0x0, 0x0, 0x2}, 0x80)
r3 = signalfd4(0xffffffffffffffff, &(0x7f0000000040)={[0x3]}, 0x8, 0x0)
syz_io_uring_setup(0x2de1, &(0x7f0000000240)={0x0, 0x7c58, 0x0, 0x1, 0x9, 0x0, r3}, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f00000000c0)=<r4=>0x0, &(0x7f0000000140)=<r5=>0x0)
r6 = openat$vcsa(0xffffffffffffff9c, &(0x7f00000004c0), 0x1e1c0, 0x0)
r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000540), r3)
sendmsg$NL80211_CMD_ADD_TX_TS(r6, &(0x7f0000000640)={&(0x7f0000000500)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000600)={&(0x7f0000000680)=ANY=[@ANYBLOB="6c04535cccb4e9d714487d8280596bbf832eb9e07fbcfb35476543acc4d5f7207d184a3e5537f569b22552b3729243d41402c59ab643f4772bda8e214e2eb36e7ffe2f60dc31d28909e2382969d3b6d0bfb6d8a2dfcb79c66163c46ff3fefd0b64e8da99360647d8a592e011cf142985cdc82d7b666adf33be48f7a26e500daf5a74020f4c580f", @ANYRES16=r7, @ANYBLOB="080028bd7000ffdbdf256900000008000300", @ANYRES32=0x0, @ANYBLOB="0c00990002000000390000000500d2000c0000000600d400010000000500d300030000000a00060008021100000000000500d200080000000600d4001f0000000600d400050000000500d20003000000"], 0x6c}, 0x1, 0x0, 0x0, 0x880}, 0x0)
syz_io_uring_submit(r4, r5, &(0x7f00000001c0)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index, 0x0, 0x0, 0x0, 0x1}, 0x0)
r8 = accept$inet6(r3, &(0x7f0000000380)={0xa, 0x0, 0x0, @private2}, &(0x7f0000000440)=0x1c)
ioctl$FS_IOC_SETVERSION(r8, 0x40087602, &(0x7f0000000480)=0x3)
io_uring_enter(0xffffffffffffffff, 0x302, 0x0, 0x0, 0x0, 0x0)

[  268.870230][T25781]  loop3: p1 p3 p4
[  268.874473][T25781] loop3: p1 size 11290111 extends beyond EOD, truncated
[  268.887314][ T1041] loop1: p3 start 225 is beyond EOD, truncated
[  268.893534][ T1041] loop1: p4 size 3657465856 extends beyond EOD, truncated
[  268.903096][T25781] loop3: p3 size 1912633224 extends beyond EOD, truncated
[  268.922158][T25781] loop3: p4 size 3657465856 extends beyond EOD, truncated
[  268.947809][T25780] FAULT_INJECTION: forcing a failure.
[  268.947809][T25780] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  268.961066][T25780] CPU: 1 PID: 25780 Comm: syz-executor.5 Not tainted 5.14.0-rc4-syzkaller #0
[  268.970005][T25780] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  268.973040][ T1041]  loop1: p2 < > p3 p4
[  268.980058][T25780] Call Trace:
[  268.980070][T25780]  dump_stack_lvl+0xb7/0x103
[  268.980096][T25780]  dump_stack+0x11/0x1a
[  268.996154][T25780]  should_fail+0x23c/0x250
[  269.000591][T25780]  __alloc_pages+0x102/0x320
[  269.002072][ T1041] loop1: p2 size 2 extends beyond EOD, truncated
[  269.005192][T25780]  alloc_pages_vma+0x513/0x680
[  269.016264][T25780]  ? page_address_in_vma+0x264/0x300
[  269.021558][T25780]  new_page+0x124/0x170
[  269.025719][T25780]  migrate_pages+0x3b3/0x1530
[  269.026893][ T1041] loop1: p3 start 225 is beyond EOD, 
[  269.030460][T25780]  ? do_mbind+0xf50/0xf50
[  269.030483][T25780]  ? remove_migration_ptes+0x90/0x90
[  269.035877][ T1041] truncated
[  269.035885][ T1041] loop1: p4 size 3657465856 extends beyond EOD, 
[  269.040189][T25780]  do_mbind+0xd43/0xf50
[  269.045501][ T1041] truncated
[  269.062350][T25780]  __x64_sys_mbind+0x10a/0x130
[  269.067172][T25780]  do_syscall_64+0x3d/0x90
[  269.071683][T25780]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  269.077791][T25780] RIP: 0033:0x4665e9
[  269.081802][T25780] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  269.101420][T25780] RSP: 002b:00007f0bf3051188 EFLAGS: 00000246 ORIG_RAX: 00000000000000ed
[  269.110210][T25780] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665e9
[  269.118264][T25780] RDX: 0000000000000000 RSI: 0000000000800004 RDI: 00000000203b5000
[  269.126518][T25780] RBP: 00007f0bf30511d0 R08: 0000000000000000 R09: 0000000000000002
[  269.134584][T25780] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  269.143041][T25780] R13: 00007fffa727060f R14: 00007f0bf3051300 R15: 0000000000022000
09:18:10 executing program 0 (fault-call:2 fault-nth:10):
mlockall(0x1)
mremap(&(0x7f0000453000/0x4000)=nil, 0x4000, 0x1000, 0x3, &(0x7f000014a000/0x1000)=nil)
mbind(&(0x7f00003b5000/0x800000)=nil, 0x800004, 0x0, 0x0, 0x0, 0x2)

09:18:10 executing program 1:
r0 = syz_io_uring_setup(0x2de1, &(0x7f0000000240)={0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000002000/0x1000)=nil, &(0x7f0000002000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000001c0)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index, 0x0, 0x0, 0x0, 0x1}, 0x0)
r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1000000, 0x50, r0, 0x8000000)
syz_io_uring_submit(r3, 0x0, &(0x7f0000000000)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x4, 0x0, 0x0, 0x0, 0x1}, 0x4)
io_uring_enter(r0, 0x302, 0x0, 0x0, 0x0, 0x0)

09:18:10 executing program 4:
mkdir(&(0x7f0000002200)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000980)='./file0\x00', &(0x7f0000000440)='proc\x00', 0x0, 0x0)
open(&(0x7f0000000040)='./file0\x00', 0x80, 0x40)
r0 = open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
getdents(r0, &(0x7f00000005c0)=""/223, 0xfc61)

09:18:10 executing program 2:
r0 = open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x1800007, 0x11, r0, 0x0)
r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r2=>0x0)
ftruncate(r1, 0x81fd)
syz_open_dev$vcsu(&(0x7f0000001700), 0x0, 0x0)
sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000003980)=[{0x0}], 0x1}, 0x0)
io_submit(r2, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x20002000, 0x0, 0x1, 0x0, r1, &(0x7f0000000000), 0x16000}])

[  269.233679][T25781] loop3: detected capacity change from 0 to 264192
[  269.285886][T25781]  loop3: p1 p3 p4
[  269.289879][T25781] loop3: p1 size 11290111 extends beyond EOD, truncated
[  269.325979][T25781] loop3: p3 size 1912633224 extends beyond EOD, truncated
[  269.373478][T25781] loop3: p4 size 3657465856 extends beyond EOD, truncated
[  269.379629][ T1041]  loop1: p2 < > p3 p4
[  269.398322][ T1041] loop1: p2 size 2 extends beyond EOD, truncated
[  269.406974][ T1041] loop1: p3 start 225 is beyond EOD, truncated
[  269.413194][ T1041] loop1: p4 size 3657465856 extends beyond EOD, truncated
09:18:11 executing program 5 (fault-call:2 fault-nth:10):
mlockall(0x1)
mremap(&(0x7f0000453000/0x4000)=nil, 0x4000, 0x1000, 0x3, &(0x7f000014a000/0x1000)=nil)
mbind(&(0x7f00003b5000/0x800000)=nil, 0x800004, 0x0, 0x0, 0x0, 0x2)

09:18:11 executing program 4:
mkdir(&(0x7f0000002200)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000980)='./file0\x00', &(0x7f0000000040)='ext4\x00', 0x4000d, 0x0)
execveat(0xffffffffffffffff, &(0x7f0000000080)='./file0\x00', &(0x7f00000002c0)=[&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='\x00', &(0x7f0000000140)='ext4\x00', &(0x7f0000000180)='ext4\x00', &(0x7f00000001c0)=':\\$\x00', &(0x7f0000000200)='ext4\x00', &(0x7f0000000240)='\x00', &(0x7f0000000280)='/\x00'], &(0x7f0000000340)=[&(0x7f0000000300)='%)\x00'], 0x400)
r0 = open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
getdents(r0, &(0x7f00000005c0)=""/223, 0xfc61)

09:18:11 executing program 1:
r0 = syz_io_uring_setup(0x2de1, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000002000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000001c0)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index, 0x0, 0x0, 0x0, 0x1}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000640)=@IORING_OP_RECVMSG={0xa, 0x5, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000580)=[{&(0x7f00000003c0)=""/106, 0x6a}, {&(0x7f0000000440)=""/244, 0xf4}, {&(0x7f0000000540)=""/51, 0x33}], 0x3, &(0x7f00000005c0)=""/53, 0x35}, 0x0, 0x2000, 0x1, {0x1}}, 0xfff)
io_uring_enter(r0, 0x302, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x5b66, &(0x7f0000000000)={0x0, 0x10bc, 0x10, 0x2, 0x268, 0x0, r0}, &(0x7f0000002000/0x1000)=nil, &(0x7f0000002000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=<r3=>0x0)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r4, 0x0)
preadv(r4, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000200)=@IORING_OP_STATX={0x15, 0x4, 0x0, r4, &(0x7f00000002c0), &(0x7f0000000180)='./file0\x00', 0x0, 0x400}, 0x4)

09:18:11 executing program 3:
syz_read_part_table(0x40000800, 0x1, &(0x7f0000000480)=[{&(0x7f0000000000)="020181ffffff0a000000ff45ac000000000063000800000000000000000000ffffffa9000000e10000008877007200300700a6ffffff00000000008000da55aa", 0x40, 0x1c0}])
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)

09:18:11 executing program 2:
r0 = open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x1800007, 0x11, r0, 0x0)
r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r2=>0x0)
ftruncate(r1, 0x81fd)
syz_open_dev$vcsu(&(0x7f0000001700), 0x0, 0x0)
sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000003980)=[{0x0}], 0x1}, 0x0)
io_submit(r2, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x22000000, 0x0, 0x1, 0x0, r1, &(0x7f0000000000), 0x16000}])

09:18:11 executing program 4:
mkdir(&(0x7f0000002200)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000980)='./file0\x00', &(0x7f0000000440)='proc\x00', 0x0, 0x0)
r0 = open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
getdents(r0, &(0x7f00000005c0)=""/223, 0xfc61)
pipe(&(0x7f0000000040)={<r1=>0xffffffffffffffff})
r2 = socket$inet_udp(0x2, 0x2, 0x0)
close(r2)
splice(r1, 0x0, r2, 0x0, 0x10005, 0x0)
pipe(&(0x7f0000000040)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
write$binfmt_misc(r3, &(0x7f0000000140)=ANY=[], 0x4240a2a0)
preadv(r3, &(0x7f0000000140)=[{&(0x7f0000000100)}], 0x1, 0x594, 0x80000001)
getdents64(r1, &(0x7f0000000040)=""/185, 0xb9)

[  269.615724][T25856] loop3: detected capacity change from 0 to 264192
09:18:11 executing program 1:
madvise(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x10)
r0 = syz_io_uring_setup(0x2de1, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x2000000, 0x1, 0x0, 0x0}, &(0x7f0000002000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000001c0)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index, 0x0, 0x0, 0x0, 0x1}, 0x0)
io_uring_enter(r0, 0x302, 0x0, 0x0, 0x0, 0x0)

[  269.661300][T25856]  loop3: p1 p3 p4
[  269.665385][T25856] loop3: p1 size 11290111 extends beyond EOD, truncated
[  269.680743][T25856] loop3: p3 size 1912633224 extends beyond EOD, truncated
[  269.699856][ T1041]  loop1: p2 < > p3 p4
[  269.704093][ T1041] loop1: p2 size 2 extends beyond EOD, truncated
[  269.722054][T25856] loop3: p4 size 3657465856 extends beyond EOD, truncated
[  269.731991][ T1041] loop1: p3 start 225 is beyond EOD, truncated
[  269.738765][ T1041] loop1: p4 size 3657465856 extends beyond EOD, truncated
[  269.756434][T25833] FAULT_INJECTION: forcing a failure.
[  269.756434][T25833] name fail_page_alloc, interval 1, probability 0, space 0, times 0
09:18:11 executing program 1:
r0 = syz_io_uring_setup(0x2de1, &(0x7f0000000000)={0x0, 0xfffffdfd, 0x20, 0x0, 0xc2}, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000001c0)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index, 0x0, 0x0, 0x0, 0x1}, 0x0)
io_uring_enter(r0, 0x302, 0x0, 0x0, 0x0, 0x0)

[  269.770135][T25833] CPU: 1 PID: 25833 Comm: syz-executor.0 Not tainted 5.14.0-rc4-syzkaller #0
[  269.779234][T25833] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  269.790174][T25833] Call Trace:
[  269.793539][T25833]  dump_stack_lvl+0xb7/0x103
[  269.798152][T25833]  dump_stack+0x11/0x1a
[  269.802346][T25833]  should_fail+0x23c/0x250
[  269.806865][T25833]  __alloc_pages+0x102/0x320
[  269.811463][T25833]  alloc_pages_vma+0x513/0x680
[  269.814000][ T1041]  loop1: p2 < > p3 p4
[  269.816398][T25833]  ? page_address_in_vma+0x264/0x300
[  269.816435][T25833]  new_page+0x124/0x170
[  269.830820][T25833]  migrate_pages+0x3b3/0x1530
[  269.832694][ T1041] loop1: p2 size 2 extends beyond EOD, truncated
[  269.835496][T25833]  ? do_mbind+0xf50/0xf50
[  269.835527][T25833]  ? remove_migration_ptes+0x90/0x90
[  269.853353][T25833]  do_mbind+0xd43/0xf50
[  269.857585][T25833]  __x64_sys_mbind+0x10a/0x130
[  269.862787][T25833]  do_syscall_64+0x3d/0x90
[  269.867449][T25833]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  269.873567][T25833] RIP: 0033:0x4665e9
[  269.877451][T25833] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  269.879396][ T1041] loop1: p3 start 225 is beyond EOD, 
[  269.897260][T25833] RSP: 002b:00007f21c691d188 EFLAGS: 00000246 ORIG_RAX: 00000000000000ed
[  269.897285][T25833] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665e9
[  269.897296][T25833] RDX: 0000000000000000 RSI: 0000000000800004 RDI: 00000000203b5000
[  269.897307][T25833] RBP: 00007f21c691d1d0 R08: 0000000000000000 R09: 0000000000000002
[  269.897318][T25833] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  269.897331][T25833] R13: 00007ffd632b736f R14: 00007f21c691d300 R15: 0000000000022000
[  269.902713][ T1041] truncated
[  269.954902][ T1041] loop1: p4 size 3657465856 extends beyond EOD, truncated
[  269.979395][ T1041]  loop1: p2 < > p3 p4
[  269.983839][ T1041] loop1: p2 size 2 extends beyond EOD, truncated
[  269.998427][ T1041] loop1: p3 start 225 is beyond EOD, truncated
[  270.004669][ T1041] loop1: p4 size 3657465856 extends beyond EOD, truncated
[  270.021113][T25856] loop3: detected capacity change from 0 to 264192
[  270.042667][T25859] FAULT_INJECTION: forcing a failure.
[  270.042667][T25859] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  270.056100][T25859] CPU: 1 PID: 25859 Comm: syz-executor.5 Not tainted 5.14.0-rc4-syzkaller #0
[  270.065156][T25859] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  270.075285][T25859] Call Trace:
[  270.078565][T25859]  dump_stack_lvl+0xb7/0x103
[  270.083352][T25859]  dump_stack+0x11/0x1a
[  270.088027][T25859]  should_fail+0x23c/0x250
[  270.092505][T25859]  __alloc_pages+0x102/0x320
[  270.097238][T25859]  alloc_pages_vma+0x513/0x680
[  270.102086][T25859]  ? page_address_in_vma+0x264/0x300
[  270.107375][T25859]  new_page+0x124/0x170
[  270.111536][T25859]  migrate_pages+0x3b3/0x1530
[  270.116304][T25859]  ? do_mbind+0xf50/0xf50
[  270.121685][T25859]  ? remove_migration_ptes+0x90/0x90
[  270.127260][T25859]  do_mbind+0xd43/0xf50
[  270.131695][T25859]  __x64_sys_mbind+0x10a/0x130
[  270.136554][T25859]  do_syscall_64+0x3d/0x90
[  270.141170][T25859]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  270.147158][T25859] RIP: 0033:0x4665e9
[  270.151083][T25859] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  270.170859][T25859] RSP: 002b:00007f0bf3051188 EFLAGS: 00000246 ORIG_RAX: 00000000000000ed
[  270.179516][T25859] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665e9
09:18:11 executing program 0 (fault-call:2 fault-nth:11):
mlockall(0x1)
mremap(&(0x7f0000453000/0x4000)=nil, 0x4000, 0x1000, 0x3, &(0x7f000014a000/0x1000)=nil)
mbind(&(0x7f00003b5000/0x800000)=nil, 0x800004, 0x0, 0x0, 0x0, 0x2)

09:18:11 executing program 2:
r0 = open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x1800007, 0x11, r0, 0x0)
r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r2=>0x0)
ftruncate(r1, 0x81fd)
syz_open_dev$vcsu(&(0x7f0000001700), 0x0, 0x0)
sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000003980)=[{0x0}], 0x1}, 0x0)
io_submit(r2, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x25ed0100, 0x0, 0x1, 0x0, r1, &(0x7f0000000000), 0x16000}])

09:18:11 executing program 1:
r0 = syz_io_uring_setup(0x2de1, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000002000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000001c0)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index, 0x0, 0x0, 0x0, 0x1}, 0x0)
sendmsg$MPTCP_PM_CMD_FLUSH_ADDRS(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x20, 0x0, 0x1, 0x70bd28, 0x25dfdbfc, {}, [@MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x6}, @MPTCP_PM_ATTR_ADDR={0x4}]}, 0x20}, 0x1, 0x0, 0x0, 0x20048800}, 0x40)
io_uring_enter(r0, 0x302, 0x0, 0x0, 0x0, 0x0)

[  270.187480][T25859] RDX: 0000000000000000 RSI: 0000000000800004 RDI: 00000000203b5000
[  270.195984][T25859] RBP: 00007f0bf30511d0 R08: 0000000000000000 R09: 0000000000000002
[  270.204077][T25859] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  270.212266][T25859] R13: 00007fffa727060f R14: 00007f0bf3051300 R15: 0000000000022000
09:18:11 executing program 1:
r0 = syz_io_uring_setup(0x2de1, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000002000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000001c0)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index, 0x0, 0x0, 0x0, 0x1}, 0x0)
io_uring_enter(r0, 0x302, 0x0, 0x0, 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000280)={'sit0\x00', <r3=>0x0})
sendto$packet(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f00000000c0)={0x11, 0x8848, r3, 0x1, 0x0, 0x6, @random="b52aa03ef753"}, 0x14)
r4 = socket$packet(0x11, 0x2, 0x300)
r5 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000280)={'sit0\x00', <r6=>0x0})
sendto$packet(r4, 0x0, 0x0, 0x0, &(0x7f00000000c0)={0x11, 0x8848, r6, 0x1, 0x0, 0x6, @random="b52aa03ef753"}, 0x14)
r7 = socket$packet(0x11, 0x2, 0x300)
r8 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000280)={'sit0\x00', <r9=>0x0})
sendto$packet(r7, 0x0, 0x0, 0x0, &(0x7f00000000c0)={0x11, 0x8848, r9, 0x1, 0x0, 0x6, @random="b52aa03ef753"}, 0x14)
ioctl$sock_ipv6_tunnel_SIOCDELPRL(0xffffffffffffffff, 0x89f6, &(0x7f00000000c0)={'sit0\x00', &(0x7f0000000440)={'ip6_vti0\x00', <r10=>0x0, 0x29, 0xff, 0x0, 0x5, 0x7, @private2, @ipv4={'\x00', '\xff\xff', @multicast1}, 0x40, 0x40, 0x5, 0xff}})
r11 = socket$packet(0x11, 0x2, 0x300)
r12 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r12, 0x8933, &(0x7f0000000280)={'sit0\x00', <r13=>0x0})
sendto$packet(r11, 0x0, 0x0, 0x0, &(0x7f00000000c0)={0x11, 0x8848, r13, 0x1, 0x0, 0x6, @random="b52aa03ef753"}, 0x14)
recvmsg(0xffffffffffffffff, &(0x7f00000025c0)={&(0x7f00000004c0)=@ll={0x11, 0x0, <r14=>0x0, 0x1, 0x0, 0x6, @local}, 0x80, &(0x7f0000000200)=[{&(0x7f0000000180)=""/27, 0x1b}, {&(0x7f0000000540)=""/4096, 0x1000}, {&(0x7f0000001540)=""/92, 0x5c}], 0x3, &(0x7f00000015c0)=""/4096, 0x1000}, 0x2040)
sendmsg$ETHTOOL_MSG_PRIVFLAGS_SET(0xffffffffffffffff, &(0x7f00000028c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000002880)={&(0x7f0000002980)=ANY=[@ANYBLOB="58020000", @ANYRES16=0x0, @ANYBLOB="010000100000fedbdf250e00000030000180140002006272696467653000000000000000000008000100", @ANYRES32=0x0, @ANYBLOB="08000100", @ANYRES32=0x0, @ANYBLOB="0800030003000000580001800800030001000000140002007465616d30000000000000000000000008000100", @ANYRES32=0x0, @ANYBLOB="080003000100000008000100", @ANYRES32=0x0, @ANYBLOB="08000100", @ANYRES32=0x0, @ANYBLOB="08000100", @ANYRES32=0x0, @ANYBLOB="08000100", @ANYRES32=r3, @ANYBLOB="08000100", @ANYRES32=r6, @ANYBLOB="0c00018008000100", @ANYRES32=0x0, @ANYBLOB="8e8178965f2a4c9b65727370616e300ceb89170000e100001400020073797a5f74756e0000001300000000000800a3370500000008000100b4887537573cf2ac86fb2ded7e767e6253ec35e1a3ceac1d0630cd238c74b81da89ef5e1b2bceaf8a422777472f4962d70356db32a2f4fe58a4cbd3d1dc24fe8dc1f344d08e5a4f90929ccd29d6f4288ec9a1f8599b4d820873a3b1d747a3565c9d6821e123ca7ae6113eb6dd4a1b320e29db5479f21735de44eaf7112d85b84192c859ea7af434547eb4fb218259a0b103f4ffce7c96ed5c147986ea9484a760b4d70dedcb145bc91d7ce0fab280d66a8bb21940d3485e0057d1b97db90fc00e45686e5538bfb12c95c656bdf8174189c3353ae1a1c2a98f6f5027493ac89de9fd9b52f324ac26717b40789c2970d0a2998be990c65085bce8de364", @ANYRES32=r9, @ANYBLOB="08000100", @ANYRES32=r10, @ANYBLOB="14000200636169663000000000000000000000001400020076657468305f746f5f68737200000000180001801400020073797a5f74756e00000000000000000028000180140002007866726d300000000000000000000000080003000100000008000100", @ANYRES32=r13, @ANYBLOB="2400018008000300020000000800030000000000080003000200000008000100", @ANYRES32=r14, @ANYBLOB="9000028004000100590004007cbf4de7970d778e857b721d48a6bb562a917c1820308169e79ca8bb138df44386090ebdc777fcaff504e1db6e09a09e01b6cfbadfee8fee5586e3c5eb8a1dbf0e68cf8b57883ffc4558fa68bfdf49f16a1280c32e000000080002000500000024000380100001800b00020040245e272e260000100001800400030005000200000000003c00018008000300010000001400020076657468315f6d6163767461700000000800030000000000140002006c6f00000000000000000000000000001400018008000100", @ANYRES32=0x0, @ANYBLOB="0800030002000000"], 0x258}, 0x1, 0x0, 0x0, 0x24040010}, 0x4081)

[  270.269494][T25856]  loop3: p1 p3 p4
[  270.273369][T25856] loop3: p1 size 11290111 extends beyond EOD, truncated
[  270.288592][T25856] loop3: p3 size 1912633224 extends beyond EOD, truncated
[  270.304145][T25856] loop3: p4 size 3657465856 extends beyond EOD, truncated
[  270.330364][ T1041]  loop3: p1 p3 p4
[  270.334411][ T1041] loop3: p1 size 11290111 extends beyond EOD, truncated
[  270.356224][ T1041] loop3: p3 size 1912633224 extends beyond EOD, truncated
[  270.374198][ T1041] loop3: p4 size 3657465856 extends beyond EOD, truncated
09:18:12 executing program 5 (fault-call:2 fault-nth:11):
mlockall(0x1)
mremap(&(0x7f0000453000/0x4000)=nil, 0x4000, 0x1000, 0x3, &(0x7f000014a000/0x1000)=nil)
mbind(&(0x7f00003b5000/0x800000)=nil, 0x800004, 0x0, 0x0, 0x0, 0x2)

09:18:12 executing program 2:
r0 = open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x1800007, 0x11, r0, 0x0)
r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r2=>0x0)
ftruncate(r1, 0x81fd)
syz_open_dev$vcsu(&(0x7f0000001700), 0x0, 0x0)
sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000003980)=[{0x0}], 0x1}, 0x0)
io_submit(r2, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x26ed0100, 0x0, 0x1, 0x0, r1, &(0x7f0000000000), 0x16000}])

09:18:12 executing program 3:
syz_read_part_table(0x48000000, 0x1, &(0x7f0000000480)=[{&(0x7f0000000000)="020181ffffff0a000000ff45ac000000000063000800000000000000000000ffffffa9000000e10000008877007200300700a6ffffff00000000008000da55aa", 0x40, 0x1c0}])
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)

09:18:12 executing program 1:
syz_mount_image$iso9660(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0xf967, 0x3, &(0x7f00000003c0)=[{&(0x7f00000002c0)="4c81d3b72b25b16be55b1766599c5ac0408040bc7289f5dfcdd4ef4aaddb0a98a7d4c3fa5b5f83bb57d880accebbec5d94c7867be8e476af650ae769ca99801e83b666cccf3375ff34bcd8ad1800eb3fa0167599bb1b499e390d6a2a7758bcdcc1889b7527086de0cfc5662ae9a3f93141cb694ddfb2f93fe04bd35b7dcdc4ba58643699909b8831dda1b68c35c8c621ff6c1bf7bc12d78a8ad56939762b6bc76fc2e190349862d5d900168ebe183416ebf15e5861c8e743edcd01f0908f917035d586c39e6256def406b4c7dcfcb4a9b26afef18ca21edf31c1d5107b441ef79ad01eacb84bcb8e1fd1f8f665543d1fc3a805731dd432a044a6e6cbe7", 0xfd, 0x4}, {&(0x7f0000000180)="594bbe55", 0x4, 0xfffffffffffffff8}, {&(0x7f0000000200)="1dd4bc0fd5a0a0e6d0ae3199856cd9", 0xf, 0xfffffffffffff869}], 0x1084808, &(0x7f0000000440)={[{@sbsector={'sbsector', 0x3d, 0x8}}, {@check_strict}, {@nojoliet}, {@mode={'mode', 0x3d, 0x7}}], [{@uid_eq={'uid', 0x3d, 0xee01}}, {@subj_user={'subj_user', 0x3d, '}$*/--}^'}}, {@obj_role={'obj_role', 0x3d, '\x00'}}, {@appraise}]})
r0 = syz_io_uring_setup(0x2de1, &(0x7f0000000240)={0x0, 0x0, 0x8, 0x80000, 0x214, 0x0, 0x0}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000540)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
io_uring_enter(r0, 0x5ecc, 0x497c, 0x3, &(0x7f0000000040)={[0x2]}, 0x8)
syz_io_uring_submit(r1, r2, &(0x7f00000001c0)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index, 0x0, 0x0, 0x0, 0x1}, 0x0)
io_uring_enter(r0, 0x302, 0x0, 0x0, 0x0, 0x0)
openat(0xffffffffffffffff, &(0x7f0000000500)='./file0\x00', 0x4000, 0x4)
io_uring_enter(0xffffffffffffffff, 0x742c, 0xaccc, 0x3, &(0x7f0000000000)={[0x7]}, 0x8)

[  270.455953][ T1041]  loop1: p2 < > p3 p4
[  270.482519][ T1041] loop1: p2 size 2 extends beyond EOD, truncated
[  270.497522][T25941] loop3: detected capacity change from 0 to 264192
[  270.506202][ T1041] loop1: p3 start 225 is beyond EOD, truncated
[  270.512514][ T1041] loop1: p4 size 3657465856 extends beyond EOD, truncated
[  270.534708][T25907] FAULT_INJECTION: forcing a failure.
[  270.534708][T25907] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  270.548145][T25907] CPU: 1 PID: 25907 Comm: syz-executor.0 Not tainted 5.14.0-rc4-syzkaller #0
[  270.556943][T25907] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  270.567165][T25907] Call Trace:
[  270.570504][T25907]  dump_stack_lvl+0xb7/0x103
[  270.575099][T25907]  dump_stack+0x11/0x1a
[  270.579244][T25907]  should_fail+0x23c/0x250
09:18:12 executing program 4:
mkdir(&(0x7f0000002200)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000980)='./file0\x00', &(0x7f0000000440)='proc\x00', 0x0, 0x0)
r0 = open$dir(&(0x7f0000000000)='./file0\x00', 0x400c1, 0xe5)
getdents(r0, &(0x7f00000005c0)=""/223, 0xfc61)
setxattr$security_evm(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080), &(0x7f00000000c0)=@ng={0x4, 0x5, "71ab39a5843fc7d3b389e2d6"}, 0xe, 0x2)

[  270.583819][T25907]  __alloc_pages+0x102/0x320
[  270.588430][T25907]  alloc_pages_vma+0x513/0x680
[  270.593194][T25907]  ? page_address_in_vma+0x264/0x300
[  270.598501][T25907]  new_page+0x124/0x170
[  270.602841][T25907]  migrate_pages+0x3b3/0x1530
[  270.607528][T25907]  ? do_mbind+0xf50/0xf50
[  270.611928][T25907]  ? remove_migration_ptes+0x90/0x90
[  270.617373][T25907]  do_mbind+0xd43/0xf50
[  270.618632][ T1041]  loop1: p2 < > p3 p4
[  270.621639][T25907]  __x64_sys_mbind+0x10a/0x130
[  270.621688][T25907]  do_syscall_64+0x3d/0x90
[  270.628188][ T1041] loop1: p2 size 2 extends beyond EOD, 
[  270.630821][T25907]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  270.630855][T25907] RIP: 0033:0x4665e9
[  270.630870][T25907] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  270.635731][ T1041] truncated
[  270.641654][ T1041] loop1: p3 start 225 is beyond EOD, 
[  270.647465][T25907] RSP: 002b:00007f21c691d188 EFLAGS: 00000246 ORIG_RAX: 00000000000000ed
[  270.647488][T25907] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665e9
[  270.651489][ T1041] truncated
[  270.671222][T25907] RDX: 0000000000000000 RSI: 0000000000800004 RDI: 00000000203b5000
[  270.671240][T25907] RBP: 00007f21c691d1d0 R08: 0000000000000000 R09: 0000000000000002
[  270.671252][T25907] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  270.671265][T25907] R13: 00007ffd632b736f R14: 00007f21c691d300 R15: 0000000000022000
[  270.674451][ T1041] loop1: p4 size 3657465856 extends beyond EOD, truncated
[  270.749592][T25941]  loop3: p1 p3 p4
[  270.753831][T25941] loop3: p1 size 11290111 extends beyond EOD, truncated
[  270.769315][T25941] loop3: p3 size 1912633224 extends beyond EOD, truncated
09:18:12 executing program 2:
r0 = open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x1800007, 0x11, r0, 0x0)
r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r2=>0x0)
ftruncate(r1, 0x81fd)
syz_open_dev$vcsu(&(0x7f0000001700), 0x0, 0x0)
sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000003980)=[{0x0}], 0x1}, 0x0)
io_submit(r2, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x27ed0100, 0x0, 0x1, 0x0, r1, &(0x7f0000000000), 0x16000}])

[  270.787320][T25941] loop3: p4 size 3657465856 extends beyond EOD, truncated
[  270.838651][T25942] FAULT_INJECTION: forcing a failure.
[  270.838651][T25942] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  270.852019][T25942] CPU: 0 PID: 25942 Comm: syz-executor.5 Not tainted 5.14.0-rc4-syzkaller #0
[  270.860979][T25942] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  270.871052][T25942] Call Trace:
[  270.874564][T25942]  dump_stack_lvl+0xb7/0x103
[  270.879214][T25942]  dump_stack+0x11/0x1a
[  270.883494][T25942]  should_fail+0x23c/0x250
[  270.887923][T25942]  __alloc_pages+0x102/0x320
[  270.892547][T25942]  alloc_pages_vma+0x513/0x680
[  270.897353][T25942]  ? page_address_in_vma+0x264/0x300
[  270.902780][T25942]  new_page+0x124/0x170
[  270.907037][T25942]  migrate_pages+0x3b3/0x1530
[  270.911748][T25942]  ? do_mbind+0xf50/0xf50
[  270.916111][T25942]  ? remove_migration_ptes+0x90/0x90
[  270.921581][T25942]  do_mbind+0xd43/0xf50
[  270.925750][T25942]  __x64_sys_mbind+0x10a/0x130
[  270.930629][T25942]  do_syscall_64+0x3d/0x90
[  270.935123][T25942]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  270.941143][T25942] RIP: 0033:0x4665e9
[  270.945135][T25942] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  270.964940][T25942] RSP: 002b:00007f0bf3051188 EFLAGS: 00000246 ORIG_RAX: 00000000000000ed
[  270.973378][T25942] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665e9
[  270.981456][T25942] RDX: 0000000000000000 RSI: 0000000000800004 RDI: 00000000203b5000
09:18:12 executing program 4:
mkdir(&(0x7f0000002200)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000980)='./file0\x00', &(0x7f0000000440)='proc\x00', 0x0, 0x0)
mount(&(0x7f0000000040)=@nullb, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='ocfs2_dlmfs\x00', 0x20000, &(0x7f0000000100)='proc\x00')
r0 = open$dir(&(0x7f0000000140)='./file0/file0\x00', 0x92000, 0x90)
getdents(r0, &(0x7f00000005c0)=""/223, 0xfc61)

09:18:12 executing program 0 (fault-call:2 fault-nth:12):
mlockall(0x1)
mremap(&(0x7f0000453000/0x4000)=nil, 0x4000, 0x1000, 0x3, &(0x7f000014a000/0x1000)=nil)
mbind(&(0x7f00003b5000/0x800000)=nil, 0x800004, 0x0, 0x0, 0x0, 0x2)

[  270.984608][ T1041]  loop1: p2 < > p3 p4
[  270.989522][T25942] RBP: 00007f0bf30511d0 R08: 0000000000000000 R09: 0000000000000002
[  270.989540][T25942] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  270.989551][T25942] R13: 00007fffa727060f R14: 00007f0bf3051300 R15: 0000000000022000
[  271.030829][ T1041] loop1: p2 size 2 extends beyond EOD, truncated
[  271.038406][ T1041] loop1: p3 start 225 is beyond EOD, truncated
[  271.044793][ T1041] loop1: p4 size 3657465856 extends beyond EOD, truncated
[  271.053566][T25941] loop3: detected capacity change from 0 to 264192
09:18:12 executing program 4:
mkdir(&(0x7f0000002200)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000980)='./file0\x00', &(0x7f0000000440)='proc\x00', 0x0, 0x0)
r0 = open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
getdents(r0, &(0x7f00000005c0)=""/223, 0xfc61)
open(&(0x7f0000000040)='./file0\x00', 0x6000, 0x40)

09:18:12 executing program 1:
r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0xc240, 0x0)
ioctl$TIOCL_PASTESEL(r0, 0x541c, &(0x7f0000000040))
r1 = syz_io_uring_setup(0x2de1, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000002000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000100)=<r2=>0x0, &(0x7f0000000140)=<r3=>0x0)
pipe(&(0x7f0000000040)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
write$binfmt_misc(r5, &(0x7f0000000140)=ANY=[], 0x4240a2a0)
ioctl$TCSETSW2(r4, 0x402c542c, &(0x7f00000000c0)={0x1000, 0x9, 0x4, 0x800, 0x4, "38990326fe15c34410dde8f90a3cac13743c2b", 0x0, 0x6})
ioctl$KDFONTOP_COPY(r5, 0x4b72, &(0x7f0000000080)={0x3, 0x1, 0xb, 0x1f, 0x7c, &(0x7f00000002c0)})
syz_io_uring_submit(r2, r3, &(0x7f00000001c0)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index, 0x0, 0x0, 0x0, 0x1}, 0x0)
io_uring_enter(r1, 0x302, 0x0, 0x0, 0x0, 0x0)

09:18:12 executing program 2:
r0 = open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x1800007, 0x11, r0, 0x0)
r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r2=>0x0)
ftruncate(r1, 0x81fd)
syz_open_dev$vcsu(&(0x7f0000001700), 0x0, 0x0)
sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000003980)=[{0x0}], 0x1}, 0x0)
io_submit(r2, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x3f000000, 0x0, 0x1, 0x0, r1, &(0x7f0000000000), 0x16000}])

09:18:12 executing program 4:
mkdir(&(0x7f0000002200)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000440)='bfs\x00', 0x0, 0x0)
r0 = open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
getdents(r0, &(0x7f00000005c0)=""/223, 0xfc61)

[  271.140703][ T1041]  loop3: p1 p3 p4
[  271.144622][ T1041] loop3: p1 size 11290111 extends beyond EOD, truncated
[  271.160535][ T1041] loop3: p3 size 1912633224 extends beyond EOD, truncated
[  271.196081][ T1041] loop3: p4 size 3657465856 extends beyond EOD, truncated
[  271.218712][T25941]  loop3: p1 p3 p4
[  271.223506][T25941] loop3: p1 size 11290111 extends beyond EOD, truncated
[  271.242684][T25941] loop3: p3 size 1912633224 extends beyond EOD, truncated
[  271.245995][T25974] FAULT_INJECTION: forcing a failure.
[  271.245995][T25974] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  271.263331][T25974] CPU: 1 PID: 25974 Comm: syz-executor.0 Not tainted 5.14.0-rc4-syzkaller #0
[  271.272097][T25974] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  271.282220][T25974] Call Trace:
[  271.285497][T25974]  dump_stack_lvl+0xb7/0x103
[  271.289522][T25941] loop3: p4 size 3657465856 extends beyond EOD, truncated
[  271.290098][T25974]  dump_stack+0x11/0x1a
[  271.290119][T25974]  should_fail+0x23c/0x250
[  271.305928][T25974]  __alloc_pages+0x102/0x320
[  271.310551][T25974]  alloc_pages_vma+0x513/0x680
[  271.315352][T25974]  ? page_address_in_vma+0x264/0x300
[  271.320644][T25974]  new_page+0x124/0x170
[  271.324812][T25974]  migrate_pages+0x3b3/0x1530
[  271.329487][T25974]  ? do_mbind+0xf50/0xf50
[  271.333835][T25974]  ? remove_migration_ptes+0x90/0x90
[  271.339185][T25974]  do_mbind+0xd43/0xf50
09:18:12 executing program 5 (fault-call:2 fault-nth:12):
mlockall(0x1)
mremap(&(0x7f0000453000/0x4000)=nil, 0x4000, 0x1000, 0x3, &(0x7f000014a000/0x1000)=nil)
mbind(&(0x7f00003b5000/0x800000)=nil, 0x800004, 0x0, 0x0, 0x0, 0x2)

[  271.343347][T25974]  __x64_sys_mbind+0x10a/0x130
[  271.348147][T25974]  do_syscall_64+0x3d/0x90
[  271.352659][T25974]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  271.358661][T25974] RIP: 0033:0x4665e9
[  271.362549][T25974] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  271.382477][T25974] RSP: 002b:00007f21c691d188 EFLAGS: 00000246 ORIG_RAX: 00000000000000ed
09:18:13 executing program 4:
mkdir(&(0x7f0000002200)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000980)='./file0\x00', &(0x7f0000000440)='proc\x00', 0x0, 0x0)
r0 = open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
getdents(r0, &(0x7f00000005c0)=""/223, 0xfc61)

[  271.390943][T25974] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665e9
[  271.398919][T25974] RDX: 0000000000000000 RSI: 0000000000800004 RDI: 00000000203b5000
[  271.406893][T25974] RBP: 00007f21c691d1d0 R08: 0000000000000000 R09: 0000000000000002
[  271.414992][T25974] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  271.422964][T25974] R13: 00007ffd632b736f R14: 00007f21c691d300 R15: 0000000000022000
09:18:13 executing program 3:
syz_read_part_table(0x4c000000, 0x1, &(0x7f0000000480)=[{&(0x7f0000000000)="020181ffffff0a000000ff45ac000000000063000800000000000000000000ffffffa9000000e10000008877007200300700a6ffffff00000000008000da55aa", 0x40, 0x1c0}])
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)

09:18:13 executing program 2:
r0 = open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x1800007, 0x11, r0, 0x0)
r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r2=>0x0)
ftruncate(r1, 0x81fd)
syz_open_dev$vcsu(&(0x7f0000001700), 0x0, 0x0)
sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000003980)=[{0x0}], 0x1}, 0x0)
io_submit(r2, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x40000000, 0x0, 0x1, 0x0, r1, &(0x7f0000000000), 0x16000}])

09:18:13 executing program 4:
mount(0x0, &(0x7f0000000980)='./file0\x00', &(0x7f0000000440)='proc\x00', 0x0, 0x0)
r0 = open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
r1 = syz_mount_image$ext4(&(0x7f0000000280)='ext4\x00', &(0x7f0000000080)='./file0\x00', 0x1, 0x4, &(0x7f0000000300)=[{&(0x7f00000000c0)="3b1fff5c78eb4ae9", 0x8, 0x40}, {&(0x7f0000000100)="1d56e9699cd7bfaf6ab767230cf6425915fc666558f2b7ef3ba0f58cc99a1fcd6a5d50f40809c4bf5f27c12b209ae365d15f4f9e5e5175a2eaba6f1ff84ebe75fa995e088d3a68a2bf5ea191db6543f73789699f7336069d64e01db225c83a6cb7e3eed2b02c32aa3c2873d3fa3bc337778c7f5e986cda7b41b2ffe0eff4a489d50a76dbcdc242d0ba5590359a72ca848f35bf78ee35bf50148ea991fa46e7e312c1e17735a2d283b7bbbe5e8f21347fa3e0259eea45907837ed7a07ecbcb2995686e18ffadb8138e7e92439663235d716d3288b5d85c727e1a9379218e4955b73f4871ed0d89b70a48c0e1656e579496f5e12800a2cee42d400bc", 0xfb, 0x4}, {&(0x7f0000000200)="3c858b598e53ed1c56e7b7dfd80e138f2bcc16942a53f5bf61280ae2a29d3fc24049c599e91d61f5b4b4cfe7fa82ec4ffbe92d6b7d4d6dd54a655bec72366bc84613bf2a11103edf9c23ab87f49c35af2e0dcfbeebe6cc58dc9576871a97635677da101f70ac21a3a8f065afab117c3e97a8bdccc34208e57a5182", 0x7b, 0xb8}, {&(0x7f0000000380)="c1e17107fe248a9c8009954213511b889c5e783b562907f9698e00a8d90a9be4fee48e4ce98598f641bcf7e3193b253abc5434657c8b4642028b6e4f7159308050de9076700f5abac35b2f51587446c45d04f952bad38bb38f93cd548174dbc35918d4ef7c", 0x65, 0x8}], 0x100000, &(0x7f0000000480)=ANY=[])
openat$dir(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x40, 0x104)
openat(r1, &(0x7f0000000400)='./file0\x00', 0x440, 0x8)
getdents(r0, &(0x7f00000005c0)=""/223, 0xfc61)

[  271.583713][T26029] loop3: detected capacity change from 0 to 264192
09:18:13 executing program 2:
r0 = open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x1800007, 0x11, r0, 0x0)
r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r2=>0x0)
ftruncate(r1, 0x81fd)
syz_open_dev$vcsu(&(0x7f0000001700), 0x0, 0x0)
sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000003980)=[{0x0}], 0x1}, 0x0)
io_submit(r2, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x63000000, 0x0, 0x1, 0x0, r1, &(0x7f0000000000), 0x16000}])

09:18:13 executing program 4:
mkdir(&(0x7f0000002200)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000980)='./file0\x00', &(0x7f0000000440)='proc\x00', 0x0, 0x0)
r0 = open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
open$dir(&(0x7f0000000040)='./file0\x00', 0x40, 0xe)
getdents(r0, &(0x7f00000005c0)=""/223, 0xfc61)

[  271.659426][T26029]  loop3: p1 p3 p4
[  271.663545][T26029] loop3: p1 size 11290111 extends beyond EOD, truncated
[  271.711602][T26029] loop3: p3 size 1912633224 extends beyond EOD, truncated
[  271.743748][T26018] FAULT_INJECTION: forcing a failure.
[  271.743748][T26018] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  271.757252][T26018] CPU: 0 PID: 26018 Comm: syz-executor.5 Not tainted 5.14.0-rc4-syzkaller #0
[  271.766219][T26018] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  271.776275][T26018] Call Trace:
[  271.779556][T26018]  dump_stack_lvl+0xb7/0x103
[  271.784156][T26018]  dump_stack+0x11/0x1a
[  271.788598][T26018]  should_fail+0x23c/0x250
[  271.793146][T26018]  __alloc_pages+0x102/0x320
[  271.797746][T26018]  alloc_pages_vma+0x513/0x680
[  271.802515][T26018]  ? page_address_in_vma+0x264/0x300
[  271.807919][T26018]  new_page+0x124/0x170
[  271.812184][T26018]  migrate_pages+0x3b3/0x1530
[  271.816954][T26018]  ? do_mbind+0xf50/0xf50
[  271.821375][T26018]  ? remove_migration_ptes+0x90/0x90
[  271.827128][T26018]  do_mbind+0xd43/0xf50
[  271.832202][T26018]  __x64_sys_mbind+0x10a/0x130
[  271.836164][T26029] loop3: p4 size 3657465856 extends beyond EOD, truncated
[  271.837043][T26018]  do_syscall_64+0x3d/0x90
[  271.837068][T26018]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  271.856289][T26018] RIP: 0033:0x4665e9
09:18:13 executing program 0 (fault-call:2 fault-nth:13):
mlockall(0x1)
mremap(&(0x7f0000453000/0x4000)=nil, 0x4000, 0x1000, 0x3, &(0x7f000014a000/0x1000)=nil)
mbind(&(0x7f00003b5000/0x800000)=nil, 0x800004, 0x0, 0x0, 0x0, 0x2)

09:18:13 executing program 4:
mkdir(&(0x7f0000002200)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000980)='./file0\x00', &(0x7f0000000440)='proc\x00', 0x0, 0x0)
getdents(0xffffffffffffffff, &(0x7f00000005c0)=""/223, 0xfc61)
getdents64(0xffffffffffffffff, &(0x7f0000000040)=""/77, 0x4d)

[  271.860294][T26018] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  271.880436][T26018] RSP: 002b:00007f0bf3051188 EFLAGS: 00000246 ORIG_RAX: 00000000000000ed
[  271.889279][T26018] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665e9
[  271.897453][T26018] RDX: 0000000000000000 RSI: 0000000000800004 RDI: 00000000203b5000
[  271.905429][T26018] RBP: 00007f0bf30511d0 R08: 0000000000000000 R09: 0000000000000002
[  271.913401][T26018] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  271.921421][T26018] R13: 00007fffa727060f R14: 00007f0bf3051300 R15: 0000000000022000
09:18:13 executing program 1:
r0 = syz_io_uring_setup(0x2de1, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000002000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
pipe(&(0x7f0000000040)={<r3=>0xffffffffffffffff})
r4 = socket$inet_udp(0x2, 0x2, 0x0)
close(r4)
splice(r3, 0x0, r4, 0x0, 0x10005, 0x0)
mmap(&(0x7f0000003000/0x3000)=nil, 0x3000, 0x1000000, 0x13, r4, 0xb9ab6000)
syz_io_uring_submit(r1, r2, &(0x7f00000001c0)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index, 0x0, 0x0, 0x0, 0x1}, 0x0)
io_uring_enter(r0, 0x302, 0x0, 0x0, 0x0, 0x0)

09:18:13 executing program 3:
syz_read_part_table(0x60000000, 0x1, &(0x7f0000000480)=[{&(0x7f0000000000)="020181ffffff0a000000ff45ac000000000063000800000000000000000000ffffffa9000000e10000008877007200300700a6ffffff00000000008000da55aa", 0x40, 0x1c0}])
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)

09:18:13 executing program 2:
r0 = open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x1800007, 0x11, r0, 0x0)
r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r2=>0x0)
ftruncate(r1, 0x81fd)
syz_open_dev$vcsu(&(0x7f0000001700), 0x0, 0x0)
sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000003980)=[{0x0}], 0x1}, 0x0)
io_submit(r2, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x81020000, 0x0, 0x1, 0x0, r1, &(0x7f0000000000), 0x16000}])

[  272.051910][ T1041]  loop1: p2 < > p3 p4
[  272.056068][ T1041] loop1: p2 size 2 extends beyond EOD, truncated
[  272.069636][T26077] loop3: detected capacity change from 0 to 264192
[  272.085810][ T1041] loop1: p3 start 225 is beyond EOD, truncated
[  272.092030][ T1041] loop1: p4 size 3657465856 extends beyond EOD, truncated
[  272.119569][T26077]  loop3: p1 p3 p4
[  272.123398][T26077] loop3: p1 size 11290111 extends beyond EOD, truncated
[  272.156207][T26077] loop3: p3 size 1912633224 extends beyond EOD, truncated
09:18:13 executing program 5 (fault-call:2 fault-nth:13):
mlockall(0x1)
mremap(&(0x7f0000453000/0x4000)=nil, 0x4000, 0x1000, 0x3, &(0x7f000014a000/0x1000)=nil)
mbind(&(0x7f00003b5000/0x800000)=nil, 0x800004, 0x0, 0x0, 0x0, 0x2)

09:18:13 executing program 4:
write$selinux_attr(0xffffffffffffffff, &(0x7f0000000040)='system_u:object_r:semanage_store_t:s0\x00', 0x26)
mkdir(&(0x7f0000002200)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000980)='./file0\x00', &(0x7f0000000440)='proc\x00', 0x0, 0x0)
r0 = open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
getdents(r0, &(0x7f00000005c0)=""/223, 0xfc61)

09:18:13 executing program 1:
ioctl$BTRFS_IOC_SET_FEATURES(0xffffffffffffffff, 0x40309439, &(0x7f0000000000)={0x2, 0x2, 0x8})
r0 = syz_io_uring_setup(0x2de1, &(0x7f0000000240)={0x0, 0x0, 0x20, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1000000, 0x10010, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f00000001c0)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index, 0x0, 0x0, 0x0, 0x1}, 0x0)
io_uring_enter(r0, 0x302, 0x0, 0x0, 0x0, 0x0)

09:18:13 executing program 2:
r0 = open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x1800007, 0x11, r0, 0x0)
r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r2=>0x0)
ftruncate(r1, 0x81fd)
syz_open_dev$vcsu(&(0x7f0000001700), 0x0, 0x0)
sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000003980)=[{0x0}], 0x1}, 0x0)
io_submit(r2, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x86ffffff, 0x0, 0x1, 0x0, r1, &(0x7f0000000000), 0x16000}])

[  272.166599][ T1041]  loop1: p2 < > p3 p4
[  272.170996][T26077] loop3: p4 size 3657465856 extends beyond EOD, truncated
[  272.176351][ T1041] loop1: p2 size 2 extends beyond EOD, truncated
[  272.197192][ T1041] loop1: p3 start 225 is beyond EOD, truncated
[  272.203550][ T1041] loop1: p4 size 3657465856 extends beyond EOD, truncated
[  272.243259][T26077] loop3: detected capacity change from 0 to 264192
09:18:13 executing program 4:
mkdir(&(0x7f0000002200)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000980)='./file0\x00', &(0x7f0000000440)='proc\x00', 0x0, 0x0)
r0 = open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
getdents(r0, &(0x7f00000005c0)=""/223, 0xfc61)
r1 = syz_mount_image$nfs(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x1, 0x2, &(0x7f00000002c0)=[{&(0x7f00000000c0)="6858e4f87ca73976c60a7a7a18edad09c60afc92918f566004ff439865a52c2536899418598988544655371ec88ccd6fa99b146ea77d8177fda5e11116f40535e9ce4184688cf863c5449042a4b7da573ad826f96e9d0fad3bab53219569be5de80598f373f950b000e39bdaa79361715bd772ed413e7471c8fe43fb38b79f288b76cea562f762efc5cf4e6dd3f267639d8854f2bbb568d27975bd750d724ecb8bedfcb409ab5b3073fcde96a11eec2e5f0ee26415ff5c86ca2d5721f3d4138269b6e570a101cbff5985", 0xca, 0x40}, {&(0x7f00000001c0)="f9f7b42f6c885e9c6bbea837e677d19a468c3904d27e68e54829d1011a607769f6b499af44b9a9e254f78f45586db14fa3066d9c65befae4e037388e74962b9aedddf7f9bc11ec0c4e03075bc16f87ec6d9a8fb4e1fd8408d9da79f747aed3e70c53b0b3904eafe438c7a2966954a87fa2bb9003196d3e62d9f5302f2a70a52276eae4173ea6c7d0ff9115100ad88bb7b76fdead6a67fe078372edde0521460991452dccdb639077682f28083d35b5f046dcbdf6326fc654558938fe9ae657239c3f369a72016592dfa941e7b0116008", 0xd0, 0x4}], 0x8000, &(0x7f0000000300)={[{'proc\x00'}, {'proc\x00'}, {}], [{@rootcontext={'rootcontext', 0x3d, 'user_u'}}, {@smackfsroot={'smackfsroot', 0x3d, 'proc\x00'}}, {@appraise}, {@smackfstransmute={'smackfstransmute', 0x3d, '/'}}, {@subj_role={'subj_role', 0x3d, 'proc\x00'}}, {@permit_directio}, {@pcr={'pcr', 0x3d, 0x6}}, {@smackfstransmute={'smackfstransmute', 0x3d, 'proc\x00'}}]})
mknodat$null(r1, &(0x7f00000003c0)='./file0\x00', 0x2, 0x103)

[  272.298440][T26062] FAULT_INJECTION: forcing a failure.
[  272.298440][T26062] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  272.312091][T26062] CPU: 1 PID: 26062 Comm: syz-executor.0 Not tainted 5.14.0-rc4-syzkaller #0
[  272.320955][T26062] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  272.331191][T26062] Call Trace:
[  272.334467][T26062]  dump_stack_lvl+0xb7/0x103
[  272.339107][T26062]  dump_stack+0x11/0x1a
[  272.342475][ T1041]  loop3: p1 p3 p4
[  272.343375][T26062]  should_fail+0x23c/0x250
[  272.347439][ T1041] loop3: p1 size 11290111 extends beyond EOD, 
[  272.351494][T26062]  __alloc_pages+0x102/0x320
[  272.351521][T26062]  alloc_pages_vma+0x513/0x680
[  272.351541][T26062]  ? page_address_in_vma+0x264/0x300
[  272.351563][T26062]  new_page+0x124/0x170
[  272.357892][ T1041] truncated
[  272.365352][ T1041] loop3: p3 size 1912633224 extends beyond EOD, 
[  272.367476][T26062]  migrate_pages+0x3b3/0x1530
[  272.372906][ T1041] truncated
[  272.377036][T26062]  ? do_mbind+0xf50/0xf50
[  272.398243][ T1041] loop3: p4 size 3657465856 extends beyond EOD, truncated
[  272.398568][T26062]  ? remove_migration_ptes+0x90/0x90
[  272.398591][T26062]  do_mbind+0xd43/0xf50
[  272.398631][T26062]  __x64_sys_mbind+0x10a/0x130
[  272.418953][T26077]  loop3: p1 p3 p4
[  272.420370][T26062]  do_syscall_64+0x3d/0x90
[  272.420398][T26062]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  272.424442][T26077] loop3: p1 size 11290111 extends beyond EOD, 
[  272.428528][T26062] RIP: 0033:0x4665e9
[  272.428550][T26062] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  272.434805][T26077] truncated
[  272.445999][T26077] loop3: p3 size 1912633224 extends beyond EOD, 
[  272.464612][T26062] RSP: 002b:00007f21c691d188 EFLAGS: 00000246
[  272.467766][T26077] truncated
[  272.483513][T26062]  ORIG_RAX: 00000000000000ed
[  272.488174][T26062] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665e9
09:18:14 executing program 1:
r0 = syz_io_uring_setup(0x1923, &(0x7f0000000240)={0x0, 0x20cd20, 0x1, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000080)=<r1=>0x0, &(0x7f0000000040)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000001c0)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index, 0x0, 0x0, 0x0, 0x1}, 0x0)
ioctl$EXT4_IOC_MIGRATE(r0, 0x6609)
io_uring_enter(r0, 0x302, 0x0, 0x0, 0x0, 0x0)

09:18:14 executing program 2:
r0 = open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x1800007, 0x11, r0, 0x0)
r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r2=>0x0)
ftruncate(r1, 0x81fd)
syz_open_dev$vcsu(&(0x7f0000001700), 0x0, 0x0)
sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000003980)=[{0x0}], 0x1}, 0x0)
io_submit(r2, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x95320200, 0x0, 0x1, 0x0, r1, &(0x7f0000000000), 0x16000}])

[  272.494303][T26077] loop3: p4 size 3657465856 extends beyond EOD, 
[  272.496228][T26062] RDX: 0000000000000000 RSI: 0000000000800004 RDI: 00000000203b5000
[  272.496243][T26062] RBP: 00007f21c691d1d0 R08: 0000000000000000 R09: 0000000000000002
[  272.502704][T26077] truncated
[  272.510824][T26062] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  272.510837][T26062] R13: 00007ffd632b736f R14: 00007f21c691d300 R15: 0000000000022000
[  272.596406][T26130] nfs: Unknown parameter 'proc'
[  272.610407][T26105] FAULT_INJECTION: forcing a failure.
[  272.610407][T26105] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  272.623683][T26105] CPU: 1 PID: 26105 Comm: syz-executor.5 Not tainted 5.14.0-rc4-syzkaller #0
[  272.632470][T26105] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  272.642763][T26105] Call Trace:
[  272.646108][T26105]  dump_stack_lvl+0xb7/0x103
[  272.650696][T26105]  dump_stack+0x11/0x1a
[  272.654843][T26105]  should_fail+0x23c/0x250
[  272.659257][T26105]  __alloc_pages+0x102/0x320
[  272.663841][T26105]  alloc_pages_vma+0x513/0x680
[  272.668604][T26105]  ? page_address_in_vma+0x264/0x300
[  272.673955][T26105]  new_page+0x124/0x170
[  272.678501][T26105]  migrate_pages+0x3b3/0x1530
[  272.683178][T26105]  ? do_mbind+0xf50/0xf50
[  272.687521][T26105]  ? remove_migration_ptes+0x90/0x90
[  272.692942][T26105]  do_mbind+0xd43/0xf50
[  272.697106][T26105]  __x64_sys_mbind+0x10a/0x130
[  272.699622][ T1041]  loop1: p2 < > p3 p4
[  272.701897][T26105]  do_syscall_64+0x3d/0x90
[  272.706319][ T1041] loop1: p2 size 2 extends beyond EOD, 
[  272.710374][T26105]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  272.710402][T26105] RIP: 0033:0x4665e9
[  272.710415][T26105] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  272.710432][T26105] RSP: 002b:00007f0bf3051188 EFLAGS: 00000246 ORIG_RAX: 00000000000000ed
[  272.710450][T26105] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665e9
[  272.715965][ T1041] truncated
[  272.718449][ T1041] loop1: p3 start 225 is beyond EOD, 
[  272.721832][T26105] RDX: 0000000000000000 RSI: 0000000000800004 RDI: 00000000203b5000
[  272.721847][T26105] RBP: 00007f0bf30511d0 R08: 0000000000000000 R09: 0000000000000002
[  272.721869][T26105] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  272.725748][ T1041] truncated
[  272.725753][ T1041] loop1: p4 size 3657465856 extends beyond EOD, 
[  272.745619][T26105] R13: 00007fffa727060f R14: 00007f0bf3051300 R15: 0000000000022000
[  272.813871][ T1041] truncated
09:18:14 executing program 0 (fault-call:2 fault-nth:14):
mlockall(0x1)
mremap(&(0x7f0000453000/0x4000)=nil, 0x4000, 0x1000, 0x3, &(0x7f000014a000/0x1000)=nil)
mbind(&(0x7f00003b5000/0x800000)=nil, 0x800004, 0x0, 0x0, 0x0, 0x2)

09:18:14 executing program 1:
r0 = syz_io_uring_setup(0x2de1, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000002000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = syz_io_uring_setup(0x495a, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=<r4=>0x0, &(0x7f0000000100)=<r5=>0x0)
syz_io_uring_submit(r4, r5, &(0x7f0000000040)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x4, 0x0, @fd=r3}, 0x9)
syz_io_uring_submit(r4, r5, &(0x7f0000008540)=@IORING_OP_CLOSE, 0x10001)
syz_io_uring_submit(r4, r5, &(0x7f00000000c0)=@IORING_OP_WRITE_FIXED, 0x0)
r6 = openat$random(0xffffffffffffff9c, &(0x7f0000000000), 0x10000, 0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000040)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x4004, @fd=r6, 0x5b5d92a2, 0x0, 0x0, 0x3, 0x1, {0x2}}, 0x4)
syz_io_uring_submit(r1, r2, &(0x7f00000001c0)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index, 0x0, 0x0, 0x0, 0x1}, 0x0)
io_uring_enter(r0, 0x302, 0x0, 0x0, 0x0, 0x0)

09:18:14 executing program 3:
syz_read_part_table(0x62160000, 0x1, &(0x7f0000000480)=[{&(0x7f0000000000)="020181ffffff0a000000ff45ac000000000063000800000000000000000000ffffffa9000000e10000008877007200300700a6ffffff00000000008000da55aa", 0x40, 0x1c0}])
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)

[  272.838917][T26143] nfs: Unknown parameter 'proc'
[  272.851642][ T1041]  loop3: p1 p3 p4
[  272.855587][ T1041] loop3: p1 size 11290111 extends beyond EOD, truncated
[  272.863498][ T1041] loop3: p3 size 1912633224 extends beyond EOD, truncated
[  272.873107][ T1041] loop3: p4 size 3657465856 extends beyond EOD, truncated
09:18:14 executing program 2:
r0 = open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x1800007, 0x11, r0, 0x0)
r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r2=>0x0)
ftruncate(r1, 0x81fd)
syz_open_dev$vcsu(&(0x7f0000001700), 0x0, 0x0)
sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000003980)=[{0x0}], 0x1}, 0x0)
io_submit(r2, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0xe4ffffff, 0x0, 0x1, 0x0, r1, &(0x7f0000000000), 0x16000}])

09:18:14 executing program 4:
io_setup(0x2, &(0x7f0000000040)=<r0=>0x0)
pidfd_getfd(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
pidfd_getfd(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
pipe(&(0x7f0000000080)={<r1=>0xffffffffffffffff})
r2 = socket$inet_udp(0x2, 0x2, 0x0)
close(r2)
splice(r1, 0x0, r2, 0x0, 0x10005, 0x0)
pipe(&(0x7f0000000040)={<r3=>0xffffffffffffffff})
r4 = socket$inet_udp(0x2, 0x2, 0x0)
close(r4)
splice(r3, 0x0, r4, 0x0, 0x10005, 0x0)
r5 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r5, 0x0)
preadv(r1, &(0x7f0000000280), 0x0, 0x200d9f, 0xa)
syz_open_dev$vcsn(&(0x7f00000004c0), 0x5, 0xa140)
io_submit(r0, 0x0, &(0x7f00000006c0))
mkdir(&(0x7f0000002200)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000980)='./file0\x00', &(0x7f0000000440)='proc\x00', 0x0, 0x0)
r6 = open$dir(&(0x7f0000000000)='./file0\x00', 0x444241, 0x0)
getdents(r6, &(0x7f00000005c0)=""/223, 0xfc61)

[  272.940165][ T1041]  loop1: p2 < > p3 p4
[  272.944536][ T1041] loop1: p2 size 2 extends beyond EOD, truncated
[  272.979125][ T1041] loop1: p3 start 225 is beyond EOD, truncated
[  272.985564][ T1041] loop1: p4 size 3657465856 extends beyond EOD, truncated
[  273.026297][T26173] loop3: detected capacity change from 0 to 264192
[  273.077983][T26173]  loop3: p1 p3 p4
[  273.091252][ T1041]  loop1: p2 < > p3 p4
[  273.091262][T26173] loop3: p1 size 11290111 extends beyond EOD, truncated
[  273.095546][ T1041] loop1: p2 size 2 extends beyond EOD, truncated
09:18:14 executing program 5 (fault-call:2 fault-nth:14):
mlockall(0x1)
mremap(&(0x7f0000453000/0x4000)=nil, 0x4000, 0x1000, 0x3, &(0x7f000014a000/0x1000)=nil)
mbind(&(0x7f00003b5000/0x800000)=nil, 0x800004, 0x0, 0x0, 0x0, 0x2)

09:18:14 executing program 1:
r0 = syz_io_uring_setup(0x2de1, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000002000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000001c0)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index, 0x0, 0x0, 0x0, 0x1}, 0x0)
io_uring_enter(r0, 0x302, 0x0, 0x0, 0x0, 0x0)
io_uring_enter(r0, 0x365b, 0x5053, 0x1, &(0x7f0000000040)={[0x7f]}, 0x8)
syz_io_uring_submit(0x0, r2, &(0x7f0000000000)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd_index=0x1, 0x0, 0x0, 0x0, {0x80}}, 0x9)

09:18:14 executing program 2:
r0 = open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x1800007, 0x11, r0, 0x0)
r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r2=>0x0)
ftruncate(r1, 0x81fd)
syz_open_dev$vcsu(&(0x7f0000001700), 0x0, 0x0)
sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000003980)=[{0x0}], 0x1}, 0x0)
io_submit(r2, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0xe8030000, 0x0, 0x1, 0x0, r1, &(0x7f0000000000), 0x16000}])

09:18:14 executing program 4:
mkdir(&(0x7f0000002200)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000980)='./file0\x00', &(0x7f0000000440)='proc\x00', 0x0, 0x0)
r0 = open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
openat(0xffffffffffffffff, &(0x7f0000000040)='./file1\x00', 0x282080, 0x8)
getdents(r0, &(0x7f00000005c0)=""/223, 0xfc61)

[  273.121633][T26173] loop3: p3 size 1912633224 extends beyond EOD, truncated
[  273.138474][T26173] loop3: p4 size 3657465856 extends beyond EOD, truncated
[  273.146188][ T1041] loop1: p3 start 225 is beyond EOD, truncated
[  273.152437][ T1041] loop1: p4 size 3657465856 extends beyond EOD, truncated
09:18:14 executing program 1:
r0 = syz_io_uring_setup(0x2de1, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000002000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = syz_io_uring_setup(0x495a, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=<r4=>0x0, &(0x7f0000000100)=<r5=>0x0)
syz_io_uring_submit(r4, r5, &(0x7f0000000040)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x4, 0x0, @fd=r3}, 0x9)
syz_io_uring_submit(r4, r5, &(0x7f0000008540)=@IORING_OP_CLOSE, 0x10001)
syz_io_uring_submit(r4, r5, &(0x7f00000000c0)=@IORING_OP_WRITE_FIXED, 0x0)
r6 = io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0)
syz_io_uring_submit(r4, 0x0, &(0x7f0000000180)=@IORING_OP_WRITE={0x17, 0x2, 0x4000, @fd_index=0x5, 0x2, &(0x7f0000001ac0)="b12bdeb09afdd1361abdcfa90dc2f424ee4ca27891188566543bab7058f3ca89dd37c191de5b3904ebea00dc63b47e4a2fd0b06727593505b85b4d9ce71a2508424a3e8e36f60c7cea9e3cae67f0a84372302a1828c51fa177594f86ff5b8e684b39a916f7f1ec09897c8f72cc29ccabd05b0676ba7533d88f88148b4ba8966c1677f44ff0496fb4d6bb", 0x8a, 0x7, 0x0, {0x0, r6}}, 0x5)
syz_io_uring_submit(r1, r2, &(0x7f00000001c0)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index, 0x0, 0x0, 0x0, 0x1}, 0x0)
io_uring_enter(r0, 0x302, 0x0, 0x0, 0x0, 0x0)
clock_gettime(0x0, &(0x7f0000001a40)={<r7=>0x0, <r8=>0x0})
recvmmsg(0xffffffffffffffff, &(0x7f0000001980)=[{{&(0x7f0000000000)=@pppol2tpin6={0x18, 0x1, {0x0, <r9=>0xffffffffffffffff}}, 0x80, &(0x7f0000000080)=[{&(0x7f00000002c0)=""/166, 0xa6}, {&(0x7f0000000380)=""/232, 0xe8}, {&(0x7f0000000480)=""/4096, 0x1000}, {&(0x7f0000001480)=""/182, 0xb6}], 0x4, &(0x7f0000001540)=""/92, 0x5c}, 0x6}, {{&(0x7f00000015c0)=@in6={0xa, 0x0, 0x0, @mcast2}, 0x80, &(0x7f0000000200)=[{&(0x7f0000001640)=""/171, 0xab}, {&(0x7f00000000c0)=""/13, 0xd}, {&(0x7f0000000180)}, {&(0x7f0000001700)=""/77, 0x4d}], 0x4, &(0x7f0000001780)=""/106, 0x6a}, 0x35}, {{&(0x7f0000001800)=@in6={0xa, 0x0, 0x0, @ipv4={""/10, ""/2, @dev}}, 0x80, &(0x7f0000001940)=[{&(0x7f0000001880)=""/177, 0xb1}], 0x1}, 0x80000000}], 0x3, 0x40000100, &(0x7f0000001a80)={r7, r8+60000000})
listen(r9, 0x98)
mmap(&(0x7f0000002000/0x2000)=nil, 0x2000, 0x2000009, 0x50, r0, 0x93b7000)

[  273.241022][T26173] loop3: detected capacity change from 0 to 264192
09:18:14 executing program 4:
mkdir(&(0x7f0000002200)='./file1\x00', 0x0)
listxattr(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080)=""/44, 0x2c)
mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='proc\x00', 0x0, 0x0)
r0 = open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
getdents(r0, &(0x7f00000005c0)=""/223, 0xfc61)

[  273.296581][ T1041]  loop1: p2 < > p3 p4
[  273.299953][T26173]  loop3: p1 p3 p4
[  273.304695][T26173] loop3: p1 size 11290111 extends beyond EOD, truncated
[  273.306143][ T1041] loop1: p2 size 2 extends beyond EOD, truncated
[  273.321349][ T1041] loop1: p3 start 225 is beyond EOD, truncated
[  273.327911][ T1041] loop1: p4 size 3657465856 extends beyond EOD, truncated
09:18:14 executing program 2:
r0 = open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x1800007, 0x11, r0, 0x0)
r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r2=>0x0)
ftruncate(r1, 0x81fd)
syz_open_dev$vcsu(&(0x7f0000001700), 0x0, 0x0)
sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000003980)=[{0x0}], 0x1}, 0x0)
io_submit(r2, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0xefffffff, 0x0, 0x1, 0x0, r1, &(0x7f0000000000), 0x16000}])

[  273.348139][T26173] loop3: p3 size 1912633224 extends beyond EOD, truncated
[  273.372906][T26173] loop3: p4 size 3657465856 extends beyond EOD, truncated
[  273.403389][T26162] FAULT_INJECTION: forcing a failure.
[  273.403389][T26162] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  273.417976][T26162] CPU: 1 PID: 26162 Comm: syz-executor.0 Not tainted 5.14.0-rc4-syzkaller #0
[  273.427190][T26162] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  273.437426][T26162] Call Trace:
[  273.440939][T26162]  dump_stack_lvl+0xb7/0x103
[  273.443287][ T1041]  loop1: p2 < > p3 p4
[  273.445929][T26162]  dump_stack+0x11/0x1a
[  273.445954][T26162]  should_fail+0x23c/0x250
[  273.459275][T26162]  __alloc_pages+0x102/0x320
[  273.460453][ T1041] loop1: p2 size 2 extends beyond EOD, 
[  273.463915][T26162]  alloc_pages_vma+0x513/0x680
[  273.463940][T26162]  ? page_address_in_vma+0x264/0x300
[  273.469786][ T1041] truncated
[  273.474573][T26162]  new_page+0x124/0x170
[  273.487252][T26162]  migrate_pages+0x3b3/0x1530
[  273.492039][T26162]  ? do_mbind+0xf50/0xf50
[  273.496645][T26162]  ? remove_migration_ptes+0x90/0x90
[  273.502209][T26162]  do_mbind+0xd43/0xf50
[  273.506377][T26162]  __x64_sys_mbind+0x10a/0x130
[  273.508884][ T1041] loop1: p3 start 225 is beyond EOD, 
[  273.511159][T26162]  do_syscall_64+0x3d/0x90
[  273.511184][T26162]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  273.516827][ T1041] truncated
[  273.516833][ T1041] loop1: p4 size 3657465856 extends beyond EOD, 
[  273.521234][T26162] RIP: 0033:0x4665e9
[  273.521251][T26162] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  273.521268][T26162] RSP: 002b:00007f21c691d188 EFLAGS: 00000246
[  273.527188][ T1041] truncated
[  273.569802][T26162]  ORIG_RAX: 00000000000000ed
[  273.574638][T26162] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665e9
[  273.582609][T26162] RDX: 0000000000000000 RSI: 0000000000800004 RDI: 00000000203b5000
[  273.590587][T26162] RBP: 00007f21c691d1d0 R08: 0000000000000000 R09: 0000000000000002
[  273.598663][T26162] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  273.606764][T26162] R13: 00007ffd632b736f R14: 00007f21c691d300 R15: 0000000000022000
[  273.624254][T26204] FAULT_INJECTION: forcing a failure.
[  273.624254][T26204] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  273.637633][T26204] CPU: 1 PID: 26204 Comm: syz-executor.5 Not tainted 5.14.0-rc4-syzkaller #0
[  273.646717][T26204] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  273.656876][T26204] Call Trace:
[  273.660148][T26204]  dump_stack_lvl+0xb7/0x103
[  273.664844][T26204]  dump_stack+0x11/0x1a
[  273.669155][T26204]  should_fail+0x23c/0x250
[  273.673728][T26204]  __alloc_pages+0x102/0x320
[  273.678696][T26204]  alloc_pages_vma+0x513/0x680
[  273.683590][T26204]  ? page_address_in_vma+0x264/0x300
[  273.688889][T26204]  new_page+0x124/0x170
[  273.693103][T26204]  migrate_pages+0x3b3/0x1530
[  273.697866][T26204]  ? do_mbind+0xf50/0xf50
[  273.702190][T26204]  ? remove_migration_ptes+0x90/0x90
[  273.707450][T26204]  do_mbind+0xd43/0xf50
[  273.711844][T26204]  __x64_sys_mbind+0x10a/0x130
[  273.716697][T26204]  do_syscall_64+0x3d/0x90
[  273.721128][T26204]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  273.727135][T26204] RIP: 0033:0x4665e9
[  273.731162][T26204] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  273.751056][T26204] RSP: 002b:00007f0bf3051188 EFLAGS: 00000246 ORIG_RAX: 00000000000000ed
[  273.759496][T26204] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665e9
[  273.767580][T26204] RDX: 0000000000000000 RSI: 0000000000800004 RDI: 00000000203b5000
[  273.775548][T26204] RBP: 00007f0bf30511d0 R08: 0000000000000000 R09: 0000000000000002
[  273.783710][T26204] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  273.791763][T26204] R13: 00007fffa727060f R14: 00007f0bf3051300 R15: 0000000000022000
09:18:15 executing program 0 (fault-call:2 fault-nth:15):
mlockall(0x1)
mremap(&(0x7f0000453000/0x4000)=nil, 0x4000, 0x1000, 0x3, &(0x7f000014a000/0x1000)=nil)
mbind(&(0x7f00003b5000/0x800000)=nil, 0x800004, 0x0, 0x0, 0x0, 0x2)

09:18:15 executing program 1:
r0 = syz_io_uring_setup(0x2de1, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000002000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000001c0)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index, 0x0, 0x0, 0x0, 0x1}, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
recvmsg$unix(r3, &(0x7f0000000200)={&(0x7f0000000000)=@abs, 0x6e, &(0x7f0000000780)=[{&(0x7f00000002c0)=""/189, 0xbd}, {&(0x7f0000000080)=""/70, 0x46}, {&(0x7f0000000380)=""/126, 0x7e}, {&(0x7f0000000540)=""/240, 0xf0}, {&(0x7f0000000800)=""/201, 0xc9}, {&(0x7f0000000740)=""/19, 0x13}], 0x6, &(0x7f0000000400)=[@rights={{0x18, 0x1, 0x1, [<r4=>0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}, @rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x24, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x10}}, @rights={{0x24, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @cred={{0x1c}}], 0xe8}, 0x1)
io_uring_enter(r0, 0x302, 0x0, 0x0, 0x0, 0x0)
io_uring_register$IORING_REGISTER_FILES(r4, 0x2, &(0x7f0000000500)=[0xffffffffffffffff], 0x1)

09:18:15 executing program 3:
syz_read_part_table(0x63160000, 0x1, &(0x7f0000000480)=[{&(0x7f0000000000)="020181ffffff0a000000ff45ac000000000063000800000000000000000000ffffffa9000000e10000008877007200300700a6ffffff00000000008000da55aa", 0x40, 0x1c0}])
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)

09:18:15 executing program 4:
mkdir(&(0x7f0000000040)='./file0\x00', 0x0)
open(&(0x7f0000000080)='./file0\x00', 0x1, 0x91)
mount(0x0, &(0x7f0000000980)='./file0\x00', &(0x7f0000000440)='proc\x00', 0x0, 0x0)
r0 = open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
creat(&(0x7f00000000c0)='./file0\x00', 0x0)
getdents(r0, &(0x7f00000005c0)=""/223, 0xfc61)

09:18:15 executing program 2:
r0 = open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x1800007, 0x11, r0, 0x0)
r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r2=>0x0)
ftruncate(r1, 0x81fd)
syz_open_dev$vcsu(&(0x7f0000001700), 0x0, 0x0)
sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000003980)=[{0x0}], 0x1}, 0x0)
io_submit(r2, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0xf4ffffff, 0x0, 0x1, 0x0, r1, &(0x7f0000000000), 0x16000}])

[  273.983150][T26256] loop3: detected capacity change from 0 to 264192
[  274.019519][T26256]  loop3: p1 p3 p4
[  274.023747][T26256] loop3: p1 size 11290111 extends beyond EOD, truncated
[  274.049556][T26256] loop3: p3 size 1912633224 extends beyond EOD, truncated
[  274.065038][ T1041]  loop1: p2 < > p3 p4
[  274.069346][ T1041] loop1: p2 size 2 extends beyond EOD, truncated
[  274.075658][T26256] loop3: p4 size 3657465856 extends beyond EOD, truncated
[  274.088749][ T1041] loop1: p3 start 225 is beyond EOD, truncated
[  274.095354][ T1041] loop1: p4 size 3657465856 extends beyond EOD, truncated
09:18:15 executing program 5 (fault-call:2 fault-nth:15):
mlockall(0x1)
mremap(&(0x7f0000453000/0x4000)=nil, 0x4000, 0x1000, 0x3, &(0x7f000014a000/0x1000)=nil)
mbind(&(0x7f00003b5000/0x800000)=nil, 0x800004, 0x0, 0x0, 0x0, 0x2)

09:18:15 executing program 1:
r0 = syz_io_uring_setup(0x2de1, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000002000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000001c0)=@IORING_OP_SEND={0x1a, 0x4, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000040)="7b4ce7457a269368759019fa2e322799430a04dbf09c08fc8d6ebb9c9821121fc426cbb6d52781a5f052ed31bc9e37454b28a14fbc2616580e1eccabd68030ad1ff25063384f0fcafec6dfc4aa903e07b0fa0ad49ae9bc726149", 0x5a, 0x4000004, 0x1}, 0x0)
io_uring_enter(r0, 0x302, 0x0, 0x0, 0x0, 0x0)
io_uring_enter(r0, 0x2957, 0xf0a8, 0x2, &(0x7f0000000000)={[0xfffffffffffffc00]}, 0x8)

09:18:15 executing program 4:
mkdir(&(0x7f0000000040)='./file0\x00', 0x79)
mount(0x0, &(0x7f0000000980)='./file0\x00', &(0x7f0000000440)='proc\x00', 0x0, 0x0)
r0 = socket$inet_udp(0x2, 0x2, 0x0)
sendmsg$inet(r0, &(0x7f00000005c0)={&(0x7f00000002c0)={0x2, 0x4e23, @local}, 0x10, 0x0, 0x0, &(0x7f0000000640)=[@ip_tos_int={{0x12, 0x11, 0x67, 0xeffdffff}}], 0x18}, 0x0)
mkdir(&(0x7f0000000140)='./file0\x00', 0x180)
r1 = open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
setxattr$trusted_overlay_opaque(&(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), &(0x7f0000000100), 0x2, 0x1)
getdents(r1, &(0x7f00000005c0)=""/223, 0xfc61)

09:18:15 executing program 2:
r0 = open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x1800007, 0x11, r0, 0x0)
r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r2=>0x0)
ftruncate(r1, 0x81fd)
syz_open_dev$vcsu(&(0x7f0000001700), 0x0, 0x0)
sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000003980)=[{0x0}], 0x1}, 0x0)
io_submit(r2, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0xfbffffff, 0x0, 0x1, 0x0, r1, &(0x7f0000000000), 0x16000}])

[  274.168743][T26256] loop3: detected capacity change from 0 to 264192
09:18:15 executing program 4:
mkdir(&(0x7f0000002200)='./file0\x00', 0x0)
getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f0000000480)={{{@in=@multicast2, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r0=>0x0}}, {{@in=@local}, 0x0, @in6=@remote}}, &(0x7f00000002c0)=0xe8)
quotactl(0x8, &(0x7f0000000180)='./file0\x00', r0, &(0x7f0000000300)="f25479d06d2f5cb19a6ee9b115b0cf55854927f4294ce45cbae776908ab30a9b9d3727c7386688893a0eda7e73afc816974e341657f250250b651f1a3f17f5a5bdccf2d4017d88b6bf8021272fcf1ef1318b80dc8b8c")
mount(0x0, &(0x7f0000000980)='./file0\x00', &(0x7f0000000440)='proc\x00', 0x0, 0x0)
r1 = open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
rename(&(0x7f0000000100)='./file0\x00', &(0x7f0000000140)='./file0\x00')
getdents(r1, &(0x7f00000005c0)=""/223, 0xfc61)
getxattr(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080)=@known='system.posix_acl_access\x00', &(0x7f00000000c0)=""/38, 0x26)

[  274.230924][T26256]  loop3: p1 p3 p4
[  274.240593][T26256] loop3: p1 size 11290111 extends beyond EOD, truncated
[  274.262711][T26256] loop3: p3 size 1912633224 extends beyond EOD, truncated
09:18:15 executing program 1:
r0 = syz_io_uring_setup(0x2de1, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000002000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
pipe(&(0x7f0000000040)={<r4=>0xffffffffffffffff})
r5 = socket$inet_udp(0x2, 0x2, 0x0)
close(r5)
splice(r4, 0x0, r5, 0x0, 0x10005, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x5, 0x0, @fd=r5, 0x2b, 0x0, 0x0, 0x4}, 0xffffffff)
io_uring_enter(r3, 0x1ecd, 0xa7f8, 0x3, &(0x7f0000000000), 0x8)
syz_io_uring_submit(r1, r2, &(0x7f00000001c0)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index, 0x0, 0x0, 0x0, 0x1}, 0x0)
io_uring_enter(r0, 0x302, 0x0, 0x0, 0x0, 0x0)

[  274.281507][T26256] loop3: p4 size 3657465856 extends beyond EOD, truncated
[  274.302649][ T1041]  loop1: p2 < > p3 p4
[  274.311298][ T1041] loop1: p2 size 2 extends beyond EOD, truncated
09:18:15 executing program 2:
r0 = open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x1800007, 0x11, r0, 0x0)
r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r2=>0x0)
ftruncate(r1, 0x81fd)
syz_open_dev$vcsu(&(0x7f0000001700), 0x0, 0x0)
sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000003980)=[{0x0}], 0x1}, 0x0)
io_submit(r2, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0xfd810000, 0x0, 0x1, 0x0, r1, &(0x7f0000000000), 0x16000}])

[  274.328633][ T1041] loop1: p3 start 225 is beyond EOD, truncated
[  274.335202][ T1041] loop1: p4 size 3657465856 extends beyond EOD, truncated
[  274.376583][T26258] FAULT_INJECTION: forcing a failure.
[  274.376583][T26258] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  274.390103][T26258] CPU: 0 PID: 26258 Comm: syz-executor.0 Not tainted 5.14.0-rc4-syzkaller #0
[  274.399273][T26258] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  274.409858][T26258] Call Trace:
[  274.413162][T26258]  dump_stack_lvl+0xb7/0x103
[  274.417844][T26258]  dump_stack+0x11/0x1a
[  274.421999][T26258]  should_fail+0x23c/0x250
[  274.426646][T26258]  __alloc_pages+0x102/0x320
[  274.431239][T26258]  alloc_pages_vma+0x513/0x680
[  274.436113][T26258]  ? page_address_in_vma+0x264/0x300
[  274.441661][T26258]  new_page+0x124/0x170
[  274.445841][T26258]  migrate_pages+0x3b3/0x1530
[  274.450525][T26258]  ? do_mbind+0xf50/0xf50
[  274.454867][T26258]  ? remove_migration_ptes+0x90/0x90
[  274.460148][T26258]  do_mbind+0xd43/0xf50
[  274.464445][T26258]  __x64_sys_mbind+0x10a/0x130
[  274.469260][T26258]  do_syscall_64+0x3d/0x90
[  274.473668][T26258]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  274.479658][T26258] RIP: 0033:0x4665e9
[  274.483632][T26258] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  274.503322][T26258] RSP: 002b:00007f21c691d188 EFLAGS: 00000246 ORIG_RAX: 00000000000000ed
[  274.511819][T26258] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665e9
[  274.520079][T26258] RDX: 0000000000000000 RSI: 0000000000800004 RDI: 00000000203b5000
[  274.528275][T26258] RBP: 00007f21c691d1d0 R08: 0000000000000000 R09: 0000000000000002
[  274.536321][T26258] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  274.544310][T26258] R13: 00007ffd632b736f R14: 00007f21c691d300 R15: 0000000000022000
[  274.560605][T26292] FAULT_INJECTION: forcing a failure.
[  274.560605][T26292] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  274.574133][T26292] CPU: 1 PID: 26292 Comm: syz-executor.5 Not tainted 5.14.0-rc4-syzkaller #0
[  274.583072][T26292] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  274.593218][T26292] Call Trace:
[  274.596492][T26292]  dump_stack_lvl+0xb7/0x103
[  274.601189][T26292]  dump_stack+0x11/0x1a
[  274.605623][T26292]  should_fail+0x23c/0x250
[  274.610047][T26292]  __alloc_pages+0x102/0x320
[  274.610248][T25455] blk_update_request: I/O error, dev loop3, sector 264033 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 0
[  274.614632][T26292]  alloc_pages_vma+0x513/0x680
[  274.631280][T26292]  ? page_address_in_vma+0x264/0x300
[  274.636769][T26292]  new_page+0x124/0x170
[  274.640154][  T896] blk_update_request: I/O error, dev loop3, sector 264033 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  274.641010][T26292]  migrate_pages+0x3b3/0x1530
[  274.652456][  T896] Buffer I/O error on dev loop3p3, logical block 263808, async page read
[  274.657171][T26292]  ? do_mbind+0xf50/0xf50
[  274.666283][  T896] blk_update_request: I/O error, dev loop3, sector 264034 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  274.670057][T26292]  ? remove_migration_ptes+0x90/0x90
[  274.670081][T26292]  do_mbind+0xd43/0xf50
[  274.681606][  T896] Buffer I/O error on dev loop3p3, logical block 263809, async page read
[  274.686864][T26292]  __x64_sys_mbind+0x10a/0x130
[  274.691564][  T896] blk_update_request: I/O error, dev loop3, sector 264035 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  274.699386][T26292]  do_syscall_64+0x3d/0x90
[  274.704250][  T896] Buffer I/O error on dev loop3p3, logical block 263810, async page read
[  274.715762][T26292]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  274.715788][T26292] RIP: 0033:0x4665e9
[  274.720837][  T896] blk_update_request: I/O error, dev loop3, sector 264036 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  274.728722][T26292] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  274.734747][  T896] Buffer I/O error on dev loop3p3, logical block 263811, async page read
[  274.738695][T26292] RSP: 002b:00007f0bf3051188 EFLAGS: 00000246
[  274.750694][  T896] blk_update_request: I/O error, dev loop3, sector 264037 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  274.769633][T26292]  ORIG_RAX: 00000000000000ed
[  274.769642][T26292] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665e9
[  274.769679][T26292] RDX: 0000000000000000 RSI: 0000000000800004 RDI: 00000000203b5000
[  274.778262][  T896] Buffer I/O error on dev loop3p3, logical block 263812, async page read
[  274.784420][T26292] RBP: 00007f0bf30511d0 R08: 0000000000000000 R09: 0000000000000002
[  274.784434][T26292] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  274.784447][T26292] R13: 00007fffa727060f R14: 00007f0bf3051300 R15: 0000000000022000
[  274.796387][  T896] blk_update_request: I/O error, dev loop3, sector 264038 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  274.810272][T22006] blk_update_request: I/O error, dev loop3, sector 264064 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 0
[  274.816739][  T896] Buffer I/O error on dev loop3p3, logical block 263813, async page read
[  274.826825][T22078] blk_update_request: I/O error, dev loop3, sector 263946 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 0
[  274.833685][ T1778] __loop_clr_fd: partition scan of loop3 failed (rc=-16)
[  274.882075][ T1041]  loop1: p2 < > p3 p4
[  274.893364][  T896] blk_update_request: I/O error, dev loop3, sector 264039 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  274.915931][  T896] Buffer I/O error on dev loop3p3, logical block 263814, async page read
[  274.921013][ T1041] loop1: p2 size 2 extends beyond EOD, truncated
[  274.925473][  T896] Buffer I/O error on dev loop3p3, logical block 263815, async page read
[  274.940497][  T896] Buffer I/O error on dev loop3p4, logical block 33008, async page read
[  274.948983][  T896] Buffer I/O error on dev loop3p1, logical block 131968, async page read
[  274.952837][ T1041] loop1: p3 start 225 is beyond EOD, truncated
[  274.963934][ T1041] loop1: p4 size 3657465856 extends beyond EOD, truncated
09:18:16 executing program 0 (fault-call:2 fault-nth:16):
mlockall(0x1)
mremap(&(0x7f0000453000/0x4000)=nil, 0x4000, 0x1000, 0x3, &(0x7f000014a000/0x1000)=nil)
mbind(&(0x7f00003b5000/0x800000)=nil, 0x800004, 0x0, 0x0, 0x0, 0x2)

09:18:16 executing program 4:
mkdir(&(0x7f0000002200)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000980)='./file0\x00', &(0x7f0000000440)='proc\x00', 0x0, 0x0)
mount(&(0x7f0000000040)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='esdfs\x00', 0x9c0041, &(0x7f0000000100)='proc\x00')
r0 = open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
getdents(r0, &(0x7f00000005c0)=""/223, 0xfc61)

09:18:16 executing program 3:
syz_read_part_table(0x64160000, 0x1, &(0x7f0000000480)=[{&(0x7f0000000000)="020181ffffff0a000000ff45ac000000000063000800000000000000000000ffffffa9000000e10000008877007200300700a6ffffff00000000008000da55aa", 0x40, 0x1c0}])
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)

09:18:16 executing program 1:
r0 = syz_io_uring_setup(0x2de1, &(0x7f0000000240)={0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000001c0)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index, 0x0, 0x0, 0x0, 0x1}, 0x0)
io_uring_enter(r0, 0x302, 0x0, 0x0, 0x0, 0x0)

09:18:16 executing program 2:
r0 = open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x1800007, 0x11, r0, 0x0)
r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r2=>0x0)
ftruncate(r1, 0x81fd)
syz_open_dev$vcsu(&(0x7f0000001700), 0x0, 0x0)
sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000003980)=[{0x0}], 0x1}, 0x0)
io_submit(r2, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0xfeffffff, 0x0, 0x1, 0x0, r1, &(0x7f0000000000), 0x16000}])

[  275.113449][T26339] loop3: detected capacity change from 0 to 264192
[  275.179948][ T1041]  loop1: p2 < > p3 p4
[  275.187412][ T1041] loop1: p2 size 2 extends beyond EOD, truncated
[  275.191757][T26339]  loop3: p1 p3 p4
[  275.199231][T26339] loop3: p1 size 11290111 extends beyond EOD, truncated
[  275.206498][ T1041] loop1: p3 start 225 is beyond EOD, truncated
[  275.212828][ T1041] loop1: p4 size 3657465856 extends beyond EOD, truncated
[  275.240098][T26339] loop3: p3 size 1912633224 extends beyond EOD, truncated
[  275.255799][T26339] loop3: p4 size 3657465856 extends beyond EOD, truncated
09:18:16 executing program 5 (fault-call:2 fault-nth:16):
mlockall(0x1)
mremap(&(0x7f0000453000/0x4000)=nil, 0x4000, 0x1000, 0x3, &(0x7f000014a000/0x1000)=nil)
mbind(&(0x7f00003b5000/0x800000)=nil, 0x800004, 0x0, 0x0, 0x0, 0x2)

09:18:16 executing program 4:
mkdir(&(0x7f00000001c0)='./file0\x00', 0x0)
mount(&(0x7f00000002c0)=@nullb, &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='exofs\x00', 0x1102000, &(0x7f0000000280)='@&[&)!\x00')
symlink(&(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='./file0\x00')
mount(0x0, &(0x7f0000000980)='./file0\x00', &(0x7f0000000140)='proc\x00', 0x200000, 0x0)
inotify_add_watch(0xffffffffffffffff, &(0x7f0000000100)='./file0\x00', 0x4000d12)
mkdir(&(0x7f0000000180)='./file0\x00', 0x4d)
r0 = open$dir(&(0x7f0000000000)='./file0\x00', 0x140, 0x0)
openat(0xffffffffffffffff, &(0x7f0000000040)='./file0\x00', 0x0, 0x60)
getdents(r0, &(0x7f00000005c0)=""/223, 0xfc61)

09:18:16 executing program 1:
r0 = syz_io_uring_setup(0x2de1, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000002000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000001c0)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index, 0x0, 0x0, 0x0, 0x1}, 0x0)
io_uring_enter(r0, 0x302, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x5671, &(0x7f0000000000)={0x0, 0xf691, 0x10, 0x0, 0x233}, &(0x7f0000003000/0x4000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000080)=<r3=>0x0, &(0x7f00000000c0))
syz_memcpy_off$IO_URING_METADATA_FLAGS(r3, 0x118, &(0x7f0000000200), 0x0, 0x4)

09:18:16 executing program 2:
r0 = open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x1800007, 0x11, r0, 0x0)
r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r2=>0x0)
ftruncate(r1, 0x81fd)
syz_open_dev$vcsu(&(0x7f0000001700), 0x0, 0x0)
sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000003980)=[{0x0}], 0x1}, 0x0)
io_submit(r2, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0xff010000, 0x0, 0x1, 0x0, r1, &(0x7f0000000000), 0x16000}])

09:18:16 executing program 3:
syz_read_part_table(0x65160000, 0x1, &(0x7f0000000480)=[{&(0x7f0000000000)="020181ffffff0a000000ff45ac000000000063000800000000000000000000ffffffa9000000e10000008877007200300700a6ffffff00000000008000da55aa", 0x40, 0x1c0}])
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)

[  275.379858][T26335] FAULT_INJECTION: forcing a failure.
[  275.379858][T26335] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  275.393607][T26335] CPU: 0 PID: 26335 Comm: syz-executor.0 Not tainted 5.14.0-rc4-syzkaller #0
[  275.402668][T26335] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  275.413243][T26335] Call Trace:
[  275.416516][T26335]  dump_stack_lvl+0xb7/0x103
[  275.426569][T26335]  dump_stack+0x11/0x1a
[  275.430748][T26335]  should_fail+0x23c/0x250
[  275.435207][T26335]  __alloc_pages+0x102/0x320
[  275.440171][T26335]  alloc_pages_vma+0x513/0x680
[  275.444930][T26335]  ? page_address_in_vma+0x264/0x300
[  275.450373][T26335]  new_page+0x124/0x170
[  275.454529][T26335]  migrate_pages+0x3b3/0x1530
[  275.459265][T26335]  ? do_mbind+0xf50/0xf50
[  275.463854][T26335]  ? remove_migration_ptes+0x90/0x90
[  275.469185][T26335]  do_mbind+0xd43/0xf50
[  275.473345][T26335]  __x64_sys_mbind+0x10a/0x130
[  275.478102][T26335]  do_syscall_64+0x3d/0x90
[  275.482532][T26335]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  275.488448][T26335] RIP: 0033:0x4665e9
[  275.492332][T26335] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  275.512137][T26335] RSP: 002b:00007f21c691d188 EFLAGS: 00000246 ORIG_RAX: 00000000000000ed
[  275.521051][T26335] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665e9
[  275.531366][T26335] RDX: 0000000000000000 RSI: 0000000000800004 RDI: 00000000203b5000
[  275.539511][T26335] RBP: 00007f21c691d1d0 R08: 0000000000000000 R09: 0000000000000002
[  275.547682][T26335] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  275.555662][T26335] R13: 00007ffd632b736f R14: 00007f21c691d300 R15: 0000000000022000
09:18:17 executing program 1:
r0 = syz_io_uring_setup(0x2de1, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000002000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
io_uring_enter(r3, 0x1fa6, 0x91a6, 0x1, &(0x7f0000000000), 0x8)
syz_io_uring_submit(r1, r2, &(0x7f00000001c0)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index, 0x0, 0x0, 0x0, 0x1}, 0x0)
rt_sigprocmask(0x0, &(0x7f0000000040)={[0x8]}, &(0x7f0000000080), 0x8)
io_uring_enter(r0, 0x302, 0x0, 0x0, 0x0, 0x0)

09:18:17 executing program 4:
mkdir(&(0x7f0000002200)='./file0\x00', 0x0)
r0 = socket$inet(0x2, 0x6000000000000003, 0x5)
setsockopt$inet_int(r0, 0x0, 0x2, &(0x7f0000000040)=0x6, 0x4)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f00000001c0), 0x10)
mount(0x0, &(0x7f0000000980)='./file0\x00', &(0x7f0000000440)='proc\x00', 0x0, 0x0)
r1 = open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
getdents(r1, &(0x7f0000000040)=""/213, 0xd5)

[  275.643106][T26389] loop3: detected capacity change from 0 to 264192
[  275.677162][T26378] FAULT_INJECTION: forcing a failure.
[  275.677162][T26378] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  275.690779][T26378] CPU: 0 PID: 26378 Comm: syz-executor.5 Not tainted 5.14.0-rc4-syzkaller #0
[  275.699718][T26378] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  275.709796][T26378] Call Trace:
[  275.713165][T26378]  dump_stack_lvl+0xb7/0x103
[  275.718132][T26378]  dump_stack+0x11/0x1a
[  275.722494][T26378]  should_fail+0x23c/0x250
[  275.726913][T26378]  __alloc_pages+0x102/0x320
[  275.731512][T26378]  alloc_pages_vma+0x513/0x680
[  275.736285][T26378]  ? page_address_in_vma+0x264/0x300
[  275.738970][ T1041]  loop1: p2 < > p3 p4
[  275.741677][T26378]  new_page+0x124/0x170
[  275.748064][ T1041] loop1: p2 size 2 extends beyond EOD, 
[  275.750288][T26378]  migrate_pages+0x3b3/0x1530
[  275.750313][T26378]  ? do_mbind+0xf50/0xf50
[  275.755945][ T1041] truncated
[  275.761789][ T1041] loop1: p3 start 225 is beyond EOD, 
[  275.765428][T26378]  ? remove_migration_ptes+0x90/0x90
[  275.768541][ T1041] truncated
[  275.768547][ T1041] loop1: p4 size 3657465856 extends beyond EOD, 
[  275.773991][T26378]  do_mbind+0xd43/0xf50
[  275.779794][ T1041] truncated
[  275.782885][T26378]  __x64_sys_mbind+0x10a/0x130
[  275.801840][T26378]  do_syscall_64+0x3d/0x90
[  275.806253][T26378]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  275.812264][T26378] RIP: 0033:0x4665e9
[  275.816240][T26378] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  275.835861][T26378] RSP: 002b:00007f0bf3051188 EFLAGS: 00000246 ORIG_RAX: 00000000000000ed
[  275.844278][T26378] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665e9
[  275.852344][T26378] RDX: 0000000000000000 RSI: 0000000000800004 RDI: 00000000203b5000
[  275.860581][T26378] RBP: 00007f0bf30511d0 R08: 0000000000000000 R09: 0000000000000002
[  275.868658][T26378] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  275.877082][T26378] R13: 00007fffa727060f R14: 00007f0bf3051300 R15: 0000000000022000
[  275.909856][T26389]  loop3: p1 p3 p4
[  275.913878][T26389] loop3: p1 size 11290111 extends beyond EOD, truncated
[  275.935051][T26389] loop3: p3 size 1912633224 extends beyond EOD, truncated
[  275.956771][T26389] loop3: p4 size 3657465856 extends beyond EOD, truncated
09:18:17 executing program 0 (fault-call:2 fault-nth:17):
mlockall(0x1)
mremap(&(0x7f0000453000/0x4000)=nil, 0x4000, 0x1000, 0x3, &(0x7f000014a000/0x1000)=nil)
mbind(&(0x7f00003b5000/0x800000)=nil, 0x800004, 0x0, 0x0, 0x0, 0x2)

09:18:17 executing program 1:
r0 = syz_io_uring_setup(0x2de1, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000002000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000001c0)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index, 0x0, 0x0, 0x0, 0x1}, 0x0)
io_uring_enter(r0, 0x302, 0x0, 0x0, 0x0, 0x0)

09:18:17 executing program 2:
r0 = open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x1800007, 0x11, r0, 0x0)
r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r2=>0x0)
ftruncate(r1, 0x81fd)
syz_open_dev$vcsu(&(0x7f0000001700), 0x0, 0x0)
sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000003980)=[{0x0}], 0x1}, 0x0)
io_submit(r2, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0xff0f0000, 0x0, 0x1, 0x0, r1, &(0x7f0000000000), 0x16000}])

09:18:17 executing program 4:
mkdir(&(0x7f0000002200)='./file1\x00', 0x50)
mount(0x0, &(0x7f0000000980)='./file0\x00', &(0x7f00000003c0)='debugfs\x00', 0x0, 0x0)
r0 = open$dir(&(0x7f0000000000)='./file1\x00', 0x200, 0x0)
setxattr$security_evm(&(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), &(0x7f0000000100)=@md5={0x1, "f76ab13fba3d272e95e1b8dcfc0f4352"}, 0x11, 0x3)
getdents(r0, &(0x7f00000005c0)=""/223, 0xfc61)
umount2(&(0x7f0000000040)='./file1\x00', 0x3)
r1 = socket$inet_udplite(0x2, 0x2, 0x88)
getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000240)={0x0, <r2=>0x0}, &(0x7f0000000280)=0x5)
setuid(r2)
syz_mount_image$vfat(&(0x7f0000000140), &(0x7f0000000180)='./file1/file0\x00', 0x10000, 0x1, &(0x7f0000000280)=[{&(0x7f00000001c0)="5ee7c290baec4e80d332b51a084224ea4b388b18da4104bacde4ec8ddcb683bf7ecf5b4172fb4dc089e4337f4fe099fe9718bf2982f798705125949689e96bdaca14f53062dbf19a35daa56ead4e0568d19f750bf7af9a05bc00869a42c6a9e7f10b265b5a6f6f0c4005f2c3b178315c30f711760b784049c63bf7b70dca06a36b136500518798933e648f6f834eaa91d4b26945cd3d", 0x96, 0x5}], 0xfc9f3b6c6a9c1ba0, &(0x7f00000002c0)=ANY=[@ANYBLOB='utf8=1,uni_xlaue=0,shortname=win95,shortname=winnt,nonumtail=0,shortname=winnt,uni_xlate=0,utf8=0,shortname=lower,nonumtail=0,smackfsfloor=proc\x00,permit_directio,appraise,subj_type=:!\\+/,appraise,uid<', @ANYRESDEC=r2, @ANYBLOB=',obj_role=:,\x00'])

09:18:17 executing program 3:
syz_read_part_table(0x68000000, 0x1, &(0x7f0000000480)=[{&(0x7f0000000000)="020181ffffff0a000000ff45ac000000000063000800000000000000000000ffffffa9000000e10000008877007200300700a6ffffff00000000008000da55aa", 0x40, 0x1c0}])
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)

[  276.145640][T26437] loop3: detected capacity change from 0 to 264192
[  276.171966][ T1041]  loop1: p2 < > p3 p4
[  276.176553][ T1041] loop1: p2 size 2 extends beyond EOD, truncated
[  276.193041][T26437]  loop3: p1 p3 p4
[  276.197436][T26437] loop3: p1 size 11290111 extends beyond EOD, truncated
[  276.209404][ T1041] loop1: p3 start 225 is beyond EOD, truncated
[  276.215687][ T1041] loop1: p4 size 3657465856 extends beyond EOD, truncated
[  276.219553][T26437] loop3: p3 size 1912633224 extends beyond EOD, truncated
[  276.244718][T26437] loop3: p4 size 3657465856 extends beyond EOD, truncated
09:18:17 executing program 5 (fault-call:2 fault-nth:17):
mlockall(0x1)
mremap(&(0x7f0000453000/0x4000)=nil, 0x4000, 0x1000, 0x3, &(0x7f000014a000/0x1000)=nil)
mbind(&(0x7f00003b5000/0x800000)=nil, 0x800004, 0x0, 0x0, 0x0, 0x2)

09:18:17 executing program 1:
r0 = syz_io_uring_setup(0x2de1, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000002000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000001c0)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index, 0x0, 0x0, 0x0, 0x1}, 0x0)
io_uring_enter(r0, 0x302, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READ_FIXED={0x4, 0xf3b6ef195c70072a, 0x2004, @fd_index=0x5, 0x7ff, 0x2, 0x414, 0x3, 0x1, {0x1}}, 0x10000)

09:18:17 executing program 4:
pipe(&(0x7f0000000040)={<r0=>0xffffffffffffffff})
r1 = socket$inet_udp(0x2, 0x2, 0x0)
close(r1)
pipe(&(0x7f0000000040)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
write$binfmt_misc(r2, &(0x7f0000000140)=ANY=[], 0x4240a2a0)
recvmmsg$unix(r2, &(0x7f0000000900)=[{{&(0x7f0000000500)=@abs, 0x6e, &(0x7f0000000180)=[{&(0x7f00000009c0)=""/4096, 0x1000}, {&(0x7f0000002240)=""/4096, 0x1000}], 0x2, &(0x7f00000006c0)=[@cred={{0x1c}}, @cred={{0x1c}}, @rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}}], 0x58}}, {{&(0x7f0000000740)=@abs, 0x6e, &(0x7f0000000400)=[{&(0x7f00000007c0)=""/99, 0x63}], 0x1, &(0x7f0000000840)=[@cred={{0x1c}}, @cred={{0x1c}}, @cred={{0x1c}}, @rights={{0x2c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}], 0x90}}], 0x2, 0x40000060, &(0x7f0000000580))
splice(r0, 0x0, r1, 0x0, 0x10005, 0x0)
sendmsg$ETHTOOL_MSG_TSINFO_GET(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f00000001c0)={&(0x7f0000000480)=ANY=[@ANYBLOB, @ANYRESOCT=0x0, @ANYBLOB="bf0d95fd5fd9d1598372a2058005bdfe584d103a83963fa6b0fc7e089d516a3f6d28150ee3063b2497da9d932f27d7202bdb80df763d25038218478daf61730fc6809f6fc5316d1dccf52d96335ea6fc5117038c80bf2e"], 0x2c}, 0x1, 0x0, 0x0, 0x20000001}, 0x24000010)
mkdir(&(0x7f0000002200)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000980)='./file0\x00', &(0x7f0000000440)='proc\x00', 0x0, 0x0)
mount$bind(&(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='./file0\x00', &(0x7f00000002c0), 0x41000, 0x0)
mount(&(0x7f0000000300)=ANY=[@ANYBLOB="2f4465762f7367300083c267afef4364a23e54f0ec29adea78a84bda751dab4d2fe4f6479a1e2180edb5019ab66d2d8d7aecc1843ff1a77288181a2dd38a9cbd9de86eda878c5f3b27cdfbcfb23704971b666e593e5e58eb62f5688b11a51519a7d96817dd8e68cf69a77bb2d24d51c693e95d265d7becafd08b47723c9858ba340460071b538d11d2903e3f02ee5acca225b8356f194af2e1b261299cc64d076796f453403006776a7ee9ba6df536bf2bcd70e663bd3514d9ece2429235b31d730bf48cd990f6658afe076349079194bb9b0e4e244b"], &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='fuseblk\x00', 0x20000, &(0x7f0000000100)='proc\x00')
r3 = open$dir(&(0x7f0000000240)='./file0\x00', 0x0, 0x84)
getdents(r3, &(0x7f00000005c0)=""/223, 0xfc61)

09:18:17 executing program 2:
r0 = open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x1800007, 0x11, r0, 0x0)
r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r2=>0x0)
ftruncate(r1, 0x81fd)
syz_open_dev$vcsu(&(0x7f0000001700), 0x0, 0x0)
sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000003980)=[{0x0}], 0x1}, 0x0)
io_submit(r2, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0xff5f0100, 0x0, 0x1, 0x0, r1, &(0x7f0000000000), 0x16000}])

[  276.310101][T26437] loop3: detected capacity change from 0 to 264192
[  276.360427][T26437]  loop3: p1 p3 p4
[  276.364318][T26437] loop3: p1 size 11290111 extends beyond EOD, truncated
[  276.391901][T26437] loop3: p3 size 1912633224 extends beyond EOD, truncated
[  276.402455][T26437] loop3: p4 size 3657465856 extends beyond EOD, truncated
09:18:18 executing program 3:
syz_read_part_table(0x6c000000, 0x1, &(0x7f0000000480)=[{&(0x7f0000000000)="020181ffffff0a000000ff45ac000000000063000800000000000000000000ffffffa9000000e10000008877007200300700a6ffffff00000000008000da55aa", 0x40, 0x1c0}])
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)

09:18:18 executing program 2:
r0 = open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x1800007, 0x11, r0, 0x0)
r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r2=>0x0)
ftruncate(r1, 0x81fd)
syz_open_dev$vcsu(&(0x7f0000001700), 0x0, 0x0)
sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000003980)=[{0x0}], 0x1}, 0x0)
io_submit(r2, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0xff600000, 0x0, 0x1, 0x0, r1, &(0x7f0000000000), 0x16000}])

[  276.451492][ T1041]  loop1: p2 < > p3 p4
[  276.455928][ T1041] loop1: p2 size 2 extends beyond EOD, truncated
[  276.473021][ T1041] loop1: p3 start 225 is beyond EOD, truncated
[  276.479261][ T1041] loop1: p4 size 3657465856 extends beyond EOD, truncated
[  276.522992][T26441] FAULT_INJECTION: forcing a failure.
[  276.522992][T26441] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  276.536275][T26441] CPU: 1 PID: 26441 Comm: syz-executor.0 Not tainted 5.14.0-rc4-syzkaller #0
[  276.545225][T26441] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  276.555284][T26441] Call Trace:
[  276.558559][T26441]  dump_stack_lvl+0xb7/0x103
[  276.563157][T26441]  dump_stack+0x11/0x1a
[  276.567316][T26441]  should_fail+0x23c/0x250
[  276.571744][T26441]  __alloc_pages+0x102/0x320
[  276.576341][T26441]  alloc_pages_vma+0x513/0x680
[  276.581190][T26441]  ? page_address_in_vma+0x264/0x300
[  276.586627][T26441]  new_page+0x124/0x170
[  276.590841][T26441]  migrate_pages+0x3b3/0x1530
[  276.596356][T26441]  ? do_mbind+0xf50/0xf50
[  276.600796][T26441]  ? remove_migration_ptes+0x90/0x90
[  276.606169][T26441]  do_mbind+0xd43/0xf50
[  276.610506][T26441]  __x64_sys_mbind+0x10a/0x130
[  276.615369][T26441]  do_syscall_64+0x3d/0x90
[  276.619796][T26441]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  276.625725][T26441] RIP: 0033:0x4665e9
[  276.629623][T26441] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  276.649869][T26441] RSP: 002b:00007f21c691d188 EFLAGS: 00000246 ORIG_RAX: 00000000000000ed
[  276.658385][T26441] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665e9
[  276.666510][T26441] RDX: 0000000000000000 RSI: 0000000000800004 RDI: 00000000203b5000
[  276.674504][T26441] RBP: 00007f21c691d1d0 R08: 0000000000000000 R09: 0000000000000002
[  276.682503][T26441] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  276.690565][T26441] R13: 00007ffd632b736f R14: 00007f21c691d300 R15: 0000000000022000
[  276.709422][T26491] loop3: detected capacity change from 0 to 264192
09:18:18 executing program 2:
r0 = open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x1800007, 0x11, r0, 0x0)
r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r2=>0x0)
ftruncate(r1, 0x81fd)
syz_open_dev$vcsu(&(0x7f0000001700), 0x0, 0x0)
sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000003980)=[{0x0}], 0x1}, 0x0)
io_submit(r2, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0xffefffff, 0x0, 0x1, 0x0, r1, &(0x7f0000000000), 0x16000}])

[  276.816365][T26491] loop3: detected capacity change from 0 to 264192
[  276.918756][T26501] FAULT_INJECTION: forcing a failure.
[  276.918756][T26501] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  276.932033][T26501] CPU: 0 PID: 26501 Comm: syz-executor.5 Not tainted 5.14.0-rc4-syzkaller #0
[  276.941003][T26501] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  276.951153][T26501] Call Trace:
[  276.954634][T26501]  dump_stack_lvl+0xb7/0x103
[  276.959242][T26501]  dump_stack+0x11/0x1a
[  276.963495][T26501]  should_fail+0x23c/0x250
[  276.968066][T26501]  __alloc_pages+0x102/0x320
[  276.972698][T26501]  alloc_pages_vma+0x513/0x680
[  276.977646][T26501]  ? page_address_in_vma+0x264/0x300
[  276.983119][T26501]  new_page+0x124/0x170
[  276.987441][T26501]  migrate_pages+0x3b3/0x1530
[  276.992261][T26501]  ? do_mbind+0xf50/0xf50
[  276.996602][T26501]  ? remove_migration_ptes+0x90/0x90
[  277.001968][T26501]  do_mbind+0xd43/0xf50
[  277.006169][T26501]  __x64_sys_mbind+0x10a/0x130
[  277.010954][T26501]  do_syscall_64+0x3d/0x90
[  277.015414][T26501]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  277.021401][T26501] RIP: 0033:0x4665e9
[  277.025303][T26501] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  277.045094][T26501] RSP: 002b:00007f0bf3030188 EFLAGS: 00000246 ORIG_RAX: 00000000000000ed
[  277.053715][T26501] RAX: ffffffffffffffda RBX: 000000000056c038 RCX: 00000000004665e9
[  277.061781][T26501] RDX: 0000000000000000 RSI: 0000000000800004 RDI: 00000000203b5000
[  277.069778][T26501] RBP: 00007f0bf30301d0 R08: 0000000000000000 R09: 0000000000000002
[  277.077972][T26501] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  277.085992][T26501] R13: 00007fffa727060f R14: 00007f0bf3030300 R15: 0000000000022000
09:18:18 executing program 0 (fault-call:2 fault-nth:18):
mlockall(0x1)
mremap(&(0x7f0000453000/0x4000)=nil, 0x4000, 0x1000, 0x3, &(0x7f000014a000/0x1000)=nil)
mbind(&(0x7f00003b5000/0x800000)=nil, 0x800004, 0x0, 0x0, 0x0, 0x2)

09:18:18 executing program 3:
syz_read_part_table(0x74000000, 0x1, &(0x7f0000000480)=[{&(0x7f0000000000)="020181ffffff0a000000ff45ac000000000063000800000000000000000000ffffffa9000000e10000008877007200300700a6ffffff00000000008000da55aa", 0x40, 0x1c0}])
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)

09:18:18 executing program 2:
r0 = open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x1800007, 0x11, r0, 0x0)
r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r2=>0x0)
ftruncate(r1, 0x81fd)
syz_open_dev$vcsu(&(0x7f0000001700), 0x0, 0x0)
sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000003980)=[{0x0}], 0x1}, 0x0)
io_submit(r2, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0xffff8001, 0x0, 0x1, 0x0, r1, &(0x7f0000000000), 0x16000}])

09:18:18 executing program 4:
r0 = open(&(0x7f0000000280)='./file0\x00', 0x60543, 0x4)
fadvise64(r0, 0x5, 0x3, 0x2)
mkdir(&(0x7f0000002200)='./file0\x00', 0x10)
mount(0x0, &(0x7f0000000980)='./file0\x00', &(0x7f0000000440)='proc\x00', 0x0, 0x0)
r1 = open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
getdents(r1, &(0x7f00000005c0)=""/223, 0xfc61)
setxattr$security_ima(&(0x7f0000000100)='./file0\x00', &(0x7f0000000140), &(0x7f0000000180)=@md5={0x1, "77f0ee362416fe2b76f1058c6cac2fdf"}, 0x11, 0x1)
preadv2(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/42, 0x2a}, {&(0x7f0000000200)=""/12, 0xc}, {&(0x7f0000000240)=""/3, 0x3}, {&(0x7f00000002c0)=""/43, 0x2b}, {&(0x7f0000000300)=""/185, 0xb9}], 0x5, 0x400, 0x3, 0x3)
setxattr$incfs_id(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080), &(0x7f00000000c0)={'0000000000000000000000000000000', 0x33}, 0x20, 0x0)
getdents64(r0, &(0x7f0000000480)=""/31, 0x1f)

[  277.438250][T26514] loop3: detected capacity change from 0 to 264192
09:18:19 executing program 2:
r0 = open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x1800007, 0x11, r0, 0x0)
r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r2=>0x0)
ftruncate(r1, 0x81fd)
syz_open_dev$vcsu(&(0x7f0000001700), 0x0, 0x0)
sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000003980)=[{0x0}], 0x1}, 0x0)
io_submit(r2, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0xffffefff, 0x0, 0x1, 0x0, r1, &(0x7f0000000000), 0x16000}])

[  277.495089][T26514]  loop3: p1 p3 p4
[  277.500811][T26514] loop3: p1 size 11290111 extends beyond EOD, truncated
[  277.517273][T26514] loop3: p3 size 1912633224 extends beyond EOD, truncated
[  277.533795][T26514] loop3: p4 size 3657465856 extends beyond EOD, truncated
[  277.744972][T26532] FAULT_INJECTION: forcing a failure.
[  277.744972][T26532] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  277.758450][T26532] CPU: 0 PID: 26532 Comm: syz-executor.0 Not tainted 5.14.0-rc4-syzkaller #0
[  277.767399][T26532] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  277.777588][T26532] Call Trace:
[  277.780961][T26532]  dump_stack_lvl+0xb7/0x103
[  277.785643][T26532]  dump_stack+0x11/0x1a
[  277.789796][T26532]  should_fail+0x23c/0x250
[  277.794208][T26532]  __alloc_pages+0x102/0x320
[  277.798876][T26532]  alloc_pages_vma+0x513/0x680
[  277.803657][T26532]  ? page_address_in_vma+0x264/0x300
[  277.808942][T26532]  new_page+0x124/0x170
[  277.813143][T26532]  migrate_pages+0x3b3/0x1530
[  277.817832][T26532]  ? do_mbind+0xf50/0xf50
[  277.822251][T26532]  ? remove_migration_ptes+0x90/0x90
[  277.827530][T26532]  do_mbind+0xd43/0xf50
[  277.831761][T26532]  __x64_sys_mbind+0x10a/0x130
[  277.836969][T26532]  do_syscall_64+0x3d/0x90
[  277.841397][T26532]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  277.847473][T26532] RIP: 0033:0x4665e9
[  277.851359][T26532] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  277.871149][T26532] RSP: 002b:00007f21c68fc188 EFLAGS: 00000246 ORIG_RAX: 00000000000000ed
[  277.879567][T26532] RAX: ffffffffffffffda RBX: 000000000056c038 RCX: 00000000004665e9
[  277.887571][T26532] RDX: 0000000000000000 RSI: 0000000000800004 RDI: 00000000203b5000
09:18:19 executing program 5:
mlockall(0x1)
mremap(&(0x7f0000453000/0x4000)=nil, 0x4000, 0x1000, 0x3, &(0x7f000014a000/0x1000)=nil)
mbind(&(0x7f00003b5000/0x800000)=nil, 0x800004, 0x0, 0x0, 0x0, 0x2)

