pute Engine, BIOS Google 01/01/2011
[  319.486607][T24464] Call Trace:
[  319.489892][T24464]  <TASK>
[  319.492818][T24464]  dump_stack_lvl+0xd6/0x122
[  319.497416][T24464]  dump_stack+0x11/0x12
11:46:55 executing program 5:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x0)

[  319.501617][T24464]  should_fail+0x230/0x240
[  319.506098][T24464]  __should_failslab+0x81/0x90
[  319.510892][T24464]  ? mempool_alloc_slab+0x16/0x20
[  319.515917][T24464]  should_failslab+0x5/0x20
[  319.520428][T24464]  kmem_cache_alloc+0x46/0x300
[  319.525221][T24464]  ? folio_mark_accessed+0x12f/0x380
[  319.530520][T24464]  mempool_alloc_slab+0x16/0x20
[  319.535376][T24464]  ? mempool_free+0x130/0x130
[  319.540051][T24464]  mempool_alloc+0x9f/0x2a0
[  319.544557][T24464]  bio_alloc_bioset+0xe4/0x730
11:46:55 executing program 4:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8803f00)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

11:46:55 executing program 3:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, 0x0, 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

[  319.549408][T24464]  submit_bh_wbc+0x161/0x2f0
[  319.554005][T24464]  write_dirty_buffer+0xdb/0xe0
[  319.558946][T24464]  fat_sync_bhs+0x52/0x160
[  319.563370][T24464]  fat_alloc_clusters+0x935/0xa80
[  319.568423][T24464]  fat_get_block+0x263/0x600
[  319.573130][T24464]  ? fat_block_truncate_page+0x30/0x30
[  319.578628][T24464]  __block_write_begin_int+0x33d/0xc90
[  319.584117][T24464]  ? fat_block_truncate_page+0x30/0x30
[  319.589581][T24464]  ? PageHeadHuge+0x3b/0x120
[  319.594212][T24464]  ? fat_block_truncate_page+0x30/0x30
[  319.599749][T24464]  block_write_begin+0x77/0x170
[  319.604636][T24464]  ? cont_write_begin+0x3aa/0x500
[  319.609713][T24464]  cont_write_begin+0x3cf/0x500
[  319.614604][T24464]  fat_write_begin+0x61/0xf0
[  319.619202][T24464]  ? fat_block_truncate_page+0x30/0x30
[  319.624665][T24464]  generic_perform_write+0x1d6/0x3f0
[  319.629951][T24464]  ? fat_write_begin+0xf0/0xf0
[  319.634730][T24464]  __generic_file_write_iter+0x172/0x280
[  319.640463][T24464]  ? generic_write_checks+0x256/0x290
[  319.645851][T24464]  generic_file_write_iter+0x75/0x130
[  319.651283][T24464]  do_iter_readv_writev+0x27b/0x300
[  319.656572][T24464]  do_iter_write+0x16f/0x5c0
[  319.661207][T24464]  ? splice_from_pipe_next+0x34f/0x3b0
[  319.666768][T24464]  vfs_iter_write+0x4c/0x70
[  319.671279][T24464]  iter_file_splice_write+0x44a/0x7c0
[  319.676657][T24464]  ? splice_from_pipe+0xc0/0xc0
[  319.681571][T24464]  direct_splice_actor+0x80/0xa0
[  319.686515][T24464]  splice_direct_to_actor+0x345/0x660
[  319.691968][T24464]  ? do_splice_direct+0x180/0x180
[  319.697055][T24464]  do_splice_direct+0xfb/0x180
11:46:55 executing program 0:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080", 0x15}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
syz_open_procfs(0x0, &(0x7f00000001c0)='net/ip_vs_stats\x00')
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

11:46:55 executing program 2:
mkdir(&(0x7f0000000140)='./file0\x00', 0x0)
mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0)
syz_mount_image$nfs(&(0x7f00000001c0), &(0x7f0000000200)='./file0\x00', 0x400, 0x3, &(0x7f0000000480)=[{&(0x7f00000002c0)="5ad387ddcb", 0x5, 0x6}, {&(0x7f0000000300)="1e27d773d0aebed0f7a481c1c95b45ff94fe75fdc83aaf6a287a0830bce9a4e579bcb3c58fa282dc29fd6c7b2f00979fc318e9a0d976628fc20ae1352ef0618d50d3783efa5bb989584faa3c02b0580598bdbbfd66a0", 0x56, 0x400}, {&(0x7f0000000380)="b04a01a09e40560b9f697d7272adc2af323ddf25c8e2a6f222607484ab646ccf1050c700b376e89e3ad826a616ab446775deeab9b4f74ba77c64a562b1dacb1c440f5208436d46b5bf968003f125f8a85c162730419b97672d481706ec2a3854ecefd97068dde1bd39d4997c38203f2ce3d845f5f05718767a810c1696df8f403de3fc3c58b72979ecfd725cda7016d74ac204c656129d7bf57e03089a5be6208a", 0xa1, 0x5}], 0x1000000, &(0x7f0000000500)={[{'$#k\xcb]):-@'}], [{@fsmagic={'fsmagic', 0x3d, 0x1}}, {@smackfsfloor={'smackfsfloor', 0x3d, 'cgroup.procs\x00'}}, {@fowner_gt}]})
r0 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0)
r1 = openat$cgroup_procs(r0, &(0x7f0000000000)='cgroup.procs\x00', 0x2, 0x0)
creat(&(0x7f0000000100)='./file0\x00', 0xd)
writev(r1, &(0x7f0000000440)=[{&(0x7f0000000180)='0', 0x1}], 0x1)
pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, <r2=>0xffffffffffffffff}, 0x0)
write$P9_RLOCK(r2, &(0x7f0000000280)={0x8}, 0x8)
mkdir(&(0x7f0000000140)='./file0\x00', 0x0) (async)
mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) (async)
syz_mount_image$nfs(&(0x7f00000001c0), &(0x7f0000000200)='./file0\x00', 0x400, 0x3, &(0x7f0000000480)=[{&(0x7f00000002c0)="5ad387ddcb", 0x5, 0x6}, {&(0x7f0000000300)="1e27d773d0aebed0f7a481c1c95b45ff94fe75fdc83aaf6a287a0830bce9a4e579bcb3c58fa282dc29fd6c7b2f00979fc318e9a0d976628fc20ae1352ef0618d50d3783efa5bb989584faa3c02b0580598bdbbfd66a0", 0x56, 0x400}, {&(0x7f0000000380)="b04a01a09e40560b9f697d7272adc2af323ddf25c8e2a6f222607484ab646ccf1050c700b376e89e3ad826a616ab446775deeab9b4f74ba77c64a562b1dacb1c440f5208436d46b5bf968003f125f8a85c162730419b97672d481706ec2a3854ecefd97068dde1bd39d4997c38203f2ce3d845f5f05718767a810c1696df8f403de3fc3c58b72979ecfd725cda7016d74ac204c656129d7bf57e03089a5be6208a", 0xa1, 0x5}], 0x1000000, &(0x7f0000000500)={[{'$#k\xcb]):-@'}], [{@fsmagic={'fsmagic', 0x3d, 0x1}}, {@smackfsfloor={'smackfsfloor', 0x3d, 'cgroup.procs\x00'}}, {@fowner_gt}]}) (async)
open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) (async)
openat$cgroup_procs(r0, &(0x7f0000000000)='cgroup.procs\x00', 0x2, 0x0) (async)
creat(&(0x7f0000000100)='./file0\x00', 0xd) (async)
writev(r1, &(0x7f0000000440)=[{&(0x7f0000000180)='0', 0x1}], 0x1) (async)
pipe2$9p(&(0x7f0000000240), 0x0) (async)
write$P9_RLOCK(r2, &(0x7f0000000280)={0x8}, 0x8) (async)

[  319.701830][T24464]  do_sendfile+0x3ad/0x900
[  319.706247][T24464]  __x64_sys_sendfile64+0x10c/0x150
[  319.711479][T24464]  do_syscall_64+0x2b/0x70
[  319.715902][T24464]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  319.721805][T24464] RIP: 0033:0x7f53af6750e9
[  319.726284][T24464] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[  319.745992][T24464] RSP: 002b:00007f53aedca168 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[  319.747198][T24469] loop0: detected capacity change from 0 to 262160
[  319.754473][T24464] RAX: ffffffffffffffda RBX: 00007f53af788030 RCX: 00007f53af6750e9
[  319.754489][T24464] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000004
[  319.776903][T24464] RBP: 00007f53aedca1d0 R08: 0000000000000000 R09: 0000000000000000
[  319.784865][T24464] R10: 0000000080000001 R11: 0000000000000246 R12: 0000000000000002
[  319.792830][T24464] R13: 00007ffd49c5f31f R14: 00007f53aedca300 R15: 0000000000022000
[  319.800874][T24464]  </TASK>
11:46:56 executing program 2:
mkdir(&(0x7f0000000140)='./file0\x00', 0x0)
mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0)
syz_mount_image$nfs(&(0x7f00000001c0), &(0x7f0000000200)='./file0\x00', 0x400, 0x3, &(0x7f0000000480)=[{&(0x7f00000002c0)="5ad387ddcb", 0x5, 0x6}, {&(0x7f0000000300)="1e27d773d0aebed0f7a481c1c95b45ff94fe75fdc83aaf6a287a0830bce9a4e579bcb3c58fa282dc29fd6c7b2f00979fc318e9a0d976628fc20ae1352ef0618d50d3783efa5bb989584faa3c02b0580598bdbbfd66a0", 0x56, 0x400}, {&(0x7f0000000380)="b04a01a09e40560b9f697d7272adc2af323ddf25c8e2a6f222607484ab646ccf1050c700b376e89e3ad826a616ab446775deeab9b4f74ba77c64a562b1dacb1c440f5208436d46b5bf968003f125f8a85c162730419b97672d481706ec2a3854ecefd97068dde1bd39d4997c38203f2ce3d845f5f05718767a810c1696df8f403de3fc3c58b72979ecfd725cda7016d74ac204c656129d7bf57e03089a5be6208a", 0xa1, 0x5}], 0x1000000, &(0x7f0000000500)={[{'$#k\xcb]):-@'}], [{@fsmagic={'fsmagic', 0x3d, 0x1}}, {@smackfsfloor={'smackfsfloor', 0x3d, 'cgroup.procs\x00'}}, {@fowner_gt}]})
r0 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0)
r1 = openat$cgroup_procs(r0, &(0x7f0000000000)='cgroup.procs\x00', 0x2, 0x0)
creat(&(0x7f0000000100)='./file0\x00', 0xd)
writev(r1, &(0x7f0000000440)=[{&(0x7f0000000180)='0', 0x1}], 0x1)
pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, <r2=>0xffffffffffffffff}, 0x0)
write$P9_RLOCK(r2, &(0x7f0000000280)={0x8}, 0x8)
mkdir(&(0x7f0000000140)='./file0\x00', 0x0) (async)
mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) (async)
syz_mount_image$nfs(&(0x7f00000001c0), &(0x7f0000000200)='./file0\x00', 0x400, 0x3, &(0x7f0000000480)=[{&(0x7f00000002c0)="5ad387ddcb", 0x5, 0x6}, {&(0x7f0000000300)="1e27d773d0aebed0f7a481c1c95b45ff94fe75fdc83aaf6a287a0830bce9a4e579bcb3c58fa282dc29fd6c7b2f00979fc318e9a0d976628fc20ae1352ef0618d50d3783efa5bb989584faa3c02b0580598bdbbfd66a0", 0x56, 0x400}, {&(0x7f0000000380)="b04a01a09e40560b9f697d7272adc2af323ddf25c8e2a6f222607484ab646ccf1050c700b376e89e3ad826a616ab446775deeab9b4f74ba77c64a562b1dacb1c440f5208436d46b5bf968003f125f8a85c162730419b97672d481706ec2a3854ecefd97068dde1bd39d4997c38203f2ce3d845f5f05718767a810c1696df8f403de3fc3c58b72979ecfd725cda7016d74ac204c656129d7bf57e03089a5be6208a", 0xa1, 0x5}], 0x1000000, &(0x7f0000000500)={[{'$#k\xcb]):-@'}], [{@fsmagic={'fsmagic', 0x3d, 0x1}}, {@smackfsfloor={'smackfsfloor', 0x3d, 'cgroup.procs\x00'}}, {@fowner_gt}]}) (async)
open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) (async)
openat$cgroup_procs(r0, &(0x7f0000000000)='cgroup.procs\x00', 0x2, 0x0) (async)
creat(&(0x7f0000000100)='./file0\x00', 0xd) (async)
writev(r1, &(0x7f0000000440)=[{&(0x7f0000000180)='0', 0x1}], 0x1) (async)
pipe2$9p(&(0x7f0000000240), 0x0) (async)
write$P9_RLOCK(r2, &(0x7f0000000280)={0x8}, 0x8) (async)

[  319.816979][T24469] FAT-fs (loop0): invalid media value (0x00)
[  319.822987][T24469] FAT-fs (loop0): Can't find a valid FAT filesystem
11:46:56 executing program 2:
mkdir(&(0x7f0000000140)='./file0\x00', 0x0)
mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0)
r0 = socket$can_raw(0x1d, 0x3, 0x1)
recvmsg(r0, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000400)=[{&(0x7f0000000380)=""/111, 0x6f}, {&(0x7f0000000480)=""/138, 0x8a}, {&(0x7f0000000540)=""/139, 0x8b}], 0x3, &(0x7f0000000600)=""/18, 0x12}, 0x0)
r1 = open(&(0x7f00000001c0)='./file0\x00', 0x80, 0x0)
r2 = openat$cgroup_procs(r1, &(0x7f0000000000)='cgroup.procs\x00', 0x2, 0x0)
writev(r2, &(0x7f0000000440)=[{&(0x7f0000000180)='0', 0x1}], 0x1)
pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, <r3=>0xffffffffffffffff}, 0x0)
r4 = creat(&(0x7f0000000100)='./bus\x00', 0x0)
fallocate(r4, 0x100000003, 0x80019b, 0x80019c)
mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000200), 0x2000800, &(0x7f00000002c0)={'trans=fd,', {'rfdno', 0x3d, r4}, 0x2c, {'wfdno', 0x3d, r2}, 0x2c, {[{@mmap}, {@privport}, {@debug={'debug', 0x3d, 0xc6cf}}], [{@context={'context', 0x3d, 'user_u'}}, {@fsmagic={'fsmagic', 0x3d, 0x2}}]}})
write$P9_RLOCK(r3, &(0x7f0000000280)={0x8}, 0x8)
open(&(0x7f0000000100)='./file0\x00', 0x41400, 0x70)

[  319.864056][T24492] loop4: detected capacity change from 0 to 262160
[  319.872802][T24495] loop3: detected capacity change from 0 to 262160
[  319.873454][T24496] loop5: detected capacity change from 0 to 262160
[  319.899654][   T24] audit: type=1400 audit(1650109616.072:448): avc:  denied  { read } for  pid=24497 comm="syz-executor.2" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[  319.952577][T24500] SELinux: security_context_str_to_sid (user_u) failed with errno=-22
11:46:56 executing program 1:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mount(0x0, 0x0, 0x0, 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001) (fail_nth: 54)
ioctl$BTRFS_IOC_GET_DEV_STATS(0xffffffffffffffff, 0xc4089434, 0x0)

11:46:56 executing program 5:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x0)

[  320.108385][T24506] loop1: detected capacity change from 0 to 262160
11:46:56 executing program 4:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8804000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

11:46:56 executing program 3:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, 0x0, 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

[  320.165183][T24508] loop5: detected capacity change from 0 to 262160
[  320.237391][T24511] loop3: detected capacity change from 0 to 262160
[  320.258041][T24509] FAULT_INJECTION: forcing a failure.
[  320.258041][T24509] name failslab, interval 1, probability 0, space 0, times 0
[  320.261843][T24513] loop4: detected capacity change from 0 to 262160
[  320.270685][T24509] CPU: 0 PID: 24509 Comm: syz-executor.1 Not tainted 5.18.0-rc2-syzkaller-00275-g59250f8a7f3a-dirty #0
[  320.270712][T24509] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  320.298231][T24509] Call Trace:
[  320.301508][T24509]  <TASK>
[  320.304434][T24509]  dump_stack_lvl+0xd6/0x122
[  320.309167][T24509]  dump_stack+0x11/0x12
[  320.313368][T24509]  should_fail+0x230/0x240
[  320.317789][T24509]  __should_failslab+0x81/0x90
[  320.322595][T24509]  ? mempool_alloc_slab+0x16/0x20
[  320.327653][T24509]  should_failslab+0x5/0x20
[  320.332184][T24509]  kmem_cache_alloc+0x46/0x300
11:46:56 executing program 3:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(0xffffffffffffffff, r1, 0x0, 0x80000001)

[  320.336948][T24509]  mempool_alloc_slab+0x16/0x20
[  320.341800][T24509]  ? mempool_free+0x130/0x130
[  320.346521][T24509]  mempool_alloc+0x9f/0x2a0
[  320.351034][T24509]  bio_alloc_bioset+0xe4/0x730
[  320.355798][T24509]  submit_bh_wbc+0x161/0x2f0
[  320.360474][T24509]  __sync_dirty_buffer+0x141/0x1f0
[  320.365594][T24509]  sync_dirty_buffer+0x16/0x20
[  320.370368][T24509]  fat_mirror_bhs+0x268/0x330
[  320.375086][T24509]  fat_ent_write+0xc2/0xd0
[  320.379520][T24509]  fat_chain_add+0x15b/0x410
[  320.384160][T24509]  fat_get_block+0x486/0x600
[  320.388774][T24509]  ? fat_block_truncate_page+0x30/0x30
[  320.394252][T24509]  __block_write_begin_int+0x33d/0xc90
[  320.399734][T24509]  ? fat_block_truncate_page+0x30/0x30
[  320.405232][T24509]  ? PageHeadHuge+0x3b/0x120
[  320.409823][T24509]  ? fat_block_truncate_page+0x30/0x30
[  320.415299][T24509]  block_write_begin+0x77/0x170
[  320.420163][T24509]  ? cont_write_begin+0x3aa/0x500
[  320.425190][T24509]  cont_write_begin+0x3cf/0x500
[  320.430047][T24509]  fat_write_begin+0x61/0xf0
[  320.434670][T24509]  ? fat_block_truncate_page+0x30/0x30
[  320.440178][T24509]  generic_perform_write+0x1d6/0x3f0
[  320.445489][T24509]  ? fat_write_begin+0xf0/0xf0
[  320.450281][T24509]  __generic_file_write_iter+0x172/0x280
[  320.455934][T24509]  ? generic_write_checks+0x256/0x290
[  320.461334][T24509]  generic_file_write_iter+0x75/0x130
[  320.466706][T24509]  do_iter_readv_writev+0x27b/0x300
[  320.471936][T24509]  do_iter_write+0x16f/0x5c0
[  320.476530][T24509]  ? splice_from_pipe_next+0x34f/0x3b0
[  320.481994][T24509]  vfs_iter_write+0x4c/0x70
11:46:56 executing program 0:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080", 0x15}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
syz_open_procfs(0x0, &(0x7f00000001c0)='net/ip_vs_stats\x00')
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

11:46:56 executing program 5:
mkdir(&(0x7f0000000140)='./file0\x00', 0x2)
mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0)
r0 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0)
syz_mount_image$tmpfs(&(0x7f0000000340), &(0x7f0000000380)='./file0\x00', 0x3f, 0x4, &(0x7f0000000700)=[{&(0x7f0000000480)="ac21ff73856a9f6d75ea8818d45698dd13eb422056694798e0a2c1fd64e12fce76d48e3cbe8307f3f1a1b82e062a37d84dd17c09832e9966676ea39d612f8a1feae2d63af42fe7431ce5ce3135372ea1acc403381bb62fcb19be876888d2687a097658adf1e76efafd45bd8f0875b2225c40b01c71b3afa1633c5f863a9100568e9cf35b2b0b93df2f99bb2213e22317e1ea3589ebeeda732711f414f1", 0x9d, 0x1}, {&(0x7f0000000540)="319f54e39e5da95f83772c60b6ea1682c983819db28001d1f33614e49838cab9bc663ebc92be7a3872145e4db997b01066a2b5d78cfaee0b8b9a8c99986469a970017126d5b8ecfbc72cb742d588da190a3b01df0f4d9f0cd5bdaa472be5f8008be3197a4107399fd475a84c4a3995f0a6af4f33867ae7cfe85d9ff5f2be05f6327929a93a40281384b6a7dfa22fa251cc12d14d12405a2d61646775b9b1243c0c8f0934a837ed602ad9907aa2bdcc", 0xaf, 0x1f}, {&(0x7f00000003c0)="0d83b4e57a8fd6df998ea9203773753e37263c97cf3dc6cdb7e98aaf2d767aac7d4d54bccbad5a848e2391b52cb24cdf113c15ca1588192c38ccd086f558ba3d5ec9b29618307abc689e267e963827", 0x4f, 0x7}, {&(0x7f0000000600)="1a15615a9dcb71f6ae7e652a735f30e9d912b3d1664364d0a36f8e7ed06e2e487ade947352aa8eff9fb8e9220f38dd1b540e96c7a9aed06c3edd9e4143701bc3a3b82daf613243930df6a3d544722bc629c12aa79a2b22ec4f4379829566a52a51f7517448b825a9beea5f251402897e6b4289fc4fc125ea33b0d91fbe250fb554b86a1b632912409e6c24c4020cea8581c558df8ee003ea4e990c49f575722dbb32be8ae28e1e2cfdd6fa90ed28276c81fc0d04aee7fef62d206ef605d0f91d787a316b1e", 0xc5, 0x1}], 0x380800, &(0x7f0000000780)={[{@uid={'uid', 0x3d, 0xee00}}, {@huge_advise}, {@uid={'uid', 0x3d, 0xee01}}, {@huge_always}], [{@smackfsroot={'smackfsroot', 0x3d, 'cgroup.procs\x00'}}, {@audit}, {@rootcontext={'rootcontext', 0x3d, 'staff_u'}}]})
r1 = openat$cgroup_procs(r0, &(0x7f0000000000)='cgroup.procs\x00', 0x2, 0x0)
writev(r1, &(0x7f0000000440)=[{&(0x7f0000000180)='0', 0x1}], 0x1)
mount(&(0x7f0000000980)=ANY=[@ANYBLOB="2f6465762f737230009b7329f010ebda6b5c1f4c63f89bcb0d0bb2c70a395659bf5bf5f54aaa5edc289cfc1623642712bb5f20629190b3e332c2f197bd1c3718bdc512f020201a15f73ecdb085bf49718327cf80b7c5de3fd45025d96d56affa4ddc26f5c183a4672c2dedd8a7f8e1372eee76fd10d4acff921b2ef3a2a62244ca8219cd1cd140d882ea8be72f937f958f76c1a9d21e3f22ebeac44615b7e754cd1661b50bc72c96a2236bab46b0d95a"], &(0x7f0000000200)='./file0\x00', &(0x7f00000002c0)='sockfs\x00', 0x0, &(0x7f0000000300)='cgroup.procs\x00')
pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, <r2=>0xffffffffffffffff}, 0x0)
write$P9_RLOCK(r2, &(0x7f0000000280)={0x8}, 0x8)
pipe2$watch_queue(&(0x7f0000000880)={0xffffffffffffffff, <r3=>0xffffffffffffffff}, 0x80)
mount$9p_fd(0x0, &(0x7f0000000800)='./file0\x00', &(0x7f0000000840), 0x80, &(0x7f00000008c0)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@access_user}, {@access_user}, {@access_user}, {@version_L}, {@dfltuid={'dfltuid', 0x3d, 0xee00}}], [{@seclabel}, {@smackfstransmute}, {@uid_eq={'uid', 0x3d, 0xee00}}]}})
open(&(0x7f0000000100)='./file0\x00', 0x101000, 0x42)

[  320.486502][T24509]  iter_file_splice_write+0x44a/0x7c0
[  320.491899][T24509]  ? splice_from_pipe+0xc0/0xc0
[  320.496753][T24509]  direct_splice_actor+0x80/0xa0
[  320.501769][T24509]  splice_direct_to_actor+0x345/0x660
[  320.507166][T24509]  ? do_splice_direct+0x180/0x180
[  320.512198][T24509]  do_splice_direct+0xfb/0x180
[  320.516995][T24509]  do_sendfile+0x3ad/0x900
[  320.521418][T24509]  __x64_sys_sendfile64+0x10c/0x150
[  320.526628][T24509]  do_syscall_64+0x2b/0x70
[  320.531154][T24509]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  320.537043][T24509] RIP: 0033:0x7f53af6750e9
[  320.541453][T24509] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[  320.561064][T24509] RSP: 002b:00007f53aedca168 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[  320.562668][T24518] loop0: detected capacity change from 0 to 262160
[  320.569544][T24509] RAX: ffffffffffffffda RBX: 00007f53af788030 RCX: 00007f53af6750e9
[  320.569561][T24509] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000004
[  320.569574][T24509] RBP: 00007f53aedca1d0 R08: 0000000000000000 R09: 0000000000000000
[  320.569586][T24509] R10: 0000000080000001 R11: 0000000000000246 R12: 0000000000000002
[  320.569599][T24509] R13: 00007ffd49c5f31f R14: 00007f53aedca300 R15: 0000000000022000
[  320.569617][T24509]  </TASK>
[  320.628586][T24518] FAT-fs (loop0): invalid media value (0x00)
11:46:56 executing program 1:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mount(0x0, 0x0, 0x0, 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001) (fail_nth: 55)
ioctl$BTRFS_IOC_GET_DEV_STATS(0xffffffffffffffff, 0xc4089434, 0x0)

[  320.634603][T24518] FAT-fs (loop0): Can't find a valid FAT filesystem
11:46:56 executing program 2:
mkdir(&(0x7f0000000140)='./file0\x00', 0x0)
mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0)
r0 = socket$can_raw(0x1d, 0x3, 0x1)
recvmsg(r0, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000400)=[{&(0x7f0000000380)=""/111, 0x6f}, {&(0x7f0000000480)=""/138, 0x8a}, {&(0x7f0000000540)=""/139, 0x8b}], 0x3, &(0x7f0000000600)=""/18, 0x12}, 0x0) (async)
r1 = open(&(0x7f00000001c0)='./file0\x00', 0x80, 0x0)
r2 = openat$cgroup_procs(r1, &(0x7f0000000000)='cgroup.procs\x00', 0x2, 0x0)
writev(r2, &(0x7f0000000440)=[{&(0x7f0000000180)='0', 0x1}], 0x1) (async)
pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, <r3=>0xffffffffffffffff}, 0x0)
r4 = creat(&(0x7f0000000100)='./bus\x00', 0x0)
fallocate(r4, 0x100000003, 0x80019b, 0x80019c) (async)
mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000200), 0x2000800, &(0x7f00000002c0)={'trans=fd,', {'rfdno', 0x3d, r4}, 0x2c, {'wfdno', 0x3d, r2}, 0x2c, {[{@mmap}, {@privport}, {@debug={'debug', 0x3d, 0xc6cf}}], [{@context={'context', 0x3d, 'user_u'}}, {@fsmagic={'fsmagic', 0x3d, 0x2}}]}})
write$P9_RLOCK(r3, &(0x7f0000000280)={0x8}, 0x8) (async)
open(&(0x7f0000000100)='./file0\x00', 0x41400, 0x70)

[  320.668626][T24520] loop3: detected capacity change from 0 to 262160
[  320.683268][T24523] sockfs: Unknown parameter 'cgroup.procs'
[  320.696472][T24525] loop1: detected capacity change from 0 to 262160
11:46:56 executing program 5:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800600)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

[  320.739968][T24527] 9pnet_fd: Insufficient options for proto=fd
[  320.771212][T24531] SELinux: security_context_str_to_sid (user_u) failed with errno=-22
[  320.787598][T24533] loop5: detected capacity change from 0 to 262160
[  320.842607][T24535] FAULT_INJECTION: forcing a failure.
[  320.842607][T24535] name failslab, interval 1, probability 0, space 0, times 0
[  320.855353][T24535] CPU: 1 PID: 24535 Comm: syz-executor.1 Not tainted 5.18.0-rc2-syzkaller-00275-g59250f8a7f3a-dirty #0
[  320.866402][T24535] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  320.876454][T24535] Call Trace:
[  320.879799][T24535]  <TASK>
[  320.882723][T24535]  dump_stack_lvl+0xd6/0x122
[  320.887367][T24535]  dump_stack+0x11/0x12
[  320.891520][T24535]  should_fail+0x230/0x240
[  320.896011][T24535]  __should_failslab+0x81/0x90
[  320.900774][T24535]  ? mempool_alloc_slab+0x16/0x20
[  320.905797][T24535]  should_failslab+0x5/0x20
[  320.910302][T24535]  kmem_cache_alloc+0x46/0x300
[  320.915088][T24535]  mempool_alloc_slab+0x16/0x20
[  320.919941][T24535]  ? mempool_free+0x130/0x130
[  320.924619][T24535]  mempool_alloc+0x9f/0x2a0
[  320.929126][T24535]  bio_alloc_bioset+0xe4/0x730
[  320.933899][T24535]  submit_bh_wbc+0x161/0x2f0
[  320.938492][T24535]  __sync_dirty_buffer+0x141/0x1f0
[  320.943688][T24535]  sync_dirty_buffer+0x16/0x20
[  320.948453][T24535]  fat_mirror_bhs+0x268/0x330
[  320.953223][T24535]  fat_ent_write+0xc2/0xd0
[  320.957641][T24535]  fat_chain_add+0x15b/0x410
[  320.962322][T24535]  fat_get_block+0x486/0x600
[  320.966919][T24535]  ? fat_block_truncate_page+0x30/0x30
[  320.972385][T24535]  __block_write_begin_int+0x33d/0xc90
[  320.977919][T24535]  ? fat_block_truncate_page+0x30/0x30
[  320.983435][T24535]  ? PageHeadHuge+0x3b/0x120
[  320.988046][T24535]  ? fat_block_truncate_page+0x30/0x30
[  320.993616][T24535]  block_write_begin+0x77/0x170
[  320.998577][T24535]  ? cont_write_begin+0x3aa/0x500
[  321.003613][T24535]  cont_write_begin+0x3cf/0x500
[  321.008570][T24535]  fat_write_begin+0x61/0xf0
[  321.013259][T24535]  ? fat_block_truncate_page+0x30/0x30
[  321.018728][T24535]  generic_perform_write+0x1d6/0x3f0
[  321.024025][T24535]  ? fat_write_begin+0xf0/0xf0
[  321.028800][T24535]  __generic_file_write_iter+0x172/0x280
[  321.034532][T24535]  ? generic_write_checks+0x256/0x290
[  321.039910][T24535]  generic_file_write_iter+0x75/0x130
[  321.045306][T24535]  do_iter_readv_writev+0x27b/0x300
[  321.050508][T24535]  do_iter_write+0x16f/0x5c0
[  321.055105][T24535]  ? delay_tsc+0xc1/0xe0
[  321.059350][T24535]  vfs_iter_write+0x4c/0x70
[  321.063865][T24535]  iter_file_splice_write+0x44a/0x7c0
[  321.069280][T24535]  ? splice_from_pipe+0xc0/0xc0
[  321.074133][T24535]  direct_splice_actor+0x80/0xa0
[  321.079123][T24535]  splice_direct_to_actor+0x345/0x660
[  321.084543][T24535]  ? do_splice_direct+0x180/0x180
11:46:57 executing program 4:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x880ff0f)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

11:46:57 executing program 3:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(0xffffffffffffffff, r1, 0x0, 0x80000001)

11:46:57 executing program 5:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800204)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

[  321.089580][T24535]  do_splice_direct+0xfb/0x180
[  321.094353][T24535]  do_sendfile+0x3ad/0x900
[  321.098814][T24535]  __x64_sys_sendfile64+0x10c/0x150
[  321.104026][T24535]  do_syscall_64+0x2b/0x70
[  321.108450][T24535]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  321.114418][T24535] RIP: 0033:0x7f53af6750e9
[  321.118830][T24535] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[  321.138437][T24535] RSP: 002b:00007f53aedca168 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[  321.146850][T24535] RAX: ffffffffffffffda RBX: 00007f53af788030 RCX: 00007f53af6750e9
[  321.154922][T24535] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000004
[  321.162871][T24535] RBP: 00007f53aedca1d0 R08: 0000000000000000 R09: 0000000000000000
[  321.170846][T24535] R10: 0000000080000001 R11: 0000000000000246 R12: 0000000000000002
[  321.178819][T24535] R13: 00007ffd49c5f31f R14: 00007f53aedca300 R15: 0000000000022000
[  321.186771][T24535]  </TASK>
[  321.226229][T24539] loop3: detected capacity change from 0 to 262160
[  321.226592][T24540] loop4: detected capacity change from 0 to 262160
[  321.239643][T24542] loop5: detected capacity change from 0 to 262160
11:46:57 executing program 0:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080", 0x15}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
syz_open_procfs(0x0, &(0x7f00000001c0)='net/ip_vs_stats\x00')
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

11:46:57 executing program 1:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mount(0x0, 0x0, 0x0, 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001) (fail_nth: 56)
ioctl$BTRFS_IOC_GET_DEV_STATS(0xffffffffffffffff, 0xc4089434, 0x0)

[  321.417669][T24547] loop0: detected capacity change from 0 to 262160
[  321.427671][T24547] FAT-fs (loop0): invalid media value (0x00)
[  321.433695][T24547] FAT-fs (loop0): Can't find a valid FAT filesystem
11:46:57 executing program 3:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(0xffffffffffffffff, r1, 0x0, 0x80000001)

[  321.487287][T24549] loop1: detected capacity change from 0 to 262160
11:46:57 executing program 2:
mkdir(&(0x7f0000000140)='./file0\x00', 0x0)
mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) (async)
r0 = socket$can_raw(0x1d, 0x3, 0x1)
recvmsg(r0, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000400)=[{&(0x7f0000000380)=""/111, 0x6f}, {&(0x7f0000000480)=""/138, 0x8a}, {&(0x7f0000000540)=""/139, 0x8b}], 0x3, &(0x7f0000000600)=""/18, 0x12}, 0x0) (async)
r1 = open(&(0x7f00000001c0)='./file0\x00', 0x80, 0x0)
r2 = openat$cgroup_procs(r1, &(0x7f0000000000)='cgroup.procs\x00', 0x2, 0x0)
writev(r2, &(0x7f0000000440)=[{&(0x7f0000000180)='0', 0x1}], 0x1) (async)
pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, <r3=>0xffffffffffffffff}, 0x0)
r4 = creat(&(0x7f0000000100)='./bus\x00', 0x0)
fallocate(r4, 0x100000003, 0x80019b, 0x80019c) (async)
mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000200), 0x2000800, &(0x7f00000002c0)={'trans=fd,', {'rfdno', 0x3d, r4}, 0x2c, {'wfdno', 0x3d, r2}, 0x2c, {[{@mmap}, {@privport}, {@debug={'debug', 0x3d, 0xc6cf}}], [{@context={'context', 0x3d, 'user_u'}}, {@fsmagic={'fsmagic', 0x3d, 0x2}}]}}) (async)
write$P9_RLOCK(r3, &(0x7f0000000280)={0x8}, 0x8) (async)
open(&(0x7f0000000100)='./file0\x00', 0x41400, 0x70)

11:46:57 executing program 4:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x7ffff000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

[  321.579933][T24553] loop3: detected capacity change from 0 to 262160
[  321.604806][T24558] SELinux: security_context_str_to_sid (user_u) failed with errno=-22
[  321.607836][T24554] FAULT_INJECTION: forcing a failure.
[  321.607836][T24554] name failslab, interval 1, probability 0, space 0, times 0
11:46:57 executing program 5:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800204)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

11:46:57 executing program 2:
mkdir(&(0x7f0000000140)='./file0\x00', 0x0)
mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0)
r0 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0)
r1 = openat$cgroup_procs(r0, &(0x7f0000000000)='cgroup.procs\x00', 0x2, 0x0)
writev(r1, &(0x7f0000000440)=[{&(0x7f0000000180)='0', 0x1}], 0x1)
write$P9_RXATTRCREATE(r0, &(0x7f0000000100)={0x7, 0x21, 0x2}, 0x7)
pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, <r2=>0xffffffffffffffff}, 0x0)
write$P9_RLOCK(r2, &(0x7f0000000280)={0x8}, 0x8)

[  321.625647][T24554] CPU: 0 PID: 24554 Comm: syz-executor.1 Not tainted 5.18.0-rc2-syzkaller-00275-g59250f8a7f3a-dirty #0
[  321.636666][T24554] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  321.646780][T24554] Call Trace:
[  321.650065][T24554]  <TASK>
[  321.652999][T24554]  dump_stack_lvl+0xd6/0x122
[  321.657595][T24554]  dump_stack+0x11/0x12
[  321.661757][T24554]  should_fail+0x230/0x240
[  321.666241][T24554]  __should_failslab+0x81/0x90
[  321.671080][T24554]  ? mempool_alloc_slab+0x16/0x20
[  321.676205][T24554]  should_failslab+0x5/0x20
[  321.680772][T24554]  kmem_cache_alloc+0x46/0x300
[  321.685542][T24554]  mempool_alloc_slab+0x16/0x20
[  321.690396][T24554]  ? mempool_free+0x130/0x130
[  321.695071][T24554]  mempool_alloc+0x9f/0x2a0
[  321.699630][T24554]  bio_alloc_bioset+0xe4/0x730
[  321.704463][T24554]  submit_bh_wbc+0x161/0x2f0
[  321.709134][T24554]  __sync_dirty_buffer+0x141/0x1f0
[  321.714250][T24554]  sync_dirty_buffer+0x16/0x20
[  321.719084][T24554]  fat_mirror_bhs+0x268/0x330
[  321.723774][T24554]  fat_ent_write+0xc2/0xd0
[  321.728199][T24554]  fat_chain_add+0x15b/0x410
[  321.732814][T24554]  fat_get_block+0x486/0x600
[  321.737411][T24554]  ? fat_block_truncate_page+0x30/0x30
[  321.742876][T24554]  __block_write_begin_int+0x33d/0xc90
[  321.748341][T24554]  ? fat_block_truncate_page+0x30/0x30
[  321.753809][T24554]  ? PageHeadHuge+0x3b/0x120
[  321.758415][T24554]  ? fat_block_truncate_page+0x30/0x30
[  321.763949][T24554]  block_write_begin+0x77/0x170
[  321.768802][T24554]  ? cont_write_begin+0x3aa/0x500
[  321.773827][T24554]  cont_write_begin+0x3cf/0x500
11:46:58 executing program 0:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f8", 0x16}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
syz_open_procfs(0x0, &(0x7f00000001c0)='net/ip_vs_stats\x00')
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

[  321.778702][T24554]  fat_write_begin+0x61/0xf0
[  321.783403][T24554]  ? fat_block_truncate_page+0x30/0x30
[  321.788864][T24554]  generic_perform_write+0x1d6/0x3f0
[  321.794245][T24554]  ? fat_write_begin+0xf0/0xf0
[  321.799020][T24554]  __generic_file_write_iter+0x172/0x280
[  321.804657][T24554]  ? generic_write_checks+0x256/0x290
[  321.810095][T24554]  generic_file_write_iter+0x75/0x130
[  321.815508][T24554]  do_iter_readv_writev+0x27b/0x300
[  321.820704][T24554]  do_iter_write+0x16f/0x5c0
[  321.825317][T24554]  ? splice_from_pipe_next+0x34f/0x3b0
[  321.830795][T24554]  vfs_iter_write+0x4c/0x70
[  321.835374][T24554]  iter_file_splice_write+0x44a/0x7c0
[  321.840814][T24554]  ? splice_from_pipe+0xc0/0xc0
[  321.845750][T24554]  direct_splice_actor+0x80/0xa0
[  321.850741][T24554]  splice_direct_to_actor+0x345/0x660
[  321.856121][T24554]  ? do_splice_direct+0x180/0x180
[  321.861163][T24554]  do_splice_direct+0xfb/0x180
[  321.866040][T24554]  do_sendfile+0x3ad/0x900
[  321.870457][T24554]  __x64_sys_sendfile64+0x10c/0x150
[  321.875680][T24554]  do_syscall_64+0x2b/0x70
[  321.880168][T24554]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  321.886064][T24554] RIP: 0033:0x7f53af6750e9
[  321.890476][T24554] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[  321.895003][T24564] loop0: detected capacity change from 0 to 262160
[  321.910084][T24554] RSP: 002b:00007f53aedca168 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
11:46:58 executing program 3:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, 0xffffffffffffffff, 0x0, 0x80000001)

[  321.910108][T24554] RAX: ffffffffffffffda RBX: 00007f53af788030 RCX: 00007f53af6750e9
[  321.910121][T24554] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000004
[  321.910133][T24554] RBP: 00007f53aedca1d0 R08: 0000000000000000 R09: 0000000000000000
[  321.910159][T24554] R10: 0000000080000001 R11: 0000000000000246 R12: 0000000000000002
[  321.910203][T24554] R13: 00007ffd49c5f31f R14: 00007f53aedca300 R15: 0000000000022000
[  321.910220][T24554]  </TASK>
11:46:58 executing program 1:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mount(0x0, 0x0, 0x0, 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001) (fail_nth: 57)
ioctl$BTRFS_IOC_GET_DEV_STATS(0xffffffffffffffff, 0xc4089434, 0x0)

11:46:58 executing program 2:
mkdir(&(0x7f0000000140)='./file0\x00', 0x0)
mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) (async)
r0 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0)
r1 = openat$cgroup_procs(r0, &(0x7f0000000000)='cgroup.procs\x00', 0x2, 0x0)
writev(r1, &(0x7f0000000440)=[{&(0x7f0000000180)='0', 0x1}], 0x1) (async, rerun: 64)
write$P9_RXATTRCREATE(r0, &(0x7f0000000100)={0x7, 0x21, 0x2}, 0x7) (rerun: 64)
pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, <r2=>0xffffffffffffffff}, 0x0)
write$P9_RLOCK(r2, &(0x7f0000000280)={0x8}, 0x8)

11:46:58 executing program 2:
mkdir(&(0x7f0000000140)='./file0\x00', 0x0)
mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) (async)
r0 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0)
r1 = openat$cgroup_procs(r0, &(0x7f0000000000)='cgroup.procs\x00', 0x2, 0x0)
writev(r1, &(0x7f0000000440)=[{&(0x7f0000000180)='0', 0x1}], 0x1)
write$P9_RXATTRCREATE(r0, &(0x7f0000000100)={0x7, 0x21, 0x2}, 0x7) (async)
pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, <r2=>0xffffffffffffffff}, 0x0)
write$P9_RLOCK(r2, &(0x7f0000000280)={0x8}, 0x8)

[  321.977025][T24564] FAT-fs (loop0): bogus number of FAT sectors
[  321.983169][T24564] FAT-fs (loop0): Can't find a valid FAT filesystem
[  321.994815][T24569] loop4: detected capacity change from 0 to 262160
[  322.004857][T24571] loop3: detected capacity change from 0 to 262160
11:46:58 executing program 2:
mkdir(&(0x7f0000000140)='./file0\x00', 0x0)
mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0)
r0 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0)
r1 = openat$cgroup_procs(r0, &(0x7f0000000000)='cgroup.procs\x00', 0x2, 0x0)
writev(r1, &(0x7f0000000440)=[{&(0x7f0000000180)='0', 0x1}], 0x1)
pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, <r2=>0xffffffffffffffff}, 0x0)
write$P9_RLOCK(r2, &(0x7f0000000280)={0x8}, 0x8)
r3 = ioctl$TIOCGPTPEER(r0, 0x5441, 0x7fff)
r4 = socket$kcm(0x10, 0x2, 0x4)
sendmsg$kcm(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000000)="48000000140081fb7059ae08060c04000aff0f03000004000e11000000006fabca1b4e7d06a6bd7c493872f750375ed08a562ad6e74703c48f93b82a02000000461eb886a5e54e8f", 0x48}], 0x1}, 0x0)
ioctl$FS_IOC_FIEMAP(r4, 0xc020660b, &(0x7f00000002c0)={0x7, 0x14c1, 0x1, 0x10001, 0x3, [{0x5, 0x8000000000000001, 0x9, '\x00', 0x100}, {0x6, 0x8, 0x7ff, '\x00', 0xc}, {0x9, 0x1ff, 0x8, '\x00', 0x682}]})
sendfile(r2, r3, 0x0, 0x4c)

[  322.045404][T24577] loop5: detected capacity change from 0 to 262160
[  322.081011][T24581] loop1: detected capacity change from 0 to 262160
11:46:58 executing program 2:
mkdir(&(0x7f0000000140)='./file0\x00', 0x0) (async)
mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) (async)
r0 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0)
r1 = openat$cgroup_procs(r0, &(0x7f0000000000)='cgroup.procs\x00', 0x2, 0x0)
writev(r1, &(0x7f0000000440)=[{&(0x7f0000000180)='0', 0x1}], 0x1)
pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, <r2=>0xffffffffffffffff}, 0x0)
write$P9_RLOCK(r2, &(0x7f0000000280)={0x8}, 0x8) (async)
r3 = ioctl$TIOCGPTPEER(r0, 0x5441, 0x7fff)
r4 = socket$kcm(0x10, 0x2, 0x4)
sendmsg$kcm(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000000)="48000000140081fb7059ae08060c04000aff0f03000004000e11000000006fabca1b4e7d06a6bd7c493872f750375ed08a562ad6e74703c48f93b82a02000000461eb886a5e54e8f", 0x48}], 0x1}, 0x0)
ioctl$FS_IOC_FIEMAP(r4, 0xc020660b, &(0x7f00000002c0)={0x7, 0x14c1, 0x1, 0x10001, 0x3, [{0x5, 0x8000000000000001, 0x9, '\x00', 0x100}, {0x6, 0x8, 0x7ff, '\x00', 0xc}, {0x9, 0x1ff, 0x8, '\x00', 0x682}]}) (async)
sendfile(r2, r3, 0x0, 0x4c)

11:46:58 executing program 2:
mkdir(&(0x7f0000000140)='./file0\x00', 0x0)
mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0)
r0 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0)
r1 = openat$cgroup_procs(r0, &(0x7f0000000000)='cgroup.procs\x00', 0x2, 0x0)
writev(r1, &(0x7f0000000440)=[{&(0x7f0000000180)='0', 0x1}], 0x1) (async)
pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, <r2=>0xffffffffffffffff}, 0x0)
write$P9_RLOCK(r2, &(0x7f0000000280)={0x8}, 0x8)
r3 = ioctl$TIOCGPTPEER(r0, 0x5441, 0x7fff) (async, rerun: 64)
r4 = socket$kcm(0x10, 0x2, 0x4) (rerun: 64)
sendmsg$kcm(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000000)="48000000140081fb7059ae08060c04000aff0f03000004000e11000000006fabca1b4e7d06a6bd7c493872f750375ed08a562ad6e74703c48f93b82a02000000461eb886a5e54e8f", 0x48}], 0x1}, 0x0) (async)
ioctl$FS_IOC_FIEMAP(r4, 0xc020660b, &(0x7f00000002c0)={0x7, 0x14c1, 0x1, 0x10001, 0x3, [{0x5, 0x8000000000000001, 0x9, '\x00', 0x100}, {0x6, 0x8, 0x7ff, '\x00', 0xc}, {0x9, 0x1ff, 0x8, '\x00', 0x682}]}) (async, rerun: 64)
sendfile(r2, r3, 0x0, 0x4c) (rerun: 64)

[  322.208746][T24595] FAULT_INJECTION: forcing a failure.
[  322.208746][T24595] name failslab, interval 1, probability 0, space 0, times 0
[  322.221463][T24595] CPU: 1 PID: 24595 Comm: syz-executor.1 Not tainted 5.18.0-rc2-syzkaller-00275-g59250f8a7f3a-dirty #0
[  322.232489][T24595] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  322.242547][T24595] Call Trace:
[  322.245834][T24595]  <TASK>
[  322.248760][T24595]  dump_stack_lvl+0xd6/0x122
[  322.253450][T24595]  dump_stack+0x11/0x12
11:46:58 executing program 2:
mkdir(&(0x7f0000000140)='./file0\x00', 0x0)
open$dir(&(0x7f0000000100)='./file0\x00', 0x200, 0x180)
mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0)
r0 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0)
r1 = openat$cgroup_procs(r0, &(0x7f0000000000)='cgroup.procs\x00', 0x2, 0x0)
writev(r1, &(0x7f0000000440)=[{&(0x7f0000000180)='0', 0x1}], 0x1)
pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, <r2=>0xffffffffffffffff}, 0x0)
write$P9_RLOCK(r2, &(0x7f0000000280)={0x8}, 0x8)

11:46:58 executing program 4:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x7ffffffff000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

[  322.257609][T24595]  should_fail+0x230/0x240
[  322.262029][T24595]  __should_failslab+0x81/0x90
[  322.266843][T24595]  ? mempool_alloc_slab+0x16/0x20
[  322.271865][T24595]  should_failslab+0x5/0x20
[  322.276363][T24595]  kmem_cache_alloc+0x46/0x300
[  322.281152][T24595]  mempool_alloc_slab+0x16/0x20
[  322.286005][T24595]  ? mempool_free+0x130/0x130
[  322.290684][T24595]  mempool_alloc+0x9f/0x2a0
[  322.295189][T24595]  bio_alloc_bioset+0xe4/0x730
[  322.299959][T24595]  submit_bh_wbc+0x161/0x2f0
[  322.304635][T24595]  __sync_dirty_buffer+0x141/0x1f0
[  322.309815][T24595]  sync_dirty_buffer+0x16/0x20
[  322.314588][T24595]  fat_mirror_bhs+0x268/0x330
[  322.319347][T24595]  fat_alloc_clusters+0x983/0xa80
[  322.324390][T24595]  fat_get_block+0x263/0x600
[  322.329005][T24595]  ? fat_block_truncate_page+0x30/0x30
[  322.334465][T24595]  __block_write_begin_int+0x33d/0xc90
[  322.339936][T24595]  ? fat_block_truncate_page+0x30/0x30
[  322.345455][T24595]  ? PageHeadHuge+0x3b/0x120
[  322.350111][T24595]  ? fat_block_truncate_page+0x30/0x30
[  322.355578][T24595]  block_write_begin+0x77/0x170
[  322.360461][T24595]  ? cont_write_begin+0x3aa/0x500
[  322.365518][T24595]  cont_write_begin+0x3cf/0x500
[  322.370419][T24595]  fat_write_begin+0x61/0xf0
[  322.375016][T24595]  ? fat_block_truncate_page+0x30/0x30
[  322.380516][T24595]  generic_perform_write+0x1d6/0x3f0
[  322.385835][T24595]  ? fat_write_begin+0xf0/0xf0
[  322.390596][T24595]  __generic_file_write_iter+0x172/0x280
[  322.396233][T24595]  ? generic_write_checks+0x256/0x290
[  322.401598][T24595]  generic_file_write_iter+0x75/0x130
[  322.406970][T24595]  do_iter_readv_writev+0x27b/0x300
[  322.412167][T24595]  do_iter_write+0x16f/0x5c0
[  322.416760][T24595]  ? splice_from_pipe_next+0x34f/0x3b0
[  322.422253][T24595]  vfs_iter_write+0x4c/0x70
[  322.426756][T24595]  iter_file_splice_write+0x44a/0x7c0
[  322.432134][T24595]  ? splice_from_pipe+0xc0/0xc0
[  322.436993][T24595]  direct_splice_actor+0x80/0xa0
[  322.441983][T24595]  splice_direct_to_actor+0x345/0x660
[  322.447357][T24595]  ? do_splice_direct+0x180/0x180
[  322.452446][T24595]  do_splice_direct+0xfb/0x180
11:46:58 executing program 5:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800035)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

11:46:58 executing program 3:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, 0xffffffffffffffff, 0x0, 0x80000001)

[  322.457292][T24595]  do_sendfile+0x3ad/0x900
[  322.461709][T24595]  __x64_sys_sendfile64+0x10c/0x150
[  322.466962][T24595]  do_syscall_64+0x2b/0x70
[  322.471458][T24595]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  322.477454][T24595] RIP: 0033:0x7f53af6750e9
[  322.481863][T24595] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[  322.501467][T24595] RSP: 002b:00007f53aedca168 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[  322.509944][T24595] RAX: ffffffffffffffda RBX: 00007f53af788030 RCX: 00007f53af6750e9
[  322.517893][T24595] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000004
[  322.525868][T24595] RBP: 00007f53aedca1d0 R08: 0000000000000000 R09: 0000000000000000
[  322.533843][T24595] R10: 0000000080000001 R11: 0000000000000246 R12: 0000000000000002
[  322.541794][T24595] R13: 00007ffd49c5f31f R14: 00007f53aedca300 R15: 0000000000022000
[  322.549745][T24595]  </TASK>
11:46:58 executing program 0:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f8", 0x16}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
syz_open_procfs(0x0, &(0x7f00000001c0)='net/ip_vs_stats\x00')
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

11:46:58 executing program 2:
mkdir(&(0x7f0000000140)='./file0\x00', 0x0) (async)
open$dir(&(0x7f0000000100)='./file0\x00', 0x200, 0x180) (async)
mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) (async)
r0 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0)
r1 = openat$cgroup_procs(r0, &(0x7f0000000000)='cgroup.procs\x00', 0x2, 0x0)
writev(r1, &(0x7f0000000440)=[{&(0x7f0000000180)='0', 0x1}], 0x1) (async)
pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, <r2=>0xffffffffffffffff}, 0x0)
write$P9_RLOCK(r2, &(0x7f0000000280)={0x8}, 0x8)

[  322.636613][T24604] loop3: detected capacity change from 0 to 262160
[  322.637570][T24605] loop5: detected capacity change from 0 to 262160
[  322.657251][T24606] loop4: detected capacity change from 0 to 262160
11:46:58 executing program 1:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mount(0x0, 0x0, 0x0, 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001) (fail_nth: 58)
ioctl$BTRFS_IOC_GET_DEV_STATS(0xffffffffffffffff, 0xc4089434, 0x0)

11:46:58 executing program 2:
mkdir(&(0x7f0000000140)='./file0\x00', 0x0) (async)
open$dir(&(0x7f0000000100)='./file0\x00', 0x200, 0x180) (async, rerun: 64)
mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) (async, rerun: 64)
r0 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0)
r1 = openat$cgroup_procs(r0, &(0x7f0000000000)='cgroup.procs\x00', 0x2, 0x0)
writev(r1, &(0x7f0000000440)=[{&(0x7f0000000180)='0', 0x1}], 0x1) (async)
pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, <r2=>0xffffffffffffffff}, 0x0)
write$P9_RLOCK(r2, &(0x7f0000000280)={0x8}, 0x8)

11:46:58 executing program 2:
mkdir(&(0x7f0000000140)='./file0\x00', 0x0)
mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0)
r0 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0)
r1 = openat$cgroup_procs(r0, &(0x7f0000000000)='cgroup.procs\x00', 0x2, 0x0)
writev(r1, &(0x7f0000000440)=[{&(0x7f0000000180)='0', 0x1}], 0x1)
setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f00000001c0)={@private=0xa010101, @dev={0xac, 0x14, 0x14, 0x10}, 0x0, 0x2, [@local, @rand_addr=0x64010100]}, 0x18)
pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, <r2=>0xffffffffffffffff}, 0x0)
write$P9_RLOCK(r2, &(0x7f0000000280)={0x8}, 0x8)
write$P9_RVERSION(r2, &(0x7f0000000100)={0x13, 0x65, 0xffff, 0xffffffc0, 0x6, '9P2000'}, 0x13)

11:46:59 executing program 2:
mkdir(&(0x7f0000000140)='./file0\x00', 0x0)
mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) (async)
r0 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0)
r1 = openat$cgroup_procs(r0, &(0x7f0000000000)='cgroup.procs\x00', 0x2, 0x0)
writev(r1, &(0x7f0000000440)=[{&(0x7f0000000180)='0', 0x1}], 0x1) (async)
setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f00000001c0)={@private=0xa010101, @dev={0xac, 0x14, 0x14, 0x10}, 0x0, 0x2, [@local, @rand_addr=0x64010100]}, 0x18)
pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, <r2=>0xffffffffffffffff}, 0x0)
write$P9_RLOCK(r2, &(0x7f0000000280)={0x8}, 0x8) (async)
write$P9_RVERSION(r2, &(0x7f0000000100)={0x13, 0x65, 0xffff, 0xffffffc0, 0x6, '9P2000'}, 0x13)

[  322.795660][T24622] loop0: detected capacity change from 0 to 262160
[  322.812648][T24624] loop1: detected capacity change from 0 to 262160
11:46:59 executing program 2:
mkdir(&(0x7f0000000140)='./file0\x00', 0x0) (async)
mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) (async)
r0 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0)
r1 = openat$cgroup_procs(r0, &(0x7f0000000000)='cgroup.procs\x00', 0x2, 0x0)
writev(r1, &(0x7f0000000440)=[{&(0x7f0000000180)='0', 0x1}], 0x1) (async)
setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f00000001c0)={@private=0xa010101, @dev={0xac, 0x14, 0x14, 0x10}, 0x0, 0x2, [@local, @rand_addr=0x64010100]}, 0x18) (async)
pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, <r2=>0xffffffffffffffff}, 0x0)
write$P9_RLOCK(r2, &(0x7f0000000280)={0x8}, 0x8)
write$P9_RVERSION(r2, &(0x7f0000000100)={0x13, 0x65, 0xffff, 0xffffffc0, 0x6, '9P2000'}, 0x13)

11:46:59 executing program 3:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, 0xffffffffffffffff, 0x0, 0x80000001)

[  322.854026][T24622] FAT-fs (loop0): bogus number of FAT sectors
[  322.860164][T24622] FAT-fs (loop0): Can't find a valid FAT filesystem
11:46:59 executing program 2:
mkdir(&(0x7f0000000140)='./file0\x00', 0x0)
mount(&(0x7f0000000100)=@md0, &(0x7f0000000200)='./file0/file0\x00', &(0x7f00000002c0)='esdfs\x00', 0x21000, &(0x7f0000000300)='\x00')
mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000340)='9p\x00', 0x2909ac0, 0x0)
r0 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0)
r1 = openat$cgroup_procs(r0, &(0x7f0000000000)='cgroup.procs\x00', 0x2, 0x0)
writev(r1, &(0x7f0000000440)=[{&(0x7f0000000180)="5926eb31faf41695218a3780001aa13be3376e51332ea41eaa9f92f2ff909ec21048cfbc2af669170590e26c0b1c2982798beced57540731c54a1d2f97f04632100000000000000000", 0x49}], 0x1)
recvmmsg$unix(r0, &(0x7f00000015c0)=[{{&(0x7f0000000380)=@abs, 0x6e, &(0x7f0000000640)=[{&(0x7f0000000480)=""/85, 0x55}, {&(0x7f0000000040)=""/54, 0x36}, {&(0x7f0000000500)=""/109, 0x6d}, {&(0x7f0000000400)=""/33, 0x21}, {&(0x7f0000000580)=""/92, 0x5c}, {&(0x7f0000000600)=""/19, 0x13}], 0x6, &(0x7f00000006c0)=[@cred={{0x1c}}, @rights={{0x30, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @rights={{0x2c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}, @cred={{0x1c}}, @cred={{0x1c}}, @rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}], 0x140}}, {{&(0x7f0000000800), 0x6e, &(0x7f0000000a80)=[{&(0x7f0000000880)=""/30, 0x1e}, {&(0x7f00000008c0)=""/96, 0x60}, {&(0x7f0000000940)=""/23, 0x17}, {&(0x7f0000000980)=""/216, 0xd8}], 0x4, &(0x7f0000000ac0)=[@cred={{0x1c}}, @rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}, @rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}], 0x50}}, {{&(0x7f0000000b40), 0x6e, &(0x7f0000001200)=[{&(0x7f0000000bc0)=""/235, 0xeb}, {&(0x7f0000000cc0)=""/51, 0x33}, {&(0x7f0000000d00)=""/103, 0x67}, {&(0x7f0000000d80)=""/109, 0x6d}, {&(0x7f0000000e00)=""/79, 0x4f}, {&(0x7f0000000e80)=""/38, 0x26}, {&(0x7f0000000ec0)=""/203, 0xcb}, {&(0x7f0000000fc0)=""/172, 0xac}, {&(0x7f0000001080)=""/250, 0xfa}, {&(0x7f0000001180)=""/94, 0x5e}], 0xa, &(0x7f00000012c0)=[@cred={{0x1c}}, @cred={{0x1c}}, @cred={{0x1c}}, @cred={{0x1c}}, @rights={{0x2c, 0x1, 0x1, [<r2=>0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x28, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @cred={{0x1c}}], 0x118}}, {{&(0x7f0000001400)=@abs, 0x6e, &(0x7f0000001500)=[{&(0x7f0000001480)=""/98, 0x62}], 0x1, &(0x7f0000001540)=[@rights={{0x28, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x10}}, @rights={{0x20, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, <r3=>0xffffffffffffffff]}}], 0x58}}], 0x4, 0x20, 0x0)
pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, <r4=>0xffffffffffffffff}, 0x0)
ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(r3, 0xc0189374, &(0x7f00000016c0)={{0x1, 0x1, 0x18, <r5=>r2, {0x2}}, './file0/file0\x00'})
utimensat(r5, &(0x7f0000001700)='./file0\x00', &(0x7f0000001740)={{0x0, 0x2710}, {0x77359400}}, 0x100)
write$P9_RLOCK(r4, &(0x7f0000000280)={0x8}, 0x8)

[  322.927553][T24635] loop3: detected capacity change from 0 to 262160
[  322.958195][T24634] FAULT_INJECTION: forcing a failure.
[  322.958195][T24634] name failslab, interval 1, probability 0, space 0, times 0
[  322.971026][T24634] CPU: 1 PID: 24634 Comm: syz-executor.1 Not tainted 5.18.0-rc2-syzkaller-00275-g59250f8a7f3a-dirty #0
[  322.982058][T24634] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  322.992168][T24634] Call Trace:
[  322.995450][T24634]  <TASK>
[  322.998380][T24634]  dump_stack_lvl+0xd6/0x122
[  323.002982][T24634]  dump_stack+0x11/0x12
[  323.007217][T24634]  should_fail+0x230/0x240
[  323.011645][T24634]  __should_failslab+0x81/0x90
[  323.016417][T24634]  ? mempool_alloc_slab+0x16/0x20
[  323.021507][T24634]  should_failslab+0x5/0x20
[  323.026008][T24634]  kmem_cache_alloc+0x46/0x300
[  323.030766][T24634]  ? update_cfs_rq_load_avg+0x16e/0x180
[  323.036318][T24634]  mempool_alloc_slab+0x16/0x20
[  323.041245][T24634]  ? mempool_free+0x130/0x130
[  323.045922][T24634]  mempool_alloc+0x9f/0x2a0
[  323.050513][T24634]  ? __schedule+0x514/0x6c0
[  323.055074][T24634]  bio_alloc_bioset+0xe4/0x730
[  323.059842][T24634]  submit_bh_wbc+0x161/0x2f0
[  323.064438][T24634]  __sync_dirty_buffer+0x141/0x1f0
[  323.069556][T24634]  sync_dirty_buffer+0x16/0x20
[  323.074328][T24634]  fat_mirror_bhs+0x268/0x330
[  323.079013][T24634]  fat_alloc_clusters+0x983/0xa80
[  323.084061][T24634]  fat_get_block+0x263/0x600
[  323.088735][T24634]  ? fat_block_truncate_page+0x30/0x30
[  323.094288][T24634]  __block_write_begin_int+0x33d/0xc90
[  323.099794][T24634]  ? fat_block_truncate_page+0x30/0x30
[  323.105284][T24634]  ? PageHeadHuge+0x3b/0x120
[  323.109924][T24634]  ? fat_block_truncate_page+0x30/0x30
[  323.115383][T24634]  block_write_begin+0x77/0x170
[  323.120233][T24634]  ? cont_write_begin+0x3aa/0x500
[  323.125259][T24634]  cont_write_begin+0x3cf/0x500
[  323.130192][T24634]  fat_write_begin+0x61/0xf0
[  323.134894][T24634]  ? fat_block_truncate_page+0x30/0x30
[  323.140391][T24634]  generic_perform_write+0x1d6/0x3f0
[  323.145685][T24634]  ? fat_write_begin+0xf0/0xf0
[  323.150604][T24634]  __generic_file_write_iter+0x172/0x280
[  323.156257][T24634]  ? generic_write_checks+0x256/0x290
[  323.161686][T24634]  generic_file_write_iter+0x75/0x130
[  323.167058][T24634]  do_iter_readv_writev+0x27b/0x300
[  323.172313][T24634]  do_iter_write+0x16f/0x5c0
[  323.176907][T24634]  ? delay_tsc+0xc1/0xe0
[  323.181148][T24634]  vfs_iter_write+0x4c/0x70
[  323.185657][T24634]  iter_file_splice_write+0x44a/0x7c0
[  323.191178][T24634]  ? splice_from_pipe+0xc0/0xc0
[  323.196028][T24634]  direct_splice_actor+0x80/0xa0
[  323.200994][T24634]  splice_direct_to_actor+0x345/0x660
[  323.206426][T24634]  ? do_splice_direct+0x180/0x180
[  323.211458][T24634]  do_splice_direct+0xfb/0x180
[  323.216224][T24634]  do_sendfile+0x3ad/0x900
[  323.220655][T24634]  __x64_sys_sendfile64+0x10c/0x150
[  323.225913][T24634]  do_syscall_64+0x2b/0x70
[  323.230387][T24634]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  323.236276][T24634] RIP: 0033:0x7f53af6750e9
[  323.240686][T24634] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[  323.260328][T24634] RSP: 002b:00007f53aedca168 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[  323.268742][T24634] RAX: ffffffffffffffda RBX: 00007f53af788030 RCX: 00007f53af6750e9
11:46:59 executing program 5:
mkdir(&(0x7f0000000140)='./file0\x00', 0x0)
mount$bind(&(0x7f0000000100)='./file0\x00', &(0x7f00000001c0)='./file0\x00', &(0x7f0000000200), 0x5000, 0x0)
mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0)
r0 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0)
r1 = openat$cgroup_procs(r0, &(0x7f0000000000)='cgroup.procs\x00', 0x2, 0x0)
writev(r1, &(0x7f0000000440)=[{&(0x7f0000000180)='0', 0x1}], 0x1)
pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, <r2=>0xffffffffffffffff}, 0x0)
fcntl$setpipe(r2, 0x407, 0x6)
mount(&(0x7f00000002c0)=@sr0, &(0x7f0000000300)='./file0\x00', &(0x7f0000000340)='ramfs\x00', 0x1000000, &(0x7f0000000380)='cgroup.procs\x00')
syz_mount_image$nfs4(&(0x7f00000003c0), &(0x7f0000000400)='./file0\x00', 0x6, 0x1, &(0x7f00000004c0)=[{&(0x7f0000000480)="6839189dde69fb3596a3d900edf334ee862c38d3c2203de8fe06719de0e804", 0x1f, 0x20}], 0x1080022, &(0x7f0000000500)={[{'cgroup2\x00'}, {':'}, {'pipefs\x00'}, {'ramfs\x00'}, {'pipefs\x00'}, {'pipefs\x00'}, {'^,'}, {'cgroup2\x00'}], [{@dont_appraise}, {@context={'context', 0x3d, 'sysadm_u'}}]})
write$P9_RLOCK(r2, &(0x7f0000000280)={0x8}, 0x8)

11:46:59 executing program 2:
mkdir(&(0x7f0000000140)='./file0\x00', 0x0)
mount(&(0x7f0000000100)=@md0, &(0x7f0000000200)='./file0/file0\x00', &(0x7f00000002c0)='esdfs\x00', 0x21000, &(0x7f0000000300)='\x00') (async, rerun: 64)
mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000340)='9p\x00', 0x2909ac0, 0x0) (async, rerun: 64)
r0 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0)
r1 = openat$cgroup_procs(r0, &(0x7f0000000000)='cgroup.procs\x00', 0x2, 0x0)
writev(r1, &(0x7f0000000440)=[{&(0x7f0000000180)="5926eb31faf41695218a3780001aa13be3376e51332ea41eaa9f92f2ff909ec21048cfbc2af669170590e26c0b1c2982798beced57540731c54a1d2f97f04632100000000000000000", 0x49}], 0x1)
recvmmsg$unix(r0, &(0x7f00000015c0)=[{{&(0x7f0000000380)=@abs, 0x6e, &(0x7f0000000640)=[{&(0x7f0000000480)=""/85, 0x55}, {&(0x7f0000000040)=""/54, 0x36}, {&(0x7f0000000500)=""/109, 0x6d}, {&(0x7f0000000400)=""/33, 0x21}, {&(0x7f0000000580)=""/92, 0x5c}, {&(0x7f0000000600)=""/19, 0x13}], 0x6, &(0x7f00000006c0)=[@cred={{0x1c}}, @rights={{0x30, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @rights={{0x2c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}, @cred={{0x1c}}, @cred={{0x1c}}, @rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}], 0x140}}, {{&(0x7f0000000800), 0x6e, &(0x7f0000000a80)=[{&(0x7f0000000880)=""/30, 0x1e}, {&(0x7f00000008c0)=""/96, 0x60}, {&(0x7f0000000940)=""/23, 0x17}, {&(0x7f0000000980)=""/216, 0xd8}], 0x4, &(0x7f0000000ac0)=[@cred={{0x1c}}, @rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}, @rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}], 0x50}}, {{&(0x7f0000000b40), 0x6e, &(0x7f0000001200)=[{&(0x7f0000000bc0)=""/235, 0xeb}, {&(0x7f0000000cc0)=""/51, 0x33}, {&(0x7f0000000d00)=""/103, 0x67}, {&(0x7f0000000d80)=""/109, 0x6d}, {&(0x7f0000000e00)=""/79, 0x4f}, {&(0x7f0000000e80)=""/38, 0x26}, {&(0x7f0000000ec0)=""/203, 0xcb}, {&(0x7f0000000fc0)=""/172, 0xac}, {&(0x7f0000001080)=""/250, 0xfa}, {&(0x7f0000001180)=""/94, 0x5e}], 0xa, &(0x7f00000012c0)=[@cred={{0x1c}}, @cred={{0x1c}}, @cred={{0x1c}}, @cred={{0x1c}}, @rights={{0x2c, 0x1, 0x1, [<r2=>0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x28, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @cred={{0x1c}}], 0x118}}, {{&(0x7f0000001400)=@abs, 0x6e, &(0x7f0000001500)=[{&(0x7f0000001480)=""/98, 0x62}], 0x1, &(0x7f0000001540)=[@rights={{0x28, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x10}}, @rights={{0x20, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, <r3=>0xffffffffffffffff]}}], 0x58}}], 0x4, 0x20, 0x0)
pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, <r4=>0xffffffffffffffff}, 0x0) (async)
ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(r3, 0xc0189374, &(0x7f00000016c0)={{0x1, 0x1, 0x18, <r5=>r2, {0x2}}, './file0/file0\x00'})
utimensat(r5, &(0x7f0000001700)='./file0\x00', &(0x7f0000001740)={{0x0, 0x2710}, {0x77359400}}, 0x100) (async)
write$P9_RLOCK(r4, &(0x7f0000000280)={0x8}, 0x8)

[  323.276716][T24634] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000004
[  323.284685][T24634] RBP: 00007f53aedca1d0 R08: 0000000000000000 R09: 0000000000000000
[  323.292657][T24634] R10: 0000000080000001 R11: 0000000000000246 R12: 0000000000000002
[  323.300678][T24634] R13: 00007ffd49c5f31f R14: 00007f53aedca300 R15: 0000000000022000
[  323.308660][T24634]  </TASK>
11:46:59 executing program 2:
mkdir(&(0x7f0000000140)='./file0\x00', 0x0) (async)
mount(&(0x7f0000000100)=@md0, &(0x7f0000000200)='./file0/file0\x00', &(0x7f00000002c0)='esdfs\x00', 0x21000, &(0x7f0000000300)='\x00')
mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000340)='9p\x00', 0x2909ac0, 0x0) (async, rerun: 32)
r0 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) (rerun: 32)
r1 = openat$cgroup_procs(r0, &(0x7f0000000000)='cgroup.procs\x00', 0x2, 0x0)
writev(r1, &(0x7f0000000440)=[{&(0x7f0000000180)="5926eb31faf41695218a3780001aa13be3376e51332ea41eaa9f92f2ff909ec21048cfbc2af669170590e26c0b1c2982798beced57540731c54a1d2f97f04632100000000000000000", 0x49}], 0x1)
recvmmsg$unix(r0, &(0x7f00000015c0)=[{{&(0x7f0000000380)=@abs, 0x6e, &(0x7f0000000640)=[{&(0x7f0000000480)=""/85, 0x55}, {&(0x7f0000000040)=""/54, 0x36}, {&(0x7f0000000500)=""/109, 0x6d}, {&(0x7f0000000400)=""/33, 0x21}, {&(0x7f0000000580)=""/92, 0x5c}, {&(0x7f0000000600)=""/19, 0x13}], 0x6, &(0x7f00000006c0)=[@cred={{0x1c}}, @rights={{0x30, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @rights={{0x2c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}, @cred={{0x1c}}, @cred={{0x1c}}, @rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}], 0x140}}, {{&(0x7f0000000800), 0x6e, &(0x7f0000000a80)=[{&(0x7f0000000880)=""/30, 0x1e}, {&(0x7f00000008c0)=""/96, 0x60}, {&(0x7f0000000940)=""/23, 0x17}, {&(0x7f0000000980)=""/216, 0xd8}], 0x4, &(0x7f0000000ac0)=[@cred={{0x1c}}, @rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}, @rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}], 0x50}}, {{&(0x7f0000000b40), 0x6e, &(0x7f0000001200)=[{&(0x7f0000000bc0)=""/235, 0xeb}, {&(0x7f0000000cc0)=""/51, 0x33}, {&(0x7f0000000d00)=""/103, 0x67}, {&(0x7f0000000d80)=""/109, 0x6d}, {&(0x7f0000000e00)=""/79, 0x4f}, {&(0x7f0000000e80)=""/38, 0x26}, {&(0x7f0000000ec0)=""/203, 0xcb}, {&(0x7f0000000fc0)=""/172, 0xac}, {&(0x7f0000001080)=""/250, 0xfa}, {&(0x7f0000001180)=""/94, 0x5e}], 0xa, &(0x7f00000012c0)=[@cred={{0x1c}}, @cred={{0x1c}}, @cred={{0x1c}}, @cred={{0x1c}}, @rights={{0x2c, 0x1, 0x1, [<r2=>0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x28, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @cred={{0x1c}}], 0x118}}, {{&(0x7f0000001400)=@abs, 0x6e, &(0x7f0000001500)=[{&(0x7f0000001480)=""/98, 0x62}], 0x1, &(0x7f0000001540)=[@rights={{0x28, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x10}}, @rights={{0x20, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, <r3=>0xffffffffffffffff]}}], 0x58}}], 0x4, 0x20, 0x0)
pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, <r4=>0xffffffffffffffff}, 0x0) (async)
ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(r3, 0xc0189374, &(0x7f00000016c0)={{0x1, 0x1, 0x18, <r5=>r2, {0x2}}, './file0/file0\x00'})
utimensat(r5, &(0x7f0000001700)='./file0\x00', &(0x7f0000001740)={{0x0, 0x2710}, {0x77359400}}, 0x100) (async)
write$P9_RLOCK(r4, &(0x7f0000000280)={0x8}, 0x8)

[  323.397346][   T24] audit: type=1400 audit(1650109619.572:449): avc:  denied  { remount } for  pid=24648 comm="syz-executor.5" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ramfs_t tclass=filesystem permissive=1
11:46:59 executing program 0:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f8", 0x16}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
syz_open_procfs(0x0, &(0x7f00000001c0)='net/ip_vs_stats\x00')
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

11:46:59 executing program 3:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x0)

11:46:59 executing program 4:
r0 = syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
lstat(&(0x7f0000000280)='./file0\x00', &(0x7f00000024c0)={0x0, 0x0, 0x0, 0x0, <r2=>0x0})
syz_mount_image$tmpfs(&(0x7f00000000c0), &(0x7f0000000200)='./file0\x00', 0x7fffffffffffffff, 0x4, &(0x7f0000002440)=[{&(0x7f0000000300)="3407abeed9ea48907ed3e5ef064bafa0c023b066ca61382587341a08bd407113e593decac61467fc1f6fdaf2e9a4b7ac01b3c1b56c3a987dd61cf16ee4cbe7038e939e5482506e377cf7c7637e6e3ec0ed46ed761bf4cb05acd7232aa58d59fc97f30701bb4825727aa0d343909b716e0c96b5114f58aa1b537ec0d9c0d3a16daee15f75eb98b920febf432fb071f9298fdb216b5739bc5b947669c44cda9af258667182e9ee8a5633c05bfc3b1365812cc51d46c2deb0db5eef663ed6dc63bb7e099c590e2410cdaaf28d13dd0154ddf7532309646740416eee7e3c73994ed0f67e64e2b03f9ca128216f18d4fb1385aba8264ba3136712da077842d2e2e8bc4f5e85d3fe3809b58e0832742ac3a516f512c15de96622b5c81ecc4c8ed296dbb0dffb14170b44c4fa2feee8a85131d69677e6a76323c9b8101f45971072ef056a1a1674adec3e8438413067fce61e821df905f6963c5471a82365d8ec2dc55763344f77ac78b26a789bd95a381892f81b67bf5abba03305367ae33e3466cd92a7a1c101dfee6240dc6d0e3599c0f99d754184d9e1723a698475792e77129fcc7378f124dacf0ec6653ec0ba791ad4d997996dad4534093bb65244683022df47234b104712dcebf74ea78d6a0b52f744c4681c62486b9c41877506daaae9f62b4e630270989b363b6304dd7d00e2b06245877245754dfec064fb45a5b9032861bbc0b13b1159d111a0bfee4055b526faeff3b76df34461e1b6c84054bb9ec5420d4bdd54bb1db644f80aa3ef73d280408a4cac3eb2f44a278d4679659fc2b12c6eba7454f37f46c46c643d3c11f698feeb067a8f0ad700c76c2c8314544a0f538ac9e8dfe1dfccd2448e136c239ccd867b149a19d9e59e399e93a3969ba92b778cfa32866e239d5375116ccce2ec12ce4668572d3b786b395ccddcf20181c387311496062a50a9b7614bd8f89cb5d38d1261ee0c19a5d4bb9d89696647d2166bcc9e9a29f56aa783dc8995d403a290ecded95c60a0bdf73f750e804e3dacbfa52623dd08fa028b9b00caa5b74ba31286066fcf59a954f6cab2ccc82a579bd508c9b6095c34ffa33180c0f880b91e845426d9067319c2342f0106fec51db870a4048c4dc59204120bd343db1e55107bbd95315441bbfb5e243276471788c2a377beef2e5d7d4e957248fd5f4d61b2485dd4950618675b9220cbe5a6101ff9b2e85c70da78c8148c8fd09fa0add7fa6004664b27d145039495f111dba13eba777d657729b1251da998698c7b4ce8cd80c2ef72a196aa38dbad72baa97d3fd2f17de95cdd041979fda47a8c35d8d91f03e181360a2d437fc152dac723c525620d37c161d99b84cc0f4d5677e4a17edacb32d38cf855ca2870ddfdbfc8c93bd035388da0da3c4e02fdd3ac8443190f374a35e7aafdbf7a356c10107af81dc9eb6f86fef794a928b81a5c09738642442c746da136634f913d3a5984c42828a29966a89f3620195005ba83d78f70091714fc340c21ee96312f459981da1e86074c3bc92198a1eddcf237c22910f447fa3825e8ff3135a3aa7c0efa6e8da218518913041d86d01871396c32dfba26fcc545f4a2db13decdbd2af5435811f45c4b9d3c6e50439fe2eefc488da094004e74bffa01ca12b5dba56f4437dee3f21b0f99faee7d63c79516f0fc4812b0f7bb73d7d0dc8463ece7dc1a416ad0fda08a22e8738dab6915ec0c105206e1ed334761f3e9884b5c7bb2802206aee0fa0d7f4baa52572c05136778677ce6ef6a8cabb54d9f7ba0e4cd16b4ba3c5aa18876459bd2bf7b497db0280f24eccd5be87295d39d7982e7ed04ad4ffd73b8e572d9ce155b97410b3c6059b938c116e319992bcb33854581fc97c0d648442f9157ddaeb6d7b92258ea29e998bdcb466427916a291ad24239f0f24b41d3bde98ff23a4ce3d041ee9f098e69a24dad8fba660d5b36d6de3add24faeadba6696e39de7f43b436eaf82e29d871d2cf36c986342f496dc75bd2a0a5855bde4d217a04e8ac89111836b9f0f86f332a3be18d343d3153cd57f6ce84837c2ef0a811c72db9c016b426bf2c4d5edcb5fc69aa120a71ab788483ecd9d9d23b5befa0a54318bc8f7201d8714e00750da1d029ba6f3a5b46f64dcc6d41cacd9bbd9f5415eea098e7cb7da7cb89d87de9e790b25eb6e6d76050649eb341b254aaf4a7d177c7957fae98f7e0d43be4c088887a5e4ac92fc91458a8e08d6bcd04912a822916bfd6ace3d4fc006b13e55c39e5c3d41bf0b3d571ece6000da1cd55aaa41e05cddbc05d445b5598a0d039cd991b035b2fc65d16347f78573de32502581fa7dda73154e28fb0f49d7e7d70fe3d4aef952940fdaae79757b16af71a1dbf0aa01769b8a3a5ba3795a8917d6a4292614d150f4a8bf830a6c2360036ea259b19af38354f1ad75583dde15c1455559cee685ddaf18254b5865ca9c89b3f2c2b99e0f2ac0223fecdf716c0f13d1d78b52958372e45d8180b0431fbda3b61b550b310156199532d76568f47bbeaa59163b1ad9b9c279e98535ba34d844fedc565c501d21c2eb487618238d82c5eaac840b604fad758b5c8c60f8ce0692097607308ab800d2ac33c496003fb38b970e06b0a92fe0f0529625799229c7b0cf8b273eda0ff2ebd782a1a0dbfa57c571e7e7eb9c90bd329c433f218f8cf1b88bd3d7be8187614153936e44ada1098491f855c115868f48b4bed0e5ae47ae2007a07be149234c5bb98db589d6f11d4c3e1430658c86b5dcddf350fe35268eaca6d5d8dd3350aff9f3cc644137703259f3f788f3e675dc8efb628338c59bb1c39384f3f7794d2cb13cf019869bc46a1f7c4189dfd6916bb333653473abf729392e2a2d4937779b2322d84a21c1c68b4cb34d1e97aeef2a295d6858144ae86163f6e21c05359be63cae05faf0881627ad1adc97a622fabe426a06000e50525b10531e6233057aa3eef15443ac7e7fd2f6995a501443265f047860a32972c703c02870c9d0b5fa8ecb09e112ed440ed25538ae19a03a0feb51495d87b7fab73e62eabc972268b40d268a872cbeaf9cc0aff4945c6f547634043de4e8f8d2a677b664db1b0de3b6f27ca372ec10b5a4f8dc85cb3ed82e8ae2479910ac73e9e7cb3a1188be8255d95471e2a2490657cf23824970778912f64d15cb57145bc6ab4e64aa29798361b0f8f1cd245d9282ad7398c3776992f0cbd13c9bdb699ef1b273ebb1584233e15d2cf5fd8f08adde350effed4740322a987c43e2a5d2b64531d9e9ff1d0eb98b32441bd6c2c085e260a9b6b940a0f28b134afe51f95e50bb14afebafdd9635b54dbae08246d5716a6f762cf7ee60f7c6885ef160820496cc3c239911fe659115993fe4375fd60c2dee75be293eabd4ba6fccf8b49f26dd222c43d1319f0a79bd5bc2d6a9bf65bb357d8d291f7ec807620629987316e8257cb62eca260bd4e7175548e048028ae92886321eb46b9bc42dc4b74512d8ec8e4a7d65c867bcfa18d81166b9ca4ab1787e41ad3d21f9745b13030bf0c511c3c8834987bf66213f0900843790a9399bb20cd02fe06d0fea9f19f109ada09e19fbda20cd7b494f68a2c63d279aba416540801efea1fff1bdcebaa739fae94e8d4dc45ce1a5d5b6248382ca82601046f70a36778bcdd18800e52f67b14f8e69fb9611a4243d4bbd482a4fa7d487fe7b7ffa2525342c3d29bd7cc72100ee45b6ca816893a894571537987f51ab71d9baa3d65d5788d6d6208614803fc29d5c9f6420f49f527c903533e170a0ac6b0ebf8faee359c96ebdc9452d747b9e2cdca9cdc60d909dd03771b1cd7205e52aecc6b366955fbcc8147610180d7659c150fb3bfdb03c565a8f8e4c41bebc9fc13635c6308d2cd2ae66815d3418c372a00751f2bc3faca497f9b91bdd0f20399677f1d0735543e97c43c280837f4488658592227e68748684bb781dce560c7dad209cbecfa0d30d43467827873da874b0ab56c55f285b59003abe8413981f191cad3244d51cf7ef2b264d3f3779dfe04db724a2bdb574ec35f75b1b72a618597e63dbfc7e33854cf7a4a54038f620e46063680a71ac9900f5747f6d9ed9e4170e7d5e6498b6779385eba7575230eba59e27bc70f908273187e3d4da1146c45b99501d1546919e461bbd4137cef4bbaefe546d004ac39335794c540efa7b2f5c2073b22b383573cd85cea8797855d10755bcf15d8fa2c8e8cec68a0735a14d6a9121270769dc35ea7f992b5306b17ba554505d02e86cd0fe043d610b0a8fdbaa1c6f7d0d3829bcc5c406c1b08dd338b8acad60174d29841e0f8818a9a7e8c834d078008b5b049a934af0574c4b930d5190861d1b094d069b64f04090ff9894624efb6cdf3390d5987b09af19a726a40fee3e60fad81e94b7555c55464fbbb170997752d6af9de5655935e1fa2573afc5fa1c8dd7c6aef10086471d5806761dbb9ea1c8a89a90ab4b00e7324e183603ef005cfaac38f5982d693c002aea2cb34bb5d51ec6a77083f5130fe4ca09790803d9f35ba326fac5cb91c9057b7776d9439d69d467356ff7bf7292f9c0c61b8c1d91e73e4393cbde1814aaf640e8da0152e11060c7aad73b9fceff5c9e876563dab7208557fbf93ea28ab4cd0cc3a75de6b403d00bf632364fbbdd729e7f762e0886c63d431ac8c79d0d35b88f3283c863957350d6bcace65c32859830b71e429985dba3fe3b875ae512c94ca8faf822de97d64c4da8262fb4f1e64d74a9c31b4479a0ee190ee0456d8234157c28c7503a87d00ee4502c08110b17ece8c5844426f62ba9d14f24147a20d143b04031e15ce696db5d8899bc44470e6e9485beface56f57727d0e5e9bb85bf7b45d6375f208c32a1cfb930e4c343b67b47a4ba0d0102ea87dc8c2c6cc9fc6e1b676021c27677b5ffd9e6bc37bd7037194e61985b39a6f5644613ce70ed23e200989aba228a8af04bd6fa0b6f63f3bbf24871c47f9f7aad8159dfd208b37393c97dd54bc10d3ad435dbe98a4f4a6fcbec9c018f465c4b11041acf8967af8c0fdc7d09aed24e7c38e165788e865d5ba5af30e5039b1e1096c0e0897585a512bc8ccdd1f488d3babcd30dda6171da7e3e2c436a769d772ee4e924aa892433e262f157f4856d37b3e6be1642cbb6197443e4935f51700cd7e7e75c1dd43a179923c184c19dc9249f06a6f4d5d9b76f6a781d9f435d8381d2f3b1d4aa8f351144979f6e3d2a1139c9b3c4aac8b68e54b524d9127c8a373d5efd2d79ee4de83a1fa90cbb03563a968855c1276a6181b5ffde5840db0fe7cc93059db678e7bcbdf48d9f2fb48f53f9eb6fae0ed6bf1971d4562018deae9932d7859c84cc9228c8a003e6dc6525102574996438ca63d72bc3685dd2e6dd5fab0086876cc6af55d11365376412dac2e3b61f78498ac748da3285d0a28885bc7425ba8c752146a6ab0851f6980ae6568c2e715e7bb7b50544947f4b143345df30043004df071913fc8f4b4affeac85d518b0ef0ef56d0c8e01164f160de229de3fde129c8ef0a58b34f3cd3272717c5157038be93f8f4206c9d215478a304374ef042f4e28c30ceca28b7211887762c1b581f4159faca443707920c4921487e8aeaa7dcd38b1e141088caa0f1d9ccb4bf1d6dd17d95e65ee341fc81d24f478d20c22227005b8edba287438ea872cc6cce636e531650252c03cc632224deaf4dbaff62978ef4b06a9f314fac06503dcf2565794545b5b1557c8f1b4b9b967226130ffc65f055272dc389decfcdf4b953d750f0506e290e6cd6182", 0x1000, 0x2}, {&(0x7f0000001300)="92a558c07fbb46ccc432e7b5cbb1047647181768080ba9a66faaa685c7a75c129bfdb3e5dc07888e86ded206ff4530a044a1bfe59566373c87be75c7f311498628f19b078ce7044effdd20b0fa0611a2cef46a2577567b468fe6dc82ac235e5ac411948098e99432919ff367d2be7f1fbd340df53fe0b3d0854fa8b8f24fd5b004143fbd32f0e2699f8fa00de9e70227198ce1f9f412798647d6e005349d99ca6f4b9ef51dffdf81703715360087c1c2769170cda12ee462aa4e2d205f65e3fc21532fda58546709b5bc15f5effe9176ec40d503573151fc40a521880877b2e1292f33393adeb75158bd64ee1c118be78d123d051e6ed2d91e21faaddec85f6dceeb6d945e5bc6153b75c682850680fd987293c3b217d88c2fc5bfd19f5ede7cd01065e18a9595aae4dd70f8d6caffa6a9de8a59224fc3be14640d40dbf9f53809ba6d2adaf3776e90feffa374214cab7dad8a487b1a8b2dab0906a90bc1496c4a95477e8fe1060165f8668ae714e64670accd0fd0ed33db2742e227c4c6bec3200a257e867ea9a885344e543ec767859f1209accac0f1f9b9b69c8236c826e13ab51ad29f80466c547a49528186f49c56588b2d3724c8b196b8c2457a7577c5f2c5ba33d98ed16fd4bbd6a482211b65f037f3db7e9bc5e12a794f297cd8ac3bf4b97986e5983adea650c2be54546889bf4109919f2912d61976e15966ef1dad09fd17f6f2d997461109a82773abae9552005070e71e988c475dc2b07760b576261062dfca5b0bec87f02bc2ae92b53611246cc0f6e15e865e9d97d81b38fbfe6c08e3ddcbfe8860ab104458d6196f053e0f9cfd10a854fa39ca8ec584bbbfdf51d66d0903c2e6505f93bfd15a1037918462fe508a398776ab0c7e2e32442681432391aa16597bbab9f948e16cf4670264e0efbae5bebb3066fafb4265874d90773b199694ce0ff1d6d9669689476af5d6a4da91281ac6d65230fcf675dfe0b9aeead82317cc565a5089209503f99534fa00baf9148d5f56bf7d74c8f458d11f792ff526cc61056570cb8738107fffc6c8d5b36d985e1e82b58755f75bed1fd7d55e3626917eaa830e2eade2e128b2943f7acab924d73b41943f29088c56a7d0e981daa9c54e284d495c52b2ae08d7a1b7fc14b9101c574c92a979333a6174de66445ea69ead33b743c38cb4e9a71f8811aa0d024b9dd7a682a6bd222135863ef0aca4fb59d7bd8f6fff4d13cc05b95752e49a2021db4e16151f645f30398c07a1e94389e61fe36c541c0455f831ead05fcd7cb3f9da17901ec63924db622d70bdd10acaad5c2c4b2e669e7063b233cb3d018394b020fcbbfbdc827257d3b3b58b1d236a732f1b2cceb8bae40a5b2550657cfaa9104ba77d9d33b1e45bc2bcb53e1f7f4078bd36e48a0ed1b2905bdd713183dcbfe6be5abe1b0c4dbd0037603a7be3a752eedfcb73fcffd9d67d5089752f608c6e4b5a2f413cd074275758eea459f9ada447f64610fd6be3ac2aa7bb9808dd5d58458b3053c79886ce8a5b44cb5a3182f9524bfbfe9c5568cd88a2ea331f6fd6fdd0b1844d2d251df3a30754298529a000dbe2e4e9b02bcd30ced0cad93e411d8b19f16305ec32afc574817bdf68b4c3647b2dc8d60741e213f1e56f9e2c0daa3a6b44a5420aebf4208df43057d843aa48b1813bc3a0621f103d4a676c7f5acf1b7202576516bd2c232c229184a2ab0a865697705b4ebbaedd828f643818896eada3faa6c6384de7ed2831dd6974f62611028c056177e6141dd9c2c520962eda64ff33ee9ddf86503739deeb54ac4b19718ef6af309882a3d7056b2c36de5674d06db4b51da3f9f54eb65e0938600883a33aa1b580ca5c667820ec8ce8a513f3c132a64d068d7134d704fcc735c7fd032ab94af0a01e4ed1974d8a210ca00d9f1a5871ceb085f14cc4bba779c0925696687b7b35927bda08fe1c559b94a350e2c5d716247928d9345a8776a0b45b18eae3da423fad623fe45ecd4b2233dc7c6ed481d3795a8080741c7465c3d6e28ab448e89efbe905969fdec8ad7d4102e545f5e68928bd695e854045c4885818235529f23091c66464d0f828e57ae4683ccb2c62a5ad867ab31ade160f9706215c1254cc8767fae33da2df1e13013c36f1aa20eb1a1c2328b00bf080063282f2a1f988c12b7f1c037df7b4ea6daa295530e0c9928ab1aa0d1bf5fbaab921b75402c1e80088e183d65edd00aadbaf6eb45ab294eee11f52b37c41c13bdda2ca0824546b7e688ad7155f23c433e16df9b8a4bdeae813090bad6c0cd2cfaec49df048608df923e4cab05ec8ca14451da9201ec4e1c2abbc7163f00160560afaf58e51f529bc1e2721e40c865e02430ea991b9702f6e0a960646e90e6fba12177c645e76c01f7cd116b0e84efdbe5f99e345b98784fa6deb290f238a42e51cd6036aa3e620d8ca73d9e9378f5411109dc69936af6f1a56367ef914294579a4c5e2982ca147592b7cb4c75cc60cc486adc414cb977d9972c971e6d75e2fd44e6bda80e1395ca226ddbd8647c1493ae872b2ddc1bc6b8a189196da2fa023d77bf14cd460b6366103e6ff65bcf8778b0ef13a41c2af65e2a64f1ad0bd4b063287452365db6bb520f4439639c89a1a8300fd39f8e388549f6c066a5e66975da31f361944d1164be09844a18e5043113dfbe4a3f46418cd42af4087c3a6ad7e281e7d7db2a4c1fe82772b87cec969224ce3f39f08811227d00925b59219e48a5ac978d6a694e32a7a5eabb45518805bf9dc1fb88a0379ce32ed2d5707fcac09a4381f2b39db2103002fff67031721a69881b17a534c69bd37fc449cb31d9116cab1c4f8df831989b2590499bedd73f7919bd7a15f0700221ad386fc353c793b72875c904ec814801c955bcf0885b526dd51906ec0c6d71fe5cbe4471c0c88060dc3408bd633eaaf9c1cdef6faab27c80852605989a08d19dc0f8a61b2809a0e872215139653167cec4aa13257739d691a34c47b140ffb56d03c176b4744b81a20b683efdaf16b49801e8909e7561a81ca4d488c49249ba8d6914352bc834cedcb5fb339a5b54c1856233217e5a0a7585ad78d31d76538b0e0a2cadf030f8aa4ffefadfbc45dec91905be13a15b6de176cc7c3307b647fcc3e836a582061ea4f0abe790f00ea9073f116b8ddb6cfc6c14ec1e24049fdbde4aebca16357047778b092763fcb497625dc5f1d29a8397c945ad95b55b250b3879448604a82cc4c2d09a8183bffd5c7209fece936e4833a379b0c6ba249d64d0eed07be6bf292c89b43b354fa11a6e6afea59a4cd7eab609916aa8ad9c186a20506d39bd70b24f0a16dcd34f8862ae7e64458c452be798d5e9534e629df2ed1b0eeb5bb870ab6a372b8850f455d4e6b9e7dadfa9eb2088df302936960b1975df56211b563398879f2fdbb9a1cec005bfcabbd91a90eb5fbd7fcbc99f5fb551a2fbfa53d03d530a7d9e09ffaf20c421b58a4233804a79d290ea4fc28a6de4db18cfe97c540a0ac138136a2e1080291b05f648224f8a96473274bef616e7419b7d222329e7c83634eeedfcc3e95e40bfc3f5cd9436f2dc027c45ba4327fc1dd71462e0114b0428cc3d65ed2b001ea957a2ee63ffdb5630228460a2961a33f79a3fa0ecc43f132918dde70ba37a47d6bda4d3eed6ec1821339611cf42da8477a641eac2ff557eb10c22b4bdba36a5ddb10555f0a6c59b57e1b813c446f93ff864d01baca55f98e37b4ffe6f1c535f1f3aeed454a85c40dc0dd80c348f3cf0b346d516961f516ab3a0e9bb7421f40939c47fa124008af0e615182445d1523bd7919380b351e4429a9c382fa12cf304912d1077a60d89577729ac10ea41b0f020899eb95bc8f7f4960b74ac527ec03984a9731aa88a0ad96bb2eddce7f2e2b2d9e3986f0a7d4e17bf5523e87ff280724c1320df6554a841d2abba9c66dfe16fa1cbcdde126b9477eb86526b4089ff6ddae6f02a2103b296620a42f9e21032b666961b8b151981e164d5232048438618dcfec9510c6a9f9c1f952dba052fb81a23a50880adf50c6c6f98ceaf39234f8f1be9f407dca589d9067a41c04a63155ba1163a49dbf55ef2502ac252a55806e68c7a7eceda3003a7dc86f500b51930f0c3f029bf503b57757d65b203318430575f2e458ab0d2f73c10cd42546421be1c636a14dcdad1813d4ff02be5079569b4ea4605e91d087dcbdb60759b7e13baf5e1ac2c0bd36e8e34b1ae453471dea785d6ea616998f5b4187d754bade2f889e9af640f94360ecda360fae2b99689b1b2c899ae5448150e39677cc4ffb20f4235c3ff1f1b333591fb5c4049b48c05f0b59157460011a2b61e4a7c60922dcaf7e438e3a6e996750dcd679a1dbd27f2905bc16c9c63bd64941828a759d2165f2ad7a45a20ec8af432d5d0fe832a8dfe7df8d9f7aac624d4e7d87edbee78e2512f5d66305ce41927a9b2a543e02eeb5a81beb343f49e49b74b8f24d48b64f8bf8bfe80cc1b5b8319433cb0aa7df0b43f6117ae78d408863c5388b9037771561c08b7fd9109087a0651a8484371f00e9ac79bcd68b01583a06ce91f0803f03bf0d56229ba51a28e6c9161472b6ee4a7c172da30c08080b42faf6a3289aa89c3aecf5adcbc010788ea5067c96720bfcfd6f1c3ae2f152394b10fb3c8792f288af8c599545c1a61b62c67a8c5af9c661cb503d362e466b528cc9d0914f85134064d06213f200091d909974c19cf28c310fe048c8dac0e5f63915e6980457705a01ab56a3f69cb96e10b8c537d5c8fc9d496c166eac5398641233605818b8ae9fa6f5e1fb497d5cd31b95cc35ec1372f02e1cefa34665a7df7dbbe0bbce84dc24f1e00e854dedf19b7cb98b0644804c3a88ec858fd4a1d27c622b552c1ee5483106c4994cca6f9720d92a8b32177b2b0a4a5ab2491f1a8e5ae03ef58229a03cc5313f668a1f7b29c0ae292cd03e16ab94842e761dc98893be292046df83c2c140de8b236ca5a8fd0cc1ba51ccfe49cec0df3f62e891236b1ea701671251bbb84e18de3653dc2fbfff525ee4fa3f46e26cde4adafdf5a45277a23f833194b3b0a89c7aaf58f8ee04a13b6f15ea76a3cc312add2dd1ba09999878d2214b1656d0bcb9ad7b3e08d30445e2144bf6462ff1d9f61dd7df3edbe13bbef34e3c0424c41d916dc9555f9e06ccbd31e8245db4016fffb14ff770aa7f77fe7c7974fcf6364f9fac5f7edeb4fe0e2f5a925a5da9565c4ef79d244e1328c8e4be3b167be2a1b22c3567cb31e36a81bf8f886514518d2718e55138c777d1e56e57b179f0ff09511c3f30154eee5b20d57b684ac02c8ff16e4d2a9aca695fc435671c7a18f465368d441682df7e40c5535ceb508762cd0537ef060af9e63161d1f946e204765f2f816abf3cf922ab0b83c286eb4a70bca2fa929b0ddfdd88f90620f0d47b7e4aa179356d75a310cc3840b953f6e782fe2dbfc91dbc6001fa469c31123e851f3f071e208af891ca81283e7e4fb8bd2253cd2bd6e85d305b0d5055dd50d28838b8a0654fb21da1e5f64301397fa936cb858f6ecfa3f79ccbf193958dc338aa70f5663f62c541f87ac70f11723e15668927462fe8753a3ec3aa382416f296b2ce035807a59b94c108813880aaf610df777feb1f43a3141eca477cb51fe7a11ec2f0341dfae09bb5244aed7a3b8c9e8d63ef376d0be3777bf5cdd9dcb53737ce9c5081d27cd27788bb04dc7dc16d60fa652fed2313d4ea24b2fba3f0a8880a36cf94d3c9d03cd17a91070b8b5d2c5d5d2f81a98934b3", 0x1000, 0x80000000}, {&(0x7f0000002300)="8c8736ede1601cbb88089e372332f02eea2613ced0f05236fd37cef6598799d7b8a9c3dcb9e236c3655e0dbb01eefe118753df1e4780081c1cfde8292aa591a07476706cac6229c58cef5a60af39d78f196ba597eb3f4ca7c1f45c9983856a135ce77322091d279ce6a06c2c02ab783adb77a220436c337f4b921340e232be546c3745e1f3aa277e0d43088d4c6f0d38c6a3a7f975de85da6fa244402bcee7fa35a3941159e89903b3259605ae9d44", 0xaf, 0x2}, {&(0x7f00000023c0)="f25145359b486af3b08994c3b28fe4cc89c12b7904fd346e1095e125f89e7970a0218bb083e99ab9d7e8439c175c228bde06ce8e33ba32780e9d5bc4f7acb91b0803494c7675623dd61c5c67809de9ba4a02cdb2a85207b2c304db1b78a43a0cfbe625e8cdd39e3fac09234f", 0x6c, 0x574d}], 0x42859, &(0x7f0000002540)={[{@huge_advise}, {@mpol={'mpol', 0x3d, {'interleave', '=static', @void}}}, {@nr_inodes={'nr_inodes', 0x3d, [0x25, 0x33, 0x38, 0x37, 0x67, 0x6d]}}, {@nr_blocks={'nr_blocks', 0x3d, [0x65, 0x30, 0x16, 0x30, 0x70, 0x35, 0x33]}}, {@huge_never}, {@nr_blocks={'nr_blocks', 0x3d, [0x38, 0x36, 0x30]}}, {@nr_blocks={'nr_blocks', 0x3d, [0x2d, 0x35, 0x38, 0x31, 0x33, 0x31]}}, {@size={'size', 0x3d, [0x31, 0x65, 0x30]}}], [{@hash}, {@euid_lt={'euid<', r2}}, {@smackfsfloor={'smackfsfloor', 0x3d, 'vfat\x00'}}, {@audit}, {@appraise_type}, {@subj_user={'subj_user', 0x3d, 'vfat\x00'}}]})
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000540)=@IORING_OP_POLL_ADD, 0x3)
r3 = socket$nl_route(0x10, 0x3, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000400)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000180)={0x0, 0x0, 0x0}}, 0x0)
r4 = syz_io_uring_setup(0x4959, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r5=>0x0, &(0x7f0000000100)=<r6=>0x0)
syz_io_uring_submit(r5, r6, &(0x7f0000008540)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x10001)
r7 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r4, 0x10000000)
r8 = io_uring_register$IORING_REGISTER_PERSONALITY(r4, 0x9, 0x0, 0x0)
syz_io_uring_submit(r5, r7, &(0x7f0000000840)=@IORING_OP_FALLOCATE={0x11, 0x0, 0x0, @fd, 0xda5, 0x0, 0x0, 0x0, 0x0, {0x0, r8}}, 0x1)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000002640)=@IORING_OP_TEE={0x21, 0x2, 0x0, @fd_index=0x1, 0x0, 0x0, 0x40, 0x2, 0x0, {0x0, r8, r0}}, 0x1)
write$binfmt_script(r1, &(0x7f0000000040)=ANY=[], 0x8800000)
r9 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r10 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r9, r10, 0x0, 0x80000001)
r11 = getpgid(0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x80, 0x1, 0x0, 0x38, 0x1, 0x0, 0x9, 0x8000, 0x2, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x2, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0xffc00000, 0x2, @perf_config_ext={0x8, 0xffff}, 0x2000, 0x8, 0x2, 0x0, 0x9, 0xc46c, 0x4712, 0x0, 0x3ff, 0x0, 0x13d380}, r11, 0x7, r1, 0x0)