09:18:19 executing program 4:
ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f0000000140)={'wpan3\x00', <r0=>0x0})
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$netlbl_cipso(&(0x7f00000003c0), r1)
ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f0000000440)={'wpan1\x00', <r2=>0x0})
sendmsg$IEEE802154_LLSEC_DEL_DEV(r1, &(0x7f0000000540)={&(0x7f0000000400)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000500)={&(0x7f0000000580)=ANY=[@ANYBLOB="fd3b9fad274080686af03166796c623a76cea38f7a20ee5d90db04d9826a5103f3523b0afe6d7eb21b974f33682f04d9855951f489fb81e11501edea43bc96a8f84edc2513f7e194e11ab05b732b3965e362e6b6c873ddfef25f23bc9afe5bcaeb714ca6461ef6b14bf8cf", @ANYRES16=0x0, @ANYBLOB="040025bd7000fbdbdf252b00000008000200", @ANYRES32=0x0, @ANYBLOB="0a0001007770616e340000000a0001007770616e340000000a0001007770616e340000000c0005000201aaaaaaaaaaaa08000200", @ANYRES32=r2, @ANYBLOB="0c0005000201aaaaaaaaaaaa08000200", @ANYRES32=0x0, @ANYBLOB="08000200", @ANYRES32=0x0, @ANYBLOB], 0x70}, 0x1, 0x0, 0x0, 0x1}, 0x4011)
r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$netlbl_cipso(&(0x7f00000003c0), r3)
ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f0000000440)={'wpan1\x00', <r4=>0x0})
sendmsg$IEEE802154_LLSEC_DEL_DEV(r3, &(0x7f0000000540)={&(0x7f0000000400)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000500)={&(0x7f0000000580)=ANY=[@ANYBLOB="fd3b9fad274080686af03166796c623a76cea38f7a20ee5d90db04d9826a5103f3523b0afe6d7eb21b974f33682f04d9855951f489fb81e11501edea43bc96a8f84edc2513f7e194e11ab05b732b3965e362e6b6c873ddfef25f23bc9afe5bcaeb714ca6461ef6b14bf8cf", @ANYRES16=0x0, @ANYBLOB="040025bd7000fbdbdf252b00000008000200", @ANYRES32=0x0, @ANYBLOB="0a0001007770616e340000000a0001007770616e340000000a0001007770616e340000000c0005000201aaaaaaaaaaaa08000200", @ANYRES32=r4, @ANYBLOB="0c0005000201aaaaaaaaaaaa08000200", @ANYRES32=0x0, @ANYBLOB="08000200", @ANYRES32=0x0, @ANYBLOB], 0x70}, 0x1, 0x0, 0x0, 0x1}, 0x4011)
sendmsg$IEEE802154_LIST_IFACE(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000200)={&(0x7f0000000180)={0x58, 0x0, 0x0, 0x70bd26, 0x25dfdbfb, {}, [@IEEE802154_ATTR_DEV_INDEX={0x8}, @IEEE802154_ATTR_DEV_INDEX={0x8, 0x2, r0}, @IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan3\x00'}, @IEEE802154_ATTR_DEV_INDEX={0x8, 0x2, r2}, @IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan4\x00'}, @IEEE802154_ATTR_DEV_INDEX={0x8, 0x2, r4}, @IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan1\x00'}]}, 0x58}, 0x1, 0x0, 0x0, 0x20000000}, 0x0)
mkdir(&(0x7f00000000c0)='./file0\x00', 0x10)
mount(0x0, &(0x7f0000000980)='./file0\x00', &(0x7f0000000440)='proc\x00', 0x0, 0x0)
llistxattr(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080)=""/36, 0x24)
r5 = open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
getdents(r5, &(0x7f00000005c0)=""/223, 0xfc61)

09:18:19 executing program 3:
syz_read_part_table(0x7a000000, 0x1, &(0x7f0000000480)=[{&(0x7f0000000000)="020181ffffff0a000000ff45ac000000000063000800000000000000000000ffffffa9000000e10000008877007200300700a6ffffff00000000008000da55aa", 0x40, 0x1c0}])
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)

09:18:19 executing program 2:
r0 = open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x1800007, 0x11, r0, 0x0)
r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r2=>0x0)
ftruncate(r1, 0x81fd)
syz_open_dev$vcsu(&(0x7f0000001700), 0x0, 0x0)
sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000003980)=[{0x0}], 0x1}, 0x0)
io_submit(r2, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0xffffff86, 0x0, 0x1, 0x0, r1, &(0x7f0000000000), 0x16000}])

[  277.895681][T26532] RBP: 00007f21c68fc1d0 R08: 0000000000000000 R09: 0000000000000002
[  277.903995][T26532] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  277.911981][T26532] R13: 00007ffd632b736f R14: 00007f21c68fc300 R15: 0000000000022000
09:18:19 executing program 4:
mkdir(&(0x7f0000002200)='./file0\x00', 0x0)
r0 = fsmount(0xffffffffffffffff, 0x1, 0x2)
openat(r0, &(0x7f0000000040)='./file0\x00', 0x80, 0x10)
mount(0x0, &(0x7f0000000980)='./file0\x00', &(0x7f0000000440)='proc\x00', 0x0, 0x0)
pipe(&(0x7f0000000040)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0)
r2 = openat$cgroup_int(r1, &(0x7f0000000100)='rdma.max\x00', 0x2, 0x0)
sendfile(r2, r0, &(0x7f00000000c0)=0x4, 0x0)
r3 = open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
r4 = socket$inet_udplite(0x2, 0x2, 0x88)
getsockopt$sock_cred(r4, 0x1, 0x11, &(0x7f0000000240)={0x0, <r5=>0x0}, &(0x7f0000000280)=0x5)
setuid(r5)
getsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f0000000180)={{{@in6=@mcast1, @in=@multicast1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r6=>0x0}}, {{@in=@multicast2}, 0x0, @in6}}, &(0x7f0000000280)=0xe8)
recvmmsg$unix(r0, &(0x7f00000056c0)=[{{&(0x7f00000002c0), 0x6e, &(0x7f00000004c0)=[{&(0x7f0000000340)=""/231, 0xe7}, {&(0x7f0000000480)=""/53, 0x35}], 0x2, &(0x7f0000000500)=[@rights={{0x1c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}], 0x40}}, {{&(0x7f0000000540)=@abs, 0x6e, &(0x7f0000000ac0)=[{&(0x7f00000006c0)=""/237, 0xed}, {&(0x7f00000007c0)=""/141, 0x8d}, {&(0x7f0000000880)=""/10, 0xa}, {&(0x7f00000008c0)=""/78, 0x4e}, {&(0x7f0000000940)=""/54, 0x36}, {&(0x7f00000009c0)=""/7, 0x7}, {&(0x7f0000000a00)=""/130, 0x82}], 0x7, &(0x7f0000000b40)=[@rights={{0x2c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @cred={{0x1c}}], 0x70}}, {{0x0, 0x0, &(0x7f0000001e00)=[{&(0x7f0000000bc0)=""/57, 0x39}, {&(0x7f0000000c00)=""/168, 0xa8}, {&(0x7f0000000cc0)=""/4096, 0x1000}, {&(0x7f0000002240)=""/4096, 0x1000}, {&(0x7f0000001cc0)=""/104, 0x68}, {&(0x7f0000001d40)=""/180, 0xb4}], 0x6, &(0x7f0000001e80)}}, {{&(0x7f0000001ec0)=@abs, 0x6e, &(0x7f0000002100)=[{&(0x7f0000001f40)=""/228, 0xe4}, {&(0x7f0000002040)=""/183, 0xb7}], 0x2, &(0x7f0000002140)=[@cred={{0x1c}}], 0x20}}, {{&(0x7f0000002180)=@abs, 0x6e, &(0x7f00000033c0)=[{&(0x7f0000003240)=""/82, 0x52}, {&(0x7f00000032c0)=""/193, 0xc1}], 0x2, &(0x7f0000003400)=[@rights={{0x10}}, @rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @rights={{0x1c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @cred={{0x1c}}, @rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}, @rights={{0x1c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}], 0xe0}}, {{&(0x7f0000003500)=@abs, 0x6e, &(0x7f0000004700)=[{&(0x7f0000003580)=""/4096, 0x1000}, {&(0x7f0000004580)=""/240, 0xf0}, {&(0x7f0000004680)=""/66, 0x42}], 0x3, &(0x7f0000004740)=[@rights={{0x24, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @cred={{0x1c}}, @rights={{0x24, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}], 0x90}}, {{&(0x7f0000004800)=@abs, 0x6e, &(0x7f0000004d80)=[{&(0x7f0000004880)=""/233, 0xe9}, {&(0x7f0000004980)=""/96, 0x60}, {&(0x7f0000004a00)=""/153, 0x99}, {&(0x7f0000004ac0)=""/121, 0x79}, {&(0x7f0000004b40)=""/6, 0x6}, {&(0x7f0000004b80)=""/204, 0xcc}, {&(0x7f0000004c80)=""/218, 0xda}], 0x7, &(0x7f0000004e00)=[@rights={{0x10}}, @rights={{0x28, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x1c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x20, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @cred={{0x1c}}, @rights={{0x28, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @cred={{0x1c}}, @rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}], 0x138}}, {{&(0x7f0000004f40), 0x6e, &(0x7f0000005500)=[{&(0x7f0000004fc0)=""/213, 0xd5}, {&(0x7f00000050c0)=""/68, 0x44}, {&(0x7f0000005140)=""/108, 0x6c}, {&(0x7f00000051c0)=""/220, 0xdc}, {&(0x7f00000052c0)=""/121, 0x79}, {&(0x7f0000005340)=""/52, 0x34}, {&(0x7f0000005380)=""/14, 0xe}, {&(0x7f00000053c0)=""/42, 0x2a}, {&(0x7f0000005400)=""/240, 0xf0}], 0x9, &(0x7f00000055c0)=[@cred={{0x1c}}, @cred={{0x1c, 0x1, 0x2, {0x0, 0x0, <r7=>0x0}}}, @cred={{0x1c}}, @cred={{0x1c}}, @cred={{0x1c}}, @rights={{0x20, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x20, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}], 0xe0}}], 0x8, 0x2003, &(0x7f00000058c0)={0x0, 0x3938700})
getresgid(&(0x7f0000005900)=<r8=>0x0, &(0x7f0000005940), &(0x7f0000005980))
r9 = socket(0x10, 0x2, 0x0)
getsockopt$sock_cred(r9, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0, <r10=>0x0}, &(0x7f0000cab000)=0xc)
setgroups(0x1, &(0x7f0000000080)=[r10])
lsetxattr$system_posix_acl(&(0x7f0000000080)='./file0\x00', &(0x7f0000000140)='system.posix_acl_default\x00', &(0x7f00000059c0)={{}, {}, [{0x2, 0x4, r5}, {0x2, 0x0, r6}], {}, [{0x8, 0x1, 0xee00}, {0x8, 0x2, r7}, {0x8, 0x5, r8}, {0x8, 0x1, r10}], {}, {0x20, 0x4}}, 0x54, 0x1)
getdents(r3, &(0x7f00000005c0)=""/223, 0xfc61)

[  278.024295][T26542] loop3: detected capacity change from 0 to 264192
09:18:19 executing program 1:
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = syz_genetlink_get_family_id$devlink(&(0x7f0000000100), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_TRAP_GET(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000480)={0x4c, r1, 0x9eec7f43d0c61617, 0x0, 0x0, {}, [{@pci={{0x8}, {0x11}}, {0x1c}}]}, 0x4c}}, 0x0)
sendmsg$DEVLINK_CMD_PORT_SPLIT(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f00000000c0)={&(0x7f00000002c0)={0x1e0, r1, 0x20, 0x70bd26, 0x25dfdbfc, {}, [{{@pci={{0x8}, {0x11}}, {0x8}}, {0x8, 0x9, 0x8}}, {{@pci={{0x8}, {0x11}}, {0x8, 0x3, 0x2}}, {0x8, 0x9, 0x8}}, {{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x3}}, {0x8, 0x9, 0x4}}, {{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8}}, {0x8, 0x9, 0x4}}, {{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8}}, {0x8}}, {{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x3}}, {0x8, 0x9, 0x6}}, {{@pci={{0x8}, {0x11}}, {0x8, 0x3, 0x1}}, {0x8, 0x9, 0x3}}, {{@pci={{0x8}, {0x11}}, {0x8, 0x3, 0x3}}, {0x8, 0x9, 0x3}}, {{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x2}}, {0x8}}, {{@pci={{0x8}, {0x11}}, {0x8}}, {0x8, 0x9, 0x1}}]}, 0x1e0}, 0x1, 0x0, 0x0, 0x4000090}, 0x8000)
r2 = syz_io_uring_setup(0x2de1, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000002000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000100)=<r3=>0x0, &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r3, r4, &(0x7f00000001c0)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index, 0x0, 0x0, 0x0, 0x1}, 0x0)
io_uring_enter(r2, 0x302, 0x0, 0x0, 0x0, 0x0)

[  278.079501][T26542]  loop3: p1 p3 p4
[  278.088631][T26542] loop3: p1 size 11290111 extends beyond EOD, truncated
[  278.107464][T26542] loop3: p3 size 1912633224 extends beyond EOD, truncated
[  278.119357][T26542] loop3: p4 size 3657465856 extends beyond EOD, truncated
09:18:19 executing program 2:
r0 = open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x1800007, 0x11, r0, 0x0)
r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r2=>0x0)
ftruncate(r1, 0x81fd)
syz_open_dev$vcsu(&(0x7f0000001700), 0x0, 0x0)
sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000003980)=[{0x0}], 0x1}, 0x0)
io_submit(r2, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0xffffffe4, 0x0, 0x1, 0x0, r1, &(0x7f0000000000), 0x16000}])

[  278.172415][T26555] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=26555 comm=syz-executor.1
[  278.205884][T26561] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=26561 comm=syz-executor.1
[  278.258087][ T1041]  loop1: p2 < > p3 p4
[  278.266674][ T1041] loop1: p2 size 2 extends beyond EOD, truncated
[  278.281916][ T1041] loop1: p3 start 225 is beyond EOD, truncated
[  278.288094][ T1041] loop1: p4 size 3657465856 extends beyond EOD, truncated
09:18:20 executing program 0 (fault-call:2 fault-nth:19):
mlockall(0x1)
mremap(&(0x7f0000453000/0x4000)=nil, 0x4000, 0x1000, 0x3, &(0x7f000014a000/0x1000)=nil)
mbind(&(0x7f00003b5000/0x800000)=nil, 0x800004, 0x0, 0x0, 0x0, 0x2)

09:18:20 executing program 3:
syz_read_part_table(0x80040000, 0x1, &(0x7f0000000480)=[{&(0x7f0000000000)="020181ffffff0a000000ff45ac000000000063000800000000000000000000ffffffa9000000e10000008877007200300700a6ffffff00000000008000da55aa", 0x40, 0x1c0}])
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)

09:18:20 executing program 1:
r0 = syz_io_uring_setup(0x2de1, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000003000/0x4000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000001c0)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index, 0x0, 0x0, 0x0, 0x1}, 0x0)
io_uring_enter(r0, 0x302, 0x0, 0x0, 0x0, 0x0)

09:18:20 executing program 2:
r0 = open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x1800007, 0x11, r0, 0x0)
r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r2=>0x0)
ftruncate(r1, 0x81fd)
syz_open_dev$vcsu(&(0x7f0000001700), 0x0, 0x0)
sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000003980)=[{0x0}], 0x1}, 0x0)
io_submit(r2, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0xffffffef, 0x0, 0x1, 0x0, r1, &(0x7f0000000000), 0x16000}])

09:18:20 executing program 1:
r0 = syz_io_uring_setup(0x2de1, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000003000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000000)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000001c0)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index, 0x0, 0x0, 0x0, 0x1}, 0x0)
io_uring_enter(r0, 0x302, 0x0, 0x0, 0x0, 0x0)

[  278.647977][T26584] loop3: detected capacity change from 0 to 264192
[  278.668236][ T1041]  loop1: p2 < > p3 p4
[  278.679692][ T1041] loop1: p2 size 2 extends beyond EOD, truncated
[  278.698674][ T1041] loop1: p3 start 225 is beyond EOD, truncated
[  278.704887][ T1041] loop1: p4 size 3657465856 extends beyond EOD, truncated
[  278.731710][T26584]  loop3: p1 p3 p4
[  278.736124][T26584] loop3: p1 size 11290111 extends beyond EOD, truncated
[  278.758086][ T1041]  loop1: p2 < > p3 p4
[  278.767376][T26584] loop3: p3 size 1912633224 extends beyond EOD, truncated
[  278.770596][ T1041] loop1: p2 size 2 extends beyond EOD, truncated
[  278.783759][T26584] loop3: p4 size 3657465856 extends beyond EOD, truncated
[  278.793566][ T1041] loop1: p3 start 225 is beyond EOD, truncated
[  278.799759][ T1041] loop1: p4 size 3657465856 extends beyond EOD, truncated
09:18:20 executing program 5:
mlockall(0x1)
mremap(&(0x7f0000453000/0x4000)=nil, 0x4000, 0x1000, 0x3, &(0x7f000014a000/0x1000)=nil)
mbind(&(0x7f00003b5000/0x800000)=nil, 0x800004, 0x2, 0x0, 0x0, 0x2)

09:18:20 executing program 1:
r0 = syz_io_uring_setup(0x2de1, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000002000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000001c0)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index, 0x0, 0x0, 0x0, 0x1}, 0x0)
r3 = syz_io_uring_setup(0x495a, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=<r4=>0x0, &(0x7f0000000100)=<r5=>0x0)
syz_io_uring_submit(r4, r5, &(0x7f0000000040)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x4, 0x0, @fd=r3}, 0x9)
syz_io_uring_submit(r4, r5, &(0x7f0000008540)=@IORING_OP_CLOSE, 0x10001)
syz_io_uring_submit(r4, r5, &(0x7f00000000c0)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000180)=@IORING_OP_WRITE={0x17, 0x4, 0x0, @fd_index=0x7, 0x6, &(0x7f0000000000)="d8753c41ca85cec1b9f4738227f1cf9f7b188541d37f7608fc0d95002ba90364a4f97c72f57b0b55fc4ce3c192099a4ff7e34ebbc38f4fe388e17d4a6c1099e7e41d423d55fa8ca671f3ae5f961afd968fe6176f41b0039928aebf58da2ff65c65fe96c293d343e234d7eaa881123e4a44cd508660659471b6dab7ff128fe7766ec8ffb416621e97a5511811c511d69e0ddf543ba96891c457eebab4a944c8aac71bbd5b14374d6bae9a30fd9321fe88e32ad1bcb028fcf0571e6833532947aaacfde12bbf32736c17e4c5a7ef4a8d82816a13fa37a4ac1a683c1e522f79b5436b1ed9f2c2f3e52feb5349e165da9527e5def58ab71c79", 0xf7, 0x1c, 0x1}, 0x3)
io_uring_enter(r0, 0x2ff, 0x1, 0x0, 0x0, 0x0)

09:18:20 executing program 2:
r0 = open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x1800007, 0x11, r0, 0x0)
r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r2=>0x0)
ftruncate(r1, 0x81fd)
syz_open_dev$vcsu(&(0x7f0000001700), 0x0, 0x0)
sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000003980)=[{0x0}], 0x1}, 0x0)
io_submit(r2, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0xfffffff4, 0x0, 0x1, 0x0, r1, &(0x7f0000000000), 0x16000}])

[  278.879994][T26584] loop3: detected capacity change from 0 to 264192
09:18:20 executing program 4:
socket$netlink(0x10, 0x3, 0xa)
clock_gettime(0x0, &(0x7f00000002c0)={<r0=>0x0, <r1=>0x0})
semtimedop(0xffffffffffffffff, &(0x7f0000000280)=[{0x1, 0x101, 0x800}, {0x4, 0xf7eb, 0x1800}], 0x2, &(0x7f0000000300)={r0, r1+60000000})
pipe2(&(0x7f0000000140)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff}, 0x0)
ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r2, 0x4040534e, &(0x7f0000000180)={0x12, @time={0xfffffffd, 0x7fff}, 0x40, {0xff, 0x7f}, 0x0, 0x1, 0x1f})
mkdir(&(0x7f0000002200)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000980)='./file0\x00', &(0x7f0000000440)='proc\x00', 0x0, 0x0)
r4 = open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
unlinkat(r4, &(0x7f0000000040)='./file0\x00', 0x0)
ioctl$SNDRV_SEQ_IOCTL_QUERY_NEXT_CLIENT(r3, 0xc0bc5351, &(0x7f00000001c0)={0x10000, 0x2, 'client0\x00', 0x2, "e44f81b5f0a1c8cf", "b242810c7f629d78e37322a78de7c04751fd1a887fa6ca05c261768d2d702db5", 0x401, 0x6})
r5 = semget$private(0x0, 0x4, 0x10)
semctl$GETZCNT(r5, 0x1, 0xf, &(0x7f0000000340)=""/253)
getdents(r4, &(0x7f00000005c0)=""/223, 0xfc61)
setxattr$trusted_overlay_nlink(&(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), &(0x7f0000000100)={'L+', 0x3af}, 0x16, 0x1)

[  278.920983][T26584]  loop3: p1 p3 p4
[  278.925448][T26584] loop3: p1 size 11290111 extends beyond EOD, truncated
[  278.943337][T26583] FAULT_INJECTION: forcing a failure.
[  278.943337][T26583] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  278.956718][T26583] CPU: 1 PID: 26583 Comm: syz-executor.0 Not tainted 5.14.0-rc4-syzkaller #0
[  278.965745][T26583] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  278.975810][T26583] Call Trace:
[  278.979090][T26583]  dump_stack_lvl+0xb7/0x103
[  278.983684][T26583]  dump_stack+0x11/0x1a
[  278.987852][T26583]  should_fail+0x23c/0x250
[  278.992277][T26583]  __alloc_pages+0x102/0x320
[  278.996921][T26583]  alloc_pages_vma+0x513/0x680
[  278.998997][T26584] loop3: p3 size 1912633224 extends beyond EOD, 
[  279.001716][T26583]  ? page_address_in_vma+0x264/0x300
[  279.001730][T26584] truncated
[  279.014099][T26584] loop3: p4 size 3657465856 extends beyond EOD, 
[  279.016416][T26583]  new_page+0x124/0x170
[  279.016444][T26583]  migrate_pages+0x3b3/0x1530
[  279.022867][T26584] truncated
[  279.026984][T26583]  ? do_mbind+0xf50/0xf50
[  279.039192][T26583]  ? remove_migration_ptes+0x90/0x90
[  279.044541][T26583]  do_mbind+0xd43/0xf50
[  279.048735][T26583]  __x64_sys_mbind+0x10a/0x130
[  279.053546][T26583]  do_syscall_64+0x3d/0x90
[  279.058237][T26583]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  279.064244][T26583] RIP: 0033:0x4665e9
09:18:20 executing program 3:
syz_read_part_table(0x80ffffff, 0x1, &(0x7f0000000480)=[{&(0x7f0000000000)="020181ffffff0a000000ff45ac000000000063000800000000000000000000ffffffa9000000e10000008877007200300700a6ffffff00000000008000da55aa", 0x40, 0x1c0}])
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)

[  279.068176][T26583] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  279.088045][T26583] RSP: 002b:00007f21c691d188 EFLAGS: 00000246 ORIG_RAX: 00000000000000ed
[  279.096588][T26583] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665e9
[  279.104562][T26583] RDX: 0000000000000000 RSI: 0000000000800004 RDI: 00000000203b5000
[  279.112535][T26583] RBP: 00007f21c691d1d0 R08: 0000000000000000 R09: 0000000000000002
09:18:20 executing program 1:
umount2(&(0x7f00000000c0)='./file0\x00', 0xe)
r0 = syz_io_uring_setup(0x2de1, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000002000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r2, &(0x7f0000000000)=@IORING_OP_WRITE_FIXED={0x5, 0x5, 0x2000, @fd_index=0x9, 0x4, 0x7, 0x500, 0x9, 0x0, {0x2, r3}}, 0x9)
syz_io_uring_submit(r1, r2, &(0x7f00000001c0)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index, 0x0, 0x0, 0x0, 0x1}, 0x0)
r4 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/crypto\x00', 0x0, 0x0)
io_uring_enter(r4, 0x20e1, 0xf34e, 0x0, &(0x7f0000000080)={[0x800]}, 0x8)
openat$autofs(0xffffffffffffff9c, &(0x7f0000000180), 0xe597d8bfaab26d3b, 0x0)
pipe(&(0x7f0000000040)={<r5=>0xffffffffffffffff})
r6 = socket$inet_udp(0x2, 0x2, 0x0)
close(r6)
splice(r5, 0x0, r6, 0x0, 0x10005, 0x0)
io_uring_enter(r5, 0x41f78, 0xf73, 0x0, 0x0, 0x0)

[  279.120584][T26583] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  279.128569][T26583] R13: 00007ffd632b736f R14: 00007f21c691d300 R15: 0000000000022000
09:18:20 executing program 4:
mkdir(&(0x7f0000002200)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000980)='./file0\x00', &(0x7f0000000440)='proc\x00', 0x0, 0x0)
pipe(&(0x7f0000000040)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
write$binfmt_misc(r0, &(0x7f0000000140)=ANY=[], 0x4240a2a0)
recvmsg(r0, &(0x7f0000000180)={&(0x7f0000000040)=@l2tp={0x2, 0x0, @empty}, 0x80, &(0x7f00000000c0), 0x0, &(0x7f0000000100)=""/114, 0x72}, 0x40000060)
r1 = open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
getdents(r1, &(0x7f00000005c0)=""/223, 0xfc61)

[  279.181743][ T1041]  loop1: p2 < > p3 p4
[  279.185979][ T1041] loop1: p2 size 2 extends beyond EOD, truncated
[  279.205878][ T1041] loop1: p3 start 225 is beyond EOD, truncated
[  279.212109][ T1041] loop1: p4 size 3657465856 extends beyond EOD, truncated
[  279.221970][ T1778] __loop_clr_fd: partition scan of loop3 failed (rc=-16)
[  279.281829][ T1041]  loop1: p2 < > p3 p4
[  279.286305][ T1041] loop1: p2 size 2 extends beyond EOD, truncated
[  279.296312][ T1041] loop1: p3 start 225 is beyond EOD, truncated
[  279.296722][T26654] loop3: detected capacity change from 0 to 264192
[  279.302555][ T1041] loop1: p4 size 3657465856 extends beyond EOD, truncated
[  279.330158][T26654]  loop3: p1 p3 p4
[  279.338426][T26654] loop3: p1 size 11290111 extends beyond EOD, truncated
[  279.353237][T26654] loop3: p3 size 1912633224 extends beyond EOD, truncated
[  279.370129][T26654] loop3: p4 size 3657465856 extends beyond EOD, truncated
09:18:21 executing program 0 (fault-call:2 fault-nth:20):
mlockall(0x1)
mremap(&(0x7f0000453000/0x4000)=nil, 0x4000, 0x1000, 0x3, &(0x7f000014a000/0x1000)=nil)
mbind(&(0x7f00003b5000/0x800000)=nil, 0x800004, 0x0, 0x0, 0x0, 0x2)

09:18:21 executing program 2:
r0 = open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x1800007, 0x11, r0, 0x0)
r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r2=>0x0)
ftruncate(r1, 0x81fd)
syz_open_dev$vcsu(&(0x7f0000001700), 0x0, 0x0)
sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000003980)=[{0x0}], 0x1}, 0x0)
io_submit(r2, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0xfffffffb, 0x0, 0x1, 0x0, r1, &(0x7f0000000000), 0x16000}])

09:18:21 executing program 1:
r0 = syz_io_uring_setup(0x2de1, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000002000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000001c0)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index, 0x0, 0x0, 0x0, 0x1}, 0x0)
io_uring_enter(r0, 0x302, 0x0, 0x0, 0x0, 0x0)
r3 = syz_io_uring_setup(0x495a, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=<r4=>0x0, &(0x7f0000000100)=<r5=>0x0)
syz_io_uring_submit(r4, r5, &(0x7f0000000040)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x4, 0x0, @fd=r3}, 0x9)
syz_io_uring_submit(r4, r5, &(0x7f0000008540)=@IORING_OP_CLOSE, 0x10001)
syz_io_uring_submit(r4, r5, &(0x7f00000000c0)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000a00)=@IORING_OP_SENDMSG={0x9, 0x2, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000009c0)={&(0x7f0000000000)=@l2tp6={0xa, 0x0, 0x80000000, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0x0, 0x4}, 0x80, &(0x7f0000000780)=[{&(0x7f00000002c0)="2d197bd46c16573807e4641c832f923eaecc8e8de154db8e9407f6f11e67f13459f312a5147644119e34ac6ac3131fa8749efac789cdf45d717b720bfb6ccf3fc8d0b78cc4b60576b0c8f1af59818ed7dda72635f9516dff00f8299f54e0de7461d069e2b39f87f5dc2ae0ba37e5b8abace1f8155b20c4b5b6460223106cb12c563f74dd8ccef78ec1657d95db0632f48d03b418a0f8f541d6e2f6a36d377785d7a26fcddb9c911f7cd390b06805b627f6e2a2246e89fd7cca6cb11b7b7634d4a175a41b8a085cf92e20853bb14c08b2f232481ebfa8c5a36a2f56237cfab3116d9cf2d29d07ad43a057985aaca556a263993c", 0xf3}, {&(0x7f00000003c0)="401b6be10b4d2c475718e1ce7965e44ad97b8baa167adb0721c6cedff89a680b8761296bc45a34f31fad92a691a5eae11716fcfca52791b03d28024d74a819a6d3ef9778bc156869e5d681ecde34425cd1e7053658c90af8439fffb37a9d4cfbc5eed2fd61b44e2999a5704aa353e5086c2c9337a5d5fa8608224fdddc7278b2fbb092cec6b8df777218fc65b3994ef71b16e7b65b4d97c6f2c65a163002aa06d782272d5a5fbacd178f1921f63626a9e12f181c61a88d68fd85269cc5932c9e44853913353519b0071048067d897914d88c5a7ea040bcd76082e880bcd4ee28674c37b55699e7fa891f3071cd6e3eee99bd", 0xf2}, {&(0x7f0000000080)="45a3b9465f403b78a007da760a42077ef47a5d2d1210a45fea96b1fc6e9454cf35072ea1b460e71b73efe1113753efd1d2969cab1ee81ca1916607e880d3f868a70dc7425a41cff92af87bf8daa50588cdfb12829581362a5db35010c3437d1b92ef9c83d14acaaa7d33365bdfde698fc893efeb71b87a", 0x77}, {&(0x7f00000004c0)="a334ccd2361ae5e4e1684772fed784a7c09700338929c33debba62166283f0e9bdc499e43f398accff20e6b6f62c3c6743548d9159c156ba6706ba9612a2f4b8af7c884a19dcb3e049a4f5364057f08794a9e22842bcb5886bdc5e558f7e7933b39421af1acd6d1ad25bb4f1401bd9aa3dc98ed25ca2b0ad6e03b7c25d5e49a3e5b728b2b54b32a01aee1623e5896e6633306fa0f935e47c1a3f1d02af08533d99faf3ded3b8e7f9308423f4b3c8cd73932dc6", 0xb3}, {&(0x7f0000000580)="4aab3b03432a0402a57b4cda3f57d92b831f9f4e9e50313b60392bab53b02a1ce4a1c1d9b0f733a29631a5bf99323e5f357352b4e52ebed8174ff46b7ca54ecb48d946b5649fc4308fc70cb1e789f4e36bd0b5b5b951b115f0f13b045d3897904ed8048efaee03a4c265bfd794fdd9", 0x6f}, {&(0x7f0000000600)="7a14bdaf8a0a9d96bdad5b12a154a1f4b1d6a2d3942a6f99392a5ac3e923cc4efd06066d10afeef07e9e4e86acce2bdd7aee143fda943cf8f4c03c19cd18b63c918e2c3c3202f72c2e6326f076d2ade58cea5819a5da6ad0c654b1452eaa3a779f355ecdf25f09507b68de550c1406ffb7aa08", 0x73}, {&(0x7f0000000180)="b0174862498b01a2c24c79a065b9c84234f2821e34061408d19801", 0x1b}, {&(0x7f0000000200)="723c42e24b1f88457c862c210bbeebc4e6d9f1cde29911f5ae73137da8be7f0f1e9f794fd2e9aee427", 0x29}, {&(0x7f0000000680)="e8201aeb6fd4a971a7b001a1b132d992a064c5898da86ec84b6200d07484d3777bfb154cba371f70d94405d65bc77a077bd39ed6f2437bf7dabcd855a03f9e161b5fd0cae72d9c3e5e9a7d9986a6adcdf50f95f3d9e7bdeda780f0d92e33433d7783216d7e115ea5f41809c352b2b7bb3a6fbf81f5f76392244a7185a191b20c45c26013175e3cfd90f5f4c6429155a2f7f3a58ebf22ecb4f0c848652900", 0x9e}, {&(0x7f0000000740)="73a04e46e1", 0x5}], 0xa, &(0x7f0000000840)=[{0xe0, 0x112, 0x0, "706fe718b9cc03b3f831c0f54fa3ace1488f0aa344c02a8b8b47b72b2e29d8f6f5384275e886a3cd4ed38222a3f4b6330e454ce780acdaf2e4e72d349b25c3804922307cd7840b4bc641e0132d6bbfe164998c06ac7f418aa81a0bebdade0523c9f4c311426b9a8ed459982c0a17c45878525b1c02f6123d463fbe2f0f7abe251a4e60b36c4a199cdf02dee619561924cf11537ca6a32d6c027185e05ff0cb57046d7e5f42fdf7ccbbf8bb1aff82db3e53ccf137b25924263fa4760c89f2db22e59d0dd96a56dba2fda6be"}, {0x98, 0x10f, 0xffff8000, "0816ef69b79b40b064b7dac4fbd424f2cd77fd05cfb6b5a32f985db9a9614bdbe9b9cbf55084a8463579b67a7ad87f17cf2fd3d362a785c7db205ed896571b8a5fc65c9d6f3eb8ecbbdccb039705fd4358a3fef4bcbd561428f82f6ea44cad9444218167af8e4cd0d8e8b01cadd45d1f208e22a4d3d0839073a92c80f73f636058db"}], 0x178}, 0x0, 0x20000000}, 0xed)

09:18:21 executing program 3:
syz_read_part_table(0x8cffffff, 0x1, &(0x7f0000000480)=[{&(0x7f0000000000)="020181ffffff0a000000ff45ac000000000063000800000000000000000000ffffffa9000000e10000008877007200300700a6ffffff00000000008000da55aa", 0x40, 0x1c0}])
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)

09:18:21 executing program 1:
r0 = syz_io_uring_setup(0x2de1, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000002000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0xc0, &(0x7f0000000000)=0x7, 0x0, 0x4)
syz_io_uring_submit(r1, r2, &(0x7f00000001c0)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index, 0x0, 0x0, 0x0, 0x1}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_WRITE_FIXED={0x5, 0x1, 0x2007, @fd, 0x7, 0x6, 0x1000, 0x7, 0x1, {0x1}}, 0x84a8)
getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f00000002c0)={{{@in=@empty, @in6=@mcast1}}, {{@in6=@mcast2}, 0x0, @in=@multicast1}}, &(0x7f0000000040)=0xe8)
io_uring_enter(r0, 0x302, 0x0, 0x0, 0x0, 0x0)

[  279.635450][T26681] loop3: detected capacity change from 0 to 264192
[  279.668604][ T1041]  loop1: p2 < > p3 p4
[  279.673007][ T1041] loop1: p2 size 2 extends beyond EOD, truncated
[  279.688327][ T1041] loop1: p3 start 225 is beyond EOD, truncated
[  279.694778][ T1041] loop1: p4 size 3657465856 extends beyond EOD, truncated
[  279.704760][T26681]  loop3: p1 p3 p4
[  279.709146][T26681] loop3: p1 size 11290111 extends beyond EOD, truncated
[  279.730308][T26681] loop3: p3 size 1912633224 extends beyond EOD, truncated
[  279.747942][T26681] loop3: p4 size 3657465856 extends beyond EOD, truncated
09:18:21 executing program 2:
r0 = open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x1800007, 0x11, r0, 0x0)
r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r2=>0x0)
ftruncate(r1, 0x81fd)
syz_open_dev$vcsu(&(0x7f0000001700), 0x0, 0x0)
sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000003980)=[{0x0}], 0x1}, 0x0)
io_submit(r2, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0xfffffffe, 0x0, 0x1, 0x0, r1, &(0x7f0000000000), 0x16000}])

09:18:21 executing program 5:
mlockall(0x1)
mremap(&(0x7f0000453000/0x4000)=nil, 0x4000, 0x1000, 0x3, &(0x7f000014a000/0x1000)=nil)
mbind(&(0x7f00003b5000/0x800000)=nil, 0x800004, 0x3, 0x0, 0x0, 0x2)

09:18:21 executing program 1:
ioctl$TIOCGWINSZ(0xffffffffffffffff, 0x5413, &(0x7f0000000000))
r0 = syz_io_uring_setup(0x2de1, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000002000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000001c0)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index, 0x0, 0x0, 0x0, 0x1}, 0x0)
io_uring_enter(r0, 0x302, 0x0, 0x0, 0x0, 0x0)

[  279.815881][ T1041]  loop1: p2 < > p3 p4
[  279.822056][ T1041] loop1: p2 size 2 extends beyond EOD, truncated
[  279.838841][ T1041] loop1: p3 start 225 is beyond EOD, truncated
[  279.845111][ T1041] loop1: p4 size 3657465856 extends beyond EOD, truncated
[  279.857199][T26681] loop3: detected capacity change from 0 to 264192
[  279.890527][T26680] FAULT_INJECTION: forcing a failure.
[  279.890527][T26680] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  279.903885][T26680] CPU: 0 PID: 26680 Comm: syz-executor.0 Not tainted 5.14.0-rc4-syzkaller #0
[  279.912682][T26680] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  279.922746][T26680] Call Trace:
[  279.926025][T26680]  dump_stack_lvl+0xb7/0x103
[  279.930705][T26680]  dump_stack+0x11/0x1a
[  279.934857][T26680]  should_fail+0x23c/0x250
[  279.939272][T26680]  __alloc_pages+0x102/0x320
[  279.944252][T26680]  alloc_pages_vma+0x513/0x680
[  279.949019][T26680]  ? page_address_in_vma+0x264/0x300
[  279.954486][T26680]  new_page+0x124/0x170
[  279.958649][T26680]  migrate_pages+0x3b3/0x1530
[  279.963411][T26680]  ? do_mbind+0xf50/0xf50
[  279.967746][T26680]  ? remove_migration_ptes+0x90/0x90
[  279.973037][T26680]  do_mbind+0xd43/0xf50
[  279.977254][T26680]  __x64_sys_mbind+0x10a/0x130
[  279.982157][T26680]  do_syscall_64+0x3d/0x90
[  279.986664][T26680]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  279.992781][T26680] RIP: 0033:0x4665e9
[  279.996726][T26680] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  280.016336][T26680] RSP: 002b:00007f21c691d188 EFLAGS: 00000246 ORIG_RAX: 00000000000000ed
[  280.024760][T26680] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665e9
[  280.032817][T26680] RDX: 0000000000000000 RSI: 0000000000800004 RDI: 00000000203b5000
[  280.040792][T26680] RBP: 00007f21c691d1d0 R08: 0000000000000000 R09: 0000000000000002
[  280.048761][T26680] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  280.056731][T26680] R13: 00007ffd632b736f R14: 00007f21c691d300 R15: 0000000000022000
[  280.073848][ T1041]  loop3: p1 p3 p4
[  280.078033][ T1041] loop3: p1 size 11290111 extends beyond EOD, truncated
09:18:21 executing program 1:
r0 = syz_io_uring_setup(0x2de1, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000002000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x3000002, 0x810, r0, 0x8000000)
syz_io_uring_setup(0x5d81, &(0x7f0000000000)={0x0, 0x77a4, 0x10, 0x3, 0x2d6, 0x0, r0}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=<r4=>0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000180)=@IORING_OP_WRITE_FIXED={0x5, 0x1, 0x6000, @fd_index, 0x800080000, 0x3f, 0xe0ba, 0x3, 0x1, {0x1}}, 0x91)
syz_io_uring_submit(r1, r2, &(0x7f00000001c0)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index, 0x0, 0x0, 0x0, 0x1}, 0x0)
io_uring_enter(r0, 0x302, 0x0, 0x0, 0x0, 0x0)

09:18:21 executing program 4:
mkdir(&(0x7f0000002200)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000980)='./file0\x00', &(0x7f0000000040)='rootfs\x00', 0x2001000, 0x0)
r0 = open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
getdents(r0, &(0x7f00000005c0)=""/223, 0xfc61)

[  280.089038][ T1041] loop3: p3 size 1912633224 extends beyond EOD, truncated
[  280.098311][ T1041] loop3: p4 size 3657465856 extends beyond EOD, truncated
[  280.115493][T26681]  loop3: p1 p3 p4
[  280.119850][T26681] loop3: p1 size 11290111 extends beyond EOD, truncated
[  280.127929][T26681] loop3: p3 size 1912633224 extends beyond EOD, truncated
09:18:21 executing program 2:
r0 = open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x1800007, 0x11, r0, 0x0)
r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r2=>0x0)
ftruncate(r1, 0x81fd)
syz_open_dev$vcsu(&(0x7f0000001700), 0x0, 0x0)
sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000003980)=[{0x0}], 0x1}, 0x0)
io_submit(r2, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0xffffffff, 0x0, 0x1, 0x0, r1, &(0x7f0000000000), 0x16000}])

09:18:21 executing program 3:
syz_read_part_table(0x958f4db9, 0x1, &(0x7f0000000480)=[{&(0x7f0000000000)="020181ffffff0a000000ff45ac000000000063000800000000000000000000ffffffa9000000e10000008877007200300700a6ffffff00000000008000da55aa", 0x40, 0x1c0}])
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)

[  280.139734][T26681] loop3: p4 size 3657465856 extends beyond EOD, truncated
[  280.233784][ T1041]  loop1: p2 < > p3 p4
[  280.239399][ T1041] loop1: p2 size 2 extends beyond EOD, truncated
[  280.249687][ T1041] loop1: p3 start 225 is beyond EOD, truncated
[  280.255891][ T1041] loop1: p4 size 3657465856 extends beyond EOD, truncated
[  280.280603][T26755] loop3: detected capacity change from 0 to 264192
[  280.344462][T26755]  loop3: p1 p3 p4
[  280.348498][T26755] loop3: p1 size 11290111 extends beyond EOD, truncated
[  280.362845][T26755] loop3: p3 size 1912633224 extends beyond EOD, truncated
[  280.389452][T26755] loop3: p4 size 3657465856 extends beyond EOD, truncated
09:18:22 executing program 0 (fault-call:2 fault-nth:21):
mlockall(0x1)
mremap(&(0x7f0000453000/0x4000)=nil, 0x4000, 0x1000, 0x3, &(0x7f000014a000/0x1000)=nil)
mbind(&(0x7f00003b5000/0x800000)=nil, 0x800004, 0x0, 0x0, 0x0, 0x2)

09:18:22 executing program 1:
r0 = syz_io_uring_setup(0x2de1, &(0x7f0000000240)={0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000002000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000001c0)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index, 0x0, 0x0, 0x0, 0x1}, 0x0)
io_uring_enter(r0, 0x302, 0x0, 0x0, 0x0, 0x0)

09:18:22 executing program 4:
mkdir(&(0x7f0000002200)='./file0\x00', 0x1d4)
mount(0x0, &(0x7f0000000980)='./file0\x00', &(0x7f0000000440)='proc\x00', 0x0, 0x0)
chmod(&(0x7f0000000040)='./file0/../file0\x00', 0x21)
pipe(&(0x7f0000000180)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = socket$inet_udp(0x2, 0x2, 0x0)
splice(r0, 0x0, r2, 0x0, 0x10005, 0x0)
bind$unix(r0, &(0x7f0000000080)=@file={0x0, './file0/../file0\x00'}, 0x6e)
r3 = open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
getdents(r3, &(0x7f00000005c0)=""/223, 0xfc61)
bind$unix(r1, &(0x7f00000001c0)=@file={0x1}, 0x6e)
chdir(&(0x7f0000000100)='./file0/../file0\x00')

09:18:22 executing program 2:
r0 = open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x1800007, 0x11, r0, 0x0)
r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r2=>0x0)
ftruncate(r1, 0x81fd)
syz_open_dev$vcsu(&(0x7f0000001700), 0x0, 0x0)
sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000003980)=[{0x0}], 0x1}, 0x0)
io_submit(r2, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0x0, 0x1, 0x0, r1, &(0x7f0000000000), 0x16000}])

09:18:22 executing program 3:
syz_read_part_table(0x97ffffff, 0x1, &(0x7f0000000480)=[{&(0x7f0000000000)="020181ffffff0a000000ff45ac000000000063000800000000000000000000ffffffa9000000e10000008877007200300700a6ffffff00000000008000da55aa", 0x40, 0x1c0}])
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)

09:18:22 executing program 1:
r0 = syz_io_uring_setup(0x2de1, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000002000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r3, 0x0)
r4 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000040), 0xc0081)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r4, 0xc08c5332, &(0x7f0000000100)={0x0, 0x0, 0x0, 'queue1\x00'})
perf_event_open(&(0x7f0000000000)={0x0, 0x80, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xdf8c}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_SET_RECEIVED_SUBVOL(0xffffffffffffffff, 0xc0c89425, &(0x7f0000000040)={"8bcc43116e190b8a2ec276cde892dd9b"})
write$sndseq(r4, &(0x7f0000000000)=[{0x84, 0x77, 0x0, 0x0, @tick, {}, {}, @raw32}], 0xffc8)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000001c0)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, r3, &(0x7f0000000200)={0x20080, 0x0, 0x1}, &(0x7f00000002c0)='./file0\x00', 0x18}, 0x0)
syz_io_uring_setup(0x521b, &(0x7f0000000000)={0x0, 0xb022, 0x6, 0x1, 0x348, 0x0, r0}, &(0x7f0000002000/0x3000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
io_uring_enter(r0, 0x302, 0x0, 0x0, 0x0, 0x0)

[  280.575915][T26792] loop3: detected capacity change from 0 to 264192
[  280.608852][ T1041]  loop1: p2 < > p3 p4
[  280.616665][ T1041] loop1: p2 size 2 extends beyond EOD, truncated
[  280.639878][ T1041] loop1: p3 start 225 is beyond EOD, truncated
[  280.646267][ T1041] loop1: p4 size 3657465856 extends beyond EOD, truncated
[  280.656028][T26792]  loop3: p1 p3 p4
[  280.660045][T26792] loop3: p1 size 11290111 extends beyond EOD, truncated
[  280.680442][T26792] loop3: p3 size 1912633224 extends beyond EOD, truncated
09:18:22 executing program 5:
mlockall(0x1)
mremap(&(0x7f0000453000/0x4000)=nil, 0x4000, 0x1000, 0x3, &(0x7f000014a000/0x1000)=nil)
mbind(&(0x7f00003b5000/0x800000)=nil, 0x800004, 0x4, 0x0, 0x0, 0x2)

09:18:22 executing program 1:
r0 = syz_io_uring_setup(0x2de1, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000002000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000001c0)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index, 0x0, 0x0, 0x0, 0x1}, 0x0)
io_uring_enter(r0, 0x302, 0x0, 0x0, 0x0, 0x0)
mkdir(&(0x7f0000000040)='./file0\x00', 0x0)
r3 = creat(&(0x7f0000000000)='./file0/file0\x00', 0x0)
mount(&(0x7f00000002c0)=ANY=[@ANYBLOB="0005000000000000d56b8def829d1f3677518510272e1f8ed0fedbc9405c73bfbe45e7988bbe8e1842dea223fedca04221e21ebc3f14d5737b966727b4ddf1169851f37c426a2ec626e466811e779b7091c5e22f0aec7514ae1ce9c392a98430a8f9658c0f045e57d632a1acb2bff9061b6355ca50518308670000000000000002665c8df657989043a7b55179e3513204d5c06de2b3c82890ecf449b3d0eff2c6bcdaef08c38d2714ac5a20ee15fa2117ec468c652db9b92c67755384701164b379021c28da89bcc26507ce79325dfaffe753eac56226d8eb55508cb219b05ccee695b250c1bb4e3617a8a47d9a284a52d48c44e502ccea7337ff49f37f5d4c8ba2df468b7a33f97bf2371779959e8e138ebcc4cd75bb3909b3004628b861e8bc9e927c9026832bb4e4e05f7c685f1faea23eabc5155f142b32cd8e5628499095bf4f128d7c42"], &(0x7f0000000180)='./file0\x00', 0x0, 0x19401, 0x0)
write$cgroup_type(r3, &(0x7f00000009c0), 0xd4ba0ff)
unlink(&(0x7f00000000c0)='./file0/file0\x00')
rmdir(&(0x7f0000000080)='./file0\x00')
creat(&(0x7f0000000100)='./file0/file1\x00', 0x0)
r4 = inotify_init1(0x80800)
signalfd4(r4, &(0x7f0000000000)={[0xcff]}, 0x8, 0x800)

09:18:22 executing program 2:
r0 = open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x1800007, 0x11, r0, 0x0)
r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r2=>0x0)
ftruncate(r1, 0x81fd)
syz_open_dev$vcsu(&(0x7f0000001700), 0x0, 0x0)
sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000003980)=[{0x0}], 0x1}, 0x0)
io_submit(r2, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0x2, 0x1, 0x0, r1, &(0x7f0000000000), 0x16000}])

[  280.703811][ T1041]  loop1: p2 < > p3 p4
[  280.706150][T26792] loop3: p4 size 3657465856 extends beyond EOD, truncated
[  280.708247][ T1041] loop1: p2 size 2 extends beyond EOD, truncated
09:18:22 executing program 3:
syz_read_part_table(0xa1ffffff, 0x1, &(0x7f0000000480)=[{&(0x7f0000000000)="020181ffffff0a000000ff45ac000000000063000800000000000000000000ffffffa9000000e10000008877007200300700a6ffffff00000000008000da55aa", 0x40, 0x1c0}])
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)

[  280.748713][ T1041] loop1: p3 start 225 is beyond EOD, truncated
[  280.754960][ T1041] loop1: p4 size 3657465856 extends beyond EOD, truncated
09:18:22 executing program 2:
r0 = open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x1800007, 0x11, r0, 0x0)
r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r2=>0x0)
ftruncate(r1, 0x81fd)
syz_open_dev$vcsu(&(0x7f0000001700), 0x0, 0x0)
sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000003980)=[{0x0}], 0x1}, 0x0)
io_submit(r2, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0x3, 0x1, 0x0, r1, &(0x7f0000000000), 0x16000}])

[  280.861474][T26833] loop3: detected capacity change from 0 to 264192
[  280.928929][T26833]  loop3: p1 p3 p4
[  280.933360][T26833] loop3: p1 size 11290111 extends beyond EOD, truncated
[  280.955470][T26833] loop3: p3 size 1912633224 extends beyond EOD, truncated
[  280.974056][T26833] loop3: p4 size 3657465856 extends beyond EOD, truncated
[  281.020689][T26790] FAULT_INJECTION: forcing a failure.
[  281.020689][T26790] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  281.033959][T26790] CPU: 1 PID: 26790 Comm: syz-executor.0 Not tainted 5.14.0-rc4-syzkaller #0
[  281.042727][T26790] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  281.052785][T26790] Call Trace:
[  281.056059][T26790]  dump_stack_lvl+0xb7/0x103
[  281.060739][T26790]  dump_stack+0x11/0x1a
[  281.064887][T26790]  should_fail+0x23c/0x250
09:18:22 executing program 2:
r0 = open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x1800007, 0x11, r0, 0x0)
r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r2=>0x0)
ftruncate(r1, 0x81fd)
syz_open_dev$vcsu(&(0x7f0000001700), 0x0, 0x0)
sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000003980)=[{0x0}], 0x1}, 0x0)
io_submit(r2, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0x4, 0x1, 0x0, r1, &(0x7f0000000000), 0x16000}])

[  281.069420][T26790]  __alloc_pages+0x102/0x320
[  281.074017][T26790]  alloc_pages_vma+0x513/0x680
[  281.078865][T26790]  ? page_address_in_vma+0x264/0x300
[  281.084163][T26790]  new_page+0x124/0x170
[  281.088317][T26790]  migrate_pages+0x3b3/0x1530
[  281.092995][T26790]  ? do_mbind+0xf50/0xf50
[  281.097339][T26790]  ? remove_migration_ptes+0x90/0x90
[  281.102625][T26790]  do_mbind+0xd43/0xf50
[  281.106836][T26790]  __x64_sys_mbind+0x10a/0x130
[  281.111627][T26790]  do_syscall_64+0x3d/0x90
[  281.116255][T26790]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  281.122223][T26790] RIP: 0033:0x4665e9
[  281.126148][T26790] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  281.146074][T26790] RSP: 002b:00007f21c691d188 EFLAGS: 00000246 ORIG_RAX: 00000000000000ed
[  281.154581][T26790] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665e9
[  281.163180][T26790] RDX: 0000000000000000 RSI: 0000000000800004 RDI: 00000000203b5000
[  281.171348][T26790] RBP: 00007f21c691d1d0 R08: 0000000000000000 R09: 0000000000000002
[  281.179413][T26790] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  281.187389][T26790] R13: 00007ffd632b736f R14: 00007f21c691d300 R15: 0000000000022000
09:18:23 executing program 0 (fault-call:2 fault-nth:22):
mlockall(0x1)
mremap(&(0x7f0000453000/0x4000)=nil, 0x4000, 0x1000, 0x3, &(0x7f000014a000/0x1000)=nil)
mbind(&(0x7f00003b5000/0x800000)=nil, 0x800004, 0x0, 0x0, 0x0, 0x2)

09:18:23 executing program 3:
syz_read_part_table(0xb94d8f95, 0x1, &(0x7f0000000480)=[{&(0x7f0000000000)="020181ffffff0a000000ff45ac000000000063000800000000000000000000ffffffa9000000e10000008877007200300700a6ffffff00000000008000da55aa", 0x40, 0x1c0}])
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)

09:18:23 executing program 2:
r0 = open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x1800007, 0x11, r0, 0x0)
r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r2=>0x0)
ftruncate(r1, 0x81fd)
syz_open_dev$vcsu(&(0x7f0000001700), 0x0, 0x0)
sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000003980)=[{0x0}], 0x1}, 0x0)
io_submit(r2, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0x5, 0x1, 0x0, r1, &(0x7f0000000000), 0x16000}])

09:18:23 executing program 4:
mkdir(&(0x7f0000002200)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000980)='./file0\x00', &(0x7f0000000440)='proc\x00', 0x0, 0x0)
pipe(&(0x7f0000000040)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
lsetxattr$security_capability(&(0x7f00000002c0)='./file0\x00', &(0x7f0000000300), &(0x7f0000000340)=@v1={0x1000000, [{0xfffffe01, 0x1}]}, 0xc, 0x1)
close(0xffffffffffffffff)
splice(r0, 0x0, 0xffffffffffffffff, 0x0, 0x10005, 0x0)
pipe(&(0x7f0000000040)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
write$binfmt_misc(r2, &(0x7f0000000140)=ANY=[], 0x4240a2a0)
pread64(r1, &(0x7f0000000140)=""/91, 0x5b, 0x0)
linkat(r0, &(0x7f0000000280)='./file0/file0\x00', r2, &(0x7f0000000080)='./file0\x00', 0x1000)
r3 = open_tree(r2, &(0x7f00000000c0)='./file0\x00', 0x80001)
pipe(&(0x7f0000000240)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
r5 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x2010, r5, 0x0)
preadv(r5, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
pread64(r5, &(0x7f00000009c0)=""/4096, 0x1000, 0x3f)
syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), r4)
poll(&(0x7f0000000100)=[{r3, 0x3024}], 0x1, 0xe501)
r6 = open$dir(&(0x7f0000000200)='./file0\x00', 0x0, 0x0)
getdents(r6, &(0x7f00000005c0)=""/223, 0xfc61)

09:18:23 executing program 1:
r0 = syz_io_uring_setup(0xf2f, &(0x7f0000000240)={0x0, 0x0, 0xd}, &(0x7f0000002000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000001c0)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index, 0x0, 0x0, 0x0, 0x1}, 0x0)
io_uring_enter(r0, 0x302, 0x0, 0x0, 0x0, 0x0)

[  281.577608][ T1041]  loop1: p2 < > p3 p4
[  281.581906][ T1041] loop1: p2 size 2 extends beyond EOD, truncated
[  281.605032][ T1041] loop1: p3 start 225 is beyond EOD, truncated
[  281.611365][ T1041] loop1: p4 size 3657465856 extends beyond EOD, truncated
09:18:23 executing program 5:
mlockall(0x1)
mremap(&(0x7f0000453000/0x4000)=nil, 0x4000, 0x1000, 0x3, &(0x7f000014a000/0x1000)=nil)
mbind(&(0x7f00003b5000/0x800000)=nil, 0x800004, 0x7, 0x0, 0x0, 0x2)

09:18:23 executing program 1:
r0 = syz_io_uring_setup(0x2de1, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000002000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
syz_io_uring_setup(0x5730, &(0x7f0000000000)={0x0, 0x434, 0x1, 0x2, 0x2e9, 0x0, r0}, &(0x7f0000001000/0x3000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=<r3=>0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000180)=@IORING_OP_CLOSE={0x13, 0x2, 0x0, r0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0xffffffff)
syz_io_uring_submit(r1, r2, &(0x7f00000001c0)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index, 0x0, 0x0, 0x0, 0x1}, 0x0)
io_uring_enter(r0, 0x302, 0x0, 0x0, 0x0, 0x0)

[  281.660061][T26882] loop3: detected capacity change from 0 to 264192
09:18:23 executing program 2:
r0 = open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x1800007, 0x11, r0, 0x0)
r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r2=>0x0)
ftruncate(r1, 0x81fd)
syz_open_dev$vcsu(&(0x7f0000001700), 0x0, 0x0)
sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000003980)=[{0x0}], 0x1}, 0x0)
io_submit(r2, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0x6, 0x1, 0x0, r1, &(0x7f0000000000), 0x16000}])

09:18:23 executing program 1:
r0 = syz_io_uring_setup(0x2de1, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x23b, 0x0, 0x0}, &(0x7f0000002000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000), 0xc343, 0x0)
io_uring_enter(r3, 0x66b8, 0xdc7d, 0x1, &(0x7f0000000040)={[0x401]}, 0x8)
syz_io_uring_submit(r1, r2, &(0x7f00000001c0)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index, 0x0, 0x0, 0x0, 0x1}, 0x0)
io_uring_enter(r0, 0x302, 0x0, 0x0, 0x0, 0x0)

[  281.721062][T26882]  loop3: p1 p3 p4
[  281.724978][T26882] loop3: p1 size 11290111 extends beyond EOD, truncated
[  281.736882][T26882] loop3: p3 size 1912633224 extends beyond EOD, truncated
[  281.757890][T26882] loop3: p4 size 3657465856 extends beyond EOD, truncated
[  281.792691][ T1041]  loop1: p2 < > p3 p4
[  281.800485][ T1041] loop1: p2 size 2 extends beyond EOD, truncated
[  281.828165][ T1041] loop1: p3 start 225 is beyond EOD, truncated
[  281.834508][ T1041] loop1: p4 size 3657465856 extends beyond EOD, truncated
09:18:23 executing program 1:
r0 = syz_io_uring_setup(0x2de1, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000002000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000140))
pipe(&(0x7f0000000040)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
write$binfmt_misc(r3, &(0x7f0000000140)=ANY=[], 0x4240a2a0)
r4 = syz_io_uring_setup(0x495a, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=<r5=>0x0, &(0x7f0000000100)=<r6=>0x0)
syz_io_uring_submit(r5, r6, &(0x7f0000000040)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x4, 0x0, @fd=r4}, 0x9)
syz_io_uring_submit(r5, r6, &(0x7f0000008540)=@IORING_OP_CLOSE, 0x10001)
r7 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r7, 0x0)
preadv(r7, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
fcntl$addseals(r7, 0x409, 0x5)
syz_io_uring_submit(r5, r6, &(0x7f00000000c0)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r6, &(0x7f00000001c0)=@IORING_OP_WRITE={0x17, 0x2, 0x4000, @fd=r3, 0x400, &(0x7f0000000000)="f3b2866f905036fafeeb84bacfb679c663eebdc13342ed4b61a9ddfce3496a38f25221e3a554a6477db63ceb61bb7e50adeb03f1b7ddbd24cab0e48edf8e7bae03bdc8cb4aebd72b60d00d7530c833023f302a33da05375e056c6ee82d96f07d36d810062fa3e2ba564feb9d66169bc6ae1aacac650074faf4e160c765aff1532264fcc53b17b6", 0x87, 0x4, 0x1}, 0x0)
ioctl$BTRFS_IOC_QUOTA_CTL(r2, 0xc0109428, &(0x7f0000000180)={0x1, 0x1f})
io_uring_enter(r0, 0x302, 0x0, 0x0, 0x0, 0x0)
ioctl$EVIOCGBITSW(r3, 0x80404525, &(0x7f0000000200)=""/37)

09:18:23 executing program 2:
r0 = open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x1800007, 0x11, r0, 0x0)
r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r2=>0x0)
ftruncate(r1, 0x81fd)
syz_open_dev$vcsu(&(0x7f0000001700), 0x0, 0x0)
sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000003980)=[{0x0}], 0x1}, 0x0)
io_submit(r2, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0x7, 0x1, 0x0, r1, &(0x7f0000000000), 0x16000}])

[  281.887355][ T1041]  loop1: p2 < > p3 p4
[  281.891910][T26882] loop3: detected capacity change from 0 to 264192
[  281.898718][ T1041] loop1: p2 size 2 extends beyond EOD, truncated
[  281.920157][ T1041] loop1: p3 start 225 is beyond EOD, truncated
[  281.926477][ T1041] loop1: p4 size 3657465856 extends beyond EOD, truncated
[  281.948763][T26882]  loop3: p1 p3 p4
[  281.953060][T26882] loop3: p1 size 11290111 extends beyond EOD, truncated
[  281.973271][T26882] loop3: p3 size 1912633224 extends beyond EOD, truncated
[  281.994319][T26882] loop3: p4 size 3657465856 extends beyond EOD, truncated
[  282.041033][T26879] FAULT_INJECTION: forcing a failure.
[  282.041033][T26879] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  282.054435][T26879] CPU: 1 PID: 26879 Comm: syz-executor.0 Not tainted 5.14.0-rc4-syzkaller #0
[  282.063277][T26879] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  282.073331][T26879] Call Trace:
[  282.076638][T26879]  dump_stack_lvl+0xb7/0x103
[  282.081227][T26879]  dump_stack+0x11/0x1a
[  282.085998][T26879]  should_fail+0x23c/0x250
09:18:23 executing program 3:
syz_read_part_table(0xc1260000, 0x1, &(0x7f0000000480)=[{&(0x7f0000000000)="020181ffffff0a000000ff45ac000000000063000800000000000000000000ffffffa9000000e10000008877007200300700a6ffffff00000000008000da55aa", 0x40, 0x1c0}])
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)

[  282.090631][T26879]  __alloc_pages+0x102/0x320
[  282.095491][T26879]  alloc_pages_vma+0x513/0x680
[  282.100286][T26879]  ? page_address_in_vma+0x264/0x300
[  282.105581][T26879]  new_page+0x124/0x170
[  282.109734][T26879]  migrate_pages+0x3b3/0x1530
[  282.114563][T26879]  ? do_mbind+0xf50/0xf50
[  282.118903][T26879]  ? remove_migration_ptes+0x90/0x90
[  282.124536][T26879]  do_mbind+0xd43/0xf50
[  282.128772][T26879]  __x64_sys_mbind+0x10a/0x130
[  282.133526][T26879]  do_syscall_64+0x3d/0x90
[  282.138036][T26879]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  282.144118][T26879] RIP: 0033:0x4665e9
[  282.148114][T26879] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  282.168469][T26879] RSP: 002b:00007f21c691d188 EFLAGS: 00000246 ORIG_RAX: 00000000000000ed
[  282.176928][T26879] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665e9
[  282.184939][T26879] RDX: 0000000000000000 RSI: 0000000000800004 RDI: 00000000203b5000
[  282.192906][T26879] RBP: 00007f21c691d1d0 R08: 0000000000000000 R09: 0000000000000002
[  282.200938][T26879] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  282.209090][T26879] R13: 00007ffd632b736f R14: 00007f21c691d300 R15: 0000000000022000
[  282.300947][T26945] loop3: detected capacity change from 0 to 264192
[  282.338944][T26945]  loop3: p1 p3 p4
[  282.342948][T26945] loop3: p1 size 11290111 extends beyond EOD, truncated
[  282.358895][T26945] loop3: p3 size 1912633224 extends beyond EOD, truncated
[  282.366631][T26945] loop3: p4 size 3657465856 extends beyond EOD, truncated
09:18:24 executing program 0 (fault-call:2 fault-nth:23):
mlockall(0x1)
mremap(&(0x7f0000453000/0x4000)=nil, 0x4000, 0x1000, 0x3, &(0x7f000014a000/0x1000)=nil)
mbind(&(0x7f00003b5000/0x800000)=nil, 0x800004, 0x0, 0x0, 0x0, 0x2)

09:18:24 executing program 2:
r0 = open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x1800007, 0x11, r0, 0x0)
r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r2=>0x0)
ftruncate(r1, 0x81fd)
syz_open_dev$vcsu(&(0x7f0000001700), 0x0, 0x0)
sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000003980)=[{0x0}], 0x1}, 0x0)
io_submit(r2, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0x8, 0x1, 0x0, r1, &(0x7f0000000000), 0x16000}])

09:18:24 executing program 5:
mlockall(0x1)
mremap(&(0x7f0000453000/0x4000)=nil, 0x4000, 0x1000, 0x3, &(0x7f000014a000/0x1000)=nil)
mbind(&(0x7f00003b5000/0x800000)=nil, 0x800004, 0x8, 0x0, 0x0, 0x2)

09:18:24 executing program 3:
syz_read_part_table(0xc9ffffff, 0x1, &(0x7f0000000480)=[{&(0x7f0000000000)="020181ffffff0a000000ff45ac000000000063000800000000000000000000ffffffa9000000e10000008877007200300700a6ffffff00000000008000da55aa", 0x40, 0x1c0}])
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)

09:18:24 executing program 4:
preadv(0xffffffffffffffff, &(0x7f0000000300)=[{&(0x7f0000000040)=""/80, 0x50}, {&(0x7f00000000c0)=""/234, 0xea}, {&(0x7f00000001c0)=""/36, 0x24}, {&(0x7f0000000200)=""/32, 0x20}, {&(0x7f00000009c0)=""/4096, 0x1000}, {&(0x7f0000000240)=""/49, 0x31}, {&(0x7f0000000280)=""/93, 0x5d}], 0x7, 0x3, 0xfff)
mkdir(&(0x7f0000002200)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000980)='./file0\x00', &(0x7f0000000440)='proc\x00', 0x0, 0x0)
open(&(0x7f00000003c0)='./file0\x00', 0x203, 0x101)
r0 = open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
pipe(&(0x7f0000000040)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = socket$nl_generic(0x10, 0x3, 0x10)
open_by_handle_at(r2, &(0x7f0000000400)=@FILEID_INO32_GEN={0x8, 0x1, {0x760, 0x1}}, 0x88000)
write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0)
openat(r1, &(0x7f0000000380)='./file0\x00', 0x121000, 0x20)
lsetxattr(&(0x7f0000000480)='./file0\x00', &(0x7f00000004c0)=@random={'system.', '-!,,*\'}]\'\x00'}, &(0x7f0000000500)='proc\x00', 0x5, 0x1)
getdents(r0, &(0x7f00000005c0)=""/223, 0xfc61)

[  282.608449][T26985] loop3: detected capacity change from 0 to 264192
09:18:24 executing program 2:
r0 = open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x1800007, 0x11, r0, 0x0)
r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r2=>0x0)
ftruncate(r1, 0x81fd)
syz_open_dev$vcsu(&(0x7f0000001700), 0x0, 0x0)
sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000003980)=[{0x0}], 0x1}, 0x0)
io_submit(r2, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0x9, 0x1, 0x0, r1, &(0x7f0000000000), 0x16000}])

[  282.658738][T26985]  loop3: p1 p3 p4
[  282.664238][T26985] loop3: p1 size 11290111 extends beyond EOD, truncated
[  282.679746][T26985] loop3: p3 size 1912633224 extends beyond EOD, truncated
[  282.697452][T26985] loop3: p4 size 3657465856 extends beyond EOD, truncated
09:18:24 executing program 3:
syz_read_part_table(0xe4ffffff, 0x1, &(0x7f0000000480)=[{&(0x7f0000000000)="020181ffffff0a000000ff45ac000000000063000800000000000000000000ffffffa9000000e10000008877007200300700a6ffffff00000000008000da55aa", 0x40, 0x1c0}])
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)

09:18:24 executing program 1:
r0 = syz_io_uring_setup(0x2de1, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000002000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = syz_io_uring_setup(0x1249, &(0x7f0000000240), &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000100)=<r4=>0x0, &(0x7f0000000080)=<r5=>0x0)
r6 = io_uring_register$IORING_REGISTER_PERSONALITY(r3, 0x9, 0x0, 0x0)
syz_io_uring_submit(r4, r5, &(0x7f0000000040)=@IORING_OP_FALLOCATE={0x11, 0x0, 0x0, @fd=r3, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, r6}}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000001c0)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x5, 0x6000, @fd_index, 0x5, 0x0, 0x0, 0x10, 0x1, {0x0, r6}}, 0x0)
io_uring_enter(r0, 0x302, 0x0, 0x0, 0x0, 0x0)

09:18:24 executing program 2:
r0 = open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x1800007, 0x11, r0, 0x0)
r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r2=>0x0)
ftruncate(r1, 0x81fd)
syz_open_dev$vcsu(&(0x7f0000001700), 0x0, 0x0)
sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000003980)=[{0x0}], 0x1}, 0x0)
io_submit(r2, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0xa, 0x1, 0x0, r1, &(0x7f0000000000), 0x16000}])

[  282.806810][T27005] loop3: detected capacity change from 0 to 264192
[  282.820078][ T1041]  loop1: p2 < > p3 p4
[  282.824333][ T1041] loop1: p2 size 2 extends beyond EOD, truncated
[  282.840073][ T1041] loop1: p3 start 225 is beyond EOD, truncated
[  282.846569][ T1041] loop1: p4 size 3657465856 extends beyond EOD, truncated
09:18:24 executing program 1:
r0 = syz_io_uring_setup(0x2de1, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000002000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = syz_io_uring_setup(0x1249, &(0x7f0000000240), &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000100)=<r4=>0x0, &(0x7f0000000080)=<r5=>0x0)
r6 = io_uring_register$IORING_REGISTER_PERSONALITY(r3, 0x9, 0x0, 0x0)
syz_io_uring_submit(r4, r5, &(0x7f0000000040)=@IORING_OP_FALLOCATE={0x11, 0x0, 0x0, @fd=r3, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, r6}}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000001c0)=@IORING_OP_WRITE_FIXED={0x5, 0x0, 0x0, @fd, 0xfffffffffffffffd, 0x40, 0x9, 0x12, 0x1, {0x2, r6}}, 0x0)
io_uring_enter(r0, 0x302, 0x0, 0x0, 0x0, 0x0)

[  282.889593][T27005]  loop3: p1 p3 p4
[  282.893747][T27005] loop3: p1 size 11290111 extends beyond EOD, truncated
[  282.919121][ T1041]  loop1: p2 < > p3 p4
[  282.923982][T27005] loop3: p3 size 1912633224 extends beyond EOD, truncated
[  282.930379][ T1041] loop1: p2 size 2 extends beyond EOD, truncated
[  282.947963][ T1041] loop1: p3 start 225 is beyond EOD, truncated
[  282.954650][ T1041] loop1: p4 size 3657465856 extends beyond EOD, truncated
[  282.955158][T27005] loop3: p4 size 3657465856 extends beyond EOD, truncated
[  282.987870][T26984] FAULT_INJECTION: forcing a failure.
[  282.987870][T26984] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  283.001286][T26984] CPU: 1 PID: 26984 Comm: syz-executor.0 Not tainted 5.14.0-rc4-syzkaller #0
[  283.010062][T26984] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  283.020279][T26984] Call Trace:
[  283.023725][T26984]  dump_stack_lvl+0xb7/0x103
[  283.028323][T26984]  dump_stack+0x11/0x1a
[  283.032615][T26984]  should_fail+0x23c/0x250
[  283.037160][T26984]  __alloc_pages+0x102/0x320
[  283.041770][T26984]  alloc_pages_vma+0x513/0x680
[  283.046612][T26984]  ? page_address_in_vma+0x264/0x300
[  283.052091][T26984]  new_page+0x124/0x170
[  283.056338][T26984]  migrate_pages+0x3b3/0x1530
[  283.061082][T26984]  ? do_mbind+0xf50/0xf50
[  283.065499][T26984]  ? remove_migration_ptes+0x90/0x90
[  283.070862][T26984]  do_mbind+0xd43/0xf50
[  283.075162][T26984]  __x64_sys_mbind+0x10a/0x130
[  283.080005][T26984]  do_syscall_64+0x3d/0x90
[  283.084427][T26984]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  283.090316][T26984] RIP: 0033:0x4665e9
09:18:24 executing program 1:
r0 = syz_io_uring_setup(0x2de1, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000002000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000001c0)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index, 0x0, 0x0, 0x0, 0x1}, 0x0)
io_uring_enter(r0, 0x302, 0x0, 0x0, 0x0, 0x0)
pipe2(&(0x7f0000000000)={0xffffffffffffffff, <r3=>0xffffffffffffffff}, 0x800)
io_uring_setup(0x747f, &(0x7f0000000040)={0x0, 0x7079, 0x28, 0x1, 0x22b, 0x0, r3})

[  283.094283][T26984] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  283.114008][T26984] RSP: 002b:00007f21c691d188 EFLAGS: 00000246 ORIG_RAX: 00000000000000ed
[  283.122508][T26984] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665e9
[  283.130480][T26984] RDX: 0000000000000000 RSI: 0000000000800004 RDI: 00000000203b5000
[  283.138447][T26984] RBP: 00007f21c691d1d0 R08: 0000000000000000 R09: 0000000000000002
09:18:24 executing program 2:
r0 = open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x1800007, 0x11, r0, 0x0)
r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r2=>0x0)
ftruncate(r1, 0x81fd)
syz_open_dev$vcsu(&(0x7f0000001700), 0x0, 0x0)
sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000003980)=[{0x0}], 0x1}, 0x0)
io_submit(r2, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0xb, 0x1, 0x0, r1, &(0x7f0000000000), 0x16000}])

[  283.144061][ T1041]  loop1: p2 < > p3 p4
[  283.146414][T26984] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  283.146428][T26984] R13: 00007ffd632b736f R14: 00007f21c691d300 R15: 0000000000022000
[  283.231782][ T1041] loop1: p2 size 2 extends beyond EOD, truncated
[  283.246444][T27005] loop3: detected capacity change from 0 to 264192
[  283.258682][ T1041] loop1: p3 start 225 is beyond EOD, truncated
[  283.264887][ T1041] loop1: p4 size 3657465856 extends beyond EOD, truncated
[  283.284388][T27005]  loop3: p1 p3 p4
[  283.288314][T27005] loop3: p1 size 11290111 extends beyond EOD, truncated
[  283.304680][T27005] loop3: p3 size 1912633224 extends beyond EOD, truncated
[  283.326433][T27005] loop3: p4 size 3657465856 extends beyond EOD, truncated
[  283.401615][ T1041]  loop1: p2 < > p3 p4
[  283.408884][ T1041] loop1: p2 size 2 extends beyond EOD, truncated
[  283.425452][ T1041] loop1: p3 start 225 is beyond EOD, truncated
[  283.431800][ T1041] loop1: p4 size 3657465856 extends beyond EOD, truncated
09:18:25 executing program 0 (fault-call:2 fault-nth:24):
mlockall(0x1)
mremap(&(0x7f0000453000/0x4000)=nil, 0x4000, 0x1000, 0x3, &(0x7f000014a000/0x1000)=nil)
mbind(&(0x7f00003b5000/0x800000)=nil, 0x800004, 0x0, 0x0, 0x0, 0x2)

09:18:25 executing program 1:
r0 = syz_io_uring_setup(0x685e, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000002000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
pipe(&(0x7f0000000040)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
write$binfmt_misc(r3, &(0x7f0000000140)=ANY=[], 0x4240a2a0)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2000002, 0x110, r3, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f00000001c0)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index, 0x0, 0x0, 0x0, 0x1}, 0x0)
io_uring_enter(r0, 0x302, 0x0, 0x0, 0x0, 0x0)

09:18:25 executing program 5:
mlockall(0x1)
mremap(&(0x7f0000453000/0x4000)=nil, 0x4000, 0x1000, 0x3, &(0x7f000014a000/0x1000)=nil)
mbind(&(0x7f00003b5000/0x800000)=nil, 0x800004, 0x300, 0x0, 0x0, 0x2)

09:18:25 executing program 2:
r0 = open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x1800007, 0x11, r0, 0x0)
r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r2=>0x0)
ftruncate(r1, 0x81fd)
syz_open_dev$vcsu(&(0x7f0000001700), 0x0, 0x0)
sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000003980)=[{0x0}], 0x1}, 0x0)
io_submit(r2, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0xc, 0x1, 0x0, r1, &(0x7f0000000000), 0x16000}])

09:18:25 executing program 3:
syz_read_part_table(0xf5040000, 0x1, &(0x7f0000000480)=[{&(0x7f0000000000)="020181ffffff0a000000ff45ac000000000063000800000000000000000000ffffffa9000000e10000008877007200300700a6ffffff00000000008000da55aa", 0x40, 0x1c0}])
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)

09:18:25 executing program 4:
mkdir(&(0x7f0000002200)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000980)='./file0\x00', &(0x7f0000000440)='proc\x00', 0x0, 0x0)
r0 = open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
getdents(r0, &(0x7f00000005c0)=""/223, 0xfc61)
getdents(r0, &(0x7f0000000040)=""/120, 0x78)

09:18:25 executing program 4:
mkdir(&(0x7f0000002200)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080)='nilfs2\x00', 0x3100840, 0x0)
r0 = open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
open(&(0x7f00000001c0)='./file0\x00', 0x80, 0x45)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000100), 0x4040, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}, 0x2c, {[{@access_uid={'access', 0x3d, 0xee00}}, {@loose}, {@cachetag={'cachetag', 0x3d, 'nilfs2\x00'}}]}})
getdents(r0, &(0x7f00000005c0)=""/223, 0xfc61)

[  283.671599][T27078] loop3: detected capacity change from 0 to 264192
[  283.730567][T27078]  loop3: p1 p3 p4
[  283.734700][T27078] loop3: p1 size 11290111 extends beyond EOD, truncated
[  283.763450][T27078] loop3: p3 size 1912633224 extends beyond EOD, truncated
09:18:25 executing program 2:
r0 = open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x1800007, 0x11, r0, 0x0)
r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r2=>0x0)
ftruncate(r1, 0x81fd)
syz_open_dev$vcsu(&(0x7f0000001700), 0x0, 0x0)
sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000003980)=[{0x0}], 0x1}, 0x0)
io_submit(r2, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0xd, 0x1, 0x0, r1, &(0x7f0000000000), 0x16000}])

[  283.780602][T27078] loop3: p4 size 3657465856 extends beyond EOD, truncated
09:18:25 executing program 4:
mkdir(&(0x7f0000002200)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000980)='./file0\x00', &(0x7f0000000440)='proc\x00', 0x0, 0x0)
r0 = open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
getdents(r0, &(0x7f00000005c0)=""/223, 0xfc61)
r1 = syz_mount_image$iso9660(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x1, 0x0, &(0x7f00000000c0), 0xa5065, &(0x7f0000000100)={[{@check_strict}, {@iocharset={'iocharset', 0x3d, 'iso8859-14'}}, {@mode={'mode', 0x3d, 0x6}}], [{@appraise}]})
pipe(&(0x7f0000000040)={<r2=>0xffffffffffffffff})
r3 = socket$inet_udp(0x2, 0x2, 0x0)
close(r3)
splice(r2, 0x0, r3, 0x0, 0x10005, 0x0)
move_mount(r1, &(0x7f0000000180)='./file0\x00', r2, &(0x7f00000001c0)='./file0\x00', 0x0)

09:18:25 executing program 3:
syz_read_part_table(0xf6ffffff, 0x1, &(0x7f0000000480)=[{&(0x7f0000000000)="020181ffffff0a000000ff45ac000000000063000800000000000000000000ffffffa9000000e10000008877007200300700a6ffffff00000000008000da55aa", 0x40, 0x1c0}])
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)

[  283.941014][T27111] loop3: detected capacity change from 0 to 264192
09:18:25 executing program 2:
r0 = open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x1800007, 0x11, r0, 0x0)
r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r2=>0x0)
ftruncate(r1, 0x81fd)
syz_open_dev$vcsu(&(0x7f0000001700), 0x0, 0x0)
sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000003980)=[{0x0}], 0x1}, 0x0)
io_submit(r2, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0xf, 0x1, 0x0, r1, &(0x7f0000000000), 0x16000}])

09:18:25 executing program 4:
mkdir(&(0x7f0000002200)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000980)='./file0\x00', &(0x7f0000000440)='proc\x00', 0x0, 0x0)
r0 = open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
getdents(r0, &(0x7f00000005c0)=""/223, 0xfc61)
symlink(&(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='./file0\x00')
openat(r0, &(0x7f0000000040)='./file0\x00', 0x1a8fda0394caf199, 0x104)

[  283.984284][T27111]  loop3: p1 p3 p4
[  283.989030][T27111] loop3: p1 size 11290111 extends beyond EOD, truncated
[  284.016605][T27111] loop3: p3 size 1912633224 extends beyond EOD, truncated
[  284.055538][T27111] loop3: p4 size 3657465856 extends beyond EOD, truncated
[  284.064135][T27082] FAULT_INJECTION: forcing a failure.
[  284.064135][T27082] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  284.077663][T27082] CPU: 1 PID: 27082 Comm: syz-executor.0 Not tainted 5.14.0-rc4-syzkaller #0
[  284.086432][T27082] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  284.096641][T27082] Call Trace:
[  284.099920][T27082]  dump_stack_lvl+0xb7/0x103
[  284.104516][T27082]  dump_stack+0x11/0x1a
[  284.108668][T27082]  should_fail+0x23c/0x250
[  284.113088][T27082]  __alloc_pages+0x102/0x320
[  284.117673][T27082]  alloc_pages_vma+0x513/0x680
[  284.122536][T27082]  ? page_address_in_vma+0x264/0x300
[  284.127853][T27082]  new_page+0x124/0x170
[  284.132016][T27082]  migrate_pages+0x3b3/0x1530
[  284.136733][T27082]  ? do_mbind+0xf50/0xf50
[  284.141090][T27082]  ? remove_migration_ptes+0x90/0x90
[  284.146440][T27082]  do_mbind+0xd43/0xf50
[  284.150603][T27082]  __x64_sys_mbind+0x10a/0x130
[  284.155429][T27082]  do_syscall_64+0x3d/0x90
[  284.160002][T27082]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  284.165990][T27082] RIP: 0033:0x4665e9
[  284.169908][T27082] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  284.189785][T27082] RSP: 002b:00007f21c691d188 EFLAGS: 00000246 ORIG_RAX: 00000000000000ed
[  284.200891][T27082] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665e9
[  284.209296][T27082] RDX: 0000000000000000 RSI: 0000000000800004 RDI: 00000000203b5000
[  284.217428][T27082] RBP: 00007f21c691d1d0 R08: 0000000000000000 R09: 0000000000000002
[  284.225485][T27082] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  284.233635][T27082] R13: 00007ffd632b736f R14: 00007f21c691d300 R15: 0000000000022000
[  284.273073][T27100] print_req_error: 81 callbacks suppressed
[  284.273104][T27100] blk_update_request: I/O error, dev loop3, sector 263946 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 0
[  284.280265][T27091] blk_update_request: I/O error, dev loop3, sector 264033 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 0
[  284.292288][T27111] __loop_clr_fd: partition scan of loop3 failed (rc=-16)
[  284.304081][T27083] blk_update_request: I/O error, dev loop3, sector 264064 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 0
[  284.328365][T27111] loop3: detected capacity change from 0 to 264192
[  284.378731][T27111] loop_reread_partitions: partition scan of loop3 () failed (rc=-16)
09:18:26 executing program 0 (fault-call:2 fault-nth:25):
mlockall(0x1)
mremap(&(0x7f0000453000/0x4000)=nil, 0x4000, 0x1000, 0x3, &(0x7f000014a000/0x1000)=nil)
mbind(&(0x7f00003b5000/0x800000)=nil, 0x800004, 0x0, 0x0, 0x0, 0x2)

09:18:26 executing program 4:
mkdir(&(0x7f0000002200)='./file0\x00', 0x0)
mount(&(0x7f0000000040)=@sg0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='romfs\x00', 0x28000, &(0x7f0000000100)='\x00')
mount(0x0, &(0x7f0000000980)='./file0\x00', &(0x7f0000000440)='proc\x00', 0x0, 0x0)
r0 = open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
getdents(r0, &(0x7f00000005c0)=""/223, 0xfc61)

09:18:26 executing program 2:
r0 = open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x1800007, 0x11, r0, 0x0)
r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r2=>0x0)
ftruncate(r1, 0x81fd)
syz_open_dev$vcsu(&(0x7f0000001700), 0x0, 0x0)
sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000003980)=[{0x0}], 0x1}, 0x0)
io_submit(r2, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0x10, 0x1, 0x0, r1, &(0x7f0000000000), 0x16000}])

09:18:26 executing program 5:
mlockall(0x1)
mremap(&(0x7f0000453000/0x4000)=nil, 0x4000, 0x1000, 0x3, &(0x7f000014a000/0x1000)=nil)
mbind(&(0x7f00003b5000/0x800000)=nil, 0x800004, 0x700, 0x0, 0x0, 0x2)

09:18:26 executing program 3:
syz_read_part_table(0xfbffffff, 0x1, &(0x7f0000000480)=[{&(0x7f0000000000)="020181ffffff0a000000ff45ac000000000063000800000000000000000000ffffffa9000000e10000008877007200300700a6ffffff00000000008000da55aa", 0x40, 0x1c0}])
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)

09:18:26 executing program 1:
r0 = syz_io_uring_setup(0x2de1, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000002000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = syz_io_uring_setup(0x495a, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=<r4=>0x0, &(0x7f0000000100)=<r5=>0x0)
syz_io_uring_submit(r4, r5, &(0x7f0000000040)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x4, 0x0, @fd=r3}, 0x9)
syz_io_uring_submit(r4, r5, &(0x7f0000008540)=@IORING_OP_CLOSE, 0x10001)
syz_io_uring_submit(r4, r5, &(0x7f00000000c0)=@IORING_OP_WRITE_FIXED, 0x0)
r6 = syz_io_uring_setup(0x495a, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=<r7=>0x0, &(0x7f0000000100)=<r8=>0x0)
syz_io_uring_submit(r7, r8, &(0x7f0000000040)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x4, 0x0, @fd=r6}, 0x9)
syz_io_uring_submit(r7, r8, &(0x7f0000008540)=@IORING_OP_CLOSE={0x13, 0x3}, 0x10001)
syz_io_uring_submit(r7, r8, &(0x7f00000000c0)=@IORING_OP_WRITE_FIXED, 0x0)
r9 = io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0)
syz_io_uring_submit(r4, r8, &(0x7f0000000000)=@IORING_OP_ASYNC_CANCEL={0xe, 0x1, 0x0, 0x0, 0x0, 0x23456, 0x0, 0x0, 0x1, {0x0, r9}}, 0x3)
syz_io_uring_submit(r1, r2, &(0x7f00000001c0)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index, 0x0, 0x0, 0x0, 0x1}, 0x0)
io_uring_enter(r0, 0x302, 0x0, 0x0, 0x0, 0x0)
r10 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r10, 0x0)
preadv(r10, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BTRFS_IOC_DEV_REPLACE(r10, 0xca289435, &(0x7f0000000580)={0x0, 0x0, @start={0x0, 0x0, "7a39b90a29e22526026b1132a6513f760be94febeed8ebba4c02a142a81e51de74c159113a3a48611c277fb4302cf11b0897b7844297aed27832797faf5cdd14ed3f8d91d6baef0ef61309a84efade4a9e9567153f434f09c65e668bff2381f562502f49155d046918a3ec264241fc5106d0788085b32607a37afe7b6149b0cb3fb2b2f2c385c835d2c91fe1441b18d97b566f664802e72232b793d5367a0db623f5eb090bf032225fc2f05fc91bd1309a364510a036b1d9561a32065d3e9c1496751f5459d93922ca5b9a387491f8db30539615d67687f8970592db2f9b9c7c09afe408335f62cac8434e2c8ba7cc6182edc136e7e320daa2c410c693d087b686633e7ee5488b40d879255772b7bf71a413ca345fdff5d32313e6bf7cc8135d39b040b403ec72405d54e3431d97b16271a1d022643cb8e8640432f9639078856d29b3ccbdf30a4ad30f24a667eda16115136d4a14fa61e3622c8b7d2db9b1f5fce6d7229ce08f5b7eea3c9cd47642bfc639b4b57ef4c944cff75af9959c6cd74143facd38a27589e6331b931550443a651a47e4d3ec6f2a34b7bf04cd91a5e079c568ea4a421fb34451127872d7bec2a5e93d8df84fa8b3e794e4dbbe9de5061580cbee55e0c007ac531293a9ec12d694958efb6c6445effeb46af49680b58f743bc2a64ef9cec443804e506b19143f8049a6cd52ae8a5b4edfba06ffc56a9e262ddb69458c9894e6eb712cc6f6fc64c8ca1c7ecada736e83107eb9bc8cb3e3b52ab63650e1e37db595c2bd54a9c9c0201db08de22f115abecbae977637623685da810afdab7e695f1706aff2b47cc1f6be332aadcfb9b6988b4e3c0a34ee1b9ace1e962c3a21634f735e31ce6d2fbdde4bd2c6fa879adb5d1f2ce5ba2655b781204aeff0c756e56b4fab8a2586b8746ff8c73d64e774edbc5fb3caeff3653179f2ab1e9ec2fa653e3d600dfeabdb4475e0daa72e994be611aadc119cf4cc2113d43253eafcb8c057d3ba271cbaeeebd78d0150a17be76482aace73dd5ab8518846875281349a18b91d96ae0faf5931e6e4a10ba8351c007cd65585ca78cf37356b52b2bd84d0ea1d3e3e8322d1f605d46c3e7b9ff666efaf19f1cf6b630b93dae81f755703fc3dca1e49f24ab568e3374b3f8dadd8da7a824870f259f126d26f0526e3ec44fad99d0cf73a3e4398e523461168ed1e85202e6fdd9980796a0324353c1873390f922fbee2c0f4caa5922f64037d76220d44763533dbfae1cb696e1fffd5b26dc7f8304163497c6c89c6585142ae2ca9afbbea9e480f1b9e0c259e22c584306f3248fde0051bb891547a45e73cc018ffa65d91c9ba8dc7b0a0d72b4d037787bef4cad04e47b188deb4935ac889b148b34088b7b1cd4fc389922f2fd25a39f31705cd979d3ee3c421941d6cd02a5a3ef05fced07821633fb58fd3f6", "4ec8e960518e4ec85c893b752173f94a016538b87e0219fc2007d70b869f5a935b5ffe1242c1ac9bbb7e399f2869e48cda9df3fbf23412e0720045dc1efaf28e867c9d1dfad198dc0b6e31a71b16d2789276a048b85713f700a9e1bf12feaf57f586b36c0b9f9ca4907cde33cd40b406f3e6a792a2ad779f4da7ad5abde69b545f599fc3d938f28884c3a1eb871face205c3c786c3dfd8da81dea20ea1d95c3f5aaa120ed3f04d3ac3976003e3d24c7254ea26cbd34b1d104fa7acef49637d69fb3962f5d1f0fb88fbf76e7f23fd13feff229a52eafd3301d7dd9635b3a5b77a789f99acd7633cf3d67bfe0128f60fbf216804c12d4b682dd72a520e1018eec91d39569e0b3086200f1af905b4d1f5fc859aaffa0b2ea0ebbc29aa4e4954c7e346ba258f8b392936b70ff3af9887f0fb0f43c380bd103589f574d0c1e6b0bb65c075b6ac1888e2228fcc312cc0c0059bc3a27d19f350566354dba666136dc890fd6260be86f7db35c8f6aeb62b50794e4d5b756285fd6e08079c10b81bedb60c09f02471b0eca0c254b58be5a6fc73492c39d4210b4a2b4c79ab9511f1ad039827ff9d6593bb1a161d19c3c554b2424a5edfca407eb189cdb42e9b84381febc0ab637c558ab50c11daf53adc544ce0f48b087ed92a05cbf56ac660dc9e23d3c66cc71aca944e46af6d61a3ee87f554e324285b834a1f725792e3a09d24ed7b402f54b101a2326621bf2ba498f54dd807c8c397e768c6be4ed0b0f22452b7487dbb7a64804952e029ca70bc0516d30510978742dd405989ecbf4a3e2281f3c1e41214115b1efbf4f9ab8a913c92110bfa55204386253aec21d71e9f277a8fac5364ac03cfa74218b2ec9050c7da0cb7caf5351bdfc0a0f4fc3da001345685e4d5ad4c6eb72432982a86413c3922007991a9fdeb16a6c3cc13c29a91a9df988bfac5c957cff3a32636baaa52b128c325950ec74755bda6b31abfffd9d6c3030937d0114bd6e01a561a4a926169c5ed25dea653f61f03025559b98850f7c2efa0404e2acc58111d8d50b90cb2e7fb4a05d889344ddeaa6c28c88e106f44c7e335ae8e37362f74985a36eff2e6836f7160cf2b5520844dc042b6c86b1aeefb73b6d3412bb868d8634fb9453e2f152166b647a055cd4f7d7d54b80660a570aace4d7eb0313319407c4c6067bd4c661990b2e24d17d63ea68729cb23fe99a25480da2933abbe4fb6ac5afb3cd02353f8708c31ed13a70ffe482dd4dc97de991ba1f0fe841bc4a719e9d6ab0b31509abb4781f31971cc2cc859bc8e9e560322eadd653a0660a9049f88e55bdff3c65269e5344e9c42e34b2049077b116011651ef15323f86f85ce4d98db7c116eb504263d5257934674d1d34e235db65a4b7d567bf92fcfcbc5a70ca3c4a90e446df6f43538cd79234cd7a23c6907fb4f1ea395fee22cd7"}, [0x7ff, 0x295, 0xffffffffffff8433, 0x2, 0x2f4, 0x400, 0xce, 0x8000000000000000, 0x4, 0x2, 0x3f, 0x400, 0x86b6, 0x6, 0x0, 0x6, 0x81, 0x7, 0x8, 0x1200000000000, 0x2, 0x2, 0x3, 0x3ff, 0x8, 0x103, 0xffffffffffffffff, 0x2, 0x40, 0x2, 0x6, 0x2fa, 0xfb7, 0x2b8, 0x9, 0x4, 0x80000001, 0x20, 0x8, 0x3ff, 0x1b8000, 0x7, 0xfffffffffffffff9, 0x8001, 0x8001, 0x101, 0x80000000, 0x1, 0x4, 0x7fff, 0x3, 0x84a, 0x35, 0xecdb, 0x7, 0x1, 0x40, 0x7, 0x4, 0x3, 0x7, 0x5, 0x3, 0x9]})
r11 = signalfd4(r6, &(0x7f0000000200)={[0x4]}, 0x8, 0x80000)
syz_io_uring_submit(r4, r8, &(0x7f0000001280)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, r11, 0x0, &(0x7f0000001200)="1dba693046eda14a6dad5d530cfe2c71702ec6f2bffb17ffa2157e4be30a1303d6bf80f4503496790af25832c3cecc41791c138982458483c4b41e37bade8c6179edc9ef62c9f0b1fbbf4fd61a59d54419ab03a7f294cf0bed444ab706f908a325d0d452", 0x64, 0x1, 0x1}, 0x6)
io_uring_register$IORING_REGISTER_BUFFERS(r10, 0x0, &(0x7f0000001180)=[{&(0x7f0000000080)=""/41, 0x29}, {&(0x7f0000000340)=""/232, 0xe8}, {&(0x7f0000000180)=""/42, 0x2a}, {&(0x7f0000000440)=""/226, 0xe2}, {&(0x7f0000000fc0)=""/252, 0xfc}, {&(0x7f00000010c0)=""/131, 0x83}], 0x6)

[  284.520284][ T1041]  loop1: p2 < > p3 p4
[  284.524645][ T1041] loop1: p2 size 2 extends beyond EOD, truncated
[  284.542803][ T1041] loop1: p3 start 225 is beyond EOD, truncated
[  284.549160][ T1041] loop1: p4 size 3657465856 extends beyond EOD, truncated
09:18:26 executing program 4:
mkdir(&(0x7f0000002200)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000980)='./file0\x00', &(0x7f0000000440)='proc\x00', 0x0, 0x0)
r0 = open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
chroot(&(0x7f0000000040)='./file0\x00')
getdents(r0, &(0x7f00000005c0)=""/223, 0xfc61)

[  284.601931][T27173] loop3: detected capacity change from 0 to 264192
09:18:26 executing program 1:
r0 = syz_io_uring_setup(0x2de1, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
socket$nl_route(0x10, 0x3, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000440)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x5, 0x6000, @fd_index=0x8, 0x2, 0x0, 0x0, 0x2, 0x1}, 0x0)
io_uring_enter(r0, 0x302, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x3027, &(0x7f0000000000)={0x0, 0xf899, 0x4, 0x0, 0x1}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000002000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=<r3=>0x0)
r4 = syz_io_uring_setup(0x1249, &(0x7f0000000240), &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000100)=<r5=>0x0, &(0x7f0000000080)=<r6=>0x0)
r7 = io_uring_register$IORING_REGISTER_PERSONALITY(r4, 0x9, 0x0, 0x0)
syz_io_uring_submit(r5, r6, &(0x7f0000000040)=@IORING_OP_FALLOCATE={0x11, 0x0, 0x0, @fd=r4, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, r7}}, 0x0)
r8 = accept$inet(0xffffffffffffffff, &(0x7f0000000340)={0x2, 0x0, @local}, &(0x7f0000000380)=0x10)
getsockopt$sock_cred(r8, 0x1, 0x11, &(0x7f00000003c0), &(0x7f0000000400)=0xc)
syz_io_uring_submit(r1, r3, &(0x7f0000000200)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000180)=0x80, &(0x7f00000002c0)=@x25, 0x0, 0x0, 0x0, {0x0, r7}}, 0x9)

09:18:26 executing program 2:
r0 = open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x1800007, 0x11, r0, 0x0)
r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r2=>0x0)
ftruncate(r1, 0x81fd)
syz_open_dev$vcsu(&(0x7f0000001700), 0x0, 0x0)
sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000003980)=[{0x0}], 0x1}, 0x0)
io_submit(r2, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0x11, 0x1, 0x0, r1, &(0x7f0000000000), 0x16000}])

09:18:26 executing program 1:
r0 = syz_io_uring_setup(0x2de1, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000002000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000001c0)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index, 0x0, 0x0, 0x0, 0x1}, 0x0)
r3 = syz_open_dev$vcsa(&(0x7f0000000000), 0x1, 0x10000)
syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r3, 0x0, &(0x7f0000000180)={&(0x7f0000000040)=@pppol2tpin6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @mcast1}}}, 0x80, &(0x7f00000000c0)=[{&(0x7f00000002c0)=""/144, 0x90}, {&(0x7f0000000380)=""/242, 0xf2}, {&(0x7f0000000480)=""/4096, 0x1000}], 0x3, &(0x7f0000001480)=""/152, 0x98}, 0x0, 0x10102}, 0x2)
io_uring_enter(r0, 0x302, 0x0, 0x0, 0x0, 0x0)

[  284.678984][T27173]  loop3: p1 p3 p4
[  284.683127][T27173] loop3: p1 size 11290111 extends beyond EOD, truncated
[  284.699059][T27173] loop3: p3 size 1912633224 extends beyond EOD, truncated
[  284.718616][T27173] loop3: p4 size 3657465856 extends beyond EOD, truncated
09:18:26 executing program 4:
mkdir(&(0x7f0000002200)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000980)='./file0\x00', &(0x7f0000000440)='proc\x00', 0x0, 0x0)
creat(&(0x7f0000000040)='./file1\x00', 0x0)
r0 = open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
getdents(r0, &(0x7f0000000140)=""/244, 0xf4)

09:18:26 executing program 3:
syz_read_part_table(0xfdfdffff, 0x1, &(0x7f0000000480)=[{&(0x7f0000000000)="020181ffffff0a000000ff45ac000000000063000800000000000000000000ffffffa9000000e10000008877007200300700a6ffffff00000000008000da55aa", 0x40, 0x1c0}])
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)

[  284.739089][ T1041]  loop1: p2 < > p3 p4
[  284.743398][ T1041] loop1: p2 size 2 extends beyond EOD, truncated
[  284.774808][ T1041] loop1: p3 start 225 is beyond EOD, truncated
[  284.781130][ T1041] loop1: p4 size 3657465856 extends beyond EOD, truncated
[  284.846222][ T1041]  loop1: p2 < > p3 p4
[  284.850161][T27213] loop3: detected capacity change from 0 to 264192
[  284.856379][ T1041] loop1: p2 size 2 extends beyond EOD, truncated
[  284.872581][ T1041] loop1: p3 start 225 is beyond EOD, truncated
[  284.878868][ T1041] loop1: p4 size 3657465856 extends beyond EOD, truncated
[  284.898582][T27213]  loop3: p1 p3 p4
[  284.902555][T27213] loop3: p1 size 11290111 extends beyond EOD, truncated
[  284.919965][T27213] loop3: p3 size 1912633224 extends beyond EOD, truncated
[  284.932167][T27213] loop3: p4 size 3657465856 extends beyond EOD, truncated
[  285.030349][T27171] FAULT_INJECTION: forcing a failure.
[  285.030349][T27171] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  285.044266][T27171] CPU: 0 PID: 27171 Comm: syz-executor.0 Not tainted 5.14.0-rc4-syzkaller #0
[  285.053245][T27171] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  285.063295][T27171] Call Trace:
[  285.066654][T27171]  dump_stack_lvl+0xb7/0x103
[  285.071627][T27171]  dump_stack+0x11/0x1a
[  285.075774][T27171]  should_fail+0x23c/0x250
[  285.080316][T27171]  __alloc_pages+0x102/0x320
[  285.085021][T27171]  alloc_pages_vma+0x513/0x680
[  285.089857][T27171]  ? page_address_in_vma+0x264/0x300
[  285.095201][T27171]  new_page+0x124/0x170
[  285.099569][T27171]  migrate_pages+0x3b3/0x1530
[  285.104352][T27171]  ? do_mbind+0xf50/0xf50
[  285.108690][T27171]  ? remove_migration_ptes+0x90/0x90
[  285.114313][T27171]  do_mbind+0xd43/0xf50
[  285.118509][T27171]  __x64_sys_mbind+0x10a/0x130
[  285.123432][T27171]  do_syscall_64+0x3d/0x90
[  285.127972][T27171]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  285.133905][T27171] RIP: 0033:0x4665e9
[  285.137788][T27171] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  285.157483][T27171] RSP: 002b:00007f21c691d188 EFLAGS: 00000246 ORIG_RAX: 00000000000000ed
[  285.166080][T27171] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665e9
[  285.174045][T27171] RDX: 0000000000000000 RSI: 0000000000800004 RDI: 00000000203b5000
[  285.182075][T27171] RBP: 00007f21c691d1d0 R08: 0000000000000000 R09: 0000000000000002
[  285.190125][T27171] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  285.198358][T27171] R13: 00007ffd632b736f R14: 00007f21c691d300 R15: 0000000000022000
09:18:27 executing program 0 (fault-call:2 fault-nth:26):
mlockall(0x1)
mremap(&(0x7f0000453000/0x4000)=nil, 0x4000, 0x1000, 0x3, &(0x7f000014a000/0x1000)=nil)
mbind(&(0x7f00003b5000/0x800000)=nil, 0x800004, 0x0, 0x0, 0x0, 0x2)

09:18:27 executing program 1:
r0 = syz_io_uring_setup(0x2de1, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000002000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000001c0)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index, 0x0, 0x0, 0x0, 0x1}, 0x0)
io_uring_enter(r0, 0x302, 0x0, 0x0, 0x0, 0x0)
r3 = socket$unix(0x1, 0x2, 0x0)
r4 = creat(&(0x7f0000000040)='./file0\x00', 0x121)
recvfrom$unix(r4, &(0x7f00000002c0)=""/241, 0xf1, 0x10121, &(0x7f0000000080)=@file={0x1, './file0\x00'}, 0x6e)
ioctl$sock_TIOCINQ(r3, 0x541b, &(0x7f0000000000))

09:18:27 executing program 4:
mkdir(&(0x7f0000002200)='./file0\x00', 0x0)
symlinkat(&(0x7f0000000700)='./file0\x00', 0xffffffffffffffff, &(0x7f0000000740)='./file0\x00')
mount(0x0, &(0x7f0000000980)='./file0\x00', &(0x7f0000000440)='proc\x00', 0x0, 0x0)
r0 = open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
getdents(r0, &(0x7f00000005c0)=""/223, 0xfc61)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
getdents(r1, &(0x7f0000000040)=""/94, 0x5e)
r2 = syz_mount_image$iso9660(&(0x7f00000000c0), &(0x7f0000000100)='./file0\x00', 0x200, 0x5, &(0x7f00000003c0)=[{&(0x7f0000000140)="a36e196cf6ac111fe92f73f4d61ee2ead57d02897f500ed2b6456872b4de32cbf236cf0b80fc55297c2d8e1183b88bb57e6a319652d5ef5f483acaf8bbb59b9827a6c9436897f78b7ccd63b036d3982d3249ceb044b4438da7122266ecb2f0dd2c8b847c456a17186d4ef47488cfef5b2870d8dd77620928360c75bb8e7645a979ff10cd15ae1e02178bf297931ae6efd6c2f55f95ad566e32280c8a732d10a9494ac27eba9dc45435404a3d53388e3ac2f1b7c189e9122205013098399ec64f2fc571ed62e35c6cb639add231d908465fbddb6ccca99924939ae9080d97651a1548", 0xe2, 0x3}, {&(0x7f0000000240)="38ea640856736000515d587956ab0e651f3fdb1745", 0x15, 0x5}, {&(0x7f0000000280)="50486de4acdebfeea2aa6b3a2b2547469fba97f2f36fa678745545c93c25ed36af17fd9a8e84ee21784f10c9b6f0da609f176d3713b0c1501a7563e97f291f130fd5e6831638a9d341141512a5c666fcfb3fe7d3a385fe979418d7ca9b5ef6863889aaf224c8e2c42c40f1850fc8cf59235c6c919ef294e691b23684890f60611e457315bb40bfe972ac2043086714382de10df260331d84bf1290e59d96afb1a50d7936db3e02b80452c7456923efc8ad6ac9caaaf2b3919b384d8743e138c86d99824965b16b3afa1cd338d92b2795", 0xd0, 0x13c}, {&(0x7f0000000380)="cc02f6de86d5f3d22641b9834da7adec8a3af0fdc2b69f3099392cb2", 0x1c, 0x9}, {&(0x7f0000000480)="7bbb69aab97c4b8cbdaa909631a8657c35305bae73131312fb7e29d8d11c85f20592f8030179a923d5310ce4cc888b86ea8ee551ae60021577f6e82ad95efa52060cac3729be7942bd2595bdff60fa1f6fedfbb0587369d5f8489b2624b8832c12bd130e1b281647985c1d797fee54cc25dd47940a40f05a977dc1f6f73227551b49ccaf4dd99a1fb0754d724630a0b6206136517d8dade0b3fb75850bd3c70d4cd0ab2fb95ddb55116af11ced45dab34dda64", 0xb3, 0x3ff}], 0x0, &(0x7f0000000540)={[{@hide}, {@iocharset={'iocharset', 0x3d, 'cp857'}}, {@mode={'mode', 0x3d, 0xb386}}], [{@smackfsdef={'smackfsdef', 0x3d, 'proc\x00'}}, {@fowner_gt={'fowner>', 0xee01}}]})
poll(&(0x7f00000006c0)=[{r0, 0x6022}, {r0, 0x2033}, {r2, 0x308}, {r0, 0x100}, {r1, 0xc8b}, {r1, 0x8054}, {r1, 0x80}, {r1, 0x4000}], 0x8, 0x4)

09:18:27 executing program 2:
r0 = open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x1800007, 0x11, r0, 0x0)
r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r2=>0x0)
ftruncate(r1, 0x81fd)
syz_open_dev$vcsu(&(0x7f0000001700), 0x0, 0x0)
sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000003980)=[{0x0}], 0x1}, 0x0)
io_submit(r2, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0x12, 0x1, 0x0, r1, &(0x7f0000000000), 0x16000}])

09:18:27 executing program 3:
syz_read_part_table(0xfdffffff, 0x1, &(0x7f0000000480)=[{&(0x7f0000000000)="020181ffffff0a000000ff45ac000000000063000800000000000000000000ffffffa9000000e10000008877007200300700a6ffffff00000000008000da55aa", 0x40, 0x1c0}])
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)

09:18:27 executing program 5:
mlockall(0x1)
mremap(&(0x7f0000453000/0x4000)=nil, 0x4000, 0x1000, 0x3, &(0x7f000014a000/0x1000)=nil)
mbind(&(0x7f00003b5000/0x800000)=nil, 0x800004, 0x4000, 0x0, 0x0, 0x2)

[  285.467673][T27248] loop3: detected capacity change from 0 to 264192
[  285.492020][T27251] loop4: detected capacity change from 0 to 3
[  285.510065][ T1041]  loop1: p2 < > p3 p4
09:18:27 executing program 1:
syz_io_uring_setup(0x2de1, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000002000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000100)=<r0=>0x0, &(0x7f0000000140)=<r1=>0x0)
pipe(&(0x7f0000000040)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
write$binfmt_misc(r2, &(0x7f0000000140)=ANY=[], 0x4240a2a0)
r3 = syz_io_uring_setup(0x1249, &(0x7f0000000240), &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000100)=<r4=>0x0, &(0x7f0000000080)=<r5=>0x0)
r6 = io_uring_register$IORING_REGISTER_PERSONALITY(r3, 0x9, 0x0, 0x0)
syz_io_uring_submit(r4, r5, &(0x7f0000000040)=@IORING_OP_FALLOCATE={0x11, 0x0, 0x0, @fd=r3, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, r6}}, 0x0)
syz_io_uring_submit(0x0, r1, &(0x7f0000000080)=@IORING_OP_WRITE={0x17, 0x2, 0x2004, @fd_index=0x3, 0xda2, &(0x7f00000002c0)="bc18bc9d7298f3fdf32330453cc33350ca9968e7166fbfda47931b6776e996b927cf93882f0264c35582750d4c4d45c49401f184ce763399ad1bcb9f9cae3ecba99d8474c79a34d091fd4a343311c1cefd958ad356d800fd89d46114ded6b22ac80e78944fb26ca3ac4c91f53bf4f2019cbcd34e9f32791e9114ec037a47592ebdcdd052c03a8c3538386c909ce22e692c6bdd5a2a4874f87d14b37d5f792b770d39536864ba70c5f3e729118caa", 0xae, 0xd, 0x1, {0x0, r6}}, 0x3)
io_uring_enter(r2, 0x71dd, 0xd157, 0x1, &(0x7f0000000000)={[0x9]}, 0x8)
syz_io_uring_submit(r0, r1, &(0x7f00000001c0)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index, 0x0, 0x0, 0x0, 0x1}, 0x0)

09:18:27 executing program 2:
r0 = open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x1800007, 0x11, r0, 0x0)
r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r2=>0x0)
ftruncate(r1, 0x81fd)
syz_open_dev$vcsu(&(0x7f0000001700), 0x0, 0x0)
sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000003980)=[{0x0}], 0x1}, 0x0)
io_submit(r2, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0x15, 0x1, 0x0, r1, &(0x7f0000000000), 0x16000}])

[  285.517514][ T1041] loop1: p2 size 2 extends beyond EOD, truncated
[  285.528661][T27248]  loop3: p1 p3 p4
[  285.532599][T27248] loop3: p1 size 11290111 extends beyond EOD, truncated
[  285.549968][ T1041] loop1: p3 start 225 is beyond EOD, truncated
[  285.556159][ T1041] loop1: p4 size 3657465856 extends beyond EOD, truncated
09:18:27 executing program 4:
mkdir(&(0x7f0000002200)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000980)='./file0\x00', &(0x7f0000000440)='proc\x00', 0x0, 0x0)
mount(&(0x7f0000000040)=@filename='./file0\x00', &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0)='nsfs\x00', 0x80, &(0x7f0000000100)='proc\x00')
r0 = open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
getdents(r0, &(0x7f00000005c0)=""/223, 0xfc61)

[  285.570865][T27248] loop3: p3 size 1912633224 extends beyond EOD, truncated
[  285.584312][T27251] loop4: detected capacity change from 0 to 3
[  285.592563][T27248] loop3: p4 size 3657465856 extends beyond EOD, truncated
09:18:27 executing program 2:
r0 = open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x1800007, 0x11, r0, 0x0)
r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r2=>0x0)
ftruncate(r1, 0x81fd)
syz_open_dev$vcsu(&(0x7f0000001700), 0x0, 0x0)
sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000003980)=[{0x0}], 0x1}, 0x0)
io_submit(r2, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0x1d, 0x1, 0x0, r1, &(0x7f0000000000), 0x16000}])

[  285.700158][T27248] loop3: detected capacity change from 0 to 264192
[  285.740248][T27248]  loop3: p1 p3 p4
[  285.744236][T27248] loop3: p1 size 11290111 extends beyond EOD, truncated
09:18:27 executing program 4:
mkdir(&(0x7f0000002200)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000980)='./file0\x00', &(0x7f0000000440)='proc\x00', 0x0, 0x0)
r0 = open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
clock_gettime(0x0, &(0x7f0000000080)={<r1=>0x0, <r2=>0x0})
utimes(&(0x7f0000000040)='./file0\x00', &(0x7f00000000c0)={{r1, r2/1000+10000}, {0x77359400}})
getdents(r0, &(0x7f00000005c0)=""/223, 0xfc61)
creat(&(0x7f0000000140)='./file0\x00', 0x140)
ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f0000000100)={0x0, 0x0, 0x1, 0x7fffffff})

[  285.774290][T27248] loop3: p3 size 1912633224 extends beyond EOD, truncated
[  285.815679][T27248] loop3: p4 size 3657465856 extends beyond EOD, truncated
[  285.834686][T27250] FAULT_INJECTION: forcing a failure.
[  285.834686][T27250] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  285.847975][T27250] CPU: 1 PID: 27250 Comm: syz-executor.0 Not tainted 5.14.0-rc4-syzkaller #0
[  285.856761][T27250] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  285.866882][T27250] Call Trace:
[  285.870248][T27250]  dump_stack_lvl+0xb7/0x103
[  285.875021][T27250]  dump_stack+0x11/0x1a
[  285.879171][T27250]  should_fail+0x23c/0x250
[  285.883804][T27250]  __alloc_pages+0x102/0x320
[  285.888414][T27250]  alloc_pages_vma+0x513/0x680
[  285.893184][T27250]  ? page_address_in_vma+0x264/0x300
[  285.898621][T27250]  new_page+0x124/0x170
[  285.902776][T27250]  migrate_pages+0x3b3/0x1530
[  285.907455][T27250]  ? do_mbind+0xf50/0xf50
09:18:27 executing program 3:
syz_read_part_table(0xfeffffff, 0x1, &(0x7f0000000480)=[{&(0x7f0000000000)="020181ffffff0a000000ff45ac000000000063000800000000000000000000ffffffa9000000e10000008877007200300700a6ffffff00000000008000da55aa", 0x40, 0x1c0}])
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)

[  285.911964][T27250]  ? remove_migration_ptes+0x90/0x90
[  285.917263][T27250]  do_mbind+0xd43/0xf50
[  285.921480][T27250]  __x64_sys_mbind+0x10a/0x130
[  285.926330][T27250]  do_syscall_64+0x3d/0x90
[  285.930874][T27250]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  285.936776][T27250] RIP: 0033:0x4665e9
[  285.940666][T27250] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  285.960752][T27250] RSP: 002b:00007f21c691d188 EFLAGS: 00000246 ORIG_RAX: 00000000000000ed
[  285.969389][T27250] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665e9
[  285.977346][T27250] RDX: 0000000000000000 RSI: 0000000000800004 RDI: 00000000203b5000
[  285.985316][T27250] RBP: 00007f21c691d1d0 R08: 0000000000000000 R09: 0000000000000002
[  285.993641][T27250] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  286.001864][T27250] R13: 00007ffd632b736f R14: 00007f21c691d300 R15: 0000000000022000
[  286.050239][T27307] loop3: detected capacity change from 0 to 264192
[  286.095372][T27307]  loop3: p1 p3 p4
[  286.107850][T27307] loop3: p1 size 11290111 extends beyond EOD, truncated
[  286.116080][T27307] loop3: p3 size 1912633224 extends beyond EOD, truncated
[  286.124181][T27307] loop3: p4 size 3657465856 extends beyond EOD, truncated
[  286.148990][ T1041]  loop3: p1 p3 p4
[  286.152865][ T1041] loop3: p1 size 11290111 extends beyond EOD, truncated
[  286.160770][ T1041] loop3: p3 size 1912633224 extends beyond EOD, truncated
[  286.168810][ T1041] loop3: p4 size 3657465856 extends beyond EOD, truncated
09:18:27 executing program 0 (fault-call:2 fault-nth:27):
mlockall(0x1)
mremap(&(0x7f0000453000/0x4000)=nil, 0x4000, 0x1000, 0x3, &(0x7f000014a000/0x1000)=nil)
mbind(&(0x7f00003b5000/0x800000)=nil, 0x800004, 0x0, 0x0, 0x0, 0x2)

09:18:27 executing program 4:
mkdir(&(0x7f0000002200)='./file0\x00', 0x0)
lsetxattr$security_ima(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000100), &(0x7f0000000140)=@v1={0x2, "577dc50961dc8d2b14142a1bd4901c9c63"}, 0x12, 0x1)
mount(0x0, &(0x7f0000000980)='./file0\x00', &(0x7f0000000440)='proc\x00', 0x0, 0x0)
write$P9_RREADDIR(0xffffffffffffffff, &(0x7f0000000200)=ANY=[@ANYBLOB="0b00008fe7f390bd6267f4948bdeff0cfc4bf630f121b706a6dc4c9366866146172ca25c7c2f47ba7b963c9c67e231dc11080f8ed5446fc9df96fbfd67e0dbd6b4be8c3e1431569b5122678d1a7c2b1b5f281307b8938d5b8be7ebd1374187cdeaaa1e71f95a50fa0f458858e6032fb890f6da520c4193ac0652fb5ad760d34c8908dca3f133481ff0deed3c79afbc77fe84f35be15dd4806cf57fccf4882d919ee9ff1f5abe6f8634f8a2804fe67fdabb570929d6c65ef51601059ee96a82196b40bf25c7bee5a854fdf62fb4c1a98fe3e0c623c2"], 0xb)
r0 = open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
setxattr$trusted_overlay_opaque(&(0x7f0000000040)='./file0\x00', &(0x7f0000000180), &(0x7f00000001c0), 0x2, 0x1)
getdents(r0, &(0x7f00000005c0)=""/223, 0xfc61)

09:18:27 executing program 2:
r0 = open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x1800007, 0x11, r0, 0x0)
r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r2=>0x0)
ftruncate(r1, 0x81fd)
syz_open_dev$vcsu(&(0x7f0000001700), 0x0, 0x0)
sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000003980)=[{0x0}], 0x1}, 0x0)
io_submit(r2, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0x22, 0x1, 0x0, r1, &(0x7f0000000000), 0x16000}])

09:18:27 executing program 3:
syz_read_part_table(0xff0f0000, 0x1, &(0x7f0000000480)=[{&(0x7f0000000000)="020181ffffff0a000000ff45ac000000000063000800000000000000000000ffffffa9000000e10000008877007200300700a6ffffff00000000008000da55aa", 0x40, 0x1c0}])
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)

09:18:27 executing program 4:
mkdir(&(0x7f0000002200)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000980)='./file0\x00', &(0x7f0000000440)='proc\x00', 0x0, 0x0)
r0 = open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
getdents(r0, &(0x7f00000005c0)=""/223, 0xfc61)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file0/file0\x00', 0x40481, 0x10)
mount(&(0x7f0000000140)=ANY=[@ANYBLOB="daef2f6465762f73672c3000"], &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='debugfs\x00', 0x1000002, 0x0)

[  286.380652][T27342] loop3: detected capacity change from 0 to 264192
09:18:28 executing program 1:
r0 = syz_io_uring_setup(0x2de1, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000002000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000001c0)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index, 0x0, 0x0, 0x0, 0x1}, 0x0)
io_uring_enter(r0, 0x302, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x1ff2, &(0x7f00000002c0)={0x0, 0x5ada, 0x8, 0x2, 0x132}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000200)=<r3=>0x0, &(0x7f0000000340))
clock_gettime(0x0, &(0x7f0000000380)={<r4=>0x0, <r5=>0x0})
r6 = syz_io_uring_setup(0x1249, &(0x7f0000000240), &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000100)=<r7=>0x0, &(0x7f0000000080)=<r8=>0x0)
r9 = io_uring_register$IORING_REGISTER_PERSONALITY(r6, 0x9, 0x0, 0x0)
syz_io_uring_submit(r7, r8, &(0x7f0000000040)=@IORING_OP_FALLOCATE={0x11, 0x0, 0x0, @fd=r6, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, r9}}, 0x0)
syz_io_uring_submit(r3, r2, &(0x7f0000000400)=@IORING_OP_LINK_TIMEOUT={0xf, 0x1, 0x0, 0x0, 0x0, &(0x7f00000003c0)={r4, r5+60000000}, 0x1, 0x1, 0x0, {0x0, r9}}, 0x5)
syz_io_uring_setup(0x6ee6, &(0x7f0000000000)={0x0, 0xd0db, 0x4, 0x1, 0x2f5, 0x0, r0}, &(0x7f0000002000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=<r10=>0x0)
pipe(&(0x7f0000000040)={<r11=>0xffffffffffffffff})
r12 = socket$inet_udp(0x2, 0x2, 0x0)
close(r12)
splice(r11, 0x0, r12, 0x0, 0x10005, 0x0)
syz_io_uring_submit(r1, r10, &(0x7f0000000180)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd=r0, 0x8, {0x0, r12}, 0x8001, 0x0, 0x0, {0x0, 0x0, r0}}, 0x1000)

09:18:28 executing program 4:
mkdir(&(0x7f0000002200)='./file0\x00', 0x0)
openat(0xffffffffffffffff, &(0x7f0000000280)='./file0\x00', 0x420000, 0x130)
mount(0x0, &(0x7f0000000980)='./file0\x00', &(0x7f0000000440)='proc\x00', 0x0, 0x0)
r0 = open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
creat(&(0x7f0000000040)='./file0\x00', 0x4)
getdents(r0, &(0x7f00000005c0)=""/223, 0xfc61)
ioctl$INCFS_IOC_CREATE_FILE(r0, 0xc058671e, &(0x7f0000000200)={{'\x00', 0x1}, {0x49}, 0xa4, 0x0, 0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='./file0\x00', &(0x7f0000000100)="0cfe81f3a18411307135f4d7607d90bea73e2b915a7893ee0014f460e38285b7ee42f2c1316435682f519b62f7e34a355eefa4dab28cc2ed4c374a6ed399a20988be1cb395ec76a757ff650e974ca76e3254b9af2840d6cd58100e022b42079c4b28216bbb9f2cde2a9539cbde0fdf12907c4470f90e977c052300fec9d861eba22627a2cfe59f861dd333dada216982accbae073b7668bf48266841ef8cbf05538bb0bd21832487acb739e3281c30292cf0425729245b240402835567b5c88c4bfb3fe670aca8548b4432981e389c2a4940db2747e0dfbbe7728543cbcd73a31322ef232cf660faa085d7b3ce80905434b2154b0f376575deea", 0xfa, 0x0, &(0x7f0000002240)={0x2, 0x10f5, {0x1, 0xc, 0x1000, "e45d85ead187128bb42d610352a9071ee242f0bd811a0c2ed815cfad143c1dfcbb70812cac9bfb7c1a911f7c42ab99bfa6d6801dbc4b213a6693222fe18d68a6574af4d4c1d24a45323a792764907d5b9400af609b3e72022f5f385a21548311238702ce181fc40ad1bfcb7929c6fbf72c86f6eb2794abaa1e1d665c7cf8df6b13b00b29857e419b5fe16f85fdd0036cf20ca77d8a3ca9aff39991d0f0236f2196353020a7b628e40fe44eea4489b535074d5a4c0563eaaa6ff59b877a17f22732b96d1f36276b35deefa9a3b1c127087d5466f5d3f92c69af4c70382143913d2256a32fc40abb98dddab91bbdf329ba12d351c9bb5a942d6dbc8ac5c91c0125b9df3d590b79aa50ceebd81967f59d52f1b492dad9049939f5dc9209c0a95da27b369212160198a6679cd4193b8a01527863f566d5b895f430dd1664da466c8c53b0670946c8cfac038a0c0fc710f597e4879fe4a9b01f9575597b1a1ff49d7bdd88a13471cbb0a7f606bfb6ebdffbc23db5e27b62071fd9fe32a34dffe1b53eeaeeb75b2090c3fd45811549a6b257ce0fed6397eb72ca78e6ceb509280759c289a6a193f33294a8150231dd785e55c3db455e71f7750f38f3120f90f1e0d5de577309f978e38e7fe43bd4aa668da86e6ba3b27bb6b32d8e35dcb881059d644d3020244b955916009c892692a2a3f05deb299219978453e1001fca46dac346b56acff5d5ed43074b6751e5a6f6f349f267100861b52f7dacd423538ee1f4419992d7253f822d90dd6c8efacaa6ebf29d7da37e73f2d2e80b2bab67a28cdf9d24419b90ebc7cf581bcbe3ac96f52e7a1ea29fbf9f6ebca7b9be2ef59d29019ad9f56972706bbb3bd3c2d75dcec426127fbece46224f7efa89bdc5b4d4f208dbb732bfe28e165e843a6b1daee5f998a05c146b0b74a642ca299068b0f6d60f59ae1903c1246936b8fcb25ff51999a563eec238063dd26635c3084d5c5332fb70794bdd147790bc7fe0f8be8c3957edd801654e5e318e248ead9c4a9751a345f8bb1f76cc38faf74f8d70a561b6520809565ad79eaf883e090a9a2e5a17b611c486931b4a3ad0c06862c64f0a0ecf90f94e02c51cfa38d7ed774102d860bde81a7bacd42f3f8920655b9b7dc7045008fdbfedf8cdf838af963f29ddc61b0e382815f420d2427dad6ac6e6e5c62595b69ab0f792644c465bfdc6d855a976b2f65333fddff8cb18180d76a597475d93c7548c8e88434c7505f531af54e01d7722c88db550e05d23e824612592deef5ef45a531a2725b746ac52b5188182892b6525f40c7c74523d76efceb49d787806cba63d36b8e76bd588cc2d562e7a140d36204077646d7808820e2bc9c70447322ebdad2f2d58777fb0957d129b0c8b1b0d2bc2f01ca97fc15221d42eb1943e04fa1407a8820eb8abc46f355b25ae89bdaccb92fcfc6a92e21ce71f0dcc0cd2750bd59fccf18c41afdff85c75d5e0fcefa46e51c10bbe95ddc756d2b215ad3fed6556861e5e50e6f2b6ae9a3854ffcca1b4562ddf114463524fb033c9506f69bfff95133e873a6ac6d18f6be6b02ba0e9dc6b0580ec68518f4ea66517bdfb9f69fbe9bb440641adfb96c5e199f8252851d560e663b3c7c67a06e261bfaa1f87096ac0463133c4d32f0cf3500c8d356bcffc199ceeab13ed879fc81d98c41877b7a684c793cc1be20fe42fadfda93ba279a1a59ba6a8295327115c8e04b4fc3f3a20b6de0fbd87bdf6030bccf17d9bf6500de5ef6c12bc6fd504ea019bc1810524bb69402efb914fc18c7cb23cdfa86a4d5da92d0a6aa777ef63c12295503e482f209b8dcb03393df817e0ef6c691f3fcee685207de1691cfe2fbff01a010f38e9c7a6d39f1f3c4db96c74f31c4a675085e52175fdeb974ade42441e409a0a51d5ab0bb1057dc0cca25c5a4a622467257b8485282e88c10a2a2f3455bbf0bffa30e32a6eca9ce7a1297dc5e867f01db9878477958f7445cace60f2615f61fd76314e944ddf31ac007610460c3e86c62dbf317fb4670476428099d3d935d3b2cb226aac102f53f75a488565a073423acb6e0bda82a78c9834fb1c5ad5454406cf69ce2e3423eaf49f591d420ce3e5d1736102ad6b2ff01aaba51b65315ed06dfaebab61001792ca031c28b902831e4aac6b49b076bda24ecec5b05a304fb557af36f49adfe6f2d57c00bb9018500f644c7e4f6112f1397b42bf0642aab771b1516d8c93b54ed658e9cc94add28c278d2a45158a96f0489ffe9fdb40a2a4b0886b4b99ecc9f70ba3420f4e77a043ee24c7fea03e08ad700fa2e9897b67166ef7dd3150245219baca71e9238ba92b9becae9f9f34ec798931c4687f4f77fd152f0a1fdd0a95f4e05a38817cfb2ab55e2e9f2a877b745f2394ff4f2644105caeef852c5444be3ca16e3d131005ba8a61739ca78e702cfd97a486a8efeb7c5e6fe1a3c758c61e88e83a93cbc1fef4ce6b6d57a4c9b492e8ebb16ea63b7e01b6026cdade2149df9ff3c34ab7996b72be943b3df604474fac2b7f52a2e54652c79b960153f0114442d8855db3f55e58da8b57d151dc9041880f46fd8d5c4a95cc4c4f9f6c342e70d078f67145cbd234285367015f537c00c70a462eedb79549930d2db1e6ae56b8928298608a1b8d7c814d1bd6c9f4c7f7349e8392a6d0700df0823753e8992e0a0be7ad08baca78e8d135adc5c3b771a13383d7c9a1a814a6aa3ad3d6764573d30cb6d7eb30dc726cc26566b5f0405308808b2a387ac69b3bc5bfb0044a363881f220f0365baa71a634c4d46a09b27c7347fdab996d4765c0ab4a5ba47fd2fc3ac9e438cd046dd7526d7b2869283eed5692cdb308f4bd225d56cbe19ea6381793c395eb277fec48bd887c302b0c5ed6b0e3163544e48b73a145705f5ea8a31577a2a385c8d80786b9940166040d2d72b8d0db0d817a0ecaa39ce05ac09f7f11b32b7caf9f1ad0682d7b9ec0b0a21aa05d60eb249c8caafc3104964d53acc0549393910d6357a6ba1867ddba98fb9625135ae1515d11e54cdd32d9fc52ca63d4ade90a1b844e37e9c11d55ceb5a349ac2043862a6c0ffd74305982871b51576dbf788c6ca45d4e7aa0cd386418eb00dc631cabb476c6717e171d4ad1b14edd0a4b1424ce3a86f266df2ae987aea5893ee6f102c3dac0d71187152ba106bb2d04962d126f94bcf9f1905b98f8fb43b4be75c4fba9a04d53e5d5689d86484632d4e236ed053585f0e8d8bb846a0c2522ad77b758943b4ec4fda56c77015d80501c125151544954e946fd02b80c06ec18cf130e472a2eb8c384e42875a52d5cd44bfaa10a6ed8437902980e0a38fe895411f99fdceb55db99d21f30e7799fd1ebf940512335db35f81cbac540d34457f31000bf13e4af489df881b3fddf0d880dda67ebe03f0453703d266889aa4e2e5aa55cbd3007a9e098ccb50e6cf53aead1b97c993af87038e1319c83c183e66ecd5734cabebb595bf2970eadfbe94ac741b86fe6b40c3f9254ee006538219aa616d43ee998b6740bf7ff5661623c6f48d3934acd9e0a7da438bfe3bdc3f164be2ccf381a05db103dd09f9bca2f6e6e40b688ca2c9be6da7dc0bfa73bce5277899a3b546d612580fb202bad986b89b5425ea39f97a88fefe5bf6b326941e20b0ffdc3630ffcebc290b9a9f1485e5d8cd9e85399f847152e9c9016f16051decd6c4a2bdec85513639665d65864f0a9de36a1e8d58e8a046b4223575a9b611385fda89bdc5787681967a99a622b249e7ce76d6ab3a445dcbcb7cf578c831a01ed3afbc6ab42f961b9131e13da07c2494acd3f0ed1d86ccf227949c64753ce1c97548b2f1a68bdd7851b35133532d1142fa6c361ebc6d7211300160bffeb6893e5e1ec55135037121d25df3220d9628becfe7ac4be48051c05abf4b81cac2f17dfb9f4f3d7d0f80b197a1868196545de42bb2bec47c586aa385eb8716dd32f485a6f1d1aa476e012ad4bfbd8dcf20c80a15493e54f783c9bac7261ff56961f1a2e3e814494a15b824fc7f746805e0a479d391493f1767f91a8bb814a05894059a040985e1794a1e8628281657e8ee79a2500402c61cbce8a98537e3e92ddcefccf01e4189f2d22c5522f3fc9c3d29dbe94d519baed2eacd0bc02ada79c1b382b8a94b78079facf73947f3bb3800229485ec186f567b6b1d1a43315b722e53fc0d39edf39aeaec4c1abbb4c68f72fcc6eee824dcc803e9d990d7d38efd97606156c23b7c421feaa876ab1f997bffccb751cf2bc5440f38f3c658d63059aa983b0ba47a3d681ee50aefc9d78a9c688a16a02b072718c12c96843fbacb5ecdae82b4d101360b60581e0062bf6c61e68bd7a0f9c278c00588220a40239fb3d1513a726b728d2cfe72fb1a6a372b861b8d38f6202d2cb1232acd9278886da04434f6f06ca084cadf7518fce795b1d1534f8af9a57c8638ab27b7c65234229a14ce15e23bf3c949ac3f14e85b97f2cd6fd66843f2da483b048bd12aa119a723204b4a9cd91997dcaea196e6075ac9feffb78c40573e75078c110fe0f24952d14d2e0f7b4a8ec64bebcc915680a096e1b138e1ef77587b4c738b22f04ce12a6045842516b961e2a2407a6b700b6189a1afd1482fcd98e6a6966da673e3908861bd9feb8af17b867973a55484f84a13d0d5df3ce7ef95674afedbe72284664bffd95a538be8ee08dd949e94e83780fe1e7bdee18d21072fe278e2794e11c36f5b186fca35bfcf13adc386b9f4583345ad49fa100a5a17be71bd404355c9b5c8f6490d0b24856f6aa9c0a3ec55440f19f3f4922922a31b64f1234a18aee86eac8f1447c521eb8716cd96bc528c860fb1f1cadcc82b3b7a58b0dd65f9ec1e6b9d6c2f51895c3c07239250bcb0cd9a2581ad03d4c51e2e1258bf3497bc129e2c0b228305519059ed1ffe519a97281918a13bcfc6c06f8f4d44e308c476268e6489b4bea0f5d20db8d27e1eafd055e4397d678a216d72785510c58d0d762baae5db4b553299f17b359086538d96fe67aec898844225d7a360d201d480cfa7c653bc4234c1ec76c5d33042274af692e74af5befc90394bb0c5b60cb76e3f6ccbb68e857edd25a3b89d593fdd1169145dab4f5f27dfc19951850322d6c74d12da989cf0358505b474978fcd56b8201d2d544221806fad363bbc782bd657381c100f5dd7a28756fa33e926d559314a7b5e44c0931afbf8cef464472c55c8b692b025c38343054f33adc8974733d870641339f1a8f95857a97968b846cd1e5f295607c5d5e1fac521cea2ed38245d94a3a84ffd5e720e0ef70cd015cb260960e96c3ba2b609d5b90c634896e1221dbcc1be8121f99b26f4e8ac45f3e6f9efda816f8b6cada2d4be468c1021bf6713e38d8664d4cb02d172f12fe04d1c97537e8947ba7015b693bd605669acbdde75e740485d357d7b16b163cf311fb3cd5a3b338411bb3b4321b6e2ada367f68712ee3ade45583e66c70ce34c9f33ef9d83954ca4e61cfcff035ac304e7fe76c83b5c455cfe7962cf726ce559dbe28ea94deab47369542b7bd3fb9624348a0cca7b3f6fad0e2dc9a69404780153db9fb7c28f5c4ebdafe902e521b88e08021aa30fbd1ed5f5c31d8d530fa95b5c3a4497772e4a19dc303aa5f48cdd08d40288faa9739328600bca680b2d784d33a400724cfc7d0254df11a6373fea8e23adbc777895e6f91e2d6d92d1f0e476bbf974571bf9cb3d5bed515b248320ffcfe84493aabd74b6f138607277f2dc68d4cf6657133671a9819767c05461ccde4fee9eb", 0xe8, "b8791e8f63fdc87033cbdab5ca58244ac65b4d211f42e70e8cf2ca1bf3e63ada02f7d0179455ca0942f37ce68e4f40d4e8920a990bd6100c87828dd25877d3471fcfb7d7e914f14dafe23e6e9d30787d312991930ae34bbf932b88a1e19c9afe0d1ff692840bba51fbc6bda41417af9e80b263b93aca6dc47cd055a83b8b120d6dd078e0cc7b8c47e733d913ae8d1f01297b772f5f89283177440eb29810cc7845bae6c0db0aa533ac899810fe8d032b583a27647ae41cef551516408fd41ccb84ac1d2e7fa0d9f06245ec55003753e1b460cbc917072e2159ead0e033d5cd7701d052ef4d6b9a2c"}, 0x1000, "9b816a552e2c4137c8cc71a6b4799b18f560cf3b3fbb6eec1a6e00965cf4b7eace40b04a82807e7b344aef00585836675549c7ec33f066ae6d6cbbd2b136995051088a92e3e3f1fbae9bf2c1a0af7103f698dd008e78ac4fdf564938ed3f1f86865f9bcdaebbdc9b76b833534fc753167d0a4b858eed81b6fde86bbb4f61fc873c83deb63f4e364e3baa46b626297cd5fc3c0d8645934b6408e69fa73a3cf846c494a213c466d7bc3147afbdb1387736b3c17f3142e457f8620e5c57b0f6861503369d2def77c07c4f287798495f95f0d238dda541fa26291c03ffe42563706a53cf3c0bfc12906f871bbeadf2f47843c60e00303324ce14bcfda2ed3729b60fad7529ab48b2199f945699adb468fd6d09c31114ec685fc7388473f2588bfe6e523667f30a068c94390b88640a5b9c9a24aa0727d3e0ef0f5d0b231d20679fa227ed8e38acd0a43b6c43816d1ae445964fd552c53dba2e600e34a31940ce76fe50ecfd4e34f593456856d34e7f0a0c03846f4a0db56635fa2bd9b6fbc383932dcb48626fcf5548cfd81c2b52cadb53c6a22f69189142460766cfff11c0691cf8bc8b8c4d5a2d2655fe13bcafb3c2be85181d0b755be3368f931b5ba00b611bb6a450f1f8ae730ee88c6cf1a71643210eb6e4d3382bfc97b60ed43432ea45255394e6508d43c1ac89e257ce6ca8a134c6138e5a4e186ae2085054974af4da285256749c20325c9f46431c87ca1eaf6dc4c24686f6238d6cff5f6f603fe060f1957e0750144045a2862cb3698fe2ada114aee10a84bf8eb3a9c2b8ac61546da089ef24e15a088841bbd97512513e7a5170825bc25bb0ada1f62abaaf1c9afaace018b92a81f27ff2f62d80da5793dbe66b5f1f273c0aa3e2aeb368ec2f4337f4db4434b9cd8e34e26a451ada0f54faebe977933496603604b63b94efdc89632ca4cf2cc14dfb823df4a25891a0c0316d1391998c1ac6077d06ac474caaeed24844e5b3ebba31377fac48c76eab685e7799c0f0d680e5302a0bd1f728410912cb5e92949b1386614bd260548a5a5b671a2290a26c95218e26b56f81fe09a8a0e7f95ab5a11eb5f026144fff1148836c10db13d6a6df048a5502549f7437c1a4c470fb5f73766de30abb28d708aa9f7650c4ce5bad920f666ebf8a2b978ef35217f4e4ebec07964ffe3ac580669e56cdb06798ef55147fd79cfeb87b624a7af489ffe6ac060b0eca4c354cc46763849768b6a329cd17e951462a7aa07332e3914a38a1c712324397371cb93ccdf78be0d119854b5c8dad7e4340756838fb76f39c13d605cce167047171f9bd0109c0cef97b7a21f1ff072ae34c284571d16e3630bdff8ee8c110594de55c7f96ccb5fbd5cdb430c0a0216732aa86fec2322ffc8c43e12260a5d62e000228fc4af21d5cd96d8efbad2c55cd69b1a260664ac47860d7ae1cefc7c347e424c82c31b1cb6726ff16662afd02eb7fba2faba01ca99f22b52c05cf55521272e16e46478a7be3b37a55ce979f73059a188f5c0af3efc5cae5aa1ee9f053bbf0501659983f3027182b823f39057279574e8f5dcb5a797e1f07db341088711f1de01a3f4680f9e8b94c466ca32a987acaaca5ad0448c3762ce6bef43e0d5c8cd873dee43055df85a6f91aac4bd2c1f741f9d5659d21642c6ac13e67a66415ef391db588ba7675c8641f6e99617d8e09fb9b2ba8da9b046daf1134a5a3e37efa2010cc039d05ad55a28fdc27cbf364f207004e49afd903aad719026dfd4ed503d178c5610d162c1be503d616b9c1dcdae43b9617d9d3554901a89a4f49a9af92c20b093300277c318cf1703a36b5cf414d906c15d7208314ac0bb201205c358298c8819e56097b2138e2a50285b5867d1e44d99687509d4642450ff0e11e00bed7fb6d1ab7665a0ae85a8717b40a7f7a705fd2146241df172072e0245eeef6988da74ea0a54fc68a5a32de82131412c621717f8e770825bd59b4abb9e2100ea336f284ad58a3bf143afb426b864d73ca4b639e757223a7f77a8be406b3e121bf32077a3b04f4ef159302b1937b263cb2edf29818d2356affc84acc75a46f47db3e4860930b5e336c24533b02bc8c35c5259bb13f358197f78e4356ef590f8b9c0ec13c1b403bbad4c35d655efbaacd184347e1fd5c840ac82ebc09a2f720c54d4cddf998209aa24fc57cca8c4f50d392deeb517b056f5dacef8b8059fc470f1c26a91002e18c1c59e1603b73a241c3672c1ec643d1860508641a0505a85ce3868046412488a4ad76b4d041bd1d36ec6a6f7a5bd3657bdfbae1967677df7851649f398c04c52da8061636d80b2161da7652bd52eebd4feee83f8637add8662785a890b7c619f3ebd838ae8243585516a8bbc64f8ea0486889fae5192b5cda09631b61bc36b4a34bbf22fdca1e0c255b780dc16446957d730e1c6f37c11bec4659920732df99cc1e244b0eb66f9f3dea1188e4f564dccfd56052e2477a0f19180d38037fe19415063df1a8efa2c11a06cc96e327da3da467249501c40cc3109a0735f9d09b73d24c6ee89d566b1f8629c1e97786d33424085260fa216d6fcd4bf3a3abeeee81b2c5ff3cccb24b4c6039161d75f2c0dce436f373e3cd38c2774494e0f280d45afda1eb0c3b30bec68437c7c2175d1bf7deeeae1f4e1f8a66ccc8ae7579ad5cfae1ad6bac52d1ad2daeb99ef40b4e632449415411c938f96757e3723ed45ba9f8397027cbe488bd635ee445c981273f17b7392d1d489f63625914eda329e106f4fb5250e382fdce35dc547ac3ee751e7794ba6b320321280d02bee8205c6209955b07cd41fbf24bd62eb367cb1296aae7be8977d8f7c8997fade020040c914e079be40f5b944dcec783e46470d779f2053c0d80c9d5afa384e2da38d3101e2bcf2cbafa2647953f32ffc387f9ce11a2d1ded114b8b413fadb67616809490b923267902ca59cfcdefaa593708f54ea247018aa534393bb0c5bd7fd48d8599132fb96b9f950d942c8e38f9088dcc1efdc5865c6d0a816de28df8cd183a5bcaf7eb59a2db32beada6fda395fa799c7f5b2cb588e9df62caccdf43ccae047050d2fef40a223b44d3dda3a2abe0f9104182c2ffd41d541d0ea301a46e5648c0ba5afe4c42dedfd5f05bd9a4ec38468fffd4682d4b634e75af9dc468640f3b350f23b4c209ad1a20b0e4389e77911a5724a1f598444475379a9cab1fdb35bf883d9b09dd397c2265b3b20ef96569ce7539b32967025def574bfaaa8d1e7ffc52d0d2d9550fc307e93f3bbc8df5be8f93756b3a9423bd66a5e08b12c7859558f2caeaa6fef021d236f23b238c578ea4cffade76207c7e30eed160cf713b2cb740f367f3a76569bfb32367d2761a4932bff34ced762ba4ffb15e505d97d96c582ac5d63aea5d4ae6efe81fdae094ebafa2c8fe4a3bdec8dad4c574a3c262d025287b676659158cb69a978f82e2d53e75539c6e914253416068286ff517fbf9e0111d9722ad1e94e10728fb1b4510ea77be9269d8dd2734d3c1de96c8962fd39fd155bf828303f6287b807268bff2435ff02b317848e74ac9bda04769a6d59b7e5011c4359caab0f2bdb370c2995437ddc1fc2f067d701b50bc5bf9d7a0384fac6c85a902de8c10960f242f486fd4babee3a4b85c250bc2e339fbc00be87c77c445c41ec0fb00f7cd15ca9dedfdfe0246826d69569f967db14eb08a36019e67df6de4db583461723775cbbde8fdb7723a2ed023bbc47f71f71abd5ba60019a77a44a2a04fb915de196905418059c059094934f2e4180ba8d6281f95d651071570406bec24c33ea922aa92a52efd096bd573dac268f10e49b5f25b6d3d02b752b41e66cc180cd1f84ef494b6a8ee2079b60f1ed32d8f0a29164ee9a6e3d86d4b4642b68dc38bb859e37168dc4a5e9099600f3c82751b7cd368f3386fb6355df6b3b0d32a35727b128f9d8b53ea1597cebbcfd2e4c419b9fede0160c51530efad08982cfa7b595c4ff14108259ec3e87ecf9c40edc64e31da8635acf897bc7f1fffbe17698a55d215e3a42e346e738986dee8f7b9b7054f763f67a265adc933ad9a842d6746900bb8d37500cf739b7b6cdd09210e325a8240c98370764af77db3c50b01a978cb87875b364679e99bcea94affbfed3463668c73f9e4181915ef294bc423ebe1e449dddfc86343122defabe57b1ed20ca1417f87f40b62265a29b0acc8dbde69de5abe0ce95a2dd3575bfa12a76b544243a1c1b99d44e25e725a88a47bd549cd7ad9f108fe6ec49778b41cfe0f4100b9a244833eb8f60c9ead3eb5b1eb66a2db8aa8337df072cb429b63d35a501f646c98b3db8ab7fd707be60f87efc9670581e2ae9b05f6fc7c1a261b675b9af1f5c7928e3001cfd7c0cbbe978850154bc370da346a4616a805a889ffcf001aff8fa26190abc393eb87db341f07d6f0bd2d4651c64233f2d8750f0201117f86b333e4b6ab6c653f6ed86fbbdb17c962a223ecce6b185ffdb2c8d61fa22c9779c36dde848e7ab156f65252561382ef0f1e70e8456b33a23e87d216172835bba93d8a7b78620b2c90529954a095bf19ca4677167e1378e553a1e45fddcc53ef7cec9792e95051d8ba44f03dfcfec63eb557ab1d5811bb2abeeed54c1edb53c1d96eb961c923a029289435159e9e345d59fb65c3f84b673dd15e1509981904399cbddf93d9c45e25c96dbfde09fe27e1b12c27713e9102d01f7ea66e9c6fc5870e9c84849c0bc4e9ef9de054876161aa1218c5718ffc61a17a9c122f5c5807978ca7b0eefdad9d5d7e766e3b0680b37fd33535022d7420395ee7d59d72f2cac7a9d5813700509443a4b7eda5eeaf09a99c712e8d31069cad7d64fdac582a9aa40a4078622e98f14dfce64a75452f91eaaed34db3b09a621edf8b54d5ebdce27bd6c8c58627cbaa9b54a435ab59b4b2b9d910841a873135702d5fd624c00d72c84ad888c1a8beecfc65c9ecdbcd81916ef12665532a60ab881f242e9bfca639c5fea29c1e73e495a51ed707eb2b481727f5c550adbb9703688c7ba663054a83af7c3c08070567d36b3933846f3358c5dd056b27adfe97c1478ff741072a0410cf5d156e6b13004aa01501cd18b91504415c586a0f5e9d14c358b4356918946f60eb12c267c6032b2aa7873acf6e1219f2fe3f734b87211b9dd049c8f9aed9db138f4791cdb5f8fee836cf63cbacfae2842eaf6763d59b568b4020d203c1560aa4ab9248b11b61186c854e20bc43e08abfffddc142a688ef07f6029ed475142facda3e85af545c6e060a676688e4e3b3d328f41f174c6a0f9d73c9a337ac6b24397d1cf53ac5e3a674df05cf820fd7d6d57a6eb5473cb11eeaaf2e900c7dfa290b325f04e9d19522028e718684af7f8538d46f8ae179b786d43cf0fd1f0360f3c0658040c90fc6c393cb25c05708b4644df5e342762a8e5d270d1d83523b974832b9acfe00fe50608b8c80253df5f032c626f822c68cde3af99eea4debf40cd6edb015ba2322fec63d579dd9d4075cf1b96c50e6caa33d30fc78cc90d2d8624ba6a0ddc35d0fd556e4fb8017d2f7c6cb9c3fb6b8d05ec8c91e56dd2df02b7281f120a334036faa8546293075597523002ccd6103c8ad8d128308976d8d045b781757b0bcbef043e66d7e544d9555288402e20f30a3238485bcfde004d98bbfab5db8aa3b1f77e0bdb455516f91e6b614c0aa9b9a2641529113d9dca217bc9a8bd125e2d0e3d02e0f0bc0e993e53c1fd4d7ee7012b58443b3f19de347626181eb6bf199f5a2ad1452eb786"}, 0x2101})

09:18:28 executing program 2:
r0 = open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x1800007, 0x11, r0, 0x0)
r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r2=>0x0)
ftruncate(r1, 0x81fd)
syz_open_dev$vcsu(&(0x7f0000001700), 0x0, 0x0)
sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000003980)=[{0x0}], 0x1}, 0x0)
io_submit(r2, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0x63, 0x1, 0x0, r1, &(0x7f0000000000), 0x16000}])

09:18:28 executing program 5:
mlockall(0x1)
mremap(&(0x7f0000453000/0x4000)=nil, 0x4000, 0x1000, 0x3, &(0x7f000014a000/0x1000)=nil)
mbind(&(0x7f00003b5000/0x800000)=nil, 0x800004, 0x18100, 0x0, 0x0, 0x2)

[  286.450759][ T1041]  loop1: p2 < > p3 p4
[  286.457011][ T1041] loop1: p2 size 2 extends beyond EOD, truncated
[  286.464512][T27342]  loop3: p1 p3 p4
[  286.469255][T27342] loop3: p1 size 11290111 extends beyond EOD, truncated
[  286.480584][T27342] loop3: p3 size 1912633224 extends beyond EOD, truncated
09:18:28 executing program 4:
mkdir(&(0x7f0000002200)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000980)='./file0\x00', &(0x7f0000000440)='proc\x00', 0x0, 0x0)
mount(&(0x7f0000000040)=@md0, &(0x7f0000000080)='./file0/file0\x00', &(0x7f00000000c0)='jfs\x00', 0x4080a, &(0x7f0000000100)='proc\x00')
r0 = open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
fcntl$setlease(r1, 0x400, 0x0)
getdents(r0, &(0x7f00000005c0)=""/223, 0xfc61)

[  286.495642][ T1041] loop1: p3 start 225 is beyond EOD, truncated
[  286.502062][ T1041] loop1: p4 size 3657465856 extends beyond EOD, truncated
[  286.506405][T27342] loop3: p4 size 3657465856 extends beyond EOD, truncated
09:18:28 executing program 1:
r0 = syz_io_uring_setup(0x2de1, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000002000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000001c0)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index, 0x0, 0x0, 0x0, 0x1}, 0x0)
syz_io_uring_setup(0x6c6, &(0x7f0000000000)={0x0, 0x65c8, 0x8, 0x2, 0x381}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000003000/0x3000)=nil, &(0x7f0000000080)=<r3=>0x0, &(0x7f00000000c0))
r4 = mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000005, 0x12, 0xffffffffffffffff, 0x10000000)
r5 = syz_io_uring_setup(0x1249, &(0x7f0000000240), &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000100)=<r6=>0x0, &(0x7f0000000080)=<r7=>0x0)
r8 = io_uring_register$IORING_REGISTER_PERSONALITY(r5, 0x9, 0x0, 0x0)
syz_io_uring_submit(r6, r7, &(0x7f0000000040)=@IORING_OP_FALLOCATE={0x11, 0x0, 0x0, @fd=r5, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, r8}}, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000200)=@IORING_OP_WRITE={0x17, 0x4, 0x2007, @fd_index=0x8, 0x4, &(0x7f0000000340)="7b05eb60fdb0c35650a31de33b6063ce7b17de5d324b79a49d518553b4c89ee18f1b089c039204b7f97f7b24dcd21c96cff5fb99dde8cbd5ba049d4399c9dc4d247de20aff66fae596f6314aef2dfbc6f433a4afecbdbb0c100740e36933bd5f46d86842cb5387360fda57873ef62cce8eedcc0a592a798846f07ff09db922ee6e30ec81839bf4668c880bd8c4f46bb9781934d6f6ae", 0x96, 0xc, 0x0, {0x0, r8}}, 0xdca6)
io_uring_enter(r0, 0x302, 0x0, 0x0, 0x0, 0x0)

09:18:28 executing program 3:
syz_read_part_table(0xffefffff, 0x1, &(0x7f0000000480)=[{&(0x7f0000000000)="020181ffffff0a000000ff45ac000000000063000800000000000000000000ffffffa9000000e10000008877007200300700a6ffffff00000000008000da55aa", 0x40, 0x1c0}])
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)

[  286.627369][T27384] loop3: detected capacity change from 0 to 264192
[  286.650915][ T1041]  loop1: p2 < > p3 p4
[  286.659989][ T1041] loop1: p2 size 2 extends beyond EOD, truncated
[  286.674700][ T1041] loop1: p3 start 225 is beyond EOD, truncated
[  286.680987][ T1041] loop1: p4 size 3657465856 extends beyond EOD, truncated
[  286.688730][T27384]  loop3: p1 p3 p4
[  286.692617][T27384] loop3: p1 size 11290111 extends beyond EOD, truncated
[  286.707247][T27384] loop3: p3 size 1912633224 extends beyond EOD, truncated
[  286.723301][T27384] loop3: p4 size 3657465856 extends beyond EOD, truncated
[  286.763999][T27341] FAULT_INJECTION: forcing a failure.
[  286.763999][T27341] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  286.777636][T27341] CPU: 1 PID: 27341 Comm: syz-executor.0 Not tainted 5.14.0-rc4-syzkaller #0
[  286.786607][T27341] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  286.796821][T27341] Call Trace:
[  286.800101][T27341]  dump_stack_lvl+0xb7/0x103
[  286.804696][T27341]  dump_stack+0x11/0x1a
[  286.808918][T27341]  should_fail+0x23c/0x250
[  286.813407][T27341]  __alloc_pages+0x102/0x320
[  286.818195][T27341]  alloc_pages_vma+0x513/0x680
[  286.823034][T27341]  ? page_address_in_vma+0x264/0x300
[  286.828373][T27341]  new_page+0x124/0x170
[  286.832572][T27341]  migrate_pages+0x3b3/0x1530
[  286.837606][T27341]  ? do_mbind+0xf50/0xf50
[  286.842032][T27341]  ? remove_migration_ptes+0x90/0x90
[  286.847381][T27341]  do_mbind+0xd43/0xf50
[  286.851656][T27341]  __x64_sys_mbind+0x10a/0x130
[  286.856513][T27341]  do_syscall_64+0x3d/0x90
[  286.860933][T27341]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  286.867100][T27341] RIP: 0033:0x4665e9
[  286.871163][T27341] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  286.891047][T27341] RSP: 002b:00007f21c691d188 EFLAGS: 00000246 ORIG_RAX: 00000000000000ed
[  286.899638][T27341] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665e9
[  286.907774][T27341] RDX: 0000000000000000 RSI: 0000000000800004 RDI: 00000000203b5000
[  286.915746][T27341] RBP: 00007f21c691d1d0 R08: 0000000000000000 R09: 0000000000000002
[  286.923910][T27341] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  286.931923][T27341] R13: 00007ffd632b736f R14: 00007f21c691d300 R15: 0000000000022000
09:18:28 executing program 0 (fault-call:2 fault-nth:28):
mlockall(0x1)
mremap(&(0x7f0000453000/0x4000)=nil, 0x4000, 0x1000, 0x3, &(0x7f000014a000/0x1000)=nil)
mbind(&(0x7f00003b5000/0x800000)=nil, 0x800004, 0x0, 0x0, 0x0, 0x2)

09:18:28 executing program 2:
r0 = open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x1800007, 0x11, r0, 0x0)
r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r2=>0x0)
ftruncate(r1, 0x81fd)
syz_open_dev$vcsu(&(0x7f0000001700), 0x0, 0x0)
sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000003980)=[{0x0}], 0x1}, 0x0)
io_submit(r2, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0xef, 0x1, 0x0, r1, &(0x7f0000000000), 0x16000}])

09:18:28 executing program 4:
mkdir(&(0x7f0000002200)='./file0\x00', 0x0)
openat(0xffffffffffffffff, &(0x7f0000000040)='./file0/file0\x00', 0x200, 0x0)
mount(0x0, &(0x7f0000000980)='./file0\x00', &(0x7f0000000440)='proc\x00', 0x0, 0x0)
r0 = open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
getdents(r0, &(0x7f00000005c0)=""/223, 0xfc61)

09:18:28 executing program 1:
r0 = syz_io_uring_setup(0x2de1, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x1, 0x212, 0x0, 0x0}, &(0x7f0000002000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000001c0)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index, 0x0, 0x0, 0x0, 0x1}, 0x0)
r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000002000/0x4000)=nil, 0x4000, 0x2000000, 0x10, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r3, r2, &(0x7f0000000000)=@IORING_OP_FALLOCATE={0x11, 0x6, 0x0, @fd_index=0x7, 0x6, 0x0, 0x13904d5}, 0x1)
io_uring_enter(r0, 0x302, 0x0, 0x0, 0x0, 0x0)

09:18:28 executing program 3:
syz_read_part_table(0xffffe000, 0x1, &(0x7f0000000480)=[{&(0x7f0000000000)="020181ffffff0a000000ff45ac000000000063000800000000000000000000ffffffa9000000e10000008877007200300700a6ffffff00000000008000da55aa", 0x40, 0x1c0}])
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)

09:18:28 executing program 5:
mlockall(0x1)
mremap(&(0x7f0000453000/0x4000)=nil, 0x4000, 0x1000, 0x3, &(0x7f000014a000/0x1000)=nil)
mbind(&(0x7f00003b5000/0x800000)=nil, 0x800004, 0x810100, 0x0, 0x0, 0x2)

09:18:28 executing program 1:
r0 = syz_io_uring_setup(0x2de1, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000002000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000001c0)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index, 0x0, 0x0, 0x0, 0x1}, 0x0)
pipe(&(0x7f0000000040)={<r3=>0xffffffffffffffff})
r4 = socket$inet_udp(0x2, 0x2, 0x0)
r5 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x204000, 0x0)
write(r5, &(0x7f00000002c0)="9b76b22764c9b422ccd4db633d8905f8a1c815c0d3f703c8cb63415006782ca41e3f867d309fa6fb1a00b1992ebb5a85f52f5a77f421c955f2b3bc69a445c290374c778b31c1242ba3f2b6dbad360dbec02b27affce564f201eed48574ac51259f26bc51dd8181fb0ff05cdd2aa342ca29fd5e15795befd39eb64e85d1c3bab315d1842ed985cb588f91d52849a2957882214b205203bc1ac2345deb3ea93e2a69166b94fc102d8d38daefc2d030a5241e279b90e65d37ff0851d57522cf0511d4402eec8f7fff990194162a877cf50ae9c1be739965bb97a68c58f53d44679f1cf030ad58", 0xe5)
close(r4)
splice(r3, 0x0, r4, 0x0, 0x10005, 0x0)
ioctl$ifreq_SIOCGIFINDEX_vcan(r4, 0x8933, &(0x7f0000000180)={'vcan0\x00'})
io_uring_enter(r0, 0x302, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x7c1, &(0x7f0000000000)={0x0, 0x8bc4, 0x20, 0x2, 0x3ad, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000080), &(0x7f00000000c0))

[  287.184594][T27422] loop3: detected capacity change from 0 to 264192
[  287.212451][ T1041]  loop1: p2 < > p3 p4
[  287.216609][ T1041] loop1: p2 size 2 extends beyond EOD, truncated
09:18:28 executing program 4:
mkdir(&(0x7f0000002200)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000980)='./file0\x00', &(0x7f0000000440)='proc\x00', 0x0, 0x0)
mount(&(0x7f0000000040)=@filename='./file0\x00', &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='sysv\x00', 0x1000000, &(0x7f0000000100)='proc\x00')
r0 = open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
getdents(r0, &(0x7f00000005c0)=""/223, 0xfc61)

[  287.233415][ T1041] loop1: p3 start 225 is beyond EOD, truncated
[  287.239753][ T1041] loop1: p4 size 3657465856 extends beyond EOD, truncated
[  287.248528][T27422]  loop3: p1 p3 p4
[  287.260200][T27422] loop3: p1 size 11290111 extends beyond EOD, truncated
09:18:28 executing program 2:
r0 = open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x1800007, 0x11, r0, 0x0)
r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r2=>0x0)
ftruncate(r1, 0x81fd)
syz_open_dev$vcsu(&(0x7f0000001700), 0x0, 0x0)
sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000003980)=[{0x0}], 0x1}, 0x0)
io_submit(r2, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0x204, 0x1, 0x0, r1, &(0x7f0000000000), 0x16000}])

09:18:28 executing program 1:
r0 = syz_io_uring_setup(0x2de1, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000002000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000000)='cpuset.effective_cpus\x00', 0x0, 0x0)
io_uring_enter(r3, 0x78de, 0xb99a, 0x3, &(0x7f0000000040)={[0x40]}, 0x8)
syz_io_uring_submit(r1, r2, &(0x7f00000001c0)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index, 0x0, 0x0, 0x0, 0x1}, 0x0)
io_uring_enter(r0, 0x302, 0x0, 0x0, 0x0, 0x0)

[  287.280825][T27422] loop3: p3 size 1912633224 extends beyond EOD, truncated
[  287.305138][T27422] loop3: p4 size 3657465856 extends beyond EOD, truncated
09:18:28 executing program 4:
mkdir(&(0x7f0000002200)='./file0\x00', 0x0)
setxattr(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)=@random={'user.', '-{{\'\x00'}, &(0x7f0000000080)='\x00', 0x1, 0x1)
mount(0x0, &(0x7f0000000980)='./file0\x00', &(0x7f0000000440)='proc\x00', 0x0, 0x0)
getdents(0xffffffffffffffff, &(0x7f00000005c0)=""/223, 0xfc61)
getdents64(0xffffffffffffff9c, &(0x7f0000000240)=""/210, 0xd2)
mount$9p_unix(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000100)='./file0\x00', &(0x7f0000000140), 0x844, &(0x7f0000000180)={'trans=unix,', {[{@version_u}, {@access_any}, {@version_9p2000}, {@cachetag={'cachetag', 0x3d, '\xf8'}}, {@cache_loose}, {@noextend}, {@aname={'aname', 0x3d, 'proc\x00'}}, {@aname={'aname', 0x3d, '('}}], [{@seclabel}, {@appraise}, {@defcontext={'defcontext', 0x3d, 'sysadm_u'}}, {@smackfsdef={'smackfsdef', 0x3d, '-'}}, {@subj_user={'subj_user', 0x3d, '-{{\'\x00'}}]}})

09:18:29 executing program 1:
r0 = syz_io_uring_setup(0x2de1, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000002000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000001c0)=@IORING_OP_READV=@pass_iovec={0x1, 0x4, 0x0, @fd_index=0x3, 0x0, 0x0, 0x0, 0x1}, 0x0)
io_uring_enter(r0, 0x302, 0x0, 0x0, 0x0, 0x0)

[  287.370230][T27422] loop3: detected capacity change from 0 to 264192
[  287.411406][ T1041]  loop1: p2 < > p3 p4
[  287.415730][ T1041] loop1: p2 size 2 extends beyond EOD, truncated
[  287.425842][T27422]  loop3: p1 p3 p4
[  287.430595][T27422] loop3: p1 size 11290111 extends beyond EOD, truncated
[  287.436788][ T1041] loop1: p3 start 225 is beyond EOD, truncated
[  287.444466][ T1041] loop1: p4 size 3657465856 extends beyond EOD, truncated
[  287.452358][T27422] loop3: p3 size 1912633224 extends beyond EOD, truncated
[  287.455913][T27471] 9pnet: p9_fd_create_unix (27471): problem connecting socket: ./file0: -111
[  287.468861][T27422] loop3: p4 size 3657465856 extends beyond EOD, truncated
[  287.538726][ T1041]  loop3: p1 p3 p4
[  287.542676][ T1041] loop3: p1 size 11290111 extends beyond EOD, truncated
[  287.557398][ T1041] loop3: p3 size 1912633224 extends beyond EOD, truncated
[  287.567487][ T1041] loop3: p4 size 3657465856 extends beyond EOD, truncated
[  287.578734][T27421] FAULT_INJECTION: forcing a failure.
[  287.578734][T27421] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  287.592331][T27421] CPU: 1 PID: 27421 Comm: syz-executor.0 Not tainted 5.14.0-rc4-syzkaller #0
[  287.601088][T27421] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  287.611137][T27421] Call Trace:
[  287.614413][T27421]  dump_stack_lvl+0xb7/0x103
[  287.619270][T27421]  dump_stack+0x11/0x1a
[  287.623681][T27421]  should_fail+0x23c/0x250
[  287.628095][T27421]  __alloc_pages+0x102/0x320
[  287.632687][T27421]  alloc_pages_vma+0x513/0x680
[  287.637455][T27421]  ? page_address_in_vma+0x264/0x300
[  287.642746][T27421]  new_page+0x124/0x170
[  287.647125][T27421]  migrate_pages+0x3b3/0x1530
[  287.651893][T27421]  ? do_mbind+0xf50/0xf50
[  287.656452][T27421]  ? remove_migration_ptes+0x90/0x90
[  287.661739][T27421]  do_mbind+0xd43/0xf50
[  287.665899][T27421]  __x64_sys_mbind+0x10a/0x130
[  287.670660][T27421]  do_syscall_64+0x3d/0x90
[  287.675102][T27421]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  287.680994][T27421] RIP: 0033:0x4665e9
[  287.684875][T27421] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  287.705048][T27421] RSP: 002b:00007f21c691d188 EFLAGS: 00000246 ORIG_RAX: 00000000000000ed
[  287.713481][T27421] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665e9
[  287.721647][T27421] RDX: 0000000000000000 RSI: 0000000000800004 RDI: 00000000203b5000
[  287.729767][T27421] RBP: 00007f21c691d1d0 R08: 0000000000000000 R09: 0000000000000002
[  287.737826][T27421] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  287.745817][T27421] R13: 00007ffd632b736f R14: 00007f21c691d300 R15: 0000000000022000
[  287.782476][ T1041]  loop1: p2 < > p3 p4
[  287.787489][ T1041] loop1: p2 size 2 extends beyond EOD, truncated
[  287.795539][ T1041] loop1: p3 start 225 is beyond EOD, truncated
[  287.801732][ T1041] loop1: p4 size 3657465856 extends beyond EOD, truncated
09:18:29 executing program 0 (fault-call:2 fault-nth:29):
mlockall(0x1)
mremap(&(0x7f0000453000/0x4000)=nil, 0x4000, 0x1000, 0x3, &(0x7f000014a000/0x1000)=nil)
mbind(&(0x7f00003b5000/0x800000)=nil, 0x800004, 0x0, 0x0, 0x0, 0x2)

09:18:29 executing program 2:
r0 = open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x1800007, 0x11, r0, 0x0)
r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r2=>0x0)
ftruncate(r1, 0x81fd)
syz_open_dev$vcsu(&(0x7f0000001700), 0x0, 0x0)
sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000003980)=[{0x0}], 0x1}, 0x0)
io_submit(r2, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0x281, 0x1, 0x0, r1, &(0x7f0000000000), 0x16000}])

09:18:29 executing program 1:
r0 = open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x1800007, 0x11, r0, 0x0)
r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r2=>0x0)
ftruncate(r1, 0x81fd)
syz_open_dev$vcsu(&(0x7f0000001700), 0x0, 0x0)
sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000003980)=[{0x0}], 0x1}, 0x0)
io_submit(r2, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0x8, 0x1, 0x0, r1, &(0x7f0000000000), 0x16000}])

09:18:29 executing program 4:
mkdir(&(0x7f0000002200)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000980)='./file0\x00', &(0x7f0000000440)='proc\x00', 0x0, 0x0)
open(&(0x7f0000000040)='./file0\x00', 0x119001, 0x115)
r0 = open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
getdents(r0, &(0x7f00000005c0)=""/223, 0xfc61)

09:18:29 executing program 3:
syz_read_part_table(0xffffefff, 0x1, &(0x7f0000000480)=[{&(0x7f0000000000)="020181ffffff0a000000ff45ac000000000063000800000000000000000000ffffffa9000000e10000008877007200300700a6ffffff00000000008000da55aa", 0x40, 0x1c0}])
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)

09:18:29 executing program 5:
mlockall(0x1)
mremap(&(0x7f0000453000/0x4000)=nil, 0x4000, 0x1000, 0x3, &(0x7f000014a000/0x1000)=nil)
mbind(&(0x7f00003b5000/0x800000)=nil, 0x800004, 0x1000000, 0x0, 0x0, 0x2)

09:18:29 executing program 4:
mkdir(&(0x7f0000002200)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000980)='./file0\x00', &(0x7f0000000440)='proc\x00', 0x0, 0x0)
mount(&(0x7f0000000140)=ANY=[@ANYBLOB="2f6465762f6d64300040ccc67467ea07bad21b7a97fb7a68555e94a0bc5a71a6190c4d5f96ed74c251ebfaa5a88fc1518618220c419032ee25ee7b2c241415d88abf082b6fa27ef6a99ba3141729669127c90f3c001a626e7456166b16d9a902c75802d428e4ab5cfcf20ed69fb472f40e4bd9b53c815baaace7e75f5367c6cb2b9edce0e7bd9e0663775ff1e77b81cffa750f0f9737f082fe19624208d5e128bc61290580545d1ee331cfd4cead531eb1f04f7a6d8a7a022e8920e5ce8b6e6c9054a76f68d14bd0755a3d987e644edc023c24d84a013d42713555416c5485151b921db0bc7529511a3f9586"], &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='zonefs\x00', 0x20000, &(0x7f0000000100)='proc\x00')
creat(&(0x7f0000000040)='./file0\x00', 0x89)
r0 = open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
r1 = io_uring_setup(0x6f4f, &(0x7f0000000240)={0x0, 0x729, 0x20, 0x3, 0x292})
sendfile(r1, 0xffffffffffffffff, 0x0, 0x3)
getdents(r0, &(0x7f00000005c0)=""/223, 0xfc61)

[  287.978213][T27513] loop3: detected capacity change from 0 to 264192
09:18:29 executing program 2:
r0 = open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x1800007, 0x11, r0, 0x0)
r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r2=>0x0)
ftruncate(r1, 0x81fd)
syz_open_dev$vcsu(&(0x7f0000001700), 0x0, 0x0)
sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000003980)=[{0x0}], 0x1}, 0x0)
io_submit(r2, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0x300, 0x1, 0x0, r1, &(0x7f0000000000), 0x16000}])

09:18:29 executing program 1:
r0 = open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x1800007, 0x11, r0, 0x0)
r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r2=>0x0)
ftruncate(r1, 0x81fd)
syz_open_dev$vcsu(&(0x7f0000001700), 0x0, 0x0)
sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000003980)=[{0x0}], 0x1}, 0x0)
io_submit(r2, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0x8, 0x1, 0x0, r1, &(0x7f0000000000), 0x16000}])

[  288.040407][T27513]  loop3: p1 p3 p4
[  288.044648][T27513] loop3: p1 size 11290111 extends beyond EOD, truncated
09:18:29 executing program 4:
mkdir(&(0x7f0000002200)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000980)='./file0\x00', &(0x7f0000000440)='proc\x00', 0x0, 0x0)
r0 = open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
open(&(0x7f0000000040)='./file0\x00', 0x100, 0x10a)
getdents(r0, &(0x7f00000005c0)=""/223, 0xfc61)

[  288.088016][ T1041]  loop1: p2 < > p3 p4
[  288.095169][ T1041] loop1: p2 size 2 extends beyond EOD, truncated
[  288.108093][T27513] loop3: p3 size 1912633224 extends beyond EOD, truncated
[  288.114620][ T1041] loop1: p3 start 225 is beyond EOD, truncated
[  288.121525][ T1041] loop1: p4 size 3657465856 extends beyond EOD, truncated
[  288.125962][T27513] loop3: p4 size 3657465856 extends beyond EOD, truncated
09:18:29 executing program 4:
sendmsg$IPCTNL_MSG_CT_DELETE(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000080)={&(0x7f0000000240)={0xc4, 0x2, 0x1, 0x101, 0x0, 0x0, {0x3, 0x0, 0x2}, [@CTA_LABELS_MASK={0x14, 0x17, [0x3, 0x401, 0x80000001, 0x4]}, @CTA_ZONE={0x6, 0x12, 0x1, 0x0, 0x3}, @CTA_MARK_MASK={0x8}, @CTA_TUPLE_REPLY={0x4}, @CTA_TUPLE_REPLY={0x78, 0x2, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x3}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x11}}, @CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @empty}, {0x8, 0x2, @empty}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x6}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x3a}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x21}}, @CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @loopback}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x1}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0xa7}}]}, @CTA_LABELS_MASK={0x8, 0x17, [0x8]}, @CTA_TIMEOUT={0x8, 0x7, 0x1, 0x0, 0x5}]}, 0xc4}, 0x1, 0x0, 0x0, 0x5}, 0x8000)
mkdir(&(0x7f0000002200)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000980)='./file0\x00', &(0x7f0000000440)='proc\x00', 0x0, 0x0)
r0 = open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
getdents(r0, &(0x7f0000000140)=""/209, 0xd1)

09:18:29 executing program 2:
r0 = open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x1800007, 0x11, r0, 0x0)
r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r2=>0x0)
ftruncate(r1, 0x81fd)
syz_open_dev$vcsu(&(0x7f0000001700), 0x0, 0x0)
sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000003980)=[{0x0}], 0x1}, 0x0)
io_submit(r2, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0x3e8, 0x1, 0x0, r1, &(0x7f0000000000), 0x16000}])

[  288.215551][T27513] loop3: detected capacity change from 0 to 264192
[  288.263767][ T1041]  loop1: p2 < > p3 p4
[  288.268038][ T1041] loop1: p2 size 2 extends beyond EOD, truncated
[  288.275335][T27513]  loop3: p1 p3 p4
[  288.280980][T27513] loop3: p1 size 11290111 extends beyond EOD, truncated
[  288.303502][T27513] loop3: p3 size 1912633224 extends beyond EOD, truncated
[  288.311671][ T1041] loop1: p3 start 225 is beyond EOD, truncated
[  288.317966][ T1041] loop1: p4 size 3657465856 extends beyond EOD, truncated
[  288.326178][T27513] loop3: p4 size 3657465856 extends beyond EOD, truncated
[  288.338044][T27516] FAULT_INJECTION: forcing a failure.
[  288.338044][T27516] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  288.351364][T27516] CPU: 1 PID: 27516 Comm: syz-executor.0 Not tainted 5.14.0-rc4-syzkaller #0
[  288.360425][T27516] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  288.370475][T27516] Call Trace:
[  288.373763][T27516]  dump_stack_lvl+0xb7/0x103
[  288.378367][T27516]  dump_stack+0x11/0x1a
[  288.382532][T27516]  should_fail+0x23c/0x250
[  288.386980][T27516]  __alloc_pages+0x102/0x320
[  288.391571][T27516]  alloc_pages_vma+0x513/0x680
[  288.396374][T27516]  ? page_address_in_vma+0x264/0x300
[  288.401756][T27516]  new_page+0x124/0x170
[  288.405903][T27516]  migrate_pages+0x3b3/0x1530
[  288.411074][T27516]  ? do_mbind+0xf50/0xf50
[  288.415447][T27516]  ? remove_migration_ptes+0x90/0x90
[  288.420900][T27516]  do_mbind+0xd43/0xf50
[  288.425072][T27516]  __x64_sys_mbind+0x10a/0x130
[  288.429827][T27516]  do_syscall_64+0x3d/0x90
[  288.434254][T27516]  ? irqentry_exit+0xe/0x30
[  288.439468][T27516]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  288.445530][T27516] RIP: 0033:0x4665e9
[  288.449536][T27516] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  288.469513][T27516] RSP: 002b:00007f21c691d188 EFLAGS: 00000246 ORIG_RAX: 00000000000000ed
[  288.477925][T27516] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665e9
[  288.485922][T27516] RDX: 0000000000000000 RSI: 0000000000800004 RDI: 00000000203b5000
[  288.489197][ T1041]  loop3: p1 p3 p4
[  288.494103][T27516] RBP: 00007f21c691d1d0 R08: 0000000000000000 R09: 0000000000000002
[  288.494119][T27516] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  288.494130][T27516] R13: 00007ffd632b736f R14: 00007f21c691d300 R15: 0000000000022000
[  288.552594][ T1041] loop3: p1 size 11290111 extends beyond EOD, truncated
[  288.562985][ T1041] loop3: p3 size 1912633224 extends beyond EOD, truncated
[  288.570808][ T1041] loop3: p4 size 3657465856 extends beyond EOD, truncated
09:18:30 executing program 0 (fault-call:2 fault-nth:30):
mlockall(0x1)
mremap(&(0x7f0000453000/0x4000)=nil, 0x4000, 0x1000, 0x3, &(0x7f000014a000/0x1000)=nil)
mbind(&(0x7f00003b5000/0x800000)=nil, 0x800004, 0x0, 0x0, 0x0, 0x2)

09:18:30 executing program 1:
r0 = open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x1800007, 0x11, r0, 0x0)
r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r2=>0x0)
ftruncate(r1, 0x81fd)
syz_open_dev$vcsu(&(0x7f0000001700), 0x0, 0x0)
sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000003980)=[{0x0}], 0x1}, 0x0)
io_submit(r2, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0x8, 0x1, 0x0, r1, &(0x7f0000000000), 0x16000}])

09:18:30 executing program 4:
sendmsg$IPCTNL_MSG_EXP_DELETE(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000140)={&(0x7f0000000080)={0x84, 0x2, 0x2, 0x3, 0x0, 0x0, {0x7, 0x0, 0x6}, [@CTA_EXPECT_NAT={0x70, 0xa, 0x0, 0x1, [@CTA_EXPECT_NAT_DIR={0x8, 0x1, 0x1, 0x0, 0x1}, @CTA_EXPECT_NAT_DIR={0x8, 0x1, 0x1, 0x0, 0x1}, @CTA_EXPECT_NAT_TUPLE={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev={0xac, 0x14, 0x14, 0x40}}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x1, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x3a}}]}, @CTA_EXPECT_NAT_DIR={0x8}, @CTA_EXPECT_NAT_TUPLE={0x30, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast1}, {0x14, 0x4, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}}}}]}]}]}, 0x84}, 0x1, 0x0, 0x0, 0x40005}, 0x40)
mkdir(&(0x7f0000002200)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000980)='./file0\x00', &(0x7f0000000440)='proc\x00', 0x0, 0x0)
r0 = open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r2 = socket$packet(0x11, 0x2, 0x300)
r3 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000280)={'sit0\x00', <r4=>0x0})
sendto$packet(r2, 0x0, 0x0, 0x0, &(0x7f00000000c0)={0x11, 0x8848, r4, 0x1, 0x0, 0x6, @random="b52aa03ef753"}, 0x14)
sendmsg$ETHTOOL_MSG_PRIVFLAGS_SET(r1, &(0x7f0000000300)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f00000002c0)={&(0x7f00000009c0)={0x584, 0x0, 0x400, 0x70bd27, 0x25dfdbfd, {}, [@ETHTOOL_A_PRIVFLAGS_FLAGS={0x210, 0x2, 0x0, 0x1, [@ETHTOOL_A_BITSET_NOMASK={0x4}, @ETHTOOL_A_BITSET_VALUE={0x83, 0x4, "c60a6e9de1ebb733bdb28b52df893eccd10e968ad1aacef3597c3f4cc51dce97b45781da9ba356da2381390ffdc515764482f7dc2ce8611cfe1317dddf18e7ca586d601ba90f0e13351434d0b6050827e6af7afdfa4dcdf6ef35511da352f9e855fd82a876bf98daf8cad82dc36599d3ac4a7571b2e2f450f4d963fc0ab869"}, @ETHTOOL_A_BITSET_VALUE={0xec, 0x4, "11e2742b33703dd18f16b189a6be9686a9c52511eedc5a90d428fc48620352202ee116ed6ea34864eb81dd7d854c3e05484929ab428ba4d8c32330991a123521c454899539e4166e0f650ab01642f4c47af7f7d1260822657c3931b426b87c643fb5692f041968bb67e6a034b4ce96b1069445ccc98a0c44cd1105669494d83140308cfee9e0a377d189307bb49dab2cc9515baf50e0a95d9a8c09f962c1ea99392df83eac50f26bbf508350529f18a6c96a3723c17d486133dc72604abd1f078269f2dce8c764d3b5be4887f838f744df30cc4e14d71c5b7ba55eb0e54ae567501003795926c5c9"}, @ETHTOOL_A_BITSET_MASK={0x56, 0x5, "50fd697a57c183688361efcffda7d92e417ef6b05b0168e557aec14a3a578590edb1590a101638e85bad9beb590b8576c697c4268f3e60f307b592b16003891052bd97688c1b561bf6b4b721a61ed2ed9779"}, @ETHTOOL_A_BITSET_VALUE={0x27, 0x4, "9aafb72aa27fe5264674513018829cadea75233b160bda95bafac73a940cf479b6ca39"}, @ETHTOOL_A_BITSET_SIZE={0x8, 0x2, 0x4}, @ETHTOOL_A_BITSET_SIZE={0x8, 0x2, 0x3ff}, @ETHTOOL_A_BITSET_SIZE={0x8, 0x2, 0x82}]}, @ETHTOOL_A_PRIVFLAGS_HEADER={0x40, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth1_to_batadv\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}]}, @ETHTOOL_A_PRIVFLAGS_FLAGS={0x18c, 0x2, 0x0, 0x1, [@ETHTOOL_A_BITSET_BITS={0xb0, 0x3, 0x0, 0x1, [{0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_NAME={0xc, 0x2, '/dev/nbd'}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x8}]}, {0x14, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_NAME={0x6, 0x2, '/\x00'}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}]}, {0x48, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x6}, @ETHTOOL_A_BITSET_BIT_NAME={0xc, 0x2, '/dev/nbd'}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0xffffffff}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x8}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x10001}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8}]}, {0x38, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_NAME={0xa, 0x2, '&@$[-\x00'}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x2}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0xe71c}, @ETHTOOL_A_BITSET_BIT_NAME={0x6, 0x2, '*\x00'}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}]}]}, @ETHTOOL_A_BITSET_MASK={0x8, 0x5, "ec055b14"}, @ETHTOOL_A_BITSET_VALUE={0x27, 0x4, "bdfde8b9f9629b4438d93785e096c8aedad99f0f2e848afc1509d72f4f12db17f47581"}, @ETHTOOL_A_BITSET_VALUE={0xa5, 0x4, "c2e33457c33e6083c35133a242d92e320954bd2e8117d0ab11ab321bce15327fd5b75e8a675f5644f49925e9c55e3dbfbddd92d2ef97367d197a2dde139be0afe5192c8cbb54fc676319061573b7536ae9c22468346fea55467d69eb615ab0d72ff08dad33e5bf77e5ce2b4b31a81fd5c2972ac9079acf1b65ef9d546b4848a7bc686367dc93344d871a66e5e04a339008e08a4f2bac76f1059c3c533953d65635"}]}, @ETHTOOL_A_PRIVFLAGS_HEADER={0x3c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r4}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'vcan0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'bridge_slave_1\x00'}]}, @ETHTOOL_A_PRIVFLAGS_FLAGS={0x7c, 0x2, 0x0, 0x1, [@ETHTOOL_A_BITSET_BITS={0x6c, 0x3, 0x0, 0x1, [{0x58, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_NAME={0x7, 0x2, '\'[\x00'}, @ETHTOOL_A_BITSET_BIT_NAME={0x5, 0x2, '\x00'}, @ETHTOOL_A_BITSET_BIT_NAME={0xc, 0x2, '/dev/nbd'}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x6}, @ETHTOOL_A_BITSET_BIT_NAME={0xc, 0x2, '/dev/nbd'}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x80}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_NAME={0x9, 0x2, 'proc\x00'}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0xc7}]}, {0x10, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}]}]}, @ETHTOOL_A_BITSET_NOMASK={0x4}, @ETHTOOL_A_BITSET_SIZE={0x8, 0x2, 0xfffffc00}]}, @ETHTOOL_A_PRIVFLAGS_HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8}]}, @ETHTOOL_A_PRIVFLAGS_FLAGS={0xd0, 0x2, 0x0, 0x1, [@ETHTOOL_A_BITSET_SIZE={0x8, 0x2, 0x4}, @ETHTOOL_A_BITSET_MASK={0xc4, 0x5, "a2edf8416803322a914f0bdb781816e24ff0ab6759d4dabf74a2ef0b3d3c41e853590f8e8a6c181f132a18c24b60033e6a3b69155a14582d68978812bd365b9c7cbeaa95359464139de939efdf0e2a38429fab6dfeadf2f50a517f91258695de5e39b258c8b51e694a0116e2179049047f74ce2b633cc47d4bee8f5ec400598939ad3e40ce5a6f2f42b195881c605929e2099f42a51221f66b25ea4a80f907d38f91039ba7a4a7b5440b2fb3c09cb3ac60b08b39ecea31adbb1b1706f2bb9ea1"}]}]}, 0x584}, 0x1, 0x0, 0x0, 0x810}, 0x4008084)
mount(&(0x7f00000001c0)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000000200)='./file0/file0\x00', &(0x7f0000000240)='ncpfs\x00', 0x818000, 0x0)
getdents(r0, &(0x7f00000005c0)=""/223, 0xfc61)

09:18:30 executing program 2:
r0 = open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x1800007, 0x11, r0, 0x0)
r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r2=>0x0)
ftruncate(r1, 0x81fd)
syz_open_dev$vcsu(&(0x7f0000001700), 0x0, 0x0)
sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000003980)=[{0x0}], 0x1}, 0x0)
io_submit(r2, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0x402, 0x1, 0x0, r1, &(0x7f0000000000), 0x16000}])

09:18:30 executing program 5:
mlockall(0x1)
mremap(&(0x7f0000453000/0x4000)=nil, 0x4000, 0x1000, 0x3, &(0x7f000014a000/0x1000)=nil)
mbind(&(0x7f00003b5000/0x800000)=nil, 0x800004, 0x2000000, 0x0, 0x0, 0x2)

09:18:30 executing program 3:
syz_read_part_table(0xfffffdfd, 0x1, &(0x7f0000000480)=[{&(0x7f0000000000)="020181ffffff0a000000ff45ac000000000063000800000000000000000000ffffffa9000000e10000008877007200300700a6ffffff00000000008000da55aa", 0x40, 0x1c0}])
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)

09:18:30 executing program 4:
mkdir(&(0x7f0000002200)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000980)='./file0\x00', &(0x7f0000000440)='proc\x00', 0x0, 0x0)
r0 = open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
r1 = open$dir(&(0x7f0000000080)='./file0\x00', 0x101000, 0x81)
open(&(0x7f0000000040)='./file0\x00', 0x80843, 0x1f6)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r2, 0x0)
preadv(r2, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
renameat(r1, &(0x7f00000000c0)='./file0\x00', r2, &(0x7f0000000100)='.\x00')
getdents(r0, &(0x7f00000005c0)=""/223, 0xfc61)

[  288.765888][T27597] loop3: detected capacity change from 0 to 264192
[  288.800230][T27597]  loop3: p1 p3 p4
[  288.809015][T27597] loop3: p1 size 11290111 extends beyond EOD, truncated
09:18:30 executing program 1:
r0 = open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x1800007, 0x11, r0, 0x0)
r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r2=>0x0)
ftruncate(r1, 0x81fd)
syz_open_dev$vcsu(&(0x7f0000001700), 0x0, 0x0)
io_submit(r2, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0x8, 0x1, 0x0, r1, &(0x7f0000000000), 0x16000}])

09:18:30 executing program 2:
r0 = open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x1800007, 0x11, r0, 0x0)
r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r2=>0x0)
ftruncate(r1, 0x81fd)
syz_open_dev$vcsu(&(0x7f0000001700), 0x0, 0x0)
sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000003980)=[{0x0}], 0x1}, 0x0)
io_submit(r2, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0x406, 0x1, 0x0, r1, &(0x7f0000000000), 0x16000}])

[  288.827048][T27597] loop3: p3 size 1912633224 extends beyond EOD, truncated
[  288.845631][T27597] loop3: p4 size 3657465856 extends beyond EOD, truncated
[  288.859660][ T1041]  loop1: p2 < > p3 p4
09:18:30 executing program 4:
mkdir(&(0x7f0000002200)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000980)='./file0\x00', &(0x7f0000000440)='proc\x00', 0x0, 0x0)
r0 = open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f00000000c0)=<r2=>0x0)
fcntl$setownex(r1, 0xf, &(0x7f0000000100)={0x0, r2})
getdents(r0, &(0x7f00000005c0)=""/223, 0xfc61)
getdents64(r0, &(0x7f0000000040)=""/77, 0x4d)

[  288.874054][ T1041] loop1: p2 size 2 extends beyond EOD, truncated
[  288.881292][ T1041] loop1: p3 start 225 is beyond EOD, truncated
[  288.887680][ T1041] loop1: p4 size 3657465856 extends beyond EOD, truncated
09:18:30 executing program 1:
r0 = open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x1800007, 0x11, r0, 0x0)
r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r2=>0x0)
ftruncate(r1, 0x81fd)
io_submit(r2, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0x8, 0x1, 0x0, r1, &(0x7f0000000000), 0x16000}])

[  288.918163][T27597] loop3: detected capacity change from 0 to 264192
09:18:30 executing program 2:
r0 = open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x1800007, 0x11, r0, 0x0)
r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r2=>0x0)
ftruncate(r1, 0x81fd)
syz_open_dev$vcsu(&(0x7f0000001700), 0x0, 0x0)
sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000003980)=[{0x0}], 0x1}, 0x0)
io_submit(r2, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0x408, 0x1, 0x0, r1, &(0x7f0000000000), 0x16000}])

[  288.958764][ T1041]  loop3: p1 p3 p4
[  288.962615][ T1041] loop3: p1 size 11290111 extends beyond EOD, truncated
[  288.977645][ T1041] loop3: p3 size 1912633224 extends beyond EOD, truncated
[  288.994001][ T1041] loop3: p4 size 3657465856 extends beyond EOD, truncated
[  289.012913][T27597]  loop3: p1 p3 p4
[  289.016951][T27597] loop3: p1 size 11290111 extends beyond EOD, truncated
[  289.031892][T27597] loop3: p3 size 1912633224 extends beyond EOD, truncated
[  289.047360][T27597] loop3: p4 size 3657465856 extends beyond EOD, truncated
[  289.095371][ T1041]  loop1: p2 < > p3 p4
[  289.099663][ T1041] loop1: p2 size 2 extends beyond EOD, truncated
[  289.106900][ T1041] loop1: p3 start 225 is beyond EOD, truncated
[  289.113246][ T1041] loop1: p4 size 3657465856 extends beyond EOD, truncated
[  289.132390][T27589] FAULT_INJECTION: forcing a failure.
[  289.132390][T27589] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  289.145953][T27589] CPU: 0 PID: 27589 Comm: syz-executor.0 Not tainted 5.14.0-rc4-syzkaller #0
[  289.154723][T27589] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  289.165029][T27589] Call Trace:
[  289.168312][T27589]  dump_stack_lvl+0xb7/0x103
[  289.172941][T27589]  dump_stack+0x11/0x1a
[  289.177117][T27589]  should_fail+0x23c/0x250
[  289.181560][T27589]  __alloc_pages+0x102/0x320
[  289.186151][T27589]  alloc_pages_vma+0x513/0x680
[  289.190965][T27589]  ? page_address_in_vma+0x264/0x300
[  289.196336][T27589]  new_page+0x124/0x170
[  289.200495][T27589]  migrate_pages+0x3b3/0x1530
[  289.205220][T27589]  ? do_mbind+0xf50/0xf50
[  289.209720][T27589]  ? remove_migration_ptes+0x90/0x90
[  289.215109][T27589]  do_mbind+0xd43/0xf50
[  289.219256][T27589]  __x64_sys_mbind+0x10a/0x130
[  289.224011][T27589]  do_syscall_64+0x3d/0x90
[  289.228424][T27589]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  289.234344][T27589] RIP: 0033:0x4665e9
[  289.238235][T27589] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  289.258069][T27589] RSP: 002b:00007f21c691d188 EFLAGS: 00000246 ORIG_RAX: 00000000000000ed
[  289.266591][T27589] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665e9
[  289.274560][T27589] RDX: 0000000000000000 RSI: 0000000000800004 RDI: 00000000203b5000
[  289.282556][T27589] RBP: 00007f21c691d1d0 R08: 0000000000000000 R09: 0000000000000002
[  289.290539][T27589] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  289.298506][T27589] R13: 00007ffd632b736f R14: 00007f21c691d300 R15: 0000000000022000
09:18:31 executing program 0 (fault-call:2 fault-nth:31):
mlockall(0x1)
mremap(&(0x7f0000453000/0x4000)=nil, 0x4000, 0x1000, 0x3, &(0x7f000014a000/0x1000)=nil)
mbind(&(0x7f00003b5000/0x800000)=nil, 0x800004, 0x0, 0x0, 0x0, 0x2)

09:18:31 executing program 4:
mkdir(&(0x7f0000002200)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000980)='./file0\x00', &(0x7f0000000440)='proc\x00', 0x0, 0x0)
r0 = open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
pipe(&(0x7f0000000040)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0)
renameat(r1, &(0x7f0000000040)='./file0\x00', r0, &(0x7f0000000080)='./file0\x00')
getdents(r0, &(0x7f00000005c0)=""/223, 0xfc61)

09:18:31 executing program 1:
r0 = open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x1800007, 0x11, r0, 0x0)
r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r2=>0x0)
io_submit(r2, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0x8, 0x1, 0x0, r1, &(0x7f0000000000), 0x16000}])

09:18:31 executing program 2:
r0 = open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x1800007, 0x11, r0, 0x0)
r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r2=>0x0)
ftruncate(r1, 0x81fd)
syz_open_dev$vcsu(&(0x7f0000001700), 0x0, 0x0)
sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000003980)=[{0x0}], 0x1}, 0x0)
io_submit(r2, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0x500, 0x1, 0x0, r1, &(0x7f0000000000), 0x16000}])

09:18:31 executing program 3:
syz_read_part_table(0xffffff7f, 0x1, &(0x7f0000000480)=[{&(0x7f0000000000)="020181ffffff0a000000ff45ac000000000063000800000000000000000000ffffffa9000000e10000008877007200300700a6ffffff00000000008000da55aa", 0x40, 0x1c0}])
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)

09:18:31 executing program 5:
mlockall(0x1)
mremap(&(0x7f0000453000/0x4000)=nil, 0x4000, 0x1000, 0x3, &(0x7f000014a000/0x1000)=nil)
mbind(&(0x7f00003b5000/0x800000)=nil, 0x800004, 0x3000000, 0x0, 0x0, 0x2)

[  289.526075][T27677] loop3: detected capacity change from 0 to 264192
09:18:31 executing program 1:
r0 = open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x1800007, 0x11, r0, 0x0)
r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6000)
io_submit(0x0, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0x8, 0x1, 0x0, r1, &(0x7f0000000000), 0x16000}])

[  289.589741][T27677]  loop3: p1 p3 p4
09:18:31 executing program 2:
r0 = open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x1800007, 0x11, r0, 0x0)
r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r2=>0x0)
ftruncate(r1, 0x81fd)
syz_open_dev$vcsu(&(0x7f0000001700), 0x0, 0x0)
sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000003980)=[{0x0}], 0x1}, 0x0)
io_submit(r2, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0x582, 0x1, 0x0, r1, &(0x7f0000000000), 0x16000}])

[  289.613229][ T1041]  loop1: p2 < > p3 p4
[  289.618272][ T1041] loop1: p2 size 2 extends beyond EOD, truncated
[  289.627143][T27677] loop3: p1 size 11290111 extends beyond EOD, truncated
[  289.650705][T27677] loop3: p3 size 1912633224 extends beyond EOD, truncated
09:18:31 executing program 1:
r0 = open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x1800007, 0x11, r0, 0x0)
r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6000)
io_submit(0x0, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0x8, 0x1, 0x0, r1, &(0x7f0000000000), 0x16000}])

[  289.658604][ T1041] loop1: p3 start 225 is beyond EOD, truncated
[  289.664810][ T1041] loop1: p4 size 3657465856 extends beyond EOD, truncated
[  289.673393][T27677] loop3: p4 size 3657465856 extends beyond EOD, truncated
09:18:31 executing program 2:
r0 = open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x1800007, 0x11, r0, 0x0)
r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r2=>0x0)
ftruncate(r1, 0x81fd)
syz_open_dev$vcsu(&(0x7f0000001700), 0x0, 0x0)
sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000003980)=[{0x0}], 0x1}, 0x0)
io_submit(r2, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0x600, 0x1, 0x0, r1, &(0x7f0000000000), 0x16000}])

09:18:31 executing program 1:
r0 = open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x1800007, 0x11, r0, 0x0)
r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6000)
io_submit(0x0, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0x8, 0x1, 0x0, r1, &(0x7f0000000000), 0x16000}])

[  289.709261][ T1041]  loop1: p2 < > p3 p4
[  289.720411][ T1041] loop1: p2 size 2 extends beyond EOD, truncated
[  289.741153][T27677] loop3: detected capacity change from 0 to 264192
09:18:31 executing program 1:
r0 = open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x1800007, 0x11, r0, 0x0)
r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
io_setup(0x202, &(0x7f0000000200)=<r2=>0x0)
io_submit(r2, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0x8, 0x1, 0x0, r1, &(0x7f0000000000), 0x16000}])

[  289.754614][ T1041] loop1: p3 start 225 is beyond EOD, truncated
[  289.760837][ T1041] loop1: p4 size 3657465856 extends beyond EOD, truncated
[  289.778423][T27677]  loop3: p1 p3 p4
[  289.782321][T27677] loop3: p1 size 11290111 extends beyond EOD, truncated
[  289.801665][T27677] loop3: p3 size 1912633224 extends beyond EOD, truncated
[  289.823598][T27677] loop3: p4 size 3657465856 extends beyond EOD, truncated
[  289.846778][ T1041]  loop3: p1 p3 p4
[  289.851824][ T1041] loop3: p1 size 11290111 extends beyond EOD, truncated
[  289.875029][T27674] FAULT_INJECTION: forcing a failure.
[  289.875029][T27674] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  289.878581][ T1041] loop3: p3 size 1912633224 extends beyond EOD, truncated
[  289.888300][T27674] CPU: 0 PID: 27674 Comm: syz-executor.0 Not tainted 5.14.0-rc4-syzkaller #0
[  289.896000][ T1041] loop3: p4 size 3657465856 extends beyond EOD, truncated
[  289.904258][T27674] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  289.921641][T27674] Call Trace:
[  289.924922][T27674]  dump_stack_lvl+0xb7/0x103
[  289.929628][T27674]  dump_stack+0x11/0x1a
[  289.933868][T27674]  should_fail+0x23c/0x250
[  289.938320][T27674]  __alloc_pages+0x102/0x320
[  289.942921][T27674]  alloc_pages_vma+0x513/0x680
[  289.947678][T27674]  ? page_address_in_vma+0x264/0x300
[  289.952988][T27674]  new_page+0x124/0x170
[  289.957310][T27674]  migrate_pages+0x3b3/0x1530
[  289.961980][T27674]  ? do_mbind+0xf50/0xf50
[  289.966303][T27674]  ? remove_migration_ptes+0x90/0x90
[  289.971576][T27674]  do_mbind+0xd43/0xf50
[  289.975857][T27674]  __x64_sys_mbind+0x10a/0x130
[  289.980880][T27674]  do_syscall_64+0x3d/0x90
[  289.985623][T27674]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  289.991522][T27674] RIP: 0033:0x4665e9
[  289.995583][T27674] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  290.015547][T27674] RSP: 002b:00007f21c691d188 EFLAGS: 00000246 ORIG_RAX: 00000000000000ed
[  290.024381][T27674] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665e9
[  290.032612][T27674] RDX: 0000000000000000 RSI: 0000000000800004 RDI: 00000000203b5000
[  290.040659][T27674] RBP: 00007f21c691d1d0 R08: 0000000000000000 R09: 0000000000000002
[  290.048790][T27674] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  290.056763][T27674] R13: 00007ffd632b736f R14: 00007f21c691d300 R15: 0000000000022000
09:18:31 executing program 0 (fault-call:2 fault-nth:32):
mlockall(0x1)
mremap(&(0x7f0000453000/0x4000)=nil, 0x4000, 0x1000, 0x3, &(0x7f000014a000/0x1000)=nil)
mbind(&(0x7f00003b5000/0x800000)=nil, 0x800004, 0x0, 0x0, 0x0, 0x2)

[  290.281775][ T1041]  loop1: p2 < > p3 p4
[  290.285962][ T1041] loop1: p2 size 2 extends beyond EOD, truncated
[  290.293530][ T1041] loop1: p3 start 225 is beyond EOD, truncated
[  290.299742][ T1041] loop1: p4 size 3657465856 extends beyond EOD, truncated
09:18:31 executing program 4:
pipe(&(0x7f0000000040)={<r0=>0xffffffffffffffff})
r1 = socket$inet_udp(0x2, 0x2, 0x0)
close(r1)
splice(r0, 0x0, r1, 0x0, 0x10005, 0x0)
sendmsg$BATADV_CMD_SET_VLAN(r0, &(0x7f00000001c0)={&(0x7f0000000100), 0xc, &(0x7f0000000180)={&(0x7f0000000140)={0x20, 0x0, 0x20, 0x70bd2d, 0x25dfdbfe, {}, [@BATADV_ATTR_ORIG_ADDRESS={0xa, 0x9, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x36}}]}, 0x20}, 0x1, 0x0, 0x0, 0x2000000}, 0x4004004)
mkdir(&(0x7f0000002200)='./file0\x00', 0xfc)
mount(0x0, &(0x7f0000000980)='./file0\x00', &(0x7f0000000440)='proc\x00', 0x0, 0x0)
r2 = open$dir(&(0x7f0000000000)='./file0\x00', 0x511900, 0x0)
lsetxattr$trusted_overlay_opaque(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080), &(0x7f00000000c0), 0x2, 0x1)
getdents(r2, &(0x7f00000005c0)=""/223, 0xfc61)

09:18:31 executing program 2:
r0 = open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x1800007, 0x11, r0, 0x0)
r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r2=>0x0)
ftruncate(r1, 0x81fd)
syz_open_dev$vcsu(&(0x7f0000001700), 0x0, 0x0)
sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000003980)=[{0x0}], 0x1}, 0x0)
io_submit(r2, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0x604, 0x1, 0x0, r1, &(0x7f0000000000), 0x16000}])

09:18:31 executing program 5:
mlockall(0x1)
mremap(&(0x7f0000453000/0x4000)=nil, 0x4000, 0x1000, 0x3, &(0x7f000014a000/0x1000)=nil)
mbind(&(0x7f00003b5000/0x800000)=nil, 0x800004, 0x4000000, 0x0, 0x0, 0x2)

09:18:31 executing program 3:
syz_read_part_table(0xffffff80, 0x1, &(0x7f0000000480)=[{&(0x7f0000000000)="020181ffffff0a000000ff45ac000000000063000800000000000000000000ffffffa9000000e10000008877007200300700a6ffffff00000000008000da55aa", 0x40, 0x1c0}])
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)

09:18:31 executing program 1:
r0 = open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x1800007, 0x11, r0, 0x0)
r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
io_setup(0x202, &(0x7f0000000200)=<r2=>0x0)
io_submit(r2, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0x8, 0x1, 0x0, r1, &(0x7f0000000000), 0x16000}])

09:18:32 executing program 4:
syz_read_part_table(0x48000000, 0x1, &(0x7f0000000480)=[{&(0x7f0000000000)="020181ffffff0a000000ff45ac000000000063000800000000000000000000ffffffa9000000e10000008877007200300700a6ffffff00000000008000da55aa", 0x40, 0x1c0}])
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)

[  290.401701][T27759] loop3: detected capacity change from 0 to 264192
[  290.440230][T27759]  loop3: p1 p3 p4
[  290.444491][T27759] loop3: p1 size 11290111 extends beyond EOD, truncated
09:18:32 executing program 2:
r0 = open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x1800007, 0x11, r0, 0x0)
r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r2=>0x0)
ftruncate(r1, 0x81fd)
syz_open_dev$vcsu(&(0x7f0000001700), 0x0, 0x0)
sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000003980)=[{0x0}], 0x1}, 0x0)
io_submit(r2, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0x700, 0x1, 0x0, r1, &(0x7f0000000000), 0x16000}])

[  290.453465][T27759] loop3: p3 size 1912633224 extends beyond EOD, truncated
[  290.467152][T27765] loop4: detected capacity change from 0 to 264192
[  290.478954][T27759] loop3: p4 size 3657465856 extends beyond EOD, truncated
[  290.479638][T27733] FAULT_INJECTION: forcing a failure.
[  290.479638][T27733] name fail_page_alloc, interval 1, probability 0, space 0, times 0
09:18:32 executing program 1:
r0 = open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x1800007, 0x11, r0, 0x0)
r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
io_setup(0x202, &(0x7f0000000200)=<r2=>0x0)
io_submit(r2, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0x8, 0x1, 0x0, r1, &(0x7f0000000000), 0x16000}])

[  290.499349][T27733] CPU: 0 PID: 27733 Comm: syz-executor.0 Not tainted 5.14.0-rc4-syzkaller #0
[  290.508123][T27733] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  290.518260][T27733] Call Trace:
[  290.520741][ T1041]  loop1: p2 < > p3 p4
[  290.521633][T27733]  dump_stack_lvl+0xb7/0x103
[  290.527036][ T1041] loop1: p2 size 2 extends beyond EOD, 
[  290.530293][T27733]  dump_stack+0x11/0x1a
[  290.530312][T27733]  should_fail+0x23c/0x250
[  290.535841][ T1041] truncated
[  290.540412][ T1041] loop1: p3 start 225 is beyond EOD, 
[  290.544376][T27733]  __alloc_pages+0x102/0x320
[  290.544399][T27733]  alloc_pages_vma+0x513/0x680
[  290.547505][ T1041] truncated
[  290.547510][ T1041] loop1: p4 size 3657465856 extends beyond EOD, 
[  290.552846][T27733]  ? page_address_in_vma+0x264/0x300
[  290.557437][ T1041] truncated
[  290.579958][T27733]  new_page+0x124/0x170
[  290.584115][T27733]  migrate_pages+0x3b3/0x1530
[  290.588791][T27733]  ? do_mbind+0xf50/0xf50
[  290.593123][T27733]  ? remove_migration_ptes+0x90/0x90
[  290.598405][T27733]  do_mbind+0xd43/0xf50
[  290.602701][T27733]  __x64_sys_mbind+0x10a/0x130
[  290.607528][T27733]  do_syscall_64+0x3d/0x90
[  290.612040][T27733]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  290.617927][T27733] RIP: 0033:0x4665e9
[  290.621823][T27733] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  290.641615][T27733] RSP: 002b:00007f21c691d188 EFLAGS: 00000246 ORIG_RAX: 00000000000000ed
[  290.650316][T27733] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665e9
[  290.658280][T27733] RDX: 0000000000000000 RSI: 0000000000800004 RDI: 00000000203b5000
[  290.666352][T27733] RBP: 00007f21c691d1d0 R08: 0000000000000000 R09: 0000000000000002
[  290.674420][T27733] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  290.682402][T27733] R13: 00007ffd632b736f R14: 00007f21c691d300 R15: 0000000000022000
09:18:32 executing program 1:
r0 = open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x1800007, 0x11, r0, 0x0)
fcntl$setstatus(0xffffffffffffffff, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r1=>0x0)
io_submit(r1, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0x8, 0x1, 0x0, 0xffffffffffffffff, &(0x7f0000000000), 0x16000}])

09:18:32 executing program 2:
r0 = open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x1800007, 0x11, r0, 0x0)
r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r2=>0x0)
ftruncate(r1, 0x81fd)
syz_open_dev$vcsu(&(0x7f0000001700), 0x0, 0x0)
sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000003980)=[{0x0}], 0x1}, 0x0)
io_submit(r2, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0x804, 0x1, 0x0, r1, &(0x7f0000000000), 0x16000}])

[  290.745066][T27759] loop3: detected capacity change from 0 to 264192
[  290.745092][T27765]  loop4: p1 p3 p4
[  290.762735][T27765] loop4: p1 size 11290111 extends beyond EOD, truncated
[  290.771000][T27765] loop4: p3 size 1912633224 extends beyond EOD, truncated
[  290.785799][ T1041]  loop1: p2 < > p3 p4
[  290.790373][ T1041] loop1: p2 size 2 extends beyond EOD, truncated
[  290.796996][T27765] loop4: p4 size 3657465856 extends beyond EOD, truncated
[  290.804733][T27759]  loop3: p1 p3 p4
[  290.809407][T27759] loop3: p1 size 11290111 extends beyond EOD, truncated
[  290.812625][ T1041] loop1: p3 start 225 is beyond EOD, truncated
[  290.822587][ T1041] loop1: p4 size 3657465856 extends beyond EOD, truncated
[  290.829014][T27759] loop3: p3 size 1912633224 extends beyond EOD, truncated
[  290.841314][T27759] loop3: p4 size 3657465856 extends beyond EOD, truncated
09:18:32 executing program 3:
syz_read_part_table(0xffffff8c, 0x1, &(0x7f0000000480)=[{&(0x7f0000000000)="020181ffffff0a000000ff45ac000000000063000800000000000000000000ffffffa9000000e10000008877007200300700a6ffffff00000000008000da55aa", 0x40, 0x1c0}])
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)

[  291.003906][ T1041]  loop1: p2 < > p3 p4
[  291.008154][ T1041] loop1: p2 size 2 extends beyond EOD, truncated
[  291.025326][ T1041] loop1: p3 start 225 is beyond EOD, truncated
[  291.031538][ T1041] loop1: p4 size 3657465856 extends beyond EOD, truncated
[  291.044174][T27828] loop3: detected capacity change from 0 to 264192
09:18:32 executing program 0 (fault-call:2 fault-nth:33):
mlockall(0x1)
mremap(&(0x7f0000453000/0x4000)=nil, 0x4000, 0x1000, 0x3, &(0x7f000014a000/0x1000)=nil)
mbind(&(0x7f00003b5000/0x800000)=nil, 0x800004, 0x0, 0x0, 0x0, 0x2)

09:18:32 executing program 1:
r0 = open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x1800007, 0x11, r0, 0x0)
fcntl$setstatus(0xffffffffffffffff, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r1=>0x0)
io_submit(r1, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0x8, 0x1, 0x0, 0xffffffffffffffff, &(0x7f0000000000), 0x16000}])

09:18:32 executing program 2:
r0 = open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x1800007, 0x11, r0, 0x0)
r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r2=>0x0)
ftruncate(r1, 0x81fd)
syz_open_dev$vcsu(&(0x7f0000001700), 0x0, 0x0)
sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000003980)=[{0x0}], 0x1}, 0x0)
io_submit(r2, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0x900, 0x1, 0x0, r1, &(0x7f0000000000), 0x16000}])

09:18:32 executing program 4:
syz_read_part_table(0x2e000000, 0x1, &(0x7f0000000480)=[{&(0x7f0000000000)="020181ffffff0a000000ff45ac000000000063000800000000000000000000ffffffa9000000e10000008877007200300700a6ffffff00000000008000da55aa", 0x40, 0x1c0}])
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)

09:18:32 executing program 5:
mlockall(0x1)
mremap(&(0x7f0000453000/0x4000)=nil, 0x4000, 0x1000, 0x3, &(0x7f000014a000/0x1000)=nil)
mbind(&(0x7f00003b5000/0x800000)=nil, 0x800004, 0x7000000, 0x0, 0x0, 0x2)

[  291.098409][ T1041]  loop3: p1 p3 p4
[  291.102326][ T1041] loop3: p1 size 11290111 extends beyond EOD, truncated
[  291.110850][ T1041] loop3: p3 size 1912633224 extends beyond EOD, truncated
[  291.118654][ T1041] loop3: p4 size 3657465856 extends beyond EOD, truncated
[  291.131341][T27828]  loop3: p1 p3 p4
[  291.138892][T27828] loop3: p1 size 11290111 extends beyond EOD, truncated
[  291.151275][T27828] loop3: p3 size 1912633224 extends beyond EOD, truncated
[  291.152672][T27847] loop4: detected capacity change from 0 to 264192
[  291.160389][T27828] loop3: p4 size 3657465856 extends beyond EOD, truncated
09:18:32 executing program 2:
r0 = open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x1800007, 0x11, r0, 0x0)
r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r2=>0x0)
ftruncate(r1, 0x81fd)
syz_open_dev$vcsu(&(0x7f0000001700), 0x0, 0x0)
sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000003980)=[{0x0}], 0x1}, 0x0)
io_submit(r2, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0xa00, 0x1, 0x0, r1, &(0x7f0000000000), 0x16000}])

09:18:32 executing program 1:
r0 = open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x1800007, 0x11, r0, 0x0)
fcntl$setstatus(0xffffffffffffffff, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r1=>0x0)
io_submit(r1, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0x8, 0x1, 0x0, 0xffffffffffffffff, &(0x7f0000000000), 0x16000}])

[  291.218356][T27847]  loop4: p1 p3 p4
[  291.222415][T27847] loop4: p1 size 11290111 extends beyond EOD, truncated
[  291.239156][T27828] loop3: detected capacity change from 0 to 264192
[  291.272900][ T1041]  loop1: p2 < > p3 p4
[  291.278894][T27847] loop4: p3 size 1912633224 extends beyond EOD, truncated
[  291.290407][T27828]  loop3: p1 p3 p4
[  291.291021][ T1041] loop1: p2 size 2 extends beyond EOD, truncated
[  291.294351][T27828] loop3: p1 size 11290111 extends beyond EOD, truncated
[  291.312568][T27847] loop4: p4 size 3657465856 extends beyond EOD, truncated
09:18:32 executing program 1:
open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0)
r0 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r1=>0x0)
io_submit(r1, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0x8, 0x1, 0x0, r0, &(0x7f0000000000), 0x16000}])

09:18:32 executing program 2:
r0 = open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x1800007, 0x11, r0, 0x0)
r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r2=>0x0)
ftruncate(r1, 0x81fd)
syz_open_dev$vcsu(&(0x7f0000001700), 0x0, 0x0)
sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000003980)=[{0x0}], 0x1}, 0x0)
io_submit(r2, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0xb00, 0x1, 0x0, r1, &(0x7f0000000000), 0x16000}])

[  291.320471][T27828] loop3: p3 size 1912633224 extends beyond EOD, truncated
[  291.334858][ T1041] loop1: p3 start 225 is beyond EOD, truncated
[  291.341543][ T1041] loop1: p4 size 3657465856 extends beyond EOD, truncated
[  291.351549][T27828] loop3: p4 size 3657465856 extends beyond EOD, truncated
09:18:33 executing program 3:
syz_read_part_table(0xffffff97, 0x1, &(0x7f0000000480)=[{&(0x7f0000000000)="020181ffffff0a000000ff45ac000000000063000800000000000000000000ffffffa9000000e10000008877007200300700a6ffffff00000000008000da55aa", 0x40, 0x1c0}])
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)

09:18:33 executing program 4:
mkdir(&(0x7f0000002200)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000440)='affs\x00', 0x0, 0x0)
r0 = open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
name_to_handle_at(r1, &(0x7f00000002c0)='./file1\x00', &(0x7f0000000300)=ANY=[@ANYBLOB="1c00000082000000fbffffffffffffff08000000000000000300f0ca6b00000009000000"], &(0x7f0000000340), 0x400)
getdents(r0, &(0x7f00000005c0)=""/223, 0xfc61)
mount$9p_virtio(&(0x7f00000000c0), &(0x7f0000000100)='./file0\x00', &(0x7f0000000140), 0x20064, &(0x7f0000000180)={'trans=virtio,', {[{@dfltuid={'dfltuid', 0x3d, 0xee00}}, {@msize={'msize', 0x3d, 0x81}}, {@nodevmap}, {@cachetag={'cachetag', 0x3d, ')%{*@'}}, {@dfltgid}, {@cache_loose}, {@noextend}, {@noextend}, {@mmap}, {@cache_loose}], [{@appraise_type}, {@fsname={'fsname', 0x3d, 'affs\x00'}}, {@fsmagic={'fsmagic', 0x3d, 0xfff}}, {@mask={'mask', 0x3d, 'MAY_READ'}}, {@permit_directio}, {@fscontext={'fscontext', 0x3d, 'unconfined_u'}}]}})
pipe(&(0x7f0000000040)={<r2=>0xffffffffffffffff})
r3 = socket$inet_udp(0x2, 0x2, 0x0)
close(r3)
splice(r2, 0x0, r3, 0x0, 0x10005, 0x0)
ioctl$FS_IOC_FIEMAP(r2, 0xc020660b, &(0x7f0000000480)={0xa6, 0x100000000, 0x4, 0x3d5, 0x3, [{0x6363, 0x100000000, 0x7f, '\x00', 0x82}, {0x80000001, 0x5, 0x8, '\x00', 0x400}, {0x0, 0x8, 0x6, '\x00', 0x1c02}]})
r4 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000380), 0x0, 0x0)
dup3(r2, r4, 0x0)
open(&(0x7f0000000040)='./file0\x00', 0x10000, 0x8)

[  291.436975][ T1041]  loop1: p2 < > p3 p4
[  291.448352][ T1041] loop1: p2 size 2 extends beyond EOD, truncated
[  291.459885][T27604] blk_update_request: I/O error, dev loop3, sector 263946 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 0
[  291.459969][T27600] blk_update_request: I/O error, dev loop3, sector 264033 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 0
[  291.471787][ T1041] loop1: p3 start 225 is beyond EOD, truncated
[  291.484424][T27681] blk_update_request: I/O error, dev loop3, sector 264064 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 0
[  291.489421][ T1041] loop1: p4 size 3657465856 extends beyond EOD, truncated
[  291.508856][ T1778] __loop_clr_fd: partition scan of loop3 failed (rc=-16)
[  291.516557][  T896] blk_update_request: I/O error, dev loop3, sector 264064 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  291.528152][  T896] buffer_io_error: 64 callbacks suppressed
[  291.528165][  T896] Buffer I/O error on dev loop3p4, logical block 33008, async page read
[  291.542308][  T896] blk_update_request: I/O error, dev loop3, sector 263946 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  291.553807][  T896] Buffer I/O error on dev loop3p1, logical block 131968, async page read
[  291.562253][  T896] blk_update_request: I/O error, dev loop3, sector 263948 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  291.569987][T27903] loop3: detected capacity change from 0 to 264192
09:18:33 executing program 4:
mkdir(&(0x7f0000002200)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000440)='affs\x00', 0x0, 0x0)
r0 = open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
name_to_handle_at(r1, &(0x7f00000002c0)='./file1\x00', &(0x7f0000000300)=ANY=[@ANYBLOB="1c00000082000000fbffffffffffffff08000000000000000300f0ca6b00000009000000"], &(0x7f0000000340), 0x400)
getdents(r0, &(0x7f00000005c0)=""/223, 0xfc61)
mount$9p_virtio(&(0x7f00000000c0), &(0x7f0000000100)='./file0\x00', &(0x7f0000000140), 0x20064, &(0x7f0000000180)={'trans=virtio,', {[{@dfltuid={'dfltuid', 0x3d, 0xee00}}, {@msize={'msize', 0x3d, 0x81}}, {@nodevmap}, {@cachetag={'cachetag', 0x3d, ')%{*@'}}, {@dfltgid}, {@cache_loose}, {@noextend}, {@noextend}, {@mmap}, {@cache_loose}], [{@appraise_type}, {@fsname={'fsname', 0x3d, 'affs\x00'}}, {@fsmagic={'fsmagic', 0x3d, 0xfff}}, {@mask={'mask', 0x3d, 'MAY_READ'}}, {@permit_directio}, {@fscontext={'fscontext', 0x3d, 'unconfined_u'}}]}})
pipe(&(0x7f0000000040)={<r2=>0xffffffffffffffff})
r3 = socket$inet_udp(0x2, 0x2, 0x0)
close(r3)
splice(r2, 0x0, r3, 0x0, 0x10005, 0x0)
ioctl$FS_IOC_FIEMAP(r2, 0xc020660b, &(0x7f0000000480)={0xa6, 0x100000000, 0x4, 0x3d5, 0x3, [{0x6363, 0x100000000, 0x7f, '\x00', 0x82}, {0x80000001, 0x5, 0x8, '\x00', 0x400}, {0x0, 0x8, 0x6, '\x00', 0x1c02}]})
r4 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000380), 0x0, 0x0)
dup3(r2, r4, 0x0)
open(&(0x7f0000000040)='./file0\x00', 0x10000, 0x8)

[  291.573605][  T896] Buffer I/O error on dev loop3p1, logical block 131969, async page read
[  291.588548][  T896] blk_update_request: I/O error, dev loop3, sector 263950 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  291.599908][  T896] Buffer I/O error on dev loop3p1, logical block 131970, async page read
[  291.608452][  T896] blk_update_request: I/O error, dev loop3, sector 263952 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  291.620057][  T896] Buffer I/O error on dev loop3p1, logical block 131971, async page read
[  291.632818][T27853] FAULT_INJECTION: forcing a failure.
[  291.632818][T27853] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  291.646061][T27853] CPU: 1 PID: 27853 Comm: syz-executor.0 Not tainted 5.14.0-rc4-syzkaller #0
[  291.654906][T27853] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  291.665075][T27853] Call Trace:
[  291.668356][T27853]  dump_stack_lvl+0xb7/0x103
[  291.672948][T27853]  dump_stack+0x11/0x1a
[  291.677382][T27853]  should_fail+0x23c/0x250
[  291.681928][T27853]  __alloc_pages+0x102/0x320
[  291.686621][T27853]  alloc_pages_vma+0x513/0x680
[  291.691540][T27853]  ? page_address_in_vma+0x264/0x300
[  291.696859][T27853]  new_page+0x124/0x170
[  291.701209][T27853]  migrate_pages+0x3b3/0x1530
[  291.706362][T27853]  ? do_mbind+0xf50/0xf50
[  291.710693][T27853]  ? remove_migration_ptes+0x90/0x90
[  291.715972][T27853]  do_mbind+0xd43/0xf50
[  291.720172][T27853]  __x64_sys_mbind+0x10a/0x130
[  291.725207][T27853]  do_syscall_64+0x3d/0x90
[  291.729656][T27853]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  291.735689][T27853] RIP: 0033:0x4665e9
[  291.739588][T27853] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  291.759191][T27853] RSP: 002b:00007f21c691d188 EFLAGS: 00000246 ORIG_RAX: 00000000000000ed
[  291.767610][T27853] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665e9
[  291.775579][T27853] RDX: 0000000000000000 RSI: 0000000000800004 RDI: 00000000203b5000
[  291.783558][T27853] RBP: 00007f21c691d1d0 R08: 0000000000000000 R09: 0000000000000002
[  291.791526][T27853] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  291.799574][T27853] R13: 00007ffd632b736f R14: 00007f21c691d300 R15: 0000000000022000
[  291.839515][T27903] loop_reread_partitions: partition scan of loop3 () failed (rc=-16)
[  291.904932][ T1041]  loop1: p2 < > p3 p4
[  291.915585][T27903] loop3: detected capacity change from 0 to 264192
[  291.922622][ T1041] loop1: p2 size 2 extends beyond EOD, truncated
[  291.930208][ T1041] loop1: p3 start 225 is beyond EOD, truncated
[  291.936376][ T1041] loop1: p4 size 3657465856 extends beyond EOD, truncated
[  291.958242][T27903]  loop3: p1 p3 p4
[  291.962183][T27903] loop3: p1 size 11290111 extends beyond EOD, truncated
[  291.973144][T27903] loop3: p3 size 1912633224 extends beyond EOD, truncated
[  291.981590][T27903] loop3: p4 size 3657465856 extends beyond EOD, truncated
[  291.990813][ T1041]  loop3: p1 p3 p4
[  291.994624][ T1041] loop3: p1 size 11290111 extends beyond EOD, truncated
09:18:33 executing program 0 (fault-call:2 fault-nth:34):
mlockall(0x1)
mremap(&(0x7f0000453000/0x4000)=nil, 0x4000, 0x1000, 0x3, &(0x7f000014a000/0x1000)=nil)
mbind(&(0x7f00003b5000/0x800000)=nil, 0x800004, 0x0, 0x0, 0x0, 0x2)

09:18:33 executing program 4:
mkdir(&(0x7f0000002200)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000440)='affs\x00', 0x0, 0x0)
r0 = open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
name_to_handle_at(r1, &(0x7f00000002c0)='./file1\x00', &(0x7f0000000300)=ANY=[@ANYBLOB="1c00000082000000fbffffffffffffff08000000000000000300f0ca6b00000009000000"], &(0x7f0000000340), 0x400)
getdents(r0, &(0x7f00000005c0)=""/223, 0xfc61)
mount$9p_virtio(&(0x7f00000000c0), &(0x7f0000000100)='./file0\x00', &(0x7f0000000140), 0x20064, &(0x7f0000000180)={'trans=virtio,', {[{@dfltuid={'dfltuid', 0x3d, 0xee00}}, {@msize={'msize', 0x3d, 0x81}}, {@nodevmap}, {@cachetag={'cachetag', 0x3d, ')%{*@'}}, {@dfltgid}, {@cache_loose}, {@noextend}, {@noextend}, {@mmap}, {@cache_loose}], [{@appraise_type}, {@fsname={'fsname', 0x3d, 'affs\x00'}}, {@fsmagic={'fsmagic', 0x3d, 0xfff}}, {@mask={'mask', 0x3d, 'MAY_READ'}}, {@permit_directio}, {@fscontext={'fscontext', 0x3d, 'unconfined_u'}}]}})
pipe(&(0x7f0000000040)={<r2=>0xffffffffffffffff})
r3 = socket$inet_udp(0x2, 0x2, 0x0)
close(r3)
splice(r2, 0x0, r3, 0x0, 0x10005, 0x0)
ioctl$FS_IOC_FIEMAP(r2, 0xc020660b, &(0x7f0000000480)={0xa6, 0x100000000, 0x4, 0x3d5, 0x3, [{0x6363, 0x100000000, 0x7f, '\x00', 0x82}, {0x80000001, 0x5, 0x8, '\x00', 0x400}, {0x0, 0x8, 0x6, '\x00', 0x1c02}]})
r4 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000380), 0x0, 0x0)
dup3(r2, r4, 0x0)
open(&(0x7f0000000040)='./file0\x00', 0x10000, 0x8)

09:18:33 executing program 1:
r0 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r1=>0x0)
io_submit(r1, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0x8, 0x1, 0x0, r0, &(0x7f0000000000), 0x16000}])

09:18:33 executing program 2:
r0 = open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x1800007, 0x11, r0, 0x0)
r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r2=>0x0)
ftruncate(r1, 0x81fd)
syz_open_dev$vcsu(&(0x7f0000001700), 0x0, 0x0)
sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000003980)=[{0x0}], 0x1}, 0x0)
io_submit(r2, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0xc00, 0x1, 0x0, r1, &(0x7f0000000000), 0x16000}])

09:18:33 executing program 5:
mlockall(0x1)
mremap(&(0x7f0000453000/0x4000)=nil, 0x4000, 0x1000, 0x3, &(0x7f000014a000/0x1000)=nil)
mbind(&(0x7f00003b5000/0x800000)=nil, 0x800004, 0x8000000, 0x0, 0x0, 0x2)

09:18:33 executing program 3:
syz_read_part_table(0xffffffa1, 0x1, &(0x7f0000000480)=[{&(0x7f0000000000)="020181ffffff0a000000ff45ac000000000063000800000000000000000000ffffffa9000000e10000008877007200300700a6ffffff00000000008000da55aa", 0x40, 0x1c0}])
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)

[  292.003021][ T1041] loop3: p3 size 1912633224 extends beyond EOD, truncated
[  292.011196][ T1041] loop3: p4 size 3657465856 extends beyond EOD, truncated
09:18:33 executing program 4:
mkdir(&(0x7f0000002200)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000440)='affs\x00', 0x0, 0x0)
r0 = open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
name_to_handle_at(r1, &(0x7f00000002c0)='./file1\x00', &(0x7f0000000300)=ANY=[@ANYBLOB="1c00000082000000fbffffffffffffff08000000000000000300f0ca6b00000009000000"], &(0x7f0000000340), 0x400)
getdents(r0, &(0x7f00000005c0)=""/223, 0xfc61)
mount$9p_virtio(&(0x7f00000000c0), &(0x7f0000000100)='./file0\x00', &(0x7f0000000140), 0x20064, &(0x7f0000000180)={'trans=virtio,', {[{@dfltuid={'dfltuid', 0x3d, 0xee00}}, {@msize={'msize', 0x3d, 0x81}}, {@nodevmap}, {@cachetag={'cachetag', 0x3d, ')%{*@'}}, {@dfltgid}, {@cache_loose}, {@noextend}, {@noextend}, {@mmap}, {@cache_loose}], [{@appraise_type}, {@fsname={'fsname', 0x3d, 'affs\x00'}}, {@fsmagic={'fsmagic', 0x3d, 0xfff}}, {@mask={'mask', 0x3d, 'MAY_READ'}}, {@permit_directio}, {@fscontext={'fscontext', 0x3d, 'unconfined_u'}}]}})
pipe(&(0x7f0000000040)={<r2=>0xffffffffffffffff})
r3 = socket$inet_udp(0x2, 0x2, 0x0)
close(r3)
splice(r2, 0x0, r3, 0x0, 0x10005, 0x0)
ioctl$FS_IOC_FIEMAP(r2, 0xc020660b, &(0x7f0000000480)={0xa6, 0x100000000, 0x4, 0x3d5, 0x3, [{0x6363, 0x100000000, 0x7f, '\x00', 0x82}, {0x80000001, 0x5, 0x8, '\x00', 0x400}, {0x0, 0x8, 0x6, '\x00', 0x1c02}]})
r4 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000380), 0x0, 0x0)
dup3(r2, r4, 0x0)

[  292.094155][T27951] loop3: detected capacity change from 0 to 264192
09:18:33 executing program 4:
mkdir(&(0x7f0000002200)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000440)='affs\x00', 0x0, 0x0)
r0 = open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
name_to_handle_at(r1, &(0x7f00000002c0)='./file1\x00', &(0x7f0000000300)=ANY=[@ANYBLOB="1c00000082000000fbffffffffffffff08000000000000000300f0ca6b00000009000000"], &(0x7f0000000340), 0x400)
getdents(r0, &(0x7f00000005c0)=""/223, 0xfc61)
mount$9p_virtio(&(0x7f00000000c0), &(0x7f0000000100)='./file0\x00', &(0x7f0000000140), 0x20064, &(0x7f0000000180)={'trans=virtio,', {[{@dfltuid={'dfltuid', 0x3d, 0xee00}}, {@msize={'msize', 0x3d, 0x81}}, {@nodevmap}, {@cachetag={'cachetag', 0x3d, ')%{*@'}}, {@dfltgid}, {@cache_loose}, {@noextend}, {@noextend}, {@mmap}, {@cache_loose}], [{@appraise_type}, {@fsname={'fsname', 0x3d, 'affs\x00'}}, {@fsmagic={'fsmagic', 0x3d, 0xfff}}, {@mask={'mask', 0x3d, 'MAY_READ'}}, {@permit_directio}, {@fscontext={'fscontext', 0x3d, 'unconfined_u'}}]}})
pipe(&(0x7f0000000040)={<r2=>0xffffffffffffffff})
r3 = socket$inet_udp(0x2, 0x2, 0x0)
close(r3)
splice(r2, 0x0, r3, 0x0, 0x10005, 0x0)
ioctl$FS_IOC_FIEMAP(r2, 0xc020660b, &(0x7f0000000480)={0xa6, 0x100000000, 0x4, 0x3d5, 0x3, [{0x6363, 0x100000000, 0x7f, '\x00', 0x82}, {0x80000001, 0x5, 0x8, '\x00', 0x400}, {0x0, 0x8, 0x6, '\x00', 0x1c02}]})
r4 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000380), 0x0, 0x0)
dup3(r2, r4, 0x0)

09:18:33 executing program 2:
r0 = open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x1800007, 0x11, r0, 0x0)
r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r2=>0x0)
ftruncate(r1, 0x81fd)
syz_open_dev$vcsu(&(0x7f0000001700), 0x0, 0x0)
sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000003980)=[{0x0}], 0x1}, 0x0)
io_submit(r2, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0xd00, 0x1, 0x0, r1, &(0x7f0000000000), 0x16000}])

09:18:33 executing program 1:
r0 = creat(0x0, 0x0)
fcntl$setstatus(r0, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r1=>0x0)
io_submit(r1, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0x8, 0x1, 0x0, r0, &(0x7f0000000000), 0x16000}])

[  292.151825][T27951]  loop3: p1 p3 p4
[  292.171819][T27951] loop3: p1 size 11290111 extends beyond EOD, truncated
[  292.191129][T27951] loop3: p3 size 1912633224 extends beyond EOD, truncated
09:18:33 executing program 4:
mkdir(&(0x7f0000002200)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000440)='affs\x00', 0x0, 0x0)
r0 = open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
name_to_handle_at(r1, &(0x7f00000002c0)='./file1\x00', &(0x7f0000000300)=ANY=[@ANYBLOB="1c00000082000000fbffffffffffffff08000000000000000300f0ca6b00000009000000"], &(0x7f0000000340), 0x400)
getdents(r0, &(0x7f00000005c0)=""/223, 0xfc61)
mount$9p_virtio(&(0x7f00000000c0), &(0x7f0000000100)='./file0\x00', &(0x7f0000000140), 0x20064, &(0x7f0000000180)={'trans=virtio,', {[{@dfltuid={'dfltuid', 0x3d, 0xee00}}, {@msize={'msize', 0x3d, 0x81}}, {@nodevmap}, {@cachetag={'cachetag', 0x3d, ')%{*@'}}, {@dfltgid}, {@cache_loose}, {@noextend}, {@noextend}, {@mmap}, {@cache_loose}], [{@appraise_type}, {@fsname={'fsname', 0x3d, 'affs\x00'}}, {@fsmagic={'fsmagic', 0x3d, 0xfff}}, {@mask={'mask', 0x3d, 'MAY_READ'}}, {@permit_directio}, {@fscontext={'fscontext', 0x3d, 'unconfined_u'}}]}})
pipe(&(0x7f0000000040)={<r2=>0xffffffffffffffff})
r3 = socket$inet_udp(0x2, 0x2, 0x0)
close(r3)
splice(r2, 0x0, r3, 0x0, 0x10005, 0x0)
ioctl$FS_IOC_FIEMAP(r2, 0xc020660b, &(0x7f0000000480)={0xa6, 0x100000000, 0x4, 0x3d5, 0x3, [{0x6363, 0x100000000, 0x7f, '\x00', 0x82}, {0x80000001, 0x5, 0x8, '\x00', 0x400}, {0x0, 0x8, 0x6, '\x00', 0x1c02}]})
openat$nvram(0xffffffffffffff9c, &(0x7f0000000380), 0x0, 0x0)

[  292.204295][T27951] loop3: p4 size 3657465856 extends beyond EOD, truncated
[  292.240555][ T1041]  loop1: p2 < > p3 p4
09:18:33 executing program 2:
r0 = open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x1800007, 0x11, r0, 0x0)
r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r2=>0x0)
ftruncate(r1, 0x81fd)
syz_open_dev$vcsu(&(0x7f0000001700), 0x0, 0x0)
sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000003980)=[{0x0}], 0x1}, 0x0)
io_submit(r2, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0xf00, 0x1, 0x0, r1, &(0x7f0000000000), 0x16000}])

[  292.248903][ T1041] loop1: p2 size 2 extends beyond EOD, truncated
[  292.257833][ T1041] loop1: p3 start 225 is beyond EOD, truncated
[  292.264125][ T1041] loop1: p4 size 3657465856 extends beyond EOD, truncated
[  292.294387][T27951] loop3: detected capacity change from 0 to 264192
[  292.358411][ T1041]  loop3: p1 p3 p4
[  292.362220][ T1041] loop3: p1 size 11290111 extends beyond EOD, truncated
[  292.388545][ T1041] loop3: p3 size 1912633224 extends beyond EOD, truncated
[  292.396258][ T1041] loop3: p4 size 3657465856 extends beyond EOD, truncated
[  292.411033][T27948] FAULT_INJECTION: forcing a failure.
[  292.411033][T27948] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  292.424418][T27948] CPU: 0 PID: 27948 Comm: syz-executor.0 Not tainted 5.14.0-rc4-syzkaller #0
[  292.428610][T27951]  loop3: p1 p3 p4
[  292.433276][T27948] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  292.433294][T27948] Call Trace:
[  292.433302][T27948]  dump_stack_lvl+0xb7/0x103
[  292.437160][T27951] loop3: p1 size 11290111 extends beyond EOD, 
[  292.447212][T27948]  dump_stack+0x11/0x1a
[  292.447233][T27948]  should_fail+0x23c/0x250
[  292.450525][T27951] truncated
[  292.455073][T27948]  __alloc_pages+0x102/0x320
[  292.464121][T27951] loop3: p3 size 1912633224 extends beyond EOD, 
[  292.465321][T27948]  alloc_pages_vma+0x513/0x680
[  292.469765][T27951] truncated
[  292.472831][T27948]  ? page_address_in_vma+0x264/0x300
[  292.481483][T27951] loop3: p4 size 3657465856 extends beyond EOD, 
[  292.483732][T27948]  new_page+0x124/0x170
[  292.488507][T27951] truncated
[  292.491582][T27948]  migrate_pages+0x3b3/0x1530
[  292.509095][ T1041]  loop1: p2 < > p3 p4
[  292.510473][T27948]  ? do_mbind+0xf50/0xf50
[  292.515664][ T1041] loop1: p2 size 2 extends beyond EOD, 
[  292.519532][T27948]  ? remove_migration_ptes+0x90/0x90
[  292.519556][T27948]  do_mbind+0xd43/0xf50
[  292.523904][ T1041] truncated
[  292.526694][ T1041] loop1: p3 start 225 is beyond EOD, 
[  292.529457][T27948]  __x64_sys_mbind+0x10a/0x130
[  292.529484][T27948]  do_syscall_64+0x3d/0x90
[  292.534747][ T1041] truncated
[  292.534753][ T1041] loop1: p4 size 3657465856 extends beyond EOD, 
[  292.538998][T27948]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  292.542185][ T1041] truncated
[  292.575232][T27948] RIP: 0033:0x4665e9
[  292.579121][T27948] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  292.598721][T27948] RSP: 002b:00007f21c691d188 EFLAGS: 00000246 ORIG_RAX: 00000000000000ed
[  292.607302][T27948] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665e9
[  292.615272][T27948] RDX: 0000000000000000 RSI: 0000000000800004 RDI: 00000000203b5000
[  292.623253][T27948] RBP: 00007f21c691d1d0 R08: 0000000000000000 R09: 0000000000000002
[  292.631219][T27948] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  292.639186][T27948] R13: 00007ffd632b736f R14: 00007f21c691d300 R15: 0000000000022000
09:18:34 executing program 0 (fault-call:2 fault-nth:35):
mlockall(0x1)
mremap(&(0x7f0000453000/0x4000)=nil, 0x4000, 0x1000, 0x3, &(0x7f000014a000/0x1000)=nil)
mbind(&(0x7f00003b5000/0x800000)=nil, 0x800004, 0x0, 0x0, 0x0, 0x2)

09:18:34 executing program 1:
r0 = creat(0x0, 0x0)
fcntl$setstatus(r0, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r1=>0x0)
io_submit(r1, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0x8, 0x1, 0x0, r0, &(0x7f0000000000), 0x16000}])

09:18:34 executing program 4:
mkdir(&(0x7f0000002200)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000440)='affs\x00', 0x0, 0x0)
r0 = open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
name_to_handle_at(r1, &(0x7f00000002c0)='./file1\x00', &(0x7f0000000300)=ANY=[@ANYBLOB="1c00000082000000fbffffffffffffff08000000000000000300f0ca6b00000009000000"], &(0x7f0000000340), 0x400)
getdents(r0, &(0x7f00000005c0)=""/223, 0xfc61)
mount$9p_virtio(&(0x7f00000000c0), &(0x7f0000000100)='./file0\x00', &(0x7f0000000140), 0x20064, &(0x7f0000000180)={'trans=virtio,', {[{@dfltuid={'dfltuid', 0x3d, 0xee00}}, {@msize={'msize', 0x3d, 0x81}}, {@nodevmap}, {@cachetag={'cachetag', 0x3d, ')%{*@'}}, {@dfltgid}, {@cache_loose}, {@noextend}, {@noextend}, {@mmap}, {@cache_loose}], [{@appraise_type}, {@fsname={'fsname', 0x3d, 'affs\x00'}}, {@fsmagic={'fsmagic', 0x3d, 0xfff}}, {@mask={'mask', 0x3d, 'MAY_READ'}}, {@permit_directio}, {@fscontext={'fscontext', 0x3d, 'unconfined_u'}}]}})
pipe(&(0x7f0000000040)={<r2=>0xffffffffffffffff})
r3 = socket$inet_udp(0x2, 0x2, 0x0)
close(r3)
splice(r2, 0x0, r3, 0x0, 0x10005, 0x0)
ioctl$FS_IOC_FIEMAP(r2, 0xc020660b, &(0x7f0000000480)={0xa6, 0x100000000, 0x4, 0x3d5, 0x3, [{0x6363, 0x100000000, 0x7f, '\x00', 0x82}, {0x80000001, 0x5, 0x8, '\x00', 0x400}, {0x0, 0x8, 0x6, '\x00', 0x1c02}]})

09:18:34 executing program 2:
r0 = open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x1800007, 0x11, r0, 0x0)
r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r2=>0x0)
ftruncate(r1, 0x81fd)
syz_open_dev$vcsu(&(0x7f0000001700), 0x0, 0x0)
sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000003980)=[{0x0}], 0x1}, 0x0)
io_submit(r2, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0x1100, 0x1, 0x0, r1, &(0x7f0000000000), 0x16000}])

09:18:34 executing program 3:
syz_read_part_table(0xffffffc9, 0x1, &(0x7f0000000480)=[{&(0x7f0000000000)="020181ffffff0a000000ff45ac000000000063000800000000000000000000ffffffa9000000e10000008877007200300700a6ffffff00000000008000da55aa", 0x40, 0x1c0}])
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)