11:46:59 executing program 2:
mmap$usbfs(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x1, 0x10, 0xffffffffffffffff, 0xff)
mkdir(&(0x7f0000000140)='./file0\x00', 0x0)
r0 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0)
r1 = openat$cgroup_procs(r0, &(0x7f0000000000)='cgroup.procs\x00', 0x2, 0x0)
writev(r1, &(0x7f0000000440)=[{&(0x7f0000000180)='0', 0x1}], 0x1)
pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, <r2=>0xffffffffffffffff}, 0x0)
write$P9_RLOCK(r2, &(0x7f0000000280)={0x8}, 0x8)
r3 = socket$kcm(0x10, 0x2, 0x4)
sendmsg$kcm(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000000)="48000000140081fb7059ae08060c04000aff0f03000004000e11000000006fabca1b4e7d06a6bd7c493872f750375ed08a562ad6e74703c48f93b82a02000000461eb886a5e54e8f", 0x48}], 0x1}, 0x4004040)
recvfrom(r0, &(0x7f00000002c0)=""/250, 0xfa, 0x40010102, 0x0, 0x0)
bind(r3, &(0x7f00000000c0)=@ethernet={0x6, @local}, 0xffffffffffffff35)

11:46:59 executing program 1:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mount(0x0, 0x0, 0x0, 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001) (fail_nth: 59)
ioctl$BTRFS_IOC_GET_DEV_STATS(0xffffffffffffffff, 0xc4089434, 0x0)

11:46:59 executing program 5:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
syz_open_procfs(0x0, &(0x7f00000001c0)='net/ip_vs_stats\x00')
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

11:46:59 executing program 2:
mmap$usbfs(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x1, 0x10, 0xffffffffffffffff, 0xff) (async)
mkdir(&(0x7f0000000140)='./file0\x00', 0x0) (async)
r0 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0)
r1 = openat$cgroup_procs(r0, &(0x7f0000000000)='cgroup.procs\x00', 0x2, 0x0)
writev(r1, &(0x7f0000000440)=[{&(0x7f0000000180)='0', 0x1}], 0x1)
pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, <r2=>0xffffffffffffffff}, 0x0)
write$P9_RLOCK(r2, &(0x7f0000000280)={0x8}, 0x8)
r3 = socket$kcm(0x10, 0x2, 0x4)
sendmsg$kcm(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000000)="48000000140081fb7059ae08060c04000aff0f03000004000e11000000006fabca1b4e7d06a6bd7c493872f750375ed08a562ad6e74703c48f93b82a02000000461eb886a5e54e8f", 0x48}], 0x1}, 0x4004040) (async)
recvfrom(r0, &(0x7f00000002c0)=""/250, 0xfa, 0x40010102, 0x0, 0x0) (async)
bind(r3, &(0x7f00000000c0)=@ethernet={0x6, @local}, 0xffffffffffffff35)

11:46:59 executing program 2:
mmap$usbfs(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x1, 0x10, 0xffffffffffffffff, 0xff)
mkdir(&(0x7f0000000140)='./file0\x00', 0x0) (async)
r0 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0)
r1 = openat$cgroup_procs(r0, &(0x7f0000000000)='cgroup.procs\x00', 0x2, 0x0)
writev(r1, &(0x7f0000000440)=[{&(0x7f0000000180)='0', 0x1}], 0x1) (async)
pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, <r2=>0xffffffffffffffff}, 0x0)
write$P9_RLOCK(r2, &(0x7f0000000280)={0x8}, 0x8) (async)
r3 = socket$kcm(0x10, 0x2, 0x4)
sendmsg$kcm(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000000)="48000000140081fb7059ae08060c04000aff0f03000004000e11000000006fabca1b4e7d06a6bd7c493872f750375ed08a562ad6e74703c48f93b82a02000000461eb886a5e54e8f", 0x48}], 0x1}, 0x4004040)
recvfrom(r0, &(0x7f00000002c0)=""/250, 0xfa, 0x40010102, 0x0, 0x0) (async)
bind(r3, &(0x7f00000000c0)=@ethernet={0x6, @local}, 0xffffffffffffff35)

[  323.486704][T24656] loop3: detected capacity change from 0 to 262160
[  323.494774][T24661] loop4: detected capacity change from 0 to 262160
[  323.494987][T24662] loop1: detected capacity change from 0 to 262160
[  323.508333][T24660] loop5: detected capacity change from 0 to 262160
11:46:59 executing program 2:
mkdir(&(0x7f0000000140)='./file0\x00', 0x0)
mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0)
r0 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0)
r1 = openat$cgroup_procs(r0, &(0x7f0000000000)='cgroup.procs\x00', 0x2, 0x0)
writev(r1, &(0x7f0000000440)=[{&(0x7f0000000180)='0', 0x1}], 0x1)
pipe2$9p(&(0x7f0000000240), 0x0)

[  323.623140][T24676] loop0: detected capacity change from 0 to 262160
[  323.641712][T24676] FAT-fs (loop0): bogus number of FAT sectors
[  323.647907][T24676] FAT-fs (loop0): Can't find a valid FAT filesystem
11:46:59 executing program 2:
mkdir(&(0x7f0000000140)='./file0\x00', 0x0)
mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) (async)
r0 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0)
r1 = openat$cgroup_procs(r0, &(0x7f0000000000)='cgroup.procs\x00', 0x2, 0x0)
writev(r1, &(0x7f0000000440)=[{&(0x7f0000000180)='0', 0x1}], 0x1) (async)
pipe2$9p(&(0x7f0000000240), 0x0)

[  323.677439][T24679] FAULT_INJECTION: forcing a failure.
[  323.677439][T24679] name failslab, interval 1, probability 0, space 0, times 0
[  323.690228][T24679] CPU: 1 PID: 24679 Comm: syz-executor.1 Not tainted 5.18.0-rc2-syzkaller-00275-g59250f8a7f3a-dirty #0
[  323.701264][T24679] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  323.711338][T24679] Call Trace:
[  323.714615][T24679]  <TASK>
[  323.717574][T24679]  dump_stack_lvl+0xd6/0x122
[  323.722170][T24679]  dump_stack+0x11/0x12
[  323.726357][T24679]  should_fail+0x230/0x240
[  323.730839][T24679]  __should_failslab+0x81/0x90
[  323.735610][T24679]  ? mempool_alloc_slab+0x16/0x20
[  323.740644][T24679]  should_failslab+0x5/0x20
[  323.745152][T24679]  kmem_cache_alloc+0x46/0x300
[  323.749922][T24679]  mempool_alloc_slab+0x16/0x20
[  323.754773][T24679]  ? mempool_free+0x130/0x130
[  323.759500][T24679]  mempool_alloc+0x9f/0x2a0
[  323.764025][T24679]  ? __schedule+0x514/0x6c0
[  323.768533][T24679]  bio_alloc_bioset+0xe4/0x730
[  323.773385][T24679]  submit_bh_wbc+0x161/0x2f0
[  323.778058][T24679]  write_dirty_buffer+0xdb/0xe0
[  323.782914][T24679]  fat_sync_bhs+0x52/0x160
[  323.787367][T24679]  fat_ent_write+0x85/0xd0
[  323.791905][T24679]  fat_chain_add+0x15b/0x410
[  323.796581][T24679]  fat_get_block+0x486/0x600
[  323.801182][T24679]  ? fat_block_truncate_page+0x30/0x30
[  323.806734][T24679]  __block_write_begin_int+0x33d/0xc90
[  323.812239][T24679]  ? fat_block_truncate_page+0x30/0x30
[  323.817709][T24679]  ? PageHeadHuge+0x3b/0x120
[  323.822305][T24679]  ? fat_block_truncate_page+0x30/0x30
11:47:00 executing program 3:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x0)

11:47:00 executing program 4:
r0 = syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
lstat(&(0x7f0000000280)='./file0\x00', &(0x7f00000024c0)={0x0, 0x0, 0x0, 0x0, <r2=>0x0})
syz_mount_image$tmpfs(&(0x7f00000000c0), &(0x7f0000000200)='./file0\x00', 0x7fffffffffffffff, 0x4, &(0x7f0000002440)=[{&(0x7f0000000300)="3407abeed9ea48907ed3e5ef064bafa0c023b066ca61382587341a08bd407113e593decac61467fc1f6fdaf2e9a4b7ac01b3c1b56c3a987dd61cf16ee4cbe7038e939e5482506e377cf7c7637e6e3ec0ed46ed761bf4cb05acd7232aa58d59fc97f30701bb4825727aa0d343909b716e0c96b5114f58aa1b537ec0d9c0d3a16daee15f75eb98b920febf432fb071f9298fdb216b5739bc5b947669c44cda9af258667182e9ee8a5633c05bfc3b1365812cc51d46c2deb0db5eef663ed6dc63bb7e099c590e2410cdaaf28d13dd0154ddf7532309646740416eee7e3c73994ed0f67e64e2b03f9ca128216f18d4fb1385aba8264ba3136712da077842d2e2e8bc4f5e85d3fe3809b58e0832742ac3a516f512c15de96622b5c81ecc4c8ed296dbb0dffb14170b44c4fa2feee8a85131d69677e6a76323c9b8101f45971072ef056a1a1674adec3e8438413067fce61e821df905f6963c5471a82365d8ec2dc55763344f77ac78b26a789bd95a381892f81b67bf5abba03305367ae33e3466cd92a7a1c101dfee6240dc6d0e3599c0f99d754184d9e1723a698475792e77129fcc7378f124dacf0ec6653ec0ba791ad4d997996dad4534093bb65244683022df47234b104712dcebf74ea78d6a0b52f744c4681c62486b9c41877506daaae9f62b4e630270989b363b6304dd7d00e2b06245877245754dfec064fb45a5b9032861bbc0b13b1159d111a0bfee4055b526faeff3b76df34461e1b6c84054bb9ec5420d4bdd54bb1db644f80aa3ef73d280408a4cac3eb2f44a278d4679659fc2b12c6eba7454f37f46c46c643d3c11f698feeb067a8f0ad700c76c2c8314544a0f538ac9e8dfe1dfccd2448e136c239ccd867b149a19d9e59e399e93a3969ba92b778cfa32866e239d5375116ccce2ec12ce4668572d3b786b395ccddcf20181c387311496062a50a9b7614bd8f89cb5d38d1261ee0c19a5d4bb9d89696647d2166bcc9e9a29f56aa783dc8995d403a290ecded95c60a0bdf73f750e804e3dacbfa52623dd08fa028b9b00caa5b74ba31286066fcf59a954f6cab2ccc82a579bd508c9b6095c34ffa33180c0f880b91e845426d9067319c2342f0106fec51db870a4048c4dc59204120bd343db1e55107bbd95315441bbfb5e243276471788c2a377beef2e5d7d4e957248fd5f4d61b2485dd4950618675b9220cbe5a6101ff9b2e85c70da78c8148c8fd09fa0add7fa6004664b27d145039495f111dba13eba777d657729b1251da998698c7b4ce8cd80c2ef72a196aa38dbad72baa97d3fd2f17de95cdd041979fda47a8c35d8d91f03e181360a2d437fc152dac723c525620d37c161d99b84cc0f4d5677e4a17edacb32d38cf855ca2870ddfdbfc8c93bd035388da0da3c4e02fdd3ac8443190f374a35e7aafdbf7a356c10107af81dc9eb6f86fef794a928b81a5c09738642442c746da136634f913d3a5984c42828a29966a89f3620195005ba83d78f70091714fc340c21ee96312f459981da1e86074c3bc92198a1eddcf237c22910f447fa3825e8ff3135a3aa7c0efa6e8da218518913041d86d01871396c32dfba26fcc545f4a2db13decdbd2af5435811f45c4b9d3c6e50439fe2eefc488da094004e74bffa01ca12b5dba56f4437dee3f21b0f99faee7d63c79516f0fc4812b0f7bb73d7d0dc8463ece7dc1a416ad0fda08a22e8738dab6915ec0c105206e1ed334761f3e9884b5c7bb2802206aee0fa0d7f4baa52572c05136778677ce6ef6a8cabb54d9f7ba0e4cd16b4ba3c5aa18876459bd2bf7b497db0280f24eccd5be87295d39d7982e7ed04ad4ffd73b8e572d9ce155b97410b3c6059b938c116e319992bcb33854581fc97c0d648442f9157ddaeb6d7b92258ea29e998bdcb466427916a291ad24239f0f24b41d3bde98ff23a4ce3d041ee9f098e69a24dad8fba660d5b36d6de3add24faeadba6696e39de7f43b436eaf82e29d871d2cf36c986342f496dc75bd2a0a5855bde4d217a04e8ac89111836b9f0f86f332a3be18d343d3153cd57f6ce84837c2ef0a811c72db9c016b426bf2c4d5edcb5fc69aa120a71ab788483ecd9d9d23b5befa0a54318bc8f7201d8714e00750da1d029ba6f3a5b46f64dcc6d41cacd9bbd9f5415eea098e7cb7da7cb89d87de9e790b25eb6e6d76050649eb341b254aaf4a7d177c7957fae98f7e0d43be4c088887a5e4ac92fc91458a8e08d6bcd04912a822916bfd6ace3d4fc006b13e55c39e5c3d41bf0b3d571ece6000da1cd55aaa41e05cddbc05d445b5598a0d039cd991b035b2fc65d16347f78573de32502581fa7dda73154e28fb0f49d7e7d70fe3d4aef952940fdaae79757b16af71a1dbf0aa01769b8a3a5ba3795a8917d6a4292614d150f4a8bf830a6c2360036ea259b19af38354f1ad75583dde15c1455559cee685ddaf18254b5865ca9c89b3f2c2b99e0f2ac0223fecdf716c0f13d1d78b52958372e45d8180b0431fbda3b61b550b310156199532d76568f47bbeaa59163b1ad9b9c279e98535ba34d844fedc565c501d21c2eb487618238d82c5eaac840b604fad758b5c8c60f8ce0692097607308ab800d2ac33c496003fb38b970e06b0a92fe0f0529625799229c7b0cf8b273eda0ff2ebd782a1a0dbfa57c571e7e7eb9c90bd329c433f218f8cf1b88bd3d7be8187614153936e44ada1098491f855c115868f48b4bed0e5ae47ae2007a07be149234c5bb98db589d6f11d4c3e1430658c86b5dcddf350fe35268eaca6d5d8dd3350aff9f3cc644137703259f3f788f3e675dc8efb628338c59bb1c39384f3f7794d2cb13cf019869bc46a1f7c4189dfd6916bb333653473abf729392e2a2d4937779b2322d84a21c1c68b4cb34d1e97aeef2a295d6858144ae86163f6e21c05359be63cae05faf0881627ad1adc97a622fabe426a06000e50525b10531e6233057aa3eef15443ac7e7fd2f6995a501443265f047860a32972c703c02870c9d0b5fa8ecb09e112ed440ed25538ae19a03a0feb51495d87b7fab73e62eabc972268b40d268a872cbeaf9cc0aff4945c6f547634043de4e8f8d2a677b664db1b0de3b6f27ca372ec10b5a4f8dc85cb3ed82e8ae2479910ac73e9e7cb3a1188be8255d95471e2a2490657cf23824970778912f64d15cb57145bc6ab4e64aa29798361b0f8f1cd245d9282ad7398c3776992f0cbd13c9bdb699ef1b273ebb1584233e15d2cf5fd8f08adde350effed4740322a987c43e2a5d2b64531d9e9ff1d0eb98b32441bd6c2c085e260a9b6b940a0f28b134afe51f95e50bb14afebafdd9635b54dbae08246d5716a6f762cf7ee60f7c6885ef160820496cc3c239911fe659115993fe4375fd60c2dee75be293eabd4ba6fccf8b49f26dd222c43d1319f0a79bd5bc2d6a9bf65bb357d8d291f7ec807620629987316e8257cb62eca260bd4e7175548e048028ae92886321eb46b9bc42dc4b74512d8ec8e4a7d65c867bcfa18d81166b9ca4ab1787e41ad3d21f9745b13030bf0c511c3c8834987bf66213f0900843790a9399bb20cd02fe06d0fea9f19f109ada09e19fbda20cd7b494f68a2c63d279aba416540801efea1fff1bdcebaa739fae94e8d4dc45ce1a5d5b6248382ca82601046f70a36778bcdd18800e52f67b14f8e69fb9611a4243d4bbd482a4fa7d487fe7b7ffa2525342c3d29bd7cc72100ee45b6ca816893a894571537987f51ab71d9baa3d65d5788d6d6208614803fc29d5c9f6420f49f527c903533e170a0ac6b0ebf8faee359c96ebdc9452d747b9e2cdca9cdc60d909dd03771b1cd7205e52aecc6b366955fbcc8147610180d7659c150fb3bfdb03c565a8f8e4c41bebc9fc13635c6308d2cd2ae66815d3418c372a00751f2bc3faca497f9b91bdd0f20399677f1d0735543e97c43c280837f4488658592227e68748684bb781dce560c7dad209cbecfa0d30d43467827873da874b0ab56c55f285b59003abe8413981f191cad3244d51cf7ef2b264d3f3779dfe04db724a2bdb574ec35f75b1b72a618597e63dbfc7e33854cf7a4a54038f620e46063680a71ac9900f5747f6d9ed9e4170e7d5e6498b6779385eba7575230eba59e27bc70f908273187e3d4da1146c45b99501d1546919e461bbd4137cef4bbaefe546d004ac39335794c540efa7b2f5c2073b22b383573cd85cea8797855d10755bcf15d8fa2c8e8cec68a0735a14d6a9121270769dc35ea7f992b5306b17ba554505d02e86cd0fe043d610b0a8fdbaa1c6f7d0d3829bcc5c406c1b08dd338b8acad60174d29841e0f8818a9a7e8c834d078008b5b049a934af0574c4b930d5190861d1b094d069b64f04090ff9894624efb6cdf3390d5987b09af19a726a40fee3e60fad81e94b7555c55464fbbb170997752d6af9de5655935e1fa2573afc5fa1c8dd7c6aef10086471d5806761dbb9ea1c8a89a90ab4b00e7324e183603ef005cfaac38f5982d693c002aea2cb34bb5d51ec6a77083f5130fe4ca09790803d9f35ba326fac5cb91c9057b7776d9439d69d467356ff7bf7292f9c0c61b8c1d91e73e4393cbde1814aaf640e8da0152e11060c7aad73b9fceff5c9e876563dab7208557fbf93ea28ab4cd0cc3a75de6b403d00bf632364fbbdd729e7f762e0886c63d431ac8c79d0d35b88f3283c863957350d6bcace65c32859830b71e429985dba3fe3b875ae512c94ca8faf822de97d64c4da8262fb4f1e64d74a9c31b4479a0ee190ee0456d8234157c28c7503a87d00ee4502c08110b17ece8c5844426f62ba9d14f24147a20d143b04031e15ce696db5d8899bc44470e6e9485beface56f57727d0e5e9bb85bf7b45d6375f208c32a1cfb930e4c343b67b47a4ba0d0102ea87dc8c2c6cc9fc6e1b676021c27677b5ffd9e6bc37bd7037194e61985b39a6f5644613ce70ed23e200989aba228a8af04bd6fa0b6f63f3bbf24871c47f9f7aad8159dfd208b37393c97dd54bc10d3ad435dbe98a4f4a6fcbec9c018f465c4b11041acf8967af8c0fdc7d09aed24e7c38e165788e865d5ba5af30e5039b1e1096c0e0897585a512bc8ccdd1f488d3babcd30dda6171da7e3e2c436a769d772ee4e924aa892433e262f157f4856d37b3e6be1642cbb6197443e4935f51700cd7e7e75c1dd43a179923c184c19dc9249f06a6f4d5d9b76f6a781d9f435d8381d2f3b1d4aa8f351144979f6e3d2a1139c9b3c4aac8b68e54b524d9127c8a373d5efd2d79ee4de83a1fa90cbb03563a968855c1276a6181b5ffde5840db0fe7cc93059db678e7bcbdf48d9f2fb48f53f9eb6fae0ed6bf1971d4562018deae9932d7859c84cc9228c8a003e6dc6525102574996438ca63d72bc3685dd2e6dd5fab0086876cc6af55d11365376412dac2e3b61f78498ac748da3285d0a28885bc7425ba8c752146a6ab0851f6980ae6568c2e715e7bb7b50544947f4b143345df30043004df071913fc8f4b4affeac85d518b0ef0ef56d0c8e01164f160de229de3fde129c8ef0a58b34f3cd3272717c5157038be93f8f4206c9d215478a304374ef042f4e28c30ceca28b7211887762c1b581f4159faca443707920c4921487e8aeaa7dcd38b1e141088caa0f1d9ccb4bf1d6dd17d95e65ee341fc81d24f478d20c22227005b8edba287438ea872cc6cce636e531650252c03cc632224deaf4dbaff62978ef4b06a9f314fac06503dcf2565794545b5b1557c8f1b4b9b967226130ffc65f055272dc389decfcdf4b953d750f0506e290e6cd6182", 0x1000, 0x2}, {&(0x7f0000001300)="92a558c07fbb46ccc432e7b5cbb1047647181768080ba9a66faaa685c7a75c129bfdb3e5dc07888e86ded206ff4530a044a1bfe59566373c87be75c7f311498628f19b078ce7044effdd20b0fa0611a2cef46a2577567b468fe6dc82ac235e5ac411948098e99432919ff367d2be7f1fbd340df53fe0b3d0854fa8b8f24fd5b004143fbd32f0e2699f8fa00de9e70227198ce1f9f412798647d6e005349d99ca6f4b9ef51dffdf81703715360087c1c2769170cda12ee462aa4e2d205f65e3fc21532fda58546709b5bc15f5effe9176ec40d503573151fc40a521880877b2e1292f33393adeb75158bd64ee1c118be78d123d051e6ed2d91e21faaddec85f6dceeb6d945e5bc6153b75c682850680fd987293c3b217d88c2fc5bfd19f5ede7cd01065e18a9595aae4dd70f8d6caffa6a9de8a59224fc3be14640d40dbf9f53809ba6d2adaf3776e90feffa374214cab7dad8a487b1a8b2dab0906a90bc1496c4a95477e8fe1060165f8668ae714e64670accd0fd0ed33db2742e227c4c6bec3200a257e867ea9a885344e543ec767859f1209accac0f1f9b9b69c8236c826e13ab51ad29f80466c547a49528186f49c56588b2d3724c8b196b8c2457a7577c5f2c5ba33d98ed16fd4bbd6a482211b65f037f3db7e9bc5e12a794f297cd8ac3bf4b97986e5983adea650c2be54546889bf4109919f2912d61976e15966ef1dad09fd17f6f2d997461109a82773abae9552005070e71e988c475dc2b07760b576261062dfca5b0bec87f02bc2ae92b53611246cc0f6e15e865e9d97d81b38fbfe6c08e3ddcbfe8860ab104458d6196f053e0f9cfd10a854fa39ca8ec584bbbfdf51d66d0903c2e6505f93bfd15a1037918462fe508a398776ab0c7e2e32442681432391aa16597bbab9f948e16cf4670264e0efbae5bebb3066fafb4265874d90773b199694ce0ff1d6d9669689476af5d6a4da91281ac6d65230fcf675dfe0b9aeead82317cc565a5089209503f99534fa00baf9148d5f56bf7d74c8f458d11f792ff526cc61056570cb8738107fffc6c8d5b36d985e1e82b58755f75bed1fd7d55e3626917eaa830e2eade2e128b2943f7acab924d73b41943f29088c56a7d0e981daa9c54e284d495c52b2ae08d7a1b7fc14b9101c574c92a979333a6174de66445ea69ead33b743c38cb4e9a71f8811aa0d024b9dd7a682a6bd222135863ef0aca4fb59d7bd8f6fff4d13cc05b95752e49a2021db4e16151f645f30398c07a1e94389e61fe36c541c0455f831ead05fcd7cb3f9da17901ec63924db622d70bdd10acaad5c2c4b2e669e7063b233cb3d018394b020fcbbfbdc827257d3b3b58b1d236a732f1b2cceb8bae40a5b2550657cfaa9104ba77d9d33b1e45bc2bcb53e1f7f4078bd36e48a0ed1b2905bdd713183dcbfe6be5abe1b0c4dbd0037603a7be3a752eedfcb73fcffd9d67d5089752f608c6e4b5a2f413cd074275758eea459f9ada447f64610fd6be3ac2aa7bb9808dd5d58458b3053c79886ce8a5b44cb5a3182f9524bfbfe9c5568cd88a2ea331f6fd6fdd0b1844d2d251df3a30754298529a000dbe2e4e9b02bcd30ced0cad93e411d8b19f16305ec32afc574817bdf68b4c3647b2dc8d60741e213f1e56f9e2c0daa3a6b44a5420aebf4208df43057d843aa48b1813bc3a0621f103d4a676c7f5acf1b7202576516bd2c232c229184a2ab0a865697705b4ebbaedd828f643818896eada3faa6c6384de7ed2831dd6974f62611028c056177e6141dd9c2c520962eda64ff33ee9ddf86503739deeb54ac4b19718ef6af309882a3d7056b2c36de5674d06db4b51da3f9f54eb65e0938600883a33aa1b580ca5c667820ec8ce8a513f3c132a64d068d7134d704fcc735c7fd032ab94af0a01e4ed1974d8a210ca00d9f1a5871ceb085f14cc4bba779c0925696687b7b35927bda08fe1c559b94a350e2c5d716247928d9345a8776a0b45b18eae3da423fad623fe45ecd4b2233dc7c6ed481d3795a8080741c7465c3d6e28ab448e89efbe905969fdec8ad7d4102e545f5e68928bd695e854045c4885818235529f23091c66464d0f828e57ae4683ccb2c62a5ad867ab31ade160f9706215c1254cc8767fae33da2df1e13013c36f1aa20eb1a1c2328b00bf080063282f2a1f988c12b7f1c037df7b4ea6daa295530e0c9928ab1aa0d1bf5fbaab921b75402c1e80088e183d65edd00aadbaf6eb45ab294eee11f52b37c41c13bdda2ca0824546b7e688ad7155f23c433e16df9b8a4bdeae813090bad6c0cd2cfaec49df048608df923e4cab05ec8ca14451da9201ec4e1c2abbc7163f00160560afaf58e51f529bc1e2721e40c865e02430ea991b9702f6e0a960646e90e6fba12177c645e76c01f7cd116b0e84efdbe5f99e345b98784fa6deb290f238a42e51cd6036aa3e620d8ca73d9e9378f5411109dc69936af6f1a56367ef914294579a4c5e2982ca147592b7cb4c75cc60cc486adc414cb977d9972c971e6d75e2fd44e6bda80e1395ca226ddbd8647c1493ae872b2ddc1bc6b8a189196da2fa023d77bf14cd460b6366103e6ff65bcf8778b0ef13a41c2af65e2a64f1ad0bd4b063287452365db6bb520f4439639c89a1a8300fd39f8e388549f6c066a5e66975da31f361944d1164be09844a18e5043113dfbe4a3f46418cd42af4087c3a6ad7e281e7d7db2a4c1fe82772b87cec969224ce3f39f08811227d00925b59219e48a5ac978d6a694e32a7a5eabb45518805bf9dc1fb88a0379ce32ed2d5707fcac09a4381f2b39db2103002fff67031721a69881b17a534c69bd37fc449cb31d9116cab1c4f8df831989b2590499bedd73f7919bd7a15f0700221ad386fc353c793b72875c904ec814801c955bcf0885b526dd51906ec0c6d71fe5cbe4471c0c88060dc3408bd633eaaf9c1cdef6faab27c80852605989a08d19dc0f8a61b2809a0e872215139653167cec4aa13257739d691a34c47b140ffb56d03c176b4744b81a20b683efdaf16b49801e8909e7561a81ca4d488c49249ba8d6914352bc834cedcb5fb339a5b54c1856233217e5a0a7585ad78d31d76538b0e0a2cadf030f8aa4ffefadfbc45dec91905be13a15b6de176cc7c3307b647fcc3e836a582061ea4f0abe790f00ea9073f116b8ddb6cfc6c14ec1e24049fdbde4aebca16357047778b092763fcb497625dc5f1d29a8397c945ad95b55b250b3879448604a82cc4c2d09a8183bffd5c7209fece936e4833a379b0c6ba249d64d0eed07be6bf292c89b43b354fa11a6e6afea59a4cd7eab609916aa8ad9c186a20506d39bd70b24f0a16dcd34f8862ae7e64458c452be798d5e9534e629df2ed1b0eeb5bb870ab6a372b8850f455d4e6b9e7dadfa9eb2088df302936960b1975df56211b563398879f2fdbb9a1cec005bfcabbd91a90eb5fbd7fcbc99f5fb551a2fbfa53d03d530a7d9e09ffaf20c421b58a4233804a79d290ea4fc28a6de4db18cfe97c540a0ac138136a2e1080291b05f648224f8a96473274bef616e7419b7d222329e7c83634eeedfcc3e95e40bfc3f5cd9436f2dc027c45ba4327fc1dd71462e0114b0428cc3d65ed2b001ea957a2ee63ffdb5630228460a2961a33f79a3fa0ecc43f132918dde70ba37a47d6bda4d3eed6ec1821339611cf42da8477a641eac2ff557eb10c22b4bdba36a5ddb10555f0a6c59b57e1b813c446f93ff864d01baca55f98e37b4ffe6f1c535f1f3aeed454a85c40dc0dd80c348f3cf0b346d516961f516ab3a0e9bb7421f40939c47fa124008af0e615182445d1523bd7919380b351e4429a9c382fa12cf304912d1077a60d89577729ac10ea41b0f020899eb95bc8f7f4960b74ac527ec03984a9731aa88a0ad96bb2eddce7f2e2b2d9e3986f0a7d4e17bf5523e87ff280724c1320df6554a841d2abba9c66dfe16fa1cbcdde126b9477eb86526b4089ff6ddae6f02a2103b296620a42f9e21032b666961b8b151981e164d5232048438618dcfec9510c6a9f9c1f952dba052fb81a23a50880adf50c6c6f98ceaf39234f8f1be9f407dca589d9067a41c04a63155ba1163a49dbf55ef2502ac252a55806e68c7a7eceda3003a7dc86f500b51930f0c3f029bf503b57757d65b203318430575f2e458ab0d2f73c10cd42546421be1c636a14dcdad1813d4ff02be5079569b4ea4605e91d087dcbdb60759b7e13baf5e1ac2c0bd36e8e34b1ae453471dea785d6ea616998f5b4187d754bade2f889e9af640f94360ecda360fae2b99689b1b2c899ae5448150e39677cc4ffb20f4235c3ff1f1b333591fb5c4049b48c05f0b59157460011a2b61e4a7c60922dcaf7e438e3a6e996750dcd679a1dbd27f2905bc16c9c63bd64941828a759d2165f2ad7a45a20ec8af432d5d0fe832a8dfe7df8d9f7aac624d4e7d87edbee78e2512f5d66305ce41927a9b2a543e02eeb5a81beb343f49e49b74b8f24d48b64f8bf8bfe80cc1b5b8319433cb0aa7df0b43f6117ae78d408863c5388b9037771561c08b7fd9109087a0651a8484371f00e9ac79bcd68b01583a06ce91f0803f03bf0d56229ba51a28e6c9161472b6ee4a7c172da30c08080b42faf6a3289aa89c3aecf5adcbc010788ea5067c96720bfcfd6f1c3ae2f152394b10fb3c8792f288af8c599545c1a61b62c67a8c5af9c661cb503d362e466b528cc9d0914f85134064d06213f200091d909974c19cf28c310fe048c8dac0e5f63915e6980457705a01ab56a3f69cb96e10b8c537d5c8fc9d496c166eac5398641233605818b8ae9fa6f5e1fb497d5cd31b95cc35ec1372f02e1cefa34665a7df7dbbe0bbce84dc24f1e00e854dedf19b7cb98b0644804c3a88ec858fd4a1d27c622b552c1ee5483106c4994cca6f9720d92a8b32177b2b0a4a5ab2491f1a8e5ae03ef58229a03cc5313f668a1f7b29c0ae292cd03e16ab94842e761dc98893be292046df83c2c140de8b236ca5a8fd0cc1ba51ccfe49cec0df3f62e891236b1ea701671251bbb84e18de3653dc2fbfff525ee4fa3f46e26cde4adafdf5a45277a23f833194b3b0a89c7aaf58f8ee04a13b6f15ea76a3cc312add2dd1ba09999878d2214b1656d0bcb9ad7b3e08d30445e2144bf6462ff1d9f61dd7df3edbe13bbef34e3c0424c41d916dc9555f9e06ccbd31e8245db4016fffb14ff770aa7f77fe7c7974fcf6364f9fac5f7edeb4fe0e2f5a925a5da9565c4ef79d244e1328c8e4be3b167be2a1b22c3567cb31e36a81bf8f886514518d2718e55138c777d1e56e57b179f0ff09511c3f30154eee5b20d57b684ac02c8ff16e4d2a9aca695fc435671c7a18f465368d441682df7e40c5535ceb508762cd0537ef060af9e63161d1f946e204765f2f816abf3cf922ab0b83c286eb4a70bca2fa929b0ddfdd88f90620f0d47b7e4aa179356d75a310cc3840b953f6e782fe2dbfc91dbc6001fa469c31123e851f3f071e208af891ca81283e7e4fb8bd2253cd2bd6e85d305b0d5055dd50d28838b8a0654fb21da1e5f64301397fa936cb858f6ecfa3f79ccbf193958dc338aa70f5663f62c541f87ac70f11723e15668927462fe8753a3ec3aa382416f296b2ce035807a59b94c108813880aaf610df777feb1f43a3141eca477cb51fe7a11ec2f0341dfae09bb5244aed7a3b8c9e8d63ef376d0be3777bf5cdd9dcb53737ce9c5081d27cd27788bb04dc7dc16d60fa652fed2313d4ea24b2fba3f0a8880a36cf94d3c9d03cd17a91070b8b5d2c5d5d2f81a98934b3", 0x1000, 0x80000000}, {&(0x7f0000002300)="8c8736ede1601cbb88089e372332f02eea2613ced0f05236fd37cef6598799d7b8a9c3dcb9e236c3655e0dbb01eefe118753df1e4780081c1cfde8292aa591a07476706cac6229c58cef5a60af39d78f196ba597eb3f4ca7c1f45c9983856a135ce77322091d279ce6a06c2c02ab783adb77a220436c337f4b921340e232be546c3745e1f3aa277e0d43088d4c6f0d38c6a3a7f975de85da6fa244402bcee7fa35a3941159e89903b3259605ae9d44", 0xaf, 0x2}, {&(0x7f00000023c0)="f25145359b486af3b08994c3b28fe4cc89c12b7904fd346e1095e125f89e7970a0218bb083e99ab9d7e8439c175c228bde06ce8e33ba32780e9d5bc4f7acb91b0803494c7675623dd61c5c67809de9ba4a02cdb2a85207b2c304db1b78a43a0cfbe625e8cdd39e3fac09234f", 0x6c, 0x574d}], 0x42859, &(0x7f0000002540)={[{@huge_advise}, {@mpol={'mpol', 0x3d, {'interleave', '=static', @void}}}, {@nr_inodes={'nr_inodes', 0x3d, [0x25, 0x33, 0x38, 0x37, 0x67, 0x6d]}}, {@nr_blocks={'nr_blocks', 0x3d, [0x65, 0x30, 0x16, 0x30, 0x70, 0x35, 0x33]}}, {@huge_never}, {@nr_blocks={'nr_blocks', 0x3d, [0x38, 0x36, 0x30]}}, {@nr_blocks={'nr_blocks', 0x3d, [0x2d, 0x35, 0x38, 0x31, 0x33, 0x31]}}, {@size={'size', 0x3d, [0x31, 0x65, 0x30]}}], [{@hash}, {@euid_lt={'euid<', r2}}, {@smackfsfloor={'smackfsfloor', 0x3d, 'vfat\x00'}}, {@audit}, {@appraise_type}, {@subj_user={'subj_user', 0x3d, 'vfat\x00'}}]})
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000540)=@IORING_OP_POLL_ADD, 0x3)
r3 = socket$nl_route(0x10, 0x3, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000400)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000180)={0x0, 0x0, 0x0}}, 0x0)
r4 = syz_io_uring_setup(0x4959, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r5=>0x0, &(0x7f0000000100)=<r6=>0x0)
syz_io_uring_submit(r5, r6, &(0x7f0000008540)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x10001)
r7 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r4, 0x10000000)
r8 = io_uring_register$IORING_REGISTER_PERSONALITY(r4, 0x9, 0x0, 0x0)
syz_io_uring_submit(r5, r7, &(0x7f0000000840)=@IORING_OP_FALLOCATE={0x11, 0x0, 0x0, @fd, 0xda5, 0x0, 0x0, 0x0, 0x0, {0x0, r8}}, 0x1)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000002640)=@IORING_OP_TEE={0x21, 0x2, 0x0, @fd_index=0x1, 0x0, 0x0, 0x40, 0x2, 0x0, {0x0, r8, r0}}, 0x1)
write$binfmt_script(r1, &(0x7f0000000040)=ANY=[], 0x8800000)
r9 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r10 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r9, r10, 0x0, 0x80000001)
r11 = getpgid(0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x80, 0x1, 0x0, 0x38, 0x1, 0x0, 0x9, 0x8000, 0x2, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x2, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0xffc00000, 0x2, @perf_config_ext={0x8, 0xffff}, 0x2000, 0x8, 0x2, 0x0, 0x9, 0xc46c, 0x4712, 0x0, 0x3ff, 0x0, 0x13d380}, r11, 0x7, r1, 0x0)
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[]) (async)
chdir(&(0x7f0000000140)='./file0\x00') (async)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0) (async)
lstat(&(0x7f0000000280)='./file0\x00', &(0x7f00000024c0)) (async)
syz_mount_image$tmpfs(&(0x7f00000000c0), &(0x7f0000000200)='./file0\x00', 0x7fffffffffffffff, 0x4, &(0x7f0000002440)=[{&(0x7f0000000300)="3407abeed9ea48907ed3e5ef064bafa0c023b066ca61382587341a08bd407113e593decac61467fc1f6fdaf2e9a4b7ac01b3c1b56c3a987dd61cf16ee4cbe7038e939e5482506e377cf7c7637e6e3ec0ed46ed761bf4cb05acd7232aa58d59fc97f30701bb4825727aa0d343909b716e0c96b5114f58aa1b537ec0d9c0d3a16daee15f75eb98b920febf432fb071f9298fdb216b5739bc5b947669c44cda9af258667182e9ee8a5633c05bfc3b1365812cc51d46c2deb0db5eef663ed6dc63bb7e099c590e2410cdaaf28d13dd0154ddf7532309646740416eee7e3c73994ed0f67e64e2b03f9ca128216f18d4fb1385aba8264ba3136712da077842d2e2e8bc4f5e85d3fe3809b58e0832742ac3a516f512c15de96622b5c81ecc4c8ed296dbb0dffb14170b44c4fa2feee8a85131d69677e6a76323c9b8101f45971072ef056a1a1674adec3e8438413067fce61e821df905f6963c5471a82365d8ec2dc55763344f77ac78b26a789bd95a381892f81b67bf5abba03305367ae33e3466cd92a7a1c101dfee6240dc6d0e3599c0f99d754184d9e1723a698475792e77129fcc7378f124dacf0ec6653ec0ba791ad4d997996dad4534093bb65244683022df47234b104712dcebf74ea78d6a0b52f744c4681c62486b9c41877506daaae9f62b4e630270989b363b6304dd7d00e2b06245877245754dfec064fb45a5b9032861bbc0b13b1159d111a0bfee4055b526faeff3b76df34461e1b6c84054bb9ec5420d4bdd54bb1db644f80aa3ef73d280408a4cac3eb2f44a278d4679659fc2b12c6eba7454f37f46c46c643d3c11f698feeb067a8f0ad700c76c2c8314544a0f538ac9e8dfe1dfccd2448e136c239ccd867b149a19d9e59e399e93a3969ba92b778cfa32866e239d5375116ccce2ec12ce4668572d3b786b395ccddcf20181c387311496062a50a9b7614bd8f89cb5d38d1261ee0c19a5d4bb9d89696647d2166bcc9e9a29f56aa783dc8995d403a290ecded95c60a0bdf73f750e804e3dacbfa52623dd08fa028b9b00caa5b74ba31286066fcf59a954f6cab2ccc82a579bd508c9b6095c34ffa33180c0f880b91e845426d9067319c2342f0106fec51db870a4048c4dc59204120bd343db1e55107bbd95315441bbfb5e243276471788c2a377beef2e5d7d4e957248fd5f4d61b2485dd4950618675b9220cbe5a6101ff9b2e85c70da78c8148c8fd09fa0add7fa6004664b27d145039495f111dba13eba777d657729b1251da998698c7b4ce8cd80c2ef72a196aa38dbad72baa97d3fd2f17de95cdd041979fda47a8c35d8d91f03e181360a2d437fc152dac723c525620d37c161d99b84cc0f4d5677e4a17edacb32d38cf855ca2870ddfdbfc8c93bd035388da0da3c4e02fdd3ac8443190f374a35e7aafdbf7a356c10107af81dc9eb6f86fef794a928b81a5c09738642442c746da136634f913d3a5984c42828a29966a89f3620195005ba83d78f70091714fc340c21ee96312f459981da1e86074c3bc92198a1eddcf237c22910f447fa3825e8ff3135a3aa7c0efa6e8da218518913041d86d01871396c32dfba26fcc545f4a2db13decdbd2af5435811f45c4b9d3c6e50439fe2eefc488da094004e74bffa01ca12b5dba56f4437dee3f21b0f99faee7d63c79516f0fc4812b0f7bb73d7d0dc8463ece7dc1a416ad0fda08a22e8738dab6915ec0c105206e1ed334761f3e9884b5c7bb2802206aee0fa0d7f4baa52572c05136778677ce6ef6a8cabb54d9f7ba0e4cd16b4ba3c5aa18876459bd2bf7b497db0280f24eccd5be87295d39d7982e7ed04ad4ffd73b8e572d9ce155b97410b3c6059b938c116e319992bcb33854581fc97c0d648442f9157ddaeb6d7b92258ea29e998bdcb466427916a291ad24239f0f24b41d3bde98ff23a4ce3d041ee9f098e69a24dad8fba660d5b36d6de3add24faeadba6696e39de7f43b436eaf82e29d871d2cf36c986342f496dc75bd2a0a5855bde4d217a04e8ac89111836b9f0f86f332a3be18d343d3153cd57f6ce84837c2ef0a811c72db9c016b426bf2c4d5edcb5fc69aa120a71ab788483ecd9d9d23b5befa0a54318bc8f7201d8714e00750da1d029ba6f3a5b46f64dcc6d41cacd9bbd9f5415eea098e7cb7da7cb89d87de9e790b25eb6e6d76050649eb341b254aaf4a7d177c7957fae98f7e0d43be4c088887a5e4ac92fc91458a8e08d6bcd04912a822916bfd6ace3d4fc006b13e55c39e5c3d41bf0b3d571ece6000da1cd55aaa41e05cddbc05d445b5598a0d039cd991b035b2fc65d16347f78573de32502581fa7dda73154e28fb0f49d7e7d70fe3d4aef952940fdaae79757b16af71a1dbf0aa01769b8a3a5ba3795a8917d6a4292614d150f4a8bf830a6c2360036ea259b19af38354f1ad75583dde15c1455559cee685ddaf18254b5865ca9c89b3f2c2b99e0f2ac0223fecdf716c0f13d1d78b52958372e45d8180b0431fbda3b61b550b310156199532d76568f47bbeaa59163b1ad9b9c279e98535ba34d844fedc565c501d21c2eb487618238d82c5eaac840b604fad758b5c8c60f8ce0692097607308ab800d2ac33c496003fb38b970e06b0a92fe0f0529625799229c7b0cf8b273eda0ff2ebd782a1a0dbfa57c571e7e7eb9c90bd329c433f218f8cf1b88bd3d7be8187614153936e44ada1098491f855c115868f48b4bed0e5ae47ae2007a07be149234c5bb98db589d6f11d4c3e1430658c86b5dcddf350fe35268eaca6d5d8dd3350aff9f3cc644137703259f3f788f3e675dc8efb628338c59bb1c39384f3f7794d2cb13cf019869bc46a1f7c4189dfd6916bb333653473abf729392e2a2d4937779b2322d84a21c1c68b4cb34d1e97aeef2a295d6858144ae86163f6e21c05359be63cae05faf0881627ad1adc97a622fabe426a06000e50525b10531e6233057aa3eef15443ac7e7fd2f6995a501443265f047860a32972c703c02870c9d0b5fa8ecb09e112ed440ed25538ae19a03a0feb51495d87b7fab73e62eabc972268b40d268a872cbeaf9cc0aff4945c6f547634043de4e8f8d2a677b664db1b0de3b6f27ca372ec10b5a4f8dc85cb3ed82e8ae2479910ac73e9e7cb3a1188be8255d95471e2a2490657cf23824970778912f64d15cb57145bc6ab4e64aa29798361b0f8f1cd245d9282ad7398c3776992f0cbd13c9bdb699ef1b273ebb1584233e15d2cf5fd8f08adde350effed4740322a987c43e2a5d2b64531d9e9ff1d0eb98b32441bd6c2c085e260a9b6b940a0f28b134afe51f95e50bb14afebafdd9635b54dbae08246d5716a6f762cf7ee60f7c6885ef160820496cc3c239911fe659115993fe4375fd60c2dee75be293eabd4ba6fccf8b49f26dd222c43d1319f0a79bd5bc2d6a9bf65bb357d8d291f7ec807620629987316e8257cb62eca260bd4e7175548e048028ae92886321eb46b9bc42dc4b74512d8ec8e4a7d65c867bcfa18d81166b9ca4ab1787e41ad3d21f9745b13030bf0c511c3c8834987bf66213f0900843790a9399bb20cd02fe06d0fea9f19f109ada09e19fbda20cd7b494f68a2c63d279aba416540801efea1fff1bdcebaa739fae94e8d4dc45ce1a5d5b6248382ca82601046f70a36778bcdd18800e52f67b14f8e69fb9611a4243d4bbd482a4fa7d487fe7b7ffa2525342c3d29bd7cc72100ee45b6ca816893a894571537987f51ab71d9baa3d65d5788d6d6208614803fc29d5c9f6420f49f527c903533e170a0ac6b0ebf8faee359c96ebdc9452d747b9e2cdca9cdc60d909dd03771b1cd7205e52aecc6b366955fbcc8147610180d7659c150fb3bfdb03c565a8f8e4c41bebc9fc13635c6308d2cd2ae66815d3418c372a00751f2bc3faca497f9b91bdd0f20399677f1d0735543e97c43c280837f4488658592227e68748684bb781dce560c7dad209cbecfa0d30d43467827873da874b0ab56c55f285b59003abe8413981f191cad3244d51cf7ef2b264d3f3779dfe04db724a2bdb574ec35f75b1b72a618597e63dbfc7e33854cf7a4a54038f620e46063680a71ac9900f5747f6d9ed9e4170e7d5e6498b6779385eba7575230eba59e27bc70f908273187e3d4da1146c45b99501d1546919e461bbd4137cef4bbaefe546d004ac39335794c540efa7b2f5c2073b22b383573cd85cea8797855d10755bcf15d8fa2c8e8cec68a0735a14d6a9121270769dc35ea7f992b5306b17ba554505d02e86cd0fe043d610b0a8fdbaa1c6f7d0d3829bcc5c406c1b08dd338b8acad60174d29841e0f8818a9a7e8c834d078008b5b049a934af0574c4b930d5190861d1b094d069b64f04090ff9894624efb6cdf3390d5987b09af19a726a40fee3e60fad81e94b7555c55464fbbb170997752d6af9de5655935e1fa2573afc5fa1c8dd7c6aef10086471d5806761dbb9ea1c8a89a90ab4b00e7324e183603ef005cfaac38f5982d693c002aea2cb34bb5d51ec6a77083f5130fe4ca09790803d9f35ba326fac5cb91c9057b7776d9439d69d467356ff7bf7292f9c0c61b8c1d91e73e4393cbde1814aaf640e8da0152e11060c7aad73b9fceff5c9e876563dab7208557fbf93ea28ab4cd0cc3a75de6b403d00bf632364fbbdd729e7f762e0886c63d431ac8c79d0d35b88f3283c863957350d6bcace65c32859830b71e429985dba3fe3b875ae512c94ca8faf822de97d64c4da8262fb4f1e64d74a9c31b4479a0ee190ee0456d8234157c28c7503a87d00ee4502c08110b17ece8c5844426f62ba9d14f24147a20d143b04031e15ce696db5d8899bc44470e6e9485beface56f57727d0e5e9bb85bf7b45d6375f208c32a1cfb930e4c343b67b47a4ba0d0102ea87dc8c2c6cc9fc6e1b676021c27677b5ffd9e6bc37bd7037194e61985b39a6f5644613ce70ed23e200989aba228a8af04bd6fa0b6f63f3bbf24871c47f9f7aad8159dfd208b37393c97dd54bc10d3ad435dbe98a4f4a6fcbec9c018f465c4b11041acf8967af8c0fdc7d09aed24e7c38e165788e865d5ba5af30e5039b1e1096c0e0897585a512bc8ccdd1f488d3babcd30dda6171da7e3e2c436a769d772ee4e924aa892433e262f157f4856d37b3e6be1642cbb6197443e4935f51700cd7e7e75c1dd43a179923c184c19dc9249f06a6f4d5d9b76f6a781d9f435d8381d2f3b1d4aa8f351144979f6e3d2a1139c9b3c4aac8b68e54b524d9127c8a373d5efd2d79ee4de83a1fa90cbb03563a968855c1276a6181b5ffde5840db0fe7cc93059db678e7bcbdf48d9f2fb48f53f9eb6fae0ed6bf1971d4562018deae9932d7859c84cc9228c8a003e6dc6525102574996438ca63d72bc3685dd2e6dd5fab0086876cc6af55d11365376412dac2e3b61f78498ac748da3285d0a28885bc7425ba8c752146a6ab0851f6980ae6568c2e715e7bb7b50544947f4b143345df30043004df071913fc8f4b4affeac85d518b0ef0ef56d0c8e01164f160de229de3fde129c8ef0a58b34f3cd3272717c5157038be93f8f4206c9d215478a304374ef042f4e28c30ceca28b7211887762c1b581f4159faca443707920c4921487e8aeaa7dcd38b1e141088caa0f1d9ccb4bf1d6dd17d95e65ee341fc81d24f478d20c22227005b8edba287438ea872cc6cce636e531650252c03cc632224deaf4dbaff62978ef4b06a9f314fac06503dcf2565794545b5b1557c8f1b4b9b967226130ffc65f055272dc389decfcdf4b953d750f0506e290e6cd6182", 0x1000, 0x2}, {&(0x7f0000001300)="92a558c07fbb46ccc432e7b5cbb1047647181768080ba9a66faaa685c7a75c129bfdb3e5dc07888e86ded206ff4530a044a1bfe59566373c87be75c7f311498628f19b078ce7044effdd20b0fa0611a2cef46a2577567b468fe6dc82ac235e5ac411948098e99432919ff367d2be7f1fbd340df53fe0b3d0854fa8b8f24fd5b004143fbd32f0e2699f8fa00de9e70227198ce1f9f412798647d6e005349d99ca6f4b9ef51dffdf81703715360087c1c2769170cda12ee462aa4e2d205f65e3fc21532fda58546709b5bc15f5effe9176ec40d503573151fc40a521880877b2e1292f33393adeb75158bd64ee1c118be78d123d051e6ed2d91e21faaddec85f6dceeb6d945e5bc6153b75c682850680fd987293c3b217d88c2fc5bfd19f5ede7cd01065e18a9595aae4dd70f8d6caffa6a9de8a59224fc3be14640d40dbf9f53809ba6d2adaf3776e90feffa374214cab7dad8a487b1a8b2dab0906a90bc1496c4a95477e8fe1060165f8668ae714e64670accd0fd0ed33db2742e227c4c6bec3200a257e867ea9a885344e543ec767859f1209accac0f1f9b9b69c8236c826e13ab51ad29f80466c547a49528186f49c56588b2d3724c8b196b8c2457a7577c5f2c5ba33d98ed16fd4bbd6a482211b65f037f3db7e9bc5e12a794f297cd8ac3bf4b97986e5983adea650c2be54546889bf4109919f2912d61976e15966ef1dad09fd17f6f2d997461109a82773abae9552005070e71e988c475dc2b07760b576261062dfca5b0bec87f02bc2ae92b53611246cc0f6e15e865e9d97d81b38fbfe6c08e3ddcbfe8860ab104458d6196f053e0f9cfd10a854fa39ca8ec584bbbfdf51d66d0903c2e6505f93bfd15a1037918462fe508a398776ab0c7e2e32442681432391aa16597bbab9f948e16cf4670264e0efbae5bebb3066fafb4265874d90773b199694ce0ff1d6d9669689476af5d6a4da91281ac6d65230fcf675dfe0b9aeead82317cc565a5089209503f99534fa00baf9148d5f56bf7d74c8f458d11f792ff526cc61056570cb8738107fffc6c8d5b36d985e1e82b58755f75bed1fd7d55e3626917eaa830e2eade2e128b2943f7acab924d73b41943f29088c56a7d0e981daa9c54e284d495c52b2ae08d7a1b7fc14b9101c574c92a979333a6174de66445ea69ead33b743c38cb4e9a71f8811aa0d024b9dd7a682a6bd222135863ef0aca4fb59d7bd8f6fff4d13cc05b95752e49a2021db4e16151f645f30398c07a1e94389e61fe36c541c0455f831ead05fcd7cb3f9da17901ec63924db622d70bdd10acaad5c2c4b2e669e7063b233cb3d018394b020fcbbfbdc827257d3b3b58b1d236a732f1b2cceb8bae40a5b2550657cfaa9104ba77d9d33b1e45bc2bcb53e1f7f4078bd36e48a0ed1b2905bdd713183dcbfe6be5abe1b0c4dbd0037603a7be3a752eedfcb73fcffd9d67d5089752f608c6e4b5a2f413cd074275758eea459f9ada447f64610fd6be3ac2aa7bb9808dd5d58458b3053c79886ce8a5b44cb5a3182f9524bfbfe9c5568cd88a2ea331f6fd6fdd0b1844d2d251df3a30754298529a000dbe2e4e9b02bcd30ced0cad93e411d8b19f16305ec32afc574817bdf68b4c3647b2dc8d60741e213f1e56f9e2c0daa3a6b44a5420aebf4208df43057d843aa48b1813bc3a0621f103d4a676c7f5acf1b7202576516bd2c232c229184a2ab0a865697705b4ebbaedd828f643818896eada3faa6c6384de7ed2831dd6974f62611028c056177e6141dd9c2c520962eda64ff33ee9ddf86503739deeb54ac4b19718ef6af309882a3d7056b2c36de5674d06db4b51da3f9f54eb65e0938600883a33aa1b580ca5c667820ec8ce8a513f3c132a64d068d7134d704fcc735c7fd032ab94af0a01e4ed1974d8a210ca00d9f1a5871ceb085f14cc4bba779c0925696687b7b35927bda08fe1c559b94a350e2c5d716247928d9345a8776a0b45b18eae3da423fad623fe45ecd4b2233dc7c6ed481d3795a8080741c7465c3d6e28ab448e89efbe905969fdec8ad7d4102e545f5e68928bd695e854045c4885818235529f23091c66464d0f828e57ae4683ccb2c62a5ad867ab31ade160f9706215c1254cc8767fae33da2df1e13013c36f1aa20eb1a1c2328b00bf080063282f2a1f988c12b7f1c037df7b4ea6daa295530e0c9928ab1aa0d1bf5fbaab921b75402c1e80088e183d65edd00aadbaf6eb45ab294eee11f52b37c41c13bdda2ca0824546b7e688ad7155f23c433e16df9b8a4bdeae813090bad6c0cd2cfaec49df048608df923e4cab05ec8ca14451da9201ec4e1c2abbc7163f00160560afaf58e51f529bc1e2721e40c865e02430ea991b9702f6e0a960646e90e6fba12177c645e76c01f7cd116b0e84efdbe5f99e345b98784fa6deb290f238a42e51cd6036aa3e620d8ca73d9e9378f5411109dc69936af6f1a56367ef914294579a4c5e2982ca147592b7cb4c75cc60cc486adc414cb977d9972c971e6d75e2fd44e6bda80e1395ca226ddbd8647c1493ae872b2ddc1bc6b8a189196da2fa023d77bf14cd460b6366103e6ff65bcf8778b0ef13a41c2af65e2a64f1ad0bd4b063287452365db6bb520f4439639c89a1a8300fd39f8e388549f6c066a5e66975da31f361944d1164be09844a18e5043113dfbe4a3f46418cd42af4087c3a6ad7e281e7d7db2a4c1fe82772b87cec969224ce3f39f08811227d00925b59219e48a5ac978d6a694e32a7a5eabb45518805bf9dc1fb88a0379ce32ed2d5707fcac09a4381f2b39db2103002fff67031721a69881b17a534c69bd37fc449cb31d9116cab1c4f8df831989b2590499bedd73f7919bd7a15f0700221ad386fc353c793b72875c904ec814801c955bcf0885b526dd51906ec0c6d71fe5cbe4471c0c88060dc3408bd633eaaf9c1cdef6faab27c80852605989a08d19dc0f8a61b2809a0e872215139653167cec4aa13257739d691a34c47b140ffb56d03c176b4744b81a20b683efdaf16b49801e8909e7561a81ca4d488c49249ba8d6914352bc834cedcb5fb339a5b54c1856233217e5a0a7585ad78d31d76538b0e0a2cadf030f8aa4ffefadfbc45dec91905be13a15b6de176cc7c3307b647fcc3e836a582061ea4f0abe790f00ea9073f116b8ddb6cfc6c14ec1e24049fdbde4aebca16357047778b092763fcb497625dc5f1d29a8397c945ad95b55b250b3879448604a82cc4c2d09a8183bffd5c7209fece936e4833a379b0c6ba249d64d0eed07be6bf292c89b43b354fa11a6e6afea59a4cd7eab609916aa8ad9c186a20506d39bd70b24f0a16dcd34f8862ae7e64458c452be798d5e9534e629df2ed1b0eeb5bb870ab6a372b8850f455d4e6b9e7dadfa9eb2088df302936960b1975df56211b563398879f2fdbb9a1cec005bfcabbd91a90eb5fbd7fcbc99f5fb551a2fbfa53d03d530a7d9e09ffaf20c421b58a4233804a79d290ea4fc28a6de4db18cfe97c540a0ac138136a2e1080291b05f648224f8a96473274bef616e7419b7d222329e7c83634eeedfcc3e95e40bfc3f5cd9436f2dc027c45ba4327fc1dd71462e0114b0428cc3d65ed2b001ea957a2ee63ffdb5630228460a2961a33f79a3fa0ecc43f132918dde70ba37a47d6bda4d3eed6ec1821339611cf42da8477a641eac2ff557eb10c22b4bdba36a5ddb10555f0a6c59b57e1b813c446f93ff864d01baca55f98e37b4ffe6f1c535f1f3aeed454a85c40dc0dd80c348f3cf0b346d516961f516ab3a0e9bb7421f40939c47fa124008af0e615182445d1523bd7919380b351e4429a9c382fa12cf304912d1077a60d89577729ac10ea41b0f020899eb95bc8f7f4960b74ac527ec03984a9731aa88a0ad96bb2eddce7f2e2b2d9e3986f0a7d4e17bf5523e87ff280724c1320df6554a841d2abba9c66dfe16fa1cbcdde126b9477eb86526b4089ff6ddae6f02a2103b296620a42f9e21032b666961b8b151981e164d5232048438618dcfec9510c6a9f9c1f952dba052fb81a23a50880adf50c6c6f98ceaf39234f8f1be9f407dca589d9067a41c04a63155ba1163a49dbf55ef2502ac252a55806e68c7a7eceda3003a7dc86f500b51930f0c3f029bf503b57757d65b203318430575f2e458ab0d2f73c10cd42546421be1c636a14dcdad1813d4ff02be5079569b4ea4605e91d087dcbdb60759b7e13baf5e1ac2c0bd36e8e34b1ae453471dea785d6ea616998f5b4187d754bade2f889e9af640f94360ecda360fae2b99689b1b2c899ae5448150e39677cc4ffb20f4235c3ff1f1b333591fb5c4049b48c05f0b59157460011a2b61e4a7c60922dcaf7e438e3a6e996750dcd679a1dbd27f2905bc16c9c63bd64941828a759d2165f2ad7a45a20ec8af432d5d0fe832a8dfe7df8d9f7aac624d4e7d87edbee78e2512f5d66305ce41927a9b2a543e02eeb5a81beb343f49e49b74b8f24d48b64f8bf8bfe80cc1b5b8319433cb0aa7df0b43f6117ae78d408863c5388b9037771561c08b7fd9109087a0651a8484371f00e9ac79bcd68b01583a06ce91f0803f03bf0d56229ba51a28e6c9161472b6ee4a7c172da30c08080b42faf6a3289aa89c3aecf5adcbc010788ea5067c96720bfcfd6f1c3ae2f152394b10fb3c8792f288af8c599545c1a61b62c67a8c5af9c661cb503d362e466b528cc9d0914f85134064d06213f200091d909974c19cf28c310fe048c8dac0e5f63915e6980457705a01ab56a3f69cb96e10b8c537d5c8fc9d496c166eac5398641233605818b8ae9fa6f5e1fb497d5cd31b95cc35ec1372f02e1cefa34665a7df7dbbe0bbce84dc24f1e00e854dedf19b7cb98b0644804c3a88ec858fd4a1d27c622b552c1ee5483106c4994cca6f9720d92a8b32177b2b0a4a5ab2491f1a8e5ae03ef58229a03cc5313f668a1f7b29c0ae292cd03e16ab94842e761dc98893be292046df83c2c140de8b236ca5a8fd0cc1ba51ccfe49cec0df3f62e891236b1ea701671251bbb84e18de3653dc2fbfff525ee4fa3f46e26cde4adafdf5a45277a23f833194b3b0a89c7aaf58f8ee04a13b6f15ea76a3cc312add2dd1ba09999878d2214b1656d0bcb9ad7b3e08d30445e2144bf6462ff1d9f61dd7df3edbe13bbef34e3c0424c41d916dc9555f9e06ccbd31e8245db4016fffb14ff770aa7f77fe7c7974fcf6364f9fac5f7edeb4fe0e2f5a925a5da9565c4ef79d244e1328c8e4be3b167be2a1b22c3567cb31e36a81bf8f886514518d2718e55138c777d1e56e57b179f0ff09511c3f30154eee5b20d57b684ac02c8ff16e4d2a9aca695fc435671c7a18f465368d441682df7e40c5535ceb508762cd0537ef060af9e63161d1f946e204765f2f816abf3cf922ab0b83c286eb4a70bca2fa929b0ddfdd88f90620f0d47b7e4aa179356d75a310cc3840b953f6e782fe2dbfc91dbc6001fa469c31123e851f3f071e208af891ca81283e7e4fb8bd2253cd2bd6e85d305b0d5055dd50d28838b8a0654fb21da1e5f64301397fa936cb858f6ecfa3f79ccbf193958dc338aa70f5663f62c541f87ac70f11723e15668927462fe8753a3ec3aa382416f296b2ce035807a59b94c108813880aaf610df777feb1f43a3141eca477cb51fe7a11ec2f0341dfae09bb5244aed7a3b8c9e8d63ef376d0be3777bf5cdd9dcb53737ce9c5081d27cd27788bb04dc7dc16d60fa652fed2313d4ea24b2fba3f0a8880a36cf94d3c9d03cd17a91070b8b5d2c5d5d2f81a98934b3", 0x1000, 0x80000000}, {&(0x7f0000002300)="8c8736ede1601cbb88089e372332f02eea2613ced0f05236fd37cef6598799d7b8a9c3dcb9e236c3655e0dbb01eefe118753df1e4780081c1cfde8292aa591a07476706cac6229c58cef5a60af39d78f196ba597eb3f4ca7c1f45c9983856a135ce77322091d279ce6a06c2c02ab783adb77a220436c337f4b921340e232be546c3745e1f3aa277e0d43088d4c6f0d38c6a3a7f975de85da6fa244402bcee7fa35a3941159e89903b3259605ae9d44", 0xaf, 0x2}, {&(0x7f00000023c0)="f25145359b486af3b08994c3b28fe4cc89c12b7904fd346e1095e125f89e7970a0218bb083e99ab9d7e8439c175c228bde06ce8e33ba32780e9d5bc4f7acb91b0803494c7675623dd61c5c67809de9ba4a02cdb2a85207b2c304db1b78a43a0cfbe625e8cdd39e3fac09234f", 0x6c, 0x574d}], 0x42859, &(0x7f0000002540)={[{@huge_advise}, {@mpol={'mpol', 0x3d, {'interleave', '=static', @void}}}, {@nr_inodes={'nr_inodes', 0x3d, [0x25, 0x33, 0x38, 0x37, 0x67, 0x6d]}}, {@nr_blocks={'nr_blocks', 0x3d, [0x65, 0x30, 0x16, 0x30, 0x70, 0x35, 0x33]}}, {@huge_never}, {@nr_blocks={'nr_blocks', 0x3d, [0x38, 0x36, 0x30]}}, {@nr_blocks={'nr_blocks', 0x3d, [0x2d, 0x35, 0x38, 0x31, 0x33, 0x31]}}, {@size={'size', 0x3d, [0x31, 0x65, 0x30]}}], [{@hash}, {@euid_lt={'euid<', r2}}, {@smackfsfloor={'smackfsfloor', 0x3d, 'vfat\x00'}}, {@audit}, {@appraise_type}, {@subj_user={'subj_user', 0x3d, 'vfat\x00'}}]}) (async)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000540)=@IORING_OP_POLL_ADD, 0x3) (async)
socket$nl_route(0x10, 0x3, 0x0) (async)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000400)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000180)={0x0, 0x0, 0x0}}, 0x0) (async)
syz_io_uring_setup(0x4959, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380), &(0x7f0000000100)) (async)
syz_io_uring_submit(r5, r6, &(0x7f0000008540)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x10001) (async)
mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r4, 0x10000000) (async)
io_uring_register$IORING_REGISTER_PERSONALITY(r4, 0x9, 0x0, 0x0) (async)
syz_io_uring_submit(r5, r7, &(0x7f0000000840)=@IORING_OP_FALLOCATE={0x11, 0x0, 0x0, @fd, 0xda5, 0x0, 0x0, 0x0, 0x0, {0x0, r8}}, 0x1) (async)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000002640)=@IORING_OP_TEE={0x21, 0x2, 0x0, @fd_index=0x1, 0x0, 0x0, 0x40, 0x2, 0x0, {0x0, r8, r0}}, 0x1) (async)
write$binfmt_script(r1, &(0x7f0000000040)=ANY=[], 0x8800000) (async)
open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0) (async)
openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) (async)
sendfile(r9, r10, 0x0, 0x80000001) (async)
getpgid(0x0) (async)
perf_event_open(&(0x7f0000000180)={0x0, 0x80, 0x1, 0x0, 0x38, 0x1, 0x0, 0x9, 0x8000, 0x2, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x2, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0xffc00000, 0x2, @perf_config_ext={0x8, 0xffff}, 0x2000, 0x8, 0x2, 0x0, 0x9, 0xc46c, 0x4712, 0x0, 0x3ff, 0x0, 0x13d380}, r11, 0x7, r1, 0x0) (async)

[  323.827772][T24679]  block_write_begin+0x77/0x170
[  323.832626][T24679]  ? cont_write_begin+0x3aa/0x500
[  323.837651][T24679]  cont_write_begin+0x3cf/0x500
[  323.842510][T24679]  fat_write_begin+0x61/0xf0
[  323.847132][T24679]  ? fat_block_truncate_page+0x30/0x30
[  323.852600][T24679]  generic_perform_write+0x1d6/0x3f0
[  323.857904][T24679]  ? fat_write_begin+0xf0/0xf0
[  323.862683][T24679]  __generic_file_write_iter+0x172/0x280
[  323.868351][T24679]  ? generic_write_checks+0x256/0x290
[  323.873725][T24679]  generic_file_write_iter+0x75/0x130
[  323.879102][T24679]  do_iter_readv_writev+0x27b/0x300
[  323.884307][T24679]  do_iter_write+0x16f/0x5c0
[  323.888900][T24679]  ? splice_from_pipe_next+0x34f/0x3b0
[  323.894415][T24679]  vfs_iter_write+0x4c/0x70
[  323.898939][T24679]  iter_file_splice_write+0x44a/0x7c0
[  323.904394][T24679]  ? splice_from_pipe+0xc0/0xc0
[  323.909309][T24679]  direct_splice_actor+0x80/0xa0
[  323.914249][T24679]  splice_direct_to_actor+0x345/0x660
[  323.919626][T24679]  ? do_splice_direct+0x180/0x180
[  323.924674][T24679]  do_splice_direct+0xfb/0x180
[  323.929444][T24679]  do_sendfile+0x3ad/0x900
[  323.933856][T24679]  __x64_sys_sendfile64+0x10c/0x150
[  323.939119][T24679]  do_syscall_64+0x2b/0x70
[  323.943539][T24679]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  323.949432][T24679] RIP: 0033:0x7f53af6750e9
[  323.953866][T24679] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[  323.973473][T24679] RSP: 002b:00007f53aedca168 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[  323.981886][T24679] RAX: ffffffffffffffda RBX: 00007f53af788030 RCX: 00007f53af6750e9
[  323.989841][T24679] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000004
[  323.997795][T24679] RBP: 00007f53aedca1d0 R08: 0000000000000000 R09: 0000000000000000
[  324.005749][T24679] R10: 0000000080000001 R11: 0000000000000246 R12: 0000000000000002
[  324.013817][T24679] R13: 00007ffd49c5f31f R14: 00007f53aedca300 R15: 0000000000022000
[  324.021782][T24679]  </TASK>
[  324.098387][T24691] loop4: detected capacity change from 0 to 262160
[  324.106296][T24692] loop3: detected capacity change from 0 to 262160
11:47:00 executing program 0:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x0, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
syz_open_procfs(0x0, &(0x7f00000001c0)='net/ip_vs_stats\x00')
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

11:47:00 executing program 5:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
perf_event_open(&(0x7f0000000300)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1fd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xbfffffffffffffff, 0xffffffffffffffff, 0x0)
syz_open_procfs(0x0, &(0x7f00000001c0)='net/ip_vs_stats\x00')
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(0xffffffffffffffff, r1, 0x0, 0x80000001)

11:47:00 executing program 2:
mkdir(&(0x7f0000000140)='./file0\x00', 0x0)
mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0)
r0 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0)
r1 = openat$cgroup_procs(r0, &(0x7f0000000000)='cgroup.procs\x00', 0x2, 0x0)
writev(r1, &(0x7f0000000440)=[{&(0x7f0000000180)='0', 0x1}], 0x1)
pipe2$9p(&(0x7f0000000240), 0x0)
mkdir(&(0x7f0000000140)='./file0\x00', 0x0) (async)
mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) (async)
open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) (async)
openat$cgroup_procs(r0, &(0x7f0000000000)='cgroup.procs\x00', 0x2, 0x0) (async)
writev(r1, &(0x7f0000000440)=[{&(0x7f0000000180)='0', 0x1}], 0x1) (async)
pipe2$9p(&(0x7f0000000240), 0x0) (async)

11:47:00 executing program 1:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mount(0x0, 0x0, 0x0, 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001) (fail_nth: 60)
ioctl$BTRFS_IOC_GET_DEV_STATS(0xffffffffffffffff, 0xc4089434, 0x0)

[  324.179031][T24695] loop5: detected capacity change from 0 to 262160
11:47:00 executing program 4:
r0 = syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[]) (async)
chdir(&(0x7f0000000140)='./file0\x00')
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
lstat(&(0x7f0000000280)='./file0\x00', &(0x7f00000024c0)={0x0, 0x0, 0x0, 0x0, <r2=>0x0})
syz_mount_image$tmpfs(&(0x7f00000000c0), &(0x7f0000000200)='./file0\x00', 0x7fffffffffffffff, 0x4, &(0x7f0000002440)=[{&(0x7f0000000300)="3407abeed9ea48907ed3e5ef064bafa0c023b066ca61382587341a08bd407113e593decac61467fc1f6fdaf2e9a4b7ac01b3c1b56c3a987dd61cf16ee4cbe7038e939e5482506e377cf7c7637e6e3ec0ed46ed761bf4cb05acd7232aa58d59fc97f30701bb4825727aa0d343909b716e0c96b5114f58aa1b537ec0d9c0d3a16daee15f75eb98b920febf432fb071f9298fdb216b5739bc5b947669c44cda9af258667182e9ee8a5633c05bfc3b1365812cc51d46c2deb0db5eef663ed6dc63bb7e099c590e2410cdaaf28d13dd0154ddf7532309646740416eee7e3c73994ed0f67e64e2b03f9ca128216f18d4fb1385aba8264ba3136712da077842d2e2e8bc4f5e85d3fe3809b58e0832742ac3a516f512c15de96622b5c81ecc4c8ed296dbb0dffb14170b44c4fa2feee8a85131d69677e6a76323c9b8101f45971072ef056a1a1674adec3e8438413067fce61e821df905f6963c5471a82365d8ec2dc55763344f77ac78b26a789bd95a381892f81b67bf5abba03305367ae33e3466cd92a7a1c101dfee6240dc6d0e3599c0f99d754184d9e1723a698475792e77129fcc7378f124dacf0ec6653ec0ba791ad4d997996dad4534093bb65244683022df47234b104712dcebf74ea78d6a0b52f744c4681c62486b9c41877506daaae9f62b4e630270989b363b6304dd7d00e2b06245877245754dfec064fb45a5b9032861bbc0b13b1159d111a0bfee4055b526faeff3b76df34461e1b6c84054bb9ec5420d4bdd54bb1db644f80aa3ef73d280408a4cac3eb2f44a278d4679659fc2b12c6eba7454f37f46c46c643d3c11f698feeb067a8f0ad700c76c2c8314544a0f538ac9e8dfe1dfccd2448e136c239ccd867b149a19d9e59e399e93a3969ba92b778cfa32866e239d5375116ccce2ec12ce4668572d3b786b395ccddcf20181c387311496062a50a9b7614bd8f89cb5d38d1261ee0c19a5d4bb9d89696647d2166bcc9e9a29f56aa783dc8995d403a290ecded95c60a0bdf73f750e804e3dacbfa52623dd08fa028b9b00caa5b74ba31286066fcf59a954f6cab2ccc82a579bd508c9b6095c34ffa33180c0f880b91e845426d9067319c2342f0106fec51db870a4048c4dc59204120bd343db1e55107bbd95315441bbfb5e243276471788c2a377beef2e5d7d4e957248fd5f4d61b2485dd4950618675b9220cbe5a6101ff9b2e85c70da78c8148c8fd09fa0add7fa6004664b27d145039495f111dba13eba777d657729b1251da998698c7b4ce8cd80c2ef72a196aa38dbad72baa97d3fd2f17de95cdd041979fda47a8c35d8d91f03e181360a2d437fc152dac723c525620d37c161d99b84cc0f4d5677e4a17edacb32d38cf855ca2870ddfdbfc8c93bd035388da0da3c4e02fdd3ac8443190f374a35e7aafdbf7a356c10107af81dc9eb6f86fef794a928b81a5c09738642442c746da136634f913d3a5984c42828a29966a89f3620195005ba83d78f70091714fc340c21ee96312f459981da1e86074c3bc92198a1eddcf237c22910f447fa3825e8ff3135a3aa7c0efa6e8da218518913041d86d01871396c32dfba26fcc545f4a2db13decdbd2af5435811f45c4b9d3c6e50439fe2eefc488da094004e74bffa01ca12b5dba56f4437dee3f21b0f99faee7d63c79516f0fc4812b0f7bb73d7d0dc8463ece7dc1a416ad0fda08a22e8738dab6915ec0c105206e1ed334761f3e9884b5c7bb2802206aee0fa0d7f4baa52572c05136778677ce6ef6a8cabb54d9f7ba0e4cd16b4ba3c5aa18876459bd2bf7b497db0280f24eccd5be87295d39d7982e7ed04ad4ffd73b8e572d9ce155b97410b3c6059b938c116e319992bcb33854581fc97c0d648442f9157ddaeb6d7b92258ea29e998bdcb466427916a291ad24239f0f24b41d3bde98ff23a4ce3d041ee9f098e69a24dad8fba660d5b36d6de3add24faeadba6696e39de7f43b436eaf82e29d871d2cf36c986342f496dc75bd2a0a5855bde4d217a04e8ac89111836b9f0f86f332a3be18d343d3153cd57f6ce84837c2ef0a811c72db9c016b426bf2c4d5edcb5fc69aa120a71ab788483ecd9d9d23b5befa0a54318bc8f7201d8714e00750da1d029ba6f3a5b46f64dcc6d41cacd9bbd9f5415eea098e7cb7da7cb89d87de9e790b25eb6e6d76050649eb341b254aaf4a7d177c7957fae98f7e0d43be4c088887a5e4ac92fc91458a8e08d6bcd04912a822916bfd6ace3d4fc006b13e55c39e5c3d41bf0b3d571ece6000da1cd55aaa41e05cddbc05d445b5598a0d039cd991b035b2fc65d16347f78573de32502581fa7dda73154e28fb0f49d7e7d70fe3d4aef952940fdaae79757b16af71a1dbf0aa01769b8a3a5ba3795a8917d6a4292614d150f4a8bf830a6c2360036ea259b19af38354f1ad75583dde15c1455559cee685ddaf18254b5865ca9c89b3f2c2b99e0f2ac0223fecdf716c0f13d1d78b52958372e45d8180b0431fbda3b61b550b310156199532d76568f47bbeaa59163b1ad9b9c279e98535ba34d844fedc565c501d21c2eb487618238d82c5eaac840b604fad758b5c8c60f8ce0692097607308ab800d2ac33c496003fb38b970e06b0a92fe0f0529625799229c7b0cf8b273eda0ff2ebd782a1a0dbfa57c571e7e7eb9c90bd329c433f218f8cf1b88bd3d7be8187614153936e44ada1098491f855c115868f48b4bed0e5ae47ae2007a07be149234c5bb98db589d6f11d4c3e1430658c86b5dcddf350fe35268eaca6d5d8dd3350aff9f3cc644137703259f3f788f3e675dc8efb628338c59bb1c39384f3f7794d2cb13cf019869bc46a1f7c4189dfd6916bb333653473abf729392e2a2d4937779b2322d84a21c1c68b4cb34d1e97aeef2a295d6858144ae86163f6e21c05359be63cae05faf0881627ad1adc97a622fabe426a06000e50525b10531e6233057aa3eef15443ac7e7fd2f6995a501443265f047860a32972c703c02870c9d0b5fa8ecb09e112ed440ed25538ae19a03a0feb51495d87b7fab73e62eabc972268b40d268a872cbeaf9cc0aff4945c6f547634043de4e8f8d2a677b664db1b0de3b6f27ca372ec10b5a4f8dc85cb3ed82e8ae2479910ac73e9e7cb3a1188be8255d95471e2a2490657cf23824970778912f64d15cb57145bc6ab4e64aa29798361b0f8f1cd245d9282ad7398c3776992f0cbd13c9bdb699ef1b273ebb1584233e15d2cf5fd8f08adde350effed4740322a987c43e2a5d2b64531d9e9ff1d0eb98b32441bd6c2c085e260a9b6b940a0f28b134afe51f95e50bb14afebafdd9635b54dbae08246d5716a6f762cf7ee60f7c6885ef160820496cc3c239911fe659115993fe4375fd60c2dee75be293eabd4ba6fccf8b49f26dd222c43d1319f0a79bd5bc2d6a9bf65bb357d8d291f7ec807620629987316e8257cb62eca260bd4e7175548e048028ae92886321eb46b9bc42dc4b74512d8ec8e4a7d65c867bcfa18d81166b9ca4ab1787e41ad3d21f9745b13030bf0c511c3c8834987bf66213f0900843790a9399bb20cd02fe06d0fea9f19f109ada09e19fbda20cd7b494f68a2c63d279aba416540801efea1fff1bdcebaa739fae94e8d4dc45ce1a5d5b6248382ca82601046f70a36778bcdd18800e52f67b14f8e69fb9611a4243d4bbd482a4fa7d487fe7b7ffa2525342c3d29bd7cc72100ee45b6ca816893a894571537987f51ab71d9baa3d65d5788d6d6208614803fc29d5c9f6420f49f527c903533e170a0ac6b0ebf8faee359c96ebdc9452d747b9e2cdca9cdc60d909dd03771b1cd7205e52aecc6b366955fbcc8147610180d7659c150fb3bfdb03c565a8f8e4c41bebc9fc13635c6308d2cd2ae66815d3418c372a00751f2bc3faca497f9b91bdd0f20399677f1d0735543e97c43c280837f4488658592227e68748684bb781dce560c7dad209cbecfa0d30d43467827873da874b0ab56c55f285b59003abe8413981f191cad3244d51cf7ef2b264d3f3779dfe04db724a2bdb574ec35f75b1b72a618597e63dbfc7e33854cf7a4a54038f620e46063680a71ac9900f5747f6d9ed9e4170e7d5e6498b6779385eba7575230eba59e27bc70f908273187e3d4da1146c45b99501d1546919e461bbd4137cef4bbaefe546d004ac39335794c540efa7b2f5c2073b22b383573cd85cea8797855d10755bcf15d8fa2c8e8cec68a0735a14d6a9121270769dc35ea7f992b5306b17ba554505d02e86cd0fe043d610b0a8fdbaa1c6f7d0d3829bcc5c406c1b08dd338b8acad60174d29841e0f8818a9a7e8c834d078008b5b049a934af0574c4b930d5190861d1b094d069b64f04090ff9894624efb6cdf3390d5987b09af19a726a40fee3e60fad81e94b7555c55464fbbb170997752d6af9de5655935e1fa2573afc5fa1c8dd7c6aef10086471d5806761dbb9ea1c8a89a90ab4b00e7324e183603ef005cfaac38f5982d693c002aea2cb34bb5d51ec6a77083f5130fe4ca09790803d9f35ba326fac5cb91c9057b7776d9439d69d467356ff7bf7292f9c0c61b8c1d91e73e4393cbde1814aaf640e8da0152e11060c7aad73b9fceff5c9e876563dab7208557fbf93ea28ab4cd0cc3a75de6b403d00bf632364fbbdd729e7f762e0886c63d431ac8c79d0d35b88f3283c863957350d6bcace65c32859830b71e429985dba3fe3b875ae512c94ca8faf822de97d64c4da8262fb4f1e64d74a9c31b4479a0ee190ee0456d8234157c28c7503a87d00ee4502c08110b17ece8c5844426f62ba9d14f24147a20d143b04031e15ce696db5d8899bc44470e6e9485beface56f57727d0e5e9bb85bf7b45d6375f208c32a1cfb930e4c343b67b47a4ba0d0102ea87dc8c2c6cc9fc6e1b676021c27677b5ffd9e6bc37bd7037194e61985b39a6f5644613ce70ed23e200989aba228a8af04bd6fa0b6f63f3bbf24871c47f9f7aad8159dfd208b37393c97dd54bc10d3ad435dbe98a4f4a6fcbec9c018f465c4b11041acf8967af8c0fdc7d09aed24e7c38e165788e865d5ba5af30e5039b1e1096c0e0897585a512bc8ccdd1f488d3babcd30dda6171da7e3e2c436a769d772ee4e924aa892433e262f157f4856d37b3e6be1642cbb6197443e4935f51700cd7e7e75c1dd43a179923c184c19dc9249f06a6f4d5d9b76f6a781d9f435d8381d2f3b1d4aa8f351144979f6e3d2a1139c9b3c4aac8b68e54b524d9127c8a373d5efd2d79ee4de83a1fa90cbb03563a968855c1276a6181b5ffde5840db0fe7cc93059db678e7bcbdf48d9f2fb48f53f9eb6fae0ed6bf1971d4562018deae9932d7859c84cc9228c8a003e6dc6525102574996438ca63d72bc3685dd2e6dd5fab0086876cc6af55d11365376412dac2e3b61f78498ac748da3285d0a28885bc7425ba8c752146a6ab0851f6980ae6568c2e715e7bb7b50544947f4b143345df30043004df071913fc8f4b4affeac85d518b0ef0ef56d0c8e01164f160de229de3fde129c8ef0a58b34f3cd3272717c5157038be93f8f4206c9d215478a304374ef042f4e28c30ceca28b7211887762c1b581f4159faca443707920c4921487e8aeaa7dcd38b1e141088caa0f1d9ccb4bf1d6dd17d95e65ee341fc81d24f478d20c22227005b8edba287438ea872cc6cce636e531650252c03cc632224deaf4dbaff62978ef4b06a9f314fac06503dcf2565794545b5b1557c8f1b4b9b967226130ffc65f055272dc389decfcdf4b953d750f0506e290e6cd6182", 0x1000, 0x2}, {&(0x7f0000001300)="92a558c07fbb46ccc432e7b5cbb1047647181768080ba9a66faaa685c7a75c129bfdb3e5dc07888e86ded206ff4530a044a1bfe59566373c87be75c7f311498628f19b078ce7044effdd20b0fa0611a2cef46a2577567b468fe6dc82ac235e5ac411948098e99432919ff367d2be7f1fbd340df53fe0b3d0854fa8b8f24fd5b004143fbd32f0e2699f8fa00de9e70227198ce1f9f412798647d6e005349d99ca6f4b9ef51dffdf81703715360087c1c2769170cda12ee462aa4e2d205f65e3fc21532fda58546709b5bc15f5effe9176ec40d503573151fc40a521880877b2e1292f33393adeb75158bd64ee1c118be78d123d051e6ed2d91e21faaddec85f6dceeb6d945e5bc6153b75c682850680fd987293c3b217d88c2fc5bfd19f5ede7cd01065e18a9595aae4dd70f8d6caffa6a9de8a59224fc3be14640d40dbf9f53809ba6d2adaf3776e90feffa374214cab7dad8a487b1a8b2dab0906a90bc1496c4a95477e8fe1060165f8668ae714e64670accd0fd0ed33db2742e227c4c6bec3200a257e867ea9a885344e543ec767859f1209accac0f1f9b9b69c8236c826e13ab51ad29f80466c547a49528186f49c56588b2d3724c8b196b8c2457a7577c5f2c5ba33d98ed16fd4bbd6a482211b65f037f3db7e9bc5e12a794f297cd8ac3bf4b97986e5983adea650c2be54546889bf4109919f2912d61976e15966ef1dad09fd17f6f2d997461109a82773abae9552005070e71e988c475dc2b07760b576261062dfca5b0bec87f02bc2ae92b53611246cc0f6e15e865e9d97d81b38fbfe6c08e3ddcbfe8860ab104458d6196f053e0f9cfd10a854fa39ca8ec584bbbfdf51d66d0903c2e6505f93bfd15a1037918462fe508a398776ab0c7e2e32442681432391aa16597bbab9f948e16cf4670264e0efbae5bebb3066fafb4265874d90773b199694ce0ff1d6d9669689476af5d6a4da91281ac6d65230fcf675dfe0b9aeead82317cc565a5089209503f99534fa00baf9148d5f56bf7d74c8f458d11f792ff526cc61056570cb8738107fffc6c8d5b36d985e1e82b58755f75bed1fd7d55e3626917eaa830e2eade2e128b2943f7acab924d73b41943f29088c56a7d0e981daa9c54e284d495c52b2ae08d7a1b7fc14b9101c574c92a979333a6174de66445ea69ead33b743c38cb4e9a71f8811aa0d024b9dd7a682a6bd222135863ef0aca4fb59d7bd8f6fff4d13cc05b95752e49a2021db4e16151f645f30398c07a1e94389e61fe36c541c0455f831ead05fcd7cb3f9da17901ec63924db622d70bdd10acaad5c2c4b2e669e7063b233cb3d018394b020fcbbfbdc827257d3b3b58b1d236a732f1b2cceb8bae40a5b2550657cfaa9104ba77d9d33b1e45bc2bcb53e1f7f4078bd36e48a0ed1b2905bdd713183dcbfe6be5abe1b0c4dbd0037603a7be3a752eedfcb73fcffd9d67d5089752f608c6e4b5a2f413cd074275758eea459f9ada447f64610fd6be3ac2aa7bb9808dd5d58458b3053c79886ce8a5b44cb5a3182f9524bfbfe9c5568cd88a2ea331f6fd6fdd0b1844d2d251df3a30754298529a000dbe2e4e9b02bcd30ced0cad93e411d8b19f16305ec32afc574817bdf68b4c3647b2dc8d60741e213f1e56f9e2c0daa3a6b44a5420aebf4208df43057d843aa48b1813bc3a0621f103d4a676c7f5acf1b7202576516bd2c232c229184a2ab0a865697705b4ebbaedd828f643818896eada3faa6c6384de7ed2831dd6974f62611028c056177e6141dd9c2c520962eda64ff33ee9ddf86503739deeb54ac4b19718ef6af309882a3d7056b2c36de5674d06db4b51da3f9f54eb65e0938600883a33aa1b580ca5c667820ec8ce8a513f3c132a64d068d7134d704fcc735c7fd032ab94af0a01e4ed1974d8a210ca00d9f1a5871ceb085f14cc4bba779c0925696687b7b35927bda08fe1c559b94a350e2c5d716247928d9345a8776a0b45b18eae3da423fad623fe45ecd4b2233dc7c6ed481d3795a8080741c7465c3d6e28ab448e89efbe905969fdec8ad7d4102e545f5e68928bd695e854045c4885818235529f23091c66464d0f828e57ae4683ccb2c62a5ad867ab31ade160f9706215c1254cc8767fae33da2df1e13013c36f1aa20eb1a1c2328b00bf080063282f2a1f988c12b7f1c037df7b4ea6daa295530e0c9928ab1aa0d1bf5fbaab921b75402c1e80088e183d65edd00aadbaf6eb45ab294eee11f52b37c41c13bdda2ca0824546b7e688ad7155f23c433e16df9b8a4bdeae813090bad6c0cd2cfaec49df048608df923e4cab05ec8ca14451da9201ec4e1c2abbc7163f00160560afaf58e51f529bc1e2721e40c865e02430ea991b9702f6e0a960646e90e6fba12177c645e76c01f7cd116b0e84efdbe5f99e345b98784fa6deb290f238a42e51cd6036aa3e620d8ca73d9e9378f5411109dc69936af6f1a56367ef914294579a4c5e2982ca147592b7cb4c75cc60cc486adc414cb977d9972c971e6d75e2fd44e6bda80e1395ca226ddbd8647c1493ae872b2ddc1bc6b8a189196da2fa023d77bf14cd460b6366103e6ff65bcf8778b0ef13a41c2af65e2a64f1ad0bd4b063287452365db6bb520f4439639c89a1a8300fd39f8e388549f6c066a5e66975da31f361944d1164be09844a18e5043113dfbe4a3f46418cd42af4087c3a6ad7e281e7d7db2a4c1fe82772b87cec969224ce3f39f08811227d00925b59219e48a5ac978d6a694e32a7a5eabb45518805bf9dc1fb88a0379ce32ed2d5707fcac09a4381f2b39db2103002fff67031721a69881b17a534c69bd37fc449cb31d9116cab1c4f8df831989b2590499bedd73f7919bd7a15f0700221ad386fc353c793b72875c904ec814801c955bcf0885b526dd51906ec0c6d71fe5cbe4471c0c88060dc3408bd633eaaf9c1cdef6faab27c80852605989a08d19dc0f8a61b2809a0e872215139653167cec4aa13257739d691a34c47b140ffb56d03c176b4744b81a20b683efdaf16b49801e8909e7561a81ca4d488c49249ba8d6914352bc834cedcb5fb339a5b54c1856233217e5a0a7585ad78d31d76538b0e0a2cadf030f8aa4ffefadfbc45dec91905be13a15b6de176cc7c3307b647fcc3e836a582061ea4f0abe790f00ea9073f116b8ddb6cfc6c14ec1e24049fdbde4aebca16357047778b092763fcb497625dc5f1d29a8397c945ad95b55b250b3879448604a82cc4c2d09a8183bffd5c7209fece936e4833a379b0c6ba249d64d0eed07be6bf292c89b43b354fa11a6e6afea59a4cd7eab609916aa8ad9c186a20506d39bd70b24f0a16dcd34f8862ae7e64458c452be798d5e9534e629df2ed1b0eeb5bb870ab6a372b8850f455d4e6b9e7dadfa9eb2088df302936960b1975df56211b563398879f2fdbb9a1cec005bfcabbd91a90eb5fbd7fcbc99f5fb551a2fbfa53d03d530a7d9e09ffaf20c421b58a4233804a79d290ea4fc28a6de4db18cfe97c540a0ac138136a2e1080291b05f648224f8a96473274bef616e7419b7d222329e7c83634eeedfcc3e95e40bfc3f5cd9436f2dc027c45ba4327fc1dd71462e0114b0428cc3d65ed2b001ea957a2ee63ffdb5630228460a2961a33f79a3fa0ecc43f132918dde70ba37a47d6bda4d3eed6ec1821339611cf42da8477a641eac2ff557eb10c22b4bdba36a5ddb10555f0a6c59b57e1b813c446f93ff864d01baca55f98e37b4ffe6f1c535f1f3aeed454a85c40dc0dd80c348f3cf0b346d516961f516ab3a0e9bb7421f40939c47fa124008af0e615182445d1523bd7919380b351e4429a9c382fa12cf304912d1077a60d89577729ac10ea41b0f020899eb95bc8f7f4960b74ac527ec03984a9731aa88a0ad96bb2eddce7f2e2b2d9e3986f0a7d4e17bf5523e87ff280724c1320df6554a841d2abba9c66dfe16fa1cbcdde126b9477eb86526b4089ff6ddae6f02a2103b296620a42f9e21032b666961b8b151981e164d5232048438618dcfec9510c6a9f9c1f952dba052fb81a23a50880adf50c6c6f98ceaf39234f8f1be9f407dca589d9067a41c04a63155ba1163a49dbf55ef2502ac252a55806e68c7a7eceda3003a7dc86f500b51930f0c3f029bf503b57757d65b203318430575f2e458ab0d2f73c10cd42546421be1c636a14dcdad1813d4ff02be5079569b4ea4605e91d087dcbdb60759b7e13baf5e1ac2c0bd36e8e34b1ae453471dea785d6ea616998f5b4187d754bade2f889e9af640f94360ecda360fae2b99689b1b2c899ae5448150e39677cc4ffb20f4235c3ff1f1b333591fb5c4049b48c05f0b59157460011a2b61e4a7c60922dcaf7e438e3a6e996750dcd679a1dbd27f2905bc16c9c63bd64941828a759d2165f2ad7a45a20ec8af432d5d0fe832a8dfe7df8d9f7aac624d4e7d87edbee78e2512f5d66305ce41927a9b2a543e02eeb5a81beb343f49e49b74b8f24d48b64f8bf8bfe80cc1b5b8319433cb0aa7df0b43f6117ae78d408863c5388b9037771561c08b7fd9109087a0651a8484371f00e9ac79bcd68b01583a06ce91f0803f03bf0d56229ba51a28e6c9161472b6ee4a7c172da30c08080b42faf6a3289aa89c3aecf5adcbc010788ea5067c96720bfcfd6f1c3ae2f152394b10fb3c8792f288af8c599545c1a61b62c67a8c5af9c661cb503d362e466b528cc9d0914f85134064d06213f200091d909974c19cf28c310fe048c8dac0e5f63915e6980457705a01ab56a3f69cb96e10b8c537d5c8fc9d496c166eac5398641233605818b8ae9fa6f5e1fb497d5cd31b95cc35ec1372f02e1cefa34665a7df7dbbe0bbce84dc24f1e00e854dedf19b7cb98b0644804c3a88ec858fd4a1d27c622b552c1ee5483106c4994cca6f9720d92a8b32177b2b0a4a5ab2491f1a8e5ae03ef58229a03cc5313f668a1f7b29c0ae292cd03e16ab94842e761dc98893be292046df83c2c140de8b236ca5a8fd0cc1ba51ccfe49cec0df3f62e891236b1ea701671251bbb84e18de3653dc2fbfff525ee4fa3f46e26cde4adafdf5a45277a23f833194b3b0a89c7aaf58f8ee04a13b6f15ea76a3cc312add2dd1ba09999878d2214b1656d0bcb9ad7b3e08d30445e2144bf6462ff1d9f61dd7df3edbe13bbef34e3c0424c41d916dc9555f9e06ccbd31e8245db4016fffb14ff770aa7f77fe7c7974fcf6364f9fac5f7edeb4fe0e2f5a925a5da9565c4ef79d244e1328c8e4be3b167be2a1b22c3567cb31e36a81bf8f886514518d2718e55138c777d1e56e57b179f0ff09511c3f30154eee5b20d57b684ac02c8ff16e4d2a9aca695fc435671c7a18f465368d441682df7e40c5535ceb508762cd0537ef060af9e63161d1f946e204765f2f816abf3cf922ab0b83c286eb4a70bca2fa929b0ddfdd88f90620f0d47b7e4aa179356d75a310cc3840b953f6e782fe2dbfc91dbc6001fa469c31123e851f3f071e208af891ca81283e7e4fb8bd2253cd2bd6e85d305b0d5055dd50d28838b8a0654fb21da1e5f64301397fa936cb858f6ecfa3f79ccbf193958dc338aa70f5663f62c541f87ac70f11723e15668927462fe8753a3ec3aa382416f296b2ce035807a59b94c108813880aaf610df777feb1f43a3141eca477cb51fe7a11ec2f0341dfae09bb5244aed7a3b8c9e8d63ef376d0be3777bf5cdd9dcb53737ce9c5081d27cd27788bb04dc7dc16d60fa652fed2313d4ea24b2fba3f0a8880a36cf94d3c9d03cd17a91070b8b5d2c5d5d2f81a98934b3", 0x1000, 0x80000000}, {&(0x7f0000002300)="8c8736ede1601cbb88089e372332f02eea2613ced0f05236fd37cef6598799d7b8a9c3dcb9e236c3655e0dbb01eefe118753df1e4780081c1cfde8292aa591a07476706cac6229c58cef5a60af39d78f196ba597eb3f4ca7c1f45c9983856a135ce77322091d279ce6a06c2c02ab783adb77a220436c337f4b921340e232be546c3745e1f3aa277e0d43088d4c6f0d38c6a3a7f975de85da6fa244402bcee7fa35a3941159e89903b3259605ae9d44", 0xaf, 0x2}, {&(0x7f00000023c0)="f25145359b486af3b08994c3b28fe4cc89c12b7904fd346e1095e125f89e7970a0218bb083e99ab9d7e8439c175c228bde06ce8e33ba32780e9d5bc4f7acb91b0803494c7675623dd61c5c67809de9ba4a02cdb2a85207b2c304db1b78a43a0cfbe625e8cdd39e3fac09234f", 0x6c, 0x574d}], 0x42859, &(0x7f0000002540)={[{@huge_advise}, {@mpol={'mpol', 0x3d, {'interleave', '=static', @void}}}, {@nr_inodes={'nr_inodes', 0x3d, [0x25, 0x33, 0x38, 0x37, 0x67, 0x6d]}}, {@nr_blocks={'nr_blocks', 0x3d, [0x65, 0x30, 0x16, 0x30, 0x70, 0x35, 0x33]}}, {@huge_never}, {@nr_blocks={'nr_blocks', 0x3d, [0x38, 0x36, 0x30]}}, {@nr_blocks={'nr_blocks', 0x3d, [0x2d, 0x35, 0x38, 0x31, 0x33, 0x31]}}, {@size={'size', 0x3d, [0x31, 0x65, 0x30]}}], [{@hash}, {@euid_lt={'euid<', r2}}, {@smackfsfloor={'smackfsfloor', 0x3d, 'vfat\x00'}}, {@audit}, {@appraise_type}, {@subj_user={'subj_user', 0x3d, 'vfat\x00'}}]}) (async)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000540)=@IORING_OP_POLL_ADD, 0x3)
r3 = socket$nl_route(0x10, 0x3, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000400)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000180)={0x0, 0x0, 0x0}}, 0x0) (async)
r4 = syz_io_uring_setup(0x4959, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r5=>0x0, &(0x7f0000000100)=<r6=>0x0)
syz_io_uring_submit(r5, r6, &(0x7f0000008540)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x10001) (async)
r7 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r4, 0x10000000)
r8 = io_uring_register$IORING_REGISTER_PERSONALITY(r4, 0x9, 0x0, 0x0)
syz_io_uring_submit(r5, r7, &(0x7f0000000840)=@IORING_OP_FALLOCATE={0x11, 0x0, 0x0, @fd, 0xda5, 0x0, 0x0, 0x0, 0x0, {0x0, r8}}, 0x1) (async)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000002640)=@IORING_OP_TEE={0x21, 0x2, 0x0, @fd_index=0x1, 0x0, 0x0, 0x40, 0x2, 0x0, {0x0, r8, r0}}, 0x1)
write$binfmt_script(r1, &(0x7f0000000040)=ANY=[], 0x8800000) (async)
r9 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0) (async)
r10 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r9, r10, 0x0, 0x80000001) (async)
r11 = getpgid(0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x80, 0x1, 0x0, 0x38, 0x1, 0x0, 0x9, 0x8000, 0x2, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x2, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0xffc00000, 0x2, @perf_config_ext={0x8, 0xffff}, 0x2000, 0x8, 0x2, 0x0, 0x9, 0xc46c, 0x4712, 0x0, 0x3ff, 0x0, 0x13d380}, r11, 0x7, r1, 0x0)