09:18:34 executing program 5:
mlockall(0x1)
mremap(&(0x7f0000453000/0x4000)=nil, 0x4000, 0x1000, 0x3, &(0x7f000014a000/0x1000)=nil)
mbind(&(0x7f00003b5000/0x800000)=nil, 0x800004, 0x40000000, 0x0, 0x0, 0x2)

09:18:34 executing program 4:
mkdir(&(0x7f0000002200)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000440)='affs\x00', 0x0, 0x0)
r0 = open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
name_to_handle_at(r1, &(0x7f00000002c0)='./file1\x00', &(0x7f0000000300)=ANY=[@ANYBLOB="1c00000082000000fbffffffffffffff08000000000000000300f0ca6b00000009000000"], &(0x7f0000000340), 0x400)
getdents(r0, &(0x7f00000005c0)=""/223, 0xfc61)
mount$9p_virtio(&(0x7f00000000c0), &(0x7f0000000100)='./file0\x00', &(0x7f0000000140), 0x20064, &(0x7f0000000180)={'trans=virtio,', {[{@dfltuid={'dfltuid', 0x3d, 0xee00}}, {@msize={'msize', 0x3d, 0x81}}, {@nodevmap}, {@cachetag={'cachetag', 0x3d, ')%{*@'}}, {@dfltgid}, {@cache_loose}, {@noextend}, {@noextend}, {@mmap}, {@cache_loose}], [{@appraise_type}, {@fsname={'fsname', 0x3d, 'affs\x00'}}, {@fsmagic={'fsmagic', 0x3d, 0xfff}}, {@mask={'mask', 0x3d, 'MAY_READ'}}, {@permit_directio}, {@fscontext={'fscontext', 0x3d, 'unconfined_u'}}]}})
pipe(&(0x7f0000000040)={<r2=>0xffffffffffffffff})
r3 = socket$inet_udp(0x2, 0x2, 0x0)
close(r3)
splice(r2, 0x0, r3, 0x0, 0x10005, 0x0)

[  293.043540][T28038] loop3: detected capacity change from 0 to 264192
09:18:34 executing program 2:
r0 = open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x1800007, 0x11, r0, 0x0)
r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r2=>0x0)
ftruncate(r1, 0x81fd)
syz_open_dev$vcsu(&(0x7f0000001700), 0x0, 0x0)
sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000003980)=[{0x0}], 0x1}, 0x0)
io_submit(r2, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0x1200, 0x1, 0x0, r1, &(0x7f0000000000), 0x16000}])

09:18:34 executing program 1:
r0 = creat(0x0, 0x0)
fcntl$setstatus(r0, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r1=>0x0)
io_submit(r1, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0x8, 0x1, 0x0, r0, &(0x7f0000000000), 0x16000}])

[  293.098424][T28038]  loop3: p1 p3 p4
[  293.102534][T28038] loop3: p1 size 11290111 extends beyond EOD, truncated
[  293.136305][ T1041]  loop1: p2 < > p3 p4
[  293.142511][ T1041] loop1: p2 size 2 extends beyond EOD, truncated
09:18:34 executing program 4:
mkdir(&(0x7f0000002200)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000440)='affs\x00', 0x0, 0x0)
r0 = open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
name_to_handle_at(r1, &(0x7f00000002c0)='./file1\x00', &(0x7f0000000300)=ANY=[@ANYBLOB="1c00000082000000fbffffffffffffff08000000000000000300f0ca6b00000009000000"], &(0x7f0000000340), 0x400)
getdents(r0, &(0x7f00000005c0)=""/223, 0xfc61)
mount$9p_virtio(&(0x7f00000000c0), &(0x7f0000000100)='./file0\x00', &(0x7f0000000140), 0x20064, &(0x7f0000000180)={'trans=virtio,', {[{@dfltuid={'dfltuid', 0x3d, 0xee00}}, {@msize={'msize', 0x3d, 0x81}}, {@nodevmap}, {@cachetag={'cachetag', 0x3d, ')%{*@'}}, {@dfltgid}, {@cache_loose}, {@noextend}, {@noextend}, {@mmap}, {@cache_loose}], [{@appraise_type}, {@fsname={'fsname', 0x3d, 'affs\x00'}}, {@fsmagic={'fsmagic', 0x3d, 0xfff}}, {@mask={'mask', 0x3d, 'MAY_READ'}}, {@permit_directio}, {@fscontext={'fscontext', 0x3d, 'unconfined_u'}}]}})
pipe(&(0x7f0000000040))
r2 = socket$inet_udp(0x2, 0x2, 0x0)
close(r2)

09:18:34 executing program 4:
mkdir(&(0x7f0000002200)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000440)='affs\x00', 0x0, 0x0)
r0 = open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
name_to_handle_at(r1, &(0x7f00000002c0)='./file1\x00', &(0x7f0000000300)=ANY=[@ANYBLOB="1c00000082000000fbffffffffffffff08000000000000000300f0ca6b00000009000000"], &(0x7f0000000340), 0x400)
getdents(r0, &(0x7f00000005c0)=""/223, 0xfc61)
mount$9p_virtio(&(0x7f00000000c0), &(0x7f0000000100)='./file0\x00', &(0x7f0000000140), 0x20064, &(0x7f0000000180)={'trans=virtio,', {[{@dfltuid={'dfltuid', 0x3d, 0xee00}}, {@msize={'msize', 0x3d, 0x81}}, {@nodevmap}, {@cachetag={'cachetag', 0x3d, ')%{*@'}}, {@dfltgid}, {@cache_loose}, {@noextend}, {@noextend}, {@mmap}, {@cache_loose}], [{@appraise_type}, {@fsname={'fsname', 0x3d, 'affs\x00'}}, {@fsmagic={'fsmagic', 0x3d, 0xfff}}, {@mask={'mask', 0x3d, 'MAY_READ'}}, {@permit_directio}, {@fscontext={'fscontext', 0x3d, 'unconfined_u'}}]}})
pipe(&(0x7f0000000040))
socket$inet_udp(0x2, 0x2, 0x0)

[  293.153373][T28038] loop3: p3 size 1912633224 extends beyond EOD, truncated
[  293.172459][ T1041] loop1: p3 start 225 is beyond EOD, truncated
[  293.178807][ T1041] loop1: p4 size 3657465856 extends beyond EOD, truncated
[  293.192112][T28038] loop3: p4 size 3657465856 extends beyond EOD, truncated
09:18:34 executing program 2:
r0 = open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x1800007, 0x11, r0, 0x0)
r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r2=>0x0)
ftruncate(r1, 0x81fd)
syz_open_dev$vcsu(&(0x7f0000001700), 0x0, 0x0)
sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000003980)=[{0x0}], 0x1}, 0x0)
io_submit(r2, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0x1500, 0x1, 0x0, r1, &(0x7f0000000000), 0x16000}])

[  293.281185][T27604] blk_update_request: I/O error, dev loop3, sector 263946 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 0
[  293.294870][T27918] blk_update_request: I/O error, dev loop3, sector 264033 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 0
[  293.308622][  T710] Buffer I/O error on dev loop3p4, logical block 33008, async page read
[  293.321333][ T1041]  loop1: p2 < > p3 p4
[  293.326609][T28038] __loop_clr_fd: partition scan of loop3 failed (rc=-16)
[  293.334706][ T1041] loop1: p2 size 2 extends beyond EOD, truncated
[  293.341994][ T1041] loop1: p3 start 225 is beyond EOD, truncated
[  293.348264][ T1041] loop1: p4 size 3657465856 extends beyond EOD, truncated
[  293.357363][T28038] loop3: detected capacity change from 0 to 264192
[  293.369278][  T896] Buffer I/O error on dev loop3p1, logical block 131968, async page read
[  293.377824][  T896] Buffer I/O error on dev loop3p3, logical block 263808, async page read
[  293.442075][T28038]  loop3: p1 p3 p4
[  293.446141][T28038] loop3: p1 size 11290111 extends beyond EOD, truncated
[  293.478355][T28038] loop3: p3 size 1912633224 extends beyond EOD, truncated
[  293.486868][T28041] FAULT_INJECTION: forcing a failure.
[  293.486868][T28041] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  293.500450][T28041] CPU: 1 PID: 28041 Comm: syz-executor.0 Not tainted 5.14.0-rc4-syzkaller #0
[  293.509289][T28041] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  293.519337][T28041] Call Trace:
[  293.522615][T28041]  dump_stack_lvl+0xb7/0x103
[  293.527260][T28041]  dump_stack+0x11/0x1a
[  293.531891][T28041]  should_fail+0x23c/0x250
[  293.536312][T28041]  __alloc_pages+0x102/0x320
[  293.540952][T28041]  alloc_pages_vma+0x513/0x680
[  293.545951][T28041]  ? page_address_in_vma+0x264/0x300
[  293.551369][T28041]  new_page+0x124/0x170
[  293.555532][T28041]  migrate_pages+0x3b3/0x1530
[  293.556647][T28038] loop3: p4 size 3657465856 extends beyond EOD, 
[  293.560305][T28041]  ? do_mbind+0xf50/0xf50
[  293.560330][T28041]  ? remove_migration_ptes+0x90/0x90
[  293.560346][T28041]  do_mbind+0xd43/0xf50
[  293.566662][T28038] truncated
[  293.583638][T28041]  __x64_sys_mbind+0x10a/0x130
[  293.588790][T28041]  do_syscall_64+0x3d/0x90
[  293.593218][T28041]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  293.599114][T28041] RIP: 0033:0x4665e9
[  293.602986][T28041] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  293.622613][T28041] RSP: 002b:00007f21c691d188 EFLAGS: 00000246 ORIG_RAX: 00000000000000ed
[  293.631121][T28041] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665e9
[  293.639116][T28041] RDX: 0000000000000000 RSI: 0000000000800004 RDI: 00000000203b5000
[  293.647067][T28041] RBP: 00007f21c691d1d0 R08: 0000000000000000 R09: 0000000000000002
[  293.655133][T28041] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  293.663410][T28041] R13: 00007ffd632b736f R14: 00007f21c691d300 R15: 0000000000022000
09:18:35 executing program 0 (fault-call:2 fault-nth:36):
mlockall(0x1)
mremap(&(0x7f0000453000/0x4000)=nil, 0x4000, 0x1000, 0x3, &(0x7f000014a000/0x1000)=nil)
mbind(&(0x7f00003b5000/0x800000)=nil, 0x800004, 0x0, 0x0, 0x0, 0x2)

09:18:35 executing program 1:
r0 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(0xffffffffffffffff, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r1=>0x0)
io_submit(r1, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0x8, 0x1, 0x0, r0, &(0x7f0000000000), 0x16000}])

09:18:35 executing program 4:
mkdir(&(0x7f0000002200)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000440)='affs\x00', 0x0, 0x0)
r0 = open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
name_to_handle_at(r1, &(0x7f00000002c0)='./file1\x00', &(0x7f0000000300)=ANY=[@ANYBLOB="1c00000082000000fbffffffffffffff08000000000000000300f0ca6b00000009000000"], &(0x7f0000000340), 0x400)
getdents(r0, &(0x7f00000005c0)=""/223, 0xfc61)
mount$9p_virtio(&(0x7f00000000c0), &(0x7f0000000100)='./file0\x00', &(0x7f0000000140), 0x20064, &(0x7f0000000180)={'trans=virtio,', {[{@dfltuid={'dfltuid', 0x3d, 0xee00}}, {@msize={'msize', 0x3d, 0x81}}, {@nodevmap}, {@cachetag={'cachetag', 0x3d, ')%{*@'}}, {@dfltgid}, {@cache_loose}, {@noextend}, {@noextend}, {@mmap}, {@cache_loose}], [{@appraise_type}, {@fsname={'fsname', 0x3d, 'affs\x00'}}, {@fsmagic={'fsmagic', 0x3d, 0xfff}}, {@mask={'mask', 0x3d, 'MAY_READ'}}, {@permit_directio}, {@fscontext={'fscontext', 0x3d, 'unconfined_u'}}]}})
pipe(&(0x7f0000000040))

09:18:35 executing program 2:
r0 = open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x1800007, 0x11, r0, 0x0)
r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r2=>0x0)
ftruncate(r1, 0x81fd)
syz_open_dev$vcsu(&(0x7f0000001700), 0x0, 0x0)
sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000003980)=[{0x0}], 0x1}, 0x0)
io_submit(r2, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0x1d00, 0x1, 0x0, r1, &(0x7f0000000000), 0x16000}])

09:18:35 executing program 5:
mlockall(0x1)
mremap(&(0x7f0000453000/0x4000)=nil, 0x4000, 0x1000, 0x3, &(0x7f000014a000/0x1000)=nil)
mbind(&(0x7f00003b5000/0x800000)=nil, 0x800004, 0xffbfffff, 0x0, 0x0, 0x2)

09:18:35 executing program 3:
syz_read_part_table(0xffffffe4, 0x1, &(0x7f0000000480)=[{&(0x7f0000000000)="020181ffffff0a000000ff45ac000000000063000800000000000000000000ffffffa9000000e10000008877007200300700a6ffffff00000000008000da55aa", 0x40, 0x1c0}])
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)

09:18:35 executing program 4:
mkdir(&(0x7f0000002200)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000440)='affs\x00', 0x0, 0x0)
r0 = open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
name_to_handle_at(r1, &(0x7f00000002c0)='./file1\x00', &(0x7f0000000300)=ANY=[@ANYBLOB="1c00000082000000fbffffffffffffff08000000000000000300f0ca6b00000009000000"], &(0x7f0000000340), 0x400)
getdents(r0, &(0x7f00000005c0)=""/223, 0xfc61)
mount$9p_virtio(&(0x7f00000000c0), &(0x7f0000000100)='./file0\x00', &(0x7f0000000140), 0x20064, &(0x7f0000000180)={'trans=virtio,', {[{@dfltuid={'dfltuid', 0x3d, 0xee00}}, {@msize={'msize', 0x3d, 0x81}}, {@nodevmap}, {@cachetag={'cachetag', 0x3d, ')%{*@'}}, {@dfltgid}, {@cache_loose}, {@noextend}, {@noextend}, {@mmap}, {@cache_loose}], [{@appraise_type}, {@fsname={'fsname', 0x3d, 'affs\x00'}}, {@fsmagic={'fsmagic', 0x3d, 0xfff}}, {@mask={'mask', 0x3d, 'MAY_READ'}}, {@permit_directio}, {@fscontext={'fscontext', 0x3d, 'unconfined_u'}}]}})

[  293.917690][T28111] loop3: detected capacity change from 0 to 264192
09:18:35 executing program 2:
r0 = open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x1800007, 0x11, r0, 0x0)
r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r2=>0x0)
ftruncate(r1, 0x81fd)
syz_open_dev$vcsu(&(0x7f0000001700), 0x0, 0x0)
sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000003980)=[{0x0}], 0x1}, 0x0)
io_submit(r2, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0x2000, 0x1, 0x0, r1, &(0x7f0000000000), 0x16000}])

[  293.969979][T28111]  loop3: p1 p3 p4
[  293.974379][T28111] loop3: p1 size 11290111 extends beyond EOD, truncated
[  293.996293][T28111] loop3: p3 size 1912633224 extends beyond EOD, truncated
09:18:35 executing program 1:
r0 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(0xffffffffffffffff, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r1=>0x0)
io_submit(r1, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0x8, 0x1, 0x0, r0, &(0x7f0000000000), 0x16000}])

09:18:35 executing program 4:
mkdir(&(0x7f0000002200)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000440)='affs\x00', 0x0, 0x0)
r0 = open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
name_to_handle_at(r1, &(0x7f00000002c0)='./file1\x00', &(0x7f0000000300)=ANY=[@ANYBLOB="1c00000082000000fbffffffffffffff08000000000000000300f0ca6b00000009000000"], &(0x7f0000000340), 0x400)
getdents(r0, &(0x7f00000005c0)=""/223, 0xfc61)

[  294.018000][T28111] loop3: p4 size 3657465856 extends beyond EOD, truncated
[  294.027290][ T1041]  loop1: p2 < > p3 p4
[  294.031925][ T1041] loop1: p2 size 2 extends beyond EOD, truncated
09:18:35 executing program 4:
mkdir(&(0x7f0000002200)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000440)='affs\x00', 0x0, 0x0)
r0 = open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
getdents(r0, &(0x7f00000005c0)=""/223, 0xfc61)

[  294.061434][ T1041] loop1: p3 start 225 is beyond EOD, truncated
[  294.067678][ T1041] loop1: p4 size 3657465856 extends beyond EOD, truncated
[  294.090890][T28111] loop3: detected capacity change from 0 to 264192
09:18:35 executing program 4:
mkdir(&(0x7f0000002200)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000440)='affs\x00', 0x0, 0x0)
r0 = open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
getdents(r0, &(0x7f00000005c0)=""/223, 0xfc61)

[  294.138322][T28111]  loop3: p1 p3 p4
[  294.143509][T28111] loop3: p1 size 11290111 extends beyond EOD, truncated
[  294.176805][T28111] loop3: p3 size 1912633224 extends beyond EOD, truncated
[  294.195413][T28111] loop3: p4 size 3657465856 extends beyond EOD, truncated
[  294.279670][  T710] Buffer I/O error on dev loop3p3, logical block 263808, async page read
[  294.284769][T28151] Buffer I/O error on dev loop3p4, logical block 33008, async page read
[  294.288161][ T1778] __loop_clr_fd: partition scan of loop3 failed (rc=-16)
[  294.322355][T28112] FAULT_INJECTION: forcing a failure.
[  294.322355][T28112] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  294.335693][T28112] CPU: 1 PID: 28112 Comm: syz-executor.0 Not tainted 5.14.0-rc4-syzkaller #0
[  294.344523][T28112] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  294.354767][T28112] Call Trace:
[  294.358036][T28112]  dump_stack_lvl+0xb7/0x103
[  294.362801][T28112]  dump_stack+0x11/0x1a
[  294.366972][T28112]  should_fail+0x23c/0x250
[  294.371425][T28112]  __alloc_pages+0x102/0x320
[  294.376019][T28112]  alloc_pages_vma+0x513/0x680
[  294.380789][T28112]  ? page_address_in_vma+0x264/0x300
[  294.386137][T28112]  new_page+0x124/0x170
[  294.390463][T28112]  migrate_pages+0x3b3/0x1530
[  294.395147][T28112]  ? do_mbind+0xf50/0xf50
[  294.399595][T28112]  ? remove_migration_ptes+0x90/0x90
[  294.404895][T28112]  do_mbind+0xd43/0xf50
[  294.409119][T28112]  __x64_sys_mbind+0x10a/0x130
[  294.413883][T28112]  do_syscall_64+0x3d/0x90
[  294.418377][T28112]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  294.424274][T28112] RIP: 0033:0x4665e9
[  294.428272][T28112] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  294.448402][T28112] RSP: 002b:00007f21c691d188 EFLAGS: 00000246 ORIG_RAX: 00000000000000ed
[  294.457002][T28112] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665e9
[  294.464982][T28112] RDX: 0000000000000000 RSI: 0000000000800004 RDI: 00000000203b5000
[  294.472956][T28112] RBP: 00007f21c691d1d0 R08: 0000000000000000 R09: 0000000000000002
[  294.480941][T28112] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  294.489005][T28112] R13: 00007ffd632b736f R14: 00007f21c691d300 R15: 0000000000022000
09:18:36 executing program 0 (fault-call:2 fault-nth:37):
mlockall(0x1)
mremap(&(0x7f0000453000/0x4000)=nil, 0x4000, 0x1000, 0x3, &(0x7f000014a000/0x1000)=nil)
mbind(&(0x7f00003b5000/0x800000)=nil, 0x800004, 0x0, 0x0, 0x0, 0x2)

09:18:36 executing program 2:
r0 = open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x1800007, 0x11, r0, 0x0)
r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r2=>0x0)
ftruncate(r1, 0x81fd)
syz_open_dev$vcsu(&(0x7f0000001700), 0x0, 0x0)
sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000003980)=[{0x0}], 0x1}, 0x0)
io_submit(r2, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0x2200, 0x1, 0x0, r1, &(0x7f0000000000), 0x16000}])

09:18:36 executing program 1:
r0 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(0xffffffffffffffff, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r1=>0x0)
io_submit(r1, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0x8, 0x1, 0x0, r0, &(0x7f0000000000), 0x16000}])

09:18:36 executing program 4:
mkdir(&(0x7f0000002200)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000440)='affs\x00', 0x0, 0x0)
r0 = open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
getdents(r0, &(0x7f00000005c0)=""/223, 0xfc61)

09:18:36 executing program 3:
syz_read_part_table(0xfffffff6, 0x1, &(0x7f0000000480)=[{&(0x7f0000000000)="020181ffffff0a000000ff45ac000000000063000800000000000000000000ffffffa9000000e10000008877007200300700a6ffffff00000000008000da55aa", 0x40, 0x1c0}])
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)

09:18:36 executing program 5:
mlockall(0x1)
mremap(&(0x7f0000453000/0x4000)=nil, 0x4000, 0x1000, 0x3, &(0x7f000014a000/0x1000)=nil)
mbind(&(0x7f00003b5000/0x800000)=nil, 0x800004, 0xffffbfff, 0x0, 0x0, 0x2)

09:18:36 executing program 4:
mkdir(&(0x7f0000002200)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000440)='affs\x00', 0x0, 0x0)
r0 = open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0)
name_to_handle_at(r1, &(0x7f00000002c0)='./file1\x00', &(0x7f0000000300)=ANY=[@ANYBLOB="1c00000082000000fbffffffffffffff08000000000000000300f0ca6b00000009000000"], &(0x7f0000000340), 0x400)
getdents(r0, &(0x7f00000005c0)=""/223, 0xfc61)

[  294.710203][T28181] loop3: detected capacity change from 0 to 264192
09:18:36 executing program 1:
r0 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x0)
io_setup(0x202, &(0x7f0000000200)=<r1=>0x0)
io_submit(r1, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0x8, 0x1, 0x0, r0, &(0x7f0000000000), 0x16000}])

09:18:36 executing program 2:
r0 = open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x1800007, 0x11, r0, 0x0)
r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r2=>0x0)
ftruncate(r1, 0x81fd)
syz_open_dev$vcsu(&(0x7f0000001700), 0x0, 0x0)
sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000003980)=[{0x0}], 0x1}, 0x0)
io_submit(r2, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0x3f00, 0x1, 0x0, r1, &(0x7f0000000000), 0x16000}])

[  294.769725][T28181]  loop3: p1 p3 p4
[  294.773791][T28181] loop3: p1 size 11290111 extends beyond EOD, truncated
[  294.800322][ T1041]  loop1: p2 < > p3 p4
[  294.804776][ T1041] loop1: p2 size 2 extends beyond EOD, truncated
09:18:36 executing program 4:
mkdir(&(0x7f0000002200)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000440)='affs\x00', 0x0, 0x0)
r0 = open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0)
name_to_handle_at(r1, &(0x7f00000002c0)='./file1\x00', &(0x7f0000000300)=ANY=[@ANYBLOB="1c00000082000000fbffffffffffffff08000000000000000300f0ca6b00000009000000"], &(0x7f0000000340), 0x400)
getdents(r0, &(0x7f00000005c0)=""/223, 0xfc61)

[  294.819984][T28181] loop3: p3 size 1912633224 extends beyond EOD, truncated
[  294.833062][ T1041] loop1: p3 start 225 is beyond EOD, truncated
[  294.839359][ T1041] loop1: p4 size 3657465856 extends beyond EOD, truncated
[  294.859075][T28181] loop3: p4 size 3657465856 extends beyond EOD, truncated
09:18:36 executing program 1:
r0 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x0)
io_setup(0x202, &(0x7f0000000200)=<r1=>0x0)
io_submit(r1, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0x8, 0x1, 0x0, r0, &(0x7f0000000000), 0x16000}])

09:18:36 executing program 4:
mkdir(&(0x7f0000002200)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000440)='affs\x00', 0x0, 0x0)
r0 = open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0)
name_to_handle_at(r1, &(0x7f00000002c0)='./file1\x00', &(0x7f0000000300)=ANY=[@ANYBLOB="1c00000082000000fbffffffffffffff08000000000000000300f0ca6b00000009000000"], &(0x7f0000000340), 0x400)
getdents(r0, &(0x7f00000005c0)=""/223, 0xfc61)

[  294.965412][ T1041]  loop1: p2 < > p3 p4
[  294.969904][ T1041] loop1: p2 size 2 extends beyond EOD, truncated
[  294.977440][ T1041] loop1: p3 start 225 is beyond EOD, truncated
[  294.983735][ T1041] loop1: p4 size 3657465856 extends beyond EOD, truncated
[  294.992734][T28181] loop3: detected capacity change from 0 to 264192
[  295.039744][T28181]  loop3: p1 p3 p4
[  295.043811][T28181] loop3: p1 size 11290111 extends beyond EOD, truncated
[  295.068080][T28181] loop3: p3 size 1912633224 extends beyond EOD, truncated
[  295.069208][T28184] FAULT_INJECTION: forcing a failure.
[  295.069208][T28184] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  295.088650][T28184] CPU: 0 PID: 28184 Comm: syz-executor.0 Not tainted 5.14.0-rc4-syzkaller #0
[  295.097808][T28184] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  295.107395][T28181] loop3: p4 size 3657465856 extends beyond EOD, 
[  295.108253][T28184] Call Trace:
[  295.108262][T28184]  dump_stack_lvl+0xb7/0x103
[  295.114803][T28181] truncated
[  295.118066][T28184]  dump_stack+0x11/0x1a
[  295.118088][T28184]  should_fail+0x23c/0x250
[  295.125333][ T1041]  loop1: p2 < > p3 p4
[  295.125749][T28184]  __alloc_pages+0x102/0x320
[  295.130515][ T1041] loop1: p2 size 2 extends beyond EOD, 
[  295.134284][T28184]  alloc_pages_vma+0x513/0x680
[  295.138376][ T1041] truncated
[  295.142920][T28184]  ? page_address_in_vma+0x264/0x300
[  295.161647][T28184]  new_page+0x124/0x170
[  295.163770][ T1041] loop1: p3 start 225 is beyond EOD, 
[  295.165865][T28184]  migrate_pages+0x3b3/0x1530
[  295.165878][ T1041] truncated
[  295.165889][T28184]  ? do_mbind+0xf50/0xf50
[  295.171628][ T1041] loop1: p4 size 3657465856 extends beyond EOD, truncated
[  295.176302][T28184]  ? remove_migration_ptes+0x90/0x90
[  295.196267][T28184]  do_mbind+0xd43/0xf50
[  295.200536][T28184]  __x64_sys_mbind+0x10a/0x130
[  295.205508][T28184]  do_syscall_64+0x3d/0x90
[  295.209986][T28184]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  295.215901][T28184] RIP: 0033:0x4665e9
[  295.219797][T28184] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  295.240850][T28184] RSP: 002b:00007f21c691d188 EFLAGS: 00000246 ORIG_RAX: 00000000000000ed
[  295.249355][T28184] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665e9
[  295.257342][T28184] RDX: 0000000000000000 RSI: 0000000000800004 RDI: 00000000203b5000
[  295.265380][T28184] RBP: 00007f21c691d1d0 R08: 0000000000000000 R09: 0000000000000002
[  295.273351][T28184] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  295.281396][T28184] R13: 00007ffd632b736f R14: 00007f21c691d300 R15: 0000000000022000
09:18:37 executing program 0 (fault-call:2 fault-nth:38):
mlockall(0x1)
mremap(&(0x7f0000453000/0x4000)=nil, 0x4000, 0x1000, 0x3, &(0x7f000014a000/0x1000)=nil)
mbind(&(0x7f00003b5000/0x800000)=nil, 0x800004, 0x0, 0x0, 0x0, 0x2)

09:18:37 executing program 2:
r0 = open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x1800007, 0x11, r0, 0x0)
r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r2=>0x0)
ftruncate(r1, 0x81fd)
syz_open_dev$vcsu(&(0x7f0000001700), 0x0, 0x0)
sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000003980)=[{0x0}], 0x1}, 0x0)
io_submit(r2, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0x4000, 0x1, 0x0, r1, &(0x7f0000000000), 0x16000}])

09:18:37 executing program 1:
r0 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x0)
io_setup(0x202, &(0x7f0000000200)=<r1=>0x0)
io_submit(r1, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0x8, 0x1, 0x0, r0, &(0x7f0000000000), 0x16000}])

09:18:37 executing program 4:
mkdir(&(0x7f0000002200)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000440)='affs\x00', 0x0, 0x0)
r0 = open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
name_to_handle_at(r1, &(0x7f00000002c0)='./file1\x00', &(0x7f0000000300)=ANY=[@ANYBLOB="1c00000082000000fbffffffffffffff08000000000000000300f0ca6b00000009000000"], &(0x7f0000000340), 0x400)
getdents(r0, &(0x7f00000005c0)=""/223, 0xfc61)

09:18:37 executing program 3:
syz_read_part_table(0xfffffffb, 0x1, &(0x7f0000000480)=[{&(0x7f0000000000)="020181ffffff0a000000ff45ac000000000063000800000000000000000000ffffffa9000000e10000008877007200300700a6ffffff00000000008000da55aa", 0x40, 0x1c0}])
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)

09:18:37 executing program 5:
mlockall(0x1)
mremap(&(0x7f0000453000/0x4000)=nil, 0x4000, 0x1000, 0x3, &(0x7f000014a000/0x1000)=nil)
mbind(&(0x7f00003b5000/0x800000)=nil, 0x800004, 0x1000000000000, 0x0, 0x0, 0x2)

09:18:37 executing program 4:
mkdir(&(0x7f0000002200)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000440)='affs\x00', 0x0, 0x0)
r0 = open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
name_to_handle_at(r1, &(0x7f00000002c0)='./file1\x00', &(0x7f0000000300)=ANY=[@ANYBLOB="1c00000082000000fbffffffffffffff08000000000000000300f0ca6b00000009000000"], &(0x7f0000000340), 0x400)
getdents(r0, &(0x7f00000005c0)=""/223, 0xfc61)

[  295.572313][T28269] loop3: detected capacity change from 0 to 264192
09:18:37 executing program 1:
r0 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6000)
io_setup(0x0, &(0x7f0000000200)=<r1=>0x0)
io_submit(r1, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0x8, 0x1, 0x0, r0, &(0x7f0000000000), 0x16000}])

09:18:37 executing program 4:
mkdir(&(0x7f0000002200)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000440)='affs\x00', 0x0, 0x0)
r0 = open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
name_to_handle_at(r1, &(0x7f00000002c0)='./file1\x00', &(0x7f0000000300)=ANY=[@ANYBLOB="1c00000082000000fbffffffffffffff08000000000000000300f0ca6b00000009000000"], &(0x7f0000000340), 0x400)
getdents(r0, &(0x7f00000005c0)=""/223, 0xfc61)

09:18:37 executing program 2:
r0 = open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x1800007, 0x11, r0, 0x0)
r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r2=>0x0)
ftruncate(r1, 0x81fd)
syz_open_dev$vcsu(&(0x7f0000001700), 0x0, 0x0)
sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000003980)=[{0x0}], 0x1}, 0x0)
io_submit(r2, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0x5400, 0x1, 0x0, r1, &(0x7f0000000000), 0x16000}])

[  295.647291][T28269]  loop3: p1 p3 p4
[  295.658768][T28269] loop3: p1 size 11290111 extends beyond EOD, truncated
[  295.667697][ T1041]  loop1: p2 < > p3 p4
[  295.677753][ T1041] loop1: p2 size 2 extends beyond EOD, truncated
09:18:37 executing program 1:
r0 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6000)
io_setup(0x0, &(0x7f0000000200)=<r1=>0x0)
io_submit(r1, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0x8, 0x1, 0x0, r0, &(0x7f0000000000), 0x16000}])

09:18:37 executing program 4:
mkdir(&(0x7f0000002200)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000440)='affs\x00', 0x0, 0x0)
r0 = open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, 0xffffffffffffffff, 0x0)
preadv(0xffffffffffffffff, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
name_to_handle_at(0xffffffffffffffff, &(0x7f00000002c0)='./file1\x00', &(0x7f0000000300)=ANY=[@ANYBLOB="1c00000082000000fbffffffffffffff08000000000000000300f0ca6b00000009000000"], &(0x7f0000000340), 0x400)
getdents(r0, &(0x7f00000005c0)=""/223, 0xfc61)

[  295.690694][T28269] loop3: p3 size 1912633224 extends beyond EOD, truncated
[  295.698477][ T1041] loop1: p3 start 225 is beyond EOD, truncated
[  295.704654][ T1041] loop1: p4 size 3657465856 extends beyond EOD, truncated
[  295.727328][T28269] loop3: p4 size 3657465856 extends beyond EOD, truncated
[  295.815250][ T1041]  loop1: p2 < > p3 p4
[  295.824991][ T1041] loop1: p2 size 2 extends beyond EOD, truncated
[  295.859386][ T1041] loop1: p3 start 225 is beyond EOD, truncated
[  295.865700][ T1041] loop1: p4 size 3657465856 extends beyond EOD, truncated
[  295.901757][T28267] FAULT_INJECTION: forcing a failure.
[  295.901757][T28267] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  295.915108][T28267] CPU: 1 PID: 28267 Comm: syz-executor.0 Not tainted 5.14.0-rc4-syzkaller #0
[  295.916382][ T1041]  loop1: p2 < > p3 p4
[  295.923877][T28267] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  295.923890][T28267] Call Trace:
[  295.923897][T28267]  dump_stack_lvl+0xb7/0x103
[  295.923919][T28267]  dump_stack+0x11/0x1a
[  295.943172][ T1041] loop1: p2 size 2 extends beyond EOD, 
[  295.946285][T28267]  should_fail+0x23c/0x250
[  295.950475][ T1041] truncated
[  295.956167][T28267]  __alloc_pages+0x102/0x320
[  295.968470][T28267]  alloc_pages_vma+0x513/0x680
[  295.970191][ T1041] loop1: p3 start 225 is beyond EOD, 
[  295.973332][T28267]  ? page_address_in_vma+0x264/0x300
[  295.973344][ T1041] truncated
[  295.973359][T28267]  new_page+0x124/0x170
[  295.978878][ T1041] loop1: p4 size 3657465856 extends beyond EOD, 
[  295.984107][T28267]  migrate_pages+0x3b3/0x1530
[  295.987195][ T1041] truncated
[  296.005948][T28267]  ? do_mbind+0xf50/0xf50
[  296.010291][T28267]  ? remove_migration_ptes+0x90/0x90
[  296.015669][T28267]  do_mbind+0xd43/0xf50
[  296.019940][T28267]  __x64_sys_mbind+0x10a/0x130
[  296.024854][T28267]  do_syscall_64+0x3d/0x90
[  296.029297][T28267]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  296.035197][T28267] RIP: 0033:0x4665e9
[  296.039185][T28267] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  296.059047][T28267] RSP: 002b:00007f21c691d188 EFLAGS: 00000246 ORIG_RAX: 00000000000000ed
[  296.067473][T28267] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665e9
[  296.075541][T28267] RDX: 0000000000000000 RSI: 0000000000800004 RDI: 00000000203b5000
[  296.083872][T28267] RBP: 00007f21c691d1d0 R08: 0000000000000000 R09: 0000000000000002
[  296.092127][T28267] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  296.100210][T28267] R13: 00007ffd632b736f R14: 00007f21c691d300 R15: 0000000000022000
09:18:37 executing program 0 (fault-call:2 fault-nth:39):
mlockall(0x1)
mremap(&(0x7f0000453000/0x4000)=nil, 0x4000, 0x1000, 0x3, &(0x7f000014a000/0x1000)=nil)
mbind(&(0x7f00003b5000/0x800000)=nil, 0x800004, 0x0, 0x0, 0x0, 0x2)

09:18:37 executing program 3:
syz_read_part_table(0xfffffffd, 0x1, &(0x7f0000000480)=[{&(0x7f0000000000)="020181ffffff0a000000ff45ac000000000063000800000000000000000000ffffffa9000000e10000008877007200300700a6ffffff00000000008000da55aa", 0x40, 0x1c0}])
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)

09:18:37 executing program 1:
r0 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6000)
io_setup(0x0, &(0x7f0000000200)=<r1=>0x0)
io_submit(r1, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0x8, 0x1, 0x0, r0, &(0x7f0000000000), 0x16000}])

09:18:37 executing program 2:
r0 = open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x1800007, 0x11, r0, 0x0)
r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r2=>0x0)
ftruncate(r1, 0x81fd)
syz_open_dev$vcsu(&(0x7f0000001700), 0x0, 0x0)
sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000003980)=[{0x0}], 0x1}, 0x0)
io_submit(r2, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0x60ff, 0x1, 0x0, r1, &(0x7f0000000000), 0x16000}])

09:18:37 executing program 4:
mkdir(&(0x7f0000002200)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000440)='affs\x00', 0x0, 0x0)
r0 = open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, 0xffffffffffffffff, 0x0)
preadv(0xffffffffffffffff, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
name_to_handle_at(0xffffffffffffffff, &(0x7f00000002c0)='./file1\x00', &(0x7f0000000300)=ANY=[@ANYBLOB="1c00000082000000fbffffffffffffff08000000000000000300f0ca6b00000009000000"], &(0x7f0000000340), 0x400)
getdents(r0, &(0x7f00000005c0)=""/223, 0xfc61)

[  296.343114][T28337] loop3: detected capacity change from 0 to 264192
[  296.376580][ T1041]  loop1: p2 < > p3 p4
[  296.380952][ T1041] loop1: p2 size 2 extends beyond EOD, truncated
[  296.388839][T28337]  loop3: p1 p3 p4
[  296.392742][T28337] loop3: p1 size 11290111 extends beyond EOD, truncated
[  296.400216][ T1041] loop1: p3 start 225 is beyond EOD, truncated
[  296.406395][ T1041] loop1: p4 size 3657465856 extends beyond EOD, truncated
[  296.408480][T28337] loop3: p3 size 1912633224 extends beyond EOD, truncated
[  296.434285][T28337] loop3: p4 size 3657465856 extends beyond EOD, truncated
09:18:38 executing program 5:
mlockall(0x1)
mremap(&(0x7f0000453000/0x4000)=nil, 0x4000, 0x1000, 0x3, &(0x7f000014a000/0x1000)=nil)
mbind(&(0x7f00003b5000/0x800000)=nil, 0x800004, 0x81010000000000, 0x0, 0x0, 0x2)

09:18:38 executing program 1:
r0 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6000)
io_setup(0x202, 0x0)
io_submit(0x0, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0x8, 0x1, 0x0, r0, &(0x7f0000000000), 0x16000}])

09:18:38 executing program 4:
mkdir(&(0x7f0000002200)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000440)='affs\x00', 0x0, 0x0)
r0 = open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, 0xffffffffffffffff, 0x0)
preadv(0xffffffffffffffff, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
name_to_handle_at(0xffffffffffffffff, &(0x7f00000002c0)='./file1\x00', &(0x7f0000000300)=ANY=[@ANYBLOB="1c00000082000000fbffffffffffffff08000000000000000300f0ca6b00000009000000"], &(0x7f0000000340), 0x400)
getdents(r0, &(0x7f00000005c0)=""/223, 0xfc61)

09:18:38 executing program 2:
r0 = open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x1800007, 0x11, r0, 0x0)
r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r2=>0x0)
ftruncate(r1, 0x81fd)
syz_open_dev$vcsu(&(0x7f0000001700), 0x0, 0x0)
sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000003980)=[{0x0}], 0x1}, 0x0)
io_submit(r2, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0x6300, 0x1, 0x0, r1, &(0x7f0000000000), 0x16000}])

09:18:38 executing program 3:
syz_read_part_table(0xfffffffe, 0x1, &(0x7f0000000480)=[{&(0x7f0000000000)="020181ffffff0a000000ff45ac000000000063000800000000000000000000ffffffa9000000e10000008877007200300700a6ffffff00000000008000da55aa", 0x40, 0x1c0}])
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)

[  296.614103][T28336] FAULT_INJECTION: forcing a failure.
[  296.614103][T28336] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  296.627667][T28336] CPU: 0 PID: 28336 Comm: syz-executor.0 Not tainted 5.14.0-rc4-syzkaller #0
[  296.636417][T28336] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  296.646733][T28336] Call Trace:
[  296.650008][T28336]  dump_stack_lvl+0xb7/0x103
[  296.654596][T28336]  dump_stack+0x11/0x1a
[  296.658752][T28336]  should_fail+0x23c/0x250
[  296.663199][T28336]  __alloc_pages+0x102/0x320
[  296.667873][T28336]  alloc_pages_vma+0x513/0x680
[  296.672695][T28336]  ? page_address_in_vma+0x264/0x300
[  296.677978][T28336]  new_page+0x124/0x170
[  296.682137][T28336]  migrate_pages+0x3b3/0x1530
[  296.686813][T28336]  ? do_mbind+0xf50/0xf50
[  296.691321][T28336]  ? remove_migration_ptes+0x90/0x90
[  296.696701][T28336]  do_mbind+0xd43/0xf50
[  296.700883][T28336]  __x64_sys_mbind+0x10a/0x130
[  296.705723][T28336]  do_syscall_64+0x3d/0x90
[  296.710140][T28336]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  296.716027][T28336] RIP: 0033:0x4665e9
[  296.720002][T28336] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  296.739622][T28336] RSP: 002b:00007f21c691d188 EFLAGS: 00000246 ORIG_RAX: 00000000000000ed
[  296.748199][T28336] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665e9
[  296.756167][T28336] RDX: 0000000000000000 RSI: 0000000000800004 RDI: 00000000203b5000
[  296.764164][T28336] RBP: 00007f21c691d1d0 R08: 0000000000000000 R09: 0000000000000002
[  296.772258][T28336] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  296.780310][T28336] R13: 00007ffd632b736f R14: 00007f21c691d300 R15: 0000000000022000
09:18:38 executing program 4:
mkdir(&(0x7f0000002200)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000440)='affs\x00', 0x0, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
name_to_handle_at(r0, &(0x7f00000002c0)='./file1\x00', &(0x7f0000000300)=ANY=[@ANYBLOB="1c00000082000000fbffffffffffffff08000000000000000300f0ca6b00000009000000"], &(0x7f0000000340), 0x400)
getdents(0xffffffffffffffff, &(0x7f00000005c0)=""/223, 0xfc61)

09:18:38 executing program 1:
r0 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6000)
io_setup(0x202, 0x0)
io_submit(0x0, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0x8, 0x1, 0x0, r0, &(0x7f0000000000), 0x16000}])

[  296.838581][T28376] loop3: detected capacity change from 0 to 264192
[  296.866689][ T1041]  loop1: p2 < > p3 p4
[  296.871115][T28376]  loop3: p1 p3 p4
[  296.876473][T28376] loop3: p1 size 11290111 extends beyond EOD, truncated
[  296.883804][ T1041] loop1: p2 size 2 extends beyond EOD, truncated
[  296.906322][ T1041] loop1: p3 start 225 is beyond EOD, truncated
[  296.912531][ T1041] loop1: p4 size 3657465856 extends beyond EOD, truncated
[  296.924659][T28376] loop3: p3 size 1912633224 extends beyond EOD, truncated
[  296.948290][T28376] loop3: p4 size 3657465856 extends beyond EOD, truncated
[  297.023860][ T1041]  loop1: p2 < > p3 p4
[  297.033425][ T1041] loop1: p2 size 2 extends beyond EOD, truncated
[  297.035244][T28376] loop3: detected capacity change from 0 to 264192
[  297.048012][ T1041] loop1: p3 start 225 is beyond EOD, truncated
[  297.054274][ T1041] loop1: p4 size 3657465856 extends beyond EOD, truncated
09:18:38 executing program 0 (fault-call:2 fault-nth:40):
mlockall(0x1)
mremap(&(0x7f0000453000/0x4000)=nil, 0x4000, 0x1000, 0x3, &(0x7f000014a000/0x1000)=nil)
mbind(&(0x7f00003b5000/0x800000)=nil, 0x800004, 0x0, 0x0, 0x0, 0x2)

09:18:38 executing program 2:
r0 = open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x1800007, 0x11, r0, 0x0)
r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r2=>0x0)
ftruncate(r1, 0x81fd)
syz_open_dev$vcsu(&(0x7f0000001700), 0x0, 0x0)
sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000003980)=[{0x0}], 0x1}, 0x0)
io_submit(r2, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0x8008, 0x1, 0x0, r1, &(0x7f0000000000), 0x16000}])

09:18:38 executing program 1:
r0 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6000)
io_setup(0x202, 0x0)
io_submit(0x0, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0x8, 0x1, 0x0, r0, &(0x7f0000000000), 0x16000}])

09:18:38 executing program 4:
mkdir(&(0x7f0000002200)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000440)='affs\x00', 0x0, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
name_to_handle_at(r0, &(0x7f00000002c0)='./file1\x00', &(0x7f0000000300)=ANY=[@ANYBLOB="1c00000082000000fbffffffffffffff08000000000000000300f0ca6b00000009000000"], &(0x7f0000000340), 0x400)
getdents(0xffffffffffffffff, &(0x7f00000005c0)=""/223, 0xfc61)

[  297.131903][T28376]  loop3: p1 p3 p4
[  297.136024][T28376] loop3: p1 size 11290111 extends beyond EOD, truncated
[  297.156873][T28376] loop3: p3 size 1912633224 extends beyond EOD, truncated
09:18:38 executing program 1:
r0 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200))
io_submit(0x0, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0x8, 0x1, 0x0, r0, &(0x7f0000000000), 0x16000}])

[  297.182048][T28376] loop3: p4 size 3657465856 extends beyond EOD, truncated
[  297.202809][ T1041]  loop1: p2 < > p3 p4
[  297.210086][ T1041] loop1: p2 size 2 extends beyond EOD, truncated
[  297.220424][ T1041] loop1: p3 start 225 is beyond EOD, truncated
[  297.226604][ T1041] loop1: p4 size 3657465856 extends beyond EOD, truncated
[  297.309543][T28399] print_req_error: 52 callbacks suppressed
[  297.309554][T28399] blk_update_request: I/O error, dev loop3, sector 263946 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 0
[  297.328871][T28379] blk_update_request: I/O error, dev loop3, sector 264033 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 0
[  297.343784][T28381] blk_update_request: I/O error, dev loop3, sector 264064 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 0
[  297.356422][ T1778] __loop_clr_fd: partition scan of loop3 failed (rc=-16)
[  297.364483][ T1041]  loop1: p2 < > p3 p4
[  297.368619][ T1041] loop1: p2 size 2 extends beyond EOD, truncated
[  297.375336][ T1041] loop1: p3 start 225 is beyond EOD, truncated
[  297.381547][ T1041] loop1: p4 size 3657465856 extends beyond EOD, truncated
[  297.391618][  T896] blk_update_request: I/O error, dev loop3, sector 264064 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  297.402972][  T896] buffer_io_error: 37 callbacks suppressed
[  297.402985][  T896] Buffer I/O error on dev loop3p4, logical block 33008, async page read
[  297.417208][  T896] blk_update_request: I/O error, dev loop3, sector 264033 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  297.428519][  T896] Buffer I/O error on dev loop3p3, logical block 263808, async page read
[  297.437015][  T896] blk_update_request: I/O error, dev loop3, sector 264034 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  297.448831][  T896] Buffer I/O error on dev loop3p3, logical block 263809, async page read
09:18:39 executing program 5:
mlockall(0x1)
mremap(&(0x7f0000453000/0x4000)=nil, 0x4000, 0x1000, 0x3, &(0x7f000014a000/0x1000)=nil)
mbind(&(0x7f00003b5000/0x800000)=nil, 0x800004, 0x100000000000000, 0x0, 0x0, 0x2)

09:18:39 executing program 4:
mkdir(&(0x7f0000002200)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000440)='affs\x00', 0x0, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
name_to_handle_at(r0, &(0x7f00000002c0)='./file1\x00', &(0x7f0000000300)=ANY=[@ANYBLOB="1c00000082000000fbffffffffffffff08000000000000000300f0ca6b00000009000000"], &(0x7f0000000340), 0x400)
getdents(0xffffffffffffffff, &(0x7f00000005c0)=""/223, 0xfc61)

09:18:39 executing program 3:
syz_read_part_table(0x80000000000, 0x1, &(0x7f0000000480)=[{&(0x7f0000000000)="020181ffffff0a000000ff45ac000000000063000800000000000000000000ffffffa9000000e10000008877007200300700a6ffffff00000000008000da55aa", 0x40, 0x1c0}])
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)

09:18:39 executing program 2:
r0 = open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x1800007, 0x11, r0, 0x0)
r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r2=>0x0)
ftruncate(r1, 0x81fd)
syz_open_dev$vcsu(&(0x7f0000001700), 0x0, 0x0)
sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000003980)=[{0x0}], 0x1}, 0x0)
io_submit(r2, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0x8102, 0x1, 0x0, r1, &(0x7f0000000000), 0x16000}])

09:18:39 executing program 1:
r0 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200))
io_submit(0x0, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0x8, 0x1, 0x0, r0, &(0x7f0000000000), 0x16000}])

[  297.457302][  T896] blk_update_request: I/O error, dev loop3, sector 264035 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  297.468650][  T896] Buffer I/O error on dev loop3p3, logical block 263810, async page read
[  297.477061][  T896] blk_update_request: I/O error, dev loop3, sector 264036 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  297.488449][  T896] Buffer I/O error on dev loop3p3, logical block 263811, async page read
[  297.496946][  T896] blk_update_request: I/O error, dev loop3, sector 264037 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  297.508333][  T896] Buffer I/O error on dev loop3p3, logical block 263812, async page read
[  297.516827][  T896] blk_update_request: I/O error, dev loop3, sector 264038 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  297.528171][  T896] Buffer I/O error on dev loop3p3, logical block 263813, async page read
[  297.536754][  T896] Buffer I/O error on dev loop3p3, logical block 263814, async page read
[  297.545319][  T896] Buffer I/O error on dev loop3p3, logical block 263815, async page read
[  297.553936][  T896] Buffer I/O error on dev loop3p1, logical block 131968, async page read
[  297.571716][T28452] loop3: detected capacity change from 0 to 264192
09:18:39 executing program 4:
mkdir(&(0x7f0000002200)='./file0\x00', 0x0)
r0 = open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
name_to_handle_at(r1, &(0x7f00000002c0)='./file1\x00', &(0x7f0000000300)=ANY=[@ANYBLOB="1c00000082000000fbffffffffffffff08000000000000000300f0ca6b00000009000000"], &(0x7f0000000340), 0x400)
getdents(r0, &(0x7f00000005c0)=""/223, 0xfc61)

09:18:39 executing program 2:
r0 = open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x1800007, 0x11, r0, 0x0)
r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r2=>0x0)
ftruncate(r1, 0x81fd)
syz_open_dev$vcsu(&(0x7f0000001700), 0x0, 0x0)
sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000003980)=[{0x0}], 0x1}, 0x0)
io_submit(r2, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0x81fd, 0x1, 0x0, r1, &(0x7f0000000000), 0x16000}])

[  297.611897][T28452]  loop3: p1 p3 p4
[  297.616162][T28452] loop3: p1 size 11290111 extends beyond EOD, truncated
[  297.650278][T28452] loop3: p3 size 1912633224 extends beyond EOD, truncated
[  297.688639][ T1041]  loop1: p2 < > p3 p4
[  297.694988][ T1041] loop1: p2 size 2 extends beyond EOD, truncated
[  297.712659][T28452] loop3: p4 size 3657465856 extends beyond EOD, truncated
[  297.721023][T28421] FAULT_INJECTION: forcing a failure.
[  297.721023][T28421] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  297.734468][T28421] CPU: 1 PID: 28421 Comm: syz-executor.0 Not tainted 5.14.0-rc4-syzkaller #0
[  297.743329][T28421] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  297.753407][T28421] Call Trace:
[  297.756683][T28421]  dump_stack_lvl+0xb7/0x103
[  297.761354][T28421]  dump_stack+0x11/0x1a
[  297.763301][ T1041] loop1: p3 start 225 is beyond EOD, 
[  297.765638][T28421]  should_fail+0x23c/0x250
[  297.771086][ T1041] truncated
[  297.775456][T28421]  __alloc_pages+0x102/0x320
[  297.778558][ T1041] loop1: p4 size 3657465856 extends beyond EOD, truncated
[  297.783187][T28421]  alloc_pages_vma+0x513/0x680
[  297.795023][T28421]  ? page_address_in_vma+0x264/0x300
[  297.800310][T28421]  new_page+0x124/0x170
[  297.804488][T28421]  migrate_pages+0x3b3/0x1530
[  297.809182][T28421]  ? do_mbind+0xf50/0xf50
[  297.813547][T28421]  ? remove_migration_ptes+0x90/0x90
[  297.818826][T28421]  do_mbind+0xd43/0xf50
[  297.823086][T28421]  __x64_sys_mbind+0x10a/0x130
[  297.827950][T28421]  do_syscall_64+0x3d/0x90
[  297.832359][T28421]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  297.838343][T28421] RIP: 0033:0x4665e9
[  297.842260][T28421] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  297.862235][T28421] RSP: 002b:00007f21c691d188 EFLAGS: 00000246 ORIG_RAX: 00000000000000ed
[  297.870720][T28421] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665e9
[  297.878678][T28421] RDX: 0000000000000000 RSI: 0000000000800004 RDI: 00000000203b5000
[  297.886634][T28421] RBP: 00007f21c691d1d0 R08: 0000000000000000 R09: 0000000000000002
[  297.894581][T28421] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  297.902532][T28421] R13: 00007ffd632b736f R14: 00007f21c691d300 R15: 0000000000022000
09:18:39 executing program 0 (fault-call:2 fault-nth:41):
mlockall(0x1)
mremap(&(0x7f0000453000/0x4000)=nil, 0x4000, 0x1000, 0x3, &(0x7f000014a000/0x1000)=nil)
mbind(&(0x7f00003b5000/0x800000)=nil, 0x800004, 0x0, 0x0, 0x0, 0x2)

09:18:39 executing program 1:
r0 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200))
io_submit(0x0, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0x8, 0x1, 0x0, r0, &(0x7f0000000000), 0x16000}])

09:18:39 executing program 4:
r0 = open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
name_to_handle_at(r1, &(0x7f00000002c0)='./file1\x00', &(0x7f0000000300)=ANY=[@ANYBLOB="1c00000082000000fbffffffffffffff08000000000000000300f0ca6b00000009000000"], &(0x7f0000000340), 0x400)
getdents(r0, &(0x7f00000005c0)=""/223, 0xfc61)

09:18:39 executing program 3:
syz_read_part_table(0x100000000000, 0x1, &(0x7f0000000480)=[{&(0x7f0000000000)="020181ffffff0a000000ff45ac000000000063000800000000000000000000ffffffa9000000e10000008877007200300700a6ffffff00000000008000da55aa", 0x40, 0x1c0}])
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)

09:18:39 executing program 2:
r0 = open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x1800007, 0x11, r0, 0x0)
r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r2=>0x0)
ftruncate(r1, 0x81fd)
syz_open_dev$vcsu(&(0x7f0000001700), 0x0, 0x0)
sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000003980)=[{0x0}], 0x1}, 0x0)
io_submit(r2, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0x8205, 0x1, 0x0, r1, &(0x7f0000000000), 0x16000}])

[  298.183557][T28495] loop3: detected capacity change from 0 to 264192
[  298.248007][T28495]  loop3: p1 p3 p4
[  298.252135][T28495] loop3: p1 size 11290111 extends beyond EOD, truncated
[  298.271469][T28495] loop3: p3 size 1912633224 extends beyond EOD, truncated
[  298.287959][T28495] loop3: p4 size 3657465856 extends beyond EOD, truncated
[  298.309186][ T1041]  loop1: p2 < > p3 p4
[  298.313341][ T1041] loop1: p2 size 2 extends beyond EOD, truncated
[  298.339551][ T1041] loop1: p3 start 225 is beyond EOD, truncated
[  298.345732][ T1041] loop1: p4 size 3657465856 extends beyond EOD, truncated
[  298.453302][T28494] FAULT_INJECTION: forcing a failure.
[  298.453302][T28494] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  298.466623][T28494] CPU: 1 PID: 28494 Comm: syz-executor.0 Not tainted 5.14.0-rc4-syzkaller #0
[  298.475447][T28494] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  298.485522][T28494] Call Trace:
[  298.488945][T28494]  dump_stack_lvl+0xb7/0x103
[  298.493529][T28494]  dump_stack+0x11/0x1a
[  298.497671][T28494]  should_fail+0x23c/0x250
09:18:40 executing program 5:
mlockall(0x1)
mremap(&(0x7f0000453000/0x4000)=nil, 0x4000, 0x1000, 0x3, &(0x7f000014a000/0x1000)=nil)
mbind(&(0x7f00003b5000/0x800000)=nil, 0x800004, 0x200000000000000, 0x0, 0x0, 0x2)

09:18:40 executing program 4:
r0 = open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
name_to_handle_at(r1, &(0x7f00000002c0)='./file1\x00', &(0x7f0000000300)=ANY=[@ANYBLOB="1c00000082000000fbffffffffffffff08000000000000000300f0ca6b00000009000000"], &(0x7f0000000340), 0x400)
getdents(r0, &(0x7f00000005c0)=""/223, 0xfc61)

09:18:40 executing program 2:
r0 = open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x1800007, 0x11, r0, 0x0)
r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r2=>0x0)
ftruncate(r1, 0x81fd)
syz_open_dev$vcsu(&(0x7f0000001700), 0x0, 0x0)
sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000003980)=[{0x0}], 0x1}, 0x0)
io_submit(r2, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0x9700, 0x1, 0x0, r1, &(0x7f0000000000), 0x16000}])

09:18:40 executing program 1:
r0 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r1=>0x0)
io_submit(r1, 0x0, 0x0)

09:18:40 executing program 3:
syz_read_part_table(0x1000000000000, 0x1, &(0x7f0000000480)=[{&(0x7f0000000000)="020181ffffff0a000000ff45ac000000000063000800000000000000000000ffffffa9000000e10000008877007200300700a6ffffff00000000008000da55aa", 0x40, 0x1c0}])
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)

09:18:40 executing program 4:
r0 = open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
name_to_handle_at(r1, &(0x7f00000002c0)='./file1\x00', &(0x7f0000000300)=ANY=[@ANYBLOB="1c00000082000000fbffffffffffffff08000000000000000300f0ca6b00000009000000"], &(0x7f0000000340), 0x400)
getdents(r0, &(0x7f00000005c0)=""/223, 0xfc61)

[  298.502116][T28494]  __alloc_pages+0x102/0x320
[  298.506702][T28494]  alloc_pages_vma+0x513/0x680
[  298.511502][T28494]  ? page_address_in_vma+0x264/0x300
[  298.516796][T28494]  new_page+0x124/0x170
[  298.520950][T28494]  migrate_pages+0x3b3/0x1530
[  298.525618][T28494]  ? do_mbind+0xf50/0xf50
[  298.530091][T28494]  ? remove_migration_ptes+0x90/0x90
[  298.535396][T28494]  do_mbind+0xd43/0xf50
[  298.539635][T28494]  __x64_sys_mbind+0x10a/0x130
[  298.544398][T28494]  do_syscall_64+0x3d/0x90
[  298.548857][T28494]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  298.555238][T28494] RIP: 0033:0x4665e9
[  298.559213][T28494] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  298.578903][T28494] RSP: 002b:00007f21c691d188 EFLAGS: 00000246 ORIG_RAX: 00000000000000ed
[  298.587492][T28494] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665e9
[  298.595528][T28494] RDX: 0000000000000000 RSI: 0000000000800004 RDI: 00000000203b5000
09:18:40 executing program 4:
mkdir(0x0, 0x0)
r0 = open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
name_to_handle_at(r1, &(0x7f00000002c0)='./file1\x00', &(0x7f0000000300)=ANY=[@ANYBLOB="1c00000082000000fbffffffffffffff08000000000000000300f0ca6b00000009000000"], &(0x7f0000000340), 0x400)
getdents(r0, &(0x7f00000005c0)=""/223, 0xfc61)

[  298.603577][T28494] RBP: 00007f21c691d1d0 R08: 0000000000000000 R09: 0000000000000002
[  298.611539][T28494] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  298.619511][T28494] R13: 00007ffd632b736f R14: 00007f21c691d300 R15: 0000000000022000
[  298.641818][T28541] loop3: detected capacity change from 0 to 264192
[  298.659764][T28541]  loop3: p1 p3 p4
[  298.663730][T28541] loop3: p1 size 11290111 extends beyond EOD, truncated
[  298.675435][T28541] loop3: p3 size 1912633224 extends beyond EOD, truncated
[  298.692649][T28541] loop3: p4 size 3657465856 extends beyond EOD, truncated
[  298.720523][ T1041]  loop1: p2 < > p3 p4
[  298.724761][ T1041] loop1: p2 size 2 extends beyond EOD, truncated
[  298.737936][ T1041] loop1: p3 start 225 is beyond EOD, truncated
[  298.744114][ T1041] loop1: p4 size 3657465856 extends beyond EOD, truncated
[  298.768628][T28541] loop3: detected capacity change from 0 to 264192
[  298.808646][T28541]  loop3: p1 p3 p4
[  298.812564][T28541] loop3: p1 size 11290111 extends beyond EOD, truncated
[  298.826598][T28541] loop3: p3 size 1912633224 extends beyond EOD, truncated
[  298.841912][T28541] loop3: p4 size 3657465856 extends beyond EOD, truncated
09:18:40 executing program 0 (fault-call:2 fault-nth:42):
mlockall(0x1)
mremap(&(0x7f0000453000/0x4000)=nil, 0x4000, 0x1000, 0x3, &(0x7f000014a000/0x1000)=nil)
mbind(&(0x7f00003b5000/0x800000)=nil, 0x800004, 0x0, 0x0, 0x0, 0x2)

09:18:40 executing program 4:
mkdir(0x0, 0x0)
r0 = open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
name_to_handle_at(r1, &(0x7f00000002c0)='./file1\x00', &(0x7f0000000300)=ANY=[@ANYBLOB="1c00000082000000fbffffffffffffff08000000000000000300f0ca6b00000009000000"], &(0x7f0000000340), 0x400)
getdents(r0, &(0x7f00000005c0)=""/223, 0xfc61)

09:18:40 executing program 1:
r0 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r1=>0x0)
io_submit(r1, 0x0, 0x0)

09:18:40 executing program 2:
r0 = open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x1800007, 0x11, r0, 0x0)
r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r2=>0x0)
ftruncate(r1, 0x81fd)
syz_open_dev$vcsu(&(0x7f0000001700), 0x0, 0x0)
sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000003980)=[{0x0}], 0x1}, 0x0)
io_submit(r2, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0xe803, 0x1, 0x0, r1, &(0x7f0000000000), 0x16000}])

09:18:40 executing program 3:
syz_read_part_table(0x2000000000000, 0x1, &(0x7f0000000480)=[{&(0x7f0000000000)="020181ffffff0a000000ff45ac000000000063000800000000000000000000ffffffa9000000e10000008877007200300700a6ffffff00000000008000da55aa", 0x40, 0x1c0}])
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)

[  299.018478][T28583] loop3: detected capacity change from 0 to 264192
[  299.079347][T28583]  loop3: p1 p3 p4
[  299.084592][T28583] loop3: p1 size 11290111 extends beyond EOD, truncated
[  299.102244][T28583] loop3: p3 size 1912633224 extends beyond EOD, truncated
[  299.113658][T28583] loop3: p4 size 3657465856 extends beyond EOD, truncated
[  299.152147][ T1041]  loop1: p2 < > p3 p4
[  299.156523][ T1041] loop1: p2 size 2 extends beyond EOD, truncated
[  299.164535][ T1041] loop1: p3 start 225 is beyond EOD, truncated
[  299.170755][ T1041] loop1: p4 size 3657465856 extends beyond EOD, truncated
09:18:40 executing program 5:
mlockall(0x1)
mremap(&(0x7f0000453000/0x4000)=nil, 0x4000, 0x1000, 0x3, &(0x7f000014a000/0x1000)=nil)
mbind(&(0x7f00003b5000/0x800000)=nil, 0x800004, 0x300000000000000, 0x0, 0x0, 0x2)

09:18:40 executing program 4:
mkdir(0x0, 0x0)
r0 = open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
name_to_handle_at(r1, &(0x7f00000002c0)='./file1\x00', &(0x7f0000000300)=ANY=[@ANYBLOB="1c00000082000000fbffffffffffffff08000000000000000300f0ca6b00000009000000"], &(0x7f0000000340), 0x400)
getdents(r0, &(0x7f00000005c0)=""/223, 0xfc61)

09:18:40 executing program 2:
r0 = open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x1800007, 0x11, r0, 0x0)
r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r2=>0x0)
ftruncate(r1, 0x81fd)
syz_open_dev$vcsu(&(0x7f0000001700), 0x0, 0x0)
sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000003980)=[{0x0}], 0x1}, 0x0)
io_submit(r2, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0xefff, 0x1, 0x0, r1, &(0x7f0000000000), 0x16000}])

09:18:40 executing program 1:
r0 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r1=>0x0)
io_submit(r1, 0x0, 0x0)

09:18:40 executing program 3:
syz_read_part_table(0x4000000000000, 0x1, &(0x7f0000000480)=[{&(0x7f0000000000)="020181ffffff0a000000ff45ac000000000063000800000000000000000000ffffffa9000000e10000008877007200300700a6ffffff00000000008000da55aa", 0x40, 0x1c0}])
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)

[  299.385365][T28617] FAULT_INJECTION: forcing a failure.
[  299.385365][T28617] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  299.398647][T28617] CPU: 1 PID: 28617 Comm: syz-executor.0 Not tainted 5.14.0-rc4-syzkaller #0
[  299.407503][T28617] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  299.417752][T28617] Call Trace:
[  299.421036][T28617]  dump_stack_lvl+0xb7/0x103
[  299.425632][T28617]  dump_stack+0x11/0x1a
[  299.429825][T28617]  should_fail+0x23c/0x250
[  299.434295][T28617]  __alloc_pages+0x102/0x320
[  299.438969][T28617]  alloc_pages_vma+0x513/0x680
[  299.443729][T28617]  ? page_address_in_vma+0x264/0x300
[  299.449014][T28617]  new_page+0x124/0x170
[  299.453165][T28617]  migrate_pages+0x3b3/0x1530
[  299.457842][T28617]  ? do_mbind+0xf50/0xf50
[  299.462229][T28617]  ? remove_migration_ptes+0x90/0x90
[  299.467521][T28617]  do_mbind+0xd43/0xf50
[  299.471676][T28617]  __x64_sys_mbind+0x10a/0x130
[  299.476433][T28617]  do_syscall_64+0x3d/0x90
[  299.480858][T28617]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  299.486787][T28617] RIP: 0033:0x4665e9
[  299.490822][T28617] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  299.510435][T28617] RSP: 002b:00007f21c68fc188 EFLAGS: 00000246 ORIG_RAX: 00000000000000ed
[  299.519028][T28617] RAX: ffffffffffffffda RBX: 000000000056c038 RCX: 00000000004665e9
[  299.526993][T28617] RDX: 0000000000000000 RSI: 0000000000800004 RDI: 00000000203b5000
09:18:41 executing program 4:
mkdir(&(0x7f0000002200)='./file0\x00', 0x0)
r0 = open$dir(0x0, 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
name_to_handle_at(r1, &(0x7f00000002c0)='./file1\x00', &(0x7f0000000300)=ANY=[@ANYBLOB="1c00000082000000fbffffffffffffff08000000000000000300f0ca6b00000009000000"], &(0x7f0000000340), 0x400)
getdents(r0, &(0x7f00000005c0)=""/223, 0xfc61)

[  299.529575][T28625] loop3: detected capacity change from 0 to 264192
[  299.534961][T28617] RBP: 00007f21c68fc1d0 R08: 0000000000000000 R09: 0000000000000002
[  299.534976][T28617] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  299.534988][T28617] R13: 00007ffd632b736f R14: 00007f21c68fc300 R15: 0000000000022000
09:18:41 executing program 1:
r0 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r1=>0x0)
io_submit(r1, 0x0, &(0x7f0000000540))

[  299.599760][T28625]  loop3: p1 p3 p4
[  299.609110][T28625] loop3: p1 size 11290111 extends beyond EOD, truncated
[  299.626441][T28625] loop3: p3 size 1912633224 extends beyond EOD, truncated
[  299.677140][T28625] loop3: p4 size 3657465856 extends beyond EOD, truncated
[  299.686689][ T1041]  loop1: p2 < > p3 p4
[  299.696429][ T1041] loop1: p2 size 2 extends beyond EOD, truncated
[  299.723523][ T1041] loop1: p3 start 225 is beyond EOD, truncated
[  299.729855][ T1041] loop1: p4 size 3657465856 extends beyond EOD, truncated
[  299.775037][T28625] __loop_clr_fd: partition scan of loop3 failed (rc=-16)
[  299.800960][T28625] loop3: detected capacity change from 0 to 264192
[  299.819930][ T1041]  loop1: p2 < > p3 p4
[  299.828762][ T1041] loop1: p2 size 2 extends beyond EOD, truncated
[  299.839531][T28625]  loop3: p1 p3 p4
[  299.843346][T28625] loop3: p1 size 11290111 extends beyond EOD, truncated
[  299.850524][ T1041] loop1: p3 start 225 is beyond EOD, truncated
[  299.856808][ T1041] loop1: p4 size 3657465856 extends beyond EOD, truncated
[  299.858288][T28625] loop3: p3 size 1912633224 extends beyond EOD, truncated
[  299.888082][T28625] loop3: p4 size 3657465856 extends beyond EOD, truncated
09:18:41 executing program 0 (fault-call:2 fault-nth:43):
mlockall(0x1)
mremap(&(0x7f0000453000/0x4000)=nil, 0x4000, 0x1000, 0x3, &(0x7f000014a000/0x1000)=nil)
mbind(&(0x7f00003b5000/0x800000)=nil, 0x800004, 0x0, 0x0, 0x0, 0x2)

09:18:41 executing program 4:
mkdir(&(0x7f0000002200)='./file0\x00', 0x0)
r0 = open$dir(0x0, 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
name_to_handle_at(r1, &(0x7f00000002c0)='./file1\x00', &(0x7f0000000300)=ANY=[@ANYBLOB="1c00000082000000fbffffffffffffff08000000000000000300f0ca6b00000009000000"], &(0x7f0000000340), 0x400)
getdents(r0, &(0x7f00000005c0)=""/223, 0xfc61)

09:18:41 executing program 2:
r0 = open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x1800007, 0x11, r0, 0x0)
r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r2=>0x0)
ftruncate(r1, 0x81fd)
syz_open_dev$vcsu(&(0x7f0000001700), 0x0, 0x0)
sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000003980)=[{0x0}], 0x1}, 0x0)
io_submit(r2, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0xfd81, 0x1, 0x0, r1, &(0x7f0000000000), 0x16000}])

09:18:41 executing program 1:
r0 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r1=>0x0)
io_submit(r1, 0x0, &(0x7f0000000540))

09:18:41 executing program 3:
syz_read_part_table(0x7ffffffffffff, 0x1, &(0x7f0000000480)=[{&(0x7f0000000000)="020181ffffff0a000000ff45ac000000000063000800000000000000000000ffffffa9000000e10000008877007200300700a6ffffff00000000008000da55aa", 0x40, 0x1c0}])
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)

[  300.103347][T28687] loop3: detected capacity change from 0 to 264192
[  300.162360][T28687]  loop3: p1 p3 p4
[  300.168477][ T1041]  loop1: p2 < > p3 p4
[  300.168947][T28687] loop3: p1 size 11290111 extends beyond EOD, truncated
[  300.172899][ T1041] loop1: p2 size 2 extends beyond EOD, truncated
[  300.194731][T28687] loop3: p3 size 1912633224 extends beyond EOD, truncated
[  300.202248][ T1041] loop1: p3 start 225 is beyond EOD, truncated
[  300.208521][ T1041] loop1: p4 size 3657465856 extends beyond EOD, truncated
[  300.216710][T28687] loop3: p4 size 3657465856 extends beyond EOD, truncated
09:18:41 executing program 5:
mlockall(0x1)
mremap(&(0x7f0000453000/0x4000)=nil, 0x4000, 0x1000, 0x3, &(0x7f000014a000/0x1000)=nil)
mbind(&(0x7f00003b5000/0x800000)=nil, 0x800004, 0x400000000000000, 0x0, 0x0, 0x2)

09:18:41 executing program 4:
mkdir(&(0x7f0000002200)='./file0\x00', 0x0)
r0 = open$dir(0x0, 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
name_to_handle_at(r1, &(0x7f00000002c0)='./file1\x00', &(0x7f0000000300)=ANY=[@ANYBLOB="1c00000082000000fbffffffffffffff08000000000000000300f0ca6b00000009000000"], &(0x7f0000000340), 0x400)
getdents(r0, &(0x7f00000005c0)=""/223, 0xfc61)

09:18:41 executing program 1:
r0 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r1=>0x0)
io_submit(r1, 0x0, &(0x7f0000000540))

09:18:41 executing program 2:
r0 = open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x1800007, 0x11, r0, 0x0)
r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r2=>0x0)
ftruncate(r1, 0x81fd)
syz_open_dev$vcsu(&(0x7f0000001700), 0x0, 0x0)
sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000003980)=[{0x0}], 0x1}, 0x0)
io_submit(r2, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0xff01, 0x1, 0x0, r1, &(0x7f0000000000), 0x16000}])

[  300.300245][T28687] loop3: detected capacity change from 0 to 264192
09:18:41 executing program 4:
mkdir(&(0x7f0000002200)='./file0\x00', 0x0)
r0 = open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, 0x0, 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
name_to_handle_at(r1, &(0x7f00000002c0)='./file1\x00', &(0x7f0000000300)=ANY=[@ANYBLOB="1c00000082000000fbffffffffffffff08000000000000000300f0ca6b00000009000000"], &(0x7f0000000340), 0x400)
getdents(r0, &(0x7f00000005c0)=""/223, 0xfc61)

[  300.360282][T28687]  loop3: p1 p3 p4
[  300.364458][T28687] loop3: p1 size 11290111 extends beyond EOD, truncated
[  300.397266][T28687] loop3: p3 size 1912633224 extends beyond EOD, truncated
[  300.416675][T28683] FAULT_INJECTION: forcing a failure.
[  300.416675][T28683] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  300.430007][T28683] CPU: 1 PID: 28683 Comm: syz-executor.0 Not tainted 5.14.0-rc4-syzkaller #0
[  300.438860][T28683] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  300.449051][T28683] Call Trace:
[  300.452342][T28683]  dump_stack_lvl+0xb7/0x103
[  300.457034][T28683]  dump_stack+0x11/0x1a
[  300.461314][T28683]  should_fail+0x23c/0x250
[  300.466898][T28683]  __alloc_pages+0x102/0x320
[  300.471620][T28683]  alloc_pages_vma+0x513/0x680
[  300.476386][T28683]  ? page_address_in_vma+0x264/0x300
[  300.481669][T28683]  new_page+0x124/0x170
[  300.486100][T28683]  migrate_pages+0x3b3/0x1530
[  300.490802][T28683]  ? do_mbind+0xf50/0xf50
[  300.495124][T28683]  ? remove_migration_ptes+0x90/0x90
[  300.495797][T28687] loop3: p4 size 3657465856 extends beyond EOD, 
[  300.500446][T28683]  do_mbind+0xd43/0xf50
[  300.500488][T28683]  __x64_sys_mbind+0x10a/0x130
09:18:42 executing program 4:
mkdir(&(0x7f0000002200)='./file0\x00', 0x0)
r0 = open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, 0x0, 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
name_to_handle_at(r1, &(0x7f00000002c0)='./file1\x00', &(0x7f0000000300)=ANY=[@ANYBLOB="1c00000082000000fbffffffffffffff08000000000000000300f0ca6b00000009000000"], &(0x7f0000000340), 0x400)
getdents(r0, &(0x7f00000005c0)=""/223, 0xfc61)

[  300.506825][T28687] truncated
[  300.518973][T28683]  do_syscall_64+0x3d/0x90
[  300.523392][T28683]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  300.529290][T28683] RIP: 0033:0x4665e9
[  300.533437][T28683] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  300.553131][T28683] RSP: 002b:00007f21c691d188 EFLAGS: 00000246 ORIG_RAX: 00000000000000ed
09:18:42 executing program 4:
mkdir(&(0x7f0000002200)='./file0\x00', 0x0)
r0 = open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, 0x0, 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
name_to_handle_at(r1, &(0x7f00000002c0)='./file1\x00', &(0x7f0000000300)=ANY=[@ANYBLOB="1c00000082000000fbffffffffffffff08000000000000000300f0ca6b00000009000000"], &(0x7f0000000340), 0x400)
getdents(r0, &(0x7f00000005c0)=""/223, 0xfc61)

[  300.561608][T28683] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665e9
[  300.569702][T28683] RDX: 0000000000000000 RSI: 0000000000800004 RDI: 00000000203b5000
[  300.578264][T28683] RBP: 00007f21c691d1d0 R08: 0000000000000000 R09: 0000000000000002
[  300.586523][T28683] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  300.594495][T28683] R13: 00007ffd632b736f R14: 00007f21c691d300 R15: 0000000000022000
[  300.656715][ T1041]  loop3: p1 p3 p4
[  300.660578][ T1041] loop3: p1 size 11290111 extends beyond EOD, truncated
[  300.668086][ T1041] loop3: p3 size 1912633224 extends beyond EOD, truncated
[  300.682695][ T1041] loop3: p4 size 3657465856 extends beyond EOD, truncated
[  300.740791][ T1041]  loop1: p2 < > p3 p4
[  300.749581][ T1041] loop1: p2 size 2 extends beyond EOD, truncated
[  300.764865][ T1041] loop1: p3 start 225 is beyond EOD, truncated
[  300.771082][ T1041] loop1: p4 size 3657465856 extends beyond EOD, truncated
09:18:42 executing program 0 (fault-call:2 fault-nth:44):
mlockall(0x1)
mremap(&(0x7f0000453000/0x4000)=nil, 0x4000, 0x1000, 0x3, &(0x7f000014a000/0x1000)=nil)
mbind(&(0x7f00003b5000/0x800000)=nil, 0x800004, 0x0, 0x0, 0x0, 0x2)

09:18:42 executing program 1:
r0 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r1=>0x0)
io_submit(r1, 0x1, &(0x7f0000000540)=[0x0])

09:18:42 executing program 2:
r0 = open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x1800007, 0x11, r0, 0x0)
r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r2=>0x0)
ftruncate(r1, 0x81fd)
syz_open_dev$vcsu(&(0x7f0000001700), 0x0, 0x0)
sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000003980)=[{0x0}], 0x1}, 0x0)
io_submit(r2, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0xff0f, 0x1, 0x0, r1, &(0x7f0000000000), 0x16000}])

09:18:42 executing program 4:
mkdir(&(0x7f0000002200)='./file0\x00', 0x0)
r0 = open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
name_to_handle_at(r1, &(0x7f00000002c0)='./file1\x00', &(0x7f0000000300)=ANY=[@ANYBLOB="1c00000082000000fbffffffffffffff08000000000000000300f0ca6b00000009000000"], &(0x7f0000000340), 0x400)
getdents(r0, &(0x7f00000005c0)=""/223, 0xfc61)

09:18:42 executing program 3:
syz_read_part_table(0x20000000000000, 0x1, &(0x7f0000000480)=[{&(0x7f0000000000)="020181ffffff0a000000ff45ac000000000063000800000000000000000000ffffffa9000000e10000008877007200300700a6ffffff00000000008000da55aa", 0x40, 0x1c0}])
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)

[  300.940322][T28768] loop3: detected capacity change from 0 to 264192
[  300.999005][ T1041]  loop1: p2 < > p3 p4
[  301.003190][ T1041] loop1: p2 size 2 extends beyond EOD, truncated
[  301.010517][T28768]  loop3: p1 p3 p4
[  301.014460][T28768] loop3: p1 size 11290111 extends beyond EOD, truncated
[  301.026639][ T1041] loop1: p3 start 225 is beyond EOD, truncated
[  301.032851][ T1041] loop1: p4 size 3657465856 extends beyond EOD, truncated
[  301.049923][T28768] loop3: p3 size 1912633224 extends beyond EOD, truncated
[  301.067618][T28768] loop3: p4 size 3657465856 extends beyond EOD, truncated
09:18:42 executing program 5:
mlockall(0x1)
mremap(&(0x7f0000453000/0x4000)=nil, 0x4000, 0x1000, 0x3, &(0x7f000014a000/0x1000)=nil)
mbind(&(0x7f00003b5000/0x800000)=nil, 0x800004, 0x700000000000000, 0x0, 0x0, 0x2)

09:18:42 executing program 4:
mkdir(&(0x7f0000002200)='./file0\x00', 0x0)
r0 = open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
name_to_handle_at(r1, &(0x7f00000002c0)='./file1\x00', &(0x7f0000000300)=ANY=[@ANYBLOB="1c00000082000000fbffffffffffffff08000000000000000300f0ca6b00000009000000"], &(0x7f0000000340), 0x400)
getdents(r0, &(0x7f00000005c0)=""/223, 0xfc61)

09:18:42 executing program 1:
r0 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r1=>0x0)
io_submit(r1, 0x1, &(0x7f0000000540)=[0x0])

09:18:42 executing program 2:
r0 = open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x1800007, 0x11, r0, 0x0)
r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r2=>0x0)
ftruncate(r1, 0x81fd)
syz_open_dev$vcsu(&(0x7f0000001700), 0x0, 0x0)
sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000003980)=[{0x0}], 0x1}, 0x0)
io_submit(r2, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0xffef, 0x1, 0x0, r1, &(0x7f0000000000), 0x16000}])

09:18:42 executing program 3:
syz_read_part_table(0x90000000000000, 0x1, &(0x7f0000000480)=[{&(0x7f0000000000)="020181ffffff0a000000ff45ac000000000063000800000000000000000000ffffffa9000000e10000008877007200300700a6ffffff00000000008000da55aa", 0x40, 0x1c0}])
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)

[  301.203160][T28763] FAULT_INJECTION: forcing a failure.
[  301.203160][T28763] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  301.216582][T28763] CPU: 0 PID: 28763 Comm: syz-executor.0 Not tainted 5.14.0-rc4-syzkaller #0
[  301.225417][T28763] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  301.235572][T28763] Call Trace:
[  301.238852][T28763]  dump_stack_lvl+0xb7/0x103
[  301.243486][T28763]  dump_stack+0x11/0x1a
[  301.247721][T28763]  should_fail+0x23c/0x250
[  301.252167][T28763]  __alloc_pages+0x102/0x320
[  301.256781][T28763]  alloc_pages_vma+0x513/0x680
[  301.261546][T28763]  ? page_address_in_vma+0x264/0x300
[  301.266974][T28763]  new_page+0x124/0x170
[  301.271136][T28763]  migrate_pages+0x3b3/0x1530
[  301.275810][T28763]  ? do_mbind+0xf50/0xf50
[  301.280141][T28763]  ? remove_migration_ptes+0x90/0x90
[  301.285625][T28763]  do_mbind+0xd43/0xf50
[  301.289962][T28763]  __x64_sys_mbind+0x10a/0x130
[  301.294737][T28763]  do_syscall_64+0x3d/0x90
09:18:42 executing program 4:
mkdir(&(0x7f0000002200)='./file0\x00', 0x0)
r0 = open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
name_to_handle_at(r1, &(0x7f00000002c0)='./file1\x00', &(0x7f0000000300)=ANY=[@ANYBLOB="1c00000082000000fbffffffffffffff08000000000000000300f0ca6b00000009000000"], &(0x7f0000000340), 0x400)
getdents(r0, &(0x7f00000005c0)=""/223, 0xfc61)

[  301.299164][T28763]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  301.305146][T28763] RIP: 0033:0x4665e9
[  301.309044][T28763] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  301.328972][T28763] RSP: 002b:00007f21c691d188 EFLAGS: 00000246 ORIG_RAX: 00000000000000ed
[  301.337409][T28763] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665e9
[  301.345437][T28763] RDX: 0000000000000000 RSI: 0000000000800004 RDI: 00000000203b5000
[  301.353410][T28763] RBP: 00007f21c691d1d0 R08: 0000000000000000 R09: 0000000000000002
[  301.361519][T28763] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  301.369558][T28763] R13: 00007ffd632b736f R14: 00007f21c691d300 R15: 0000000000022000
[  301.370611][T28798] loop3: detected capacity change from 0 to 264192
09:18:43 executing program 4:
mkdir(&(0x7f0000002200)='./file0\x00', 0x0)
r0 = open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x10, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
name_to_handle_at(r1, &(0x7f00000002c0)='./file1\x00', &(0x7f0000000300)=ANY=[@ANYBLOB="1c00000082000000fbffffffffffffff08000000000000000300f0ca6b00000009000000"], &(0x7f0000000340), 0x400)
getdents(r0, &(0x7f00000005c0)=""/223, 0xfc61)

[  301.419946][T28798]  loop3: p1 p3 p4
[  301.424662][T28798] loop3: p1 start 1718379891 is beyond EOD, truncated
[  301.431581][T28798] loop3: p3 size 1912633224 extends beyond EOD, truncated
[  301.467254][T28798] loop3: p4 size 3657465856 extends beyond EOD, truncated
[  301.486544][ T1041]  loop1: p2 < > p3 p4
[  301.490743][ T1041] loop1: p2 size 2 extends beyond EOD, truncated
[  301.516551][ T1041] loop1: p3 start 225 is beyond EOD, truncated
[  301.522756][ T1041] loop1: p4 size 3657465856 extends beyond EOD, truncated
[  301.551639][T28798] loop3: detected capacity change from 0 to 264192
09:18:43 executing program 0 (fault-call:2 fault-nth:45):
mlockall(0x1)
mremap(&(0x7f0000453000/0x4000)=nil, 0x4000, 0x1000, 0x3, &(0x7f000014a000/0x1000)=nil)
mbind(&(0x7f00003b5000/0x800000)=nil, 0x800004, 0x0, 0x0, 0x0, 0x2)

09:18:43 executing program 1:
r0 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r1=>0x0)
io_submit(r1, 0x1, &(0x7f0000000540)=[0x0])

09:18:43 executing program 2:
r0 = open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x1800007, 0x11, r0, 0x0)
r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r2=>0x0)
ftruncate(r1, 0x81fd)
syz_open_dev$vcsu(&(0x7f0000001700), 0x0, 0x0)
sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000003980)=[{0x0}], 0x1}, 0x0)
io_submit(r2, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0x15fff, 0x1, 0x0, r1, &(0x7f0000000000), 0x16000}])

09:18:43 executing program 4:
mkdir(&(0x7f0000002200)='./file0\x00', 0x0)
r0 = open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x10, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
name_to_handle_at(r1, &(0x7f00000002c0)='./file1\x00', &(0x7f0000000300)=ANY=[@ANYBLOB="1c00000082000000fbffffffffffffff08000000000000000300f0ca6b00000009000000"], &(0x7f0000000340), 0x400)
getdents(r0, &(0x7f00000005c0)=""/223, 0xfc61)

[  301.619436][T28798]  loop3: p1 p3 p4
[  301.623416][T28798] loop3: p1 size 11290111 extends beyond EOD, truncated
[  301.638251][T28798] loop3: p3 size 1912633224 extends beyond EOD, truncated
[  301.655755][T28798] loop3: p4 size 3657465856 extends beyond EOD, truncated
09:18:43 executing program 4:
mkdir(&(0x7f0000002200)='./file0\x00', 0x0)
r0 = open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x10, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
name_to_handle_at(r1, &(0x7f00000002c0)='./file1\x00', &(0x7f0000000300)=ANY=[@ANYBLOB="1c00000082000000fbffffffffffffff08000000000000000300f0ca6b00000009000000"], &(0x7f0000000340), 0x400)
getdents(r0, &(0x7f00000005c0)=""/223, 0xfc61)

[  301.863678][ T1041]  loop1: p2 < > p3 p4
[  301.871284][ T1041] loop1: p2 size 2 extends beyond EOD, truncated
[  301.886746][ T1041] loop1: p3 start 225 is beyond EOD, truncated
[  301.892951][ T1041] loop1: p4 size 3657465856 extends beyond EOD, truncated
09:18:43 executing program 5:
mlockall(0x1)
mremap(&(0x7f0000453000/0x4000)=nil, 0x4000, 0x1000, 0x3, &(0x7f000014a000/0x1000)=nil)
mbind(&(0x7f00003b5000/0x800000)=nil, 0x800004, 0x800000000000000, 0x0, 0x0, 0x2)

09:18:43 executing program 3:
syz_read_part_table(0xc0000000000000, 0x1, &(0x7f0000000480)=[{&(0x7f0000000000)="020181ffffff0a000000ff45ac000000000063000800000000000000000000ffffffa9000000e10000008877007200300700a6ffffff00000000008000da55aa", 0x40, 0x1c0}])
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)

09:18:43 executing program 1:
r0 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r1=>0x0)
io_submit(r1, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0x8, 0x0, 0x0, r0, &(0x7f0000000000), 0x16000}])

09:18:43 executing program 2:
r0 = open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x1800007, 0x11, r0, 0x0)
r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r2=>0x0)
ftruncate(r1, 0x81fd)
syz_open_dev$vcsu(&(0x7f0000001700), 0x0, 0x0)
sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000003980)=[{0x0}], 0x1}, 0x0)
io_submit(r2, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0x1ed25, 0x1, 0x0, r1, &(0x7f0000000000), 0x16000}])

09:18:43 executing program 4:
mkdir(&(0x7f0000002200)='./file0\x00', 0x0)
r0 = open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, 0xffffffffffffffff, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
name_to_handle_at(r1, &(0x7f00000002c0)='./file1\x00', &(0x7f0000000300)=ANY=[@ANYBLOB="1c00000082000000fbffffffffffffff08000000000000000300f0ca6b00000009000000"], &(0x7f0000000340), 0x400)
getdents(r0, &(0x7f00000005c0)=""/223, 0xfc61)

[  302.079643][T28840] FAULT_INJECTION: forcing a failure.
[  302.079643][T28840] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  302.092984][T28840] CPU: 0 PID: 28840 Comm: syz-executor.0 Not tainted 5.14.0-rc4-syzkaller #0
[  302.101763][T28840] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  302.111898][T28840] Call Trace:
[  302.115186][T28840]  dump_stack_lvl+0xb7/0x103
[  302.119855][T28840]  dump_stack+0x11/0x1a
[  302.124187][T28840]  should_fail+0x23c/0x250
[  302.128610][T28840]  __alloc_pages+0x102/0x320
[  302.133204][T28840]  alloc_pages_vma+0x513/0x680
[  302.137971][T28840]  ? page_address_in_vma+0x264/0x300
[  302.143405][T28840]  new_page+0x124/0x170
[  302.147655][T28840]  migrate_pages+0x3b3/0x1530
[  302.152445][T28840]  ? do_mbind+0xf50/0xf50
[  302.156886][T28840]  ? remove_migration_ptes+0x90/0x90
[  302.162314][T28840]  do_mbind+0xd43/0xf50
[  302.166481][T28840]  __x64_sys_mbind+0x10a/0x130
[  302.171321][T28840]  do_syscall_64+0x3d/0x90
[  302.175733][T28840]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  302.181713][T28840] RIP: 0033:0x4665e9
[  302.185596][T28840] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  302.205311][T28840] RSP: 002b:00007f21c691d188 EFLAGS: 00000246 ORIG_RAX: 00000000000000ed
[  302.213773][T28840] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665e9
[  302.221844][T28840] RDX: 0000000000000000 RSI: 0000000000800004 RDI: 00000000203b5000
[  302.229867][T28840] RBP: 00007f21c691d1d0 R08: 0000000000000000 R09: 0000000000000002
[  302.237829][T28840] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  302.245855][T28840] R13: 00007ffd632b736f R14: 00007f21c691d300 R15: 0000000000022000
09:18:43 executing program 4:
mkdir(&(0x7f0000002200)='./file0\x00', 0x0)
r0 = open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, 0xffffffffffffffff, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
name_to_handle_at(r1, &(0x7f00000002c0)='./file1\x00', &(0x7f0000000300)=ANY=[@ANYBLOB="1c00000082000000fbffffffffffffff08000000000000000300f0ca6b00000009000000"], &(0x7f0000000340), 0x400)
getdents(r0, &(0x7f00000005c0)=""/223, 0xfc61)

[  302.293725][T28875] loop3: detected capacity change from 0 to 264192
09:18:43 executing program 1:
r0 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r1=>0x0)
io_submit(r1, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0x8, 0x0, 0x0, r0, &(0x7f0000000000), 0x16000}])

[  302.358328][T28875]  loop3: p1 p3 p4
[  302.362353][T28875] loop3: p1 size 11290111 extends beyond EOD, truncated
[  302.387814][T28875] loop3: p3 size 1912633224 extends beyond EOD, truncated
[  302.401674][ T1041]  loop1: p2 < > p3 p4
[  302.413293][ T1041] loop1: p2 size 2 extends beyond EOD, truncated
[  302.420395][T28875] loop3: p4 size 3657465856 extends beyond EOD, truncated
[  302.436505][ T1041] loop1: p3 start 225 is beyond EOD, truncated
[  302.442848][ T1041] loop1: p4 size 3657465856 extends beyond EOD, truncated
09:18:44 executing program 0 (fault-call:2 fault-nth:46):
mlockall(0x1)
mremap(&(0x7f0000453000/0x4000)=nil, 0x4000, 0x1000, 0x3, &(0x7f000014a000/0x1000)=nil)
mbind(&(0x7f00003b5000/0x800000)=nil, 0x800004, 0x0, 0x0, 0x0, 0x2)

09:18:44 executing program 2:
r0 = open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x1800007, 0x11, r0, 0x0)
r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r2=>0x0)
ftruncate(r1, 0x81fd)
syz_open_dev$vcsu(&(0x7f0000001700), 0x0, 0x0)
sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000003980)=[{0x0}], 0x1}, 0x0)
io_submit(r2, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0x1ed26, 0x1, 0x0, r1, &(0x7f0000000000), 0x16000}])

09:18:44 executing program 4:
mkdir(&(0x7f0000002200)='./file0\x00', 0x0)
r0 = open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, 0xffffffffffffffff, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
name_to_handle_at(r1, &(0x7f00000002c0)='./file1\x00', &(0x7f0000000300)=ANY=[@ANYBLOB="1c00000082000000fbffffffffffffff08000000000000000300f0ca6b00000009000000"], &(0x7f0000000340), 0x400)
getdents(r0, &(0x7f00000005c0)=""/223, 0xfc61)

09:18:44 executing program 3:
syz_read_part_table(0xe0ffff00000000, 0x1, &(0x7f0000000480)=[{&(0x7f0000000000)="020181ffffff0a000000ff45ac000000000063000800000000000000000000ffffffa9000000e10000008877007200300700a6ffffff00000000008000da55aa", 0x40, 0x1c0}])
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)

09:18:44 executing program 1:
r0 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r1=>0x0)
io_submit(r1, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0x8, 0x0, 0x0, r0, &(0x7f0000000000), 0x16000}])

[  302.689742][T28917] loop3: detected capacity change from 0 to 264192
[  302.740095][T28917]  loop3: p1 p3 p4
[  302.748972][T28917] loop3: p1 size 11290111 extends beyond EOD, truncated
[  302.776344][T28917] loop3: p3 size 1912633224 extends beyond EOD, truncated
[  302.792502][T28917] loop3: p4 size 3657465856 extends beyond EOD, truncated
[  302.804072][ T1041]  loop1: p2 < > p3 p4
[  302.808848][ T1041] loop1: p2 size 2 extends beyond EOD, truncated
[  302.823221][ T1041] loop1: p3 start 225 is beyond EOD, truncated
[  302.829445][ T1041] loop1: p4 size 3657465856 extends beyond EOD, truncated
09:18:44 executing program 5:
mlockall(0x1)
mremap(&(0x7f0000453000/0x4000)=nil, 0x4000, 0x1000, 0x3, &(0x7f000014a000/0x1000)=nil)
mbind(&(0x7f00003b5000/0x800000)=nil, 0x800004, 0x4000000000000000, 0x0, 0x0, 0x2)

09:18:44 executing program 4:
mkdir(&(0x7f0000002200)='./file0\x00', 0x0)
r0 = open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0)
preadv(0xffffffffffffffff, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
name_to_handle_at(r1, &(0x7f00000002c0)='./file1\x00', &(0x7f0000000300)=ANY=[@ANYBLOB="1c00000082000000fbffffffffffffff08000000000000000300f0ca6b00000009000000"], &(0x7f0000000340), 0x400)
getdents(r0, &(0x7f00000005c0)=""/223, 0xfc61)

09:18:44 executing program 1:
r0 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r1=>0x0)
io_submit(r1, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0x8, 0x1, 0x0, 0xffffffffffffffff, &(0x7f0000000000), 0x16000}])

09:18:44 executing program 2:
r0 = open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x1800007, 0x11, r0, 0x0)
r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r2=>0x0)
ftruncate(r1, 0x81fd)
syz_open_dev$vcsu(&(0x7f0000001700), 0x0, 0x0)
sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000003980)=[{0x0}], 0x1}, 0x0)
io_submit(r2, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0x1ed27, 0x1, 0x0, r1, &(0x7f0000000000), 0x16000}])

[  302.900727][T28917] loop3: detected capacity change from 0 to 264192
09:18:44 executing program 4:
mkdir(&(0x7f0000002200)='./file0\x00', 0x0)
r0 = open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0)
preadv(0xffffffffffffffff, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
name_to_handle_at(r1, &(0x7f00000002c0)='./file1\x00', &(0x7f0000000300)=ANY=[@ANYBLOB="1c00000082000000fbffffffffffffff08000000000000000300f0ca6b00000009000000"], &(0x7f0000000340), 0x400)
getdents(r0, &(0x7f00000005c0)=""/223, 0xfc61)

09:18:44 executing program 2:
r0 = open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x1800007, 0x11, r0, 0x0)
r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r2=>0x0)
ftruncate(r1, 0x81fd)
syz_open_dev$vcsu(&(0x7f0000001700), 0x0, 0x0)
sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000003980)=[{0x0}], 0x1}, 0x0)
io_submit(r2, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0x20000, 0x1, 0x0, r1, &(0x7f0000000000), 0x16000}])

09:18:44 executing program 1:
r0 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r1=>0x0)
io_submit(r1, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0x8, 0x1, 0x0, 0xffffffffffffffff, &(0x7f0000000000), 0x16000}])

[  302.972648][T28917]  loop3: p1 p3 p4
[  302.976480][T28917] loop3: p1 size 11290111 extends beyond EOD, truncated
[  302.987486][T28917] loop3: p3 size 1912633224 extends beyond EOD, truncated
[  302.995277][T28917] loop3: p4 size 3657465856 extends beyond EOD, truncated
[  303.021455][ T1041]  loop1: p2 < > p3 p4
[  303.025638][ T1041] loop1: p2 size 2 extends beyond EOD, truncated
[  303.052593][ T1041] loop1: p3 start 225 is beyond EOD, truncated
[  303.059023][ T1041] loop1: p4 size 3657465856 extends beyond EOD, truncated
[  303.141072][ T1041]  loop1: p2 < > p3 p4
[  303.145266][ T1041] loop1: p2 size 2 extends beyond EOD, truncated
[  303.155926][ T1041] loop1: p3 start 225 is beyond EOD, truncated
[  303.162434][ T1041] loop1: p4 size 3657465856 extends beyond EOD, truncated
[  303.174313][T28920] FAULT_INJECTION: forcing a failure.
[  303.174313][T28920] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  303.187739][T28920] CPU: 1 PID: 28920 Comm: syz-executor.0 Not tainted 5.14.0-rc4-syzkaller #0
[  303.196933][T28920] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  303.207081][T28920] Call Trace:
[  303.210353][T28920]  dump_stack_lvl+0xb7/0x103
[  303.214941][T28920]  dump_stack+0x11/0x1a
[  303.219103][T28920]  should_fail+0x23c/0x250
[  303.223587][T28920]  __alloc_pages+0x102/0x320
[  303.228172][T28920]  alloc_pages_vma+0x513/0x680
[  303.232977][T28920]  ? page_address_in_vma+0x264/0x300
[  303.238257][T28920]  new_page+0x124/0x170
[  303.242408][T28920]  migrate_pages+0x3b3/0x1530
[  303.247073][T28920]  ? do_mbind+0xf50/0xf50
[  303.251459][T28920]  ? remove_migration_ptes+0x90/0x90
[  303.256744][T28920]  do_mbind+0xd43/0xf50
[  303.260897][T28920]  __x64_sys_mbind+0x10a/0x130
[  303.265644][T28920]  do_syscall_64+0x3d/0x90
[  303.270048][T28920]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  303.275977][T28920] RIP: 0033:0x4665e9
[  303.279958][T28920] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  303.299562][T28920] RSP: 002b:00007f21c691d188 EFLAGS: 00000246 ORIG_RAX: 00000000000000ed
[  303.308058][T28920] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665e9
[  303.316023][T28920] RDX: 0000000000000000 RSI: 0000000000800004 RDI: 00000000203b5000
[  303.324148][T28920] RBP: 00007f21c691d1d0 R08: 0000000000000000 R09: 0000000000000002
[  303.332231][T28920] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  303.340280][T28920] R13: 00007ffd632b736f R14: 00007f21c691d300 R15: 0000000000022000
09:18:45 executing program 0 (fault-call:2 fault-nth:47):
mlockall(0x1)
mremap(&(0x7f0000453000/0x4000)=nil, 0x4000, 0x1000, 0x3, &(0x7f000014a000/0x1000)=nil)
mbind(&(0x7f00003b5000/0x800000)=nil, 0x800004, 0x0, 0x0, 0x0, 0x2)

09:18:45 executing program 3:
syz_read_part_table(0x100000000000000, 0x1, &(0x7f0000000480)=[{&(0x7f0000000000)="020181ffffff0a000000ff45ac000000000063000800000000000000000000ffffffa9000000e10000008877007200300700a6ffffff00000000008000da55aa", 0x40, 0x1c0}])
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)

09:18:45 executing program 4:
mkdir(&(0x7f0000002200)='./file0\x00', 0x0)
r0 = open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0)
preadv(0xffffffffffffffff, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
name_to_handle_at(r1, &(0x7f00000002c0)='./file1\x00', &(0x7f0000000300)=ANY=[@ANYBLOB="1c00000082000000fbffffffffffffff08000000000000000300f0ca6b00000009000000"], &(0x7f0000000340), 0x400)
getdents(r0, &(0x7f00000005c0)=""/223, 0xfc61)

09:18:45 executing program 1:
r0 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r1=>0x0)
io_submit(r1, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0x8, 0x1, 0x0, 0xffffffffffffffff, &(0x7f0000000000), 0x16000}])

09:18:45 executing program 2:
r0 = open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x1800007, 0x11, r0, 0x0)
r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r2=>0x0)
ftruncate(r1, 0x81fd)
syz_open_dev$vcsu(&(0x7f0000001700), 0x0, 0x0)
sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000003980)=[{0x0}], 0x1}, 0x0)
io_submit(r2, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0x23295, 0x1, 0x0, r1, &(0x7f0000000000), 0x16000}])

[  303.583590][T28991] loop3: detected capacity change from 0 to 264192
[  303.649828][T28991]  loop3: p1 p3 p4
[  303.654158][T28991] loop3: p1 size 11290111 extends beyond EOD, truncated
[  303.673553][T28991] loop3: p3 size 1912633224 extends beyond EOD, truncated
[  303.686930][ T1041]  loop1: p2 < > p3 p4
[  303.691887][ T1041] loop1: p2 size 2 extends beyond EOD, truncated
[  303.705721][ T1041] loop1: p3 start 225 is beyond EOD, truncated
[  303.711923][ T1041] loop1: p4 size 3657465856 extends beyond EOD, truncated
[  303.727760][T28991] loop3: p4 size 3657465856 extends beyond EOD, truncated
09:18:45 executing program 5:
mlockall(0x1)
mremap(&(0x7f0000453000/0x4000)=nil, 0x4000, 0x1000, 0x3, &(0x7f000014a000/0x1000)=nil)
mbind(&(0x7f00003b5000/0x800000)=nil, 0x800004, 0xffbfffff00000000, 0x0, 0x0, 0x2)

09:18:45 executing program 4:
mkdir(&(0x7f0000002200)='./file0\x00', 0x0)
r0 = open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0)
preadv(r1, 0x0, 0x0, 0xd9f, 0x0)
name_to_handle_at(r1, &(0x7f00000002c0)='./file1\x00', &(0x7f0000000300)=ANY=[@ANYBLOB="1c00000082000000fbffffffffffffff08000000000000000300f0ca6b00000009000000"], &(0x7f0000000340), 0x400)
getdents(r0, &(0x7f00000005c0)=""/223, 0xfc61)

09:18:45 executing program 1:
r0 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r1=>0x0)
io_submit(r1, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0x8, 0x1, 0x0, r0, 0x0}])

09:18:45 executing program 2:
r0 = open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x1800007, 0x11, r0, 0x0)
r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r2=>0x0)
ftruncate(r1, 0x81fd)
syz_open_dev$vcsu(&(0x7f0000001700), 0x0, 0x0)
sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000003980)=[{0x0}], 0x1}, 0x0)
io_submit(r2, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0x38002, 0x1, 0x0, r1, &(0x7f0000000000), 0x16000}])

[  303.795651][T28993] FAULT_INJECTION: forcing a failure.
[  303.795651][T28993] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  303.808905][T28993] CPU: 0 PID: 28993 Comm: syz-executor.0 Not tainted 5.14.0-rc4-syzkaller #0
[  303.817702][T28993] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  303.828103][T28993] Call Trace:
[  303.831388][T28993]  dump_stack_lvl+0xb7/0x103
[  303.836149][T28993]  dump_stack+0x11/0x1a
[  303.840482][T28993]  should_fail+0x23c/0x250
[  303.844931][T28993]  __alloc_pages+0x102/0x320
[  303.849528][T28993]  alloc_pages_vma+0x513/0x680
[  303.854342][T28993]  ? page_address_in_vma+0x264/0x300
[  303.859729][T28993]  new_page+0x124/0x170
[  303.863913][T28993]  migrate_pages+0x3b3/0x1530
[  303.865857][T28991] loop3: detected capacity change from 0 to 264192
[  303.869024][T28993]  ? do_mbind+0xf50/0xf50
[  303.869048][T28993]  ? remove_migration_ptes+0x90/0x90
[  303.885764][T28993]  do_mbind+0xd43/0xf50
[  303.889923][T28993]  __x64_sys_mbind+0x10a/0x130
[  303.894726][T28993]  do_syscall_64+0x3d/0x90
[  303.899135][T28993]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  303.905044][T28993] RIP: 0033:0x4665e9
[  303.908919][T28993] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  303.928574][T28993] RSP: 002b:00007f21c691d188 EFLAGS: 00000246 ORIG_RAX: 00000000000000ed
[  303.937014][T28993] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665e9
[  303.945225][T28993] RDX: 0000000000000000 RSI: 0000000000800004 RDI: 00000000203b5000
[  303.953360][T28993] RBP: 00007f21c691d1d0 R08: 0000000000000000 R09: 0000000000000002
[  303.961438][T28993] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  303.969575][T28993] R13: 00007ffd632b736f R14: 00007f21c691d300 R15: 0000000000022000
09:18:45 executing program 4:
mkdir(&(0x7f0000002200)='./file0\x00', 0x0)
r0 = open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0)
preadv(r1, 0x0, 0x0, 0xd9f, 0x0)
name_to_handle_at(r1, &(0x7f00000002c0)='./file1\x00', &(0x7f0000000300)=ANY=[@ANYBLOB="1c00000082000000fbffffffffffffff08000000000000000300f0ca6b00000009000000"], &(0x7f0000000340), 0x400)
getdents(r0, &(0x7f00000005c0)=""/223, 0xfc61)

[  304.021876][T28991]  loop3: p1 p3 p4
09:18:45 executing program 1:
r0 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r1=>0x0)
io_submit(r1, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0x8, 0x1, 0x0, r0, 0x0}])

09:18:45 executing program 3:
syz_read_part_table(0x200000000000000, 0x1, &(0x7f0000000480)=[{&(0x7f0000000000)="020181ffffff0a000000ff45ac000000000063000800000000000000000000ffffffa9000000e10000008877007200300700a6ffffff00000000008000da55aa", 0x40, 0x1c0}])
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)

[  304.048463][T28991] loop3: p1 size 11290111 extends beyond EOD, truncated
[  304.063394][T28991] loop3: p3 size 1912633224 extends beyond EOD, truncated
[  304.072102][T28991] loop3: p4 size 3657465856 extends beyond EOD, truncated
[  304.113701][ T1041]  loop1: p2 < > p3 p4
[  304.121559][ T1041] loop1: p2 size 2 extends beyond EOD, truncated
[  304.131802][ T1041] loop1: p3 start 225 is beyond EOD, truncated
[  304.138058][ T1041] loop1: p4 size 3657465856 extends beyond EOD, truncated
[  304.248466][T29055] loop3: detected capacity change from 0 to 264192
[  304.259489][ T1041]  loop1: p2 < > p3 p4
[  304.263726][ T1041] loop1: p2 size 2 extends beyond EOD, truncated
[  304.271597][ T1041] loop1: p3 start 225 is beyond EOD, truncated
[  304.277799][ T1041] loop1: p4 size 3657465856 extends beyond EOD, truncated
[  304.309481][T29055]  loop3: p1 p3 p4
[  304.313371][T29055] loop3: p1 size 11290111 extends beyond EOD, truncated
[  304.327278][T29055] loop3: p3 size 1912633224 extends beyond EOD, truncated
[  304.339452][T29055] loop3: p4 size 3657465856 extends beyond EOD, truncated
09:18:46 executing program 0 (fault-call:2 fault-nth:48):
mlockall(0x1)
mremap(&(0x7f0000453000/0x4000)=nil, 0x4000, 0x1000, 0x3, &(0x7f000014a000/0x1000)=nil)
mbind(&(0x7f00003b5000/0x800000)=nil, 0x800004, 0x0, 0x0, 0x0, 0x2)

09:18:46 executing program 4:
mkdir(&(0x7f0000002200)='./file0\x00', 0x0)
r0 = open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0)
preadv(r1, 0x0, 0x0, 0xd9f, 0x0)
name_to_handle_at(r1, &(0x7f00000002c0)='./file1\x00', &(0x7f0000000300)=ANY=[@ANYBLOB="1c00000082000000fbffffffffffffff08000000000000000300f0ca6b00000009000000"], &(0x7f0000000340), 0x400)
getdents(r0, &(0x7f00000005c0)=""/223, 0xfc61)

09:18:46 executing program 2:
r0 = open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x1800007, 0x11, r0, 0x0)
r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r2=>0x0)
ftruncate(r1, 0x81fd)
syz_open_dev$vcsu(&(0x7f0000001700), 0x0, 0x0)
sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000003980)=[{0x0}], 0x1}, 0x0)
io_submit(r2, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0x38008, 0x1, 0x0, r1, &(0x7f0000000000), 0x16000}])

09:18:46 executing program 1:
r0 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r1=>0x0)
io_submit(r1, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0x8, 0x1, 0x0, r0, 0x0}])

09:18:46 executing program 3:
syz_read_part_table(0x204000000000000, 0x1, &(0x7f0000000480)=[{&(0x7f0000000000)="020181ffffff0a000000ff45ac000000000063000800000000000000000000ffffffa9000000e10000008877007200300700a6ffffff00000000008000da55aa", 0x40, 0x1c0}])
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)

[  304.432773][ T1041]  loop3: p1 p3 p4
[  304.441084][ T1041] loop3: p1 size 11290111 extends beyond EOD, truncated
[  304.456382][ T1041] loop3: p3 size 1912633224 extends beyond EOD, truncated
[  304.467235][ T1041] loop3: p4 size 3657465856 extends beyond EOD, truncated
[  304.518943][T29090] loop3: detected capacity change from 0 to 264192
[  304.577761][T29090]  loop3: p1 p3 p4
[  304.581611][T29090] loop3: p1 size 11290111 extends beyond EOD, truncated
[  304.595257][T29090] loop3: p3 size 1912633224 extends beyond EOD, truncated
[  304.625763][T29090] loop3: p4 size 3657465856 extends beyond EOD, truncated
[  304.653867][ T1041]  loop3: p1 p3 p4
[  304.657855][ T1041] loop3: p1 size 11290111 extends beyond EOD, truncated
09:18:46 executing program 5:
mlockall(0x1)
mremap(&(0x7f0000453000/0x4000)=nil, 0x4000, 0x1000, 0x3, &(0x7f000014a000/0x1000)=nil)
mbind(&(0x7f00003b5000/0x800000)=nil, 0x800004, 0xffffffff00000000, 0x0, 0x0, 0x2)

09:18:46 executing program 4:
mkdir(&(0x7f0000002200)='./file0\x00', 0x0)
r0 = open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0x0, 0x0)
name_to_handle_at(r1, &(0x7f00000002c0)='./file1\x00', &(0x7f0000000300)=ANY=[@ANYBLOB="1c00000082000000fbffffffffffffff08000000000000000300f0ca6b00000009000000"], &(0x7f0000000340), 0x400)
getdents(r0, &(0x7f00000005c0)=""/223, 0xfc61)

09:18:46 executing program 1:
r0 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200))
io_submit(0x0, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0x8, 0x1, 0x0, r0, &(0x7f0000000000), 0x16000}])

09:18:46 executing program 2:
r0 = open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x1800007, 0x11, r0, 0x0)
r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r2=>0x0)
ftruncate(r1, 0x81fd)
syz_open_dev$vcsu(&(0x7f0000001700), 0x0, 0x0)
sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000003980)=[{0x0}], 0x1}, 0x0)
io_submit(r2, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0x38009, 0x1, 0x0, r1, &(0x7f0000000000), 0x16000}])

[  304.672929][ T1041] loop3: p3 size 1912633224 extends beyond EOD, truncated
[  304.687950][ T1041] loop3: p4 size 3657465856 extends beyond EOD, truncated
09:18:46 executing program 4:
mkdir(&(0x7f0000002200)='./file0\x00', 0x0)
r0 = open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0x0, 0x0)
name_to_handle_at(r1, &(0x7f00000002c0)='./file1\x00', &(0x7f0000000300)=ANY=[@ANYBLOB="1c00000082000000fbffffffffffffff08000000000000000300f0ca6b00000009000000"], &(0x7f0000000340), 0x400)
getdents(r0, &(0x7f00000005c0)=""/223, 0xfc61)

[  304.747456][T29090] loop3: detected capacity change from 0 to 264192
[  304.785066][ T1041]  loop1: p2 < > p3 p4
09:18:46 executing program 3:
syz_read_part_table(0x300000000000000, 0x1, &(0x7f0000000480)=[{&(0x7f0000000000)="020181ffffff0a000000ff45ac000000000063000800000000000000000000ffffffa9000000e10000008877007200300700a6ffffff00000000008000da55aa", 0x40, 0x1c0}])
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)

09:18:46 executing program 2:
r0 = open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x1800007, 0x11, r0, 0x0)
r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r2=>0x0)
ftruncate(r1, 0x81fd)
syz_open_dev$vcsu(&(0x7f0000001700), 0x0, 0x0)
sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000003980)=[{0x0}], 0x1}, 0x0)
io_submit(r2, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0x40000, 0x1, 0x0, r1, &(0x7f0000000000), 0x16000}])

[  304.794787][ T1041] loop1: p2 size 2 extends beyond EOD, truncated
[  304.829330][T29089] FAULT_INJECTION: forcing a failure.
[  304.829330][T29089] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  304.842590][T29089] CPU: 0 PID: 29089 Comm: syz-executor.0 Not tainted 5.14.0-rc4-syzkaller #0
[  304.851355][T29089] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  304.861492][T29089] Call Trace:
[  304.864856][T29089]  dump_stack_lvl+0xb7/0x103
[  304.869446][T29089]  dump_stack+0x11/0x1a
[  304.873735][T29089]  should_fail+0x23c/0x250
[  304.878252][T29089]  __alloc_pages+0x102/0x320
[  304.882929][T29089]  alloc_pages_vma+0x513/0x680
[  304.887730][T29089]  ? page_address_in_vma+0x264/0x300
[  304.893023][T29089]  new_page+0x124/0x170
[  304.897181][T29089]  migrate_pages+0x3b3/0x1530
[  304.901926][T29089]  ? do_mbind+0xf50/0xf50
[  304.906280][T29089]  ? remove_migration_ptes+0x90/0x90
[  304.907899][ T1041] loop1: p3 start 225 is beyond EOD, 
[  304.911599][T29089]  do_mbind+0xd43/0xf50
[  304.916978][ T1041] truncated
[  304.916985][ T1041] loop1: p4 size 3657465856 extends beyond EOD, 
[  304.921112][T29089]  __x64_sys_mbind+0x10a/0x130
[  304.921135][T29089]  do_syscall_64+0x3d/0x90
[  304.924242][ T1041] truncated
[  304.942862][T29089]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  304.948798][T29089] RIP: 0033:0x4665e9
[  304.952713][T29089] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  304.972384][T29089] RSP: 002b:00007f21c691d188 EFLAGS: 00000246 ORIG_RAX: 00000000000000ed
[  304.980791][T29089] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665e9
[  304.988758][T29089] RDX: 0000000000000000 RSI: 0000000000800004 RDI: 00000000203b5000
[  304.996822][T29089] RBP: 00007f21c691d1d0 R08: 0000000000000000 R09: 0000000000000002
[  305.004794][T29089] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  305.012780][T29089] R13: 00007ffd632b736f R14: 00007f21c691d300 R15: 0000000000022000
[  305.048147][T29148] loop3: detected capacity change from 0 to 264192
[  305.072370][ T1041]  loop1: p2 < > p3 p4
[  305.081161][ T1041] loop1: p2 size 2 extends beyond EOD, truncated
[  305.088126][T29148]  loop3: p1 p3 p4
[  305.092041][T29148] loop3: p1 size 11290111 extends beyond EOD, truncated
[  305.094537][ T1041] loop1: p3 start 225 is beyond EOD, truncated
[  305.105139][ T1041] loop1: p4 size 3657465856 extends beyond EOD, truncated
[  305.112588][T29148] loop3: p3 size 1912633224 extends beyond EOD, truncated
[  305.124771][T29148] loop3: p4 size 3657465856 extends beyond EOD, truncated
[  305.209429][T29065] print_req_error: 22 callbacks suppressed
[  305.209443][T29065] blk_update_request: I/O error, dev loop3, sector 263946 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 0
[  305.229131][T29063] blk_update_request: I/O error, dev loop3, sector 264033 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 0
[  305.242517][T29062] blk_update_request: I/O error, dev loop3, sector 264064 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 0
[  305.263013][  T710] blk_update_request: I/O error, dev loop3, sector 264033 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  305.263245][T29148] __loop_clr_fd: partition scan of loop3 failed (rc=-16)
[  305.274656][  T710] buffer_io_error: 16 callbacks suppressed
[  305.274666][  T710] Buffer I/O error on dev loop3p3, logical block 263808, async page read
[  305.297765][  T710] blk_update_request: I/O error, dev loop3, sector 264034 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  305.309455][  T710] Buffer I/O error on dev loop3p3, logical block 263809, async page read
[  305.317915][  T710] blk_update_request: I/O error, dev loop3, sector 264035 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  305.329648][  T710] Buffer I/O error on dev loop3p3, logical block 263810, async page read
[  305.338262][  T710] blk_update_request: I/O error, dev loop3, sector 264036 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  305.349699][  T710] Buffer I/O error on dev loop3p3, logical block 263811, async page read
09:18:46 executing program 0 (fault-call:2 fault-nth:49):
mlockall(0x1)
mremap(&(0x7f0000453000/0x4000)=nil, 0x4000, 0x1000, 0x3, &(0x7f000014a000/0x1000)=nil)
mbind(&(0x7f00003b5000/0x800000)=nil, 0x800004, 0x0, 0x0, 0x0, 0x2)

09:18:46 executing program 4:
mkdir(&(0x7f0000002200)='./file0\x00', 0x0)
r0 = open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0x0, 0x0)
name_to_handle_at(r1, &(0x7f00000002c0)='./file1\x00', &(0x7f0000000300)=ANY=[@ANYBLOB="1c00000082000000fbffffffffffffff08000000000000000300f0ca6b00000009000000"], &(0x7f0000000340), 0x400)
getdents(r0, &(0x7f00000005c0)=""/223, 0xfc61)

09:18:46 executing program 1 (fault-call:3 fault-nth:0):
r0 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r1=>0x0)
io_submit(r1, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0x8, 0x1, 0x0, r0, &(0x7f0000000000), 0x16000}])

09:18:46 executing program 2:
r0 = open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x1800007, 0x11, r0, 0x0)
r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r2=>0x0)
ftruncate(r1, 0x81fd)
syz_open_dev$vcsu(&(0x7f0000001700), 0x0, 0x0)
sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000003980)=[{0x0}], 0x1}, 0x0)
io_submit(r2, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0x100000, 0x1, 0x0, r1, &(0x7f0000000000), 0x16000}])

[  305.357552][T29148] loop3: detected capacity change from 0 to 264192
[  305.358164][  T710] blk_update_request: I/O error, dev loop3, sector 264037 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  305.376362][  T710] Buffer I/O error on dev loop3p3, logical block 263812, async page read
[  305.410428][T29148] loop_reread_partitions: partition scan of loop3 () failed (rc=-16)
09:18:47 executing program 3:
syz_read_part_table(0x400000000000000, 0x1, &(0x7f0000000480)=[{&(0x7f0000000000)="020181ffffff0a000000ff45ac000000000063000800000000000000000000ffffffa9000000e10000008877007200300700a6ffffff00000000008000da55aa", 0x40, 0x1c0}])
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)