[  324.234515][T24705] loop1: detected capacity change from 0 to 262160
11:47:00 executing program 2:
mkdir(&(0x7f0000000140)='./file0\x00', 0x0)
mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0)
r0 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0)
r1 = openat$cgroup_procs(r0, &(0x7f0000000000)='cgroup.procs\x00', 0x2, 0x0)
writev(r1, &(0x7f0000000440)=[{&(0x7f0000000180)='0', 0x1}], 0x1)
pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, <r2=>0xffffffffffffffff}, 0x0)
write$P9_RLOCK(r2, &(0x7f0000000280)={0x8}, 0x8)
getresuid(&(0x7f0000000200)=<r3=>0x0, &(0x7f00000002c0), &(0x7f0000000300))
newfstatat(0xffffffffffffff9c, &(0x7f0000000340)='./file0\x00', &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, <r4=>0x0}, 0x400)
r5 = socket(0x10, 0x2, 0x0)
getsockopt$sock_cred(r5, 0x1, 0x11, &(0x7f0000caaffb)={0x0, <r6=>0x0, <r7=>0x0}, &(0x7f0000cab000)=0xc)
chown(&(0x7f0000000000)='./control\x00', r6, r7)
statx(0xffffffffffffffff, &(0x7f0000000400)='./file0\x00', 0x4000, 0x2, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0, <r8=>0x0})
r9 = socket(0x10, 0x2, 0x0)
getsockopt$sock_cred(r9, 0x1, 0x11, &(0x7f0000caaffb)={0x0, <r10=>0x0, <r11=>0x0}, &(0x7f0000cab000)=0xc)
chown(&(0x7f0000000000)='./control\x00', r10, r11)
r12 = socket(0x10, 0x2, 0x0)
getsockopt$sock_cred(r12, 0x1, 0x11, &(0x7f0000caaffb)={0x0, <r13=>0x0, <r14=>0x0}, &(0x7f0000cab000)=0xc)
chown(&(0x7f0000000000)='./control\x00', r13, r14)
lsetxattr$system_posix_acl(&(0x7f0000000100)='./file0\x00', &(0x7f00000001c0)='system.posix_acl_default\x00', &(0x7f0000000580)={{}, {0x1, 0x4}, [{0x2, 0x5}, {0x2, 0x5}, {0x2, 0x1, r3}, {0x2, 0x2, 0xee00}, {0x2, 0x0, 0xee01}, {0x2, 0x0, r4}, {0x2, 0x2}, {0x2, 0x3, 0xee00}], {0x4, 0x2}, [{0x8, 0x1, 0xee01}, {0x8, 0x4, 0xee01}, {0x8, 0x0, r7}, {0x8, 0x1, r8}, {0x8, 0x1, 0xffffffffffffffff}, {0x8, 0x4, 0xffffffffffffffff}, {0x8, 0x0, r11}, {0x8, 0x0, r14}], {}, {0x20, 0x8}}, 0xa4, 0xe5897f9bfbfe1c30)

11:47:00 executing program 2:
mkdir(&(0x7f0000000140)='./file0\x00', 0x0) (async)
mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) (async)
r0 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0)
r1 = openat$cgroup_procs(r0, &(0x7f0000000000)='cgroup.procs\x00', 0x2, 0x0)
writev(r1, &(0x7f0000000440)=[{&(0x7f0000000180)='0', 0x1}], 0x1) (async)
pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, <r2=>0xffffffffffffffff}, 0x0)
write$P9_RLOCK(r2, &(0x7f0000000280)={0x8}, 0x8) (async)
getresuid(&(0x7f0000000200)=<r3=>0x0, &(0x7f00000002c0), &(0x7f0000000300)) (async)
newfstatat(0xffffffffffffff9c, &(0x7f0000000340)='./file0\x00', &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, <r4=>0x0}, 0x400)
r5 = socket(0x10, 0x2, 0x0)
getsockopt$sock_cred(r5, 0x1, 0x11, &(0x7f0000caaffb)={0x0, <r6=>0x0, <r7=>0x0}, &(0x7f0000cab000)=0xc)
chown(&(0x7f0000000000)='./control\x00', r6, r7) (async)
statx(0xffffffffffffffff, &(0x7f0000000400)='./file0\x00', 0x4000, 0x2, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0, <r8=>0x0}) (async)
r9 = socket(0x10, 0x2, 0x0)
getsockopt$sock_cred(r9, 0x1, 0x11, &(0x7f0000caaffb)={0x0, <r10=>0x0, <r11=>0x0}, &(0x7f0000cab000)=0xc)
chown(&(0x7f0000000000)='./control\x00', r10, r11) (async)
r12 = socket(0x10, 0x2, 0x0)
getsockopt$sock_cred(r12, 0x1, 0x11, &(0x7f0000caaffb)={0x0, <r13=>0x0, <r14=>0x0}, &(0x7f0000cab000)=0xc)
chown(&(0x7f0000000000)='./control\x00', r13, r14) (async)
lsetxattr$system_posix_acl(&(0x7f0000000100)='./file0\x00', &(0x7f00000001c0)='system.posix_acl_default\x00', &(0x7f0000000580)={{}, {0x1, 0x4}, [{0x2, 0x5}, {0x2, 0x5}, {0x2, 0x1, r3}, {0x2, 0x2, 0xee00}, {0x2, 0x0, 0xee01}, {0x2, 0x0, r4}, {0x2, 0x2}, {0x2, 0x3, 0xee00}], {0x4, 0x2}, [{0x8, 0x1, 0xee01}, {0x8, 0x4, 0xee01}, {0x8, 0x0, r7}, {0x8, 0x1, r8}, {0x8, 0x1, 0xffffffffffffffff}, {0x8, 0x4, 0xffffffffffffffff}, {0x8, 0x0, r11}, {0x8, 0x0, r14}], {}, {0x20, 0x8}}, 0xa4, 0xe5897f9bfbfe1c30)

11:47:00 executing program 3:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x0)

[  324.325245][T24719] loop0: detected capacity change from 0 to 262160
[  324.337290][T24721] loop4: detected capacity change from 0 to 262160
11:47:00 executing program 2:
mkdir(&(0x7f0000000140)='./file0\x00', 0x0) (async)
mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0)
r0 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0)
r1 = openat$cgroup_procs(r0, &(0x7f0000000000)='cgroup.procs\x00', 0x2, 0x0)
writev(r1, &(0x7f0000000440)=[{&(0x7f0000000180)='0', 0x1}], 0x1) (async)
pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, <r2=>0xffffffffffffffff}, 0x0)
write$P9_RLOCK(r2, &(0x7f0000000280)={0x8}, 0x8) (async)
getresuid(&(0x7f0000000200)=<r3=>0x0, &(0x7f00000002c0), &(0x7f0000000300)) (async)
newfstatat(0xffffffffffffff9c, &(0x7f0000000340)='./file0\x00', &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, <r4=>0x0}, 0x400)
r5 = socket(0x10, 0x2, 0x0)
getsockopt$sock_cred(r5, 0x1, 0x11, &(0x7f0000caaffb)={0x0, <r6=>0x0, <r7=>0x0}, &(0x7f0000cab000)=0xc)
chown(&(0x7f0000000000)='./control\x00', r6, r7)
statx(0xffffffffffffffff, &(0x7f0000000400)='./file0\x00', 0x4000, 0x2, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0, <r8=>0x0})
r9 = socket(0x10, 0x2, 0x0)
getsockopt$sock_cred(r9, 0x1, 0x11, &(0x7f0000caaffb)={0x0, <r10=>0x0, <r11=>0x0}, &(0x7f0000cab000)=0xc)
chown(&(0x7f0000000000)='./control\x00', r10, r11) (async)
r12 = socket(0x10, 0x2, 0x0)
getsockopt$sock_cred(r12, 0x1, 0x11, &(0x7f0000caaffb)={0x0, <r13=>0x0, <r14=>0x0}, &(0x7f0000cab000)=0xc)
chown(&(0x7f0000000000)='./control\x00', r13, r14)
lsetxattr$system_posix_acl(&(0x7f0000000100)='./file0\x00', &(0x7f00000001c0)='system.posix_acl_default\x00', &(0x7f0000000580)={{}, {0x1, 0x4}, [{0x2, 0x5}, {0x2, 0x5}, {0x2, 0x1, r3}, {0x2, 0x2, 0xee00}, {0x2, 0x0, 0xee01}, {0x2, 0x0, r4}, {0x2, 0x2}, {0x2, 0x3, 0xee00}], {0x4, 0x2}, [{0x8, 0x1, 0xee01}, {0x8, 0x4, 0xee01}, {0x8, 0x0, r7}, {0x8, 0x1, r8}, {0x8, 0x1, 0xffffffffffffffff}, {0x8, 0x4, 0xffffffffffffffff}, {0x8, 0x0, r11}, {0x8, 0x0, r14}], {}, {0x20, 0x8}}, 0xa4, 0xe5897f9bfbfe1c30)

[  324.408722][T24730] FAULT_INJECTION: forcing a failure.
[  324.408722][T24730] name failslab, interval 1, probability 0, space 0, times 0
[  324.421366][T24730] CPU: 0 PID: 24730 Comm: syz-executor.1 Not tainted 5.18.0-rc2-syzkaller-00275-g59250f8a7f3a-dirty #0
[  324.432391][T24730] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  324.442464][T24730] Call Trace:
[  324.445741][T24730]  <TASK>
[  324.448664][T24730]  dump_stack_lvl+0xd6/0x122
[  324.453312][T24730]  dump_stack+0x11/0x12
[  324.457541][T24730]  should_fail+0x230/0x240
[  324.461963][T24730]  __should_failslab+0x81/0x90
[  324.466846][T24730]  ? mempool_alloc_slab+0x16/0x20
[  324.471874][T24730]  should_failslab+0x5/0x20
[  324.476382][T24730]  kmem_cache_alloc+0x46/0x300
[  324.481148][T24730]  mempool_alloc_slab+0x16/0x20
[  324.486073][T24730]  ? mempool_free+0x130/0x130
[  324.490751][T24730]  mempool_alloc+0x9f/0x2a0
[  324.495265][T24730]  bio_alloc_bioset+0xe4/0x730
[  324.500053][T24730]  submit_bh_wbc+0x161/0x2f0
11:47:00 executing program 5:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
perf_event_open(&(0x7f0000000300)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1fd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xbfffffffffffffff, 0xffffffffffffffff, 0x0)
syz_open_procfs(0x0, &(0x7f00000001c0)='net/ip_vs_stats\x00')
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(0xffffffffffffffff, r1, 0x0, 0x80000001)

11:47:00 executing program 0:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x0, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
syz_open_procfs(0x0, &(0x7f00000001c0)='net/ip_vs_stats\x00')
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

[  324.504655][T24730]  __sync_dirty_buffer+0x141/0x1f0
[  324.509831][T24730]  sync_dirty_buffer+0x16/0x20
[  324.514606][T24730]  fat_mirror_bhs+0x268/0x330
[  324.519289][T24730]  fat_alloc_clusters+0x983/0xa80
[  324.524467][T24730]  fat_get_block+0x263/0x600
[  324.529072][T24730]  ? fat_block_truncate_page+0x30/0x30
[  324.534601][T24730]  __block_write_begin_int+0x33d/0xc90
[  324.537355][T24736] loop3: detected capacity change from 0 to 262160
[  324.540102][T24730]  ? fat_block_truncate_page+0x30/0x30
[  324.552045][T24730]  ? PageHeadHuge+0x3b/0x120
[  324.556695][T24730]  ? fat_block_truncate_page+0x30/0x30
[  324.562171][T24730]  block_write_begin+0x77/0x170
[  324.567036][T24730]  ? cont_write_begin+0x3aa/0x500
[  324.572123][T24730]  cont_write_begin+0x3cf/0x500
[  324.577067][T24730]  fat_write_begin+0x61/0xf0
[  324.581715][T24730]  ? fat_block_truncate_page+0x30/0x30
[  324.587202][T24730]  generic_perform_write+0x1d6/0x3f0
[  324.592539][T24730]  ? fat_write_begin+0xf0/0xf0
[  324.597375][T24730]  __generic_file_write_iter+0x172/0x280
[  324.603012][T24730]  ? generic_write_checks+0x256/0x290
11:47:00 executing program 2:
mkdir(&(0x7f0000000140)='./file0\x00', 0x0)
mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0)
r0 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0)
r1 = ioctl$TUNGETDEVNETNS(r0, 0x54e3, 0x0)
ftruncate(r1, 0x8)
r2 = openat$cgroup_procs(r0, &(0x7f0000000000)='cgroup.procs\x00', 0x2, 0x0)
writev(r2, &(0x7f0000000440)=[{&(0x7f0000000180)='0', 0x1}], 0x1)
pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, <r3=>0xffffffffffffffff}, 0x0)
write$P9_RLOCK(r3, &(0x7f0000000280)={0x8}, 0x8)

[  324.608388][T24730]  generic_file_write_iter+0x75/0x130
[  324.613768][T24730]  do_iter_readv_writev+0x27b/0x300
[  324.619012][T24730]  do_iter_write+0x16f/0x5c0
[  324.623661][T24730]  ? splice_from_pipe_next+0x34f/0x3b0
[  324.629193][T24730]  vfs_iter_write+0x4c/0x70
[  324.633726][T24730]  iter_file_splice_write+0x44a/0x7c0
[  324.639177][T24730]  ? splice_from_pipe+0xc0/0xc0
[  324.644109][T24730]  direct_splice_actor+0x80/0xa0
[  324.649116][T24730]  splice_direct_to_actor+0x345/0x660
[  324.654507][T24730]  ? do_splice_direct+0x180/0x180
11:47:00 executing program 3:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
perf_event_open(&(0x7f0000000300)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1fd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xbfffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
unlink(&(0x7f00000000c0)='./bus\x00')
syz_open_procfs(0x0, &(0x7f00000001c0)='net/ip_vs_stats\x00')
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

[  324.659619][T24730]  do_splice_direct+0xfb/0x180
[  324.664394][T24730]  do_sendfile+0x3ad/0x900
[  324.668891][T24730]  __x64_sys_sendfile64+0x10c/0x150
[  324.674075][T24730]  do_syscall_64+0x2b/0x70
[  324.678538][T24730]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  324.684415][T24730] RIP: 0033:0x7f53af6750e9
[  324.688807][T24730] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
11:47:00 executing program 4:
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
r1 = open$dir(&(0x7f00000000c0)='./bus/file0\x00', 0x616802, 0x1)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
write(r1, &(0x7f0000000180)="3311d1435a6c4a77398e86cdcae5c51bd7096b790ec8111b244e9e618405251aca7e4d85a249456a5c8b64f9ae31824917b974ef7a938545fd8b4b47a6dc1fa358bdbac2401a11e978b8bdf6605f2786186f06147966fe1537309690a537e09146dbea0ae00bbdf852118d191642468f8b656629ba7c206d554e8b75d2ba3070243531a0474aecdb3908809988f29892a79695d7d3fa0f4186e5d04008726326e384d53cdd36a3bae293a7057b5400", 0xaf)
write$binfmt_script(0xffffffffffffffff, &(0x7f0000000300)={'#! ', './bus/file0', [{0x20, 'vfat\x00'}, {0x20, 'cgroup.controllers\x00'}, {0x20, 'cgroup.controllers\x00'}, {0x20, '@'}, {0x20, '%}+[/\xd8\x1f.@-(-\x14'}, {0x20, '\\'}], 0xa, "381a69005f215eeebe5cc38786f02aa6b9848e17a7f17dff2f721ee2816b4e64f01a6baec93648422f03757084f52862a77739139958a3eea3b91b87d259e965dc2e5a5158236a8eb72e5e908d0e6b92edd35e6bac6eafe3714e59a11e6a511b7d8cef4183f5266f0fab56f0097dc6209b2ba0c6136ad90b6137b6dac0f464724cef07b98e4a08e6ab7ef1350676d26ef2925ee4e7cbaa1e06c07c4f3c0f5bb2845704d1badf5eafad366ffdb8260d8f43daa0e53b7e7520ccaa89fbc4532bed45a1551ee19ed5486e79f389c6ab362fe89656953d4d1b52fe4e05f17801"}, 0x12d)
r2 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r2, r3, 0x0, 0x80000001)

11:47:00 executing program 2:
mkdir(&(0x7f0000000140)='./file0\x00', 0x0) (async, rerun: 64)
mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) (rerun: 64)
r0 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0)
r1 = ioctl$TUNGETDEVNETNS(r0, 0x54e3, 0x0)
ftruncate(r1, 0x8) (async)
r2 = openat$cgroup_procs(r0, &(0x7f0000000000)='cgroup.procs\x00', 0x2, 0x0)
writev(r2, &(0x7f0000000440)=[{&(0x7f0000000180)='0', 0x1}], 0x1) (async, rerun: 32)
pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, <r3=>0xffffffffffffffff}, 0x0) (rerun: 32)
write$P9_RLOCK(r3, &(0x7f0000000280)={0x8}, 0x8)

[  324.708392][T24730] RSP: 002b:00007f53aedca168 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[  324.716788][T24730] RAX: ffffffffffffffda RBX: 00007f53af788030 RCX: 00007f53af6750e9
[  324.724758][T24730] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000004
[  324.732723][T24730] RBP: 00007f53aedca1d0 R08: 0000000000000000 R09: 0000000000000000
[  324.740674][T24730] R10: 0000000080000001 R11: 0000000000000246 R12: 0000000000000002
[  324.748630][T24730] R13: 00007ffd49c5f31f R14: 00007f53aedca300 R15: 0000000000022000
[  324.756585][T24730]  </TASK>
11:47:01 executing program 1:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mount(0x0, 0x0, 0x0, 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001) (fail_nth: 61)
ioctl$BTRFS_IOC_GET_DEV_STATS(0xffffffffffffffff, 0xc4089434, 0x0)

11:47:01 executing program 2:
mkdir(&(0x7f0000000140)='./file0\x00', 0x0) (async)
mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) (async)
r0 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0)
r1 = ioctl$TUNGETDEVNETNS(r0, 0x54e3, 0x0)
ftruncate(r1, 0x8) (async)
r2 = openat$cgroup_procs(r0, &(0x7f0000000000)='cgroup.procs\x00', 0x2, 0x0)
writev(r2, &(0x7f0000000440)=[{&(0x7f0000000180)='0', 0x1}], 0x1)
pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, <r3=>0xffffffffffffffff}, 0x0)
write$P9_RLOCK(r3, &(0x7f0000000280)={0x8}, 0x8)

[  324.833817][T24753] loop3: detected capacity change from 0 to 262160
[  324.836578][T24752] loop0: detected capacity change from 0 to 262160
[  324.854783][T24751] loop5: detected capacity change from 0 to 262160
11:47:01 executing program 2:
mkdir(&(0x7f0000000140)='./file0\x00', 0x1)
mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0)
r0 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x40)
r1 = openat$cgroup_procs(r0, &(0x7f0000000000)='cgroup.procs\x00', 0x2, 0x0)
writev(r1, &(0x7f0000000440)=[{&(0x7f0000000180)='0', 0x1}], 0x1)
pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, <r2=>0xffffffffffffffff}, 0x0)
write$P9_RLOCK(r2, &(0x7f0000000280)={0x8}, 0x8)

11:47:01 executing program 2:
mkdir(&(0x7f0000000140)='./file0\x00', 0x1)
mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) (async, rerun: 64)
r0 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x40) (rerun: 64)
r1 = openat$cgroup_procs(r0, &(0x7f0000000000)='cgroup.procs\x00', 0x2, 0x0)
writev(r1, &(0x7f0000000440)=[{&(0x7f0000000180)='0', 0x1}], 0x1) (async)
pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, <r2=>0xffffffffffffffff}, 0x0)
write$P9_RLOCK(r2, &(0x7f0000000280)={0x8}, 0x8)

11:47:01 executing program 0:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x0, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
syz_open_procfs(0x0, &(0x7f00000001c0)='net/ip_vs_stats\x00')
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

[  324.932073][T24762] loop1: detected capacity change from 0 to 262160
11:47:01 executing program 2:
mkdir(&(0x7f0000000140)='./file0\x00', 0x1) (async)
mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) (async)
r0 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x40)
r1 = openat$cgroup_procs(r0, &(0x7f0000000000)='cgroup.procs\x00', 0x2, 0x0)
writev(r1, &(0x7f0000000440)=[{&(0x7f0000000180)='0', 0x1}], 0x1) (async)
pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, <r2=>0xffffffffffffffff}, 0x0)
write$P9_RLOCK(r2, &(0x7f0000000280)={0x8}, 0x8)

[  325.063337][T24775] loop0: detected capacity change from 0 to 262160
[  325.088140][T24773] FAULT_INJECTION: forcing a failure.
[  325.088140][T24773] name failslab, interval 1, probability 0, space 0, times 0
[  325.100864][T24773] CPU: 0 PID: 24773 Comm: syz-executor.1 Not tainted 5.18.0-rc2-syzkaller-00275-g59250f8a7f3a-dirty #0
[  325.111886][T24773] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  325.121939][T24773] Call Trace:
[  325.125222][T24773]  <TASK>
[  325.128147][T24773]  dump_stack_lvl+0xd6/0x122
[  325.132801][T24773]  dump_stack+0x11/0x12
[  325.136957][T24773]  should_fail+0x230/0x240
[  325.141430][T24773]  __should_failslab+0x81/0x90
[  325.146193][T24773]  ? mempool_alloc_slab+0x16/0x20
[  325.151216][T24773]  should_failslab+0x5/0x20
[  325.155719][T24773]  kmem_cache_alloc+0x46/0x300
[  325.160503][T24773]  ? folio_mark_accessed+0x12f/0x380
[  325.165976][T24773]  mempool_alloc_slab+0x16/0x20
[  325.170832][T24773]  ? mempool_free+0x130/0x130
[  325.175514][T24773]  mempool_alloc+0x9f/0x2a0
[  325.180030][T24773]  bio_alloc_bioset+0xe4/0x730
[  325.184807][T24773]  submit_bh_wbc+0x161/0x2f0
[  325.189407][T24773]  write_dirty_buffer+0xdb/0xe0
[  325.194338][T24773]  fat_sync_bhs+0x52/0x160
[  325.198762][T24773]  fat_alloc_clusters+0x935/0xa80
[  325.203873][T24773]  ? __perf_event_task_sched_in+0x353/0x390
[  325.209818][T24773]  fat_get_block+0x263/0x600
[  325.214488][T24773]  ? fat_block_truncate_page+0x30/0x30
[  325.220031][T24773]  __block_write_begin_int+0x33d/0xc90
[  325.225498][T24773]  ? fat_block_truncate_page+0x30/0x30
[  325.230999][T24773]  ? PageHeadHuge+0x3b/0x120
[  325.235626][T24773]  ? fat_block_truncate_page+0x30/0x30
[  325.241161][T24773]  block_write_begin+0x77/0x170
[  325.246033][T24773]  ? cont_write_begin+0x3aa/0x500
[  325.251072][T24773]  cont_write_begin+0x3cf/0x500
[  325.255940][T24773]  fat_write_begin+0x61/0xf0
[  325.260602][T24773]  ? fat_block_truncate_page+0x30/0x30
[  325.266082][T24773]  generic_perform_write+0x1d6/0x3f0
[  325.271390][T24773]  ? fat_write_begin+0xf0/0xf0
[  325.276232][T24773]  __generic_file_write_iter+0x172/0x280
[  325.281868][T24773]  ? generic_write_checks+0x256/0x290
[  325.287242][T24773]  generic_file_write_iter+0x75/0x130
[  325.292701][T24773]  do_iter_readv_writev+0x27b/0x300
[  325.297907][T24773]  do_iter_write+0x16f/0x5c0
[  325.302569][T24773]  ? splice_from_pipe_next+0x34f/0x3b0
[  325.308055][T24773]  vfs_iter_write+0x4c/0x70
[  325.312568][T24773]  iter_file_splice_write+0x44a/0x7c0
[  325.317956][T24773]  ? splice_from_pipe+0xc0/0xc0
[  325.322815][T24773]  direct_splice_actor+0x80/0xa0
[  325.327809][T24773]  splice_direct_to_actor+0x345/0x660
[  325.333333][T24773]  ? do_splice_direct+0x180/0x180
[  325.338378][T24773]  do_splice_direct+0xfb/0x180
[  325.343165][T24773]  do_sendfile+0x3ad/0x900
[  325.347651][T24773]  __x64_sys_sendfile64+0x10c/0x150
[  325.352875][T24773]  do_syscall_64+0x2b/0x70
[  325.357364][T24773]  entry_SYSCALL_64_after_hwframe+0x44/0xae
11:47:01 executing program 5:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000) (fail_nth: 1)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

11:47:01 executing program 2:
mkdir(&(0x7f0000000140)='./file0\x00', 0x0)
mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0)
r0 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0)
r1 = openat$cgroup_procs(r0, &(0x7f0000000000)='cgroup.procs\x00', 0x2, 0x0)
writev(r1, &(0x7f0000000440)=[{&(0x7f0000000180)='0', 0x1}], 0x1)
pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, <r2=>0xffffffffffffffff}, 0x0)
write$P9_RLOCK(r2, &(0x7f0000000280)={0x8}, 0x8)
pipe(&(0x7f0000000100)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = socket(0xa, 0x5, 0x0)
bind$phonet(r4, &(0x7f0000000100), 0x10)
r5 = socket$kcm(0x10, 0x2, 0x4)
sendmsg$kcm(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000000)="48000000140081fb7059ae08060c04000aff0f03000004000e11000000006fabca1b4e7d06a6bd7c493872f750375ed08a562ad6e74703c48f93b82a02000000461eb886a5e54e8f", 0x48}], 0x1}, 0x0)
recvmmsg$unix(r4, &(0x7f0000001e00)=[{{&(0x7f00000001c0), 0x6e, &(0x7f00000009c0)=[{&(0x7f00000002c0)=""/252, 0xfc}, {&(0x7f00000003c0)=""/106, 0x6a}, {&(0x7f0000000480)=""/156, 0x9c}, {&(0x7f0000000540)=""/113, 0x71}, {&(0x7f00000005c0)=""/205, 0xcd}, {&(0x7f00000006c0)=""/29, 0x1d}, {&(0x7f0000000700)=""/222, 0xde}, {&(0x7f0000000800)=""/179, 0xb3}, {&(0x7f00000008c0)=""/162, 0xa2}, {&(0x7f0000000980)=""/49, 0x31}], 0xa, &(0x7f0000002140)=ANY=[@ANYBLOB="1c000000000000000100000002000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="000000001c000000000000000100000002000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES32=r5, @ANYBLOB="000000001c00000000000000010000fe01000000009d421e292d9764108c802ea06889cee79c19d6c5f3ed6ac0dcb7e6add2c0015364524d49e7da271aeac04ba778424e675096bf610443e3b938d37b004c9411fd2c6eb6614213b0340dcec38d69acee2985d50fe617444260c22eed73d6de93de2fa70f8391805a97a8d0cd000000000000000006e6fc6eaf8476a506ee09c2164f01ceb90c77ba39cfcfaf14e3355234673a38e5991f24f7b570ae738a5d2cc9d1b684d25dc3a1b885bf0cf289709eeb676b38acbb5eb9d0b0f88a1fb4c9ae0d26", @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="0000000020000000000000000100000001000000", @ANYRES32, @ANYRES32, @ANYRES32, @ANYRES32, @ANYBLOB="2c000000000000000100000001000000", @ANYRES32, @ANYRES32, @ANYRES32, @ANYRES32, @ANYRES32, @ANYRES32, @ANYRES32, @ANYBLOB="002000003400000000000000010000000100000079db9f7b32cb8e9cf591144ef88597a291bbf645dc742d99a65b3d0960afa20b8a0116151bd95b0cf59ef744bb7d9be9504ed51d0dde9bbf391e83767657bb0a1b517c0918e9b5b2c1b097e44e78cefcc1995712f3bb7663e916b5964b4a888b65739f125a3d3b8ce08da8071a5c428e8ad131b3be2c69300ceca4a726101b5c749eaa38b67c5d7ff548b08120a9ab9afeb69a63d98f2d92ece50cf6d1cd6ae19fcee95af7c1fa6532dc196c1647d529", @ANYRES32, @ANYRES32, @ANYRES32, @ANYRES32, @ANYRES32, @ANYRES32, @ANYRES32, @ANYRES32, @ANYRES16=r3, @ANYBLOB='\x00\x00\x00\x00'], 0xe8}}, {{&(0x7f0000000b80), 0x6e, &(0x7f0000001dc0)=[{&(0x7f0000000c00)=""/220, 0xdc}, {&(0x7f0000000d00)=""/26, 0x1a}, {&(0x7f0000000d40)=""/107, 0x6b}, {&(0x7f0000000dc0)=""/4096, 0x1000}], 0x4}}], 0x2, 0x10001, &(0x7f0000001e80)={0x0, 0x3938700})

11:47:01 executing program 3:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001) (fail_nth: 1)

11:47:01 executing program 0:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, 0x0)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
syz_open_procfs(0x0, &(0x7f00000001c0)='net/ip_vs_stats\x00')
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

11:47:01 executing program 4:
chdir(&(0x7f0000000140)='./file0\x00') (async, rerun: 32)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0) (rerun: 32)
r1 = open$dir(&(0x7f00000000c0)='./bus/file0\x00', 0x616802, 0x1)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000) (async)
write(r1, &(0x7f0000000180)="3311d1435a6c4a77398e86cdcae5c51bd7096b790ec8111b244e9e618405251aca7e4d85a249456a5c8b64f9ae31824917b974ef7a938545fd8b4b47a6dc1fa358bdbac2401a11e978b8bdf6605f2786186f06147966fe1537309690a537e09146dbea0ae00bbdf852118d191642468f8b656629ba7c206d554e8b75d2ba3070243531a0474aecdb3908809988f29892a79695d7d3fa0f4186e5d04008726326e384d53cdd36a3bae293a7057b5400", 0xaf) (async)
write$binfmt_script(0xffffffffffffffff, &(0x7f0000000300)={'#! ', './bus/file0', [{0x20, 'vfat\x00'}, {0x20, 'cgroup.controllers\x00'}, {0x20, 'cgroup.controllers\x00'}, {0x20, '@'}, {0x20, '%}+[/\xd8\x1f.@-(-\x14'}, {0x20, '\\'}], 0xa, "381a69005f215eeebe5cc38786f02aa6b9848e17a7f17dff2f721ee2816b4e64f01a6baec93648422f03757084f52862a77739139958a3eea3b91b87d259e965dc2e5a5158236a8eb72e5e908d0e6b92edd35e6bac6eafe3714e59a11e6a511b7d8cef4183f5266f0fab56f0097dc6209b2ba0c6136ad90b6137b6dac0f464724cef07b98e4a08e6ab7ef1350676d26ef2925ee4e7cbaa1e06c07c4f3c0f5bb2845704d1badf5eafad366ffdb8260d8f43daa0e53b7e7520ccaa89fbc4532bed45a1551ee19ed5486e79f389c6ab362fe89656953d4d1b52fe4e05f17801"}, 0x12d) (async, rerun: 32)
r2 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0) (async, rerun: 32)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r2, r3, 0x0, 0x80000001)

11:47:01 executing program 4:
chdir(&(0x7f0000000140)='./file0\x00') (async)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
r1 = open$dir(&(0x7f00000000c0)='./bus/file0\x00', 0x616802, 0x1)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000) (async)
write(r1, &(0x7f0000000180)="3311d1435a6c4a77398e86cdcae5c51bd7096b790ec8111b244e9e618405251aca7e4d85a249456a5c8b64f9ae31824917b974ef7a938545fd8b4b47a6dc1fa358bdbac2401a11e978b8bdf6605f2786186f06147966fe1537309690a537e09146dbea0ae00bbdf852118d191642468f8b656629ba7c206d554e8b75d2ba3070243531a0474aecdb3908809988f29892a79695d7d3fa0f4186e5d04008726326e384d53cdd36a3bae293a7057b5400", 0xaf) (async, rerun: 64)
write$binfmt_script(0xffffffffffffffff, &(0x7f0000000300)={'#! ', './bus/file0', [{0x20, 'vfat\x00'}, {0x20, 'cgroup.controllers\x00'}, {0x20, 'cgroup.controllers\x00'}, {0x20, '@'}, {0x20, '%}+[/\xd8\x1f.@-(-\x14'}, {0x20, '\\'}], 0xa, "381a69005f215eeebe5cc38786f02aa6b9848e17a7f17dff2f721ee2816b4e64f01a6baec93648422f03757084f52862a77739139958a3eea3b91b87d259e965dc2e5a5158236a8eb72e5e908d0e6b92edd35e6bac6eafe3714e59a11e6a511b7d8cef4183f5266f0fab56f0097dc6209b2ba0c6136ad90b6137b6dac0f464724cef07b98e4a08e6ab7ef1350676d26ef2925ee4e7cbaa1e06c07c4f3c0f5bb2845704d1badf5eafad366ffdb8260d8f43daa0e53b7e7520ccaa89fbc4532bed45a1551ee19ed5486e79f389c6ab362fe89656953d4d1b52fe4e05f17801"}, 0x12d) (rerun: 64)
r2 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0) (async)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r2, r3, 0x0, 0x80000001)

[  325.363268][T24773] RIP: 0033:0x7f53af6750e9
[  325.367689][T24773] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[  325.387359][T24773] RSP: 002b:00007f53aedca168 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[  325.395779][T24773] RAX: ffffffffffffffda RBX: 00007f53af788030 RCX: 00007f53af6750e9
[  325.403758][T24773] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000004
[  325.411892][T24773] RBP: 00007f53aedca1d0 R08: 0000000000000000 R09: 0000000000000000
[  325.419883][T24773] R10: 0000000080000001 R11: 0000000000000246 R12: 0000000000000002
[  325.427859][T24773] R13: 00007ffd49c5f31f R14: 00007f53aedca300 R15: 0000000000022000
[  325.435913][T24773]  </TASK>
11:47:01 executing program 1:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mount(0x0, 0x0, 0x0, 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001) (fail_nth: 62)
ioctl$BTRFS_IOC_GET_DEV_STATS(0xffffffffffffffff, 0xc4089434, 0x0)

11:47:01 executing program 2:
mkdir(&(0x7f0000000140)='./file0\x00', 0x0)
mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) (async, rerun: 64)
r0 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) (rerun: 64)
r1 = openat$cgroup_procs(r0, &(0x7f0000000000)='cgroup.procs\x00', 0x2, 0x0)
writev(r1, &(0x7f0000000440)=[{&(0x7f0000000180)='0', 0x1}], 0x1)
pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, <r2=>0xffffffffffffffff}, 0x0)
write$P9_RLOCK(r2, &(0x7f0000000280)={0x8}, 0x8)
pipe(&(0x7f0000000100)={0xffffffffffffffff, <r3=>0xffffffffffffffff}) (async)
r4 = socket(0xa, 0x5, 0x0)
bind$phonet(r4, &(0x7f0000000100), 0x10) (async)
r5 = socket$kcm(0x10, 0x2, 0x4)
sendmsg$kcm(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000000)="48000000140081fb7059ae08060c04000aff0f03000004000e11000000006fabca1b4e7d06a6bd7c493872f750375ed08a562ad6e74703c48f93b82a02000000461eb886a5e54e8f", 0x48}], 0x1}, 0x0) (async)
recvmmsg$unix(r4, &(0x7f0000001e00)=[{{&(0x7f00000001c0), 0x6e, &(0x7f00000009c0)=[{&(0x7f00000002c0)=""/252, 0xfc}, {&(0x7f00000003c0)=""/106, 0x6a}, {&(0x7f0000000480)=""/156, 0x9c}, {&(0x7f0000000540)=""/113, 0x71}, {&(0x7f00000005c0)=""/205, 0xcd}, {&(0x7f00000006c0)=""/29, 0x1d}, {&(0x7f0000000700)=""/222, 0xde}, {&(0x7f0000000800)=""/179, 0xb3}, {&(0x7f00000008c0)=""/162, 0xa2}, {&(0x7f0000000980)=""/49, 0x31}], 0xa, &(0x7f0000002140)=ANY=[@ANYBLOB="1c000000000000000100000002000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="000000001c000000000000000100000002000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES32=r5, @ANYBLOB="000000001c00000000000000010000fe01000000009d421e292d9764108c802ea06889cee79c19d6c5f3ed6ac0dcb7e6add2c0015364524d49e7da271aeac04ba778424e675096bf610443e3b938d37b004c9411fd2c6eb6614213b0340dcec38d69acee2985d50fe617444260c22eed73d6de93de2fa70f8391805a97a8d0cd000000000000000006e6fc6eaf8476a506ee09c2164f01ceb90c77ba39cfcfaf14e3355234673a38e5991f24f7b570ae738a5d2cc9d1b684d25dc3a1b885bf0cf289709eeb676b38acbb5eb9d0b0f88a1fb4c9ae0d26", @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="0000000020000000000000000100000001000000", @ANYRES32, @ANYRES32, @ANYRES32, @ANYRES32, @ANYBLOB="2c000000000000000100000001000000", @ANYRES32, @ANYRES32, @ANYRES32, @ANYRES32, @ANYRES32, @ANYRES32, @ANYRES32, @ANYBLOB="002000003400000000000000010000000100000079db9f7b32cb8e9cf591144ef88597a291bbf645dc742d99a65b3d0960afa20b8a0116151bd95b0cf59ef744bb7d9be9504ed51d0dde9bbf391e83767657bb0a1b517c0918e9b5b2c1b097e44e78cefcc1995712f3bb7663e916b5964b4a888b65739f125a3d3b8ce08da8071a5c428e8ad131b3be2c69300ceca4a726101b5c749eaa38b67c5d7ff548b08120a9ab9afeb69a63d98f2d92ece50cf6d1cd6ae19fcee95af7c1fa6532dc196c1647d529", @ANYRES32, @ANYRES32, @ANYRES32, @ANYRES32, @ANYRES32, @ANYRES32, @ANYRES32, @ANYRES32, @ANYRES16=r3, @ANYBLOB='\x00\x00\x00\x00'], 0xe8}}, {{&(0x7f0000000b80), 0x6e, &(0x7f0000001dc0)=[{&(0x7f0000000c00)=""/220, 0xdc}, {&(0x7f0000000d00)=""/26, 0x1a}, {&(0x7f0000000d40)=""/107, 0x6b}, {&(0x7f0000000dc0)=""/4096, 0x1000}], 0x4}}], 0x2, 0x10001, &(0x7f0000001e80)={0x0, 0x3938700})

11:47:01 executing program 2:
mkdir(&(0x7f0000000140)='./file0\x00', 0x0)
mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) (async)
r0 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0)
r1 = openat$cgroup_procs(r0, &(0x7f0000000000)='cgroup.procs\x00', 0x2, 0x0)
writev(r1, &(0x7f0000000440)=[{&(0x7f0000000180)='0', 0x1}], 0x1)
pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, <r2=>0xffffffffffffffff}, 0x0)
write$P9_RLOCK(r2, &(0x7f0000000280)={0x8}, 0x8) (async)
pipe(&(0x7f0000000100)={0xffffffffffffffff, <r3=>0xffffffffffffffff}) (async)
r4 = socket(0xa, 0x5, 0x0)
bind$phonet(r4, &(0x7f0000000100), 0x10)
r5 = socket$kcm(0x10, 0x2, 0x4)
sendmsg$kcm(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000000)="48000000140081fb7059ae08060c04000aff0f03000004000e11000000006fabca1b4e7d06a6bd7c493872f750375ed08a562ad6e74703c48f93b82a02000000461eb886a5e54e8f", 0x48}], 0x1}, 0x0)
recvmmsg$unix(r4, &(0x7f0000001e00)=[{{&(0x7f00000001c0), 0x6e, &(0x7f00000009c0)=[{&(0x7f00000002c0)=""/252, 0xfc}, {&(0x7f00000003c0)=""/106, 0x6a}, {&(0x7f0000000480)=""/156, 0x9c}, {&(0x7f0000000540)=""/113, 0x71}, {&(0x7f00000005c0)=""/205, 0xcd}, {&(0x7f00000006c0)=""/29, 0x1d}, {&(0x7f0000000700)=""/222, 0xde}, {&(0x7f0000000800)=""/179, 0xb3}, {&(0x7f00000008c0)=""/162, 0xa2}, {&(0x7f0000000980)=""/49, 0x31}], 0xa, &(0x7f0000002140)=ANY=[@ANYBLOB="1c000000000000000100000002000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="000000001c000000000000000100000002000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES32=r5, @ANYBLOB="000000001c00000000000000010000fe01000000009d421e292d9764108c802ea06889cee79c19d6c5f3ed6ac0dcb7e6add2c0015364524d49e7da271aeac04ba778424e675096bf610443e3b938d37b004c9411fd2c6eb6614213b0340dcec38d69acee2985d50fe617444260c22eed73d6de93de2fa70f8391805a97a8d0cd000000000000000006e6fc6eaf8476a506ee09c2164f01ceb90c77ba39cfcfaf14e3355234673a38e5991f24f7b570ae738a5d2cc9d1b684d25dc3a1b885bf0cf289709eeb676b38acbb5eb9d0b0f88a1fb4c9ae0d26", @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="0000000020000000000000000100000001000000", @ANYRES32, @ANYRES32, @ANYRES32, @ANYRES32, @ANYBLOB="2c000000000000000100000001000000", @ANYRES32, @ANYRES32, @ANYRES32, @ANYRES32, @ANYRES32, @ANYRES32, @ANYRES32, @ANYBLOB="002000003400000000000000010000000100000079db9f7b32cb8e9cf591144ef88597a291bbf645dc742d99a65b3d0960afa20b8a0116151bd95b0cf59ef744bb7d9be9504ed51d0dde9bbf391e83767657bb0a1b517c0918e9b5b2c1b097e44e78cefcc1995712f3bb7663e916b5964b4a888b65739f125a3d3b8ce08da8071a5c428e8ad131b3be2c69300ceca4a726101b5c749eaa38b67c5d7ff548b08120a9ab9afeb69a63d98f2d92ece50cf6d1cd6ae19fcee95af7c1fa6532dc196c1647d529", @ANYRES32, @ANYRES32, @ANYRES32, @ANYRES32, @ANYRES32, @ANYRES32, @ANYRES32, @ANYRES32, @ANYRES16=r3, @ANYBLOB='\x00\x00\x00\x00'], 0xe8}}, {{&(0x7f0000000b80), 0x6e, &(0x7f0000001dc0)=[{&(0x7f0000000c00)=""/220, 0xdc}, {&(0x7f0000000d00)=""/26, 0x1a}, {&(0x7f0000000d40)=""/107, 0x6b}, {&(0x7f0000000dc0)=""/4096, 0x1000}], 0x4}}], 0x2, 0x10001, &(0x7f0000001e80)={0x0, 0x3938700})

11:47:01 executing program 2:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000) (fail_nth: 1)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

[  325.522084][T24795] loop0: detected capacity change from 0 to 262160
[  325.525113][T24790] loop5: detected capacity change from 0 to 262160
[  325.529013][T24797] loop3: detected capacity change from 0 to 262160
[  325.553219][T24799] loop1: detected capacity change from 0 to 262160
[  325.602837][T24790] FAULT_INJECTION: forcing a failure.
[  325.602837][T24790] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  325.616157][T24790] CPU: 0 PID: 24790 Comm: syz-executor.5 Not tainted 5.18.0-rc2-syzkaller-00275-g59250f8a7f3a-dirty #0
[  325.627230][T24790] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  325.637347][T24790] Call Trace:
[  325.640632][T24790]  <TASK>
[  325.643563][T24790]  dump_stack_lvl+0xd6/0x122
[  325.648166][T24790]  dump_stack+0x11/0x12
[  325.652337][T24790]  should_fail+0x230/0x240
[  325.656765][T24790]  __alloc_pages+0xf0/0x320
[  325.661355][T24790]  alloc_pages+0x34d/0x450
[  325.665806][T24790]  folio_alloc+0x1a/0x20
[  325.670050][T24790]  filemap_alloc_folio+0x53/0xf0
[  325.675001][T24790]  __filemap_get_folio+0x43d/0x680
[  325.680117][T24790]  pagecache_get_page+0x26/0x190
[  325.683737][T24807] FAULT_INJECTION: forcing a failure.
[  325.683737][T24807] name failslab, interval 1, probability 0, space 0, times 0
[  325.685128][T24790]  grab_cache_page_write_begin+0x3f/0x50
[  325.703391][T24790]  ? fat_block_truncate_page+0x30/0x30
[  325.708930][T24790]  block_write_begin+0x32/0x170
[  325.713781][T24790]  ? cont_write_begin+0x3aa/0x500
[  325.718824][T24790]  cont_write_begin+0x3cf/0x500
[  325.723663][T24790]  fat_write_begin+0x61/0xf0
[  325.728242][T24790]  ? fat_block_truncate_page+0x30/0x30
[  325.733724][T24790]  generic_perform_write+0x1d6/0x3f0
[  325.739000][T24790]  __generic_file_write_iter+0xe3/0x280
[  325.744534][T24790]  ? generic_write_checks+0x256/0x290
[  325.749967][T24790]  generic_file_write_iter+0x75/0x130
[  325.755330][T24790]  vfs_write+0x71c/0x890
[  325.759643][T24790]  ksys_write+0xe8/0x1a0
[  325.763905][T24790]  __x64_sys_write+0x3e/0x50
[  325.768524][T24790]  do_syscall_64+0x2b/0x70
[  325.772936][T24790]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  325.778818][T24790] RIP: 0033:0x7ff4e0daf0e9
[  325.783217][T24790] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[  325.802912][T24790] RSP: 002b:00007ff4e0525168 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  325.811326][T24790] RAX: ffffffffffffffda RBX: 00007ff4e0ec1f60 RCX: 00007ff4e0daf0e9
[  325.819296][T24790] RDX: 0000000008800000 RSI: 0000000020000040 RDI: 0000000000000003
[  325.827260][T24790] RBP: 00007ff4e05251d0 R08: 0000000000000000 R09: 0000000000000000
[  325.835219][T24790] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  325.843175][T24790] R13: 00007ffc4f15e08f R14: 00007ff4e0525300 R15: 0000000000022000
[  325.851158][T24790]  </TASK>
[  325.854186][T24807] CPU: 1 PID: 24807 Comm: syz-executor.3 Not tainted 5.18.0-rc2-syzkaller-00275-g59250f8a7f3a-dirty #0
[  325.865223][T24807] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  325.875285][T24807] Call Trace:
[  325.878563][T24807]  <TASK>
[  325.881493][T24807]  dump_stack_lvl+0xd6/0x122
[  325.886098][T24807]  dump_stack+0x11/0x12
[  325.890259][T24807]  should_fail+0x230/0x240
[  325.894708][T24807]  __should_failslab+0x81/0x90
[  325.899522][T24807]  ? alloc_pipe_info+0xac/0x360
[  325.904439][T24807]  should_failslab+0x5/0x20
[  325.908939][T24807]  kmem_cache_alloc_trace+0x4d/0x320
[  325.914231][T24807]  ? _parse_integer+0x23/0x30
[  325.918962][T24807]  alloc_pipe_info+0xac/0x360
[  325.923646][T24807]  splice_direct_to_actor+0x605/0x660
[  325.929026][T24807]  ? security_file_permission+0x7c/0xa0
[  325.934689][T24807]  ? do_splice_direct+0x180/0x180
[  325.939738][T24807]  ? security_file_permission+0x87/0xa0
[  325.945293][T24807]  do_splice_direct+0xfb/0x180
[  325.950064][T24807]  do_sendfile+0x3ad/0x900
11:47:02 executing program 2:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

[  325.954541][T24807]  __x64_sys_sendfile64+0x10c/0x150
[  325.959748][T24807]  do_syscall_64+0x2b/0x70
[  325.964172][T24807]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  325.970117][T24807] RIP: 0033:0x7feb60bae0e9
[  325.974528][T24807] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[  325.994137][T24807] RSP: 002b:00007feb602e2168 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[  326.002592][T24807] RAX: ffffffffffffffda RBX: 00007feb60cc1100 RCX: 00007feb60bae0e9
[  326.010649][T24807] RDX: 0000000000000000 RSI: 000000000000000b RDI: 0000000000000006
[  326.018620][T24807] RBP: 00007feb602e21d0 R08: 0000000000000000 R09: 0000000000000000
[  326.026642][T24807] R10: 0000000080000001 R11: 0000000000000246 R12: 0000000000000001
[  326.034609][T24807] R13: 00007ffcf37cd34f R14: 00007feb602e2300 R15: 0000000000022000
[  326.042583][T24807]  </TASK>
11:47:02 executing program 1:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mount(0x0, 0x0, 0x0, 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)
ioctl$BTRFS_IOC_GET_DEV_STATS(0xffffffffffffffff, 0xc4089434, 0x0)

[  326.152609][T24818] loop1: detected capacity change from 0 to 262160
11:47:02 executing program 5:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000) (fail_nth: 2)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

11:47:02 executing program 4:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
chdir(&(0x7f00000000c0)='./bus\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

[  326.307531][T24822] loop4: detected capacity change from 0 to 262160
11:47:02 executing program 3:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001) (fail_nth: 2)

11:47:02 executing program 0:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, 0x0)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
syz_open_procfs(0x0, &(0x7f00000001c0)='net/ip_vs_stats\x00')
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

[  326.438044][T24825] loop5: detected capacity change from 0 to 262160
11:47:02 executing program 1:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mount(0x0, 0x0, 0x0, 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x7ffff000)
ioctl$BTRFS_IOC_GET_DEV_STATS(0xffffffffffffffff, 0xc4089434, 0x0)

[  326.479146][T24825] FAULT_INJECTION: forcing a failure.
[  326.479146][T24825] name failslab, interval 1, probability 0, space 0, times 0
[  326.491838][T24825] CPU: 1 PID: 24825 Comm: syz-executor.5 Not tainted 5.18.0-rc2-syzkaller-00275-g59250f8a7f3a-dirty #0
[  326.502865][T24825] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  326.512923][T24825] Call Trace:
[  326.516235][T24825]  <TASK>
[  326.519184][T24825]  dump_stack_lvl+0xd6/0x122
[  326.523791][T24825]  dump_stack+0x11/0x12
11:47:02 executing program 4:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[]) (async)
chdir(&(0x7f0000000140)='./file0\x00') (async)
chdir(&(0x7f00000000c0)='./bus\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000) (async)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0) (async)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

[  326.527962][T24825]  should_fail+0x230/0x240
[  326.532413][T24825]  __should_failslab+0x81/0x90
[  326.537178][T24825]  ? mempool_alloc_slab+0x16/0x20
[  326.542211][T24825]  should_failslab+0x5/0x20
[  326.546715][T24825]  kmem_cache_alloc+0x46/0x300
[  326.551478][T24825]  mempool_alloc_slab+0x16/0x20
[  326.556329][T24825]  ? mempool_free+0x130/0x130
[  326.561058][T24825]  mempool_alloc+0x9f/0x2a0
[  326.565604][T24825]  ? preempt_count_add+0x5e/0xa0
[  326.570557][T24825]  ? _raw_spin_unlock+0x2d/0x50
11:47:02 executing program 2:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x2000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

11:47:02 executing program 2:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x3000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

[  326.575418][T24825]  bio_alloc_bioset+0xe4/0x730
[  326.580193][T24825]  submit_bh_wbc+0x161/0x2f0
[  326.584874][T24825]  write_dirty_buffer+0xdb/0xe0
[  326.589810][T24825]  fat_sync_bhs+0x52/0x160
[  326.594318][T24825]  fat_alloc_clusters+0x935/0xa80
[  326.599403][T24825]  fat_get_block+0x263/0x600
[  326.604003][T24825]  ? fat_block_truncate_page+0x30/0x30
[  326.609466][T24825]  __block_write_begin_int+0x33d/0xc90
[  326.615006][T24825]  ? fat_block_truncate_page+0x30/0x30
[  326.620492][T24825]  ? fat_block_truncate_page+0x30/0x30
11:47:02 executing program 2:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x4000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

11:47:02 executing program 2:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x5000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

11:47:02 executing program 2:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x6000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

[  326.626037][T24825]  block_write_begin+0x77/0x170
[  326.630906][T24825]  ? cont_write_begin+0x3aa/0x500
[  326.636031][T24825]  cont_write_begin+0x3cf/0x500
[  326.640889][T24825]  fat_write_begin+0x61/0xf0
[  326.645553][T24825]  ? fat_block_truncate_page+0x30/0x30
[  326.651039][T24825]  generic_perform_write+0x1d6/0x3f0
[  326.656333][T24825]  __generic_file_write_iter+0xe3/0x280
[  326.661878][T24825]  ? generic_write_checks+0x256/0x290
[  326.667245][T24825]  generic_file_write_iter+0x75/0x130
[  326.672668][T24825]  vfs_write+0x71c/0x890
[  326.676912][T24825]  ksys_write+0xe8/0x1a0
[  326.681148][T24825]  __x64_sys_write+0x3e/0x50
[  326.685744][T24825]  do_syscall_64+0x2b/0x70
[  326.690212][T24825]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  326.696164][T24825] RIP: 0033:0x7ff4e0daf0e9
[  326.700642][T24825] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[  326.720233][T24825] RSP: 002b:00007ff4e0525168 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
11:47:02 executing program 2:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x7000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

[  326.728654][T24825] RAX: ffffffffffffffda RBX: 00007ff4e0ec1f60 RCX: 00007ff4e0daf0e9
[  326.736610][T24825] RDX: 0000000008800000 RSI: 0000000020000040 RDI: 0000000000000003
[  326.744629][T24825] RBP: 00007ff4e05251d0 R08: 0000000000000000 R09: 0000000000000000
[  326.752636][T24825] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  326.760590][T24825] R13: 00007ffc4f15e08f R14: 00007ff4e0525300 R15: 0000000000022000
[  326.768555][T24825]  </TASK>
[  326.830202][T24843] loop1: detected capacity change from 0 to 262160
[  326.837470][T24840] loop0: detected capacity change from 0 to 262160
[  326.848146][T24845] loop3: detected capacity change from 0 to 262160
[  326.857782][T24846] loop4: detected capacity change from 0 to 262160
[  326.968755][T24853] FAULT_INJECTION: forcing a failure.
[  326.968755][T24853] name failslab, interval 1, probability 0, space 0, times 0
[  326.981458][T24853] CPU: 0 PID: 24853 Comm: syz-executor.3 Not tainted 5.18.0-rc2-syzkaller-00275-g59250f8a7f3a-dirty #0
[  326.992530][T24853] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  327.002637][T24853] Call Trace:
[  327.005917][T24853]  <TASK>
[  327.008899][T24853]  dump_stack_lvl+0xd6/0x122
[  327.013517][T24853]  dump_stack+0x11/0x12
[  327.017706][T24853]  should_fail+0x230/0x240
[  327.022190][T24853]  __should_failslab+0x81/0x90
[  327.026959][T24853]  should_failslab+0x5/0x20
[  327.031523][T24853]  kmem_cache_alloc_node_trace+0x58/0x300
[  327.037277][T24853]  ? __rcu_read_unlock+0x4a/0x70
[  327.042226][T24853]  ? kvmalloc_node+0x6d/0x100
[  327.046973][T24853]  ? kmem_cache_alloc_trace+0x250/0x320
[  327.052557][T24853]  kvmalloc_node+0x6d/0x100
[  327.057119][T24853]  alloc_pipe_info+0x1cc/0x360
[  327.061913][T24853]  splice_direct_to_actor+0x605/0x660
[  327.067424][T24853]  ? security_file_permission+0x7c/0xa0
[  327.072986][T24853]  ? do_splice_direct+0x180/0x180
[  327.078021][T24853]  ? security_file_permission+0x87/0xa0
[  327.083573][T24853]  do_splice_direct+0xfb/0x180
[  327.088345][T24853]  do_sendfile+0x3ad/0x900
[  327.092831][T24853]  __x64_sys_sendfile64+0x10c/0x150
[  327.098042][T24853]  do_syscall_64+0x2b/0x70
[  327.102517][T24853]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  327.108487][T24853] RIP: 0033:0x7feb60bae0e9
[  327.112902][T24853] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[  327.132560][T24853] RSP: 002b:00007feb60303168 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[  327.141003][T24853] RAX: ffffffffffffffda RBX: 00007feb60cc1030 RCX: 00007feb60bae0e9
[  327.148984][T24853] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000004
[  327.157032][T24853] RBP: 00007feb603031d0 R08: 0000000000000000 R09: 0000000000000000
11:47:03 executing program 5:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000) (fail_nth: 3)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

11:47:03 executing program 2:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x9000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

11:47:03 executing program 3:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001) (fail_nth: 3)

[  327.165004][T24853] R10: 0000000080000001 R11: 0000000000000246 R12: 0000000000000001
[  327.172977][T24853] R13: 00007ffcf37cd34f R14: 00007feb60303300 R15: 0000000000022000
[  327.180953][T24853]  </TASK>
[  327.253016][T24857] loop5: detected capacity change from 0 to 262160
[  327.264429][T24857] FAULT_INJECTION: forcing a failure.
[  327.264429][T24857] name failslab, interval 1, probability 0, space 0, times 0
[  327.266748][T24859] loop3: detected capacity change from 0 to 262160
[  327.277082][T24857] CPU: 1 PID: 24857 Comm: syz-executor.5 Not tainted 5.18.0-rc2-syzkaller-00275-g59250f8a7f3a-dirty #0
[  327.277109][T24857] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  327.304652][T24857] Call Trace:
[  327.307926][T24857]  <TASK>
[  327.310857][T24857]  dump_stack_lvl+0xd6/0x122
[  327.315452][T24857]  dump_stack+0x11/0x12
[  327.319607][T24857]  should_fail+0x230/0x240
[  327.324046][T24857]  __should_failslab+0x81/0x90
[  327.328815][T24857]  ? mempool_alloc_slab+0x16/0x20
[  327.333851][T24857]  should_failslab+0x5/0x20
[  327.338351][T24857]  kmem_cache_alloc+0x46/0x300
[  327.343110][T24857]  ? folio_mark_accessed+0x12f/0x380
[  327.348460][T24857]  mempool_alloc_slab+0x16/0x20
[  327.350299][T24860] FAULT_INJECTION: forcing a failure.
[  327.350299][T24860] name failslab, interval 1, probability 0, space 0, times 0
[  327.353365][T24857]  ? mempool_free+0x130/0x130
[  327.353389][T24857]  mempool_alloc+0x9f/0x2a0
[  327.375132][T24857]  bio_alloc_bioset+0xe4/0x730
[  327.379893][T24857]  submit_bh_wbc+0x161/0x2f0
[  327.384508][T24857]  __sync_dirty_buffer+0x141/0x1f0
[  327.389663][T24857]  sync_dirty_buffer+0x16/0x20
[  327.394416][T24857]  fat_mirror_bhs+0x268/0x330
[  327.399114][T24857]  fat_alloc_clusters+0x983/0xa80
[  327.404134][T24857]  fat_get_block+0x263/0x600
[  327.408717][T24857]  ? fat_block_truncate_page+0x30/0x30
[  327.414190][T24857]  __block_write_begin_int+0x33d/0xc90
[  327.419654][T24857]  ? fat_block_truncate_page+0x30/0x30
[  327.425208][T24857]  ? fat_block_truncate_page+0x30/0x30
[  327.430657][T24857]  block_write_begin+0x77/0x170
[  327.435496][T24857]  ? cont_write_begin+0x3aa/0x500
[  327.440508][T24857]  cont_write_begin+0x3cf/0x500
[  327.445367][T24857]  fat_write_begin+0x61/0xf0
[  327.449994][T24857]  ? fat_block_truncate_page+0x30/0x30
[  327.455465][T24857]  generic_perform_write+0x1d6/0x3f0
[  327.460740][T24857]  __generic_file_write_iter+0xe3/0x280
[  327.466272][T24857]  ? generic_write_checks+0x256/0x290
[  327.471629][T24857]  generic_file_write_iter+0x75/0x130
[  327.476991][T24857]  vfs_write+0x71c/0x890
[  327.481296][T24857]  ksys_write+0xe8/0x1a0
[  327.485537][T24857]  __x64_sys_write+0x3e/0x50
[  327.490116][T24857]  do_syscall_64+0x2b/0x70
[  327.494531][T24857]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  327.500417][T24857] RIP: 0033:0x7ff4e0daf0e9
[  327.504819][T24857] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[  327.524486][T24857] RSP: 002b:00007ff4e0525168 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  327.532917][T24857] RAX: ffffffffffffffda RBX: 00007ff4e0ec1f60 RCX: 00007ff4e0daf0e9
[  327.540873][T24857] RDX: 0000000008800000 RSI: 0000000020000040 RDI: 0000000000000003
[  327.548837][T24857] RBP: 00007ff4e05251d0 R08: 0000000000000000 R09: 0000000000000000
[  327.556795][T24857] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  327.564803][T24857] R13: 00007ffc4f15e08f R14: 00007ff4e0525300 R15: 0000000000022000
[  327.572771][T24857]  </TASK>
[  327.575778][T24860] CPU: 0 PID: 24860 Comm: syz-executor.3 Not tainted 5.18.0-rc2-syzkaller-00275-g59250f8a7f3a-dirty #0
[  327.586806][T24860] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  327.596941][T24860] Call Trace:
[  327.600219][T24860]  <TASK>
[  327.603146][T24860]  dump_stack_lvl+0xd6/0x122
[  327.607851][T24860]  dump_stack+0x11/0x12
[  327.612033][T24860]  should_fail+0x230/0x240
[  327.616450][T24860]  ? iter_file_splice_write+0xd9/0x7c0
[  327.621915][T24860]  __should_failslab+0x81/0x90
[  327.626697][T24860]  should_failslab+0x5/0x20
[  327.631257][T24860]  __kmalloc+0x66/0x350
[  327.635414][T24860]  ? ktime_get_coarse_real_ts64+0x10d/0x120
[  327.641318][T24860]  iter_file_splice_write+0xd9/0x7c0
[  327.646752][T24860]  ? atime_needs_update+0x4af/0x4d0
[  327.651955][T24860]  ? splice_from_pipe+0xc0/0xc0
[  327.656808][T24860]  direct_splice_actor+0x80/0xa0
[  327.661753][T24860]  splice_direct_to_actor+0x345/0x660
[  327.667148][T24860]  ? do_splice_direct+0x180/0x180
[  327.672225][T24860]  do_splice_direct+0xfb/0x180
[  327.677000][T24860]  do_sendfile+0x3ad/0x900
[  327.681430][T24860]  __x64_sys_sendfile64+0x10c/0x150
[  327.686649][T24860]  do_syscall_64+0x2b/0x70
[  327.691074][T24860]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  327.696967][T24860] RIP: 0033:0x7feb60bae0e9
[  327.701380][T24860] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[  327.721106][T24860] RSP: 002b:00007feb60303168 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[  327.729502][T24860] RAX: ffffffffffffffda RBX: 00007feb60cc1030 RCX: 00007feb60bae0e9
[  327.737454][T24860] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000004
[  327.745405][T24860] RBP: 00007feb603031d0 R08: 0000000000000000 R09: 0000000000000000
11:47:03 executing program 0:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, 0x0)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
syz_open_procfs(0x0, &(0x7f00000001c0)='net/ip_vs_stats\x00')
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

11:47:03 executing program 4:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00') (async)
chdir(&(0x7f00000000c0)='./bus\x00') (async)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0) (async, rerun: 32)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) (rerun: 32)
sendfile(r1, r2, 0x0, 0x80000001)

11:47:03 executing program 1:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mount(0x0, 0x0, 0x0, 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000002)
ioctl$BTRFS_IOC_GET_DEV_STATS(0xffffffffffffffff, 0xc4089434, 0x0)

11:47:03 executing program 2:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0xa000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

11:47:03 executing program 5:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000) (fail_nth: 4)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

11:47:03 executing program 3:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001) (fail_nth: 4)

[  327.753356][T24860] R10: 0000000080000001 R11: 0000000000000246 R12: 0000000000000001
[  327.761318][T24860] R13: 00007ffcf37cd34f R14: 00007feb60303300 R15: 0000000000022000
[  327.769270][T24860]  </TASK>
11:47:04 executing program 2:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0xb000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

[  327.803675][T24867] loop1: detected capacity change from 0 to 262160
[  327.807141][T24869] loop4: detected capacity change from 0 to 262160
[  327.817285][T24871] loop5: detected capacity change from 0 to 262160
[  327.838057][T24873] loop3: detected capacity change from 0 to 262160
[  327.876874][T24871] FAULT_INJECTION: forcing a failure.
[  327.876874][T24871] name failslab, interval 1, probability 0, space 0, times 0
[  327.889538][T24871] CPU: 1 PID: 24871 Comm: syz-executor.5 Not tainted 5.18.0-rc2-syzkaller-00275-g59250f8a7f3a-dirty #0
[  327.900644][T24871] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  327.910734][T24871] Call Trace:
[  327.914012][T24871]  <TASK>
[  327.916940][T24871]  dump_stack_lvl+0xd6/0x122
[  327.921629][T24871]  dump_stack+0x11/0x12
11:47:04 executing program 2:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0xc000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

[  327.925785][T24871]  should_fail+0x230/0x240
[  327.930237][T24871]  __should_failslab+0x81/0x90
[  327.935000][T24871]  ? mempool_alloc_slab+0x16/0x20
[  327.940026][T24871]  should_failslab+0x5/0x20
[  327.944526][T24871]  kmem_cache_alloc+0x46/0x300
[  327.949304][T24871]  mempool_alloc_slab+0x16/0x20
[  327.954195][T24871]  ? mempool_free+0x130/0x130
[  327.958875][T24871]  mempool_alloc+0x9f/0x2a0
[  327.963384][T24871]  ? io_schedule+0x3b/0x50
[  327.967811][T24871]  bio_alloc_bioset+0xe4/0x730
[  327.972585][T24871]  submit_bh_wbc+0x161/0x2f0
11:47:04 executing program 2:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0xd000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

11:47:04 executing program 1:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mount(0x0, 0x0, 0x0, 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000003)
ioctl$BTRFS_IOC_GET_DEV_STATS(0xffffffffffffffff, 0xc4089434, 0x0)

11:47:04 executing program 2:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0xe000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

11:47:04 executing program 2:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0xf000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

[  327.977184][T24871]  write_dirty_buffer+0xdb/0xe0
[  327.982093][T24871]  fat_sync_bhs+0x52/0x160
[  327.986520][T24871]  fat_alloc_clusters+0x935/0xa80
[  327.991571][T24871]  fat_get_block+0x263/0x600
[  327.996176][T24871]  ? fat_block_truncate_page+0x30/0x30
[  328.001639][T24871]  __block_write_begin_int+0x33d/0xc90
[  328.007119][T24871]  ? fat_block_truncate_page+0x30/0x30
[  328.012647][T24871]  ? fat_block_truncate_page+0x30/0x30
[  328.018116][T24871]  block_write_begin+0x77/0x170
[  328.023066][T24871]  ? cont_write_begin+0x3aa/0x500
[  328.028102][T24871]  cont_write_begin+0x3cf/0x500
[  328.033024][T24871]  fat_write_begin+0x61/0xf0
[  328.037620][T24871]  ? fat_block_truncate_page+0x30/0x30
[  328.043154][T24871]  generic_perform_write+0x1d6/0x3f0
[  328.048443][T24871]  __generic_file_write_iter+0xe3/0x280
[  328.053994][T24871]  ? generic_write_checks+0x256/0x290
[  328.059369][T24871]  generic_file_write_iter+0x75/0x130
[  328.064799][T24871]  vfs_write+0x71c/0x890
[  328.069090][T24871]  ksys_write+0xe8/0x1a0
[  328.073339][T24871]  __x64_sys_write+0x3e/0x50
[  328.077986][T24871]  do_syscall_64+0x2b/0x70
[  328.082451][T24871]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  328.088425][T24871] RIP: 0033:0x7ff4e0daf0e9
[  328.092837][T24871] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[  328.112499][T24871] RSP: 002b:00007ff4e0525168 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  328.120967][T24871] RAX: ffffffffffffffda RBX: 00007ff4e0ec1f60 RCX: 00007ff4e0daf0e9
[  328.128940][T24871] RDX: 0000000008800000 RSI: 0000000020000040 RDI: 0000000000000003
[  328.136911][T24871] RBP: 00007ff4e05251d0 R08: 0000000000000000 R09: 0000000000000000
[  328.144933][T24871] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  328.152904][T24871] R13: 00007ffc4f15e08f R14: 00007ff4e0525300 R15: 0000000000022000
[  328.160877][T24871]  </TASK>
[  328.176291][T24891] loop0: detected capacity change from 0 to 262160
[  328.183794][T24873] FAULT_INJECTION: forcing a failure.
[  328.183794][T24873] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  328.197036][T24873] CPU: 0 PID: 24873 Comm: syz-executor.3 Not tainted 5.18.0-rc2-syzkaller-00275-g59250f8a7f3a-dirty #0
[  328.208058][T24873] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  328.218108][T24873] Call Trace:
[  328.221403][T24873]  <TASK>
[  328.224323][T24873]  dump_stack_lvl+0xd6/0x122
[  328.228937][T24873]  dump_stack+0x11/0x12
[  328.233089][T24873]  should_fail+0x230/0x240
[  328.237549][T24873]  __alloc_pages+0xf0/0x320
[  328.242076][T24873]  alloc_pages+0x34d/0x450
[  328.246498][T24873]  folio_alloc+0x1a/0x20
[  328.250742][T24873]  filemap_alloc_folio+0x53/0xf0
[  328.255691][T24873]  __filemap_get_folio+0x43d/0x680
[  328.260851][T24873]  pagecache_get_page+0x26/0x190
[  328.265798][T24873]  grab_cache_page_write_begin+0x3f/0x50
[  328.271461][T24873]  ? fat_block_truncate_page+0x30/0x30
[  328.277054][T24873]  block_write_begin+0x32/0x170
[  328.281970][T24873]  ? cont_write_begin+0x3aa/0x500
[  328.287072][T24873]  cont_write_begin+0x3cf/0x500
[  328.291988][T24873]  fat_write_begin+0x61/0xf0
[  328.296674][T24873]  ? fat_block_truncate_page+0x30/0x30
[  328.302185][T24873]  generic_perform_write+0x1d6/0x3f0
[  328.307477][T24873]  __generic_file_write_iter+0x172/0x280
[  328.313142][T24873]  ? generic_write_checks+0x256/0x290
[  328.318522][T24873]  generic_file_write_iter+0x75/0x130
[  328.323934][T24873]  do_iter_readv_writev+0x27b/0x300
[  328.329131][T24873]  do_iter_write+0x16f/0x5c0
[  328.333722][T24873]  ? splice_from_pipe_next+0x34f/0x3b0
[  328.339184][T24873]  vfs_iter_write+0x4c/0x70
[  328.343762][T24873]  iter_file_splice_write+0x44a/0x7c0
[  328.349158][T24873]  ? splice_from_pipe+0xc0/0xc0
[  328.354012][T24873]  direct_splice_actor+0x80/0xa0
[  328.358957][T24873]  splice_direct_to_actor+0x345/0x660
[  328.364407][T24873]  ? do_splice_direct+0x180/0x180
[  328.369457][T24873]  do_splice_direct+0xfb/0x180
[  328.374344][T24873]  do_sendfile+0x3ad/0x900
[  328.378780][T24873]  __x64_sys_sendfile64+0x10c/0x150
[  328.383991][T24873]  do_syscall_64+0x2b/0x70
[  328.388520][T24873]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  328.394417][T24873] RIP: 0033:0x7feb60bae0e9
[  328.398884][T24873] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[  328.418480][T24873] RSP: 002b:00007feb60324168 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[  328.426911][T24873] RAX: ffffffffffffffda RBX: 00007feb60cc0f60 RCX: 00007feb60bae0e9
[  328.434889][T24873] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000004
[  328.442868][T24873] RBP: 00007feb603241d0 R08: 0000000000000000 R09: 0000000000000000
[  328.450830][T24873] R10: 0000000080000001 R11: 0000000000000246 R12: 0000000000000001
[  328.458967][T24873] R13: 00007ffcf37cd34f R14: 00007feb60324300 R15: 0000000000022000
[  328.466947][T24873]  </TASK>
[  328.485340][T24894] loop1: detected capacity change from 0 to 262160
11:47:04 executing program 0:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(0x0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
syz_open_procfs(0x0, &(0x7f00000001c0)='net/ip_vs_stats\x00')
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

11:47:04 executing program 2:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x11000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

11:47:04 executing program 4:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
ioctl$VT_OPENQRY(r0, 0x5600, &(0x7f00000000c0))
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

11:47:04 executing program 5:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000) (fail_nth: 5)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

11:47:04 executing program 3:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001) (fail_nth: 5)

[  328.600149][T24902] loop5: detected capacity change from 0 to 262160
[  328.601226][T24901] loop4: detected capacity change from 0 to 262160
[  328.608854][T24902] FAULT_INJECTION: forcing a failure.
[  328.608854][T24902] name failslab, interval 1, probability 0, space 0, times 0
[  328.626043][T24902] CPU: 0 PID: 24902 Comm: syz-executor.5 Not tainted 5.18.0-rc2-syzkaller-00275-g59250f8a7f3a-dirty #0
[  328.637073][T24902] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  328.647134][T24902] Call Trace:
[  328.650412][T24902]  <TASK>
[  328.653411][T24904] loop3: detected capacity change from 0 to 262160
[  328.653483][T24902]  dump_stack_lvl+0xd6/0x122
[  328.664543][T24902]  dump_stack+0x11/0x12
[  328.668708][T24902]  should_fail+0x230/0x240
[  328.673207][T24902]  __should_failslab+0x81/0x90
[  328.677974][T24902]  ? mempool_alloc_slab+0x16/0x20
[  328.683002][T24902]  should_failslab+0x5/0x20
[  328.687503][T24902]  kmem_cache_alloc+0x46/0x300
[  328.692338][T24902]  mempool_alloc_slab+0x16/0x20
[  328.697193][T24902]  ? mempool_free+0x130/0x130
[  328.701949][T24902]  mempool_alloc+0x9f/0x2a0
[  328.706452][T24902]  ? _raw_spin_unlock+0x2d/0x50
[  328.711300][T24902]  ? finish_task_switch+0xf0/0x240
[  328.716518][T24902]  bio_alloc_bioset+0xe4/0x730
[  328.721286][T24902]  submit_bh_wbc+0x161/0x2f0
[  328.725880][T24902]  write_dirty_buffer+0xdb/0xe0
[  328.729764][T24906] FAULT_INJECTION: forcing a failure.
[  328.729764][T24906] name failslab, interval 1, probability 0, space 0, times 0
[  328.730804][T24902]  fat_sync_bhs+0x52/0x160
[  328.730834][T24902]  fat_alloc_clusters+0x935/0xa80
[  328.752896][T24902]  fat_get_block+0x263/0x600
[  328.757482][T24902]  ? fat_block_truncate_page+0x30/0x30
[  328.762941][T24902]  __block_write_begin_int+0x33d/0xc90
[  328.768397][T24902]  ? fat_block_truncate_page+0x30/0x30
[  328.773850][T24902]  ? fat_block_truncate_page+0x30/0x30
[  328.779363][T24902]  block_write_begin+0x77/0x170
[  328.784258][T24902]  ? cont_write_begin+0x3aa/0x500
[  328.789270][T24902]  cont_write_begin+0x3cf/0x500
[  328.794113][T24902]  fat_write_begin+0x61/0xf0
[  328.798695][T24902]  ? fat_block_truncate_page+0x30/0x30
[  328.804205][T24902]  generic_perform_write+0x1d6/0x3f0
[  328.809507][T24902]  __generic_file_write_iter+0xe3/0x280
[  328.815053][T24902]  ? generic_write_checks+0x256/0x290
[  328.820434][T24902]  generic_file_write_iter+0x75/0x130
[  328.825838][T24902]  vfs_write+0x71c/0x890
[  328.830077][T24902]  ksys_write+0xe8/0x1a0
[  328.834310][T24902]  __x64_sys_write+0x3e/0x50
[  328.838936][T24902]  do_syscall_64+0x2b/0x70
[  328.843352][T24902]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  328.849264][T24902] RIP: 0033:0x7ff4e0daf0e9
[  328.853665][T24902] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[  328.873256][T24902] RSP: 002b:00007ff4e0525168 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  328.881654][T24902] RAX: ffffffffffffffda RBX: 00007ff4e0ec1f60 RCX: 00007ff4e0daf0e9
[  328.889613][T24902] RDX: 0000000008800000 RSI: 0000000020000040 RDI: 0000000000000003
11:47:04 executing program 2:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x12000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

[  328.897571][T24902] RBP: 00007ff4e05251d0 R08: 0000000000000000 R09: 0000000000000000
[  328.905603][T24902] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  328.913589][T24902] R13: 00007ffc4f15e08f R14: 00007ff4e0525300 R15: 0000000000022000
[  328.921589][T24902]  </TASK>
[  328.924602][T24906] CPU: 1 PID: 24906 Comm: syz-executor.3 Not tainted 5.18.0-rc2-syzkaller-00275-g59250f8a7f3a-dirty #0
[  328.935625][T24906] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  328.945691][T24906] Call Trace:
[  328.948970][T24906]  <TASK>
[  328.951898][T24906]  dump_stack_lvl+0xd6/0x122
[  328.956566][T24906]  dump_stack+0x11/0x12
[  328.960737][T24906]  should_fail+0x230/0x240
[  328.965160][T24906]  __should_failslab+0x81/0x90
[  328.969932][T24906]  ? mempool_alloc_slab+0x16/0x20
[  328.974972][T24906]  should_failslab+0x5/0x20
[  328.979481][T24906]  kmem_cache_alloc+0x46/0x300
[  328.984252][T24906]  mempool_alloc_slab+0x16/0x20
[  328.989154][T24906]  ? mempool_free+0x130/0x130
[  328.993896][T24906]  mempool_alloc+0x9f/0x2a0
[  328.998413][T24906]  bio_alloc_bioset+0xe4/0x730
[  329.003209][T24906]  submit_bh_wbc+0x161/0x2f0
[  329.007804][T24906]  write_dirty_buffer+0xdb/0xe0
[  329.012707][T24906]  fat_sync_bhs+0x52/0x160
[  329.017213][T24906]  fat_alloc_clusters+0x935/0xa80
[  329.022251][T24906]  fat_get_block+0x263/0x600
[  329.026913][T24906]  ? fat_block_truncate_page+0x30/0x30
[  329.032536][T24906]  __block_write_begin_int+0x33d/0xc90
[  329.038050][T24906]  ? fat_block_truncate_page+0x30/0x30
[  329.043516][T24906]  ? PageHeadHuge+0x3b/0x120
[  329.048167][T24906]  ? fat_block_truncate_page+0x30/0x30
[  329.053668][T24906]  block_write_begin+0x77/0x170
[  329.058549][T24906]  ? cont_write_begin+0x3aa/0x500
[  329.063581][T24906]  cont_write_begin+0x3cf/0x500
[  329.068446][T24906]  fat_write_begin+0x61/0xf0
[  329.073094][T24906]  ? fat_block_truncate_page+0x30/0x30
[  329.078610][T24906]  generic_perform_write+0x1d6/0x3f0
[  329.083902][T24906]  __generic_file_write_iter+0x172/0x280
[  329.089698][T24906]  ? generic_write_checks+0x256/0x290
[  329.095074][T24906]  generic_file_write_iter+0x75/0x130
[  329.100477][T24906]  do_iter_readv_writev+0x27b/0x300
[  329.105669][T24906]  do_iter_write+0x16f/0x5c0
[  329.110248][T24906]  ? splice_from_pipe_next+0x34f/0x3b0
[  329.115703][T24906]  vfs_iter_write+0x4c/0x70
[  329.120196][T24906]  iter_file_splice_write+0x44a/0x7c0
[  329.125600][T24906]  ? splice_from_pipe+0xc0/0xc0
[  329.130440][T24906]  direct_splice_actor+0x80/0xa0
[  329.135364][T24906]  splice_direct_to_actor+0x345/0x660
[  329.140770][T24906]  ? do_splice_direct+0x180/0x180
[  329.145784][T24906]  do_splice_direct+0xfb/0x180
[  329.150624][T24906]  do_sendfile+0x3ad/0x900
[  329.155029][T24906]  __x64_sys_sendfile64+0x10c/0x150
[  329.160299][T24906]  do_syscall_64+0x2b/0x70
[  329.164864][T24906]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  329.170810][T24906] RIP: 0033:0x7feb60bae0e9
[  329.175241][T24906] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
11:47:05 executing program 1:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mount(0x0, 0x0, 0x0, 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000004)
ioctl$BTRFS_IOC_GET_DEV_STATS(0xffffffffffffffff, 0xc4089434, 0x0)

11:47:05 executing program 2:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x13000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

11:47:05 executing program 5:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000) (fail_nth: 6)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

11:47:05 executing program 3:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001) (fail_nth: 6)

[  329.194873][T24906] RSP: 002b:00007feb60303168 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[  329.203269][T24906] RAX: ffffffffffffffda RBX: 00007feb60cc1030 RCX: 00007feb60bae0e9
[  329.211223][T24906] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000004
[  329.219179][T24906] RBP: 00007feb603031d0 R08: 0000000000000000 R09: 0000000000000000
[  329.227190][T24906] R10: 0000000080000001 R11: 0000000000000246 R12: 0000000000000001
[  329.235149][T24906] R13: 00007ffcf37cd34f R14: 00007feb60303300 R15: 0000000000022000
[  329.243112][T24906]  </TASK>
11:47:05 executing program 2:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x14000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

[  329.304609][T24913] loop0: detected capacity change from 0 to 262160
[  329.317426][T24922] loop3: detected capacity change from 0 to 262160
[  329.317524][T24923] loop5: detected capacity change from 0 to 262160
[  329.331117][T24919] loop1: detected capacity change from 0 to 262160
[  329.363274][T24923] FAULT_INJECTION: forcing a failure.
[  329.363274][T24923] name failslab, interval 1, probability 0, space 0, times 0
[  329.376037][T24923] CPU: 0 PID: 24923 Comm: syz-executor.5 Not tainted 5.18.0-rc2-syzkaller-00275-g59250f8a7f3a-dirty #0
[  329.387065][T24923] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  329.397129][T24923] Call Trace:
[  329.400404][T24923]  <TASK>
[  329.403335][T24923]  dump_stack_lvl+0xd6/0x122
[  329.407931][T24923]  dump_stack+0x11/0x12
[  329.412082][T24923]  should_fail+0x230/0x240
[  329.416513][T24923]  __should_failslab+0x81/0x90
[  329.421334][T24923]  ? mempool_alloc_slab+0x16/0x20
[  329.426363][T24923]  should_failslab+0x5/0x20
[  329.430864][T24923]  kmem_cache_alloc+0x46/0x300
[  329.435634][T24923]  mempool_alloc_slab+0x16/0x20
[  329.440536][T24923]  ? mempool_free+0x130/0x130
[  329.445280][T24923]  mempool_alloc+0x9f/0x2a0
[  329.449818][T24923]  bio_alloc_bioset+0xe4/0x730
[  329.454585][T24923]  submit_bh_wbc+0x161/0x2f0
[  329.459178][T24923]  write_dirty_buffer+0xdb/0xe0
[  329.464081][T24923]  fat_sync_bhs+0x52/0x160
[  329.468504][T24923]  fat_ent_write+0x85/0xd0
[  329.472930][T24923]  fat_chain_add+0x15b/0x410
[  329.474266][T24927] FAULT_INJECTION: forcing a failure.
[  329.474266][T24927] name failslab, interval 1, probability 0, space 0, times 0
[  329.477636][T24923]  fat_get_block+0x486/0x600
[  329.477666][T24923]  ? fat_block_truncate_page+0x30/0x30
[  329.477692][T24923]  __block_write_begin_int+0x33d/0xc90
[  329.505763][T24923]  ? fat_block_truncate_page+0x30/0x30
[  329.511282][T24923]  ? fat_block_truncate_page+0x30/0x30
[  329.516737][T24923]  block_write_begin+0x77/0x170
[  329.521725][T24923]  ? cont_write_begin+0x3aa/0x500
[  329.526743][T24923]  cont_write_begin+0x3cf/0x500
[  329.531627][T24923]  fat_write_begin+0x61/0xf0
[  329.536209][T24923]  ? fat_block_truncate_page+0x30/0x30
[  329.541660][T24923]  generic_perform_write+0x1d6/0x3f0
[  329.546935][T24923]  __generic_file_write_iter+0xe3/0x280
[  329.552466][T24923]  ? generic_write_checks+0x256/0x290
[  329.557887][T24923]  generic_file_write_iter+0x75/0x130
[  329.563246][T24923]  vfs_write+0x71c/0x890
[  329.567477][T24923]  ksys_write+0xe8/0x1a0
[  329.571789][T24923]  __x64_sys_write+0x3e/0x50
[  329.576367][T24923]  do_syscall_64+0x2b/0x70
[  329.580777][T24923]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  329.586657][T24923] RIP: 0033:0x7ff4e0daf0e9
[  329.591125][T24923] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[  329.610719][T24923] RSP: 002b:00007ff4e0525168 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  329.619135][T24923] RAX: ffffffffffffffda RBX: 00007ff4e0ec1f60 RCX: 00007ff4e0daf0e9
[  329.627093][T24923] RDX: 0000000008800000 RSI: 0000000020000040 RDI: 0000000000000003
[  329.635058][T24923] RBP: 00007ff4e05251d0 R08: 0000000000000000 R09: 0000000000000000
[  329.643017][T24923] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  329.650975][T24923] R13: 00007ffc4f15e08f R14: 00007ff4e0525300 R15: 0000000000022000
[  329.658934][T24923]  </TASK>
[  329.661940][T24927] CPU: 1 PID: 24927 Comm: syz-executor.3 Not tainted 5.18.0-rc2-syzkaller-00275-g59250f8a7f3a-dirty #0
[  329.672962][T24927] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  329.683109][T24927] Call Trace:
[  329.686439][T24927]  <TASK>
[  329.689361][T24927]  dump_stack_lvl+0xd6/0x122
[  329.694002][T24927]  dump_stack+0x11/0x12
[  329.698241][T24927]  should_fail+0x230/0x240
[  329.702719][T24927]  __should_failslab+0x81/0x90
[  329.707576][T24927]  ? jbd2__journal_start+0xa1/0x290
[  329.712782][T24927]  should_failslab+0x5/0x20
[  329.717283][T24927]  kmem_cache_alloc+0x46/0x300
[  329.722092][T24927]  jbd2__journal_start+0xa1/0x290
[  329.727177][T24927]  __ext4_journal_start_sb+0x10f/0x280
[  329.732750][T24927]  ext4_iomap_begin+0x36e/0x560
[  329.737637][T24927]  ? ext4_alloc_da_blocks+0xd0/0xd0
[  329.742840][T24927]  iomap_iter+0x395/0x4a0
[  329.747172][T24927]  __iomap_dio_rw+0x6a7/0xf80
[  329.751848][T24927]  ? preempt_count_add+0x5e/0xa0
[  329.756790][T24927]  iomap_dio_rw+0x38/0x80
[  329.761211][T24927]  ? ext4_file_write_iter+0x351/0xdf0
[  329.766626][T24927]  ext4_file_write_iter+0x7df/0xdf0
[  329.771831][T24927]  ? ext4_file_write_iter+0x351/0xdf0
[  329.777216][T24927]  do_iter_readv_writev+0x27b/0x300
[  329.782445][T24927]  do_iter_write+0x16f/0x5c0
[  329.787063][T24927]  ? splice_from_pipe_next+0x34f/0x3b0
[  329.792676][T24927]  vfs_iter_write+0x4c/0x70
[  329.797190][T24927]  iter_file_splice_write+0x44a/0x7c0
[  329.802590][T24927]  ? splice_from_pipe+0xc0/0xc0
[  329.807461][T24927]  direct_splice_actor+0x80/0xa0
11:47:06 executing program 0:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(0x0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
syz_open_procfs(0x0, &(0x7f00000001c0)='net/ip_vs_stats\x00')
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