[  305.488937][ T1041]  loop3: p1 p3 p4
[  305.496291][ T1041] loop3: p1 size 11290111 extends beyond EOD, truncated
[  305.505413][ T1041] loop3: p3 size 1912633224 extends beyond EOD, truncated
[  305.517615][T29183] FAULT_INJECTION: forcing a failure.
[  305.517615][T29183] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  305.530867][T29183] CPU: 0 PID: 29183 Comm: syz-executor.1 Not tainted 5.14.0-rc4-syzkaller #0
[  305.539729][T29183] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  305.550179][T29183] Call Trace:
[  305.553452][T29183]  dump_stack_lvl+0xb7/0x103
[  305.558037][T29183]  dump_stack+0x11/0x1a
[  305.562190][T29183]  should_fail+0x23c/0x250
[  305.566688][T29183]  should_fail_usercopy+0x16/0x20
[  305.571798][T29183]  _copy_from_user+0x1c/0xd0
[  305.576562][T29183]  io_submit_one+0x42/0x1350
[  305.581149][T29183]  ? asm_exc_page_fault+0x1e/0x30
09:18:47 executing program 5:
mlockall(0x1)
mremap(&(0x7f0000453000/0x4000)=nil, 0x4000, 0x1000, 0x3, &(0x7f000014a000/0x1000)=nil)
mbind(&(0x7f00003b5000/0x800000)=nil, 0x800004, 0x0, 0x0, 0x2, 0x2)

09:18:47 executing program 4:
mkdir(&(0x7f0000002200)='./file0\x00', 0x0)
r0 = open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
name_to_handle_at(0xffffffffffffffff, &(0x7f00000002c0)='./file1\x00', &(0x7f0000000300)=ANY=[@ANYBLOB="1c00000082000000fbffffffffffffff08000000000000000300f0ca6b00000009000000"], &(0x7f0000000340), 0x400)
getdents(r0, &(0x7f00000005c0)=""/223, 0xfc61)

[  305.586213][T29183]  ? __get_user_4+0x1c/0x30
[  305.590769][T29183]  __se_sys_io_submit+0xf5/0x260
[  305.595716][T29183]  __x64_sys_io_submit+0x3f/0x50
[  305.600704][T29183]  do_syscall_64+0x3d/0x90
[  305.605168][T29183]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  305.611148][T29183] RIP: 0033:0x4665e9
[  305.612027][ T1041] loop3: p4 size 3657465856 extends beyond EOD, 
[  305.615114][T29183] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  305.615123][ T1041] truncated
[  305.615135][T29183] RSP: 002b:00007fd3fe8ab188 EFLAGS: 00000246 ORIG_RAX: 00000000000000d1
[  305.652703][T29183] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665e9
[  305.660658][T29183] RDX: 0000000020000540 RSI: 000000000000003b RDI: 00007fd3fe882000
[  305.668613][T29183] RBP: 00007fd3fe8ab1d0 R08: 0000000000000000 R09: 0000000000000000
[  305.676763][T29183] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
09:18:47 executing program 2:
r0 = open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x1800007, 0x11, r0, 0x0)
r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r2=>0x0)
ftruncate(r1, 0x81fd)
syz_open_dev$vcsu(&(0x7f0000001700), 0x0, 0x0)
sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000003980)=[{0x0}], 0x1}, 0x0)
io_submit(r2, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0x100020, 0x1, 0x0, r1, &(0x7f0000000000), 0x16000}])

[  305.684814][T29183] R13: 00007ffedca9362f R14: 00007fd3fe8ab300 R15: 0000000000022000
09:18:47 executing program 4:
mkdir(&(0x7f0000002200)='./file0\x00', 0x0)
r0 = open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
name_to_handle_at(0xffffffffffffffff, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="1c00000082000000fbffffffffffffff08000000000000000300f0ca6b00000009000000"], &(0x7f0000000340), 0x400)
getdents(r0, &(0x7f00000005c0)=""/223, 0xfc61)

09:18:47 executing program 1 (fault-call:3 fault-nth:1):
r0 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r1=>0x0)
io_submit(r1, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0x8, 0x1, 0x0, r0, &(0x7f0000000000), 0x16000}])

09:18:47 executing program 2:
r0 = open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x1800007, 0x11, r0, 0x0)
r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r2=>0x0)
ftruncate(r1, 0x81fd)
syz_open_dev$vcsu(&(0x7f0000001700), 0x0, 0x0)
sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000003980)=[{0x0}], 0x1}, 0x0)
io_submit(r2, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0x104000, 0x1, 0x0, r1, &(0x7f0000000000), 0x16000}])

09:18:47 executing program 4:
mkdir(&(0x7f0000002200)='./file0\x00', 0x0)
r0 = open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
name_to_handle_at(0xffffffffffffffff, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="1c00000082000000fbffffffffffffff08000000000000000300f0ca6b00000009000000"], &(0x7f0000000340), 0x400)
getdents(r0, &(0x7f00000005c0)=""/223, 0xfc61)

[  305.831952][T29211] loop3: detected capacity change from 0 to 264192
[  305.849414][ T1041]  loop1: p2 < > p3 p4
[  305.859585][ T1041] loop1: p2 size 2 extends beyond EOD, truncated
[  305.880494][T29219] FAULT_INJECTION: forcing a failure.
[  305.880494][T29219] name failslab, interval 1, probability 0, space 0, times 0
[  305.880541][ T1041] loop1: p3 start 225 is beyond EOD, truncated
[  305.880558][ T1041] loop1: p4 size 3657465856 extends beyond EOD, 
[  305.893553][T29219] CPU: 0 PID: 29219 Comm: syz-executor.1 Not tainted 5.14.0-rc4-syzkaller #0
[  305.899828][ T1041] truncated
[  305.906136][T29219] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  305.917013][T29211]  loop3: p1 p3 p4
[  305.918133][T29219] Call Trace:
[  305.918142][T29219]  dump_stack_lvl+0xb7/0x103
[  305.936236][T29211] loop3: p1 size 11290111 extends beyond EOD, 
[  305.939860][T29219]  dump_stack+0x11/0x1a
[  305.939882][T29219]  should_fail+0x23c/0x250
[  305.946127][T29211] truncated
[  305.952491][T29211] loop3: p3 size 1912633224 extends beyond EOD, 
[  305.954830][T29219]  ? io_submit_one+0xb0/0x1350
[  305.957956][T29211] truncated
[  305.964245][T29219]  __should_failslab+0x81/0x90
[  305.964264][T29219]  should_failslab+0x5/0x20
[  305.964280][T29219]  kmem_cache_alloc+0x46/0x2e0
[  305.986333][T29219]  io_submit_one+0xb0/0x1350
[  305.990657][T29211] loop3: p4 size 3657465856 extends beyond EOD, truncated
[  305.990923][T29219]  ? asm_exc_page_fault+0x1e/0x30
[  306.003183][T29219]  __se_sys_io_submit+0xf5/0x260
[  306.008250][T29219]  __x64_sys_io_submit+0x3f/0x50
[  306.013188][T29219]  do_syscall_64+0x3d/0x90
[  306.017946][T29219]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  306.023875][T29219] RIP: 0033:0x4665e9
[  306.027778][T29219] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  306.048010][T29219] RSP: 002b:00007fd3fe8ab188 EFLAGS: 00000246 ORIG_RAX: 00000000000000d1
[  306.056418][T29219] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665e9
[  306.064386][T29219] RDX: 0000000020000540 RSI: 000000000000003b RDI: 00007fd3fe882000
[  306.072439][T29219] RBP: 00007fd3fe8ab1d0 R08: 0000000000000000 R09: 0000000000000000
[  306.080543][T29219] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  306.088600][T29219] R13: 00007ffedca9362f R14: 00007fd3fe8ab300 R15: 0000000000022000
[  306.121267][T29181] FAULT_INJECTION: forcing a failure.
[  306.121267][T29181] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  306.134609][T29181] CPU: 1 PID: 29181 Comm: syz-executor.0 Not tainted 5.14.0-rc4-syzkaller #0
[  306.143639][T29181] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  306.153719][T29181] Call Trace:
[  306.156995][T29181]  dump_stack_lvl+0xb7/0x103
[  306.161868][T29181]  dump_stack+0x11/0x1a
[  306.166185][T29181]  should_fail+0x23c/0x250
[  306.170639][T29181]  __alloc_pages+0x102/0x320
[  306.175252][T29181]  alloc_pages_vma+0x513/0x680
[  306.180025][T29181]  ? page_address_in_vma+0x264/0x300
[  306.185418][T29181]  new_page+0x124/0x170
[  306.189637][T29181]  migrate_pages+0x3b3/0x1530
[  306.194296][T29181]  ? do_mbind+0xf50/0xf50
[  306.198623][T29181]  ? remove_migration_ptes+0x90/0x90
[  306.203903][T29181]  do_mbind+0xd43/0xf50
[  306.208117][T29181]  __x64_sys_mbind+0x10a/0x130
[  306.213079][T29181]  do_syscall_64+0x3d/0x90
[  306.217655][T29181]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  306.223703][T29181] RIP: 0033:0x4665e9
[  306.227720][T29181] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  306.247513][T29181] RSP: 002b:00007f21c691d188 EFLAGS: 00000246 ORIG_RAX: 00000000000000ed
[  306.255934][T29181] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665e9
[  306.264068][T29181] RDX: 0000000000000000 RSI: 0000000000800004 RDI: 00000000203b5000
[  306.272113][T29181] RBP: 00007f21c691d1d0 R08: 0000000000000000 R09: 0000000000000002
[  306.280143][T29181] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  306.288207][T29181] R13: 00007ffd632b736f R14: 00007f21c691d300 R15: 0000000000022000
[  306.302924][T29200] blk_update_request: I/O error, dev loop3, sector 264064 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 0
[  306.308771][T29065] blk_update_request: I/O error, dev loop3, sector 263946 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 0
[  306.314714][  T710] Buffer I/O error on dev loop3p4, logical block 33008, async page read
[  306.333011][T29211] __loop_clr_fd: partition scan of loop3 failed (rc=-16)
[  306.334727][  T710] Buffer I/O error on dev loop3p3, logical block 263808, async page read
[  306.350203][  T710] Buffer I/O error on dev loop3p3, logical block 263809, async page read
[  306.358773][  T710] Buffer I/O error on dev loop3p3, logical block 263810, async page read
[  306.365428][T29211] loop3: detected capacity change from 0 to 264192
[  306.367235][  T710] Buffer I/O error on dev loop3p3, logical block 263811, async page read
[  306.461433][ T1041]  loop1: p2 < > p3 p4
[  306.465584][ T1041] loop1: p2 size 2 extends beyond EOD, truncated
[  306.475763][T29211] loop_reread_partitions: partition scan of loop3 () failed (rc=-16)
[  306.484792][ T1041] loop1: p3 start 225 is beyond EOD, truncated
[  306.491268][ T1041] loop1: p4 size 3657465856 extends beyond EOD, truncated
09:18:48 executing program 0 (fault-call:2 fault-nth:50):
mlockall(0x1)
mremap(&(0x7f0000453000/0x4000)=nil, 0x4000, 0x1000, 0x3, &(0x7f000014a000/0x1000)=nil)
mbind(&(0x7f00003b5000/0x800000)=nil, 0x800004, 0x0, 0x0, 0x0, 0x2)

09:18:48 executing program 4:
mkdir(&(0x7f0000002200)='./file0\x00', 0x0)
r0 = open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
name_to_handle_at(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000340), 0x400)
getdents(r0, &(0x7f00000005c0)=""/223, 0xfc61)

09:18:48 executing program 2:
r0 = open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x1800007, 0x11, r0, 0x0)
r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r2=>0x0)
ftruncate(r1, 0x81fd)
syz_open_dev$vcsu(&(0x7f0000001700), 0x0, 0x0)
sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000003980)=[{0x0}], 0x1}, 0x0)
io_submit(r2, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0x200020, 0x1, 0x0, r1, &(0x7f0000000000), 0x16000}])

09:18:48 executing program 1 (fault-call:3 fault-nth:2):
r0 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r1=>0x0)
io_submit(r1, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0x8, 0x1, 0x0, r0, &(0x7f0000000000), 0x16000}])

09:18:48 executing program 3:
syz_read_part_table(0x500000000000000, 0x1, &(0x7f0000000480)=[{&(0x7f0000000000)="020181ffffff0a000000ff45ac000000000063000800000000000000000000ffffffa9000000e10000008877007200300700a6ffffff00000000008000da55aa", 0x40, 0x1c0}])
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)

[  306.675927][T29261] FAULT_INJECTION: forcing a failure.
[  306.675927][T29261] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  306.689100][T29261] CPU: 0 PID: 29261 Comm: syz-executor.1 Not tainted 5.14.0-rc4-syzkaller #0
[  306.695299][T29265] loop3: detected capacity change from 0 to 264192
[  306.697862][T29261] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  306.697874][T29261] Call Trace:
[  306.697881][T29261]  dump_stack_lvl+0xb7/0x103
[  306.722347][T29261]  dump_stack+0x11/0x1a
[  306.726527][T29261]  should_fail+0x23c/0x250
[  306.731077][T29261]  should_fail_usercopy+0x16/0x20
[  306.736110][T29261]  _copy_from_user+0x1c/0xd0
[  306.740687][T29261]  io_submit_one+0x42/0x1350
[  306.745282][T29261]  __se_sys_io_submit+0xf5/0x260
[  306.750311][T29261]  __x64_sys_io_submit+0x3f/0x50
[  306.755319][T29261]  do_syscall_64+0x3d/0x90
[  306.759730][T29261]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  306.765697][T29261] RIP: 0033:0x4665e9
[  306.769642][T29261] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  306.789571][T29261] RSP: 002b:00007fd3fe8ab188 EFLAGS: 00000246 ORIG_RAX: 00000000000000d1
[  306.798169][T29261] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665e9
[  306.806154][T29261] RDX: 0000000020000540 RSI: 000000000000003b RDI: 00007fd3fe882000
[  306.814127][T29261] RBP: 00007fd3fe8ab1d0 R08: 0000000000000000 R09: 0000000000000000
[  306.822123][T29261] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  306.830128][T29261] R13: 00007ffedca9362f R14: 00007fd3fe8ab300 R15: 0000000000022000
[  306.848263][T29265]  loop3: p1 p3 p4
[  306.859826][T29265] loop3: p1 size 11290111 extends beyond EOD, truncated
[  306.871687][T29265] loop3: p3 size 1912633224 extends beyond EOD, truncated
[  306.890522][T29265] loop3: p4 size 3657465856 extends beyond EOD, truncated
[  306.941484][ T1041]  loop1: p2 < > p3 p4
[  306.945864][ T1041] loop1: p2 size 2 extends beyond EOD, truncated
[  306.971759][ T1041] loop1: p3 start 225 is beyond EOD, truncated
[  306.978488][ T1041] loop1: p4 size 3657465856 extends beyond EOD, truncated
[  306.988463][T29265] loop3: detected capacity change from 0 to 264192
[  307.026830][T29270] FAULT_INJECTION: forcing a failure.
[  307.026830][T29270] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  307.040350][T29270] CPU: 1 PID: 29270 Comm: syz-executor.0 Not tainted 5.14.0-rc4-syzkaller #0
[  307.049112][T29270] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  307.059260][T29270] Call Trace:
[  307.062538][T29270]  dump_stack_lvl+0xb7/0x103
[  307.067162][T29270]  dump_stack+0x11/0x1a
[  307.071310][T29270]  should_fail+0x23c/0x250
[  307.075726][T29270]  __alloc_pages+0x102/0x320
[  307.080351][T29270]  alloc_pages_vma+0x513/0x680
[  307.085284][T29270]  ? page_address_in_vma+0x264/0x300
[  307.090730][T29270]  new_page+0x124/0x170
[  307.094965][T29270]  migrate_pages+0x3b3/0x1530
[  307.099632][T29270]  ? do_mbind+0xf50/0xf50
[  307.103949][T29270]  ? remove_migration_ptes+0x90/0x90
[  307.109488][T29270]  do_mbind+0xd43/0xf50
[  307.113635][T29270]  __x64_sys_mbind+0x10a/0x130
[  307.118458][T29270]  do_syscall_64+0x3d/0x90
[  307.122873][T29270]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  307.128760][T29270] RIP: 0033:0x4665e9
[  307.132644][T29270] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  307.152514][T29270] RSP: 002b:00007f21c68fc188 EFLAGS: 00000246 ORIG_RAX: 00000000000000ed
[  307.160923][T29270] RAX: ffffffffffffffda RBX: 000000000056c038 RCX: 00000000004665e9
[  307.168895][T29270] RDX: 0000000000000000 RSI: 0000000000800004 RDI: 00000000203b5000
09:18:48 executing program 5:
mlockall(0x1)
mremap(&(0x7f0000453000/0x4000)=nil, 0x4000, 0x1000, 0x3, &(0x7f000014a000/0x1000)=nil)
mbind(&(0x7f00003b5000/0x800000)=nil, 0x800004, 0x0, 0x0, 0x3, 0x2)

09:18:48 executing program 4:
mkdir(&(0x7f0000002200)='./file0\x00', 0x0)
r0 = open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
name_to_handle_at(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000340), 0x400)
getdents(r0, &(0x7f00000005c0)=""/223, 0xfc61)

09:18:48 executing program 2:
r0 = open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x1800007, 0x11, r0, 0x0)
r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r2=>0x0)
ftruncate(r1, 0x81fd)
syz_open_dev$vcsu(&(0x7f0000001700), 0x0, 0x0)
sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000003980)=[{0x0}], 0x1}, 0x0)
io_submit(r2, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0x400000, 0x1, 0x0, r1, &(0x7f0000000000), 0x16000}])

09:18:48 executing program 1 (fault-call:3 fault-nth:3):
r0 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r1=>0x0)
io_submit(r1, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0x8, 0x1, 0x0, r0, &(0x7f0000000000), 0x16000}])

[  307.176868][T29270] RBP: 00007f21c68fc1d0 R08: 0000000000000000 R09: 0000000000000002
[  307.184848][T29270] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  307.192916][T29270] R13: 00007ffd632b736f R14: 00007f21c68fc300 R15: 0000000000022000
[  307.220032][T29265]  loop3: p1 p3 p4
[  307.224072][T29265] loop3: p1 size 11290111 extends beyond EOD, truncated
[  307.237278][T29265] loop3: p3 size 1912633224 extends beyond EOD, truncated
[  307.254809][T29265] loop3: p4 size 3657465856 extends beyond EOD, truncated
[  307.267666][T29299] FAULT_INJECTION: forcing a failure.
[  307.267666][T29299] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  307.280744][T29299] CPU: 1 PID: 29299 Comm: syz-executor.1 Not tainted 5.14.0-rc4-syzkaller #0
[  307.290539][T29299] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  307.300584][T29299] Call Trace:
[  307.303850][T29299]  dump_stack_lvl+0xb7/0x103
[  307.308434][T29299]  dump_stack+0x11/0x1a
[  307.312582][T29299]  should_fail+0x23c/0x250
09:18:48 executing program 3:
syz_read_part_table(0x600000000000000, 0x1, &(0x7f0000000480)=[{&(0x7f0000000000)="020181ffffff0a000000ff45ac000000000063000800000000000000000000ffffffa9000000e10000008877007200300700a6ffffff00000000008000da55aa", 0x40, 0x1c0}])
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)

[  307.317001][T29299]  should_fail_usercopy+0x16/0x20
[  307.322029][T29299]  _copy_to_user+0x1c/0x90
[  307.326478][T29299]  simple_read_from_buffer+0xab/0x120
[  307.331862][T29299]  proc_fail_nth_read+0xf6/0x140
[  307.336828][T29299]  ? rw_verify_area+0x136/0x250
[  307.341685][T29299]  ? proc_fault_inject_write+0x200/0x200
[  307.347395][T29299]  vfs_read+0x154/0x5d0
[  307.351645][T29299]  ? blk_flush_plug_list+0x23c/0x260
[  307.357042][T29299]  ? __fget_light+0x21b/0x260
[  307.361800][T29299]  ? __cond_resched+0x11/0x40
09:18:49 executing program 3:
syz_read_part_table(0x604000000000000, 0x1, &(0x7f0000000480)=[{&(0x7f0000000000)="020181ffffff0a000000ff45ac000000000063000800000000000000000000ffffffa9000000e10000008877007200300700a6ffffff00000000008000da55aa", 0x40, 0x1c0}])
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)

[  307.367071][T29299]  ksys_read+0xce/0x180
[  307.371297][T29299]  __x64_sys_read+0x3e/0x50
[  307.375794][T29299]  do_syscall_64+0x3d/0x90
[  307.380208][T29299]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  307.386096][T29299] RIP: 0033:0x41936c
[  307.389976][T29299] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 fc ff ff 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 2f fd ff ff 48
[  307.409772][T29299] RSP: 002b:00007fd3fe8ab170 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
09:18:49 executing program 4:
mkdir(&(0x7f0000002200)='./file0\x00', 0x0)
r0 = open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
name_to_handle_at(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000340), 0x400)
getdents(r0, &(0x7f00000005c0)=""/223, 0xfc61)

[  307.418437][T29299] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 000000000041936c
[  307.426511][T29299] RDX: 000000000000000f RSI: 00007fd3fe8ab1e0 RDI: 0000000000000004
[  307.434479][T29299] RBP: 00007fd3fe8ab1d0 R08: 0000000000000000 R09: 0000000000000000
[  307.442522][T29299] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  307.450516][T29299] R13: 00007ffedca9362f R14: 00007fd3fe8ab300 R15: 0000000000022000
[  307.597310][ T1041]  loop1: p2 < > p3 p4
[  307.601685][ T1041] loop1: p2 size 2 extends beyond EOD, truncated
[  307.617626][ T1041] loop1: p3 start 225 is beyond EOD, truncated
[  307.624282][ T1041] loop1: p4 size 3657465856 extends beyond EOD, truncated
09:18:49 executing program 0 (fault-call:2 fault-nth:51):
mlockall(0x1)
mremap(&(0x7f0000453000/0x4000)=nil, 0x4000, 0x1000, 0x3, &(0x7f000014a000/0x1000)=nil)
mbind(&(0x7f00003b5000/0x800000)=nil, 0x800004, 0x0, 0x0, 0x0, 0x2)

09:18:49 executing program 3:
syz_read_part_table(0x700000000000000, 0x1, &(0x7f0000000480)=[{&(0x7f0000000000)="020181ffffff0a000000ff45ac000000000063000800000000000000000000ffffffa9000000e10000008877007200300700a6ffffff00000000008000da55aa", 0x40, 0x1c0}])
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)

09:18:49 executing program 2:
r0 = open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x1800007, 0x11, r0, 0x0)
r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r2=>0x0)
ftruncate(r1, 0x81fd)
syz_open_dev$vcsu(&(0x7f0000001700), 0x0, 0x0)
sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000003980)=[{0x0}], 0x1}, 0x0)
io_submit(r2, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0x401000, 0x1, 0x0, r1, &(0x7f0000000000), 0x16000}])

09:18:49 executing program 4:
mkdir(&(0x7f0000002200)='./file0\x00', 0x0)
r0 = open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
name_to_handle_at(0xffffffffffffffff, 0x0, &(0x7f0000000300)=ANY=[], &(0x7f0000000340), 0x400)
getdents(r0, &(0x7f00000005c0)=""/223, 0xfc61)

09:18:49 executing program 1:
r0 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r1=>0x0)
io_submit(r1, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0x8, 0x1, 0x0, r0, &(0x7f0000000000), 0x16000}])

[  307.894566][T29349] loop3: detected capacity change from 0 to 264192
[  308.001397][T29349]  loop3: p1 p3 p4
[  308.006183][ T1041]  loop1: p2 < > p3 p4
[  308.010733][ T1041] loop1: p2 size 2 extends beyond EOD, truncated
[  308.017242][T29349] loop3: p1 size 11290111 extends beyond EOD, truncated
[  308.032023][ T1041] loop1: p3 start 225 is beyond EOD, truncated
[  308.038232][ T1041] loop1: p4 size 3657465856 extends beyond EOD, truncated
09:18:49 executing program 5:
mlockall(0x1)
mremap(&(0x7f0000453000/0x4000)=nil, 0x4000, 0x1000, 0x3, &(0x7f000014a000/0x1000)=nil)
mbind(&(0x7f00003b5000/0x800000)=nil, 0x800004, 0x0, 0x0, 0x4, 0x2)

09:18:49 executing program 4:
mkdir(&(0x7f0000002200)='./file0\x00', 0x0)
r0 = open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
name_to_handle_at(0xffffffffffffffff, 0x0, &(0x7f0000000300)=ANY=[], &(0x7f0000000340), 0x400)
getdents(r0, &(0x7f00000005c0)=""/223, 0xfc61)

09:18:49 executing program 1:
r0 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r1=>0x0)
io_submit(r1, 0x2, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0x8, 0x1, 0x0, r0, &(0x7f0000000000), 0x16000}])

09:18:49 executing program 2:
r0 = open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x1800007, 0x11, r0, 0x0)
r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r2=>0x0)
ftruncate(r1, 0x81fd)
syz_open_dev$vcsu(&(0x7f0000001700), 0x0, 0x0)
sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000003980)=[{0x0}], 0x1}, 0x0)
io_submit(r2, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0x4af000, 0x1, 0x0, r1, &(0x7f0000000000), 0x16000}])

[  308.047710][T29349] loop3: p3 size 1912633224 extends beyond EOD, truncated
09:18:49 executing program 4:
mkdir(&(0x7f0000002200)='./file0\x00', 0x0)
r0 = open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
name_to_handle_at(0xffffffffffffffff, 0x0, &(0x7f0000000300)=ANY=[], &(0x7f0000000340), 0x400)
getdents(r0, &(0x7f00000005c0)=""/223, 0xfc61)

[  308.087472][T29349] loop3: p4 size 3657465856 extends beyond EOD, truncated
09:18:49 executing program 3:
syz_read_part_table(0x800000000000000, 0x1, &(0x7f0000000480)=[{&(0x7f0000000000)="020181ffffff0a000000ff45ac000000000063000800000000000000000000ffffffa9000000e10000008877007200300700a6ffffff00000000008000da55aa", 0x40, 0x1c0}])
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)

09:18:49 executing program 1:
r0 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r1=>0x0)
io_submit(r1, 0x47f, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0x8, 0x1, 0x0, r0, &(0x7f0000000000), 0x16000}])

[  308.278323][ T1041]  loop1: p2 < > p3 p4
[  308.282678][ T1041] loop1: p2 size 2 extends beyond EOD, truncated
[  308.290158][ T1041] loop1: p3 start 225 is beyond EOD, truncated
[  308.294094][T29352] FAULT_INJECTION: forcing a failure.
[  308.294094][T29352] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  308.296387][ T1041] loop1: p4 size 3657465856 extends beyond EOD, truncated
[  308.309575][T29352] CPU: 1 PID: 29352 Comm: syz-executor.0 Not tainted 5.14.0-rc4-syzkaller #0
[  308.325517][T29352] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  308.335657][T29352] Call Trace:
[  308.338932][T29352]  dump_stack_lvl+0xb7/0x103
[  308.343538][T29352]  dump_stack+0x11/0x1a
[  308.347909][T29352]  should_fail+0x23c/0x250
[  308.352334][T29352]  __alloc_pages+0x102/0x320
[  308.356929][T29352]  alloc_pages_vma+0x513/0x680
[  308.361718][T29352]  ? page_address_in_vma+0x264/0x300
[  308.367085][T29352]  new_page+0x124/0x170
[  308.371310][T29352]  migrate_pages+0x3b3/0x1530
[  308.376001][T29352]  ? do_mbind+0xf50/0xf50
[  308.380449][T29352]  ? remove_migration_ptes+0x90/0x90
[  308.386117][T29352]  do_mbind+0xd43/0xf50
[  308.390296][T29352]  __x64_sys_mbind+0x10a/0x130
[  308.395076][T29352]  do_syscall_64+0x3d/0x90
[  308.399503][T29352]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  308.405493][T29352] RIP: 0033:0x4665e9
[  308.409470][T29352] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  308.429136][T29352] RSP: 002b:00007f21c691d188 EFLAGS: 00000246 ORIG_RAX: 00000000000000ed
[  308.437540][T29352] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665e9
[  308.445510][T29352] RDX: 0000000000000000 RSI: 0000000000800004 RDI: 00000000203b5000
[  308.453469][T29352] RBP: 00007f21c691d1d0 R08: 0000000000000000 R09: 0000000000000002
[  308.461447][T29352] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  308.469586][T29352] R13: 00007ffd632b736f R14: 00007f21c691d300 R15: 0000000000022000
09:18:50 executing program 0 (fault-call:2 fault-nth:52):
mlockall(0x1)
mremap(&(0x7f0000453000/0x4000)=nil, 0x4000, 0x1000, 0x3, &(0x7f000014a000/0x1000)=nil)
mbind(&(0x7f00003b5000/0x800000)=nil, 0x800004, 0x0, 0x0, 0x0, 0x2)

09:18:50 executing program 2:
r0 = open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x1800007, 0x11, r0, 0x0)
r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r2=>0x0)
ftruncate(r1, 0x81fd)
syz_open_dev$vcsu(&(0x7f0000001700), 0x0, 0x0)
sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000003980)=[{0x0}], 0x1}, 0x0)
io_submit(r2, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0x4fc000, 0x1, 0x0, r1, &(0x7f0000000000), 0x16000}])

09:18:50 executing program 4:
mkdir(&(0x7f0000002200)='./file0\x00', 0x0)
r0 = open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
name_to_handle_at(0xffffffffffffffff, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB], &(0x7f0000000340), 0x400)
getdents(r0, &(0x7f00000005c0)=""/223, 0xfc61)

09:18:50 executing program 3:
syz_read_part_table(0x900000000000000, 0x1, &(0x7f0000000480)=[{&(0x7f0000000000)="020181ffffff0a000000ff45ac000000000063000800000000000000000000ffffffa9000000e10000008877007200300700a6ffffff00000000008000da55aa", 0x40, 0x1c0}])
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)

09:18:50 executing program 1:
r0 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r1=>0x0)
io_submit(r1, 0xffffffffffffffff, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0x8, 0x1, 0x0, r0, &(0x7f0000000000), 0x16000}])

[  308.641279][ T1041]  loop1: p2 < > p3 p4
[  308.647888][ T1041] loop1: p2 size 2 extends beyond EOD, truncated
[  308.667578][ T1041] loop1: p3 start 225 is beyond EOD, truncated
[  308.673753][ T1041] loop1: p4 size 3657465856 extends beyond EOD, truncated
[  308.744991][T29420] loop3: detected capacity change from 0 to 264192
[  308.819566][T29420]  loop3: p1 p3 p4
[  308.828837][T29420] loop3: p1 size 11290111 extends beyond EOD, truncated
[  308.848231][T29420] loop3: p3 size 1912633224 extends beyond EOD, truncated
[  308.855880][T29420] loop3: p4 size 3657465856 extends beyond EOD, truncated
[  308.865672][ T1041]  loop1: p2 < > p3 p4
[  308.870053][ T1041] loop1: p2 size 2 extends beyond EOD, truncated
[  308.880839][ T1041] loop1: p3 start 225 is beyond EOD, truncated
[  308.887011][ T1041] loop1: p4 size 3657465856 extends beyond EOD, truncated
09:18:50 executing program 5:
mlockall(0x1)
mremap(&(0x7f0000453000/0x4000)=nil, 0x4000, 0x1000, 0x3, &(0x7f000014a000/0x1000)=nil)
mbind(&(0x7f00003b5000/0x800000)=nil, 0x800004, 0x0, 0x0, 0x7, 0x2)

09:18:50 executing program 4:
mkdir(&(0x7f0000002200)='./file0\x00', 0x0)
r0 = open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
name_to_handle_at(0xffffffffffffffff, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB], &(0x7f0000000340), 0x400)
getdents(r0, &(0x7f00000005c0)=""/223, 0xfc61)

09:18:50 executing program 2:
r0 = open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x1800007, 0x11, r0, 0x0)
r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r2=>0x0)
ftruncate(r1, 0x81fd)
syz_open_dev$vcsu(&(0x7f0000001700), 0x0, 0x0)
sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000003980)=[{0x0}], 0x1}, 0x0)
io_submit(r2, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0x540000, 0x1, 0x0, r1, &(0x7f0000000000), 0x16000}])

09:18:50 executing program 1:
r0 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r1=>0x0)
io_submit(r1, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0x8, 0x1, 0x0, r0, &(0x7f0000000000), 0x16000}])

[  308.931405][T29420] loop3: detected capacity change from 0 to 264192
09:18:50 executing program 4:
mkdir(&(0x7f0000002200)='./file0\x00', 0x0)
r0 = open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
name_to_handle_at(0xffffffffffffffff, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB], &(0x7f0000000340), 0x400)
getdents(r0, &(0x7f00000005c0)=""/223, 0xfc61)

[  308.994690][T29420]  loop3: p1 p3 p4
[  309.000749][T29420] loop3: p1 size 11290111 extends beyond EOD, truncated
[  309.023983][T29420] loop3: p3 size 1912633224 extends beyond EOD, truncated
09:18:50 executing program 4:
mkdir(&(0x7f0000002200)='./file0\x00', 0x0)
r0 = open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
name_to_handle_at(0xffffffffffffffff, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="1c00000082000000fbffffffffffffff0800"], &(0x7f0000000340), 0x400)
getdents(r0, &(0x7f00000005c0)=""/223, 0xfc61)

[  309.048726][T29420] loop3: p4 size 3657465856 extends beyond EOD, truncated
[  309.095960][T29422] FAULT_INJECTION: forcing a failure.
[  309.095960][T29422] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  309.109303][T29422] CPU: 1 PID: 29422 Comm: syz-executor.0 Not tainted 5.14.0-rc4-syzkaller #0
[  309.118074][T29422] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  309.128220][T29422] Call Trace:
[  309.131507][T29422]  dump_stack_lvl+0xb7/0x103
[  309.136215][T29422]  dump_stack+0x11/0x1a
[  309.140372][T29422]  should_fail+0x23c/0x250
[  309.144792][T29422]  __alloc_pages+0x102/0x320
[  309.149377][T29422]  alloc_pages_vma+0x513/0x680
[  309.154146][T29422]  ? page_address_in_vma+0x264/0x300
[  309.159560][T29422]  new_page+0x124/0x170
[  309.163741][T29422]  migrate_pages+0x3b3/0x1530
[  309.168416][T29422]  ? do_mbind+0xf50/0xf50
[  309.172789][T29422]  ? remove_migration_ptes+0x90/0x90
[  309.178207][T29422]  do_mbind+0xd43/0xf50
[  309.182552][T29422]  __x64_sys_mbind+0x10a/0x130
[  309.187504][T29422]  do_syscall_64+0x3d/0x90
09:18:50 executing program 4:
mkdir(&(0x7f0000002200)='./file0\x00', 0x0)
r0 = open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
name_to_handle_at(0xffffffffffffffff, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB], &(0x7f0000000340), 0x400)
getdents(r0, &(0x7f00000005c0)=""/223, 0xfc61)

[  309.191917][T29422]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  309.197809][T29422] RIP: 0033:0x4665e9
[  309.201776][T29422] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  309.221585][T29422] RSP: 002b:00007f21c691d188 EFLAGS: 00000246 ORIG_RAX: 00000000000000ed
[  309.230015][T29422] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665e9
[  309.238048][T29422] RDX: 0000000000000000 RSI: 0000000000800004 RDI: 00000000203b5000
[  309.246028][T29422] RBP: 00007f21c691d1d0 R08: 0000000000000000 R09: 0000000000000002
[  309.254046][T29422] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  309.262008][T29422] R13: 00007ffd632b736f R14: 00007f21c691d300 R15: 0000000000022000
[  309.336223][ T1041]  loop1: p2 < > p3 p4
[  309.343769][ T1041] loop1: p2 size 2 extends beyond EOD, truncated
[  309.361570][ T1041] loop1: p3 start 225 is beyond EOD, truncated
[  309.367818][ T1041] loop1: p4 size 3657465856 extends beyond EOD, truncated
09:18:51 executing program 0 (fault-call:2 fault-nth:53):
mlockall(0x1)
mremap(&(0x7f0000453000/0x4000)=nil, 0x4000, 0x1000, 0x3, &(0x7f000014a000/0x1000)=nil)
mbind(&(0x7f00003b5000/0x800000)=nil, 0x800004, 0x0, 0x0, 0x0, 0x2)

09:18:51 executing program 4:
mkdir(&(0x7f0000002200)='./file0\x00', 0x0)
r0 = open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
name_to_handle_at(0xffffffffffffffff, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB], &(0x7f0000000340), 0x400)
getdents(r0, &(0x7f00000005c0)=""/223, 0xfc61)

09:18:51 executing program 2:
r0 = open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x1800007, 0x11, r0, 0x0)
r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r2=>0x0)
ftruncate(r1, 0x81fd)
syz_open_dev$vcsu(&(0x7f0000001700), 0x0, 0x0)
sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000003980)=[{0x0}], 0x1}, 0x0)
io_submit(r2, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0x800000, 0x1, 0x0, r1, &(0x7f0000000000), 0x16000}])

09:18:51 executing program 3:
syz_read_part_table(0xa00000000000000, 0x1, &(0x7f0000000480)=[{&(0x7f0000000000)="020181ffffff0a000000ff45ac000000000063000800000000000000000000ffffffa9000000e10000008877007200300700a6ffffff00000000008000da55aa", 0x40, 0x1c0}])
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)

09:18:51 executing program 1:
r0 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r1=>0x0)
io_submit(r1, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x2, 0x8, 0x1, 0x0, r0, &(0x7f0000000000), 0x16000}])

[  309.578993][T29494] loop3: detected capacity change from 0 to 264192
[  309.607604][T29494]  loop3: p1 p3 p4
[  309.611708][T29494] loop3: p1 size 11290111 extends beyond EOD, truncated
[  309.620921][T29494] loop3: p3 size 1912633224 extends beyond EOD, truncated
[  309.629632][T29494] loop3: p4 size 3657465856 extends beyond EOD, truncated
09:18:51 executing program 5:
mlockall(0x1)
mremap(&(0x7f0000453000/0x4000)=nil, 0x4000, 0x1000, 0x3, &(0x7f000014a000/0x1000)=nil)
mbind(&(0x7f00003b5000/0x800000)=nil, 0x800004, 0x0, 0x0, 0x8, 0x2)

09:18:51 executing program 4:
mkdir(&(0x7f0000002200)='./file0\x00', 0x0)
r0 = open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
name_to_handle_at(0xffffffffffffffff, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB], &(0x7f0000000340), 0x400)
getdents(r0, &(0x7f00000005c0)=""/223, 0xfc61)

09:18:51 executing program 2:
r0 = open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x1800007, 0x11, r0, 0x0)
r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r2=>0x0)
ftruncate(r1, 0x81fd)
syz_open_dev$vcsu(&(0x7f0000001700), 0x0, 0x0)
sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000003980)=[{0x0}], 0x1}, 0x0)
io_submit(r2, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0x970000, 0x1, 0x0, r1, &(0x7f0000000000), 0x16000}])

09:18:51 executing program 3:
syz_read_part_table(0xb00000000000000, 0x1, &(0x7f0000000480)=[{&(0x7f0000000000)="020181ffffff0a000000ff45ac000000000063000800000000000000000000ffffffa9000000e10000008877007200300700a6ffffff00000000008000da55aa", 0x40, 0x1c0}])
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)

09:18:51 executing program 1:
r0 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r1=>0x0)
io_submit(r1, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x4, 0x8, 0x1, 0x0, r0, &(0x7f0000000000), 0x16000}])

[  309.823503][ T1041]  loop1: p2 < > p3 p4
09:18:51 executing program 4:
mkdir(&(0x7f0000002200)='./file0\x00', 0x0)
r0 = open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
name_to_handle_at(0xffffffffffffffff, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="1c00000082000000fb"], &(0x7f0000000340), 0x400)
getdents(r0, &(0x7f00000005c0)=""/223, 0xfc61)

[  309.847039][ T1041] loop1: p2 size 2 extends beyond EOD, truncated
[  309.857491][T29526] loop3: detected capacity change from 0 to 264192
[  309.878303][ T1041] loop1: p3 start 225 is beyond EOD, truncated
[  309.884496][ T1041] loop1: p4 size 3657465856 extends beyond EOD, truncated
[  309.888483][T29526]  loop3: p1 p3 p4
09:18:51 executing program 1:
r0 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r1=>0x0)
io_submit(r1, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x8, 0x8, 0x1, 0x0, r0, &(0x7f0000000000), 0x16000}])

[  309.898776][T29526] loop3: p1 size 11290111 extends beyond EOD, truncated
[  309.922504][T29526] loop3: p3 size 1912633224 extends beyond EOD, truncated
[  309.953874][T29526] loop3: p4 size 3657465856 extends beyond EOD, truncated
[  309.977960][T29495] FAULT_INJECTION: forcing a failure.
[  309.977960][T29495] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  309.991295][T29495] CPU: 0 PID: 29495 Comm: syz-executor.0 Not tainted 5.14.0-rc4-syzkaller #0
[  310.000060][T29495] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  310.010191][T29495] Call Trace:
[  310.013473][T29495]  dump_stack_lvl+0xb7/0x103
[  310.018414][T29495]  dump_stack+0x11/0x1a
[  310.022571][T29495]  should_fail+0x23c/0x250
[  310.027077][T29495]  __alloc_pages+0x102/0x320
[  310.027856][ T1041]  loop1: p2 < > p3 p4
[  310.031851][T29495]  alloc_pages_vma+0x513/0x680
[  310.040689][T29495]  ? page_address_in_vma+0x264/0x300
[  310.046079][T29495]  new_page+0x124/0x170
[  310.047175][ T1041] loop1: p2 size 2 extends beyond EOD, 
[  310.050258][T29495]  migrate_pages+0x3b3/0x1530
[  310.050279][T29495]  ? do_mbind+0xf50/0xf50
[  310.055820][ T1041] truncated
[  310.062638][ T1041] loop1: p3 start 225 is beyond EOD, 
[  310.064977][T29495]  ? remove_migration_ptes+0x90/0x90
[  310.068290][ T1041] truncated
[  310.073621][T29495]  do_mbind+0xd43/0xf50
[  310.078988][ T1041] loop1: p4 size 3657465856 extends beyond EOD, 
[  310.082334][T29495]  __x64_sys_mbind+0x10a/0x130
[  310.086460][ T1041] truncated
[  310.100582][T29495]  do_syscall_64+0x3d/0x90
[  310.105001][T29495]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  310.110899][T29495] RIP: 0033:0x4665e9
[  310.114800][T29495] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  310.134621][T29495] RSP: 002b:00007f21c691d188 EFLAGS: 00000246 ORIG_RAX: 00000000000000ed
[  310.143028][T29495] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665e9
[  310.151002][T29495] RDX: 0000000000000000 RSI: 0000000000800004 RDI: 00000000203b5000
[  310.158975][T29495] RBP: 00007f21c691d1d0 R08: 0000000000000000 R09: 0000000000000002
[  310.166990][T29495] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  310.175062][T29495] R13: 00007ffd632b736f R14: 00007f21c691d300 R15: 0000000000022000
[  310.273850][ T1041]  loop1: p2 < > p3 p4
[  310.278739][ T1041] loop1: p2 size 2 extends beyond EOD, truncated
[  310.286387][ T1041] loop1: p3 start 225 is beyond EOD, truncated
[  310.292583][ T1041] loop1: p4 size 3657465856 extends beyond EOD, truncated
09:18:52 executing program 0 (fault-call:2 fault-nth:54):
mlockall(0x1)
mremap(&(0x7f0000453000/0x4000)=nil, 0x4000, 0x1000, 0x3, &(0x7f000014a000/0x1000)=nil)
mbind(&(0x7f00003b5000/0x800000)=nil, 0x800004, 0x0, 0x0, 0x0, 0x2)

09:18:52 executing program 2:
r0 = open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x1800007, 0x11, r0, 0x0)
r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r2=>0x0)
ftruncate(r1, 0x81fd)
syz_open_dev$vcsu(&(0x7f0000001700), 0x0, 0x0)
sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000003980)=[{0x0}], 0x1}, 0x0)
io_submit(r2, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0xc04a01, 0x1, 0x0, r1, &(0x7f0000000000), 0x16000}])

09:18:52 executing program 4:
mkdir(&(0x7f0000002200)='./file0\x00', 0x0)
r0 = open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
name_to_handle_at(0xffffffffffffffff, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="1c00000082000000fb"], &(0x7f0000000340), 0x400)
getdents(r0, &(0x7f00000005c0)=""/223, 0xfc61)

09:18:52 executing program 3:
syz_read_part_table(0xc00000000000000, 0x1, &(0x7f0000000480)=[{&(0x7f0000000000)="020181ffffff0a000000ff45ac000000000063000800000000000000000000ffffffa9000000e10000008877007200300700a6ffffff00000000008000da55aa", 0x40, 0x1c0}])
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)

09:18:52 executing program 1:
r0 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r1=>0x0)
io_submit(r1, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x9, 0x8, 0x1, 0x0, r0, &(0x7f0000000000), 0x16000}])

[  310.529009][T29576] loop3: detected capacity change from 0 to 264192
[  310.588496][T29576]  loop3: p1 p3 p4
[  310.598916][ T1041]  loop1: p2 < > p3 p4
[  310.603059][ T1041] loop1: p2 size 2 extends beyond EOD, truncated
[  310.614579][T29576] loop3: p1 size 11290111 extends beyond EOD, truncated
09:18:52 executing program 5:
mlockall(0x1)
mremap(&(0x7f0000453000/0x4000)=nil, 0x4000, 0x1000, 0x3, &(0x7f000014a000/0x1000)=nil)
mbind(&(0x7f00003b5000/0x800000)=nil, 0x800004, 0x0, 0x0, 0x300, 0x2)

09:18:52 executing program 4:
mkdir(&(0x7f0000002200)='./file0\x00', 0x0)
r0 = open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
name_to_handle_at(0xffffffffffffffff, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="1c00000082000000fb"], &(0x7f0000000340), 0x400)
getdents(r0, &(0x7f00000005c0)=""/223, 0xfc61)

09:18:52 executing program 1:
r0 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r1=>0x0)
io_submit(r1, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x10, 0x8, 0x1, 0x0, r0, &(0x7f0000000000), 0x16000}])

09:18:52 executing program 2:
r0 = open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x1800007, 0x11, r0, 0x0)
r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r2=>0x0)
ftruncate(r1, 0x81fd)
syz_open_dev$vcsu(&(0x7f0000001700), 0x0, 0x0)
sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000003980)=[{0x0}], 0x1}, 0x0)
io_submit(r2, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0xc04f00, 0x1, 0x0, r1, &(0x7f0000000000), 0x16000}])

[  310.633988][T29576] loop3: p3 size 1912633224 extends beyond EOD, truncated
[  310.634502][ T1041] loop1: p3 start 225 is beyond EOD, truncated
[  310.647446][ T1041] loop1: p4 size 3657465856 extends beyond EOD, truncated
[  310.649464][T29576] loop3: p4 size 3657465856 extends beyond EOD, truncated
09:18:52 executing program 4:
mkdir(&(0x7f0000002200)='./file0\x00', 0x0)
r0 = open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
name_to_handle_at(0xffffffffffffffff, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="1c00000082000000fbffffffffff"], &(0x7f0000000340), 0x400)
getdents(r0, &(0x7f00000005c0)=""/223, 0xfc61)

09:18:52 executing program 1:
r0 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r1=>0x0)
io_submit(r1, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x408, 0x8, 0x1, 0x0, r0, &(0x7f0000000000), 0x16000}])

[  310.744336][T29576] loop3: detected capacity change from 0 to 264192
[  310.773910][ T1041]  loop1: p2 < > p3 p4
09:18:52 executing program 2:
r0 = open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x1800007, 0x11, r0, 0x0)
r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r2=>0x0)
ftruncate(r1, 0x81fd)
syz_open_dev$vcsu(&(0x7f0000001700), 0x0, 0x0)
sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000003980)=[{0x0}], 0x1}, 0x0)
io_submit(r2, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0xf04a00, 0x1, 0x0, r1, &(0x7f0000000000), 0x16000}])

[  310.802159][ T1041] loop1: p2 size 2 extends beyond EOD, truncated
[  310.824884][ T1041] loop1: p3 start 225 is beyond EOD, truncated
[  310.831104][ T1041] loop1: p4 size 3657465856 extends beyond EOD, truncated
[  310.838744][T29576]  loop3: p1 p3 p4
[  310.842618][T29576] loop3: p1 size 11290111 extends beyond EOD, truncated
[  310.861331][T29576] loop3: p3 size 1912633224 extends beyond EOD, truncated
[  310.877552][T29576] loop3: p4 size 3657465856 extends beyond EOD, truncated
[  310.923922][T29569] FAULT_INJECTION: forcing a failure.
[  310.923922][T29569] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  310.937288][T29569] CPU: 0 PID: 29569 Comm: syz-executor.0 Not tainted 5.14.0-rc4-syzkaller #0
[  310.946225][T29569] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  310.956278][T29569] Call Trace:
[  310.959550][T29569]  dump_stack_lvl+0xb7/0x103
[  310.964138][T29569]  dump_stack+0x11/0x1a
[  310.968282][T29569]  should_fail+0x23c/0x250
[  310.972703][T29569]  __alloc_pages+0x102/0x320
[  310.977329][T29569]  alloc_pages_vma+0x513/0x680
[  310.982114][T29569]  ? page_address_in_vma+0x264/0x300
[  310.987572][T29569]  new_page+0x124/0x170
[  310.991726][T29569]  migrate_pages+0x3b3/0x1530
[  310.996557][T29569]  ? do_mbind+0xf50/0xf50
[  311.000953][T29569]  ? remove_migration_ptes+0x90/0x90
[  311.006333][T29569]  do_mbind+0xd43/0xf50
[  311.010822][T29569]  __x64_sys_mbind+0x10a/0x130
[  311.015649][T29569]  do_syscall_64+0x3d/0x90
[  311.020280][T29569]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  311.026224][T29569] RIP: 0033:0x4665e9
[  311.030121][T29569] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  311.049968][T29569] RSP: 002b:00007f21c691d188 EFLAGS: 00000246 ORIG_RAX: 00000000000000ed
[  311.058422][T29569] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665e9
[  311.066397][T29569] RDX: 0000000000000000 RSI: 0000000000800004 RDI: 00000000203b5000
[  311.074450][T29569] RBP: 00007f21c691d1d0 R08: 0000000000000000 R09: 0000000000000002
[  311.082468][T29569] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  311.090436][T29569] R13: 00007ffd632b736f R14: 00007f21c691d300 R15: 0000000000022000
[  311.170717][ T1041]  loop1: p2 < > p3 p4
[  311.179467][ T1041] loop1: p2 size 2 extends beyond EOD, truncated
[  311.193779][ T1041] loop1: p3 start 225 is beyond EOD, truncated
[  311.200095][ T1041] loop1: p4 size 3657465856 extends beyond EOD, truncated
09:18:52 executing program 0 (fault-call:2 fault-nth:55):
mlockall(0x1)
mremap(&(0x7f0000453000/0x4000)=nil, 0x4000, 0x1000, 0x3, &(0x7f000014a000/0x1000)=nil)
mbind(&(0x7f00003b5000/0x800000)=nil, 0x800004, 0x0, 0x0, 0x0, 0x2)

09:18:52 executing program 4:
mkdir(&(0x7f0000002200)='./file0\x00', 0x0)
r0 = open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
name_to_handle_at(0xffffffffffffffff, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="1c00000082000000fbffffffffff"], &(0x7f0000000340), 0x400)
getdents(r0, &(0x7f00000005c0)=""/223, 0xfc61)

09:18:52 executing program 3:
syz_read_part_table(0xd00000000000000, 0x1, &(0x7f0000000480)=[{&(0x7f0000000000)="020181ffffff0a000000ff45ac000000000063000800000000000000000000ffffffa9000000e10000008877007200300700a6ffffff00000000008000da55aa", 0x40, 0x1c0}])
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)

09:18:52 executing program 1:
r0 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r1=>0x0)
io_submit(r1, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x804, 0x8, 0x1, 0x0, r0, &(0x7f0000000000), 0x16000}])

09:18:52 executing program 2:
r0 = open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x1800007, 0x11, r0, 0x0)
r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r2=>0x0)
ftruncate(r1, 0x81fd)
syz_open_dev$vcsu(&(0x7f0000001700), 0x0, 0x0)
sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000003980)=[{0x0}], 0x1}, 0x0)
io_submit(r2, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0x1000000, 0x1, 0x0, r1, &(0x7f0000000000), 0x16000}])

[  311.431102][T29653] loop3: detected capacity change from 0 to 264192
[  311.477533][T29653]  loop3: p1 p3 p4
[  311.481603][T29653] loop3: p1 size 11290111 extends beyond EOD, truncated
[  311.495359][T29653] loop3: p3 size 1912633224 extends beyond EOD, truncated
[  311.520731][ T1041]  loop1: p2 < > p3 p4
[  311.526261][T29653] loop3: p4 size 3657465856 extends beyond EOD, truncated
[  311.527232][ T1041] loop1: p2 size 2 extends beyond EOD, truncated
[  311.567679][ T1041] loop1: p3 start 225 is beyond EOD, truncated
[  311.573877][ T1041] loop1: p4 size 3657465856 extends beyond EOD, truncated
09:18:53 executing program 5:
mlockall(0x1)
mremap(&(0x7f0000453000/0x4000)=nil, 0x4000, 0x1000, 0x3, &(0x7f000014a000/0x1000)=nil)
mbind(&(0x7f00003b5000/0x800000)=nil, 0x800004, 0x0, 0x0, 0x700, 0x2)

09:18:53 executing program 4:
mkdir(&(0x7f0000002200)='./file0\x00', 0x0)
r0 = open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
name_to_handle_at(0xffffffffffffffff, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="1c00000082000000fbff"], &(0x7f0000000340), 0x400)
getdents(r0, &(0x7f00000005c0)=""/223, 0xfc61)

09:18:53 executing program 1:
r0 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r1=>0x0)
io_submit(r1, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x900, 0x8, 0x1, 0x0, r0, &(0x7f0000000000), 0x16000}])

09:18:53 executing program 2:
r0 = open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x1800007, 0x11, r0, 0x0)
r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r2=>0x0)
ftruncate(r1, 0x81fd)
syz_open_dev$vcsu(&(0x7f0000001700), 0x0, 0x0)
sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000003980)=[{0x0}], 0x1}, 0x0)
io_submit(r2, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0x14ac000, 0x1, 0x0, r1, &(0x7f0000000000), 0x16000}])

09:18:53 executing program 3:
syz_read_part_table(0xe00000000000000, 0x1, &(0x7f0000000480)=[{&(0x7f0000000000)="020181ffffff0a000000ff45ac000000000063000800000000000000000000ffffffa9000000e10000008877007200300700a6ffffff00000000008000da55aa", 0x40, 0x1c0}])
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)

09:18:53 executing program 4:
mkdir(&(0x7f0000002200)='./file0\x00', 0x0)
r0 = open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
name_to_handle_at(0xffffffffffffffff, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="1c0000008200"], &(0x7f0000000340), 0x400)
getdents(r0, &(0x7f00000005c0)=""/223, 0xfc61)

[  311.706617][T29687] loop3: detected capacity change from 0 to 264192
[  311.737588][T29687]  loop3: p1 p3 p4
[  311.742045][T29687] loop3: p1 size 11290111 extends beyond EOD, truncated
09:18:53 executing program 4:
mkdir(&(0x7f0000002200)='./file0\x00', 0x0)
r0 = open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
name_to_handle_at(0xffffffffffffffff, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="1c00"], &(0x7f0000000340), 0x400)
getdents(r0, &(0x7f00000005c0)=""/223, 0xfc61)

[  311.763797][T29687] loop3: p3 size 1912633224 extends beyond EOD, truncated
[  311.780422][T29687] loop3: p4 size 3657465856 extends beyond EOD, truncated
[  311.810388][ T1041]  loop1: p2 < > p3 p4
[  311.820169][ T1041] loop1: p2 size 2 extends beyond EOD, truncated
[  311.858304][ T1041] loop1: p3 start 225 is beyond EOD, truncated
[  311.864512][ T1041] loop1: p4 size 3657465856 extends beyond EOD, truncated
[  311.877039][T29655] FAULT_INJECTION: forcing a failure.
[  311.877039][T29655] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  311.890494][T29655] CPU: 1 PID: 29655 Comm: syz-executor.0 Not tainted 5.14.0-rc4-syzkaller #0
[  311.899309][T29655] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  311.909482][T29655] Call Trace:
[  311.912811][T29655]  dump_stack_lvl+0xb7/0x103
[  311.917421][T29655]  dump_stack+0x11/0x1a
[  311.921568][T29655]  should_fail+0x23c/0x250
[  311.925980][T29655]  __alloc_pages+0x102/0x320
[  311.930577][T29655]  alloc_pages_vma+0x513/0x680
[  311.935334][T29655]  ? page_address_in_vma+0x264/0x300
[  311.940614][T29655]  new_page+0x124/0x170
[  311.944801][T29655]  migrate_pages+0x3b3/0x1530
[  311.949559][T29655]  ? do_mbind+0xf50/0xf50
[  311.953889][T29655]  ? remove_migration_ptes+0x90/0x90
[  311.959171][T29655]  do_mbind+0xd43/0xf50
[  311.963320][T29655]  __x64_sys_mbind+0x10a/0x130
[  311.968112][T29655]  do_syscall_64+0x3d/0x90
[  311.972535][T29655]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  311.978425][T29655] RIP: 0033:0x4665e9
[  311.982299][T29655] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  312.002026][T29655] RSP: 002b:00007f21c691d188 EFLAGS: 00000246 ORIG_RAX: 00000000000000ed
[  312.010421][T29655] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665e9
[  312.018570][T29655] RDX: 0000000000000000 RSI: 0000000000800004 RDI: 00000000203b5000
[  312.026717][T29655] RBP: 00007f21c691d1d0 R08: 0000000000000000 R09: 0000000000000002
[  312.034859][T29655] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  312.042830][T29655] R13: 00007ffd632b736f R14: 00007f21c691d300 R15: 0000000000022000
[  312.067612][T29687] loop3: detected capacity change from 0 to 264192
[  312.127703][T29687]  loop3: p1 p3 p4
[  312.131837][T29687] loop3: p1 size 11290111 extends beyond EOD, truncated
[  312.146153][T29687] loop3: p3 size 1912633224 extends beyond EOD, truncated
[  312.161788][T29687] loop3: p4 size 3657465856 extends beyond EOD, truncated
[  312.179435][ T1041]  loop3: p1 p3 p4
[  312.183312][ T1041] loop3: p1 size 11290111 extends beyond EOD, truncated
[  312.207302][ T1041] loop3: p3 size 1912633224 extends beyond EOD, truncated
[  312.217589][ T1041] loop3: p4 size 3657465856 extends beyond EOD, truncated
09:18:53 executing program 0 (fault-call:2 fault-nth:56):
mlockall(0x1)
mremap(&(0x7f0000453000/0x4000)=nil, 0x4000, 0x1000, 0x3, &(0x7f000014a000/0x1000)=nil)
mbind(&(0x7f00003b5000/0x800000)=nil, 0x800004, 0x0, 0x0, 0x0, 0x2)

09:18:53 executing program 1:
r0 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r1=>0x0)
io_submit(r1, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x3f00, 0x8, 0x1, 0x0, r0, &(0x7f0000000000), 0x16000}])

09:18:53 executing program 2:
r0 = open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x1800007, 0x11, r0, 0x0)
r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r2=>0x0)
ftruncate(r1, 0x81fd)
syz_open_dev$vcsu(&(0x7f0000001700), 0x0, 0x0)
sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000003980)=[{0x0}], 0x1}, 0x0)
io_submit(r2, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0x180ffff, 0x1, 0x0, r1, &(0x7f0000000000), 0x16000}])

09:18:53 executing program 4:
mkdir(&(0x7f0000002200)='./file0\x00', 0x0)
r0 = open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
name_to_handle_at(0xffffffffffffffff, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="1c00"], &(0x7f0000000340), 0x400)
getdents(r0, &(0x7f00000005c0)=""/223, 0xfc61)

09:18:53 executing program 3:
syz_read_part_table(0xf00000000000000, 0x1, &(0x7f0000000480)=[{&(0x7f0000000000)="020181ffffff0a000000ff45ac000000000063000800000000000000000000ffffffa9000000e10000008877007200300700a6ffffff00000000008000da55aa", 0x40, 0x1c0}])
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)

[  312.383722][T29746] loop3: detected capacity change from 0 to 264192
[  312.438458][T29746]  loop3: p1 p3 p4
[  312.442417][T29746] loop3: p1 size 11290111 extends beyond EOD, truncated
[  312.456382][T29746] loop3: p3 size 1912633224 extends beyond EOD, truncated
[  312.472561][T29746] loop3: p4 size 3657465856 extends beyond EOD, truncated
[  312.497336][ T1041]  loop1: p2 < > p3 p4
[  312.501712][ T1041] loop1: p2 size 2 extends beyond EOD, truncated
[  312.531549][ T1041] loop1: p3 start 225 is beyond EOD, truncated
[  312.537934][ T1041] loop1: p4 size 3657465856 extends beyond EOD, truncated
09:18:54 executing program 5:
mlockall(0x1)
mremap(&(0x7f0000453000/0x4000)=nil, 0x4000, 0x1000, 0x3, &(0x7f000014a000/0x1000)=nil)
mbind(&(0x7f00003b5000/0x800000)=nil, 0x800004, 0x0, 0x0, 0x4000, 0x2)

09:18:54 executing program 4:
mkdir(&(0x7f0000002200)='./file0\x00', 0x0)
r0 = open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
name_to_handle_at(0xffffffffffffffff, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="1c00"], &(0x7f0000000340), 0x400)
getdents(r0, &(0x7f00000005c0)=""/223, 0xfc61)

09:18:54 executing program 2:
r0 = open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x1800007, 0x11, r0, 0x0)
r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r2=>0x0)
ftruncate(r1, 0x81fd)
syz_open_dev$vcsu(&(0x7f0000001700), 0x0, 0x0)
sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000003980)=[{0x0}], 0x1}, 0x0)
io_submit(r2, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0x2000000, 0x1, 0x0, r1, &(0x7f0000000000), 0x16000}])

09:18:54 executing program 1:
r0 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r1=>0x0)
io_submit(r1, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x4000, 0x8, 0x1, 0x0, r0, &(0x7f0000000000), 0x16000}])

09:18:54 executing program 3:
syz_read_part_table(0x1000000000000000, 0x1, &(0x7f0000000480)=[{&(0x7f0000000000)="020181ffffff0a000000ff45ac000000000063000800000000000000000000ffffffa9000000e10000008877007200300700a6ffffff00000000008000da55aa", 0x40, 0x1c0}])
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)

09:18:54 executing program 4:
mkdir(&(0x7f0000002200)='./file0\x00', 0x0)
r0 = open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
name_to_handle_at(0xffffffffffffffff, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="1c000000"], &(0x7f0000000340), 0x400)
getdents(r0, &(0x7f00000005c0)=""/223, 0xfc61)

09:18:54 executing program 4:
mkdir(&(0x7f0000002200)='./file0\x00', 0x0)
r0 = open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
name_to_handle_at(0xffffffffffffffff, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="1c000000"], &(0x7f0000000340), 0x400)
getdents(r0, &(0x7f00000005c0)=""/223, 0xfc61)

[  312.666702][T29778] loop3: detected capacity change from 0 to 264192
[  312.741635][T29778]  loop3: p1 p3 p4
[  312.751950][T29778] loop3: p1 size 11290111 extends beyond EOD, truncated
[  312.762111][T29778] loop3: p3 size 1912633224 extends beyond EOD, truncated
[  312.771498][ T1041]  loop1: p2 < > p3 p4
[  312.775650][ T1041] loop1: p2 size 2 extends beyond EOD, truncated
[  312.783661][T29778] loop3: p4 size 3657465856 extends beyond EOD, truncated
[  312.786467][T29749] FAULT_INJECTION: forcing a failure.
[  312.786467][T29749] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  312.793308][ T1041] loop1: p3 start 225 is beyond EOD, 
[  312.804506][T29749] CPU: 0 PID: 29749 Comm: syz-executor.0 Not tainted 5.14.0-rc4-syzkaller #0
[  312.809880][ T1041] truncated
[  312.818685][T29749] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  312.818697][T29749] Call Trace:
[  312.818703][T29749]  dump_stack_lvl+0xb7/0x103
[  312.818723][T29749]  dump_stack+0x11/0x1a
[  312.818738][T29749]  should_fail+0x23c/0x250
[  312.821826][ T1041] loop1: p4 size 3657465856 extends beyond EOD, 
[  312.831866][T29749]  __alloc_pages+0x102/0x320
[  312.831888][T29749]  alloc_pages_vma+0x513/0x680
[  312.835160][ T1041] truncated
[  312.867082][T29749]  ? page_address_in_vma+0x264/0x300
[  312.872426][T29749]  new_page+0x124/0x170
[  312.876606][T29749]  migrate_pages+0x3b3/0x1530
[  312.881310][T29749]  ? do_mbind+0xf50/0xf50
[  312.885641][T29749]  ? remove_migration_ptes+0x90/0x90
[  312.890976][T29749]  do_mbind+0xd43/0xf50
[  312.895128][T29749]  __x64_sys_mbind+0x10a/0x130
[  312.899919][T29749]  do_syscall_64+0x3d/0x90
[  312.904457][T29749]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  312.910347][T29749] RIP: 0033:0x4665e9
[  312.914225][T29749] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  312.934089][T29749] RSP: 002b:00007f21c691d188 EFLAGS: 00000246 ORIG_RAX: 00000000000000ed
[  312.942500][T29749] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665e9
[  312.950465][T29749] RDX: 0000000000000000 RSI: 0000000000800004 RDI: 00000000203b5000
[  312.958600][T29749] RBP: 00007f21c691d1d0 R08: 0000000000000000 R09: 0000000000000002
[  312.966722][T29749] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  312.974842][T29749] R13: 00007ffd632b736f R14: 00007f21c691d300 R15: 0000000000022000
[  313.013628][T29778] loop3: detected capacity change from 0 to 264192
[  313.069399][T29778]  loop3: p1 p3 p4
[  313.073535][T29778] loop3: p1 size 11290111 extends beyond EOD, truncated
[  313.089641][T29778] loop3: p3 size 1912633224 extends beyond EOD, truncated
[  313.104761][T29778] loop3: p4 size 3657465856 extends beyond EOD, truncated
09:18:54 executing program 0 (fault-call:2 fault-nth:57):
mlockall(0x1)
mremap(&(0x7f0000453000/0x4000)=nil, 0x4000, 0x1000, 0x3, &(0x7f000014a000/0x1000)=nil)
mbind(&(0x7f00003b5000/0x800000)=nil, 0x800004, 0x0, 0x0, 0x0, 0x2)

09:18:54 executing program 2:
r0 = open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x1800007, 0x11, r0, 0x0)
r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r2=>0x0)
ftruncate(r1, 0x81fd)
syz_open_dev$vcsu(&(0x7f0000001700), 0x0, 0x0)
sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000003980)=[{0x0}], 0x1}, 0x0)
io_submit(r2, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0x2040000, 0x1, 0x0, r1, &(0x7f0000000000), 0x16000}])

09:18:54 executing program 4:
mkdir(&(0x7f0000002200)='./file0\x00', 0x0)
r0 = open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
name_to_handle_at(0xffffffffffffffff, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="1c000000"], &(0x7f0000000340), 0x400)
getdents(r0, &(0x7f00000005c0)=""/223, 0xfc61)

09:18:54 executing program 1:
r0 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r1=>0x0)
io_submit(r1, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x5400, 0x8, 0x1, 0x0, r0, &(0x7f0000000000), 0x16000}])

09:18:54 executing program 3:
syz_read_part_table(0x1100000000000000, 0x1, &(0x7f0000000480)=[{&(0x7f0000000000)="020181ffffff0a000000ff45ac000000000063000800000000000000000000ffffffa9000000e10000008877007200300700a6ffffff00000000008000da55aa", 0x40, 0x1c0}])
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)

[  313.267917][T29830] loop3: detected capacity change from 0 to 264192
[  313.331609][T29830]  loop3: p1 p3 p4
[  313.337850][T29830] loop3: p1 size 11290111 extends beyond EOD, truncated
[  313.364086][ T1041]  loop1: p2 < > p3 p4
[  313.367634][T29830] loop3: p3 size 1912633224 extends beyond EOD, truncated
[  313.375799][ T1041] loop1: p2 size 2 extends beyond EOD, 
[  313.375800][T29830] loop3: p4 size 3657465856 extends beyond EOD, truncated
[  313.388477][ T1041] truncated
[  313.406416][ T1041] loop1: p3 start 225 is beyond EOD, truncated
[  313.412716][ T1041] loop1: p4 size 3657465856 extends beyond EOD, truncated
[  313.458284][T29830] loop3: detected capacity change from 0 to 264192
[  313.489756][T29830]  loop3: p1 p3 p4
[  313.493670][T29830] loop3: p1 size 11290111 extends beyond EOD, truncated
[  313.503405][T29821] FAULT_INJECTION: forcing a failure.
[  313.503405][T29821] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  313.507713][T29830] loop3: p3 size 1912633224 extends beyond EOD, truncated
[  313.516938][T29821] CPU: 1 PID: 29821 Comm: syz-executor.0 Not tainted 5.14.0-rc4-syzkaller #0
[  313.525167][T29830] loop3: p4 size 3657465856 extends beyond EOD, 
[  313.532763][T29821] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  313.532775][T29821] Call Trace:
[  313.532782][T29821]  dump_stack_lvl+0xb7/0x103
09:18:55 executing program 5:
mlockall(0x1)
mremap(&(0x7f0000453000/0x4000)=nil, 0x4000, 0x1000, 0x3, &(0x7f000014a000/0x1000)=nil)
mbind(&(0x7f00003b5000/0x800000)=nil, 0x800004, 0x0, 0x0, 0x18100, 0x2)

09:18:55 executing program 4:
mkdir(&(0x7f0000002200)='./file0\x00', 0x0)
r0 = open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
name_to_handle_at(0xffffffffffffffff, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="1c00"], &(0x7f0000000340), 0x400)
getdents(r0, &(0x7f00000005c0)=""/223, 0xfc61)

09:18:55 executing program 1:
r0 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r1=>0x0)
io_submit(r1, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x60ff, 0x8, 0x1, 0x0, r0, &(0x7f0000000000), 0x16000}])

09:18:55 executing program 2:
r0 = open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x1800007, 0x11, r0, 0x0)
r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r2=>0x0)
ftruncate(r1, 0x81fd)
syz_open_dev$vcsu(&(0x7f0000001700), 0x0, 0x0)
sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000003980)=[{0x0}], 0x1}, 0x0)
io_submit(r2, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0x2800300, 0x1, 0x0, r1, &(0x7f0000000000), 0x16000}])

[  313.539100][T29830] truncated
[  313.549265][T29821]  dump_stack+0x11/0x1a
[  313.564520][T29821]  should_fail+0x23c/0x250
[  313.569055][T29821]  __alloc_pages+0x102/0x320
[  313.573849][T29821]  alloc_pages_vma+0x513/0x680
[  313.578616][T29821]  ? page_address_in_vma+0x264/0x300
[  313.583915][T29821]  new_page+0x124/0x170
[  313.588077][T29821]  migrate_pages+0x3b3/0x1530
[  313.592744][T29821]  ? do_mbind+0xf50/0xf50
[  313.597109][T29821]  ? remove_migration_ptes+0x90/0x90
[  313.602384][T29821]  do_mbind+0xd43/0xf50
[  313.606890][T29821]  __x64_sys_mbind+0x10a/0x130
[  313.611906][T29821]  do_syscall_64+0x3d/0x90
[  313.616326][T29821]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  313.622216][T29821] RIP: 0033:0x4665e9
[  313.626110][T29821] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  313.645905][T29821] RSP: 002b:00007f21c691d188 EFLAGS: 00000246 ORIG_RAX: 00000000000000ed
09:18:55 executing program 3:
syz_read_part_table(0x1200000000000000, 0x1, &(0x7f0000000480)=[{&(0x7f0000000000)="020181ffffff0a000000ff45ac000000000063000800000000000000000000ffffffa9000000e10000008877007200300700a6ffffff00000000008000da55aa", 0x40, 0x1c0}])
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)

[  313.654319][T29821] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665e9
[  313.662476][T29821] RDX: 0000000000000000 RSI: 0000000000800004 RDI: 00000000203b5000
[  313.670460][T29821] RBP: 00007f21c691d1d0 R08: 0000000000000000 R09: 0000000000000002
[  313.678514][T29821] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  313.686492][T29821] R13: 00007ffd632b736f R14: 00007f21c691d300 R15: 0000000000022000
09:18:55 executing program 4:
mkdir(&(0x7f0000002200)='./file0\x00', 0x0)
r0 = open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
name_to_handle_at(0xffffffffffffffff, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB], &(0x7f0000000340), 0x400)
getdents(r0, &(0x7f00000005c0)=""/223, 0xfc61)

09:18:55 executing program 2:
r0 = open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x1800007, 0x11, r0, 0x0)
r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r2=>0x0)
ftruncate(r1, 0x81fd)
syz_open_dev$vcsu(&(0x7f0000001700), 0x0, 0x0)
sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000003980)=[{0x0}], 0x1}, 0x0)
io_submit(r2, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0x3000000, 0x1, 0x0, r1, &(0x7f0000000000), 0x16000}])

[  313.852405][ T1041]  loop1: p2 < > p3 p4
[  313.856761][ T1041] loop1: p2 size 2 extends beyond EOD, truncated
[  313.857568][T29882] loop3: detected capacity change from 0 to 264192
[  313.884994][ T1041] loop1: p3 start 225 is beyond EOD, truncated
[  313.891300][ T1041] loop1: p4 size 3657465856 extends beyond EOD, truncated
[  313.907312][T29882]  loop3: p1 p3 p4
[  313.911357][T29882] loop3: p1 size 11290111 extends beyond EOD, truncated
[  313.926958][T29882] loop3: p3 size 1912633224 extends beyond EOD, truncated
[  313.952291][T29882] loop3: p4 size 3657465856 extends beyond EOD, truncated
09:18:55 executing program 0 (fault-call:2 fault-nth:58):
mlockall(0x1)
mremap(&(0x7f0000453000/0x4000)=nil, 0x4000, 0x1000, 0x3, &(0x7f000014a000/0x1000)=nil)
mbind(&(0x7f00003b5000/0x800000)=nil, 0x800004, 0x0, 0x0, 0x0, 0x2)

09:18:55 executing program 1:
r0 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r1=>0x0)
io_submit(r1, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x8008, 0x8, 0x1, 0x0, r0, &(0x7f0000000000), 0x16000}])

09:18:55 executing program 4:
mkdir(&(0x7f0000002200)='./file0\x00', 0x0)
r0 = open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
name_to_handle_at(0xffffffffffffffff, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB], &(0x7f0000000340), 0x400)
getdents(r0, &(0x7f00000005c0)=""/223, 0xfc61)

09:18:55 executing program 2:
r0 = open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x1800007, 0x11, r0, 0x0)
r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r2=>0x0)
ftruncate(r1, 0x81fd)
syz_open_dev$vcsu(&(0x7f0000001700), 0x0, 0x0)
sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000003980)=[{0x0}], 0x1}, 0x0)
io_submit(r2, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0x4000000, 0x1, 0x0, r1, &(0x7f0000000000), 0x16000}])

09:18:55 executing program 4:
mkdir(&(0x7f0000002200)='./file0\x00', 0x0)
r0 = open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
name_to_handle_at(0xffffffffffffffff, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB], &(0x7f0000000340), 0x400)
getdents(r0, &(0x7f00000005c0)=""/223, 0xfc61)

[  314.057671][T29882] loop3: detected capacity change from 0 to 264192
[  314.150173][T29882]  loop3: p1 p3 p4
[  314.154498][T29882] loop3: p1 size 11290111 extends beyond EOD, truncated
[  314.175195][T29882] loop3: p3 size 1912633224 extends beyond EOD, truncated
[  314.207176][ T1041]  loop1: p2 < > p3 p4
[  314.211401][ T1041] loop1: p2 size 2 extends beyond EOD, truncated
[  314.226872][T29882] loop3: p4 size 3657465856 extends beyond EOD, truncated
[  314.234345][ T1041] loop1: p3 start 225 is beyond EOD, truncated
[  314.240881][ T1041] loop1: p4 size 3657465856 extends beyond EOD, truncated
[  314.309850][T29905] FAULT_INJECTION: forcing a failure.
[  314.309850][T29905] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  314.323745][T29905] CPU: 1 PID: 29905 Comm: syz-executor.0 Not tainted 5.14.0-rc4-syzkaller #0
[  314.332539][T29905] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  314.343198][T29905] Call Trace:
[  314.346482][T29905]  dump_stack_lvl+0xb7/0x103
[  314.351072][T29905]  dump_stack+0x11/0x1a
[  314.355319][T29905]  should_fail+0x23c/0x250
[  314.359736][T29905]  __alloc_pages+0x102/0x320
[  314.364501][T29905]  alloc_pages_vma+0x513/0x680
[  314.369256][T29905]  ? page_address_in_vma+0x264/0x300
[  314.374623][T29905]  new_page+0x124/0x170
[  314.378779][T29905]  migrate_pages+0x3b3/0x1530
[  314.383561][T29905]  ? do_mbind+0xf50/0xf50
[  314.387888][T29905]  ? remove_migration_ptes+0x90/0x90
[  314.393314][T29905]  do_mbind+0xd43/0xf50
[  314.397572][T29905]  __x64_sys_mbind+0x10a/0x130
[  314.402427][T29905]  do_syscall_64+0x3d/0x90
09:18:56 executing program 5:
mlockall(0x1)
mremap(&(0x7f0000453000/0x4000)=nil, 0x4000, 0x1000, 0x3, &(0x7f000014a000/0x1000)=nil)
mbind(&(0x7f00003b5000/0x800000)=nil, 0x800004, 0x0, 0x0, 0x810100, 0x2)

09:18:56 executing program 4:
mkdir(&(0x7f0000002200)='./file0\x00', 0x0)
r0 = open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
name_to_handle_at(0xffffffffffffffff, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="1c"], &(0x7f0000000340), 0x400)
getdents(r0, &(0x7f00000005c0)=""/223, 0xfc61)

09:18:56 executing program 1:
r0 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r1=>0x0)
io_submit(r1, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x9700, 0x8, 0x1, 0x0, r0, &(0x7f0000000000), 0x16000}])

09:18:56 executing program 2:
r0 = open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x1800007, 0x11, r0, 0x0)
r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r2=>0x0)
ftruncate(r1, 0x81fd)
syz_open_dev$vcsu(&(0x7f0000001700), 0x0, 0x0)
sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000003980)=[{0x0}], 0x1}, 0x0)
io_submit(r2, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0x5000000, 0x1, 0x0, r1, &(0x7f0000000000), 0x16000}])

09:18:56 executing program 3:
syz_read_part_table(0x1300000000000000, 0x1, &(0x7f0000000480)=[{&(0x7f0000000000)="020181ffffff0a000000ff45ac000000000063000800000000000000000000ffffffa9000000e10000008877007200300700a6ffffff00000000008000da55aa", 0x40, 0x1c0}])
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)

[  314.406943][T29905]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  314.412925][T29905] RIP: 0033:0x4665e9
[  314.416907][T29905] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  314.436943][T29905] RSP: 002b:00007f21c691d188 EFLAGS: 00000246 ORIG_RAX: 00000000000000ed
[  314.445740][T29905] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665e9
[  314.453909][T29905] RDX: 0000000000000000 RSI: 0000000000800004 RDI: 00000000203b5000
[  314.462015][T29905] RBP: 00007f21c691d1d0 R08: 0000000000000000 R09: 0000000000000002
[  314.470079][T29905] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  314.478047][T29905] R13: 00007ffd632b736f R14: 00007f21c691d300 R15: 0000000000022000
09:18:56 executing program 4:
mkdir(&(0x7f0000002200)='./file0\x00', 0x0)
r0 = open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
name_to_handle_at(0xffffffffffffffff, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB], &(0x7f0000000340), 0x400)
getdents(r0, &(0x7f00000005c0)=""/223, 0xfc61)

[  314.563382][T29946] loop3: detected capacity change from 0 to 264192
09:18:56 executing program 1:
r0 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r1=>0x0)
io_submit(r1, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0xff0f, 0x8, 0x1, 0x0, r0, &(0x7f0000000000), 0x16000}])

[  314.606241][T29946]  loop3: p1 p3 p4
[  314.610588][T29946] loop3: p1 size 11290111 extends beyond EOD, truncated
[  314.619892][T29946] loop3: p3 size 1912633224 extends beyond EOD, truncated
[  314.639991][ T1041]  loop1: p2 < > p3 p4
[  314.640059][T29946] loop3: p4 size 3657465856 extends beyond EOD, truncated
[  314.644229][ T1041] loop1: p2 size 2 extends beyond EOD, truncated
[  314.704413][ T1041] loop1: p3 start 225 is beyond EOD, truncated
[  314.710673][ T1041] loop1: p4 size 3657465856 extends beyond EOD, truncated
[  314.745399][T29946] loop3: detected capacity change from 0 to 264192
[  314.795900][T29946]  loop3: p1 p3 p4
[  314.800095][T29946] loop3: p1 size 11290111 extends beyond EOD, truncated
[  314.829416][T29946] loop3: p3 size 1912633224 extends beyond EOD, truncated
[  314.836917][ T1041]  loop1: p2 < > p3 p4
09:18:56 executing program 0 (fault-call:2 fault-nth:59):
mlockall(0x1)
mremap(&(0x7f0000453000/0x4000)=nil, 0x4000, 0x1000, 0x3, &(0x7f000014a000/0x1000)=nil)
mbind(&(0x7f00003b5000/0x800000)=nil, 0x800004, 0x0, 0x0, 0x0, 0x2)

09:18:56 executing program 2:
r0 = open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x1800007, 0x11, r0, 0x0)
r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r2=>0x0)
ftruncate(r1, 0x81fd)
syz_open_dev$vcsu(&(0x7f0000001700), 0x0, 0x0)
sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000003980)=[{0x0}], 0x1}, 0x0)
io_submit(r2, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0x5820000, 0x1, 0x0, r1, &(0x7f0000000000), 0x16000}])

09:18:56 executing program 4:
mkdir(&(0x7f0000002200)='./file0\x00', 0x0)
r0 = open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
name_to_handle_at(0xffffffffffffffff, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB], &(0x7f0000000340), 0x400)
getdents(r0, &(0x7f00000005c0)=""/223, 0xfc61)

09:18:56 executing program 1:
r0 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r1=>0x0)
io_submit(r1, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x16000, 0x8, 0x1, 0x0, r0, &(0x7f0000000000), 0x16000}])

09:18:56 executing program 3:
syz_read_part_table(0x2000000000000000, 0x1, &(0x7f0000000480)=[{&(0x7f0000000000)="020181ffffff0a000000ff45ac000000000063000800000000000000000000ffffffa9000000e10000008877007200300700a6ffffff00000000008000da55aa", 0x40, 0x1c0}])
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)

[  314.842007][ T1041] loop1: p2 size 2 extends beyond EOD, truncated
[  314.857125][T29946] loop3: p4 size 3657465856 extends beyond EOD, truncated
[  314.879680][ T1041] loop1: p3 start 225 is beyond EOD, truncated
[  314.886307][ T1041] loop1: p4 size 3657465856 extends beyond EOD, truncated
[  314.938750][T29782] print_req_error: 10 callbacks suppressed
[  314.938762][T29782] blk_update_request: I/O error, dev loop3, sector 263946 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 0
[  314.959921][T29751] blk_update_request: I/O error, dev loop3, sector 264033 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 0
[  314.972449][ T1778] __loop_clr_fd: partition scan of loop3 failed (rc=-16)
[  314.973644][T29771] blk_update_request: I/O error, dev loop3, sector 264064 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 0
[  315.013119][  T710] blk_update_request: I/O error, dev loop3, sector 264033 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  315.024603][  T710] buffer_io_error: 4 callbacks suppressed
[  315.024616][  T710] Buffer I/O error on dev loop3p3, logical block 263808, async page read
[  315.039110][  T710] blk_update_request: I/O error, dev loop3, sector 264034 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  315.050633][  T710] Buffer I/O error on dev loop3p3, logical block 263809, async page read
[  315.059492][T29996] loop3: detected capacity change from 0 to 264192
[  315.059552][  T710] blk_update_request: I/O error, dev loop3, sector 264035 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  315.077367][  T710] Buffer I/O error on dev loop3p3, logical block 263810, async page read
[  315.086204][  T710] blk_update_request: I/O error, dev loop3, sector 264036 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  315.097634][  T710] Buffer I/O error on dev loop3p3, logical block 263811, async page read
[  315.106903][ T1041]  loop1: p2 < > p3 p4
[  315.111623][ T1041] loop1: p2 size 2 extends beyond EOD, truncated
[  315.126218][ T1041] loop1: p3 start 225 is beyond EOD, truncated
[  315.132550][ T1041] loop1: p4 size 3657465856 extends beyond EOD, truncated
[  315.150623][T29996] loop_reread_partitions: partition scan of loop3 () failed (rc=-16)
[  315.193996][T29983] FAULT_INJECTION: forcing a failure.
[  315.193996][T29983] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  315.207504][T29983] CPU: 1 PID: 29983 Comm: syz-executor.0 Not tainted 5.14.0-rc4-syzkaller #0
[  315.216452][T29983] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  315.226523][T29983] Call Trace:
[  315.229803][T29983]  dump_stack_lvl+0xb7/0x103
[  315.234400][T29983]  dump_stack+0x11/0x1a
[  315.238560][T29983]  should_fail+0x23c/0x250
[  315.242975][T29983]  __alloc_pages+0x102/0x320
[  315.247565][T29983]  alloc_pages_vma+0x513/0x680
[  315.252373][T29983]  ? page_address_in_vma+0x264/0x300
[  315.257747][T29983]  new_page+0x124/0x170
[  315.262003][T29983]  migrate_pages+0x3b3/0x1530
[  315.266681][T29983]  ? do_mbind+0xf50/0xf50
[  315.270995][T29983]  ? remove_migration_ptes+0x90/0x90
[  315.276261][T29983]  do_mbind+0xd43/0xf50
[  315.280421][T29983]  __x64_sys_mbind+0x10a/0x130
[  315.285167][T29983]  do_syscall_64+0x3d/0x90
[  315.289587][T29983]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  315.295474][T29983] RIP: 0033:0x4665e9
[  315.299367][T29983] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  315.319014][T29983] RSP: 002b:00007f21c691d188 EFLAGS: 00000246 ORIG_RAX: 00000000000000ed
[  315.327422][T29983] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665e9
[  315.335652][T29983] RDX: 0000000000000000 RSI: 0000000000800004 RDI: 00000000203b5000
[  315.343677][T29983] RBP: 00007f21c691d1d0 R08: 0000000000000000 R09: 0000000000000002
[  315.351646][T29983] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  315.359606][T29983] R13: 00007ffd632b736f R14: 00007f21c691d300 R15: 0000000000022000
09:18:57 executing program 5:
mlockall(0x1)
mremap(&(0x7f0000453000/0x4000)=nil, 0x4000, 0x1000, 0x3, &(0x7f000014a000/0x1000)=nil)
mbind(&(0x7f00003b5000/0x800000)=nil, 0x800004, 0x0, 0x0, 0x1000000, 0x2)

09:18:57 executing program 4:
mkdir(&(0x7f0000002200)='./file0\x00', 0x0)
r0 = open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
name_to_handle_at(0xffffffffffffffff, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB], &(0x7f0000000340), 0x400)
getdents(r0, &(0x7f00000005c0)=""/223, 0xfc61)

09:18:57 executing program 1:
r0 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r1=>0x0)
io_submit(r1, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x104000, 0x8, 0x1, 0x0, r0, &(0x7f0000000000), 0x16000}])

09:18:57 executing program 2:
r0 = open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x1800007, 0x11, r0, 0x0)
r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r2=>0x0)
ftruncate(r1, 0x81fd)
syz_open_dev$vcsu(&(0x7f0000001700), 0x0, 0x0)
sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000003980)=[{0x0}], 0x1}, 0x0)
io_submit(r2, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0x6000000, 0x1, 0x0, r1, &(0x7f0000000000), 0x16000}])

09:18:57 executing program 3:
syz_read_part_table(0x2200000000000000, 0x1, &(0x7f0000000480)=[{&(0x7f0000000000)="020181ffffff0a000000ff45ac000000000063000800000000000000000000ffffffa9000000e10000008877007200300700a6ffffff00000000008000da55aa", 0x40, 0x1c0}])
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)

09:18:57 executing program 0 (fault-call:2 fault-nth:60):
mlockall(0x1)
mremap(&(0x7f0000453000/0x4000)=nil, 0x4000, 0x1000, 0x3, &(0x7f000014a000/0x1000)=nil)
mbind(&(0x7f00003b5000/0x800000)=nil, 0x800004, 0x0, 0x0, 0x0, 0x2)

09:18:57 executing program 4:
mkdir(&(0x7f0000002200)='./file0\x00', 0x0)
r0 = open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
name_to_handle_at(0xffffffffffffffff, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="1c"], 0x0, 0x400)
getdents(r0, &(0x7f00000005c0)=""/223, 0xfc61)

[  315.726224][T30029] loop3: detected capacity change from 0 to 264192
09:18:57 executing program 2:
r0 = open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x1800007, 0x11, r0, 0x0)
r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r2=>0x0)
ftruncate(r1, 0x81fd)
syz_open_dev$vcsu(&(0x7f0000001700), 0x0, 0x0)
sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000003980)=[{0x0}], 0x1}, 0x0)
io_submit(r2, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0x6040000, 0x1, 0x0, r1, &(0x7f0000000000), 0x16000}])

09:18:57 executing program 4:
mkdir(&(0x7f0000002200)='./file0\x00', 0x0)
r0 = open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
name_to_handle_at(0xffffffffffffffff, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="1c"], 0x0, 0x400)
getdents(r0, &(0x7f00000005c0)=""/223, 0xfc61)

09:18:57 executing program 1:
r0 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r1=>0x0)
io_submit(r1, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x400000, 0x8, 0x1, 0x0, r0, &(0x7f0000000000), 0x16000}])

[  315.778960][T30029]  loop3: p1 p3 p4
[  315.788909][T30029] loop3: p1 size 11290111 extends beyond EOD, truncated
[  315.816584][T30029] loop3: p3 size 1912633224 extends beyond EOD, truncated
[  315.863950][ T1041]  loop1: p2 < > p3 p4
[  315.867285][T30029] loop3: p4 size 3657465856 extends beyond EOD, truncated
[  315.879979][ T1041] loop1: p2 size 2 extends beyond EOD, truncated
09:18:57 executing program 4:
mkdir(&(0x7f0000002200)='./file0\x00', 0x0)
r0 = open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
name_to_handle_at(0xffffffffffffffff, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="1c"], 0x0, 0x400)
getdents(r0, &(0x7f00000005c0)=""/223, 0xfc61)

[  315.905430][ T1041] loop1: p3 start 225 is beyond EOD, truncated
[  315.911675][ T1041] loop1: p4 size 3657465856 extends beyond EOD, truncated
09:18:57 executing program 2:
r0 = open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x1800007, 0x11, r0, 0x0)
r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r2=>0x0)
ftruncate(r1, 0x81fd)
syz_open_dev$vcsu(&(0x7f0000001700), 0x0, 0x0)
sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000003980)=[{0x0}], 0x1}, 0x0)
io_submit(r2, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0x7000000, 0x1, 0x0, r1, &(0x7f0000000000), 0x16000}])

[  315.954382][T30029] loop3: detected capacity change from 0 to 264192
[  316.016361][T30029]  loop3: p1 p3 p4
[  316.020464][T30029] loop3: p1 size 11290111 extends beyond EOD, truncated
[  316.029762][ T1041]  loop1: p2 < > p3 p4
[  316.034129][ T1041] loop1: p2 size 2 extends beyond EOD, truncated
[  316.042794][T30029] loop3: p3 size 1912633224 extends beyond EOD, truncated
[  316.058822][ T1041] loop1: p3 start 225 is beyond EOD, truncated
[  316.064373][T30029] loop3: p4 size 3657465856 extends beyond EOD, truncated
[  316.065268][ T1041] loop1: p4 size 3657465856 extends beyond EOD, truncated
[  316.118474][T30034] FAULT_INJECTION: forcing a failure.
[  316.118474][T30034] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  316.132025][T30034] CPU: 1 PID: 30034 Comm: syz-executor.0 Not tainted 5.14.0-rc4-syzkaller #0
[  316.141162][T30034] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  316.151662][T30034] Call Trace:
[  316.155083][T30034]  dump_stack_lvl+0xb7/0x103
[  316.159774][T30034]  dump_stack+0x11/0x1a
[  316.164079][T30034]  should_fail+0x23c/0x250
[  316.168525][T30034]  __alloc_pages+0x102/0x320
[  316.173259][T30034]  alloc_pages_vma+0x513/0x680
[  316.178117][T30034]  ? page_address_in_vma+0x264/0x300
[  316.183417][T30034]  new_page+0x124/0x170
[  316.187564][T30034]  migrate_pages+0x3b3/0x1530
[  316.192291][T30034]  ? do_mbind+0xf50/0xf50
[  316.196705][T30034]  ? remove_migration_ptes+0x90/0x90
[  316.201986][T30034]  do_mbind+0xd43/0xf50
[  316.206164][T30034]  __x64_sys_mbind+0x10a/0x130
[  316.210978][T30034]  do_syscall_64+0x3d/0x90
[  316.215492][T30034]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  316.221822][T30034] RIP: 0033:0x4665e9
[  316.225726][T30034] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  316.246070][T30034] RSP: 002b:00007f21c691d188 EFLAGS: 00000246 ORIG_RAX: 00000000000000ed
[  316.254463][T30034] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665e9
[  316.262485][T30034] RDX: 0000000000000000 RSI: 0000000000800004 RDI: 00000000203b5000
[  316.270568][T30034] RBP: 00007f21c691d1d0 R08: 0000000000000000 R09: 0000000000000002
[  316.278831][T30034] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  316.286816][T30034] R13: 00007ffd632b736f R14: 00007f21c691d300 R15: 0000000000022000
[  316.308996][T30070] blk_update_request: I/O error, dev loop3, sector 263946 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 0
[  316.322191][T30043] blk_update_request: I/O error, dev loop3, sector 264033 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 0
[  316.335463][T30035] blk_update_request: I/O error, dev loop3, sector 264064 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 0
[  316.347359][ T1778] __loop_clr_fd: partition scan of loop3 failed (rc=-16)
[  316.382879][  T710] Buffer I/O error on dev loop3p4, logical block 33008, async page read
[  316.392286][  T710] Buffer I/O error on dev loop3p3, logical block 263808, async page read
[  316.401426][  T710] Buffer I/O error on dev loop3p3, logical block 263809, async page read
[  316.410294][  T710] Buffer I/O error on dev loop3p3, logical block 263810, async page read
[  316.419132][  T710] Buffer I/O error on dev loop3p3, logical block 263811, async page read
[  316.427852][  T896] Buffer I/O error on dev loop3p3, logical block 263812, async page read
09:18:58 executing program 5:
mlockall(0x1)
mremap(&(0x7f0000453000/0x4000)=nil, 0x4000, 0x1000, 0x3, &(0x7f000014a000/0x1000)=nil)
mbind(&(0x7f00003b5000/0x800000)=nil, 0x800004, 0x0, 0x0, 0x2000000, 0x2)

09:18:58 executing program 1:
r0 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r1=>0x0)
io_submit(r1, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x401000, 0x8, 0x1, 0x0, r0, &(0x7f0000000000), 0x16000}])

09:18:58 executing program 4:
mkdir(&(0x7f0000002200)='./file0\x00', 0x0)
r0 = open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
name_to_handle_at(0xffffffffffffffff, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="1c"], &(0x7f0000000340), 0x0)
getdents(r0, &(0x7f00000005c0)=""/223, 0xfc61)

09:18:58 executing program 3:
syz_read_part_table(0x2400000000000000, 0x1, &(0x7f0000000480)=[{&(0x7f0000000000)="020181ffffff0a000000ff45ac000000000063000800000000000000000000ffffffa9000000e10000008877007200300700a6ffffff00000000008000da55aa", 0x40, 0x1c0}])
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)

09:18:58 executing program 2:
r0 = open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x1800007, 0x11, r0, 0x0)
r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r2=>0x0)
ftruncate(r1, 0x81fd)
syz_open_dev$vcsu(&(0x7f0000001700), 0x0, 0x0)
sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000003980)=[{0x0}], 0x1}, 0x0)
io_submit(r2, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0x8000000, 0x1, 0x0, r1, &(0x7f0000000000), 0x16000}])

09:18:58 executing program 0 (fault-call:2 fault-nth:61):
mlockall(0x1)
mremap(&(0x7f0000453000/0x4000)=nil, 0x4000, 0x1000, 0x3, &(0x7f000014a000/0x1000)=nil)
mbind(&(0x7f00003b5000/0x800000)=nil, 0x800004, 0x0, 0x0, 0x0, 0x2)

09:18:58 executing program 4:
mkdir(&(0x7f0000002200)='./file0\x00', 0x0)
r0 = open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
name_to_handle_at(0xffffffffffffffff, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="1c"], &(0x7f0000000340), 0x0)
getdents(r0, &(0x7f00000005c0)=""/223, 0xfc61)

09:18:58 executing program 4:
mkdir(&(0x7f0000002200)='./file0\x00', 0x0)
r0 = open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
name_to_handle_at(0xffffffffffffffff, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="1c"], &(0x7f0000000340), 0x0)
getdents(r0, &(0x7f00000005c0)=""/223, 0xfc61)

09:18:58 executing program 1:
r0 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r1=>0x0)
io_submit(r1, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x4af000, 0x8, 0x1, 0x0, r0, &(0x7f0000000000), 0x16000}])

[  316.667459][T30108] loop3: detected capacity change from 0 to 264192
[  316.701426][T30108]  loop3: p1 p3 p4
[  316.706180][T30108] loop3: p1 size 11290111 extends beyond EOD, truncated
09:18:58 executing program 2:
r0 = open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x1800007, 0x11, r0, 0x0)
r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r2=>0x0)
ftruncate(r1, 0x81fd)
syz_open_dev$vcsu(&(0x7f0000001700), 0x0, 0x0)
sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000003980)=[{0x0}], 0x1}, 0x0)
io_submit(r2, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0x8040000, 0x1, 0x0, r1, &(0x7f0000000000), 0x16000}])

[  316.746347][ T1041]  loop1: p2 < > p3 p4
[  316.750807][T30108] loop3: p3 size 1912633224 extends beyond EOD, truncated
[  316.762433][T30108] loop3: p4 size 3657465856 extends beyond EOD, truncated
[  316.769969][ T1041] loop1: p2 size 2 extends beyond EOD, truncated
[  316.789980][ T1041] loop1: p3 start 225 is beyond EOD, truncated
09:18:58 executing program 4:
mkdir(&(0x7f0000002200)='./file0\x00', 0x0)
open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
name_to_handle_at(0xffffffffffffffff, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="1c"], &(0x7f0000000340), 0x400)
getdents(0xffffffffffffffff, &(0x7f00000005c0)=""/223, 0xfc61)

09:18:58 executing program 4:
mkdir(&(0x7f0000002200)='./file0\x00', 0x0)
open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
name_to_handle_at(0xffffffffffffffff, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="1c"], &(0x7f0000000340), 0x400)
getdents(0xffffffffffffffff, &(0x7f00000005c0)=""/223, 0xfc61)

[  316.796218][ T1041] loop1: p4 size 3657465856 extends beyond EOD, truncated
[  316.834948][T30108] loop3: detected capacity change from 0 to 264192
[  316.931905][T30108]  loop3: p1 p3 p4
[  316.935873][T30108] loop3: p1 size 11290111 extends beyond EOD, truncated
[  316.952771][T30108] loop3: p3 size 1912633224 extends beyond EOD, truncated
[  316.968948][T30108] loop3: p4 size 3657465856 extends beyond EOD, truncated
[  316.989106][T30101] FAULT_INJECTION: forcing a failure.
[  316.989106][T30101] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  317.002796][T30101] CPU: 0 PID: 30101 Comm: syz-executor.0 Not tainted 5.14.0-rc4-syzkaller #0
[  317.011543][T30101] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  317.021794][T30101] Call Trace:
[  317.025197][T30101]  dump_stack_lvl+0xb7/0x103
[  317.029792][T30101]  dump_stack+0x11/0x1a
[  317.033992][T30101]  should_fail+0x23c/0x250
[  317.038421][T30101]  __alloc_pages+0x102/0x320
[  317.043096][T30101]  alloc_pages_vma+0x513/0x680
[  317.047862][T30101]  ? page_address_in_vma+0x264/0x300
[  317.053143][T30101]  new_page+0x124/0x170
[  317.057300][T30101]  migrate_pages+0x3b3/0x1530
[  317.061970][T30101]  ? do_mbind+0xf50/0xf50
[  317.066455][T30101]  ? remove_migration_ptes+0x90/0x90
[  317.071735][T30101]  do_mbind+0xd43/0xf50
[  317.075870][T30101]  __x64_sys_mbind+0x10a/0x130
[  317.080704][T30101]  do_syscall_64+0x3d/0x90
[  317.085149][T30101]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  317.091093][T30101] RIP: 0033:0x4665e9
[  317.095010][T30101] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  317.114596][T30101] RSP: 002b:00007f21c691d188 EFLAGS: 00000246 ORIG_RAX: 00000000000000ed
[  317.123212][T30101] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665e9
[  317.131237][T30101] RDX: 0000000000000000 RSI: 0000000000800004 RDI: 00000000203b5000
[  317.139345][T30101] RBP: 00007f21c691d1d0 R08: 0000000000000000 R09: 0000000000000002
[  317.147299][T30101] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  317.155300][T30101] R13: 00007ffd632b736f R14: 00007f21c691d300 R15: 0000000000022000
[  317.196531][ T1041]  loop3: p1 p3 p4
[  317.200454][ T1041] loop3: p1 size 11290111 extends beyond EOD, truncated
[  317.208908][ T1041] loop3: p3 size 1912633224 extends beyond EOD, truncated
[  317.220555][ T1041] loop3: p4 size 3657465856 extends beyond EOD, truncated
09:18:59 executing program 5:
mlockall(0x1)
mremap(&(0x7f0000453000/0x4000)=nil, 0x4000, 0x1000, 0x3, &(0x7f000014a000/0x1000)=nil)
mbind(&(0x7f00003b5000/0x800000)=nil, 0x800004, 0x0, 0x0, 0x3000000, 0x2)

09:18:59 executing program 2:
r0 = open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x1800007, 0x11, r0, 0x0)
r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r2=>0x0)
ftruncate(r1, 0x81fd)
syz_open_dev$vcsu(&(0x7f0000001700), 0x0, 0x0)
sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000003980)=[{0x0}], 0x1}, 0x0)
io_submit(r2, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0x8800000, 0x1, 0x0, r1, &(0x7f0000000000), 0x16000}])

09:18:59 executing program 1:
r0 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r1=>0x0)
io_submit(r1, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x4fc000, 0x8, 0x1, 0x0, r0, &(0x7f0000000000), 0x16000}])

09:18:59 executing program 4:
mkdir(&(0x7f0000002200)='./file0\x00', 0x0)
open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
name_to_handle_at(0xffffffffffffffff, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="1c"], &(0x7f0000000340), 0x400)
getdents(0xffffffffffffffff, &(0x7f00000005c0)=""/223, 0xfc61)

09:18:59 executing program 3:
syz_read_part_table(0x2500000000000000, 0x1, &(0x7f0000000480)=[{&(0x7f0000000000)="020181ffffff0a000000ff45ac000000000063000800000000000000000000ffffffa9000000e10000008877007200300700a6ffffff00000000008000da55aa", 0x40, 0x1c0}])
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)

09:18:59 executing program 0 (fault-call:2 fault-nth:62):
mlockall(0x1)
mremap(&(0x7f0000453000/0x4000)=nil, 0x4000, 0x1000, 0x3, &(0x7f000014a000/0x1000)=nil)
mbind(&(0x7f00003b5000/0x800000)=nil, 0x800004, 0x0, 0x0, 0x0, 0x2)

09:18:59 executing program 4:
mkdir(&(0x7f0000002200)='./file0\x00', 0x0)
r0 = open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
name_to_handle_at(0xffffffffffffffff, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="1c"], &(0x7f0000000340), 0x400)
getdents(r0, 0x0, 0x0)

[  317.579850][T30190] loop3: detected capacity change from 0 to 264192
09:18:59 executing program 2:
r0 = open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x1800007, 0x11, r0, 0x0)
r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r2=>0x0)
ftruncate(r1, 0x81fd)
syz_open_dev$vcsu(&(0x7f0000001700), 0x0, 0x0)
sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000003980)=[{0x0}], 0x1}, 0x0)
io_submit(r2, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0x8800300, 0x1, 0x0, r1, &(0x7f0000000000), 0x16000}])

[  317.639223][T30190]  loop3: p1 p3 p4
[  317.647652][T30190] loop3: p1 size 11290111 extends beyond EOD, truncated
[  317.656564][T30190] loop3: p3 size 1912633224 extends beyond EOD, truncated
09:18:59 executing program 1:
r0 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r1=>0x0)
io_submit(r1, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x540000, 0x8, 0x1, 0x0, r0, &(0x7f0000000000), 0x16000}])

09:18:59 executing program 4:
mkdir(&(0x7f0000002200)='./file0\x00', 0x0)
r0 = open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
name_to_handle_at(0xffffffffffffffff, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="1c"], &(0x7f0000000340), 0x400)
getdents(r0, 0x0, 0x0)

[  317.686094][T30190] loop3: p4 size 3657465856 extends beyond EOD, truncated
[  317.696005][ T1041]  loop1: p2 < > p3 p4
[  317.700764][ T1041] loop1: p2 size 2 extends beyond EOD, truncated
[  317.725019][ T1041] loop1: p3 start 225 is beyond EOD, truncated
09:18:59 executing program 4:
mkdir(&(0x7f0000002200)='./file0\x00', 0x0)
r0 = open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
name_to_handle_at(0xffffffffffffffff, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="1c"], &(0x7f0000000340), 0x400)
getdents(r0, 0x0, 0x0)

[  317.731248][ T1041] loop1: p4 size 3657465856 extends beyond EOD, truncated
09:18:59 executing program 2:
r0 = open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x1800007, 0x11, r0, 0x0)
r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r2=>0x0)
ftruncate(r1, 0x81fd)
syz_open_dev$vcsu(&(0x7f0000001700), 0x0, 0x0)
sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000003980)=[{0x0}], 0x1}, 0x0)
io_submit(r2, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0x9000000, 0x1, 0x0, r1, &(0x7f0000000000), 0x16000}])

[  317.773467][T30190] loop3: detected capacity change from 0 to 264192
[  317.841141][T30190]  loop3: p1 p3 p4
[  317.844984][T30190] loop3: p1 size 11290111 extends beyond EOD, truncated
[  317.859763][T30190] loop3: p3 size 1912633224 extends beyond EOD, truncated
[  317.868206][T30190] loop3: p4 size 3657465856 extends beyond EOD, truncated
[  317.925146][ T1041]  loop3: p1 p3 p4
[  317.931745][ T1041] loop3: p1 size 11290111 extends beyond EOD, truncated
[  317.942488][ T1041] loop3: p3 size 1912633224 extends beyond EOD, truncated
[  317.946493][T30188] FAULT_INJECTION: forcing a failure.
[  317.946493][T30188] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  317.950828][ T1041] loop3: p4 size 3657465856 extends beyond EOD, truncated
[  317.963204][T30188] CPU: 1 PID: 30188 Comm: syz-executor.0 Not tainted 5.14.0-rc4-syzkaller #0
[  317.979274][T30188] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  317.989409][T30188] Call Trace:
[  317.992718][T30188]  dump_stack_lvl+0xb7/0x103
[  317.997302][T30188]  dump_stack+0x11/0x1a
[  318.001449][T30188]  should_fail+0x23c/0x250
[  318.005948][T30188]  __alloc_pages+0x102/0x320
[  318.010561][T30188]  alloc_pages_vma+0x513/0x680
[  318.015329][T30188]  ? page_address_in_vma+0x264/0x300
[  318.020618][T30188]  new_page+0x124/0x170
[  318.024834][T30188]  migrate_pages+0x3b3/0x1530
[  318.029574][T30188]  ? do_mbind+0xf50/0xf50
[  318.034031][T30188]  ? remove_migration_ptes+0x90/0x90
[  318.039460][T30188]  do_mbind+0xd43/0xf50
[  318.043658][T30188]  __x64_sys_mbind+0x10a/0x130
[  318.048441][T30188]  do_syscall_64+0x3d/0x90
[  318.052836][T30188]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  318.058713][T30188] RIP: 0033:0x4665e9
[  318.062627][T30188] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  318.082211][T30188] RSP: 002b:00007f21c691d188 EFLAGS: 00000246 ORIG_RAX: 00000000000000ed
[  318.090616][T30188] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665e9
[  318.099097][T30188] RDX: 0000000000000000 RSI: 0000000000800004 RDI: 00000000203b5000
[  318.107071][T30188] RBP: 00007f21c691d1d0 R08: 0000000000000000 R09: 0000000000000002
[  318.115205][T30188] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  318.123172][T30188] R13: 00007ffd632b736f R14: 00007f21c691d300 R15: 0000000000022000
09:19:00 executing program 5:
mlockall(0x1)
mremap(&(0x7f0000453000/0x4000)=nil, 0x4000, 0x1000, 0x3, &(0x7f000014a000/0x1000)=nil)
mbind(&(0x7f00003b5000/0x800000)=nil, 0x800004, 0x0, 0x0, 0x4000000, 0x2)

09:19:00 executing program 1:
r0 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r1=>0x0)
io_submit(r1, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x600100, 0x8, 0x1, 0x0, r0, &(0x7f0000000000), 0x16000}])

09:19:00 executing program 4:
mlockall(0x1)
mremap(&(0x7f0000453000/0x4000)=nil, 0x4000, 0x1000, 0x3, &(0x7f000014a000/0x1000)=nil)
mbind(&(0x7f00003b5000/0x800000)=nil, 0x800004, 0x0, 0x0, 0x4000, 0x2)

09:19:00 executing program 3:
syz_read_part_table(0x2e00000000000000, 0x1, &(0x7f0000000480)=[{&(0x7f0000000000)="020181ffffff0a000000ff45ac000000000063000800000000000000000000ffffffa9000000e10000008877007200300700a6ffffff00000000008000da55aa", 0x40, 0x1c0}])
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)

09:19:00 executing program 2:
r0 = open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x1800007, 0x11, r0, 0x0)
r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r2=>0x0)
ftruncate(r1, 0x81fd)
syz_open_dev$vcsu(&(0x7f0000001700), 0x0, 0x0)
sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000003980)=[{0x0}], 0x1}, 0x0)
io_submit(r2, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0x9800300, 0x1, 0x0, r1, &(0x7f0000000000), 0x16000}])

09:19:00 executing program 0 (fault-call:2 fault-nth:63):
mlockall(0x1)
mremap(&(0x7f0000453000/0x4000)=nil, 0x4000, 0x1000, 0x3, &(0x7f000014a000/0x1000)=nil)
mbind(&(0x7f00003b5000/0x800000)=nil, 0x800004, 0x0, 0x0, 0x0, 0x2)

[  318.476304][T30265] loop3: detected capacity change from 0 to 264192
09:19:00 executing program 2:
r0 = open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x1800007, 0x11, r0, 0x0)
r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r2=>0x0)
ftruncate(r1, 0x81fd)
syz_open_dev$vcsu(&(0x7f0000001700), 0x0, 0x0)
sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000003980)=[{0x0}], 0x1}, 0x0)
io_submit(r2, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0xa000000, 0x1, 0x0, r1, &(0x7f0000000000), 0x16000}])

09:19:00 executing program 1:
r0 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r1=>0x0)
io_submit(r1, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x970000, 0x8, 0x1, 0x0, r0, &(0x7f0000000000), 0x16000}])

[  318.549127][T30265]  loop3: p1 p3 p4
[  318.559675][T30265] loop3: p1 size 11290111 extends beyond EOD, truncated
[  318.582973][T30265] loop3: p3 size 1912633224 extends beyond EOD, truncated
[  318.609816][ T1041]  loop1: p2 < > p3 p4
[  318.617326][ T1041] loop1: p2 size 2 extends beyond EOD, truncated
[  318.628962][T30265] loop3: p4 size 3657465856 extends beyond EOD, truncated
[  318.641260][ T1041] loop1: p3 start 225 is beyond EOD, truncated
[  318.647476][ T1041] loop1: p4 size 3657465856 extends beyond EOD, truncated
09:19:00 executing program 2:
r0 = open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x1800007, 0x11, r0, 0x0)
r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r2=>0x0)
ftruncate(r1, 0x81fd)
syz_open_dev$vcsu(&(0x7f0000001700), 0x0, 0x0)
sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000003980)=[{0x0}], 0x1}, 0x0)
io_submit(r2, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0xb000000, 0x1, 0x0, r1, &(0x7f0000000000), 0x16000}])

09:19:00 executing program 1:
r0 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r1=>0x0)
io_submit(r1, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0xc04a01, 0x8, 0x1, 0x0, r0, &(0x7f0000000000), 0x16000}])

[  318.731607][T30265] loop3: detected capacity change from 0 to 264192
09:19:00 executing program 2:
r0 = open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x1800007, 0x11, r0, 0x0)
r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r2=>0x0)
ftruncate(r1, 0x81fd)
syz_open_dev$vcsu(&(0x7f0000001700), 0x0, 0x0)
sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000003980)=[{0x0}], 0x1}, 0x0)
io_submit(r2, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0xc000000, 0x1, 0x0, r1, &(0x7f0000000000), 0x16000}])

[  318.803103][T30265]  loop3: p1 p3 p4
[  318.811909][T30265] loop3: p1 size 11290111 extends beyond EOD, truncated
[  318.819859][T30265] loop3: p3 size 1912633224 extends beyond EOD, truncated
[  318.827968][T30265] loop3: p4 size 3657465856 extends beyond EOD, truncated
[  318.864836][T30268] FAULT_INJECTION: forcing a failure.
[  318.864836][T30268] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  318.878150][T30268] CPU: 1 PID: 30268 Comm: syz-executor.0 Not tainted 5.14.0-rc4-syzkaller #0
[  318.886972][T30268] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  318.897195][T30268] Call Trace:
[  318.900463][T30268]  dump_stack_lvl+0xb7/0x103
[  318.905103][T30268]  dump_stack+0x11/0x1a
[  318.909327][T30268]  should_fail+0x23c/0x250
[  318.913825][T30268]  __alloc_pages+0x102/0x320
[  318.918435][T30268]  alloc_pages_vma+0x513/0x680
[  318.923235][T30268]  ? page_address_in_vma+0x264/0x300
[  318.928596][T30268]  new_page+0x124/0x170
[  318.932947][T30268]  migrate_pages+0x3b3/0x1530
[  318.937640][T30268]  ? do_mbind+0xf50/0xf50
[  318.942238][T30268]  ? remove_migration_ptes+0x90/0x90
[  318.947619][T30268]  do_mbind+0xd43/0xf50
[  318.951769][T30268]  __x64_sys_mbind+0x10a/0x130
[  318.956524][T30268]  do_syscall_64+0x3d/0x90
[  318.960943][T30268]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  318.965526][ T1041]  loop1: p2 < > p3 p4
[  318.966862][T30268] RIP: 0033:0x4665e9
[  318.966879][T30268] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  318.973676][ T1041] loop1: p2 size 2 extends beyond EOD, 
[  318.975006][T30268] RSP: 002b:00007f21c691d188 EFLAGS: 00000246 ORIG_RAX: 00000000000000ed
09:19:00 executing program 1:
r0 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r1=>0x0)
io_submit(r1, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0xc04f00, 0x8, 0x1, 0x0, r0, &(0x7f0000000000), 0x16000}])

[  318.975026][T30268] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665e9
[  318.975037][T30268] RDX: 0000000000000000 RSI: 0000000000800004 RDI: 00000000203b5000
[  318.994816][ T1041] truncated
[  319.000296][T30268] RBP: 00007f21c691d1d0 R08: 0000000000000000 R09: 0000000000000002
[  319.000311][T30268] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  319.044160][T30268] R13: 00007ffd632b736f R14: 00007f21c691d300 R15: 0000000000022000
[  319.046783][ T1041] loop1: p3 start 225 is beyond EOD, truncated
[  319.058533][ T1041] loop1: p4 size 3657465856 extends beyond EOD, truncated
[  319.210202][ T1041]  loop1: p2 < > p3 p4
[  319.214406][ T1041] loop1: p2 size 2 extends beyond EOD, truncated
[  319.228765][ T1041] loop1: p3 start 225 is beyond EOD, truncated
[  319.234984][ T1041] loop1: p4 size 3657465856 extends beyond EOD, truncated
09:19:01 executing program 5:
mlockall(0x1)
mremap(&(0x7f0000453000/0x4000)=nil, 0x4000, 0x1000, 0x3, &(0x7f000014a000/0x1000)=nil)
mbind(&(0x7f00003b5000/0x800000)=nil, 0x800004, 0x0, 0x0, 0x7000000, 0x2)

09:19:01 executing program 3:
syz_read_part_table(0x3f00000000000000, 0x1, &(0x7f0000000480)=[{&(0x7f0000000000)="020181ffffff0a000000ff45ac000000000063000800000000000000000000ffffffa9000000e10000008877007200300700a6ffffff00000000008000da55aa", 0x40, 0x1c0}])
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)

09:19:01 executing program 2:
r0 = open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x1800007, 0x11, r0, 0x0)
r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r2=>0x0)
ftruncate(r1, 0x81fd)
syz_open_dev$vcsu(&(0x7f0000001700), 0x0, 0x0)
sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000003980)=[{0x0}], 0x1}, 0x0)
io_submit(r2, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0xd000000, 0x1, 0x0, r1, &(0x7f0000000000), 0x16000}])

09:19:01 executing program 1:
r0 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r1=>0x0)
io_submit(r1, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0xf04a00, 0x8, 0x1, 0x0, r0, &(0x7f0000000000), 0x16000}])

09:19:01 executing program 4:
r0 = open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x1800007, 0x11, r0, 0x0)
r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r2=>0x0)
ftruncate(r1, 0x81fd)
syz_open_dev$vcsu(&(0x7f0000001700), 0x0, 0x0)
sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000003980)=[{0x0}], 0x1}, 0x0)
io_submit(r2, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0x401000, 0x1, 0x0, r1, &(0x7f0000000000), 0x16000}])

09:19:01 executing program 0 (fault-call:2 fault-nth:64):
mlockall(0x1)
mremap(&(0x7f0000453000/0x4000)=nil, 0x4000, 0x1000, 0x3, &(0x7f000014a000/0x1000)=nil)
mbind(&(0x7f00003b5000/0x800000)=nil, 0x800004, 0x0, 0x0, 0x0, 0x2)

[  319.583958][T30355] loop3: detected capacity change from 0 to 264192
[  319.617117][T30355]  loop3: p1 p3 p4
[  319.621117][T30355] loop3: p1 size 11290111 extends beyond EOD, truncated
09:19:01 executing program 1:
r0 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r1=>0x0)
io_submit(r1, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x1000000, 0x8, 0x1, 0x0, r0, &(0x7f0000000000), 0x16000}])

09:19:01 executing program 2:
r0 = open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x1800007, 0x11, r0, 0x0)
r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r2=>0x0)
ftruncate(r1, 0x81fd)
syz_open_dev$vcsu(&(0x7f0000001700), 0x0, 0x0)
sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000003980)=[{0x0}], 0x1}, 0x0)
io_submit(r2, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0xf000000, 0x1, 0x0, r1, &(0x7f0000000000), 0x16000}])

[  319.636134][T30355] loop3: p3 size 1912633224 extends beyond EOD, truncated
[  319.652485][T30355] loop3: p4 size 3657465856 extends beyond EOD, truncated
09:19:01 executing program 4 (fault-call:6 fault-nth:0):
mkdir(&(0x7f0000002200)='./file0\x00', 0x0)
r0 = open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
name_to_handle_at(0xffffffffffffffff, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="1c"], &(0x7f0000000340), 0x400)
getdents(r0, &(0x7f00000005c0)=""/223, 0xfc61)

09:19:01 executing program 3:
syz_read_part_table(0x4000000000000000, 0x1, &(0x7f0000000480)=[{&(0x7f0000000000)="020181ffffff0a000000ff45ac000000000063000800000000000000000000ffffffa9000000e10000008877007200300700a6ffffff00000000008000da55aa", 0x40, 0x1c0}])
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)

[  319.676715][ T1041]  loop1: p2 < > p3 p4
[  319.681020][ T1041] loop1: p2 size 2 extends beyond EOD, truncated
[  319.712742][ T1041] loop1: p3 start 225 is beyond EOD, truncated
[  319.719065][ T1041] loop1: p4 size 3657465856 extends beyond EOD, truncated
[  319.746959][T30374] FAULT_INJECTION: forcing a failure.
[  319.746959][T30374] name failslab, interval 1, probability 0, space 0, times 0
[  319.759602][T30374] CPU: 1 PID: 30374 Comm: syz-executor.4 Not tainted 5.14.0-rc4-syzkaller #0
[  319.768425][T30374] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  319.778645][T30374] Call Trace:
[  319.781931][T30374]  dump_stack_lvl+0xb7/0x103
[  319.786596][T30374]  dump_stack+0x11/0x1a
[  319.790836][T30374]  should_fail+0x23c/0x250
[  319.795293][T30374]  __should_failslab+0x81/0x90
[  319.800058][T30374]  ? ext4_readdir+0x2b5/0x1e40
[  319.804920][T30374]  should_failslab+0x5/0x20
[  319.809421][T30374]  kmem_cache_alloc_trace+0x49/0x310
[  319.814711][T30374]  ext4_readdir+0x2b5/0x1e40
[  319.819300][T30374]  ? fsnotify+0x1167/0x1190
[  319.823820][T30374]  ? __fsnotify_parent+0x32f/0x430
[  319.828937][T30374]  ? avc_policy_seqno+0x22/0x30
[  319.833924][T30374]  ? __down_read_common+0x16d/0x530
[  319.839191][T30374]  ? fsnotify_perm+0x2bd/0x2e0
[  319.843949][T30374]  iterate_dir+0x16e/0x370
[  319.848543][T30374]  __se_sys_getdents+0x7f/0x190
[  319.853444][T30374]  ? fillonedir+0x260/0x260
[  319.857937][T30374]  __x64_sys_getdents+0x3f/0x50
[  319.862836][T30374]  do_syscall_64+0x3d/0x90
[  319.867295][T30374]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  319.873310][T30374] RIP: 0033:0x4665e9
[  319.877380][T30374] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  319.897158][T30374] RSP: 002b:00007f860f13b188 EFLAGS: 00000246 ORIG_RAX: 000000000000004e
[  319.905661][T30374] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665e9
[  319.913645][T30374] RDX: 000000000000fc61 RSI: 00000000200005c0 RDI: 0000000000000003
[  319.921669][T30374] RBP: 00007f860f13b1d0 R08: 0000000000000000 R09: 0000000000000000
[  319.929680][T30374] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  319.937810][T30374] R13: 00007fff70031f3f R14: 00007f860f13b300 R15: 0000000000022000
[  319.958740][T30389] loop3: detected capacity change from 0 to 264192
[  319.970393][T30351] FAULT_INJECTION: forcing a failure.
[  319.970393][T30351] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  319.984813][T30351] CPU: 0 PID: 30351 Comm: syz-executor.0 Not tainted 5.14.0-rc4-syzkaller #0
[  319.993937][T30351] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  320.004000][T30351] Call Trace:
09:19:01 executing program 4 (fault-call:6 fault-nth:1):
mkdir(&(0x7f0000002200)='./file0\x00', 0x0)
r0 = open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
name_to_handle_at(0xffffffffffffffff, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="1c"], &(0x7f0000000340), 0x400)
getdents(r0, &(0x7f00000005c0)=""/223, 0xfc61)