[  329.812402][T24927]  splice_direct_to_actor+0x345/0x660
[  329.817851][T24927]  ? do_splice_direct+0x180/0x180
[  329.822884][T24927]  do_splice_direct+0xfb/0x180
[  329.827655][T24927]  do_sendfile+0x3ad/0x900
[  329.832071][T24927]  __x64_sys_sendfile64+0x10c/0x150
[  329.837282][T24927]  do_syscall_64+0x2b/0x70
[  329.841710][T24927]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  329.847614][T24927] RIP: 0033:0x7feb60bae0e9
[  329.852093][T24927] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[  329.871754][T24927] RSP: 002b:00007feb602e2168 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[  329.880227][T24927] RAX: ffffffffffffffda RBX: 00007feb60cc1100 RCX: 00007feb60bae0e9
[  329.888203][T24927] RDX: 0000000000000000 RSI: 000000000000000b RDI: 0000000000000006
[  329.896179][T24927] RBP: 00007feb602e21d0 R08: 0000000000000000 R09: 0000000000000000
[  329.904170][T24927] R10: 0000000080000001 R11: 0000000000000246 R12: 0000000000000001
11:47:06 executing program 2:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x15000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

11:47:06 executing program 4:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00') (async)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000) (async)
ioctl$VT_OPENQRY(r0, 0x5600, &(0x7f00000000c0))
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0) (async)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

11:47:06 executing program 2:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x16000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

[  329.912198][T24927] R13: 00007ffcf37cd34f R14: 00007feb602e2300 R15: 0000000000022000
[  329.920261][T24927]  </TASK>
11:47:06 executing program 2:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x17000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

11:47:06 executing program 3:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001) (fail_nth: 7)

11:47:06 executing program 2:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x18000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

[  329.984182][T24936] loop0: detected capacity change from 0 to 262160
[  330.003354][T24939] loop4: detected capacity change from 0 to 262160
11:47:06 executing program 1:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mount(0x0, 0x0, 0x0, 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000005)
ioctl$BTRFS_IOC_GET_DEV_STATS(0xffffffffffffffff, 0xc4089434, 0x0)

11:47:06 executing program 2:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x19000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

11:47:06 executing program 5:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000) (fail_nth: 7)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

[  330.125282][T24947] loop3: detected capacity change from 0 to 262160
[  330.185740][T24951] loop5: detected capacity change from 0 to 262160
[  330.192020][T24952] FAULT_INJECTION: forcing a failure.
[  330.192020][T24952] name failslab, interval 1, probability 0, space 0, times 0
[  330.204904][T24952] CPU: 1 PID: 24952 Comm: syz-executor.3 Not tainted 5.18.0-rc2-syzkaller-00275-g59250f8a7f3a-dirty #0
[  330.215954][T24952] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  330.226033][T24952] Call Trace:
[  330.229301][T24952]  <TASK>
11:47:06 executing program 2:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x1a000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

[  330.232229][T24952]  dump_stack_lvl+0xd6/0x122
[  330.236877][T24952]  dump_stack+0x11/0x12
[  330.241097][T24952]  should_fail+0x230/0x240
[  330.245509][T24952]  __should_failslab+0x81/0x90
[  330.250331][T24952]  ? mempool_alloc_slab+0x16/0x20
[  330.255353][T24952]  should_failslab+0x5/0x20
[  330.259920][T24952]  kmem_cache_alloc+0x46/0x300
[  330.264718][T24952]  mempool_alloc_slab+0x16/0x20
[  330.269574][T24952]  ? mempool_free+0x130/0x130
[  330.274248][T24952]  mempool_alloc+0x9f/0x2a0
[  330.278751][T24952]  ? io_schedule+0x3b/0x50
[  330.283196][T24952]  bio_alloc_bioset+0xe4/0x730
[  330.283846][T24954] FAULT_INJECTION: forcing a failure.
[  330.283846][T24954] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  330.287962][T24952]  submit_bh_wbc+0x161/0x2f0
[  330.287989][T24952]  write_dirty_buffer+0xdb/0xe0
[  330.310549][T24952]  fat_sync_bhs+0x52/0x160
[  330.314982][T24952]  fat_alloc_clusters+0x935/0xa80
[  330.320001][T24952]  fat_get_block+0x263/0x600
[  330.324583][T24952]  ? fat_block_truncate_page+0x30/0x30
[  330.330111][T24952]  __block_write_begin_int+0x33d/0xc90
[  330.335568][T24952]  ? fat_block_truncate_page+0x30/0x30
[  330.341073][T24952]  ? PageHeadHuge+0x3b/0x120
[  330.345688][T24952]  ? fat_block_truncate_page+0x30/0x30
[  330.351143][T24952]  block_write_begin+0x77/0x170
[  330.355994][T24952]  ? cont_write_begin+0x3aa/0x500
[  330.361090][T24952]  cont_write_begin+0x3cf/0x500
[  330.365943][T24952]  fat_write_begin+0x61/0xf0
[  330.370538][T24952]  ? fat_block_truncate_page+0x30/0x30
[  330.376048][T24952]  generic_perform_write+0x1d6/0x3f0
[  330.381493][T24952]  __generic_file_write_iter+0x172/0x280
[  330.387148][T24952]  ? generic_write_checks+0x256/0x290
[  330.392507][T24952]  generic_file_write_iter+0x75/0x130
[  330.397868][T24952]  do_iter_readv_writev+0x27b/0x300
[  330.403054][T24952]  do_iter_write+0x16f/0x5c0
[  330.407642][T24952]  ? splice_from_pipe_next+0x34f/0x3b0
[  330.413154][T24952]  vfs_iter_write+0x4c/0x70
[  330.417648][T24952]  iter_file_splice_write+0x44a/0x7c0
[  330.423092][T24952]  ? splice_from_pipe+0xc0/0xc0
[  330.427934][T24952]  direct_splice_actor+0x80/0xa0
[  330.432891][T24952]  splice_direct_to_actor+0x345/0x660
[  330.438296][T24952]  ? do_splice_direct+0x180/0x180
[  330.443311][T24952]  do_splice_direct+0xfb/0x180
[  330.448064][T24952]  do_sendfile+0x3ad/0x900
[  330.452468][T24952]  __x64_sys_sendfile64+0x10c/0x150
[  330.457662][T24952]  do_syscall_64+0x2b/0x70
[  330.462068][T24952]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  330.467987][T24952] RIP: 0033:0x7feb60bae0e9
[  330.472384][T24952] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[  330.492025][T24952] RSP: 002b:00007feb60303168 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[  330.500459][T24952] RAX: ffffffffffffffda RBX: 00007feb60cc1030 RCX: 00007feb60bae0e9
[  330.508542][T24952] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000004
[  330.516506][T24952] RBP: 00007feb603031d0 R08: 0000000000000000 R09: 0000000000000000
[  330.524462][T24952] R10: 0000000080000001 R11: 0000000000000246 R12: 0000000000000001
[  330.532417][T24952] R13: 00007ffcf37cd34f R14: 00007feb60303300 R15: 0000000000022000
[  330.540376][T24952]  </TASK>
[  330.543415][T24954] CPU: 0 PID: 24954 Comm: syz-executor.5 Not tainted 5.18.0-rc2-syzkaller-00275-g59250f8a7f3a-dirty #0
[  330.554450][T24954] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  330.564502][T24954] Call Trace:
[  330.567781][T24954]  <TASK>
[  330.570708][T24954]  dump_stack_lvl+0xd6/0x122
[  330.575362][T24954]  dump_stack+0x11/0x12
[  330.579521][T24954]  should_fail+0x230/0x240
[  330.583937][T24954]  __alloc_pages+0xf0/0x320
[  330.588451][T24954]  alloc_pages+0x34d/0x450
[  330.592872][T24954]  folio_alloc+0x1a/0x20
[  330.597181][T24954]  filemap_alloc_folio+0x53/0xf0
[  330.602141][T24954]  __filemap_get_folio+0x43d/0x680
[  330.607360][T24954]  ? exc_page_fault+0x60/0x160
[  330.612184][T24954]  pagecache_get_page+0x26/0x190
[  330.617205][T24954]  grab_cache_page_write_begin+0x3f/0x50
[  330.622847][T24954]  ext4_da_write_begin+0x271/0x530
[  330.627960][T24954]  generic_perform_write+0x1d6/0x3f0
[  330.633260][T24954]  ? ext4_da_write_begin+0x530/0x530
[  330.638542][T24954]  ext4_buffered_write_iter+0x199/0x280
[  330.644193][T24954]  ext4_file_write_iter+0x211/0xdf0
[  330.649391][T24954]  ? avc_policy_seqno+0x22/0x30
[  330.654246][T24954]  ? selinux_file_permission+0x223/0x350
[  330.659869][T24954]  ? fsnotify_perm+0x5a/0x370
[  330.664536][T24954]  ? security_file_permission+0x7c/0xa0
[  330.670141][T24954]  vfs_write+0x71c/0x890
[  330.674421][T24954]  ksys_write+0xe8/0x1a0
[  330.678658][T24954]  __x64_sys_write+0x3e/0x50
[  330.683250][T24954]  do_syscall_64+0x2b/0x70
[  330.687732][T24954]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  330.693614][T24954] RIP: 0033:0x7ff4e0daf0e9
[  330.698083][T24954] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[  330.717824][T24954] RSP: 002b:00007ff4e0504168 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  330.726310][T24954] RAX: ffffffffffffffda RBX: 00007ff4e0ec2030 RCX: 00007ff4e0daf0e9
11:47:06 executing program 4:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[]) (async)
chdir(&(0x7f0000000140)='./file0\x00') (async)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000) (async)
ioctl$VT_OPENQRY(r0, 0x5600, &(0x7f00000000c0)) (async)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0) (async)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

[  330.734343][T24954] RDX: 0000000008800000 RSI: 0000000020000040 RDI: 0000000000000005
[  330.742299][T24954] RBP: 00007ff4e05041d0 R08: 0000000000000000 R09: 0000000000000000
[  330.750368][T24954] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  330.758445][T24954] R13: 00007ffc4f15e08f R14: 00007ff4e0504300 R15: 0000000000022000
[  330.766404][T24954]  </TASK>
11:47:07 executing program 0:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(0x0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
syz_open_procfs(0x0, &(0x7f00000001c0)='net/ip_vs_stats\x00')
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

11:47:07 executing program 2:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x1b000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

11:47:07 executing program 4:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = open(&(0x7f0000002000)='./bus\x00', 0x143042, 0x0)
ftruncate(r3, 0x2006fff)
r4 = creat(&(0x7f0000000100)='./bus\x00', 0x0)
fallocate(r4, 0x100000003, 0x80019b, 0x80019c)
openat$cgroup_ro(r4, &(0x7f00000000c0)='freezer.state\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

[  330.816347][T24958] loop1: detected capacity change from 0 to 262160
[  330.836279][T24960] loop4: detected capacity change from 0 to 262160
11:47:07 executing program 2:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x1c000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

11:47:07 executing program 2:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x1d000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

[  330.916577][T24968] loop4: detected capacity change from 0 to 262160
11:47:07 executing program 3:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

11:47:07 executing program 2:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x1e000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

[  331.004213][T24975] loop0: detected capacity change from 0 to 262160
[  331.042238][T24979] loop3: detected capacity change from 0 to 262160
11:47:07 executing program 1:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mount(0x0, 0x0, 0x0, 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000006)
ioctl$BTRFS_IOC_GET_DEV_STATS(0xffffffffffffffff, 0xc4089434, 0x0)

11:47:07 executing program 5:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000) (fail_nth: 8)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

11:47:07 executing program 2:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x1f000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

[  331.090071][T24983] loop5: detected capacity change from 0 to 262160
[  331.134555][T24983] FAULT_INJECTION: forcing a failure.
[  331.134555][T24983] name failslab, interval 1, probability 0, space 0, times 0
[  331.147224][T24983] CPU: 1 PID: 24983 Comm: syz-executor.5 Not tainted 5.18.0-rc2-syzkaller-00275-g59250f8a7f3a-dirty #0
[  331.158293][T24983] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  331.168396][T24983] Call Trace:
[  331.171674][T24983]  <TASK>
[  331.174603][T24983]  dump_stack_lvl+0xd6/0x122
[  331.179201][T24983]  dump_stack+0x11/0x12
11:47:07 executing program 2:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x20000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

[  331.183361][T24983]  should_fail+0x230/0x240
[  331.187777][T24983]  __should_failslab+0x81/0x90
[  331.192557][T24983]  ? fat_cache_add+0x1f7/0x4e0
[  331.197327][T24983]  should_failslab+0x5/0x20
[  331.201901][T24983]  kmem_cache_alloc+0x46/0x300
[  331.206664][T24983]  ? fat16_ent_get+0x45/0x60
[  331.211266][T24983]  fat_cache_add+0x1f7/0x4e0
[  331.215922][T24983]  fat_get_cluster+0x62f/0x870
[  331.220718][T24983]  fat_get_mapped_cluster+0xe0/0x250
[  331.226081][T24983]  fat_bmap+0x259/0x290
[  331.230277][T24983]  fat_get_block+0x3c1/0x600
[  331.234940][T24983]  ? fat_block_truncate_page+0x30/0x30
[  331.240543][T24983]  __block_write_begin_int+0x33d/0xc90
[  331.246009][T24983]  ? fat_block_truncate_page+0x30/0x30
[  331.251479][T24983]  ? fat_block_truncate_page+0x30/0x30
[  331.257033][T24983]  block_write_begin+0x77/0x170
[  331.261890][T24983]  ? cont_write_begin+0x3aa/0x500
[  331.266957][T24983]  cont_write_begin+0x3cf/0x500
[  331.271903][T24983]  fat_write_begin+0x61/0xf0
[  331.276501][T24983]  ? fat_block_truncate_page+0x30/0x30
[  331.281973][T24983]  generic_perform_write+0x1d6/0x3f0
[  331.287260][T24983]  __generic_file_write_iter+0xe3/0x280
[  331.292927][T24983]  ? generic_write_checks+0x256/0x290
[  331.298397][T24983]  generic_file_write_iter+0x75/0x130
[  331.303812][T24983]  vfs_write+0x71c/0x890
[  331.308060][T24983]  ksys_write+0xe8/0x1a0
[  331.312366][T24983]  __x64_sys_write+0x3e/0x50
[  331.316999][T24983]  do_syscall_64+0x2b/0x70
[  331.318259][T24990] loop1: detected capacity change from 0 to 262160
[  331.321463][T24983]  entry_SYSCALL_64_after_hwframe+0x44/0xae
11:47:07 executing program 4:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00') (async)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000) (async)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) (async)
r3 = open(&(0x7f0000002000)='./bus\x00', 0x143042, 0x0)
ftruncate(r3, 0x2006fff)
r4 = creat(&(0x7f0000000100)='./bus\x00', 0x0)
fallocate(r4, 0x100000003, 0x80019b, 0x80019c) (async)
openat$cgroup_ro(r4, &(0x7f00000000c0)='freezer.state\x00', 0x0, 0x0) (async)
sendfile(r1, r2, 0x0, 0x80000001)

[  331.333840][T24983] RIP: 0033:0x7ff4e0daf0e9
[  331.338272][T24983] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[  331.357896][T24983] RSP: 002b:00007ff4e0525168 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  331.366323][T24983] RAX: ffffffffffffffda RBX: 00007ff4e0ec1f60 RCX: 00007ff4e0daf0e9
[  331.375253][T24983] RDX: 0000000008800000 RSI: 0000000020000040 RDI: 0000000000000003
[  331.383232][T24983] RBP: 00007ff4e05251d0 R08: 0000000000000000 R09: 0000000000000000
[  331.391195][T24983] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  331.399158][T24983] R13: 00007ffc4f15e08f R14: 00007ff4e0525300 R15: 0000000000022000
[  331.407135][T24983]  </TASK>
[  331.447992][T24995] loop4: detected capacity change from 0 to 262160
11:47:07 executing program 0:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
syz_open_procfs(0x0, &(0x7f00000001c0)='net/ip_vs_stats\x00')
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

11:47:07 executing program 3:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x7ffff000)

11:47:07 executing program 2:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x21000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

11:47:07 executing program 4:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00') (async, rerun: 32)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0) (rerun: 32)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0) (async, rerun: 64)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) (async, rerun: 64)
r3 = open(&(0x7f0000002000)='./bus\x00', 0x143042, 0x0)
ftruncate(r3, 0x2006fff)
r4 = creat(&(0x7f0000000100)='./bus\x00', 0x0)
fallocate(r4, 0x100000003, 0x80019b, 0x80019c) (async)
openat$cgroup_ro(r4, &(0x7f00000000c0)='freezer.state\x00', 0x0, 0x0) (async)
sendfile(r1, r2, 0x0, 0x80000001)

11:47:07 executing program 5:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000) (fail_nth: 9)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

11:47:07 executing program 2:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x22000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

[  331.679734][T25007] loop5: detected capacity change from 0 to 262160
[  331.680302][T25004] loop3: detected capacity change from 0 to 262160
[  331.711226][T25009] loop4: detected capacity change from 0 to 262160
[  331.731288][T25007] FAULT_INJECTION: forcing a failure.
[  331.731288][T25007] name failslab, interval 1, probability 0, space 0, times 0
[  331.743970][T25007] CPU: 1 PID: 25007 Comm: syz-executor.5 Not tainted 5.18.0-rc2-syzkaller-00275-g59250f8a7f3a-dirty #0
[  331.754996][T25007] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  331.765049][T25007] Call Trace:
[  331.768321][T25007]  <TASK>
[  331.771248][T25007]  dump_stack_lvl+0xd6/0x122
[  331.775850][T25007]  dump_stack+0x11/0x12
[  331.780152][T25007]  should_fail+0x230/0x240
[  331.784570][T25007]  __should_failslab+0x81/0x90
[  331.789410][T25007]  ? mempool_alloc_slab+0x16/0x20
[  331.794474][T25007]  should_failslab+0x5/0x20
[  331.799086][T25007]  kmem_cache_alloc+0x46/0x300
[  331.803910][T25007]  ? folio_mark_accessed+0x12f/0x380
[  331.809199][T25007]  mempool_alloc_slab+0x16/0x20
[  331.814125][T25007]  ? mempool_free+0x130/0x130
[  331.818797][T25007]  mempool_alloc+0x9f/0x2a0
[  331.823369][T25007]  bio_alloc_bioset+0xe4/0x730
[  331.828137][T25007]  submit_bh_wbc+0x161/0x2f0
[  331.832762][T25007]  write_dirty_buffer+0xdb/0xe0
[  331.837643][T25007]  fat_sync_bhs+0x52/0x160
[  331.842062][T25007]  fat_alloc_clusters+0x935/0xa80
[  331.847086][T25007]  fat_get_block+0x263/0x600
[  331.851777][T25007]  ? fat_block_truncate_page+0x30/0x30
[  331.857227][T25007]  __block_write_begin_int+0x33d/0xc90
[  331.862679][T25007]  ? fat_block_truncate_page+0x30/0x30
[  331.868199][T25007]  ? fat_block_truncate_page+0x30/0x30
[  331.873649][T25007]  block_write_begin+0x77/0x170
[  331.878515][T25007]  ? cont_write_begin+0x3aa/0x500
[  331.883564][T25007]  cont_write_begin+0x3cf/0x500
[  331.888407][T25007]  fat_write_begin+0x61/0xf0
[  331.893119][T25007]  ? fat_block_truncate_page+0x30/0x30
[  331.898640][T25007]  generic_perform_write+0x1d6/0x3f0
[  331.903943][T25007]  __generic_file_write_iter+0xe3/0x280
[  331.909496][T25007]  ? generic_write_checks+0x256/0x290
[  331.914911][T25007]  generic_file_write_iter+0x75/0x130
[  331.920274][T25007]  vfs_write+0x71c/0x890
[  331.924506][T25007]  ksys_write+0xe8/0x1a0
[  331.928753][T25007]  __x64_sys_write+0x3e/0x50
[  331.933397][T25007]  do_syscall_64+0x2b/0x70
[  331.937842][T25007]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  331.943722][T25007] RIP: 0033:0x7ff4e0daf0e9
[  331.948184][T25007] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[  331.967788][T25007] RSP: 002b:00007ff4e0525168 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
11:47:08 executing program 4:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
syz_io_uring_setup(0x884, &(0x7f0000000080), &(0x7f0000ee8000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f00000002c0)=<r0=>0x0, &(0x7f0000000040)=<r1=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r0, 0x10c, &(0x7f0000000340)=0x307f, 0x0, 0x4)
syz_io_uring_submit(r0, r1, &(0x7f0000000540)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x7, 0x0, 0x0, 0x0, {}, 0x1}, 0x3)
r2 = socket$nl_route(0x10, 0x3, 0x0)
syz_io_uring_submit(r0, r1, &(0x7f0000000400)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r2, 0x0, &(0x7f0000000180)={0x0, 0x0, 0x0}}, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000300)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000280)={&(0x7f00000001c0)=@setneightbl={0x6c, 0x43, 0x501, 0x70bd27, 0x25dfdbfe, {0x1c}, [@NDTA_PARMS={0x40, 0x6, 0x0, 0x1, [@NDTPA_DELAY_PROBE_TIME={0xc, 0x7, 0x6868}, @NDTPA_DELAY_PROBE_TIME={0xc, 0x7, 0xffffffff}, @NDTPA_PROXY_QLEN={0x8, 0xe, 0xffffffff}, @NDTPA_GC_STALETIME={0xc, 0x6, 0x7}, @NDTPA_MCAST_PROBES={0x8, 0xb, 0x8}, @NDTPA_APP_PROBES={0x8, 0x9, 0xef54}]}, @NDTA_GC_INTERVAL={0xc, 0x8, 0x2}, @NDTA_NAME={0xa, 0x1, '(\'#\\*\x00'}]}, 0x6c}, 0x1, 0x0, 0x0, 0x4004010}, 0x1)
chdir(&(0x7f0000000140)='./file0\x00')
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
syz_io_uring_setup(0x884, &(0x7f0000000080), &(0x7f0000ee8000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f00000002c0)=<r3=>0x0, &(0x7f0000000040)=<r4=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x40, &(0x7f0000000140)=0x307f, 0x0, 0x4)
syz_io_uring_submit(r3, r4, &(0x7f0000000540)=@IORING_OP_POLL_ADD, 0x3)
r5 = socket$nl_route(0x10, 0x3, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000400)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r5, 0x0, &(0x7f0000000180)={0x0, 0x0, 0x0}}, 0x0)
syz_io_uring_submit(0x0, r4, &(0x7f0000000480)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x4)
r6 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/module/usbip_vudc', 0x202202, 0x1a)
write$binfmt_script(r6, &(0x7f0000000040)=ANY=[], 0x8800000)
r7 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r8 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r7, r8, 0x0, 0x80000001)

[  331.976193][T25007] RAX: ffffffffffffffda RBX: 00007ff4e0ec1f60 RCX: 00007ff4e0daf0e9
[  331.984149][T25007] RDX: 0000000008800000 RSI: 0000000020000040 RDI: 0000000000000003
[  331.992241][T25007] RBP: 00007ff4e05251d0 R08: 0000000000000000 R09: 0000000000000000
[  332.000274][T25007] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  332.008382][T25007] R13: 00007ffc4f15e08f R14: 00007ff4e0525300 R15: 0000000000022000
[  332.016420][T25007]  </TASK>
11:47:08 executing program 1:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mount(0x0, 0x0, 0x0, 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000007)
ioctl$BTRFS_IOC_GET_DEV_STATS(0xffffffffffffffff, 0xc4089434, 0x0)

11:47:08 executing program 2:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x23000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

[  332.063088][T25020] loop0: detected capacity change from 0 to 262160
11:47:08 executing program 2:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x24000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

11:47:08 executing program 2:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x25000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

11:47:08 executing program 4:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[]) (async)
syz_io_uring_setup(0x884, &(0x7f0000000080), &(0x7f0000ee8000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f00000002c0)=<r0=>0x0, &(0x7f0000000040)=<r1=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r0, 0x10c, &(0x7f0000000340)=0x307f, 0x0, 0x4) (async)
syz_io_uring_submit(r0, r1, &(0x7f0000000540)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x7, 0x0, 0x0, 0x0, {}, 0x1}, 0x3)
r2 = socket$nl_route(0x10, 0x3, 0x0)
syz_io_uring_submit(r0, r1, &(0x7f0000000400)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r2, 0x0, &(0x7f0000000180)={0x0, 0x0, 0x0}}, 0x0) (async)
sendmsg$nl_route(r2, &(0x7f0000000300)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000280)={&(0x7f00000001c0)=@setneightbl={0x6c, 0x43, 0x501, 0x70bd27, 0x25dfdbfe, {0x1c}, [@NDTA_PARMS={0x40, 0x6, 0x0, 0x1, [@NDTPA_DELAY_PROBE_TIME={0xc, 0x7, 0x6868}, @NDTPA_DELAY_PROBE_TIME={0xc, 0x7, 0xffffffff}, @NDTPA_PROXY_QLEN={0x8, 0xe, 0xffffffff}, @NDTPA_GC_STALETIME={0xc, 0x6, 0x7}, @NDTPA_MCAST_PROBES={0x8, 0xb, 0x8}, @NDTPA_APP_PROBES={0x8, 0x9, 0xef54}]}, @NDTA_GC_INTERVAL={0xc, 0x8, 0x2}, @NDTA_NAME={0xa, 0x1, '(\'#\\*\x00'}]}, 0x6c}, 0x1, 0x0, 0x0, 0x4004010}, 0x1)
chdir(&(0x7f0000000140)='./file0\x00') (async)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0) (async)
syz_io_uring_setup(0x884, &(0x7f0000000080), &(0x7f0000ee8000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f00000002c0)=<r3=>0x0, &(0x7f0000000040)=<r4=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x40, &(0x7f0000000140)=0x307f, 0x0, 0x4) (async, rerun: 32)
syz_io_uring_submit(r3, r4, &(0x7f0000000540)=@IORING_OP_POLL_ADD, 0x3) (async, rerun: 32)
r5 = socket$nl_route(0x10, 0x3, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000400)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r5, 0x0, &(0x7f0000000180)={0x0, 0x0, 0x0}}, 0x0) (async)
syz_io_uring_submit(0x0, r4, &(0x7f0000000480)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x4) (async)
r6 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/module/usbip_vudc', 0x202202, 0x1a)
write$binfmt_script(r6, &(0x7f0000000040)=ANY=[], 0x8800000)
r7 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0) (async)
r8 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r7, r8, 0x0, 0x80000001)

[  332.170054][T25027] loop1: detected capacity change from 0 to 262160
[  332.210224][T25031] loop4: detected capacity change from 0 to 262160
11:47:08 executing program 0:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
syz_open_procfs(0x0, &(0x7f00000001c0)='net/ip_vs_stats\x00')
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

[  332.328422][ T1906] I/O error, dev loop4, sector 262016 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 0
11:47:08 executing program 3:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000002)

11:47:08 executing program 2:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x26000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

11:47:08 executing program 4:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
syz_io_uring_setup(0x884, &(0x7f0000000080), &(0x7f0000ee8000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f00000002c0)=<r0=>0x0, &(0x7f0000000040)=<r1=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r0, 0x10c, &(0x7f0000000340)=0x307f, 0x0, 0x4) (async, rerun: 64)
syz_io_uring_submit(r0, r1, &(0x7f0000000540)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x7, 0x0, 0x0, 0x0, {}, 0x1}, 0x3) (async, rerun: 64)
r2 = socket$nl_route(0x10, 0x3, 0x0)
syz_io_uring_submit(r0, r1, &(0x7f0000000400)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r2, 0x0, &(0x7f0000000180)={0x0, 0x0, 0x0}}, 0x0) (async, rerun: 64)
sendmsg$nl_route(r2, &(0x7f0000000300)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000280)={&(0x7f00000001c0)=@setneightbl={0x6c, 0x43, 0x501, 0x70bd27, 0x25dfdbfe, {0x1c}, [@NDTA_PARMS={0x40, 0x6, 0x0, 0x1, [@NDTPA_DELAY_PROBE_TIME={0xc, 0x7, 0x6868}, @NDTPA_DELAY_PROBE_TIME={0xc, 0x7, 0xffffffff}, @NDTPA_PROXY_QLEN={0x8, 0xe, 0xffffffff}, @NDTPA_GC_STALETIME={0xc, 0x6, 0x7}, @NDTPA_MCAST_PROBES={0x8, 0xb, 0x8}, @NDTPA_APP_PROBES={0x8, 0x9, 0xef54}]}, @NDTA_GC_INTERVAL={0xc, 0x8, 0x2}, @NDTA_NAME={0xa, 0x1, '(\'#\\*\x00'}]}, 0x6c}, 0x1, 0x0, 0x0, 0x4004010}, 0x1) (async, rerun: 64)
chdir(&(0x7f0000000140)='./file0\x00') (async)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
syz_io_uring_setup(0x884, &(0x7f0000000080), &(0x7f0000ee8000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f00000002c0)=<r3=>0x0, &(0x7f0000000040)=<r4=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x40, &(0x7f0000000140)=0x307f, 0x0, 0x4)
syz_io_uring_submit(r3, r4, &(0x7f0000000540)=@IORING_OP_POLL_ADD, 0x3) (async)
r5 = socket$nl_route(0x10, 0x3, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000400)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r5, 0x0, &(0x7f0000000180)={0x0, 0x0, 0x0}}, 0x0) (async)
syz_io_uring_submit(0x0, r4, &(0x7f0000000480)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x4)
r6 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/module/usbip_vudc', 0x202202, 0x1a)
write$binfmt_script(r6, &(0x7f0000000040)=ANY=[], 0x8800000)
r7 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0) (async)
r8 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r7, r8, 0x0, 0x80000001)

11:47:08 executing program 5:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000) (fail_nth: 10)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

11:47:08 executing program 1:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mount(0x0, 0x0, 0x0, 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000008)
ioctl$BTRFS_IOC_GET_DEV_STATS(0xffffffffffffffff, 0xc4089434, 0x0)

[  332.417928][T25038] loop0: detected capacity change from 0 to 262160
11:47:08 executing program 2:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x27000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

11:47:08 executing program 2:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x28000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

[  332.478222][T25041] loop4: detected capacity change from 0 to 262160
[  332.489688][T25045] loop5: detected capacity change from 0 to 262160
[  332.508872][T25047] loop1: detected capacity change from 0 to 262160
[  332.521863][T25045] FAULT_INJECTION: forcing a failure.
[  332.521863][T25045] name failslab, interval 1, probability 0, space 0, times 0
[  332.534695][T25045] CPU: 0 PID: 25045 Comm: syz-executor.5 Not tainted 5.18.0-rc2-syzkaller-00275-g59250f8a7f3a-dirty #0
[  332.545725][T25045] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  332.555771][T25045] Call Trace:
[  332.559040][T25045]  <TASK>
[  332.561957][T25045]  dump_stack_lvl+0xd6/0x122
[  332.566621][T25045]  dump_stack+0x11/0x12
[  332.570764][T25045]  should_fail+0x230/0x240
[  332.575194][T25045]  __should_failslab+0x81/0x90
[  332.580075][T25045]  ? mempool_alloc_slab+0x16/0x20
[  332.585088][T25045]  should_failslab+0x5/0x20
[  332.589576][T25045]  kmem_cache_alloc+0x46/0x300
[  332.594401][T25045]  mempool_alloc_slab+0x16/0x20
[  332.599239][T25045]  ? mempool_free+0x130/0x130
[  332.603903][T25045]  mempool_alloc+0x9f/0x2a0
[  332.608401][T25045]  bio_alloc_bioset+0xe4/0x730
[  332.613241][T25045]  submit_bh_wbc+0x161/0x2f0
[  332.617819][T25045]  __sync_dirty_buffer+0x141/0x1f0
[  332.622921][T25045]  sync_dirty_buffer+0x16/0x20
[  332.627727][T25045]  fat_mirror_bhs+0x268/0x330
[  332.632469][T25045]  fat_alloc_clusters+0x983/0xa80
[  332.637499][T25045]  fat_get_block+0x263/0x600
[  332.642120][T25045]  ? fat_block_truncate_page+0x30/0x30
[  332.647569][T25045]  __block_write_begin_int+0x33d/0xc90
[  332.653042][T25045]  ? fat_block_truncate_page+0x30/0x30
[  332.658518][T25045]  ? fat_block_truncate_page+0x30/0x30
[  332.663975][T25045]  block_write_begin+0x77/0x170
[  332.668830][T25045]  ? cont_write_begin+0x3aa/0x500
[  332.673927][T25045]  cont_write_begin+0x3cf/0x500
[  332.678772][T25045]  fat_write_begin+0x61/0xf0
[  332.683419][T25045]  ? fat_block_truncate_page+0x30/0x30
[  332.688875][T25045]  generic_perform_write+0x1d6/0x3f0
[  332.694242][T25045]  __generic_file_write_iter+0xe3/0x280
[  332.699873][T25045]  ? generic_write_checks+0x256/0x290
[  332.705361][T25045]  generic_file_write_iter+0x75/0x130
[  332.710721][T25045]  vfs_write+0x71c/0x890
[  332.714957][T25045]  ksys_write+0xe8/0x1a0
[  332.719268][T25045]  __x64_sys_write+0x3e/0x50
[  332.723918][T25045]  do_syscall_64+0x2b/0x70
[  332.728416][T25045]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  332.734309][T25045] RIP: 0033:0x7ff4e0daf0e9
[  332.738710][T25045] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[  332.758304][T25045] RSP: 002b:00007ff4e0525168 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  332.766778][T25045] RAX: ffffffffffffffda RBX: 00007ff4e0ec1f60 RCX: 00007ff4e0daf0e9
11:47:09 executing program 4:
r0 = syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r1, &(0x7f0000000040)=ANY=[], 0x8800000)
r2 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r4 = socket(0x10, 0x2, 0x0)
getsockopt$sock_cred(r4, 0x1, 0x11, &(0x7f0000caaffb)={0x0, <r5=>0x0, <r6=>0x0}, &(0x7f0000cab000)=0xc)
mount$9p_unix(&(0x7f0000000180)='./bus\x00', &(0x7f00000001c0)='./file0\x00', &(0x7f0000000200), 0x2, &(0x7f0000000300)={'trans=unix,', {[{@access_client}, {@access_any}, {@fscache}, {@cache_mmap}, {@msize={'msize', 0x3d, 0x7fffffff}}, {@loose}, {@loose}, {@cache_loose}, {@cache_fscache}, {@fscache}], [{@hash}]}})
chown(&(0x7f0000000000)='./control\x00', r5, r6)
fchownat(r0, &(0x7f00000000c0)='./file0\x00', 0xee00, r6, 0x100)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x1000004, 0x20010, r4, 0xec99c000)
sendfile(r2, r3, 0x0, 0x80000001)

[  332.774737][T25045] RDX: 0000000008800000 RSI: 0000000020000040 RDI: 0000000000000003
[  332.782701][T25045] RBP: 00007ff4e05251d0 R08: 0000000000000000 R09: 0000000000000000
[  332.790698][T25045] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  332.798671][T25045] R13: 00007ffc4f15e08f R14: 00007ff4e0525300 R15: 0000000000022000
[  332.806633][T25045]  </TASK>
11:47:09 executing program 2:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x29000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

11:47:09 executing program 2:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x2a000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

[  332.885407][T25061] loop3: detected capacity change from 0 to 262160
11:47:09 executing program 2:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x2b000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

[  332.915838][   T24] audit: type=1400 audit(1650109629.082:450): avc:  denied  { map } for  pid=25055 comm="syz-executor.4" path="socket:[82574]" dev="sockfs" ino=82574 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_route_socket permissive=1
11:47:09 executing program 0:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
syz_open_procfs(0x0, &(0x7f00000001c0)='net/ip_vs_stats\x00')
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

11:47:09 executing program 3:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000003)

11:47:09 executing program 2:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x2c000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

[  333.051221][T25071] loop0: detected capacity change from 0 to 262160
11:47:09 executing program 2:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x2d000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

11:47:09 executing program 5:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000) (fail_nth: 11)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

[  333.174506][T25079] loop5: detected capacity change from 0 to 262160
[  333.181710][T25080] loop3: detected capacity change from 0 to 262160
[  333.194555][T25079] FAULT_INJECTION: forcing a failure.
[  333.194555][T25079] name failslab, interval 1, probability 0, space 0, times 0
[  333.207250][T25079] CPU: 1 PID: 25079 Comm: syz-executor.5 Not tainted 5.18.0-rc2-syzkaller-00275-g59250f8a7f3a-dirty #0
[  333.218349][T25079] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  333.228534][T25079] Call Trace:
[  333.231812][T25079]  <TASK>
[  333.234741][T25079]  dump_stack_lvl+0xd6/0x122
[  333.239509][T25079]  dump_stack+0x11/0x12
[  333.243709][T25079]  should_fail+0x230/0x240
[  333.248127][T25079]  __should_failslab+0x81/0x90
[  333.252889][T25079]  ? mempool_alloc_slab+0x16/0x20
[  333.257907][T25079]  should_failslab+0x5/0x20
[  333.262404][T25079]  kmem_cache_alloc+0x46/0x300
[  333.267247][T25079]  mempool_alloc_slab+0x16/0x20
[  333.272155][T25079]  ? mempool_free+0x130/0x130
[  333.276857][T25079]  mempool_alloc+0x9f/0x2a0
[  333.281368][T25079]  bio_alloc_bioset+0xe4/0x730
[  333.286148][T25079]  submit_bh_wbc+0x161/0x2f0
[  333.290776][T25079]  write_dirty_buffer+0xdb/0xe0
[  333.295636][T25079]  fat_sync_bhs+0x52/0x160
[  333.300121][T25079]  fat_ent_write+0x85/0xd0
[  333.304544][T25079]  fat_chain_add+0x15b/0x410
[  333.309145][T25079]  fat_get_block+0x486/0x600
[  333.313778][T25079]  ? fat_block_truncate_page+0x30/0x30
[  333.319246][T25079]  __block_write_begin_int+0x33d/0xc90
[  333.324720][T25079]  ? fat_block_truncate_page+0x30/0x30
[  333.330239][T25079]  ? fat_block_truncate_page+0x30/0x30
[  333.335779][T25079]  block_write_begin+0x77/0x170
[  333.340639][T25079]  ? cont_write_begin+0x3aa/0x500
[  333.345674][T25079]  cont_write_begin+0x3cf/0x500
[  333.350537][T25079]  fat_write_begin+0x61/0xf0
[  333.355161][T25079]  ? fat_block_truncate_page+0x30/0x30
[  333.360631][T25079]  generic_perform_write+0x1d6/0x3f0
[  333.366002][T25079]  __generic_file_write_iter+0xe3/0x280
[  333.371551][T25079]  ? generic_write_checks+0x256/0x290
[  333.376923][T25079]  generic_file_write_iter+0x75/0x130
[  333.382295][T25079]  vfs_write+0x71c/0x890
[  333.386540][T25079]  ksys_write+0xe8/0x1a0
[  333.390804][T25079]  __x64_sys_write+0x3e/0x50
[  333.395399][T25079]  do_syscall_64+0x2b/0x70
[  333.399822][T25079]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  333.405782][T25079] RIP: 0033:0x7ff4e0daf0e9
[  333.410200][T25079] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[  333.429885][T25079] RSP: 002b:00007ff4e0525168 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  333.438300][T25079] RAX: ffffffffffffffda RBX: 00007ff4e0ec1f60 RCX: 00007ff4e0daf0e9
[  333.446276][T25079] RDX: 0000000008800000 RSI: 0000000020000040 RDI: 0000000000000003
[  333.454250][T25079] RBP: 00007ff4e05251d0 R08: 0000000000000000 R09: 0000000000000000
[  333.462228][T25079] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
11:47:09 executing program 1:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mount(0x0, 0x0, 0x0, 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000009)
ioctl$BTRFS_IOC_GET_DEV_STATS(0xffffffffffffffff, 0xc4089434, 0x0)

11:47:09 executing program 2:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x2e000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

11:47:09 executing program 0:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(0xffffffffffffffff, &(0x7f0000000040)=ANY=[], 0x8800000)
r0 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
syz_open_procfs(0x0, &(0x7f00000001c0)='net/ip_vs_stats\x00')
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r0, r1, 0x0, 0x80000001)

11:47:09 executing program 4:
r0 = syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[]) (async)
chdir(&(0x7f0000000140)='./file0\x00')
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r1, &(0x7f0000000040)=ANY=[], 0x8800000)
r2 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0) (async)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) (async)
r4 = socket(0x10, 0x2, 0x0)
getsockopt$sock_cred(r4, 0x1, 0x11, &(0x7f0000caaffb)={0x0, <r5=>0x0, <r6=>0x0}, &(0x7f0000cab000)=0xc)
mount$9p_unix(&(0x7f0000000180)='./bus\x00', &(0x7f00000001c0)='./file0\x00', &(0x7f0000000200), 0x2, &(0x7f0000000300)={'trans=unix,', {[{@access_client}, {@access_any}, {@fscache}, {@cache_mmap}, {@msize={'msize', 0x3d, 0x7fffffff}}, {@loose}, {@loose}, {@cache_loose}, {@cache_fscache}, {@fscache}], [{@hash}]}}) (async)
chown(&(0x7f0000000000)='./control\x00', r5, r6) (async)
fchownat(r0, &(0x7f00000000c0)='./file0\x00', 0xee00, r6, 0x100)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x1000004, 0x20010, r4, 0xec99c000) (async)
sendfile(r2, r3, 0x0, 0x80000001)

11:47:09 executing program 3:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000004)

11:47:09 executing program 2:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x2f000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

[  333.470325][T25079] R13: 00007ffc4f15e08f R14: 00007ff4e0525300 R15: 0000000000022000
[  333.478299][T25079]  </TASK>
11:47:09 executing program 2:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x30000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

[  333.536509][T25089] loop0: detected capacity change from 0 to 262160
[  333.540976][T25086] loop3: detected capacity change from 0 to 262160
[  333.553667][T25091] loop4: detected capacity change from 0 to 262160
11:47:09 executing program 2:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x31000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

[  333.620337][T25096] loop1: detected capacity change from 0 to 262160
11:47:09 executing program 4:
r0 = syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00') (async, rerun: 32)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0) (rerun: 32)
write$binfmt_script(r1, &(0x7f0000000040)=ANY=[], 0x8800000) (async)
r2 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0) (async)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r4 = socket(0x10, 0x2, 0x0)
getsockopt$sock_cred(r4, 0x1, 0x11, &(0x7f0000caaffb)={0x0, <r5=>0x0, <r6=>0x0}, &(0x7f0000cab000)=0xc) (async)
mount$9p_unix(&(0x7f0000000180)='./bus\x00', &(0x7f00000001c0)='./file0\x00', &(0x7f0000000200), 0x2, &(0x7f0000000300)={'trans=unix,', {[{@access_client}, {@access_any}, {@fscache}, {@cache_mmap}, {@msize={'msize', 0x3d, 0x7fffffff}}, {@loose}, {@loose}, {@cache_loose}, {@cache_fscache}, {@fscache}], [{@hash}]}})
chown(&(0x7f0000000000)='./control\x00', r5, r6) (async)
fchownat(r0, &(0x7f00000000c0)='./file0\x00', 0xee00, r6, 0x100) (async)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x1000004, 0x20010, r4, 0xec99c000) (async)
sendfile(r2, r3, 0x0, 0x80000001)

11:47:09 executing program 5:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000) (fail_nth: 12)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

11:47:09 executing program 2:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x32000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

11:47:09 executing program 2:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x33000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

[  333.783208][T25110] loop5: detected capacity change from 0 to 262160
[  333.813033][T25113] loop4: detected capacity change from 0 to 262160
[  333.821631][T25110] FAULT_INJECTION: forcing a failure.
[  333.821631][T25110] name failslab, interval 1, probability 0, space 0, times 0
[  333.834312][T25110] CPU: 1 PID: 25110 Comm: syz-executor.5 Not tainted 5.18.0-rc2-syzkaller-00275-g59250f8a7f3a-dirty #0
[  333.845341][T25110] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  333.855402][T25110] Call Trace:
[  333.858682][T25110]  <TASK>
[  333.861609][T25110]  dump_stack_lvl+0xd6/0x122
[  333.866207][T25110]  dump_stack+0x11/0x12
[  333.870368][T25110]  should_fail+0x230/0x240
[  333.874786][T25110]  __should_failslab+0x81/0x90
[  333.879630][T25110]  ? mempool_alloc_slab+0x16/0x20
[  333.884734][T25110]  should_failslab+0x5/0x20
[  333.889313][T25110]  kmem_cache_alloc+0x46/0x300
[  333.894143][T25110]  mempool_alloc_slab+0x16/0x20
[  333.899041][T25110]  ? mempool_free+0x130/0x130
[  333.903723][T25110]  mempool_alloc+0x9f/0x2a0
[  333.908261][T25110]  bio_alloc_bioset+0xe4/0x730
[  333.913046][T25110]  submit_bh_wbc+0x161/0x2f0
[  333.917643][T25110]  __sync_dirty_buffer+0x141/0x1f0
[  333.922807][T25110]  sync_dirty_buffer+0x16/0x20
[  333.927584][T25110]  fat_mirror_bhs+0x268/0x330
11:47:10 executing program 2:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x34000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

11:47:10 executing program 0:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(0xffffffffffffffff, &(0x7f0000000040)=ANY=[], 0x8800000)
r0 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
syz_open_procfs(0x0, &(0x7f00000001c0)='net/ip_vs_stats\x00')
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r0, r1, 0x0, 0x80000001)

11:47:10 executing program 4:
r0 = socket$kcm(0x10, 0x2, 0x4)
sendmsg$kcm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000000)="48000000140081fb7059ae08060c04000aff0f03000004000e11000000006fabca1b4e7d06a6bd7c493872f750375ed08a562ad6e74703c48f93b82a02000000461eb886a5e54e8f", 0x48}], 0x1}, 0x0)
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, &(0x7f0000000700), 0x3014014, &(0x7f0000000800)=ANY=[@ANYRES16=r0])
chdir(&(0x7f0000000140)='./file0\x00')
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r1, &(0x7f0000000040)=ANY=[], 0x8800000)
r2 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r2, r3, 0x0, 0x80000001)

11:47:10 executing program 1:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mount(0x0, 0x0, 0x0, 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x8000000a)
ioctl$BTRFS_IOC_GET_DEV_STATS(0xffffffffffffffff, 0xc4089434, 0x0)

11:47:10 executing program 3:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000005)

11:47:10 executing program 2:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x35000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

[  333.932296][T25110]  fat_ent_write+0xc2/0xd0
[  333.936739][T25110]  fat_chain_add+0x15b/0x410
[  333.941339][T25110]  fat_get_block+0x486/0x600
[  333.945938][T25110]  ? fat_block_truncate_page+0x30/0x30
[  333.951406][T25110]  __block_write_begin_int+0x33d/0xc90
[  333.956956][T25110]  ? fat_block_truncate_page+0x30/0x30
[  333.962485][T25110]  ? fat_block_truncate_page+0x30/0x30
[  333.967952][T25110]  block_write_begin+0x77/0x170
[  333.972820][T25110]  ? cont_write_begin+0x3aa/0x500
[  333.977865][T25110]  cont_write_begin+0x3cf/0x500
11:47:10 executing program 2:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x36000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

11:47:10 executing program 2:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x37000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

11:47:10 executing program 2:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x38000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

[  333.982722][T25110]  fat_write_begin+0x61/0xf0
[  333.987378][T25110]  ? fat_block_truncate_page+0x30/0x30
[  333.992849][T25110]  generic_perform_write+0x1d6/0x3f0
[  333.998141][T25110]  __generic_file_write_iter+0xe3/0x280
[  334.003690][T25110]  ? generic_write_checks+0x256/0x290
[  334.009080][T25110]  generic_file_write_iter+0x75/0x130
[  334.014460][T25110]  vfs_write+0x71c/0x890
[  334.018718][T25110]  ksys_write+0xe8/0x1a0
[  334.023054][T25110]  __x64_sys_write+0x3e/0x50
[  334.027669][T25110]  do_syscall_64+0x2b/0x70
[  334.032117][T25110]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  334.038189][T25110] RIP: 0033:0x7ff4e0daf0e9
[  334.042601][T25110] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[  334.062190][T25110] RSP: 002b:00007ff4e0525168 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  334.070584][T25110] RAX: ffffffffffffffda RBX: 00007ff4e0ec1f60 RCX: 00007ff4e0daf0e9
[  334.078551][T25110] RDX: 0000000008800000 RSI: 0000000020000040 RDI: 0000000000000003
[  334.086517][T25110] RBP: 00007ff4e05251d0 R08: 0000000000000000 R09: 0000000000000000
[  334.094503][T25110] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  334.102455][T25110] R13: 00007ffc4f15e08f R14: 00007ff4e0525300 R15: 0000000000022000
[  334.110408][T25110]  </TASK>
[  334.167292][T25130] loop3: detected capacity change from 0 to 262160
[  334.178325][T25134] loop0: detected capacity change from 0 to 262160
[  334.180830][T25135] FAT-fs (loop4): Unrecognized mount option "" or missing value
[  334.192909][T25133] loop1: detected capacity change from 0 to 262160
11:47:10 executing program 5:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000) (fail_nth: 13)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

11:47:10 executing program 2:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x39000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

11:47:10 executing program 2:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x3a000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

11:47:10 executing program 2:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x3b000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

[  334.343717][T25145] loop5: detected capacity change from 0 to 262160
[  334.413032][T25145] FAULT_INJECTION: forcing a failure.
[  334.413032][T25145] name failslab, interval 1, probability 0, space 0, times 0
[  334.425735][T25145] CPU: 1 PID: 25145 Comm: syz-executor.5 Not tainted 5.18.0-rc2-syzkaller-00275-g59250f8a7f3a-dirty #0
[  334.436817][T25145] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  334.446933][T25145] Call Trace:
[  334.450211][T25145]  <TASK>
[  334.453134][T25145]  dump_stack_lvl+0xd6/0x122
[  334.457825][T25145]  dump_stack+0x11/0x12
[  334.461982][T25145]  should_fail+0x230/0x240
[  334.466475][T25145]  __should_failslab+0x81/0x90
[  334.471234][T25145]  ? mempool_alloc_slab+0x16/0x20
[  334.476260][T25145]  should_failslab+0x5/0x20
[  334.480771][T25145]  kmem_cache_alloc+0x46/0x300
[  334.485547][T25145]  ? folio_mark_accessed+0x12f/0x380
[  334.490838][T25145]  mempool_alloc_slab+0x16/0x20
[  334.495687][T25145]  ? mempool_free+0x130/0x130
[  334.500365][T25145]  mempool_alloc+0x9f/0x2a0
[  334.504867][T25145]  bio_alloc_bioset+0xe4/0x730
[  334.509634][T25145]  submit_bh_wbc+0x161/0x2f0
[  334.514229][T25145]  write_dirty_buffer+0xdb/0xe0
[  334.519084][T25145]  fat_sync_bhs+0x52/0x160
[  334.523563][T25145]  fat_alloc_clusters+0x935/0xa80
[  334.528693][T25145]  fat_get_block+0x263/0x600
[  334.533359][T25145]  ? fat_block_truncate_page+0x30/0x30
[  334.538830][T25145]  __block_write_begin_int+0x33d/0xc90
[  334.544401][T25145]  ? fat_block_truncate_page+0x30/0x30
[  334.549864][T25145]  ? fat_block_truncate_page+0x30/0x30
[  334.555389][T25145]  block_write_begin+0x77/0x170
[  334.560285][T25145]  ? cont_write_begin+0x3aa/0x500
[  334.565437][T25145]  cont_write_begin+0x3cf/0x500
[  334.570317][T25145]  fat_write_begin+0x61/0xf0
[  334.574913][T25145]  ? fat_block_truncate_page+0x30/0x30
[  334.580380][T25145]  generic_perform_write+0x1d6/0x3f0
[  334.585673][T25145]  __generic_file_write_iter+0xe3/0x280
[  334.591326][T25145]  ? generic_write_checks+0x256/0x290
[  334.596703][T25145]  generic_file_write_iter+0x75/0x130
[  334.602151][T25145]  vfs_write+0x71c/0x890
[  334.606404][T25145]  ksys_write+0xe8/0x1a0
11:47:10 executing program 0:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(0xffffffffffffffff, &(0x7f0000000040)=ANY=[], 0x8800000)
r0 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
syz_open_procfs(0x0, &(0x7f00000001c0)='net/ip_vs_stats\x00')
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r0, r1, 0x0, 0x80000001)

[  334.610652][T25145]  __x64_sys_write+0x3e/0x50
[  334.615318][T25145]  do_syscall_64+0x2b/0x70
[  334.619793][T25145]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  334.625818][T25145] RIP: 0033:0x7ff4e0daf0e9
[  334.630240][T25145] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[  334.649849][T25145] RSP: 002b:00007ff4e0525168 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  334.658245][T25145] RAX: ffffffffffffffda RBX: 00007ff4e0ec1f60 RCX: 00007ff4e0daf0e9
[  334.666215][T25145] RDX: 0000000008800000 RSI: 0000000020000040 RDI: 0000000000000003
[  334.674183][T25145] RBP: 00007ff4e05251d0 R08: 0000000000000000 R09: 0000000000000000
[  334.682227][T25145] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  334.690189][T25145] R13: 00007ffc4f15e08f R14: 00007ff4e0525300 R15: 0000000000022000
[  334.698275][T25145]  </TASK>
11:47:10 executing program 4:
r0 = socket$kcm(0x10, 0x2, 0x4)
sendmsg$kcm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000000)="48000000140081fb7059ae08060c04000aff0f03000004000e11000000006fabca1b4e7d06a6bd7c493872f750375ed08a562ad6e74703c48f93b82a02000000461eb886a5e54e8f", 0x48}], 0x1}, 0x0) (async)
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, &(0x7f0000000700), 0x3014014, &(0x7f0000000800)=ANY=[@ANYRES16=r0]) (async)
chdir(&(0x7f0000000140)='./file0\x00') (async)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r1, &(0x7f0000000040)=ANY=[], 0x8800000) (async)
r2 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r2, r3, 0x0, 0x80000001)

11:47:10 executing program 2:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x3c000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

11:47:10 executing program 3:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000006)

11:47:10 executing program 1:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mount(0x0, 0x0, 0x0, 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x8000000b)
ioctl$BTRFS_IOC_GET_DEV_STATS(0xffffffffffffffff, 0xc4089434, 0x0)

[  334.742672][T25150] loop0: detected capacity change from 0 to 262160
11:47:11 executing program 2:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x3d000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

[  334.807330][T25156] loop3: detected capacity change from 0 to 262160
[  334.807789][T25155] loop1: detected capacity change from 0 to 262160
11:47:11 executing program 2:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x3e000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

11:47:11 executing program 5:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000) (fail_nth: 14)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

11:47:11 executing program 2:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x3f000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

[  334.921096][T25162] FAT-fs (loop4): Unrecognized mount option "" or missing value
11:47:11 executing program 0:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, 0x0, 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
syz_open_procfs(0x0, &(0x7f00000001c0)='net/ip_vs_stats\x00')
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

11:47:11 executing program 2:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x40000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

[  334.992568][T25169] loop5: detected capacity change from 0 to 262160
[  335.056272][T25175] loop0: detected capacity change from 0 to 262160
[  335.056331][T25169] FAULT_INJECTION: forcing a failure.
[  335.056331][T25169] name failslab, interval 1, probability 0, space 0, times 0
[  335.075476][T25169] CPU: 1 PID: 25169 Comm: syz-executor.5 Not tainted 5.18.0-rc2-syzkaller-00275-g59250f8a7f3a-dirty #0
[  335.086508][T25169] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  335.096561][T25169] Call Trace:
[  335.099847][T25169]  <TASK>
11:47:11 executing program 1:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mount(0x0, 0x0, 0x0, 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x8000000c)
ioctl$BTRFS_IOC_GET_DEV_STATS(0xffffffffffffffff, 0xc4089434, 0x0)

[  335.102784][T25169]  dump_stack_lvl+0xd6/0x122
[  335.107390][T25169]  dump_stack+0x11/0x12
[  335.111600][T25169]  should_fail+0x230/0x240
[  335.116027][T25169]  __should_failslab+0x81/0x90
[  335.120808][T25169]  ? mempool_alloc_slab+0x16/0x20
[  335.125978][T25169]  should_failslab+0x5/0x20
[  335.130479][T25169]  kmem_cache_alloc+0x46/0x300
[  335.135254][T25169]  mempool_alloc_slab+0x16/0x20
[  335.140109][T25169]  ? mempool_free+0x130/0x130
[  335.144785][T25169]  mempool_alloc+0x9f/0x2a0
[  335.149363][T25169]  bio_alloc_bioset+0xe4/0x730
[  335.154140][T25169]  submit_bh_wbc+0x161/0x2f0
[  335.158811][T25169]  __sync_dirty_buffer+0x141/0x1f0
[  335.163927][T25169]  sync_dirty_buffer+0x16/0x20
[  335.168771][T25169]  fat_mirror_bhs+0x268/0x330
[  335.173550][T25169]  fat_alloc_clusters+0x983/0xa80
[  335.178589][T25169]  fat_get_block+0x263/0x600
[  335.183328][T25169]  ? fat_block_truncate_page+0x30/0x30
[  335.188932][T25169]  __block_write_begin_int+0x33d/0xc90
[  335.194395][T25169]  ? fat_block_truncate_page+0x30/0x30
[  335.199913][T25169]  ? fat_block_truncate_page+0x30/0x30
11:47:11 executing program 0:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, 0x0, 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
syz_open_procfs(0x0, &(0x7f00000001c0)='net/ip_vs_stats\x00')
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

[  335.205450][T25169]  block_write_begin+0x77/0x170
[  335.210362][T25169]  ? cont_write_begin+0x3aa/0x500
[  335.215395][T25169]  cont_write_begin+0x3cf/0x500
[  335.220252][T25169]  fat_write_begin+0x61/0xf0
[  335.224847][T25169]  ? fat_block_truncate_page+0x30/0x30
[  335.230363][T25169]  generic_perform_write+0x1d6/0x3f0
[  335.235662][T25169]  __generic_file_write_iter+0xe3/0x280
[  335.241208][T25169]  ? generic_write_checks+0x256/0x290
[  335.246585][T25169]  generic_file_write_iter+0x75/0x130
[  335.251964][T25169]  vfs_write+0x71c/0x890
[  335.256266][T25169]  ksys_write+0xe8/0x1a0
[  335.260513][T25169]  __x64_sys_write+0x3e/0x50
[  335.265110][T25169]  do_syscall_64+0x2b/0x70
[  335.269560][T25169]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  335.275490][T25169] RIP: 0033:0x7ff4e0daf0e9
[  335.279898][T25169] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[  335.299512][T25169] RSP: 002b:00007ff4e0525168 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  335.308040][T25169] RAX: ffffffffffffffda RBX: 00007ff4e0ec1f60 RCX: 00007ff4e0daf0e9
[  335.316064][T25169] RDX: 0000000008800000 RSI: 0000000020000040 RDI: 0000000000000003
[  335.324036][T25169] RBP: 00007ff4e05251d0 R08: 0000000000000000 R09: 0000000000000000
[  335.332006][T25169] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  335.340018][T25169] R13: 00007ffc4f15e08f R14: 00007ff4e0525300 R15: 0000000000022000
[  335.348053][T25169]  </TASK>
11:47:11 executing program 4:
r0 = socket$kcm(0x10, 0x2, 0x4)
sendmsg$kcm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000000)="48000000140081fb7059ae08060c04000aff0f03000004000e11000000006fabca1b4e7d06a6bd7c493872f750375ed08a562ad6e74703c48f93b82a02000000461eb886a5e54e8f", 0x48}], 0x1}, 0x0) (async)
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, &(0x7f0000000700), 0x3014014, &(0x7f0000000800)=ANY=[@ANYRES16=r0])
chdir(&(0x7f0000000140)='./file0\x00') (async)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r1, &(0x7f0000000040)=ANY=[], 0x8800000) (async)
r2 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0) (async)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r2, r3, 0x0, 0x80000001)

11:47:11 executing program 3:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000007)

11:47:11 executing program 2:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x41000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

[  335.395595][T25178] loop0: detected capacity change from 0 to 262160
[  335.421712][T25180] loop1: detected capacity change from 0 to 262160
11:47:11 executing program 2:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x42000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

[  335.474588][T25184] loop3: detected capacity change from 0 to 262160
11:47:11 executing program 2:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x43000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

11:47:11 executing program 5:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000) (fail_nth: 15)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

11:47:11 executing program 0:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, 0x0, 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
syz_open_procfs(0x0, &(0x7f00000001c0)='net/ip_vs_stats\x00')
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

11:47:11 executing program 2:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x44000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

[  335.618325][T25194] FAT-fs (loop4): Unrecognized mount option "" or missing value
[  335.655668][T25198] loop5: detected capacity change from 0 to 262160
11:47:11 executing program 2:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x45000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

[  335.686726][T25201] loop0: detected capacity change from 0 to 262160
[  335.722631][T25198] FAULT_INJECTION: forcing a failure.
[  335.722631][T25198] name failslab, interval 1, probability 0, space 0, times 0
11:47:11 executing program 2:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x46000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

[  335.735372][T25198] CPU: 1 PID: 25198 Comm: syz-executor.5 Not tainted 5.18.0-rc2-syzkaller-00275-g59250f8a7f3a-dirty #0
[  335.746392][T25198] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  335.756449][T25198] Call Trace:
[  335.759738][T25198]  <TASK>
[  335.762677][T25198]  dump_stack_lvl+0xd6/0x122
[  335.767280][T25198]  dump_stack+0x11/0x12
[  335.771438][T25198]  should_fail+0x230/0x240
[  335.775886][T25198]  __should_failslab+0x81/0x90
[  335.780646][T25198]  ? mempool_alloc_slab+0x16/0x20
11:47:11 executing program 1:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mount(0x0, 0x0, 0x0, 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x8000000d)
ioctl$BTRFS_IOC_GET_DEV_STATS(0xffffffffffffffff, 0xc4089434, 0x0)

11:47:11 executing program 2:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x47000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

[  335.785795][T25198]  should_failslab+0x5/0x20
[  335.790333][T25198]  kmem_cache_alloc+0x46/0x300
[  335.795103][T25198]  mempool_alloc_slab+0x16/0x20
[  335.799967][T25198]  ? mempool_free+0x130/0x130
[  335.804646][T25198]  mempool_alloc+0x9f/0x2a0
[  335.809164][T25198]  bio_alloc_bioset+0xe4/0x730
[  335.813952][T25198]  submit_bh_wbc+0x161/0x2f0
[  335.818547][T25198]  write_dirty_buffer+0xdb/0xe0
[  335.823478][T25198]  fat_sync_bhs+0x52/0x160
[  335.827901][T25198]  fat_ent_write+0x85/0xd0
[  335.832321][T25198]  fat_chain_add+0x15b/0x410
[  335.836997][T25198]  fat_get_block+0x486/0x600
[  335.841694][T25198]  ? fat_block_truncate_page+0x30/0x30
[  335.847228][T25198]  __block_write_begin_int+0x33d/0xc90
[  335.852745][T25198]  ? fat_block_truncate_page+0x30/0x30
[  335.858219][T25198]  ? fat_block_truncate_page+0x30/0x30
[  335.863754][T25198]  block_write_begin+0x77/0x170
[  335.868611][T25198]  ? cont_write_begin+0x3aa/0x500
[  335.873639][T25198]  cont_write_begin+0x3cf/0x500
[  335.878526][T25198]  fat_write_begin+0x61/0xf0
[  335.883188][T25198]  ? fat_block_truncate_page+0x30/0x30
[  335.888664][T25198]  generic_perform_write+0x1d6/0x3f0
[  335.893953][T25198]  __generic_file_write_iter+0xe3/0x280
[  335.899483][T25198]  ? generic_write_checks+0x256/0x290
[  335.904840][T25198]  generic_file_write_iter+0x75/0x130
[  335.910284][T25198]  vfs_write+0x71c/0x890
[  335.914563][T25198]  ksys_write+0xe8/0x1a0
[  335.918824][T25198]  __x64_sys_write+0x3e/0x50
[  335.923480][T25198]  do_syscall_64+0x2b/0x70
[  335.927891][T25198]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  335.933764][T25198] RIP: 0033:0x7ff4e0daf0e9
[  335.938160][T25198] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[  335.957746][T25198] RSP: 002b:00007ff4e0525168 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  335.966140][T25198] RAX: ffffffffffffffda RBX: 00007ff4e0ec1f60 RCX: 00007ff4e0daf0e9
[  335.974089][T25198] RDX: 0000000008800000 RSI: 0000000020000040 RDI: 0000000000000003
[  335.982101][T25198] RBP: 00007ff4e05251d0 R08: 0000000000000000 R09: 0000000000000000
[  335.990072][T25198] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  335.998085][T25198] R13: 00007ffc4f15e08f R14: 00007ff4e0525300 R15: 0000000000022000
[  336.006073][T25198]  </TASK>
[  336.062672][T25210] loop1: detected capacity change from 0 to 262160
11:47:12 executing program 4:
r0 = syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x4, 0x2, &(0x7f0000000240)=[{&(0x7f0000000180)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014006, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r1, &(0x7f0000000040)=ANY=[], 0x8800000)
r2 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r2, r3, 0x0, 0x80000001)
syz_open_dev$vcsn(&(0x7f00000000c0), 0xfffffffffffffffb, 0x64101)
r4 = fcntl$dupfd(r0, 0x406, r0)
ioctl$sock_ipv6_tunnel_SIOCADDPRL(r2, 0x89f5, &(0x7f0000000280)={'syztnl0\x00', &(0x7f0000001300)={'sit0\x00', <r5=>0x0, 0x4, 0x7f, 0x2, 0x80, 0x4, @loopback, @mcast2, 0x1, 0x7, 0x3f, 0x1}})
r6 = creat(&(0x7f0000000100)='./bus\x00', 0x0)
fallocate(r6, 0x100000003, 0x80019b, 0x80019c)
r7 = syz_io_uring_complete(0x0)
r8 = creat(&(0x7f00000001c0)='./bus\x00', 0x0)
lseek(r8, 0x7ffffe, 0x0)
write$binfmt_elf64(r8, &(0x7f0000000280)=ANY=[], 0x1a0)
ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(r3, 0xc018937d, &(0x7f0000001400)={{0x1, 0x1, 0x18, <r9=>r1, {0x6}}, './bus\x00'})
r10 = creat(&(0x7f0000000100)='./bus\x00', 0x0)
fallocate(r10, 0x100000003, 0x80019b, 0x80019c)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001480)={0x11, 0xd, &(0x7f0000000300)=@raw=[@initr0={0x18, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x2}, @alu={0xe, 0x0, 0x6, 0x9, 0x1, 0x0, 0x4}, @map_val={0x18, 0x0, 0x2, 0x0, r4, 0x0, 0x0, 0x0, 0x7}, @btf_id={0x18, 0x9, 0x3, 0x0, 0x5}, @generic={0x1e, 0x4, 0xb, 0x1f, 0xfffffffb}, @btf_id={0x18, 0x7, 0x3, 0x0, 0x1}, @btf_id={0x18, 0xb, 0x3, 0x0, 0x4}, @kfunc={0x85, 0x0, 0x2, 0x0, 0x5}], &(0x7f0000000200)='GPL\x00', 0x9, 0x100a, &(0x7f0000001500)=""/4106, 0x41000, 0x1b, '\x00', r5, 0x0, r6, 0x8, &(0x7f0000001380)={0x5, 0x5}, 0x8, 0x10, &(0x7f00000013c0)={0x0, 0x1, 0x8003, 0x80000001}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000001440)=[r7, r8, r9, r3, r10, r3]}, 0x80)

11:47:12 executing program 3:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000008)

11:47:12 executing program 2:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x48000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

11:47:12 executing program 0:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(0x0, 0x1c5b42, 0x0)
syz_open_procfs(0x0, &(0x7f00000001c0)='net/ip_vs_stats\x00')
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

11:47:12 executing program 5:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000) (fail_nth: 16)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

11:47:12 executing program 1:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mount(0x0, 0x0, 0x0, 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x8000000f)
ioctl$BTRFS_IOC_GET_DEV_STATS(0xffffffffffffffff, 0xc4089434, 0x0)

11:47:12 executing program 2:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x49000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

[  336.240257][T25217] loop0: detected capacity change from 0 to 262160
[  336.243929][T25220] loop3: detected capacity change from 0 to 262160
[  336.247172][T25219] loop1: detected capacity change from 0 to 262160
[  336.260241][T25216] loop5: detected capacity change from 0 to 262160
[  336.317132][T25216] FAULT_INJECTION: forcing a failure.
[  336.317132][T25216] name failslab, interval 1, probability 0, space 0, times 0
[  336.329878][T25216] CPU: 1 PID: 25216 Comm: syz-executor.5 Not tainted 5.18.0-rc2-syzkaller-00275-g59250f8a7f3a-dirty #0
[  336.340901][T25216] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  336.350958][T25216] Call Trace:
[  336.354236][T25216]  <TASK>
[  336.357166][T25216]  dump_stack_lvl+0xd6/0x122
[  336.361804][T25216]  dump_stack+0x11/0x12
11:47:12 executing program 2:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x4a000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

[  336.365965][T25216]  should_fail+0x230/0x240
[  336.370418][T25216]  __should_failslab+0x81/0x90
[  336.375257][T25216]  ? mempool_alloc_slab+0x16/0x20
[  336.380281][T25216]  should_failslab+0x5/0x20
[  336.384871][T25216]  kmem_cache_alloc+0x46/0x300
[  336.389637][T25216]  mempool_alloc_slab+0x16/0x20
[  336.394595][T25216]  ? mempool_free+0x130/0x130
[  336.399351][T25216]  mempool_alloc+0x9f/0x2a0
[  336.403855][T25216]  bio_alloc_bioset+0xe4/0x730
[  336.408628][T25216]  submit_bh_wbc+0x161/0x2f0
11:47:12 executing program 2:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x4b000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

[  336.413226][T25216]  write_dirty_buffer+0xdb/0xe0
[  336.418135][T25216]  fat_sync_bhs+0x52/0x160
[  336.422576][T25216]  fat_ent_write+0x85/0xd0
[  336.427002][T25216]  fat_chain_add+0x15b/0x410
[  336.431664][T25216]  fat_get_block+0x486/0x600
[  336.436320][T25216]  ? fat_block_truncate_page+0x30/0x30
[  336.441808][T25216]  __block_write_begin_int+0x33d/0xc90
[  336.447281][T25216]  ? fat_block_truncate_page+0x30/0x30
[  336.452752][T25216]  ? fat_block_truncate_page+0x30/0x30
[  336.458221][T25216]  block_write_begin+0x77/0x170
[  336.463080][T25216]  ? cont_write_begin+0x3aa/0x500
[  336.468153][T25216]  cont_write_begin+0x3cf/0x500
[  336.473003][T25216]  fat_write_begin+0x61/0xf0
[  336.477607][T25216]  ? fat_block_truncate_page+0x30/0x30
[  336.483059][T25216]  generic_perform_write+0x1d6/0x3f0
[  336.488346][T25216]  __generic_file_write_iter+0xe3/0x280
[  336.493947][T25216]  ? generic_write_checks+0x256/0x290
[  336.499304][T25216]  generic_file_write_iter+0x75/0x130
[  336.504665][T25216]  vfs_write+0x71c/0x890
[  336.508927][T25216]  ksys_write+0xe8/0x1a0
[  336.513166][T25216]  __x64_sys_write+0x3e/0x50
[  336.517839][T25216]  do_syscall_64+0x2b/0x70
[  336.522303][T25216]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  336.528188][T25216] RIP: 0033:0x7ff4e0daf0e9
[  336.532613][T25216] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[  336.552207][T25216] RSP: 002b:00007ff4e0525168 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
11:47:12 executing program 3:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000009)

11:47:12 executing program 2:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x4c000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

11:47:12 executing program 0:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(0x0, 0x1c5b42, 0x0)
syz_open_procfs(0x0, &(0x7f00000001c0)='net/ip_vs_stats\x00')
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

[  336.560610][T25216] RAX: ffffffffffffffda RBX: 00007ff4e0ec1f60 RCX: 00007ff4e0daf0e9
[  336.568617][T25216] RDX: 0000000008800000 RSI: 0000000020000040 RDI: 0000000000000003
[  336.576603][T25216] RBP: 00007ff4e05251d0 R08: 0000000000000000 R09: 0000000000000000
[  336.584620][T25216] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  336.592577][T25216] R13: 00007ffc4f15e08f R14: 00007ff4e0525300 R15: 0000000000022000
[  336.600591][T25216]  </TASK>
[  336.626421][T25236] loop4: detected capacity change from 0 to 262160
[  336.646866][T25236] FAT-fs (loop4): Unrecognized mount option "ë<�" or missing value
[  336.674465][T25240] loop3: detected capacity change from 0 to 262160
[  336.686764][T25242] loop0: detected capacity change from 0 to 262160
11:47:13 executing program 4:
r0 = syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x4, 0x2, &(0x7f0000000240)=[{&(0x7f0000000180)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014006, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00') (async)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r1, &(0x7f0000000040)=ANY=[], 0x8800000) (async)
r2 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0) (async)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r2, r3, 0x0, 0x80000001)
syz_open_dev$vcsn(&(0x7f00000000c0), 0xfffffffffffffffb, 0x64101) (async)
r4 = fcntl$dupfd(r0, 0x406, r0) (async)
ioctl$sock_ipv6_tunnel_SIOCADDPRL(r2, 0x89f5, &(0x7f0000000280)={'syztnl0\x00', &(0x7f0000001300)={'sit0\x00', <r5=>0x0, 0x4, 0x7f, 0x2, 0x80, 0x4, @loopback, @mcast2, 0x1, 0x7, 0x3f, 0x1}}) (async)
r6 = creat(&(0x7f0000000100)='./bus\x00', 0x0)
fallocate(r6, 0x100000003, 0x80019b, 0x80019c)
r7 = syz_io_uring_complete(0x0)
r8 = creat(&(0x7f00000001c0)='./bus\x00', 0x0)
lseek(r8, 0x7ffffe, 0x0) (async)
write$binfmt_elf64(r8, &(0x7f0000000280)=ANY=[], 0x1a0)
ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(r3, 0xc018937d, &(0x7f0000001400)={{0x1, 0x1, 0x18, <r9=>r1, {0x6}}, './bus\x00'}) (async)
r10 = creat(&(0x7f0000000100)='./bus\x00', 0x0)
fallocate(r10, 0x100000003, 0x80019b, 0x80019c)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001480)={0x11, 0xd, &(0x7f0000000300)=@raw=[@initr0={0x18, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x2}, @alu={0xe, 0x0, 0x6, 0x9, 0x1, 0x0, 0x4}, @map_val={0x18, 0x0, 0x2, 0x0, r4, 0x0, 0x0, 0x0, 0x7}, @btf_id={0x18, 0x9, 0x3, 0x0, 0x5}, @generic={0x1e, 0x4, 0xb, 0x1f, 0xfffffffb}, @btf_id={0x18, 0x7, 0x3, 0x0, 0x1}, @btf_id={0x18, 0xb, 0x3, 0x0, 0x4}, @kfunc={0x85, 0x0, 0x2, 0x0, 0x5}], &(0x7f0000000200)='GPL\x00', 0x9, 0x100a, &(0x7f0000001500)=""/4106, 0x41000, 0x1b, '\x00', r5, 0x0, r6, 0x8, &(0x7f0000001380)={0x5, 0x5}, 0x8, 0x10, &(0x7f00000013c0)={0x0, 0x1, 0x8003, 0x80000001}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000001440)=[r7, r8, r9, r3, r10, r3]}, 0x80)

11:47:13 executing program 2:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x4d000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

11:47:13 executing program 5:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000) (fail_nth: 17)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

11:47:13 executing program 0:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(0x0, 0x1c5b42, 0x0)
syz_open_procfs(0x0, &(0x7f00000001c0)='net/ip_vs_stats\x00')
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

11:47:13 executing program 3:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x8000000a)

11:47:13 executing program 1:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mount(0x0, 0x0, 0x0, 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000010)
ioctl$BTRFS_IOC_GET_DEV_STATS(0xffffffffffffffff, 0xc4089434, 0x0)

11:47:13 executing program 2:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x4e000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

[  337.066283][T25252] loop5: detected capacity change from 0 to 262160
[  337.066286][T25251] loop0: detected capacity change from 0 to 262160
[  337.068686][T25253] loop3: detected capacity change from 0 to 262160
[  337.099434][T25256] loop1: detected capacity change from 0 to 262160
[  337.118029][T25252] FAULT_INJECTION: forcing a failure.
[  337.118029][T25252] name failslab, interval 1, probability 0, space 0, times 0
[  337.130714][T25252] CPU: 0 PID: 25252 Comm: syz-executor.5 Not tainted 5.18.0-rc2-syzkaller-00275-g59250f8a7f3a-dirty #0
[  337.141737][T25252] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  337.151791][T25252] Call Trace:
[  337.155059][T25252]  <TASK>
[  337.157978][T25252]  dump_stack_lvl+0xd6/0x122
[  337.162559][T25252]  dump_stack+0x11/0x12
[  337.166705][T25252]  should_fail+0x230/0x240
[  337.171112][T25252]  __should_failslab+0x81/0x90
[  337.175942][T25252]  ? mempool_alloc_slab+0x16/0x20
[  337.180952][T25252]  should_failslab+0x5/0x20
[  337.185544][T25252]  kmem_cache_alloc+0x46/0x300
[  337.190343][T25252]  ? folio_mark_accessed+0x12f/0x380
[  337.195699][T25252]  mempool_alloc_slab+0x16/0x20
[  337.200534][T25252]  ? mempool_free+0x130/0x130
[  337.205200][T25252]  mempool_alloc+0x9f/0x2a0
[  337.209723][T25252]  bio_alloc_bioset+0xe4/0x730
[  337.214476][T25252]  submit_bh_wbc+0x161/0x2f0
[  337.219114][T25252]  write_dirty_buffer+0xdb/0xe0
[  337.223953][T25252]  fat_sync_bhs+0x52/0x160
[  337.228361][T25252]  fat_alloc_clusters+0x935/0xa80
[  337.233378][T25252]  fat_get_block+0x263/0x600
[  337.237962][T25252]  ? fat_block_truncate_page+0x30/0x30
[  337.243412][T25252]  __block_write_begin_int+0x33d/0xc90
[  337.248884][T25252]  ? fat_block_truncate_page+0x30/0x30
[  337.254334][T25252]  ? fat_block_truncate_page+0x30/0x30
[  337.259932][T25252]  block_write_begin+0x77/0x170
[  337.264893][T25252]  ? cont_write_begin+0x3aa/0x500
[  337.269950][T25252]  cont_write_begin+0x3cf/0x500
[  337.274791][T25252]  fat_write_begin+0x61/0xf0
[  337.279369][T25252]  ? fat_block_truncate_page+0x30/0x30
[  337.284820][T25252]  generic_perform_write+0x1d6/0x3f0
[  337.290094][T25252]  __generic_file_write_iter+0xe3/0x280
[  337.295697][T25252]  ? generic_write_checks+0x256/0x290
[  337.301071][T25252]  generic_file_write_iter+0x75/0x130
[  337.306430][T25252]  vfs_write+0x71c/0x890
[  337.310763][T25252]  ksys_write+0xe8/0x1a0
[  337.314995][T25252]  __x64_sys_write+0x3e/0x50
[  337.319574][T25252]  do_syscall_64+0x2b/0x70
[  337.324034][T25252]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  337.329917][T25252] RIP: 0033:0x7ff4e0daf0e9
[  337.334319][T25252] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[  337.353962][T25252] RSP: 002b:00007ff4e0525168 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
11:47:13 executing program 2:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x4f000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

[  337.362443][T25252] RAX: ffffffffffffffda RBX: 00007ff4e0ec1f60 RCX: 00007ff4e0daf0e9
[  337.370400][T25252] RDX: 0000000008800000 RSI: 0000000020000040 RDI: 0000000000000003
[  337.378354][T25252] RBP: 00007ff4e05251d0 R08: 0000000000000000 R09: 0000000000000000
[  337.386307][T25252] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  337.394374][T25252] R13: 00007ffc4f15e08f R14: 00007ff4e0525300 R15: 0000000000022000
[  337.402333][T25252]  </TASK>
11:47:13 executing program 2:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x50000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

11:47:13 executing program 2:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x51000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

[  337.468691][T25266] loop4: detected capacity change from 0 to 262160
[  337.496398][T25266] FAT-fs (loop4): Unrecognized mount option "ë<�" or missing value
11:47:13 executing program 4:
r0 = syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x4, 0x2, &(0x7f0000000240)=[{&(0x7f0000000180)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014006, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r1, &(0x7f0000000040)=ANY=[], 0x8800000)
r2 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r2, r3, 0x0, 0x80000001)
syz_open_dev$vcsn(&(0x7f00000000c0), 0xfffffffffffffffb, 0x64101)
r4 = fcntl$dupfd(r0, 0x406, r0)
ioctl$sock_ipv6_tunnel_SIOCADDPRL(r2, 0x89f5, &(0x7f0000000280)={'syztnl0\x00', &(0x7f0000001300)={'sit0\x00', <r5=>0x0, 0x4, 0x7f, 0x2, 0x80, 0x4, @loopback, @mcast2, 0x1, 0x7, 0x3f, 0x1}})
r6 = creat(&(0x7f0000000100)='./bus\x00', 0x0)
fallocate(r6, 0x100000003, 0x80019b, 0x80019c)
r7 = syz_io_uring_complete(0x0)
r8 = creat(&(0x7f00000001c0)='./bus\x00', 0x0)
lseek(r8, 0x7ffffe, 0x0)
write$binfmt_elf64(r8, &(0x7f0000000280)=ANY=[], 0x1a0)
ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(r3, 0xc018937d, &(0x7f0000001400)={{0x1, 0x1, 0x18, <r9=>r1, {0x6}}, './bus\x00'})
r10 = creat(&(0x7f0000000100)='./bus\x00', 0x0)
fallocate(r10, 0x100000003, 0x80019b, 0x80019c)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001480)={0x11, 0xd, &(0x7f0000000300)=@raw=[@initr0={0x18, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x2}, @alu={0xe, 0x0, 0x6, 0x9, 0x1, 0x0, 0x4}, @map_val={0x18, 0x0, 0x2, 0x0, r4, 0x0, 0x0, 0x0, 0x7}, @btf_id={0x18, 0x9, 0x3, 0x0, 0x5}, @generic={0x1e, 0x4, 0xb, 0x1f, 0xfffffffb}, @btf_id={0x18, 0x7, 0x3, 0x0, 0x1}, @btf_id={0x18, 0xb, 0x3, 0x0, 0x4}, @kfunc={0x85, 0x0, 0x2, 0x0, 0x5}], &(0x7f0000000200)='GPL\x00', 0x9, 0x100a, &(0x7f0000001500)=""/4106, 0x41000, 0x1b, '\x00', r5, 0x0, r6, 0x8, &(0x7f0000001380)={0x5, 0x5}, 0x8, 0x10, &(0x7f00000013c0)={0x0, 0x1, 0x8003, 0x80000001}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000001440)=[r7, r8, r9, r3, r10, r3]}, 0x80)
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x4, 0x2, &(0x7f0000000240)=[{&(0x7f0000000180)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014006, &(0x7f0000000180)=ANY=[]) (async)
chdir(&(0x7f0000000140)='./file0\x00') (async)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0) (async)
write$binfmt_script(r1, &(0x7f0000000040)=ANY=[], 0x8800000) (async)
open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0) (async)
openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) (async)
sendfile(r2, r3, 0x0, 0x80000001) (async)
syz_open_dev$vcsn(&(0x7f00000000c0), 0xfffffffffffffffb, 0x64101) (async)
fcntl$dupfd(r0, 0x406, r0) (async)
ioctl$sock_ipv6_tunnel_SIOCADDPRL(r2, 0x89f5, &(0x7f0000000280)={'syztnl0\x00', &(0x7f0000001300)={'sit0\x00', 0x0, 0x4, 0x7f, 0x2, 0x80, 0x4, @loopback, @mcast2, 0x1, 0x7, 0x3f, 0x1}}) (async)
creat(&(0x7f0000000100)='./bus\x00', 0x0) (async)
fallocate(r6, 0x100000003, 0x80019b, 0x80019c) (async)
syz_io_uring_complete(0x0) (async)
creat(&(0x7f00000001c0)='./bus\x00', 0x0) (async)
lseek(r8, 0x7ffffe, 0x0) (async)
write$binfmt_elf64(r8, &(0x7f0000000280)=ANY=[], 0x1a0) (async)
ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(r3, 0xc018937d, &(0x7f0000001400)={{0x1, 0x1, 0x18, r1, {0x6}}, './bus\x00'}) (async)
creat(&(0x7f0000000100)='./bus\x00', 0x0) (async)
fallocate(r10, 0x100000003, 0x80019b, 0x80019c) (async)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001480)={0x11, 0xd, &(0x7f0000000300)=@raw=[@initr0={0x18, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x2}, @alu={0xe, 0x0, 0x6, 0x9, 0x1, 0x0, 0x4}, @map_val={0x18, 0x0, 0x2, 0x0, r4, 0x0, 0x0, 0x0, 0x7}, @btf_id={0x18, 0x9, 0x3, 0x0, 0x5}, @generic={0x1e, 0x4, 0xb, 0x1f, 0xfffffffb}, @btf_id={0x18, 0x7, 0x3, 0x0, 0x1}, @btf_id={0x18, 0xb, 0x3, 0x0, 0x4}, @kfunc={0x85, 0x0, 0x2, 0x0, 0x5}], &(0x7f0000000200)='GPL\x00', 0x9, 0x100a, &(0x7f0000001500)=""/4106, 0x41000, 0x1b, '\x00', r5, 0x0, r6, 0x8, &(0x7f0000001380)={0x5, 0x5}, 0x8, 0x10, &(0x7f00000013c0)={0x0, 0x1, 0x8003, 0x80000001}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000001440)=[r7, r8, r9, r3, r10, r3]}, 0x80) (async)

11:47:13 executing program 2:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x52000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

11:47:13 executing program 2:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x53000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

[  337.573274][T25278] loop4: detected capacity change from 0 to 262160
[  337.586978][T25278] FAT-fs (loop4): Unrecognized mount option "ë<�" or missing value
11:47:13 executing program 0:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0)
syz_open_procfs(0x0, &(0x7f00000001c0)='net/ip_vs_stats\x00')
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

11:47:13 executing program 5:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000) (fail_nth: 18)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

11:47:13 executing program 2:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x54000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

[  337.722679][T25285] loop0: detected capacity change from 0 to 262160
[  337.802768][T25290] loop5: detected capacity change from 0 to 262160
[  337.830955][T25290] FAULT_INJECTION: forcing a failure.
[  337.830955][T25290] name failslab, interval 1, probability 0, space 0, times 0
[  337.843663][T25290] CPU: 1 PID: 25290 Comm: syz-executor.5 Not tainted 5.18.0-rc2-syzkaller-00275-g59250f8a7f3a-dirty #0
[  337.854686][T25290] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  337.864738][T25290] Call Trace:
[  337.868012][T25290]  <TASK>
[  337.870977][T25290]  dump_stack_lvl+0xd6/0x122
[  337.875594][T25290]  dump_stack+0x11/0x12
[  337.879753][T25290]  should_fail+0x230/0x240
[  337.884173][T25290]  __should_failslab+0x81/0x90
[  337.888998][T25290]  ? mempool_alloc_slab+0x16/0x20
[  337.894025][T25290]  should_failslab+0x5/0x20
[  337.898540][T25290]  kmem_cache_alloc+0x46/0x300
[  337.903415][T25290]  mempool_alloc_slab+0x16/0x20
[  337.908322][T25290]  ? mempool_free+0x130/0x130
[  337.913040][T25290]  mempool_alloc+0x9f/0x2a0
[  337.917553][T25290]  bio_alloc_bioset+0xe4/0x730
[  337.922403][T25290]  submit_bh_wbc+0x161/0x2f0
[  337.926998][T25290]  __sync_dirty_buffer+0x141/0x1f0
[  337.932113][T25290]  sync_dirty_buffer+0x16/0x20
[  337.936982][T25290]  fat_mirror_bhs+0x268/0x330
[  337.941695][T25290]  fat_alloc_clusters+0x983/0xa80
[  337.946758][T25290]  fat_get_block+0x263/0x600
11:47:14 executing program 3:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x8000000b)

[  337.951411][T25290]  ? fat_block_truncate_page+0x30/0x30
[  337.956942][T25290]  __block_write_begin_int+0x33d/0xc90
[  337.962409][T25290]  ? fat_block_truncate_page+0x30/0x30
[  337.967935][T25290]  ? fat_block_truncate_page+0x30/0x30
[  337.973455][T25290]  block_write_begin+0x77/0x170
[  337.978311][T25290]  ? cont_write_begin+0x3aa/0x500
[  337.983318][T25290]  cont_write_begin+0x3cf/0x500
[  337.988278][T25290]  fat_write_begin+0x61/0xf0
[  337.992951][T25290]  ? fat_block_truncate_page+0x30/0x30
[  337.998432][T25290]  generic_perform_write+0x1d6/0x3f0
[  338.003774][T25290]  __generic_file_write_iter+0xe3/0x280
[  338.009296][T25290]  ? generic_write_checks+0x256/0x290
[  338.014712][T25290]  generic_file_write_iter+0x75/0x130
[  338.020117][T25290]  vfs_write+0x71c/0x890
[  338.024439][T25290]  ksys_write+0xe8/0x1a0
[  338.028731][T25290]  __x64_sys_write+0x3e/0x50
[  338.033305][T25290]  do_syscall_64+0x2b/0x70
[  338.037702][T25290]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  338.043577][T25290] RIP: 0033:0x7ff4e0daf0e9
[  338.048060][T25290] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[  338.067669][T25290] RSP: 002b:00007ff4e0525168 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  338.076061][T25290] RAX: ffffffffffffffda RBX: 00007ff4e0ec1f60 RCX: 00007ff4e0daf0e9
[  338.084030][T25290] RDX: 0000000008800000 RSI: 0000000020000040 RDI: 0000000000000003
[  338.091987][T25290] RBP: 00007ff4e05251d0 R08: 0000000000000000 R09: 0000000000000000
11:47:14 executing program 1:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mount(0x0, 0x0, 0x0, 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000011)
ioctl$BTRFS_IOC_GET_DEV_STATS(0xffffffffffffffff, 0xc4089434, 0x0)

11:47:14 executing program 2:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x55000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

11:47:14 executing program 0:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0)
syz_open_procfs(0x0, &(0x7f00000001c0)='net/ip_vs_stats\x00')
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

11:47:14 executing program 4:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./bus\x00', 0x0, 0x5, &(0x7f0000000440)=[{&(0x7f00000000c0)="5460d7e75bc63ed2baa892e7068f568935751fc05944470842a9c40f", 0x1c, 0x8}, {&(0x7f0000000180)="b78d798f75bab45453f6d37958d2f80d2b2a8b5b57d5ce55fd727147cd851af5910bf3aa424dc098630c9988bbd3cbdc84d7eb1e3d61c1485a13d39d0aefd97a9583f6862c12ce10ca5ec7a9", 0x4c, 0x5d637657}, {&(0x7f0000000200)="a714e414b41b1b1d56c4a73bd4c4c45962bc1a489d012185782447a6a57c44632b88b715b967f8d03cfab93bf681cd28d1", 0x31, 0x9}, {&(0x7f0000000240)="821434cd276e538f58ce92b6129dcbdf48c31fcdc9d58da51edf40c8c7ea97c9db3ab2ea351eaf6e563298585063aaebff425eb9134c3ced80564688652853219d8987db2779a4571c9f0ba8582422a6c98a74039c71efcd3feeaa416517515309d107acfa4c5f7db81a753a956f6269a20f36b0ec54e072170f432ba444d76d2bbdf8c7a891329eacced5a606feab20d74e0c1cb324df492265b8195c6064fe02527b44717f6528712881545deddc62266f3c1a237057fa8c7cfc52f8a4d1580b911e48ff27899050cd3e42f16086f4a5cb1599ac69", 0xd6, 0x800}, {&(0x7f0000000340)="007c1b01832a72f100a5c9c547eb3c99c4dc00c1a9e2f1bb36584e462c4e3e9ecf97bd7d11cbe6063f2451b7a9852ce1a6cac95c7568f70bc138512617aa54a2a249a3ad2b961bb6f7fd5ad62a2406ccd79dae3b2aa0af0171d19d3f462895d2935267268cfbb4ca0b8fd2d257783508c212160e1c8e650bc455575d01b9da8ab9f4fc0469672d0c1d6d2f0dfc66734826040a52271124038892e57dc64019f9af180857e97db5477046d0686a97336e4178e83cc3b5cec4a12f8d18b225489bfeff89297014", 0xc6, 0x2}], 0x1714014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

11:47:14 executing program 2:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x56000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

[  338.099937][T25290] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  338.107889][T25290] R13: 00007ffc4f15e08f R14: 00007ff4e0525300 R15: 0000000000022000
[  338.115846][T25290]  </TASK>
11:47:14 executing program 2:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x57000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

[  338.179162][T25298] loop0: detected capacity change from 0 to 262160
[  338.189381][T25299] loop4: detected capacity change from 0 to 264192
11:47:14 executing program 5:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000) (fail_nth: 19)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

11:47:14 executing program 2:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x58000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

[  338.289838][T25306] loop1: detected capacity change from 0 to 262160
[  338.295581][T25307] loop3: detected capacity change from 0 to 262160
11:47:14 executing program 2:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x59000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

[  338.374085][T25313] loop5: detected capacity change from 0 to 262160
11:47:14 executing program 0:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0)
syz_open_procfs(0x0, &(0x7f00000001c0)='net/ip_vs_stats\x00')
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

11:47:14 executing program 2:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x5a000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

[  338.433749][T25313] FAULT_INJECTION: forcing a failure.
[  338.433749][T25313] name failslab, interval 1, probability 0, space 0, times 0
[  338.446441][T25313] CPU: 0 PID: 25313 Comm: syz-executor.5 Not tainted 5.18.0-rc2-syzkaller-00275-g59250f8a7f3a-dirty #0
[  338.457475][T25313] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  338.467577][T25313] Call Trace:
[  338.470859][T25313]  <TASK>
[  338.473792][T25313]  dump_stack_lvl+0xd6/0x122
[  338.478398][T25313]  dump_stack+0x11/0x12
[  338.482626][T25313]  should_fail+0x230/0x240
[  338.487052][T25313]  __should_failslab+0x81/0x90
[  338.491817][T25313]  ? mempool_alloc_slab+0x16/0x20
[  338.496842][T25313]  should_failslab+0x5/0x20
[  338.501419][T25313]  kmem_cache_alloc+0x46/0x300
[  338.506181][T25313]  mempool_alloc_slab+0x16/0x20
[  338.511078][T25313]  ? mempool_free+0x130/0x130
[  338.515759][T25313]  mempool_alloc+0x9f/0x2a0
[  338.520264][T25313]  bio_alloc_bioset+0xe4/0x730
[  338.525032][T25313]  submit_bh_wbc+0x161/0x2f0
11:47:14 executing program 3:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x8000000c)

[  338.529654][T25313]  write_dirty_buffer+0xdb/0xe0
[  338.534634][T25313]  fat_sync_bhs+0x52/0x160
[  338.539069][T25313]  fat_ent_write+0x85/0xd0
[  338.543530][T25313]  fat_chain_add+0x15b/0x410
[  338.548189][T25313]  fat_get_block+0x486/0x600
[  338.552788][T25313]  ? fat_block_truncate_page+0x30/0x30
[  338.558328][T25313]  __block_write_begin_int+0x33d/0xc90
[  338.563872][T25313]  ? fat_block_truncate_page+0x30/0x30
[  338.569339][T25313]  ? fat_block_truncate_page+0x30/0x30
[  338.574806][T25313]  block_write_begin+0x77/0x170
[  338.579668][T25313]  ? cont_write_begin+0x3aa/0x500
11:47:14 executing program 1:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mount(0x0, 0x0, 0x0, 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000089)
ioctl$BTRFS_IOC_GET_DEV_STATS(0xffffffffffffffff, 0xc4089434, 0x0)

[  338.584763][T25313]  cont_write_begin+0x3cf/0x500
[  338.589627][T25313]  fat_write_begin+0x61/0xf0
[  338.594230][T25313]  ? fat_block_truncate_page+0x30/0x30
[  338.599698][T25313]  generic_perform_write+0x1d6/0x3f0
[  338.605040][T25313]  __generic_file_write_iter+0xe3/0x280
[  338.610641][T25313]  ? generic_write_checks+0x256/0x290
[  338.616020][T25313]  generic_file_write_iter+0x75/0x130
[  338.621391][T25313]  vfs_write+0x71c/0x890
[  338.625646][T25313]  ksys_write+0xe8/0x1a0
[  338.629964][T25313]  __x64_sys_write+0x3e/0x50
[  338.634561][T25313]  do_syscall_64+0x2b/0x70
[  338.639027][T25313]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  338.644920][T25313] RIP: 0033:0x7ff4e0daf0e9
[  338.649331][T25313] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[  338.668989][T25313] RSP: 002b:00007ff4e0525168 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
11:47:14 executing program 2:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x5b000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

11:47:14 executing program 4:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./bus\x00', 0x0, 0x5, &(0x7f0000000440)=[{&(0x7f00000000c0)="5460d7e75bc63ed2baa892e7068f568935751fc05944470842a9c40f", 0x1c, 0x8}, {&(0x7f0000000180)="b78d798f75bab45453f6d37958d2f80d2b2a8b5b57d5ce55fd727147cd851af5910bf3aa424dc098630c9988bbd3cbdc84d7eb1e3d61c1485a13d39d0aefd97a9583f6862c12ce10ca5ec7a9", 0x4c, 0x5d637657}, {&(0x7f0000000200)="a714e414b41b1b1d56c4a73bd4c4c45962bc1a489d012185782447a6a57c44632b88b715b967f8d03cfab93bf681cd28d1", 0x31, 0x9}, {&(0x7f0000000240)="821434cd276e538f58ce92b6129dcbdf48c31fcdc9d58da51edf40c8c7ea97c9db3ab2ea351eaf6e563298585063aaebff425eb9134c3ced80564688652853219d8987db2779a4571c9f0ba8582422a6c98a74039c71efcd3feeaa416517515309d107acfa4c5f7db81a753a956f6269a20f36b0ec54e072170f432ba444d76d2bbdf8c7a891329eacced5a606feab20d74e0c1cb324df492265b8195c6064fe02527b44717f6528712881545deddc62266f3c1a237057fa8c7cfc52f8a4d1580b911e48ff27899050cd3e42f16086f4a5cb1599ac69", 0xd6, 0x800}, {&(0x7f0000000340)="007c1b01832a72f100a5c9c547eb3c99c4dc00c1a9e2f1bb36584e462c4e3e9ecf97bd7d11cbe6063f2451b7a9852ce1a6cac95c7568f70bc138512617aa54a2a249a3ad2b961bb6f7fd5ad62a2406ccd79dae3b2aa0af0171d19d3f462895d2935267268cfbb4ca0b8fd2d257783508c212160e1c8e650bc455575d01b9da8ab9f4fc0469672d0c1d6d2f0dfc66734826040a52271124038892e57dc64019f9af180857e97db5477046d0686a97336e4178e83cc3b5cec4a12f8d18b225489bfeff89297014", 0xc6, 0x2}], 0x1714014, &(0x7f0000000180)=ANY=[]) (async)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000) (async)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0) (async)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

[  338.677533][T25313] RAX: ffffffffffffffda RBX: 00007ff4e0ec1f60 RCX: 00007ff4e0daf0e9
[  338.685506][T25313] RDX: 0000000008800000 RSI: 0000000020000040 RDI: 0000000000000003
[  338.693474][T25313] RBP: 00007ff4e05251d0 R08: 0000000000000000 R09: 0000000000000000
[  338.701532][T25313] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  338.709504][T25313] R13: 00007ffc4f15e08f R14: 00007ff4e0525300 R15: 0000000000022000
[  338.717574][T25313]  </TASK>
11:47:14 executing program 4:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./bus\x00', 0x0, 0x5, &(0x7f0000000440)=[{&(0x7f00000000c0)="5460d7e75bc63ed2baa892e7068f568935751fc05944470842a9c40f", 0x1c, 0x8}, {&(0x7f0000000180)="b78d798f75bab45453f6d37958d2f80d2b2a8b5b57d5ce55fd727147cd851af5910bf3aa424dc098630c9988bbd3cbdc84d7eb1e3d61c1485a13d39d0aefd97a9583f6862c12ce10ca5ec7a9", 0x4c, 0x5d637657}, {&(0x7f0000000200)="a714e414b41b1b1d56c4a73bd4c4c45962bc1a489d012185782447a6a57c44632b88b715b967f8d03cfab93bf681cd28d1", 0x31, 0x9}, {&(0x7f0000000240)="821434cd276e538f58ce92b6129dcbdf48c31fcdc9d58da51edf40c8c7ea97c9db3ab2ea351eaf6e563298585063aaebff425eb9134c3ced80564688652853219d8987db2779a4571c9f0ba8582422a6c98a74039c71efcd3feeaa416517515309d107acfa4c5f7db81a753a956f6269a20f36b0ec54e072170f432ba444d76d2bbdf8c7a891329eacced5a606feab20d74e0c1cb324df492265b8195c6064fe02527b44717f6528712881545deddc62266f3c1a237057fa8c7cfc52f8a4d1580b911e48ff27899050cd3e42f16086f4a5cb1599ac69", 0xd6, 0x800}, {&(0x7f0000000340)="007c1b01832a72f100a5c9c547eb3c99c4dc00c1a9e2f1bb36584e462c4e3e9ecf97bd7d11cbe6063f2451b7a9852ce1a6cac95c7568f70bc138512617aa54a2a249a3ad2b961bb6f7fd5ad62a2406ccd79dae3b2aa0af0171d19d3f462895d2935267268cfbb4ca0b8fd2d257783508c212160e1c8e650bc455575d01b9da8ab9f4fc0469672d0c1d6d2f0dfc66734826040a52271124038892e57dc64019f9af180857e97db5477046d0686a97336e4178e83cc3b5cec4a12f8d18b225489bfeff89297014", 0xc6, 0x2}], 0x1714014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000) (async, rerun: 64)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0) (async, rerun: 64)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

11:47:14 executing program 2:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x5c000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

[  338.755458][T25325] loop4: detected capacity change from 0 to 264192
[  338.784992][T25335] loop3: detected capacity change from 0 to 262160
[  338.791952][T25337] loop0: detected capacity change from 0 to 262160
[  338.795209][T25339] loop1: detected capacity change from 0 to 262160
11:47:15 executing program 2:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x5d000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

11:47:15 executing program 5:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000) (fail_nth: 20)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

11:47:15 executing program 2:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x5e000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

11:47:15 executing program 2:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x5f000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

11:47:15 executing program 0:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
syz_open_procfs(0x0, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

11:47:15 executing program 2:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x60000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

11:47:15 executing program 3:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x8000000d)

11:47:15 executing program 1:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mount(0x0, 0x0, 0x0, 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x800000d8)
ioctl$BTRFS_IOC_GET_DEV_STATS(0xffffffffffffffff, 0xc4089434, 0x0)

[  339.076548][T25352] loop5: detected capacity change from 0 to 262160
[  339.123655][T25352] FAULT_INJECTION: forcing a failure.
[  339.123655][T25352] name failslab, interval 1, probability 0, space 0, times 0
[  339.136415][T25352] CPU: 1 PID: 25352 Comm: syz-executor.5 Not tainted 5.18.0-rc2-syzkaller-00275-g59250f8a7f3a-dirty #0
[  339.147497][T25352] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  339.157629][T25352] Call Trace:
[  339.160901][T25352]  <TASK>
[  339.163827][T25352]  dump_stack_lvl+0xd6/0x122
[  339.168494][T25352]  dump_stack+0x11/0x12
[  339.172651][T25352]  should_fail+0x230/0x240
[  339.177069][T25352]  __should_failslab+0x81/0x90
[  339.181829][T25352]  ? mempool_alloc_slab+0x16/0x20
[  339.186863][T25352]  should_failslab+0x5/0x20
[  339.191361][T25352]  kmem_cache_alloc+0x46/0x300
[  339.196196][T25352]  mempool_alloc_slab+0x16/0x20
[  339.201052][T25352]  ? mempool_free+0x130/0x130
[  339.205733][T25352]  mempool_alloc+0x9f/0x2a0
[  339.210318][T25352]  bio_alloc_bioset+0xe4/0x730
[  339.215084][T25352]  submit_bh_wbc+0x161/0x2f0
11:47:15 executing program 2:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x61000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

[  339.219739][T25352]  __sync_dirty_buffer+0x141/0x1f0
[  339.224947][T25352]  sync_dirty_buffer+0x16/0x20
[  339.229713][T25352]  fat_mirror_bhs+0x268/0x330
[  339.234455][T25352]  fat_ent_write+0xc2/0xd0
[  339.238912][T25352]  fat_chain_add+0x15b/0x410
[  339.243579][T25352]  fat_get_block+0x486/0x600
[  339.248215][T25352]  ? fat_block_truncate_page+0x30/0x30
[  339.253714][T25352]  __block_write_begin_int+0x33d/0xc90
[  339.259251][T25352]  ? fat_block_truncate_page+0x30/0x30
[  339.264721][T25352]  ? fat_block_truncate_page+0x30/0x30
[  339.270179][T25352]  block_write_begin+0x77/0x170
[  339.275038][T25352]  ? cont_write_begin+0x3aa/0x500
[  339.280076][T25352]  cont_write_begin+0x3cf/0x500
[  339.284936][T25352]  fat_write_begin+0x61/0xf0
[  339.289569][T25352]  ? fat_block_truncate_page+0x30/0x30
[  339.295100][T25352]  generic_perform_write+0x1d6/0x3f0
[  339.300409][T25352]  __generic_file_write_iter+0xe3/0x280
[  339.305957][T25352]  ? generic_write_checks+0x256/0x290
[  339.311331][T25352]  generic_file_write_iter+0x75/0x130
[  339.316701][T25352]  vfs_write+0x71c/0x890
[  339.321121][T25352]  ksys_write+0xe8/0x1a0
[  339.325407][T25352]  __x64_sys_write+0x3e/0x50
[  339.330120][T25352]  do_syscall_64+0x2b/0x70
[  339.334544][T25352]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  339.340438][T25352] RIP: 0033:0x7ff4e0daf0e9
[  339.344850][T25352] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[  339.364508][T25352] RSP: 002b:00007ff4e0525168 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  339.372933][T25352] RAX: ffffffffffffffda RBX: 00007ff4e0ec1f60 RCX: 00007ff4e0daf0e9
[  339.380904][T25352] RDX: 0000000008800000 RSI: 0000000020000040 RDI: 0000000000000003
[  339.388904][T25352] RBP: 00007ff4e05251d0 R08: 0000000000000000 R09: 0000000000000000
[  339.396965][T25352] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  339.405022][T25352] R13: 00007ffc4f15e08f R14: 00007ff4e0525300 R15: 0000000000022000
[  339.413001][T25352]  </TASK>
11:47:15 executing program 2:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x62000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

[  339.442401][T25359] loop1: detected capacity change from 0 to 262160
[  339.463050][T25361] loop3: detected capacity change from 0 to 262160
[  339.470057][T25363] loop0: detected capacity change from 0 to 262160
11:47:15 executing program 4:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = openat$null(0xffffffffffffff9c, &(0x7f00000000c0), 0x210000, 0x0)
setsockopt$RXRPC_SECURITY_KEY(r1, 0x110, 0x1, &(0x7f0000000180)='$\']&\\\x00', 0x6)
r2 = open(&(0x7f0000000080)='./bus\x00', 0x1c5942, 0x63)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r2, r3, 0x0, 0x80000001)

11:47:15 executing program 2:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x63000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

11:47:15 executing program 2:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x64000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

11:47:15 executing program 5:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000) (fail_nth: 21)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

11:47:15 executing program 0:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
syz_open_procfs(0x0, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

11:47:15 executing program 1:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mount(0x0, 0x0, 0x0, 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x800000d9)
ioctl$BTRFS_IOC_GET_DEV_STATS(0xffffffffffffffff, 0xc4089434, 0x0)

11:47:15 executing program 2:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x65000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

11:47:15 executing program 3:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x8000000f)

11:47:15 executing program 2:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x66000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

[  339.794160][T25380] loop5: detected capacity change from 0 to 262160
[  339.802064][T25382] loop0: detected capacity change from 0 to 262160
[  339.818360][T25385] loop3: detected capacity change from 0 to 262160
[  339.818738][T25386] loop1: detected capacity change from 0 to 262160
11:47:16 executing program 2:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x67000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

[  339.841368][T25388] loop4: detected capacity change from 0 to 262160
[  339.865747][T25380] FAULT_INJECTION: forcing a failure.
[  339.865747][T25380] name failslab, interval 1, probability 0, space 0, times 0
[  339.878430][T25380] CPU: 1 PID: 25380 Comm: syz-executor.5 Not tainted 5.18.0-rc2-syzkaller-00275-g59250f8a7f3a-dirty #0
[  339.889464][T25380] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  339.899517][T25380] Call Trace:
[  339.902828][T25380]  <TASK>
[  339.905755][T25380]  dump_stack_lvl+0xd6/0x122
[  339.910357][T25380]  dump_stack+0x11/0x12
11:47:16 executing program 2:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x68000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

[  339.914518][T25380]  should_fail+0x230/0x240
[  339.918944][T25380]  __should_failslab+0x81/0x90
[  339.923742][T25380]  ? mempool_alloc_slab+0x16/0x20
[  339.928768][T25380]  should_failslab+0x5/0x20
[  339.933304][T25380]  kmem_cache_alloc+0x46/0x300
[  339.938156][T25380]  mempool_alloc_slab+0x16/0x20
[  339.943055][T25380]  ? mempool_free+0x130/0x130
[  339.947832][T25380]  mempool_alloc+0x9f/0x2a0
[  339.952346][T25380]  bio_alloc_bioset+0xe4/0x730
[  339.957148][T25380]  submit_bh_wbc+0x161/0x2f0
[  339.961749][T25380]  __sync_dirty_buffer+0x141/0x1f0
[  339.966938][T25380]  sync_dirty_buffer+0x16/0x20
[  339.971714][T25380]  fat_mirror_bhs+0x268/0x330
[  339.976444][T25380]  fat_ent_write+0xc2/0xd0
[  339.980880][T25380]  fat_chain_add+0x15b/0x410
[  339.985563][T25380]  fat_get_block+0x486/0x600
[  339.990229][T25380]  ? fat_block_truncate_page+0x30/0x30
[  339.995838][T25380]  __block_write_begin_int+0x33d/0xc90
[  340.001316][T25380]  ? fat_block_truncate_page+0x30/0x30
[  340.006829][T25380]  ? fat_block_truncate_page+0x30/0x30
[  340.012312][T25380]  block_write_begin+0x77/0x170
[  340.017182][T25380]  ? cont_write_begin+0x3aa/0x500
[  340.022304][T25380]  cont_write_begin+0x3cf/0x500
[  340.027207][T25380]  fat_write_begin+0x61/0xf0
[  340.031890][T25380]  ? fat_block_truncate_page+0x30/0x30
[  340.037354][T25380]  generic_perform_write+0x1d6/0x3f0
[  340.042644][T25380]  __generic_file_write_iter+0xe3/0x280
[  340.048191][T25380]  ? generic_write_checks+0x256/0x290
[  340.053629][T25380]  generic_file_write_iter+0x75/0x130
[  340.059003][T25380]  vfs_write+0x71c/0x890
[  340.063286][T25380]  ksys_write+0xe8/0x1a0
[  340.067559][T25380]  __x64_sys_write+0x3e/0x50
[  340.072197][T25380]  do_syscall_64+0x2b/0x70
[  340.076622][T25380]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  340.082518][T25380] RIP: 0033:0x7ff4e0daf0e9
[  340.086942][T25380] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[  340.106550][T25380] RSP: 002b:00007ff4e0525168 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
11:47:16 executing program 2:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x69000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

[  340.114967][T25380] RAX: ffffffffffffffda RBX: 00007ff4e0ec1f60 RCX: 00007ff4e0daf0e9
[  340.122941][T25380] RDX: 0000000008800000 RSI: 0000000020000040 RDI: 0000000000000003
[  340.130911][T25380] RBP: 00007ff4e05251d0 R08: 0000000000000000 R09: 0000000000000000
[  340.138891][T25380] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  340.146864][T25380] R13: 00007ffc4f15e08f R14: 00007ff4e0525300 R15: 0000000000022000
[  340.154837][T25380]  </TASK>
11:47:16 executing program 3:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000010)

11:47:16 executing program 0:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
syz_open_procfs(0x0, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

11:47:16 executing program 2:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x6a000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

11:47:16 executing program 5:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000) (fail_nth: 22)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

11:47:16 executing program 4:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = openat$null(0xffffffffffffff9c, &(0x7f00000000c0), 0x210000, 0x0)
setsockopt$RXRPC_SECURITY_KEY(r1, 0x110, 0x1, &(0x7f0000000180)='$\']&\\\x00', 0x6)
r2 = open(&(0x7f0000000080)='./bus\x00', 0x1c5942, 0x63)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r2, r3, 0x0, 0x80000001)
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[]) (async)
chdir(&(0x7f0000000140)='./file0\x00') (async)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0) (async)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000) (async)
openat$null(0xffffffffffffff9c, &(0x7f00000000c0), 0x210000, 0x0) (async)
setsockopt$RXRPC_SECURITY_KEY(r1, 0x110, 0x1, &(0x7f0000000180)='$\']&\\\x00', 0x6) (async)
open(&(0x7f0000000080)='./bus\x00', 0x1c5942, 0x63) (async)
openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) (async)
sendfile(r2, r3, 0x0, 0x80000001) (async)

11:47:16 executing program 1:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mount(0x0, 0x0, 0x0, 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x800000da)
ioctl$BTRFS_IOC_GET_DEV_STATS(0xffffffffffffffff, 0xc4089434, 0x0)

11:47:16 executing program 2:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x6b000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

11:47:16 executing program 2:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x6c000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

[  340.318852][T25403] loop3: detected capacity change from 0 to 262160
[  340.329137][T25406] loop0: detected capacity change from 0 to 262160
[  340.336066][T25407] loop1: detected capacity change from 0 to 262160
11:47:16 executing program 2:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x6d000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

[  340.392771][T25411] loop4: detected capacity change from 0 to 262160
[  340.393838][T25415] loop5: detected capacity change from 0 to 262160
[  340.453381][T25415] FAULT_INJECTION: forcing a failure.
[  340.453381][T25415] name failslab, interval 1, probability 0, space 0, times 0
[  340.466048][T25415] CPU: 1 PID: 25415 Comm: syz-executor.5 Not tainted 5.18.0-rc2-syzkaller-00275-g59250f8a7f3a-dirty #0
[  340.477173][T25415] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  340.487230][T25415] Call Trace:
[  340.490504][T25415]  <TASK>
[  340.493426][T25415]  dump_stack_lvl+0xd6/0x122
[  340.498118][T25415]  dump_stack+0x11/0x12
11:47:16 executing program 2:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x6e000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

[  340.502275][T25415]  should_fail+0x230/0x240
[  340.506709][T25415]  __should_failslab+0x81/0x90
[  340.511474][T25415]  ? mempool_alloc_slab+0x16/0x20
[  340.516504][T25415]  should_failslab+0x5/0x20
[  340.521000][T25415]  kmem_cache_alloc+0x46/0x300
[  340.525766][T25415]  mempool_alloc_slab+0x16/0x20
[  340.530623][T25415]  ? mempool_free+0x130/0x130
[  340.535354][T25415]  mempool_alloc+0x9f/0x2a0
[  340.539865][T25415]  bio_alloc_bioset+0xe4/0x730
[  340.544629][T25415]  submit_bh_wbc+0x161/0x2f0
11:47:16 executing program 3:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000011)

[  340.549224][T25415]  __sync_dirty_buffer+0x141/0x1f0
[  340.554409][T25415]  sync_dirty_buffer+0x16/0x20
[  340.559283][T25415]  fat_mirror_bhs+0x268/0x330
[  340.564003][T25415]  fat_alloc_clusters+0x983/0xa80
[  340.569040][T25415]  fat_get_block+0x263/0x600
[  340.573712][T25415]  ? fat_block_truncate_page+0x30/0x30
[  340.579300][T25415]  __block_write_begin_int+0x33d/0xc90
[  340.584829][T25415]  ? fat_block_truncate_page+0x30/0x30
[  340.590365][T25415]  ? fat_block_truncate_page+0x30/0x30
[  340.595829][T25415]  block_write_begin+0x77/0x170
[  340.600678][T25415]  ? cont_write_begin+0x3aa/0x500
[  340.605714][T25415]  cont_write_begin+0x3cf/0x500
[  340.610574][T25415]  fat_write_begin+0x61/0xf0
[  340.615175][T25415]  ? fat_block_truncate_page+0x30/0x30
[  340.620655][T25415]  generic_perform_write+0x1d6/0x3f0
[  340.626018][T25415]  __generic_file_write_iter+0xe3/0x280
[  340.631604][T25415]  ? generic_write_checks+0x256/0x290
[  340.637030][T25415]  generic_file_write_iter+0x75/0x130
[  340.642404][T25415]  vfs_write+0x71c/0x890
[  340.646655][T25415]  ksys_write+0xe8/0x1a0
11:47:16 executing program 0:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
syz_open_procfs(0x0, &(0x7f00000001c0)='net/ip_vs_stats\x00')
r2 = openat(0xffffffffffffff9c, 0x0, 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

[  340.650901][T25415]  __x64_sys_write+0x3e/0x50
[  340.655496][T25415]  do_syscall_64+0x2b/0x70
[  340.659940][T25415]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  340.665833][T25415] RIP: 0033:0x7ff4e0daf0e9
[  340.670326][T25415] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[  340.689937][T25415] RSP: 002b:00007ff4e0525168 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
11:47:16 executing program 4:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00') (async)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = openat$null(0xffffffffffffff9c, &(0x7f00000000c0), 0x210000, 0x0)
setsockopt$RXRPC_SECURITY_KEY(r1, 0x110, 0x1, &(0x7f0000000180)='$\']&\\\x00', 0x6) (async)
r2 = open(&(0x7f0000000080)='./bus\x00', 0x1c5942, 0x63) (async)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r2, r3, 0x0, 0x80000001)

11:47:16 executing program 2:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x6f000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

11:47:16 executing program 1:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mount(0x0, 0x0, 0x0, 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x800000db)
ioctl$BTRFS_IOC_GET_DEV_STATS(0xffffffffffffffff, 0xc4089434, 0x0)

[  340.698346][T25415] RAX: ffffffffffffffda RBX: 00007ff4e0ec1f60 RCX: 00007ff4e0daf0e9
[  340.706324][T25415] RDX: 0000000008800000 RSI: 0000000020000040 RDI: 0000000000000003
[  340.714293][T25415] RBP: 00007ff4e05251d0 R08: 0000000000000000 R09: 0000000000000000
[  340.722298][T25415] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  340.730286][T25415] R13: 00007ffc4f15e08f R14: 00007ff4e0525300 R15: 0000000000022000
[  340.738264][T25415]  </TASK>
[  340.808578][T25438] loop1: detected capacity change from 0 to 262160
[  340.816985][T25437] loop3: detected capacity change from 0 to 262160
[  340.819322][T25441] loop0: detected capacity change from 0 to 262160
[  340.826232][T25442] loop4: detected capacity change from 0 to 262160
11:47:17 executing program 5:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000) (fail_nth: 23)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

11:47:17 executing program 2:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x70000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

11:47:17 executing program 4:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
umount2(&(0x7f00000000c0)='./file0/file0\x00', 0x4)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

11:47:17 executing program 2:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x71000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

[  341.011746][T25453] loop4: detected capacity change from 0 to 262160
11:47:17 executing program 3:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000089)

[  341.053052][T25455] loop5: detected capacity change from 0 to 262160
11:47:17 executing program 2:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x72000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

11:47:17 executing program 0:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
syz_open_procfs(0x0, &(0x7f00000001c0)='net/ip_vs_stats\x00')
r2 = openat(0xffffffffffffff9c, 0x0, 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

[  341.155023][T25460] FAULT_INJECTION: forcing a failure.
[  341.155023][T25460] name failslab, interval 1, probability 0, space 0, times 0
[  341.167693][T25460] CPU: 0 PID: 25460 Comm: syz-executor.5 Not tainted 5.18.0-rc2-syzkaller-00275-g59250f8a7f3a-dirty #0
[  341.168676][T25461] loop3: detected capacity change from 0 to 262160
[  341.178712][T25460] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  341.178728][T25460] Call Trace:
[  341.178735][T25460]  <TASK>
[  341.178742][T25460]  dump_stack_lvl+0xd6/0x122
[  341.178772][T25460]  dump_stack+0x11/0x12
[  341.178794][T25460]  should_fail+0x230/0x240
[  341.214609][T25460]  __should_failslab+0x81/0x90
[  341.219368][T25460]  ? mempool_alloc_slab+0x16/0x20
[  341.224432][T25460]  should_failslab+0x5/0x20
[  341.228923][T25460]  kmem_cache_alloc+0x46/0x300
[  341.233732][T25460]  mempool_alloc_slab+0x16/0x20
[  341.238634][T25460]  ? mempool_free+0x130/0x130
[  341.243296][T25460]  mempool_alloc+0x9f/0x2a0
[  341.247883][T25460]  bio_alloc_bioset+0xe4/0x730
[  341.252646][T25460]  submit_bh_wbc+0x161/0x2f0
[  341.257294][T25460]  __sync_dirty_buffer+0x141/0x1f0
[  341.262397][T25460]  sync_dirty_buffer+0x16/0x20
[  341.267227][T25460]  fat_mirror_bhs+0x268/0x330
[  341.271913][T25460]  fat_alloc_clusters+0x983/0xa80
[  341.276973][T25460]  fat_get_block+0x263/0x600
[  341.281651][T25460]  ? fat_block_truncate_page+0x30/0x30
[  341.287139][T25460]  __block_write_begin_int+0x33d/0xc90
[  341.292718][T25460]  ? fat_block_truncate_page+0x30/0x30
[  341.298228][T25460]  ? fat_block_truncate_page+0x30/0x30
[  341.303731][T25460]  block_write_begin+0x77/0x170
[  341.308571][T25460]  ? cont_write_begin+0x3aa/0x500
[  341.313591][T25460]  cont_write_begin+0x3cf/0x500
[  341.318433][T25460]  fat_write_begin+0x61/0xf0
[  341.323086][T25460]  ? fat_block_truncate_page+0x30/0x30
[  341.328536][T25460]  generic_perform_write+0x1d6/0x3f0
[  341.333817][T25460]  __generic_file_write_iter+0xe3/0x280
[  341.339352][T25460]  ? generic_write_checks+0x256/0x290
[  341.344710][T25460]  generic_file_write_iter+0x75/0x130
[  341.350104][T25460]  vfs_write+0x71c/0x890
[  341.354366][T25460]  ksys_write+0xe8/0x1a0
[  341.358641][T25460]  __x64_sys_write+0x3e/0x50
[  341.363258][T25460]  do_syscall_64+0x2b/0x70
[  341.367666][T25460]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  341.373676][T25460] RIP: 0033:0x7ff4e0daf0e9
[  341.378075][T25460] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[  341.397668][T25460] RSP: 002b:00007ff4e0504168 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
11:47:17 executing program 1:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mount(0x0, 0x0, 0x0, 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000600)
ioctl$BTRFS_IOC_GET_DEV_STATS(0xffffffffffffffff, 0xc4089434, 0x0)

[  341.406084][T25460] RAX: ffffffffffffffda RBX: 00007ff4e0ec2030 RCX: 00007ff4e0daf0e9
[  341.414047][T25460] RDX: 0000000008800000 RSI: 0000000020000040 RDI: 0000000000000004
[  341.422005][T25460] RBP: 00007ff4e05041d0 R08: 0000000000000000 R09: 0000000000000000
[  341.429977][T25460] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  341.437933][T25460] R13: 00007ffc4f15e08f R14: 00007ff4e0504300 R15: 0000000000022000
[  341.445894][T25460]  </TASK>
11:47:17 executing program 2:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x73000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

[  341.473693][T25466] loop0: detected capacity change from 0 to 262160
11:47:17 executing program 4:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[]) (async)
chdir(&(0x7f0000000140)='./file0\x00') (async)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
umount2(&(0x7f00000000c0)='./file0/file0\x00', 0x4) (async)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0) (async)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

11:47:17 executing program 2:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800002)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

[  341.522836][T25468] loop1: detected capacity change from 0 to 262160
[  341.583267][T25473] loop4: detected capacity change from 0 to 262160
11:47:17 executing program 4:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
umount2(&(0x7f00000000c0)='./file0/file0\x00', 0x4)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[]) (async)
chdir(&(0x7f0000000140)='./file0\x00') (async)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0) (async)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000) (async)
umount2(&(0x7f00000000c0)='./file0/file0\x00', 0x4) (async)
open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0) (async)
openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) (async)
sendfile(r1, r2, 0x0, 0x80000001) (async)

[  341.721041][T25483] loop4: detected capacity change from 0 to 262160
11:47:18 executing program 5:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000) (fail_nth: 24)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

11:47:18 executing program 0:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
syz_open_procfs(0x0, &(0x7f00000001c0)='net/ip_vs_stats\x00')
r2 = openat(0xffffffffffffff9c, 0x0, 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

11:47:18 executing program 1:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mount(0x0, 0x0, 0x0, 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x800011cf)
ioctl$BTRFS_IOC_GET_DEV_STATS(0xffffffffffffffff, 0xc4089434, 0x0)

11:47:18 executing program 4:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
open(&(0x7f00000000c0)='./file0\x00', 0x50000, 0x30)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

[  341.873715][T25486] loop0: detected capacity change from 0 to 262160
[  341.896442][T25496] loop5: detected capacity change from 0 to 262160
[  341.916261][T25498] loop1: detected capacity change from 0 to 262160
[  341.984106][T25501] loop4: detected capacity change from 0 to 262160
[  341.992396][T25496] FAULT_INJECTION: forcing a failure.
[  341.992396][T25496] name failslab, interval 1, probability 0, space 0, times 0
[  342.005141][T25496] CPU: 1 PID: 25496 Comm: syz-executor.5 Not tainted 5.18.0-rc2-syzkaller-00275-g59250f8a7f3a-dirty #0
[  342.016166][T25496] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  342.026219][T25496] Call Trace:
[  342.029596][T25496]  <TASK>
[  342.032520][T25496]  dump_stack_lvl+0xd6/0x122
[  342.037123][T25496]  dump_stack+0x11/0x12
[  342.041289][T25496]  should_fail+0x230/0x240
[  342.045752][T25496]  __should_failslab+0x81/0x90
[  342.050564][T25496]  ? mempool_alloc_slab+0x16/0x20
[  342.055588][T25496]  should_failslab+0x5/0x20
[  342.060100][T25496]  kmem_cache_alloc+0x46/0x300
[  342.065007][T25496]  mempool_alloc_slab+0x16/0x20
[  342.069862][T25496]  ? mempool_free+0x130/0x130
[  342.074541][T25496]  mempool_alloc+0x9f/0x2a0
[  342.079080][T25496]  bio_alloc_bioset+0xe4/0x730
[  342.083935][T25496]  submit_bh_wbc+0x161/0x2f0
[  342.088532][T25496]  __sync_dirty_buffer+0x141/0x1f0
[  342.093646][T25496]  sync_dirty_buffer+0x16/0x20
[  342.098457][T25496]  fat_mirror_bhs+0x268/0x330
[  342.103142][T25496]  fat_ent_write+0xc2/0xd0
[  342.107559][T25496]  fat_chain_add+0x15b/0x410
[  342.112159][T25496]  fat_get_block+0x486/0x600
[  342.116823][T25496]  ? fat_block_truncate_page+0x30/0x30
[  342.122289][T25496]  __block_write_begin_int+0x33d/0xc90
[  342.127754][T25496]  ? fat_block_truncate_page+0x30/0x30
[  342.133224][T25496]  ? fat_block_truncate_page+0x30/0x30
[  342.138690][T25496]  block_write_begin+0x77/0x170
[  342.143537][T25496]  ? cont_write_begin+0x3aa/0x500
[  342.148635][T25496]  cont_write_begin+0x3cf/0x500
[  342.153480][T25496]  fat_write_begin+0x61/0xf0
[  342.158062][T25496]  ? fat_block_truncate_page+0x30/0x30
[  342.163510][T25496]  generic_perform_write+0x1d6/0x3f0
[  342.168784][T25496]  __generic_file_write_iter+0xe3/0x280
[  342.174313][T25496]  ? generic_write_checks+0x256/0x290
[  342.179764][T25496]  generic_file_write_iter+0x75/0x130
[  342.185121][T25496]  vfs_write+0x71c/0x890
[  342.189416][T25496]  ksys_write+0xe8/0x1a0
[  342.193694][T25496]  __x64_sys_write+0x3e/0x50
[  342.198277][T25496]  do_syscall_64+0x2b/0x70
[  342.202685][T25496]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  342.208636][T25496] RIP: 0033:0x7ff4e0daf0e9
[  342.213034][T25496] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
11:47:18 executing program 0:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
syz_open_procfs(0x0, &(0x7f00000001c0)='net/ip_vs_stats\x00')
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(0xffffffffffffffff, r1, 0x0, 0x80000001)

11:47:18 executing program 3:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x800000d8)

[  342.232626][T25496] RSP: 002b:00007ff4e0525168 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  342.241027][T25496] RAX: ffffffffffffffda RBX: 00007ff4e0ec1f60 RCX: 00007ff4e0daf0e9
[  342.249010][T25496] RDX: 0000000008800000 RSI: 0000000020000040 RDI: 0000000000000003
[  342.256964][T25496] RBP: 00007ff4e05251d0 R08: 0000000000000000 R09: 0000000000000000
[  342.264924][T25496] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  342.272880][T25496] R13: 00007ffc4f15e08f R14: 00007ff4e0525300 R15: 0000000000022000
[  342.280902][T25496]  </TASK>
11:47:18 executing program 2:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800003)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

[  342.342303][T25507] loop0: detected capacity change from 0 to 262160
11:47:18 executing program 1:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mount(0x0, 0x0, 0x0, 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x800011de)
ioctl$BTRFS_IOC_GET_DEV_STATS(0xffffffffffffffff, 0xc4089434, 0x0)

[  342.468288][T25511] loop3: detected capacity change from 0 to 262160
11:47:18 executing program 5:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000) (fail_nth: 25)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

[  342.586044][T25516] loop1: detected capacity change from 0 to 262160
11:47:18 executing program 0:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
syz_open_procfs(0x0, &(0x7f00000001c0)='net/ip_vs_stats\x00')
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(0xffffffffffffffff, r1, 0x0, 0x80000001)

[  342.669339][T25519] loop5: detected capacity change from 0 to 262160
[  342.690579][T25519] FAULT_INJECTION: forcing a failure.
[  342.690579][T25519] name failslab, interval 1, probability 0, space 0, times 0
[  342.703315][T25519] CPU: 1 PID: 25519 Comm: syz-executor.5 Not tainted 5.18.0-rc2-syzkaller-00275-g59250f8a7f3a-dirty #0
[  342.714346][T25519] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  342.724468][T25519] Call Trace:
[  342.727745][T25519]  <TASK>
[  342.730731][T25519]  dump_stack_lvl+0xd6/0x122
[  342.735379][T25519]  dump_stack+0x11/0x12
[  342.739535][T25519]  should_fail+0x230/0x240
[  342.743952][T25519]  __should_failslab+0x81/0x90
[  342.748715][T25519]  ? mempool_alloc_slab+0x16/0x20
[  342.753744][T25519]  should_failslab+0x5/0x20
[  342.758244][T25519]  kmem_cache_alloc+0x46/0x300
[  342.763023][T25519]  ? folio_mark_accessed+0x12f/0x380
[  342.768454][T25519]  mempool_alloc_slab+0x16/0x20
[  342.773312][T25519]  ? mempool_free+0x130/0x130
[  342.778108][T25519]  mempool_alloc+0x9f/0x2a0
[  342.782620][T25519]  bio_alloc_bioset+0xe4/0x730
[  342.787390][T25519]  submit_bh_wbc+0x161/0x2f0
[  342.791987][T25519]  write_dirty_buffer+0xdb/0xe0
[  342.796845][T25519]  fat_sync_bhs+0x52/0x160
[  342.801272][T25519]  fat_alloc_clusters+0x935/0xa80
[  342.806400][T25519]  fat_get_block+0x263/0x600
[  342.811006][T25519]  ? fat_block_truncate_page+0x30/0x30
11:47:19 executing program 4:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[]) (async)
open(&(0x7f00000000c0)='./file0\x00', 0x50000, 0x30) (async)
chdir(&(0x7f0000000140)='./file0\x00') (async)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000) (async, rerun: 32)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0) (rerun: 32)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

11:47:19 executing program 1:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mount(0x0, 0x0, 0x0, 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80001902)
ioctl$BTRFS_IOC_GET_DEV_STATS(0xffffffffffffffff, 0xc4089434, 0x0)

[  342.816515][T25519]  __block_write_begin_int+0x33d/0xc90
[  342.822022][T25519]  ? fat_block_truncate_page+0x30/0x30
[  342.827502][T25519]  ? fat_block_truncate_page+0x30/0x30
[  342.832985][T25519]  block_write_begin+0x77/0x170
[  342.837888][T25519]  ? cont_write_begin+0x3aa/0x500
[  342.842973][T25519]  cont_write_begin+0x3cf/0x500
[  342.847903][T25519]  fat_write_begin+0x61/0xf0
[  342.852563][T25519]  ? fat_block_truncate_page+0x30/0x30
[  342.858033][T25519]  generic_perform_write+0x1d6/0x3f0
[  342.863395][T25519]  __generic_file_write_iter+0xe3/0x280
11:47:19 executing program 3:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x800000d9)

[  342.868955][T25519]  ? generic_write_checks+0x256/0x290
[  342.874410][T25519]  generic_file_write_iter+0x75/0x130
[  342.879788][T25519]  vfs_write+0x71c/0x890
[  342.884166][T25519]  ksys_write+0xe8/0x1a0
[  342.888416][T25519]  __x64_sys_write+0x3e/0x50
[  342.893180][T25519]  do_syscall_64+0x2b/0x70
[  342.897598][T25519]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  342.903493][T25519] RIP: 0033:0x7ff4e0daf0e9
11:47:19 executing program 2:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800004)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

[  342.907899][T25519] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[  342.927544][T25519] RSP: 002b:00007ff4e0525168 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  342.935955][T25519] RAX: ffffffffffffffda RBX: 00007ff4e0ec1f60 RCX: 00007ff4e0daf0e9
[  342.943992][T25519] RDX: 0000000008800000 RSI: 0000000020000040 RDI: 0000000000000003
[  342.951992][T25519] RBP: 00007ff4e05251d0 R08: 0000000000000000 R09: 0000000000000000
[  342.959998][T25519] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  342.967981][T25519] R13: 00007ffc4f15e08f R14: 00007ff4e0525300 R15: 0000000000022000
[  342.975967][T25519]  </TASK>
[  342.993910][T25523] loop0: detected capacity change from 0 to 262160
[  343.033016][T25527] loop1: detected capacity change from 0 to 262160
[  343.040576][T25529] loop3: detected capacity change from 0 to 262160
11:47:19 executing program 4:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
open(&(0x7f00000000c0)='./file0\x00', 0x50000, 0x30)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000) (async)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

[  343.122666][T25539] loop4: detected capacity change from 0 to 262160
11:47:19 executing program 5:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000) (fail_nth: 26)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

11:47:19 executing program 0:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
syz_open_procfs(0x0, &(0x7f00000001c0)='net/ip_vs_stats\x00')
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(0xffffffffffffffff, r1, 0x0, 0x80000001)

11:47:19 executing program 4:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mkdir(&(0x7f00000000c0)='./file0\x00', 0x80)
sendfile(r1, r2, 0x0, 0x80000001)

11:47:19 executing program 3:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x800000da)

11:47:19 executing program 1:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mount(0x0, 0x0, 0x0, 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80004500)
ioctl$BTRFS_IOC_GET_DEV_STATS(0xffffffffffffffff, 0xc4089434, 0x0)

[  343.355043][T25544] loop5: detected capacity change from 0 to 262160
[  343.402900][T25546] loop0: detected capacity change from 0 to 262160
[  343.433976][T25549] loop4: detected capacity change from 0 to 262160
[  343.443858][T25551] loop1: detected capacity change from 0 to 262160
[  343.450759][T25552] loop3: detected capacity change from 0 to 262160
[  343.462485][T25544] FAULT_INJECTION: forcing a failure.
[  343.462485][T25544] name failslab, interval 1, probability 0, space 0, times 0
[  343.475160][T25544] CPU: 1 PID: 25544 Comm: syz-executor.5 Not tainted 5.18.0-rc2-syzkaller-00275-g59250f8a7f3a-dirty #0
[  343.486185][T25544] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  343.496377][T25544] Call Trace:
[  343.499642][T25544]  <TASK>
[  343.502560][T25544]  dump_stack_lvl+0xd6/0x122
[  343.507186][T25544]  dump_stack+0x11/0x12
[  343.511329][T25544]  should_fail+0x230/0x240
[  343.515737][T25544]  __should_failslab+0x81/0x90
[  343.520614][T25544]  ? mempool_alloc_slab+0x16/0x20
[  343.525633][T25544]  should_failslab+0x5/0x20
[  343.530123][T25544]  kmem_cache_alloc+0x46/0x300
[  343.534875][T25544]  ? folio_mark_accessed+0x12f/0x380
[  343.540165][T25544]  mempool_alloc_slab+0x16/0x20
[  343.545025][T25544]  ? mempool_free+0x130/0x130
[  343.549752][T25544]  mempool_alloc+0x9f/0x2a0
[  343.554318][T25544]  bio_alloc_bioset+0xe4/0x730
[  343.559072][T25544]  submit_bh_wbc+0x161/0x2f0
[  343.563750][T25544]  write_dirty_buffer+0xdb/0xe0
[  343.568592][T25544]  fat_sync_bhs+0x52/0x160
[  343.572997][T25544]  fat_alloc_clusters+0x935/0xa80
[  343.578016][T25544]  fat_get_block+0x263/0x600
[  343.582678][T25544]  ? fat_block_truncate_page+0x30/0x30
[  343.588127][T25544]  __block_write_begin_int+0x33d/0xc90
[  343.593628][T25544]  ? fat_block_truncate_page+0x30/0x30
[  343.599093][T25544]  ? fat_block_truncate_page+0x30/0x30
[  343.604575][T25544]  block_write_begin+0x77/0x170
[  343.609459][T25544]  ? cont_write_begin+0x3aa/0x500
[  343.614619][T25544]  cont_write_begin+0x3cf/0x500
[  343.619562][T25544]  fat_write_begin+0x61/0xf0
[  343.624193][T25544]  ? fat_block_truncate_page+0x30/0x30
[  343.629712][T25544]  generic_perform_write+0x1d6/0x3f0
[  343.635043][T25544]  __generic_file_write_iter+0xe3/0x280
[  343.640573][T25544]  ? generic_write_checks+0x256/0x290
[  343.645952][T25544]  generic_file_write_iter+0x75/0x130
[  343.651320][T25544]  vfs_write+0x71c/0x890
[  343.655555][T25544]  ksys_write+0xe8/0x1a0
[  343.659945][T25544]  __x64_sys_write+0x3e/0x50
[  343.664536][T25544]  do_syscall_64+0x2b/0x70
[  343.669020][T25544]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  343.674966][T25544] RIP: 0033:0x7ff4e0daf0e9
[  343.679365][T25544] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[  343.698987][T25544] RSP: 002b:00007ff4e0525168 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  343.707389][T25544] RAX: ffffffffffffffda RBX: 00007ff4e0ec1f60 RCX: 00007ff4e0daf0e9
[  343.715349][T25544] RDX: 0000000008800000 RSI: 0000000020000040 RDI: 0000000000000003
[  343.723307][T25544] RBP: 00007ff4e05251d0 R08: 0000000000000000 R09: 0000000000000000
[  343.731265][T25544] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  343.739222][T25544] R13: 00007ffc4f15e08f R14: 00007ff4e0525300 R15: 0000000000022000
[  343.747221][T25544]  </TASK>
11:47:20 executing program 2:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800005)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

11:47:20 executing program 0:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
syz_open_procfs(0x0, &(0x7f00000001c0)='net/ip_vs_stats\x00')
openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, 0xffffffffffffffff, 0x0, 0x80000001)

11:47:20 executing program 3:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x800000fe)

11:47:20 executing program 5:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000) (fail_nth: 27)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

[  344.061259][T25565] loop0: detected capacity change from 0 to 262160
[  344.075877][T25566] loop3: detected capacity change from 0 to 262160
[  344.110088][T25568] loop5: detected capacity change from 0 to 262160
[  344.166670][T25568] FAULT_INJECTION: forcing a failure.
[  344.166670][T25568] name failslab, interval 1, probability 0, space 0, times 0
[  344.179350][T25568] CPU: 0 PID: 25568 Comm: syz-executor.5 Not tainted 5.18.0-rc2-syzkaller-00275-g59250f8a7f3a-dirty #0
[  344.190429][T25568] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  344.200491][T25568] Call Trace:
[  344.203771][T25568]  <TASK>
[  344.206741][T25568]  dump_stack_lvl+0xd6/0x122
[  344.211342][T25568]  dump_stack+0x11/0x12
[  344.215504][T25568]  should_fail+0x230/0x240
[  344.219936][T25568]  __should_failslab+0x81/0x90
[  344.224703][T25568]  ? mempool_alloc_slab+0x16/0x20
[  344.229746][T25568]  should_failslab+0x5/0x20
[  344.234248][T25568]  kmem_cache_alloc+0x46/0x300
[  344.239224][T25568]  ? __cond_resched+0x3f/0xa0
[  344.243905][T25568]  mempool_alloc_slab+0x16/0x20
[  344.248835][T25568]  ? mempool_free+0x130/0x130
[  344.253510][T25568]  mempool_alloc+0x9f/0x2a0
[  344.258020][T25568]  bio_alloc_bioset+0xe4/0x730
[  344.262789][T25568]  submit_bh_wbc+0x161/0x2f0
[  344.267383][T25568]  write_dirty_buffer+0xdb/0xe0
[  344.272247][T25568]  fat_sync_bhs+0x52/0x160
[  344.276728][T25568]  fat_ent_write+0x85/0xd0
[  344.281150][T25568]  fat_chain_add+0x15b/0x410
[  344.285834][T25568]  fat_get_block+0x486/0x600
[  344.290429][T25568]  ? fat_block_truncate_page+0x30/0x30
[  344.295987][T25568]  __block_write_begin_int+0x33d/0xc90
[  344.301451][T25568]  ? fat_block_truncate_page+0x30/0x30
[  344.306919][T25568]  ? fat_block_truncate_page+0x30/0x30
[  344.312464][T25568]  block_write_begin+0x77/0x170
[  344.317323][T25568]  ? cont_write_begin+0x3aa/0x500
[  344.322359][T25568]  cont_write_begin+0x3cf/0x500
[  344.327220][T25568]  fat_write_begin+0x61/0xf0
[  344.331825][T25568]  ? fat_block_truncate_page+0x30/0x30
[  344.337288][T25568]  generic_perform_write+0x1d6/0x3f0
[  344.342655][T25568]  __generic_file_write_iter+0xe3/0x280
[  344.348215][T25568]  ? generic_write_checks+0x256/0x290
[  344.353588][T25568]  generic_file_write_iter+0x75/0x130
[  344.358959][T25568]  vfs_write+0x71c/0x890
[  344.363211][T25568]  ksys_write+0xe8/0x1a0
[  344.367456][T25568]  __x64_sys_write+0x3e/0x50
[  344.372134][T25568]  do_syscall_64+0x2b/0x70
[  344.376551][T25568]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  344.382444][T25568] RIP: 0033:0x7ff4e0daf0e9
[  344.386850][T25568] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[  344.406551][T25568] RSP: 002b:00007ff4e0525168 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
11:47:20 executing program 0:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
syz_open_procfs(0x0, &(0x7f00000001c0)='net/ip_vs_stats\x00')
openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, 0xffffffffffffffff, 0x0, 0x80000001)

11:47:20 executing program 4:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mkdir(&(0x7f00000000c0)='./file0\x00', 0x80)
sendfile(r1, r2, 0x0, 0x80000001)
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[]) (async)
chdir(&(0x7f0000000140)='./file0\x00') (async)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0) (async)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000) (async)
open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0) (async)
openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) (async)
mkdir(&(0x7f00000000c0)='./file0\x00', 0x80) (async)
sendfile(r1, r2, 0x0, 0x80000001) (async)

11:47:20 executing program 3:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000300)

11:47:20 executing program 1:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mount(0x0, 0x0, 0x0, 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80004700)
ioctl$BTRFS_IOC_GET_DEV_STATS(0xffffffffffffffff, 0xc4089434, 0x0)

11:47:20 executing program 2:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800006)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

[  344.415037][T25568] RAX: ffffffffffffffda RBX: 00007ff4e0ec1f60 RCX: 00007ff4e0daf0e9
[  344.423039][T25568] RDX: 0000000008800000 RSI: 0000000020000040 RDI: 0000000000000003
[  344.431016][T25568] RBP: 00007ff4e05251d0 R08: 0000000000000000 R09: 0000000000000000
[  344.438991][T25568] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  344.447036][T25568] R13: 00007ffc4f15e08f R14: 00007ff4e0525300 R15: 0000000000022000
[  344.455083][T25568]  </TASK>
[  344.513109][T25574] loop4: detected capacity change from 0 to 262160
[  344.522855][T25578] loop0: detected capacity change from 0 to 262160
[  344.528185][T25577] loop3: detected capacity change from 0 to 262160
[  344.579006][T25581] loop1: detected capacity change from 0 to 262160
11:47:20 executing program 5:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000) (fail_nth: 28)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

11:47:20 executing program 4:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mkdir(&(0x7f00000000c0)='./file0\x00', 0x80)
sendfile(r1, r2, 0x0, 0x80000001)
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[]) (async)
chdir(&(0x7f0000000140)='./file0\x00') (async)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0) (async)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000) (async)
open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0) (async)
openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) (async)
mkdir(&(0x7f00000000c0)='./file0\x00', 0x80) (async)
sendfile(r1, r2, 0x0, 0x80000001) (async)

[  344.742643][T25593] loop5: detected capacity change from 0 to 262160
[  344.747455][T25591] loop4: detected capacity change from 0 to 262160
[  344.833037][T25593] FAULT_INJECTION: forcing a failure.
[  344.833037][T25593] name failslab, interval 1, probability 0, space 0, times 0
[  344.845794][T25593] CPU: 0 PID: 25593 Comm: syz-executor.5 Not tainted 5.18.0-rc2-syzkaller-00275-g59250f8a7f3a-dirty #0
[  344.856948][T25593] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  344.867074][T25593] Call Trace:
[  344.870410][T25593]  <TASK>
[  344.873342][T25593]  dump_stack_lvl+0xd6/0x122
[  344.877984][T25593]  dump_stack+0x11/0x12
11:47:21 executing program 1:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mount(0x0, 0x0, 0x0, 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80004800)
ioctl$BTRFS_IOC_GET_DEV_STATS(0xffffffffffffffff, 0xc4089434, 0x0)

[  344.882148][T25593]  should_fail+0x230/0x240
[  344.886575][T25593]  __should_failslab+0x81/0x90
[  344.891347][T25593]  ? mempool_alloc_slab+0x16/0x20
[  344.896457][T25593]  should_failslab+0x5/0x20
[  344.900982][T25593]  kmem_cache_alloc+0x46/0x300
[  344.905825][T25593]  mempool_alloc_slab+0x16/0x20
[  344.910711][T25593]  ? mempool_free+0x130/0x130
[  344.915400][T25593]  mempool_alloc+0x9f/0x2a0
[  344.919903][T25593]  bio_alloc_bioset+0xe4/0x730
[  344.924834][T25593]  submit_bh_wbc+0x161/0x2f0
11:47:21 executing program 3:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000500)

[  344.929433][T25593]  write_dirty_buffer+0xdb/0xe0
[  344.934364][T25593]  fat_sync_bhs+0x52/0x160
[  344.938790][T25593]  fat_ent_write+0x85/0xd0
[  344.943243][T25593]  fat_chain_add+0x15b/0x410
[  344.947842][T25593]  fat_get_block+0x486/0x600
[  344.952492][T25593]  ? fat_block_truncate_page+0x30/0x30
[  344.958006][T25593]  __block_write_begin_int+0x33d/0xc90
[  344.963469][T25593]  ? fat_block_truncate_page+0x30/0x30
[  344.968994][T25593]  ? fat_block_truncate_page+0x30/0x30
[  344.974461][T25593]  block_write_begin+0x77/0x170
11:47:21 executing program 4:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
creat(&(0x7f00000000c0)='./bus\x00', 0x102)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

11:47:21 executing program 0:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
syz_open_procfs(0x0, &(0x7f00000001c0)='net/ip_vs_stats\x00')
openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, 0xffffffffffffffff, 0x0, 0x80000001)

[  344.979314][T25593]  ? cont_write_begin+0x3aa/0x500
[  344.984343][T25593]  cont_write_begin+0x3cf/0x500
[  344.989192][T25593]  fat_write_begin+0x61/0xf0
[  344.993820][T25593]  ? fat_block_truncate_page+0x30/0x30
[  344.999287][T25593]  generic_perform_write+0x1d6/0x3f0
[  345.004621][T25593]  __generic_file_write_iter+0xe3/0x280
[  345.010179][T25593]  ? generic_write_checks+0x256/0x290
[  345.015650][T25593]  generic_file_write_iter+0x75/0x130
[  345.021056][T25593]  vfs_write+0x71c/0x890
[  345.025319][T25593]  ksys_write+0xe8/0x1a0
11:47:21 executing program 2:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800007)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

[  345.029644][T25593]  __x64_sys_write+0x3e/0x50
[  345.034341][T25593]  do_syscall_64+0x2b/0x70
[  345.038765][T25593]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  345.044693][T25593] RIP: 0033:0x7ff4e0daf0e9
[  345.049106][T25593] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[  345.068806][T25593] RSP: 002b:00007ff4e0525168 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  345.077266][T25593] RAX: ffffffffffffffda RBX: 00007ff4e0ec1f60 RCX: 00007ff4e0daf0e9
[  345.085295][T25593] RDX: 0000000008800000 RSI: 0000000020000040 RDI: 0000000000000003
[  345.093271][T25593] RBP: 00007ff4e05251d0 R08: 0000000000000000 R09: 0000000000000000
[  345.101245][T25593] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  345.109217][T25593] R13: 00007ffc4f15e08f R14: 00007ff4e0525300 R15: 0000000000022000
[  345.117278][T25593]  </TASK>
[  345.176640][T25609] loop1: detected capacity change from 0 to 262160
[  345.187880][T25612] loop0: detected capacity change from 0 to 262160
[  345.193202][T25614] loop4: detected capacity change from 0 to 262160
[  345.201569][T25613] loop3: detected capacity change from 0 to 262160
11:47:21 executing program 5:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000) (fail_nth: 29)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

11:47:21 executing program 2:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800008)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

[  345.402837][T25621] loop5: detected capacity change from 0 to 262160
[  345.469453][T25621] FAULT_INJECTION: forcing a failure.
[  345.469453][T25621] name failslab, interval 1, probability 0, space 0, times 0
[  345.482204][T25621] CPU: 1 PID: 25621 Comm: syz-executor.5 Not tainted 5.18.0-rc2-syzkaller-00275-g59250f8a7f3a-dirty #0
[  345.493292][T25621] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  345.503353][T25621] Call Trace:
[  345.506634][T25621]  <TASK>
[  345.509578][T25621]  dump_stack_lvl+0xd6/0x122
[  345.514199][T25621]  dump_stack+0x11/0x12
[  345.518490][T25621]  should_fail+0x230/0x240
[  345.522915][T25621]  __should_failslab+0x81/0x90
[  345.527676][T25621]  ? mempool_alloc_slab+0x16/0x20
[  345.532810][T25621]  should_failslab+0x5/0x20
[  345.537314][T25621]  kmem_cache_alloc+0x46/0x300
[  345.542090][T25621]  ? folio_mark_accessed+0x12f/0x380
[  345.547459][T25621]  mempool_alloc_slab+0x16/0x20
[  345.552310][T25621]  ? mempool_free+0x130/0x130
[  345.556985][T25621]  mempool_alloc+0x9f/0x2a0
[  345.561569][T25621]  bio_alloc_bioset+0xe4/0x730
[  345.566416][T25621]  submit_bh_wbc+0x161/0x2f0
[  345.571012][T25621]  write_dirty_buffer+0xdb/0xe0
[  345.575874][T25621]  fat_sync_bhs+0x52/0x160
[  345.580377][T25621]  fat_alloc_clusters+0x935/0xa80
[  345.585443][T25621]  fat_get_block+0x263/0x600
[  345.590062][T25621]  ? fat_block_truncate_page+0x30/0x30
[  345.595595][T25621]  __block_write_begin_int+0x33d/0xc90
[  345.601099][T25621]  ? fat_block_truncate_page+0x30/0x30
[  345.606565][T25621]  ? fat_block_truncate_page+0x30/0x30
[  345.612027][T25621]  block_write_begin+0x77/0x170
[  345.616881][T25621]  ? cont_write_begin+0x3aa/0x500
[  345.621967][T25621]  cont_write_begin+0x3cf/0x500
[  345.626817][T25621]  fat_write_begin+0x61/0xf0
[  345.631405][T25621]  ? fat_block_truncate_page+0x30/0x30
[  345.636874][T25621]  generic_perform_write+0x1d6/0x3f0
[  345.642167][T25621]  __generic_file_write_iter+0xe3/0x280
[  345.647898][T25621]  ? generic_write_checks+0x256/0x290
[  345.653276][T25621]  generic_file_write_iter+0x75/0x130
[  345.658678][T25621]  vfs_write+0x71c/0x890
[  345.662996][T25621]  ksys_write+0xe8/0x1a0
[  345.667246][T25621]  __x64_sys_write+0x3e/0x50
[  345.671844][T25621]  do_syscall_64+0x2b/0x70
[  345.676271][T25621]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  345.682261][T25621] RIP: 0033:0x7ff4e0daf0e9
[  345.686668][T25621] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[  345.706368][T25621] RSP: 002b:00007ff4e0525168 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
11:47:21 executing program 3:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000600)

11:47:21 executing program 4:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
creat(&(0x7f00000000c0)='./bus\x00', 0x102) (async)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0) (async)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

11:47:21 executing program 1:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mount(0x0, 0x0, 0x0, 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80004c00)
ioctl$BTRFS_IOC_GET_DEV_STATS(0xffffffffffffffff, 0xc4089434, 0x0)

11:47:21 executing program 0:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
syz_open_procfs(0x0, &(0x7f00000001c0)='net/ip_vs_stats\x00')
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x0)

11:47:21 executing program 2:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800009)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

[  345.714779][T25621] RAX: ffffffffffffffda RBX: 00007ff4e0ec1f60 RCX: 00007ff4e0daf0e9
[  345.722768][T25621] RDX: 0000000008800000 RSI: 0000000020000040 RDI: 0000000000000003
[  345.730738][T25621] RBP: 00007ff4e05251d0 R08: 0000000000000000 R09: 0000000000000000
[  345.738698][T25621] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  345.746733][T25621] R13: 00007ffc4f15e08f R14: 00007ff4e0525300 R15: 0000000000022000
[  345.754706][T25621]  </TASK>
[  345.802166][T25629] loop3: detected capacity change from 0 to 262160
[  345.810956][T25632] loop0: detected capacity change from 0 to 262160
[  345.817878][T25633] loop1: detected capacity change from 0 to 262160
[  345.831274][T25635] loop4: detected capacity change from 0 to 262160
11:47:22 executing program 5:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000) (fail_nth: 30)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

11:47:22 executing program 4:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
creat(&(0x7f00000000c0)='./bus\x00', 0x102)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[]) (async)
chdir(&(0x7f0000000140)='./file0\x00') (async)
creat(&(0x7f00000000c0)='./bus\x00', 0x102) (async)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0) (async)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000) (async)
open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0) (async)
openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) (async)
sendfile(r1, r2, 0x0, 0x80000001) (async)

[  346.096506][T25644] loop5: detected capacity change from 0 to 262160
[  346.135535][T25644] FAULT_INJECTION: forcing a failure.
[  346.135535][T25644] name failslab, interval 1, probability 0, space 0, times 0
[  346.148281][T25644] CPU: 0 PID: 25644 Comm: syz-executor.5 Not tainted 5.18.0-rc2-syzkaller-00275-g59250f8a7f3a-dirty #0
[  346.159304][T25644] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  346.169351][T25644] Call Trace:
[  346.172621][T25644]  <TASK>
[  346.175548][T25644]  dump_stack_lvl+0xd6/0x122
[  346.180221][T25644]  dump_stack+0x11/0x12
[  346.184374][T25644]  should_fail+0x230/0x240
[  346.188839][T25644]  __should_failslab+0x81/0x90
[  346.193606][T25644]  ? mempool_alloc_slab+0x16/0x20
[  346.198645][T25644]  should_failslab+0x5/0x20
[  346.203151][T25644]  kmem_cache_alloc+0x46/0x300
[  346.207974][T25644]  ? folio_mark_accessed+0x12f/0x380
[  346.213272][T25644]  mempool_alloc_slab+0x16/0x20
[  346.218126][T25644]  ? mempool_free+0x130/0x130
[  346.222804][T25644]  mempool_alloc+0x9f/0x2a0
[  346.227321][T25644]  bio_alloc_bioset+0xe4/0x730
[  346.232088][T25644]  submit_bh_wbc+0x161/0x2f0
[  346.236756][T25644]  write_dirty_buffer+0xdb/0xe0
[  346.241681][T25644]  fat_sync_bhs+0x52/0x160
11:47:22 executing program 1:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mount(0x0, 0x0, 0x0, 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80004e00)
ioctl$BTRFS_IOC_GET_DEV_STATS(0xffffffffffffffff, 0xc4089434, 0x0)

11:47:22 executing program 0:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
syz_open_procfs(0x0, &(0x7f00000001c0)='net/ip_vs_stats\x00')
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x0)

11:47:22 executing program 2:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x880000a)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

11:47:22 executing program 3:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000700)

[  346.246138][T25644]  fat_alloc_clusters+0x935/0xa80
[  346.251173][T25644]  fat_get_block+0x263/0x600
[  346.255772][T25644]  ? fat_block_truncate_page+0x30/0x30
[  346.261236][T25644]  __block_write_begin_int+0x33d/0xc90
[  346.266753][T25644]  ? fat_block_truncate_page+0x30/0x30
[  346.272269][T25644]  ? fat_block_truncate_page+0x30/0x30
[  346.277789][T25644]  block_write_begin+0x77/0x170
[  346.282638][T25644]  ? cont_write_begin+0x3aa/0x500
[  346.287744][T25644]  cont_write_begin+0x3cf/0x500
[  346.292621][T25644]  fat_write_begin+0x61/0xf0
[  346.297272][T25644]  ? fat_block_truncate_page+0x30/0x30
[  346.302880][T25644]  generic_perform_write+0x1d6/0x3f0
[  346.308164][T25644]  __generic_file_write_iter+0xe3/0x280
[  346.313748][T25644]  ? generic_write_checks+0x256/0x290
[  346.319136][T25644]  generic_file_write_iter+0x75/0x130
[  346.324508][T25644]  vfs_write+0x71c/0x890
[  346.328751][T25644]  ksys_write+0xe8/0x1a0
[  346.333061][T25644]  __x64_sys_write+0x3e/0x50
[  346.337707][T25644]  do_syscall_64+0x2b/0x70
[  346.342128][T25644]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  346.348118][T25644] RIP: 0033:0x7ff4e0daf0e9
[  346.352532][T25644] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[  346.372144][T25644] RSP: 002b:00007ff4e0525168 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  346.380562][T25644] RAX: ffffffffffffffda RBX: 00007ff4e0ec1f60 RCX: 00007ff4e0daf0e9
[  346.388534][T25644] RDX: 0000000008800000 RSI: 0000000020000040 RDI: 0000000000000003
11:47:22 executing program 2:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x880000b)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

[  346.396506][T25644] RBP: 00007ff4e05251d0 R08: 0000000000000000 R09: 0000000000000000
[  346.404549][T25644] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  346.412559][T25644] R13: 00007ffc4f15e08f R14: 00007ff4e0525300 R15: 0000000000022000
[  346.420609][T25644]  </TASK>
[  346.439277][T25650] loop4: detected capacity change from 0 to 262160
[  346.484967][T25654] loop0: detected capacity change from 0 to 262160
[  346.495073][T25657] loop1: detected capacity change from 0 to 262160
[  346.502375][T25658] loop3: detected capacity change from 0 to 262160
11:47:22 executing program 4:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x8, &(0x7f0000000480)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}, {&(0x7f0000000180)="79d7196a8400525d0f0dcc872b2ca1a4b2e505bf3bdf212ee685ce0e4f3d3e3f808ebe1b88089523aa8364b32bc86e06e448c60ac1b8b1e336ab39573bebfc263bfd741c47093245c569cdafea63ef954738593e367110877fb2", 0x5a, 0x8}, {&(0x7f00000000c0)="cf553596450e918f4a5e5944ae9948d710e60f081705f582e55254a6747bdff72b7d22154f6f3a6cf1", 0x29, 0x9}, {&(0x7f0000000300)="4833601bfe6107ec31141adf20d8f14dd361315f7643bf6ba3345e1758f075c4708a26aec6c57be30f086f9f1b72d23fbc0ada9f175e860621786c8dc96dfea8e55b2870156d7e00275f65b576ddece92675b74512f21f", 0x57, 0x10001}, {&(0x7f0000000200)="ef339a48e9538d1f921c597d48bacff93ad1a0cdfee1e3306c555d1e90986f441d61ed", 0x23, 0x10001}, {&(0x7f0000000380)="c953235a226f9cc5eccba270d3ccd78e164cc6458c00cbc704f37df3ca6c284247a6524d850061ce1a4cd1b38d1c2bda73001b2649211070a2c5c4ccdb1594281dee5346aa875cfd3ee8593b6a92af6bf97737c84cb38b73ae5e72ac434e9c37f9c5a3cbf07118cd46829b962d", 0x6d, 0xaefe}, {&(0x7f0000000400)="ddf9d684f069f8dd4d742017aa410bacc67d52273185cc8ae3fa611a352b08715948100bf901dcb83bde49b389f4754afd7ee171c24d85dfbdd94c2a4b2604a73839ac5fc7e852629915595cdedb53bca064f057", 0x54}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
fcntl$setstatus(r0, 0x4, 0x6800)
chdir(&(0x7f0000000240)='./file0\x00')
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

11:47:22 executing program 4:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x8, &(0x7f0000000480)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}, {&(0x7f0000000180)="79d7196a8400525d0f0dcc872b2ca1a4b2e505bf3bdf212ee685ce0e4f3d3e3f808ebe1b88089523aa8364b32bc86e06e448c60ac1b8b1e336ab39573bebfc263bfd741c47093245c569cdafea63ef954738593e367110877fb2", 0x5a, 0x8}, {&(0x7f00000000c0)="cf553596450e918f4a5e5944ae9948d710e60f081705f582e55254a6747bdff72b7d22154f6f3a6cf1", 0x29, 0x9}, {&(0x7f0000000300)="4833601bfe6107ec31141adf20d8f14dd361315f7643bf6ba3345e1758f075c4708a26aec6c57be30f086f9f1b72d23fbc0ada9f175e860621786c8dc96dfea8e55b2870156d7e00275f65b576ddece92675b74512f21f", 0x57, 0x10001}, {&(0x7f0000000200)="ef339a48e9538d1f921c597d48bacff93ad1a0cdfee1e3306c555d1e90986f441d61ed", 0x23, 0x10001}, {&(0x7f0000000380)="c953235a226f9cc5eccba270d3ccd78e164cc6458c00cbc704f37df3ca6c284247a6524d850061ce1a4cd1b38d1c2bda73001b2649211070a2c5c4ccdb1594281dee5346aa875cfd3ee8593b6a92af6bf97737c84cb38b73ae5e72ac434e9c37f9c5a3cbf07118cd46829b962d", 0x6d, 0xaefe}, {&(0x7f0000000400)="ddf9d684f069f8dd4d742017aa410bacc67d52273185cc8ae3fa611a352b08715948100bf901dcb83bde49b389f4754afd7ee171c24d85dfbdd94c2a4b2604a73839ac5fc7e852629915595cdedb53bca064f057", 0x54}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
fcntl$setstatus(r0, 0x4, 0x6800)
chdir(&(0x7f0000000240)='./file0\x00')
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x8, &(0x7f0000000480)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}, {&(0x7f0000000180)="79d7196a8400525d0f0dcc872b2ca1a4b2e505bf3bdf212ee685ce0e4f3d3e3f808ebe1b88089523aa8364b32bc86e06e448c60ac1b8b1e336ab39573bebfc263bfd741c47093245c569cdafea63ef954738593e367110877fb2", 0x5a, 0x8}, {&(0x7f00000000c0)="cf553596450e918f4a5e5944ae9948d710e60f081705f582e55254a6747bdff72b7d22154f6f3a6cf1", 0x29, 0x9}, {&(0x7f0000000300)="4833601bfe6107ec31141adf20d8f14dd361315f7643bf6ba3345e1758f075c4708a26aec6c57be30f086f9f1b72d23fbc0ada9f175e860621786c8dc96dfea8e55b2870156d7e00275f65b576ddece92675b74512f21f", 0x57, 0x10001}, {&(0x7f0000000200)="ef339a48e9538d1f921c597d48bacff93ad1a0cdfee1e3306c555d1e90986f441d61ed", 0x23, 0x10001}, {&(0x7f0000000380)="c953235a226f9cc5eccba270d3ccd78e164cc6458c00cbc704f37df3ca6c284247a6524d850061ce1a4cd1b38d1c2bda73001b2649211070a2c5c4ccdb1594281dee5346aa875cfd3ee8593b6a92af6bf97737c84cb38b73ae5e72ac434e9c37f9c5a3cbf07118cd46829b962d", 0x6d, 0xaefe}, {&(0x7f0000000400)="ddf9d684f069f8dd4d742017aa410bacc67d52273185cc8ae3fa611a352b08715948100bf901dcb83bde49b389f4754afd7ee171c24d85dfbdd94c2a4b2604a73839ac5fc7e852629915595cdedb53bca064f057", 0x54}], 0x3014014, &(0x7f0000000180)=ANY=[]) (async)
chdir(&(0x7f0000000140)='./file0\x00') (async)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0) (async)
fcntl$setstatus(r0, 0x4, 0x6800) (async)
chdir(&(0x7f0000000240)='./file0\x00') (async)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000) (async)
open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0) (async)
openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) (async)
sendfile(r1, r2, 0x0, 0x80000001) (async)

11:47:22 executing program 5:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000) (fail_nth: 31)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

11:47:22 executing program 0:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
syz_open_procfs(0x0, &(0x7f00000001c0)='net/ip_vs_stats\x00')
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x0)

11:47:22 executing program 1:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mount(0x0, 0x0, 0x0, 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80005000)
ioctl$BTRFS_IOC_GET_DEV_STATS(0xffffffffffffffff, 0xc4089434, 0x0)

[  346.753299][T25676] loop4: detected capacity change from 0 to 262160
[  346.776631][T25676] FAT-fs (loop4): Unrecognized mount option "y×j„" or missing value
[  346.821558][T25678] loop5: detected capacity change from 0 to 262160
[  346.839736][T25680] loop0: detected capacity change from 0 to 262160
[  346.853687][T25681] loop4: detected capacity change from 0 to 262160
[  346.866830][T25691] loop1: detected capacity change from 0 to 262160
[  346.907279][T25678] FAULT_INJECTION: forcing a failure.
[  346.907279][T25678] name failslab, interval 1, probability 0, space 0, times 0
[  346.919939][T25678] CPU: 1 PID: 25678 Comm: syz-executor.5 Not tainted 5.18.0-rc2-syzkaller-00275-g59250f8a7f3a-dirty #0
[  346.931018][T25678] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  346.941077][T25678] Call Trace:
[  346.944355][T25678]  <TASK>
[  346.947284][T25678]  dump_stack_lvl+0xd6/0x122
[  346.951879][T25678]  dump_stack+0x11/0x12
[  346.956022][T25678]  should_fail+0x230/0x240
[  346.960449][T25678]  __should_failslab+0x81/0x90
[  346.965197][T25678]  ? mempool_alloc_slab+0x16/0x20
[  346.970212][T25678]  should_failslab+0x5/0x20
[  346.974699][T25678]  kmem_cache_alloc+0x46/0x300
[  346.979448][T25678]  mempool_alloc_slab+0x16/0x20
[  346.984287][T25678]  ? mempool_free+0x130/0x130
[  346.988949][T25678]  mempool_alloc+0x9f/0x2a0
[  346.993444][T25678]  bio_alloc_bioset+0xe4/0x730
[  346.998266][T25678]  submit_bh_wbc+0x161/0x2f0
[  347.003037][T25678]  write_dirty_buffer+0xdb/0xe0
[  347.007907][T25678]  fat_sync_bhs+0x52/0x160
[  347.012315][T25678]  fat_ent_write+0x85/0xd0
[  347.016719][T25678]  fat_chain_add+0x15b/0x410
[  347.021368][T25678]  fat_get_block+0x486/0x600
[  347.025948][T25678]  ? fat_block_truncate_page+0x30/0x30
[  347.031451][T25678]  __block_write_begin_int+0x33d/0xc90
[  347.037019][T25678]  ? fat_block_truncate_page+0x30/0x30
[  347.042471][T25678]  ? fat_block_truncate_page+0x30/0x30
[  347.047953][T25678]  block_write_begin+0x77/0x170
[  347.052799][T25678]  ? cont_write_begin+0x3aa/0x500
[  347.058019][T25678]  cont_write_begin+0x3cf/0x500
[  347.062866][T25678]  fat_write_begin+0x61/0xf0
[  347.067446][T25678]  ? fat_block_truncate_page+0x30/0x30
[  347.072895][T25678]  generic_perform_write+0x1d6/0x3f0
[  347.078213][T25678]  __generic_file_write_iter+0xe3/0x280
[  347.083779][T25678]  ? generic_write_checks+0x256/0x290
[  347.089165][T25678]  generic_file_write_iter+0x75/0x130
[  347.094524][T25678]  vfs_write+0x71c/0x890
[  347.098844][T25678]  ksys_write+0xe8/0x1a0
[  347.103187][T25678]  __x64_sys_write+0x3e/0x50
[  347.107843][T25678]  do_syscall_64+0x2b/0x70
[  347.112247][T25678]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  347.118251][T25678] RIP: 0033:0x7ff4e0daf0e9
[  347.122651][T25678] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[  347.142390][T25678] RSP: 002b:00007ff4e0525168 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  347.150870][T25678] RAX: ffffffffffffffda RBX: 00007ff4e0ec1f60 RCX: 00007ff4e0daf0e9
11:47:23 executing program 4:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x8, &(0x7f0000000480)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}, {&(0x7f0000000180)="79d7196a8400525d0f0dcc872b2ca1a4b2e505bf3bdf212ee685ce0e4f3d3e3f808ebe1b88089523aa8364b32bc86e06e448c60ac1b8b1e336ab39573bebfc263bfd741c47093245c569cdafea63ef954738593e367110877fb2", 0x5a, 0x8}, {&(0x7f00000000c0)="cf553596450e918f4a5e5944ae9948d710e60f081705f582e55254a6747bdff72b7d22154f6f3a6cf1", 0x29, 0x9}, {&(0x7f0000000300)="4833601bfe6107ec31141adf20d8f14dd361315f7643bf6ba3345e1758f075c4708a26aec6c57be30f086f9f1b72d23fbc0ada9f175e860621786c8dc96dfea8e55b2870156d7e00275f65b576ddece92675b74512f21f", 0x57, 0x10001}, {&(0x7f0000000200)="ef339a48e9538d1f921c597d48bacff93ad1a0cdfee1e3306c555d1e90986f441d61ed", 0x23, 0x10001}, {&(0x7f0000000380)="c953235a226f9cc5eccba270d3ccd78e164cc6458c00cbc704f37df3ca6c284247a6524d850061ce1a4cd1b38d1c2bda73001b2649211070a2c5c4ccdb1594281dee5346aa875cfd3ee8593b6a92af6bf97737c84cb38b73ae5e72ac434e9c37f9c5a3cbf07118cd46829b962d", 0x6d, 0xaefe}, {&(0x7f0000000400)="ddf9d684f069f8dd4d742017aa410bacc67d52273185cc8ae3fa611a352b08715948100bf901dcb83bde49b389f4754afd7ee171c24d85dfbdd94c2a4b2604a73839ac5fc7e852629915595cdedb53bca064f057", 0x54}], 0x3014014, &(0x7f0000000180)=ANY=[]) (async)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
fcntl$setstatus(r0, 0x4, 0x6800)
chdir(&(0x7f0000000240)='./file0\x00') (async)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000) (async)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

11:47:23 executing program 3:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000900)

[  347.158839][T25678] RDX: 0000000008800000 RSI: 0000000020000040 RDI: 0000000000000003
[  347.166795][T25678] RBP: 00007ff4e05251d0 R08: 0000000000000000 R09: 0000000000000000
[  347.174787][T25678] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  347.182741][T25678] R13: 00007ffc4f15e08f R14: 00007ff4e0525300 R15: 0000000000022000
[  347.190710][T25678]  </TASK>
[  347.232896][T25696] loop3: detected capacity change from 0 to 262160
[  347.271137][T25699] loop4: detected capacity change from 0 to 262160
11:47:23 executing program 4:
socket$inet(0x2, 0x4, 0x2)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
write$cgroup_subtree(r1, &(0x7f00000000c0)={[{0x2b, 'rdma'}, {0x2d, 'net'}, {0x2d, 'perf_event'}]}, 0x17)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

11:47:23 executing program 2:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x880000c)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

11:47:23 executing program 0:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = openat$null(0xffffffffffffff9c, &(0x7f00000000c0), 0x210000, 0x0)
setsockopt$RXRPC_SECURITY_KEY(r1, 0x110, 0x1, &(0x7f0000000180)='$\']&\\\x00', 0x6)
r2 = open(&(0x7f0000000080)='./bus\x00', 0x1c5942, 0x63)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r2, r3, 0x0, 0x80000001)

11:47:23 executing program 5:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000) (fail_nth: 32)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

11:47:23 executing program 1:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mount(0x0, 0x0, 0x0, 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80005100)
ioctl$BTRFS_IOC_GET_DEV_STATS(0xffffffffffffffff, 0xc4089434, 0x0)

11:47:23 executing program 3:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000a00)

[  347.482905][T25712] loop0: detected capacity change from 0 to 262160
[  347.519194][T25715] loop5: detected capacity change from 0 to 262160
[  347.568288][T25715] FAULT_INJECTION: forcing a failure.
[  347.568288][T25715] name failslab, interval 1, probability 0, space 0, times 0
[  347.572133][T25720] loop1: detected capacity change from 0 to 262160
[  347.580938][T25715] CPU: 1 PID: 25715 Comm: syz-executor.5 Not tainted 5.18.0-rc2-syzkaller-00275-g59250f8a7f3a-dirty #0
[  347.598411][T25715] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  347.608467][T25715] Call Trace:
[  347.611745][T25715]  <TASK>
[  347.614702][T25715]  dump_stack_lvl+0xd6/0x122
[  347.619300][T25715]  dump_stack+0x11/0x12
[  347.623521][T25715]  should_fail+0x230/0x240
[  347.628021][T25715]  __should_failslab+0x81/0x90
[  347.632793][T25715]  ? mempool_alloc_slab+0x16/0x20
[  347.636551][T25719] loop3: detected capacity change from 0 to 262160
[  347.637817][T25715]  should_failslab+0x5/0x20
[  347.648792][T25715]  kmem_cache_alloc+0x46/0x300
[  347.653558][T25715]  mempool_alloc_slab+0x16/0x20
[  347.658405][T25715]  ? mempool_free+0x130/0x130
[  347.663074][T25715]  mempool_alloc+0x9f/0x2a0
[  347.667632][T25715]  bio_alloc_bioset+0xe4/0x730
[  347.672408][T25715]  submit_bh_wbc+0x161/0x2f0
[  347.677043][T25715]  __sync_dirty_buffer+0x141/0x1f0
[  347.682149][T25715]  sync_dirty_buffer+0x16/0x20
[  347.686965][T25715]  fat_mirror_bhs+0x268/0x330
[  347.691796][T25715]  fat_ent_write+0xc2/0xd0
[  347.696207][T25715]  fat_chain_add+0x15b/0x410
[  347.700868][T25715]  fat_get_block+0x486/0x600
[  347.705456][T25715]  ? fat_block_truncate_page+0x30/0x30
[  347.710974][T25715]  __block_write_begin_int+0x33d/0xc90
[  347.716425][T25715]  ? fat_block_truncate_page+0x30/0x30
[  347.721939][T25715]  ? fat_block_truncate_page+0x30/0x30
[  347.727490][T25715]  block_write_begin+0x77/0x170
[  347.732406][T25715]  ? cont_write_begin+0x3aa/0x500
[  347.737420][T25715]  cont_write_begin+0x3cf/0x500
[  347.742342][T25715]  fat_write_begin+0x61/0xf0
[  347.746929][T25715]  ? fat_block_truncate_page+0x30/0x30
[  347.752448][T25715]  generic_perform_write+0x1d6/0x3f0
[  347.757723][T25715]  __generic_file_write_iter+0xe3/0x280
[  347.763254][T25715]  ? generic_write_checks+0x256/0x290
[  347.768641][T25715]  generic_file_write_iter+0x75/0x130
[  347.774073][T25715]  vfs_write+0x71c/0x890
[  347.778370][T25715]  ksys_write+0xe8/0x1a0
[  347.782663][T25715]  __x64_sys_write+0x3e/0x50
[  347.787242][T25715]  do_syscall_64+0x2b/0x70
[  347.791670][T25715]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  347.797628][T25715] RIP: 0033:0x7ff4e0daf0e9
[  347.802028][T25715] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[  347.821625][T25715] RSP: 002b:00007ff4e0525168 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  347.830027][T25715] RAX: ffffffffffffffda RBX: 00007ff4e0ec1f60 RCX: 00007ff4e0daf0e9
[  347.837983][T25715] RDX: 0000000008800000 RSI: 0000000020000040 RDI: 0000000000000003
[  347.845942][T25715] RBP: 00007ff4e05251d0 R08: 0000000000000000 R09: 0000000000000000
[  347.853898][T25715] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  347.861887][T25715] R13: 00007ffc4f15e08f R14: 00007ff4e0525300 R15: 0000000000022000
[  347.869961][T25715]  </TASK>
11:47:24 executing program 0:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = openat$null(0xffffffffffffff9c, &(0x7f00000000c0), 0x210000, 0x0)
setsockopt$RXRPC_SECURITY_KEY(r1, 0x110, 0x1, &(0x7f0000000180)='$\']&\\\x00', 0x6)
r2 = open(&(0x7f0000000080)='./bus\x00', 0x1c5942, 0x63)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r2, r3, 0x0, 0x80000001)

11:47:24 executing program 5:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000) (fail_nth: 33)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

[  348.085138][T25726] loop0: detected capacity change from 0 to 262160
[  348.200939][T25729] loop5: detected capacity change from 0 to 262160
[  348.246910][T25729] FAULT_INJECTION: forcing a failure.
[  348.246910][T25729] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  348.260129][T25729] CPU: 0 PID: 25729 Comm: syz-executor.5 Not tainted 5.18.0-rc2-syzkaller-00275-g59250f8a7f3a-dirty #0
[  348.271236][T25729] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  348.281293][T25729] Call Trace:
[  348.284620][T25729]  <TASK>
[  348.287548][T25729]  dump_stack_lvl+0xd6/0x122
[  348.292160][T25729]  dump_stack+0x11/0x12
11:47:24 executing program 4:
socket$inet(0x2, 0x4, 0x2)
chdir(&(0x7f0000000140)='./file0\x00') (async)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
write$cgroup_subtree(r1, &(0x7f00000000c0)={[{0x2b, 'rdma'}, {0x2d, 'net'}, {0x2d, 'perf_event'}]}, 0x17) (async)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

[  348.296319][T25729]  should_fail+0x230/0x240
[  348.300745][T25729]  should_fail_usercopy+0x16/0x20
[  348.305815][T25729]  copy_page_from_iter_atomic+0x3de/0xb80
[  348.311545][T25729]  ? fat_write_begin+0x61/0xf0
[  348.316330][T25729]  ? fat_block_truncate_page+0x30/0x30
[  348.321799][T25729]  ? fat_write_begin+0x79/0xf0
[  348.326572][T25729]  generic_perform_write+0x21a/0x3f0
[  348.331928][T25729]  __generic_file_write_iter+0xe3/0x280
[  348.337525][T25729]  ? generic_write_checks+0x256/0x290
11:47:24 executing program 2:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x880000d)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

[  348.342931][T25729]  generic_file_write_iter+0x75/0x130
[  348.348409][T25729]  vfs_write+0x71c/0x890
[  348.352665][T25729]  ksys_write+0xe8/0x1a0
[  348.356933][T25729]  __x64_sys_write+0x3e/0x50
[  348.361536][T25729]  do_syscall_64+0x2b/0x70
[  348.365981][T25729]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  348.371876][T25729] RIP: 0033:0x7ff4e0daf0e9
[  348.376351][T25729] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
11:47:24 executing program 3:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000b00)

11:47:24 executing program 1:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mount(0x0, 0x0, 0x0, 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80005300)
ioctl$BTRFS_IOC_GET_DEV_STATS(0xffffffffffffffff, 0xc4089434, 0x0)

[  348.395955][T25729] RSP: 002b:00007ff4e0525168 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  348.404369][T25729] RAX: ffffffffffffffda RBX: 00007ff4e0ec1f60 RCX: 00007ff4e0daf0e9
[  348.412342][T25729] RDX: 0000000008800000 RSI: 0000000020000040 RDI: 0000000000000003
[  348.420317][T25729] RBP: 00007ff4e05251d0 R08: 0000000000000000 R09: 0000000000000000
[  348.428329][T25729] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  348.436377][T25729] R13: 00007ffc4f15e08f R14: 00007ff4e0525300 R15: 0000000000022000
[  348.444351][T25729]  </TASK>
11:47:24 executing program 0:
r0 = syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x4, 0x2, &(0x7f0000000240)=[{&(0x7f0000000180)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014006, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r1, &(0x7f0000000040)=ANY=[], 0x8800000)
r2 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r2, r3, 0x0, 0x80000001)
syz_open_dev$vcsn(&(0x7f00000000c0), 0xfffffffffffffffb, 0x64101)
r4 = fcntl$dupfd(r0, 0x406, r0)
ioctl$sock_ipv6_tunnel_SIOCADDPRL(r2, 0x89f5, &(0x7f0000000280)={'syztnl0\x00', &(0x7f0000001300)={'sit0\x00', <r5=>0x0, 0x4, 0x7f, 0x2, 0x80, 0x4, @loopback, @mcast2, 0x1, 0x7, 0x3f, 0x1}})
r6 = creat(&(0x7f0000000100)='./bus\x00', 0x0)
fallocate(r6, 0x100000003, 0x80019b, 0x80019c)
r7 = syz_io_uring_complete(0x0)
r8 = creat(&(0x7f00000001c0)='./bus\x00', 0x0)
lseek(r8, 0x7ffffe, 0x0)
write$binfmt_elf64(r8, &(0x7f0000000280)=ANY=[], 0x1a0)
ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(r3, 0xc018937d, &(0x7f0000001400)={{0x1, 0x1, 0x18, <r9=>r1, {0x6}}, './bus\x00'})
r10 = creat(&(0x7f0000000100)='./bus\x00', 0x0)
fallocate(r10, 0x100000003, 0x80019b, 0x80019c)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001480)={0x11, 0xd, &(0x7f0000000300)=@raw=[@initr0={0x18, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x2}, @alu={0xe, 0x0, 0x6, 0x9, 0x1, 0x0, 0x4}, @map_val={0x18, 0x0, 0x2, 0x0, r4, 0x0, 0x0, 0x0, 0x7}, @btf_id={0x18, 0x9, 0x3, 0x0, 0x5}, @generic={0x1e, 0x4, 0xb, 0x1f, 0xfffffffb}, @btf_id={0x18, 0x7, 0x3, 0x0, 0x1}, @btf_id={0x18, 0xb, 0x3, 0x0, 0x4}, @kfunc={0x85, 0x0, 0x2, 0x0, 0x5}], &(0x7f0000000200)='GPL\x00', 0x9, 0x100a, &(0x7f0000001500)=""/4106, 0x41000, 0x1b, '\x00', r5, 0x0, r6, 0x8, &(0x7f0000001380)={0x5, 0x5}, 0x8, 0x10, &(0x7f00000013c0)={0x0, 0x1, 0x8003, 0x80000001}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000001440)=[r7, r8, r9, r3, r10, r3]}, 0x80)

[  348.533165][T25740] loop3: detected capacity change from 0 to 262160
[  348.559616][T25742] loop0: detected capacity change from 0 to 262160
[  348.583097][T25744] loop1: detected capacity change from 0 to 262160
[  348.596488][T25742] FAT-fs (loop0): Unrecognized mount option "ë<�" or missing value
11:47:24 executing program 5:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000) (fail_nth: 34)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

[  348.773886][T25752] loop5: detected capacity change from 0 to 262160
[  348.789616][T25752] FAULT_INJECTION: forcing a failure.
[  348.789616][T25752] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  348.802697][T25752] CPU: 0 PID: 25752 Comm: syz-executor.5 Not tainted 5.18.0-rc2-syzkaller-00275-g59250f8a7f3a-dirty #0
[  348.813716][T25752] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  348.823807][T25752] Call Trace:
[  348.827158][T25752]  <TASK>
[  348.830090][T25752]  dump_stack_lvl+0xd6/0x122
[  348.834693][T25752]  dump_stack+0x11/0x12
[  348.838865][T25752]  should_fail+0x230/0x240
[  348.843292][T25752]  should_fail_usercopy+0x16/0x20
[  348.848320][T25752]  copy_page_from_iter_atomic+0x3de/0xb80
[  348.854114][T25752]  ? fat_write_begin+0x61/0xf0
[  348.858889][T25752]  ? fat_block_truncate_page+0x30/0x30
[  348.864381][T25752]  ? fat_write_begin+0x79/0xf0
[  348.869231][T25752]  generic_perform_write+0x21a/0x3f0
11:47:25 executing program 3:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000c00)

11:47:25 executing program 1:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mount(0x0, 0x0, 0x0, 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80005400)
ioctl$BTRFS_IOC_GET_DEV_STATS(0xffffffffffffffff, 0xc4089434, 0x0)

[  348.874535][T25752]  __generic_file_write_iter+0xe3/0x280
[  348.880082][T25752]  ? generic_write_checks+0x256/0x290
[  348.885460][T25752]  generic_file_write_iter+0x75/0x130
[  348.890864][T25752]  vfs_write+0x71c/0x890
[  348.895159][T25752]  ksys_write+0xe8/0x1a0
[  348.899415][T25752]  __x64_sys_write+0x3e/0x50
[  348.904033][T25752]  do_syscall_64+0x2b/0x70
[  348.908467][T25752]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  348.914397][T25752] RIP: 0033:0x7ff4e0daf0e9
[  348.918843][T25752] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[  348.938525][T25752] RSP: 002b:00007ff4e0525168 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  348.947021][T25752] RAX: ffffffffffffffda RBX: 00007ff4e0ec1f60 RCX: 00007ff4e0daf0e9
[  348.954999][T25752] RDX: 0000000008800000 RSI: 0000000020000040 RDI: 0000000000000003
[  348.962991][T25752] RBP: 00007ff4e05251d0 R08: 0000000000000000 R09: 0000000000000000
[  348.970969][T25752] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  348.978942][T25752] R13: 00007ffc4f15e08f R14: 00007ff4e0525300 R15: 0000000000022000
[  348.986923][T25752]  </TASK>
11:47:25 executing program 4:
socket$inet(0x2, 0x4, 0x2)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
write$cgroup_subtree(r1, &(0x7f00000000c0)={[{0x2b, 'rdma'}, {0x2d, 'net'}, {0x2d, 'perf_event'}]}, 0x17)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

[  349.050754][T25756] loop3: detected capacity change from 0 to 262160
[  349.053269][T25757] loop1: detected capacity change from 0 to 262160
11:47:25 executing program 5:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000) (fail_nth: 35)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

11:47:25 executing program 2:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x880000e)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

11:47:25 executing program 1:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mount(0x0, 0x0, 0x0, 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80005600)
ioctl$BTRFS_IOC_GET_DEV_STATS(0xffffffffffffffff, 0xc4089434, 0x0)

11:47:25 executing program 3:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000d00)

[  349.353397][T25767] loop5: detected capacity change from 0 to 262160
[  349.371432][T25767] FAULT_INJECTION: forcing a failure.
[  349.371432][T25767] name failslab, interval 1, probability 0, space 0, times 0
[  349.384042][T25767] CPU: 0 PID: 25767 Comm: syz-executor.5 Not tainted 5.18.0-rc2-syzkaller-00275-g59250f8a7f3a-dirty #0
11:47:25 executing program 0:
r0 = syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x4, 0x2, &(0x7f0000000240)=[{&(0x7f0000000180)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014006, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r1, &(0x7f0000000040)=ANY=[], 0x8800000)
r2 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r2, r3, 0x0, 0x80000001)
syz_open_dev$vcsn(&(0x7f00000000c0), 0xfffffffffffffffb, 0x64101)
r4 = fcntl$dupfd(r0, 0x406, r0)
ioctl$sock_ipv6_tunnel_SIOCADDPRL(r2, 0x89f5, &(0x7f0000000280)={'syztnl0\x00', &(0x7f0000001300)={'sit0\x00', <r5=>0x0, 0x4, 0x7f, 0x2, 0x80, 0x4, @loopback, @mcast2, 0x1, 0x7, 0x3f, 0x1}})
r6 = creat(&(0x7f0000000100)='./bus\x00', 0x0)
fallocate(r6, 0x100000003, 0x80019b, 0x80019c)
r7 = syz_io_uring_complete(0x0)
r8 = creat(&(0x7f00000001c0)='./bus\x00', 0x0)
lseek(r8, 0x7ffffe, 0x0)
write$binfmt_elf64(r8, &(0x7f0000000280)=ANY=[], 0x1a0)
ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(r3, 0xc018937d, &(0x7f0000001400)={{0x1, 0x1, 0x18, <r9=>r1, {0x6}}, './bus\x00'})
r10 = creat(&(0x7f0000000100)='./bus\x00', 0x0)
fallocate(r10, 0x100000003, 0x80019b, 0x80019c)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001480)={0x11, 0xd, &(0x7f0000000300)=@raw=[@initr0={0x18, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x2}, @alu={0xe, 0x0, 0x6, 0x9, 0x1, 0x0, 0x4}, @map_val={0x18, 0x0, 0x2, 0x0, r4, 0x0, 0x0, 0x0, 0x7}, @btf_id={0x18, 0x9, 0x3, 0x0, 0x5}, @generic={0x1e, 0x4, 0xb, 0x1f, 0xfffffffb}, @btf_id={0x18, 0x7, 0x3, 0x0, 0x1}, @btf_id={0x18, 0xb, 0x3, 0x0, 0x4}, @kfunc={0x85, 0x0, 0x2, 0x0, 0x5}], &(0x7f0000000200)='GPL\x00', 0x9, 0x100a, &(0x7f0000001500)=""/4106, 0x41000, 0x1b, '\x00', r5, 0x0, r6, 0x8, &(0x7f0000001380)={0x5, 0x5}, 0x8, 0x10, &(0x7f00000013c0)={0x0, 0x1, 0x8003, 0x80000001}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000001440)=[r7, r8, r9, r3, r10, r3]}, 0x80)