[  320.007300][T30351]  dump_stack_lvl+0xb7/0x103
[  320.011895][T30351]  dump_stack+0x11/0x1a
[  320.016148][T30351]  should_fail+0x23c/0x250
[  320.021098][T30351]  __alloc_pages+0x102/0x320
[  320.025808][T30351]  alloc_pages_vma+0x513/0x680
[  320.031034][T30351]  ? page_address_in_vma+0x264/0x300
[  320.037067][T30351]  new_page+0x124/0x170
[  320.041377][T30351]  migrate_pages+0x3b3/0x1530
[  320.046152][T30351]  ? do_mbind+0xf50/0xf50
[  320.050558][T30351]  ? remove_migration_ptes+0x90/0x90
[  320.056085][T30351]  do_mbind+0xd43/0xf50
[  320.060468][T30351]  __x64_sys_mbind+0x10a/0x130
[  320.065418][T30351]  do_syscall_64+0x3d/0x90
[  320.069500][T30395] FAULT_INJECTION: forcing a failure.
[  320.069500][T30395] name failslab, interval 1, probability 0, space 0, times 0
[  320.069934][T30351]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  320.089223][T30351] RIP: 0033:0x4665e9
[  320.093381][T30351] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  320.113158][T30351] RSP: 002b:00007f21c691d188 EFLAGS: 00000246 ORIG_RAX: 00000000000000ed
[  320.121904][T30351] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665e9
[  320.130168][T30351] RDX: 0000000000000000 RSI: 0000000000800004 RDI: 00000000203b5000
[  320.138219][T30351] RBP: 00007f21c691d1d0 R08: 0000000000000000 R09: 0000000000000002
[  320.147062][T30351] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  320.160582][T30351] R13: 00007ffd632b736f R14: 00007f21c691d300 R15: 0000000000022000
[  320.168544][T30395] CPU: 1 PID: 30395 Comm: syz-executor.4 Not tainted 5.14.0-rc4-syzkaller #0
[  320.177584][T30395] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  320.187730][T30395] Call Trace:
[  320.191006][T30395]  dump_stack_lvl+0xb7/0x103
[  320.195687][T30395]  dump_stack+0x11/0x1a
[  320.199937][T30395]  should_fail+0x23c/0x250
[  320.204354][T30395]  ? kzalloc+0x16/0x20
[  320.208420][T30395]  __should_failslab+0x81/0x90
[  320.211168][ T1041]  loop1: p2 < > p3 p4
[  320.213178][T30395]  should_failslab+0x5/0x20
[  320.213199][T30395]  __kmalloc+0x66/0x340
[  320.230164][ T1041] loop1: p2 size 2 extends beyond EOD, 
[  320.231236][T30395]  ? ext4fs_dirhash+0x99e/0x9e0
[  320.231264][T30395]  kzalloc+0x16/0x20
[  320.237137][ T1041] truncated
[  320.242129][T30395]  ext4_htree_store_dirent+0x52/0x2c0
[  320.247921][ T1041] loop1: p3 start 225 is beyond EOD, 
[  320.249225][T30395]  htree_dirblock_to_tree+0x4b1/0x650
[  320.254587][ T1041] truncated
[  320.254592][ T1041] loop1: p4 size 3657465856 extends beyond EOD, 
[  320.259933][T30395]  ext4_htree_fill_tree+0x3e8/0x9f0
[  320.259954][T30395]  ? get_page_from_freelist+0x54e/0x820
[  320.265306][ T1041] truncated
[  320.288569][T30395]  ? release_pages+0x873/0x8a0
[  320.293387][T30395]  ? mem_cgroup_update_lru_size+0x50/0xe0
[  320.299330][T30395]  ? should_fail+0xd6/0x250
[  320.303866][T30395]  ? kmem_cache_alloc_trace+0x20f/0x310
09:19:01 executing program 1:
r0 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r1=>0x0)
io_submit(r1, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x14ac000, 0x8, 0x1, 0x0, r0, &(0x7f0000000000), 0x16000}])

[  320.309543][T30395]  ? ext4_readdir+0x2b5/0x1e40
[  320.314312][T30395]  ext4_readdir+0x178d/0x1e40
[  320.319004][T30395]  ? avc_policy_seqno+0x22/0x30
[  320.324362][T30395]  ? __down_read_common+0x16d/0x530
[  320.329717][T30395]  ? fsnotify_perm+0x2bd/0x2e0
[  320.334646][T30395]  iterate_dir+0x16e/0x370
[  320.339063][T30395]  __se_sys_getdents+0x7f/0x190
[  320.343944][T30395]  ? fillonedir+0x260/0x260
[  320.348813][T30395]  __x64_sys_getdents+0x3f/0x50
[  320.354180][T30395]  do_syscall_64+0x3d/0x90
[  320.358740][T30395]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  320.364728][T30395] RIP: 0033:0x4665e9
[  320.368616][T30395] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  320.388344][T30395] RSP: 002b:00007f860f13b188 EFLAGS: 00000246 ORIG_RAX: 000000000000004e
[  320.397390][T30395] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665e9
[  320.405642][T30395] RDX: 000000000000fc61 RSI: 00000000200005c0 RDI: 0000000000000003
[  320.413878][T30395] RBP: 00007f860f13b1d0 R08: 0000000000000000 R09: 0000000000000000
[  320.427663][T30395] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  320.435720][T30395] R13: 00007fff70031f3f R14: 00007f860f13b300 R15: 0000000000022000
[  320.457095][T30389]  loop3: p1 p3 p4
[  320.461482][T30389] loop3: p1 size 11290111 extends beyond EOD, truncated
[  320.493288][T30389] loop3: p3 size 1912633224 extends beyond EOD, truncated
[  320.527263][T30389] loop3: p4 size 3657465856 extends beyond EOD, truncated
[  320.606159][T30394] print_req_error: 45 callbacks suppressed
[  320.606170][T30394] blk_update_request: I/O error, dev loop3, sector 264033 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 0
[  320.625565][T30402] blk_update_request: I/O error, dev loop3, sector 264064 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 0
[  320.639412][T30393] blk_update_request: I/O error, dev loop3, sector 263946 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 0
[  320.651693][T30389] __loop_clr_fd: partition scan of loop3 failed (rc=-16)
[  320.651920][ T1041]  loop1: p2 < > p3 p4
[  320.661288][  T896] blk_update_request: I/O error, dev loop3, sector 263946 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  320.667592][ T1041] loop1: p2 size 2 extends beyond EOD, truncated
[  320.674157][  T896] buffer_io_error: 33 callbacks suppressed
[  320.674167][  T896] Buffer I/O error on dev loop3p1, logical block 131968, async page read
[  320.681616][T30389] loop3: detected capacity change from 0 to 264192
[  320.686731][  T896] blk_update_request: I/O error, dev loop3, sector 263948 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  320.712753][  T896] Buffer I/O error on dev loop3p1, logical block 131969, async page read
[  320.717448][ T1041] loop1: p3 start 225 is beyond EOD, truncated
[  320.728541][ T1041] loop1: p4 size 3657465856 extends beyond EOD, truncated
[  320.768189][T30389] loop_reread_partitions: partition scan of loop3 () failed (rc=-16)
09:19:02 executing program 5:
mlockall(0x1)
mremap(&(0x7f0000453000/0x4000)=nil, 0x4000, 0x1000, 0x3, &(0x7f000014a000/0x1000)=nil)
mbind(&(0x7f00003b5000/0x800000)=nil, 0x800004, 0x0, 0x0, 0x8000000, 0x2)

09:19:02 executing program 2:
r0 = open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x1800007, 0x11, r0, 0x0)
r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r2=>0x0)
ftruncate(r1, 0x81fd)
syz_open_dev$vcsu(&(0x7f0000001700), 0x0, 0x0)
sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000003980)=[{0x0}], 0x1}, 0x0)
io_submit(r2, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0x10000000, 0x1, 0x0, r1, &(0x7f0000000000), 0x16000}])

09:19:02 executing program 4 (fault-call:6 fault-nth:2):
mkdir(&(0x7f0000002200)='./file0\x00', 0x0)
r0 = open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
name_to_handle_at(0xffffffffffffffff, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="1c"], &(0x7f0000000340), 0x400)
getdents(r0, &(0x7f00000005c0)=""/223, 0xfc61)

09:19:02 executing program 0 (fault-call:2 fault-nth:65):
mlockall(0x1)
mremap(&(0x7f0000453000/0x4000)=nil, 0x4000, 0x1000, 0x3, &(0x7f000014a000/0x1000)=nil)
mbind(&(0x7f00003b5000/0x800000)=nil, 0x800004, 0x0, 0x0, 0x0, 0x2)

09:19:02 executing program 1:
r0 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r1=>0x0)
io_submit(r1, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x2000000, 0x8, 0x1, 0x0, r0, &(0x7f0000000000), 0x16000}])

09:19:02 executing program 3:
syz_read_part_table(0x4000080000000000, 0x1, &(0x7f0000000480)=[{&(0x7f0000000000)="020181ffffff0a000000ff45ac000000000063000800000000000000000000ffffffa9000000e10000008877007200300700a6ffffff00000000008000da55aa", 0x40, 0x1c0}])
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)

[  320.872820][T30438] FAULT_INJECTION: forcing a failure.
[  320.872820][T30438] name failslab, interval 1, probability 0, space 0, times 0
[  320.885505][T30438] CPU: 1 PID: 30438 Comm: syz-executor.4 Not tainted 5.14.0-rc4-syzkaller #0
[  320.894446][T30438] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  320.905016][T30438] Call Trace:
[  320.908296][T30438]  dump_stack_lvl+0xb7/0x103
[  320.912996][T30438]  dump_stack+0x11/0x1a
[  320.917769][T30438]  should_fail+0x23c/0x250
[  320.922398][T30438]  ? kzalloc+0x16/0x20
[  320.926558][T30438]  __should_failslab+0x81/0x90
[  320.931326][T30438]  should_failslab+0x5/0x20
[  320.936050][T30438]  __kmalloc+0x66/0x340
[  320.940428][T30438]  ? ext4fs_dirhash+0x99e/0x9e0
[  320.945499][T30438]  kzalloc+0x16/0x20
[  320.949467][T30438]  ext4_htree_store_dirent+0x52/0x2c0
[  320.954957][T30438]  htree_dirblock_to_tree+0x4b1/0x650
[  320.960371][T30438]  ext4_htree_fill_tree+0x3e8/0x9f0
[  320.965617][T30438]  ? get_page_from_freelist+0x54e/0x820
[  320.971619][T30438]  ? cgroup_rstat_updated+0x60/0x1c0
[  320.976984][T30438]  ? __alloc_pages+0x194/0x320
[  320.981877][T30438]  ? should_fail+0xd6/0x250
[  320.986471][T30438]  ? kmem_cache_alloc_trace+0x20f/0x310
[  320.992159][T30438]  ? ext4_readdir+0x2b5/0x1e40
[  320.996951][T30438]  ext4_readdir+0x178d/0x1e40
[  321.001622][T30438]  ? avc_policy_seqno+0x22/0x30
[  321.006476][T30438]  ? __down_read_common+0x16d/0x530
[  321.011807][T30438]  ? fsnotify_perm+0x2bd/0x2e0
[  321.016592][T30438]  iterate_dir+0x16e/0x370
[  321.021104][T30438]  __se_sys_getdents+0x7f/0x190
[  321.026185][T30438]  ? fillonedir+0x260/0x260
[  321.030786][T30438]  __x64_sys_getdents+0x3f/0x50
[  321.035807][T30438]  do_syscall_64+0x3d/0x90
[  321.040231][T30438]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  321.046140][T30438] RIP: 0033:0x4665e9
[  321.050137][T30438] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  321.070743][T30438] RSP: 002b:00007f860f13b188 EFLAGS: 00000246 ORIG_RAX: 000000000000004e
[  321.079468][T30438] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665e9
[  321.087727][T30438] RDX: 000000000000fc61 RSI: 00000000200005c0 RDI: 0000000000000003
[  321.095706][T30438] RBP: 00007f860f13b1d0 R08: 0000000000000000 R09: 0000000000000000
[  321.103675][T30438] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  321.111722][T30438] R13: 00007fff70031f3f R14: 00007f860f13b300 R15: 0000000000022000
[  321.131505][T30440] FAULT_INJECTION: forcing a failure.
[  321.131505][T30440] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  321.145577][T30440] CPU: 0 PID: 30440 Comm: syz-executor.0 Not tainted 5.14.0-rc4-syzkaller #0
[  321.154693][T30440] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  321.165092][T30440] Call Trace:
[  321.168365][T30440]  dump_stack_lvl+0xb7/0x103
[  321.172957][T30440]  dump_stack+0x11/0x1a
[  321.177117][T30440]  should_fail+0x23c/0x250
[  321.181552][T30440]  __alloc_pages+0x102/0x320
[  321.186270][T30440]  alloc_pages_vma+0x513/0x680
[  321.191047][T30440]  ? page_address_in_vma+0x264/0x300
[  321.196430][T30440]  new_page+0x124/0x170
[  321.199807][T30446] loop3: detected capacity change from 0 to 264192
[  321.200660][T30440]  migrate_pages+0x3b3/0x1530
[  321.200682][T30440]  ? do_mbind+0xf50/0xf50
[  321.216377][T30440]  ? remove_migration_ptes+0x90/0x90
[  321.221769][T30440]  do_mbind+0xd43/0xf50
[  321.225965][T30440]  __x64_sys_mbind+0x10a/0x130
[  321.230777][T30440]  do_syscall_64+0x3d/0x90
[  321.235203][T30440]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  321.241108][T30440] RIP: 0033:0x4665e9
[  321.245093][T30440] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  321.264806][T30440] RSP: 002b:00007f21c691d188 EFLAGS: 00000246 ORIG_RAX: 00000000000000ed
[  321.273229][T30440] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665e9
09:19:02 executing program 4 (fault-call:6 fault-nth:3):
mkdir(&(0x7f0000002200)='./file0\x00', 0x0)
r0 = open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
name_to_handle_at(0xffffffffffffffff, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="1c"], &(0x7f0000000340), 0x400)
getdents(r0, &(0x7f00000005c0)=""/223, 0xfc61)

[  321.281199][T30440] RDX: 0000000000000000 RSI: 0000000000800004 RDI: 00000000203b5000
[  321.289265][T30440] RBP: 00007f21c691d1d0 R08: 0000000000000000 R09: 0000000000000002
[  321.297299][T30440] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  321.305451][T30440] R13: 00007ffd632b736f R14: 00007f21c691d300 R15: 0000000000022000
[  321.329784][T30446]  loop3: p1 p3 p4
[  321.338327][T30446] loop3: p1 size 11290111 extends beyond EOD, truncated
[  321.358491][T30446] loop3: p3 size 1912633224 extends beyond EOD, truncated
[  321.366545][T30446] loop3: p4 size 3657465856 extends beyond EOD, truncated
09:19:02 executing program 1:
r0 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r1=>0x0)
io_submit(r1, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x4000000, 0x8, 0x1, 0x0, r0, &(0x7f0000000000), 0x16000}])

[  321.386658][T30459] FAULT_INJECTION: forcing a failure.
[  321.386658][T30459] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  321.399922][T30459] CPU: 0 PID: 30459 Comm: syz-executor.4 Not tainted 5.14.0-rc4-syzkaller #0
[  321.408791][T30459] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  321.418848][T30459] Call Trace:
[  321.422157][T30459]  dump_stack_lvl+0xb7/0x103
[  321.427124][T30459]  dump_stack+0x11/0x1a
[  321.431309][T30459]  should_fail+0x23c/0x250
09:19:03 executing program 2:
r0 = open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x1800007, 0x11, r0, 0x0)
r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r2=>0x0)
ftruncate(r1, 0x81fd)
syz_open_dev$vcsu(&(0x7f0000001700), 0x0, 0x0)
sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000003980)=[{0x0}], 0x1}, 0x0)
io_submit(r2, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0x11000000, 0x1, 0x0, r1, &(0x7f0000000000), 0x16000}])

[  321.435781][T30459]  should_fail_usercopy+0x16/0x20
[  321.440883][T30459]  _copy_to_user+0x1c/0x90
[  321.445437][T30459]  simple_read_from_buffer+0xab/0x120
[  321.450823][T30459]  proc_fail_nth_read+0xf6/0x140
[  321.455871][T30459]  ? rw_verify_area+0x136/0x250
[  321.460816][T30459]  ? proc_fault_inject_write+0x200/0x200
[  321.466580][T30459]  vfs_read+0x154/0x5d0
[  321.470840][T30459]  ? touch_atime+0xcf/0x240
[  321.475482][T30459]  ? __fget_light+0x21b/0x260
[  321.480300][T30459]  ? __cond_resched+0x11/0x40
[  321.484990][T30459]  ksys_read+0xce/0x180
[  321.489244][T30459]  __x64_sys_read+0x3e/0x50
[  321.493836][T30459]  do_syscall_64+0x3d/0x90
[  321.498270][T30459]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  321.504260][T30459] RIP: 0033:0x41936c
[  321.508304][T30459] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 fc ff ff 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 2f fd ff ff 48
[  321.528101][T30459] RSP: 002b:00007f860f13b170 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  321.536707][T30459] RAX: ffffffffffffffda RBX: 0000000000000030 RCX: 000000000041936c
[  321.545933][T30459] RDX: 000000000000000f RSI: 00007f860f13b1e0 RDI: 0000000000000005
[  321.554105][T30459] RBP: 00007f860f13b1d0 R08: 0000000000000000 R09: 0000000000000000
[  321.562423][T30459] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  321.570567][T30459] R13: 00007fff70031f3f R14: 00007f860f13b300 R15: 0000000000022000
09:19:03 executing program 4:
mkdir(&(0x7f0000002200)='./file0\x00', 0x0)
r0 = open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
name_to_handle_at(0xffffffffffffffff, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="1c"], &(0x7f0000000340), 0x400)
getdents(r0, &(0x7f00000005c0)=""/223, 0xfc61)

09:19:03 executing program 1:
r0 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r1=>0x0)
io_submit(r1, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x8000000, 0x8, 0x1, 0x0, r0, &(0x7f0000000000), 0x16000}])

[  321.593060][ T1041]  loop1: p2 < > p3 p4
[  321.611635][ T1041] loop1: p2 size 2 extends beyond EOD, truncated
[  321.620205][T30446] loop3: detected capacity change from 0 to 264192
09:19:03 executing program 4:
mkdir(&(0x7f0000002200)='./file0\x00', 0x0)
r0 = open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
name_to_handle_at(0xffffffffffffffff, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="1c"], &(0x7f0000000340), 0x400)
getdents(r0, &(0x7f00000005c0)=""/223, 0x18)

[  321.644458][ T1041] loop1: p3 start 225 is beyond EOD, truncated
[  321.650858][ T1041] loop1: p4 size 3657465856 extends beyond EOD, truncated
[  321.687230][T30446]  loop3: p1 p3 p4
[  321.693433][T30446] loop3: p1 size 11290111 extends beyond EOD, truncated
[  321.715415][T30446] loop3: p3 size 1912633224 extends beyond EOD, truncated
[  321.735768][T30446] loop3: p4 size 3657465856 extends beyond EOD, truncated
[  321.836466][ T1041]  loop1: p2 < > p3 p4
[  321.842744][ T1041] loop1: p2 size 2 extends beyond EOD, truncated
[  321.851882][ T1041] loop1: p3 start 225 is beyond EOD, truncated
[  321.858254][ T1041] loop1: p4 size 3657465856 extends beyond EOD, truncated
09:19:03 executing program 5:
mlockall(0x1)
mremap(&(0x7f0000453000/0x4000)=nil, 0x4000, 0x1000, 0x3, &(0x7f000014a000/0x1000)=nil)
mbind(&(0x7f00003b5000/0x800000)=nil, 0x800004, 0x0, 0x0, 0x40000000, 0x2)

09:19:03 executing program 0 (fault-call:2 fault-nth:66):
mlockall(0x1)
mremap(&(0x7f0000453000/0x4000)=nil, 0x4000, 0x1000, 0x3, &(0x7f000014a000/0x1000)=nil)
mbind(&(0x7f00003b5000/0x800000)=nil, 0x800004, 0x0, 0x0, 0x0, 0x2)

09:19:03 executing program 4:
mkdir(&(0x7f0000002200)='./file0\x00', 0x0)
r0 = open$dir(&(0x7f0000000000)='./file0\x00', 0x200, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f000008a000/0x4000)=nil, 0x4000, 0x800003, 0x8010, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
name_to_handle_at(0xffffffffffffffff, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="1c"], &(0x7f0000000340), 0x400)
getdents(r0, &(0x7f00000005c0)=""/223, 0xfc61)

09:19:03 executing program 2:
r0 = open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x1800007, 0x11, r0, 0x0)
r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r2=>0x0)
ftruncate(r1, 0x81fd)
syz_open_dev$vcsu(&(0x7f0000001700), 0x0, 0x0)
sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000003980)=[{0x0}], 0x1}, 0x0)
io_submit(r2, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0x12000000, 0x1, 0x0, r1, &(0x7f0000000000), 0x16000}])

09:19:03 executing program 1:
r0 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r1=>0x0)
io_submit(r1, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x8040000, 0x8, 0x1, 0x0, r0, &(0x7f0000000000), 0x16000}])

09:19:03 executing program 3:
syz_read_part_table(0x4800000000000000, 0x1, &(0x7f0000000480)=[{&(0x7f0000000000)="020181ffffff0a000000ff45ac000000000063000800000000000000000000ffffffa9000000e10000008877007200300700a6ffffff00000000008000da55aa", 0x40, 0x1c0}])
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)

09:19:03 executing program 4:
mkdir(&(0x7f0000002200)='./file0\x00', 0x0)
r0 = open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, 0xffffffffffffffff, 0x0)
renameat(r0, &(0x7f0000000040)='./file0\x00', r0, &(0x7f0000000080)='./file0\x00')
openat(r0, &(0x7f00000000c0)='./file0\x00', 0x204000, 0x1)
ioctl$TIOCNXCL(0xffffffffffffffff, 0x540d)
preadv(0xffffffffffffffff, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
pipe(&(0x7f0000000040)={<r1=>0xffffffffffffffff})
r2 = socket$inet_udp(0x2, 0x2, 0x0)
close(r2)
splice(r1, 0x0, r2, 0x0, 0x10005, 0x0)
openat(r1, &(0x7f0000000180)='./file1\x00', 0x125701, 0x9)
name_to_handle_at(0xffffffffffffffff, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="ec91d444976bc58cbc416528a0a7e5c60f26dd6e7cec5bcefa3c5b567d9de34c6401807852bace05dd19c5dc96594cc7a0848174de1cd013061ab358150bba400fe22954cff652b32f38580dce9cda488b00111c995dc6271c5e70fa74d78cf975aef00564f8aa4d"], &(0x7f0000000340), 0x400)
getdents(r0, &(0x7f00000005c0)=""/223, 0xfc61)

[  322.045297][T30526] loop3: detected capacity change from 0 to 264192
09:19:03 executing program 2:
r0 = open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x1800007, 0x11, r0, 0x0)
r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r2=>0x0)
ftruncate(r1, 0x81fd)
syz_open_dev$vcsu(&(0x7f0000001700), 0x0, 0x0)
sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000003980)=[{0x0}], 0x1}, 0x0)
io_submit(r2, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0x15000000, 0x1, 0x0, r1, &(0x7f0000000000), 0x16000}])

09:19:03 executing program 1:
r0 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r1=>0x0)
io_submit(r1, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x8800000, 0x8, 0x1, 0x0, r0, &(0x7f0000000000), 0x16000}])

[  322.118914][T30526]  loop3: p1 p3 p4
[  322.137313][T30526] loop3: p1 size 11290111 extends beyond EOD, truncated
[  322.146248][ T1041]  loop1: p2 < > p3 p4
[  322.155202][ T1041] loop1: p2 size 2 extends beyond EOD, truncated
09:19:03 executing program 4:
mkdir(&(0x7f0000002200)='./file0\x00', 0x0)
r0 = open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0)
mount(&(0x7f0000000040)=@nullb, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='v7\x00', 0x2000000, &(0x7f0000000100)=')+*}!\x00')
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
name_to_handle_at(0xffffffffffffffff, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="1cee9999e4c108a9c2c7f37e592ef1f3385639096f5628a6c2688a81e9a9baff42adb4c2e0d15d6cc6898f394b8007e60f0b8b47b7a4593bd6a37a496661098f0b0ce7"], &(0x7f0000000340), 0x400)
getdents(r0, &(0x7f00000005c0)=""/223, 0xfc61)
mount(&(0x7f0000000140)=ANY=[@ANYBLOB="2f6465762f6d643080"], &(0x7f0000000180)='./file0\x00', &(0x7f00000001c0)='selinuxfs\x00', 0x100002, 0x0)

[  322.178100][T30526] loop3: p3 size 1912633224 extends beyond EOD, truncated
[  322.185587][ T1041] loop1: p3 start 225 is beyond EOD, truncated
[  322.191804][ T1041] loop1: p4 size 3657465856 extends beyond EOD, truncated
[  322.207304][T30526] loop3: p4 size 3657465856 extends beyond EOD, truncated
09:19:03 executing program 1:
r0 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r1=>0x0)
io_submit(r1, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x9000000, 0x8, 0x1, 0x0, r0, &(0x7f0000000000), 0x16000}])

09:19:03 executing program 2:
r0 = open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x1800007, 0x11, r0, 0x0)
r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r2=>0x0)
ftruncate(r1, 0x81fd)
syz_open_dev$vcsu(&(0x7f0000001700), 0x0, 0x0)
sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000003980)=[{0x0}], 0x1}, 0x0)
io_submit(r2, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0x1d000000, 0x1, 0x0, r1, &(0x7f0000000000), 0x16000}])

[  322.290680][T30526] loop3: detected capacity change from 0 to 264192
[  322.368596][T30526]  loop3: p1 p3 p4
[  322.378614][T30526] loop3: p1 size 11290111 extends beyond EOD, truncated
[  322.392242][T30526] loop3: p3 size 1912633224 extends beyond EOD, truncated
[  322.403610][T30526] loop3: p4 size 3657465856 extends beyond EOD, truncated
[  322.405115][T30529] FAULT_INJECTION: forcing a failure.
[  322.405115][T30529] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  322.420225][ T1041]  loop3: p1 p3 p4
[  322.424203][T30529] CPU: 0 PID: 30529 Comm: syz-executor.0 Not tainted 5.14.0-rc4-syzkaller #0
[  322.428712][ T1041] loop3: p1 size 11290111 extends beyond EOD, 
[  322.436807][T30529] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  322.436821][T30529] Call Trace:
[  322.436829][T30529]  dump_stack_lvl+0xb7/0x103
[  322.436851][T30529]  dump_stack+0x11/0x1a
[  322.443243][ T1041] truncated
[  322.453285][T30529]  should_fail+0x23c/0x250
[  322.453318][T30529]  __alloc_pages+0x102/0x320
[  322.459710][ T1041] loop3: p3 size 1912633224 extends beyond EOD, 
[  322.461290][T30529]  alloc_pages_vma+0x513/0x680
[  322.465460][ T1041] truncated
[  322.466273][ T1041] loop3: p4 size 3657465856 extends beyond EOD, 
[  322.468669][T30529]  ? page_address_in_vma+0x264/0x300
[  322.468772][T30529]  new_page+0x124/0x170
[  322.473320][ T1041] truncated
[  322.511517][T30529]  migrate_pages+0x3b3/0x1530
[  322.516285][T30529]  ? do_mbind+0xf50/0xf50
[  322.520626][T30529]  ? remove_migration_ptes+0x90/0x90
[  322.526019][T30529]  do_mbind+0xd43/0xf50
[  322.530362][T30529]  __x64_sys_mbind+0x10a/0x130
[  322.535228][T30529]  do_syscall_64+0x3d/0x90
[  322.539650][T30529]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  322.545727][T30529] RIP: 0033:0x4665e9
[  322.549632][T30529] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  322.569458][T30529] RSP: 002b:00007f21c691d188 EFLAGS: 00000246 ORIG_RAX: 00000000000000ed
[  322.577991][T30529] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665e9
[  322.586279][T30529] RDX: 0000000000000000 RSI: 0000000000800004 RDI: 00000000203b5000
[  322.594419][T30529] RBP: 00007f21c691d1d0 R08: 0000000000000000 R09: 0000000000000002
[  322.602387][T30529] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  322.610367][T30529] R13: 00007ffd632b736f R14: 00007f21c691d300 R15: 0000000000022000
[  322.649152][ T1041]  loop1: p2 < > p3 p4
[  322.653402][ T1041] loop1: p2 size 2 extends beyond EOD, truncated
[  322.661374][ T1041] loop1: p3 start 225 is beyond EOD, truncated
[  322.667740][ T1041] loop1: p4 size 3657465856 extends beyond EOD, truncated
09:19:04 executing program 5:
mlockall(0x1)
mremap(&(0x7f0000453000/0x4000)=nil, 0x4000, 0x1000, 0x3, &(0x7f000014a000/0x1000)=nil)
mbind(&(0x7f00003b5000/0x800000)=nil, 0x800004, 0x0, 0x0, 0xffbfffff, 0x2)

09:19:04 executing program 4:
mkdir(&(0x7f0000002200)='./file0\x00', 0x0)
r0 = open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0)
r2 = accept4$inet6(r1, 0x0, &(0x7f0000000040), 0x0)
preadv(r2, &(0x7f0000000280), 0x0, 0xd9f, 0x0)
name_to_handle_at(0xffffffffffffffff, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="1c"], &(0x7f0000000340), 0x400)
ftruncate(r2, 0xffffffff80000001)
getdents(r0, &(0x7f00000005c0)=""/223, 0xfc61)

09:19:04 executing program 1:
r0 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r1=>0x0)
io_submit(r1, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x10000000, 0x8, 0x1, 0x0, r0, &(0x7f0000000000), 0x16000}])

09:19:04 executing program 3:
syz_read_part_table(0x4c00000000000000, 0x1, &(0x7f0000000480)=[{&(0x7f0000000000)="020181ffffff0a000000ff45ac000000000063000800000000000000000000ffffffa9000000e10000008877007200300700a6ffffff00000000008000da55aa", 0x40, 0x1c0}])
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)

09:19:04 executing program 2:
r0 = open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x1800007, 0x11, r0, 0x0)
r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r2=>0x0)
ftruncate(r1, 0x81fd)
syz_open_dev$vcsu(&(0x7f0000001700), 0x0, 0x0)
sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000003980)=[{0x0}], 0x1}, 0x0)
io_submit(r2, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0x20000000, 0x1, 0x0, r1, &(0x7f0000000000), 0x16000}])

09:19:04 executing program 0 (fault-call:2 fault-nth:67):
mlockall(0x1)
mremap(&(0x7f0000453000/0x4000)=nil, 0x4000, 0x1000, 0x3, &(0x7f000014a000/0x1000)=nil)
mbind(&(0x7f00003b5000/0x800000)=nil, 0x800004, 0x0, 0x0, 0x0, 0x2)

[  322.974992][T30612] loop3: detected capacity change from 0 to 264192
09:19:04 executing program 4:
mkdir(&(0x7f0000002200)='./file0\x00', 0x0)
r0 = open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x12)
umount2(&(0x7f00000002c0)='./file0\x00', 0xd)
open(&(0x7f0000000040)='./file0\x00', 0x200, 0x3)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
creat(&(0x7f0000000180)='./file0\x00', 0x78)
name_to_handle_at(0xffffffffffffffff, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="1c517199d5693419b99cf17853006b68f9d7fe45b7b024f2bafa0e372f9990e43a550e657a3c83119673cc521216a462d2c233b8a170098eaf6b26dbc0bf83a774f2e9dcde50a90c"], &(0x7f0000000340), 0x400)
mknodat(r0, &(0x7f0000000280)='./file0\x00', 0x8000, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r2, 0x0)
openat$dir(0xffffffffffffff9c, &(0x7f0000000400)='./file0\x00', 0x105000, 0x30)
preadv(r2, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
name_to_handle_at(r2, &(0x7f0000000300)='./file0\x00', &(0x7f0000000380)=@reiserfs_2={0x8, 0x2, {0x7ff, 0xffffffff}}, &(0x7f00000003c0), 0x400)
mount(&(0x7f0000000240)=ANY=[@ANYBLOB="2f646576a22f737210007d04"], &(0x7f00000000c0)='./file0\x00', &(0x7f0000000100)='ceph\x00', 0x100080, &(0x7f0000000140)='{\x00')
chdir(&(0x7f0000000080)='./file0\x00')
getdents(r0, &(0x7f00000005c0)=""/223, 0xfc61)

09:19:04 executing program 2:
r0 = open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x1800007, 0x11, r0, 0x0)
r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r2=>0x0)
ftruncate(r1, 0x81fd)
syz_open_dev$vcsu(&(0x7f0000001700), 0x0, 0x0)
sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000003980)=[{0x0}], 0x1}, 0x0)
io_submit(r2, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0x20001000, 0x1, 0x0, r1, &(0x7f0000000000), 0x16000}])

[  323.017141][T30612]  loop3: p1 p3 p4
[  323.021612][T30612] loop3: p1 size 11290111 extends beyond EOD, truncated
[  323.038470][T30612] loop3: p3 size 1912633224 extends beyond EOD, truncated
[  323.058645][T30612] loop3: p4 size 3657465856 extends beyond EOD, truncated
09:19:04 executing program 1:
r0 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r1=>0x0)
io_submit(r1, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x3f000000, 0x8, 0x1, 0x0, r0, &(0x7f0000000000), 0x16000}])

09:19:04 executing program 3:
syz_read_part_table(0x6000000000000000, 0x1, &(0x7f0000000480)=[{&(0x7f0000000000)="020181ffffff0a000000ff45ac000000000063000800000000000000000000ffffffa9000000e10000008877007200300700a6ffffff00000000008000da55aa", 0x40, 0x1c0}])
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)

[  323.114896][ T1041]  loop1: p2 < > p3 p4
[  323.121550][ T1041] loop1: p2 size 2 extends beyond EOD, truncated
09:19:04 executing program 4:
mkdir(&(0x7f0000002200)='./file0\x00', 0x0)
r0 = open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
r1 = socket$inet_udplite(0x2, 0x2, 0x88)
getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000240)={<r2=>0x0, <r3=>0x0}, &(0x7f0000000280)=0x5)
setuid(r3)
r4 = syz_mount_image$tmpfs(&(0x7f0000000340), &(0x7f00000004c0)='./file0\x00', 0x200, 0x8, &(0x7f0000000a00)=[{&(0x7f0000000500)="db76cc", 0x3, 0x401}, {&(0x7f00000006c0)="644c17837f43c0a41c97fcbce6d330147ae738dc8c78fd44d1fa69d41e04d43fab59aa27555da5e95988c60ab28c0e6e7f1589deec4d420349bfa7b609622297a92e492154bde28a7272b168c3ba1b691bebe010d2910cfc117e2765414311e082a28243815b826b82b981fe90bc3e7323ba40ddffd491dcc03b36011fcd664f9ce7163e1a17c67b72dec138074362b2171e481ea5b4f20e8c095d3d539f7106e878db9904b27f924e85d295da89b8c17fe1956894ce90395b0470d297211ff36a1aeb1de43b5c045c86227928a6b97b3939db6245807bef3e2853d0f8e60858", 0xe0, 0x6}, {&(0x7f0000000540)="e3b0744a458887031d3402c58a0fec5d3cc69934f97978b70429b40a65c52a37e0ee06c65d2d076bfb5dcfbc58f7c8628e50d4bb4f503c9d926482991b233f6382137aa40f18e6804d516952189bb6f3ab280a5aaca83314e738f3414d1fe467", 0x60}, {&(0x7f00000007c0)="a6eb1780ed78ffdb186c808c0548c70ed93dc22e566f3322fd0839d9cae8a0401b7cafd60db2de11ca5b040ccfc5266c0d14b5f2e6143b39d92774ac", 0x3c, 0x20}, {&(0x7f0000000800)="4bd23de0466da8f782c289d7213f18ff1421b436fd1d0a61a44d1a5d9703ef96120d2be41926517ec81e5abe652c34f27d803c2d6aeeb8", 0x37, 0x4}, {&(0x7f0000000840)="7028ea3aa06156ca71a60406280c119644d1b2cd091e3781922b2bbc7c1633ed8df4d1fcc09a7a", 0x27, 0x3}, {&(0x7f0000000880)="0165d78a66022ee7eabff17f10e53de70e1a8e19c54f92f442f5e7907f6bd4890da470bd5773f509e9f36a91f2e353682af18cefddbef1ff4cad6f37cb773beddd997945fba7d0aa3dafffb9820753bb7e91bcf71cc3eb072605619a2c5ba01c0b382f046dbcbf7f34047c48ec1cf7235424fa0be2e83067cf02a2aee8ed7480c7d659fe621084fa23e4cb17815234db8c293fd1d3617e3d22e61c62c572044b", 0xa0, 0x7}, {&(0x7f0000000940)="c852b91e11ba3dddf2f30c1f29d2a62eb0477b4470a2e85ffbdf398532176d909767d2a74f0f845ccee11f6c12f2511218eda624ba953a548cd1213daf4202001cd4358caaad4869da232fde627766bf17ab41dfd07eca2e82feacc926f9847c52e9ff4eaeb0f12b9c1fe2fb401e34926842ef30c417310530512906abfd01ab9750c91761b926244fc3467fd203d7eee54812463a89d8ecabf00e0a7e57d51ed5b0c0f7b5bf527b5821df5f0454e8040c70d6e3", 0xb4, 0xa16}], 0x460, &(0x7f0000000c80)=ANY=[@ANYBLOB='huge=always,uidJ', @ANYRESHEX=r3, @ANYBLOB="577516ddd799cbb719d208f5151505db88d776ad5d32dd418818fa9219c2fa5071cdcc28fb0c3d74dcc4fa878f017f554629252c2c8b21362e4b32fa634118f0c3273270def84f8435d01c80d0547596c6dfc205257344603ebf05", @ANYRESHEX=0x0, @ANYBLOB=',mpol=interleave=relative:\x0026,,-,measure,defcontext=root,obj_role=ns/user\x00,\x00'])
mount(&(0x7f0000000100)=@md0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000300)='gfs2meta\x00', 0x40000, &(0x7f0000000480)='tmpfs\x00')
openat(r0, &(0x7f00000000c0)='./file0/file0\x00', 0x82, 0x0)
r5 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r5, 0x0)
preadv(r5, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
syz_open_procfs$namespace(r2, &(0x7f0000000040)='ns/user\x00')
mkdirat(r0, &(0x7f0000000b80)='./file0\x00', 0x80)
preadv(r4, &(0x7f0000000c00)=[{&(0x7f0000000080)=""/39, 0x27}, {&(0x7f0000000ac0)=""/149, 0x95}, {&(0x7f0000000180)=""/245, 0xf5}, {&(0x7f0000000bc0)=""/57, 0x39}, {&(0x7f0000000380)=""/181, 0xb5}, {&(0x7f00000002c0)=""/23, 0x17}], 0x6, 0xfff, 0x8)
name_to_handle_at(0xffffffffffffffff, 0x0, &(0x7f00000004c0)=ANY=[], &(0x7f0000000440), 0x0)
getdents(r0, &(0x7f00000005c0)=""/223, 0xfc61)

[  323.160078][ T1041] loop1: p3 start 225 is beyond EOD, truncated
[  323.166463][ T1041] loop1: p4 size 3657465856 extends beyond EOD, truncated
[  323.187850][T30639] loop3: detected capacity change from 0 to 264192
09:19:04 executing program 4:
ioctl$F2FS_IOC_MOVE_RANGE(0xffffffffffffffff, 0xc020f509, &(0x7f00000000c0)={<r0=>0xffffffffffffffff, 0x10001, 0x4, 0x9})
sendto(r0, &(0x7f0000000100)="21477480c810a4e4f511f97c0a47230c9e7249a8055c65", 0x17, 0x40840, &(0x7f0000000140)=@sco={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x11}}, 0x80)
mkdir(&(0x7f0000002200)='./file0\x00', 0x0)
r1 = open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
openat(r1, &(0x7f0000000080)='./file1\x00', 0x4a001, 0x53)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x400000, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r2, 0x0)
preadv(r2, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
name_to_handle_at(0xffffffffffffffff, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="1c"], &(0x7f0000000340), 0x400)
getdents(r1, &(0x7f00000005c0)=""/223, 0xfc61)
prctl$PR_SET_MM_EXE_FILE(0x23, 0xd, 0xffffffffffffffff)

[  323.231778][T30606] FAULT_INJECTION: forcing a failure.
[  323.231778][T30606] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  323.245246][T30606] CPU: 0 PID: 30606 Comm: syz-executor.0 Not tainted 5.14.0-rc4-syzkaller #0
[  323.254076][T30606] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  323.264373][T30606] Call Trace:
[  323.267651][T30606]  dump_stack_lvl+0xb7/0x103
[  323.272272][T30606]  dump_stack+0x11/0x1a
[  323.276447][T30606]  should_fail+0x23c/0x250
[  323.280879][T30606]  __alloc_pages+0x102/0x320
[  323.285573][T30606]  alloc_pages_vma+0x513/0x680
[  323.290422][T30606]  ? page_address_in_vma+0x264/0x300
[  323.295721][T30606]  new_page+0x124/0x170
[  323.299899][T30606]  migrate_pages+0x3b3/0x1530
[  323.304753][T30606]  ? do_mbind+0xf50/0xf50
[  323.309284][T30606]  ? remove_migration_ptes+0x90/0x90
[  323.314570][T30606]  do_mbind+0xd43/0xf50
[  323.318739][T30606]  __x64_sys_mbind+0x10a/0x130
[  323.323512][T30606]  do_syscall_64+0x3d/0x90
[  323.328048][T30606]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  323.334039][T30606] RIP: 0033:0x4665e9
[  323.337926][T30606] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  323.358140][T30606] RSP: 002b:00007f21c691d188 EFLAGS: 00000246 ORIG_RAX: 00000000000000ed
[  323.366813][T30606] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665e9
[  323.374777][T30606] RDX: 0000000000000000 RSI: 0000000000800004 RDI: 00000000203b5000
[  323.382800][T30606] RBP: 00007f21c691d1d0 R08: 0000000000000000 R09: 0000000000000002
[  323.391219][T30606] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  323.399625][T30606] R13: 00007ffd632b736f R14: 00007f21c691d300 R15: 0000000000022000
[  323.417026][T30639]  loop3: p1 p3 p4
[  323.423144][T30639] loop3: p1 size 11290111 extends beyond EOD, truncated
[  323.447432][T30639] loop3: p3 size 1912633224 extends beyond EOD, truncated
[  323.455419][T30639] loop3: p4 size 3657465856 extends beyond EOD, truncated
[  323.463773][ T1041]  loop1: p2 < > p3 p4
[  323.468131][ T1041] loop1: p2 size 2 extends beyond EOD, truncated
[  323.485355][ T1041] loop1: p3 start 225 is beyond EOD, truncated
[  323.491700][ T1041] loop1: p4 size 3657465856 extends beyond EOD, truncated
[  323.539803][T30620] blk_update_request: I/O error, dev loop3, sector 263946 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 0
[  323.553696][T30659] blk_update_request: I/O error, dev loop3, sector 264033 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 0
[  323.565618][T30639] __loop_clr_fd: partition scan of loop3 failed (rc=-16)
[  323.566805][T30625] blk_update_request: I/O error, dev loop3, sector 264064 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 0
[  323.586118][  T896] blk_update_request: I/O error, dev loop3, sector 263946 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  323.597470][  T896] Buffer I/O error on dev loop3p1, logical block 131968, async page read
[  323.605937][  T896] blk_update_request: I/O error, dev loop3, sector 264033 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  323.617261][  T896] Buffer I/O error on dev loop3p3, logical block 263808, async page read
[  323.625934][  T896] Buffer I/O error on dev loop3p3, logical block 263809, async page read
[  323.627598][T30639] loop3: detected capacity change from 0 to 264192
[  323.634483][  T896] Buffer I/O error on dev loop3p3, logical block 263810, async page read
[  323.649494][  T896] Buffer I/O error on dev loop3p3, logical block 263811, async page read
[  323.658241][  T896] Buffer I/O error on dev loop3p3, logical block 263812, async page read
[  323.666778][  T896] Buffer I/O error on dev loop3p3, logical block 263813, async page read
[  323.675389][  T896] Buffer I/O error on dev loop3p3, logical block 263814, async page read
09:19:05 executing program 5:
mlockall(0x1)
mremap(&(0x7f0000453000/0x4000)=nil, 0x4000, 0x1000, 0x3, &(0x7f000014a000/0x1000)=nil)
mbind(&(0x7f00003b5000/0x800000)=nil, 0x800004, 0x0, 0x0, 0xffffbfff, 0x2)

09:19:05 executing program 4:
mkdir(&(0x7f0000002200)='./file0\x00', 0x41)
r0 = open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
pivot_root(&(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='./file0\x00')
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
name_to_handle_at(0xffffffffffffffff, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="dba213d3c8e83f6c308a5652221c"], &(0x7f0000000340), 0x400)
getdents(r0, &(0x7f00000005c0)=""/223, 0xfc61)

09:19:05 executing program 1:
r0 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r1=>0x0)
io_submit(r1, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x40000000, 0x8, 0x1, 0x0, r0, &(0x7f0000000000), 0x16000}])

09:19:05 executing program 2:
r0 = open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x1800007, 0x11, r0, 0x0)
r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r2=>0x0)
ftruncate(r1, 0x81fd)
syz_open_dev$vcsu(&(0x7f0000001700), 0x0, 0x0)
sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000003980)=[{0x0}], 0x1}, 0x0)
io_submit(r2, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0x20002000, 0x1, 0x0, r1, &(0x7f0000000000), 0x16000}])

09:19:05 executing program 3:
syz_read_part_table(0x6216000000000000, 0x1, &(0x7f0000000480)=[{&(0x7f0000000000)="020181ffffff0a000000ff45ac000000000063000800000000000000000000ffffffa9000000e10000008877007200300700a6ffffff00000000008000da55aa", 0x40, 0x1c0}])
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)

09:19:05 executing program 0 (fault-call:2 fault-nth:68):
mlockall(0x1)
mremap(&(0x7f0000453000/0x4000)=nil, 0x4000, 0x1000, 0x3, &(0x7f000014a000/0x1000)=nil)
mbind(&(0x7f00003b5000/0x800000)=nil, 0x800004, 0x0, 0x0, 0x0, 0x2)

09:19:05 executing program 4:
mkdir(&(0x7f0000002200)='./file0\x00', 0x0)
r0 = open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x300000a, 0x12, r1, 0x6aaf000)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
name_to_handle_at(0xffffffffffffffff, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="1c"], &(0x7f0000000340), 0x400)
getdents(r0, &(0x7f00000005c0)=""/223, 0xfc61)

[  323.984996][T30694] loop3: detected capacity change from 0 to 264192
09:19:05 executing program 1:
r0 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r1=>0x0)
io_submit(r1, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0xfbffffff, 0x8, 0x1, 0x0, r0, &(0x7f0000000000), 0x16000}])

09:19:05 executing program 2:
r0 = open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x1800007, 0x11, r0, 0x0)
r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r2=>0x0)
ftruncate(r1, 0x81fd)
syz_open_dev$vcsu(&(0x7f0000001700), 0x0, 0x0)
sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000003980)=[{0x0}], 0x1}, 0x0)
io_submit(r2, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0x22000000, 0x1, 0x0, r1, &(0x7f0000000000), 0x16000}])

[  324.059060][ T1041]  loop1: p2 < > p3 p4
[  324.063349][ T1041] loop1: p2 size 2 extends beyond EOD, truncated
[  324.085221][T30694]  loop3: p1 p3 p4
[  324.089655][T30694] loop3: p1 size 11290111 extends beyond EOD, truncated
[  324.101045][ T1041] loop1: p3 start 225 is beyond EOD, truncated
[  324.107262][ T1041] loop1: p4 size 3657465856 extends beyond EOD, truncated
[  324.127345][T30694] loop3: p3 size 1912633224 extends beyond EOD, truncated
[  324.135267][T30694] loop3: p4 size 3657465856 extends beyond EOD, truncated
09:19:05 executing program 1:
r0 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r1=>0x0)
io_submit(r1, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0xfeffffff, 0x8, 0x1, 0x0, r0, &(0x7f0000000000), 0x16000}])

09:19:05 executing program 2:
r0 = open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x1800007, 0x11, r0, 0x0)
r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r2=>0x0)
ftruncate(r1, 0x81fd)
syz_open_dev$vcsu(&(0x7f0000001700), 0x0, 0x0)
sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000003980)=[{0x0}], 0x1}, 0x0)
io_submit(r2, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0x25ed0100, 0x1, 0x0, r1, &(0x7f0000000000), 0x16000}])

09:19:05 executing program 4:
mkdir(&(0x7f0000002200)='./file0\x00', 0x0)
r0 = open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0)
r2 = socket$inet_udplite(0x2, 0x2, 0x88)
getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000000240)={<r3=>0x0, <r4=>0x0, <r5=>0x0}, &(0x7f0000000280)=0x5)
setuid(r4)
ioctl$F2FS_IOC_MOVE_RANGE(r1, 0xc020f509, &(0x7f00000002c0)={<r6=>r1, 0x5, 0x3, 0x5d})
sendmsg$nl_generic(r6, &(0x7f0000000ac0)={&(0x7f0000000580)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000a80)={&(0x7f00000007c0)=ANY=[@ANYBLOB="8c0200001400000126bd7000fedbdf250b00000008005800040000004d028f80ed7fa70067918e29d302a127d5985898ba00aad6bd96f0d80d965e8b5727a8c372bcb9683c885822c79c4b24539474fe91ac588b02e5c56f8772b6079d89a42dee49d24e8a5894626dfce693c14a377e1878e28fefe215fe816645b0ec0323ad6f1e587bb02d6134d82aff772ee2f3950a2eb3ebffb5d87014af17b937d900a7d107f23e227bd146bc212c470e5f3d8cc830224e4b7792e1dba9f73ac9791108002000", @ANYRES32=r4, @ANYBLOB="d0500baed7740974f3a92fa42202432034cced6190f8da6fb64777e1d80fb4aa622f70ec50d4f403e4729ee67615129cccd41446022f82e25767973fe696d329e5eda90ca4708f0e9b95c99833844e8a67140dad5cf63d577a4b824bb2a4ebf365e4d784848115bab29a76a52f1647f0b94bad65b7c4def3762647b688f9e18161e317a1a5a2996ae7d8e183b24fd1f26349eb1c1bec8dad4fabda496edf73b8a299dfd604a6918f41569d2477570db9a19e77a234c776b323ff9d080088000a0101026f256a40cfe7e8037a1786504bae519eef19c302161ffda5cc6918fc771a4094d798c9cf4e04ccd71a774d815b61f0b8a8b19aa95e384f8c22cb7299d80ffddcdee42633219bf4605cd338c835b4e463b7e598fe18f083d6cdaac9e564a30987b759fc9fa48be4140bcd6695c90453da41130794bd8fe6e1273e45e99dda45898100a4d5d2811e05276aa142b905fbd4d0ee44705f23e5a3bae3afd5f7f8918b7de4ff6dcfbf322255fd1cb822794dbbeebc32e0106aa9d558b4a61a44d4ca8358ef4508834123dc53fb3a760932f08c0800790000000000000000", @ANYRES32=r4, @ANYBLOB="00000008000400", @ANYRES32, @ANYBLOB="14000700fe8000000000000000000000000000bb04000e00"], 0x28c}, 0x1, 0x0, 0x0, 0x80c5}, 0x0)
r7 = syz_mount_image$tmpfs(&(0x7f0000000200), &(0x7f0000000240)='./file0\x00', 0x40, 0x3, &(0x7f00000006c0)=[{&(0x7f0000000280)="33d36cd0", 0x4, 0x9}, {&(0x7f0000000380)="e9f5beae069658894ccd862c23bd20522821f955e08ccaf0224d6e8e64659dcecef480e527e14d421f58c558bce18d83f42ff6bf113fc42f144e814bbcd6c59d7538210e9e63e0cfa52ecf6731da2c88fad3e0cfe4b99293c68f9a300468920cedff806a969b9bc1fab9ce4fb65a8c063263828c8440aedf09ba84c9411e61dd18e9f52bf91b40e20d75a91f42d912ef3099f97d6dd85eee9a4c717b168427d296a711224fbccc4a6fae7d98b7ea893151c3d1691fa80ace4a29e029ecf926b937d0039234b799824af1523622c74076aa", 0xd1, 0x1}, {&(0x7f0000000480)="c42e4d44133f713ea7dd6bbdbfd7bf95b498f6174d243879eccd1db7e5a63e447113369694007ed21eaa4f71e5dfd5e73f98a6e30f198798240b651964ca4fa3adff45ad235ffe064a86420d98c35680caabf1887642fd25baf66698f4e0cdd52321002c3f6168eb2da3d08e4ae358b659dab4f10a572ce258981f2b4fea994d1a0e9148aebe64b24840c7823241f7d763136c22ea84fab4d1732fbe4cdba29d5ee39942f527203a89bd1df40bdac66c120135b03c0568f039bc6699d390556ed5d5ee86fb72b18aeac4dcce", 0xcc, 0x101}], 0x80000, &(0x7f0000000740)={[{@mode={'mode', 0x3d, 0x16a}}], [{@subj_user={'subj_user', 0x3d, '=relative'}}, {@euid_eq={'euid', 0x3d, r4}}, {@smackfsroot={'smackfsroot', 0x3d, '}/+})+'}}, {@obj_role={'obj_role', 0x3d, 'fsname'}}]})
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
name_to_handle_at(0xffffffffffffffff, 0x0, &(0x7f0000001000)=ANY=[], &(0x7f0000000340), 0x400)
r8 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r8, 0x0)
preadv(r8, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r9 = openat$procfs(0xffffffffffffff9c, &(0x7f0000003780)='/proc/diskstats\x00', 0x0, 0x0)
sendmmsg$unix(r6, &(0x7f0000003880)=[{{0x0, 0x0, &(0x7f0000000dc0)=[{&(0x7f0000000b80)="05e9539b25cced9570ef83e5e4e5d2cfee291263bb52fb3013555472c7a63ed3ba455eb2bf2fd1d91eeeb8de3b088fae446708e7d300704707c6b0425de6c5f06f2b92c845378418f1e606915c720258e866fd64e193a8d0010fb693efd31701bdeb6618de17b78935855c58b20e2ad04d8b344249f4572264812796d4f01b98b3587badb12bdfdcde6c7558885fcc3e", 0x90}, {&(0x7f0000000c40)="5f00f40fae68388a53a7b7452ed73bcde4836eb66bc31993863ccafcd2abacb430991c9ee2050ec16424c42dcd090eadfb61d29252c2ac00e4566aa87fdccdb636db46a6848b6f9b6e31c7d2a2d16b3b6b5a2e1423a8f08f051aebd6a079c07426d2a53816db182091a5cb0e8e0b3d998cb6b715965023ff7e16cd46a63aceceb73f2e54a5ee6d8f2871c8f9dd9c55bfdb670e2c3c441aea1102ad876511002ffc8c04b953d9c2c38a605a0eb718e5a9c1edced541364b370f6643897fd41e008ac1d7c201fdf054d6518e945756051f1fdd2f4f978d33f0c7fe", 0xda}, {&(0x7f0000000d40)="b66406255ba89a0f787a8ee099d6eb7ecb88023e753980d24f5b2d6970d1fa6253f719301c0e6a2b6cca99d012f08fe88ec062a82add7ff81e45a0648a26134d7d4e754202a1bb62e6981a52df1ab43e1bd1dabcfa0e3275305274d20d04d5ed68e0ba3148af70a72af6bc08a3db8b42", 0x70}], 0x3, 0x0, 0x0, 0x28040}}, {{&(0x7f0000000e00)=@file={0x1, './file1\x00'}, 0x6e, &(0x7f0000000f40)=[{&(0x7f0000000e80)="8aa9dcb1313051eff1366cd3e5037804884c21a828417e5809480e9932f81ddbd27c94f46bc0738584dead923f03284f073c55e258e47cbd110a76094f39dc5cf4f10d70be367e0a0bba60259948ab6fe87c74cc3960429c71817f3ed38f6928ba2657af6c33f180d5", 0x69}, {&(0x7f0000000f00)="5d82816968da71d95f62ede1a5b76e3c6c64b61516c5542c82b9fd3059c9e929842fe6", 0x23}], 0x2, &(0x7f00000010c0)=ANY=[@ANYBLOB="20000000000000000100000001000000", @ANYRES32, @ANYRES32, @ANYRES32, @ANYRES32, @ANYBLOB="1c000000000000000100000002000000", @ANYRES32=r3, @ANYRES32=0xee00, @ANYRES32=0x0, @ANYBLOB="000000001c000000000000000100000002000000", @ANYRES32=0x0, @ANYRES32=r4, @ANYRES32=r5, @ANYBLOB="000000001c000000000000000100000002000000", @ANYRES32=r3, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="000000001c0000000000ffde0100000002000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES32=r5, @ANYBLOB="0000000020000000000000000100000001000000", @ANYRES32=r6, @ANYRES32, @ANYRES32=r2, @ANYRES32=r2, @ANYBLOB="18000000000000000100000001000000", @ANYRES32, @ANYRES32=r6], 0xd8, 0x4}}, {{&(0x7f0000000f80)=@file={0x0, './file1\x00'}, 0x6e, &(0x7f0000001740)=[{&(0x7f0000001240)="c1c159fe5475c1ccc126efd3f846f51be90e1b893476a86d4603ca6e6ce7898e0f20f8e1a2dfc24d94a2d5fd7bdd3f9ddd030c4ac263252a22", 0x39}, {&(0x7f0000001280)="2a62b64054ec99df9de06396be43d7eaca023067d713bdbdc3e912a17d3d4c5917279ec6278db5c13154568cf8abfc0f3a8963558c3c362b64d154357eb5ffb8a7d109912e9ca2384b2a76c2e34ffdaad0dd06cd85c95cc3186e5bf8ba4a3e7d762064e5662523b1a4c9049ff6bdc68c7c0a90bb43", 0x75}, {&(0x7f0000001300)="333837c94d3568a6e8fc4e649439a376a7a9863ecdf387b4d1704c458f1a015df66350d1897a3e8ddcacba36e3eb852b6590cbdf76ac1cb6fa8c413da9769080bb825e03b7b7d034f3e15903c4d81f5990f792abb91812c5a65dd9686530e83d989257b239e8b5a6b7939015997060e38bd0f0bf76fe0f7d04577a45519ced37655825f2be1636e69d4e217fc6e8417bee86dde01d07d4ff4d5479734077063e8af3a739c5", 0xa5}, {&(0x7f00000013c0)="fa362e1286405712028615774c3d0ebd09a3cabcf7bcd5a91c8bb46e76aaa8751f51bff1a68249c0526afaac29d9e9ade76a143f7c702a8e52427f2ff539771a40f4118d22db23eebc8ba857ad10cd1df462ff7c35c5ea9972a0d20f63e5ab8acea44449e46c1e0d69069287d497a7e75ec22ce69f352a50b5ffa85174ebdbaffc14270734d7d7502a63c7a7371002ec6e9806462b331ea80ca7ba5793f729ff7c3811e4038190c52865726c24adb50b522f3ba20aaf8fd2a5428282fb7f13e8ce3b509b3f4b2cd313c44ad998eb8862fcca661edd949e", 0xd7}, {&(0x7f00000014c0)="31005673c871321ff7a4348c0408c7a1ee66a9e276df10d284b0bada2a14ac74ce5fa4c3c51b86238d3a3599755ab34cbf6860b5c8871df0521720a2c98c88aaf35b7a16ab7aa59331dadcef9d7788ded849114ca723525fef9df5b2cc0c2477951c3b4d4e14109eaa692c154fc86eb5d93e72cd24421d705ce8a0e099e7d8ce2c2694fa6ae4449328260aea861ceec92dcabb60f4e51431fad0861a9782dfbe3c113dd44f4fb967545b82426e757b2cc18ca17296ab8d03e1add0919af0bf855c81f1768e780dd37d6c6c4ee4c2711046b1145a83a50a0df35557a526c3fd5f2ec0a18d539e07a194d0dbae2536", 0xee}, {&(0x7f00000015c0)="4f768333e4581b80dfb640a923376495d354d679640fb7014a0a63c003c322cda8ad7229c3fd735ca01bc50cc08b25a4a61e791769c06ad54988d934ba0b3f208777b7896b79608cf36a1dd60eed0bfef951165b7f1aae06ec888085555c79696a5a8a94b0d21fd98376ca2703d0aed0975f4732457274deb585362dbb920158", 0x80}, {&(0x7f0000001640)="4c9c688911eae03354dabc15ee9e3300", 0x10}, {&(0x7f0000001680)="4b82e228f8f39b6ded467863a2b774870f4f20e3df94a3a7a337a37563d51437d423a052cfdbeaedd96a65ea268237b9cda7d0ccacd0c0b7fb5bb7c5188dd6a09e900488f47f577b67dc0a92be9382db0c50b23257e857624420aa96c0e4524a4e56d7c176b290ca8fe703574975b2613487340506fedb3524", 0x79}, {&(0x7f0000001700)="513330f97f22b5b78d91d386ff0bcde456c3e8fc16fd2c7d290bccab7e7a619fd671a6fb0f576022ab8b3425fd91c954d4846a99fb0de0f818ab", 0x3a}], 0x9, &(0x7f0000001800)=ANY=[@ANYBLOB="1c000000000000000100000002000000", @ANYRES32=0x0, @ANYRES32=r4, @ANYRES32=0x0, @ANYBLOB="0000f92714000000000000000100000001000000", @ANYRES32, @ANYBLOB='\x00\x00\x00\x00'], 0x38, 0x183a563163a386b6}}, {{&(0x7f0000001840)=@abs={0x1, 0x0, 0x4e23}, 0x6e, &(0x7f0000001b00)=[{&(0x7f00000018c0)="a45dd184c69213b4405c2f9d09e8ff1df8234c8dc800b573e30d5655122e1b51e5fe85d2bee91dc0173b719cb3048a343fc3ea8977ec04f57131744ffc46f541fc1cf3992d99c4d7adb9becbe40cef02a49efae06e900f66d6b5551c5b396629097ccf0050e0f9c56de64e0fa6f68726f44c256041a247894052a8a68a1ab0b46a7d418bc03853c8b90bb2cc1ea37381bbd36ea0fc6db959e1995d6b369df8fd6979c2ef8ebfa3daadda9cc4e7ed5093ffe9e5f67110226f9a17fd562c94fd82ef6e599d5607eb64585813b0c2979e13b4a36b3ab17a8d8281764477323823c9bd8e9abe", 0xe4}, {&(0x7f00000019c0)="e6cee4e5055c55b0652a4d726da356c24f74bb7f1ed30e18d091d6351466aa0a4069eef261118439b5df595f098ed12c657ebcaeffa94967df2b4873a1a8659578e4f6f722826a", 0x47}, {&(0x7f0000001a40)="0b456629f994516e69ed744606f9bf739b4c3bbf721e66beb9a3bf2a44f074c0133773fa2d0bf1c05926c67e9986a957b2a23f7a98fa18d92490a144188190038aaafbe6f12e76e0902c74774281ddcf65ea0c837aa286e84b1d18dbf198d8789a1d3533062297bb29594c32e047000be1e1eead3f03b0d16c9707a81c7ff59fe1023e4b47f9bf90ecd8f274e245f2a7456dc04ba00c9b4eabdfcd53aeabe7995fa99c0bb38d19dc1e79e3", 0xab}], 0x3, &(0x7f00000021c0)=[@cred={{0x1c, 0x1, 0x2, {r3}}}, @cred={{0x1c, 0x1, 0x2, {0x0, r4}}}], 0x40, 0x10}}, {{&(0x7f00000022c0)=@file={0x1, './file0\x00'}, 0x6e, &(0x7f0000003340)=[{&(0x7f00000039c0)="484be80af46e257e762aed26778a53c62bc5363ed5785cd37d6c36bf7d334fcd8af78c793ac68d0321263c3480002dad18e5c76982a062478cc1e7e457333394d730437dde447e2296184574c7f8c5e1d75b2452c68878d07af670356cc80d337c08048e5a6f141925a5c00b141b94843759d8f3e5786e5c71b4e7cb2d0d2482da139c521ce0349435144ae1e556e347ebcf449fe27e97005df2bef48e40be3a43d0d5fc5a937a32fadc99fcfc35ab77ac3b5e8f0b61a866f691b968f0b54b083495902b057150548920e6cf47fc49d11552f45dd0c5104606a6c958953b271ab93197f0c0ec18374bed39772c560392595f83259c77bc04ea7fa70cadb7d3b9d15ab314ce4a985cb1e478636c6f5afd9e9ce27a1e3c1199276361d9bf4c41842cdb74155985bdf796aa1354182a2fc50550caad706575ad9047ce37c2f98360c08cea56d75ab0e8f9b9b065b5ef72d947384f132e30bde661be649f5b4765a22aecd979166b89d71b659ad1350e86484ad6d152f50f6b5b6af26834061cc042150c42a94cb669498d8638d4945621efd26528b445e0657bcf23a9fe190269d579aaea330f0ce3aaae81f84055d0e9fe34f159d146e70fed755309238e8d041acb76f004fd923ac9fc1c9a1bbe8c1f8c5d1ce49dcc496df9cca9693233c734b2f94f106ef11778aad2096cb64ba203f3b62f3a26b31801f78086d390fc0b8e32a1db053007e56aed6cf6151d6939044a5d4ee1773012e8769f689a6ca6d2e4c4ee7738a3f2396f1e4143d377693118d692a51f8ecc739c4031d53686bb0aa14a0d94019257e40cba63617b9d7623e257571f62bf5cf2d7dcec8f3d7ad8476cba242f42448254ae33104ee5db2aae0d9067612baff1733e06445225170585db103fd74f0b1982128d82a626e83533cad827dc76c44aaffdf60a756a8f08c7ebf81f15e306f9c303fb94149770f7dee340319dfcb0bc87dc5da11eb7650963046607387fb4405b003592355e1d3e22113b74a369d57d6befac7de3e8c729e30efa9ffa6f017d00dda30d168b4e88170f20813deff3ed8818d59c91fefaf709dc46c38c2b95ba2e4bfbd31983d0c5a8823b6dff6b1192b04c607e255f05d2064138dfee79e7e9806672978638e169efa4fa16e2d40968038076c50b9b69b3904cd2082a95e07be5abe72e6b4c62ddbe9dfaa991b9dc65063d9a543b5e2b72a49d0a14e9f73a0b6d29554adcb4b20b33310af54f88c164f2aae932440b5706a9618094eed6967128a5286c323a6bdc778435af6ad5b158a63d41354be1610984c0708e30a3d450dde9e1b8948a6412334e1efa97f6afbada1f7f7aa032306f291136b6a964baf9b4f2b75c810e2c0b17131c455ff7c33bf0ed738fab4f3cd88a75c3abb66a27fa6a653aff652748b64db68be6b47c32b6b87c1e4bd3e05fc8aeb4e1e27cadc7b715a551f1ed88ca6c71ffffd033c65795d154cbe00711371d5d727cca1bc04edc3d115dc9c34db15e0369a3cc79487d18411e91f1419f55c48b46305779331b00b86ba89ea29d4a2751c621e1ad527f31c1e70bb7840201435148f87cdc2b6e02fc496e6bf03ed6afc1c183740155ee4f28d76259943a0293836443f36beff15bd0997ccef7338290a99c9af0b2301a6ae992d64143c5df8b6a43f8d1f09caae8de6148e37f5875629cdca47d49940450ee540cc410eca9c7d29040f6d68386ed34b366ec34c56273b3ab66e5e9b9b39fd5dfa1c5ece97057ba08865b4ca34ae852f5724ea0eb278ce3a3f8d53938114ee39f9804d88d04bf7b976589dcbff19c46c1440a44f2f642cea777e5dd11c15f280c8335321e26c71d2d86db2ed4e40ffadbb7d0460e49b7d19dcd7d00aef6adfa7b346f0537f11a3481d49378f72c65e06a02a0ebe099c4c509460efb874aa74e4182b8be23db391a3e4e39b74ae37e2cb8f0e8fd488e2dd80c764477b044f2d2c1f1f0a65e3e42c05372cfd57f7a4d54fa8ca49274287c7a6ce5aa6502752a3c3a8920c80e155699129f1a66773bb6d39d2322134bef756ce628a3b81e08f74bbc20e5de29ea2f00a6f08e74839f717a449ee979c3f7ddf9dd85907f97e778971ee5abf78ccb0cd4343f54bc802bdb44fd4bd30058c5e7dcefb8f030fdfbf026942bbd2f01f5ab4c543228780e89ef38c5582c8f3da0370d9991fc808c7accbbc53be53c75621f54055e2149980a7651e06805445f293dda3973e6d3f110d4fc6d6b631f83e6d42d944983e828a96012347b9a964eee3ed1c067890fabade5e2feb6d5804aa84878a7ebc3bbc23f5f4ca0336f40888f4d38190f82ff0fdfb5d2f899f8f93565ec9f55d79205c68d8104308bb43e58bc42ac6420ec185298bb6ce5ebcd43e738b3c2abc45fdd81022e95e5d82bbe1235671cbbf34c6de6a9fc9ddf54a725158e41bd656305ce27210440b9271124b5d8acf0841bf1e362d2c749dd9d33237c567a423dd0f07f71f3b81213ecddde791c75a86e24f284d7ea146d1b3f8e99dfe4302bd4c0a88ddae5da526e77aa16a5649287f1d17bbc7c5e7743448a6918390472c74e8f687f0679af7f22b170aa9ee816cbbaeb47dbfd37df56f3a555eeb4b7e4466094bf8a1dda63ca6fbc0b4e460fca78256a83bcf9778c00aa3953289a0d69d5364944490147f3a62708fac8768d77f0f08cc9d47d21676bd0d5658e6750ac7abff53d57e41ed99189c8e00742ed368a6dd3d740fb7387fd389f91ec2f72f1c380f799e345b878266e85d6aedcacfebc09babfe62728516f189d964e9a4c4fa56bf4aa965165d5b58ec752efb443674e34a9dbb51319f4c632a9ce7062f799006353f0715eb026c2d58130a74bf8d1e727e735f3f49b30f29b34b5ebf4d0b58747898b6abf8dbdb2903e53da89545016547779c795d23096725356d400d46539787f46ff5ceed9bbe22e032c1016fe504dde0f00677f11cd65cda9fc76abbc4a0b0fa7c706d87cdda2c7a5aeb39c93d3ff51c4bc850e01f7f52cec0c44f25c1faa4de29145e8af5259d7c890c8d21a036732cad0c3ce03b8e10c456f2a96e27d4e12d661dff47347d4d51ac4b8a52be6eda6c82f67b91b47fcece864ed171bcbd3f1bbffe95b85bc79d335dfda6d43b12a0a0744902a9b77dd440621572524a6a8cd7582268775f1a388de1fdee78569b5eef4ba760737cd4f86c08855a0e2bd25c7aea143951d2451e7e8262da4a3fd204f6c43091a1c0caea2c417e0ffbb7cab86c4b6f6233115cac6f3c8205bed717b94f77113bc2b9c0638636869ca12b57a5a46a1e89913eabe84780bacacc5e9546963a9d12337b65915517f838a59043b203d5d80f31f9124ba42ac2218eb532b6ffd937fb11b46971c31608592e3c86794a8df9fa260606f6fa0439171d77a4df1260a5ff0bd2cf4dcc2f001953b996992d0b2d149724d256a52b7e45841619d6896edd399bf4a66ed2ac3ce7b9ceb8c7aac30e609cb838a03073b2f73b88f403556adb577765c30f5ccfbd0ec44437afb6f53098b83d0c27fd70d7dafcf15153372a1f3a48df246c7081646708b61455ef245d8d84f98c1962f8d02768c2a5090fd08aa14cb9256c4e2d318991e6824f4b932b1fb81418b928551a1c3debcc5366b6decdf479349b360158d1470015965262b48d6e972b963582817abd118475f550f59badd5f45938cf4da0345ad283c44dbc25af8e60d3789bc9d78547280225531521b24112d596f2ea0f3ce739bb5fa68530c6fcdd7d66f0be9dae3fa1cdf0e6f7471d3f7d3c3c5744365d610f2cd3726664ec9790e22dfef0018938be647a2d019515a40b3f3144e2d8f148b6dac105df3ac159cec2e93d8776b0f70ebdd3f69b6f40ac279b7f0148021d0d73a8e18e8f39e26c9b507be5dc3a20747aaadc63f17d78e3cb2cfc5473714914c632709d480e717d5c71be1cdceeb9b714feb2621ad92f39794ae7e937b1a9157fe414cfdf1069a870b29fac1ae85ddcf932ffcfec3db97f81ed099a6a8c6e8856592acee9373543936d29280f37499d9b6475ae0a1500eb6c14023e07db88e8e3e0e0df753eed701b12d7cb2217fa743cd77a987e4dc770594b0fca19d9c33d11d06e70c27764c39dcf34c374efbe03fef2fac6c7b0f370cd31039d875b3ed98747625af580e85beb5573bd121f02bbf645c30e1f88a867fd223735f728b71ceab24a522c439e27ffaf59f366618e340fb6b408f0f0ff3adb91d8e186a5a33760593bcde0c17557a321afa8285579c1dc8619878d8b1ca1aa578f7c0f2ff3c71da7a5f97888a25b4a70486a9a078752eb5f914dd6d40327ec2f1dfb0496bd727ebfc1b0c2b78157e9a9beaad0734a9d18d55ef02746862ca7dd825caaef2c957cb0283068947ac5a78f6dd165577dcfeb8d7339f9220669b003fe9d8f07fd6df37a88d33b9f1e8d04cf1cd26570ae2de1f3b16b70c1e812ec59400944c3fe7cc3887aa5a83661e039819019e647b58f8078974d4eb6e0996ed3d08d94cbefc39a4165af5436582f1702c38518446cc34f7ca867f6a356ecb52424c16d4679d53fca837f23cf07093b75ce010d7c6fdf2f10156f83de84b0fd96a244029348c7ef5f5d3949c7fdccb84292977f34d54505613023150e00e283ef88e3ee85c678eea0087ffc6a12ad83c8467f8d9858a23b87c4b79e8e3cad8a8bb52b339b504e3dac557088a83dc1eac55ca571c58dbc2052b66d201363b8f358bb06bcfd80be45fa53de2a09a3118d23c35e96db639730491419add18835e293d3e152ae6c44025c2abb486aaf62eb6e20cb8c38bf025ca5dc93ac5ad887c7ecb854941e861e1206c3808bda6a68d57bf55af1a290f7afb34856d361a5f3dd331c0a9654d01bd8ab477074740a83f6880bdfc4ee698b280fff6fc45511b4331940db60913d50b4305c1d96e42371ff8cef46d957baa6bcba5301ccfb3f60543b3fd7dad0a971af9d80d7d6e8922270325a2723b0a747baea2624fa4d38cb0dbbd019e2be0e6c9c67bc35b40d69ec3807ac9b02f131cccea1be27f894d20fdfbb0e4d9834b5435475e9e10b3cb63c5ce48f2b9cc1cf5ff4e1b5567177e31953c3b6e35b14fcfe155c20973e956b06da9300d36c26bf5d445f81e15946ab4d790cafd28e8a92714ee6429ca2503cd2b63afe7de8ea01579393aa019f4b829b820969256239bb3dc22e66af4b3db2b231869798d7deab9ee360f6eac71207123667d8a04a1e381db7d7f3a0fb4e275d833b0481621414bba95be530a28addba87f5158ad7b24c5cf5a0d32b0ed2e216834ffbb64c0ecf2f5465abdcef8f070fcb3f96241ad7d48e2f27500b382edb68e1f445162f905039fa46dacf9ec781f10640bffee31384319910898a5b426c5fcdd130f86e5f815de934dfb2d90aea1f005cd909d17cd661874210e1e70fae0d759dbc1bba0803d45379d57dbf8fedb3c2ff2881cee599aebf521aff1e6f449b5bf66b26182069f26f458f45a54f77fef65386ef5922af9e0d4ccf7e5b7be42f15cf8c2d6ae72cce0903ade11aeefdc75e6b56320949284f03f91422a9dd1d7d60eeaedaeafff5db90789b86b2bee6a61aec9d4486589cf199474f20e47a33843609c66f7badb57856cbe1a182838419e1672c573fde581707c4173dab41edc928b8c091c396c4a8f2d2448f75d75aba034b948fc4c22cd12617f637b749e7ec8bc09a87d6abdf8441778e336cee22a89c0dfeeb7affac38e531c74f43994b8889022084dd5caeac4188805def7d069f690eac91999bb0359e355276970c7ce99bffa3b2619", 0x100b}], 0x1, &(0x7f00000037c0)=ANY=[@ANYBLOB="24000000000000000100000001000000", @ANYRES32=r1, @ANYRES32, @ANYRES32=r7, @ANYRES32, @ANYRES32=r0, @ANYBLOB="000000002c000000000000000100000001000000", @ANYRES32, @ANYRES32=r2, @ANYRES32, @ANYRES32, @ANYRES32, @ANYRES32=r0, @ANYRES32, @ANYBLOB="000001001c000000ac811771534eb62502000000", @ANYRES32=r3, @ANYRES32=0x0, @ANYRES32=r5, @ANYBLOB="0000000020000000000000000100000001000000", @ANYRES32, @ANYRES32=r8, @ANYRES32=r9, @ANYRES32=r7], 0x98, 0x10}}], 0x5, 0x4000004)
getdents(r0, &(0x7f00000005c0)=""/223, 0xfc61)
splice(r1, &(0x7f00000001c0)=0x6, r1, &(0x7f0000000b40)=0x1, 0x1, 0x2)
syz_mount_image$tmpfs(&(0x7f0000000040), &(0x7f0000000080)='./file1\x00', 0x2, 0x1, &(0x7f0000000180)=[{&(0x7f00000000c0)="ba717f5685bd32f87b2b72c44a8f5ca37da4a897392ef3c879dcdb2fd878fa9442d5ac04ecbcd85853059a7e46b61ce8b2c3906e843f6a293871bc87f2efb537582284672abb5ce4eacff7c8a83fa64117f714f54dd278f45a73c43ac47e7a52c250299e760fd4f3cc7b15f035997f861de1205ffb3e0112f375da46cdbf34676ed3eeac10fa69a83a2ebd", 0x8b}], 0x100400, &(0x7f0000000300)={[{@mpol={'mpol', 0x3d, {'default', '=relative', @val={0x3a, [0x38, 0x3a, 0x2d]}}}}, {@nr_blocks={'nr_blocks', 0x3d, [0x35, 0x38, 0x30, 0x34]}}], [{@fsname={'fsname', 0x3d, '/@('}}, {@seclabel}]})

[  324.211589][ T1041]  loop1: p2 < > p3 p4
[  324.215839][ T1041] loop1: p2 size 2 extends beyond EOD, truncated
[  324.231878][T30694] loop3: detected capacity change from 0 to 264192
[  324.238024][ T1041] loop1: p3 start 225 is beyond EOD, truncated
[  324.244642][ T1041] loop1: p4 size 3657465856 extends beyond EOD, truncated
[  324.315199][T30694]  loop3: p1 p3 p4
[  324.319279][T30694] loop3: p1 size 11290111 extends beyond EOD, truncated
[  324.342465][T30694] loop3: p3 size 1912633224 extends beyond EOD, truncated
[  324.367279][T30694] loop3: p4 size 3657465856 extends beyond EOD, truncated
[  324.371958][T30696] FAULT_INJECTION: forcing a failure.
[  324.371958][T30696] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  324.387783][T30696] CPU: 0 PID: 30696 Comm: syz-executor.0 Not tainted 5.14.0-rc4-syzkaller #0
[  324.396705][T30696] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  324.406952][T30696] Call Trace:
[  324.410328][T30696]  dump_stack_lvl+0xb7/0x103
[  324.414932][T30696]  dump_stack+0x11/0x1a
[  324.419269][T30696]  should_fail+0x23c/0x250
[  324.423868][T30696]  __alloc_pages+0x102/0x320
[  324.428474][T30696]  alloc_pages_vma+0x513/0x680
[  324.433387][T30696]  ? page_address_in_vma+0x264/0x300
[  324.438781][T30696]  new_page+0x124/0x170
[  324.442978][T30696]  migrate_pages+0x3b3/0x1530
[  324.448042][T30696]  ? do_mbind+0xf50/0xf50
[  324.452984][T30696]  ? remove_migration_ptes+0x90/0x90
[  324.458314][T30696]  do_mbind+0xd43/0xf50
[  324.462535][T30696]  __x64_sys_mbind+0x10a/0x130
[  324.467329][T30696]  do_syscall_64+0x3d/0x90
[  324.471738][T30696]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  324.477648][T30696] RIP: 0033:0x4665e9
[  324.481623][T30696] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  324.501432][T30696] RSP: 002b:00007f21c691d188 EFLAGS: 00000246 ORIG_RAX: 00000000000000ed
[  324.509825][T30696] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665e9
[  324.517932][T30696] RDX: 0000000000000000 RSI: 0000000000800004 RDI: 00000000203b5000
[  324.525947][T30696] RBP: 00007f21c691d1d0 R08: 0000000000000000 R09: 0000000000000002
[  324.533923][T30696] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  324.542125][T30696] R13: 00007ffd632b736f R14: 00007f21c691d300 R15: 0000000000022000
[  324.594992][ T1041]  loop1: p2 < > p3 p4
[  324.601728][ T1041] loop1: p2 size 2 extends beyond EOD, truncated
[  324.616560][ T1041] loop1: p3 start 225 is beyond EOD, truncated
[  324.622971][ T1041] loop1: p4 size 3657465856 extends beyond EOD, truncated
09:19:06 executing program 5:
mlockall(0x1)
mremap(&(0x7f0000453000/0x4000)=nil, 0x4000, 0x1000, 0x3, &(0x7f000014a000/0x1000)=nil)
mbind(&(0x7f00003b5000/0x800000)=nil, 0x800004, 0x0, 0x0, 0x1000000000000, 0x2)

09:19:06 executing program 2:
r0 = open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x1800007, 0x11, r0, 0x0)
r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r2=>0x0)
ftruncate(r1, 0x81fd)
syz_open_dev$vcsu(&(0x7f0000001700), 0x0, 0x0)
sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000003980)=[{0x0}], 0x1}, 0x0)
io_submit(r2, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0x26ed0100, 0x1, 0x0, r1, &(0x7f0000000000), 0x16000}])

09:19:06 executing program 4:
mkdir(&(0x7f0000002200)='./file0\x00', 0x0)
r0 = open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
creat(&(0x7f0000000040)='./file0\x00', 0x10a)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
name_to_handle_at(0xffffffffffffffff, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="1c"], &(0x7f0000000340), 0x400)
getdents(r0, &(0x7f00000005c0)=""/223, 0xfc61)

09:19:06 executing program 3:
syz_read_part_table(0x6316000000000000, 0x1, &(0x7f0000000480)=[{&(0x7f0000000000)="020181ffffff0a000000ff45ac000000000063000800000000000000000000ffffffa9000000e10000008877007200300700a6ffffff00000000008000da55aa", 0x40, 0x1c0}])
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)

09:19:06 executing program 1:
r0 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r1=>0x0)
io_submit(r1, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0xff0f0000, 0x8, 0x1, 0x0, r0, &(0x7f0000000000), 0x16000}])

09:19:06 executing program 0 (fault-call:2 fault-nth:69):
mlockall(0x1)
mremap(&(0x7f0000453000/0x4000)=nil, 0x4000, 0x1000, 0x3, &(0x7f000014a000/0x1000)=nil)
mbind(&(0x7f00003b5000/0x800000)=nil, 0x800004, 0x0, 0x0, 0x0, 0x2)

09:19:06 executing program 4:
mkdir(&(0x7f0000002200)='./file0\x00', 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
mkdirat(r0, &(0x7f0000000040)='./file1\x00', 0x80)
r1 = open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r2, 0x0)
preadv(r2, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
name_to_handle_at(0xffffffffffffffff, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="1c"], &(0x7f0000000340), 0x400)
getdents(r1, &(0x7f00000005c0)=""/223, 0xfc61)

[  324.993697][T30787] loop3: detected capacity change from 0 to 264192
09:19:06 executing program 2:
r0 = open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x1800007, 0x11, r0, 0x0)
r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r2=>0x0)
ftruncate(r1, 0x81fd)
syz_open_dev$vcsu(&(0x7f0000001700), 0x0, 0x0)
sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000003980)=[{0x0}], 0x1}, 0x0)
io_submit(r2, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0x27ed0100, 0x1, 0x0, r1, &(0x7f0000000000), 0x16000}])

09:19:06 executing program 1:
r0 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r1=>0x0)
io_submit(r1, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0xff600000, 0x8, 0x1, 0x0, r0, &(0x7f0000000000), 0x16000}])

09:19:06 executing program 4:
mkdir(&(0x7f0000002200)='./file0\x00', 0x0)
r0 = open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
name_to_handle_at(0xffffffffffffffff, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="444e0083ab4029cc51c10a2043ed3208de8750fb888ac1898309df1116478acda7bd14b71a7554647fba578abd0dc00f0d219911f14375d942abcf1ede6f3de931780f0584086c01fbf9c35b368df10a4b97ff7e9790e8c841e579fd0e13366227933deac93fa7f16a4546072d0ff635401ec2008a9bfd6d9c13d8fdaac94cefe8c3d7ea3c0700ce4b33b5b9dd5ad4c2a5285c321d440190adadfba38caa34cec94481f32bbe"], &(0x7f0000000340), 0x400)
getdents(r0, &(0x7f00000005c0)=""/223, 0xfc61)

[  325.079644][T30787]  loop3: p1 p3 p4
[  325.084124][ T1041]  loop1: p2 < > p3 p4
[  325.090543][T30787] loop3: p1 size 11290111 extends beyond EOD, truncated
[  325.098759][ T1041] loop1: p2 size 2 extends beyond EOD, truncated
[  325.117637][T30787] loop3: p3 size 1912633224 extends beyond EOD, truncated
09:19:06 executing program 4:
mkdir(&(0x7f0000002200)='./file0\x00', 0x0)
r0 = open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
pipe(&(0x7f0000000040)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0)
write$binfmt_script(r1, &(0x7f0000000040)={'#! ', './file0', [{0x20, '@:-}{+@\xf1)'}, {}, {0x20, ']##'}, {0x20, '{@^.'}, {0x20, '{-\\{,){:^'}], 0xa, "0da7125149b7ebae94ccb35a72ad6e0406cb8fdb4ce0de5ea8fb9553c6f93b11a119688bf731e4ecd26685e2c23f8c9eb3ceab19969699cf881b40cfd3b25dc733f2202540d23b7f42e578b3079d7d3e65919886ffa74aa8ebde1d9c419652e814c22ecb88487c31f1507c45acf3bc32d8dbe74d146ab45180071b951c551ecccc67c3a5dedac317ca049a96dc19e96b4c7309acc6c458bee351d79d58e3dfb387a60a79f706988376c91d595ba2ebeae3235e1afaf459896af3059592aba25c68f3562f8aa41bc36e86f1f102de82b0e5ef598f3b0f2c99"}, 0x101)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r2, 0x0)
preadv(r2, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
name_to_handle_at(0xffffffffffffffff, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB='\\'], &(0x7f0000000340), 0x400)
getdents(r0, &(0x7f00000005c0)=""/223, 0xfc61)

[  325.128910][ T1041] loop1: p3 start 225 is beyond EOD, truncated
[  325.135868][ T1041] loop1: p4 size 3657465856 extends beyond EOD, truncated
[  325.146457][T30787] loop3: p4 size 3657465856 extends beyond EOD, truncated
09:19:06 executing program 2:
r0 = open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x1800007, 0x11, r0, 0x0)
r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r2=>0x0)
ftruncate(r1, 0x81fd)
syz_open_dev$vcsu(&(0x7f0000001700), 0x0, 0x0)
sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000003980)=[{0x0}], 0x1}, 0x0)
io_submit(r2, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0x3f000000, 0x1, 0x0, r1, &(0x7f0000000000), 0x16000}])

[  325.225690][T30787] loop3: detected capacity change from 0 to 264192
[  325.288823][T30787]  loop3: p1 p3 p4
[  325.295253][T30787] loop3: p1 size 11290111 extends beyond EOD, truncated
[  325.313293][T30787] loop3: p3 size 1912633224 extends beyond EOD, truncated
[  325.325603][T30787] loop3: p4 size 3657465856 extends beyond EOD, truncated
[  325.328597][T30831] FAULT_INJECTION: forcing a failure.
[  325.328597][T30831] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  325.346691][T30831] CPU: 1 PID: 30831 Comm: syz-executor.0 Not tainted 5.14.0-rc4-syzkaller #0
[  325.355600][T30831] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  325.365725][T30831] Call Trace:
[  325.369229][T30831]  dump_stack_lvl+0xb7/0x103
[  325.373829][T30831]  dump_stack+0x11/0x1a
[  325.378045][T30831]  should_fail+0x23c/0x250
[  325.382587][T30831]  __alloc_pages+0x102/0x320
[  325.387256][T30831]  alloc_pages_vma+0x513/0x680
[  325.392111][T30831]  ? page_address_in_vma+0x264/0x300
[  325.397406][T30831]  new_page+0x124/0x170
[  325.401569][T30831]  migrate_pages+0x3b3/0x1530
[  325.406331][T30831]  ? do_mbind+0xf50/0xf50
[  325.411105][T30831]  ? remove_migration_ptes+0x90/0x90
[  325.416466][T30831]  do_mbind+0xd43/0xf50
[  325.420701][T30831]  __x64_sys_mbind+0x10a/0x130
[  325.425941][T30831]  do_syscall_64+0x3d/0x90
[  325.430362][T30831]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  325.436306][T30831] RIP: 0033:0x4665e9
[  325.440195][T30831] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  325.460074][T30831] RSP: 002b:00007f21c68fc188 EFLAGS: 00000246 ORIG_RAX: 00000000000000ed
[  325.468748][T30831] RAX: ffffffffffffffda RBX: 000000000056c038 RCX: 00000000004665e9
[  325.476710][T30831] RDX: 0000000000000000 RSI: 0000000000800004 RDI: 00000000203b5000
[  325.484776][T30831] RBP: 00007f21c68fc1d0 R08: 0000000000000000 R09: 0000000000000002
[  325.492824][T30831] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  325.500791][T30831] R13: 00007ffd632b736f R14: 00007f21c68fc300 R15: 0000000000022000
[  325.618409][T30791] print_req_error: 43 callbacks suppressed
[  325.618422][T30791] blk_update_request: I/O error, dev loop3, sector 264033 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 0
[  325.638272][ T1778] __loop_clr_fd: partition scan of loop3 failed (rc=-16)
[  325.677733][  T896] blk_update_request: I/O error, dev loop3, sector 264033 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  325.689132][  T896] buffer_io_error: 31 callbacks suppressed
[  325.689144][  T896] Buffer I/O error on dev loop3p3, logical block 263808, async page read
[  325.703464][  T896] blk_update_request: I/O error, dev loop3, sector 264034 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  325.715922][  T896] Buffer I/O error on dev loop3p3, logical block 263809, async page read
[  325.725031][  T896] blk_update_request: I/O error, dev loop3, sector 264035 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  325.736951][  T896] Buffer I/O error on dev loop3p3, logical block 263810, async page read
[  325.745478][  T896] blk_update_request: I/O error, dev loop3, sector 264036 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  325.756890][  T896] Buffer I/O error on dev loop3p3, logical block 263811, async page read
[  325.765598][  T896] blk_update_request: I/O error, dev loop3, sector 264037 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  325.777283][  T896] Buffer I/O error on dev loop3p3, logical block 263812, async page read
[  325.785746][  T896] blk_update_request: I/O error, dev loop3, sector 264038 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  325.797321][  T896] Buffer I/O error on dev loop3p3, logical block 263813, async page read
[  325.805917][  T896] blk_update_request: I/O error, dev loop3, sector 264039 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  325.817451][  T896] Buffer I/O error on dev loop3p3, logical block 263814, async page read
[  325.825968][  T896] blk_update_request: I/O error, dev loop3, sector 264040 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  325.837488][  T896] Buffer I/O error on dev loop3p3, logical block 263815, async page read
[  325.860812][T30789] blk_update_request: I/O error, dev loop3, sector 264064 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 0
[  325.874494][  T710] Buffer I/O error on dev loop3p3, logical block 263808, async page read
[  325.883776][  T710] Buffer I/O error on dev loop3p3, logical block 263809, async page read
09:19:07 executing program 5:
mlockall(0x1)
mremap(&(0x7f0000453000/0x4000)=nil, 0x4000, 0x1000, 0x3, &(0x7f000014a000/0x1000)=nil)
mbind(&(0x7f00003b5000/0x800000)=nil, 0x800004, 0x0, 0x0, 0x81010000000000, 0x2)

09:19:07 executing program 1:
r0 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r1=>0x0)
io_submit(r1, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0xffffff7f, 0x8, 0x1, 0x0, r0, &(0x7f0000000000), 0x16000}])

09:19:07 executing program 3:
syz_read_part_table(0x6416000000000000, 0x1, &(0x7f0000000480)=[{&(0x7f0000000000)="020181ffffff0a000000ff45ac000000000063000800000000000000000000ffffffa9000000e10000008877007200300700a6ffffff00000000008000da55aa", 0x40, 0x1c0}])
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)

09:19:07 executing program 2:
r0 = open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x1800007, 0x11, r0, 0x0)
r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r2=>0x0)
ftruncate(r1, 0x81fd)
syz_open_dev$vcsu(&(0x7f0000001700), 0x0, 0x0)
sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000003980)=[{0x0}], 0x1}, 0x0)
io_submit(r2, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0x40000000, 0x1, 0x0, r1, &(0x7f0000000000), 0x16000}])

09:19:07 executing program 0 (fault-call:2 fault-nth:70):
mlockall(0x1)
mremap(&(0x7f0000453000/0x4000)=nil, 0x4000, 0x1000, 0x3, &(0x7f000014a000/0x1000)=nil)
mbind(&(0x7f00003b5000/0x800000)=nil, 0x800004, 0x0, 0x0, 0x0, 0x2)

09:19:07 executing program 4:
mkdir(&(0x7f0000002200)='./file0\x00', 0x0)
r0 = open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
ioctl$int_out(r1, 0x2, &(0x7f00000000c0))
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r2, 0x0)
fsetxattr$trusted_overlay_redirect(r1, &(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x8, 0x2)
preadv(r2, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
close(r2)
name_to_handle_at(0xffffffffffffffff, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="1c"], &(0x7f0000000340), 0x400)
getdents(r0, &(0x7f00000005c0)=""/223, 0xfc61)

[  325.992403][T30855] loop3: detected capacity change from 0 to 264192
[  326.022299][T30855]  loop3: p1 p3 p4
[  326.027004][T30855] loop3: p1 size 11290111 extends beyond EOD, truncated
09:19:07 executing program 2:
r0 = open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x1800007, 0x11, r0, 0x0)
r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r2=>0x0)
ftruncate(r1, 0x81fd)
syz_open_dev$vcsu(&(0x7f0000001700), 0x0, 0x0)
sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000003980)=[{0x0}], 0x1}, 0x0)
io_submit(r2, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0x63000000, 0x1, 0x0, r1, &(0x7f0000000000), 0x16000}])

09:19:07 executing program 1:
r0 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r1=>0x0)
io_submit(r1, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0xfffffffb, 0x8, 0x1, 0x0, r0, &(0x7f0000000000), 0x16000}])

[  326.075382][T30855] loop3: p3 size 1912633224 extends beyond EOD, truncated
[  326.104957][ T1041]  loop1: p2 < > p3 p4
[  326.113772][ T1041] loop1: p2 size 2 extends beyond EOD, truncated
09:19:07 executing program 4:
mkdir(&(0x7f0000002200)='./file0\x00', 0x0)
statx(0xffffffffffffffff, &(0x7f00000001c0)='./file0\x00', 0x0, 0x40, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, <r0=>0x0})
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000300)={0x0, <r1=>0x0}, &(0x7f0000000380)=0xc)
r2 = socket$inet_udplite(0x2, 0x2, 0x88)
getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000000240)={0x0, <r3=>0x0}, &(0x7f0000000280)=0x5)
setuid(r3)
ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb704, &(0x7f00000003c0)=<r4=>0x0)
getgroups(0x3, &(0x7f0000000400)=[<r5=>0x0, 0xffffffffffffffff, 0x0])
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000440)={0x0, 0x0, <r6=>0x0}, &(0x7f0000000480)=0xc)
getgroups(0x2, &(0x7f00000004c0)=[<r7=>0x0, 0xffffffffffffffff])
setxattr$system_posix_acl(&(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='system.posix_acl_access\x00', &(0x7f0000000500)={{}, {0x1, 0x5}, [{0x2, 0x4, r0}, {0x2, 0x4, 0xee00}, {0x2, 0x2}, {0x2, 0x2, 0xffffffffffffffff}, {0x2, 0x0, r1}, {0x2, 0x2, r3}, {0x2, 0x4, r4}], {0x4, 0x2}, [{0x8, 0x1, r5}, {0x8, 0x7}, {0x8, 0x6, 0xee00}, {0x8, 0x2, r6}, {0x8, 0x5, r7}, {0x8, 0x7, 0xee00}, {0x8, 0x2, 0xee00}], {0x10, 0x2}, {0x20, 0x2}}, 0x94, 0x1)
r8 = open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
r9 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r9, 0x0)
umount2(&(0x7f0000000080)='./file0\x00', 0xa)
preadv(r9, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
name_to_handle_at(0xffffffffffffffff, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1cf14082a12f71440d951a871a2a8ba7e9cc61cbaffc19425fe712e665eaab0f90e118c60a4c391da9a11320d5f88b9db012f5ff209b6482481d7cb3745fd00268be3107cb2029b2b0b67f6dd7e24b0f480abab63f766785b9967ed0663d1186bb0430a21edf84bf7cc17fa9d1d3965624f878619d0cc6537f011a"], &(0x7f0000000340), 0x400)
getdents(r8, &(0x7f00000005c0)=""/223, 0xfc61)
openat(r8, &(0x7f0000000040)='./file0\x00', 0x20802, 0x60)

09:19:07 executing program 2:
r0 = open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x1800007, 0x11, r0, 0x0)
r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r2=>0x0)
ftruncate(r1, 0x81fd)
syz_open_dev$vcsu(&(0x7f0000001700), 0x0, 0x0)
sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000003980)=[{0x0}], 0x1}, 0x0)
io_submit(r2, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0x81020000, 0x1, 0x0, r1, &(0x7f0000000000), 0x16000}])

[  326.133260][T30855] loop3: p4 size 3657465856 extends beyond EOD, truncated
[  326.147789][ T1041] loop1: p3 start 225 is beyond EOD, truncated
[  326.154053][ T1041] loop1: p4 size 3657465856 extends beyond EOD, truncated
09:19:07 executing program 1:
r0 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r1=>0x0)
io_submit(r1, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0xfffffffe, 0x8, 0x1, 0x0, r0, &(0x7f0000000000), 0x16000}])

[  326.228543][T30855] loop3: detected capacity change from 0 to 264192
[  326.273645][T30858] FAULT_INJECTION: forcing a failure.
[  326.273645][T30858] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  326.286943][T30858] CPU: 1 PID: 30858 Comm: syz-executor.0 Not tainted 5.14.0-rc4-syzkaller #0
[  326.295848][T30858] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  326.306162][T30858] Call Trace:
[  326.309444][T30858]  dump_stack_lvl+0xb7/0x103
[  326.314079][T30858]  dump_stack+0x11/0x1a
[  326.318498][T30858]  should_fail+0x23c/0x250
[  326.323257][T30858]  __alloc_pages+0x102/0x320
[  326.327868][T30858]  alloc_pages_vma+0x513/0x680
[  326.332668][T30858]  ? page_address_in_vma+0x264/0x300
[  326.338030][T30858]  new_page+0x124/0x170
[  326.342219][T30858]  migrate_pages+0x3b3/0x1530
[  326.346911][T30858]  ? do_mbind+0xf50/0xf50
[  326.351340][T30858]  ? remove_migration_ptes+0x90/0x90
[  326.356722][T30858]  do_mbind+0xd43/0xf50
[  326.357106][ T1041]  loop3: p1 p3 p4
[  326.360964][T30858]  __x64_sys_mbind+0x10a/0x130
09:19:07 executing program 4:
mkdir(&(0x7f0000002200)='./file0\x00', 0x0)
r0 = open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
recvmsg$unix(r1, &(0x7f0000000980)={&(0x7f0000000080), 0x6e, &(0x7f00000007c0)=[{&(0x7f0000000100)=""/138, 0x8a}, {&(0x7f00000001c0)=""/69, 0x45}, {&(0x7f0000000240)=""/78, 0x4e}, {&(0x7f0000000380)=""/96, 0x60}, {&(0x7f0000000400)=""/141, 0x8d}, {&(0x7f00000002c0)=""/12, 0xc}, {&(0x7f00000004c0)=""/204, 0xcc}, {&(0x7f00000006c0)=""/252, 0xfc}], 0x8, &(0x7f0000000840)=[@cred={{0x1c}}, @rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @cred={{0x1c}}, @rights={{0x20, 0x1, 0x1, [0xffffffffffffffff, <r2=>0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @cred={{0x1c}}, @rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x28, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}], 0x118}, 0x0)
ioctl$EVIOCGMTSLOTS(r2, 0x8040450a, &(0x7f00000009c0)=""/172)
ioctl$FS_IOC_GETFLAGS(r1, 0x80086601, &(0x7f0000000040))
name_to_handle_at(0xffffffffffffffff, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="1c"], &(0x7f0000000340), 0x400)
getdents(r0, &(0x7f00000005c0)=""/223, 0xfc61)

[  326.365193][ T1041] loop3: p1 size 11290111 extends beyond EOD, 
[  326.369693][T30858]  do_syscall_64+0x3d/0x90
[  326.369731][T30858]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  326.369758][T30858] RIP: 0033:0x4665e9
[  326.375998][ T1041] truncated
[  326.383199][ T1041] loop3: p3 size 1912633224 extends beyond EOD, 
[  326.386465][T30858] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  326.386486][T30858] RSP: 002b:00007f21c691d188 EFLAGS: 00000246
[  326.390376][ T1041] truncated
[  326.393448][T30858]  ORIG_RAX: 00000000000000ed
[  326.393457][T30858] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665e9
[  326.411742][ T1041] loop3: p4 size 3657465856 extends beyond EOD, 
[  326.419511][T30858] RDX: 0000000000000000 RSI: 0000000000800004 RDI: 00000000203b5000
[  326.419528][T30858] RBP: 00007f21c691d1d0 R08: 0000000000000000 R09: 0000000000000002
[  326.419539][T30858] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  326.419549][T30858] R13: 00007ffd632b736f R14: 00007f21c691d300 R15: 0000000000022000
[  326.480103][ T1041] truncated
[  326.498766][T30855]  loop3: p1 p3 p4
[  326.502880][T30855] loop3: p1 size 11290111 extends beyond EOD, truncated
[  326.510986][T30855] loop3: p3 size 1912633224 extends beyond EOD, truncated
[  326.519288][T30855] loop3: p4 size 3657465856 extends beyond EOD, truncated
09:19:08 executing program 2:
r0 = open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x1800007, 0x11, r0, 0x0)
r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r2=>0x0)
ftruncate(r1, 0x81fd)
syz_open_dev$vcsu(&(0x7f0000001700), 0x0, 0x0)
sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000003980)=[{0x0}], 0x1}, 0x0)
io_submit(r2, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0x86ffffff, 0x1, 0x0, r1, &(0x7f0000000000), 0x16000}])

09:19:08 executing program 5:
mlockall(0x1)
mremap(&(0x7f0000453000/0x4000)=nil, 0x4000, 0x1000, 0x3, &(0x7f000014a000/0x1000)=nil)
mbind(&(0x7f00003b5000/0x800000)=nil, 0x800004, 0x0, 0x0, 0x100000000000000, 0x2)

09:19:08 executing program 4:
mkdir(&(0x7f0000002200)='./file0\x00', 0x0)
r0 = open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
getdents(r0, &(0x7f00000005c0)=""/223, 0xfc61)

09:19:08 executing program 1:
r0 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r1=>0x0)
io_submit(r1, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0xffffffff, 0x8, 0x1, 0x0, r0, &(0x7f0000000000), 0x16000}])

09:19:08 executing program 3:
syz_read_part_table(0x6516000000000000, 0x1, &(0x7f0000000480)=[{&(0x7f0000000000)="020181ffffff0a000000ff45ac000000000063000800000000000000000000ffffffa9000000e10000008877007200300700a6ffffff00000000008000da55aa", 0x40, 0x1c0}])
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)

09:19:08 executing program 0 (fault-call:2 fault-nth:71):
mlockall(0x1)
mremap(&(0x7f0000453000/0x4000)=nil, 0x4000, 0x1000, 0x3, &(0x7f000014a000/0x1000)=nil)
mbind(&(0x7f00003b5000/0x800000)=nil, 0x800004, 0x0, 0x0, 0x0, 0x2)

09:19:08 executing program 4:
mkdir(&(0x7f0000002200)='./file0\x00', 0x0)
r0 = open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r2 = pidfd_getfd(r1, r0, 0x0)
fallocate(r2, 0x39, 0x8, 0xab)
name_to_handle_at(0xffffffffffffffff, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="1c"], &(0x7f0000000340), 0x400)
getdents(r0, &(0x7f00000005c0)=""/223, 0xfc61)

[  326.940636][T30940] loop3: detected capacity change from 0 to 264192
09:19:08 executing program 2:
r0 = open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x1800007, 0x11, r0, 0x0)
r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r2=>0x0)
ftruncate(r1, 0x81fd)
syz_open_dev$vcsu(&(0x7f0000001700), 0x0, 0x0)
sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000003980)=[{0x0}], 0x1}, 0x0)
io_submit(r2, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0x95320200, 0x1, 0x0, r1, &(0x7f0000000000), 0x16000}])

09:19:08 executing program 1:
r0 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r1=>0x0)
io_submit(r1, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0x2, 0x1, 0x0, r0, &(0x7f0000000000), 0x16000}])

[  327.019059][T30940]  loop3: p1 p3 p4
[  327.030215][T30940] loop3: p1 size 11290111 extends beyond EOD, truncated
[  327.068828][ T1041]  loop1: p2 < > p3 p4
[  327.073039][ T1041] loop1: p2 size 2 extends beyond EOD, truncated
[  327.088042][T30940] loop3: p3 size 1912633224 extends beyond EOD, truncated
[  327.098171][ T1041] loop1: p3 start 225 is beyond EOD, truncated
[  327.104353][ T1041] loop1: p4 size 3657465856 extends beyond EOD, truncated
09:19:08 executing program 4:
mkdir(&(0x7f0000002200)='./file0\x00', 0x0)
r0 = open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
renameat2(r0, &(0x7f0000000040)='./file1\x00', r1, &(0x7f0000000080)='./file0\x00', 0x4)
name_to_handle_at(0xffffffffffffffff, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="1c"], &(0x7f0000000340), 0x400)
getdents(r0, &(0x7f00000005c0)=""/223, 0xfc61)

09:19:08 executing program 2:
r0 = open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x1800007, 0x11, r0, 0x0)
r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r2=>0x0)
ftruncate(r1, 0x81fd)
syz_open_dev$vcsu(&(0x7f0000001700), 0x0, 0x0)
sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000003980)=[{0x0}], 0x1}, 0x0)
io_submit(r2, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0xe4ffffff, 0x1, 0x0, r1, &(0x7f0000000000), 0x16000}])

[  327.119587][T30940] loop3: p4 size 3657465856 extends beyond EOD, truncated
09:19:08 executing program 4:
mkdir(&(0x7f0000002200)='./file0\x00', 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
name_to_handle_at(0xffffffffffffffff, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="1c"], &(0x7f0000000340), 0x400)
getdents(0xffffffffffffffff, &(0x7f00000005c0)=""/223, 0xfc61)
creat(&(0x7f0000000040)='./file0\x00', 0x4)

[  327.197116][T30940] loop3: detected capacity change from 0 to 264192
09:19:08 executing program 1:
r0 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r1=>0x0)
io_submit(r1, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0x3, 0x1, 0x0, r0, &(0x7f0000000000), 0x16000}])

[  327.241346][T30945] FAULT_INJECTION: forcing a failure.
[  327.241346][T30945] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  327.254836][T30945] CPU: 0 PID: 30945 Comm: syz-executor.0 Not tainted 5.14.0-rc4-syzkaller #0
[  327.263699][T30945] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  327.274256][T30945] Call Trace:
[  327.277533][T30945]  dump_stack_lvl+0xb7/0x103
[  327.282239][T30945]  dump_stack+0x11/0x1a
[  327.286399][T30945]  should_fail+0x23c/0x250
[  327.290837][T30945]  __alloc_pages+0x102/0x320
[  327.295599][T30945]  alloc_pages_vma+0x513/0x680
[  327.300637][T30945]  ? page_address_in_vma+0x264/0x300
[  327.306012][T30945]  new_page+0x124/0x170
[  327.310437][T30945]  migrate_pages+0x3b3/0x1530
[  327.315477][T30945]  ? do_mbind+0xf50/0xf50
[  327.319898][T30945]  ? remove_migration_ptes+0x90/0x90
[  327.325283][T30945]  do_mbind+0xd43/0xf50
[  327.329725][T30945]  __x64_sys_mbind+0x10a/0x130
[  327.334506][T30945]  do_syscall_64+0x3d/0x90
[  327.338936][T30945]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  327.344915][T30945] RIP: 0033:0x4665e9
[  327.348812][T30945] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  327.359332][ T1041]  loop1: p2 < > p3 p4
[  327.368511][T30945] RSP: 002b:00007f21c691d188 EFLAGS: 00000246 ORIG_RAX: 00000000000000ed
[  327.368534][T30945] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665e9
[  327.368546][T30945] RDX: 0000000000000000 RSI: 0000000000800004 RDI: 00000000203b5000
[  327.372827][T30940]  loop3: p1 p3 p4
[  327.380999][T30945] RBP: 00007f21c691d1d0 R08: 0000000000000000 R09: 0000000000000002
[  327.381015][T30945] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  327.381025][T30945] R13: 00007ffd632b736f R14: 00007f21c691d300 R15: 0000000000022000
[  327.416217][ T1041] loop1: p2 size 2 extends beyond EOD, truncated
[  327.466998][ T1041] loop1: p3 start 225 is beyond EOD, truncated
[  327.473311][ T1041] loop1: p4 size 3657465856 extends beyond EOD, truncated
[  327.498495][T30940] loop3: p1 size 11290111 extends beyond EOD, truncated
[  327.516782][T30940] loop3: p3 size 1912633224 extends beyond EOD, truncated
[  327.536723][T30940] loop3: p4 size 3657465856 extends beyond EOD, truncated
09:19:09 executing program 5:
mlockall(0x1)
mremap(&(0x7f0000453000/0x4000)=nil, 0x4000, 0x1000, 0x3, &(0x7f000014a000/0x1000)=nil)
mbind(&(0x7f00003b5000/0x800000)=nil, 0x800004, 0x0, 0x0, 0x200000000000000, 0x2)

09:19:09 executing program 2:
r0 = open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x1800007, 0x11, r0, 0x0)
r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r2=>0x0)
ftruncate(r1, 0x81fd)
syz_open_dev$vcsu(&(0x7f0000001700), 0x0, 0x0)
sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000003980)=[{0x0}], 0x1}, 0x0)
io_submit(r2, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0xe8030000, 0x1, 0x0, r1, &(0x7f0000000000), 0x16000}])

09:19:09 executing program 4:
mkdir(&(0x7f0000002200)='./file0\x00', 0x0)
r0 = open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000040), 0x0, 0xd9f, 0x0)
name_to_handle_at(0xffffffffffffffff, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="1c"], &(0x7f0000000340), 0x400)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r2, 0x0)
preadv(r2, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
fsconfig$FSCONFIG_SET_PATH_EMPTY(0xffffffffffffffff, 0x4, &(0x7f0000000040)='\x00', &(0x7f0000000080)='./file0/file0\x00', r0)
getdents(r2, &(0x7f0000000140)=""/239, 0xef)

09:19:09 executing program 1:
r0 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r1=>0x0)
io_submit(r1, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0x4, 0x1, 0x0, r0, &(0x7f0000000000), 0x16000}])

09:19:09 executing program 3:
syz_read_part_table(0x6800000000000000, 0x1, &(0x7f0000000480)=[{&(0x7f0000000000)="020181ffffff0a000000ff45ac000000000063000800000000000000000000ffffffa9000000e10000008877007200300700a6ffffff00000000008000da55aa", 0x40, 0x1c0}])
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)

09:19:09 executing program 0 (fault-call:2 fault-nth:72):
mlockall(0x1)
mremap(&(0x7f0000453000/0x4000)=nil, 0x4000, 0x1000, 0x3, &(0x7f000014a000/0x1000)=nil)
mbind(&(0x7f00003b5000/0x800000)=nil, 0x800004, 0x0, 0x0, 0x0, 0x2)

09:19:09 executing program 4:
unlinkat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x200)
mkdir(&(0x7f0000002200)='./file0\x00', 0x0)
r0 = open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
name_to_handle_at(0xffffffffffffffff, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB='P'], &(0x7f0000000340), 0x400)
getdents(r0, &(0x7f00000005c0)=""/223, 0xfc61)

[  327.898229][T31029] loop3: detected capacity change from 0 to 264192
09:19:09 executing program 2:
r0 = open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x1800007, 0x11, r0, 0x0)
r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r2=>0x0)
ftruncate(r1, 0x81fd)
syz_open_dev$vcsu(&(0x7f0000001700), 0x0, 0x0)
sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000003980)=[{0x0}], 0x1}, 0x0)
io_submit(r2, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0xefffffff, 0x1, 0x0, r1, &(0x7f0000000000), 0x16000}])

09:19:09 executing program 1:
r0 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r1=>0x0)
io_submit(r1, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0x5, 0x1, 0x0, r0, &(0x7f0000000000), 0x16000}])

[  327.969254][T31029]  loop3: p1 p3 p4
[  327.977335][T31029] loop3: p1 size 11290111 extends beyond EOD, truncated
[  328.002457][T31029] loop3: p3 size 1912633224 extends beyond EOD, truncated
09:19:09 executing program 4:
mkdir(&(0x7f0000002200)='./file0\x00', 0x0)
r0 = open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000080)=[{&(0x7f00000000c0)=""/74, 0x4a}], 0x1, 0xd9f, 0x0)
name_to_handle_at(0xffffffffffffffff, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="1c"], &(0x7f0000000340), 0x400)
getdents(r0, &(0x7f00000005c0)=""/223, 0xfc61)
mount(&(0x7f0000000040)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='devpts\x00', 0x14, &(0x7f00000001c0)='-\x8d\x00')

[  328.018278][ T1041]  loop1: p2 < > p3 p4
[  328.022580][ T1041] loop1: p2 size 2 extends beyond EOD, truncated
[  328.033514][T31029] loop3: p4 size 3657465856 extends beyond EOD, truncated
[  328.046619][ T1041] loop1: p3 start 225 is beyond EOD, truncated
[  328.052821][ T1041] loop1: p4 size 3657465856 extends beyond EOD, truncated
[  328.088319][T31056] devpts: called with bogus options
09:19:09 executing program 2:
r0 = open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x1800007, 0x11, r0, 0x0)
r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r2=>0x0)
ftruncate(r1, 0x81fd)
syz_open_dev$vcsu(&(0x7f0000001700), 0x0, 0x0)
sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000003980)=[{0x0}], 0x1}, 0x0)
io_submit(r2, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0xf4ffffff, 0x1, 0x0, r1, &(0x7f0000000000), 0x16000}])