[  349.395123][T25767] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  349.405181][T25767] Call Trace:
[  349.408460][T25767]  <TASK>
[  349.411417][T25767]  dump_stack_lvl+0xd6/0x122
[  349.416115][T25767]  dump_stack+0x11/0x12
[  349.420348][T25767]  should_fail+0x230/0x240
[  349.424777][T25767]  ? xas_create+0x40c/0xb20
[  349.429336][T25767]  __should_failslab+0x81/0x90
[  349.434113][T25767]  should_failslab+0x5/0x20
[  349.438632][T25767]  kmem_cache_alloc_lru+0x52/0x2b0
[  349.443753][T25767]  xas_create+0x40c/0xb20
[  349.448101][T25767]  xas_store+0x71/0xc90
[  349.452263][T25767]  ? __this_cpu_preempt_check+0xf/0x10
[  349.457729][T25767]  ? charge_memcg+0x13f/0x2c0
[  349.462417][T25767]  ? __rcu_read_unlock+0x4a/0x70
[  349.467365][T25767]  ? xas_find_conflict+0x489/0x500
[  349.472486][T25767]  __filemap_add_folio+0x271/0x7f0
[  349.477663][T25767]  ? workingset_activation+0x360/0x360
[  349.483132][T25767]  filemap_add_folio+0x6b/0x150
[  349.488020][T25767]  __filemap_get_folio+0x4bd/0x680
[  349.493135][T25767]  pagecache_get_page+0x26/0x190
[  349.498080][T25767]  grab_cache_page_write_begin+0x3f/0x50
[  349.503855][T25767]  ? fat_block_truncate_page+0x30/0x30
[  349.509322][T25767]  block_write_begin+0x32/0x170
[  349.514173][T25767]  ? cont_write_begin+0x3aa/0x500
[  349.519207][T25767]  cont_write_begin+0x3cf/0x500
[  349.524084][T25767]  fat_write_begin+0x61/0xf0
[  349.526647][T25773] loop0: detected capacity change from 0 to 262160
[  349.528686][T25767]  ? fat_block_truncate_page+0x30/0x30
[  349.528718][T25767]  generic_perform_write+0x1d6/0x3f0
[  349.528740][T25767]  ? fat_write_begin+0xf0/0xf0
[  349.550733][T25767]  __generic_file_write_iter+0xe3/0x280
[  349.556297][T25767]  ? generic_write_checks+0x256/0x290
[  349.557047][T25773] FAT-fs (loop0): Unrecognized mount option "ë<�" or missing value
[  349.561735][T25767]  generic_file_write_iter+0x75/0x130
[  349.575019][T25767]  vfs_write+0x71c/0x890
[  349.579279][T25767]  ksys_write+0xe8/0x1a0
[  349.583571][T25767]  __x64_sys_write+0x3e/0x50
[  349.586485][T25775] loop1: detected capacity change from 0 to 262160
[  349.588171][T25767]  do_syscall_64+0x2b/0x70
[  349.588219][T25767]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  349.604988][T25767] RIP: 0033:0x7ff4e0daf0e9
[  349.609395][T25767] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[  349.628996][T25767] RSP: 002b:00007ff4e0525168 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  349.637435][T25767] RAX: ffffffffffffffda RBX: 00007ff4e0ec1f60 RCX: 00007ff4e0daf0e9
[  349.645412][T25767] RDX: 0000000008800000 RSI: 0000000020000040 RDI: 0000000000000003
[  349.653368][T25767] RBP: 00007ff4e05251d0 R08: 0000000000000000 R09: 0000000000000000
[  349.661355][T25767] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  349.669310][T25767] R13: 00007ffc4f15e08f R14: 00007ff4e0525300 R15: 0000000000022000
[  349.677269][T25767]  </TASK>
[  349.723991][T25780] loop3: detected capacity change from 0 to 262160
11:47:26 executing program 3:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000e00)

11:47:26 executing program 5:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000) (fail_nth: 36)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

[  349.992747][T25785] loop3: detected capacity change from 0 to 262160
[  350.029861][T25787] loop5: detected capacity change from 0 to 262160
11:47:26 executing program 1:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mount(0x0, 0x0, 0x0, 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80005700)
ioctl$BTRFS_IOC_GET_DEV_STATS(0xffffffffffffffff, 0xc4089434, 0x0)

11:47:26 executing program 4:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = socket$rds(0x15, 0x5, 0x0)
setsockopt$RDS_RECVERR(r2, 0x114, 0x5, &(0x7f00000000c0), 0x4)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r3, 0x0, 0x80000001)

[  350.115178][T25787] FAULT_INJECTION: forcing a failure.
[  350.115178][T25787] name failslab, interval 1, probability 0, space 0, times 0
[  350.127848][T25787] CPU: 0 PID: 25787 Comm: syz-executor.5 Not tainted 5.18.0-rc2-syzkaller-00275-g59250f8a7f3a-dirty #0
[  350.138994][T25787] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  350.149108][T25787] Call Trace:
[  350.152386][T25787]  <TASK>
[  350.155380][T25787]  dump_stack_lvl+0xd6/0x122
[  350.159976][T25787]  dump_stack+0x11/0x12
[  350.164155][T25787]  should_fail+0x230/0x240
[  350.168572][T25787]  __should_failslab+0x81/0x90
[  350.173486][T25787]  ? mempool_alloc_slab+0x16/0x20
[  350.178578][T25787]  should_failslab+0x5/0x20
[  350.183077][T25787]  kmem_cache_alloc+0x46/0x300
[  350.187840][T25787]  ? folio_mark_accessed+0x12f/0x380
[  350.193168][T25787]  mempool_alloc_slab+0x16/0x20
[  350.198089][T25787]  ? mempool_free+0x130/0x130
[  350.202762][T25787]  mempool_alloc+0x9f/0x2a0
[  350.207272][T25787]  ? __rcu_read_unlock+0x4a/0x70
11:47:26 executing program 3:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000f00)

11:47:26 executing program 2:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x880000f)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

[  350.212280][T25787]  bio_alloc_bioset+0xe4/0x730
[  350.217096][T25787]  submit_bh_wbc+0x161/0x2f0
[  350.221729][T25787]  write_dirty_buffer+0xdb/0xe0
[  350.226660][T25787]  fat_sync_bhs+0x52/0x160
[  350.231121][T25787]  fat_alloc_clusters+0x935/0xa80
[  350.236162][T25787]  fat_get_block+0x263/0x600
[  350.240848][T25787]  ? fat_block_truncate_page+0x30/0x30
[  350.246312][T25787]  __block_write_begin_int+0x33d/0xc90
[  350.251815][T25787]  ? fat_block_truncate_page+0x30/0x30
[  350.257345][T25787]  ? fat_block_truncate_page+0x30/0x30
[  350.260391][T25793] loop4: detected capacity change from 0 to 262160
[  350.262864][T25787]  block_write_begin+0x77/0x170
[  350.274203][T25787]  ? cont_write_begin+0x3aa/0x500
[  350.279240][T25787]  cont_write_begin+0x3cf/0x500
[  350.284127][T25787]  fat_write_begin+0x61/0xf0
[  350.288764][T25787]  ? fat_block_truncate_page+0x30/0x30
[  350.294266][T25787]  generic_perform_write+0x1d6/0x3f0
[  350.299551][T25787]  ? fat_write_begin+0xf0/0xf0
[  350.304326][T25787]  __generic_file_write_iter+0xe3/0x280
[  350.309871][T25787]  ? generic_write_checks+0x256/0x290
[  350.315268][T25787]  generic_file_write_iter+0x75/0x130
[  350.320765][T25787]  vfs_write+0x71c/0x890
[  350.325009][T25787]  ksys_write+0xe8/0x1a0
[  350.329249][T25787]  __x64_sys_write+0x3e/0x50
[  350.333878][T25787]  do_syscall_64+0x2b/0x70
[  350.338283][T25787]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  350.344163][T25787] RIP: 0033:0x7ff4e0daf0e9
[  350.348565][T25787] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[  350.368161][T25787] RSP: 002b:00007ff4e0525168 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  350.376563][T25787] RAX: ffffffffffffffda RBX: 00007ff4e0ec1f60 RCX: 00007ff4e0daf0e9
[  350.384554][T25787] RDX: 0000000008800000 RSI: 0000000020000040 RDI: 0000000000000003
[  350.392510][T25787] RBP: 00007ff4e05251d0 R08: 0000000000000000 R09: 0000000000000000
[  350.400467][T25787] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  350.408432][T25787] R13: 00007ffc4f15e08f R14: 00007ff4e0525300 R15: 0000000000022000
[  350.416390][T25787]  </TASK>
[  350.419867][T25790] loop1: detected capacity change from 0 to 262160
[  350.492822][T25801] loop3: detected capacity change from 0 to 262160
11:47:26 executing program 0:
r0 = syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x4, 0x2, &(0x7f0000000240)=[{&(0x7f0000000180)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014006, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r1, &(0x7f0000000040)=ANY=[], 0x8800000)
r2 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r2, r3, 0x0, 0x80000001)
syz_open_dev$vcsn(&(0x7f00000000c0), 0xfffffffffffffffb, 0x64101)
r4 = fcntl$dupfd(r0, 0x406, r0)
ioctl$sock_ipv6_tunnel_SIOCADDPRL(r2, 0x89f5, &(0x7f0000000280)={'syztnl0\x00', &(0x7f0000001300)={'sit0\x00', <r5=>0x0, 0x4, 0x7f, 0x2, 0x80, 0x4, @loopback, @mcast2, 0x1, 0x7, 0x3f, 0x1}})
r6 = creat(&(0x7f0000000100)='./bus\x00', 0x0)
fallocate(r6, 0x100000003, 0x80019b, 0x80019c)
r7 = syz_io_uring_complete(0x0)
r8 = creat(&(0x7f00000001c0)='./bus\x00', 0x0)
lseek(r8, 0x7ffffe, 0x0)
write$binfmt_elf64(r8, &(0x7f0000000280)=ANY=[], 0x1a0)
ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(r3, 0xc018937d, &(0x7f0000001400)={{0x1, 0x1, 0x18, <r9=>r1, {0x6}}, './bus\x00'})
r10 = creat(&(0x7f0000000100)='./bus\x00', 0x0)
fallocate(r10, 0x100000003, 0x80019b, 0x80019c)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001480)={0x11, 0xd, &(0x7f0000000300)=@raw=[@initr0={0x18, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x2}, @alu={0xe, 0x0, 0x6, 0x9, 0x1, 0x0, 0x4}, @map_val={0x18, 0x0, 0x2, 0x0, r4, 0x0, 0x0, 0x0, 0x7}, @btf_id={0x18, 0x9, 0x3, 0x0, 0x5}, @generic={0x1e, 0x4, 0xb, 0x1f, 0xfffffffb}, @btf_id={0x18, 0x7, 0x3, 0x0, 0x1}, @btf_id={0x18, 0xb, 0x3, 0x0, 0x4}, @kfunc={0x85, 0x0, 0x2, 0x0, 0x5}], &(0x7f0000000200)='GPL\x00', 0x9, 0x100a, &(0x7f0000001500)=""/4106, 0x41000, 0x1b, '\x00', r5, 0x0, r6, 0x8, &(0x7f0000001380)={0x5, 0x5}, 0x8, 0x10, &(0x7f00000013c0)={0x0, 0x1, 0x8003, 0x80000001}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000001440)=[r7, r8, r9, r3, r10, r3]}, 0x80)

11:47:26 executing program 3:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80001100)

11:47:26 executing program 5:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000) (fail_nth: 37)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

[  350.678812][T25807] loop0: detected capacity change from 0 to 262160
[  350.711294][T25807] FAT-fs (loop0): Unrecognized mount option "ë<�" or missing value
11:47:26 executing program 4:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[]) (async, rerun: 64)
chdir(&(0x7f0000000140)='./file0\x00') (async, rerun: 64)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000) (async)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0) (async)
r2 = socket$rds(0x15, 0x5, 0x0)
setsockopt$RDS_RECVERR(r2, 0x114, 0x5, &(0x7f00000000c0), 0x4)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r3, 0x0, 0x80000001)

[  350.791583][T25810] loop3: detected capacity change from 0 to 262160
[  350.814773][T25812] loop5: detected capacity change from 0 to 262160
11:47:27 executing program 4:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[]) (async)
chdir(&(0x7f0000000140)='./file0\x00') (async)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0) (async)
r2 = socket$rds(0x15, 0x5, 0x0)
setsockopt$RDS_RECVERR(r2, 0x114, 0x5, &(0x7f00000000c0), 0x4) (async)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r3, 0x0, 0x80000001)

[  350.846122][T25814] loop4: detected capacity change from 0 to 262160
[  350.918559][T25812] FAULT_INJECTION: forcing a failure.
[  350.918559][T25812] name failslab, interval 1, probability 0, space 0, times 0
[  350.931218][T25812] CPU: 0 PID: 25812 Comm: syz-executor.5 Not tainted 5.18.0-rc2-syzkaller-00275-g59250f8a7f3a-dirty #0
[  350.942241][T25812] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  350.952361][T25812] Call Trace:
[  350.955642][T25812]  <TASK>
[  350.958569][T25812]  dump_stack_lvl+0xd6/0x122
[  350.963219][T25812]  dump_stack+0x11/0x12
[  350.967430][T25812]  should_fail+0x230/0x240
[  350.971905][T25812]  __should_failslab+0x81/0x90
[  350.976704][T25812]  ? mempool_alloc_slab+0x16/0x20
[  350.981806][T25812]  should_failslab+0x5/0x20
[  350.986315][T25812]  kmem_cache_alloc+0x46/0x300
[  350.991091][T25812]  mempool_alloc_slab+0x16/0x20
[  350.995970][T25812]  ? mempool_free+0x130/0x130
[  351.000704][T25812]  mempool_alloc+0x9f/0x2a0
[  351.005212][T25812]  bio_alloc_bioset+0xe4/0x730
[  351.009989][T25812]  submit_bh_wbc+0x161/0x2f0
[  351.014624][T25812]  __sync_dirty_buffer+0x141/0x1f0
[  351.019746][T25812]  sync_dirty_buffer+0x16/0x20
[  351.024569][T25812]  fat_mirror_bhs+0x268/0x330
[  351.029332][T25812]  fat_alloc_clusters+0x983/0xa80
[  351.034376][T25812]  fat_get_block+0x263/0x600
[  351.038985][T25812]  ? fat_block_truncate_page+0x30/0x30
[  351.044525][T25812]  __block_write_begin_int+0x33d/0xc90
[  351.049999][T25812]  ? fat_block_truncate_page+0x30/0x30
[  351.055466][T25812]  ? fat_block_truncate_page+0x30/0x30
[  351.060935][T25812]  block_write_begin+0x77/0x170
[  351.065880][T25812]  ? cont_write_begin+0x3aa/0x500
[  351.070975][T25812]  cont_write_begin+0x3cf/0x500
[  351.075834][T25812]  fat_write_begin+0x61/0xf0
[  351.080435][T25812]  ? fat_block_truncate_page+0x30/0x30
[  351.085902][T25812]  generic_perform_write+0x1d6/0x3f0
[  351.091188][T25812]  ? fat_write_begin+0xf0/0xf0
[  351.095960][T25812]  __generic_file_write_iter+0xe3/0x280
[  351.101539][T25812]  ? generic_write_checks+0x256/0x290
[  351.106914][T25812]  generic_file_write_iter+0x75/0x130
[  351.112291][T25812]  vfs_write+0x71c/0x890
11:47:27 executing program 1:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mount(0x0, 0x0, 0x0, 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80005900)
ioctl$BTRFS_IOC_GET_DEV_STATS(0xffffffffffffffff, 0xc4089434, 0x0)

11:47:27 executing program 2:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800010)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

[  351.116647][T25812]  ksys_write+0xe8/0x1a0
[  351.120947][T25812]  __x64_sys_write+0x3e/0x50
[  351.125554][T25812]  do_syscall_64+0x2b/0x70
[  351.130037][T25812]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  351.135937][T25812] RIP: 0033:0x7ff4e0daf0e9
[  351.140352][T25812] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[  351.160046][T25812] RSP: 002b:00007ff4e0525168 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  351.168464][T25812] RAX: ffffffffffffffda RBX: 00007ff4e0ec1f60 RCX: 00007ff4e0daf0e9
[  351.176448][T25812] RDX: 0000000008800000 RSI: 0000000020000040 RDI: 0000000000000003
[  351.184422][T25812] RBP: 00007ff4e05251d0 R08: 0000000000000000 R09: 0000000000000000
[  351.192399][T25812] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  351.200371][T25812] R13: 00007ffc4f15e08f R14: 00007ff4e0525300 R15: 0000000000022000
[  351.208350][T25812]  </TASK>
[  351.221894][T25821] loop4: detected capacity change from 0 to 262160
[  351.281531][T25831] loop1: detected capacity change from 0 to 262160
11:47:27 executing program 5:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000) (fail_nth: 38)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

[  351.495607][T25835] loop5: detected capacity change from 0 to 262160
[  351.535322][T25835] FAULT_INJECTION: forcing a failure.
[  351.535322][T25835] name failslab, interval 1, probability 0, space 0, times 0
[  351.548003][T25835] CPU: 1 PID: 25835 Comm: syz-executor.5 Not tainted 5.18.0-rc2-syzkaller-00275-g59250f8a7f3a-dirty #0
[  351.559023][T25835] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  351.569148][T25835] Call Trace:
[  351.572427][T25835]  <TASK>
[  351.575422][T25835]  dump_stack_lvl+0xd6/0x122
[  351.580070][T25835]  dump_stack+0x11/0x12
[  351.584232][T25835]  should_fail+0x230/0x240
[  351.588661][T25835]  __should_failslab+0x81/0x90
[  351.593429][T25835]  ? mempool_alloc_slab+0x16/0x20
[  351.598463][T25835]  should_failslab+0x5/0x20
[  351.602967][T25835]  kmem_cache_alloc+0x46/0x300
[  351.607812][T25835]  mempool_alloc_slab+0x16/0x20
[  351.612690][T25835]  ? mempool_free+0x130/0x130
[  351.617367][T25835]  mempool_alloc+0x9f/0x2a0
[  351.621870][T25835]  bio_alloc_bioset+0xe4/0x730
[  351.626642][T25835]  submit_bh_wbc+0x161/0x2f0
[  351.631257][T25835]  __sync_dirty_buffer+0x141/0x1f0
[  351.636373][T25835]  sync_dirty_buffer+0x16/0x20
[  351.641138][T25835]  fat_mirror_bhs+0x268/0x330
11:47:27 executing program 2:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800011)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

11:47:27 executing program 0:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000007)

[  351.645842][T25835]  fat_alloc_clusters+0x983/0xa80
[  351.650891][T25835]  fat_get_block+0x263/0x600
[  351.655545][T25835]  ? fat_block_truncate_page+0x30/0x30
[  351.661019][T25835]  __block_write_begin_int+0x33d/0xc90
[  351.666490][T25835]  ? fat_block_truncate_page+0x30/0x30
[  351.671965][T25835]  ? fat_block_truncate_page+0x30/0x30
[  351.677576][T25835]  block_write_begin+0x77/0x170
[  351.682434][T25835]  ? cont_write_begin+0x3aa/0x500
[  351.687519][T25835]  cont_write_begin+0x3cf/0x500
[  351.692379][T25835]  fat_write_begin+0x61/0xf0
[  351.696978][T25835]  ? fat_block_truncate_page+0x30/0x30
[  351.702491][T25835]  generic_perform_write+0x1d6/0x3f0
[  351.707838][T25835]  ? fat_write_begin+0xf0/0xf0
[  351.712678][T25835]  __generic_file_write_iter+0xe3/0x280
[  351.718227][T25835]  ? generic_write_checks+0x256/0x290
[  351.723603][T25835]  generic_file_write_iter+0x75/0x130
[  351.729002][T25835]  vfs_write+0x71c/0x890
[  351.733259][T25835]  ksys_write+0xe8/0x1a0
[  351.737606][T25835]  __x64_sys_write+0x3e/0x50
[  351.742205][T25835]  do_syscall_64+0x2b/0x70
[  351.746626][T25835]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  351.748162][T25839] loop0: detected capacity change from 0 to 262160
[  351.752550][T25835] RIP: 0033:0x7ff4e0daf0e9
[  351.752568][T25835] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[  351.783076][T25835] RSP: 002b:00007ff4e0525168 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
11:47:28 executing program 4:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
lsetxattr$trusted_overlay_redirect(&(0x7f00000001c0)='./file0\x00', &(0x7f0000000200), &(0x7f0000000280)='./bus\x00', 0x6, 0x0)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
lgetxattr(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000180)=@random={'osx.', 'cgroup.controllers\x00'}, &(0x7f0000000300)=""/200, 0xc8)
sendfile(r1, r2, 0x0, 0x80000001)

11:47:28 executing program 3:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x800011cf)

11:47:28 executing program 1:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mount(0x0, 0x0, 0x0, 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80005c00)
ioctl$BTRFS_IOC_GET_DEV_STATS(0xffffffffffffffff, 0xc4089434, 0x0)

[  351.791685][T25835] RAX: ffffffffffffffda RBX: 00007ff4e0ec1f60 RCX: 00007ff4e0daf0e9
[  351.799659][T25835] RDX: 0000000008800000 RSI: 0000000020000040 RDI: 0000000000000003
[  351.807622][T25835] RBP: 00007ff4e05251d0 R08: 0000000000000000 R09: 0000000000000000
[  351.815616][T25835] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  351.823574][T25835] R13: 00007ffc4f15e08f R14: 00007ff4e0525300 R15: 0000000000022000
[  351.831606][T25835]  </TASK>
[  351.907768][T25843] loop1: detected capacity change from 0 to 262160
[  351.977104][T25845] loop3: detected capacity change from 0 to 262160
[  352.067414][T25849] loop4: detected capacity change from 0 to 262160
11:47:28 executing program 5:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000) (fail_nth: 39)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

11:47:28 executing program 1:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mount(0x0, 0x0, 0x0, 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80005e00)
ioctl$BTRFS_IOC_GET_DEV_STATS(0xffffffffffffffff, 0xc4089434, 0x0)

11:47:28 executing program 0:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000002)

11:47:28 executing program 3:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80001200)

[  352.262986][T25854] loop5: detected capacity change from 0 to 262160
[  352.276338][T25856] loop1: detected capacity change from 0 to 262160
[  352.286296][T25858] loop0: detected capacity change from 0 to 262160
[  352.307518][T25854] FAULT_INJECTION: forcing a failure.
[  352.307518][T25854] name failslab, interval 1, probability 0, space 0, times 0
[  352.320192][T25854] CPU: 1 PID: 25854 Comm: syz-executor.5 Not tainted 5.18.0-rc2-syzkaller-00275-g59250f8a7f3a-dirty #0
[  352.331216][T25854] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  352.341314][T25854] Call Trace:
[  352.344607][T25854]  <TASK>
[  352.347558][T25854]  dump_stack_lvl+0xd6/0x122
[  352.352261][T25854]  dump_stack+0x11/0x12
[  352.356420][T25854]  should_fail+0x230/0x240
11:47:28 executing program 4:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
lsetxattr$trusted_overlay_redirect(&(0x7f00000001c0)='./file0\x00', &(0x7f0000000200), &(0x7f0000000280)='./bus\x00', 0x6, 0x0)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
lgetxattr(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000180)=@random={'osx.', 'cgroup.controllers\x00'}, &(0x7f0000000300)=""/200, 0xc8)
sendfile(r1, r2, 0x0, 0x80000001)
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[]) (async)
lsetxattr$trusted_overlay_redirect(&(0x7f00000001c0)='./file0\x00', &(0x7f0000000200), &(0x7f0000000280)='./bus\x00', 0x6, 0x0) (async)
chdir(&(0x7f0000000140)='./file0\x00') (async)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0) (async)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000) (async)
open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0) (async)
openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) (async)
lgetxattr(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000180)=@random={'osx.', 'cgroup.controllers\x00'}, &(0x7f0000000300)=""/200, 0xc8) (async)
sendfile(r1, r2, 0x0, 0x80000001) (async)

11:47:28 executing program 2:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800012)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

[  352.360910][T25854]  __should_failslab+0x81/0x90
[  352.365683][T25854]  ? mempool_alloc_slab+0x16/0x20
[  352.370715][T25854]  should_failslab+0x5/0x20
[  352.375222][T25854]  kmem_cache_alloc+0x46/0x300
[  352.379993][T25854]  mempool_alloc_slab+0x16/0x20
[  352.384880][T25854]  ? mempool_free+0x130/0x130
[  352.389610][T25854]  mempool_alloc+0x9f/0x2a0
[  352.394129][T25854]  bio_alloc_bioset+0xe4/0x730
[  352.398960][T25854]  submit_bh_wbc+0x161/0x2f0
[  352.403556][T25854]  __sync_dirty_buffer+0x141/0x1f0
[  352.408679][T25854]  sync_dirty_buffer+0x16/0x20
[  352.413457][T25854]  fat_mirror_bhs+0x268/0x330
[  352.418143][T25854]  fat_ent_write+0xc2/0xd0
[  352.422567][T25854]  fat_chain_add+0x15b/0x410
[  352.427186][T25854]  fat_get_block+0x486/0x600
[  352.431848][T25854]  ? fat_block_truncate_page+0x30/0x30
[  352.437315][T25854]  __block_write_begin_int+0x33d/0xc90
[  352.442776][T25854]  ? fat_block_truncate_page+0x30/0x30
[  352.448310][T25854]  ? fat_block_truncate_page+0x30/0x30
[  352.453784][T25854]  block_write_begin+0x77/0x170
[  352.458713][T25854]  ? cont_write_begin+0x3aa/0x500
[  352.463819][T25854]  cont_write_begin+0x3cf/0x500
[  352.468676][T25854]  fat_write_begin+0x61/0xf0
[  352.473300][T25854]  ? fat_block_truncate_page+0x30/0x30
[  352.478822][T25854]  generic_perform_write+0x1d6/0x3f0
[  352.484113][T25854]  ? fat_write_begin+0xf0/0xf0
[  352.488885][T25854]  __generic_file_write_iter+0xe3/0x280
[  352.494466][T25854]  ? generic_write_checks+0x256/0x290
[  352.499852][T25854]  generic_file_write_iter+0x75/0x130
[  352.505284][T25854]  vfs_write+0x71c/0x890
[  352.509591][T25854]  ksys_write+0xe8/0x1a0
[  352.513848][T25854]  __x64_sys_write+0x3e/0x50
[  352.518507][T25854]  do_syscall_64+0x2b/0x70
[  352.522946][T25854]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  352.528841][T25854] RIP: 0033:0x7ff4e0daf0e9
[  352.533257][T25854] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[  352.552928][T25854] RSP: 002b:00007ff4e0525168 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  352.561351][T25854] RAX: ffffffffffffffda RBX: 00007ff4e0ec1f60 RCX: 00007ff4e0daf0e9
[  352.569326][T25854] RDX: 0000000008800000 RSI: 0000000020000040 RDI: 0000000000000003
[  352.577372][T25854] RBP: 00007ff4e05251d0 R08: 0000000000000000 R09: 0000000000000000
[  352.585342][T25854] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  352.593321][T25854] R13: 00007ffc4f15e08f R14: 00007ff4e0525300 R15: 0000000000022000
[  352.601298][T25854]  </TASK>
[  352.619310][T25866] loop3: detected capacity change from 0 to 262160
11:47:28 executing program 2:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800013)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

[  352.674515][T25869] loop4: detected capacity change from 0 to 262160
11:47:28 executing program 1:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mount(0x0, 0x0, 0x0, 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80007300)
ioctl$BTRFS_IOC_GET_DEV_STATS(0xffffffffffffffff, 0xc4089434, 0x0)

11:47:29 executing program 4:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[]) (async)
lsetxattr$trusted_overlay_redirect(&(0x7f00000001c0)='./file0\x00', &(0x7f0000000200), &(0x7f0000000280)='./bus\x00', 0x6, 0x0) (async)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000) (async)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0) (async)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) (async)
lgetxattr(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000180)=@random={'osx.', 'cgroup.controllers\x00'}, &(0x7f0000000300)=""/200, 0xc8)
sendfile(r1, r2, 0x0, 0x80000001)

11:47:29 executing program 5:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000) (fail_nth: 40)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

11:47:29 executing program 0:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mount(0x0, 0x0, 0x0, 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000007)
ioctl$BTRFS_IOC_GET_DEV_STATS(0xffffffffffffffff, 0xc4089434, 0x0)

[  352.875884][T25881] loop4: detected capacity change from 0 to 262160
[  352.875945][T25879] loop1: detected capacity change from 0 to 262160
11:47:29 executing program 3:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80001300)

11:47:29 executing program 4:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)
write$binfmt_script(r0, &(0x7f0000000180)={'#! ', './bus', [{0x20, 'vfat\x00'}, {0x20, '&)'}, {0x20, 'vfat\x00'}, {0x20, '#@-'}, {0x20, '@$-@'}, {0x20, 'cgroup.controllers\x00'}], 0xa, "97d1619c360af2374b3fa518d38a1d7c9d5b8fe241ed335d73db86abbe26d3201729cf9f1fb92bfe74341a9797198047"}, 0x65)

[  352.942209][T25886] loop5: detected capacity change from 0 to 262160
[  352.972391][T25888] loop0: detected capacity change from 0 to 262160
[  353.001961][T25886] FAULT_INJECTION: forcing a failure.
[  353.001961][T25886] name failslab, interval 1, probability 0, space 0, times 0
[  353.014628][T25886] CPU: 1 PID: 25886 Comm: syz-executor.5 Not tainted 5.18.0-rc2-syzkaller-00275-g59250f8a7f3a-dirty #0
[  353.025658][T25886] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  353.035717][T25886] Call Trace:
[  353.038999][T25886]  <TASK>
[  353.041932][T25886]  dump_stack_lvl+0xd6/0x122
[  353.046615][T25886]  dump_stack+0x11/0x12
[  353.050777][T25886]  should_fail+0x230/0x240
[  353.055205][T25886]  __should_failslab+0x81/0x90
[  353.060021][T25886]  ? mempool_alloc_slab+0x16/0x20
[  353.065103][T25886]  should_failslab+0x5/0x20
[  353.069606][T25886]  kmem_cache_alloc+0x46/0x300
[  353.074370][T25886]  ? folio_mark_accessed+0x12f/0x380
[  353.079793][T25886]  mempool_alloc_slab+0x16/0x20
[  353.084744][T25886]  ? mempool_free+0x130/0x130
[  353.089425][T25886]  mempool_alloc+0x9f/0x2a0
[  353.093934][T25886]  bio_alloc_bioset+0xe4/0x730
[  353.098747][T25886]  submit_bh_wbc+0x161/0x2f0
[  353.103411][T25886]  write_dirty_buffer+0xdb/0xe0
[  353.108277][T25886]  fat_sync_bhs+0x52/0x160
[  353.112728][T25886]  fat_alloc_clusters+0x935/0xa80
[  353.117764][T25886]  fat_get_block+0x263/0x600
[  353.122361][T25886]  ? fat_block_truncate_page+0x30/0x30
[  353.127875][T25886]  __block_write_begin_int+0x33d/0xc90
[  353.133401][T25886]  ? fat_block_truncate_page+0x30/0x30
[  353.138915][T25886]  ? fat_block_truncate_page+0x30/0x30
[  353.144382][T25886]  block_write_begin+0x77/0x170
[  353.149235][T25886]  ? cont_write_begin+0x3aa/0x500
[  353.154419][T25886]  cont_write_begin+0x3cf/0x500
[  353.159277][T25886]  fat_write_begin+0x61/0xf0
[  353.163937][T25886]  ? fat_block_truncate_page+0x30/0x30
[  353.169400][T25886]  generic_perform_write+0x1d6/0x3f0
[  353.174749][T25886]  ? fat_write_begin+0xf0/0xf0
[  353.179521][T25886]  __generic_file_write_iter+0xe3/0x280
[  353.185198][T25886]  ? generic_write_checks+0x256/0x290
[  353.190565][T25886]  generic_file_write_iter+0x75/0x130
[  353.195949][T25886]  vfs_write+0x71c/0x890
[  353.200232][T25886]  ksys_write+0xe8/0x1a0
[  353.204524][T25886]  __x64_sys_write+0x3e/0x50
[  353.209118][T25886]  do_syscall_64+0x2b/0x70
[  353.213535][T25886]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  353.219482][T25886] RIP: 0033:0x7ff4e0daf0e9
[  353.223963][T25886] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[  353.243578][T25886] RSP: 002b:00007ff4e0525168 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
11:47:29 executing program 1:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mount(0x0, 0x0, 0x0, 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80007500)
ioctl$BTRFS_IOC_GET_DEV_STATS(0xffffffffffffffff, 0xc4089434, 0x0)

[  353.251989][T25886] RAX: ffffffffffffffda RBX: 00007ff4e0ec1f60 RCX: 00007ff4e0daf0e9
[  353.259960][T25886] RDX: 0000000008800000 RSI: 0000000020000040 RDI: 0000000000000003
[  353.267928][T25886] RBP: 00007ff4e05251d0 R08: 0000000000000000 R09: 0000000000000000
[  353.275896][T25886] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  353.283862][T25886] R13: 00007ffc4f15e08f R14: 00007ff4e0525300 R15: 0000000000022000
[  353.291836][T25886]  </TASK>
[  353.295412][T25893] loop3: detected capacity change from 0 to 262160
11:47:29 executing program 2:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800014)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

[  353.398688][T25900] loop1: detected capacity change from 0 to 262160
11:47:29 executing program 5:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000) (fail_nth: 41)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

11:47:29 executing program 4:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)
write$binfmt_script(r0, &(0x7f0000000180)={'#! ', './bus', [{0x20, 'vfat\x00'}, {0x20, '&)'}, {0x20, 'vfat\x00'}, {0x20, '#@-'}, {0x20, '@$-@'}, {0x20, 'cgroup.controllers\x00'}], 0xa, "97d1619c360af2374b3fa518d38a1d7c9d5b8fe241ed335d73db86abbe26d3201729cf9f1fb92bfe74341a9797198047"}, 0x65)
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[]) (async)
chdir(&(0x7f0000000140)='./file0\x00') (async)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0) (async)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000) (async)
open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0) (async)
openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) (async)
sendfile(r1, r2, 0x0, 0x80000001) (async)
write$binfmt_script(r0, &(0x7f0000000180)={'#! ', './bus', [{0x20, 'vfat\x00'}, {0x20, '&)'}, {0x20, 'vfat\x00'}, {0x20, '#@-'}, {0x20, '@$-@'}, {0x20, 'cgroup.controllers\x00'}], 0xa, "97d1619c360af2374b3fa518d38a1d7c9d5b8fe241ed335d73db86abbe26d3201729cf9f1fb92bfe74341a9797198047"}, 0x65) (async)

11:47:29 executing program 1:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mount(0x0, 0x0, 0x0, 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80007700)
ioctl$BTRFS_IOC_GET_DEV_STATS(0xffffffffffffffff, 0xc4089434, 0x0)

[  353.604226][T25909] loop5: detected capacity change from 0 to 262160
[  353.654818][T25909] FAULT_INJECTION: forcing a failure.
[  353.654818][T25909] name failslab, interval 1, probability 0, space 0, times 0
[  353.667535][T25909] CPU: 1 PID: 25909 Comm: syz-executor.5 Not tainted 5.18.0-rc2-syzkaller-00275-g59250f8a7f3a-dirty #0
[  353.678579][T25909] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  353.688635][T25909] Call Trace:
[  353.691925][T25909]  <TASK>
[  353.694849][T25909]  dump_stack_lvl+0xd6/0x122
[  353.699444][T25909]  dump_stack+0x11/0x12
[  353.703697][T25909]  should_fail+0x230/0x240
[  353.708153][T25909]  __should_failslab+0x81/0x90
[  353.712983][T25909]  ? mempool_alloc_slab+0x16/0x20
[  353.718019][T25909]  should_failslab+0x5/0x20
[  353.722531][T25909]  kmem_cache_alloc+0x46/0x300
[  353.727297][T25909]  mempool_alloc_slab+0x16/0x20
[  353.732150][T25909]  ? mempool_free+0x130/0x130
[  353.736830][T25909]  mempool_alloc+0x9f/0x2a0
[  353.741369][T25909]  bio_alloc_bioset+0xe4/0x730
[  353.746151][T25909]  submit_bh_wbc+0x161/0x2f0
11:47:29 executing program 3:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80001400)

[  353.750761][T25909]  __sync_dirty_buffer+0x141/0x1f0
[  353.756031][T25909]  sync_dirty_buffer+0x16/0x20
[  353.760860][T25909]  fat_mirror_bhs+0x268/0x330
[  353.765551][T25909]  fat_alloc_clusters+0x983/0xa80
[  353.770643][T25909]  fat_get_block+0x263/0x600
[  353.775253][T25909]  ? fat_block_truncate_page+0x30/0x30
[  353.780723][T25909]  __block_write_begin_int+0x33d/0xc90
[  353.786261][T25909]  ? fat_block_truncate_page+0x30/0x30
[  353.791781][T25909]  ? fat_block_truncate_page+0x30/0x30
[  353.797257][T25909]  block_write_begin+0x77/0x170
[  353.802170][T25909]  ? cont_write_begin+0x3aa/0x500
[  353.807244][T25909]  cont_write_begin+0x3cf/0x500
[  353.812114][T25909]  fat_write_begin+0x61/0xf0
[  353.816698][T25909]  ? fat_block_truncate_page+0x30/0x30
[  353.822149][T25909]  generic_perform_write+0x1d6/0x3f0
[  353.827483][T25909]  ? fat_write_begin+0xf0/0xf0
[  353.832246][T25909]  __generic_file_write_iter+0xe3/0x280
[  353.837794][T25909]  ? generic_write_checks+0x256/0x290
[  353.843172][T25909]  generic_file_write_iter+0x75/0x130
[  353.848550][T25909]  vfs_write+0x71c/0x890
[  353.852786][T25909]  ksys_write+0xe8/0x1a0
[  353.857022][T25909]  __x64_sys_write+0x3e/0x50
[  353.861676][T25909]  do_syscall_64+0x2b/0x70
[  353.866085][T25909]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  353.871963][T25909] RIP: 0033:0x7ff4e0daf0e9
[  353.876489][T25909] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[  353.896082][T25909] RSP: 002b:00007ff4e0525168 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  353.904515][T25909] RAX: ffffffffffffffda RBX: 00007ff4e0ec1f60 RCX: 00007ff4e0daf0e9
[  353.912469][T25909] RDX: 0000000008800000 RSI: 0000000020000040 RDI: 0000000000000003
[  353.920435][T25909] RBP: 00007ff4e05251d0 R08: 0000000000000000 R09: 0000000000000000
[  353.928391][T25909] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  353.936366][T25909] R13: 00007ffc4f15e08f R14: 00007ff4e0525300 R15: 0000000000022000
[  353.944327][T25909]  </TASK>
11:47:30 executing program 0:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mount(0x0, 0x0, 0x0, 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000007)
ioctl$BTRFS_IOC_GET_DEV_STATS(0xffffffffffffffff, 0xc4089434, 0x0)

[  353.983803][T25911] loop4: detected capacity change from 0 to 262160
[  354.052376][T25915] loop1: detected capacity change from 0 to 262160
[  354.076777][T25917] loop3: detected capacity change from 0 to 262160
[  354.130794][T25920] loop0: detected capacity change from 0 to 262160
11:47:30 executing program 4:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000) (async)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0) (async)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)
write$binfmt_script(r0, &(0x7f0000000180)={'#! ', './bus', [{0x20, 'vfat\x00'}, {0x20, '&)'}, {0x20, 'vfat\x00'}, {0x20, '#@-'}, {0x20, '@$-@'}, {0x20, 'cgroup.controllers\x00'}], 0xa, "97d1619c360af2374b3fa518d38a1d7c9d5b8fe241ed335d73db86abbe26d3201729cf9f1fb92bfe74341a9797198047"}, 0x65)

11:47:30 executing program 2:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800015)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

11:47:30 executing program 5:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000) (fail_nth: 42)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

[  354.286208][T25935] loop4: detected capacity change from 0 to 262160
[  354.358147][T25939] loop5: detected capacity change from 0 to 262160
[  354.379773][T25939] FAULT_INJECTION: forcing a failure.
[  354.379773][T25939] name failslab, interval 1, probability 0, space 0, times 0
[  354.392437][T25939] CPU: 0 PID: 25939 Comm: syz-executor.5 Not tainted 5.18.0-rc2-syzkaller-00275-g59250f8a7f3a-dirty #0
[  354.403462][T25939] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  354.413516][T25939] Call Trace:
[  354.416888][T25939]  <TASK>
[  354.419820][T25939]  dump_stack_lvl+0xd6/0x122
[  354.424427][T25939]  dump_stack+0x11/0x12
[  354.428606][T25939]  should_fail+0x230/0x240
[  354.433073][T25939]  __should_failslab+0x81/0x90
[  354.437843][T25939]  ? mempool_alloc_slab+0x16/0x20
[  354.442873][T25939]  should_failslab+0x5/0x20
[  354.447376][T25939]  kmem_cache_alloc+0x46/0x300
[  354.452162][T25939]  mempool_alloc_slab+0x16/0x20
[  354.457078][T25939]  ? mempool_free+0x130/0x130
[  354.461756][T25939]  mempool_alloc+0x9f/0x2a0
[  354.466266][T25939]  bio_alloc_bioset+0xe4/0x730
[  354.471061][T25939]  submit_bh_wbc+0x161/0x2f0
[  354.475659][T25939]  write_dirty_buffer+0xdb/0xe0
[  354.480518][T25939]  fat_sync_bhs+0x52/0x160
[  354.484971][T25939]  fat_ent_write+0x85/0xd0
[  354.489394][T25939]  fat_chain_add+0x15b/0x410
[  354.494027][T25939]  fat_get_block+0x486/0x600
[  354.498630][T25939]  ? fat_block_truncate_page+0x30/0x30
11:47:30 executing program 4:
r0 = syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r1 = openat(r0, &(0x7f0000000380)='./control\x00', 0x281, 0x10)
openat(r1, &(0x7f00000003c0)='./file1\x00', 0x100000, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000040)=ANY=[], 0x8800000)
r3 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r4 = openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder-control\x00', 0x800, 0x0)
r5 = socket$kcm(0x10, 0x2, 0x4)
r6 = socket$inet_udplite(0x2, 0x2, 0x88)
getsockopt$sock_cred(r6, 0x1, 0x11, &(0x7f0000000240)={0x0, <r7=>0x0}, &(0x7f0000000280)=0x5)
setuid(r7)
ioctl$NS_GET_OWNER_UID(r3, 0xb704, &(0x7f0000000280)=<r8=>0x0)
r9 = socket(0x10, 0x2, 0x0)
getsockopt$sock_cred(r9, 0x1, 0x11, &(0x7f0000caaffb)={0x0, <r10=>0x0, <r11=>0x0}, &(0x7f0000cab000)=0xc)
chown(&(0x7f0000000000)='./control\x00', r10, r11)
setxattr$system_posix_acl(&(0x7f00000001c0)='./file0\x00', &(0x7f0000000200)='system.posix_acl_default\x00', &(0x7f0000000300)={{}, {0x1, 0x4}, [{0x2, 0x7, r7}, {0x2, 0x5, 0xee00}, {0x2, 0x7, 0xffffffffffffffff}, {0x2, 0x6, r8}], {}, [{0x8, 0x1, 0xee01}, {0x8, 0x0, r11}, {}, {0x8, 0x2}], {0x10, 0x2}}, 0x64, 0x3)
sendmsg$kcm(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000000)="48000000140081fb7059ae08060c04000aff0f03000004000e11000000006fabca1b4e7d06a6bd7c493872f750375ed08a562ad6e74703c48f93b82a02000000461eb886a5e54e8f", 0x48}], 0x1}, 0x0)
sendfile(r5, r4, 0x0, 0x200)

11:47:30 executing program 1:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mount(0x0, 0x0, 0x0, 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80007900)
ioctl$BTRFS_IOC_GET_DEV_STATS(0xffffffffffffffff, 0xc4089434, 0x0)

11:47:30 executing program 3:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80001500)

11:47:30 executing program 0:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
syz_open_procfs(0x0, &(0x7f00000001c0)='net/ip_vs_stats\x00')
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001) (fail_nth: 1)

[  354.504160][T25939]  __block_write_begin_int+0x33d/0xc90
[  354.509636][T25939]  ? fat_block_truncate_page+0x30/0x30
[  354.515108][T25939]  ? fat_block_truncate_page+0x30/0x30
[  354.520583][T25939]  block_write_begin+0x77/0x170
[  354.525444][T25939]  ? cont_write_begin+0x3aa/0x500
[  354.530546][T25939]  cont_write_begin+0x3cf/0x500
[  354.535430][T25939]  fat_write_begin+0x61/0xf0
[  354.540079][T25939]  ? fat_block_truncate_page+0x30/0x30
[  354.545611][T25939]  generic_perform_write+0x1d6/0x3f0
[  354.550928][T25939]  ? fat_write_begin+0xf0/0xf0
[  354.555742][T25939]  __generic_file_write_iter+0xe3/0x280
[  354.561286][T25939]  ? generic_write_checks+0x256/0x290
[  354.566721][T25939]  generic_file_write_iter+0x75/0x130
[  354.572123][T25939]  vfs_write+0x71c/0x890
[  354.576412][T25939]  ksys_write+0xe8/0x1a0
[  354.580672][T25939]  __x64_sys_write+0x3e/0x50
[  354.585302][T25939]  do_syscall_64+0x2b/0x70
[  354.589715][T25939]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  354.595673][T25939] RIP: 0033:0x7ff4e0daf0e9
[  354.600085][T25939] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[  354.619790][T25939] RSP: 002b:00007ff4e0525168 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  354.628261][T25939] RAX: ffffffffffffffda RBX: 00007ff4e0ec1f60 RCX: 00007ff4e0daf0e9
[  354.636228][T25939] RDX: 0000000008800000 RSI: 0000000020000040 RDI: 0000000000000003
[  354.644225][T25939] RBP: 00007ff4e05251d0 R08: 0000000000000000 R09: 0000000000000000
11:47:30 executing program 2:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800016)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

[  354.652244][T25939] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  354.660213][T25939] R13: 00007ffc4f15e08f R14: 00007ff4e0525300 R15: 0000000000022000
[  354.668190][T25939]  </TASK>
[  354.727313][T25948] loop3: detected capacity change from 0 to 262160
[  354.737268][T25951] loop4: detected capacity change from 0 to 262160
[  354.744385][T25946] loop1: detected capacity change from 0 to 262160
[  354.754277][T25952] loop0: detected capacity change from 0 to 262160
[  354.854952][T25958] FAULT_INJECTION: forcing a failure.
[  354.854952][T25958] name failslab, interval 1, probability 0, space 0, times 0
[  354.867687][T25958] CPU: 1 PID: 25958 Comm: syz-executor.0 Not tainted 5.18.0-rc2-syzkaller-00275-g59250f8a7f3a-dirty #0
[  354.878726][T25958] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  354.888784][T25958] Call Trace:
[  354.892069][T25958]  <TASK>
[  354.894999][T25958]  dump_stack_lvl+0xd6/0x122
[  354.899613][T25958]  dump_stack+0x11/0x12
[  354.903769][T25958]  should_fail+0x230/0x240
[  354.908262][T25958]  __should_failslab+0x81/0x90
[  354.913066][T25958]  ? alloc_pipe_info+0xac/0x360
[  354.917969][T25958]  should_failslab+0x5/0x20
[  354.922475][T25958]  kmem_cache_alloc_trace+0x4d/0x320
[  354.927816][T25958]  ? _parse_integer+0x23/0x30
[  354.932566][T25958]  alloc_pipe_info+0xac/0x360
[  354.937253][T25958]  splice_direct_to_actor+0x605/0x660
[  354.942634][T25958]  ? security_file_permission+0x7c/0xa0
[  354.948191][T25958]  ? do_splice_direct+0x180/0x180
[  354.953224][T25958]  ? security_file_permission+0x87/0xa0
[  354.958885][T25958]  do_splice_direct+0xfb/0x180
[  354.963732][T25958]  do_sendfile+0x3ad/0x900
[  354.968157][T25958]  __x64_sys_sendfile64+0x10c/0x150
[  354.973389][T25958]  do_syscall_64+0x2b/0x70
[  354.977813][T25958]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  354.983731][T25958] RIP: 0033:0x7f99336e60e9
[  354.988145][T25958] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[  355.007781][T25958] RSP: 002b:00007f9932e3b168 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[  355.016195][T25958] RAX: ffffffffffffffda RBX: 00007f99337f9030 RCX: 00007f99336e60e9
[  355.024169][T25958] RDX: 0000000000000000 RSI: 000000000000000b RDI: 0000000000000004
[  355.032143][T25958] RBP: 00007f9932e3b1d0 R08: 0000000000000000 R09: 0000000000000000
[  355.040120][T25958] R10: 0000000080000001 R11: 0000000000000246 R12: 0000000000000001
11:47:31 executing program 4:
r0 = syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r1 = openat(r0, &(0x7f0000000380)='./control\x00', 0x281, 0x10)
openat(r1, &(0x7f00000003c0)='./file1\x00', 0x100000, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000040)=ANY=[], 0x8800000)
r3 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r4 = openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder-control\x00', 0x800, 0x0)
r5 = socket$kcm(0x10, 0x2, 0x4)
r6 = socket$inet_udplite(0x2, 0x2, 0x88)
getsockopt$sock_cred(r6, 0x1, 0x11, &(0x7f0000000240)={0x0, <r7=>0x0}, &(0x7f0000000280)=0x5)
setuid(r7)
ioctl$NS_GET_OWNER_UID(r3, 0xb704, &(0x7f0000000280)=<r8=>0x0)
r9 = socket(0x10, 0x2, 0x0)
getsockopt$sock_cred(r9, 0x1, 0x11, &(0x7f0000caaffb)={0x0, <r10=>0x0, <r11=>0x0}, &(0x7f0000cab000)=0xc)
chown(&(0x7f0000000000)='./control\x00', r10, r11)
setxattr$system_posix_acl(&(0x7f00000001c0)='./file0\x00', &(0x7f0000000200)='system.posix_acl_default\x00', &(0x7f0000000300)={{}, {0x1, 0x4}, [{0x2, 0x7, r7}, {0x2, 0x5, 0xee00}, {0x2, 0x7, 0xffffffffffffffff}, {0x2, 0x6, r8}], {}, [{0x8, 0x1, 0xee01}, {0x8, 0x0, r11}, {}, {0x8, 0x2}], {0x10, 0x2}}, 0x64, 0x3)
sendmsg$kcm(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000000)="48000000140081fb7059ae08060c04000aff0f03000004000e11000000006fabca1b4e7d06a6bd7c493872f750375ed08a562ad6e74703c48f93b82a02000000461eb886a5e54e8f", 0x48}], 0x1}, 0x0)
sendfile(r5, r4, 0x0, 0x200)
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[]) (async)
chdir(&(0x7f0000000140)='./file0\x00') (async)
openat(r0, &(0x7f0000000380)='./control\x00', 0x281, 0x10) (async)
openat(r1, &(0x7f00000003c0)='./file1\x00', 0x100000, 0x0) (async)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0) (async)
write$binfmt_script(r2, &(0x7f0000000040)=ANY=[], 0x8800000) (async)
open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0) (async)
openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) (async)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder-control\x00', 0x800, 0x0) (async)
socket$kcm(0x10, 0x2, 0x4) (async)
socket$inet_udplite(0x2, 0x2, 0x88) (async)
getsockopt$sock_cred(r6, 0x1, 0x11, &(0x7f0000000240), &(0x7f0000000280)=0x5) (async)
setuid(r7) (async)
ioctl$NS_GET_OWNER_UID(r3, 0xb704, &(0x7f0000000280)) (async)
socket(0x10, 0x2, 0x0) (async)
getsockopt$sock_cred(r9, 0x1, 0x11, &(0x7f0000caaffb), &(0x7f0000cab000)=0xc) (async)
chown(&(0x7f0000000000)='./control\x00', r10, r11) (async)
setxattr$system_posix_acl(&(0x7f00000001c0)='./file0\x00', &(0x7f0000000200)='system.posix_acl_default\x00', &(0x7f0000000300)={{}, {0x1, 0x4}, [{0x2, 0x7, r7}, {0x2, 0x5, 0xee00}, {0x2, 0x7, 0xffffffffffffffff}, {0x2, 0x6, r8}], {}, [{0x8, 0x1, 0xee01}, {0x8, 0x0, r11}, {}, {0x8, 0x2}], {0x10, 0x2}}, 0x64, 0x3) (async)
sendmsg$kcm(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000000)="48000000140081fb7059ae08060c04000aff0f03000004000e11000000006fabca1b4e7d06a6bd7c493872f750375ed08a562ad6e74703c48f93b82a02000000461eb886a5e54e8f", 0x48}], 0x1}, 0x0) (async)
sendfile(r5, r4, 0x0, 0x200) (async)

11:47:31 executing program 5:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000) (fail_nth: 43)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

[  355.048100][T25958] R13: 00007ffd90c343df R14: 00007f9932e3b300 R15: 0000000000022000
[  355.056086][T25958]  </TASK>
11:47:31 executing program 3:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80001600)

11:47:31 executing program 1:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mount(0x0, 0x0, 0x0, 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80007b00)
ioctl$BTRFS_IOC_GET_DEV_STATS(0xffffffffffffffff, 0xc4089434, 0x0)

[  355.152695][T25962] loop4: detected capacity change from 0 to 262160
[  355.159528][T25966] loop3: detected capacity change from 0 to 262160
[  355.162002][T25968] loop1: detected capacity change from 0 to 262160
[  355.168322][T25964] loop5: detected capacity change from 0 to 262160
[  355.214633][T25964] FAULT_INJECTION: forcing a failure.
[  355.214633][T25964] name failslab, interval 1, probability 0, space 0, times 0
[  355.227414][T25964] CPU: 1 PID: 25964 Comm: syz-executor.5 Not tainted 5.18.0-rc2-syzkaller-00275-g59250f8a7f3a-dirty #0
[  355.238601][T25964] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  355.248658][T25964] Call Trace:
[  355.251937][T25964]  <TASK>
[  355.254866][T25964]  dump_stack_lvl+0xd6/0x122
[  355.259465][T25964]  dump_stack+0x11/0x12
[  355.263626][T25964]  should_fail+0x230/0x240
[  355.268109][T25964]  __should_failslab+0x81/0x90
[  355.272874][T25964]  ? mempool_alloc_slab+0x16/0x20
[  355.277984][T25964]  should_failslab+0x5/0x20
[  355.282557][T25964]  kmem_cache_alloc+0x46/0x300
[  355.287395][T25964]  mempool_alloc_slab+0x16/0x20
[  355.292264][T25964]  ? mempool_free+0x130/0x130
[  355.296946][T25964]  mempool_alloc+0x9f/0x2a0
[  355.301458][T25964]  bio_alloc_bioset+0xe4/0x730
[  355.306283][T25964]  submit_bh_wbc+0x161/0x2f0
[  355.310900][T25964]  __sync_dirty_buffer+0x141/0x1f0
[  355.316021][T25964]  sync_dirty_buffer+0x16/0x20
[  355.320794][T25964]  fat_mirror_bhs+0x268/0x330
[  355.325505][T25964]  fat_ent_write+0xc2/0xd0
[  355.329927][T25964]  fat_chain_add+0x15b/0x410
[  355.334523][T25964]  fat_get_block+0x486/0x600
[  355.339116][T25964]  ? fat_block_truncate_page+0x30/0x30
[  355.344637][T25964]  __block_write_begin_int+0x33d/0xc90
[  355.350162][T25964]  ? fat_block_truncate_page+0x30/0x30
[  355.355734][T25964]  ? fat_block_truncate_page+0x30/0x30
[  355.361245][T25964]  block_write_begin+0x77/0x170
[  355.366163][T25964]  ? cont_write_begin+0x3aa/0x500
[  355.371186][T25964]  cont_write_begin+0x3cf/0x500
[  355.376050][T25964]  fat_write_begin+0x61/0xf0
[  355.380656][T25964]  ? fat_block_truncate_page+0x30/0x30
[  355.386128][T25964]  generic_perform_write+0x1d6/0x3f0
[  355.391427][T25964]  ? fat_write_begin+0xf0/0xf0
[  355.396198][T25964]  __generic_file_write_iter+0xe3/0x280
[  355.401792][T25964]  ? generic_write_checks+0x256/0x290
[  355.407165][T25964]  generic_file_write_iter+0x75/0x130
11:47:31 executing program 0:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
syz_open_procfs(0x0, &(0x7f00000001c0)='net/ip_vs_stats\x00')
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001) (fail_nth: 2)

[  355.412535][T25964]  vfs_write+0x71c/0x890
[  355.416822][T25964]  ksys_write+0xe8/0x1a0
[  355.421072][T25964]  __x64_sys_write+0x3e/0x50
[  355.425704][T25964]  do_syscall_64+0x2b/0x70
[  355.430122][T25964]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  355.436028][T25964] RIP: 0033:0x7ff4e0daf0e9
[  355.440439][T25964] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
11:47:31 executing program 2:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800017)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

11:47:31 executing program 4:
r0 = syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00') (async)
r1 = openat(r0, &(0x7f0000000380)='./control\x00', 0x281, 0x10)
openat(r1, &(0x7f00000003c0)='./file1\x00', 0x100000, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000040)=ANY=[], 0x8800000)
r3 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0) (async)
openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r4 = openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder-control\x00', 0x800, 0x0) (async)
r5 = socket$kcm(0x10, 0x2, 0x4) (async)
r6 = socket$inet_udplite(0x2, 0x2, 0x88)
getsockopt$sock_cred(r6, 0x1, 0x11, &(0x7f0000000240)={0x0, <r7=>0x0}, &(0x7f0000000280)=0x5)
setuid(r7) (async)
ioctl$NS_GET_OWNER_UID(r3, 0xb704, &(0x7f0000000280)=<r8=>0x0) (async)
r9 = socket(0x10, 0x2, 0x0)
getsockopt$sock_cred(r9, 0x1, 0x11, &(0x7f0000caaffb)={0x0, <r10=>0x0, <r11=>0x0}, &(0x7f0000cab000)=0xc)
chown(&(0x7f0000000000)='./control\x00', r10, r11) (async)
setxattr$system_posix_acl(&(0x7f00000001c0)='./file0\x00', &(0x7f0000000200)='system.posix_acl_default\x00', &(0x7f0000000300)={{}, {0x1, 0x4}, [{0x2, 0x7, r7}, {0x2, 0x5, 0xee00}, {0x2, 0x7, 0xffffffffffffffff}, {0x2, 0x6, r8}], {}, [{0x8, 0x1, 0xee01}, {0x8, 0x0, r11}, {}, {0x8, 0x2}], {0x10, 0x2}}, 0x64, 0x3) (async)
sendmsg$kcm(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000000)="48000000140081fb7059ae08060c04000aff0f03000004000e11000000006fabca1b4e7d06a6bd7c493872f750375ed08a562ad6e74703c48f93b82a02000000461eb886a5e54e8f", 0x48}], 0x1}, 0x0) (async)
sendfile(r5, r4, 0x0, 0x200)

11:47:31 executing program 3:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80001700)

11:47:31 executing program 1:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mount(0x0, 0x0, 0x0, 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80007c00)
ioctl$BTRFS_IOC_GET_DEV_STATS(0xffffffffffffffff, 0xc4089434, 0x0)

[  355.460055][T25964] RSP: 002b:00007ff4e0525168 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  355.468469][T25964] RAX: ffffffffffffffda RBX: 00007ff4e0ec1f60 RCX: 00007ff4e0daf0e9
[  355.476436][T25964] RDX: 0000000008800000 RSI: 0000000020000040 RDI: 0000000000000003
[  355.484483][T25964] RBP: 00007ff4e05251d0 R08: 0000000000000000 R09: 0000000000000000
[  355.492466][T25964] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  355.500439][T25964] R13: 00007ffc4f15e08f R14: 00007ff4e0525300 R15: 0000000000022000
[  355.508427][T25964]  </TASK>
[  355.554580][T25990] loop4: detected capacity change from 0 to 262160
[  355.561571][T25992] loop0: detected capacity change from 0 to 262160
[  355.581768][T25995] loop1: detected capacity change from 0 to 262160
[  355.588696][T25997] loop3: detected capacity change from 0 to 262160
[  355.652176][T26002] FAULT_INJECTION: forcing a failure.
[  355.652176][T26002] name failslab, interval 1, probability 0, space 0, times 0
[  355.664826][T26002] CPU: 1 PID: 26002 Comm: syz-executor.0 Not tainted 5.18.0-rc2-syzkaller-00275-g59250f8a7f3a-dirty #0
[  355.675851][T26002] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  355.685905][T26002] Call Trace:
[  355.689182][T26002]  <TASK>
[  355.692158][T26002]  dump_stack_lvl+0xd6/0x122
[  355.696761][T26002]  dump_stack+0x11/0x12
[  355.701004][T26002]  should_fail+0x230/0x240
[  355.705426][T26002]  __should_failslab+0x81/0x90
[  355.710194][T26002]  should_failslab+0x5/0x20
[  355.714702][T26002]  kmem_cache_alloc_node_trace+0x58/0x300
[  355.720427][T26002]  ? __rcu_read_unlock+0x4a/0x70
[  355.725425][T26002]  ? kvmalloc_node+0x6d/0x100
[  355.730104][T26002]  ? kmem_cache_alloc_trace+0x250/0x320
[  355.735655][T26002]  kvmalloc_node+0x6d/0x100
[  355.740159][T26002]  alloc_pipe_info+0x1cc/0x360
[  355.744964][T26002]  splice_direct_to_actor+0x605/0x660
11:47:31 executing program 4:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
r1 = memfd_secret(0x80000)
execveat(r1, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000340)=[&(0x7f0000000280)='cgroup.controllers\x00', &(0x7f0000000300)='cgroup.controllers\x00'], &(0x7f0000000400)=[&(0x7f0000000380)='\x00', &(0x7f00000003c0)='cgroup.controllers\x00'], 0x800)
r2 = socket$kcm(0x10, 0x2, 0x4)
sendmsg$kcm(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000000)="48000000140081fb7059ae08060c04000aff0f03000004000e11000000006fabca1b4e7d06a6bd7c493872f750375ed08a562ad6e74703c48f93b82a02000000461eb886a5e54e8f", 0x48}], 0x1}, 0x0)
ioctl$FS_IOC_FIEMAP(0xffffffffffffffff, 0xc020660b, &(0x7f0000000440)=ANY=[@ANYBLOB="ff010000000000004500000000000000030000000000000001000008000000000600000000000000000000000000008000000000000000000000000000000000000082010000000000000000000000000000000000000000f1bcaefd4a1e5f213b30a0b7af9b1cc92c858519bef93187b2e698b44ce8"])
syncfs(r2)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r3 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r3, r4, 0x0, 0x80000001)

[  355.750366][T26002]  ? security_file_permission+0x7c/0xa0
[  355.755961][T26002]  ? do_splice_direct+0x180/0x180
[  355.761022][T26002]  ? security_file_permission+0x87/0xa0
[  355.766601][T26002]  do_splice_direct+0xfb/0x180
[  355.771373][T26002]  do_sendfile+0x3ad/0x900
[  355.775793][T26002]  __x64_sys_sendfile64+0x10c/0x150
[  355.781058][T26002]  do_syscall_64+0x2b/0x70
[  355.785482][T26002]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  355.791380][T26002] RIP: 0033:0x7f99336e60e9
11:47:32 executing program 5:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000) (fail_nth: 44)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

[  355.795791][T26002] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[  355.815429][T26002] RSP: 002b:00007f9932e3b168 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[  355.823852][T26002] RAX: ffffffffffffffda RBX: 00007f99337f9030 RCX: 00007f99336e60e9
[  355.831833][T26002] RDX: 0000000000000000 RSI: 000000000000000b RDI: 0000000000000004
[  355.839806][T26002] RBP: 00007f9932e3b1d0 R08: 0000000000000000 R09: 0000000000000000
[  355.847779][T26002] R10: 0000000080000001 R11: 0000000000000246 R12: 0000000000000001
[  355.855844][T26002] R13: 00007ffd90c343df R14: 00007f9932e3b300 R15: 0000000000022000
[  355.863822][T26002]  </TASK>
[  355.912558][T26007] loop4: detected capacity change from 0 to 262160
[  355.919402][T26009] loop5: detected capacity change from 0 to 262160
[  355.956561][T26009] FAULT_INJECTION: forcing a failure.
[  355.956561][T26009] name failslab, interval 1, probability 0, space 0, times 0
[  355.969209][T26009] CPU: 0 PID: 26009 Comm: syz-executor.5 Not tainted 5.18.0-rc2-syzkaller-00275-g59250f8a7f3a-dirty #0
[  355.980229][T26009] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  355.990285][T26009] Call Trace:
[  355.993625][T26009]  <TASK>
[  355.996549][T26009]  dump_stack_lvl+0xd6/0x122
[  356.001147][T26009]  dump_stack+0x11/0x12
[  356.005313][T26009]  should_fail+0x230/0x240
[  356.009799][T26009]  __should_failslab+0x81/0x90
[  356.014614][T26009]  ? mempool_alloc_slab+0x16/0x20
[  356.019677][T26009]  should_failslab+0x5/0x20
[  356.024178][T26009]  kmem_cache_alloc+0x46/0x300
[  356.029048][T26009]  mempool_alloc_slab+0x16/0x20
[  356.033900][T26009]  ? mempool_free+0x130/0x130
[  356.038637][T26009]  mempool_alloc+0x9f/0x2a0
[  356.043140][T26009]  bio_alloc_bioset+0xe4/0x730
[  356.047935][T26009]  submit_bh_wbc+0x161/0x2f0
[  356.052525][T26009]  __sync_dirty_buffer+0x141/0x1f0
[  356.057738][T26009]  sync_dirty_buffer+0x16/0x20
[  356.062568][T26009]  fat_mirror_bhs+0x268/0x330
[  356.067327][T26009]  fat_ent_write+0xc2/0xd0
[  356.071786][T26009]  fat_chain_add+0x15b/0x410
[  356.076386][T26009]  fat_get_block+0x486/0x600
[  356.081063][T26009]  ? fat_block_truncate_page+0x30/0x30
[  356.086527][T26009]  __block_write_begin_int+0x33d/0xc90
[  356.091998][T26009]  ? fat_block_truncate_page+0x30/0x30
[  356.097540][T26009]  ? fat_block_truncate_page+0x30/0x30
[  356.103005][T26009]  block_write_begin+0x77/0x170
[  356.107880][T26009]  ? cont_write_begin+0x3aa/0x500
[  356.112933][T26009]  cont_write_begin+0x3cf/0x500
[  356.117791][T26009]  fat_write_begin+0x61/0xf0
[  356.122455][T26009]  ? fat_block_truncate_page+0x30/0x30
[  356.127928][T26009]  generic_perform_write+0x1d6/0x3f0
[  356.133259][T26009]  ? fat_write_begin+0xf0/0xf0
[  356.138040][T26009]  __generic_file_write_iter+0xe3/0x280
[  356.143619][T26009]  ? generic_write_checks+0x256/0x290
[  356.148997][T26009]  generic_file_write_iter+0x75/0x130
11:47:32 executing program 1:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mount(0x0, 0x0, 0x0, 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80007f00)
ioctl$BTRFS_IOC_GET_DEV_STATS(0xffffffffffffffff, 0xc4089434, 0x0)

11:47:32 executing program 3:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80001800)

11:47:32 executing program 2:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800018)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

[  356.154370][T26009]  vfs_write+0x71c/0x890
[  356.158714][T26009]  ksys_write+0xe8/0x1a0
[  356.162971][T26009]  __x64_sys_write+0x3e/0x50
[  356.167580][T26009]  do_syscall_64+0x2b/0x70
[  356.172003][T26009]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  356.177951][T26009] RIP: 0033:0x7ff4e0daf0e9
[  356.182361][T26009] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
11:47:32 executing program 0:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
syz_open_procfs(0x0, &(0x7f00000001c0)='net/ip_vs_stats\x00')
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001) (fail_nth: 3)

11:47:32 executing program 4:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[]) (async)
chdir(&(0x7f0000000140)='./file0\x00') (async, rerun: 64)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0) (async, rerun: 64)
r1 = memfd_secret(0x80000)
execveat(r1, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000340)=[&(0x7f0000000280)='cgroup.controllers\x00', &(0x7f0000000300)='cgroup.controllers\x00'], &(0x7f0000000400)=[&(0x7f0000000380)='\x00', &(0x7f00000003c0)='cgroup.controllers\x00'], 0x800) (async, rerun: 64)
r2 = socket$kcm(0x10, 0x2, 0x4) (rerun: 64)
sendmsg$kcm(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000000)="48000000140081fb7059ae08060c04000aff0f03000004000e11000000006fabca1b4e7d06a6bd7c493872f750375ed08a562ad6e74703c48f93b82a02000000461eb886a5e54e8f", 0x48}], 0x1}, 0x0)
ioctl$FS_IOC_FIEMAP(0xffffffffffffffff, 0xc020660b, &(0x7f0000000440)=ANY=[@ANYBLOB="ff010000000000004500000000000000030000000000000001000008000000000600000000000000000000000000008000000000000000000000000000000000000082010000000000000000000000000000000000000000f1bcaefd4a1e5f213b30a0b7af9b1cc92c858519bef93187b2e698b44ce8"])
syncfs(r2) (async)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000) (async)
r3 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0) (async)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r3, r4, 0x0, 0x80000001)

[  356.201968][T26009] RSP: 002b:00007ff4e0525168 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  356.210385][T26009] RAX: ffffffffffffffda RBX: 00007ff4e0ec1f60 RCX: 00007ff4e0daf0e9
[  356.218430][T26009] RDX: 0000000008800000 RSI: 0000000020000040 RDI: 0000000000000003
[  356.226399][T26009] RBP: 00007ff4e05251d0 R08: 0000000000000000 R09: 0000000000000000
[  356.234366][T26009] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  356.242336][T26009] R13: 00007ffc4f15e08f R14: 00007ff4e0525300 R15: 0000000000022000
[  356.250311][T26009]  </TASK>
[  356.311758][T26017] loop0: detected capacity change from 0 to 262160
[  356.322476][T26025] loop3: detected capacity change from 0 to 262160
[  356.322967][T26021] loop4: detected capacity change from 0 to 262160
[  356.335718][T26020] loop1: detected capacity change from 0 to 262160
[  356.404459][T26027] FAULT_INJECTION: forcing a failure.
[  356.404459][T26027] name failslab, interval 1, probability 0, space 0, times 0
[  356.417204][T26027] CPU: 0 PID: 26027 Comm: syz-executor.0 Not tainted 5.18.0-rc2-syzkaller-00275-g59250f8a7f3a-dirty #0
[  356.428235][T26027] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  356.438302][T26027] Call Trace:
[  356.441579][T26027]  <TASK>
[  356.444536][T26027]  dump_stack_lvl+0xd6/0x122
[  356.449150][T26027]  dump_stack+0x11/0x12
[  356.453313][T26027]  should_fail+0x230/0x240
[  356.457814][T26027]  ? iter_file_splice_write+0xd9/0x7c0
[  356.463325][T26027]  __should_failslab+0x81/0x90
[  356.468172][T26027]  should_failslab+0x5/0x20
[  356.472712][T26027]  __kmalloc+0x66/0x350
[  356.476870][T26027]  ? ktime_get_coarse_real_ts64+0x10d/0x120
[  356.482819][T26027]  iter_file_splice_write+0xd9/0x7c0
[  356.488145][T26027]  ? atime_needs_update+0x4af/0x4d0
[  356.493350][T26027]  ? splice_from_pipe+0xc0/0xc0
[  356.498301][T26027]  direct_splice_actor+0x80/0xa0
[  356.503245][T26027]  splice_direct_to_actor+0x345/0x660
[  356.508656][T26027]  ? do_splice_direct+0x180/0x180
[  356.513682][T26027]  do_splice_direct+0xfb/0x180
[  356.518450][T26027]  do_sendfile+0x3ad/0x900
[  356.522894][T26027]  __x64_sys_sendfile64+0x10c/0x150
[  356.528097][T26027]  do_syscall_64+0x2b/0x70
[  356.532522][T26027]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  356.538515][T26027] RIP: 0033:0x7f99336e60e9
11:47:32 executing program 3:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80001900)

[  356.542927][T26027] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[  356.562582][T26027] RSP: 002b:00007f9932e3b168 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[  356.571020][T26027] RAX: ffffffffffffffda RBX: 00007f99337f9030 RCX: 00007f99336e60e9
[  356.578997][T26027] RDX: 0000000000000000 RSI: 000000000000000b RDI: 0000000000000004
[  356.586966][T26027] RBP: 00007f9932e3b1d0 R08: 0000000000000000 R09: 0000000000000000
[  356.594923][T26027] R10: 0000000080000001 R11: 0000000000000246 R12: 0000000000000001
11:47:32 executing program 5:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000) (fail_nth: 45)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

[  356.602882][T26027] R13: 00007ffd90c343df R14: 00007f9932e3b300 R15: 0000000000022000
[  356.610854][T26027]  </TASK>
[  356.654138][T26031] loop3: detected capacity change from 0 to 262160
[  356.667299][T26033] loop5: detected capacity change from 0 to 262160
11:47:32 executing program 4:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[]) (async)
chdir(&(0x7f0000000140)='./file0\x00') (async)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
r1 = memfd_secret(0x80000)
execveat(r1, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000340)=[&(0x7f0000000280)='cgroup.controllers\x00', &(0x7f0000000300)='cgroup.controllers\x00'], &(0x7f0000000400)=[&(0x7f0000000380)='\x00', &(0x7f00000003c0)='cgroup.controllers\x00'], 0x800) (async)
r2 = socket$kcm(0x10, 0x2, 0x4)
sendmsg$kcm(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000000)="48000000140081fb7059ae08060c04000aff0f03000004000e11000000006fabca1b4e7d06a6bd7c493872f750375ed08a562ad6e74703c48f93b82a02000000461eb886a5e54e8f", 0x48}], 0x1}, 0x0) (async)
ioctl$FS_IOC_FIEMAP(0xffffffffffffffff, 0xc020660b, &(0x7f0000000440)=ANY=[@ANYBLOB="ff010000000000004500000000000000030000000000000001000008000000000600000000000000000000000000008000000000000000000000000000000000000082010000000000000000000000000000000000000000f1bcaefd4a1e5f213b30a0b7af9b1cc92c858519bef93187b2e698b44ce8"])
syncfs(r2) (async)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r3 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0) (async)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r3, r4, 0x0, 0x80000001)

[  356.701464][T26033] FAULT_INJECTION: forcing a failure.
[  356.701464][T26033] name failslab, interval 1, probability 0, space 0, times 0
[  356.714114][T26033] CPU: 0 PID: 26033 Comm: syz-executor.5 Not tainted 5.18.0-rc2-syzkaller-00275-g59250f8a7f3a-dirty #0
[  356.725139][T26033] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  356.735190][T26033] Call Trace:
[  356.738466][T26033]  <TASK>
[  356.741387][T26033]  dump_stack_lvl+0xd6/0x122
[  356.746125][T26033]  dump_stack+0x11/0x12
[  356.750329][T26033]  should_fail+0x230/0x240
[  356.754759][T26033]  __should_failslab+0x81/0x90
[  356.759525][T26033]  ? mempool_alloc_slab+0x16/0x20
[  356.764641][T26033]  should_failslab+0x5/0x20
[  356.769158][T26033]  kmem_cache_alloc+0x46/0x300
[  356.773922][T26033]  ? folio_mark_accessed+0x12f/0x380
[  356.779217][T26033]  mempool_alloc_slab+0x16/0x20
[  356.784119][T26033]  ? mempool_free+0x130/0x130
[  356.788801][T26033]  mempool_alloc+0x9f/0x2a0
[  356.793308][T26033]  bio_alloc_bioset+0xe4/0x730
11:47:33 executing program 3:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80001a00)

[  356.798149][T26033]  submit_bh_wbc+0x161/0x2f0
[  356.802763][T26033]  write_dirty_buffer+0xdb/0xe0
[  356.807624][T26033]  fat_sync_bhs+0x52/0x160
[  356.812049][T26033]  fat_alloc_clusters+0x935/0xa80
[  356.817086][T26033]  fat_get_block+0x263/0x600
[  356.821685][T26033]  ? fat_block_truncate_page+0x30/0x30
[  356.827148][T26033]  __block_write_begin_int+0x33d/0xc90
[  356.832640][T26033]  ? fat_block_truncate_page+0x30/0x30
[  356.838234][T26033]  ? fat_block_truncate_page+0x30/0x30
[  356.843709][T26033]  block_write_begin+0x77/0x170
11:47:33 executing program 1:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mount(0x0, 0x0, 0x0, 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80008100)
ioctl$BTRFS_IOC_GET_DEV_STATS(0xffffffffffffffff, 0xc4089434, 0x0)

11:47:33 executing program 2:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800019)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

[  356.848604][T26033]  ? cont_write_begin+0x3aa/0x500
[  356.853644][T26033]  cont_write_begin+0x3cf/0x500
[  356.858613][T26033]  fat_write_begin+0x61/0xf0
[  356.863270][T26033]  ? fat_block_truncate_page+0x30/0x30
[  356.868813][T26033]  generic_perform_write+0x1d6/0x3f0
[  356.874191][T26033]  ? fat_write_begin+0xf0/0xf0
[  356.879006][T26033]  __generic_file_write_iter+0xe3/0x280
[  356.884555][T26033]  ? generic_write_checks+0x256/0x290
[  356.889927][T26033]  generic_file_write_iter+0x75/0x130
[  356.895342][T26033]  vfs_write+0x71c/0x890
11:47:33 executing program 0:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
syz_open_procfs(0x0, &(0x7f00000001c0)='net/ip_vs_stats\x00')
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001) (fail_nth: 4)

[  356.899593][T26033]  ksys_write+0xe8/0x1a0
[  356.903881][T26033]  __x64_sys_write+0x3e/0x50
[  356.908565][T26033]  do_syscall_64+0x2b/0x70
[  356.912994][T26033]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  356.918914][T26033] RIP: 0033:0x7ff4e0daf0e9
[  356.923363][T26033] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[  356.942981][T26033] RSP: 002b:00007ff4e0525168 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  356.951476][T26033] RAX: ffffffffffffffda RBX: 00007ff4e0ec1f60 RCX: 00007ff4e0daf0e9
[  356.959451][T26033] RDX: 0000000008800000 RSI: 0000000020000040 RDI: 0000000000000003
[  356.967419][T26033] RBP: 00007ff4e05251d0 R08: 0000000000000000 R09: 0000000000000000
[  356.975388][T26033] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  356.983361][T26033] R13: 00007ffc4f15e08f R14: 00007ff4e0525300 R15: 0000000000022000
[  356.991333][T26033]  </TASK>
[  357.053338][T26040] loop1: detected capacity change from 0 to 262160
[  357.070445][T26045] loop4: detected capacity change from 0 to 262160
[  357.077548][T26043] loop0: detected capacity change from 0 to 262160
[  357.085178][T26048] loop3: detected capacity change from 0 to 262160
[  357.148685][T26050] FAULT_INJECTION: forcing a failure.
[  357.148685][T26050] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  357.161964][T26050] CPU: 1 PID: 26050 Comm: syz-executor.0 Not tainted 5.18.0-rc2-syzkaller-00275-g59250f8a7f3a-dirty #0
[  357.172987][T26050] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  357.183110][T26050] Call Trace:
[  357.186383][T26050]  <TASK>
[  357.189306][T26050]  dump_stack_lvl+0xd6/0x122
[  357.193977][T26050]  dump_stack+0x11/0x12
[  357.198211][T26050]  should_fail+0x230/0x240
[  357.202635][T26050]  __alloc_pages+0xf0/0x320
[  357.207140][T26050]  alloc_pages+0x34d/0x450
[  357.211564][T26050]  folio_alloc+0x1a/0x20
[  357.215874][T26050]  filemap_alloc_folio+0x53/0xf0
[  357.220847][T26050]  __filemap_get_folio+0x43d/0x680
[  357.225965][T26050]  ? _raw_spin_unlock+0x2d/0x50
[  357.230815][T26050]  pagecache_get_page+0x26/0x190
[  357.235846][T26050]  grab_cache_page_write_begin+0x3f/0x50
[  357.241480][T26050]  ? fat_block_truncate_page+0x30/0x30
[  357.246950][T26050]  block_write_begin+0x32/0x170
[  357.251853][T26050]  ? cont_write_begin+0x3aa/0x500
[  357.256937][T26050]  cont_write_begin+0x3cf/0x500
[  357.261869][T26050]  fat_write_begin+0x61/0xf0
[  357.266539][T26050]  ? fat_block_truncate_page+0x30/0x30
[  357.272004][T26050]  generic_perform_write+0x1d6/0x3f0
[  357.277362][T26050]  __generic_file_write_iter+0x172/0x280
[  357.283069][T26050]  ? generic_write_checks+0x256/0x290
[  357.288440][T26050]  generic_file_write_iter+0x75/0x130
[  357.293846][T26050]  do_iter_readv_writev+0x27b/0x300
11:47:33 executing program 2:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x880001a)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

[  357.299086][T26050]  do_iter_write+0x16f/0x5c0
[  357.303725][T26050]  ? splice_from_pipe_next+0x34f/0x3b0
[  357.309192][T26050]  vfs_iter_write+0x4c/0x70
[  357.313714][T26050]  iter_file_splice_write+0x44a/0x7c0
[  357.319248][T26050]  ? splice_from_pipe+0xc0/0xc0
[  357.324102][T26050]  direct_splice_actor+0x80/0xa0
[  357.329105][T26050]  splice_direct_to_actor+0x345/0x660
[  357.334479][T26050]  ? do_splice_direct+0x180/0x180
[  357.339499][T26050]  do_splice_direct+0xfb/0x180
[  357.344297][T26050]  do_sendfile+0x3ad/0x900
[  357.348715][T26050]  __x64_sys_sendfile64+0x10c/0x150
[  357.353919][T26050]  do_syscall_64+0x2b/0x70
[  357.358414][T26050]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  357.364311][T26050] RIP: 0033:0x7f99336e60e9
[  357.368737][T26050] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[  357.388345][T26050] RSP: 002b:00007f9932e3b168 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
11:47:33 executing program 5:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000) (fail_nth: 46)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

[  357.396759][T26050] RAX: ffffffffffffffda RBX: 00007f99337f9030 RCX: 00007f99336e60e9
[  357.404782][T26050] RDX: 0000000000000000 RSI: 000000000000000b RDI: 0000000000000004
[  357.412784][T26050] RBP: 00007f9932e3b1d0 R08: 0000000000000000 R09: 0000000000000000
[  357.420746][T26050] R10: 0000000080000001 R11: 0000000000000246 R12: 0000000000000001
[  357.428732][T26050] R13: 00007ffd90c343df R14: 00007f9932e3b300 R15: 0000000000022000
[  357.436710][T26050]  </TASK>
[  357.540097][T26057] loop5: detected capacity change from 0 to 262160
[  357.594906][T26057] FAULT_INJECTION: forcing a failure.
[  357.594906][T26057] name failslab, interval 1, probability 0, space 0, times 0
[  357.607648][T26057] CPU: 0 PID: 26057 Comm: syz-executor.5 Not tainted 5.18.0-rc2-syzkaller-00275-g59250f8a7f3a-dirty #0
[  357.618743][T26057] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  357.628900][T26057] Call Trace:
[  357.632181][T26057]  <TASK>
[  357.635111][T26057]  dump_stack_lvl+0xd6/0x122
[  357.639717][T26057]  dump_stack+0x11/0x12
[  357.643910][T26057]  should_fail+0x230/0x240
[  357.648335][T26057]  __should_failslab+0x81/0x90
[  357.653108][T26057]  ? mempool_alloc_slab+0x16/0x20
[  357.658143][T26057]  should_failslab+0x5/0x20
[  357.662657][T26057]  kmem_cache_alloc+0x46/0x300
[  357.667423][T26057]  mempool_alloc_slab+0x16/0x20
[  357.672344][T26057]  ? mempool_free+0x130/0x130
[  357.677088][T26057]  mempool_alloc+0x9f/0x2a0
[  357.681601][T26057]  bio_alloc_bioset+0xe4/0x730
[  357.686377][T26057]  submit_bh_wbc+0x161/0x2f0
11:47:33 executing program 4:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
link(&(0x7f00000000c0)='./file1\x00', &(0x7f0000000180)='./bus\x00')
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

11:47:33 executing program 1:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mount(0x0, 0x0, 0x0, 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80008200)
ioctl$BTRFS_IOC_GET_DEV_STATS(0xffffffffffffffff, 0xc4089434, 0x0)

11:47:33 executing program 0:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
syz_open_procfs(0x0, &(0x7f00000001c0)='net/ip_vs_stats\x00')
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001) (fail_nth: 5)

[  357.690977][T26057]  write_dirty_buffer+0xdb/0xe0
[  357.695903][T26057]  fat_sync_bhs+0x52/0x160
[  357.700334][T26057]  fat_ent_write+0x85/0xd0
[  357.704761][T26057]  fat_chain_add+0x15b/0x410
[  357.709389][T26057]  fat_get_block+0x486/0x600
[  357.714041][T26057]  ? fat_block_truncate_page+0x30/0x30
[  357.719590][T26057]  __block_write_begin_int+0x33d/0xc90
[  357.725059][T26057]  ? fat_block_truncate_page+0x30/0x30
[  357.730565][T26057]  ? fat_block_truncate_page+0x30/0x30
[  357.736097][T26057]  block_write_begin+0x77/0x170
[  357.740968][T26057]  ? cont_write_begin+0x3aa/0x500
[  357.746000][T26057]  cont_write_begin+0x3cf/0x500
[  357.750931][T26057]  fat_write_begin+0x61/0xf0
[  357.755608][T26057]  ? fat_block_truncate_page+0x30/0x30
[  357.761125][T26057]  generic_perform_write+0x1d6/0x3f0
[  357.766420][T26057]  ? fat_write_begin+0xf0/0xf0
[  357.771189][T26057]  __generic_file_write_iter+0xe3/0x280
[  357.776791][T26057]  ? generic_write_checks+0x256/0x290
[  357.782169][T26057]  generic_file_write_iter+0x75/0x130
[  357.787548][T26057]  vfs_write+0x71c/0x890
[  357.791868][T26057]  ksys_write+0xe8/0x1a0
[  357.796185][T26057]  __x64_sys_write+0x3e/0x50
[  357.801022][T26057]  do_syscall_64+0x2b/0x70
[  357.805490][T26057]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  357.811461][T26057] RIP: 0033:0x7ff4e0daf0e9
[  357.815909][T26057] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[  357.835522][T26057] RSP: 002b:00007ff4e0525168 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
11:47:34 executing program 2:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x880001b)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

[  357.843942][T26057] RAX: ffffffffffffffda RBX: 00007ff4e0ec1f60 RCX: 00007ff4e0daf0e9
[  357.851906][T26057] RDX: 0000000008800000 RSI: 0000000020000040 RDI: 0000000000000003
[  357.859877][T26057] RBP: 00007ff4e05251d0 R08: 0000000000000000 R09: 0000000000000000
[  357.867873][T26057] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  357.875842][T26057] R13: 00007ffc4f15e08f R14: 00007ff4e0525300 R15: 0000000000022000
[  357.883852][T26057]  </TASK>
11:47:34 executing program 3:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80001b00)

[  357.955822][T26064] loop0: detected capacity change from 0 to 262160
[  357.959896][T26062] loop1: detected capacity change from 0 to 262160
[  358.028231][T26066] FAULT_INJECTION: forcing a failure.
[  358.028231][T26066] name failslab, interval 1, probability 0, space 0, times 0
[  358.041023][T26066] CPU: 0 PID: 26066 Comm: syz-executor.0 Not tainted 5.18.0-rc2-syzkaller-00275-g59250f8a7f3a-dirty #0
[  358.052051][T26066] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  358.062109][T26066] Call Trace:
[  358.065404][T26066]  <TASK>
[  358.068443][T26066]  dump_stack_lvl+0xd6/0x122
[  358.073056][T26066]  dump_stack+0x11/0x12
[  358.077256][T26066]  should_fail+0x230/0x240
[  358.081770][T26066]  __should_failslab+0x81/0x90
[  358.086537][T26066]  ? mempool_alloc_slab+0x16/0x20
[  358.087123][T26068] loop4: detected capacity change from 0 to 262160
[  358.091627][T26066]  should_failslab+0x5/0x20
[  358.091650][T26066]  kmem_cache_alloc+0x46/0x300
[  358.107376][T26066]  mempool_alloc_slab+0x16/0x20
[  358.112231][T26066]  ? mempool_free+0x130/0x130
[  358.116922][T26066]  mempool_alloc+0x9f/0x2a0
[  358.121431][T26066]  bio_alloc_bioset+0xe4/0x730
[  358.126204][T26066]  submit_bh_wbc+0x161/0x2f0
[  358.130880][T26066]  write_dirty_buffer+0xdb/0xe0
[  358.135789][T26066]  fat_sync_bhs+0x52/0x160
[  358.140204][T26066]  fat_alloc_clusters+0x935/0xa80
[  358.145224][T26066]  fat_get_block+0x263/0x600
[  358.149837][T26066]  ? fat_block_truncate_page+0x30/0x30
[  358.155287][T26066]  __block_write_begin_int+0x33d/0xc90
[  358.160738][T26066]  ? fat_block_truncate_page+0x30/0x30
[  358.166219][T26066]  ? PageHeadHuge+0x3b/0x120
[  358.170796][T26066]  ? fat_block_truncate_page+0x30/0x30
[  358.176249][T26066]  block_write_begin+0x77/0x170
[  358.181155][T26066]  ? cont_write_begin+0x3aa/0x500
[  358.186167][T26066]  cont_write_begin+0x3cf/0x500
[  358.191082][T26066]  fat_write_begin+0x61/0xf0
[  358.195732][T26066]  ? fat_block_truncate_page+0x30/0x30
[  358.201181][T26066]  generic_perform_write+0x1d6/0x3f0
[  358.206506][T26066]  __generic_file_write_iter+0x172/0x280
[  358.212153][T26066]  ? generic_write_checks+0x256/0x290
[  358.217512][T26066]  generic_file_write_iter+0x75/0x130
[  358.222966][T26066]  do_iter_readv_writev+0x27b/0x300
[  358.228255][T26066]  do_iter_write+0x16f/0x5c0
[  358.232908][T26066]  ? splice_from_pipe_next+0x34f/0x3b0
[  358.238365][T26066]  vfs_iter_write+0x4c/0x70
[  358.242945][T26066]  iter_file_splice_write+0x44a/0x7c0
[  358.248444][T26066]  ? splice_from_pipe+0xc0/0xc0
[  358.253337][T26066]  direct_splice_actor+0x80/0xa0
[  358.258264][T26066]  splice_direct_to_actor+0x345/0x660
[  358.263648][T26066]  ? do_splice_direct+0x180/0x180
[  358.268676][T26066]  do_splice_direct+0xfb/0x180
[  358.273430][T26066]  do_sendfile+0x3ad/0x900
[  358.277955][T26066]  __x64_sys_sendfile64+0x10c/0x150
[  358.283154][T26066]  do_syscall_64+0x2b/0x70
[  358.287611][T26066]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  358.293504][T26066] RIP: 0033:0x7f99336e60e9
[  358.297912][T26066] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[  358.317585][T26066] RSP: 002b:00007f9932e3b168 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
11:47:34 executing program 5:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000) (fail_nth: 47)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

[  358.325987][T26066] RAX: ffffffffffffffda RBX: 00007f99337f9030 RCX: 00007f99336e60e9
[  358.333944][T26066] RDX: 0000000000000000 RSI: 000000000000000b RDI: 0000000000000004
[  358.341899][T26066] RBP: 00007f9932e3b1d0 R08: 0000000000000000 R09: 0000000000000000
[  358.349856][T26066] R10: 0000000080000001 R11: 0000000000000246 R12: 0000000000000001
[  358.357867][T26066] R13: 00007ffd90c343df R14: 00007f9932e3b300 R15: 0000000000022000
[  358.365830][T26066]  </TASK>
[  358.408994][T26072] loop3: detected capacity change from 0 to 262160
[  358.434943][T26074] loop5: detected capacity change from 0 to 262160
[  358.478854][T26074] FAULT_INJECTION: forcing a failure.
[  358.478854][T26074] name failslab, interval 1, probability 0, space 0, times 0
[  358.491567][T26074] CPU: 0 PID: 26074 Comm: syz-executor.5 Not tainted 5.18.0-rc2-syzkaller-00275-g59250f8a7f3a-dirty #0
[  358.502612][T26074] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  358.512705][T26074] Call Trace:
[  358.516010][T26074]  <TASK>
[  358.518971][T26074]  dump_stack_lvl+0xd6/0x122
[  358.523630][T26074]  dump_stack+0x11/0x12
[  358.527895][T26074]  should_fail+0x230/0x240
[  358.532317][T26074]  __should_failslab+0x81/0x90
[  358.537083][T26074]  ? mempool_alloc_slab+0x16/0x20
[  358.542140][T26074]  should_failslab+0x5/0x20
[  358.546643][T26074]  kmem_cache_alloc+0x46/0x300
[  358.551418][T26074]  mempool_alloc_slab+0x16/0x20
[  358.556317][T26074]  ? mempool_free+0x130/0x130
[  358.560998][T26074]  mempool_alloc+0x9f/0x2a0
[  358.565512][T26074]  bio_alloc_bioset+0xe4/0x730
[  358.570423][T26074]  submit_bh_wbc+0x161/0x2f0
11:47:34 executing program 0:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
syz_open_procfs(0x0, &(0x7f00000001c0)='net/ip_vs_stats\x00')
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001) (fail_nth: 6)

11:47:34 executing program 1:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mount(0x0, 0x0, 0x0, 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80008500)
ioctl$BTRFS_IOC_GET_DEV_STATS(0xffffffffffffffff, 0xc4089434, 0x0)

[  358.575061][T26074]  write_dirty_buffer+0xdb/0xe0
[  358.579928][T26074]  fat_sync_bhs+0x52/0x160
[  358.584357][T26074]  fat_ent_write+0x85/0xd0
[  358.588782][T26074]  fat_chain_add+0x15b/0x410
[  358.593481][T26074]  fat_get_block+0x486/0x600
[  358.598080][T26074]  ? fat_block_truncate_page+0x30/0x30
[  358.603564][T26074]  __block_write_begin_int+0x33d/0xc90
[  358.609090][T26074]  ? fat_block_truncate_page+0x30/0x30
[  358.614634][T26074]  ? fat_block_truncate_page+0x30/0x30
[  358.620094][T26074]  block_write_begin+0x77/0x170
[  358.624952][T26074]  ? cont_write_begin+0x3aa/0x500
[  358.630032][T26074]  cont_write_begin+0x3cf/0x500
[  358.635052][T26074]  fat_write_begin+0x61/0xf0
[  358.639748][T26074]  ? fat_block_truncate_page+0x30/0x30
[  358.645214][T26074]  generic_perform_write+0x1d6/0x3f0
[  358.650506][T26074]  ? fat_write_begin+0xf0/0xf0
[  358.655295][T26074]  __generic_file_write_iter+0xe3/0x280
[  358.660875][T26074]  ? generic_write_checks+0x256/0x290
[  358.666274][T26074]  generic_file_write_iter+0x75/0x130
[  358.671662][T26074]  vfs_write+0x71c/0x890
[  358.675932][T26074]  ksys_write+0xe8/0x1a0
[  358.680180][T26074]  __x64_sys_write+0x3e/0x50
[  358.684786][T26074]  do_syscall_64+0x2b/0x70
[  358.689313][T26074]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  358.695301][T26074] RIP: 0033:0x7ff4e0daf0e9
[  358.699714][T26074] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[  358.719380][T26074] RSP: 002b:00007ff4e0525168 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
11:47:34 executing program 2:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x880001c)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

11:47:34 executing program 3:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80001c00)

[  358.727796][T26074] RAX: ffffffffffffffda RBX: 00007ff4e0ec1f60 RCX: 00007ff4e0daf0e9
[  358.735768][T26074] RDX: 0000000008800000 RSI: 0000000020000040 RDI: 0000000000000003
[  358.743756][T26074] RBP: 00007ff4e05251d0 R08: 0000000000000000 R09: 0000000000000000
[  358.751729][T26074] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  358.759705][T26074] R13: 00007ffc4f15e08f R14: 00007ff4e0525300 R15: 0000000000022000
[  358.767692][T26074]  </TASK>
[  358.835290][T26082] loop0: detected capacity change from 0 to 262160
[  358.841213][T26084] loop1: detected capacity change from 0 to 262160
[  358.849437][T26085] loop3: detected capacity change from 0 to 262160
[  358.933437][T26087] FAULT_INJECTION: forcing a failure.
[  358.933437][T26087] name failslab, interval 1, probability 0, space 0, times 0
[  358.946089][T26087] CPU: 0 PID: 26087 Comm: syz-executor.0 Not tainted 5.18.0-rc2-syzkaller-00275-g59250f8a7f3a-dirty #0
[  358.957136][T26087] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  358.967187][T26087] Call Trace:
[  358.970557][T26087]  <TASK>
[  358.973488][T26087]  dump_stack_lvl+0xd6/0x122
[  358.978081][T26087]  dump_stack+0x11/0x12
[  358.982292][T26087]  should_fail+0x230/0x240
[  358.986714][T26087]  __should_failslab+0x81/0x90
[  358.991479][T26087]  ? mempool_alloc_slab+0x16/0x20
[  358.996575][T26087]  should_failslab+0x5/0x20
[  359.001090][T26087]  kmem_cache_alloc+0x46/0x300
[  359.005854][T26087]  ? update_cfs_rq_load_avg+0x16e/0x180
[  359.011403][T26087]  mempool_alloc_slab+0x16/0x20
[  359.016249][T26087]  ? mempool_free+0x130/0x130
[  359.020975][T26087]  mempool_alloc+0x9f/0x2a0
[  359.025482][T26087]  ? __schedule+0x514/0x6c0
[  359.030070][T26087]  bio_alloc_bioset+0xe4/0x730
[  359.034836][T26087]  submit_bh_wbc+0x161/0x2f0
[  359.039435][T26087]  __sync_dirty_buffer+0x141/0x1f0
[  359.044553][T26087]  sync_dirty_buffer+0x16/0x20
[  359.049367][T26087]  fat_mirror_bhs+0x268/0x330
[  359.054049][T26087]  fat_alloc_clusters+0x983/0xa80
[  359.059081][T26087]  fat_get_block+0x263/0x600
[  359.063723][T26087]  ? fat_block_truncate_page+0x30/0x30
[  359.069191][T26087]  __block_write_begin_int+0x33d/0xc90
[  359.074664][T26087]  ? fat_block_truncate_page+0x30/0x30
11:47:35 executing program 4:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
link(&(0x7f00000000c0)='./file1\x00', &(0x7f0000000180)='./bus\x00') (async)
chdir(&(0x7f0000000140)='./file0\x00') (async, rerun: 64)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0) (rerun: 64)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000) (async)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0) (async)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

[  359.080198][T26087]  ? PageHeadHuge+0x3b/0x120
[  359.084795][T26087]  ? fat_block_truncate_page+0x30/0x30
[  359.090262][T26087]  block_write_begin+0x77/0x170
[  359.095172][T26087]  ? cont_write_begin+0x3aa/0x500
[  359.100206][T26087]  cont_write_begin+0x3cf/0x500
[  359.105061][T26087]  fat_write_begin+0x61/0xf0
[  359.109733][T26087]  ? fat_block_truncate_page+0x30/0x30
[  359.115196][T26087]  generic_perform_write+0x1d6/0x3f0
[  359.120529][T26087]  __generic_file_write_iter+0x172/0x280
[  359.126168][T26087]  ? generic_write_checks+0x256/0x290
11:47:35 executing program 5:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000) (fail_nth: 48)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

[  359.131554][T26087]  generic_file_write_iter+0x75/0x130
[  359.136990][T26087]  do_iter_readv_writev+0x27b/0x300
[  359.142326][T26087]  do_iter_write+0x16f/0x5c0
[  359.146932][T26087]  ? splice_from_pipe_next+0x34f/0x3b0
[  359.152400][T26087]  vfs_iter_write+0x4c/0x70
[  359.156910][T26087]  iter_file_splice_write+0x44a/0x7c0
[  359.162373][T26087]  ? splice_from_pipe+0xc0/0xc0
[  359.167230][T26087]  direct_splice_actor+0x80/0xa0
[  359.172226][T26087]  splice_direct_to_actor+0x345/0x660
[  359.177698][T26087]  ? do_splice_direct+0x180/0x180
11:47:35 executing program 3:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80001d00)

[  359.182732][T26087]  do_splice_direct+0xfb/0x180
[  359.187555][T26087]  do_sendfile+0x3ad/0x900
[  359.192077][T26087]  __x64_sys_sendfile64+0x10c/0x150
[  359.197362][T26087]  do_syscall_64+0x2b/0x70
[  359.201846][T26087]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  359.207743][T26087] RIP: 0033:0x7f99336e60e9
[  359.212158][T26087] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
11:47:35 executing program 2:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x880001d)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

11:47:35 executing program 1:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mount(0x0, 0x0, 0x0, 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80008700)
ioctl$BTRFS_IOC_GET_DEV_STATS(0xffffffffffffffff, 0xc4089434, 0x0)

[  359.231764][T26087] RSP: 002b:00007f9932e3b168 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[  359.240182][T26087] RAX: ffffffffffffffda RBX: 00007f99337f9030 RCX: 00007f99336e60e9
[  359.248161][T26087] RDX: 0000000000000000 RSI: 000000000000000b RDI: 0000000000000004
[  359.256135][T26087] RBP: 00007f9932e3b1d0 R08: 0000000000000000 R09: 0000000000000000
[  359.264115][T26087] R10: 0000000080000001 R11: 0000000000000246 R12: 0000000000000001
[  359.272175][T26087] R13: 00007ffd90c343df R14: 00007f9932e3b300 R15: 0000000000022000
[  359.280151][T26087]  </TASK>
[  359.350395][T26100] loop5: detected capacity change from 0 to 262160
[  359.354218][T26101] loop4: detected capacity change from 0 to 262160
[  359.357083][T26099] loop1: detected capacity change from 0 to 262160
[  359.365315][T26102] loop3: detected capacity change from 0 to 262160
[  359.395288][T26100] FAULT_INJECTION: forcing a failure.
[  359.395288][T26100] name failslab, interval 1, probability 0, space 0, times 0
[  359.408019][T26100] CPU: 0 PID: 26100 Comm: syz-executor.5 Not tainted 5.18.0-rc2-syzkaller-00275-g59250f8a7f3a-dirty #0
[  359.419138][T26100] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  359.429243][T26100] Call Trace:
[  359.432510][T26100]  <TASK>
[  359.435468][T26100]  dump_stack_lvl+0xd6/0x122
[  359.440061][T26100]  dump_stack+0x11/0x12
[  359.444251][T26100]  should_fail+0x230/0x240
[  359.448676][T26100]  __should_failslab+0x81/0x90
[  359.453438][T26100]  ? mempool_alloc_slab+0x16/0x20
[  359.458462][T26100]  should_failslab+0x5/0x20
[  359.463009][T26100]  kmem_cache_alloc+0x46/0x300
[  359.467780][T26100]  mempool_alloc_slab+0x16/0x20
[  359.472637][T26100]  ? mempool_free+0x130/0x130
[  359.477322][T26100]  mempool_alloc+0x9f/0x2a0
[  359.481828][T26100]  bio_alloc_bioset+0xe4/0x730
[  359.486599][T26100]  submit_bh_wbc+0x161/0x2f0
[  359.491247][T26100]  __sync_dirty_buffer+0x141/0x1f0
[  359.496391][T26100]  sync_dirty_buffer+0x16/0x20
[  359.501163][T26100]  fat_mirror_bhs+0x268/0x330
[  359.505846][T26100]  fat_ent_write+0xc2/0xd0
[  359.510358][T26100]  fat_chain_add+0x15b/0x410
[  359.514967][T26100]  fat_get_block+0x486/0x600
[  359.519604][T26100]  ? fat_block_truncate_page+0x30/0x30
[  359.525075][T26100]  __block_write_begin_int+0x33d/0xc90
[  359.530581][T26100]  ? fat_block_truncate_page+0x30/0x30
[  359.536054][T26100]  ? fat_block_truncate_page+0x30/0x30
[  359.541591][T26100]  block_write_begin+0x77/0x170
[  359.546450][T26100]  ? cont_write_begin+0x3aa/0x500
[  359.551479][T26100]  cont_write_begin+0x3cf/0x500
[  359.556431][T26100]  fat_write_begin+0x61/0xf0
[  359.561115][T26100]  ? fat_block_truncate_page+0x30/0x30
[  359.566629][T26100]  generic_perform_write+0x1d6/0x3f0
[  359.571923][T26100]  ? fat_write_begin+0xf0/0xf0
[  359.576739][T26100]  __generic_file_write_iter+0xe3/0x280
[  359.582289][T26100]  ? generic_write_checks+0x256/0x290
[  359.587681][T26100]  generic_file_write_iter+0x75/0x130
[  359.593135][T26100]  vfs_write+0x71c/0x890
[  359.597392][T26100]  ksys_write+0xe8/0x1a0
11:47:35 executing program 0:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
syz_open_procfs(0x0, &(0x7f00000001c0)='net/ip_vs_stats\x00')
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001) (fail_nth: 7)

[  359.601691][T26100]  __x64_sys_write+0x3e/0x50
[  359.606293][T26100]  do_syscall_64+0x2b/0x70
[  359.610726][T26100]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  359.616632][T26100] RIP: 0033:0x7ff4e0daf0e9
[  359.621087][T26100] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[  359.640703][T26100] RSP: 002b:00007ff4e0525168 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
11:47:35 executing program 4:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
link(&(0x7f00000000c0)='./file1\x00', &(0x7f0000000180)='./bus\x00')
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[]) (async)
link(&(0x7f00000000c0)='./file1\x00', &(0x7f0000000180)='./bus\x00') (async)
chdir(&(0x7f0000000140)='./file0\x00') (async)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0) (async)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000) (async)
open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0) (async)
openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) (async)
sendfile(r1, r2, 0x0, 0x80000001) (async)

[  359.649120][T26100] RAX: ffffffffffffffda RBX: 00007ff4e0ec1f60 RCX: 00007ff4e0daf0e9
[  359.657096][T26100] RDX: 0000000008800000 RSI: 0000000020000040 RDI: 0000000000000003
[  359.665133][T26100] RBP: 00007ff4e05251d0 R08: 0000000000000000 R09: 0000000000000000
[  359.673107][T26100] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  359.681080][T26100] R13: 00007ffc4f15e08f R14: 00007ff4e0525300 R15: 0000000000022000
[  359.689063][T26100]  </TASK>
11:47:35 executing program 2:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x880001e)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

[  359.742556][T26112] loop0: detected capacity change from 0 to 262160
[  359.789981][T26115] loop4: detected capacity change from 0 to 262160
[  359.831731][T26116] FAULT_INJECTION: forcing a failure.
[  359.831731][T26116] name failslab, interval 1, probability 0, space 0, times 0
[  359.844383][T26116] CPU: 0 PID: 26116 Comm: syz-executor.0 Not tainted 5.18.0-rc2-syzkaller-00275-g59250f8a7f3a-dirty #0
[  359.855423][T26116] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  359.865483][T26116] Call Trace:
[  359.868762][T26116]  <TASK>
[  359.871735][T26116]  dump_stack_lvl+0xd6/0x122
[  359.876361][T26116]  dump_stack+0x11/0x12
[  359.880521][T26116]  should_fail+0x230/0x240
[  359.884937][T26116]  __should_failslab+0x81/0x90
[  359.889696][T26116]  ? mempool_alloc_slab+0x16/0x20
[  359.894711][T26116]  should_failslab+0x5/0x20
[  359.899219][T26116]  kmem_cache_alloc+0x46/0x300
[  359.903970][T26116]  mempool_alloc_slab+0x16/0x20
[  359.908803][T26116]  ? mempool_free+0x130/0x130
[  359.913465][T26116]  mempool_alloc+0x9f/0x2a0
[  359.917951][T26116]  ? __schedule+0x514/0x6c0
[  359.922442][T26116]  bio_alloc_bioset+0xe4/0x730
[  359.927213][T26116]  submit_bh_wbc+0x161/0x2f0
[  359.931804][T26116]  write_dirty_buffer+0xdb/0xe0
[  359.936646][T26116]  fat_sync_bhs+0x52/0x160
[  359.941135][T26116]  fat_alloc_clusters+0x935/0xa80
[  359.946184][T26116]  fat_get_block+0x263/0x600
[  359.950766][T26116]  ? fat_block_truncate_page+0x30/0x30
[  359.956294][T26116]  __block_write_begin_int+0x33d/0xc90
[  359.961818][T26116]  ? fat_block_truncate_page+0x30/0x30
[  359.967334][T26116]  ? PageHeadHuge+0x3b/0x120
[  359.971910][T26116]  ? fat_block_truncate_page+0x30/0x30
[  359.977358][T26116]  block_write_begin+0x77/0x170
[  359.982216][T26116]  ? cont_write_begin+0x3aa/0x500
[  359.987242][T26116]  cont_write_begin+0x3cf/0x500
[  359.992082][T26116]  fat_write_begin+0x61/0xf0
[  359.996774][T26116]  ? fat_block_truncate_page+0x30/0x30
[  360.002228][T26116]  generic_perform_write+0x1d6/0x3f0
[  360.007593][T26116]  __generic_file_write_iter+0x172/0x280
[  360.013279][T26116]  ? generic_write_checks+0x256/0x290
[  360.018636][T26116]  generic_file_write_iter+0x75/0x130
[  360.023992][T26116]  do_iter_readv_writev+0x27b/0x300
[  360.029174][T26116]  do_iter_write+0x16f/0x5c0
[  360.033824][T26116]  ? splice_from_pipe_next+0x34f/0x3b0
[  360.039272][T26116]  vfs_iter_write+0x4c/0x70
[  360.043763][T26116]  iter_file_splice_write+0x44a/0x7c0
[  360.049135][T26116]  ? splice_from_pipe+0xc0/0xc0
[  360.054025][T26116]  direct_splice_actor+0x80/0xa0
[  360.059008][T26116]  splice_direct_to_actor+0x345/0x660
[  360.064369][T26116]  ? do_splice_direct+0x180/0x180
[  360.069382][T26116]  do_splice_direct+0xfb/0x180
[  360.074138][T26116]  do_sendfile+0x3ad/0x900
[  360.078546][T26116]  __x64_sys_sendfile64+0x10c/0x150
[  360.084096][T26116]  do_syscall_64+0x2b/0x70
[  360.088502][T26116]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  360.094386][T26116] RIP: 0033:0x7f99336e60e9
[  360.098785][T26116] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[  360.118378][T26116] RSP: 002b:00007f9932e3b168 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[  360.126838][T26116] RAX: ffffffffffffffda RBX: 00007f99337f9030 RCX: 00007f99336e60e9
[  360.134793][T26116] RDX: 0000000000000000 RSI: 000000000000000b RDI: 0000000000000004
[  360.142766][T26116] RBP: 00007f9932e3b1d0 R08: 0000000000000000 R09: 0000000000000000
[  360.150722][T26116] R10: 0000000080000001 R11: 0000000000000246 R12: 0000000000000001
[  360.158811][T26116] R13: 00007ffd90c343df R14: 00007f9932e3b300 R15: 0000000000022000
[  360.166771][T26116]  </TASK>
11:47:36 executing program 5:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

11:47:36 executing program 1:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mount(0x0, 0x0, 0x0, 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80008900)
ioctl$BTRFS_IOC_GET_DEV_STATS(0xffffffffffffffff, 0xc4089434, 0x0)

11:47:36 executing program 3:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80001e00)

[  360.267082][T26124] loop1: detected capacity change from 0 to 262160
[  360.292548][T26125] loop5: detected capacity change from 0 to 262160
[  360.319924][T26127] loop3: detected capacity change from 0 to 262160
11:47:36 executing program 4:
r0 = syz_mount_image$vfat(&(0x7f00000000c0), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
syz_read_part_table(0x9, 0x2, &(0x7f0000000280)=[{&(0x7f0000000180)="d5c9f060a2c3808006dfed3cbaad547c6863cd673b5ac24e08a2dfb6effa38ef6c4dabdb43f309852d577625d9d6c0dfb596045e0f51154000de5ccf6cc74823aa548f63be550661990b633839efb380737d70804daf004351f4386acbd6ce98ea532d5f1c77591a1789a1d27aebf0cd8ad90c93b119848564edaa67c14c7eb2a2856ff4cfefdf84bf54d1d87e852b5dbcc5ac54f211433b297dfddcbc", 0x9d, 0x15}, {&(0x7f0000000040)="7022b63088bf56c55edd704a3efed6bb35a0e0ff7075e363d0e9c6f0607fdca64fa0a07b2659aa1890653c84cca8210c86d38398787619a7bb7ba9426d", 0x3d, 0x8}])
chdir(&(0x7f0000000140)='./file0\x00')
faccessat2(r0, &(0x7f00000004c0)='./file1\x00', 0x184, 0x1200)
r1 = creat(&(0x7f0000000100)='./bus\x00', 0x0)
fallocate(r1, 0x100000003, 0x80019b, 0x80019c)
fchmodat(r1, &(0x7f0000000480)='./bus\x00', 0x1f3)
r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
ioctl$FS_IOC_SETFLAGS(r2, 0x40086602, &(0x7f0000000040))
syz_read_part_table(0x8, 0x1, &(0x7f0000000300)=[{&(0x7f0000000380)="46c3ba529c77f30b3416b6121345b360a249dab1082c5cbff75a6e2ef6255cbee98750fb2878f456ba57a45126225ffdfdb634626e5c6a5f32a40b7376079e375f2f50e2aec878303b539c5b413533c05fbbf87da2c7bfa513d991fd90f53e958fe244", 0x63, 0x7}])
r3 = openat$cgroup_ro(r2, &(0x7f0000000340)='blkio.bfq.io_wait_time\x00', 0x275a, 0x0)
write$binfmt_script(r3, &(0x7f0000000040)=ANY=[], 0x8800000)
open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r2, 0xc038943b, &(0x7f0000000440)={0x5, 0x8, '\x00', 0x1, &(0x7f0000000400)=[0x0]})
openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r4 = socket$kcm(0x10, 0x2, 0x4)
sendmsg$kcm(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000000)="48000000140081fb7059ae08060c04000aff0f03000004000e11000000006fabca1b4e7d06a6bd7c493872f750375ed08a562ad6e74703c48f93b82a02000000461eb886a5e54e8f", 0x48}], 0x1}, 0x0)
sendfile(r0, r4, 0x0, 0x800008)

[  360.447733][T26140] loop4: detected capacity change from 0 to 262160
11:47:36 executing program 4:
r0 = syz_mount_image$vfat(&(0x7f00000000c0), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
syz_read_part_table(0x9, 0x2, &(0x7f0000000280)=[{&(0x7f0000000180)="d5c9f060a2c3808006dfed3cbaad547c6863cd673b5ac24e08a2dfb6effa38ef6c4dabdb43f309852d577625d9d6c0dfb596045e0f51154000de5ccf6cc74823aa548f63be550661990b633839efb380737d70804daf004351f4386acbd6ce98ea532d5f1c77591a1789a1d27aebf0cd8ad90c93b119848564edaa67c14c7eb2a2856ff4cfefdf84bf54d1d87e852b5dbcc5ac54f211433b297dfddcbc", 0x9d, 0x15}, {&(0x7f0000000040)="7022b63088bf56c55edd704a3efed6bb35a0e0ff7075e363d0e9c6f0607fdca64fa0a07b2659aa1890653c84cca8210c86d38398787619a7bb7ba9426d", 0x3d, 0x8}])
chdir(&(0x7f0000000140)='./file0\x00')
faccessat2(r0, &(0x7f00000004c0)='./file1\x00', 0x184, 0x1200)
r1 = creat(&(0x7f0000000100)='./bus\x00', 0x0)
fallocate(r1, 0x100000003, 0x80019b, 0x80019c)
fchmodat(r1, &(0x7f0000000480)='./bus\x00', 0x1f3)
r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
ioctl$FS_IOC_SETFLAGS(r2, 0x40086602, &(0x7f0000000040))
syz_read_part_table(0x8, 0x1, &(0x7f0000000300)=[{&(0x7f0000000380)="46c3ba529c77f30b3416b6121345b360a249dab1082c5cbff75a6e2ef6255cbee98750fb2878f456ba57a45126225ffdfdb634626e5c6a5f32a40b7376079e375f2f50e2aec878303b539c5b413533c05fbbf87da2c7bfa513d991fd90f53e958fe244", 0x63, 0x7}])
r3 = openat$cgroup_ro(r2, &(0x7f0000000340)='blkio.bfq.io_wait_time\x00', 0x275a, 0x0)
write$binfmt_script(r3, &(0x7f0000000040)=ANY=[], 0x8800000)
open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r2, 0xc038943b, &(0x7f0000000440)={0x5, 0x8, '\x00', 0x1, &(0x7f0000000400)=[0x0]})
openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r4 = socket$kcm(0x10, 0x2, 0x4)
sendmsg$kcm(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000000)="48000000140081fb7059ae08060c04000aff0f03000004000e11000000006fabca1b4e7d06a6bd7c493872f750375ed08a562ad6e74703c48f93b82a02000000461eb886a5e54e8f", 0x48}], 0x1}, 0x0)
sendfile(r0, r4, 0x0, 0x800008)
syz_mount_image$vfat(&(0x7f00000000c0), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[]) (async)
syz_read_part_table(0x9, 0x2, &(0x7f0000000280)=[{&(0x7f0000000180)="d5c9f060a2c3808006dfed3cbaad547c6863cd673b5ac24e08a2dfb6effa38ef6c4dabdb43f309852d577625d9d6c0dfb596045e0f51154000de5ccf6cc74823aa548f63be550661990b633839efb380737d70804daf004351f4386acbd6ce98ea532d5f1c77591a1789a1d27aebf0cd8ad90c93b119848564edaa67c14c7eb2a2856ff4cfefdf84bf54d1d87e852b5dbcc5ac54f211433b297dfddcbc", 0x9d, 0x15}, {&(0x7f0000000040)="7022b63088bf56c55edd704a3efed6bb35a0e0ff7075e363d0e9c6f0607fdca64fa0a07b2659aa1890653c84cca8210c86d38398787619a7bb7ba9426d", 0x3d, 0x8}]) (async)
chdir(&(0x7f0000000140)='./file0\x00') (async)
faccessat2(r0, &(0x7f00000004c0)='./file1\x00', 0x184, 0x1200) (async)
creat(&(0x7f0000000100)='./bus\x00', 0x0) (async)
fallocate(r1, 0x100000003, 0x80019b, 0x80019c) (async)
fchmodat(r1, &(0x7f0000000480)='./bus\x00', 0x1f3) (async)
creat(&(0x7f0000000000)='./bus\x00', 0x0) (async)
ioctl$FS_IOC_SETFLAGS(r2, 0x40086602, &(0x7f0000000040)) (async)
syz_read_part_table(0x8, 0x1, &(0x7f0000000300)=[{&(0x7f0000000380)="46c3ba529c77f30b3416b6121345b360a249dab1082c5cbff75a6e2ef6255cbee98750fb2878f456ba57a45126225ffdfdb634626e5c6a5f32a40b7376079e375f2f50e2aec878303b539c5b413533c05fbbf87da2c7bfa513d991fd90f53e958fe244", 0x63, 0x7}]) (async)
openat$cgroup_ro(r2, &(0x7f0000000340)='blkio.bfq.io_wait_time\x00', 0x275a, 0x0) (async)
write$binfmt_script(r3, &(0x7f0000000040)=ANY=[], 0x8800000) (async)
open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0) (async)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r2, 0xc038943b, &(0x7f0000000440)={0x5, 0x8, '\x00', 0x1, &(0x7f0000000400)=[0x0]}) (async)
openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) (async)
socket$kcm(0x10, 0x2, 0x4) (async)
sendmsg$kcm(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000000)="48000000140081fb7059ae08060c04000aff0f03000004000e11000000006fabca1b4e7d06a6bd7c493872f750375ed08a562ad6e74703c48f93b82a02000000461eb886a5e54e8f", 0x48}], 0x1}, 0x0) (async)
sendfile(r0, r4, 0x0, 0x800008) (async)

[  360.483838][   T24] audit: type=1400 audit(1650109656.652:451): avc:  denied  { read } for  pid=26139 comm="syz-executor.4" path="socket:[84716]" dev="sockfs" ino=84716 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1
11:47:36 executing program 0:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
syz_open_procfs(0x0, &(0x7f00000001c0)='net/ip_vs_stats\x00')
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001) (fail_nth: 8)

11:47:36 executing program 3:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80001f00)

11:47:36 executing program 1:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mount(0x0, 0x0, 0x0, 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80008c00)
ioctl$BTRFS_IOC_GET_DEV_STATS(0xffffffffffffffff, 0xc4089434, 0x0)

[  360.562080][T26142] loop4: detected capacity change from 0 to 262160
11:47:36 executing program 5:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x2000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

11:47:36 executing program 4:
r0 = syz_mount_image$vfat(&(0x7f00000000c0), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
syz_read_part_table(0x9, 0x2, &(0x7f0000000280)=[{&(0x7f0000000180)="d5c9f060a2c3808006dfed3cbaad547c6863cd673b5ac24e08a2dfb6effa38ef6c4dabdb43f309852d577625d9d6c0dfb596045e0f51154000de5ccf6cc74823aa548f63be550661990b633839efb380737d70804daf004351f4386acbd6ce98ea532d5f1c77591a1789a1d27aebf0cd8ad90c93b119848564edaa67c14c7eb2a2856ff4cfefdf84bf54d1d87e852b5dbcc5ac54f211433b297dfddcbc", 0x9d, 0x15}, {&(0x7f0000000040)="7022b63088bf56c55edd704a3efed6bb35a0e0ff7075e363d0e9c6f0607fdca64fa0a07b2659aa1890653c84cca8210c86d38398787619a7bb7ba9426d", 0x3d, 0x8}]) (async)
chdir(&(0x7f0000000140)='./file0\x00') (async)
faccessat2(r0, &(0x7f00000004c0)='./file1\x00', 0x184, 0x1200) (async)
r1 = creat(&(0x7f0000000100)='./bus\x00', 0x0)
fallocate(r1, 0x100000003, 0x80019b, 0x80019c)
fchmodat(r1, &(0x7f0000000480)='./bus\x00', 0x1f3) (async)
r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
ioctl$FS_IOC_SETFLAGS(r2, 0x40086602, &(0x7f0000000040)) (async)
syz_read_part_table(0x8, 0x1, &(0x7f0000000300)=[{&(0x7f0000000380)="46c3ba529c77f30b3416b6121345b360a249dab1082c5cbff75a6e2ef6255cbee98750fb2878f456ba57a45126225ffdfdb634626e5c6a5f32a40b7376079e375f2f50e2aec878303b539c5b413533c05fbbf87da2c7bfa513d991fd90f53e958fe244", 0x63, 0x7}])
r3 = openat$cgroup_ro(r2, &(0x7f0000000340)='blkio.bfq.io_wait_time\x00', 0x275a, 0x0)
write$binfmt_script(r3, &(0x7f0000000040)=ANY=[], 0x8800000)
open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r2, 0xc038943b, &(0x7f0000000440)={0x5, 0x8, '\x00', 0x1, &(0x7f0000000400)=[0x0]}) (async)
openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r4 = socket$kcm(0x10, 0x2, 0x4)
sendmsg$kcm(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000000)="48000000140081fb7059ae08060c04000aff0f03000004000e11000000006fabca1b4e7d06a6bd7c493872f750375ed08a562ad6e74703c48f93b82a02000000461eb886a5e54e8f", 0x48}], 0x1}, 0x0)
sendfile(r0, r4, 0x0, 0x800008)

[  360.634076][T26156] loop0: detected capacity change from 0 to 262160
[  360.661056][T26159] loop1: detected capacity change from 0 to 262160
[  360.664258][T26160] loop3: detected capacity change from 0 to 262160
11:47:36 executing program 2:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800021)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

[  360.686955][T26162] loop5: detected capacity change from 0 to 262160
[  360.702726][T26164] loop4: detected capacity change from 0 to 262160
[  360.784760][T26166] FAULT_INJECTION: forcing a failure.
[  360.784760][T26166] name failslab, interval 1, probability 0, space 0, times 0
[  360.797490][T26166] CPU: 0 PID: 26166 Comm: syz-executor.0 Not tainted 5.18.0-rc2-syzkaller-00275-g59250f8a7f3a-dirty #0
[  360.808645][T26166] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  360.818704][T26166] Call Trace:
[  360.821983][T26166]  <TASK>
[  360.824908][T26166]  dump_stack_lvl+0xd6/0x122
[  360.829578][T26166]  dump_stack+0x11/0x12
[  360.833755][T26166]  should_fail+0x230/0x240
[  360.838196][T26166]  __should_failslab+0x81/0x90
[  360.842988][T26166]  ? mempool_alloc_slab+0x16/0x20
[  360.848016][T26166]  should_failslab+0x5/0x20
[  360.852517][T26166]  kmem_cache_alloc+0x46/0x300
[  360.857282][T26166]  mempool_alloc_slab+0x16/0x20
[  360.862164][T26166]  ? mempool_free+0x130/0x130
[  360.866846][T26166]  mempool_alloc+0x9f/0x2a0
[  360.871366][T26166]  ? __schedule+0x514/0x6c0
[  360.875906][T26166]  bio_alloc_bioset+0xe4/0x730
[  360.880678][T26166]  submit_bh_wbc+0x161/0x2f0
[  360.885343][T26166]  write_dirty_buffer+0xdb/0xe0
[  360.890221][T26166]  fat_sync_bhs+0x52/0x160
[  360.894758][T26166]  fat_ent_write+0x85/0xd0
[  360.899181][T26166]  fat_chain_add+0x15b/0x410
[  360.903781][T26166]  fat_get_block+0x486/0x600
[  360.908422][T26166]  ? fat_block_truncate_page+0x30/0x30
[  360.913916][T26166]  __block_write_begin_int+0x33d/0xc90
[  360.919383][T26166]  ? fat_block_truncate_page+0x30/0x30
[  360.924853][T26166]  ? PageHeadHuge+0x3b/0x120
[  360.929448][T26166]  ? fat_block_truncate_page+0x30/0x30
[  360.935016][T26166]  block_write_begin+0x77/0x170
[  360.939892][T26166]  ? cont_write_begin+0x3aa/0x500
[  360.945001][T26166]  cont_write_begin+0x3cf/0x500
[  360.949932][T26166]  fat_write_begin+0x61/0xf0
[  360.954529][T26166]  ? fat_block_truncate_page+0x30/0x30
[  360.960026][T26166]  generic_perform_write+0x1d6/0x3f0
[  360.965389][T26166]  __generic_file_write_iter+0x172/0x280
[  360.971091][T26166]  ? generic_write_checks+0x256/0x290
[  360.976498][T26166]  generic_file_write_iter+0x75/0x130
11:47:37 executing program 3:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80002000)

11:47:37 executing program 1:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mount(0x0, 0x0, 0x0, 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80008d00)
ioctl$BTRFS_IOC_GET_DEV_STATS(0xffffffffffffffff, 0xc4089434, 0x0)

[  360.981874][T26166]  do_iter_readv_writev+0x27b/0x300
[  360.987087][T26166]  do_iter_write+0x16f/0x5c0
[  360.991751][T26166]  ? splice_from_pipe_next+0x34f/0x3b0
[  360.997312][T26166]  vfs_iter_write+0x4c/0x70
[  361.001918][T26166]  iter_file_splice_write+0x44a/0x7c0
[  361.007297][T26166]  ? splice_from_pipe+0xc0/0xc0
[  361.012209][T26166]  direct_splice_actor+0x80/0xa0
[  361.017154][T26166]  splice_direct_to_actor+0x345/0x660
[  361.022606][T26166]  ? do_splice_direct+0x180/0x180
[  361.027641][T26166]  do_splice_direct+0xfb/0x180
[  361.032512][T26166]  do_sendfile+0x3ad/0x900
[  361.036992][T26166]  __x64_sys_sendfile64+0x10c/0x150
[  361.042258][T26166]  do_syscall_64+0x2b/0x70
[  361.046808][T26166]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  361.052774][T26166] RIP: 0033:0x7f99336e60e9
[  361.057238][T26166] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[  361.076917][T26166] RSP: 002b:00007f9932e3b168 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
11:47:37 executing program 4:
r0 = syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r1, &(0x7f0000000040)=ANY=[], 0x8800000)
syncfs(r0)
r2 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r3 = openat(0xffffffffffffffff, &(0x7f0000000200)='./bus\x00', 0x400000, 0x48)
sendmsg$NL80211_CMD_SET_TID_CONFIG(r3, &(0x7f0000000e80)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000e40)={&(0x7f0000000300)={0xad4, 0x0, 0x300, 0x70bd2c, 0x200, {{}, {@val={0x8}, @val={0xc, 0x99, {0x4, 0x27}}}}, [@NL80211_ATTR_TID_CONFIG={0x198, 0x11d, 0x0, 0x1, [{0x1c, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_TIDS={0x6, 0x5, 0xdb}, @NL80211_TID_CONFIG_ATTR_TIDS={0x6, 0x5, 0x12}, @NL80211_TID_CONFIG_ATTR_TIDS={0x6, 0x5, 0xf9}]}, {0xc, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_TIDS={0x6, 0x5, 0xf0}]}, {0x30, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_RTSCTS_CTRL={0x5}, @NL80211_TID_CONFIG_ATTR_OVERRIDE={0x4}, @NL80211_TID_CONFIG_ATTR_PEER_SUPP={0xc, 0x3, 0x7}, @NL80211_TID_CONFIG_ATTR_VIF_SUPP={0xc}, @NL80211_TID_CONFIG_ATTR_TX_RATE_TYPE={0x5, 0xc, 0x2}]}, {0x13c, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_TX_RATE={0x108, 0xd, 0x0, 0x1, [@NL80211_BAND_6GHZ={0x2c, 0x3, 0x0, 0x1, [@NL80211_TXRATE_VHT={0x14, 0x3, {[0x6, 0x3, 0x735, 0x6f, 0x0, 0xffff, 0x6c65, 0x6]}}, @NL80211_TXRATE_HE={0x14, 0x5, {[0x7, 0x1, 0x9, 0x400, 0x3, 0x3f, 0x3, 0x3]}}]}, @NL80211_BAND_5GHZ={0x84, 0x1, 0x0, 0x1, [@NL80211_TXRATE_VHT={0x14, 0x3, {[0x2, 0x7, 0xf001, 0x6, 0xff, 0x40, 0x1, 0x1811]}}, @NL80211_TXRATE_GI={0x5, 0x4, 0x3}, @NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x1}, @NL80211_TXRATE_HT={0x3c, 0x2, [{0x5, 0x8}, {0x1, 0x8}, {0x0, 0x1}, {0x1, 0x8}, {0x6, 0x2}, {0x4, 0x3}, {0x6, 0x9}, {0x7, 0x4}, {0x4, 0xa}, {0x2, 0x2}, {0x3, 0x3}, {0x3}, {0x0, 0xa}, {0x5, 0x6}, {0x7, 0x6}, {0x2, 0x8}, {0x6, 0x7}, {0x7, 0x7}, {0x3, 0x6}, {0x5, 0x9}, {}, {0x1, 0x5}, {0x7, 0x10}, {0x7, 0x6}, {0x1, 0x7}, {0x2, 0x4}, {0x0, 0x1}, {0x3, 0x7}, {0x2, 0x8}, {0x2, 0x4}, {0x4, 0x6}, {0x0, 0x6}, {0x1, 0x3}, {0x2, 0x8}, {0x1, 0x1}, {0x4, 0x8}, {0x0, 0x1}, {0x0, 0x9}, {0x1, 0x5}, {0x5, 0x9}, {0x3, 0x2}, {0x4, 0x3}, {0x6, 0x3}, {0x5, 0x5}, {0x6, 0x3}, {0x1, 0x2}, {0x7}, {0x6, 0x8}, {0x6, 0x9}, {0x6, 0x7}, {0x0, 0x7}, {0x0, 0x3}, {0x4, 0x3}, {0x1, 0x6}, {0x3, 0x6}, {0x1}]}, @NL80211_TXRATE_LEGACY={0x14, 0x1, [0x36, 0x2, 0x48, 0x5, 0x48, 0x9, 0x5, 0x3, 0xc, 0x1, 0x5, 0x48, 0x12, 0x18, 0x16, 0x1b]}, @NL80211_TXRATE_LEGACY={0x9, 0x1, [0x24, 0x2, 0x82cdd84c12ea583, 0x2, 0x67]}]}, @NL80211_BAND_6GHZ={0x54, 0x3, 0x0, 0x1, [@NL80211_TXRATE_LEGACY={0x7, 0x1, [0x60, 0x6c, 0x18]}, @NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x1}, @NL80211_TXRATE_HT={0x4}, @NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x1}, @NL80211_TXRATE_LEGACY={0x12, 0x1, [0x6, 0x4, 0x36, 0x2, 0x5, 0x3, 0x36, 0x2, 0x48, 0x3dc5f8b3cc4437e1, 0xb, 0x1b, 0x2, 0x1b]}, @NL80211_TXRATE_LEGACY={0x4}, @NL80211_TXRATE_HE_GI={0x5, 0x6, 0x1}, @NL80211_TXRATE_HE={0x14, 0x5, {[0x1, 0x95c1, 0x3, 0xfff8, 0x0, 0x1, 0x40, 0x5]}}]}]}, @NL80211_TID_CONFIG_ATTR_RETRY_SHORT={0x5, 0x7, 0x80}, @NL80211_TID_CONFIG_ATTR_RETRY_SHORT={0x5, 0x7, 0xdf}, @NL80211_TID_CONFIG_ATTR_TX_RATE_TYPE={0x5, 0xc, 0x2}, @NL80211_TID_CONFIG_ATTR_NOACK={0x5}, @NL80211_TID_CONFIG_ATTR_AMPDU_CTRL={0x5}, @NL80211_TID_CONFIG_ATTR_TX_RATE_TYPE={0x5}]}]}, @NL80211_ATTR_TID_CONFIG={0x47c, 0x11d, 0x0, 0x1, [{0x94, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_AMSDU_CTRL={0x5, 0xb, 0x1}, @NL80211_TID_CONFIG_ATTR_TX_RATE={0x54, 0xd, 0x0, 0x1, [@NL80211_BAND_5GHZ={0x50, 0x1, 0x0, 0x1, [@NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x2}, @NL80211_TXRATE_HT={0x2d, 0x2, [{0x6, 0x1}, {0x1, 0x6}, {0x7}, {0x1, 0x4}, {0x7, 0x2}, {0x0, 0x2}, {0x2, 0x1}, {0x0, 0x7}, {0x7, 0x7}, {0x4}, {0x2, 0x3}, {0x2, 0x6}, {0x1, 0x1}, {0x2, 0x2}, {0x5, 0x4}, {0x7, 0x6}, {0x2, 0x8}, {0x4, 0x4}, {0x0, 0x7}, {0x0, 0x8}, {0x2, 0x1}, {0x5, 0x9}, {0x1, 0x4}, {0x7, 0xa}, {0x7, 0x3}, {0x6}, {0x2, 0x8}, {0x4, 0x4}, {0x1}, {0x3, 0xa}, {0x0, 0x6}, {0x3}, {0x1, 0x8}, {0x2, 0x5}, {0x7, 0x9}, {0x5, 0x9}, {0x1, 0x4}, {0x7, 0xa}, {0x3, 0x9}, {0x5, 0x5}, {0x7, 0x5}]}, @NL80211_TXRATE_HE={0x14, 0x5, {[0x2f, 0xd9, 0x9af, 0x12, 0xfffe, 0x3, 0x3]}}]}]}, @NL80211_TID_CONFIG_ATTR_AMSDU_CTRL={0x5}, @NL80211_TID_CONFIG_ATTR_OVERRIDE={0x4}, @NL80211_TID_CONFIG_ATTR_VIF_SUPP={0xc, 0x2, 0x100000000}, @NL80211_TID_CONFIG_ATTR_RETRY_SHORT={0x5, 0x7, 0x67}, @NL80211_TID_CONFIG_ATTR_RTSCTS_CTRL={0x5}, @NL80211_TID_CONFIG_ATTR_VIF_SUPP={0xc, 0x2, 0xffff}]}, {0x10, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_TIDS={0x6, 0x5, 0x97}, @NL80211_TID_CONFIG_ATTR_OVERRIDE={0x4}]}, {0x1c, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_AMPDU_CTRL={0x5, 0x9, 0x1}, @NL80211_TID_CONFIG_ATTR_AMSDU_CTRL={0x5, 0xb, 0x1}, @NL80211_TID_CONFIG_ATTR_RETRY_LONG={0x5, 0x8, 0xcc}]}, {0x290, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_TX_RATE={0x28c, 0xd, 0x0, 0x1, [@NL80211_BAND_6GHZ={0x70, 0x3, 0x0, 0x1, [@NL80211_TXRATE_HE={0x14, 0x5, {[0x3, 0x7f, 0xfff, 0x9, 0x5, 0x0, 0x6cdc, 0x7]}}, @NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x1}, @NL80211_TXRATE_HT={0x1f, 0x2, [{0x3, 0x5}, {0x3, 0x5}, {0x3, 0x9}, {0x4, 0x9}, {0x6, 0x8}, {0x6, 0xa}, {0x4, 0xa}, {0x1, 0x8}, {0x6, 0x5}, {0x4, 0xa}, {0x1, 0xa}, {0x2, 0xa}, {0x1, 0xa}, {0x7, 0xa}, {0x5, 0x4}, {0x5, 0x9}, {0x0, 0x7}, {0x2}, {0x4}, {0x2, 0x3}, {0x1}, {0x4, 0x1}, {0x1, 0x3}, {0x7, 0x9}, {0x5, 0x4}, {0x0, 0x8}, {0x4, 0x8}]}, @NL80211_TXRATE_HT={0x26, 0x2, [{0x1, 0xa}, {0x2, 0x2}, {0x0, 0x5}, {0x7}, {0x3, 0xa}, {0x7, 0xa}, {0x1, 0x1}, {0x2, 0x8}, {0x3, 0x9}, {0x2, 0x7}, {0x4, 0xa}, {0x3, 0x3}, {0x4, 0x2}, {0x0, 0x6}, {0x4, 0x9}, {0x6, 0x9}, {0x0, 0x3}, {0x6, 0x7}, {0x6, 0xa}, {0x4, 0x4}, {0x3, 0x3}, {0x3, 0xa}, {0x1, 0x4}, {0x1, 0x9}, {0x3, 0x6}, {0x2, 0x3}, {}, {0x6, 0x4}, {0x1, 0x4}, {0x0, 0x5}, {0x3, 0x6}, {0x5, 0x4}, {0x1}, {0x1, 0x2}]}, @NL80211_TXRATE_HE_GI={0x5, 0x6, 0x1}]}, @NL80211_BAND_5GHZ={0xec, 0x1, 0x0, 0x1, [@NL80211_TXRATE_HE_GI={0x5, 0x6, 0x2}, @NL80211_TXRATE_GI={0x5, 0x4, 0x1}, @NL80211_TXRATE_HE_GI={0x5, 0x6, 0x2}, @NL80211_TXRATE_HT={0x7, 0x2, [{0x5, 0x9}, {0x3, 0x6}, {0x3, 0x2}]}, @NL80211_TXRATE_HT={0x3d, 0x2, [{0x3, 0x6}, {0x5, 0x8}, {0x6, 0x8}, {0x6, 0x6}, {0x6, 0x7}, {0x7, 0x8}, {0x3, 0x3}, {0x4, 0x4}, {0x5, 0x4}, {0x3, 0xa}, {0x5, 0x1}, {0x3, 0x8}, {0x1, 0x3}, {0x5, 0xa}, {0x6, 0x4}, {0x1, 0x5}, {0x1}, {0x4, 0x7}, {0x6, 0x3}, {0x0, 0x7}, {0x6, 0x4}, {0x1, 0x6}, {0x1, 0xa}, {0x7, 0x9}, {0x7, 0x9}, {0x7, 0x1}, {0x0, 0x9}, {0x5, 0x6}, {0x1, 0x1}, {0x1, 0x2}, {0x3, 0x3}, {0x6, 0x3}, {0x6, 0x5}, {0x4, 0x5}, {0x5, 0x1}, {0x6, 0xa}, {0x2, 0x7}, {0x5, 0x7}, {0x2}, {0x4, 0x8}, {0x6, 0x7}, {0x4}, {0x7, 0x5}, {0x4, 0x9}, {0x6, 0x6}, {0x6, 0x7}, {0x1, 0x8}, {0x4, 0x7}, {0x0, 0x7}, {0x5, 0x6}, {0x4}, {}, {0x0, 0xa}, {0x3, 0x1}, {0x6, 0x7}, {0x0, 0x8}, {0x2, 0x4}]}, @NL80211_TXRATE_GI={0x5, 0x4, 0x2}, @NL80211_TXRATE_LEGACY={0x19, 0x1, [0x67, 0xb, 0xc, 0x4, 0x6, 0xc, 0x16, 0x12, 0x36, 0x5, 0x1b, 0xc, 0x24, 0x24, 0x3, 0xc, 0x0, 0x16, 0xc, 0x24, 0x12]}, @NL80211_TXRATE_GI={0x5, 0x4, 0x2}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x61f4, 0x200, 0x5, 0x9, 0x7f80, 0x42, 0x7, 0x7]}}, @NL80211_TXRATE_HT={0x46, 0x2, [{0x6}, {0x1, 0xa}, {0x0, 0x6}, {0x0, 0x3}, {0x4}, {0x6, 0x8}, {0x3, 0x1}, {0x5, 0x4}, {0x4, 0x9}, {0x0, 0x7}, {0x1, 0x3}, {0x5, 0x5}, {0x2, 0x1}, {0x4, 0x2}, {0x3, 0x6}, {0x0, 0x9}, {0x2, 0x8}, {0x2, 0x1}, {0x7}, {0x3, 0x2}, {0x7, 0x5}, {0x7, 0x7}, {0x4, 0x1}, {0x5, 0x1}, {0x5, 0x6}, {0x0, 0x8}, {0x7, 0x2}, {0x0, 0x1}, {0x5}, {0x0, 0x9}, {}, {0x0, 0xa}, {0x4, 0x2}, {0x6, 0x5}, {0x3, 0x1}, {0x4}, {0x2, 0x6}, {0x7, 0x1}, {0x3, 0x1}, {0x2, 0x2}, {0x2, 0xa}, {0x0, 0x8}, {0x1}, {0x7, 0x9}, {0x0, 0x8}, {0x1, 0x2}, {0x0, 0x9}, {0x4, 0x9}, {0x4, 0x7}, {0x4, 0x6}, {0x4, 0x1}, {0x0, 0x5}, {0x2, 0x2}, {0x6}, {0x7, 0x1}, {0x5, 0x5}, {0x7, 0x2}, {0x0, 0x3}, {0x1, 0x2}, {0x4, 0x9}, {0x0, 0x1}, {0x6, 0x6}, {0x0, 0x3}, {0x4, 0x5}, {0x2, 0x2}, {0x0, 0x4}]}]}, @NL80211_BAND_60GHZ={0x74, 0x2, 0x0, 0x1, [@NL80211_TXRATE_HE={0x14, 0x5, {[0x7c, 0xc03a, 0x1, 0x7fff, 0x5, 0x1, 0x9, 0x5d5c]}}, @NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x1}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x40, 0x5, 0x0, 0x1000, 0x800, 0xff, 0x6, 0x8]}}, @NL80211_TXRATE_GI={0x5}, @NL80211_TXRATE_GI={0x5, 0x4, 0x2}, @NL80211_TXRATE_GI={0x5, 0x4, 0x1}, @NL80211_TXRATE_HT={0xa, 0x2, [{0x2, 0x2}, {0x5, 0xa}, {0x0, 0x4}, {0x6, 0x1}, {0x0, 0x6}, {0x2, 0x4}]}, @NL80211_TXRATE_HE={0x14, 0x5, {[0x9, 0x3, 0x5, 0xeb51, 0x7, 0x3ff, 0x7fe0, 0x8]}}, @NL80211_TXRATE_HE_GI={0x5, 0x6, 0x1}]}, @NL80211_BAND_2GHZ={0x20, 0x0, 0x0, 0x1, [@NL80211_TXRATE_VHT={0x14, 0x3, {[0x6, 0x9, 0x2, 0x6, 0x5, 0x5, 0x0, 0x1]}}, @NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x1}]}, @NL80211_BAND_6GHZ={0x30, 0x3, 0x0, 0x1, [@NL80211_TXRATE_GI={0x5, 0x4, 0x1}, @NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x2}, @NL80211_TXRATE_GI={0x5, 0x4, 0x2}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x1, 0x5, 0xffff, 0x8, 0x6, 0x7, 0x549c, 0x800]}}]}, @NL80211_BAND_5GHZ={0x68, 0x1, 0x0, 0x1, [@NL80211_TXRATE_GI={0x5}, @NL80211_TXRATE_HE_GI={0x5, 0x6, 0x1}, @NL80211_TXRATE_HE_GI={0x5, 0x6, 0x2}, @NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x1}, @NL80211_TXRATE_HE={0x14, 0x5, {[0xffff, 0x3e16, 0x3f, 0x0, 0x5f6, 0x9, 0xe2, 0x7]}}, @NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x1}, @NL80211_TXRATE_GI={0x5}, @NL80211_TXRATE_HT={0x18, 0x2, [{0x1, 0x2}, {0x3, 0x4}, {0x3, 0x7}, {0x6}, {0x6, 0x3}, {0x2, 0x13}, {0x5, 0x8}, {0x3, 0x3}, {0x5}, {0x2}, {0x0, 0x8}, {0x0, 0x2}, {}, {}, {0x4, 0x4}, {0x7, 0x2}, {0x7}, {0x5, 0x1}, {0x7, 0x2}, {0x0, 0x4}]}, @NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x1}]}]}]}, {0x3c, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_RETRY_LONG={0x5, 0x8, 0xcc}, @NL80211_TID_CONFIG_ATTR_TX_RATE_TYPE={0x5}, @NL80211_TID_CONFIG_ATTR_RTSCTS_CTRL={0x5}, @NL80211_TID_CONFIG_ATTR_OVERRIDE={0x4}, @NL80211_TID_CONFIG_ATTR_RTSCTS_CTRL={0x5, 0xa, 0x1}, @NL80211_TID_CONFIG_ATTR_TIDS={0x6, 0x5, 0x2}, @NL80211_TID_CONFIG_ATTR_PEER_SUPP={0xc}]}, {0x10, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_OVERRIDE={0x4}, @NL80211_TID_CONFIG_ATTR_NOACK={0x5, 0x6, 0x1}]}, {0xa4, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_TX_RATE={0x60, 0xd, 0x0, 0x1, [@NL80211_BAND_5GHZ={0x18, 0x1, 0x0, 0x1, [@NL80211_TXRATE_LEGACY={0x11, 0x1, [0x3, 0x6c, 0x9, 0x60, 0x1, 0x24, 0x5, 0x5, 0x18, 0x3, 0x48, 0x24, 0x36]}]}, @NL80211_BAND_6GHZ={0x44, 0x3, 0x0, 0x1, [@NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x2}, @NL80211_TXRATE_HE_GI={0x5, 0x6, 0x1}, @NL80211_TXRATE_HE_LTF={0x5}, @NL80211_TXRATE_HE={0x14, 0x5, {[0x1f, 0x5, 0x5, 0xf000, 0x24, 0xc95f, 0x3, 0x81]}}, @NL80211_TXRATE_HE={0x14, 0x5, {[0xff, 0xfff9, 0x6, 0x7ff, 0xffff, 0x7f4, 0x9, 0x80]}}]}]}, @NL80211_TID_CONFIG_ATTR_NOACK={0x5, 0x6, 0x1}, @NL80211_TID_CONFIG_ATTR_NOACK={0x5, 0x6, 0x1}, @NL80211_TID_CONFIG_ATTR_RETRY_LONG={0x5, 0x8, 0x6e}, @NL80211_TID_CONFIG_ATTR_OVERRIDE={0x4}, @NL80211_TID_CONFIG_ATTR_RETRY_LONG={0x5, 0x8, 0xd3}, @NL80211_TID_CONFIG_ATTR_TX_RATE_TYPE={0x5, 0xc, 0x1}, @NL80211_TID_CONFIG_ATTR_VIF_SUPP={0xc, 0x2, 0xacb4}, @NL80211_TID_CONFIG_ATTR_RTSCTS_CTRL={0x5, 0xa, 0x1}]}, {0x38, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_AMPDU_CTRL={0x5, 0x9, 0x1}, @NL80211_TID_CONFIG_ATTR_VIF_SUPP={0xc, 0x2, 0x9}, @NL80211_TID_CONFIG_ATTR_NOACK={0x5}, @NL80211_TID_CONFIG_ATTR_PEER_SUPP={0xc, 0x3, 0xfffffffffffff9eb}, @NL80211_TID_CONFIG_ATTR_VIF_SUPP={0xc}]}]}, @NL80211_ATTR_TID_CONFIG={0x448, 0x11d, 0x0, 0x1, [{0x444, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_TX_RATE={0x420, 0xd, 0x0, 0x1, [@NL80211_BAND_5GHZ={0x9c, 0x1, 0x0, 0x1, [@NL80211_TXRATE_GI={0x5}, @NL80211_TXRATE_HT={0x4f, 0x2, [{0x0, 0x1}, {0x7, 0x1}, {0x2, 0x1}, {0x1, 0x8}, {0x0, 0x6}, {0x0, 0x4}, {0x0, 0x6}, {0x2, 0x2}, {0x6, 0x5}, {0x6, 0x4}, {0x7}, {0x6, 0x3}, {0x0, 0x9}, {0x6, 0x3}, {0x0, 0x7}, {0x1, 0x4}, {0x5, 0x4}, {}, {0x1, 0x9}, {0x7, 0x2}, {0x5, 0x4}, {0x5, 0x8}, {0x4, 0x5}, {0x1}, {0x1, 0xa}, {0x0, 0x4}, {0x2, 0x6}, {0x2, 0xa}, {0x0, 0x4}, {0x1}, {0x2, 0x7}, {0x5, 0x3}, {0x4, 0x9}, {0x4, 0x9}, {0x1, 0x6}, {0x6, 0xa}, {0x5, 0x4}, {0x1, 0x2}, {0x4, 0x1}, {0x4, 0x3}, {0x1, 0x9}, {0x2, 0x8}, {0x0, 0x9}, {0x1, 0x4}, {0x6, 0xa}, {0x3, 0x7}, {0x7, 0x8}, {0x5}, {0x7, 0xa}, {0x3, 0x1}, {0x1, 0x2}, {0x7, 0x1}, {0x7, 0x6}, {0x0, 0xa}, {0x6, 0x2}, {0x6, 0x2}, {0x5, 0x9}, {0x5, 0xa}, {0x1, 0x7}, {0x2, 0x7}, {0x1, 0x7}, {0x0, 0x1}, {0x2, 0x8}, {0x4, 0x4}, {0x4, 0x9}, {0x4, 0xa}, {0x2, 0x4}, {0x0, 0x2}, {0x3, 0x8}, {0x7, 0xa}, {0x1, 0x5}, {0x0, 0x9}, {0x3}, {0x2, 0x7}, {0x5, 0x8}]}, @NL80211_TXRATE_HE_GI={0x5, 0x6, 0x2}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x1, 0xfffb, 0x6, 0x1000, 0x2, 0x0, 0x0, 0x200]}}, @NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x2}, @NL80211_TXRATE_GI={0x5, 0x4, 0x2}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0xc87, 0x7, 0x6, 0x9, 0x20, 0x29d, 0x34, 0x1]}}]}, @NL80211_BAND_6GHZ={0xac, 0x3, 0x0, 0x1, [@NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x1}, @NL80211_TXRATE_HE_GI={0x5, 0x6, 0x2}, @NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x1}, @NL80211_TXRATE_LEGACY={0x20, 0x1, [0x48, 0x30, 0x9, 0x14, 0x16, 0x24, 0x36, 0x2, 0x36, 0x1b, 0x36, 0x57, 0x1, 0x3, 0x3, 0x6c, 0xa098f5c7cc1da606, 0xd, 0x16, 0xc, 0x4, 0x6c, 0x3, 0x2, 0x30, 0x18, 0x5b, 0xc]}, @NL80211_TXRATE_LEGACY={0x20, 0x1, [0x36, 0x6c, 0x16, 0x36, 0xc, 0x4, 0x1b, 0x48, 0x12, 0x1b, 0x0, 0x48, 0x5, 0x4e, 0x24, 0x6, 0x48, 0x1b, 0x2, 0x6c, 0x16, 0x12, 0x5, 0xc, 0x3, 0xc, 0x18, 0x5]}, @NL80211_TXRATE_HT={0x4d, 0x2, [{0x5, 0x3}, {0x2, 0x9}, {0x6, 0x4}, {0x5, 0x1}, {0x7, 0x7}, {0x1, 0x2}, {0x0, 0x6}, {0x1, 0x1}, {0x5, 0xa}, {0x0, 0x2}, {0x5, 0x6}, {0x3, 0x7}, {0x1, 0x7}, {0x0, 0x8}, {0x3, 0x8}, {0x2, 0xa}, {0x0, 0x5}, {0x1, 0x8}, {0x7, 0x7}, {0x4, 0xa}, {0x6, 0x1}, {0x0, 0x5}, {0x4, 0x2}, {0x6, 0x3}, {0x3, 0x1}, {0x2, 0xa}, {0x5, 0x6}, {0x1, 0x1}, {}, {0x3, 0x1}, {0x2, 0x5}, {0x7, 0x7}, {}, {0x0, 0x3}, {0x4, 0x4}, {0x1, 0x9}, {0x7, 0x9}, {0x0, 0x6}, {0x0, 0x5}, {0x1, 0x9}, {0x5, 0x3}, {0x0, 0x7}, {0x2, 0x1}, {0x7, 0x9}, {0x7, 0x3}, {0x1, 0x1}, {0x0, 0x1}, {0x3, 0x5}, {0x7, 0x8}, {0x1, 0x6}, {0x0, 0x5}, {0x4, 0x9}, {0x1, 0x2}, {0x3, 0x7}, {0x1, 0x1}, {0x2, 0x8}, {0x2, 0x5}, {0x3}, {0x5, 0xa}, {}, {0x5, 0x1}, {0x1}, {0x1, 0x9}, {0x3, 0x7}, {0x2, 0x4}, {0x4}, {0x1, 0x8}, {0x3, 0x6}, {0x0, 0x9}, {0x0, 0xa}, {0x6, 0xa}, {0x1, 0x8}, {0x6, 0x8}]}]}, @NL80211_BAND_6GHZ={0xc, 0x3, 0x0, 0x1, [@NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x1}]}, @NL80211_BAND_60GHZ={0x5c, 0x2, 0x0, 0x1, [@NL80211_TXRATE_HE={0x14, 0x5, {[0x7, 0x920, 0x1, 0xfffe, 0x0, 0x4, 0x8001, 0x13f]}}, @NL80211_TXRATE_HE={0x14, 0x5, {[0x1a, 0x0, 0x1, 0x7, 0x3, 0x5, 0x5, 0x8]}}, @NL80211_TXRATE_HE={0x14, 0x5, {[0x800, 0x8, 0x9, 0x3, 0x2, 0x4, 0x7, 0x5]}}, @NL80211_TXRATE_HE={0x14, 0x5, {[0x40, 0x200, 0x3, 0x7, 0xae, 0x7ff, 0x4, 0x1]}}, @NL80211_TXRATE_HE_LTF={0x5}]}, @NL80211_BAND_5GHZ={0xb0, 0x1, 0x0, 0x1, [@NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x1}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x7fff, 0xca8, 0xfffc, 0xb, 0x3, 0xfffc, 0x4f04, 0x6]}}, @NL80211_TXRATE_HE={0x14, 0x5, {[0x4, 0xffff, 0x3, 0x3, 0x1, 0x6, 0x6, 0xc0]}}, @NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x2}, @NL80211_TXRATE_HE={0x14, 0x5, {[0x4, 0x8000, 0x5, 0x7fff, 0x8, 0x1f, 0x63fb, 0x1]}}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x7ff, 0x40, 0x1, 0xffff, 0x1, 0x81, 0x7, 0x20]}}, @NL80211_TXRATE_HT={0x35, 0x2, [{0x4}, {0x7, 0x2}, {0x7, 0x6}, {0x5, 0x4}, {0x4, 0x9}, {0x2, 0x1}, {0x2, 0x2}, {0x1, 0x8}, {0x7, 0x2}, {0x3, 0x8}, {0x4, 0x3}, {0x3, 0x1}, {0x1, 0x3}, {0x5, 0x3}, {0x5, 0x3}, {0x4, 0xa}, {}, {0x4, 0x8}, {0x6, 0x7}, {0x1, 0x7}, {0x2, 0x1}, {0x5, 0x1}, {0x7, 0x5}, {0x2, 0x3}, {0x3, 0x5}, {0x3}, {0x3, 0x9}, {0x0, 0x8}, {0x6, 0x3}, {0x4, 0xa}, {0x0, 0x4}, {0x3, 0x4}, {0x0, 0x1}, {}, {0x6, 0x5}, {0x1, 0x4}, {0x1, 0x7}, {0x1, 0x6}, {0x1, 0xa}, {0x4, 0x5}, {}, {0x5, 0x1}, {0x4}, {0x6, 0x2}, {0x1, 0x8}, {0x6, 0x9}, {0x2, 0x3}, {0x6, 0x6}, {0x0, 0x8}]}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0xd3, 0x400, 0x8, 0x200, 0x401, 0x2, 0x80, 0x7ff]}}]}, @NL80211_BAND_60GHZ={0x44, 0x2, 0x0, 0x1, [@NL80211_TXRATE_HT={0x10, 0x2, [{0x6, 0x1}, {0x4, 0x7}, {0x7, 0x4}, {0x6, 0x1}, {0x7, 0x4}, {0x5, 0x1}, {0x4, 0x2}, {0x7, 0x3}, {0x4, 0x8}, {0x6, 0x7}, {0x4, 0x2}, {0x6, 0xa}]}, @NL80211_TXRATE_HE={0x14, 0x5, {[0xee4, 0x40, 0x9, 0x4, 0x1000, 0x7, 0x4, 0xfff]}}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x1, 0x0, 0x8001, 0x9, 0x35, 0xa1, 0x401, 0x81]}}, @NL80211_TXRATE_HE_GI={0x5}]}, @NL80211_BAND_5GHZ={0x7c, 0x1, 0x0, 0x1, [@NL80211_TXRATE_HE={0x14, 0x5, {[0x0, 0x1, 0x9, 0x1, 0x1ff, 0x6, 0x101]}}, @NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x1}, @NL80211_TXRATE_GI={0x5, 0x4, 0x1}, @NL80211_TXRATE_GI={0x5}, @NL80211_TXRATE_HE={0x14, 0x5, {[0x5, 0x9, 0x0, 0x1, 0x400, 0xffff, 0x7, 0xff]}}, @NL80211_TXRATE_HE={0x14, 0x5, {[0x9, 0x9, 0x1f, 0x8, 0x1000, 0x0, 0x4, 0x800]}}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x80, 0xff, 0x100, 0x9, 0x8, 0x80, 0x1, 0x307]}}, @NL80211_TXRATE_GI={0x5}, @NL80211_TXRATE_HE_GI={0x5, 0x6, 0x1}]}, @NL80211_BAND_6GHZ={0x54, 0x3, 0x0, 0x1, [@NL80211_TXRATE_GI={0x5}, @NL80211_TXRATE_HE_LTF={0x5}, @NL80211_TXRATE_LEGACY={0x4}, @NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x2}, @NL80211_TXRATE_HT={0x18, 0x2, [{0x0, 0x9}, {0x4, 0x9}, {0x6, 0x9}, {0x0, 0x1}, {0x4, 0x3}, {0x0, 0x8}, {0x3, 0xa}, {0x5, 0x3}, {0x6, 0x7}, {0x0, 0x8}, {0x0, 0x2}, {0x0, 0x8}, {0x7, 0x5}, {0x5, 0x1}, {0x1, 0x3}, {0x0, 0x5}, {0x2, 0x9}, {0x7, 0x6}, {0x0, 0xb}, {0x1, 0x4}]}, @NL80211_TXRATE_HE_LTF={0x5}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x3, 0xd3, 0x46f2, 0xffff, 0x101, 0x1ff, 0xfffa]}}]}, @NL80211_BAND_2GHZ={0xa8, 0x0, 0x0, 0x1, [@NL80211_TXRATE_LEGACY={0x23, 0x1, [0xb, 0xb, 0x0, 0xc, 0x30, 0x76, 0x36, 0xc, 0x3, 0x4, 0x2, 0x60, 0x18, 0xc, 0x2, 0x18, 0x1b, 0x9, 0x6c, 0x4a, 0x4e, 0x36, 0x48, 0x6a, 0x6, 0x1b, 0x1, 0xc, 0x5, 0x18, 0x36]}, @NL80211_TXRATE_HT={0x1e, 0x2, [{0x6, 0x4}, {}, {0x7, 0x5}, {0x1, 0x3}, {0x4, 0xa}, {0x0, 0xa}, {0x6, 0x7}, {0x7, 0x1}, {0x6, 0x2}, {}, {0x4, 0x1}, {0x0, 0x1}, {0x1, 0x2}, {0x2, 0x6}, {0x1, 0x3}, {0x0, 0x1}, {0x1, 0x5}, {0x0, 0x6}, {0x6, 0x1}, {0x4, 0x3}, {0x1, 0x5}, {0x4, 0x9}, {0x6, 0x9}, {0x7, 0x4}, {0x7, 0xa}, {0x0, 0x2}]}, @NL80211_TXRATE_HE={0x14, 0x5, {[0x1, 0x8000, 0xff, 0x1, 0x6, 0x1, 0x2, 0x3]}}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x31, 0x7dd, 0x3, 0x8000, 0x401, 0x1000, 0x2, 0xffff]}}, @NL80211_TXRATE_HE_GI={0x5, 0x6, 0x1}, @NL80211_TXRATE_LEGACY={0x19, 0x1, [0x9, 0x12, 0x1, 0x30, 0x12, 0x18, 0x2, 0x16, 0x18, 0x1b, 0x3, 0x77, 0xb, 0x1b, 0x48, 0x5, 0x1, 0x16, 0x48, 0x1, 0x4]}, @NL80211_TXRATE_HE={0x14, 0x5, {[0x903, 0xffff, 0x7, 0xe735, 0x200, 0x3, 0x27fc, 0x8]}}]}]}, @NL80211_TID_CONFIG_ATTR_PEER_SUPP={0xc, 0x3, 0x4}, @NL80211_TID_CONFIG_ATTR_PEER_SUPP={0xc, 0x3, 0xa6d}, @NL80211_TID_CONFIG_ATTR_TX_RATE_TYPE={0x5, 0xc, 0x1}]}]}, @NL80211_ATTR_TID_CONFIG={0x50, 0x11d, 0x0, 0x1, [{0x18, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_VIF_SUPP={0xc, 0x2, 0x9}, @NL80211_TID_CONFIG_ATTR_TX_RATE_TYPE={0x5, 0xc, 0x3}]}, {0x34, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_RTSCTS_CTRL={0x5, 0xa, 0x1}, @NL80211_TID_CONFIG_ATTR_AMSDU_CTRL={0x5, 0xb, 0x1}, @NL80211_TID_CONFIG_ATTR_NOACK={0x5}, @NL80211_TID_CONFIG_ATTR_RETRY_SHORT={0x5, 0x7, 0x57}, @NL80211_TID_CONFIG_ATTR_AMSDU_CTRL={0x5}, @NL80211_TID_CONFIG_ATTR_TIDS={0x6, 0x5, 0x8c}]}]}]}, 0xad4}, 0x1, 0x0, 0x0, 0x800}, 0x8840)
rename(&(0x7f00000000c0)='./bus\x00', &(0x7f0000000180)='./file0\x00')
name_to_handle_at(r1, &(0x7f0000000ec0)='./bus\x00', &(0x7f0000001000)=ANY=[@ANYBLOB="10000000040000eea92bdd8d0eff0b0000ff7f0000030000be0b0c887fccad13b87fcae10279a985de0d2880046e365f7804afeed550a9e984fc01ef7e6caac8d24eb873e556526c6940669b1fd0ebe9f41227acf08974e1cd2f482c8e57af797abfbb7b63488151501a17f10a6a67ddaf974eb02d2a23503b340ffa6e91fdcf79c58752416d93f435e0aa5eb05aa0acf32b3dc776e401199a26b63572182cb59ca18baec0a1e7f79f1927e929e896ce0f8c2d379ec42c779cb68bbca958a582b82ab99ba0b353a75f46291590bd85aeab52cd"], &(0x7f0000000f40), 0x1400)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mkdir(&(0x7f00000001c0)='./bus/file0\x00', 0x0)
sendfile(r2, r4, 0x0, 0x80000001)
r5 = socket$kcm(0x10, 0x2, 0x4)
sendmsg$kcm(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000000)="48000000140081fb7059ae08060c04000aff0f03000004000e11000000006fabca1b4e7d06a6bd7c493872f750375ed08a562ad6e74703c48f93b82a02000000461eb886a5e54e8f", 0x48}], 0x1}, 0x0)
mount(&(0x7f0000000f00)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000000f80)='./bus\x00', &(0x7f0000000fc0)='anon_inodefs\x00', 0x200000, &(0x7f0000001100)='/*}.#\'\x00')
r6 = socket$kcm(0x10, 0x2, 0x4)
sendmsg$kcm(r6, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000000)="48000000140081fb7059ae08060c04000aff0f03000004000e11000000006fabca1b4e7d06a6bd7c493872f750375ed08a562ad6e74703c48f93b82a02000000461eb886a5e54e8f", 0x48}], 0x1}, 0x0)
sendfile(r5, r6, 0x0, 0x2800000000000)

[  361.085374][T26166] RAX: ffffffffffffffda RBX: 00007f99337f9030 RCX: 00007f99336e60e9
[  361.093353][T26166] RDX: 0000000000000000 RSI: 000000000000000b RDI: 0000000000000004
[  361.101399][T26166] RBP: 00007f9932e3b1d0 R08: 0000000000000000 R09: 0000000000000000
[  361.109372][T26166] R10: 0000000080000001 R11: 0000000000000246 R12: 0000000000000001
[  361.117402][T26166] R13: 00007ffd90c343df R14: 00007f9932e3b300 R15: 0000000000022000
[  361.125375][T26166]  </TASK>
[  361.159003][T26175] loop4: detected capacity change from 0 to 262160
[  361.174499][T26177] loop3: detected capacity change from 0 to 262160
[  361.189073][T26179] loop1: detected capacity change from 0 to 262160
11:47:37 executing program 5:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x3000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

11:47:37 executing program 0:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
syz_open_procfs(0x0, &(0x7f00000001c0)='net/ip_vs_stats\x00')
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001) (fail_nth: 9)

[  361.332343][T26183] loop5: detected capacity change from 0 to 262160
[  361.402098][T26188] loop0: detected capacity change from 0 to 262160
11:47:37 executing program 3:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80002100)

11:47:37 executing program 4:
r0 = syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[]) (async)
chdir(&(0x7f0000000140)='./file0\x00') (async)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r1, &(0x7f0000000040)=ANY=[], 0x8800000)
syncfs(r0)
r2 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r3 = openat(0xffffffffffffffff, &(0x7f0000000200)='./bus\x00', 0x400000, 0x48)
sendmsg$NL80211_CMD_SET_TID_CONFIG(r3, &(0x7f0000000e80)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000e40)={&(0x7f0000000300)={0xad4, 0x0, 0x300, 0x70bd2c, 0x200, {{}, {@val={0x8}, @val={0xc, 0x99, {0x4, 0x27}}}}, [@NL80211_ATTR_TID_CONFIG={0x198, 0x11d, 0x0, 0x1, [{0x1c, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_TIDS={0x6, 0x5, 0xdb}, @NL80211_TID_CONFIG_ATTR_TIDS={0x6, 0x5, 0x12}, @NL80211_TID_CONFIG_ATTR_TIDS={0x6, 0x5, 0xf9}]}, {0xc, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_TIDS={0x6, 0x5, 0xf0}]}, {0x30, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_RTSCTS_CTRL={0x5}, @NL80211_TID_CONFIG_ATTR_OVERRIDE={0x4}, @NL80211_TID_CONFIG_ATTR_PEER_SUPP={0xc, 0x3, 0x7}, @NL80211_TID_CONFIG_ATTR_VIF_SUPP={0xc}, @NL80211_TID_CONFIG_ATTR_TX_RATE_TYPE={0x5, 0xc, 0x2}]}, {0x13c, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_TX_RATE={0x108, 0xd, 0x0, 0x1, [@NL80211_BAND_6GHZ={0x2c, 0x3, 0x0, 0x1, [@NL80211_TXRATE_VHT={0x14, 0x3, {[0x6, 0x3, 0x735, 0x6f, 0x0, 0xffff, 0x6c65, 0x6]}}, @NL80211_TXRATE_HE={0x14, 0x5, {[0x7, 0x1, 0x9, 0x400, 0x3, 0x3f, 0x3, 0x3]}}]}, @NL80211_BAND_5GHZ={0x84, 0x1, 0x0, 0x1, [@NL80211_TXRATE_VHT={0x14, 0x3, {[0x2, 0x7, 0xf001, 0x6, 0xff, 0x40, 0x1, 0x1811]}}, @NL80211_TXRATE_GI={0x5, 0x4, 0x3}, @NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x1}, @NL80211_TXRATE_HT={0x3c, 0x2, [{0x5, 0x8}, {0x1, 0x8}, {0x0, 0x1}, {0x1, 0x8}, {0x6, 0x2}, {0x4, 0x3}, {0x6, 0x9}, {0x7, 0x4}, {0x4, 0xa}, {0x2, 0x2}, {0x3, 0x3}, {0x3}, {0x0, 0xa}, {0x5, 0x6}, {0x7, 0x6}, {0x2, 0x8}, {0x6, 0x7}, {0x7, 0x7}, {0x3, 0x6}, {0x5, 0x9}, {}, {0x1, 0x5}, {0x7, 0x10}, {0x7, 0x6}, {0x1, 0x7}, {0x2, 0x4}, {0x0, 0x1}, {0x3, 0x7}, {0x2, 0x8}, {0x2, 0x4}, {0x4, 0x6}, {0x0, 0x6}, {0x1, 0x3}, {0x2, 0x8}, {0x1, 0x1}, {0x4, 0x8}, {0x0, 0x1}, {0x0, 0x9}, {0x1, 0x5}, {0x5, 0x9}, {0x3, 0x2}, {0x4, 0x3}, {0x6, 0x3}, {0x5, 0x5}, {0x6, 0x3}, {0x1, 0x2}, {0x7}, {0x6, 0x8}, {0x6, 0x9}, {0x6, 0x7}, {0x0, 0x7}, {0x0, 0x3}, {0x4, 0x3}, {0x1, 0x6}, {0x3, 0x6}, {0x1}]}, @NL80211_TXRATE_LEGACY={0x14, 0x1, [0x36, 0x2, 0x48, 0x5, 0x48, 0x9, 0x5, 0x3, 0xc, 0x1, 0x5, 0x48, 0x12, 0x18, 0x16, 0x1b]}, @NL80211_TXRATE_LEGACY={0x9, 0x1, [0x24, 0x2, 0x82cdd84c12ea583, 0x2, 0x67]}]}, @NL80211_BAND_6GHZ={0x54, 0x3, 0x0, 0x1, [@NL80211_TXRATE_LEGACY={0x7, 0x1, [0x60, 0x6c, 0x18]}, @NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x1}, @NL80211_TXRATE_HT={0x4}, @NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x1}, @NL80211_TXRATE_LEGACY={0x12, 0x1, [0x6, 0x4, 0x36, 0x2, 0x5, 0x3, 0x36, 0x2, 0x48, 0x3dc5f8b3cc4437e1, 0xb, 0x1b, 0x2, 0x1b]}, @NL80211_TXRATE_LEGACY={0x4}, @NL80211_TXRATE_HE_GI={0x5, 0x6, 0x1}, @NL80211_TXRATE_HE={0x14, 0x5, {[0x1, 0x95c1, 0x3, 0xfff8, 0x0, 0x1, 0x40, 0x5]}}]}]}, @NL80211_TID_CONFIG_ATTR_RETRY_SHORT={0x5, 0x7, 0x80}, @NL80211_TID_CONFIG_ATTR_RETRY_SHORT={0x5, 0x7, 0xdf}, @NL80211_TID_CONFIG_ATTR_TX_RATE_TYPE={0x5, 0xc, 0x2}, @NL80211_TID_CONFIG_ATTR_NOACK={0x5}, @NL80211_TID_CONFIG_ATTR_AMPDU_CTRL={0x5}, @NL80211_TID_CONFIG_ATTR_TX_RATE_TYPE={0x5}]}]}, @NL80211_ATTR_TID_CONFIG={0x47c, 0x11d, 0x0, 0x1, [{0x94, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_AMSDU_CTRL={0x5, 0xb, 0x1}, @NL80211_TID_CONFIG_ATTR_TX_RATE={0x54, 0xd, 0x0, 0x1, [@NL80211_BAND_5GHZ={0x50, 0x1, 0x0, 0x1, [@NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x2}, @NL80211_TXRATE_HT={0x2d, 0x2, [{0x6, 0x1}, {0x1, 0x6}, {0x7}, {0x1, 0x4}, {0x7, 0x2}, {0x0, 0x2}, {0x2, 0x1}, {0x0, 0x7}, {0x7, 0x7}, {0x4}, {0x2, 0x3}, {0x2, 0x6}, {0x1, 0x1}, {0x2, 0x2}, {0x5, 0x4}, {0x7, 0x6}, {0x2, 0x8}, {0x4, 0x4}, {0x0, 0x7}, {0x0, 0x8}, {0x2, 0x1}, {0x5, 0x9}, {0x1, 0x4}, {0x7, 0xa}, {0x7, 0x3}, {0x6}, {0x2, 0x8}, {0x4, 0x4}, {0x1}, {0x3, 0xa}, {0x0, 0x6}, {0x3}, {0x1, 0x8}, {0x2, 0x5}, {0x7, 0x9}, {0x5, 0x9}, {0x1, 0x4}, {0x7, 0xa}, {0x3, 0x9}, {0x5, 0x5}, {0x7, 0x5}]}, @NL80211_TXRATE_HE={0x14, 0x5, {[0x2f, 0xd9, 0x9af, 0x12, 0xfffe, 0x3, 0x3]}}]}]}, @NL80211_TID_CONFIG_ATTR_AMSDU_CTRL={0x5}, @NL80211_TID_CONFIG_ATTR_OVERRIDE={0x4}, @NL80211_TID_CONFIG_ATTR_VIF_SUPP={0xc, 0x2, 0x100000000}, @NL80211_TID_CONFIG_ATTR_RETRY_SHORT={0x5, 0x7, 0x67}, @NL80211_TID_CONFIG_ATTR_RTSCTS_CTRL={0x5}, @NL80211_TID_CONFIG_ATTR_VIF_SUPP={0xc, 0x2, 0xffff}]}, {0x10, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_TIDS={0x6, 0x5, 0x97}, @NL80211_TID_CONFIG_ATTR_OVERRIDE={0x4}]}, {0x1c, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_AMPDU_CTRL={0x5, 0x9, 0x1}, @NL80211_TID_CONFIG_ATTR_AMSDU_CTRL={0x5, 0xb, 0x1}, @NL80211_TID_CONFIG_ATTR_RETRY_LONG={0x5, 0x8, 0xcc}]}, {0x290, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_TX_RATE={0x28c, 0xd, 0x0, 0x1, [@NL80211_BAND_6GHZ={0x70, 0x3, 0x0, 0x1, [@NL80211_TXRATE_HE={0x14, 0x5, {[0x3, 0x7f, 0xfff, 0x9, 0x5, 0x0, 0x6cdc, 0x7]}}, @NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x1}, @NL80211_TXRATE_HT={0x1f, 0x2, [{0x3, 0x5}, {0x3, 0x5}, {0x3, 0x9}, {0x4, 0x9}, {0x6, 0x8}, {0x6, 0xa}, {0x4, 0xa}, {0x1, 0x8}, {0x6, 0x5}, {0x4, 0xa}, {0x1, 0xa}, {0x2, 0xa}, {0x1, 0xa}, {0x7, 0xa}, {0x5, 0x4}, {0x5, 0x9}, {0x0, 0x7}, {0x2}, {0x4}, {0x2, 0x3}, {0x1}, {0x4, 0x1}, {0x1, 0x3}, {0x7, 0x9}, {0x5, 0x4}, {0x0, 0x8}, {0x4, 0x8}]}, @NL80211_TXRATE_HT={0x26, 0x2, [{0x1, 0xa}, {0x2, 0x2}, {0x0, 0x5}, {0x7}, {0x3, 0xa}, {0x7, 0xa}, {0x1, 0x1}, {0x2, 0x8}, {0x3, 0x9}, {0x2, 0x7}, {0x4, 0xa}, {0x3, 0x3}, {0x4, 0x2}, {0x0, 0x6}, {0x4, 0x9}, {0x6, 0x9}, {0x0, 0x3}, {0x6, 0x7}, {0x6, 0xa}, {0x4, 0x4}, {0x3, 0x3}, {0x3, 0xa}, {0x1, 0x4}, {0x1, 0x9}, {0x3, 0x6}, {0x2, 0x3}, {}, {0x6, 0x4}, {0x1, 0x4}, {0x0, 0x5}, {0x3, 0x6}, {0x5, 0x4}, {0x1}, {0x1, 0x2}]}, @NL80211_TXRATE_HE_GI={0x5, 0x6, 0x1}]}, @NL80211_BAND_5GHZ={0xec, 0x1, 0x0, 0x1, [@NL80211_TXRATE_HE_GI={0x5, 0x6, 0x2}, @NL80211_TXRATE_GI={0x5, 0x4, 0x1}, @NL80211_TXRATE_HE_GI={0x5, 0x6, 0x2}, @NL80211_TXRATE_HT={0x7, 0x2, [{0x5, 0x9}, {0x3, 0x6}, {0x3, 0x2}]}, @NL80211_TXRATE_HT={0x3d, 0x2, [{0x3, 0x6}, {0x5, 0x8}, {0x6, 0x8}, {0x6, 0x6}, {0x6, 0x7}, {0x7, 0x8}, {0x3, 0x3}, {0x4, 0x4}, {0x5, 0x4}, {0x3, 0xa}, {0x5, 0x1}, {0x3, 0x8}, {0x1, 0x3}, {0x5, 0xa}, {0x6, 0x4}, {0x1, 0x5}, {0x1}, {0x4, 0x7}, {0x6, 0x3}, {0x0, 0x7}, {0x6, 0x4}, {0x1, 0x6}, {0x1, 0xa}, {0x7, 0x9}, {0x7, 0x9}, {0x7, 0x1}, {0x0, 0x9}, {0x5, 0x6}, {0x1, 0x1}, {0x1, 0x2}, {0x3, 0x3}, {0x6, 0x3}, {0x6, 0x5}, {0x4, 0x5}, {0x5, 0x1}, {0x6, 0xa}, {0x2, 0x7}, {0x5, 0x7}, {0x2}, {0x4, 0x8}, {0x6, 0x7}, {0x4}, {0x7, 0x5}, {0x4, 0x9}, {0x6, 0x6}, {0x6, 0x7}, {0x1, 0x8}, {0x4, 0x7}, {0x0, 0x7}, {0x5, 0x6}, {0x4}, {}, {0x0, 0xa}, {0x3, 0x1}, {0x6, 0x7}, {0x0, 0x8}, {0x2, 0x4}]}, @NL80211_TXRATE_GI={0x5, 0x4, 0x2}, @NL80211_TXRATE_LEGACY={0x19, 0x1, [0x67, 0xb, 0xc, 0x4, 0x6, 0xc, 0x16, 0x12, 0x36, 0x5, 0x1b, 0xc, 0x24, 0x24, 0x3, 0xc, 0x0, 0x16, 0xc, 0x24, 0x12]}, @NL80211_TXRATE_GI={0x5, 0x4, 0x2}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x61f4, 0x200, 0x5, 0x9, 0x7f80, 0x42, 0x7, 0x7]}}, @NL80211_TXRATE_HT={0x46, 0x2, [{0x6}, {0x1, 0xa}, {0x0, 0x6}, {0x0, 0x3}, {0x4}, {0x6, 0x8}, {0x3, 0x1}, {0x5, 0x4}, {0x4, 0x9}, {0x0, 0x7}, {0x1, 0x3}, {0x5, 0x5}, {0x2, 0x1}, {0x4, 0x2}, {0x3, 0x6}, {0x0, 0x9}, {0x2, 0x8}, {0x2, 0x1}, {0x7}, {0x3, 0x2}, {0x7, 0x5}, {0x7, 0x7}, {0x4, 0x1}, {0x5, 0x1}, {0x5, 0x6}, {0x0, 0x8}, {0x7, 0x2}, {0x0, 0x1}, {0x5}, {0x0, 0x9}, {}, {0x0, 0xa}, {0x4, 0x2}, {0x6, 0x5}, {0x3, 0x1}, {0x4}, {0x2, 0x6}, {0x7, 0x1}, {0x3, 0x1}, {0x2, 0x2}, {0x2, 0xa}, {0x0, 0x8}, {0x1}, {0x7, 0x9}, {0x0, 0x8}, {0x1, 0x2}, {0x0, 0x9}, {0x4, 0x9}, {0x4, 0x7}, {0x4, 0x6}, {0x4, 0x1}, {0x0, 0x5}, {0x2, 0x2}, {0x6}, {0x7, 0x1}, {0x5, 0x5}, {0x7, 0x2}, {0x0, 0x3}, {0x1, 0x2}, {0x4, 0x9}, {0x0, 0x1}, {0x6, 0x6}, {0x0, 0x3}, {0x4, 0x5}, {0x2, 0x2}, {0x0, 0x4}]}]}, @NL80211_BAND_60GHZ={0x74, 0x2, 0x0, 0x1, [@NL80211_TXRATE_HE={0x14, 0x5, {[0x7c, 0xc03a, 0x1, 0x7fff, 0x5, 0x1, 0x9, 0x5d5c]}}, @NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x1}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x40, 0x5, 0x0, 0x1000, 0x800, 0xff, 0x6, 0x8]}}, @NL80211_TXRATE_GI={0x5}, @NL80211_TXRATE_GI={0x5, 0x4, 0x2}, @NL80211_TXRATE_GI={0x5, 0x4, 0x1}, @NL80211_TXRATE_HT={0xa, 0x2, [{0x2, 0x2}, {0x5, 0xa}, {0x0, 0x4}, {0x6, 0x1}, {0x0, 0x6}, {0x2, 0x4}]}, @NL80211_TXRATE_HE={0x14, 0x5, {[0x9, 0x3, 0x5, 0xeb51, 0x7, 0x3ff, 0x7fe0, 0x8]}}, @NL80211_TXRATE_HE_GI={0x5, 0x6, 0x1}]}, @NL80211_BAND_2GHZ={0x20, 0x0, 0x0, 0x1, [@NL80211_TXRATE_VHT={0x14, 0x3, {[0x6, 0x9, 0x2, 0x6, 0x5, 0x5, 0x0, 0x1]}}, @NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x1}]}, @NL80211_BAND_6GHZ={0x30, 0x3, 0x0, 0x1, [@NL80211_TXRATE_GI={0x5, 0x4, 0x1}, @NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x2}, @NL80211_TXRATE_GI={0x5, 0x4, 0x2}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x1, 0x5, 0xffff, 0x8, 0x6, 0x7, 0x549c, 0x800]}}]}, @NL80211_BAND_5GHZ={0x68, 0x1, 0x0, 0x1, [@NL80211_TXRATE_GI={0x5}, @NL80211_TXRATE_HE_GI={0x5, 0x6, 0x1}, @NL80211_TXRATE_HE_GI={0x5, 0x6, 0x2}, @NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x1}, @NL80211_TXRATE_HE={0x14, 0x5, {[0xffff, 0x3e16, 0x3f, 0x0, 0x5f6, 0x9, 0xe2, 0x7]}}, @NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x1}, @NL80211_TXRATE_GI={0x5}, @NL80211_TXRATE_HT={0x18, 0x2, [{0x1, 0x2}, {0x3, 0x4}, {0x3, 0x7}, {0x6}, {0x6, 0x3}, {0x2, 0x13}, {0x5, 0x8}, {0x3, 0x3}, {0x5}, {0x2}, {0x0, 0x8}, {0x0, 0x2}, {}, {}, {0x4, 0x4}, {0x7, 0x2}, {0x7}, {0x5, 0x1}, {0x7, 0x2}, {0x0, 0x4}]}, @NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x1}]}]}]}, {0x3c, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_RETRY_LONG={0x5, 0x8, 0xcc}, @NL80211_TID_CONFIG_ATTR_TX_RATE_TYPE={0x5}, @NL80211_TID_CONFIG_ATTR_RTSCTS_CTRL={0x5}, @NL80211_TID_CONFIG_ATTR_OVERRIDE={0x4}, @NL80211_TID_CONFIG_ATTR_RTSCTS_CTRL={0x5, 0xa, 0x1}, @NL80211_TID_CONFIG_ATTR_TIDS={0x6, 0x5, 0x2}, @NL80211_TID_CONFIG_ATTR_PEER_SUPP={0xc}]}, {0x10, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_OVERRIDE={0x4}, @NL80211_TID_CONFIG_ATTR_NOACK={0x5, 0x6, 0x1}]}, {0xa4, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_TX_RATE={0x60, 0xd, 0x0, 0x1, [@NL80211_BAND_5GHZ={0x18, 0x1, 0x0, 0x1, [@NL80211_TXRATE_LEGACY={0x11, 0x1, [0x3, 0x6c, 0x9, 0x60, 0x1, 0x24, 0x5, 0x5, 0x18, 0x3, 0x48, 0x24, 0x36]}]}, @NL80211_BAND_6GHZ={0x44, 0x3, 0x0, 0x1, [@NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x2}, @NL80211_TXRATE_HE_GI={0x5, 0x6, 0x1}, @NL80211_TXRATE_HE_LTF={0x5}, @NL80211_TXRATE_HE={0x14, 0x5, {[0x1f, 0x5, 0x5, 0xf000, 0x24, 0xc95f, 0x3, 0x81]}}, @NL80211_TXRATE_HE={0x14, 0x5, {[0xff, 0xfff9, 0x6, 0x7ff, 0xffff, 0x7f4, 0x9, 0x80]}}]}]}, @NL80211_TID_CONFIG_ATTR_NOACK={0x5, 0x6, 0x1}, @NL80211_TID_CONFIG_ATTR_NOACK={0x5, 0x6, 0x1}, @NL80211_TID_CONFIG_ATTR_RETRY_LONG={0x5, 0x8, 0x6e}, @NL80211_TID_CONFIG_ATTR_OVERRIDE={0x4}, @NL80211_TID_CONFIG_ATTR_RETRY_LONG={0x5, 0x8, 0xd3}, @NL80211_TID_CONFIG_ATTR_TX_RATE_TYPE={0x5, 0xc, 0x1}, @NL80211_TID_CONFIG_ATTR_VIF_SUPP={0xc, 0x2, 0xacb4}, @NL80211_TID_CONFIG_ATTR_RTSCTS_CTRL={0x5, 0xa, 0x1}]}, {0x38, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_AMPDU_CTRL={0x5, 0x9, 0x1}, @NL80211_TID_CONFIG_ATTR_VIF_SUPP={0xc, 0x2, 0x9}, @NL80211_TID_CONFIG_ATTR_NOACK={0x5}, @NL80211_TID_CONFIG_ATTR_PEER_SUPP={0xc, 0x3, 0xfffffffffffff9eb}, @NL80211_TID_CONFIG_ATTR_VIF_SUPP={0xc}]}]}, @NL80211_ATTR_TID_CONFIG={0x448, 0x11d, 0x0, 0x1, [{0x444, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_TX_RATE={0x420, 0xd, 0x0, 0x1, [@NL80211_BAND_5GHZ={0x9c, 0x1, 0x0, 0x1, [@NL80211_TXRATE_GI={0x5}, @NL80211_TXRATE_HT={0x4f, 0x2, [{0x0, 0x1}, {0x7, 0x1}, {0x2, 0x1}, {0x1, 0x8}, {0x0, 0x6}, {0x0, 0x4}, {0x0, 0x6}, {0x2, 0x2}, {0x6, 0x5}, {0x6, 0x4}, {0x7}, {0x6, 0x3}, {0x0, 0x9}, {0x6, 0x3}, {0x0, 0x7}, {0x1, 0x4}, {0x5, 0x4}, {}, {0x1, 0x9}, {0x7, 0x2}, {0x5, 0x4}, {0x5, 0x8}, {0x4, 0x5}, {0x1}, {0x1, 0xa}, {0x0, 0x4}, {0x2, 0x6}, {0x2, 0xa}, {0x0, 0x4}, {0x1}, {0x2, 0x7}, {0x5, 0x3}, {0x4, 0x9}, {0x4, 0x9}, {0x1, 0x6}, {0x6, 0xa}, {0x5, 0x4}, {0x1, 0x2}, {0x4, 0x1}, {0x4, 0x3}, {0x1, 0x9}, {0x2, 0x8}, {0x0, 0x9}, {0x1, 0x4}, {0x6, 0xa}, {0x3, 0x7}, {0x7, 0x8}, {0x5}, {0x7, 0xa}, {0x3, 0x1}, {0x1, 0x2}, {0x7, 0x1}, {0x7, 0x6}, {0x0, 0xa}, {0x6, 0x2}, {0x6, 0x2}, {0x5, 0x9}, {0x5, 0xa}, {0x1, 0x7}, {0x2, 0x7}, {0x1, 0x7}, {0x0, 0x1}, {0x2, 0x8}, {0x4, 0x4}, {0x4, 0x9}, {0x4, 0xa}, {0x2, 0x4}, {0x0, 0x2}, {0x3, 0x8}, {0x7, 0xa}, {0x1, 0x5}, {0x0, 0x9}, {0x3}, {0x2, 0x7}, {0x5, 0x8}]}, @NL80211_TXRATE_HE_GI={0x5, 0x6, 0x2}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x1, 0xfffb, 0x6, 0x1000, 0x2, 0x0, 0x0, 0x200]}}, @NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x2}, @NL80211_TXRATE_GI={0x5, 0x4, 0x2}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0xc87, 0x7, 0x6, 0x9, 0x20, 0x29d, 0x34, 0x1]}}]}, @NL80211_BAND_6GHZ={0xac, 0x3, 0x0, 0x1, [@NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x1}, @NL80211_TXRATE_HE_GI={0x5, 0x6, 0x2}, @NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x1}, @NL80211_TXRATE_LEGACY={0x20, 0x1, [0x48, 0x30, 0x9, 0x14, 0x16, 0x24, 0x36, 0x2, 0x36, 0x1b, 0x36, 0x57, 0x1, 0x3, 0x3, 0x6c, 0xa098f5c7cc1da606, 0xd, 0x16, 0xc, 0x4, 0x6c, 0x3, 0x2, 0x30, 0x18, 0x5b, 0xc]}, @NL80211_TXRATE_LEGACY={0x20, 0x1, [0x36, 0x6c, 0x16, 0x36, 0xc, 0x4, 0x1b, 0x48, 0x12, 0x1b, 0x0, 0x48, 0x5, 0x4e, 0x24, 0x6, 0x48, 0x1b, 0x2, 0x6c, 0x16, 0x12, 0x5, 0xc, 0x3, 0xc, 0x18, 0x5]}, @NL80211_TXRATE_HT={0x4d, 0x2, [{0x5, 0x3}, {0x2, 0x9}, {0x6, 0x4}, {0x5, 0x1}, {0x7, 0x7}, {0x1, 0x2}, {0x0, 0x6}, {0x1, 0x1}, {0x5, 0xa}, {0x0, 0x2}, {0x5, 0x6}, {0x3, 0x7}, {0x1, 0x7}, {0x0, 0x8}, {0x3, 0x8}, {0x2, 0xa}, {0x0, 0x5}, {0x1, 0x8}, {0x7, 0x7}, {0x4, 0xa}, {0x6, 0x1}, {0x0, 0x5}, {0x4, 0x2}, {0x6, 0x3}, {0x3, 0x1}, {0x2, 0xa}, {0x5, 0x6}, {0x1, 0x1}, {}, {0x3, 0x1}, {0x2, 0x5}, {0x7, 0x7}, {}, {0x0, 0x3}, {0x4, 0x4}, {0x1, 0x9}, {0x7, 0x9}, {0x0, 0x6}, {0x0, 0x5}, {0x1, 0x9}, {0x5, 0x3}, {0x0, 0x7}, {0x2, 0x1}, {0x7, 0x9}, {0x7, 0x3}, {0x1, 0x1}, {0x0, 0x1}, {0x3, 0x5}, {0x7, 0x8}, {0x1, 0x6}, {0x0, 0x5}, {0x4, 0x9}, {0x1, 0x2}, {0x3, 0x7}, {0x1, 0x1}, {0x2, 0x8}, {0x2, 0x5}, {0x3}, {0x5, 0xa}, {}, {0x5, 0x1}, {0x1}, {0x1, 0x9}, {0x3, 0x7}, {0x2, 0x4}, {0x4}, {0x1, 0x8}, {0x3, 0x6}, {0x0, 0x9}, {0x0, 0xa}, {0x6, 0xa}, {0x1, 0x8}, {0x6, 0x8}]}]}, @NL80211_BAND_6GHZ={0xc, 0x3, 0x0, 0x1, [@NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x1}]}, @NL80211_BAND_60GHZ={0x5c, 0x2, 0x0, 0x1, [@NL80211_TXRATE_HE={0x14, 0x5, {[0x7, 0x920, 0x1, 0xfffe, 0x0, 0x4, 0x8001, 0x13f]}}, @NL80211_TXRATE_HE={0x14, 0x5, {[0x1a, 0x0, 0x1, 0x7, 0x3, 0x5, 0x5, 0x8]}}, @NL80211_TXRATE_HE={0x14, 0x5, {[0x800, 0x8, 0x9, 0x3, 0x2, 0x4, 0x7, 0x5]}}, @NL80211_TXRATE_HE={0x14, 0x5, {[0x40, 0x200, 0x3, 0x7, 0xae, 0x7ff, 0x4, 0x1]}}, @NL80211_TXRATE_HE_LTF={0x5}]}, @NL80211_BAND_5GHZ={0xb0, 0x1, 0x0, 0x1, [@NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x1}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x7fff, 0xca8, 0xfffc, 0xb, 0x3, 0xfffc, 0x4f04, 0x6]}}, @NL80211_TXRATE_HE={0x14, 0x5, {[0x4, 0xffff, 0x3, 0x3, 0x1, 0x6, 0x6, 0xc0]}}, @NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x2}, @NL80211_TXRATE_HE={0x14, 0x5, {[0x4, 0x8000, 0x5, 0x7fff, 0x8, 0x1f, 0x63fb, 0x1]}}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x7ff, 0x40, 0x1, 0xffff, 0x1, 0x81, 0x7, 0x20]}}, @NL80211_TXRATE_HT={0x35, 0x2, [{0x4}, {0x7, 0x2}, {0x7, 0x6}, {0x5, 0x4}, {0x4, 0x9}, {0x2, 0x1}, {0x2, 0x2}, {0x1, 0x8}, {0x7, 0x2}, {0x3, 0x8}, {0x4, 0x3}, {0x3, 0x1}, {0x1, 0x3}, {0x5, 0x3}, {0x5, 0x3}, {0x4, 0xa}, {}, {0x4, 0x8}, {0x6, 0x7}, {0x1, 0x7}, {0x2, 0x1}, {0x5, 0x1}, {0x7, 0x5}, {0x2, 0x3}, {0x3, 0x5}, {0x3}, {0x3, 0x9}, {0x0, 0x8}, {0x6, 0x3}, {0x4, 0xa}, {0x0, 0x4}, {0x3, 0x4}, {0x0, 0x1}, {}, {0x6, 0x5}, {0x1, 0x4}, {0x1, 0x7}, {0x1, 0x6}, {0x1, 0xa}, {0x4, 0x5}, {}, {0x5, 0x1}, {0x4}, {0x6, 0x2}, {0x1, 0x8}, {0x6, 0x9}, {0x2, 0x3}, {0x6, 0x6}, {0x0, 0x8}]}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0xd3, 0x400, 0x8, 0x200, 0x401, 0x2, 0x80, 0x7ff]}}]}, @NL80211_BAND_60GHZ={0x44, 0x2, 0x0, 0x1, [@NL80211_TXRATE_HT={0x10, 0x2, [{0x6, 0x1}, {0x4, 0x7}, {0x7, 0x4}, {0x6, 0x1}, {0x7, 0x4}, {0x5, 0x1}, {0x4, 0x2}, {0x7, 0x3}, {0x4, 0x8}, {0x6, 0x7}, {0x4, 0x2}, {0x6, 0xa}]}, @NL80211_TXRATE_HE={0x14, 0x5, {[0xee4, 0x40, 0x9, 0x4, 0x1000, 0x7, 0x4, 0xfff]}}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x1, 0x0, 0x8001, 0x9, 0x35, 0xa1, 0x401, 0x81]}}, @NL80211_TXRATE_HE_GI={0x5}]}, @NL80211_BAND_5GHZ={0x7c, 0x1, 0x0, 0x1, [@NL80211_TXRATE_HE={0x14, 0x5, {[0x0, 0x1, 0x9, 0x1, 0x1ff, 0x6, 0x101]}}, @NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x1}, @NL80211_TXRATE_GI={0x5, 0x4, 0x1}, @NL80211_TXRATE_GI={0x5}, @NL80211_TXRATE_HE={0x14, 0x5, {[0x5, 0x9, 0x0, 0x1, 0x400, 0xffff, 0x7, 0xff]}}, @NL80211_TXRATE_HE={0x14, 0x5, {[0x9, 0x9, 0x1f, 0x8, 0x1000, 0x0, 0x4, 0x800]}}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x80, 0xff, 0x100, 0x9, 0x8, 0x80, 0x1, 0x307]}}, @NL80211_TXRATE_GI={0x5}, @NL80211_TXRATE_HE_GI={0x5, 0x6, 0x1}]}, @NL80211_BAND_6GHZ={0x54, 0x3, 0x0, 0x1, [@NL80211_TXRATE_GI={0x5}, @NL80211_TXRATE_HE_LTF={0x5}, @NL80211_TXRATE_LEGACY={0x4}, @NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x2}, @NL80211_TXRATE_HT={0x18, 0x2, [{0x0, 0x9}, {0x4, 0x9}, {0x6, 0x9}, {0x0, 0x1}, {0x4, 0x3}, {0x0, 0x8}, {0x3, 0xa}, {0x5, 0x3}, {0x6, 0x7}, {0x0, 0x8}, {0x0, 0x2}, {0x0, 0x8}, {0x7, 0x5}, {0x5, 0x1}, {0x1, 0x3}, {0x0, 0x5}, {0x2, 0x9}, {0x7, 0x6}, {0x0, 0xb}, {0x1, 0x4}]}, @NL80211_TXRATE_HE_LTF={0x5}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x3, 0xd3, 0x46f2, 0xffff, 0x101, 0x1ff, 0xfffa]}}]}, @NL80211_BAND_2GHZ={0xa8, 0x0, 0x0, 0x1, [@NL80211_TXRATE_LEGACY={0x23, 0x1, [0xb, 0xb, 0x0, 0xc, 0x30, 0x76, 0x36, 0xc, 0x3, 0x4, 0x2, 0x60, 0x18, 0xc, 0x2, 0x18, 0x1b, 0x9, 0x6c, 0x4a, 0x4e, 0x36, 0x48, 0x6a, 0x6, 0x1b, 0x1, 0xc, 0x5, 0x18, 0x36]}, @NL80211_TXRATE_HT={0x1e, 0x2, [{0x6, 0x4}, {}, {0x7, 0x5}, {0x1, 0x3}, {0x4, 0xa}, {0x0, 0xa}, {0x6, 0x7}, {0x7, 0x1}, {0x6, 0x2}, {}, {0x4, 0x1}, {0x0, 0x1}, {0x1, 0x2}, {0x2, 0x6}, {0x1, 0x3}, {0x0, 0x1}, {0x1, 0x5}, {0x0, 0x6}, {0x6, 0x1}, {0x4, 0x3}, {0x1, 0x5}, {0x4, 0x9}, {0x6, 0x9}, {0x7, 0x4}, {0x7, 0xa}, {0x0, 0x2}]}, @NL80211_TXRATE_HE={0x14, 0x5, {[0x1, 0x8000, 0xff, 0x1, 0x6, 0x1, 0x2, 0x3]}}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x31, 0x7dd, 0x3, 0x8000, 0x401, 0x1000, 0x2, 0xffff]}}, @NL80211_TXRATE_HE_GI={0x5, 0x6, 0x1}, @NL80211_TXRATE_LEGACY={0x19, 0x1, [0x9, 0x12, 0x1, 0x30, 0x12, 0x18, 0x2, 0x16, 0x18, 0x1b, 0x3, 0x77, 0xb, 0x1b, 0x48, 0x5, 0x1, 0x16, 0x48, 0x1, 0x4]}, @NL80211_TXRATE_HE={0x14, 0x5, {[0x903, 0xffff, 0x7, 0xe735, 0x200, 0x3, 0x27fc, 0x8]}}]}]}, @NL80211_TID_CONFIG_ATTR_PEER_SUPP={0xc, 0x3, 0x4}, @NL80211_TID_CONFIG_ATTR_PEER_SUPP={0xc, 0x3, 0xa6d}, @NL80211_TID_CONFIG_ATTR_TX_RATE_TYPE={0x5, 0xc, 0x1}]}]}, @NL80211_ATTR_TID_CONFIG={0x50, 0x11d, 0x0, 0x1, [{0x18, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_VIF_SUPP={0xc, 0x2, 0x9}, @NL80211_TID_CONFIG_ATTR_TX_RATE_TYPE={0x5, 0xc, 0x3}]}, {0x34, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_RTSCTS_CTRL={0x5, 0xa, 0x1}, @NL80211_TID_CONFIG_ATTR_AMSDU_CTRL={0x5, 0xb, 0x1}, @NL80211_TID_CONFIG_ATTR_NOACK={0x5}, @NL80211_TID_CONFIG_ATTR_RETRY_SHORT={0x5, 0x7, 0x57}, @NL80211_TID_CONFIG_ATTR_AMSDU_CTRL={0x5}, @NL80211_TID_CONFIG_ATTR_TIDS={0x6, 0x5, 0x8c}]}]}]}, 0xad4}, 0x1, 0x0, 0x0, 0x800}, 0x8840)
rename(&(0x7f00000000c0)='./bus\x00', &(0x7f0000000180)='./file0\x00') (async)
name_to_handle_at(r1, &(0x7f0000000ec0)='./bus\x00', &(0x7f0000001000)=ANY=[@ANYBLOB="10000000040000eea92bdd8d0eff0b0000ff7f0000030000be0b0c887fccad13b87fcae10279a985de0d2880046e365f7804afeed550a9e984fc01ef7e6caac8d24eb873e556526c6940669b1fd0ebe9f41227acf08974e1cd2f482c8e57af797abfbb7b63488151501a17f10a6a67ddaf974eb02d2a23503b340ffa6e91fdcf79c58752416d93f435e0aa5eb05aa0acf32b3dc776e401199a26b63572182cb59ca18baec0a1e7f79f1927e929e896ce0f8c2d379ec42c779cb68bbca958a582b82ab99ba0b353a75f46291590bd85aeab52cd"], &(0x7f0000000f40), 0x1400) (async)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mkdir(&(0x7f00000001c0)='./bus/file0\x00', 0x0) (async)
sendfile(r2, r4, 0x0, 0x80000001) (async)
r5 = socket$kcm(0x10, 0x2, 0x4)
sendmsg$kcm(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000000)="48000000140081fb7059ae08060c04000aff0f03000004000e11000000006fabca1b4e7d06a6bd7c493872f750375ed08a562ad6e74703c48f93b82a02000000461eb886a5e54e8f", 0x48}], 0x1}, 0x0) (async)
mount(&(0x7f0000000f00)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000000f80)='./bus\x00', &(0x7f0000000fc0)='anon_inodefs\x00', 0x200000, &(0x7f0000001100)='/*}.#\'\x00')
r6 = socket$kcm(0x10, 0x2, 0x4)
sendmsg$kcm(r6, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000000)="48000000140081fb7059ae08060c04000aff0f03000004000e11000000006fabca1b4e7d06a6bd7c493872f750375ed08a562ad6e74703c48f93b82a02000000461eb886a5e54e8f", 0x48}], 0x1}, 0x0) (async, rerun: 64)
sendfile(r5, r6, 0x0, 0x2800000000000) (rerun: 64)