09:19:09 executing program 4:
mkdir(&(0x7f0000002200)='./file0\x00', 0x0)
r0 = open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
r1 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000040)='/sys/module/libata', 0x80002, 0x100)
getpeername$unix(r1, &(0x7f0000000080), &(0x7f0000000100)=0x6e)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f000004d000/0x2000)=nil, 0x2000, 0x3000002, 0x12, r2, 0xf28c1000)
name_to_handle_at(0xffffffffffffffff, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="1c"], &(0x7f0000000340), 0x400)
r3 = syz_mount_image$iso9660(&(0x7f0000000140), &(0x7f0000000180)='./file1\x00', 0x3f, 0x3, &(0x7f0000000400)=[{&(0x7f00000001c0)="a99b82444b26ce84f22d6b94250cfcac5f39e30cdd9142408bbcff08aa29ea54a83b19b54e2b13c52b7e9a68be1898147f36654338c90d25eeb2e68b7fd35a4a4a4ab297193eb901cbe818c89cb60d507d5ad2e7fa4939485e40fbc332c75173275a8cb3c2c2f42a7e10f35c35f4b68b28fb0e02561a1b1bfdf9e5fbe718f4a40f3568d8c805d35b38a1a8d4b6e80b26f512677c43edf293256ea9f385af1f9fe897b3227b0c55cb47658fb28f0290c6933ed5f5bd6e33f9f7a4740936ead7e525b4fc6ab913fb5bc6684f354c9b004af82182", 0xd3, 0x7ff}, {&(0x7f0000000380)="033c5b74ba754cc8b025410d3971ce88ebb2da325d037ab66e5d938560112f6922a16764e644a034b77906a37c62c916717b1352fbada6bbbda0b20a72ab6a1bf908d5727c9bca0d4687b6d1066f19b591b5d240c8e169e4dc638f9fa3d453b30d32629e3400eae54ab75b69c82d1a8a457666767f8ad83faa14", 0x7a, 0x7}, {&(0x7f00000006c0)="5119e30db15d4f80a85e840b0dc3fff8ed06452ed77deacf5d7d6484d085ad820686629c541f71f633db36b7f351c1ba5e13741b74efd617d9106b77cf40ad96dd5479b77ff4391fe6c120808eff311dcbc2c51a762d5cd006653dbbc79f028c17ae8d0fcf53605209b8606b94c42ab3a32a3c60f1e96185f94dd4fe09a9f3c7459711a3bfa72e0409702003bbd1f3efe139bcca8c7f31da0891ae7a703d9b158f0688dae9949cf2490de0572274c2a5e4f3b473f58d3f5e5a1d453a7cbf2603f9a2ec363dc8a8907c411ce314450c81b5e6bd46675639b833d1ffbe0d068da778d5840ce447f8b9e0389803950b60723a631cf5fef4b44dba188723eb4a5659c6490f1101ce24667899439e894d5e3f74fd781df1be3ae1c3e8ea400b156d29e342af81478ccc16e223a9e31f3943c61b1a06980297573b0458cae99d7ed19415a85ebece0c0914d0dadc548f98dc64a42dd1d48a66ee82592f20617c5231f96f3ee91fa62af01fc431e44dae23d4f743a3d7881dd1a97b6e24b55a518fac43a7473a72c8cab16759558575a7dd60dbd36b8c240a3bea1cf69d968fadaf57a20f8021537daefa3d30d4d9130923cc9ea5569ac6b0df520a26430584cb2baaad7dc919686f60475259b5e4ad8ab10bc104439a0db899efe8eb658a48ab8e4948dc29a032932f075ff9410a708d96f23f82ab3288869ab6564d6699a933fe2e02da9e49619632ab2e535d95eaec01bbd16c1944bcb8bd8cc419830cee09a4466714e77913e8fe04c29794ef5959c1a722fc230a91ea2c692fa681c67d37d3467629b94f0682e7e20f966d21f70328c447fb8b27e8970db61e6641f8948dc2102d7d873b8231d9e796e1dd3a2d247b4b1fffb46cc19d91f94d9d29b6b4d25ca6db7ea5402ba88ec8dc56a4dca8ac134a0a571b62af619ee28b78c4cc55b554743d2f4c230b18435bd1de171d248fdecc2264d49a9881da7e01a26d8fa1b30cafe44c3365691a10315bc287af9949f6df4ed8ba290a51d1e5409f2eb4ed577d79505815e759b4e79df8590b69451a9e7e2b8199f42db2c40a0ff1a7bb7bae28ac82460b851c1c228d00632dbdbc1df5a412f58e123feed591054b999811a91305b574594f8284604d0906366621341625fc4ed22ee16a21b738939753fd60e7691ff78030efd8e3e64a683e855b88984680d945af4dfa36349c281d910c4159828a910a9d29b7bb742fb7a9e081e2ec02842bf6a52c406bbaaa7fcc1e464292a42e62af36b34e69a7db71460cd5ed1522c1f6843d42c300c9cc35208d7a277ea85fb2b5da30bb6bb3b26654185cee92b8186b0021ad7106c6b400ff789976c1d83b604ef441c271f9433286ba3ec58804f38823bb833ac38ba08078e10029f5398695122cf2d503393e9525a45bcbb8584cbce539f1959f049495ef9a16f471418daba3ed71dbac023ae3cabbc59e7bc651d8e0d235fb6f2cb44468b188e8c8a322dc0ef6829f3527ebbb2f4622c3b5d509f80e66081b7349396e907e12af7e5e0225ef04c1107181b07a9e08e0935327ebca2a08b78a8f3933b001e7b85ab79a201f23a6457fa66487fabd087e0efd2beea3d6c655e643808db3c398e9262854176ba4098d2b452d523f6f257807e9b5a0516c4021e0b7994d5d37c444a9348c4b7a458ac029a50f5f3a561891a2ecc6a3ebda9e723e728919f45fe9a61ffebf36a0a6835287599da8923b2d9d15c1e0d8f0cd1091d2bbbf966ce93b8d9a6b638298c84f631102a0e2455d218e13730091a2f8c18e90b78fb103617b59af3ff68898e0f05235f070e2acb21429f5c194a661463b6e4c5aaea4a8736b6fd24e6013853d4aec462dcbef3bf302fa7fc7167bdc051948548576c7196f1d9e9f3c062d1fe0681befb96ca344d7d698b12ea9e09b1a1cb7861b8172583619b7083fd56df64f4625d9188f9d606ebe04aeffc98faf3162951a11abb02092cfb19114b29f48f3584bb6344c87c419e4cdff4b24a2e9998574aee27dc1ea926c865f7009ad21825c1804c601018be2934ddcefb465912a9284f75e42377dcb635aea247657ad8803552eb3a240c2d4e1cb932182ea2c45d3c3be41031d74b0817030baef428727815efb799730dd79bf29a3bc2d5906d60b1364dbcfd602d2d7490cbbd2b3477d297df9436af5051cbe69ec68576189b98d6259fca570e2244c8beacdfcf4f55687fee0469de02b63b131f7d641e93740c085afd1cd4c671cf42bf0b94eac8d09f7ef4c8dc40becbdcbe857f888c31359d1febaf34e0192dfeeca0af2bb5583888cf8638856653d14fbb833cf91ad4ec985429506ccd30512f7a6cc5121a59ea6b402cb42fc67df67b49266661dabaeaffb74bfff6dba17422b944c5e4d4a91ee5b96e53093f860f27200d9865cd3d72939e6a83ef9b203729bed047610d388386f122a5be53cf5854a725716131a2d74deea98ae4155045bbe07f3e838ee8f36d2ff08eb93428c9a288959e55a41afc748611694c6f468a1bd685e2f08a89f919634b8743b0a2d1b647935d25ebe8de5f068ef825c5e54eec3dd68ab9ff8080c0c14bbf6a537ab0fc2614ccba5edc205e75ab99fdc0ac967f04b9c5a59d9b187a4d28850b312a989aa079ef14af1a44f9888a6db3ec86d68177a274d8021a304ab07ef2bd6fab4a709e38b9e991d9cbff7d852112dfed9a883ce0693e316eb99b5cb6f60f607c7080d766de3ccfeabb8ee0887420915d7fc0654cf6d943d8b17caeb2e2ba2b292eddbdcc2f53ee964ada5e2b267a2ec2e7aaa7b40aef452231e4f12fe38db5a20c27749edcd06bf05ebce8923d60b06cec437db860ab55b0e86bf941fe536056ee928be52188a228715aa81e186ad7dd5f92088f963927cc30be04c27189651d6fbee9a58129599d232168d92fbabb9d591754f9eac290c46913b1e1b92c31f3336b957feeb96cb3edcd0ca56bf131ae82d7ff21b3c0e2c144364e3d350d0ba8388919408cab460b0bd9a08ae5726b6e580d2b6c371a4916fcecc92cb11d144e52bd103e37faf09db30670504949cb81f0132f4b188938e7323bdd71eeff259628ad97aa5487d1b57ac1e659d3cad5d23bb33fe2fbc8f5a08a3a73b954c4df6d3a2e45d4c5730a7965d1585df7c2d359280b8e6cf7e4bc272f0a6096b08ccdf012a32dd4bd15b431ba960e419ca0ce16d1768449b0e73a565b9ed99cc203deb6e83569e42a4b5640a09fa7e948d9f4d489a7d741ca0631c11e3ac90b2757e0d7048f9f90f55366aa6fcf2888a20cb9ac371e9f21168e61ed1414441e97837a13e2003cd65b1c75780257cd4cd5ce7c77af13dad3f37d9250111dbd9b6e902a0b511b6d9d7767ebef45da47a789944385b41f1efc4107254f246f1537cea6153d249fa0789223032775f37bc1528702632a8093aaf8278b716e84522fbaacb48c7e1637fc0577655935a7e7777fbfabcc153d676d5ff222fa2fb7fa6b5514f56e6cec3d2ef79ad34a9a12b4e17d414bb5eeb1d0cabcd79d3ac426504b0b577e2dd9c644384689be7816ac9f81b9907a68884f839712ee847dcd174cf450fd1d3e97a8ed627670d1f5d54c175dbd53515e774d8250bd6e1417bd5f529aa363f313b2477406a5b8ac8cab7c55ef75461ad871ac439a804a85988f50ff0c0667beb5c3bbbd6c01827eb099fcb6817f57f066576fb8ad71b0dd5dd40b99bb9036255b0a3af90c6ca5a613bac93bd5f6367d799d699b03c6af241cad4a9cb930eeb1b3449db490259aa448608d4844e28a337e4479898b4b22f76c3b37e524ed848a35cec000725464db693e6b29be20fc4b37546d47fbbcf848a98f83e51c847b57d4552e7df408a5fd2ec3c042dfedb0834d7b9858744930b1c037533f75fe818f9e730ee008b5ad7550413476a984c6e96e40f9015cc17f60e0b3f41e7e80df2693062ff9e81ee4a3ff3fb36120cf26df58f1d78bd92b7c115c2048f57c129cc09b7ccd2247d3b7e789e905ad4a6d86cd2b2f40a46beb51dfcb970c03167c43462d7baf80f0b0447c402e9d929bbcc47e803c57f56e534bd8da5f639978855e0ed89bc143e2e8c7f17dfd8bf4d285951aaf02e17cc302ae76b45e73c4532de71d82093d0a90672d4983ebc5c34ec5ea9af8c1d3cedb2e8777b86cb49befd86cae257e815fe497b09b09c40874baf35a0c295999a3f3ffe6c4fc86fbf6985e4b079c42c20acf6398d78e83c73b6eb0c7f11bf3742abefb3df5118dd9081185f2fda7ed2c00eaa74c6827c3a314920cf0f4ba2f06b9e820311ed3d4a36431464943578478e516c426c8a6989b6b8e3e2cab3bc07d9d59da31dec3b72a1eb645b4954c452f068373feb6bb6ee52a72bd6e42bf4d4d87df2f70f2aba04950b8a1dba496e16378eaf5a9c9f678269dbca6e6abce7cff3693ef44b249577b91e398da03162919ba6bef2531be1666c156dbe6ac86261e21f1510cdfbedd4016a84688b8dce686f8227bbf2b1220a46349a938bf8f2e4cd78adaecc5d8e4ead1d9b674a06ea47f4fd05dad4801b523361b37c8c2f585372ec195651e7f055db414f118b51664529610a9960a7fc5b2c1fccedbc49505edc5c16e97b574c910806c5d627b35b9b8044059af86559ed62dfaabb971322166a75c1d9eb8a35fa8c7f2168736b37a2f890e4d0baa5d3f0e61853d9180a7c4cc74920f1cd0582a7da7eff98600f06a4e61a60fc750a2940a0a0c76c90210d4ada35fc435cefe0eae6b29044cfcb5ce3d564d7c94c133e016e2e58f8b49e59ff2b04a6a668a8dea86a51e9bcd89b1fe66d755888343f1fcc8ac511a6832f4edb4f2d5d8008161f71be2d3f3ac722943586605b94886c8b48a9a842f13a3d81d9af2e3745b8ab22e33badf9cef662b2ebf4d97cf573cf46687768eae2504dcb699dd931c367797755eabcb6936915ec6c91a178996e30bfafa3039aa0bc7c807e115a8bf105a58f38a15efd3ec5dddc2007e2cfeb82ba14a9c6f4656e85b4d19788332c7c167e30a3ab5f65749eeffb3715b4f0cb8987cabd463cb5c22b0805d2e2378f5020821492596cfd0353dd369df8bd83ae69b542f55dc68b7faa1f46484fd6cd3f4e8ee8b9c1b800f6470ef3ce5984aac2c5d929123307829f8f72bcc7825867e9b68a5d74448292ed2e2ce6e75198461330d13195614d33b47094a3f8bc0a19767570b1c1b8ee215afb47823f43866d49ebbf057218ea042465bcf66db278576abe4270215333c6fc3aa953b9685e88d4e51f2d8bbf061c648bdd32a65533cdc81a0946ff86b0f68a13b2df670f5ccb85de48e0e46b577a215bcc77ce8ca6b246945b05c119276b252e8be4f00039157da328b0d56d3bf28936b8c1aa98b5919b481008c1c7615caf7570fcc5948d0d01fd31d164045fdbf1a3f7426e242e0a42b279dda5fe954d4013914d2e33edd1eff81cdd40b22659ba4da33b13f90fa6ff06b6474afc239cb33205bac78c5570c5a4a87c4a986b74970a6a255d431b5d964cfbd4b692556ff50ac614b4576628218f8a7a438c975babf8ab79ad31718a1318b3790c1461e694c477388a131c078f809eb052617f5ab17b08925c743fc9ca38cba9ec24a92ed3f0c1a0ccd28a41a47dfd44de4fac2b7a9b93a97fbd0e04f17dc4c797dca9c3f4ffabc4a01badbc01073ad5d1c5985779ba628e2e946ddcd49bfeba9e12aa914244f001fd2ee73a3ab320a3ae695c18a663af64931e387ece28c50bec82660ae8ece9a3b68315ab056b8f787f2ab144acfd41d9999ec651747a75", 0x1000, 0x7}], 0x2040020, &(0x7f0000000480)={[{@overriderock}, {@nojoliet}, {@utf8}, {@session={'session', 0x3d, 0x58}}], [{@smackfshat}, {@hash}]})
mknodat$loop(r3, &(0x7f00000002c0)='./file0\x00', 0x8, 0x0)
getdents(r0, &(0x7f00000005c0)=""/223, 0xfc61)

[  328.113921][T31029] loop3: detected capacity change from 0 to 264192
[  328.168999][T31029]  loop3: p1 p3 p4
[  328.172904][T31029] loop3: p1 size 11290111 extends beyond EOD, truncated
[  328.196094][ T1041]  loop1: p2 < > p3 p4
[  328.196829][T31071] loop4: detected capacity change from 0 to 8
[  328.203029][T31029] loop3: p3 size 1912633224 extends beyond EOD, truncated
[  328.218399][ T1041] loop1: p2 size 2 extends beyond EOD, truncated
[  328.226607][T31029] loop3: p4 size 3657465856 extends beyond EOD, truncated
[  328.241824][ T1041] loop1: p3 start 225 is beyond EOD, truncated
[  328.248056][ T1041] loop1: p4 size 3657465856 extends beyond EOD, truncated
[  328.279860][T31085] loop4: detected capacity change from 0 to 8
[  328.319134][T31024] FAULT_INJECTION: forcing a failure.
[  328.319134][T31024] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  328.333667][T31024] CPU: 0 PID: 31024 Comm: syz-executor.0 Not tainted 5.14.0-rc4-syzkaller #0
[  328.342474][T31024] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  328.352803][T31024] Call Trace:
[  328.356616][T31024]  dump_stack_lvl+0xb7/0x103
[  328.361249][T31024]  dump_stack+0x11/0x1a
[  328.365495][T31024]  should_fail+0x23c/0x250
[  328.369927][T31024]  __alloc_pages+0x102/0x320
[  328.374649][T31024]  alloc_pages_vma+0x513/0x680
[  328.379602][T31024]  ? page_address_in_vma+0x264/0x300
[  328.385002][T31024]  new_page+0x124/0x170
[  328.389159][T31024]  migrate_pages+0x3b3/0x1530
[  328.393830][T31024]  ? do_mbind+0xf50/0xf50
[  328.398411][T31024]  ? remove_migration_ptes+0x90/0x90
[  328.403754][T31024]  do_mbind+0xd43/0xf50
[  328.407930][T31024]  __x64_sys_mbind+0x10a/0x130
[  328.412776][T31024]  do_syscall_64+0x3d/0x90
[  328.417260][T31024]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  328.423457][T31024] RIP: 0033:0x4665e9
[  328.427420][T31024] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  328.447196][T31024] RSP: 002b:00007f21c691d188 EFLAGS: 00000246 ORIG_RAX: 00000000000000ed
[  328.455829][T31024] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665e9
[  328.463966][T31024] RDX: 0000000000000000 RSI: 0000000000800004 RDI: 00000000203b5000
[  328.472225][T31024] RBP: 00007f21c691d1d0 R08: 0000000000000000 R09: 0000000000000002
[  328.480273][T31024] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  328.488244][T31024] R13: 00007ffd632b736f R14: 00007f21c691d300 R15: 0000000000022000
09:19:10 executing program 5:
mlockall(0x1)
mremap(&(0x7f0000453000/0x4000)=nil, 0x4000, 0x1000, 0x3, &(0x7f000014a000/0x1000)=nil)
mbind(&(0x7f00003b5000/0x800000)=nil, 0x800004, 0x0, 0x0, 0x300000000000000, 0x2)

09:19:10 executing program 1:
r0 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r1=>0x0)
io_submit(r1, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0x6, 0x1, 0x0, r0, &(0x7f0000000000), 0x16000}])

09:19:10 executing program 2:
r0 = open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x1800007, 0x11, r0, 0x0)
r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r2=>0x0)
ftruncate(r1, 0x81fd)
syz_open_dev$vcsu(&(0x7f0000001700), 0x0, 0x0)
sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000003980)=[{0x0}], 0x1}, 0x0)
io_submit(r2, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0xfbffffff, 0x1, 0x0, r1, &(0x7f0000000000), 0x16000}])

09:19:10 executing program 3:
syz_read_part_table(0x6c00000000000000, 0x1, &(0x7f0000000480)=[{&(0x7f0000000000)="020181ffffff0a000000ff45ac000000000063000800000000000000000000ffffffa9000000e10000008877007200300700a6ffffff00000000008000da55aa", 0x40, 0x1c0}])
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)

09:19:10 executing program 4:
mkdir(&(0x7f0000002200)='./file0\x00', 0x0)
r0 = open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x400, 0x15e)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
pipe(&(0x7f0000000040)={<r2=>0xffffffffffffffff})
r3 = socket$inet_udp(0x2, 0x2, 0x0)
close(r3)
splice(r2, 0x0, r3, 0x0, 0x10005, 0x0)
name_to_handle_at(r1, 0x0, &(0x7f0000000080)=ANY=[], &(0x7f0000000340), 0x1000)
openat(0xffffffffffffffff, &(0x7f0000000040)='./file0\x00', 0x101600, 0x2)
getdents(r0, &(0x7f00000005c0)=""/223, 0xfc61)

09:19:10 executing program 0 (fault-call:2 fault-nth:73):
mlockall(0x1)
mremap(&(0x7f0000453000/0x4000)=nil, 0x4000, 0x1000, 0x3, &(0x7f000014a000/0x1000)=nil)
mbind(&(0x7f00003b5000/0x800000)=nil, 0x800004, 0x0, 0x0, 0x0, 0x2)

[  328.862333][T31113] loop3: detected capacity change from 0 to 264192
[  328.898825][T31113]  loop3: p1 p3 p4
09:19:10 executing program 4:
mkdir(&(0x7f0000002200)='./file0\x00', 0x0)
r0 = open$dir(&(0x7f0000000140)='./file0\x00', 0x101000, 0x0)
mknod(&(0x7f0000000100)='./file0\x00', 0x8000, 0x5)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
syz_open_procfs(0x0, &(0x7f0000000040)='pagemap\x00')
name_to_handle_at(0xffffffffffffffff, 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB="4939915f5bc8bdba512a676269f8de1838a62d2097c229081515130ff8761a5ed391222aed5848586f3845fd23cf4bf3f8ee92b11a907a3caab432a2162c1676c00c6dfe2e0f862357d3c79a0440b22458b285e391edc5af3dd3ce7a35e046fe4cf2bbb042d7a9"], &(0x7f0000000340), 0x400)
getdents(r0, &(0x7f00000005c0)=""/223, 0xfc61)

[  328.907242][T31113] loop3: p1 size 11290111 extends beyond EOD, truncated
[  328.925699][T31113] loop3: p3 size 1912633224 extends beyond EOD, truncated
[  328.945871][T31113] loop3: p4 size 3657465856 extends beyond EOD, truncated
09:19:10 executing program 1:
r0 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r1=>0x0)
io_submit(r1, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0x7, 0x1, 0x0, r0, &(0x7f0000000000), 0x16000}])

09:19:10 executing program 2:
r0 = open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x1800007, 0x11, r0, 0x0)
r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r2=>0x0)
ftruncate(r1, 0x81fd)
syz_open_dev$vcsu(&(0x7f0000001700), 0x0, 0x0)
sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000003980)=[{0x0}], 0x1}, 0x0)
io_submit(r2, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0xfd810000, 0x1, 0x0, r1, &(0x7f0000000000), 0x16000}])

09:19:10 executing program 3:
syz_read_part_table(0x7400000000000000, 0x1, &(0x7f0000000480)=[{&(0x7f0000000000)="020181ffffff0a000000ff45ac000000000063000800000000000000000000ffffffa9000000e10000008877007200300700a6ffffff00000000008000da55aa", 0x40, 0x1c0}])
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)

[  329.100853][ T1041]  loop1: p2 < > p3 p4
[  329.116039][ T1041] loop1: p2 size 2 extends beyond EOD, truncated
[  329.135210][ T1041] loop1: p3 start 225 is beyond EOD, truncated
[  329.141576][ T1041] loop1: p4 size 3657465856 extends beyond EOD, truncated
09:19:10 executing program 4:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$TCSETSW2(r0, 0x402c542c, &(0x7f0000000040)={0x65a5, 0x190, 0x100080, 0x2965015d, 0x3, "0ae606b02aaa4afb50b7e4b4310f2b1bd3b0f1", 0x7, 0x1})
mkdir(&(0x7f0000002200)='./file0\x00', 0x0)
r1 = open$dir(&(0x7f0000000000)='./file0\x00', 0x4000, 0x15c)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r2, 0x0)
preadv(r2, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BTRFS_IOC_BALANCE_CTL(r1, 0x40049421, 0x3)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
writev(r3, &(0x7f0000000280)=[{&(0x7f0000000180)="1d2fc3b113f50e63f6222bc0bb220eae112805a49f3cb8d4b2b811468509c5baa697ed502c4f83be75689e1b2e48fac6c77f85f1d97871ad161ecfd87acb9852b69674e6958f6b5ab6344f1f7c8886bbf912d9a79bf5c12b04b7c3fe0d03c6775296074b6863eef12fc82ed32174d1a838445e1c5a47df7a012c79d5c36cb6dd31b212ccb50b8bf7785c83da8abc455967f761a95ea31cd0a51c446b3120d03bf5d6d80c0e3ba1aaae59537e58c169c460b9730bd203a884aa1f995e40942c55834b33", 0xc3}], 0x1)
name_to_handle_at(0xffffffffffffffff, 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB="1cdda7a2479cd2d728e071770e68eff2bc9ae871c30253b2982efd7c65b4b194a35fe53d446a52e204a3e362b14954679e09f13ced32bb092c0b28e0709a52c25986bcbad41c1c70565ac92540c474001cbab903cc06bb392a4a9241d099d7053fd0a6a8bdec4e3ccaaf2a8af01c87d7337e32a5b4ae04b0dd7c4d1f01b26a7c338cce46d48ef0c51b8ca53d39cfafc3fb72ea1e9fece0bfba2935904e5f05b6f82d71a709b549b1d6def83d4e66e881d607d90574386659d3c78c537e1fc4fbbd012bf52670d0e4b486c9d71ffb12b2980b6ae2352ee137e89744"], &(0x7f0000000340), 0x400)
getdents(r1, &(0x7f00000005c0)=""/223, 0xfc61)

09:19:10 executing program 1:
r0 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r1=>0x0)
io_submit(r1, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0x9, 0x1, 0x0, r0, &(0x7f0000000000), 0x16000}])

[  329.150514][T31147] loop3: detected capacity change from 0 to 264192
[  329.191288][T31147]  loop3: p1 p3 p4
[  329.195200][T31147] loop3: p1 size 11290111 extends beyond EOD, truncated
[  329.220888][T31147] loop3: p3 size 1912633224 extends beyond EOD, truncated
[  329.240436][T31147] loop3: p4 size 3657465856 extends beyond EOD, truncated
[  329.246005][T31121] FAULT_INJECTION: forcing a failure.
[  329.246005][T31121] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  329.261304][T31121] CPU: 0 PID: 31121 Comm: syz-executor.0 Not tainted 5.14.0-rc4-syzkaller #0
[  329.269431][ T1041]  loop3: p1 p3 p4
[  329.270353][T31121] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  329.270368][T31121] Call Trace:
[  329.270377][T31121]  dump_stack_lvl+0xb7/0x103
[  329.274229][ T1041] loop3: p1 size 11290111 extends beyond EOD, 
[  329.284181][T31121]  dump_stack+0x11/0x1a
[  329.284203][T31121]  should_fail+0x23c/0x250
[  329.287484][ T1041] truncated
[  329.292139][T31121]  __alloc_pages+0x102/0x320
[  329.315485][T31121]  alloc_pages_vma+0x513/0x680
[  329.320367][T31121]  ? page_address_in_vma+0x264/0x300
[  329.325917][T31121]  new_page+0x124/0x170
[  329.327948][ T1041] loop3: p3 size 1912633224 extends beyond EOD, 
[  329.330071][T31121]  migrate_pages+0x3b3/0x1530
[  329.330094][T31121]  ? do_mbind+0xf50/0xf50
[  329.336583][ T1041] truncated
[  329.341219][T31121]  ? remove_migration_ptes+0x90/0x90
[  329.352006][ T1041] loop3: p4 size 3657465856 extends beyond EOD, truncated
[  329.354042][T31121]  do_mbind+0xd43/0xf50
[  329.365377][T31121]  __x64_sys_mbind+0x10a/0x130
[  329.370168][T31121]  do_syscall_64+0x3d/0x90
[  329.374645][T31121]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  329.380572][T31121] RIP: 0033:0x4665e9
[  329.384445][T31121] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  329.404214][T31121] RSP: 002b:00007f21c691d188 EFLAGS: 00000246 ORIG_RAX: 00000000000000ed
[  329.412656][T31121] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665e9
[  329.420778][T31121] RDX: 0000000000000000 RSI: 0000000000800004 RDI: 00000000203b5000
[  329.430518][T31121] RBP: 00007f21c691d1d0 R08: 0000000000000000 R09: 0000000000000002
[  329.438474][T31121] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  329.446713][T31121] R13: 00007ffd632b736f R14: 00007f21c691d300 R15: 0000000000022000
[  329.575781][ T1041]  loop1: p2 < > p3 p4
[  329.587437][ T1041] loop1: p2 size 2 extends beyond EOD, truncated
[  329.597870][ T1041] loop1: p3 start 225 is beyond EOD, truncated
[  329.604062][ T1041] loop1: p4 size 3657465856 extends beyond EOD, truncated
09:19:11 executing program 5:
mlockall(0x1)
mremap(&(0x7f0000453000/0x4000)=nil, 0x4000, 0x1000, 0x3, &(0x7f000014a000/0x1000)=nil)
mbind(&(0x7f00003b5000/0x800000)=nil, 0x800004, 0x0, 0x0, 0x400000000000000, 0x2)

09:19:11 executing program 2:
r0 = open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x1800007, 0x11, r0, 0x0)
r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r2=>0x0)
ftruncate(r1, 0x81fd)
syz_open_dev$vcsu(&(0x7f0000001700), 0x0, 0x0)
sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000003980)=[{0x0}], 0x1}, 0x0)
io_submit(r2, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0xfeffffff, 0x1, 0x0, r1, &(0x7f0000000000), 0x16000}])

09:19:11 executing program 4:
mkdir(&(0x7f0000002200)='./file0\x00', 0x0)
r0 = open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
name_to_handle_at(0xffffffffffffffff, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="1c"], &(0x7f0000000340), 0x400)
getdents(r0, &(0x7f00000005c0)=""/223, 0xfc61)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r2, 0x0)
preadv(r2, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
poll(&(0x7f0000000080)=[{r2, 0x30}], 0x1, 0x0)
pipe(&(0x7f0000000040)={<r3=>0xffffffffffffffff})
r4 = socket$inet_udp(0x2, 0x2, 0x0)
close(r4)
splice(r3, 0x0, r4, 0x0, 0x10005, 0x0)
sendfile(r3, r0, 0x0, 0x8)

09:19:11 executing program 3:
syz_read_part_table(0x7a00000000000000, 0x1, &(0x7f0000000480)=[{&(0x7f0000000000)="020181ffffff0a000000ff45ac000000000063000800000000000000000000ffffffa9000000e10000008877007200300700a6ffffff00000000008000da55aa", 0x40, 0x1c0}])
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)

09:19:11 executing program 1:
r0 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r1=>0x0)
io_submit(r1, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0xf, 0x1, 0x0, r0, &(0x7f0000000000), 0x16000}])

09:19:11 executing program 0 (fault-call:2 fault-nth:74):
mlockall(0x1)
mremap(&(0x7f0000453000/0x4000)=nil, 0x4000, 0x1000, 0x3, &(0x7f000014a000/0x1000)=nil)
mbind(&(0x7f00003b5000/0x800000)=nil, 0x800004, 0x0, 0x0, 0x0, 0x2)

09:19:11 executing program 4:
mkdir(&(0x7f0000002200)='./file0\x00', 0x0)
r0 = open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
name_to_handle_at(0xffffffffffffffff, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="1c"], &(0x7f0000000340), 0x400)
getdents(r0, &(0x7f00000005c0)=""/223, 0xfc61)
syz_mount_image$tmpfs(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x80000001, 0x7, &(0x7f00000004c0)=[{&(0x7f00000000c0)="aee4899174159e9f597ac327dbc4ce1aacaeed09eff6b31023acd571cdb1d86ead33f6abff52985af7f44af643807b54e10c32ecc6c684264301d7fccba1d7cd62eff8ed20367b1fb862bb493a86e970b01a", 0x52, 0x2}, {0xffffffffffffffff, 0x0, 0x7}, {&(0x7f0000000140)="408a476898d3ab8fe7124d0267843dc36a8249d23c1766c89519b7679cc466660b773efb1bdc1991f670e3e910c8f2c1b728fc5543fac5eb44beed1db455c9f4fc84dd862627c2584cb2302f95d5e6cfb2ccef4cae56b5e21930ff374e9d593cbe609a3da820b3af82601a4ef4b2054b1a4f2d050a103f77b8", 0x79, 0x4}, {&(0x7f00000001c0)="93ad4646923f5a9a3bcb8822e373868a98f1e68225a0e28dd7ff01f3ce25d3fee37b99b0c629c4934f39a7e31ae0f73ddd986b7c9ee282d7c7fde5389b2cb21efb641244ecc67666d149466b35f8505da057a716278a37db3e8df38068c5ab208b6023cec47b09f6d7884b6e82b2a1033953899c150e5d2399a5cb299cc6", 0x7e, 0x1}, {&(0x7f0000000240)="b724e17543e67f87c88115a8b591538a777b3f47353a9dc3c31f1309a955831a7c56898a9903001754c0c672735f12a700469992c8a81be8635accf8f6ce3540d646526892d29c722bdbc6099115434bae6e1afe452e7ee325e079c6f3fa2ae99a84a6db835919da8de9c486f7d63aa4f23f9fa91c50fbcf37", 0x79, 0x4}, {&(0x7f0000000380)="821235fe091cc9f2e21525a92bbe44ea09966d145cb84e0bd1094b2d67aa16c1d563bb77b252e94a34886e1f8c8ace89eb44114c92f2cdf9f178257a39ef887c6bb93b60000cb3265502352781fc5b892aefd99495dd19cab613b0a1b6a0fdc33f88caa53e1191cb1c98a31bc51d2de9bb2ae7b295366c24166ff3b11edd1b102aadfc7d1469f30560956b98daf486896f6a34052218574c38a1efc2dbab3d53dc0fd5363b8031e1443f73f516dc4249e1007ccd8c70", 0xb6, 0x1}, {&(0x7f0000000440)="6c4c32dd7c6652f584f2566e4cca7d123246af24572f99600f3ec3d2a41c5151faad16f73d562c4c47950221e84afc0fc5364250631ac093ebf5de40f3f43bc4f3f217bd83350f8d0660c4c2f8f860e3378ed87c6d56f4eb27d11fbcd612aa86b1", 0x61, 0x3f}], 0x1040, &(0x7f00000002c0)={[{@nr_blocks={'nr_blocks', 0x3d, [0x3f, 0x25, 0x65, 0x67, 0x78, 0x70, 0x67, 0x25, 0x70]}}]})

[  329.918272][T31214] loop3: detected capacity change from 0 to 264192
09:19:11 executing program 2:
r0 = open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x1800007, 0x11, r0, 0x0)
r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r2=>0x0)
ftruncate(r1, 0x81fd)
syz_open_dev$vcsu(&(0x7f0000001700), 0x0, 0x0)
sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000003980)=[{0x0}], 0x1}, 0x0)
io_submit(r2, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0xff010000, 0x1, 0x0, r1, &(0x7f0000000000), 0x16000}])

09:19:11 executing program 1:
r0 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r1=>0x0)
io_submit(r1, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0x17d, 0x1, 0x0, r0, &(0x7f0000000000), 0x16000}])

[  329.958992][T31221] loop4: detected capacity change from 0 to 264192
[  329.975854][T31214]  loop3: p1 p3 p4
[  329.995501][ T1041]  loop1: p2 < > p3 p4
[  329.996019][T31214] loop3: p1 size 11290111 extends beyond EOD, truncated
09:19:11 executing program 4:
ioctl$BTRFS_IOC_QUOTA_RESCAN(0xffffffffffffffff, 0x4040942c, &(0x7f0000000140)={0x0, 0x0, [0x9, 0x2, 0x800, 0xcd66, 0x2a0, 0x6]})
mkdir(&(0x7f0000002200)='./file0\x00', 0x0)
r0 = open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, 0xffffffffffffffff, 0x0)
preadv(0xffffffffffffffff, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
name_to_handle_at(0xffffffffffffffff, 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="1cbce9f78c64cad418e5a0bd53d8d80418fbf3b36dbb65e0b2fe815b9001150c1d1e20b8a65a79d1faacacfed306cd727fe0970644e74dd1e2a584249236848c67e90a592134f2f45293e0b398daedb3c39302499e0666679bd79af25d5715feb8a8eec31e8ff1ef2e1878651ecfd6e8c78899fcfa82e0a3bfc9fd93dac660284ec36f74046c67ae12479df4f11d93014590c32f7068f73d242edc"], &(0x7f0000000340), 0x400)
pipe(&(0x7f0000000040)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0)
ioctl$sock_inet6_SIOCDIFADDR(r1, 0x8936, &(0x7f0000000240)={@dev={0xfe, 0x80, '\x00', 0x10}, 0x40})
getdents(r0, &(0x7f0000000040)=""/223, 0x897bd2b6a42ce722)

[  330.009733][ T1041] loop1: p2 size 2 extends beyond EOD, truncated
[  330.027784][T31214] loop3: p3 size 1912633224 extends beyond EOD, truncated
[  330.052296][ T1041] loop1: p3 start 225 is beyond EOD, truncated
[  330.052885][T31214] loop3: p4 size 3657465856 extends beyond EOD, truncated
[  330.058550][ T1041] loop1: p4 size 3657465856 extends beyond EOD, truncated
09:19:11 executing program 2:
r0 = open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x1800007, 0x11, r0, 0x0)
r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r2=>0x0)
ftruncate(r1, 0x81fd)
syz_open_dev$vcsu(&(0x7f0000001700), 0x0, 0x0)
sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000003980)=[{0x0}], 0x1}, 0x0)
io_submit(r2, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0xff0f0000, 0x1, 0x0, r1, &(0x7f0000000000), 0x16000}])

[  330.145718][T31214] loop3: detected capacity change from 0 to 264192
[  330.185615][T31214]  loop3: p1 p3 p4
09:19:11 executing program 1:
r0 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r1=>0x0)
io_submit(r1, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0x8, 0x2, 0x0, r0, &(0x7f0000000000), 0x16000}])

[  330.194771][T31214] loop3: p1 size 11290111 extends beyond EOD, truncated
[  330.208425][ T1041]  loop1: p2 < > p3 p4
[  330.213183][ T1041] loop1: p2 size 2 extends beyond EOD, truncated
[  330.228056][T31214] loop3: p3 size 1912633224 extends beyond EOD, truncated
[  330.237782][ T1041] loop1: p3 start 225 is beyond EOD, truncated
[  330.243982][ T1041] loop1: p4 size 3657465856 extends beyond EOD, truncated
[  330.251482][T31214] loop3: p4 size 3657465856 extends beyond EOD, truncated
[  330.327219][T31212] FAULT_INJECTION: forcing a failure.
[  330.327219][T31212] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  330.340776][T31212] CPU: 1 PID: 31212 Comm: syz-executor.0 Not tainted 5.14.0-rc4-syzkaller #0
[  330.349712][T31212] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  330.360046][T31212] Call Trace:
[  330.363318][T31212]  dump_stack_lvl+0xb7/0x103
[  330.367995][T31212]  dump_stack+0x11/0x1a
[  330.372407][T31212]  should_fail+0x23c/0x250
[  330.376927][T31212]  __alloc_pages+0x102/0x320
[  330.381857][T31212]  alloc_pages_vma+0x513/0x680
[  330.386812][T31212]  ? page_address_in_vma+0x264/0x300
[  330.392291][T31212]  new_page+0x124/0x170
[  330.396442][T31212]  migrate_pages+0x3b3/0x1530
[  330.401164][T31212]  ? do_mbind+0xf50/0xf50
[  330.405488][T31212]  ? remove_migration_ptes+0x90/0x90
[  330.410834][T31212]  do_mbind+0xd43/0xf50
[  330.415456][T31212]  __x64_sys_mbind+0x10a/0x130
[  330.420270][T31212]  do_syscall_64+0x3d/0x90
[  330.424793][T31212]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  330.430684][T31212] RIP: 0033:0x4665e9
[  330.434660][T31212] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  330.454465][T31212] RSP: 002b:00007f21c691d188 EFLAGS: 00000246 ORIG_RAX: 00000000000000ed
[  330.462886][T31212] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665e9
[  330.470860][T31212] RDX: 0000000000000000 RSI: 0000000000800004 RDI: 00000000203b5000
[  330.478920][T31212] RBP: 00007f21c691d1d0 R08: 0000000000000000 R09: 0000000000000002
[  330.487110][T31212] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  330.495461][T31212] R13: 00007ffd632b736f R14: 00007f21c691d300 R15: 0000000000022000
[  330.521147][ T1778] __loop_clr_fd: partition scan of loop3 failed (rc=-16)
[  330.535821][ T1041]  loop1: p2 < > p3 p4
[  330.540064][ T1041] loop1: p2 size 2 extends beyond EOD, truncated
[  330.547490][ T1041] loop1: p3 start 225 is beyond EOD, truncated
[  330.553738][ T1041] loop1: p4 size 3657465856 extends beyond EOD, truncated
09:19:12 executing program 5:
mlockall(0x1)
mremap(&(0x7f0000453000/0x4000)=nil, 0x4000, 0x1000, 0x3, &(0x7f000014a000/0x1000)=nil)
mbind(&(0x7f00003b5000/0x800000)=nil, 0x800004, 0x0, 0x0, 0x700000000000000, 0x2)

09:19:12 executing program 3:
syz_read_part_table(0x7fffffffffffffff, 0x1, &(0x7f0000000480)=[{&(0x7f0000000000)="020181ffffff0a000000ff45ac000000000063000800000000000000000000ffffffa9000000e10000008877007200300700a6ffffff00000000008000da55aa", 0x40, 0x1c0}])
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)

09:19:12 executing program 1:
r0 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r1=>0x0)
io_submit(r1, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0x8, 0x3, 0x0, r0, &(0x7f0000000000), 0x16000}])

09:19:12 executing program 2:
r0 = open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x1800007, 0x11, r0, 0x0)
r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r2=>0x0)
ftruncate(r1, 0x81fd)
syz_open_dev$vcsu(&(0x7f0000001700), 0x0, 0x0)
sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000003980)=[{0x0}], 0x1}, 0x0)
io_submit(r2, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0xff5f0100, 0x1, 0x0, r1, &(0x7f0000000000), 0x16000}])

[  330.772832][T31286] loop3: detected capacity change from 0 to 264192
09:19:12 executing program 1:
r0 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r1=>0x0)
io_submit(r1, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0x8, 0x4, 0x0, r0, &(0x7f0000000000), 0x16000}])

[  330.838149][T31286]  loop3: p1 p3 p4
[  330.842319][T31286] loop3: p1 size 11290111 extends beyond EOD, truncated
[  330.858113][T31286] loop3: p3 size 1912633224 extends beyond EOD, truncated
[  330.879227][ T1041]  loop1: p2 < > p3 p4
[  330.883674][ T1041] loop1: p2 size 2 extends beyond EOD, truncated
[  330.908830][ T1041] loop1: p3 start 225 is beyond EOD, truncated
[  330.911949][T31286] loop3: p4 size 3657465856 extends beyond EOD, truncated
[  330.915035][ T1041] loop1: p4 size 3657465856 extends beyond EOD, truncated
09:19:12 executing program 0 (fault-call:2 fault-nth:75):
mlockall(0x1)
mremap(&(0x7f0000453000/0x4000)=nil, 0x4000, 0x1000, 0x3, &(0x7f000014a000/0x1000)=nil)
mbind(&(0x7f00003b5000/0x800000)=nil, 0x800004, 0x0, 0x0, 0x0, 0x2)

09:19:12 executing program 2:
r0 = open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x1800007, 0x11, r0, 0x0)
r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r2=>0x0)
ftruncate(r1, 0x81fd)
syz_open_dev$vcsu(&(0x7f0000001700), 0x0, 0x0)
sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000003980)=[{0x0}], 0x1}, 0x0)
io_submit(r2, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0xff600000, 0x1, 0x0, r1, &(0x7f0000000000), 0x16000}])

09:19:12 executing program 3:
syz_read_part_table(0x8004000000000000, 0x1, &(0x7f0000000480)=[{&(0x7f0000000000)="020181ffffff0a000000ff45ac000000000063000800000000000000000000ffffffa9000000e10000008877007200300700a6ffffff00000000008000da55aa", 0x40, 0x1c0}])
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)

09:19:12 executing program 4:
mkdir(&(0x7f0000002200)='./file0\x00', 0x0)
r0 = open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
name_to_handle_at(0xffffffffffffffff, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="1c"], &(0x7f0000000340), 0x400)
getdents(r0, &(0x7f00000005c0)=""/223, 0xfc61)
vmsplice(r0, &(0x7f0000000240)=[{&(0x7f0000000040)="d2c0fd84387c23962c3e51b3effb2825fcaa9a669b7957a90cc4c2da9b4871f50e9bd6e096462f99fdfca4e64369d276c11fc506ab051699df192b424bb3496e2e3c8635b48da1d4344c8714fd1717416d38b7b032e7a0e786663bd3b321ada68da1777208b054c72ee3c53c8de52f7dccefffc8afbe1870890b2a100ae1e11991edfc1392219a21b1d271b48069b24240fa0e6d0f324a0531acc1", 0x9b}, {&(0x7f00000006c0)="cd39b7a0fde05a58b0fcdb9f8a5259e7fa2c2e9f9a5895550316bde954d06ab09e5c2ff8468ce428c4a8ebac633652a1711f2b5eab1a2a08e4dcf145da0b56b7b7dfa77a94428070b3f2323a522b105f94eb972f81148a93f74fea98f6028b17b4e5ea41b5b2c9a1bbb3fbe8c37ecfa516a1a231e0f59b63a5a2e4da2c75e88d62d11f94cdc43d3333c1cd1892bb8e6a35383c696ff7fecc23f9eb48e0b89f274c9223123407d0202cf1d9690cab30fb7f45d0a5b0e68acf4b6941e82c9eaecf9f119e7ffa61f7dae3db80c96ced8939272e834e56c384edae72704c290ab500c17388126079220e4f0e360315d4910191dcb234da3f37ab467be3145f69297445aebc18f6b50cde555b66b12efc6af8bd6a7e1673541d76a27c1ff2d39401b0a2b4baf7d6822b3b4609cc7744f2359ae6c8f67c57953be43f4076376996c1ef2e2d2ce91b92aa7e30fe0583ba0aaa7b43ced2deb1295bcdec6ed5020237fa0f5e7c6bcc1e5db30c7a1761a65fe55fe1d7afd89660ab83bfe0cb2732e51b5c3ffd54b42bb9f907d695b3dcce232189c64408738a9fa7fc0e5f777cb364c4f191d8fa8769fbb2c5923464423f8b15116e244081faa439a15768c4b3c8a174f89b975106ce29e863ad6678a7929b1c99d6f49bbb38e595db4e83ef9f42a30836fa2e36c9592fed09b386ab6e15336c73877683934d190b7f38a72f2761466188da70bf1938698eccd8807ac76b285c8141b6b2e673c8299dadc6dbc1a185e11d189e4b0cf6887b04713dd160e42f607a312e6fa4b9c0854043abd014f6874fd316b378b5f28feab6d606f112e7ebea0073316f283a572ac4f58461aac6b188f177b4fb6fd0bf0b810cc9c70d5f555b1ff53b8c1b0524b4b2b6223800b576c995fd3e06a81e2344d44767cb788b6838bccd5e28b26046e302ebb287f9b7da79d840a5eb8308cd1f18af0092b2cfde7423867d7029097d8546bce21efd3841172dc6540f8136ad6edb5d0b63ac774770190f3c3982e6c4c44c084f4b53d40883aafca7132f89fc23c90f10510732fe31726b336a9f39502dba2cac72f44fcdd393c0199a96c755e92cab2a8198340d765c08204165c91ff35e1841c163f409d62b21525532e1d5c003808846a42d8f0e1a4547219963b90c68b3e4ae1d8aefe4613ca4b6820533e2949051e2d329cb185064f366ac8f31c795fc51ea057251155e4521ed881ef064091a50eb13d9c21c80aee23311e225dc822489e8bae1f3570cc2aaf584f1874feff9bfeeaf45a8ac647cc63482ffb35e291387de02e2222927ebfb8b11cef3f06232eab70ab4c285f51c0f78ca343129ed051dd694b407d9838202e83d48663191c1d343c55c1ea0f904752ca5e1e2302dbb2932959292a3b01763f1653cdfcb9be1bc2c1976f59149ee041a9ece30f93229868d046cf7f0c34b66bad49aeb16c0ef90efb18064de41b7009a943a01f741946fde4939a80612f359260f8fb283a1c490e954fe10a3ad1fbd0e8d1876b00f876f28894835c509497b117bc850c2c0ef5f53c351f6626bd7bf38049b10b21a3bbf7944198b54f3c1240d9f161efd9f157718552dced25615f8086151488d11cff6118c98bae0341ff9ee29995e2a4ec0f5e9cde9416d883a324faf4477c8939bc9d3e537947bc317f57b2712e96a3430049ac5eecc229c585b23c569f8b7e6e794957ebc3db3fda9177e498940b235b6cd2b35ea1026cfbf0f1dee61fc18e7b4f9d4f93b26b49e370b1e4bc826b6789586a2bdfdca4e710f3f1651ab20e2b74e69b6e4f4f0ced1efda87236bee49a833bb395ce3e01b7641bc90c4511f32d2a20e8e28f39892a496c681d141a9dc554cf71c5591aac2154e2ddc0cd354fe8bf10fe3be5c81ba9f5433ec978a3c40bf20d8775b8779a8313cb41b4acbf50bef6d6154a290248a22857155ff5a843c5e45bc57ad5190e75c130289d6be0a7c16e1d7da0c5f04faf4a96a2be936114b0d9a169a3f1ba7d5257c419351e2a6c7dd336e1373bccea2aa2df1b454e2260b58e47d9cfdb150e5e0b77da20b58d97f67861a0a0c16042b67be46e342b6cd02d236d2a86e40d8be62dfdd28616f65c2d7be9e870c28411ce979b4940f76b1ec12a7a2a91aa1e78a30646c8e1dff2750ca00738884e027f23a6d9a51e4449c8215a106746ba679e5ebe068a4bc5494db4ec60950ed64bc649d7829f9d82a83b1f3a6e5d3ea469491961ac26c63b472d7977f7f8cafe7345ad9793f9319ec9fefe0481d2959b3eecba9a46fd1bbc8846f6946addde452773df497f788b536e2b5fb805c13d4076f6641232006900152c6d1cd2406915657a2dbb63a11198941ab41a6ca2cd91d02b11ab1b8f84360e721d27dc29fe375e1b01fa18dbc5ba2a567b73d8632646a1f3a7a6965f64f64944147185ec2b6880543a605c41db829567995de9e7038dbe95b405fc6a7348a43ded1c8485e4029210ddd5cce07c2c099b482cca86c714e96c9571bc864d8873e4487db7b88e0ae1daba225e093a007695c81cf9a38775102c44b96905fbaddfc836aaa378430a85a768f025fb12dfc07c9921bf23e3afe8a8c23ad96175ad5436b65ed7bdf0e10fb32c8a2380e35896aea6c1e213d8a7a36a6691990913e39cf563e49ff021d4982bfba832b923caa122ca2257f0ac0c56eee7eb028bbdad568b458090e84076c9913fc08a5f2473adea713c8ea79973b196df0099347e56d87cd9d508a88895bd8a1054d9e508380a1a741abf51d275d1e12edd4bcd88851ae94d4189128c389f442bfecbf6550d4a1f287046f0b1346706157a98f9adbc3a66c5a6db9abcf3cd6de05ab8ab0de46d65178e863887ae8ff468a1ff020e9698777e7f1e01b293ff140f748cf1c46ff939729057879393194fd6220c8ebeb7a87d0e29bd9a74f7b7c69829179d31587dfceb93c52a5c50966bd566c2bc02093bede8831a3ff677b1a7405d841a68e0cc1551208969580f69b2b963430560e5cd935eadfa6a61db26c7113036a75d5dbbce4f744be6aa8962f6da02327e8e6d18661f3ac756d6e7d290c66a8aa00e55d865b5b3edcf8cb9bfd302ebf7508a6ba11752792559961cc95f3e6309cac34845c6816ba7ae43c77268146751f5a1907ef0bedef89d9709f9a12a9e45c710e6a07a914302c663033ef3665e0f25066a39a72c0ab0a01626be94c1791bba8231d6fe712259993c8d2eef08fbda4ce11c567a9cf3b8746fd5b981ee817db4cc38ed03eb46d234586487a6baa5c3f1f81db41daaf87c72f023f743b03263d801441f41caf810c118339d6bdc94939ae5e5966b196029b93cee61744192473ee81ba4741ab309d154dfe45718fce3c192dcc5149318e9077449da13d5176c8d15e77b95a0485181ef71f76b707a4632552d25e268e2ec8ee13030dbe7000d455e4ee9b187de5ebb06bf9094db9fdc005d628c9eb49d61deb09c6cec6d367cdaa9111a47e9448cfe0139873ff0c76c1dbe603da9ab216bc982dbf37e10472075c052b3492306dfa499fde8d18c3d19f3747761f60b222b533d2c947eb3f0ad23a8b444bad3bab24a23c7bd8d956aad9a015abeb0c389dae23eea073f43e2d0e274fb26ca955c459afa31b6d86f2a4f0639d7123a4574696e7ce7a8a39586ac18ff323cec8df1f93db7573a0cbe492c11943bbae4e8a692cdb4e5917db6954fa17f435abdf99f98b157bcd2da1630a455d5708312f328c4bc6553f3e3cba5feb8319c0647b4fa907caa8d89b035e1962b34ce5489cf6de2c68997489f949817779ad32a01863e0d48df77ac0632a9cc1f5e8a3cd234a21e4522b866e0f26faa34e11987edbf3df6c9de2a5f264fb03bddb076b468f5d3befec928009860277eb97b7a3e7d2df7080652e5d2cd8042c5aee2d8b8c283fa6db69c7c8eaf3c16dd28595cdd27a9e8f1b80ced0fa75abb41379f49cba72409145866fd26ebf0af3570d25721402c7b281ea9a1521ba695e88272f3ebd5a98de9ec94e3d2e176a4f16fecea51b37d584acc61abdb0f01a4aba28338e968f73ea20f6475ec0b85d9f3ae536b2a2c17424fcf5ad3c4aa7990d230bdd5cde7a1a213f887114ec15b93f5608ec2847e69d56d1d10fcfabe998f97e6c5e5a9b140317d8090a1d139e2a9b9a77f54002f81d03efafa270315343822fd6d313e4371bfe73a2740fbfda879e8a42b030e47853e736325070f8fedd6314d01b62e2af698457b03b83e344dbc3d51c53c1c64b147659e60c0937102a669c3e6915c97601a75e94683c1b9dd8d9813edcc9a40a0d2a564763d116a4f08172a9ae5eb91b51bb7a24479c97cddc785fa48a981b4fbb0f71591ee2d17b36ccce3d10000dc618844aafa9d2f6262c70ba8d5363d1eec892283da8db56f2e909865d75ed06cd5a8ab77f9061a9f0fbed84456d7e3cd13a978c5d712038166236404f9022bfda5e2247eb95213089d5a73572bd4a05333f73d1e2a4df9adeb9a9a3f4790fcc9f2d333d9f4c990903535a89728f2d227a3496f34e7caae9f730ebb4de32a38f8d614adf3e09ba4c9ba73d9a240b7ef27e30a613ef70a1b022e4cdfbe24be26016049fae8c718fadb35dc8e62d9180dd3159714f0088d687415e3e7722029c5dbd2a40def25b95028192a2e04a710a2e2d56d635560e299f463999cf6ae1a9ecee2bf27d81ced1e03d9e94cf84412c3aacfbbd595cc9390192d19a546610d127788aaafc04d92869d4f2216386e0f7d3ec3698e9790cd6aafb52865fe818e08b1094a3fbef0693cf175fbb8f1c2a4868a45c750b86508ad754a40e6678e228f07c627f1efc2fe0df4309b94365c1a424868ddf0ce200b7db99e75dcf64b17ba49e11de3d1f20d3f6042dd0a771999546a123d9fa585dfd8a244d0e83bc0025bc9564548d3aad3c6346976bd0eb91d46503b15e3f8d7a5361e5a8cb497880eaf80da0702f85035cb769623ad5e80b93c9fd6cd671be5c1c7945addc3545882c94e148317a591d9c74b1ddf8b56c6204947ac019f080638de84504c179b35d5641492bca78aa65cd0327e5c4db7f9ac5223fd66125cdf2c6cfbda1b264eae624dba431526d94e0ad7ddd56a7b6a828d71d3cefe391090d1139943a8f60cd9caa6dd594952d52b5277383d5d4c43bb1bdea993beaea5fc01d37c098d2653d7ae364b960d79a5223e758b3cd04b3f111fd77ab8bd4d93cdf005b150fd8f75366cf6b3c0ad88eb6b5f7dd080aa1eb22c883696d313a1ce6fa77c5e00eb42d1d5fa062a12cdb598aba07ed8511d154f13b3cf7f72df1b2fe5ae553c57dd7ba610e50afc326f849d5afaadc378dde3d07c2861d38817153d4649e3b7112052e4ff7d832f630aa75bd576520cca0364fc573aaa7c8773b80f7040694a59d92d7e710f292f6c49f58f93baf2890839ee5853150d471f03fbae94c16f0e8f4e0a72662fbdc26de85ee975d9f7a2d8687e0f56ac45535158052f66a68eedb1ccdc9b8448594477dcdd6ec9f1092cb371bd9d2d7cad7c4abcaec3c7c556ead1da43ea6e59dac158cb86cb830a15bd6546856a769b5905f76ba33638c247a294d226ac3c33976025588d8b26448d54e37725fd74b39bba1d5f4519b8c60f2308e698903025493fd102d292379ca8e259c9dd15865c744bf163761a915915c9293784937192bb85a774beee1df3a285c7fc03d7c0532d73ca333db4a8c8a44c3955c43ef8267242f16bf9073a75ba36941b977c8e43e7a56d02a03d3bbe28a6dda23f350eb2f400c1d04762d33674c2b106d", 0x1000}, {&(0x7f0000000100)="75f54355042dd24d9c95d05bcc16666f2a5e74e21fc4be45037f5322c9c9b2b92bf849fd50434ab3d6e52709bbcd6922ffa59e678fda7092df19cbd4d13a2bbdd9ff55616d4e39798755968cb0ce37281814028f247452097f7c5371f824d96b07dd8277b2865f7fff5ffc89b8533dcb4559c1b2e44e14100902d0d104ca929be17565e5e691e6c49ddc0fdd9840fb82b90e4f37024707c200e3c80452a53ac1edeecee8fb8cea40b18a27f701db4b3cc981a597b08984906d452996", 0xbc}, {&(0x7f00000001c0)="3491d7442f5087cde23a5038357614a34b716fe21431e990416a934f64807f0b72ebd4556932a58beb6d3bb11d6ed7d66847dfa63229b5bddba8679b3f2e142f8ce2266efed003d113862dca03cbce8cb96c391b3c9fd9dc7d29d4", 0x5b}], 0x4, 0x1)

09:19:12 executing program 1:
r0 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r1=>0x0)
io_submit(r1, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0x8, 0x5, 0x0, r0, &(0x7f0000000000), 0x16000}])

[  331.069282][ T1041]  loop1: p2 < > p3 p4
[  331.096919][ T1041] loop1: p2 size 2 extends beyond EOD, truncated
[  331.127292][ T1041] loop1: p3 start 225 is beyond EOD, truncated
[  331.133580][ T1041] loop1: p4 size 3657465856 extends beyond EOD, truncated
[  331.133802][T31330] loop3: detected capacity change from 0 to 264192
09:19:12 executing program 4:
mkdir(&(0x7f0000002200)='./file0\x00', 0x0)
r0 = open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r2 = syz_io_uring_setup(0x495a, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=<r3=>0x0, &(0x7f0000000100)=<r4=>0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000040)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x4, 0x0, @fd=r2}, 0x9)
syz_io_uring_submit(r3, r4, &(0x7f0000008540)=@IORING_OP_CLOSE, 0x10001)
syz_io_uring_submit(r3, r4, &(0x7f00000000c0)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_setup(0x1af8, &(0x7f0000000080)={0x0, 0x9347, 0x4, 0x1, 0x395}, &(0x7f000048b000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r5=>0x0)
clock_gettime(0x0, &(0x7f0000000180)={<r6=>0x0, <r7=>0x0})
r8 = syz_io_uring_setup(0x1249, &(0x7f0000000240), &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000100)=<r9=>0x0, &(0x7f0000000080)=<r10=>0x0)
r11 = io_uring_register$IORING_REGISTER_PERSONALITY(r8, 0x9, 0x0, 0x0)
syz_io_uring_submit(r9, r10, &(0x7f0000000040)=@IORING_OP_FALLOCATE={0x11, 0x0, 0x0, @fd=r8, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, r11}}, 0x0)
syz_io_uring_submit(r3, r5, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f00000001c0)={r6, r7+10000000}, 0x1, 0x0, 0x1, {0x0, r11}}, 0x101)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
name_to_handle_at(0xffffffffffffffff, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0029f3720d9bb0d3a3865e59814013cac81ddae786df762684b75d89e9a118d93572350087fd8a0541490dc068fa687034181f86d4482ebcc3d6c36ddd6cbcf446e8b2f662ca94a9afe2caa465cfe98a87b945582d81c979d8804802ddbf3bf75c65590d19b528bfdfbc9fbe555aaf184e194bf919c953bcc31743de55427cff56e78de52ca0c1278dd725752b7b26a980dcb06c18caf79f4521fde65d38ad70744b51d2be9976e3649cf74ce12af14aa22572a7ab0f21a89902b52826fa28cef919027a76a9cb8f6465073ff2e29027ef1899b0831c16"], &(0x7f0000000340), 0x400)
getdents(r0, &(0x7f00000005c0)=""/223, 0xfc61)

09:19:12 executing program 2:
r0 = open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x1800007, 0x11, r0, 0x0)
r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r2=>0x0)
ftruncate(r1, 0x81fd)
syz_open_dev$vcsu(&(0x7f0000001700), 0x0, 0x0)
sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000003980)=[{0x0}], 0x1}, 0x0)
io_submit(r2, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0xffefffff, 0x1, 0x0, r1, &(0x7f0000000000), 0x16000}])

[  331.186678][T31330]  loop3: p1 p3 p4
[  331.190610][T31330] loop3: p1 size 11290111 extends beyond EOD, truncated
[  331.218217][T31330] loop3: p3 size 1912633224 extends beyond EOD, truncated
[  331.254611][ T1041]  loop1: p2 < > p3 p4
[  331.260708][T31330] loop3: p4 size 3657465856 extends beyond EOD, truncated
[  331.269680][ T1041] loop1: p2 size 2 extends beyond EOD, truncated
[  331.287122][ T1041] loop1: p3 start 225 is beyond EOD, truncated
[  331.293396][ T1041] loop1: p4 size 3657465856 extends beyond EOD, truncated
[  331.342800][T31330] loop3: detected capacity change from 0 to 264192
[  331.418214][T31330]  loop3: p1 p3 p4
[  331.422460][T31330] loop3: p1 size 11290111 extends beyond EOD, truncated
[  331.443491][T31330] loop3: p3 size 1912633224 extends beyond EOD, truncated
[  331.460509][T31330] loop3: p4 size 3657465856 extends beyond EOD, truncated
[  331.483750][T31329] FAULT_INJECTION: forcing a failure.
[  331.483750][T31329] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  331.497014][T31329] CPU: 1 PID: 31329 Comm: syz-executor.0 Not tainted 5.14.0-rc4-syzkaller #0
[  331.506036][T31329] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  331.516495][T31329] Call Trace:
[  331.520209][T31329]  dump_stack_lvl+0xb7/0x103
[  331.524821][T31329]  dump_stack+0x11/0x1a
[  331.528983][T31329]  should_fail+0x23c/0x250
[  331.533423][T31329]  __alloc_pages+0x102/0x320
[  331.538114][T31329]  alloc_pages_vma+0x513/0x680
[  331.542977][T31329]  ? page_address_in_vma+0x264/0x300
[  331.548326][T31329]  new_page+0x124/0x170
[  331.552590][T31329]  migrate_pages+0x3b3/0x1530
[  331.557298][T31329]  ? do_mbind+0xf50/0xf50
[  331.561757][T31329]  ? remove_migration_ptes+0x90/0x90
[  331.567042][T31329]  do_mbind+0xd43/0xf50
[  331.571305][T31329]  __x64_sys_mbind+0x10a/0x130
[  331.576075][T31329]  do_syscall_64+0x3d/0x90
09:19:13 executing program 5:
mlockall(0x1)
mremap(&(0x7f0000453000/0x4000)=nil, 0x4000, 0x1000, 0x3, &(0x7f000014a000/0x1000)=nil)
mbind(&(0x7f00003b5000/0x800000)=nil, 0x800004, 0x0, 0x0, 0x800000000000000, 0x2)

09:19:13 executing program 1:
r0 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r1=>0x0)
io_submit(r1, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0x8, 0x6, 0x0, r0, &(0x7f0000000000), 0x16000}])

09:19:13 executing program 4:
mkdir(&(0x7f0000002200)='./file0\x00', 0x0)
r0 = open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
truncate(&(0x7f0000000500)='./file0\x00', 0x8000)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
name_to_handle_at(0xffffffffffffffff, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="02b1bcd5c8743043d039712ce45b058f4aad13b7ff5750e421c9bd1a17ddf3de3cf2da1e0727fff7081c2d6e630cbb407c4483614a315a9da300450dc77e574f181198f9bc4b1ff95425568bbafca736568b6c4e1856caa426f39fe6f9acea6259970fe11dc38775042fcb5c7fd3d34710418063b71abdb42a43bead5e8bd89d71bb871aa658e84c63165ad3adf8972b3af483e1ac2919d5a01a8cdb61ac7f13455ad80294392c0e871b75a68243f3d0e8ff4229ecb412da529922c104f83d54a875e363"], &(0x7f0000000340), 0x400)
r2 = syz_open_dev$ptys(0xc, 0x3, 0x1)
preadv(r2, &(0x7f0000000380)=[{&(0x7f00000006c0)=""/4096, 0x1000}, {&(0x7f0000000140)=""/238, 0xee}, {&(0x7f0000000240)=""/122, 0x7a}, {&(0x7f00000002c0)=""/126, 0x7e}], 0x4, 0xfffffffa, 0xdc2e)
getdents(r0, &(0x7f00000005c0)=""/223, 0xfc61)
r3 = accept4$packet(0xffffffffffffffff, &(0x7f00000003c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @random}, &(0x7f0000000400)=0x14, 0x80800)
getsockname(r3, &(0x7f0000000440)=@in={0x2, 0x0, @local}, &(0x7f00000004c0)=0x80)

09:19:13 executing program 2:
r0 = open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x1800007, 0x11, r0, 0x0)
r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r2=>0x0)
ftruncate(r1, 0x81fd)
syz_open_dev$vcsu(&(0x7f0000001700), 0x0, 0x0)
sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000003980)=[{0x0}], 0x1}, 0x0)
io_submit(r2, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0xffff8001, 0x1, 0x0, r1, &(0x7f0000000000), 0x16000}])

09:19:13 executing program 3:
syz_read_part_table(0x80ffffff00000000, 0x1, &(0x7f0000000480)=[{&(0x7f0000000000)="020181ffffff0a000000ff45ac000000000063000800000000000000000000ffffffa9000000e10000008877007200300700a6ffffff00000000008000da55aa", 0x40, 0x1c0}])
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)

[  331.580486][T31329]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  331.586377][T31329] RIP: 0033:0x4665e9
[  331.590265][T31329] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  331.610008][T31329] RSP: 002b:00007f21c691d188 EFLAGS: 00000246 ORIG_RAX: 00000000000000ed
[  331.618419][T31329] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665e9
[  331.626396][T31329] RDX: 0000000000000000 RSI: 0000000000800004 RDI: 00000000203b5000
[  331.634368][T31329] RBP: 00007f21c691d1d0 R08: 0000000000000000 R09: 0000000000000002
[  331.642334][T31329] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  331.650357][T31329] R13: 00007ffd632b736f R14: 00007f21c691d300 R15: 0000000000022000
[  331.746135][T31383] loop3: detected capacity change from 0 to 264192
[  331.766791][T31383]  loop3: p1 p3 p4
[  331.770938][T31383] loop3: p1 size 11290111 extends beyond EOD, truncated
[  331.779701][T31383] loop3: p3 size 1912633224 extends beyond EOD, truncated
[  331.798704][T31383] loop3: p4 size 3657465856 extends beyond EOD, truncated
[  331.843637][ T1041]  loop1: p2 < > p3 p4
[  331.848930][ T1041] loop1: p2 size 2 extends beyond EOD, truncated
[  331.855732][T31383] loop3: detected capacity change from 0 to 264192
[  331.868446][ T1041] loop1: p3 start 225 is beyond EOD, truncated
[  331.874631][ T1041] loop1: p4 size 3657465856 extends beyond EOD, truncated
[  331.916787][T31383]  loop3: p1 p3 p4
[  331.920925][T31383] loop3: p1 size 11290111 extends beyond EOD, truncated
[  331.937265][T31383] loop3: p3 size 1912633224 extends beyond EOD, truncated
[  331.959364][T31383] loop3: p4 size 3657465856 extends beyond EOD, truncated
09:19:13 executing program 0 (fault-call:2 fault-nth:76):
mlockall(0x1)
mremap(&(0x7f0000453000/0x4000)=nil, 0x4000, 0x1000, 0x3, &(0x7f000014a000/0x1000)=nil)
mbind(&(0x7f00003b5000/0x800000)=nil, 0x800004, 0x0, 0x0, 0x0, 0x2)

09:19:13 executing program 4:
mkdir(&(0x7f0000002200)='./file0\x00', 0x0)
r0 = open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
name_to_handle_at(0xffffffffffffffff, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="1c"], &(0x7f0000000340), 0x400)
getdents(r0, &(0x7f00000005c0)=""/223, 0xfc61)
chmod(&(0x7f0000000040)='./file0\x00', 0x10)

09:19:13 executing program 2:
r0 = open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x1800007, 0x11, r0, 0x0)
r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r2=>0x0)
ftruncate(r1, 0x81fd)
syz_open_dev$vcsu(&(0x7f0000001700), 0x0, 0x0)
sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000003980)=[{0x0}], 0x1}, 0x0)
io_submit(r2, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0xffffefff, 0x1, 0x0, r1, &(0x7f0000000000), 0x16000}])

09:19:13 executing program 1:
r0 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r1=>0x0)
io_submit(r1, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0x8, 0x7, 0x0, r0, &(0x7f0000000000), 0x16000}])

09:19:13 executing program 3:
syz_read_part_table(0x8cffffff00000000, 0x1, &(0x7f0000000480)=[{&(0x7f0000000000)="020181ffffff0a000000ff45ac000000000063000800000000000000000000ffffffa9000000e10000008877007200300700a6ffffff00000000008000da55aa", 0x40, 0x1c0}])
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)

09:19:13 executing program 4:
mkdir(&(0x7f0000002200)='./file0\x00', 0x0)
r0 = open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r2 = syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000080)='./file0\x00', 0x4, 0x1, &(0x7f0000000100)=[{&(0x7f00000000c0)="0219b9a99e0e94b7c45ebeb45342a0be60275d89fb64df728812acc5c4601ce0808c165313c1b1", 0x27, 0x4}], 0x1000021, &(0x7f0000000140)={[{@init_itable_val={'init_itable', 0x3d, 0x4}}, {@data_writeback}, {@debug}], [{@smackfsdef={'smackfsdef', 0x3d, '\xcc\'-%-'}}, {@euid_gt}, {@fsname={'fsname', 0x3d, '&'}}, {@smackfstransmute={'smackfstransmute', 0x3d, '+'}}, {@dont_measure}, {@fsuuid={'fsuuid', 0x3d, {[0x33, 0x38, 0x62, 0x61, 0x33, 0x31, 0x39, 0x38], 0x2d, [0x36, 0x35, 0x39, 0x2], 0x2d, [0x39, 0x33, 0x64, 0xff4a903ff4e30846], 0x2d, [0x65, 0x34, 0x33, 0x61], 0x2d, [0x64, 0x37, 0x3819d405afde87c5, 0x38, 0x35, 0x33, 0x34, 0x66]}}}, {@dont_appraise}, {@obj_user={'obj_user', 0x3d, '+\\]*:'}}, {@euid_eq}]})
name_to_handle_at(r2, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="1c"], &(0x7f0000000340), 0x400)
getdents(r0, &(0x7f00000005c0)=""/223, 0xfc61)

[  332.105379][T31420] loop3: detected capacity change from 0 to 264192
09:19:13 executing program 2:
r0 = open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x1800007, 0x11, r0, 0x0)
r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r2=>0x0)
ftruncate(r1, 0x81fd)
syz_open_dev$vcsu(&(0x7f0000001700), 0x0, 0x0)
sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000003980)=[{0x0}], 0x1}, 0x0)
io_submit(r2, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0xffffff86, 0x1, 0x0, r1, &(0x7f0000000000), 0x16000}])

[  332.158672][T31420]  loop3: p1 p3 p4
[  332.162686][T31420] loop3: p1 size 11290111 extends beyond EOD, truncated
[  332.177050][T31420] loop3: p3 size 1912633224 extends beyond EOD, truncated
[  332.194145][T31420] loop3: p4 size 3657465856 extends beyond EOD, truncated
[  332.205230][ T1041]  loop1: p2 < > p3 p4
[  332.209762][ T1041] loop1: p2 size 2 extends beyond EOD, truncated
[  332.223932][ T1041] loop1: p3 start 225 is beyond EOD, truncated
[  332.230338][ T1041] loop1: p4 size 3657465856 extends beyond EOD, truncated
[  332.304217][T31420] loop3: detected capacity change from 0 to 264192
09:19:13 executing program 5:
mlockall(0x1)
mremap(&(0x7f0000453000/0x4000)=nil, 0x4000, 0x1000, 0x3, &(0x7f000014a000/0x1000)=nil)
mbind(&(0x7f00003b5000/0x800000)=nil, 0x800004, 0x0, 0x0, 0x4000000000000000, 0x2)

09:19:13 executing program 1:
r0 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r1=>0x0)
io_submit(r1, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0x8, 0x8, 0x0, r0, &(0x7f0000000000), 0x16000}])

09:19:13 executing program 4:
mkdir(&(0x7f0000002200)='./file0\x00', 0x0)
r0 = open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
r1 = getpid()
r2 = creat(&(0x7f0000000080)='./file0\x00', 0x4)
read(r0, &(0x7f0000000040)=""/31, 0x1f)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
linkat(r3, &(0x7f00000000c0)='./file0\x00', r2, &(0x7f0000000100)='./file0/file0\x00', 0x1000)
fcntl$lock(r0, 0x25, &(0x7f0000001a40)={0x2, 0x1, 0xaf70, 0x7071, r1})
r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r4, 0x0)
preadv(r4, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
name_to_handle_at(0xffffffffffffffff, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="1c"], &(0x7f0000000340), 0x400)
getdents(r0, &(0x7f00000005c0)=""/223, 0xfc61)

09:19:13 executing program 2:
r0 = open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x1800007, 0x11, r0, 0x0)
r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r2=>0x0)
ftruncate(r1, 0x81fd)
syz_open_dev$vcsu(&(0x7f0000001700), 0x0, 0x0)
sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000003980)=[{0x0}], 0x1}, 0x0)
io_submit(r2, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0xffffffe4, 0x1, 0x0, r1, &(0x7f0000000000), 0x16000}])

[  332.376942][T31420]  loop3: p1 p3 p4
[  332.381544][T31420] loop3: p1 size 11290111 extends beyond EOD, truncated
09:19:14 executing program 4:
mkdir(&(0x7f0000002200)='./file0\x00', 0x0)
open(&(0x7f00000000c0)='./file0\x00', 0x521282, 0x4)
r0 = open$dir(&(0x7f0000000000)='./file0\x00', 0x4000, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x8000, 0x0)
utime(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080)={0xfffffffffffffdb7, 0x3})
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
preadv2(r0, &(0x7f0000000280)=[{&(0x7f0000000200)=""/120, 0x78}], 0x1, 0x8001, 0x6, 0x8)
name_to_handle_at(0xffffffffffffffff, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="1d108931ef22c9fc90fe13a351903ac38f3a331a0e206b1f0e71a555f30200c700"/47], &(0x7f0000000340), 0x400)
setxattr$trusted_overlay_redirect(&(0x7f0000000140)='./file0\x00', &(0x7f0000000180), &(0x7f00000001c0)='./file0\x00', 0x8, 0x0)
getdents(r0, &(0x7f00000005c0)=""/223, 0xfc61)

[  332.418765][T31420] loop3: p3 size 1912633224 extends beyond EOD, truncated
[  332.444459][T31420] loop3: p4 size 3657465856 extends beyond EOD, truncated
[  332.545327][T31423] FAULT_INJECTION: forcing a failure.
[  332.545327][T31423] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  332.558841][T31423] CPU: 1 PID: 31423 Comm: syz-executor.0 Not tainted 5.14.0-rc4-syzkaller #0
[  332.567735][T31423] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  332.577787][T31423] Call Trace:
[  332.581087][T31423]  dump_stack_lvl+0xb7/0x103
[  332.585670][T31423]  dump_stack+0x11/0x1a
[  332.589945][T31423]  should_fail+0x23c/0x250
[  332.594460][T31423]  __alloc_pages+0x102/0x320
[  332.599096][T31423]  alloc_pages_vma+0x513/0x680
[  332.604180][T31423]  ? page_address_in_vma+0x264/0x300
[  332.609525][T31423]  new_page+0x124/0x170
[  332.613767][T31423]  migrate_pages+0x3b3/0x1530
[  332.618599][T31423]  ? do_mbind+0xf50/0xf50
[  332.622968][T31423]  ? remove_migration_ptes+0x90/0x90
[  332.625419][ T1041]  loop1: p2 < > p3 p4
[  332.628362][T31423]  do_mbind+0xd43/0xf50
[  332.628422][T31423]  __x64_sys_mbind+0x10a/0x130
[  332.632861][ T1041] loop1: p2 size 2 extends beyond EOD, 
[  332.636889][T31423]  do_syscall_64+0x3d/0x90
[  332.636913][T31423]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  332.641664][ T1041] truncated
[  332.642389][ T1041] loop1: p3 start 225 is beyond EOD, 
[  332.647280][T31423] RIP: 0033:0x4665e9
[  332.647298][T31423] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  332.647321][T31423] RSP: 002b:00007f21c691d188 EFLAGS: 00000246
[  332.651960][ T1041] truncated
[  332.651965][ T1041] loop1: p4 size 3657465856 extends beyond EOD, truncated
[  332.706421][T31423]  ORIG_RAX: 00000000000000ed
[  332.711215][T31423] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665e9
[  332.719190][T31423] RDX: 0000000000000000 RSI: 0000000000800004 RDI: 00000000203b5000
[  332.727441][T31423] RBP: 00007f21c691d1d0 R08: 0000000000000000 R09: 0000000000000002
[  332.735412][T31423] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  332.743438][T31423] R13: 00007ffd632b736f R14: 00007f21c691d300 R15: 0000000000022000
[  332.768046][T31308] print_req_error: 79 callbacks suppressed
[  332.768058][T31308] blk_update_request: I/O error, dev loop3, sector 263946 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 0
[  332.786943][T31307] blk_update_request: I/O error, dev loop3, sector 264033 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 0
[  332.798815][ T1778] __loop_clr_fd: partition scan of loop3 failed (rc=-16)
[  332.800217][T31291] blk_update_request: I/O error, dev loop3, sector 264064 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 0
[  332.817662][  T710] blk_update_request: I/O error, dev loop3, sector 264033 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  332.828992][  T710] buffer_io_error: 63 callbacks suppressed
[  332.829005][  T710] Buffer I/O error on dev loop3p3, logical block 263808, async page read
[  332.843414][  T710] blk_update_request: I/O error, dev loop3, sector 264034 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  332.854899][  T710] Buffer I/O error on dev loop3p3, logical block 263809, async page read
[  332.863504][  T710] blk_update_request: I/O error, dev loop3, sector 264035 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  332.874900][  T710] Buffer I/O error on dev loop3p3, logical block 263810, async page read
[  332.883603][  T710] blk_update_request: I/O error, dev loop3, sector 264036 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  332.895114][  T710] Buffer I/O error on dev loop3p3, logical block 263811, async page read
[  332.903796][  T710] blk_update_request: I/O error, dev loop3, sector 264037 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  332.915441][  T710] Buffer I/O error on dev loop3p3, logical block 263812, async page read
[  332.923877][  T710] blk_update_request: I/O error, dev loop3, sector 264038 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  332.935529][  T710] Buffer I/O error on dev loop3p3, logical block 263813, async page read
[  332.943983][  T710] blk_update_request: I/O error, dev loop3, sector 264039 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  332.955285][  T710] Buffer I/O error on dev loop3p3, logical block 263814, async page read
[  332.963818][  T710] Buffer I/O error on dev loop3p3, logical block 263815, async page read
[  332.972397][  T710] Buffer I/O error on dev loop3p4, logical block 33008, async page read
[  332.980860][  T710] Buffer I/O error on dev loop3p1, logical block 131968, async page read
09:19:14 executing program 0 (fault-call:2 fault-nth:77):
mlockall(0x1)
mremap(&(0x7f0000453000/0x4000)=nil, 0x4000, 0x1000, 0x3, &(0x7f000014a000/0x1000)=nil)
mbind(&(0x7f00003b5000/0x800000)=nil, 0x800004, 0x0, 0x0, 0x0, 0x2)

09:19:14 executing program 3:
syz_read_part_table(0x97ffffff00000000, 0x1, &(0x7f0000000480)=[{&(0x7f0000000000)="020181ffffff0a000000ff45ac000000000063000800000000000000000000ffffffa9000000e10000008877007200300700a6ffffff00000000008000da55aa", 0x40, 0x1c0}])
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)

09:19:14 executing program 2:
r0 = open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x1800007, 0x11, r0, 0x0)
r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r2=>0x0)
ftruncate(r1, 0x81fd)
syz_open_dev$vcsu(&(0x7f0000001700), 0x0, 0x0)
sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000003980)=[{0x0}], 0x1}, 0x0)
io_submit(r2, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0xffffffef, 0x1, 0x0, r1, &(0x7f0000000000), 0x16000}])

09:19:14 executing program 4:
r0 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000400), 0x48400, 0x0)
sendmsg$inet6(r0, &(0x7f0000000940)={&(0x7f0000000440)={0xa, 0x4e21, 0x7f, @remote, 0x1}, 0x1c, &(0x7f00000008c0)=[{&(0x7f0000000480)="eed292a374c9449b95db053b87e7c3fb4bdb2096a458813c24c524464ce79d0fc17b921a72780413dfdbc9f73129c40c5145b37ceb48befc70eb1c641cb4af4e958d156db5a45b76b02ff9e2d8b0736bfdf5097241096124bf6ee9f419d915bff9e910da2b0b567e1cb386e201d2b9d35db31400b3f90d50943668f2d5e5524fa6acd371b2d04e26bd26ab03b3fecd72b072342af80d2b", 0x97}, {&(0x7f0000000540)="815227ca556023716f6963752f", 0xd}, {&(0x7f00000006c0)="ab28490cc7a0d9cbd5c32cc2e607dc2e2ce9322366247281a416c9f3d2ef459c316b29d678e72316ebca6ea6f7ed8fbd185f222855c7180b2b0e79aa52af041e6ab28e7ed1ce343e1fcc0e8bece784cc14d64125433e100a96cd202c08ad4ee5dcacfb141f7d9373d854bee6fc5562104d2c97443d4503016b8e9ed9511af80e68a137ad5e30feb003ea809724db6e1c8b7a83fcabdc3da44f4bd05f", 0x9c}, {&(0x7f0000000580)="1e49bbee7e8d37a1c12bb1c506", 0xd}, {&(0x7f0000000780)="8bbaa9f2574241d4c786101e0e57c7a13d1d94994c8d400bce7b8115f1f05c245a35aee59b6b711070fc363c48d7a0779b42fff082b59f5a40aee2c416a79f3e0b8d5cd2dc004588b79656595457aaaa6373dd24524f606497b44d50398cf4d3508bd81cef5bf3ab2f6b1b81a90321bff195cf941973897414cd31e9e1b57296d9a1340383fed9d20b1004c1c10bba29a94dad76d0ca5bb2b34bfff5cf051a61d4404a17db2c5e094dfe8d6619d49d6876e99d0d616949f24c93ea03d81e1b79acd6db528098dcf029a1a157d6bda35c713ea1a97256442e687d4122e32122710f52ff270554d0ebe356dc5665ba4a3b0eb6da44c2f437985f7938de88", 0xfd}, {&(0x7f0000000880)}], 0x6}, 0xc0)
mkdir(&(0x7f0000002200)='./file0\x00', 0x0)
r1 = open$dir(&(0x7f0000000000)='./file0\x00', 0x80200, 0x0)
r2 = openat(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r2, 0x0)
fcntl$F_GET_RW_HINT(r1, 0x40b, &(0x7f0000000040))
splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x10005, 0x0)
ioctl$EVIOCGABS20(0xffffffffffffffff, 0x80184560, &(0x7f0000002240)=""/4096)
preadv(0xffffffffffffffff, &(0x7f0000001b00)=[{&(0x7f0000000980)=""/4096, 0x1000}, {&(0x7f0000000880)=""/25, 0x19}, {&(0x7f0000001980)=""/56, 0x38}, {&(0x7f00000019c0)=""/103, 0x67}, {&(0x7f0000001a40)=""/167, 0xa7}], 0x5, 0xd9f, 0x0)
r3 = syz_mount_image$vfat(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x3f, 0x1, &(0x7f0000000200)=[{&(0x7f0000000100)="2aa8be43a5f8205e162c5ef6fc996615ebb1b417e52ff8cc2c9a35d08b73f925c88f24411989b1f3feb4111a42838a76ce259b1051bb6e06de2a85a753447a0e28814256a40d139de7860b6f4d3c3291267aae9d003af7a6e1c84f89494fbf083de642ce11fa041aa054de9ea3631817f1bc38898071a20e274af553d53820c411673133527c93e1b9d83feb847ea69c9c007e75435f4c5a1dda6bf29eaa7be7dcaf49bcddc4dde45c5a00a2a5daa548ec54962ac55c5632c9069d217b492399c16ae61ed946d5b1abfa284be2b3", 0xce, 0x7ce9}], 0x4, &(0x7f0000001bc0)=ANY=[@ANYBLOB='usefree,sho2tname=winnt,fowner<', @ANYRESDEC=0xee00, @ANYBLOB="2c7375626a5f726f6c653d13407b2c7063723d30303030303030303030303030303030303031372c657569643e", @ANYRESDEC=0x0, @ANYBLOB=',seclabel,dont_measure,\x00'])
pipe(&(0x7f0000000040)={<r4=>0xffffffffffffffff})
r5 = socket$inet_udp(0x2, 0x2, 0x0)
close(r5)
splice(r4, 0x0, r5, 0x0, 0x10005, 0x0)
renameat(r3, &(0x7f0000000380)='./file0\x00', r4, &(0x7f00000003c0)='./file0\x00')
r6 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
name_to_handle_at(0xffffffffffffffff, 0x0, &(0x7f0000001b80)=ANY=[@ANYBLOB="1c", @ANYRES16=r6], &(0x7f0000000340), 0x400)
getdents(r1, &(0x7f00000005c0)=""/223, 0xfc61)
mmap(&(0x7f0000400000/0x4000)=nil, 0x4000, 0x2000006, 0x10, 0xffffffffffffffff, 0x2781d000)

09:19:14 executing program 1:
r0 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r1=>0x0)
io_submit(r1, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0x8, 0x9, 0x0, r0, &(0x7f0000000000), 0x16000}])

09:19:14 executing program 4:
mkdir(&(0x7f0000002200)='./file0\x00', 0x0)
r0 = open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
name_to_handle_at(0xffffffffffffffff, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB='\\'], &(0x7f0000000340), 0x400)
getdents(r0, &(0x7f00000005c0)=""/223, 0xfc61)

[  333.096765][T31502] loop4: detected capacity change from 0 to 124
[  333.103609][T31502] FAT-fs (loop4): Unrecognized mount option "sho2tname=winnt" or missing value
[  333.134585][T31505] loop3: detected capacity change from 0 to 264192
09:19:14 executing program 4:
mkdir(&(0x7f0000002200)='./file0\x00', 0x0)
r0 = open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
name_to_handle_at(0xffffffffffffffff, 0x0, &(0x7f0000000080)=ANY=[@ANYRES32, @ANYRESDEC=r1, @ANYRES32=r1, @ANYBLOB="b0d143954ab810707a994e7d706890b2b5993f1b6abd4298a2f242bdd847f5806b001497f7fa580aaa13a7e9e5a84e65bc9f800e5a03943f47916f89e1e88a6f618f3a136f4e803cf25f75b1f761cdb3ede0e4faaad6eecfbaf4396df3e60d752c34eae951d22cea4d06eaa6ef74b09546cc877677432c3ed12c8da34e49c3e61289e909da2232636b3fd0db8c3f652dc332b3f18e18b247e12eeda662e199f9ef02486078daca99f5f45e282e96038d6e04c3556fa5ccf5c14ca2fae3ddaf14a881a7f5cd39dcd3d238028bbc40a471484ca15449b9b50d36fa8ea2b5069b9fd699e943ea1307"], &(0x7f0000000340), 0x400)
getdents(r0, &(0x7f00000005c0)=""/223, 0xfc61)

[  333.181239][T31505]  loop3: p1 p3 p4
[  333.185190][T31505] loop3: p1 size 11290111 extends beyond EOD, truncated
[  333.204558][T31505] loop3: p3 size 1912633224 extends beyond EOD, truncated
[  333.220883][T31505] loop3: p4 size 3657465856 extends beyond EOD, truncated
[  333.290577][ T1041]  loop1: p2 < > p3 p4
[  333.295069][ T1041] loop1: p2 size 2 extends beyond EOD, truncated
[  333.311241][ T1041] loop1: p3 start 225 is beyond EOD, truncated
[  333.317575][ T1041] loop1: p4 size 3657465856 extends beyond EOD, truncated
[  333.328376][T31505] loop3: detected capacity change from 0 to 264192
09:19:15 executing program 5:
mlockall(0x1)
mremap(&(0x7f0000453000/0x4000)=nil, 0x4000, 0x1000, 0x3, &(0x7f000014a000/0x1000)=nil)
mbind(&(0x7f00003b5000/0x800000)=nil, 0x800004, 0x0, 0x0, 0xffbfffff00000000, 0x2)

09:19:15 executing program 1:
r0 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r1=>0x0)
io_submit(r1, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0x8, 0x10, 0x0, r0, &(0x7f0000000000), 0x16000}])

09:19:15 executing program 2:
r0 = open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x1800007, 0x11, r0, 0x0)
r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r2=>0x0)
ftruncate(r1, 0x81fd)
syz_open_dev$vcsu(&(0x7f0000001700), 0x0, 0x0)
sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000003980)=[{0x0}], 0x1}, 0x0)
io_submit(r2, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0xfffffff4, 0x1, 0x0, r1, &(0x7f0000000000), 0x16000}])

09:19:15 executing program 4:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
getpeername$inet(r0, &(0x7f00000006c0)={0x2, 0x0, @multicast1}, &(0x7f0000000700)=0x10)
mkdir(&(0x7f0000002200)='./file0\x00', 0x0)
r1 = open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
r2 = syz_mount_image$ext4(&(0x7f0000000140)='ext4\x00', &(0x7f0000000180)='./file1\x00', 0x7be, 0x4, &(0x7f0000000480)=[{&(0x7f00000001c0)="783c8bf750d583dbf634624b3eb3f597e2864ce375e3f2f3f55842465b4782fca43fce90854692140f549d447007186cb514b9e1a391cc7e531302f14c248ec5548b79a7c7943e36816dd08747b1d772d27b2e2bd9f6b57a35ff18f38e31924d57f744db429b74faee26ca85b0946b85701955f48b1c53a78e60abd09c94f3d0d8d972a42478af13d14541de858a6f6aa9711f2d5afb7d4fc9a00d1a05fa6604cc4cf543aa22a7a0cf0ee4734e9ca8db60b36d1b2b0675379ad1aedbf041b0fcc5fbaf", 0xc3, 0x2}, {&(0x7f0000000380)="0093d7c0ac32b970f07b0181ebb327fbf63cbeead0f95e739324f0b383eb1f2d776a62ec1f5fd8b806cacb3171e37a4aae01686f1b9a418f59b5be20abc5a2961328400448689bdf16aa395d13e8fc87023890a9", 0x54}, {&(0x7f00000002c0)="2ef3636d8fa6c0b6c3d834b23e7eeafa43892ab602975b1db7fd99d8b52851d89eead62966bbebd7f473f482f4", 0x2d, 0x7}, {&(0x7f0000000400)="12dd5a69303b46d362b5429b2876f26c9574c9ebf0fe453b37db3e85188a44b5e25f377897a2e1b1a4043e465d483df5944a52c010458916a461e81b67a4ede4fed3e42dce4e557d335a29087c2de0ba0871e9a6446093c7fe00e6d1c3d5ee82fdfc8ad63035a1ca62fccd9305d10f2d8f2fd60987443d6bc9bf05f32a", 0x7d, 0x2}], 0x109004, &(0x7f0000000500)={[{@jqfmt_vfsv0}, {@nolazytime}], [{@fsmagic={'fsmagic', 0x3d, 0x1ff}}]})
r3 = openat(r2, &(0x7f0000000540)='./file0\x00', 0x100, 0x20)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r4, 0x0)
openat2$dir(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000100)={0x200000, 0xc, 0x6}, 0x18)
preadv(r4, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
mknodat$null(r3, &(0x7f0000000740)='./file0\x00', 0xc000, 0x103)
name_to_handle_at(0xffffffffffffffff, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB='t'], &(0x7f0000000340), 0x400)
getsockopt$inet_mreqsrc(r4, 0x0, 0x27, &(0x7f0000000040)={@remote, @multicast1, @initdev}, &(0x7f0000000080)=0xc)
getdents(r1, &(0x7f00000005c0)=""/223, 0xfc61)
openat(r3, &(0x7f0000000580)='./file0\x00', 0x8e000, 0x1aa)
sync_file_range(r2, 0x80000001, 0xffffffff, 0x3)

[  333.387980][T31505]  loop3: p1 p3 p4
[  333.392559][T31505] loop3: p1 size 11290111 extends beyond EOD, truncated
[  333.412967][T31505] loop3: p3 size 1912633224 extends beyond EOD, truncated
[  333.429170][T31505] loop3: p4 size 3657465856 extends beyond EOD, truncated
[  333.486619][T31548] loop4: detected capacity change from 0 to 3
[  333.490451][T31506] FAULT_INJECTION: forcing a failure.
[  333.490451][T31506] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  333.506021][T31506] CPU: 0 PID: 31506 Comm: syz-executor.0 Not tainted 5.14.0-rc4-syzkaller #0
[  333.514812][T31506] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  333.525518][T31506] Call Trace:
[  333.528801][T31506]  dump_stack_lvl+0xb7/0x103
[  333.533407][T31506]  dump_stack+0x11/0x1a
[  333.537601][T31506]  should_fail+0x23c/0x250
[  333.542284][T31506]  __alloc_pages+0x102/0x320
[  333.546971][T31506]  alloc_pages_vma+0x513/0x680
[  333.551782][T31506]  ? page_address_in_vma+0x264/0x300
[  333.557173][T31506]  new_page+0x124/0x170
[  333.561421][T31506]  migrate_pages+0x3b3/0x1530
[  333.566478][T31506]  ? do_mbind+0xf50/0xf50
[  333.570897][T31506]  ? remove_migration_ptes+0x90/0x90
[  333.576185][T31506]  do_mbind+0xd43/0xf50
[  333.580387][T31506]  __x64_sys_mbind+0x10a/0x130
[  333.585209][T31506]  do_syscall_64+0x3d/0x90
[  333.589738][T31506]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  333.595733][T31506] RIP: 0033:0x4665e9
[  333.599619][T31506] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  333.619491][T31506] RSP: 002b:00007f21c691d188 EFLAGS: 00000246 ORIG_RAX: 00000000000000ed
[  333.628252][T31506] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665e9
09:19:15 executing program 3:
syz_read_part_table(0xa1ffffff00000000, 0x1, &(0x7f0000000480)=[{&(0x7f0000000000)="020181ffffff0a000000ff45ac000000000063000800000000000000000000ffffffa9000000e10000008877007200300700a6ffffff00000000008000da55aa", 0x40, 0x1c0}])
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)

[  333.636311][T31506] RDX: 0000000000000000 RSI: 0000000000800004 RDI: 00000000203b5000
[  333.644472][T31506] RBP: 00007f21c691d1d0 R08: 0000000000000000 R09: 0000000000000002
[  333.653080][T31506] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  333.661050][T31506] R13: 00007ffd632b736f R14: 00007f21c691d300 R15: 0000000000022000
[  333.721268][T31561] loop4: detected capacity change from 0 to 3
[  333.837607][T31575] loop3: detected capacity change from 0 to 264192
[  333.851661][ T1041]  loop1: p2 < > p3 p4
[  333.855983][ T1041] loop1: p2 size 2 extends beyond EOD, truncated
[  333.871417][ T1041] loop1: p3 start 225 is beyond EOD, truncated
[  333.877640][ T1041] loop1: p4 size 3657465856 extends beyond EOD, truncated
[  333.896554][T31575]  loop3: p1 p3 p4
[  333.900614][T31575] loop3: p1 size 11290111 extends beyond EOD, truncated
[  333.909048][T31575] loop3: p3 size 1912633224 extends beyond EOD, truncated
[  333.917302][T31575] loop3: p4 size 3657465856 extends beyond EOD, truncated
09:19:15 executing program 0 (fault-call:2 fault-nth:78):
mlockall(0x1)
mremap(&(0x7f0000453000/0x4000)=nil, 0x4000, 0x1000, 0x3, &(0x7f000014a000/0x1000)=nil)
mbind(&(0x7f00003b5000/0x800000)=nil, 0x800004, 0x0, 0x0, 0x0, 0x2)

09:19:15 executing program 4:
mkdir(&(0x7f0000002200)='./file0\x00', 0x0)
r0 = open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x4)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
name_to_handle_at(0xffffffffffffffff, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB='\b'], &(0x7f0000000340), 0x400)
getdents(r0, &(0x7f00000005c0)=""/223, 0xfc61)
getdents64(r1, &(0x7f0000000040)=""/11, 0xb)

09:19:15 executing program 2:
r0 = open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x1800007, 0x11, r0, 0x0)
r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r2=>0x0)
ftruncate(r1, 0x81fd)
syz_open_dev$vcsu(&(0x7f0000001700), 0x0, 0x0)
sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000003980)=[{0x0}], 0x1}, 0x0)
io_submit(r2, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0xfffffffb, 0x1, 0x0, r1, &(0x7f0000000000), 0x16000}])

09:19:15 executing program 1:
r0 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r1=>0x0)
io_submit(r1, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0x8, 0x300, 0x0, r0, &(0x7f0000000000), 0x16000}])

09:19:15 executing program 3:
syz_read_part_table(0xb94d8f9500000000, 0x1, &(0x7f0000000480)=[{&(0x7f0000000000)="020181ffffff0a000000ff45ac000000000063000800000000000000000000ffffffa9000000e10000008877007200300700a6ffffff00000000008000da55aa", 0x40, 0x1c0}])
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)

[  334.162378][T31601] loop3: detected capacity change from 0 to 264192
[  334.225958][T31601]  loop3: p1 p3 p4
[  334.231284][T31601] loop3: p1 size 11290111 extends beyond EOD, truncated
[  334.262446][T31601] loop3: p3 size 1912633224 extends beyond EOD, truncated
09:19:15 executing program 1:
r0 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r1=>0x0)
io_submit(r1, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0x8, 0x47f, 0x0, r0, &(0x7f0000000000), 0x16000}])

09:19:15 executing program 4:
mkdir(&(0x7f0000002200)='./file0\x00', 0x0)
r0 = open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)={'#! ', './file0/file0', [{0x20, ')+'}, {0x20, '/:'}, {0x20, '*\\::\'\x9f*]@]'}, {0x20, '+'}, {0x20, '+\'-'}, {0x20, '%'}], 0xa, "53605a5a389996767e5285c3cbe722cc66524940685fcba965a12d40516691a933190b9f442a08ce7896f996d21d546d188a232891501a8b72ed8254babee179342c52996345c070f0bb66d586f00162f40006a6bd45851f6d59a31723da43406b35af3c848560faae01e7842e280ac9f57079f71d0eed9ab465c4bd39e754532d51096472d9222fe743eda5c29d66"}, 0xb9)
r2 = signalfd4(r0, &(0x7f0000000280)={[0x3ff]}, 0x8, 0x80000)
write$P9_RLERRORu(r2, &(0x7f00000002c0)={0x13, 0x7, 0x2, {{0x6, ',{$[[.'}, 0x6}}, 0x13)
pipe(&(0x7f0000000040)={<r3=>0xffffffffffffffff})
r4 = socket$inet_udp(0x2, 0x2, 0x0)
close(r4)
splice(r3, 0x0, r4, 0x0, 0x10005, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r4, 0x0)
preadv(r1, &(0x7f0000000240)=[{&(0x7f0000000140)=""/228, 0xe4}], 0x1, 0xd9f, 0x0)
name_to_handle_at(0xffffffffffffffff, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="d10000000000000000a532000000000000"], &(0x7f0000000340), 0x400)
getdents(r0, &(0x7f00000005c0)=""/223, 0xfc61)

09:19:15 executing program 5:
mlockall(0x1)
mremap(&(0x7f0000453000/0x4000)=nil, 0x4000, 0x1000, 0x3, &(0x7f000014a000/0x1000)=nil)
mbind(&(0x7f00003b5000/0x800000)=nil, 0x800004, 0x0, 0x0, 0xffffffff00000000, 0x2)

09:19:15 executing program 2:
r0 = open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x1800007, 0x11, r0, 0x0)
r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r2=>0x0)
ftruncate(r1, 0x81fd)
syz_open_dev$vcsu(&(0x7f0000001700), 0x0, 0x0)
sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000003980)=[{0x0}], 0x1}, 0x0)
io_submit(r2, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0xfffffffe, 0x1, 0x0, r1, &(0x7f0000000000), 0x16000}])

[  334.278755][ T1041]  loop1: p2 < > p3 p4
[  334.285027][ T1041] loop1: p2 size 2 extends beyond EOD, truncated
[  334.311299][T31601] loop3: p4 size 3657465856 extends beyond EOD, truncated
[  334.327696][ T1041] loop1: p3 start 225 is beyond EOD, truncated
[  334.333922][ T1041] loop1: p4 size 3657465856 extends beyond EOD, truncated
09:19:16 executing program 4:
mkdir(&(0x7f0000002200)='./file0\x00', 0x0)
r0 = open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
name_to_handle_at(0xffffffffffffffff, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB='0'], &(0x7f0000000340), 0x400)
getdents(r0, &(0x7f00000005c0)=""/223, 0xfc61)

09:19:16 executing program 1:
r0 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r1=>0x0)
io_submit(r1, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0x8, 0x1, 0x0, r0, &(0x7f0000000000), 0x16000}])

09:19:16 executing program 2:
r0 = open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x1800007, 0x11, r0, 0x0)
r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r2=>0x0)
ftruncate(r1, 0x81fd)
syz_open_dev$vcsu(&(0x7f0000001700), 0x0, 0x0)
sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000003980)=[{0x0}], 0x1}, 0x0)
io_submit(r2, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0xffffffff, 0x1, 0x0, r1, &(0x7f0000000000), 0x16000}])

[  334.448521][T31601] loop3: detected capacity change from 0 to 264192
[  334.541408][T31601]  loop3: p1 p3 p4
[  334.546858][T31601] loop3: p1 size 11290111 extends beyond EOD, truncated
[  334.586556][T31601] loop3: p3 size 1912633224 extends beyond EOD, truncated
[  334.607751][T31601] loop3: p4 size 3657465856 extends beyond EOD, truncated
[  334.660072][T31599] FAULT_INJECTION: forcing a failure.
[  334.660072][T31599] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  334.673514][T31599] CPU: 0 PID: 31599 Comm: syz-executor.0 Not tainted 5.14.0-rc4-syzkaller #0
[  334.682536][T31599] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  334.692713][T31599] Call Trace:
[  334.695989][T31599]  dump_stack_lvl+0xb7/0x103
[  334.700733][T31599]  dump_stack+0x11/0x1a
[  334.704890][T31599]  should_fail+0x23c/0x250
[  334.709996][T31599]  __alloc_pages+0x102/0x320
[  334.714584][T31599]  alloc_pages_vma+0x513/0x680
[  334.719367][T31599]  ? page_address_in_vma+0x264/0x300
[  334.724746][T31599]  new_page+0x124/0x170
[  334.729075][T31599]  migrate_pages+0x3b3/0x1530
[  334.733918][T31599]  ? do_mbind+0xf50/0xf50
[  334.738272][T31599]  ? remove_migration_ptes+0x90/0x90
[  334.743918][T31599]  do_mbind+0xd43/0xf50
[  334.748197][T31599]  __x64_sys_mbind+0x10a/0x130
[  334.753051][T31599]  do_syscall_64+0x3d/0x90
[  334.757468][T31599]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  334.763422][T31599] RIP: 0033:0x4665e9
[  334.767321][T31599] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  334.787653][T31599] RSP: 002b:00007f21c691d188 EFLAGS: 00000246 ORIG_RAX: 00000000000000ed
[  334.796173][T31599] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665e9
[  334.804356][T31599] RDX: 0000000000000000 RSI: 0000000000800004 RDI: 00000000203b5000
[  334.812341][T31599] RBP: 00007f21c691d1d0 R08: 0000000000000000 R09: 0000000000000002
[  334.820707][T31599] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  334.829038][T31599] R13: 00007ffd632b736f R14: 00007f21c691d300 R15: 0000000000022000
[  334.852503][ T1041]  loop1: p2 < > p3 p4
[  334.862777][ T1041] loop1: p2 size 2 extends beyond EOD, truncated
[  334.879203][ T1041] loop1: p3 start 225 is beyond EOD, truncated
[  334.885475][ T1041] loop1: p4 size 3657465856 extends beyond EOD, truncated
09:19:16 executing program 0 (fault-call:2 fault-nth:79):
mlockall(0x1)
mremap(&(0x7f0000453000/0x4000)=nil, 0x4000, 0x1000, 0x3, &(0x7f000014a000/0x1000)=nil)
mbind(&(0x7f00003b5000/0x800000)=nil, 0x800004, 0x0, 0x0, 0x0, 0x2)

09:19:16 executing program 4:
mkdir(&(0x7f0000002200)='./file0\x00', 0x0)
r0 = open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
name_to_handle_at(0xffffffffffffffff, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="1c"], &(0x7f0000000340), 0x400)
getdents(r0, &(0x7f00000005c0)=""/223, 0xfc61)
mount$9p_rdma(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), 0x8000, &(0x7f0000000100)={'trans=rdma,', {'port', 0x3d, 0x4e21}, 0x2c, {[{@common=@aname}, {@sq={'sq', 0x3d, 0x1ff}}, {@timeout={'timeout', 0x3d, 0x400}}, {@common=@cache_none}, {@timeout={'timeout', 0x3d, 0x1}}, {@common=@cache_none}, {@rq={'rq', 0x3d, 0x303}}, {@common=@aname={'aname', 0x3d, ':$@\\}&('}}, {@common=@version_9p2000}], [{@dont_appraise}]}})

09:19:16 executing program 3:
syz_read_part_table(0xc126000000000000, 0x1, &(0x7f0000000480)=[{&(0x7f0000000000)="020181ffffff0a000000ff45ac000000000063000800000000000000000000ffffffa9000000e10000008877007200300700a6ffffff00000000008000da55aa", 0x40, 0x1c0}])
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)

09:19:16 executing program 1:
r0 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r1=>0x0)
io_submit(r1, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0x8, 0x1, 0x2, r0, &(0x7f0000000000), 0x16000}])

09:19:16 executing program 2:
r0 = open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x1800007, 0x11, r0, 0x0)
r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r2=>0x0)
ftruncate(r1, 0x81fd)
syz_open_dev$vcsu(&(0x7f0000001700), 0x0, 0x0)
sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000003980)=[{0x0}], 0x1}, 0x0)
io_submit(r2, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0x0, 0x2, 0x0, r1, &(0x7f0000000000), 0x16000}])

09:19:16 executing program 4:
mkdir(&(0x7f0000002200)='./file0\x00', 0xc6)
r0 = open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
name_to_handle_at(0xffffffffffffffff, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="1c"], &(0x7f0000000340), 0x400)
getdents(r0, &(0x7f00000005c0)=""/223, 0xfc61)

[  335.102896][T31680] 9pnet: Could not find request transport: rdma
[  335.109902][T31681] loop3: detected capacity change from 0 to 264192
09:19:16 executing program 1:
r0 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r1=>0x0)
io_submit(r1, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0x8, 0x1, 0x4, r0, &(0x7f0000000000), 0x16000}])

[  335.166642][T31681]  loop3: p1 p3 p4
[  335.171052][T31681] loop3: p1 size 11290111 extends beyond EOD, truncated
[  335.185795][T31681] loop3: p3 size 1912633224 extends beyond EOD, truncated
[  335.219629][ T1041]  loop1: p2 < > p3 p4
[  335.232039][ T1041] loop1: p2 size 2 extends beyond EOD, truncated
[  335.232519][T31681] loop3: p4 size 3657465856 extends beyond EOD, truncated
[  335.257802][ T1041] loop1: p3 start 225 is beyond EOD, truncated
[  335.264111][ T1041] loop1: p4 size 3657465856 extends beyond EOD, truncated
[  335.345844][T31681] loop3: detected capacity change from 0 to 264192
[  335.400540][ T1041]  loop3: p1 p3 p4
[  335.405183][ T1041] loop3: p1 size 11290111 extends beyond EOD, truncated
[  335.419853][ T1041] loop3: p3 size 1912633224 extends beyond EOD, truncated
[  335.427545][T31684] FAULT_INJECTION: forcing a failure.
[  335.427545][T31684] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  335.440897][T31684] CPU: 0 PID: 31684 Comm: syz-executor.0 Not tainted 5.14.0-rc4-syzkaller #0
[  335.449825][T31684] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  335.459968][T31684] Call Trace:
[  335.463450][T31684]  dump_stack_lvl+0xb7/0x103
[  335.468084][T31684]  dump_stack+0x11/0x1a
[  335.472788][T31684]  should_fail+0x23c/0x250
[  335.477669][T31684]  __alloc_pages+0x102/0x320
[  335.482362][T31684]  alloc_pages_vma+0x513/0x680
[  335.487189][T31684]  ? page_address_in_vma+0x264/0x300
[  335.491424][ T1041] loop3: p4 size 3657465856 extends beyond EOD, truncated
09:19:17 executing program 5:
mlockall(0x1)
mremap(&(0x7f0000453000/0x4000)=nil, 0x4000, 0x1000, 0x3, &(0x7f000014a000/0x1000)=nil)
mbind(&(0x7f00003b5000/0x800000)=nil, 0x800004, 0x0, 0x0, 0x0, 0x3)

09:19:17 executing program 2:
r0 = open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x1800007, 0x11, r0, 0x0)
r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r2=>0x0)
ftruncate(r1, 0x81fd)
syz_open_dev$vcsu(&(0x7f0000001700), 0x0, 0x0)
sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000003980)=[{0x0}], 0x1}, 0x0)
io_submit(r2, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0x0, 0x3, 0x0, r1, &(0x7f0000000000), 0x16000}])

09:19:17 executing program 4:
mkdir(&(0x7f0000002200)='./file0\x00', 0x0)
r0 = open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
pipe(&(0x7f0000000040)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = socket$inet_udp(0x2, 0x2, 0x0)
close(r3)
splice(r1, 0x0, r3, 0x0, 0x10005, 0x0)
sendfile(r1, 0xffffffffffffffff, &(0x7f0000000800)=0x1984f79a, 0x520)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r4, 0x0)
r5 = openat(r4, &(0x7f0000000000)='./file0\x00', 0x22180, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000000c0), 0x8200, 0x0)
mmap(&(0x7f00005c9000/0x400000)=nil, 0x400000, 0x3000002, 0x12, r5, 0x0)
r6 = syz_mount_image$vfat(&(0x7f0000000140), &(0x7f0000000180)='./file0\x00', 0x1, 0x4, &(0x7f0000000540)=[{&(0x7f00000001c0)="dc4345cb1db03de7db5f289acaa5c29bb86fb45d2ca1c990", 0x18, 0xffff}, {&(0x7f0000000200)="7cc9bc378b8342b6017fc53ce7cf1590e6ab6018dcfc57e118c13bad94fc7c0560f3139509dd59a9659fcc1745db2fb145f2929b2738e54977e525f90239dc6792253c5605a3ba31b8a27dba08607d8483f056483aff5242f79487f9070daf6c52fa953cb04dc6ac78340ddbdf5ca58f3eb89468c064b7d54d176df6a03169068428b257e8b4b5dc73a07121e88e5706420e0b89fa1c6f6c1f53b632f33086f1ef79534cad09348d8836846b20ae7016132308dd306484e9ffb6ea7b98fc4330c344ec672b1ee94c168ddc62adeec7545c6dd6a9734dc9b1c1af19781d65f843c6d62d1546c79534bb7b773a", 0xec, 0xffffffffffffff00}, {&(0x7f0000000380)="636e714f82bbb82c8810d4961bd5e5999df5170c1d08dc97b3257b775c326b4550636378aff198899369661e7e7b37620cc397270360e8410e1a3d58849f88e05f62904ac67ffca78492b942876baebdd27d0ab31596c25770d215f6653d2dc0986c6ff3eb60b1aa3f86d0fb3054742426caf9576b77c5a34847c375d6eb19202f2486829c2ef29840cc2d440cd79d0f0dc69c74f4bf2b18a6f16c6136f062f3a4f87dff689bd8ccfc3efc30ff37bc2597e5a882d918a1304f0073b420035ce51e4fa555e652ce4474fbb006b3d59b82ba8296e77f49ef5dd1", 0xd9, 0x100000000}, {&(0x7f0000000480)="1133b8ec30650da2ff2407272373621c28e60b6d844851a5661210d6e0abbfaa4febbf65cfe7381cc1ec21b373cadbfd3b92e9b8607ef2e5cc404e36f27c6451818d4ffd3297a06e3857f44d514ee60b5c2e2c31d311de0a72d6d7cc0ada9f4395b9629a61011e515f087634dd6fbbbe8a2a146c429760f346166e29343e0645dff3fe248be943ed9bd12ef1c0707699eb3430d22fc73b263131140d50cb053f8c3405ff7441a9a93bd70ae0c872ca95c3539ae20a214985bec0df34108359", 0xbf, 0x6}], 0x0, &(0x7f00000006c0)=ANY=[@ANYBLOB="726f6469722c758e81003d312c66736e616d653d2a2c803a287a262b0923686173682c7569643c00", @ANYRESDEC=0xee01, @ANYBLOB=',seclabel,audit,smackfstransmute=/dev/snapshot\x00,\x00'])
readlinkat(r6, &(0x7f0000000740)='./file0\x00', &(0x7f0000000780)=""/86, 0x56)
preadv(r5, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
vmsplice(r2, &(0x7f0000000e00)=[{&(0x7f0000000880)="13a04d45ec55a3f84ab05e31116048f6a1b33011318fc8ea1fe6bae05cf4798f628f0c85e99773d51542fccb1c62fc73f7a7b49b1c11fc6a2385dcb25a954119fe20352c628d3911638e7ceddcd7c84034db0546a53150d0ad3b0745ef9b4e78cba2887098d1dc1d7487666f6e62302f4b0e16d206a6b113ee055d95627d167215a2bdfe6bf70050bb901e9a72dc5db8785605d707a7817119c33bc02191b6942b9f6832a0", 0xa5}, {&(0x7f0000000940)="c09db3b1f2ac92ea609dff2a7e72b63d7a55e802ef46bc66f22b61e7ad1bc04d8e77ed7270d4e3175f44868404fb3fe78b9aad6c24867aa3e941cb2cbbaf8d73a0a336d73e2c0cdda467700342a233367ab97bfef72a6d0ec045bd6c029685296287b3f14a715ca69808b1d59ed21316f3fc0ab4cada741442aaa1d56f9cdbf86f358878b2a33c97b858af470112141294c09e75d5aa6ad2d0a6b490406a2b430ee49349c951cc051afcfc2c479c83ec6814f8b3879c7d23f07ec21f5c0f935c", 0xc0}, {&(0x7f0000000a00)="358ba1c4ea785cbe6f7cfe2a46342f4a6855451e52d7ded79367fd6acafc076849761665265704b620133caef55e887dc16ce1e2a135a9b2af99cc536f24534606e2c07c37151eba80eacb7baa0abf32bc28402ed50ae9e5a82c2d4ddab6622ddd763679e8df81c89d13419a525af83c675d5d7fc6c68bd7798258995d07d53eaaa25d907ea24d0cba5a95d0974ebd71eb976b17d141525cf74b3fe785ec9c4a8b5b5887cb390fc1ebd565d2345dd41ce754a83026bc2a1f9c664bd4a045f3de246511798db7bb32331a675cbdb97fe32a12a3703428541cb0b09f3101693e2f16e9c09cb6dde7f998e565150a", 0xed}, {&(0x7f0000000b00)="2b5aa8f6e0a66842e882eb95cd9dc6460913d0921ed7208ff4af25fab343681b49290530277a85e1a707f0d33f8830fb67ca52b916f98c79f3a563678e50d8b9c3dfb73063478d3019ad4d4e1283da755a983521177c3bef57e1e99d01aa2c9836a2313947da9d8e5252c6e8ef31712fa11f587079e420bceb4fde403ce014f7", 0x80}, {&(0x7f0000000b80)="a98e8a9c7f3494149156e27992ae44ba16f71ccb63df2004c9b2214296603c58f2bb1e0a7fac7e41559135016f63972956786e407cda69027c62dbd59f39d118be79f69bf76e0795b361ab4b468dbc37c0906b42ae2398a6325f3bf36002aadfb563cf82e7eee3a7dbfc60f05721571f80149b98575e52e4d5acbbe53c274156ce5dfb9a53fc2f6a8f78926e", 0x8c}, {&(0x7f0000000c40)="b74f8fe9583de0bb950288caa77a10e488e4d4c878f6fe908a1d69e9cbe1cdec669de87f2acce2ba1c0268ff27a6d11134258abcad1cba5ed1a77673e3228214abbc4b5f43b978b63139b6267c8efdf7155811953f5b4c6674464a3b986124d7661bb2a4990d0b517c0d1c1e7cd985e63eaa4758bbb423e9b9a83d43495d6da6bfb3009241bd93714309efde603aff90265c4ca1ce7afcab7473ee0568", 0x9d}, {&(0x7f0000000100)="b89007dad98b6a77f9eb605168be97a4c6ff606153e9a908b7dd33c408b216704a", 0x21}, {&(0x7f0000000d00)="bf390bb0a2e80d59e7b3a3ea3bfd861b42bb317c310439347a9d02603b5e57b1db3d4284b43f29b9d1dbef8d6ef0c267f88fa39e3a6ac2490570987fc822086cbc862961019eec4caf55a573cddd0bba08f4a42b8f36487ba8cce0225e159c90fbac1165ec47d7e9ccf6f4715d9ac53d9bda7d81ec1d6ca62f3d9091adeb0271b646022074dc62d6f30e7d2b0b8c63b3a22c3c644bffd77d6c85a2cd8934303224340a72602889b356e28b29078e9637854015fb24bb964d1ae3a4d8a054a4d4d2ae59875148f915fd0c3d25d723fa8dc35b6be1bf558cca54bbd334b13dd98791265ce549751e1a9e9eeba95aff6ba5682bdd315fe81dd18009", 0xfa}, {&(0x7f0000000300)="40e3801d3f388749f3bd47bc980da219d98b3b7a", 0x14}], 0x9, 0x6)
splice(r0, &(0x7f0000000040)=0x9c, 0xffffffffffffffff, &(0x7f0000000080)=0x102, 0x9, 0x2)
preadv(r0, &(0x7f0000000800), 0x0, 0xd2, 0x20)
name_to_handle_at(0xffffffffffffffff, 0x0, &(0x7f0000000840)=ANY=[@ANYRESHEX=r2], &(0x7f0000000340), 0x400)
getdents(r0, &(0x7f00000005c0)=""/223, 0xfc61)

09:19:17 executing program 1:
r0 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r1=>0x0)
io_submit(r1, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0x8, 0x1, 0x8, r0, &(0x7f0000000000), 0x16000}])

[  335.492513][T31684]  new_page+0x124/0x170
[  335.504130][T31684]  migrate_pages+0x3b3/0x1530
[  335.508921][T31684]  ? do_mbind+0xf50/0xf50
[  335.513428][T31684]  ? remove_migration_ptes+0x90/0x90
[  335.518818][T31684]  do_mbind+0xd43/0xf50
[  335.523015][T31684]  __x64_sys_mbind+0x10a/0x130
[  335.527806][T31684]  do_syscall_64+0x3d/0x90
[  335.532225][T31684]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  335.537625][T31681]  loop3: p1 p3 p4
[  335.538123][T31684] RIP: 0033:0x4665e9
[  335.538141][T31684] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  335.542181][T31681] loop3: p1 size 11290111 extends beyond EOD, 
[  335.545758][T31684] RSP: 002b:00007f21c691d188 EFLAGS: 00000246 ORIG_RAX: 00000000000000ed
[  335.545781][T31684] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665e9
[  335.545793][T31684] RDX: 0000000000000000 RSI: 0000000000800004 RDI: 00000000203b5000
[  335.565687][T31681] truncated
[  335.571793][T31684] RBP: 00007f21c691d1d0 R08: 0000000000000000 R09: 0000000000000002
[  335.571807][T31684] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  335.611169][T31681] loop3: p3 size 1912633224 extends beyond EOD, 
[  335.615841][T31684] R13: 00007ffd632b736f R14: 00007f21c691d300 R15: 0000000000022000
[  335.615867][    C0] ==================================================================
[  335.615878][    C0] BUG: KCSAN: data-race in data_push_tail / vsnprintf
[  335.615883][    C0] 
[  335.615887][    C0] write to 0xffffffff8414898a of 1 bytes by task 1041 on cpu 1:
[  335.615894][    C0]  vsnprintf+0xe8f/0xed0
[  335.615898][    C0]  vscnprintf+0x29/0x80
[  335.615902][    C0]  vprintk_store+0x353/0x9c0
[  335.615908][    C0]  vprintk_emit+0xca/0x3d0
[  335.615912][    C0]  vprintk_default+0x22/0x30
[  335.615926][    C0]  vprintk+0x15a/0x170
[  335.615931][    C0]  printk+0x62/0x87
[  335.615935][    C0]  bdev_disk_changed+0xac4/0xea0
[  335.615940][    C0]  blkdev_get_whole+0x2f2/0x350
[  335.615945][    C0]  blkdev_get_by_dev+0x2ad/0x8d0
[  335.615950][    C0]  blkdev_common_ioctl+0xfc8/0x1040
[  335.615955][    C0]  blkdev_ioctl+0x16e/0x3c0
[  335.615960][    C0]  block_ioctl+0x6d/0x80
[  335.615965][    C0]  __se_sys_ioctl+0xcb/0x140
[  335.615970][    C0]  __x64_sys_ioctl+0x3f/0x50
[  335.615975][    C0]  do_syscall_64+0x3d/0x90
[  335.615980][    C0]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  335.615985][    C0] 
[  335.615989][    C0] read to 0xffffffff84148988 of 8 bytes by task 31684 on cpu 0:
[  335.615996][    C0]  data_push_tail+0x125/0x460
[  335.616001][    C0]  data_alloc+0xbc/0x2b0
[  335.616005][    C0]  prb_reserve+0x8f0/0xbc0
[  335.616010][    C0]  vprintk_store+0x3e9/0x9c0
[  335.616034][    C0]  vprintk_emit+0xca/0x3d0
[  335.616038][    C0]  vprintk_default+0x22/0x30
[  335.616043][    C0]  vprintk+0x15a/0x170
[  335.616047][    C0]  printk+0x62/0x87
[  335.616052][    C0]  show_trace_log_lvl+0x587/0x600
[  335.616057][    C0]  dump_stack_lvl+0xb7/0x103
[  335.616075][    C0]  dump_stack+0x11/0x1a
[  335.616080][    C0]  should_fail+0x23c/0x250
[  335.616085][    C0]  __alloc_pages+0x102/0x320
[  335.616089][    C0]  alloc_pages_vma+0x513/0x680
[  335.616094][    C0]  new_page+0x124/0x170
[  335.616098][    C0]  migrate_pages+0x3b3/0x1530
[  335.616103][    C0]  do_mbind+0xd43/0xf50
[  335.616108][    C0]  __x64_sys_mbind+0x10a/0x130
[  335.616112][    C0]  do_syscall_64+0x3d/0x90
[  335.616118][    C0]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  335.616123][    C0] 
[  335.616128][    C0] value changed: 0x00000001000017da -> 0x0000000100000a64
[  335.616133][    C0] 
[  335.616137][    C0] Reported by Kernel Concurrency Sanitizer on:
[  335.616144][    C0] CPU: 0 PID: 31684 Comm: syz-executor.0 Not tainted 5.14.0-rc4-syzkaller #0
[  335.616153][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  335.616162][    C0] ==================================================================
[  335.679558][T31734] loop4: detected capacity change from 0 to 264192
[  335.681505][T31681] truncated
[  335.692516][T31681] loop3: p4 size 3657465856 extends beyond EOD, 
09:19:17 executing program 1:
r0 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r1=>0x0)
io_submit(r1, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0x8, 0x1, 0x9, r0, &(0x7f0000000000), 0x16000}])

[  335.707511][T31734] FAT-fs (loop4): Unrecognized mount option "uŽ�" or missing value
[  335.709826][T31681] truncated
[  335.823233][ T1041]  loop1: p2 < > p3 p4
[  335.959302][ T1041] loop1: p2 size 2 extends beyond EOD, truncated
[  335.979891][ T1041] loop1: p3 start 225 is beyond EOD, truncated
[  335.986119][ T1041] loop1: p4 size 3657465856 extends beyond EOD, truncated
[  336.045732][ T1041]  loop1: p2 < > p3 p4
[  336.050525][ T1041] loop1: p2 size 2 extends beyond EOD, truncated
[  336.059586][ T1041] loop1: p3 start 225 is beyond EOD, truncated
[  336.065877][ T1041] loop1: p4 size 3657465856 extends beyond EOD, truncated
09:19:17 executing program 0 (fault-call:2 fault-nth:80):
mlockall(0x1)
mremap(&(0x7f0000453000/0x4000)=nil, 0x4000, 0x1000, 0x3, &(0x7f000014a000/0x1000)=nil)
mbind(&(0x7f00003b5000/0x800000)=nil, 0x800004, 0x0, 0x0, 0x0, 0x2)

09:19:17 executing program 2:
r0 = open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x1800007, 0x11, r0, 0x0)
r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r2=>0x0)
ftruncate(r1, 0x81fd)
syz_open_dev$vcsu(&(0x7f0000001700), 0x0, 0x0)
sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000003980)=[{0x0}], 0x1}, 0x0)
io_submit(r2, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0x0, 0x4, 0x0, r1, &(0x7f0000000000), 0x16000}])

09:19:17 executing program 3:
syz_read_part_table(0xc9ffffff00000000, 0x1, &(0x7f0000000480)=[{&(0x7f0000000000)="020181ffffff0a000000ff45ac000000000063000800000000000000000000ffffffa9000000e10000008877007200300700a6ffffff00000000008000da55aa", 0x40, 0x1c0}])
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)

09:19:17 executing program 4:
mkdir(&(0x7f0000002200)='./file0\x00', 0x0)
r0 = open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
name_to_handle_at(0xffffffffffffffff, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="1c"], &(0x7f0000000340), 0x400)
pipe(&(0x7f0000000040)={<r2=>0xffffffffffffffff})
r3 = socket$inet_udp(0x2, 0x2, 0x0)
close(r3)
splice(r2, 0x0, r3, 0x0, 0x10005, 0x0)
r4 = socket$inet6_udplite(0xa, 0x2, 0x88)
sendfile(r2, r4, &(0x7f0000000040)=0x20, 0x8)
getdents(r0, &(0x7f00000005c0)=""/223, 0xfc61)

09:19:17 executing program 1:
r0 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r1=>0x0)
io_submit(r1, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0x8, 0x1, 0x10, r0, &(0x7f0000000000), 0x16000}])

[  336.192251][ T1041]  loop1: p2 < > p3 p4
[  336.196609][ T1041] loop1: p2 size 2 extends beyond EOD, truncated
[  336.211716][ T1041] loop1: p3 start 225 is beyond EOD, truncated
[  336.217963][ T1041] loop1: p4 size 3657465856 extends beyond EOD, truncated
09:19:17 executing program 4:
mkdir(&(0x7f0000002200)='./file0\x00', 0x0)
r0 = open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
name_to_handle_at(0xffffffffffffffff, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="b2"], &(0x7f0000000340), 0x400)
getdents(r0, &(0x7f00000005c0)=""/223, 0xfc61)

09:19:17 executing program 1:
r0 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r1=>0x0)
io_submit(r1, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0x8, 0x1, 0x408, r0, &(0x7f0000000000), 0x16000}])

[  336.288043][T31782] loop3: detected capacity change from 0 to 264192
[  336.350677][T31782]  loop3: p1 p3 p4
[  336.354736][T31782] loop3: p1 size 11290111 extends beyond EOD, truncated
[  336.370154][ T1041]  loop1: p2 < > p3 p4
[  336.374582][ T1041] loop1: p2 size 2 extends beyond EOD, truncated
[  336.377068][T31782] loop3: p3 size 1912633224 extends beyond EOD, truncated
[  336.397735][ T1041] loop1: p3 start 225 is beyond EOD, truncated
[  336.402840][T31782] loop3: p4 size 3657465856 extends beyond EOD, truncated
[  336.404014][ T1041] loop1: p4 size 3657465856 extends beyond EOD, truncated
09:19:18 executing program 5:
mlockall(0x1)
mremap(&(0x7f0000453000/0x4000)=nil, 0x4000, 0x1000, 0x3, &(0x7f000014a000/0x1000)=nil)
mbind(&(0x7f00003b5000/0x800000)=nil, 0x800004, 0x0, 0x0, 0x0, 0x7)

09:19:18 executing program 2:
r0 = open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x1800007, 0x11, r0, 0x0)
r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r2=>0x0)
ftruncate(r1, 0x81fd)
syz_open_dev$vcsu(&(0x7f0000001700), 0x0, 0x0)
sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000003980)=[{0x0}], 0x1}, 0x0)
io_submit(r2, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0x0, 0x5, 0x0, r1, &(0x7f0000000000), 0x16000}])

09:19:18 executing program 4:
mkdir(&(0x7f0000002200)='./file0\x00', 0x0)
r0 = open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
fadvise64(r1, 0x7f, 0x401, 0x3)
mmap(&(0x7f000017f000/0x3000)=nil, 0x3000, 0x3000007, 0x8010, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BTRFS_IOC_QUOTA_CTL(r1, 0xc0109428, &(0x7f0000000040)={0x2, 0x1})
name_to_handle_at(0xffffffffffffffff, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="1c"], &(0x7f0000000340), 0x400)
getdents(r0, &(0x7f00000005c0)=""/223, 0xfc61)

09:19:18 executing program 1:
r0 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r1=>0x0)
io_submit(r1, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0x8, 0x1, 0x804, r0, &(0x7f0000000000), 0x16000}])

09:19:18 executing program 3:
syz_read_part_table(0xe4ffffff00000000, 0x1, &(0x7f0000000480)=[{&(0x7f0000000000)="020181ffffff0a000000ff45ac000000000063000800000000000000000000ffffffa9000000e10000008877007200300700a6ffffff00000000008000da55aa", 0x40, 0x1c0}])
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)

[  336.522793][ T1041]  loop1: p2 < > p3 p4
[  336.527167][ T1041] loop1: p2 size 2 extends beyond EOD, truncated
[  336.559320][ T1041] loop1: p3 start 225 is beyond EOD, truncated
[  336.565702][ T1041] loop1: p4 size 3657465856 extends beyond EOD, truncated
[  336.606979][T31828] loop3: detected capacity change from 0 to 264192
[  336.666557][T31828]  loop3: p1 p3 p4
[  336.670510][T31828] loop3: p1 size 11290111 extends beyond EOD, truncated
[  336.683102][T31828] loop3: p3 size 1912633224 extends beyond EOD, truncated
[  336.701569][T31783] FAULT_INJECTION: forcing a failure.
[  336.701569][T31783] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  336.715005][T31783] CPU: 0 PID: 31783 Comm: syz-executor.0 Not tainted 5.14.0-rc4-syzkaller #0
[  336.724109][T31783] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  336.734426][T31783] Call Trace:
[  336.737705][T31783]  dump_stack_lvl+0xb7/0x103
[  336.742391][T31783]  dump_stack+0x11/0x1a
[  336.746631][T31783]  should_fail+0x23c/0x250
[  336.751137][T31783]  __alloc_pages+0x102/0x320
[  336.755725][T31783]  alloc_pages_vma+0x513/0x680
[  336.760515][T31783]  ? page_address_in_vma+0x264/0x300
[  336.765819][T31783]  new_page+0x124/0x170
[  336.770030][T31783]  migrate_pages+0x3b3/0x1530
[  336.775237][T31783]  ? do_mbind+0xf50/0xf50
[  336.779592][T31783]  ? remove_migration_ptes+0x90/0x90
[  336.785229][T31783]  do_mbind+0xd43/0xf50
[  336.789388][T31783]  __x64_sys_mbind+0x10a/0x130
[  336.794290][T31783]  do_syscall_64+0x3d/0x90
[  336.798874][T31783]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  336.803563][T31828] loop3: p4 size 3657465856 extends beyond EOD, 
[  336.804797][T31783] RIP: 0033:0x4665e9
[  336.804814][T31783] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  336.811200][T31828] truncated
[  336.815015][T31783] RSP: 002b:00007f21c691d188 EFLAGS: 00000246 ORIG_RAX: 00000000000000ed
[  336.847068][T31783] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665e9
[  336.855398][T31783] RDX: 0000000000000000 RSI: 0000000000800004 RDI: 00000000203b5000
[  336.863480][T31783] RBP: 00007f21c691d1d0 R08: 0000000000000000 R09: 0000000000000002
[  336.871453][T31783] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  336.879429][T31783] R13: 00007ffd632b736f R14: 00007f21c691d300 R15: 0000000000022000
[  336.954902][T31828] loop3: detected capacity change from 0 to 264192
[  337.018734][T31828]  loop3: p1 p3 p4
[  337.026303][T31828] loop3: p1 size 11290111 extends beyond EOD, truncated
[  337.033985][T31828] loop3: p3 size 1912633224 extends beyond EOD, truncated
[  337.046962][T31828] loop3: p4 size 3657465856 extends beyond EOD, truncated
09:19:18 executing program 0 (fault-call:2 fault-nth:81):
mlockall(0x1)
mremap(&(0x7f0000453000/0x4000)=nil, 0x4000, 0x1000, 0x3, &(0x7f000014a000/0x1000)=nil)
mbind(&(0x7f00003b5000/0x800000)=nil, 0x800004, 0x0, 0x0, 0x0, 0x2)

09:19:18 executing program 4:
mkdir(&(0x7f0000002200)='./file0\x00', 0x0)
r0 = open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x100000f, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
name_to_handle_at(0xffffffffffffffff, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="1c"], &(0x7f0000000340), 0x400)
getdents(r0, &(0x7f00000005c0)=""/223, 0xfc61)

09:19:18 executing program 2:
r0 = open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x1800007, 0x11, r0, 0x0)
r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r2=>0x0)
ftruncate(r1, 0x81fd)
syz_open_dev$vcsu(&(0x7f0000001700), 0x0, 0x0)
sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000003980)=[{0x0}], 0x1}, 0x0)
io_submit(r2, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0x0, 0x6, 0x0, r1, &(0x7f0000000000), 0x16000}])

09:19:18 executing program 1:
r0 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r1=>0x0)
io_submit(r1, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0x8, 0x1, 0x900, r0, &(0x7f0000000000), 0x16000}])

09:19:18 executing program 3:
syz_read_part_table(0xf504000000000000, 0x1, &(0x7f0000000480)=[{&(0x7f0000000000)="020181ffffff0a000000ff45ac000000000063000800000000000000000000ffffffa9000000e10000008877007200300700a6ffffff00000000008000da55aa", 0x40, 0x1c0}])
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)

09:19:18 executing program 4:
mkdir(&(0x7f0000002200)='./file0\x00', 0x0)
r0 = open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0)
pipe(&(0x7f0000000040)={<r2=>0xffffffffffffffff})
r3 = socket$inet_udp(0x2, 0x2, 0x0)
close(r3)
sendmsg$NL80211_CMD_SET_WOWLAN(r2, &(0x7f0000000300)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x410800}, 0xc, &(0x7f00000002c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="f4010000", @ANYRES16=0x0, @ANYBLOB="04002bbd7000fddbdf254a000000080001003b00000008000000000000000a00f500080211000001000008009e0050000000060098000800000075012a00bd060802110000012d1a08000fff000000000000002000020014000000000400800000038325400000ffffffffffff050000000802110000010700000009000000080211000001faffffff84ce980c40080211000001ff7f0000080211000000310040080211000000020000000802110000003a004008021100000008000000ffffffffffff370000080211000001060000002d0040ffffffffffff010000000802110000000c0000ffffffffffff070000002c0040080211000001e49affff080211000000260000080211ff200000003c0040ffffffffffff0500000008021100000122004008021100000101000000080211000001290040080211000001bc740000080211000001320072060303030303038325400620ffffffffffff0a0d00000802110000010200000003010000ffffffffffffcd000000831f0001fb0802110000000000010008000000000000000802110000010700042000050000000006009800970000000500f6000600000006009800000a000600ffffffffffff000004000600040002000400030004000200c6cc44d84305deb8c89321e7b9c9c622ca115736e4be2d86a22986e4f2c1613343a6dc9c62045b3a13b24272c66d8b51f8f83a58354ef91711abe03f50e7bdf52476cb81f2564cb50b3a9abdf55e30ce2f48bdaef0"], 0x1f4}, 0x1, 0x0, 0x0, 0x4040004}, 0x240400c0)
splice(r2, 0x0, r3, 0x0, 0x10005, 0x0)
preadv(r2, &(0x7f0000000240), 0x0, 0xffffffff, 0x2)
name_to_handle_at(0xffffffffffffffff, 0x0, &(0x7f0000000300)=ANY=[], &(0x7f0000000340), 0x400)
getdents(r0, &(0x7f00000005c0)=""/221, 0xdd)

[  337.196374][T31867] loop3: detected capacity change from 0 to 264192
09:19:18 executing program 1:
r0 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r1=>0x0)
io_submit(r1, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0x8, 0x1, 0x3f00, r0, &(0x7f0000000000), 0x16000}])

[  337.266468][T31867]  loop3: p1 p3 p4
[  337.270586][T31867] loop3: p1 size 11290111 extends beyond EOD, truncated
[  337.288700][T31867] loop3: p3 size 1912633224 extends beyond EOD, truncated
[  337.299838][ T1041]  loop1: p2 < > p3 p4
[  337.304031][ T1041] loop1: p2 size 2 extends beyond EOD, truncated
[  337.321633][T31867] loop3: p4 size 3657465856 extends beyond EOD, truncated
[  337.330159][ T1041] loop1: p3 start 225 is beyond EOD, truncated
[  337.336466][ T1041] loop1: p4 size 3657465856 extends beyond EOD, truncated
[  337.481096][ T1041]  loop1: p2 < > p3 p4
[  337.485617][ T1041] loop1: p2 size 2 extends beyond EOD, truncated
[  337.500914][T31864] FAULT_INJECTION: forcing a failure.
[  337.500914][T31864] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  337.503287][ T1041] loop1: p3 start 225 is beyond EOD, truncated
[  337.514954][T31864] CPU: 0 PID: 31864 Comm: syz-executor.0 Not tainted 5.14.0-rc4-syzkaller #0
[  337.521244][ T1041] loop1: p4 size 3657465856 extends beyond EOD, 
[  337.529945][T31864] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  337.529957][T31864] Call Trace:
[  337.529965][T31864]  dump_stack_lvl+0xb7/0x103
[  337.536632][ T1041] truncated
[  337.546824][T31864]  dump_stack+0x11/0x1a
[  337.546847][T31864]  should_fail+0x23c/0x250
[  337.566501][T31864]  __alloc_pages+0x102/0x320
[  337.571210][T31864]  alloc_pages_vma+0x513/0x680
[  337.575979][T31864]  ? page_address_in_vma+0x264/0x300
09:19:19 executing program 5:
mlockall(0x1)
mremap(&(0x7f0000453000/0x4000)=nil, 0x4000, 0x1000, 0x3, &(0x7f000014a000/0x1000)=nil)
mbind(&(0x7f00003b5000/0x800000)=nil, 0x800004, 0x0, 0x0, 0x0, 0x8)

09:19:19 executing program 2:
r0 = open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x1800007, 0x11, r0, 0x0)
r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r2=>0x0)
ftruncate(r1, 0x81fd)
syz_open_dev$vcsu(&(0x7f0000001700), 0x0, 0x0)
sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000003980)=[{0x0}], 0x1}, 0x0)
io_submit(r2, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0x0, 0x7, 0x0, r1, &(0x7f0000000000), 0x16000}])

09:19:19 executing program 3:
syz_read_part_table(0xf6ffffff00000000, 0x1, &(0x7f0000000480)=[{&(0x7f0000000000)="020181ffffff0a000000ff45ac000000000063000800000000000000000000ffffffa9000000e10000008877007200300700a6ffffff00000000008000da55aa", 0x40, 0x1c0}])
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)

09:19:19 executing program 4:
keyctl$set_reqkey_keyring(0xe, 0x4)
mkdir(&(0x7f0000002200)='./file0\x00', 0x0)
r0 = open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
pipe(&(0x7f0000000040)={<r1=>0xffffffffffffffff})
r2 = socket$inet_udp(0x2, 0x2, 0x0)
close(r2)
splice(r1, 0x0, r2, 0x0, 0x10005, 0x0)
r3 = openat(r1, &(0x7f0000000140)='/proc/self/exe\x00', 0x2f0600, 0x18)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r3, 0x0)
fsetxattr$trusted_overlay_origin(r0, &(0x7f0000000040), &(0x7f0000000080), 0x2, 0x1)
name_to_handle_at(0xffffffffffffffff, 0x0, &(0x7f0000000300)=ANY=[], &(0x7f0000000340), 0x1400)
getdents(r0, &(0x7f00000005c0)=""/223, 0xfc61)
pipe(&(0x7f0000000040)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
write$binfmt_misc(r4, &(0x7f0000000140)=ANY=[], 0x4240a2a0)
r5 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r5, 0x0)
preadv(r5, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
write$binfmt_elf64(0xffffffffffffffff, &(0x7f0000000180)=ANY=[], 0xfffffffffffffdd6)
linkat(r4, &(0x7f00000000c0)='./file0\x00', r5, &(0x7f0000000100)='./file0\x00', 0x0)

09:19:19 executing program 1:
r0 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r1=>0x0)
io_submit(r1, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0x8, 0x1, 0x4000, r0, &(0x7f0000000000), 0x16000}])

[  337.581289][T31864]  new_page+0x124/0x170
[  337.585518][T31864]  migrate_pages+0x3b3/0x1530
[  337.590267][T31864]  ? do_mbind+0xf50/0xf50
[  337.594589][T31864]  ? remove_migration_ptes+0x90/0x90
[  337.600042][T31864]  do_mbind+0xd43/0xf50
[  337.604268][T31864]  __x64_sys_mbind+0x10a/0x130
[  337.609036][T31864]  do_syscall_64+0x3d/0x90
[  337.613520][T31864]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  337.619617][T31864] RIP: 0033:0x4665e9
[  337.623512][T31864] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  337.643296][T31864] RSP: 002b:00007f21c691d188 EFLAGS: 00000246 ORIG_RAX: 00000000000000ed
[  337.651948][T31864] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665e9
[  337.660210][T31864] RDX: 0000000000000000 RSI: 0000000000800004 RDI: 00000000203b5000
[  337.668293][T31864] RBP: 00007f21c691d1d0 R08: 0000000000000000 R09: 0000000000000002
[  337.676259][T31864] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  337.684225][T31864] R13: 00007ffd632b736f R14: 00007f21c691d300 R15: 0000000000022000
[  337.728128][T31916] loop3: detected capacity change from 0 to 264192
[  337.795273][T31916]  loop3: p1 p3 p4
[  337.799818][T31916] loop3: p1 size 11290111 extends beyond EOD, truncated
[  337.815101][T31916] loop3: p3 size 1912633224 extends beyond EOD, truncated
[  337.827497][ T1041]  loop1: p2 < > p3 p4
[  337.831842][ T1041] loop1: p2 size 2 extends beyond EOD, truncated
[  337.842170][ T1041] loop1: p3 start 225 is beyond EOD, truncated
[  337.847385][T31916] loop3: p4 size 3657465856 extends beyond EOD, truncated
[  337.848388][ T1041] loop1: p4 size 3657465856 extends beyond EOD, truncated
[  337.950194][T31933] print_req_error: 38 callbacks suppressed
[  337.950207][T31933] blk_update_request: I/O error, dev loop3, sector 263946 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 0
[  337.967828][T31933] blk_update_request: I/O error, dev loop3, sector 264033 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 0
[  337.980730][T31916] __loop_clr_fd: partition scan of loop3 failed (rc=-16)
[  337.981456][T31935] blk_update_request: I/O error, dev loop3, sector 264064 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 0
[  337.995002][T31916] loop3: detected capacity change from 0 to 264192
[  337.999674][  T710] blk_update_request: I/O error, dev loop3, sector 264033 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  338.017512][  T710] buffer_io_error: 29 callbacks suppressed
[  338.017522][  T710] Buffer I/O error on dev loop3p3, logical block 263808, async page read
09:19:19 executing program 0 (fault-call:2 fault-nth:82):
mlockall(0x1)
mremap(&(0x7f0000453000/0x4000)=nil, 0x4000, 0x1000, 0x3, &(0x7f000014a000/0x1000)=nil)
mbind(&(0x7f00003b5000/0x800000)=nil, 0x800004, 0x0, 0x0, 0x0, 0x2)

09:19:19 executing program 2:
r0 = open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x1800007, 0x11, r0, 0x0)
r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r2=>0x0)
ftruncate(r1, 0x81fd)
syz_open_dev$vcsu(&(0x7f0000001700), 0x0, 0x0)
sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000003980)=[{0x0}], 0x1}, 0x0)
io_submit(r2, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0x0, 0x8, 0x0, r1, &(0x7f0000000000), 0x16000}])

09:19:19 executing program 1:
r0 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r1=>0x0)
io_submit(r1, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0x8, 0x1, 0xff0f, r0, &(0x7f0000000000), 0x16000}])

[  338.057252][T31916] loop_reread_partitions: partition scan of loop3 () failed (rc=-16)
09:19:19 executing program 3:
syz_read_part_table(0xfbffffff00000000, 0x1, &(0x7f0000000480)=[{&(0x7f0000000000)="020181ffffff0a000000ff45ac000000000063000800000000000000000000ffffffa9000000e10000008877007200300700a6ffffff00000000008000da55aa", 0x40, 0x1c0}])
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)

09:19:19 executing program 1:
r0 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r1=>0x0)
io_submit(r1, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0x8, 0x1, 0xffff, r0, &(0x7f0000000000), 0x16000}])

09:19:19 executing program 2:
r0 = open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x1800007, 0x11, r0, 0x0)
r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r2=>0x0)
ftruncate(r1, 0x81fd)
syz_open_dev$vcsu(&(0x7f0000001700), 0x0, 0x0)
sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000003980)=[{0x0}], 0x1}, 0x0)
io_submit(r2, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0x0, 0x9, 0x0, r1, &(0x7f0000000000), 0x16000}])

[  338.201011][T31964] loop3: detected capacity change from 0 to 264192
[  338.233291][ T1041]  loop1: p2 < > p3 p4
[  338.237691][ T1041] loop1: p2 size 2 extends beyond EOD, truncated
[  338.247736][T31964]  loop3: p1 p3 p4
[  338.251764][T31964] loop3: p1 size 11290111 extends beyond EOD, truncated
[  338.294842][T31964] loop3: p3 size 1912633224 extends beyond EOD, truncated
[  338.295226][ T1041] loop1: p3 start 225 is beyond EOD, truncated
[  338.308324][ T1041] loop1: p4 size 3657465856 extends beyond EOD, truncated
[  338.315864][T31964] loop3: p4 size 3657465856 extends beyond EOD, truncated
09:19:19 executing program 5:
fsetxattr$security_ima(0xffffffffffffffff, &(0x7f0000000000), &(0x7f0000000040)=@v2={0x5, 0x2, 0x11, 0x7f, 0x3a, "e4efe158af476515b965ad14938fbd6716c43cc4f61246d67f7bf9ea2afb79fd32224318487ff708b14a69a9d8ff83337bd2d968584ba63819f8"}, 0x43, 0x2)
r0 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000100), 0xffffffffffffffff)
sendmsg$TIPC_NL_KEY_FLUSH(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000140)={0xe0, r0, 0x1, 0x70bd26, 0x25dfdbfb, {}, [@TIPC_NLA_MEDIA={0x6c, 0x5, 0x0, 0x1, [@TIPC_NLA_MEDIA_NAME={0x7, 0x1, 'ib\x00'}, @TIPC_NLA_MEDIA_PROP={0x1c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1a}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x5}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x2}]}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'eth\x00'}, @TIPC_NLA_MEDIA_PROP={0x34, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x13f}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0xd4}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x7}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x1}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0xfff}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x16}]}]}, @TIPC_NLA_BEARER={0x60, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_NAME={0xd, 0x1, @l2={'ib', 0x3a, 'wlan0\x00'}}, @TIPC_NLA_BEARER_UDP_OPTS={0x2c, 0x4, {{0x14, 0x1, @in={0x2, 0x4e23, @remote}}, {0x14, 0x2, @in={0x2, 0x4e20, @multicast1}}}}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_NAME={0xf, 0x1, @l2={'ib', 0x3a, 'syz_tun\x00'}}]}]}, 0xe0}, 0x1, 0x0, 0x0, 0x40010}, 0x4)
mlockall(0x1)
mremap(&(0x7f0000453000/0x4000)=nil, 0x4000, 0x1000, 0x3, &(0x7f000014a000/0x1000)=nil)
mbind(&(0x7f00003b5000/0x800000)=nil, 0x800004, 0x0, 0x0, 0x0, 0x2)

09:19:20 executing program 2:
r0 = open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x1800007, 0x11, r0, 0x0)
r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r2=>0x0)
ftruncate(r1, 0x81fd)
syz_open_dev$vcsu(&(0x7f0000001700), 0x0, 0x0)
sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000003980)=[{0x0}], 0x1}, 0x0)
io_submit(r2, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0x0, 0xa, 0x0, r1, &(0x7f0000000000), 0x16000}])

09:19:20 executing program 1:
r0 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r1=>0x0)
io_submit(r1, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0x8, 0x1, 0x0, r0, &(0x7f0000000000), 0x16002}])

[  338.432684][T31964] loop3: detected capacity change from 0 to 264192
[  338.447513][ T1041]  loop1: p2 < > p3 p4
[  338.456581][ T1041] loop1: p2 size 2 extends beyond EOD, truncated
[  338.471073][T31964]  loop3: p1 p3 p4
[  338.475037][T31964] loop3: p1 size 11290111 extends beyond EOD, truncated
[  338.485128][ T1041] loop1: p3 start 225 is beyond EOD, truncated
[  338.491349][ T1041] loop1: p4 size 3657465856 extends beyond EOD, truncated
[  338.508281][T31964] loop3: p3 size 1912633224 extends beyond EOD, truncated
[  338.525142][T31964] loop3: p4 size 3657465856 extends beyond EOD, truncated
[  338.538066][T31954] FAULT_INJECTION: forcing a failure.
[  338.538066][T31954] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  338.551403][T31954] CPU: 0 PID: 31954 Comm: syz-executor.0 Not tainted 5.14.0-rc4-syzkaller #0
[  338.560265][T31954] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  338.570398][T31954] Call Trace:
[  338.573685][T31954]  dump_stack_lvl+0xb7/0x103
[  338.578364][T31954]  dump_stack+0x11/0x1a
[  338.582513][T31954]  should_fail+0x23c/0x250
[  338.587016][T31954]  __alloc_pages+0x102/0x320
[  338.591614][T31954]  alloc_pages_vma+0x513/0x680
[  338.596398][T31954]  ? page_address_in_vma+0x264/0x300
[  338.601690][T31954]  new_page+0x124/0x170
[  338.605839][T31954]  migrate_pages+0x3b3/0x1530
[  338.610535][T31954]  ? do_mbind+0xf50/0xf50
[  338.615167][T31954]  ? remove_migration_ptes+0x90/0x90
[  338.621145][T31954]  do_mbind+0xd43/0xf50
[  338.625315][T31954]  __x64_sys_mbind+0x10a/0x130
[  338.630227][T31954]  do_syscall_64+0x3d/0x90
09:19:20 executing program 4:
mkdir(&(0x7f0000002200)='./file0\x00', 0x0)
r0 = open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0)
r2 = syz_mount_image$nfs(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x8, 0x4, &(0x7f0000000380)=[{&(0x7f00000000c0)="3f9333738c14b8ce132c36359a1f1979e70bc1c22b8cacbdc40afbbd75423924a849a5dae98a6ac64f4e046b91b705ef3e01a6ebc34d922ff20f7d5cc5c3ff1265c5255b2c9252390af4441ded8ad190cd6ff68962c6d6ca3aa94a27eab046", 0x5f, 0x2}, {&(0x7f0000000140)="5fcbce30bd39f087c6c2d16535d8950a8104dfd90531385c1d6436b543796f7a161b4e5b871c03000866df6754839cce7acb34cffb674ebccbb1393c6128564495adeada17d0706ab5aee22d286692b6e08c1c3a20aa552a696a4f1df843721243a18211a3b567f6e291f5accb60142d221b5a466db1a05e172d6e4e295392bc4d6017168006dfa42b015f323ae96459b43b869b8364", 0x96, 0x100000000}, {&(0x7f0000000200)="2ac0e3dd2883466ec2bed789c0a39a30345064e696ad28b5583a1fb0d26493699bc132fa03947957d3b55b21c670b12d39e3ab46bc9a2d3608fe3e18343f32f35ffc5639697b75d26fc4ec2ef25af571d8f853dcb264b80d4573283f55121954f25be948f90ce219dda024d97c8f6e6880579bda4d2e44c562b714a6ee2d1c58e1ddbf14cd5d9594d4fc5fd7c7600b5efef1fb30425e7e6df0b0850c6788273866240eaf2c5f", 0xa6, 0x2}, {&(0x7f00000002c0)="b56af88f78", 0x5, 0x9}], 0x80, &(0x7f0000000400)={[{':\x13{(\x17\'[&:'}, {'/('}, {'&'}, {'#@(:.-F\'}'}], [{@appraise_type}, {@dont_hash}]})
ioctl$EXT4_IOC_GROUP_ADD(r2, 0x40286608, &(0x7f0000000440)={0x1400000, 0x3, 0x7f, 0x9, 0x9, 0x4})
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
name_to_handle_at(0xffffffffffffffff, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="1c"], &(0x7f0000000340), 0x400)
getdents(r0, &(0x7f00000005c0)=""/223, 0xfc61)

[  338.634652][T31954]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  338.640667][T31954] RIP: 0033:0x4665e9
[  338.644642][T31954] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  338.664374][T31954] RSP: 002b:00007f21c691d188 EFLAGS: 00000246 ORIG_RAX: 00000000000000ed
[  338.672796][T31954] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665e9
[  338.678048][T32014] loop4: detected capacity change from 0 to 264192
09:19:20 executing program 2:
r0 = open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x1800007, 0x11, r0, 0x0)
r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r2=>0x0)
ftruncate(r1, 0x81fd)
syz_open_dev$vcsu(&(0x7f0000001700), 0x0, 0x0)
sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000003980)=[{0x0}], 0x1}, 0x0)
io_submit(r2, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0x0, 0xb, 0x0, r1, &(0x7f0000000000), 0x16000}])

[  338.680764][T31954] RDX: 0000000000000000 RSI: 0000000000800004 RDI: 00000000203b5000
[  338.680780][T31954] RBP: 00007f21c691d1d0 R08: 0000000000000000 R09: 0000000000000002
[  338.680793][T31954] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  338.688007][T32014] nfs: Unknown parameter ':{('[&:'
[  338.695590][T31954] R13: 00007ffd632b736f R14: 00007f21c691d300 R15: 0000000000022000
09:19:20 executing program 3:
syz_read_part_table(0xfdfdffff00000000, 0x1, &(0x7f0000000480)=[{&(0x7f0000000000)="020181ffffff0a000000ff45ac000000000063000800000000000000000000ffffffa9000000e10000008877007200300700a6ffffff00000000008000da55aa", 0x40, 0x1c0}])
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)

[  338.846519][T32022] loop4: detected capacity change from 0 to 264192
[  338.918229][T32035] loop3: detected capacity change from 0 to 264192
[  338.956688][T32035]  loop3: p1 p3 p4
[  338.969341][T32035] loop3: p1 size 11290111 extends beyond EOD, truncated
[  338.985037][T32035] loop3: p3 size 1912633224 extends beyond EOD, truncated
[  338.993998][T32035] loop3: p4 size 3657465856 extends beyond EOD, truncated
09:19:20 executing program 0 (fault-call:2 fault-nth:83):
mlockall(0x1)
mremap(&(0x7f0000453000/0x4000)=nil, 0x4000, 0x1000, 0x3, &(0x7f000014a000/0x1000)=nil)
mbind(&(0x7f00003b5000/0x800000)=nil, 0x800004, 0x0, 0x0, 0x0, 0x2)

09:19:20 executing program 1:
r0 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r1=>0x0)
io_submit(r1, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0x8, 0x1, 0x0, r0, &(0x7f0000000000), 0x16004}])

09:19:20 executing program 2:
r0 = open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x1800007, 0x11, r0, 0x0)
r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r2=>0x0)
ftruncate(r1, 0x81fd)
syz_open_dev$vcsu(&(0x7f0000001700), 0x0, 0x0)
sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000003980)=[{0x0}], 0x1}, 0x0)
io_submit(r2, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0x0, 0xc, 0x0, r1, &(0x7f0000000000), 0x16000}])

09:19:20 executing program 4:
mkdir(&(0x7f0000002200)='./file0\x00', 0x0)
r0 = open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
name_to_handle_at(0xffffffffffffffff, 0x0, &(0x7f0000000040)=ANY=[@ANYRESOCT], &(0x7f0000000340), 0x400)
getdents(r0, &(0x7f00000005c0)=""/223, 0xfc61)

09:19:20 executing program 3:
syz_read_part_table(0xfdffffff00000000, 0x1, &(0x7f0000000480)=[{&(0x7f0000000000)="020181ffffff0a000000ff45ac000000000063000800000000000000000000ffffffa9000000e10000008877007200300700a6ffffff00000000008000da55aa", 0x40, 0x1c0}])
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)

09:19:20 executing program 4:
mkdir(&(0x7f0000002200)='./file0\x00', 0x0)
r0 = open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
r1 = syz_mount_image$tmpfs(&(0x7f00000001c0), &(0x7f0000000200)='./file0\x00', 0x6, 0x3, &(0x7f0000000500)=[{&(0x7f0000000240)="9f99073de5404b09f1030541dd8b08a01fd656b642a893d14d0cda9aad8f83d77c35aae4ee1a5d0b58296a6f597444b35c719519a0ed43f5bfb58c28df42bf22ee0826e6c293931e2476796fb1891cd09db3a7c6901754acd460a2d607c2cda4b089db68f53b3f569a0e5a4452ba88a6f58fefe84da1699bf8e2f0cc9f576867c610ab7cf991a060171f7f8384914c92027cf81a7ed428ac906da70b53909320556cbfa0e60e5af67d3ee2cf2bc53f06a501c2afc70270438745994161200079bb65fcbd0ba184269652059451d699c1eb45c3468e68ecbe0e4600c028108f7f84120de522fede144cff84c3b1ce0b8df1c3079228f50d34a5a1063c1bddc6", 0xff, 0x8000}, {&(0x7f0000000380)="1862e9c3859c1302f08b88166e43f8455d3b2a03688e94ae4a7bd7ae1088bad6044a2dbb34d8350426b27e28719d3a7620b7a6ac2210a7e044813c7b5117a4a60ed322251c765931f2c4c858829e25206c1a2a3a7a4bf2882ec57d6ed46858c66c97b5f20d689dc4510ba9b0b31f6d479cbbe75130ef62a96cf20881514651b1989409836e760c7ed7dc2a7c7d320f20e42c6fdb95205e7a08681ea9133a569fb4ddf6bb09b178b308ff5503f8a1dcbac24144132f4f3168a7c7d7c5751cc622824402e95fbbe523755181574c9844b26234aa17dbc10430566c1f2b78", 0xdd, 0x8001}, {&(0x7f0000000480)="206db008c4e963b16163203cc77ecc1bf8610cbe136dd4722f573ca13423bc313245783683daa46f65240b85f46529456f1b203669d10ee89bbc21cb62f22569bb2cc35c5730a2451cfa5ffc", 0x4c, 0x6}], 0x100000, &(0x7f00000006c0)={[{@size={'size', 0x3d, [0x34, 0x39]}}, {@huge_never}, {@huge_within_size}, {@nr_inodes={'nr_inodes', 0x3d, [0x74, 0x35]}}], [{@euid_gt={'euid>', 0xffffffffffffffff}}, {@hash}, {@defcontext={'defcontext', 0x3d, 'system_u'}}, {@subj_type={'subj_type', 0x3d, '-'}}, {@uid_lt={'uid<', 0xee00}}, {@smackfsdef}]})
renameat(r1, &(0x7f0000000580)='./file0\x00', r0, &(0x7f0000000780)='./file0\x00')
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r2, 0x0)
preadv(r2, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
name_to_handle_at(0xffffffffffffffff, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="21b9bffcca52f5154cd9f069eb10cfcf922a235894e76224fc228c9db038fbef755f4c083e807ef503f1ebee0e315eb7f9544927fe27b108a6aa5b01575a46114332fc21e1992aa5814f36487e8dae1f18145e7d41b2b7329b9024cae63876b7621814616d99f3971772cfd6c0319bdc928d0ed84172c0000000000000000000000000084621d8f7eb9ca720c5fc789168f9af48fc9b2793a1d7b4166f161ad101387d7f8415505c129bcd2e7566a2b0f9bb8276074d8814fe5de81fe7aae84357bace60ccc3063060246c29a121d603c554c4b23fbcbd501d59c423fc961b5a8e8da22d3b9eda6732aa2289bd0e55d9ad230fdd3083b2db7d8e62850cefc8fa096a29557fcc50664149394a07fc921d8016557ff29464950414ae532d6d927c66c0d3071d45de49f87a57c4dc6d26c722012d981412db58f335934088f85fd8f54018"], &(0x7f0000000340), 0x400)
getdents(r0, &(0x7f00000005c0)=""/223, 0xfc61)

[  339.182077][T32071] loop3: detected capacity change from 0 to 264192
[  339.231136][T32071]  loop3: p1 p3 p4
[  339.235347][T32071] loop3: p1 size 11290111 extends beyond EOD, truncated
[  339.258130][T32071] loop3: p3 size 1912633224 extends beyond EOD, truncated
[  339.264732][T32081] loop4: detected capacity change from 0 to 128
[  339.279452][ T1041]  loop1: p2 < > p3 p4
[  339.283903][ T1041] loop1: p2 size 2 extends beyond EOD, truncated
[  339.293681][T32071] loop3: p4 size 3657465856 extends beyond EOD, truncated
[  339.306686][ T1041] loop1: p3 start 225 is beyond EOD, truncated
[  339.312961][ T1041] loop1: p4 size 3657465856 extends beyond EOD, truncated
[  339.331048][T32091] loop4: detected capacity change from 0 to 128
[  339.402077][T32071] loop3: detected capacity change from 0 to 264192
[  339.431902][T32068] FAULT_INJECTION: forcing a failure.
[  339.431902][T32068] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  339.445362][T32068] CPU: 1 PID: 32068 Comm: syz-executor.0 Not tainted 5.14.0-rc4-syzkaller #0
[  339.454269][T32068] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  339.464455][T32068] Call Trace:
[  339.467769][T32068]  dump_stack_lvl+0xb7/0x103
[  339.472449][T32068]  dump_stack+0x11/0x1a
[  339.476692][T32068]  should_fail+0x23c/0x250
[  339.481210][T32068]  __alloc_pages+0x102/0x320
[  339.485811][T32068]  alloc_pages_vma+0x513/0x680
[  339.490733][T32068]  ? page_address_in_vma+0x264/0x300
[  339.496055][T32068]  new_page+0x124/0x170
09:19:21 executing program 5:
mlockall(0x1)
mremap(&(0x7f0000453000/0x4000)=nil, 0x4000, 0x1000, 0x3, &(0x7f000014a000/0x1000)=nil)
mbind(&(0x7f00003b5000/0x800000)=nil, 0x800004, 0x0, 0x0, 0x0, 0x2)
mremap(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x4000, 0x3, &(0x7f0000db1000/0x4000)=nil)

09:19:21 executing program 1:
r0 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r1=>0x0)
io_submit(r1, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0x8, 0x1, 0x0, r0, &(0x7f0000000000), 0x16008}])

09:19:21 executing program 2:
r0 = open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x1800007, 0x11, r0, 0x0)
r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r2=>0x0)
ftruncate(r1, 0x81fd)
syz_open_dev$vcsu(&(0x7f0000001700), 0x0, 0x0)
sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000003980)=[{0x0}], 0x1}, 0x0)
io_submit(r2, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0x0, 0xd, 0x0, r1, &(0x7f0000000000), 0x16000}])

09:19:21 executing program 4:
mkdir(&(0x7f0000002200)='./file0\x00', 0x0)
chdir(&(0x7f0000000040)='./file0\x00')
r0 = open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5, 0x4010, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
name_to_handle_at(0xffffffffffffffff, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="1c"], &(0x7f0000000340), 0x400)
getdents(r0, &(0x7f0000000180)=""/240, 0xf0)

[  339.500207][T32068]  migrate_pages+0x3b3/0x1530
[  339.504883][T32068]  ? do_mbind+0xf50/0xf50
[  339.509415][T32068]  ? remove_migration_ptes+0x90/0x90
[  339.514792][T32068]  do_mbind+0xd43/0xf50
[  339.519050][T32068]  __x64_sys_mbind+0x10a/0x130
[  339.523975][T32068]  do_syscall_64+0x3d/0x90
[  339.528391][T32068]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  339.534569][T32068] RIP: 0033:0x4665e9
[  339.538455][T32068] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  339.558356][T32068] RSP: 002b:00007f21c691d188 EFLAGS: 00000246 ORIG_RAX: 00000000000000ed
[  339.566795][T32068] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665e9
[  339.574798][T32068] RDX: 0000000000000000 RSI: 0000000000800004 RDI: 00000000203b5000
[  339.582976][T32068] RBP: 00007f21c691d1d0 R08: 0000000000000000 R09: 0000000000000002
[  339.591062][T32068] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
09:19:21 executing program 4:
mkdir(&(0x7f0000002200)='./file0\x00', 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r1, &(0x7f0000000480)=[{&(0x7f0000000040)=""/248, 0xf8}, {&(0x7f0000000140)=""/225, 0xe1}, {&(0x7f0000000240)=""/168, 0xa8}, {&(0x7f0000000380)=""/6, 0x6}, {&(0x7f00000003c0)=""/135, 0x87}], 0x5, 0x189, 0xfffffe01)
name_to_handle_at(0xffffffffffffffff, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="1c"], &(0x7f0000000340), 0x400)
clock_gettime(0x0, &(0x7f0000000540)={<r2=>0x0, <r3=>0x0})
clock_gettime(0x0, &(0x7f0000000580)={<r4=>0x0, <r5=>0x0})
futimesat(r0, &(0x7f0000000500)='./file0\x00', &(0x7f00000006c0)={{r2, r3/1000+60000}, {r4, r5/1000+10000}})
getdents(0xffffffffffffffff, &(0x7f00000005c0)=""/223, 0xfc61)

[  339.599054][T32068] R13: 00007ffd632b736f R14: 00007f21c691d300 R15: 0000000000022000
[  339.616763][ T1041]  loop3: p1 p3 p4
[  339.621206][ T1041] loop3: p1 size 11290111 extends beyond EOD, truncated
[  339.636893][ T1041] loop3: p3 size 1912633224 extends beyond EOD, truncated
[  339.652693][ T1041] loop3: p4 size 3657465856 extends beyond EOD, truncated
[  339.677881][T32071]  loop3: p1 p3 p4
[  339.682152][T32071] loop3: p1 size 11290111 extends beyond EOD, truncated
09:19:21 executing program 1:
r0 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r1=>0x0)
io_submit(r1, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0x8, 0x1, 0x0, r0, &(0x7f0000000000), 0x16009}])

[  339.698661][T32071] loop3: p3 size 1912633224 extends beyond EOD, truncated
[  339.732876][T32071] loop3: p4 size 3657465856 extends beyond EOD, truncated
[  339.853280][ T1041]  loop1: p2 < > p3 p4
[  339.867948][ T1041] loop1: p2 size 2 extends beyond EOD, truncated
[  339.875515][ T1041] loop1: p3 start 225 is beyond EOD, truncated
[  339.881932][ T1041] loop1: p4 size 3657465856 extends beyond EOD, truncated
09:19:21 executing program 0 (fault-call:2 fault-nth:84):
mlockall(0x1)
mremap(&(0x7f0000453000/0x4000)=nil, 0x4000, 0x1000, 0x3, &(0x7f000014a000/0x1000)=nil)
mbind(&(0x7f00003b5000/0x800000)=nil, 0x800004, 0x0, 0x0, 0x0, 0x2)

09:19:21 executing program 2:
r0 = open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x1800007, 0x11, r0, 0x0)
r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r2=>0x0)
ftruncate(r1, 0x81fd)
syz_open_dev$vcsu(&(0x7f0000001700), 0x0, 0x0)
sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000003980)=[{0x0}], 0x1}, 0x0)
io_submit(r2, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0x0, 0xf, 0x0, r1, &(0x7f0000000000), 0x16000}])

09:19:21 executing program 4:
mkdir(&(0x7f0000002200)='./file0\x00', 0x0)
r0 = open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0)
preadv(r0, &(0x7f0000000200)=[{&(0x7f00000006c0)=""/4096, 0x1000}, {&(0x7f0000000040)=""/208, 0xd0}, {&(0x7f0000000140)=""/46, 0x2e}, {&(0x7f0000000180)=""/105, 0x69}], 0x4, 0xd9f, 0x0)
name_to_handle_at(0xffffffffffffffff, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="1c"], &(0x7f0000000340), 0x400)
getdents(r0, &(0x7f00000005c0)=""/223, 0xfc61)

09:19:21 executing program 3:
syz_read_part_table(0xfeffffff00000000, 0x1, &(0x7f0000000480)=[{&(0x7f0000000000)="020181ffffff0a000000ff45ac000000000063000800000000000000000000ffffffa9000000e10000008877007200300700a6ffffff00000000008000da55aa", 0x40, 0x1c0}])
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)

09:19:21 executing program 1:
r0 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r1=>0x0)
io_submit(r1, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0x8, 0x1, 0x0, r0, &(0x7f0000000000), 0x16010}])

09:19:21 executing program 4:
mkdir(&(0x7f0000002200)='./file0\x00', 0x0)
r0 = open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
r1 = openat$incfs(r0, &(0x7f0000000100)='.pending_reads\x00', 0x480000, 0x1)
bind$unix(r1, &(0x7f0000000140)=@file={0x0, './file0\x00'}, 0x6e)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r2, 0x0)
preadv(r2, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
name_to_handle_at(0xffffffffffffffff, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="002e97e81c70575cdc581e6685531070f2901205524e74c4955931368d37338c48d23f3eef0103673bb79565cd7924613505874b7d17b24d516d54e740577d5cc0133b4ae4894ad95f1f5e8abf5056448b3531bd4ec198166c583a1fc1ab1e0317182f53c3b549c1651b9ba635e6931b6aac7f9331b06eb686306262190118006bb8904f530ef67f174d46fa885e9e4cadf80ddd8841bd4d4e07a15c6fcbf89bd8554099f9d9de31a0e3b47574"], &(0x7f0000000340), 0x400)
getdents(r0, &(0x7f00000005c0)=""/223, 0xfc61)

[  340.111992][T32163] loop3: detected capacity change from 0 to 264192
[  340.177993][T32163]  loop3: p1 p3 p4
[  340.182106][T32163] loop3: p1 size 11290111 extends beyond EOD, truncated
[  340.210764][ T1041]  loop1: p2 < > p3 p4
[  340.215256][T32163] loop3: p3 size 1912633224 extends beyond EOD, truncated
[  340.216774][ T1041] loop1: p2 size 2 extends beyond EOD, truncated
[  340.245653][T32163] loop3: p4 size 3657465856 extends beyond EOD, truncated
[  340.262828][ T1041] loop1: p3 start 225 is beyond EOD, truncated
[  340.269265][ T1041] loop1: p4 size 3657465856 extends beyond EOD, truncated
[  340.326197][T32163] loop3: detected capacity change from 0 to 264192
[  340.365568][T32161] FAULT_INJECTION: forcing a failure.
09:19:21 executing program 5:
mlockall(0x1)
mlockall(0x3)
mlockall(0x0)
mremap(&(0x7f0000453000/0x4000)=nil, 0x4000, 0x1000, 0x3, &(0x7f000014a000/0x1000)=nil)
mbind(&(0x7f00003b5000/0x800000)=nil, 0x800004, 0x0, 0x0, 0x0, 0x2)
prctl$PR_SET_MM(0x23, 0x6, &(0x7f00009dd000/0x4000)=nil)

09:19:21 executing program 1:
r0 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r1=>0x0)
io_submit(r1, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0x8, 0x1, 0x0, r0, &(0x7f0000000000), 0x8800000}])

09:19:21 executing program 2:
r0 = open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x1800007, 0x11, r0, 0x0)
r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r2=>0x0)
ftruncate(r1, 0x81fd)
syz_open_dev$vcsu(&(0x7f0000001700), 0x0, 0x0)
sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000003980)=[{0x0}], 0x1}, 0x0)
io_submit(r2, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0x0, 0x10, 0x0, r1, &(0x7f0000000000), 0x16000}])

09:19:21 executing program 4:
mkdir(&(0x7f0000002200)='./file0\x00', 0x0)
r0 = open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
name_to_handle_at(0xffffffffffffffff, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="1c"], &(0x7f0000000340), 0x400)
getdents(r0, &(0x7f00000005c0)=""/223, 0xfc61)
mount(&(0x7f0000000040)=@sr0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='incremental-fs\x00', 0x8, 0x0)

[  340.365568][T32161] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  340.379094][T32161] CPU: 1 PID: 32161 Comm: syz-executor.0 Not tainted 5.14.0-rc4-syzkaller #0
[  340.388138][T32161] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  340.398203][T32161] Call Trace:
[  340.401575][T32161]  dump_stack_lvl+0xb7/0x103
[  340.406166][T32161]  dump_stack+0x11/0x1a
[  340.410405][T32161]  should_fail+0x23c/0x250
[  340.414925][T32161]  __alloc_pages+0x102/0x320
[  340.419699][T32161]  alloc_pages_vma+0x513/0x680
[  340.424668][T32161]  ? page_address_in_vma+0x264/0x300
[  340.430093][T32161]  new_page+0x124/0x170
[  340.434427][T32161]  migrate_pages+0x3b3/0x1530
[  340.439132][T32161]  ? do_mbind+0xf50/0xf50
[  340.443464][T32161]  ? remove_migration_ptes+0x90/0x90
[  340.449147][T32161]  do_mbind+0xd43/0xf50
[  340.453486][T32161]  __x64_sys_mbind+0x10a/0x130
[  340.458483][T32161]  do_syscall_64+0x3d/0x90
[  340.463034][T32161]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  340.469025][T32161] RIP: 0033:0x4665e9
[  340.472947][T32161] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  340.492550][T32161] RSP: 002b:00007f21c691d188 EFLAGS: 00000246 ORIG_RAX: 00000000000000ed
[  340.500984][T32161] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665e9
[  340.508960][T32161] RDX: 0000000000000000 RSI: 0000000000800004 RDI: 00000000203b5000
[  340.517328][T32161] RBP: 00007f21c691d1d0 R08: 0000000000000000 R09: 0000000000000002
[  340.526637][T32161] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  340.534732][T32161] R13: 00007ffd632b736f R14: 00007f21c691d300 R15: 0000000000022000
[  340.552306][T32163]  loop3: p1 p3 p4
[  340.556625][T32163] loop3: p1 size 11290111 extends beyond EOD, truncated
09:19:22 executing program 4:
mkdir(&(0x7f0000002200)='./file0\x00', 0x0)
r0 = open$dir(&(0x7f0000000040)='./file0/file0\x00', 0x60000, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
name_to_handle_at(0xffffffffffffffff, 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB="a779701452a30b10d51cb5409a2e5185f492e567d6d165cd9e3b9907b5db2cbf3833981d8a754ebeac13693900f9e1a8dc1be44fda1590cdc1debcc98ff5d5192984c1feef11334c552eaac85d99586a99a43c6b366c51bd029af518cc52a43596a2257e5e2c9572f09a5df0342b29ee7d6424aa8795a7c9f87410f7bcacb047cdf74a4bae5dfe"], &(0x7f0000000340), 0x400)
getdents(r0, &(0x7f00000005c0)=""/223, 0xfc61)

[  340.573559][T32163] loop3: p3 size 1912633224 extends beyond EOD, truncated
[  340.585822][T32163] loop3: p4 size 3657465856 extends beyond EOD, truncated
[  340.597355][ T1041]  loop3: p1 p3 p4
[  340.601337][ T1041] loop3: p1 size 11290111 extends beyond EOD, truncated
[  340.611326][ T1041] loop3: p3 size 1912633224 extends beyond EOD, truncated
09:19:22 executing program 1:
r0 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r1=>0x0)
io_submit(r1, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0x8, 0x1, 0x0, r0, &(0x7f0000000000), 0x20016000}])

[  340.636429][ T1041] loop3: p4 size 3657465856 extends beyond EOD, truncated
[  340.854607][ T1041]  loop1: p2 < > p3 p4
[  340.864540][ T1041] loop1: p2 size 2 extends beyond EOD, truncated
[  340.878226][ T1041] loop1: p3 start 225 is beyond EOD, truncated
[  340.884629][ T1041] loop1: p4 size 3657465856 extends beyond EOD, truncated
09:19:22 executing program 0 (fault-call:2 fault-nth:85):
mlockall(0x1)
mremap(&(0x7f0000453000/0x4000)=nil, 0x4000, 0x1000, 0x3, &(0x7f000014a000/0x1000)=nil)
mbind(&(0x7f00003b5000/0x800000)=nil, 0x800004, 0x0, 0x0, 0x0, 0x2)

09:19:22 executing program 3:
syz_read_part_table(0xfeffffffffffffff, 0x1, &(0x7f0000000480)=[{&(0x7f0000000000)="020181ffffff0a000000ff45ac000000000063000800000000000000000000ffffffa9000000e10000008877007200300700a6ffffff00000000008000da55aa", 0x40, 0x1c0}])
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)

09:19:22 executing program 2:
r0 = open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x1800007, 0x11, r0, 0x0)
r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r2=>0x0)
ftruncate(r1, 0x81fd)
syz_open_dev$vcsu(&(0x7f0000001700), 0x0, 0x0)
sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000003980)=[{0x0}], 0x1}, 0x0)
io_submit(r2, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0x0, 0x11, 0x0, r1, &(0x7f0000000000), 0x16000}])

09:19:22 executing program 4:
mkdir(&(0x7f0000002200)='./file0\x00', 0x0)
r0 = open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
name_to_handle_at(0xffffffffffffffff, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="1c"], &(0x7f0000000340), 0x400)
getdents(r0, &(0x7f00000005c0)=""/223, 0xfc61)
getdents64(r0, &(0x7f0000000040)=""/3, 0x3)

09:19:22 executing program 1:
r0 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r1=>0x0)
io_submit(r1, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0x8, 0x1, 0x0, r0, &(0x7f0000000000), 0x7ffff000}])

09:19:22 executing program 4:
mkdir(&(0x7f0000002200)='./file0\x00', 0x0)
r0 = open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
open(&(0x7f0000000040)='./file0\x00', 0x547200, 0xd0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
name_to_handle_at(0xffffffffffffffff, 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB="98fd09f0aeb163d26e847db21c6a82de0fb888791a80685a4424937e"], &(0x7f0000000340), 0x400)
getdents(r0, &(0x7f00000005c0)=""/223, 0xfc61)

[  341.087063][T32258] loop3: detected capacity change from 0 to 264192
[  341.138236][T32258]  loop3: p1 p3 p4
[  341.147164][T32258] loop3: p1 size 11290111 extends beyond EOD, truncated
[  341.189451][ T1041]  loop1: p2 < > p3 p4
[  341.193768][ T1041] loop1: p2 size 2 extends beyond EOD, truncated
[  341.201345][T32258] loop3: p3 size 1912633224 extends beyond EOD, truncated
[  341.215263][ T1041] loop1: p3 start 225 is beyond EOD, truncated
[  341.221584][ T1041] loop1: p4 size 3657465856 extends beyond EOD, truncated
[  341.231221][T32258] loop3: p4 size 3657465856 extends beyond EOD, truncated
[  341.318649][T32258] loop3: detected capacity change from 0 to 264192
[  341.329006][T32255] FAULT_INJECTION: forcing a failure.
[  341.329006][T32255] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  341.342364][T32255] CPU: 1 PID: 32255 Comm: syz-executor.0 Not tainted 5.14.0-rc4-syzkaller #0
[  341.351375][T32255] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  341.361429][T32255] Call Trace:
09:19:22 executing program 5:
mbind(&(0x7f00005cf000/0x4000)=nil, 0x4000, 0x8000, &(0x7f0000000000)=0x1, 0x3e00, 0x0)
mlockall(0x1)
mremap(&(0x7f0000453000/0x4000)=nil, 0x4000, 0x1000, 0x3, &(0x7f000014a000/0x1000)=nil)
mbind(&(0x7f00003b5000/0x800000)=nil, 0x800000, 0x2, 0x0, 0x0, 0x2)

09:19:22 executing program 2:
r0 = open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x1800007, 0x11, r0, 0x0)
r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r2=>0x0)
ftruncate(r1, 0x81fd)
syz_open_dev$vcsu(&(0x7f0000001700), 0x0, 0x0)
sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000003980)=[{0x0}], 0x1}, 0x0)
io_submit(r2, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0x0, 0x14, 0x0, r1, &(0x7f0000000000), 0x16000}])

09:19:22 executing program 1:
r0 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r1=>0x0)
io_submit(r1, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0x8, 0x1, 0x0, r0, &(0x7f0000000000), 0xffffffff000}])

09:19:22 executing program 4:
mkdir(&(0x7f0000002200)='./file0\x00', 0x0)
r0 = open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x38)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
name_to_handle_at(0xffffffffffffffff, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="1c"], &(0x7f0000000340), 0x400)
getdents(r0, &(0x7f00000005c0)=""/223, 0xfc61)

[  341.364706][T32255]  dump_stack_lvl+0xb7/0x103
[  341.369381][T32255]  dump_stack+0x11/0x1a
[  341.373606][T32255]  should_fail+0x23c/0x250
[  341.378086][T32255]  __alloc_pages+0x102/0x320
[  341.382682][T32255]  alloc_pages_vma+0x513/0x680
[  341.387637][T32255]  ? page_address_in_vma+0x264/0x300
[  341.392943][T32255]  new_page+0x124/0x170
[  341.397111][T32255]  migrate_pages+0x3b3/0x1530
[  341.401777][T32255]  ? do_mbind+0xf50/0xf50
[  341.406191][T32255]  ? remove_migration_ptes+0x90/0x90
[  341.411559][T32255]  do_mbind+0xd43/0xf50
[  341.415802][T32255]  __x64_sys_mbind+0x10a/0x130
[  341.421075][T32255]  do_syscall_64+0x3d/0x90
[  341.425546][T32255]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  341.431584][T32255] RIP: 0033:0x4665e9
[  341.435472][T32255] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  341.455680][T32255] RSP: 002b:00007f21c691d188 EFLAGS: 00000246 ORIG_RAX: 00000000000000ed
[  341.464226][T32255] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665e9
[  341.472412][T32255] RDX: 0000000000000000 RSI: 0000000000800004 RDI: 00000000203b5000
[  341.481182][T32255] RBP: 00007f21c691d1d0 R08: 0000000000000000 R09: 0000000000000002
[  341.489331][T32255] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  341.497307][T32255] R13: 00007ffd632b736f R14: 00007f21c691d300 R15: 0000000000022000
09:19:23 executing program 4:
mkdir(&(0x7f0000002200)='./file0\x00', 0x0)
r0 = open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
pipe(&(0x7f0000000040)={<r2=>0xffffffffffffffff})
r3 = socket$inet_udp(0x2, 0x2, 0x0)
close(r3)
splice(r2, 0x0, r3, 0x0, 0x10005, 0x0)
ioctl$FS_IOC_REMOVE_ENCRYPTION_KEY(r2, 0xc0406618, &(0x7f0000000040)={@id={0x2, 0x0, @auto="c43c953af06b0e40bb1cc44a32829ecd"}})
name_to_handle_at(0xffffffffffffffff, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="1c"], &(0x7f0000000340), 0x400)
getdents(r0, &(0x7f00000005c0)=""/223, 0xfc61)

[  341.527635][T32258]  loop3: p1 p3 p4
[  341.535261][T32258] loop3: p1 size 11290111 extends beyond EOD, truncated
09:19:23 executing program 1:
r0 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r1=>0x0)
io_submit(r1, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0x8, 0x1, 0x0, r0, &(0x7f0000000000), 0xffffffffffffffff}])

[  341.576888][T32258] loop3: p3 size 1912633224 extends beyond EOD, truncated
[  341.584580][T32258] loop3: p4 size 3657465856 extends beyond EOD, truncated
[  341.611954][ T1041]  loop1: p2 < > p3 p4
[  341.616431][ T1041] loop1: p2 size 2 extends beyond EOD, truncated
[  341.635833][ T1041] loop1: p3 start 225 is beyond EOD, truncated
[  341.642061][ T1041] loop1: p4 size 3657465856 extends beyond EOD, truncated
09:19:23 executing program 0 (fault-call:2 fault-nth:86):
mlockall(0x1)
mremap(&(0x7f0000453000/0x4000)=nil, 0x4000, 0x1000, 0x3, &(0x7f000014a000/0x1000)=nil)
mbind(&(0x7f00003b5000/0x800000)=nil, 0x800004, 0x0, 0x0, 0x0, 0x2)

09:19:23 executing program 2:
r0 = open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x1800007, 0x11, r0, 0x0)
r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r2=>0x0)
ftruncate(r1, 0x81fd)
syz_open_dev$vcsu(&(0x7f0000001700), 0x0, 0x0)
sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000003980)=[{0x0}], 0x1}, 0x0)
io_submit(r2, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0x0, 0x15, 0x0, r1, &(0x7f0000000000), 0x16000}])

09:19:23 executing program 3:
syz_read_part_table(0xff0f000000000000, 0x1, &(0x7f0000000480)=[{&(0x7f0000000000)="020181ffffff0a000000ff45ac000000000063000800000000000000000000ffffffa9000000e10000008877007200300700a6ffffff00000000008000da55aa", 0x40, 0x1c0}])
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)

09:19:23 executing program 4:
mkdir(&(0x7f0000002200)='./file0\x00', 0x50)
r0 = open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000040), 0x0, 0xda1, 0x0)
name_to_handle_at(0xffffffffffffffff, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="1c"], &(0x7f0000000340), 0x400)
getdents(r0, &(0x7f00000005c0)=""/223, 0xfc61)

09:19:23 executing program 1:
r0 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r1=>0x0)
io_submit(r1, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0x8, 0x1, 0x0, r0, &(0x7f0000000000), 0x16000, 0x2}])

[  341.767001][ T1041]  loop1: p2 < > p3 p4
[  341.771226][ T1041] loop1: p2 size 2 extends beyond EOD, truncated
[  341.796670][ T1041] loop1: p3 start 225 is beyond EOD, truncated
[  341.802845][ T1041] loop1: p4 size 3657465856 extends beyond EOD, truncated
[  341.848129][T32336] loop3: detected capacity change from 0 to 264192
09:19:23 executing program 4:
mkdir(&(0x7f0000002200)='./file0\x00', 0x0)
r0 = open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
readlink(&(0x7f0000000300)='./file0\x00', &(0x7f0000000380)=""/127, 0x7f)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
name_to_handle_at(0xffffffffffffffff, 0x0, &(0x7f0000000080)=ANY=[@ANYRES32=r0, @ANYRES16], &(0x7f0000000340), 0x400)
ioctl$int_in(r1, 0x5452, &(0x7f0000000400)=0xab22)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r2, 0x0)
preadv(r2, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
pipe(&(0x7f0000000040)={<r3=>0xffffffffffffffff})
r4 = socket$inet_udp(0x2, 0x2, 0x0)
close(r4)
splice(r3, 0x0, r4, 0x0, 0x10005, 0x0)
preadv(r4, &(0x7f0000000600)=[{&(0x7f0000000440)=""/156, 0x9c}, {&(0x7f0000000500)=""/59, 0x3b}, {&(0x7f0000000540)=""/26, 0x1a}, {&(0x7f0000000580)=""/56, 0x38}, {&(0x7f00000005c0)=""/45, 0x2d}], 0x5, 0x3ff, 0x0)
getdents(r0, &(0x7f00000000c0)=""/231, 0xe7)
write$sndseq(r2, &(0x7f00000001c0)=[{0x2, 0xd3, 0x6, 0x0, @tick=0x1000, {0x4, 0x71}, {0x81, 0x7f}, @raw8={"2d6443031fa1771a9f248b8d"}}, {0x20, 0x5, 0x7, 0xd5, @tick=0x8, {0x40, 0xf7}, {0x8, 0x9}, @quote={{0x20}, 0x2, &(0x7f0000000040)={0x4, 0x1f, 0x20, 0x1f, @time={0x7f, 0x9}, {0x4, 0x10}, {0x3, 0x1f}, @connect={{0x7, 0x4}, {0x4, 0x1f}}}}}, {0x7, 0x9, 0xec, 0x71, @time={0x6, 0x9}, {0x9, 0x4}, {0x34, 0x2}, @addr={0x40, 0x7}}, {0x80, 0x8, 0x1, 0x1, @tick=0x7, {0x0, 0x3f}, {0x1f, 0x3f}, @control={0x7f, 0x800, 0x8}}, {0x2, 0x1f, 0x9, 0x3b, @time={0x9, 0x10000000}, {0xff, 0x5}, {0x1}, @raw32={[0x1, 0x9]}}], 0x8c)
socketpair(0x5, 0x6, 0x6, &(0x7f0000000280)={0xffffffffffffffff, <r5=>0xffffffffffffffff})
ioctl$FIGETBSZ(r5, 0x2, &(0x7f00000002c0))

[  341.896419][T32336]  loop3: p1 p3 p4
[  341.900720][T32336] loop3: p1 size 11290111 extends beyond EOD, truncated
[  341.915717][T32336] loop3: p3 size 1912633224 extends beyond EOD, truncated
[  341.934691][T32336] loop3: p4 size 3657465856 extends beyond EOD, truncated
[  341.970906][ T1041]  loop1: p2 < > p3 p4
[  341.985770][ T1041] loop1: p2 size 2 extends beyond EOD, truncated
[  342.007092][ T1041] loop1: p3 start 225 is beyond EOD, truncated
[  342.013390][ T1041] loop1: p4 size 3657465856 extends beyond EOD, truncated
[  342.033816][T32336] loop3: detected capacity change from 0 to 264192
[  342.085319][T32335] FAULT_INJECTION: forcing a failure.
[  342.085319][T32335] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  342.099371][T32335] CPU: 1 PID: 32335 Comm: syz-executor.0 Not tainted 5.14.0-rc4-syzkaller #0
[  342.108487][T32335] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  342.118548][T32335] Call Trace:
[  342.121820][T32335]  dump_stack_lvl+0xb7/0x103
[  342.126499][T32335]  dump_stack+0x11/0x1a
[  342.130659][T32335]  should_fail+0x23c/0x250
09:19:23 executing program 5:
mlockall(0x1)
mremap(&(0x7f0000453000/0x4000)=nil, 0x4000, 0x1000, 0x3, &(0x7f000014a000/0x1000)=nil)
mlockall(0x0)
mbind(&(0x7f00003b5000/0x800000)=nil, 0x800004, 0x0, 0x0, 0x0, 0x2)
mlockall(0x4)
get_mempolicy(&(0x7f0000000080), &(0x7f0000000000), 0x1, &(0x7f0000fe9000/0x14000)=nil, 0x0)
mlockall(0x5)

09:19:23 executing program 1:
r0 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r1=>0x0)
io_submit(r1, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0x8, 0x1, 0x0, r0, &(0x7f0000000000), 0x16000, 0x4}])

09:19:23 executing program 2:
r0 = open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x1800007, 0x11, r0, 0x0)
r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r2=>0x0)
ftruncate(r1, 0x81fd)
syz_open_dev$vcsu(&(0x7f0000001700), 0x0, 0x0)
sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000003980)=[{0x0}], 0x1}, 0x0)
io_submit(r2, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0x0, 0x16, 0x0, r1, &(0x7f0000000000), 0x16000}])

[  342.135087][T32335]  __alloc_pages+0x102/0x320
[  342.139677][T32335]  alloc_pages_vma+0x513/0x680
[  342.144532][T32335]  ? page_address_in_vma+0x264/0x300
[  342.149827][T32335]  new_page+0x124/0x170
[  342.154101][T32335]  migrate_pages+0x3b3/0x1530
[  342.158783][T32335]  ? do_mbind+0xf50/0xf50
[  342.163118][T32335]  ? remove_migration_ptes+0x90/0x90
[  342.168477][T32335]  do_mbind+0xd43/0xf50
[  342.172843][T32335]  __x64_sys_mbind+0x10a/0x130
[  342.177973][T32335]  do_syscall_64+0x3d/0x90
09:19:23 executing program 4:
mkdir(&(0x7f0000002200)='./file0\x00', 0x0)
r0 = open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000900), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_KEY(0xffffffffffffffff, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f00000001c0)={0x14, r2, 0x1, 0x0, 0x0, {{}, {@void, @void}}}, 0x14}}, 0x0)
sendmsg$NL80211_CMD_NOTIFY_RADAR(r1, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x2c, r2, 0x8, 0x70bd26, 0x25dfdbfb, {{}, {@void, @void}}, [@NL80211_ATTR_CENTER_FREQ2={0x8, 0xa1, 0x7}, @NL80211_ATTR_CHANNEL_WIDTH={0x8, 0x9f, 0x2}, @NL80211_ATTR_CHANNEL_WIDTH={0x8, 0x9f, 0x7}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4}, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
name_to_handle_at(0xffffffffffffffff, 0x0, &(0x7f0000000140)=ANY=[@ANYBLOB="009558a6977e3003ff6f1649ed78b1141337a08b25677f25524b7a745b0b6c54408ef59ede4f8ce183df0000b43c84ca317fa942070000000d05f6dcab2a6bd63d1c41adfc371d798281f146971e1e268cdcbefc2ac364fd8a79da21438bbd87795592f4350a7293ce30ffe0e151091b3e5d92db51d733027786bfc31c1d8ced34ab50fbaf73dcf891377a9573d0b50810cc74d63bad492b295ff89f54ea443e187af591f6475d78b15865e753953eb2752f88086efea75fbf392925171412ab537773141380298100636f0172e83cc0b3b8d8b4b1c87dc182ba5a56c3c080950fc54a618bdababd"], &(0x7f0000000340), 0x400)
getdents(r0, &(0x7f00000005c0)=""/223, 0xfc61)

[  342.182540][T32335]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  342.188465][T32335] RIP: 0033:0x4665e9
[  342.192530][T32335] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  342.212139][T32335] RSP: 002b:00007f21c691d188 EFLAGS: 00000246 ORIG_RAX: 00000000000000ed
[  342.220838][T32335] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665e9
[  342.228898][T32335] RDX: 0000000000000000 RSI: 0000000000800004 RDI: 00000000203b5000
[  342.236901][T32335] RBP: 00007f21c691d1d0 R08: 0000000000000000 R09: 0000000000000002
[  342.245143][T32335] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  342.253197][T32335] R13: 00007ffd632b736f R14: 00007f21c691d300 R15: 0000000000022000
[  342.270596][T32336]  loop3: p1 p3 p4
[  342.274469][T32336] loop3: p1 size 11290111 extends beyond EOD, truncated
09:19:23 executing program 3:
syz_read_part_table(0xffefffff00000000, 0x1, &(0x7f0000000480)=[{&(0x7f0000000000)="020181ffffff0a000000ff45ac000000000063000800000000000000000000ffffffa9000000e10000008877007200300700a6ffffff00000000008000da55aa", 0x40, 0x1c0}])
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)

[  342.316422][T32336] loop3: p3 size 1912633224 extends beyond EOD, truncated
[  342.329321][T32336] loop3: p4 size 3657465856 extends beyond EOD, truncated
[  342.343404][ T1041]  loop3: p1 p3 p4
[  342.347469][ T1041] loop3: p1 size 11290111 extends beyond EOD, truncated
[  342.358073][ T1041] loop3: p3 size 1912633224 extends beyond EOD, truncated
09:19:23 executing program 4:
mkdir(&(0x7f0000002200)='./file0\x00', 0x0)
r0 = open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r2 = socket$inet_udplite(0x2, 0x2, 0x88)
getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000000240)={0x0, <r3=>0x0}, &(0x7f0000000280)=0x5)
setuid(r3)
mount$9p_rdma(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), 0x400, &(0x7f0000000100)={'trans=rdma,', {'port', 0x3d, 0x4e20}, 0x2c, {[{@rq={'rq', 0x3d, 0x9c17076}}, {@timeout={'timeout', 0x3d, 0x2}}], [{@fowner_eq}, {@fowner_gt={'fowner>', r3}}, {@seclabel}, {@subj_role={'subj_role', 0x3d, 'S(,['}}, {@mask={'mask', 0x3d, '^MAY_WRITE'}}, {@subj_user={'subj_user', 0x3d, '-#$++\\+)*{@,'}}]}})
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
name_to_handle_at(0xffffffffffffffff, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="1c"], &(0x7f0000000340), 0x400)
getdents(r0, &(0x7f00000005c0)=""/223, 0xfc61)

[  342.386296][ T1041] loop3: p4 size 3657465856 extends beyond EOD, truncated
[  342.467571][T32403] loop3: detected capacity change from 0 to 264192
[  342.481273][T32404] 9pnet: Could not find request transport: rdma
[  342.511643][ T1041]  loop1: p2 < > p3 p4
[  342.521249][ T1041] loop1: p2 size 2 extends beyond EOD, truncated
[  342.536566][ T1041] loop1: p3 start 225 is beyond EOD, truncated
[  342.542766][ T1041] loop1: p4 size 3657465856 extends beyond EOD, truncated
[  342.552076][T32403]  loop3: p1 p3 p4
[  342.556456][T32403] loop3: p1 size 11290111 extends beyond EOD, truncated
[  342.570631][T32403] loop3: p3 size 1912633224 extends beyond EOD, truncated
[  342.587218][T32403] loop3: p4 size 3657465856 extends beyond EOD, truncated
09:19:24 executing program 0 (fault-call:2 fault-nth:87):
mlockall(0x1)
mremap(&(0x7f0000453000/0x4000)=nil, 0x4000, 0x1000, 0x3, &(0x7f000014a000/0x1000)=nil)
mbind(&(0x7f00003b5000/0x800000)=nil, 0x800004, 0x0, 0x0, 0x0, 0x2)

09:19:24 executing program 1:
r0 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r1=>0x0)
io_submit(r1, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0x8, 0x1, 0x0, r0, &(0x7f0000000000), 0x16000, 0x8}])

09:19:24 executing program 2:
r0 = open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x1800007, 0x11, r0, 0x0)
r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r2=>0x0)
ftruncate(r1, 0x81fd)
syz_open_dev$vcsu(&(0x7f0000001700), 0x0, 0x0)
sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000003980)=[{0x0}], 0x1}, 0x0)
io_submit(r2, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0x0, 0x18, 0x0, r1, &(0x7f0000000000), 0x16000}])

09:19:24 executing program 4:
mkdir(&(0x7f0000002200)='./file0\x00', 0x0)
r0 = open$dir(&(0x7f0000000040)='./file0\x00', 0x0, 0x143)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x20040, 0x94)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
name_to_handle_at(0xffffffffffffffff, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="dc"], &(0x7f0000000340), 0x400)
getdents(r0, &(0x7f00000005c0)=""/223, 0xfc61)

09:19:24 executing program 3:
syz_read_part_table(0xffffff7f00000000, 0x1, &(0x7f0000000480)=[{&(0x7f0000000000)="020181ffffff0a000000ff45ac000000000063000800000000000000000000ffffffa9000000e10000008877007200300700a6ffffff00000000008000da55aa", 0x40, 0x1c0}])
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)

[  342.830684][T32438] loop3: detected capacity change from 0 to 264192
09:19:24 executing program 4:
mkdir(&(0x7f0000002200)='./file0\x00', 0x0)
r0 = open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x100, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
chdir(&(0x7f0000000040)='./file0\x00')
name_to_handle_at(0xffffffffffffffff, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="bcffe0e9b5ff006a13f3cd23bb6229bf46e6111b797e6a26e3829e5af10e6acd699230486237f89e84035bcc07ba9431ad1d81c92db3d1c06ee933225b75e0feaf244c7d32b2cd3a4ca7b4bf518b913c2223dae64003caf870aaf1b3989160a353225c9b4474b55802519c45e7a2a183227848eb5dfc6c8d5ad2bd6102e87ec1217960fd8e5a9d6d52738cc8593900000000f2ecec65e42c6d2ddbca2c7085e664aa06baf76daed66f9899f499268e9894f4eb5b0e040be085319a65220f72f0293304f3241d8a1da541761e3ce8e166b8a310"], &(0x7f0000000340), 0x400)
r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000080), 0x2000, 0x0)
preadv(r2, &(0x7f0000000280)=[{&(0x7f00000000c0)=""/226, 0xe2}, {&(0x7f00000001c0)=""/159, 0x9f}, {&(0x7f0000000380)=""/174, 0xae}], 0x3, 0x6, 0x7fffffff)
getdents(r0, &(0x7f00000005c0)=""/223, 0xfc61)

[  342.877049][T32438]  loop3: p1 p3 p4
[  342.881105][T32438] loop3: p1 size 11290111 extends beyond EOD, truncated
[  342.889847][T32438] loop3: p3 size 1912633224 extends beyond EOD, truncated
[  342.898663][T32438] loop3: p4 size 3657465856 extends beyond EOD, truncated
[  342.956903][ T1041]  loop1: p2 < > p3 p4
[  342.961476][ T1041] loop1: p2 size 2 extends beyond EOD, truncated
[  342.975135][ T1041] loop1: p3 start 225 is beyond EOD, truncated
[  342.981331][ T1041] loop1: p4 size 3657465856 extends beyond EOD, truncated
[  342.989215][T32438] loop3: detected capacity change from 0 to 264192
[  343.036428][T32438]  loop3: p1 p3 p4
[  343.040412][T32438] loop3: p1 size 11290111 extends beyond EOD, truncated
[  343.063523][T32438] loop3: p3 size 1912633224 extends beyond EOD, truncated
[  343.092783][T32438] loop3: p4 size 3657465856 extends beyond EOD, truncated
[  343.144134][T32436] FAULT_INJECTION: forcing a failure.
[  343.144134][T32436] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  343.157698][T32436] CPU: 0 PID: 32436 Comm: syz-executor.0 Not tainted 5.14.0-rc4-syzkaller #0
[  343.166557][T32436] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  343.176625][T32436] Call Trace:
[  343.179920][T32436]  dump_stack_lvl+0xb7/0x103
[  343.184580][T32436]  dump_stack+0x11/0x1a
[  343.188794][T32436]  should_fail+0x23c/0x250
09:19:24 executing program 5:
mlockall(0x1)
mremap(&(0x7f000042e000/0x4000)=nil, 0x4000, 0x1000, 0x3, &(0x7f000014a000/0x1000)=nil)
mremap(&(0x7f0000449000/0x4000)=nil, 0x4000, 0x1000, 0x2, &(0x7f00007f7000/0x1000)=nil)
mbind(&(0x7f00003b5000/0x800000)=nil, 0x800000, 0x3, 0x0, 0x0, 0x2)
mlockall(0x2)

09:19:24 executing program 2:
r0 = open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x1800007, 0x11, r0, 0x0)
r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r2=>0x0)
ftruncate(r1, 0x81fd)
syz_open_dev$vcsu(&(0x7f0000001700), 0x0, 0x0)
sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000003980)=[{0x0}], 0x1}, 0x0)
io_submit(r2, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0x0, 0xda, 0x0, r1, &(0x7f0000000000), 0x16000}])

09:19:24 executing program 4:
mkdir(&(0x7f0000002200)='./file0\x00', 0x0)
r0 = open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0)
r2 = syz_mount_image$msdos(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x5, 0x6, &(0x7f0000000480)=[{&(0x7f00000000c0)="dbb972b572b3ad84dfa0eac5521946213236e6fb9fd50c766c233418b1fdf8838aab8d2f52de31b97920a062384c", 0x2e, 0xfffffffffffffffa}, {&(0x7f0000000100)="a5eb45ba8c7d55e2e2151660d15d33036acb6529a6ee34fb8eb83451cf74a4f0b5bddc2448b59e588ee85dd9b19a9a8245b7968d14f63be9cb860600cdd261b7656ceb7958b1a51125e201b147fcb5e29a506e954f42a44fd5b310c41c88539e7d774cbed6652d4a2824b0a537e11dc03d596f169f33b85b963d792e16415c7430fea9bd4ad6e0e81b3330dd7dcfadeca4706a3afe87b646d36667c5a34bf2cbd8a324f3a9b25da9f3dac25f5ec0bdd54449541aec5a6768dff00d2bc345f5238b52e207c788dd905d1cfbff5732926c8ce451ff0879807eed43e0a3e400901c6876e0f8d405300181d7e040af18cacbe1c30fbab6061b6f503a02496709", 0xfe}, {&(0x7f00000006c0)="384f202e779c145c3ea84d2a709d075c9d90ef0a96b939cf75a2f39c0f619fe6a6cf1db08e7976fff3deb8e483e098877175e43ea003d7581bc17d05e412889b7ec4a57bfbcf6937c571e6bac539f333ece3532ea7ac2f6419bd24ccce72c9b332001930d463341099ba066bb8c4f47295b7b8db6446d3801e22218b36c9190753cb4abc3a919c8ab285d12a8901fb5990bd83899f55a925692da95932cb3df75f899fc59487e026a1d94d6945f697a053a70956411d05514aac23ba70b782f5b686d7edc555b8317d3c62d262c27aa1bb21031ff5b1efebb24196786c6982996d9c90f1dd6c13a7d725aea6851c226ef24219e3e88f84501ae213b6ed554fe95430b6e4c3f95946ee5043c59e324058ddd3b040c7d5b5a8b74d986849e944d2e3b0761ee5502bee41294f787bb04b6439c0163ee3c560719ec9eb2f50a715b0386f6d67c84c9107abfaf3377e05b2ead4ca7b10f080556394c417d1ff7fc67089cfc56945077e8d971c27ef32f719b8e72d8ed2642633a9b58a70c348dd0ca911ee46a0393ef86d1ba068d922c3de0f433c96d0c33a5e6eeb69ea3e160259acffa2e3658a509da5da4cc7fac7c71a7f9baf5f53d558a3687a3f57c4b504ccfccd9ecf2e06e755e76f0bea7c298756b5ae121d1467f36cf98ef26d617b1f0c5181a43d364fd32ebf989fe607e3a6670a50b46ff658a3105e9aa3fe52ca79c5d4cc9c35f3a647ee440df0265c0a0842aa50bc0fa7f1eebc9e3b12dc96a7a5f9c8356e31cc3bc62de83a24d97cba48f1be53619db9fe89342c7f5d91c659738451953b41ed1f2374783b69aaaf3e0b5e1bcca7bfa76912b39a7a0b67332945d4eb39f5f9f2ad04dc930be1ef876f06db640178d95b227ed7f32f8bb83750d1debf8805dd1d4cdb2526886d6ef4a4e0647d1ff52de6a41197132e98a54decaa5e5cd3e9b7929f2d7224dfd223af780a35459052d18a11bab5b662ff18956c917b4d7fb5e034b60a693d2380ab0f88aa7762b4857a3474da67730991962046428fa980f8cf58a5047e1e7f5f1cf66276799d0f052ddc8cf8f897ec42f818d2209ec794ef79047e38cab138e70c44486119197cd5f37611ab9938f131ab97138cfdf93127aad5fdaa203adb9de53e582246b5ea388d277d2ab2df2ad19c46e63ce25f5be3537b2611300c522d0417e27be27793ae1e297da3738f5b4f1f97058ef4b24c838b83a1c358a2ebbed10665699eb2bfe935c1c863ac94e1a34a3871b3d9be147897bfac4e6d191d7e0434e79c35177f9e44c0e2ac4cc3ef749cbf9bb9919ced8c5cf5323518420e21d023529f9433274ffaa812f59006e8f7a4232f3e7abe1455bb16928f474dd38aee4a8d864a637a0e87445ae9b31ec79444f3ed95548851fa26b3726d488213726ab8e42452d2e617c9929204726a876a9d32f9bb23783ff26ab82d299ed3e3b43cc0e0eda03a76f4424f5d21a044f090acc248155ee6b74b03f95e66930844dbadd41e6a41ab0c4e3b12c969a4af2d49fe605e6573c859276fddfaace94a7e10d97fed4e473213cbdaab1e3770cab05080ce90a750ae13c9a1c5716ce8817f81ab2aa04738446e5c2a7d725e6193b5c85479ab5f32d321f0b67088f54be7b9bb20048163712d20b2329548e07bec77ae445ea76beecb52c08c63e45725882d9923dbcaf9d45d44ad34c608e6d0934e7555f969268ace282141a7acef899ce7d77e132a0aa27c37edb1de95698377d88cc13f1b6b45d368582cd420800f3b8b3588e8d35113737d7ee0cbc40a80771bb9bf5662438126bb9daa69bf0528523cab1a153c2e00b3cb107c7c72e2df01d2fc4aa9515b3a20ef5628f85ac65ec3c59ba0356cc078126c317f78d4c5d99c99dafcf417ad14c2a4dba6e1164787230e494061d7d70282cd8604fbd6f244d68d7629aba08b15db228dcf59e3e8e8a9b2bc94c830a9c0cc840640b2700aa5d9b22a19bfb79d41696b1931282892983d319a06ac9bf2151c0cae17349b3ad476b95501064164c2cd11732d59a778edcd1a7bc527d98ae2827a71ea0a0758e680d74c31296abeab21e0cf30d58a6088bb511f7cbb6307d949b85de20a0a59846a403210f0c604c9b7f5cead5d2d0282a0f5ddc0a8dc5183c471ad180f806c43feb028f523a264ed0000da741301dd4c8f99ebdc11f5f776a875b545bc5e500b1149e0ce4954b7ed140887270e0cba2fb28cc146d72f9cbeb42f779b83e10de52657098f8dcbc148c90d93e4f2e51c47ed0e0493e0186a7ffada6e6e39e589b20f8dac7c391cfa504274383f312475c6288ac937099840c68bd064dc2d7b842dd9395f7fdddd8f90781887009e190312e9b560ff372af8494db8a72bfa91cc41c68630fb65110fbb6e447b8b11e18485538692d5ee548896d598eb1e4c9018439d1e9a4a56ce2a39f64b1c365b76efd966028376d170a3031a7d0b4da233ecf33d84a699271a96dbfa3a6ece6a0056413d25603692533831e96a2764f53da8eefa4f3a3b6814ca1dd685fe11fd66a5f57098d303bf1d77c231ad34a17cf9d2709b05eee5463880c59ecab75df2ace7ecf3e9c8f4f953f7342502ba66bc789031083f4d016243746f270d5b4bbb03f149715ce0f262dede34c648ee5fa9fc669362a6ce5bf6239a903b9884d72e3e0edceebaa7c2b9681dae1c53f1b5b11404769824d4728964d360b6e2f85d36f4da48f375da95ec9d56a1fca99800d463f3a0acc3b25417e43fbbee285f89414219ef500fc691d23d149189f548776204255b12c9af3e757a6a64b8626744023579c1f65ab2627a008ff6bdfc8bcfa7651bc98c901b432d6fb20d6f33ae337535cc2925d88a52351a2fb3e7a951a369a5d4ccfb93266777f61605425d98810b6e2b750875156115f2f74c9747700918554c26cdbdcafd6e7ec898a201dd0a2bdc818ec1bb81a9484d11ca7dfcadc1684c30512c25f9b9bbfd1daf29f4b01793bffa3127e5fff6deb4c639e1d5266acc2847f0f999510395c7ccdf35a1bc01608649f52c4e83df51ed9a4306f1dd40357e4a1f26cf89f116715632b7a47a00c16c43b7025a6baca1252388902d7d7c3f44d9009ffd046760ade61faf908e8ae6f1abe0afb057926d816439955c97996fcaf4297dfd8cffadcd8d5705c2347a9bd7ca4de6db00b8d7b540f5341d3f95bf866253fb56d990400990080e45fd2ae8ab78047eed90536d26b8ffc5165fa9c5417792af55d3f06444d69ef763346385ee2a28528d6815bc008cec9e2e7ce41223b2c893a2c06b303f2bed98b37dcb7f072fb22850349c6e1182e315ad4f803d18d0bf126754a9c3de280b04ecca18c2be8d6d778c5b8b0df32f06195158a5553badf5806121670aa8d29cbfdfe623d1711eb888cd9d11200c89fe8c694238fb32f6e4fa1a33c917d1b3380dbe4fd0ed1d6a3d08eec383440ea57b34710a3778529e4cf6505ccdef16944b95eb793980308e4a5c7fef67453fe2ac679def38874c840e877d0c4db60712a0d11933c5d77da7e3e425bf4668ca7caaaaf777e68ea04d6371ba4e891daa16f6d82d7b768999cf56c9d5ebc52d96ab8db1a645d18edb4b24c83042a737ace2a728259fa0ecdf31c7a276e6a62d79d55f9440da9767aa4a3df102cbdd8f2664454f06727f198be5a92346053a6bc036e9e9248224319bd1bc434493620b201ef116c4e1c4b50a41f5979cba89c3f39110b4559034bd978a89009ef4d38123f97164b1d2641480b1b66a95c3365a02f569e42fe8fe781d98eb7653ca0b90e9a42c006a736e157dc0b89f7cc47c17299b3035ba80b71d1d6f976202a77e8161bdcf70e5889ef67383c532f5463a82b6507620bb564561c72187e4ad83842f121e174d249e50bed142b15c0a5d5d3b514b1992af5a6944229dcdb26d16d6b7befd334e25f73953d25750bedc67f0af4132a62455a9baba639a6e53cd3d4c7313b65a1d40312bc339bbfbd520c3b0299ce67703bfbe0f6be108afc42e759473bbd0db22c8bb756e32f83018f2bba393cf1c98638e9b32057cdfe0fffcd64644fcc8442ee74e6bd0a9a04fa9d4970189c41fe407756da7062c9cf04b6a8d1fcd9a928973e9b91523e8bfdd1669b3b0d30e10989fe096e487c64945592a01f37685ef8d1d61fa6806a7d0c03caaef381d12ccbada4feab186e63cd220f425885b40359f1dffd24275ab8be624be8eb572b068d721c98adedaa4680327535d51e254530f5606de27b77f80aa5582bfa491b810aa80905d9a82b5b63dcc8fd4752eee8958d7e1804787af5fa5bb76f15be55c3a32a5595d6f8bf11f4da11aaa5606448cc8929d8f2aeb48adf6ee4335828b55c01df70c78b97847474379e26d7ab83c3cb8913785968c12c4ecd48474de5ff0657bd299af4a16bc9669ea677cd94da9c5f4c5de0424ccd5d2a8b6ebc204dcf0897aeb74b8dc461cce6980ec7ccfad6b6b4709a7165a8638f43e673210ba98a3fa26ca4d8121bf6d25b0e0e24643d737545f9e125faf706d6f6c8b5f656cb4ac6fd9b1a0862b03d7641305cf0dfa593b03e37ebb14a0bbc8dcd46fdb7de97cec50eaf5ad3490d900348c84189210d86c21cd89f42d9f5e8b5bd399eb8ab754d8be373e3f0557454f6bf6fd208e4f8d35e51015f4fe7217436e56b9900cec9ec91fbe1357999d65f646c2a863f572bca22caa172ef853e20eb65143e7542d0d57baac83e8e3f1f10cd092a472c76494a96c0d42965c378bbaf8a44dd63fa9cb0355ce67eca1c9b829df775aea5b2c9c5c23b4a1cad3021c6d0c544652572c1a8050ea4a6f99bf8766432576f3373518924ba7ba1da07b160217a489449ca56b94e36f07c7b6823b8ee7b86dddc68475697e1cef85c3ef53b89d3ea39b85da12f3d0b8ed3945652b4f4d6f6962a5aa697cf19dc0000b56d5a3270de79dd196bf78200b59ec621acc58b9273efdfb4b830e76c3d4aec3577898de4af538c9651ee804c1ad1fd9b565a8d1b5fe9adf003d4365dc9939a70bff1510a7a0ec59ab625af0bf5f00a6855853168f4adf18672cd3693dbee5990e48f0dc6a8136186822257a4d74a20cd2f84b12dea4a0393781606610b362109a7072b626146317591da554ed9d9f30dfec41f8c534224b6d97555b2cb0e833287818cf9bee4b454088d68ec90efe395ef33bbbae6ef1a95e70a748e288d9998407355d3268ab76c38ad8b042b332d619c35e459086f7be54e1a84c75a78c5d4395ff7bbb3de2bb2674dbe551b59ecfd9abe92188a52075d383d8e79696f25e123afef8045b2b67819af2f6dc1279dd5272a30da7f9636c7f022ac029b27046e953c09720594fb794ee7d34401155cf83c59d49bf2d3b7ba09d7348a2d40dce4922d5155d14630793acac1d177d2065abe363281577aee7b2e7653e6e7b73a0624d3528866bc8c894537dbe5eeaf375720f7c7c61831346f1d544f20341a2416b5e541eacc92e588d0f4097a54fb8b955eadc68b446a3b3a48f02b569e29c1147235b97b155400eea37b7146f844985981ebfda77ffe3be02e3b581a6f706521c6daa8dfe95c31eb6b52b54cccb6bca8b91d8c801a5300f0b6cf7e5f2d9106961d4bc029367c5a08a573677b4614956166c7477d5a6990e5783988f861c89a1ec46b83e68dafc4c9053d4c2310530b1e5797e236ef892617f14e599b1fab2f5f3558a4896eb9509d813e69ac8f169f282773a7904fd20d42dfd6d9a24c6d444233b62dbed5bb3158e936d2b35dc1973fa9970457ebfb90e700f9d4add17", 0x1000, 0xffffffffffffffff}, {&(0x7f0000000200)="4845a62b0770975ade8e6cba065c668366134ca3ca41920dae4bee0beec7719a4c7965dada06a0221b58a7132f091c47a82f95d1741d31dff7c4b96afa8309a09f4e15ff7fc1146988216a9b3aeae1906ea73abea0f4d3541d58ce88fb295cad184ce1285d03f64803d94b678089329fcffaa0161c3b072edb063bfd48fedd65bc892cb0c1e482910af056a3cc8137b5b33338e0b363289c9471ce2e3c106521ecd9972e12619d8555e795280266ac59835bbd", 0xb3, 0x1000}, {&(0x7f00000002c0)="d6b18c196f56ec57c5284de4d1ccb9529a1bce8daae9ea815f5b42", 0x1b, 0x7fff}, {&(0x7f0000000380)="b8474908e3bf50c395aef00c5deb810dd08699667b03c2283a2caef89175a0aa263ba863067a5c57f4dbe9de5cb26a741fc747d1eb302308a1c7e12c5126b5b63bfa02cad70b52e7dc31108b54adf5ad16ed16d9227cdaaef1647b7d288d1d804e3cdb42ee8c9a5144a2a81c9310fab78752367b3eed3d880aeb6f9fc3c155aa5903fbb77cffdfc6ca90684b055dac6ff40921261b604598896e379f862c5360f75d0ae0aec28bc0e831f01765fc44801961182f662bc61fa35114b23a7ed777c39e6aeff422e771222d908d09b40f49e0efbd4cafb858a4d7725540b500fc70783a11e88b68", 0xe6, 0x8}], 0x800040, &(0x7f00000016c0)={[{@fat=@quiet}, {@nodots}, {@dots}, {@nodots}, {@nodots}], [{@subj_user={'subj_user', 0x3d, '!,{/+%{[@:-^#/#'}}, {@func={'func', 0x3d, 'MMAP_CHECK'}}, {@context={'context', 0x3d, 'system_u'}}, {@euid_lt={'euid<', 0xee00}}, {@euid_eq={'euid', 0x3d, 0xee00}}]})
mknodat$loop(r2, &(0x7f0000000540)='./file0\x00', 0x2, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
name_to_handle_at(0xffffffffffffffff, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="1c"], &(0x7f0000000340), 0x400)
getdents(r0, &(0x7f00000005c0)=""/223, 0xfc61)

09:19:24 executing program 1:
r0 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r1=>0x0)
io_submit(r1, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0x8, 0x1, 0x0, r0, &(0x7f0000000000), 0x16000, 0x9}])

09:19:24 executing program 3:
syz_read_part_table(0xffffffff00000000, 0x1, &(0x7f0000000480)=[{&(0x7f0000000000)="020181ffffff0a000000ff45ac000000000063000800000000000000000000ffffffa9000000e10000008877007200300700a6ffffff00000000008000da55aa", 0x40, 0x1c0}])
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)

[  343.193498][T32436]  __alloc_pages+0x102/0x320
[  343.198111][T32436]  alloc_pages_vma+0x513/0x680
[  343.202901][T32436]  ? page_address_in_vma+0x264/0x300
[  343.208503][T32436]  new_page+0x124/0x170
[  343.212928][T32436]  migrate_pages+0x3b3/0x1530
[  343.217775][T32436]  ? do_mbind+0xf50/0xf50
[  343.222459][T32436]  ? remove_migration_ptes+0x90/0x90
[  343.228137][T32436]  do_mbind+0xd43/0xf50
[  343.232299][T32436]  __x64_sys_mbind+0x10a/0x130
[  343.237055][T32436]  do_syscall_64+0x3d/0x90
[  343.241559][T32436]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  343.247548][T32436] RIP: 0033:0x4665e9
[  343.251551][T32436] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  343.271228][T32436] RSP: 002b:00007f21c691d188 EFLAGS: 00000246 ORIG_RAX: 00000000000000ed
[  343.279649][T32436] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665e9
[  343.287622][T32436] RDX: 0000000000000000 RSI: 0000000000800004 RDI: 00000000203b5000
[  343.295772][T32436] RBP: 00007f21c691d1d0 R08: 0000000000000000 R09: 0000000000000002
[  343.303849][T32436] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  343.311863][T32436] R13: 00007ffd632b736f R14: 00007f21c691d300 R15: 0000000000022000
09:19:25 executing program 2:
r0 = open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x1800007, 0x11, r0, 0x0)
r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r2=>0x0)
ftruncate(r1, 0x81fd)
syz_open_dev$vcsu(&(0x7f0000001700), 0x0, 0x0)
sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000003980)=[{0x0}], 0x1}, 0x0)
io_submit(r2, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0x0, 0xdb, 0x0, r1, &(0x7f0000000000), 0x16000}])

[  343.374916][T32487] loop4: detected capacity change from 0 to 16383
[  343.389388][T32487] FAT-fs (loop4): Unrecognized mount option "subj_user=!" or missing value
[  343.423833][T32493] loop3: detected capacity change from 0 to 264192
[  343.475563][T32501] loop4: detected capacity change from 0 to 21504
[  343.502324][T32493]  loop3: p1 p3 p4
[  343.507303][T32493] loop3: p1 size 11290111 extends beyond EOD, truncated
[  343.538448][ T1041]  loop1: p2 < > p3 p4
[  343.543472][ T1041] loop1: p2 size 2 extends beyond EOD, truncated
[  343.553650][T32493] loop3: p3 size 1912633224 extends beyond EOD, truncated
[  343.561424][ T1041] loop1: p3 start 225 is beyond EOD, truncated
[  343.567722][ T1041] loop1: p4 size 3657465856 extends beyond EOD, truncated
[  343.576382][T32493] loop3: p4 size 3657465856 extends beyond EOD, truncated
[  343.639395][T32280] blk_update_request: I/O error, dev loop3, sector 264033 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 0
[  343.639456][T32286] blk_update_request: I/O error, dev loop3, sector 263946 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 0
[  343.652558][T32287] blk_update_request: I/O error, dev loop3, sector 264064 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 0
[  343.663367][T32493] __loop_clr_fd: partition scan of loop3 failed (rc=-16)
[  343.684524][  T896] blk_update_request: I/O error, dev loop3, sector 264033 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  343.695940][  T896] Buffer I/O error on dev loop3p3, logical block 263808, async page read
[  343.705199][  T896] blk_update_request: I/O error, dev loop3, sector 264034 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  343.716888][  T896] Buffer I/O error on dev loop3p3, logical block 263809, async page read
[  343.725468][  T896] blk_update_request: I/O error, dev loop3, sector 263946 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  343.728475][T32493] loop3: detected capacity change from 0 to 264192
[  343.737143][  T896] Buffer I/O error on dev loop3p1, logical block 131968, async page read
[  343.752124][  T896] blk_update_request: I/O error, dev loop3, sector 263948 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  343.763440][  T896] Buffer I/O error on dev loop3p1, logical block 131969, async page read
09:19:25 executing program 0 (fault-call:2 fault-nth:88):
mlockall(0x1)
mremap(&(0x7f0000453000/0x4000)=nil, 0x4000, 0x1000, 0x3, &(0x7f000014a000/0x1000)=nil)
mbind(&(0x7f00003b5000/0x800000)=nil, 0x800004, 0x0, 0x0, 0x0, 0x2)

09:19:25 executing program 1:
r0 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r1=>0x0)
io_submit(r1, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0x8, 0x1, 0x0, r0, &(0x7f0000000000), 0x16000, 0x10}])

09:19:25 executing program 4:
mkdir(&(0x7f0000002200)='./file0\x00', 0x0)
r0 = open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
rmdir(&(0x7f0000000040)='./file0\x00')
name_to_handle_at(0xffffffffffffffff, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="1c"], &(0x7f0000000340), 0x400)
getdents(r0, &(0x7f00000005c0)=""/223, 0xfc61)

09:19:25 executing program 2:
r0 = open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x1800007, 0x11, r0, 0x0)
r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r2=>0x0)
ftruncate(r1, 0x81fd)
syz_open_dev$vcsu(&(0x7f0000001700), 0x0, 0x0)
sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000003980)=[{0x0}], 0x1}, 0x0)
io_submit(r2, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0x0, 0x152, 0x0, r1, &(0x7f0000000000), 0x16000}])

09:19:25 executing program 3:
syz_read_part_table(0xffffffffffff0700, 0x1, &(0x7f0000000480)=[{&(0x7f0000000000)="020181ffffff0a000000ff45ac000000000063000800000000000000000000ffffffa9000000e10000008877007200300700a6ffffff00000000008000da55aa", 0x40, 0x1c0}])
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)

[  343.808473][T32493] loop_reread_partitions: partition scan of loop3 () failed (rc=-16)
09:19:25 executing program 2:
r0 = open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x1800007, 0x11, r0, 0x0)
r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r2=>0x0)
ftruncate(r1, 0x81fd)
syz_open_dev$vcsu(&(0x7f0000001700), 0x0, 0x0)
sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000003980)=[{0x0}], 0x1}, 0x0)
io_submit(r2, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0x0, 0x16b, 0x0, r1, &(0x7f0000000000), 0x16000}])

[  343.961709][T32546] loop3: detected capacity change from 0 to 264192
[  343.992266][ T1041]  loop1: p2 < > p3 p4
[  343.996567][ T1041] loop1: p2 size 2 extends beyond EOD, truncated
[  344.019708][ T1041] loop1: p3 start 225 is beyond EOD, truncated
[  344.026127][ T1041] loop1: p4 size 3657465856 extends beyond EOD, truncated
[  344.028511][T32546]  loop3: p1 p3 p4
[  344.058797][T32546] loop3: p1 size 11290111 extends beyond EOD, truncated
[  344.075358][T32546] loop3: p3 size 1912633224 extends beyond EOD, truncated
[  344.092363][T32546] loop3: p4 size 3657465856 extends beyond EOD, truncated
09:19:25 executing program 5:
mlockall(0x1)
mremap(&(0x7f0000453000/0x4000)=nil, 0x4000, 0x1000, 0x3, &(0x7f000014a000/0x1000)=nil)
mlockall(0x2)
mbind(&(0x7f00003b5000/0x800000)=nil, 0x800004, 0x0, 0x0, 0x0, 0x2)

09:19:25 executing program 1:
r0 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r1=>0x0)
io_submit(r1, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0x8, 0x1, 0x0, r0, &(0x7f0000000000), 0x16000, 0x408}])

09:19:25 executing program 4:
mkdir(&(0x7f0000002200)='./file0\x00', 0x0)
r0 = open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
pipe(&(0x7f0000000040)={<r2=>0xffffffffffffffff})
r3 = socket$inet_udp(0x2, 0x2, 0x0)
close(r3)
splice(r2, 0x0, r3, 0x0, 0x10005, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r3, &(0x7f0000000040)={0x20000003})
name_to_handle_at(0xffffffffffffffff, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="1c"], &(0x7f0000000340), 0x400)
getdents(r0, &(0x7f00000005c0)=""/223, 0xfc61)

09:19:25 executing program 2:
r0 = open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x1800007, 0x11, r0, 0x0)
r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r2=>0x0)
ftruncate(r1, 0x81fd)
syz_open_dev$vcsu(&(0x7f0000001700), 0x0, 0x0)
sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000003980)=[{0x0}], 0x1}, 0x0)
io_submit(r2, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0x0, 0x281, 0x0, r1, &(0x7f0000000000), 0x16000}])

09:19:25 executing program 3:
syz_read_part_table(0xffffffffffffff7f, 0x1, &(0x7f0000000480)=[{&(0x7f0000000000)="020181ffffff0a000000ff45ac000000000063000800000000000000000000ffffffa9000000e10000008877007200300700a6ffffff00000000008000da55aa", 0x40, 0x1c0}])
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)

[  344.231353][T32538] FAULT_INJECTION: forcing a failure.
[  344.231353][T32538] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  344.244715][T32538] CPU: 0 PID: 32538 Comm: syz-executor.0 Not tainted 5.14.0-rc4-syzkaller #0
[  344.253482][T32538] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  344.263631][T32538] Call Trace:
[  344.266912][T32538]  dump_stack_lvl+0xb7/0x103
[  344.271698][T32538]  dump_stack+0x11/0x1a
[  344.276018][T32538]  should_fail+0x23c/0x250
[  344.280507][T32538]  __alloc_pages+0x102/0x320
[  344.285114][T32538]  alloc_pages_vma+0x513/0x680
[  344.289872][T32538]  ? page_address_in_vma+0x264/0x300
[  344.295233][T32538]  new_page+0x124/0x170
[  344.299390][T32538]  migrate_pages+0x3b3/0x1530
[  344.302673][T32583] loop3: detected capacity change from 0 to 264192
[  344.304071][T32538]  ? do_mbind+0xf50/0xf50
[  344.314889][T32538]  ? remove_migration_ptes+0x90/0x90
[  344.320361][T32538]  do_mbind+0xd43/0xf50
[  344.324516][T32538]  __x64_sys_mbind+0x10a/0x130
[  344.329387][T32538]  do_syscall_64+0x3d/0x90
[  344.333824][T32538]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  344.339778][T32538] RIP: 0033:0x4665e9
[  344.343687][T32538] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  344.363863][T32538] RSP: 002b:00007f21c691d188 EFLAGS: 00000246 ORIG_RAX: 00000000000000ed
[  344.372342][T32538] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665e9
[  344.380312][T32538] RDX: 0000000000000000 RSI: 0000000000800004 RDI: 00000000203b5000
[  344.388275][T32538] RBP: 00007f21c691d1d0 R08: 0000000000000000 R09: 0000000000000002
[  344.396237][T32538] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  344.404203][T32538] R13: 00007ffd632b736f R14: 00007f21c691d300 R15: 0000000000022000
09:19:26 executing program 4:
mkdir(&(0x7f0000002200)='./file0\x00', 0x0)
mount(&(0x7f0000000040)=@sg0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='bfs\x00', 0x800, &(0x7f0000000100)='*}\x00')
r0 = open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0)
openat$incfs(r1, &(0x7f0000000140)='.log\x00', 0x2000, 0x4)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
name_to_handle_at(0xffffffffffffffff, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="1c"], &(0x7f0000000340), 0x400)
getdents(r0, &(0x7f00000005c0)=""/223, 0xfc61)

[  344.437878][T32583]  loop3: p1 p3 p4
[  344.444269][T32583] loop3: p1 size 11290111 extends beyond EOD, truncated
[  344.471284][T32583] loop3: p3 size 1912633224 extends beyond EOD, truncated
[  344.490419][T32583] loop3: p4 size 3657465856 extends beyond EOD, truncated
[  344.554547][ T1041]  loop3: p1 p3 p4
[  344.559474][ T1041] loop3: p1 size 11290111 extends beyond EOD, truncated
[  344.582017][ T1041] loop3: p3 size 1912633224 extends beyond EOD, truncated
[  344.609820][ T1041] loop3: p4 size 3657465856 extends beyond EOD, truncated
09:19:26 executing program 0 (fault-call:2 fault-nth:89):
mlockall(0x1)
mremap(&(0x7f0000453000/0x4000)=nil, 0x4000, 0x1000, 0x3, &(0x7f000014a000/0x1000)=nil)
mbind(&(0x7f00003b5000/0x800000)=nil, 0x800004, 0x0, 0x0, 0x0, 0x2)

09:19:26 executing program 1:
r0 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r1=>0x0)
io_submit(r1, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0x8, 0x1, 0x0, r0, &(0x7f0000000000), 0x16000, 0x804}])

09:19:26 executing program 2:
r0 = open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x1800007, 0x11, r0, 0x0)
r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r2=>0x0)
ftruncate(r1, 0x81fd)
syz_open_dev$vcsu(&(0x7f0000001700), 0x0, 0x0)
sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000003980)=[{0x0}], 0x1}, 0x0)
io_submit(r2, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0x0, 0x3f6, 0x0, r1, &(0x7f0000000000), 0x16000}])

09:19:26 executing program 4:
mkdir(&(0x7f0000002200)='./file0\x00', 0x0)
r0 = open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0)
move_pages(0xffffffffffffffff, 0x6, &(0x7f0000000040)=[&(0x7f000001b000/0x4000)=nil, &(0x7f0000406000/0x4000)=nil, &(0x7f00005cf000/0x1000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f000023c000/0x3000)=nil, &(0x7f0000242000/0x2000)=nil], &(0x7f0000000080)=[0x1, 0x401], &(0x7f00000000c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
name_to_handle_at(0xffffffffffffffff, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB], &(0x7f0000000340), 0x400)
getdents(r0, &(0x7f00000005c0)=""/223, 0xfc61)

09:19:26 executing program 3:
syz_read_part_table(0xfffffffffffffffe, 0x1, &(0x7f0000000480)=[{&(0x7f0000000000)="020181ffffff0a000000ff45ac000000000063000800000000000000000000ffffffa9000000e10000008877007200300700a6ffffff00000000008000da55aa", 0x40, 0x1c0}])
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)

[  344.660349][ T1041]  loop1: p2 < > p3 p4
[  344.670047][ T1041] loop1: p2 size 2 extends beyond EOD, truncated
[  344.688686][ T1041] loop1: p3 start 225 is beyond EOD, truncated
[  344.694929][ T1041] loop1: p4 size 3657465856 extends beyond EOD, truncated
09:19:26 executing program 4:
mkdir(&(0x7f0000002200)='./file0\x00', 0x0)
r0 = open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
name_to_handle_at(0xffffffffffffffff, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="df1153071e48e66141c2e257081d46379c2234682ac20bb1b0bc6ef54e3c11224e91aabd30d8d3f79947334be0da9546da9035c2214e3b4a7085c91563bea372c0c5cb089a916042c73299685c403cef853f2a4a1f3eb4457169e5f0190ab342ca02a6627d5ca3219388ea060893e9bfadb015ff1982519e1c02b3eb1cae70d8169a08ff0e24246e964b85a567e4e66f82019e59491fae56bee4d06d1fac6a8a710e1ecc9905124e46e71e27cbefd4269a2bb38bad40b04a3d54218fc5fda692ef886c35bddaae146151f60d7d09c512da847be2e51cf2cb343a46a9543b27a5f3f1919ae9f099edd6cac34671221d4e6bf52b875b4618431955e7fde32342fbdfe9b2b804dbb34c30442767431014dd25029a17b4e3"], &(0x7f0000000340), 0x400)
getdents(r0, &(0x7f00000005c0)=""/223, 0xfc61)

[  344.807170][T32634] loop3: detected capacity change from 0 to 264192
[  344.868640][T32634]  loop3: p1 p3 p4
[  344.873959][T32634] loop3: p1 size 11290111 extends beyond EOD, truncated
[  344.896371][T32634] loop3: p3 size 1912633224 extends beyond EOD, truncated
[  344.904405][T32634] loop3: p4 size 3657465856 extends beyond EOD, truncated
[  344.917593][ T1041]  loop1: p2 < > p3 p4
[  344.921878][ T1041] loop1: p2 size 2 extends beyond EOD, truncated
[  344.937838][ T1041] loop1: p3 start 225 is beyond EOD, truncated
[  344.944097][ T1041] loop1: p4 size 3657465856 extends beyond EOD, truncated
[  345.000911][T32634] loop3: detected capacity change from 0 to 264192
[  345.026335][T32634]  loop3: p1 p3 p4
[  345.030772][T32634] loop3: p1 size 11290111 extends beyond EOD, truncated
[  345.045265][T32634] loop3: p3 size 1912633224 extends beyond EOD, truncated
[  345.061779][T32634] loop3: p4 size 3657465856 extends beyond EOD, truncated
09:19:26 executing program 5:
mlockall(0x1)
mremap(&(0x7f0000453000/0x4000)=nil, 0x4000, 0x1000, 0x7, &(0x7f0000a84000/0x1000)=nil)
mbind(&(0x7f00003b5000/0x800000)=nil, 0x800004, 0x0, 0x0, 0x0, 0x2)

[  345.101553][T32635] FAULT_INJECTION: forcing a failure.
[  345.101553][T32635] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  345.114951][T32635] CPU: 0 PID: 32635 Comm: syz-executor.0 Not tainted 5.14.0-rc4-syzkaller #0
[  345.123794][T32635] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  345.133941][T32635] Call Trace:
[  345.137227][T32635]  dump_stack_lvl+0xb7/0x103
[  345.141818][T32635]  dump_stack+0x11/0x1a
[  345.145969][T32635]  should_fail+0x23c/0x250
09:19:26 executing program 2:
r0 = open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x1800007, 0x11, r0, 0x0)
r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r2=>0x0)
ftruncate(r1, 0x81fd)
syz_open_dev$vcsu(&(0x7f0000001700), 0x0, 0x0)
sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000003980)=[{0x0}], 0x1}, 0x0)
io_submit(r2, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0x0, 0x47f, 0x0, r1, &(0x7f0000000000), 0x16000}])

09:19:26 executing program 1:
r0 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r1=>0x0)
io_submit(r1, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0x8, 0x1, 0x0, r0, &(0x7f0000000000), 0x16000, 0x900}])

09:19:26 executing program 4:
mkdir(&(0x7f0000002200)='./file0\x00', 0x0)
r0 = open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
name_to_handle_at(0xffffffffffffffff, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="8bb4a9ad5f36ec2300c4353955898c2e6360a112237e94141391e0d77af91b0bf5885f56e8dd1495fa77048195c44ad16281a192737505b1409f522b9bafd3b636b644f6b924a0acfd23e93fedb101b0d22252"], &(0x7f0000000340), 0x400)
getdents(r0, &(0x7f00000005c0)=""/223, 0xfc61)

09:19:26 executing program 3:
syz_read_part_table(0xffffffffffffffff, 0x1, &(0x7f0000000480)=[{&(0x7f0000000000)="020181ffffff0a000000ff45ac000000000063000800000000000000000000ffffffa9000000e10000008877007200300700a6ffffff00000000008000da55aa", 0x40, 0x1c0}])
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)

[  345.150733][T32635]  __alloc_pages+0x102/0x320
[  345.155567][T32635]  alloc_pages_vma+0x513/0x680
[  345.160356][T32635]  ? page_address_in_vma+0x264/0x300
[  345.165752][T32635]  new_page+0x124/0x170
[  345.170005][T32635]  migrate_pages+0x3b3/0x1530
[  345.174799][T32635]  ? do_mbind+0xf50/0xf50
[  345.179131][T32635]  ? remove_migration_ptes+0x90/0x90
[  345.184410][T32635]  do_mbind+0xd43/0xf50
[  345.188596][T32635]  __x64_sys_mbind+0x10a/0x130
[  345.193527][T32635]  do_syscall_64+0x3d/0x90
09:19:26 executing program 4:
mkdir(&(0x7f0000002200)='./file0\x00', 0x0)
r0 = open$dir(&(0x7f0000000040)='./file0\x00', 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x1)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
name_to_handle_at(0xffffffffffffffff, 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB="1cd53083316f"], &(0x7f0000000340), 0x400)
sendfile(r1, r1, 0x0, 0x7)
getdents(r0, &(0x7f00000005c0)=""/223, 0xfc61)

[  345.197968][T32635]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  345.203918][T32635] RIP: 0033:0x4665e9
[  345.207808][T32635] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  345.227602][T32635] RSP: 002b:00007f21c691d188 EFLAGS: 00000246 ORIG_RAX: 00000000000000ed
[  345.236339][T32635] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665e9
[  345.244530][T32635] RDX: 0000000000000000 RSI: 0000000000800004 RDI: 00000000203b5000
[  345.252504][T32635] RBP: 00007f21c691d1d0 R08: 0000000000000000 R09: 0000000000000002
[  345.260477][T32635] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  345.268641][T32635] R13: 00007ffd632b736f R14: 00007f21c691d300 R15: 0000000000022000
[  345.429292][ T1041]  loop1: p2 < > p3 p4
[  345.433733][ T1041] loop1: p2 size 2 extends beyond EOD, truncated
[  345.442039][T32698] loop3: detected capacity change from 0 to 264192
[  345.456443][ T1041] loop1: p3 start 225 is beyond EOD, truncated
[  345.462631][ T1041] loop1: p4 size 3657465856 extends beyond EOD, truncated
[  345.507399][T32698]  loop3: p1 p3 p4
[  345.517818][T32698] loop3: p1 size 11290111 extends beyond EOD, truncated
[  345.533068][T32698] loop3: p3 size 1912633224 extends beyond EOD, truncated
[  345.552363][T32698] loop3: p4 size 3657465856 extends beyond EOD, truncated
09:19:27 executing program 0 (fault-call:2 fault-nth:90):
mlockall(0x1)
mremap(&(0x7f0000453000/0x4000)=nil, 0x4000, 0x1000, 0x3, &(0x7f000014a000/0x1000)=nil)
mbind(&(0x7f00003b5000/0x800000)=nil, 0x800004, 0x0, 0x0, 0x0, 0x2)

09:19:27 executing program 4:
mkdir(&(0x7f0000002200)='./file0\x00', 0x0)
r0 = open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0)
pipe(&(0x7f0000000040)={<r2=>0xffffffffffffffff})
r3 = socket$inet_udp(0x2, 0x2, 0x0)
close(r3)
splice(r2, 0x0, r3, 0x0, 0x10005, 0x0)
clock_gettime(0x0, &(0x7f00000083c0)={<r4=>0x0, <r5=>0x0})
recvmmsg$unix(r1, &(0x7f00000081c0)=[{{&(0x7f0000000080)=@abs, 0x6e, &(0x7f00000001c0)=[{&(0x7f0000000100)=""/187, 0xbb}], 0x1, &(0x7f0000000200)=[@rights={{0x28, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}], 0x28}}, {{&(0x7f0000000240), 0x6e, &(0x7f0000001780)=[{&(0x7f0000000380)=""/116, 0x74}, {&(0x7f0000000400)=""/248, 0xf8}, {&(0x7f00000006c0)=""/4096, 0x1000}, {&(0x7f0000000500)=""/171, 0xab}, {&(0x7f0000002240)=""/4096, 0x1000}, {&(0x7f00000016c0)=""/143, 0x8f}], 0x6, &(0x7f0000001800)=[@rights={{0x30, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @rights={{0x1c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}], 0x90}}, {{&(0x7f00000018c0), 0x6e, &(0x7f0000001b80)=[{&(0x7f0000001940)=""/252, 0xfc}, {&(0x7f0000003240)=""/4096, 0x1000}, {&(0x7f0000001a40)=""/91, 0x5b}, {&(0x7f00000002c0)=""/8, 0x8}, {&(0x7f0000001ac0)=""/128, 0x80}, {&(0x7f0000001b40)=""/7, 0x7}], 0x6, &(0x7f0000001c00)=[@rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}, @rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}, @cred={{0x1c}}, @cred={{0x1c}}, @cred={{0x1c}}, @rights={{0x20, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}], 0xb0}}, {{0x0, 0x0, &(0x7f0000001e80)=[{&(0x7f0000004240)=""/4096, 0x1000}, {&(0x7f0000001cc0)=""/143, 0x8f}, {&(0x7f0000001d80)=""/243, 0xf3}], 0x3, &(0x7f0000001ec0)=[@cred={{0x1c}}, @cred={{0x1c}}, @rights={{0x28, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}], 0x68}}, {{&(0x7f0000001f40)=@abs, 0x6e, &(0x7f00000020c0)=[{&(0x7f0000001fc0)=""/127, 0x7f}, {&(0x7f0000002040)=""/91, 0x5b}], 0x2, &(0x7f0000002100)=[@rights={{0x2c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @rights={{0x30, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}], 0xa0}}, {{&(0x7f0000005240), 0x6e, &(0x7f0000006780)=[{&(0x7f00000052c0)=""/223, 0xdf}, {&(0x7f00000053c0)=""/240, 0xf0}, {&(0x7f00000054c0)=""/126, 0x7e}, {&(0x7f0000005540)=""/4096, 0x1000}, {&(0x7f0000006540)=""/219, 0xdb}, {&(0x7f0000006640)=""/188, 0xbc}, {&(0x7f0000006700)=""/101, 0x65}, {&(0x7f00000021c0)=""/37, 0x25}], 0x8}}, {{&(0x7f0000006800)=@abs, 0x6e, &(0x7f0000006bc0)=[{&(0x7f0000006880)=""/254, 0xfe}, {&(0x7f0000006980)=""/53, 0x35}, {&(0x7f00000069c0)=""/246, 0xf6}, {&(0x7f0000006ac0)=""/147, 0x93}, {&(0x7f0000006b80)=""/7, 0x7}], 0x5, &(0x7f0000006c40)=[@rights={{0x24, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c, 0x1, 0x2, {0x0, <r6=>0x0}}}], 0x48}}, {{&(0x7f0000006cc0), 0x6e, &(0x7f0000008080)=[{&(0x7f0000006d40)=""/128, 0x80}, {&(0x7f0000006dc0)=""/4096, 0x1000}, {&(0x7f0000007dc0)=""/86, 0x56}, {&(0x7f0000007e40)=""/223, 0xdf}, {&(0x7f0000007f40)=""/14, 0xe}, {&(0x7f0000007f80)=""/194, 0xc2}], 0x6, &(0x7f0000008100)=[@cred={{0x1c}}, @rights={{0x30, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @cred={{0x1c}}], 0x90}}], 0x8, 0x3, &(0x7f0000008400)={r4, r5+60000000})
fchownat(r2, &(0x7f0000000040)='./file0\x00', r6, 0xffffffffffffffff, 0x1000)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
name_to_handle_at(0xffffffffffffffff, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="1c"], &(0x7f0000000340), 0x400)
getdents(r0, &(0x7f00000005c0)=""/223, 0xfc61)

09:19:27 executing program 2:
r0 = open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x1800007, 0x11, r0, 0x0)
r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r2=>0x0)
ftruncate(r1, 0x81fd)
syz_open_dev$vcsu(&(0x7f0000001700), 0x0, 0x0)
sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000003980)=[{0x0}], 0x1}, 0x0)
io_submit(r2, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0x0, 0xc00, 0x0, r1, &(0x7f0000000000), 0x16000}])

09:19:27 executing program 1:
r0 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r1=>0x0)
io_submit(r1, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0x8, 0x1, 0x0, r0, &(0x7f0000000000), 0x16000, 0x3f00}])