11:47:37 executing program 1:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mount(0x0, 0x0, 0x0, 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80008f00)
ioctl$BTRFS_IOC_GET_DEV_STATS(0xffffffffffffffff, 0xc4089434, 0x0)

[  361.502886][T26189] FAULT_INJECTION: forcing a failure.
[  361.502886][T26189] name failslab, interval 1, probability 0, space 0, times 0
[  361.515544][T26189] CPU: 0 PID: 26189 Comm: syz-executor.0 Not tainted 5.18.0-rc2-syzkaller-00275-g59250f8a7f3a-dirty #0
[  361.526570][T26189] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  361.536711][T26189] Call Trace:
[  361.539991][T26189]  <TASK>
[  361.542919][T26189]  dump_stack_lvl+0xd6/0x122
[  361.547601][T26189]  dump_stack+0x11/0x12
11:47:37 executing program 2:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800022)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

[  361.551762][T26189]  should_fail+0x230/0x240
[  361.556267][T26189]  __should_failslab+0x81/0x90
[  361.561116][T26189]  ? mempool_alloc_slab+0x16/0x20
[  361.566142][T26189]  should_failslab+0x5/0x20
[  361.570665][T26189]  kmem_cache_alloc+0x46/0x300
[  361.575511][T26189]  ? update_cfs_rq_load_avg+0x16e/0x180
[  361.581115][T26189]  mempool_alloc_slab+0x16/0x20
[  361.586048][T26189]  ? mempool_free+0x130/0x130
[  361.590724][T26189]  mempool_alloc+0x9f/0x2a0
[  361.595308][T26189]  ? __schedule+0x514/0x6c0
[  361.599823][T26189]  bio_alloc_bioset+0xe4/0x730
[  361.604588][T26189]  submit_bh_wbc+0x161/0x2f0
[  361.609212][T26189]  __sync_dirty_buffer+0x141/0x1f0
[  361.614398][T26189]  sync_dirty_buffer+0x16/0x20
[  361.619202][T26189]  fat_mirror_bhs+0x268/0x330
[  361.623883][T26189]  fat_ent_write+0xc2/0xd0
[  361.628342][T26189]  fat_chain_add+0x15b/0x410
[  361.633001][T26189]  fat_get_block+0x486/0x600
[  361.637611][T26189]  ? fat_block_truncate_page+0x30/0x30
[  361.643084][T26189]  __block_write_begin_int+0x33d/0xc90
11:47:37 executing program 5:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x4000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

[  361.648556][T26189]  ? fat_block_truncate_page+0x30/0x30
[  361.654081][T26189]  ? PageHeadHuge+0x3b/0x120
[  361.658671][T26189]  ? fat_block_truncate_page+0x30/0x30
[  361.664137][T26189]  block_write_begin+0x77/0x170
[  361.668989][T26189]  ? cont_write_begin+0x3aa/0x500
[  361.674062][T26189]  cont_write_begin+0x3cf/0x500
[  361.678919][T26189]  fat_write_begin+0x61/0xf0
[  361.683585][T26189]  ? fat_block_truncate_page+0x30/0x30
[  361.689046][T26189]  generic_perform_write+0x1d6/0x3f0
[  361.694428][T26189]  __generic_file_write_iter+0x172/0x280
[  361.700124][T26189]  ? generic_write_checks+0x256/0x290
[  361.705495][T26189]  generic_file_write_iter+0x75/0x130
[  361.710863][T26189]  do_iter_readv_writev+0x27b/0x300
[  361.716144][T26189]  do_iter_write+0x16f/0x5c0
[  361.720736][T26189]  ? splice_from_pipe_next+0x34f/0x3b0
[  361.726271][T26189]  vfs_iter_write+0x4c/0x70
[  361.730781][T26189]  iter_file_splice_write+0x44a/0x7c0
[  361.736186][T26189]  ? splice_from_pipe+0xc0/0xc0
[  361.741118][T26189]  direct_splice_actor+0x80/0xa0
[  361.746056][T26189]  splice_direct_to_actor+0x345/0x660
[  361.751433][T26189]  ? do_splice_direct+0x180/0x180
[  361.756516][T26189]  do_splice_direct+0xfb/0x180
[  361.761384][T26189]  do_sendfile+0x3ad/0x900
[  361.765799][T26189]  __x64_sys_sendfile64+0x10c/0x150
[  361.771070][T26189]  do_syscall_64+0x2b/0x70
[  361.775495][T26189]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  361.781406][T26189] RIP: 0033:0x7f99336e60e9
[  361.785825][T26189] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[  361.805471][T26189] RSP: 002b:00007f9932e3b168 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[  361.813935][T26189] RAX: ffffffffffffffda RBX: 00007f99337f9030 RCX: 00007f99336e60e9
[  361.821915][T26189] RDX: 0000000000000000 RSI: 000000000000000b RDI: 0000000000000004
[  361.829954][T26189] RBP: 00007f9932e3b1d0 R08: 0000000000000000 R09: 0000000000000000
[  361.837949][T26189] R10: 0000000080000001 R11: 0000000000000246 R12: 0000000000000001
[  361.845919][T26189] R13: 00007ffd90c343df R14: 00007f9932e3b300 R15: 0000000000022000
11:47:37 executing program 2:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800023)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

[  361.854017][T26189]  </TASK>
[  361.889745][T26196] loop3: detected capacity change from 0 to 262160
[  361.903580][T26199] loop1: detected capacity change from 0 to 262160
[  361.911924][T26202] loop5: detected capacity change from 0 to 262160
[  361.918780][T26203] loop4: detected capacity change from 0 to 262160
11:47:38 executing program 4:
r0 = syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[]) (async)
chdir(&(0x7f0000000140)='./file0\x00') (async)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r1, &(0x7f0000000040)=ANY=[], 0x8800000)
syncfs(r0)
r2 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0) (async)
r3 = openat(0xffffffffffffffff, &(0x7f0000000200)='./bus\x00', 0x400000, 0x48)
sendmsg$NL80211_CMD_SET_TID_CONFIG(r3, &(0x7f0000000e80)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000e40)={&(0x7f0000000300)={0xad4, 0x0, 0x300, 0x70bd2c, 0x200, {{}, {@val={0x8}, @val={0xc, 0x99, {0x4, 0x27}}}}, [@NL80211_ATTR_TID_CONFIG={0x198, 0x11d, 0x0, 0x1, [{0x1c, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_TIDS={0x6, 0x5, 0xdb}, @NL80211_TID_CONFIG_ATTR_TIDS={0x6, 0x5, 0x12}, @NL80211_TID_CONFIG_ATTR_TIDS={0x6, 0x5, 0xf9}]}, {0xc, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_TIDS={0x6, 0x5, 0xf0}]}, {0x30, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_RTSCTS_CTRL={0x5}, @NL80211_TID_CONFIG_ATTR_OVERRIDE={0x4}, @NL80211_TID_CONFIG_ATTR_PEER_SUPP={0xc, 0x3, 0x7}, @NL80211_TID_CONFIG_ATTR_VIF_SUPP={0xc}, @NL80211_TID_CONFIG_ATTR_TX_RATE_TYPE={0x5, 0xc, 0x2}]}, {0x13c, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_TX_RATE={0x108, 0xd, 0x0, 0x1, [@NL80211_BAND_6GHZ={0x2c, 0x3, 0x0, 0x1, [@NL80211_TXRATE_VHT={0x14, 0x3, {[0x6, 0x3, 0x735, 0x6f, 0x0, 0xffff, 0x6c65, 0x6]}}, @NL80211_TXRATE_HE={0x14, 0x5, {[0x7, 0x1, 0x9, 0x400, 0x3, 0x3f, 0x3, 0x3]}}]}, @NL80211_BAND_5GHZ={0x84, 0x1, 0x0, 0x1, [@NL80211_TXRATE_VHT={0x14, 0x3, {[0x2, 0x7, 0xf001, 0x6, 0xff, 0x40, 0x1, 0x1811]}}, @NL80211_TXRATE_GI={0x5, 0x4, 0x3}, @NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x1}, @NL80211_TXRATE_HT={0x3c, 0x2, [{0x5, 0x8}, {0x1, 0x8}, {0x0, 0x1}, {0x1, 0x8}, {0x6, 0x2}, {0x4, 0x3}, {0x6, 0x9}, {0x7, 0x4}, {0x4, 0xa}, {0x2, 0x2}, {0x3, 0x3}, {0x3}, {0x0, 0xa}, {0x5, 0x6}, {0x7, 0x6}, {0x2, 0x8}, {0x6, 0x7}, {0x7, 0x7}, {0x3, 0x6}, {0x5, 0x9}, {}, {0x1, 0x5}, {0x7, 0x10}, {0x7, 0x6}, {0x1, 0x7}, {0x2, 0x4}, {0x0, 0x1}, {0x3, 0x7}, {0x2, 0x8}, {0x2, 0x4}, {0x4, 0x6}, {0x0, 0x6}, {0x1, 0x3}, {0x2, 0x8}, {0x1, 0x1}, {0x4, 0x8}, {0x0, 0x1}, {0x0, 0x9}, {0x1, 0x5}, {0x5, 0x9}, {0x3, 0x2}, {0x4, 0x3}, {0x6, 0x3}, {0x5, 0x5}, {0x6, 0x3}, {0x1, 0x2}, {0x7}, {0x6, 0x8}, {0x6, 0x9}, {0x6, 0x7}, {0x0, 0x7}, {0x0, 0x3}, {0x4, 0x3}, {0x1, 0x6}, {0x3, 0x6}, {0x1}]}, @NL80211_TXRATE_LEGACY={0x14, 0x1, [0x36, 0x2, 0x48, 0x5, 0x48, 0x9, 0x5, 0x3, 0xc, 0x1, 0x5, 0x48, 0x12, 0x18, 0x16, 0x1b]}, @NL80211_TXRATE_LEGACY={0x9, 0x1, [0x24, 0x2, 0x82cdd84c12ea583, 0x2, 0x67]}]}, @NL80211_BAND_6GHZ={0x54, 0x3, 0x0, 0x1, [@NL80211_TXRATE_LEGACY={0x7, 0x1, [0x60, 0x6c, 0x18]}, @NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x1}, @NL80211_TXRATE_HT={0x4}, @NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x1}, @NL80211_TXRATE_LEGACY={0x12, 0x1, [0x6, 0x4, 0x36, 0x2, 0x5, 0x3, 0x36, 0x2, 0x48, 0x3dc5f8b3cc4437e1, 0xb, 0x1b, 0x2, 0x1b]}, @NL80211_TXRATE_LEGACY={0x4}, @NL80211_TXRATE_HE_GI={0x5, 0x6, 0x1}, @NL80211_TXRATE_HE={0x14, 0x5, {[0x1, 0x95c1, 0x3, 0xfff8, 0x0, 0x1, 0x40, 0x5]}}]}]}, @NL80211_TID_CONFIG_ATTR_RETRY_SHORT={0x5, 0x7, 0x80}, @NL80211_TID_CONFIG_ATTR_RETRY_SHORT={0x5, 0x7, 0xdf}, @NL80211_TID_CONFIG_ATTR_TX_RATE_TYPE={0x5, 0xc, 0x2}, @NL80211_TID_CONFIG_ATTR_NOACK={0x5}, @NL80211_TID_CONFIG_ATTR_AMPDU_CTRL={0x5}, @NL80211_TID_CONFIG_ATTR_TX_RATE_TYPE={0x5}]}]}, @NL80211_ATTR_TID_CONFIG={0x47c, 0x11d, 0x0, 0x1, [{0x94, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_AMSDU_CTRL={0x5, 0xb, 0x1}, @NL80211_TID_CONFIG_ATTR_TX_RATE={0x54, 0xd, 0x0, 0x1, [@NL80211_BAND_5GHZ={0x50, 0x1, 0x0, 0x1, [@NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x2}, @NL80211_TXRATE_HT={0x2d, 0x2, [{0x6, 0x1}, {0x1, 0x6}, {0x7}, {0x1, 0x4}, {0x7, 0x2}, {0x0, 0x2}, {0x2, 0x1}, {0x0, 0x7}, {0x7, 0x7}, {0x4}, {0x2, 0x3}, {0x2, 0x6}, {0x1, 0x1}, {0x2, 0x2}, {0x5, 0x4}, {0x7, 0x6}, {0x2, 0x8}, {0x4, 0x4}, {0x0, 0x7}, {0x0, 0x8}, {0x2, 0x1}, {0x5, 0x9}, {0x1, 0x4}, {0x7, 0xa}, {0x7, 0x3}, {0x6}, {0x2, 0x8}, {0x4, 0x4}, {0x1}, {0x3, 0xa}, {0x0, 0x6}, {0x3}, {0x1, 0x8}, {0x2, 0x5}, {0x7, 0x9}, {0x5, 0x9}, {0x1, 0x4}, {0x7, 0xa}, {0x3, 0x9}, {0x5, 0x5}, {0x7, 0x5}]}, @NL80211_TXRATE_HE={0x14, 0x5, {[0x2f, 0xd9, 0x9af, 0x12, 0xfffe, 0x3, 0x3]}}]}]}, @NL80211_TID_CONFIG_ATTR_AMSDU_CTRL={0x5}, @NL80211_TID_CONFIG_ATTR_OVERRIDE={0x4}, @NL80211_TID_CONFIG_ATTR_VIF_SUPP={0xc, 0x2, 0x100000000}, @NL80211_TID_CONFIG_ATTR_RETRY_SHORT={0x5, 0x7, 0x67}, @NL80211_TID_CONFIG_ATTR_RTSCTS_CTRL={0x5}, @NL80211_TID_CONFIG_ATTR_VIF_SUPP={0xc, 0x2, 0xffff}]}, {0x10, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_TIDS={0x6, 0x5, 0x97}, @NL80211_TID_CONFIG_ATTR_OVERRIDE={0x4}]}, {0x1c, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_AMPDU_CTRL={0x5, 0x9, 0x1}, @NL80211_TID_CONFIG_ATTR_AMSDU_CTRL={0x5, 0xb, 0x1}, @NL80211_TID_CONFIG_ATTR_RETRY_LONG={0x5, 0x8, 0xcc}]}, {0x290, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_TX_RATE={0x28c, 0xd, 0x0, 0x1, [@NL80211_BAND_6GHZ={0x70, 0x3, 0x0, 0x1, [@NL80211_TXRATE_HE={0x14, 0x5, {[0x3, 0x7f, 0xfff, 0x9, 0x5, 0x0, 0x6cdc, 0x7]}}, @NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x1}, @NL80211_TXRATE_HT={0x1f, 0x2, [{0x3, 0x5}, {0x3, 0x5}, {0x3, 0x9}, {0x4, 0x9}, {0x6, 0x8}, {0x6, 0xa}, {0x4, 0xa}, {0x1, 0x8}, {0x6, 0x5}, {0x4, 0xa}, {0x1, 0xa}, {0x2, 0xa}, {0x1, 0xa}, {0x7, 0xa}, {0x5, 0x4}, {0x5, 0x9}, {0x0, 0x7}, {0x2}, {0x4}, {0x2, 0x3}, {0x1}, {0x4, 0x1}, {0x1, 0x3}, {0x7, 0x9}, {0x5, 0x4}, {0x0, 0x8}, {0x4, 0x8}]}, @NL80211_TXRATE_HT={0x26, 0x2, [{0x1, 0xa}, {0x2, 0x2}, {0x0, 0x5}, {0x7}, {0x3, 0xa}, {0x7, 0xa}, {0x1, 0x1}, {0x2, 0x8}, {0x3, 0x9}, {0x2, 0x7}, {0x4, 0xa}, {0x3, 0x3}, {0x4, 0x2}, {0x0, 0x6}, {0x4, 0x9}, {0x6, 0x9}, {0x0, 0x3}, {0x6, 0x7}, {0x6, 0xa}, {0x4, 0x4}, {0x3, 0x3}, {0x3, 0xa}, {0x1, 0x4}, {0x1, 0x9}, {0x3, 0x6}, {0x2, 0x3}, {}, {0x6, 0x4}, {0x1, 0x4}, {0x0, 0x5}, {0x3, 0x6}, {0x5, 0x4}, {0x1}, {0x1, 0x2}]}, @NL80211_TXRATE_HE_GI={0x5, 0x6, 0x1}]}, @NL80211_BAND_5GHZ={0xec, 0x1, 0x0, 0x1, [@NL80211_TXRATE_HE_GI={0x5, 0x6, 0x2}, @NL80211_TXRATE_GI={0x5, 0x4, 0x1}, @NL80211_TXRATE_HE_GI={0x5, 0x6, 0x2}, @NL80211_TXRATE_HT={0x7, 0x2, [{0x5, 0x9}, {0x3, 0x6}, {0x3, 0x2}]}, @NL80211_TXRATE_HT={0x3d, 0x2, [{0x3, 0x6}, {0x5, 0x8}, {0x6, 0x8}, {0x6, 0x6}, {0x6, 0x7}, {0x7, 0x8}, {0x3, 0x3}, {0x4, 0x4}, {0x5, 0x4}, {0x3, 0xa}, {0x5, 0x1}, {0x3, 0x8}, {0x1, 0x3}, {0x5, 0xa}, {0x6, 0x4}, {0x1, 0x5}, {0x1}, {0x4, 0x7}, {0x6, 0x3}, {0x0, 0x7}, {0x6, 0x4}, {0x1, 0x6}, {0x1, 0xa}, {0x7, 0x9}, {0x7, 0x9}, {0x7, 0x1}, {0x0, 0x9}, {0x5, 0x6}, {0x1, 0x1}, {0x1, 0x2}, {0x3, 0x3}, {0x6, 0x3}, {0x6, 0x5}, {0x4, 0x5}, {0x5, 0x1}, {0x6, 0xa}, {0x2, 0x7}, {0x5, 0x7}, {0x2}, {0x4, 0x8}, {0x6, 0x7}, {0x4}, {0x7, 0x5}, {0x4, 0x9}, {0x6, 0x6}, {0x6, 0x7}, {0x1, 0x8}, {0x4, 0x7}, {0x0, 0x7}, {0x5, 0x6}, {0x4}, {}, {0x0, 0xa}, {0x3, 0x1}, {0x6, 0x7}, {0x0, 0x8}, {0x2, 0x4}]}, @NL80211_TXRATE_GI={0x5, 0x4, 0x2}, @NL80211_TXRATE_LEGACY={0x19, 0x1, [0x67, 0xb, 0xc, 0x4, 0x6, 0xc, 0x16, 0x12, 0x36, 0x5, 0x1b, 0xc, 0x24, 0x24, 0x3, 0xc, 0x0, 0x16, 0xc, 0x24, 0x12]}, @NL80211_TXRATE_GI={0x5, 0x4, 0x2}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x61f4, 0x200, 0x5, 0x9, 0x7f80, 0x42, 0x7, 0x7]}}, @NL80211_TXRATE_HT={0x46, 0x2, [{0x6}, {0x1, 0xa}, {0x0, 0x6}, {0x0, 0x3}, {0x4}, {0x6, 0x8}, {0x3, 0x1}, {0x5, 0x4}, {0x4, 0x9}, {0x0, 0x7}, {0x1, 0x3}, {0x5, 0x5}, {0x2, 0x1}, {0x4, 0x2}, {0x3, 0x6}, {0x0, 0x9}, {0x2, 0x8}, {0x2, 0x1}, {0x7}, {0x3, 0x2}, {0x7, 0x5}, {0x7, 0x7}, {0x4, 0x1}, {0x5, 0x1}, {0x5, 0x6}, {0x0, 0x8}, {0x7, 0x2}, {0x0, 0x1}, {0x5}, {0x0, 0x9}, {}, {0x0, 0xa}, {0x4, 0x2}, {0x6, 0x5}, {0x3, 0x1}, {0x4}, {0x2, 0x6}, {0x7, 0x1}, {0x3, 0x1}, {0x2, 0x2}, {0x2, 0xa}, {0x0, 0x8}, {0x1}, {0x7, 0x9}, {0x0, 0x8}, {0x1, 0x2}, {0x0, 0x9}, {0x4, 0x9}, {0x4, 0x7}, {0x4, 0x6}, {0x4, 0x1}, {0x0, 0x5}, {0x2, 0x2}, {0x6}, {0x7, 0x1}, {0x5, 0x5}, {0x7, 0x2}, {0x0, 0x3}, {0x1, 0x2}, {0x4, 0x9}, {0x0, 0x1}, {0x6, 0x6}, {0x0, 0x3}, {0x4, 0x5}, {0x2, 0x2}, {0x0, 0x4}]}]}, @NL80211_BAND_60GHZ={0x74, 0x2, 0x0, 0x1, [@NL80211_TXRATE_HE={0x14, 0x5, {[0x7c, 0xc03a, 0x1, 0x7fff, 0x5, 0x1, 0x9, 0x5d5c]}}, @NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x1}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x40, 0x5, 0x0, 0x1000, 0x800, 0xff, 0x6, 0x8]}}, @NL80211_TXRATE_GI={0x5}, @NL80211_TXRATE_GI={0x5, 0x4, 0x2}, @NL80211_TXRATE_GI={0x5, 0x4, 0x1}, @NL80211_TXRATE_HT={0xa, 0x2, [{0x2, 0x2}, {0x5, 0xa}, {0x0, 0x4}, {0x6, 0x1}, {0x0, 0x6}, {0x2, 0x4}]}, @NL80211_TXRATE_HE={0x14, 0x5, {[0x9, 0x3, 0x5, 0xeb51, 0x7, 0x3ff, 0x7fe0, 0x8]}}, @NL80211_TXRATE_HE_GI={0x5, 0x6, 0x1}]}, @NL80211_BAND_2GHZ={0x20, 0x0, 0x0, 0x1, [@NL80211_TXRATE_VHT={0x14, 0x3, {[0x6, 0x9, 0x2, 0x6, 0x5, 0x5, 0x0, 0x1]}}, @NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x1}]}, @NL80211_BAND_6GHZ={0x30, 0x3, 0x0, 0x1, [@NL80211_TXRATE_GI={0x5, 0x4, 0x1}, @NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x2}, @NL80211_TXRATE_GI={0x5, 0x4, 0x2}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x1, 0x5, 0xffff, 0x8, 0x6, 0x7, 0x549c, 0x800]}}]}, @NL80211_BAND_5GHZ={0x68, 0x1, 0x0, 0x1, [@NL80211_TXRATE_GI={0x5}, @NL80211_TXRATE_HE_GI={0x5, 0x6, 0x1}, @NL80211_TXRATE_HE_GI={0x5, 0x6, 0x2}, @NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x1}, @NL80211_TXRATE_HE={0x14, 0x5, {[0xffff, 0x3e16, 0x3f, 0x0, 0x5f6, 0x9, 0xe2, 0x7]}}, @NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x1}, @NL80211_TXRATE_GI={0x5}, @NL80211_TXRATE_HT={0x18, 0x2, [{0x1, 0x2}, {0x3, 0x4}, {0x3, 0x7}, {0x6}, {0x6, 0x3}, {0x2, 0x13}, {0x5, 0x8}, {0x3, 0x3}, {0x5}, {0x2}, {0x0, 0x8}, {0x0, 0x2}, {}, {}, {0x4, 0x4}, {0x7, 0x2}, {0x7}, {0x5, 0x1}, {0x7, 0x2}, {0x0, 0x4}]}, @NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x1}]}]}]}, {0x3c, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_RETRY_LONG={0x5, 0x8, 0xcc}, @NL80211_TID_CONFIG_ATTR_TX_RATE_TYPE={0x5}, @NL80211_TID_CONFIG_ATTR_RTSCTS_CTRL={0x5}, @NL80211_TID_CONFIG_ATTR_OVERRIDE={0x4}, @NL80211_TID_CONFIG_ATTR_RTSCTS_CTRL={0x5, 0xa, 0x1}, @NL80211_TID_CONFIG_ATTR_TIDS={0x6, 0x5, 0x2}, @NL80211_TID_CONFIG_ATTR_PEER_SUPP={0xc}]}, {0x10, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_OVERRIDE={0x4}, @NL80211_TID_CONFIG_ATTR_NOACK={0x5, 0x6, 0x1}]}, {0xa4, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_TX_RATE={0x60, 0xd, 0x0, 0x1, [@NL80211_BAND_5GHZ={0x18, 0x1, 0x0, 0x1, [@NL80211_TXRATE_LEGACY={0x11, 0x1, [0x3, 0x6c, 0x9, 0x60, 0x1, 0x24, 0x5, 0x5, 0x18, 0x3, 0x48, 0x24, 0x36]}]}, @NL80211_BAND_6GHZ={0x44, 0x3, 0x0, 0x1, [@NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x2}, @NL80211_TXRATE_HE_GI={0x5, 0x6, 0x1}, @NL80211_TXRATE_HE_LTF={0x5}, @NL80211_TXRATE_HE={0x14, 0x5, {[0x1f, 0x5, 0x5, 0xf000, 0x24, 0xc95f, 0x3, 0x81]}}, @NL80211_TXRATE_HE={0x14, 0x5, {[0xff, 0xfff9, 0x6, 0x7ff, 0xffff, 0x7f4, 0x9, 0x80]}}]}]}, @NL80211_TID_CONFIG_ATTR_NOACK={0x5, 0x6, 0x1}, @NL80211_TID_CONFIG_ATTR_NOACK={0x5, 0x6, 0x1}, @NL80211_TID_CONFIG_ATTR_RETRY_LONG={0x5, 0x8, 0x6e}, @NL80211_TID_CONFIG_ATTR_OVERRIDE={0x4}, @NL80211_TID_CONFIG_ATTR_RETRY_LONG={0x5, 0x8, 0xd3}, @NL80211_TID_CONFIG_ATTR_TX_RATE_TYPE={0x5, 0xc, 0x1}, @NL80211_TID_CONFIG_ATTR_VIF_SUPP={0xc, 0x2, 0xacb4}, @NL80211_TID_CONFIG_ATTR_RTSCTS_CTRL={0x5, 0xa, 0x1}]}, {0x38, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_AMPDU_CTRL={0x5, 0x9, 0x1}, @NL80211_TID_CONFIG_ATTR_VIF_SUPP={0xc, 0x2, 0x9}, @NL80211_TID_CONFIG_ATTR_NOACK={0x5}, @NL80211_TID_CONFIG_ATTR_PEER_SUPP={0xc, 0x3, 0xfffffffffffff9eb}, @NL80211_TID_CONFIG_ATTR_VIF_SUPP={0xc}]}]}, @NL80211_ATTR_TID_CONFIG={0x448, 0x11d, 0x0, 0x1, [{0x444, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_TX_RATE={0x420, 0xd, 0x0, 0x1, [@NL80211_BAND_5GHZ={0x9c, 0x1, 0x0, 0x1, [@NL80211_TXRATE_GI={0x5}, @NL80211_TXRATE_HT={0x4f, 0x2, [{0x0, 0x1}, {0x7, 0x1}, {0x2, 0x1}, {0x1, 0x8}, {0x0, 0x6}, {0x0, 0x4}, {0x0, 0x6}, {0x2, 0x2}, {0x6, 0x5}, {0x6, 0x4}, {0x7}, {0x6, 0x3}, {0x0, 0x9}, {0x6, 0x3}, {0x0, 0x7}, {0x1, 0x4}, {0x5, 0x4}, {}, {0x1, 0x9}, {0x7, 0x2}, {0x5, 0x4}, {0x5, 0x8}, {0x4, 0x5}, {0x1}, {0x1, 0xa}, {0x0, 0x4}, {0x2, 0x6}, {0x2, 0xa}, {0x0, 0x4}, {0x1}, {0x2, 0x7}, {0x5, 0x3}, {0x4, 0x9}, {0x4, 0x9}, {0x1, 0x6}, {0x6, 0xa}, {0x5, 0x4}, {0x1, 0x2}, {0x4, 0x1}, {0x4, 0x3}, {0x1, 0x9}, {0x2, 0x8}, {0x0, 0x9}, {0x1, 0x4}, {0x6, 0xa}, {0x3, 0x7}, {0x7, 0x8}, {0x5}, {0x7, 0xa}, {0x3, 0x1}, {0x1, 0x2}, {0x7, 0x1}, {0x7, 0x6}, {0x0, 0xa}, {0x6, 0x2}, {0x6, 0x2}, {0x5, 0x9}, {0x5, 0xa}, {0x1, 0x7}, {0x2, 0x7}, {0x1, 0x7}, {0x0, 0x1}, {0x2, 0x8}, {0x4, 0x4}, {0x4, 0x9}, {0x4, 0xa}, {0x2, 0x4}, {0x0, 0x2}, {0x3, 0x8}, {0x7, 0xa}, {0x1, 0x5}, {0x0, 0x9}, {0x3}, {0x2, 0x7}, {0x5, 0x8}]}, @NL80211_TXRATE_HE_GI={0x5, 0x6, 0x2}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x1, 0xfffb, 0x6, 0x1000, 0x2, 0x0, 0x0, 0x200]}}, @NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x2}, @NL80211_TXRATE_GI={0x5, 0x4, 0x2}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0xc87, 0x7, 0x6, 0x9, 0x20, 0x29d, 0x34, 0x1]}}]}, @NL80211_BAND_6GHZ={0xac, 0x3, 0x0, 0x1, [@NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x1}, @NL80211_TXRATE_HE_GI={0x5, 0x6, 0x2}, @NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x1}, @NL80211_TXRATE_LEGACY={0x20, 0x1, [0x48, 0x30, 0x9, 0x14, 0x16, 0x24, 0x36, 0x2, 0x36, 0x1b, 0x36, 0x57, 0x1, 0x3, 0x3, 0x6c, 0xa098f5c7cc1da606, 0xd, 0x16, 0xc, 0x4, 0x6c, 0x3, 0x2, 0x30, 0x18, 0x5b, 0xc]}, @NL80211_TXRATE_LEGACY={0x20, 0x1, [0x36, 0x6c, 0x16, 0x36, 0xc, 0x4, 0x1b, 0x48, 0x12, 0x1b, 0x0, 0x48, 0x5, 0x4e, 0x24, 0x6, 0x48, 0x1b, 0x2, 0x6c, 0x16, 0x12, 0x5, 0xc, 0x3, 0xc, 0x18, 0x5]}, @NL80211_TXRATE_HT={0x4d, 0x2, [{0x5, 0x3}, {0x2, 0x9}, {0x6, 0x4}, {0x5, 0x1}, {0x7, 0x7}, {0x1, 0x2}, {0x0, 0x6}, {0x1, 0x1}, {0x5, 0xa}, {0x0, 0x2}, {0x5, 0x6}, {0x3, 0x7}, {0x1, 0x7}, {0x0, 0x8}, {0x3, 0x8}, {0x2, 0xa}, {0x0, 0x5}, {0x1, 0x8}, {0x7, 0x7}, {0x4, 0xa}, {0x6, 0x1}, {0x0, 0x5}, {0x4, 0x2}, {0x6, 0x3}, {0x3, 0x1}, {0x2, 0xa}, {0x5, 0x6}, {0x1, 0x1}, {}, {0x3, 0x1}, {0x2, 0x5}, {0x7, 0x7}, {}, {0x0, 0x3}, {0x4, 0x4}, {0x1, 0x9}, {0x7, 0x9}, {0x0, 0x6}, {0x0, 0x5}, {0x1, 0x9}, {0x5, 0x3}, {0x0, 0x7}, {0x2, 0x1}, {0x7, 0x9}, {0x7, 0x3}, {0x1, 0x1}, {0x0, 0x1}, {0x3, 0x5}, {0x7, 0x8}, {0x1, 0x6}, {0x0, 0x5}, {0x4, 0x9}, {0x1, 0x2}, {0x3, 0x7}, {0x1, 0x1}, {0x2, 0x8}, {0x2, 0x5}, {0x3}, {0x5, 0xa}, {}, {0x5, 0x1}, {0x1}, {0x1, 0x9}, {0x3, 0x7}, {0x2, 0x4}, {0x4}, {0x1, 0x8}, {0x3, 0x6}, {0x0, 0x9}, {0x0, 0xa}, {0x6, 0xa}, {0x1, 0x8}, {0x6, 0x8}]}]}, @NL80211_BAND_6GHZ={0xc, 0x3, 0x0, 0x1, [@NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x1}]}, @NL80211_BAND_60GHZ={0x5c, 0x2, 0x0, 0x1, [@NL80211_TXRATE_HE={0x14, 0x5, {[0x7, 0x920, 0x1, 0xfffe, 0x0, 0x4, 0x8001, 0x13f]}}, @NL80211_TXRATE_HE={0x14, 0x5, {[0x1a, 0x0, 0x1, 0x7, 0x3, 0x5, 0x5, 0x8]}}, @NL80211_TXRATE_HE={0x14, 0x5, {[0x800, 0x8, 0x9, 0x3, 0x2, 0x4, 0x7, 0x5]}}, @NL80211_TXRATE_HE={0x14, 0x5, {[0x40, 0x200, 0x3, 0x7, 0xae, 0x7ff, 0x4, 0x1]}}, @NL80211_TXRATE_HE_LTF={0x5}]}, @NL80211_BAND_5GHZ={0xb0, 0x1, 0x0, 0x1, [@NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x1}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x7fff, 0xca8, 0xfffc, 0xb, 0x3, 0xfffc, 0x4f04, 0x6]}}, @NL80211_TXRATE_HE={0x14, 0x5, {[0x4, 0xffff, 0x3, 0x3, 0x1, 0x6, 0x6, 0xc0]}}, @NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x2}, @NL80211_TXRATE_HE={0x14, 0x5, {[0x4, 0x8000, 0x5, 0x7fff, 0x8, 0x1f, 0x63fb, 0x1]}}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x7ff, 0x40, 0x1, 0xffff, 0x1, 0x81, 0x7, 0x20]}}, @NL80211_TXRATE_HT={0x35, 0x2, [{0x4}, {0x7, 0x2}, {0x7, 0x6}, {0x5, 0x4}, {0x4, 0x9}, {0x2, 0x1}, {0x2, 0x2}, {0x1, 0x8}, {0x7, 0x2}, {0x3, 0x8}, {0x4, 0x3}, {0x3, 0x1}, {0x1, 0x3}, {0x5, 0x3}, {0x5, 0x3}, {0x4, 0xa}, {}, {0x4, 0x8}, {0x6, 0x7}, {0x1, 0x7}, {0x2, 0x1}, {0x5, 0x1}, {0x7, 0x5}, {0x2, 0x3}, {0x3, 0x5}, {0x3}, {0x3, 0x9}, {0x0, 0x8}, {0x6, 0x3}, {0x4, 0xa}, {0x0, 0x4}, {0x3, 0x4}, {0x0, 0x1}, {}, {0x6, 0x5}, {0x1, 0x4}, {0x1, 0x7}, {0x1, 0x6}, {0x1, 0xa}, {0x4, 0x5}, {}, {0x5, 0x1}, {0x4}, {0x6, 0x2}, {0x1, 0x8}, {0x6, 0x9}, {0x2, 0x3}, {0x6, 0x6}, {0x0, 0x8}]}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0xd3, 0x400, 0x8, 0x200, 0x401, 0x2, 0x80, 0x7ff]}}]}, @NL80211_BAND_60GHZ={0x44, 0x2, 0x0, 0x1, [@NL80211_TXRATE_HT={0x10, 0x2, [{0x6, 0x1}, {0x4, 0x7}, {0x7, 0x4}, {0x6, 0x1}, {0x7, 0x4}, {0x5, 0x1}, {0x4, 0x2}, {0x7, 0x3}, {0x4, 0x8}, {0x6, 0x7}, {0x4, 0x2}, {0x6, 0xa}]}, @NL80211_TXRATE_HE={0x14, 0x5, {[0xee4, 0x40, 0x9, 0x4, 0x1000, 0x7, 0x4, 0xfff]}}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x1, 0x0, 0x8001, 0x9, 0x35, 0xa1, 0x401, 0x81]}}, @NL80211_TXRATE_HE_GI={0x5}]}, @NL80211_BAND_5GHZ={0x7c, 0x1, 0x0, 0x1, [@NL80211_TXRATE_HE={0x14, 0x5, {[0x0, 0x1, 0x9, 0x1, 0x1ff, 0x6, 0x101]}}, @NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x1}, @NL80211_TXRATE_GI={0x5, 0x4, 0x1}, @NL80211_TXRATE_GI={0x5}, @NL80211_TXRATE_HE={0x14, 0x5, {[0x5, 0x9, 0x0, 0x1, 0x400, 0xffff, 0x7, 0xff]}}, @NL80211_TXRATE_HE={0x14, 0x5, {[0x9, 0x9, 0x1f, 0x8, 0x1000, 0x0, 0x4, 0x800]}}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x80, 0xff, 0x100, 0x9, 0x8, 0x80, 0x1, 0x307]}}, @NL80211_TXRATE_GI={0x5}, @NL80211_TXRATE_HE_GI={0x5, 0x6, 0x1}]}, @NL80211_BAND_6GHZ={0x54, 0x3, 0x0, 0x1, [@NL80211_TXRATE_GI={0x5}, @NL80211_TXRATE_HE_LTF={0x5}, @NL80211_TXRATE_LEGACY={0x4}, @NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x2}, @NL80211_TXRATE_HT={0x18, 0x2, [{0x0, 0x9}, {0x4, 0x9}, {0x6, 0x9}, {0x0, 0x1}, {0x4, 0x3}, {0x0, 0x8}, {0x3, 0xa}, {0x5, 0x3}, {0x6, 0x7}, {0x0, 0x8}, {0x0, 0x2}, {0x0, 0x8}, {0x7, 0x5}, {0x5, 0x1}, {0x1, 0x3}, {0x0, 0x5}, {0x2, 0x9}, {0x7, 0x6}, {0x0, 0xb}, {0x1, 0x4}]}, @NL80211_TXRATE_HE_LTF={0x5}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x3, 0xd3, 0x46f2, 0xffff, 0x101, 0x1ff, 0xfffa]}}]}, @NL80211_BAND_2GHZ={0xa8, 0x0, 0x0, 0x1, [@NL80211_TXRATE_LEGACY={0x23, 0x1, [0xb, 0xb, 0x0, 0xc, 0x30, 0x76, 0x36, 0xc, 0x3, 0x4, 0x2, 0x60, 0x18, 0xc, 0x2, 0x18, 0x1b, 0x9, 0x6c, 0x4a, 0x4e, 0x36, 0x48, 0x6a, 0x6, 0x1b, 0x1, 0xc, 0x5, 0x18, 0x36]}, @NL80211_TXRATE_HT={0x1e, 0x2, [{0x6, 0x4}, {}, {0x7, 0x5}, {0x1, 0x3}, {0x4, 0xa}, {0x0, 0xa}, {0x6, 0x7}, {0x7, 0x1}, {0x6, 0x2}, {}, {0x4, 0x1}, {0x0, 0x1}, {0x1, 0x2}, {0x2, 0x6}, {0x1, 0x3}, {0x0, 0x1}, {0x1, 0x5}, {0x0, 0x6}, {0x6, 0x1}, {0x4, 0x3}, {0x1, 0x5}, {0x4, 0x9}, {0x6, 0x9}, {0x7, 0x4}, {0x7, 0xa}, {0x0, 0x2}]}, @NL80211_TXRATE_HE={0x14, 0x5, {[0x1, 0x8000, 0xff, 0x1, 0x6, 0x1, 0x2, 0x3]}}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x31, 0x7dd, 0x3, 0x8000, 0x401, 0x1000, 0x2, 0xffff]}}, @NL80211_TXRATE_HE_GI={0x5, 0x6, 0x1}, @NL80211_TXRATE_LEGACY={0x19, 0x1, [0x9, 0x12, 0x1, 0x30, 0x12, 0x18, 0x2, 0x16, 0x18, 0x1b, 0x3, 0x77, 0xb, 0x1b, 0x48, 0x5, 0x1, 0x16, 0x48, 0x1, 0x4]}, @NL80211_TXRATE_HE={0x14, 0x5, {[0x903, 0xffff, 0x7, 0xe735, 0x200, 0x3, 0x27fc, 0x8]}}]}]}, @NL80211_TID_CONFIG_ATTR_PEER_SUPP={0xc, 0x3, 0x4}, @NL80211_TID_CONFIG_ATTR_PEER_SUPP={0xc, 0x3, 0xa6d}, @NL80211_TID_CONFIG_ATTR_TX_RATE_TYPE={0x5, 0xc, 0x1}]}]}, @NL80211_ATTR_TID_CONFIG={0x50, 0x11d, 0x0, 0x1, [{0x18, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_VIF_SUPP={0xc, 0x2, 0x9}, @NL80211_TID_CONFIG_ATTR_TX_RATE_TYPE={0x5, 0xc, 0x3}]}, {0x34, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_RTSCTS_CTRL={0x5, 0xa, 0x1}, @NL80211_TID_CONFIG_ATTR_AMSDU_CTRL={0x5, 0xb, 0x1}, @NL80211_TID_CONFIG_ATTR_NOACK={0x5}, @NL80211_TID_CONFIG_ATTR_RETRY_SHORT={0x5, 0x7, 0x57}, @NL80211_TID_CONFIG_ATTR_AMSDU_CTRL={0x5}, @NL80211_TID_CONFIG_ATTR_TIDS={0x6, 0x5, 0x8c}]}]}]}, 0xad4}, 0x1, 0x0, 0x0, 0x800}, 0x8840)
rename(&(0x7f00000000c0)='./bus\x00', &(0x7f0000000180)='./file0\x00')
name_to_handle_at(r1, &(0x7f0000000ec0)='./bus\x00', &(0x7f0000001000)=ANY=[@ANYBLOB="10000000040000eea92bdd8d0eff0b0000ff7f0000030000be0b0c887fccad13b87fcae10279a985de0d2880046e365f7804afeed550a9e984fc01ef7e6caac8d24eb873e556526c6940669b1fd0ebe9f41227acf08974e1cd2f482c8e57af797abfbb7b63488151501a17f10a6a67ddaf974eb02d2a23503b340ffa6e91fdcf79c58752416d93f435e0aa5eb05aa0acf32b3dc776e401199a26b63572182cb59ca18baec0a1e7f79f1927e929e896ce0f8c2d379ec42c779cb68bbca958a582b82ab99ba0b353a75f46291590bd85aeab52cd"], &(0x7f0000000f40), 0x1400) (async)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mkdir(&(0x7f00000001c0)='./bus/file0\x00', 0x0) (async)
sendfile(r2, r4, 0x0, 0x80000001)
r5 = socket$kcm(0x10, 0x2, 0x4)
sendmsg$kcm(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000000)="48000000140081fb7059ae08060c04000aff0f03000004000e11000000006fabca1b4e7d06a6bd7c493872f750375ed08a562ad6e74703c48f93b82a02000000461eb886a5e54e8f", 0x48}], 0x1}, 0x0) (async)
mount(&(0x7f0000000f00)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000000f80)='./bus\x00', &(0x7f0000000fc0)='anon_inodefs\x00', 0x200000, &(0x7f0000001100)='/*}.#\'\x00') (async)
r6 = socket$kcm(0x10, 0x2, 0x4)
sendmsg$kcm(r6, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000000)="48000000140081fb7059ae08060c04000aff0f03000004000e11000000006fabca1b4e7d06a6bd7c493872f750375ed08a562ad6e74703c48f93b82a02000000461eb886a5e54e8f", 0x48}], 0x1}, 0x0) (async)
sendfile(r5, r6, 0x0, 0x2800000000000)

11:47:38 executing program 0:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
syz_open_procfs(0x0, &(0x7f00000001c0)='net/ip_vs_stats\x00')
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001) (fail_nth: 10)

[  362.143432][T26213] loop4: detected capacity change from 0 to 262160
11:47:38 executing program 2:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800024)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

11:47:38 executing program 5:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x5000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

11:47:38 executing program 1:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mount(0x0, 0x0, 0x0, 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80009100)
ioctl$BTRFS_IOC_GET_DEV_STATS(0xffffffffffffffff, 0xc4089434, 0x0)

[  362.205128][T26218] loop0: detected capacity change from 0 to 262160
[  362.284201][T26221] loop5: detected capacity change from 0 to 262160
[  362.287681][T26220] FAULT_INJECTION: forcing a failure.
[  362.287681][T26220] name failslab, interval 1, probability 0, space 0, times 0
[  362.303377][T26220] CPU: 0 PID: 26220 Comm: syz-executor.0 Not tainted 5.18.0-rc2-syzkaller-00275-g59250f8a7f3a-dirty #0
[  362.314523][T26220] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  362.324603][T26220] Call Trace:
[  362.327878][T26220]  <TASK>
[  362.330794][T26220]  dump_stack_lvl+0xd6/0x122
[  362.335450][T26220]  dump_stack+0x11/0x12
[  362.339594][T26220]  should_fail+0x230/0x240
[  362.344091][T26220]  __should_failslab+0x81/0x90
[  362.348839][T26220]  ? mempool_alloc_slab+0x16/0x20
[  362.353901][T26220]  should_failslab+0x5/0x20
[  362.358454][T26220]  kmem_cache_alloc+0x46/0x300
[  362.363247][T26220]  mempool_alloc_slab+0x16/0x20
[  362.368082][T26220]  ? mempool_free+0x130/0x130
[  362.372745][T26220]  mempool_alloc+0x9f/0x2a0
[  362.377235][T26220]  bio_alloc_bioset+0xe4/0x730
[  362.382060][T26220]  submit_bh_wbc+0x161/0x2f0
[  362.386640][T26220]  __sync_dirty_buffer+0x141/0x1f0
[  362.391743][T26220]  sync_dirty_buffer+0x16/0x20
[  362.396513][T26220]  fat_mirror_bhs+0x268/0x330
[  362.401255][T26220]  fat_ent_write+0xc2/0xd0
[  362.405661][T26220]  fat_chain_add+0x15b/0x410
[  362.410244][T26220]  fat_get_block+0x486/0x600
[  362.414987][T26220]  ? fat_block_truncate_page+0x30/0x30
[  362.420440][T26220]  __block_write_begin_int+0x33d/0xc90
[  362.426001][T26220]  ? fat_block_truncate_page+0x30/0x30
[  362.431578][T26220]  ? PageHeadHuge+0x3b/0x120
[  362.436172][T26220]  ? fat_block_truncate_page+0x30/0x30
[  362.441620][T26220]  block_write_begin+0x77/0x170
[  362.446462][T26220]  ? cont_write_begin+0x3aa/0x500
[  362.451511][T26220]  cont_write_begin+0x3cf/0x500
[  362.456357][T26220]  fat_write_begin+0x61/0xf0
[  362.461032][T26220]  ? fat_block_truncate_page+0x30/0x30
[  362.466508][T26220]  generic_perform_write+0x1d6/0x3f0
[  362.471889][T26220]  __generic_file_write_iter+0x172/0x280
[  362.477545][T26220]  ? generic_write_checks+0x256/0x290
[  362.482903][T26220]  generic_file_write_iter+0x75/0x130
[  362.488289][T26220]  do_iter_readv_writev+0x27b/0x300
[  362.493494][T26220]  do_iter_write+0x16f/0x5c0
[  362.498148][T26220]  ? splice_from_pipe_next+0x34f/0x3b0
[  362.503650][T26220]  vfs_iter_write+0x4c/0x70
[  362.508209][T26220]  iter_file_splice_write+0x44a/0x7c0
[  362.513673][T26220]  ? splice_from_pipe+0xc0/0xc0
[  362.518513][T26220]  direct_splice_actor+0x80/0xa0
[  362.523519][T26220]  splice_direct_to_actor+0x345/0x660
[  362.528880][T26220]  ? do_splice_direct+0x180/0x180
[  362.533974][T26220]  do_splice_direct+0xfb/0x180
[  362.538801][T26220]  do_sendfile+0x3ad/0x900
[  362.543237][T26220]  __x64_sys_sendfile64+0x10c/0x150
[  362.548504][T26220]  do_syscall_64+0x2b/0x70
[  362.552911][T26220]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  362.558843][T26220] RIP: 0033:0x7f99336e60e9
[  362.563245][T26220] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
11:47:38 executing program 4:
r0 = openat$zero(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
ioctl$sock_ipv6_tunnel_SIOCCHG6RD(r0, 0x89fb, &(0x7f0000000200)={'syztnl1\x00', &(0x7f0000000180)={'sit0\x00', <r1=>0x0, 0x2f, 0x7, 0xe7, 0x2, 0x50, @empty, @empty, 0x1, 0x8, 0x0, 0x7}})
syz_mount_image$vfat(&(0x7f00000002c0), &(0x7f0000000100)='./file0\x00', 0x0, 0x6, &(0x7f0000000680)=[{&(0x7f0000000240)="eb3c8f000000732e6661740002010100bb12c83b197502", 0x17}, {0x0, 0x0, 0x10000001000}, {&(0x7f0000000480)="a730dd2a2a604629595b22427fe312c1df7320afdb157b39930d9cac3bf6726e286620e3613c401c752747d38d337ac4442e8c77ea715277f9de4aad7e19fad5375b9599b4d182c389f4ef078e5cdc7c7f9c21415331e3a826f06c57c33278", 0x5f, 0x17fffffff}, {&(0x7f0000000500)="2deabdc84f2ece3b28d2629c68da762977f74cd986496277bfc6924557c763e776788e81a68f2876fe52b5e25206a003ad8e0f31aa1cba8c8ebc7c5b9e27c2735506a1209f9153922e1700b5f6be448399ec2756db1969c686ad3852c9332dd58b8ebcaa72b4de8ff25faede18b39afba93584184437fbde5e153235d93406cfc912de1d556452679eb7eb3ac626260812c2a6d25b0dcba61c67736f4e84a8dad2", 0xa1, 0xffffffffffff759a}, {&(0x7f00000005c0)="9260e5b98a479c4d31029623038714504396438df3e475c60c8bd213fc630e57b8bb89ca110aa7d5dce3aa95d466df4d6946c5be", 0x34, 0xe0a}, {&(0x7f0000000280), 0x0, 0x3}], 0x3054010, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r0, 0x89f1, &(0x7f0000000280)={'ip6tnl0\x00', &(0x7f00000003c0)={'ip6tnl0\x00', r1, 0x29, 0x7, 0x4a, 0x1f, 0x68, @mcast2, @empty, 0x80, 0x10, 0x1, 0x10000004}})
write$binfmt_script(r2, &(0x7f0000000040)=ANY=[], 0x8800000)
r3 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r4 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
ioctl$FS_IOC_SETFLAGS(r4, 0x40086602, &(0x7f0000000040))
ioctl$TIOCL_SCROLLCONSOLE(r4, 0x541c, &(0x7f0000000040)={0xd, 0xffffffff})
r5 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r5, 0xffffffffffffffff, 0x0, 0x3)
accept4$tipc(r4, 0x0, &(0x7f0000000300), 0x80000)
ioctl$PIO_FONT(r2, 0x4b61, &(0x7f0000000600)="a6319283eb19089754f62cf873c5cb00048764147b125cc588a3fd5dbe1154a4596a45e6918d5f150e4165b37b9baeeb28654df300b2d16d25f7b1afa1b9e69f47f0444d82a76944559607a3db30889bb3941653cfb642e589")
socket$kcm(0x10, 0x2, 0x4)
setsockopt$inet_sctp_SCTP_MAX_BURST(r3, 0x84, 0x14, &(0x7f0000000340)=@assoc_value={0x0, 0x800}, 0x8)
r6 = socket$kcm(0x10, 0x2, 0x4)
sendmsg$kcm(r6, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000000)="48000000140081fb7059ae08060c04000aff0f03000004000e11000000006fabca1b4e7d06a6bd7c493872f750375ed08a562ad6e74703c48f93b82a02000000461eb886a5e54e8f", 0x48}], 0x1}, 0x0)
poll(&(0x7f0000000340), 0x0, 0x7)

[  362.583022][T26220] RSP: 002b:00007f9932e3b168 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[  362.591446][T26220] RAX: ffffffffffffffda RBX: 00007f99337f9030 RCX: 00007f99336e60e9
[  362.599527][T26220] RDX: 0000000000000000 RSI: 000000000000000b RDI: 0000000000000004
[  362.607525][T26220] RBP: 00007f9932e3b1d0 R08: 0000000000000000 R09: 0000000000000000
[  362.615561][T26220] R10: 0000000080000001 R11: 0000000000000246 R12: 0000000000000002
[  362.623538][T26220] R13: 00007ffd90c343df R14: 00007f9932e3b300 R15: 0000000000022000
[  362.631497][T26220]  </TASK>
[  362.676755][T26226] loop4: detected capacity change from 0 to 264192
[  362.687936][T26228] loop1: detected capacity change from 0 to 262160
11:47:38 executing program 3:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80002200)

11:47:39 executing program 0:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
syz_open_procfs(0x0, &(0x7f00000001c0)='net/ip_vs_stats\x00')
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001) (fail_nth: 11)

[  362.829777][T26233] loop3: detected capacity change from 0 to 262160
11:47:39 executing program 1:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mount(0x0, 0x0, 0x0, 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80009200)
ioctl$BTRFS_IOC_GET_DEV_STATS(0xffffffffffffffff, 0xc4089434, 0x0)

[  362.943929][T26237] loop0: detected capacity change from 0 to 262160
11:47:39 executing program 5:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x6000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

[  362.988873][T26239] loop1: detected capacity change from 0 to 262160
[  363.026315][T26240] FAULT_INJECTION: forcing a failure.
[  363.026315][T26240] name failslab, interval 1, probability 0, space 0, times 0
[  363.038979][T26240] CPU: 0 PID: 26240 Comm: syz-executor.0 Not tainted 5.18.0-rc2-syzkaller-00275-g59250f8a7f3a-dirty #0
[  363.050002][T26240] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  363.060154][T26240] Call Trace:
[  363.063429][T26240]  <TASK>
[  363.066350][T26240]  dump_stack_lvl+0xd6/0x122
[  363.070949][T26240]  dump_stack+0x11/0x12
[  363.075136][T26240]  should_fail+0x230/0x240
[  363.079626][T26240]  __should_failslab+0x81/0x90
[  363.084582][T26240]  ? fat_cache_add+0x1f7/0x4e0
[  363.089410][T26240]  should_failslab+0x5/0x20
[  363.093914][T26240]  kmem_cache_alloc+0x46/0x300
[  363.098674][T26240]  ? fat16_ent_get+0x45/0x60
[  363.103339][T26240]  fat_cache_add+0x1f7/0x4e0
[  363.107931][T26240]  fat_get_cluster+0x62f/0x870
[  363.112728][T26240]  fat_get_mapped_cluster+0xe0/0x250
[  363.118129][T26240]  fat_bmap+0x259/0x290
[  363.122289][T26240]  fat_get_block+0x3c1/0x600
[  363.126890][T26240]  ? fat_block_truncate_page+0x30/0x30
[  363.132443][T26240]  __block_write_begin_int+0x33d/0xc90
[  363.137914][T26240]  ? fat_block_truncate_page+0x30/0x30
[  363.143378][T26240]  ? PageHeadHuge+0x3b/0x120
[  363.147977][T26240]  ? fat_block_truncate_page+0x30/0x30
[  363.153440][T26240]  block_write_begin+0x77/0x170
[  363.158289][T26240]  ? cont_write_begin+0x3aa/0x500
[  363.163332][T26240]  cont_write_begin+0x3cf/0x500
[  363.168242][T26240]  fat_write_begin+0x61/0xf0
[  363.172915][T26240]  ? fat_block_truncate_page+0x30/0x30
[  363.178386][T26240]  generic_perform_write+0x1d6/0x3f0
[  363.183682][T26240]  __generic_file_write_iter+0x172/0x280
[  363.189345][T26240]  ? generic_write_checks+0x256/0x290
[  363.194824][T26240]  generic_file_write_iter+0x75/0x130
[  363.200223][T26240]  do_iter_readv_writev+0x27b/0x300
[  363.205434][T26240]  do_iter_write+0x16f/0x5c0
[  363.210030][T26240]  ? splice_from_pipe_next+0x34f/0x3b0
[  363.215542][T26240]  vfs_iter_write+0x4c/0x70
[  363.220055][T26240]  iter_file_splice_write+0x44a/0x7c0
[  363.225438][T26240]  ? splice_from_pipe+0xc0/0xc0
[  363.230288][T26240]  direct_splice_actor+0x80/0xa0
[  363.235239][T26240]  splice_direct_to_actor+0x345/0x660
[  363.240654][T26240]  ? do_splice_direct+0x180/0x180
[  363.245710][T26240]  do_splice_direct+0xfb/0x180
[  363.250590][T26240]  do_sendfile+0x3ad/0x900
[  363.255003][T26240]  __x64_sys_sendfile64+0x10c/0x150
[  363.260207][T26240]  do_syscall_64+0x2b/0x70
[  363.264631][T26240]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  363.270527][T26240] RIP: 0033:0x7f99336e60e9
11:47:39 executing program 2:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800025)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

11:47:39 executing program 3:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80002300)

11:47:39 executing program 4:
r0 = openat$zero(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
ioctl$sock_ipv6_tunnel_SIOCCHG6RD(r0, 0x89fb, &(0x7f0000000200)={'syztnl1\x00', &(0x7f0000000180)={'sit0\x00', <r1=>0x0, 0x2f, 0x7, 0xe7, 0x2, 0x50, @empty, @empty, 0x1, 0x8, 0x0, 0x7}})
syz_mount_image$vfat(&(0x7f00000002c0), &(0x7f0000000100)='./file0\x00', 0x0, 0x6, &(0x7f0000000680)=[{&(0x7f0000000240)="eb3c8f000000732e6661740002010100bb12c83b197502", 0x17}, {0x0, 0x0, 0x10000001000}, {&(0x7f0000000480)="a730dd2a2a604629595b22427fe312c1df7320afdb157b39930d9cac3bf6726e286620e3613c401c752747d38d337ac4442e8c77ea715277f9de4aad7e19fad5375b9599b4d182c389f4ef078e5cdc7c7f9c21415331e3a826f06c57c33278", 0x5f, 0x17fffffff}, {&(0x7f0000000500)="2deabdc84f2ece3b28d2629c68da762977f74cd986496277bfc6924557c763e776788e81a68f2876fe52b5e25206a003ad8e0f31aa1cba8c8ebc7c5b9e27c2735506a1209f9153922e1700b5f6be448399ec2756db1969c686ad3852c9332dd58b8ebcaa72b4de8ff25faede18b39afba93584184437fbde5e153235d93406cfc912de1d556452679eb7eb3ac626260812c2a6d25b0dcba61c67736f4e84a8dad2", 0xa1, 0xffffffffffff759a}, {&(0x7f00000005c0)="9260e5b98a479c4d31029623038714504396438df3e475c60c8bd213fc630e57b8bb89ca110aa7d5dce3aa95d466df4d6946c5be", 0x34, 0xe0a}, {&(0x7f0000000280), 0x0, 0x3}], 0x3054010, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r0, 0x89f1, &(0x7f0000000280)={'ip6tnl0\x00', &(0x7f00000003c0)={'ip6tnl0\x00', r1, 0x29, 0x7, 0x4a, 0x1f, 0x68, @mcast2, @empty, 0x80, 0x10, 0x1, 0x10000004}})
write$binfmt_script(r2, &(0x7f0000000040)=ANY=[], 0x8800000)
r3 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r4 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
ioctl$FS_IOC_SETFLAGS(r4, 0x40086602, &(0x7f0000000040))
ioctl$TIOCL_SCROLLCONSOLE(r4, 0x541c, &(0x7f0000000040)={0xd, 0xffffffff})
r5 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r5, 0xffffffffffffffff, 0x0, 0x3)
accept4$tipc(r4, 0x0, &(0x7f0000000300), 0x80000)
ioctl$PIO_FONT(r2, 0x4b61, &(0x7f0000000600)="a6319283eb19089754f62cf873c5cb00048764147b125cc588a3fd5dbe1154a4596a45e6918d5f150e4165b37b9baeeb28654df300b2d16d25f7b1afa1b9e69f47f0444d82a76944559607a3db30889bb3941653cfb642e589")
socket$kcm(0x10, 0x2, 0x4)
setsockopt$inet_sctp_SCTP_MAX_BURST(r3, 0x84, 0x14, &(0x7f0000000340)=@assoc_value={0x0, 0x800}, 0x8)
r6 = socket$kcm(0x10, 0x2, 0x4)
sendmsg$kcm(r6, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000000)="48000000140081fb7059ae08060c04000aff0f03000004000e11000000006fabca1b4e7d06a6bd7c493872f750375ed08a562ad6e74703c48f93b82a02000000461eb886a5e54e8f", 0x48}], 0x1}, 0x0)
poll(&(0x7f0000000340), 0x0, 0x7)
openat$zero(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) (async)
ioctl$sock_ipv6_tunnel_SIOCCHG6RD(r0, 0x89fb, &(0x7f0000000200)={'syztnl1\x00', &(0x7f0000000180)={'sit0\x00', 0x0, 0x2f, 0x7, 0xe7, 0x2, 0x50, @empty, @empty, 0x1, 0x8, 0x0, 0x7}}) (async)
syz_mount_image$vfat(&(0x7f00000002c0), &(0x7f0000000100)='./file0\x00', 0x0, 0x6, &(0x7f0000000680)=[{&(0x7f0000000240)="eb3c8f000000732e6661740002010100bb12c83b197502", 0x17}, {0x0, 0x0, 0x10000001000}, {&(0x7f0000000480)="a730dd2a2a604629595b22427fe312c1df7320afdb157b39930d9cac3bf6726e286620e3613c401c752747d38d337ac4442e8c77ea715277f9de4aad7e19fad5375b9599b4d182c389f4ef078e5cdc7c7f9c21415331e3a826f06c57c33278", 0x5f, 0x17fffffff}, {&(0x7f0000000500)="2deabdc84f2ece3b28d2629c68da762977f74cd986496277bfc6924557c763e776788e81a68f2876fe52b5e25206a003ad8e0f31aa1cba8c8ebc7c5b9e27c2735506a1209f9153922e1700b5f6be448399ec2756db1969c686ad3852c9332dd58b8ebcaa72b4de8ff25faede18b39afba93584184437fbde5e153235d93406cfc912de1d556452679eb7eb3ac626260812c2a6d25b0dcba61c67736f4e84a8dad2", 0xa1, 0xffffffffffff759a}, {&(0x7f00000005c0)="9260e5b98a479c4d31029623038714504396438df3e475c60c8bd213fc630e57b8bb89ca110aa7d5dce3aa95d466df4d6946c5be", 0x34, 0xe0a}, {&(0x7f0000000280), 0x0, 0x3}], 0x3054010, &(0x7f0000000180)=ANY=[]) (async)
chdir(&(0x7f0000000140)='./file0\x00') (async)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0) (async)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r0, 0x89f1, &(0x7f0000000280)={'ip6tnl0\x00', &(0x7f00000003c0)={'ip6tnl0\x00', r1, 0x29, 0x7, 0x4a, 0x1f, 0x68, @mcast2, @empty, 0x80, 0x10, 0x1, 0x10000004}}) (async)
write$binfmt_script(r2, &(0x7f0000000040)=ANY=[], 0x8800000) (async)
open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0) (async)
creat(&(0x7f0000000000)='./bus\x00', 0x0) (async)
ioctl$FS_IOC_SETFLAGS(r4, 0x40086602, &(0x7f0000000040)) (async)
ioctl$TIOCL_SCROLLCONSOLE(r4, 0x541c, &(0x7f0000000040)={0xd, 0xffffffff}) (async)
openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) (async)
sendfile(r5, 0xffffffffffffffff, 0x0, 0x3) (async)
accept4$tipc(r4, 0x0, &(0x7f0000000300), 0x80000) (async)
ioctl$PIO_FONT(r2, 0x4b61, &(0x7f0000000600)="a6319283eb19089754f62cf873c5cb00048764147b125cc588a3fd5dbe1154a4596a45e6918d5f150e4165b37b9baeeb28654df300b2d16d25f7b1afa1b9e69f47f0444d82a76944559607a3db30889bb3941653cfb642e589") (async)
socket$kcm(0x10, 0x2, 0x4) (async)
setsockopt$inet_sctp_SCTP_MAX_BURST(r3, 0x84, 0x14, &(0x7f0000000340)=@assoc_value={0x0, 0x800}, 0x8) (async)
socket$kcm(0x10, 0x2, 0x4) (async)
sendmsg$kcm(r6, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000000)="48000000140081fb7059ae08060c04000aff0f03000004000e11000000006fabca1b4e7d06a6bd7c493872f750375ed08a562ad6e74703c48f93b82a02000000461eb886a5e54e8f", 0x48}], 0x1}, 0x0) (async)
poll(&(0x7f0000000340), 0x0, 0x7) (async)

[  363.274937][T26240] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[  363.294544][T26240] RSP: 002b:00007f9932e3b168 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[  363.303039][T26240] RAX: ffffffffffffffda RBX: 00007f99337f9030 RCX: 00007f99336e60e9
[  363.311049][T26240] RDX: 0000000000000000 RSI: 000000000000000b RDI: 0000000000000004
[  363.319020][T26240] RBP: 00007f9932e3b1d0 R08: 0000000000000000 R09: 0000000000000000
[  363.327053][T26240] R10: 0000000080000001 R11: 0000000000000246 R12: 0000000000000002
[  363.335093][T26240] R13: 00007ffd90c343df R14: 00007f9932e3b300 R15: 0000000000022000
[  363.343099][T26240]  </TASK>
[  363.379668][T26245] loop5: detected capacity change from 0 to 262160
11:47:39 executing program 1:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mount(0x0, 0x0, 0x0, 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80009300)
ioctl$BTRFS_IOC_GET_DEV_STATS(0xffffffffffffffff, 0xc4089434, 0x0)

11:47:39 executing program 0:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
syz_open_procfs(0x0, &(0x7f00000001c0)='net/ip_vs_stats\x00')
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001) (fail_nth: 12)

[  363.392942][T26247] loop3: detected capacity change from 0 to 262160
[  363.404186][T26250] loop4: detected capacity change from 0 to 264192
[  363.449887][T26252] loop0: detected capacity change from 0 to 262160
[  363.482750][T26255] loop1: detected capacity change from 0 to 262160
11:47:39 executing program 4:
r0 = openat$zero(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
ioctl$sock_ipv6_tunnel_SIOCCHG6RD(r0, 0x89fb, &(0x7f0000000200)={'syztnl1\x00', &(0x7f0000000180)={'sit0\x00', <r1=>0x0, 0x2f, 0x7, 0xe7, 0x2, 0x50, @empty, @empty, 0x1, 0x8, 0x0, 0x7}}) (async)
syz_mount_image$vfat(&(0x7f00000002c0), &(0x7f0000000100)='./file0\x00', 0x0, 0x6, &(0x7f0000000680)=[{&(0x7f0000000240)="eb3c8f000000732e6661740002010100bb12c83b197502", 0x17}, {0x0, 0x0, 0x10000001000}, {&(0x7f0000000480)="a730dd2a2a604629595b22427fe312c1df7320afdb157b39930d9cac3bf6726e286620e3613c401c752747d38d337ac4442e8c77ea715277f9de4aad7e19fad5375b9599b4d182c389f4ef078e5cdc7c7f9c21415331e3a826f06c57c33278", 0x5f, 0x17fffffff}, {&(0x7f0000000500)="2deabdc84f2ece3b28d2629c68da762977f74cd986496277bfc6924557c763e776788e81a68f2876fe52b5e25206a003ad8e0f31aa1cba8c8ebc7c5b9e27c2735506a1209f9153922e1700b5f6be448399ec2756db1969c686ad3852c9332dd58b8ebcaa72b4de8ff25faede18b39afba93584184437fbde5e153235d93406cfc912de1d556452679eb7eb3ac626260812c2a6d25b0dcba61c67736f4e84a8dad2", 0xa1, 0xffffffffffff759a}, {&(0x7f00000005c0)="9260e5b98a479c4d31029623038714504396438df3e475c60c8bd213fc630e57b8bb89ca110aa7d5dce3aa95d466df4d6946c5be", 0x34, 0xe0a}, {&(0x7f0000000280), 0x0, 0x3}], 0x3054010, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00') (async)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r0, 0x89f1, &(0x7f0000000280)={'ip6tnl0\x00', &(0x7f00000003c0)={'ip6tnl0\x00', r1, 0x29, 0x7, 0x4a, 0x1f, 0x68, @mcast2, @empty, 0x80, 0x10, 0x1, 0x10000004}}) (async)
write$binfmt_script(r2, &(0x7f0000000040)=ANY=[], 0x8800000) (async)
r3 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0) (async)
r4 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
ioctl$FS_IOC_SETFLAGS(r4, 0x40086602, &(0x7f0000000040)) (async)
ioctl$TIOCL_SCROLLCONSOLE(r4, 0x541c, &(0x7f0000000040)={0xd, 0xffffffff}) (async)
r5 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r5, 0xffffffffffffffff, 0x0, 0x3) (async)
accept4$tipc(r4, 0x0, &(0x7f0000000300), 0x80000) (async)
ioctl$PIO_FONT(r2, 0x4b61, &(0x7f0000000600)="a6319283eb19089754f62cf873c5cb00048764147b125cc588a3fd5dbe1154a4596a45e6918d5f150e4165b37b9baeeb28654df300b2d16d25f7b1afa1b9e69f47f0444d82a76944559607a3db30889bb3941653cfb642e589")
socket$kcm(0x10, 0x2, 0x4) (async)
setsockopt$inet_sctp_SCTP_MAX_BURST(r3, 0x84, 0x14, &(0x7f0000000340)=@assoc_value={0x0, 0x800}, 0x8)
r6 = socket$kcm(0x10, 0x2, 0x4)
sendmsg$kcm(r6, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000000)="48000000140081fb7059ae08060c04000aff0f03000004000e11000000006fabca1b4e7d06a6bd7c493872f750375ed08a562ad6e74703c48f93b82a02000000461eb886a5e54e8f", 0x48}], 0x1}, 0x0) (async)
poll(&(0x7f0000000340), 0x0, 0x7)

[  363.548697][T26276] FAULT_INJECTION: forcing a failure.
[  363.548697][T26276] name failslab, interval 1, probability 0, space 0, times 0
[  363.561379][T26276] CPU: 0 PID: 26276 Comm: syz-executor.0 Not tainted 5.18.0-rc2-syzkaller-00275-g59250f8a7f3a-dirty #0
[  363.572404][T26276] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  363.582469][T26276] Call Trace:
[  363.585752][T26276]  <TASK>
[  363.588682][T26276]  dump_stack_lvl+0xd6/0x122
11:47:39 executing program 4:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)
ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f00000001c0)=0x1)
fsetxattr$trusted_overlay_origin(r1, &(0x7f00000000c0), &(0x7f0000000180), 0x2, 0x2)

[  363.592076][T26280] loop4: detected capacity change from 0 to 264192
[  363.593351][T26276]  dump_stack+0x11/0x12
[  363.593379][T26276]  should_fail+0x230/0x240
[  363.608411][T26276]  __should_failslab+0x81/0x90
[  363.613181][T26276]  ? mempool_alloc_slab+0x16/0x20
[  363.618213][T26276]  should_failslab+0x5/0x20
[  363.622717][T26276]  kmem_cache_alloc+0x46/0x300
[  363.627659][T26276]  mempool_alloc_slab+0x16/0x20
[  363.632542][T26276]  ? mempool_free+0x130/0x130
[  363.637226][T26276]  mempool_alloc+0x9f/0x2a0
[  363.641796][T26276]  ? __schedule+0x514/0x6c0
[  363.646314][T26276]  bio_alloc_bioset+0xe4/0x730
[  363.651086][T26276]  submit_bh_wbc+0x161/0x2f0
[  363.655678][T26276]  write_dirty_buffer+0xdb/0xe0
[  363.660532][T26276]  fat_sync_bhs+0x52/0x160
[  363.664966][T26276]  fat_alloc_clusters+0x935/0xa80
[  363.670017][T26276]  fat_get_block+0x263/0x600
[  363.674667][T26276]  ? fat_block_truncate_page+0x30/0x30
[  363.680193][T26276]  __block_write_begin_int+0x33d/0xc90
[  363.685694][T26276]  ? fat_block_truncate_page+0x30/0x30
[  363.691250][T26276]  ? PageHeadHuge+0x3b/0x120
[  363.695845][T26276]  ? fat_block_truncate_page+0x30/0x30
[  363.701331][T26276]  block_write_begin+0x77/0x170
[  363.706332][T26276]  ? cont_write_begin+0x3aa/0x500
[  363.711362][T26276]  cont_write_begin+0x3cf/0x500
[  363.716285][T26276]  fat_write_begin+0x61/0xf0
[  363.720882][T26276]  ? fat_block_truncate_page+0x30/0x30
[  363.726373][T26276]  generic_perform_write+0x1d6/0x3f0
[  363.731667][T26276]  __generic_file_write_iter+0x172/0x280
[  363.737302][T26276]  ? generic_write_checks+0x256/0x290
[  363.742702][T26276]  generic_file_write_iter+0x75/0x130
[  363.748079][T26276]  do_iter_readv_writev+0x27b/0x300
[  363.753295][T26276]  do_iter_write+0x16f/0x5c0
[  363.757909][T26276]  ? splice_from_pipe_next+0x34f/0x3b0
[  363.763377][T26276]  vfs_iter_write+0x4c/0x70
[  363.767885][T26276]  iter_file_splice_write+0x44a/0x7c0
[  363.773269][T26276]  ? splice_from_pipe+0xc0/0xc0
[  363.778129][T26276]  direct_splice_actor+0x80/0xa0
[  363.783074][T26276]  splice_direct_to_actor+0x345/0x660
[  363.788541][T26276]  ? do_splice_direct+0x180/0x180
[  363.793568][T26276]  do_splice_direct+0xfb/0x180
[  363.798343][T26276]  do_sendfile+0x3ad/0x900
[  363.802879][T26276]  __x64_sys_sendfile64+0x10c/0x150
[  363.808095][T26276]  do_syscall_64+0x2b/0x70
[  363.812519][T26276]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  363.818577][T26276] RIP: 0033:0x7f99336e60e9
[  363.823046][T26276] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
11:47:40 executing program 5:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x7000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

11:47:40 executing program 3:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80002400)

[  363.842659][T26276] RSP: 002b:00007f9932e3b168 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[  363.851136][T26276] RAX: ffffffffffffffda RBX: 00007f99337f9030 RCX: 00007f99336e60e9
[  363.859111][T26276] RDX: 0000000000000000 RSI: 000000000000000b RDI: 0000000000000004
[  363.867151][T26276] RBP: 00007f9932e3b1d0 R08: 0000000000000000 R09: 0000000000000000
[  363.875217][T26276] R10: 0000000080000001 R11: 0000000000000246 R12: 0000000000000002
[  363.883324][T26276] R13: 00007ffd90c343df R14: 00007f9932e3b300 R15: 0000000000022000
[  363.891362][T26276]  </TASK>
11:47:40 executing program 1:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mount(0x0, 0x0, 0x0, 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80009400)
ioctl$BTRFS_IOC_GET_DEV_STATS(0xffffffffffffffff, 0xc4089434, 0x0)

[  363.956793][T26292] loop3: detected capacity change from 0 to 262160
[  363.964967][T26294] loop5: detected capacity change from 0 to 262160
[  363.983725][T26296] loop1: detected capacity change from 0 to 262160
11:47:40 executing program 2:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800026)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

11:47:40 executing program 0:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
syz_open_procfs(0x0, &(0x7f00000001c0)='net/ip_vs_stats\x00')
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001) (fail_nth: 13)

11:47:40 executing program 3:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80002500)

11:47:40 executing program 1:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mount(0x0, 0x0, 0x0, 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80009500)
ioctl$BTRFS_IOC_GET_DEV_STATS(0xffffffffffffffff, 0xc4089434, 0x0)

[  364.196167][T26303] loop0: detected capacity change from 0 to 262160
11:47:40 executing program 5:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800002)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

[  364.295364][T26308] loop3: detected capacity change from 0 to 262160
[  364.312085][T26310] loop1: detected capacity change from 0 to 262160
[  364.322214][T26307] FAULT_INJECTION: forcing a failure.
[  364.322214][T26307] name failslab, interval 1, probability 0, space 0, times 0
[  364.335010][T26307] CPU: 0 PID: 26307 Comm: syz-executor.0 Not tainted 5.18.0-rc2-syzkaller-00275-g59250f8a7f3a-dirty #0
[  364.346028][T26307] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  364.356083][T26307] Call Trace:
[  364.359357][T26307]  <TASK>
[  364.362278][T26307]  dump_stack_lvl+0xd6/0x122
[  364.366901][T26307]  dump_stack+0x11/0x12
[  364.371113][T26307]  should_fail+0x230/0x240
[  364.375543][T26307]  __should_failslab+0x81/0x90
[  364.380301][T26307]  ? mempool_alloc_slab+0x16/0x20
[  364.385340][T26307]  should_failslab+0x5/0x20
[  364.389842][T26307]  kmem_cache_alloc+0x46/0x300
[  364.394606][T26307]  mempool_alloc_slab+0x16/0x20
[  364.399464][T26307]  ? mempool_free+0x130/0x130
[  364.404152][T26307]  mempool_alloc+0x9f/0x2a0
[  364.408668][T26307]  bio_alloc_bioset+0xe4/0x730
[  364.413441][T26307]  submit_bh_wbc+0x161/0x2f0
[  364.418039][T26307]  __sync_dirty_buffer+0x141/0x1f0
[  364.423171][T26307]  sync_dirty_buffer+0x16/0x20
[  364.427986][T26307]  fat_mirror_bhs+0x268/0x330
[  364.432744][T26307]  fat_alloc_clusters+0x983/0xa80
[  364.437798][T26307]  fat_get_block+0x263/0x600
[  364.442404][T26307]  ? fat_block_truncate_page+0x30/0x30
[  364.447875][T26307]  __block_write_begin_int+0x33d/0xc90
[  364.453399][T26307]  ? fat_block_truncate_page+0x30/0x30
[  364.458869][T26307]  ? PageHeadHuge+0x3b/0x120
[  364.463463][T26307]  ? fat_block_truncate_page+0x30/0x30
[  364.468932][T26307]  block_write_begin+0x77/0x170
[  364.473809][T26307]  ? cont_write_begin+0x3aa/0x500
[  364.478843][T26307]  cont_write_begin+0x3cf/0x500
[  364.483699][T26307]  fat_write_begin+0x61/0xf0
[  364.488293][T26307]  ? fat_block_truncate_page+0x30/0x30
[  364.493764][T26307]  generic_perform_write+0x1d6/0x3f0
[  364.499124][T26307]  __generic_file_write_iter+0x172/0x280
[  364.504763][T26307]  ? generic_write_checks+0x256/0x290
[  364.510181][T26307]  generic_file_write_iter+0x75/0x130
[  364.515642][T26307]  do_iter_readv_writev+0x27b/0x300
[  364.520844][T26307]  do_iter_write+0x16f/0x5c0
[  364.525451][T26307]  ? splice_from_pipe_next+0x34f/0x3b0
[  364.530947][T26307]  vfs_iter_write+0x4c/0x70
[  364.535460][T26307]  iter_file_splice_write+0x44a/0x7c0
[  364.540862][T26307]  ? splice_from_pipe+0xc0/0xc0
[  364.545773][T26307]  direct_splice_actor+0x80/0xa0
[  364.550758][T26307]  splice_direct_to_actor+0x345/0x660
[  364.556136][T26307]  ? do_splice_direct+0x180/0x180
[  364.561180][T26307]  do_splice_direct+0xfb/0x180
[  364.565950][T26307]  do_sendfile+0x3ad/0x900
[  364.570371][T26307]  __x64_sys_sendfile64+0x10c/0x150
[  364.575649][T26307]  do_syscall_64+0x2b/0x70
[  364.580076][T26307]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  364.585974][T26307] RIP: 0033:0x7f99336e60e9
[  364.590385][T26307] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[  364.610041][T26307] RSP: 002b:00007f9932e3b168 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[  364.618522][T26307] RAX: ffffffffffffffda RBX: 00007f99337f9030 RCX: 00007f99336e60e9
[  364.626488][T26307] RDX: 0000000000000000 RSI: 000000000000000b RDI: 0000000000000004
[  364.634452][T26307] RBP: 00007f9932e3b1d0 R08: 0000000000000000 R09: 0000000000000000
11:47:40 executing program 4:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00') (async)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0) (async)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001) (async)
ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f00000001c0)=0x1) (async)
fsetxattr$trusted_overlay_origin(r1, &(0x7f00000000c0), &(0x7f0000000180), 0x2, 0x2)

[  364.642437][T26307] R10: 0000000080000001 R11: 0000000000000246 R12: 0000000000000002
[  364.650394][T26307] R13: 00007ffd90c343df R14: 00007f9932e3b300 R15: 0000000000022000
[  364.658354][T26307]  </TASK>
[  364.683060][T26319] loop5: detected capacity change from 0 to 262160
[  364.706342][T26321] loop4: detected capacity change from 0 to 262160
11:47:40 executing program 2:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800027)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

11:47:40 executing program 0:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
syz_open_procfs(0x0, &(0x7f00000001c0)='net/ip_vs_stats\x00')
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001) (fail_nth: 14)

11:47:41 executing program 4:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)
ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f00000001c0)=0x1)
fsetxattr$trusted_overlay_origin(r1, &(0x7f00000000c0), &(0x7f0000000180), 0x2, 0x2)
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[]) (async)
chdir(&(0x7f0000000140)='./file0\x00') (async)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0) (async)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000) (async)
open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0) (async)
openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) (async)
sendfile(r1, r2, 0x0, 0x80000001) (async)
ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f00000001c0)=0x1) (async)
fsetxattr$trusted_overlay_origin(r1, &(0x7f00000000c0), &(0x7f0000000180), 0x2, 0x2) (async)

[  364.862215][T26329] loop0: detected capacity change from 0 to 262160
[  364.878227][T26330] loop4: detected capacity change from 0 to 262160
[  364.956133][T26334] FAULT_INJECTION: forcing a failure.
[  364.956133][T26334] name failslab, interval 1, probability 0, space 0, times 0
[  364.968830][T26334] CPU: 1 PID: 26334 Comm: syz-executor.0 Not tainted 5.18.0-rc2-syzkaller-00275-g59250f8a7f3a-dirty #0
[  364.979932][T26334] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  364.989984][T26334] Call Trace:
[  364.993262][T26334]  <TASK>
[  364.996187][T26334]  dump_stack_lvl+0xd6/0x122
[  365.000785][T26334]  dump_stack+0x11/0x12
11:47:41 executing program 5:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800003)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

[  365.004946][T26334]  should_fail+0x230/0x240
[  365.009380][T26334]  __should_failslab+0x81/0x90
[  365.014143][T26334]  ? mempool_alloc_slab+0x16/0x20
[  365.019205][T26334]  should_failslab+0x5/0x20
[  365.023706][T26334]  kmem_cache_alloc+0x46/0x300
[  365.028475][T26334]  mempool_alloc_slab+0x16/0x20
[  365.033423][T26334]  ? mempool_free+0x130/0x130
[  365.038109][T26334]  mempool_alloc+0x9f/0x2a0
[  365.042672][T26334]  bio_alloc_bioset+0xe4/0x730
[  365.047445][T26334]  submit_bh_wbc+0x161/0x2f0
11:47:41 executing program 1:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mount(0x0, 0x0, 0x0, 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80009600)
ioctl$BTRFS_IOC_GET_DEV_STATS(0xffffffffffffffff, 0xc4089434, 0x0)

[  365.052038][T26334]  write_dirty_buffer+0xdb/0xe0
[  365.056898][T26334]  fat_sync_bhs+0x52/0x160
[  365.061346][T26334]  fat_ent_write+0x85/0xd0
[  365.065800][T26334]  fat_chain_add+0x15b/0x410
[  365.070395][T26334]  fat_get_block+0x486/0x600
[  365.074987][T26334]  ? fat_block_truncate_page+0x30/0x30
[  365.080454][T26334]  __block_write_begin_int+0x33d/0xc90
[  365.085999][T26334]  ? fat_block_truncate_page+0x30/0x30
[  365.091528][T26334]  ? PageHeadHuge+0x3b/0x120
[  365.096204][T26334]  ? fat_block_truncate_page+0x30/0x30
[  365.101695][T26334]  block_write_begin+0x77/0x170
[  365.106577][T26334]  ? cont_write_begin+0x3aa/0x500
[  365.111643][T26334]  cont_write_begin+0x3cf/0x500
[  365.116498][T26334]  fat_write_begin+0x61/0xf0
[  365.121101][T26334]  ? fat_block_truncate_page+0x30/0x30
[  365.126566][T26334]  generic_perform_write+0x1d6/0x3f0
[  365.131874][T26334]  __generic_file_write_iter+0x172/0x280
[  365.137673][T26334]  ? generic_write_checks+0x256/0x290
[  365.143049][T26334]  generic_file_write_iter+0x75/0x130
[  365.148422][T26334]  do_iter_readv_writev+0x27b/0x300
11:47:41 executing program 3:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80002600)

11:47:41 executing program 4:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)
ioctl$AUTOFS_IOC_EXPIRE_MULTI(r2, 0x40049366, &(0x7f00000000c0)=0x1)

[  365.153622][T26334]  do_iter_write+0x16f/0x5c0
[  365.158300][T26334]  ? splice_from_pipe_next+0x34f/0x3b0
[  365.163764][T26334]  vfs_iter_write+0x4c/0x70
[  365.168300][T26334]  iter_file_splice_write+0x44a/0x7c0
[  365.173676][T26334]  ? splice_from_pipe+0xc0/0xc0
[  365.178523][T26334]  direct_splice_actor+0x80/0xa0
[  365.183498][T26334]  splice_direct_to_actor+0x345/0x660
[  365.188876][T26334]  ? do_splice_direct+0x180/0x180
[  365.193909][T26334]  do_splice_direct+0xfb/0x180
[  365.198685][T26334]  do_sendfile+0x3ad/0x900
11:47:41 executing program 2:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800028)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

[  365.203099][T26334]  __x64_sys_sendfile64+0x10c/0x150
[  365.208369][T26334]  do_syscall_64+0x2b/0x70
[  365.212781][T26334]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  365.218682][T26334] RIP: 0033:0x7f99336e60e9
[  365.223084][T26334] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[  365.242688][T26334] RSP: 002b:00007f9932e3b168 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[  365.251101][T26334] RAX: ffffffffffffffda RBX: 00007f99337f9030 RCX: 00007f99336e60e9
[  365.259089][T26334] RDX: 0000000000000000 RSI: 000000000000000b RDI: 0000000000000004
[  365.267061][T26334] RBP: 00007f9932e3b1d0 R08: 0000000000000000 R09: 0000000000000000
[  365.275092][T26334] R10: 0000000080000001 R11: 0000000000000246 R12: 0000000000000002
[  365.283112][T26334] R13: 00007ffd90c343df R14: 00007f9932e3b300 R15: 0000000000022000
[  365.291145][T26334]  </TASK>
[  365.361646][T26342] loop1: detected capacity change from 0 to 262160
[  365.369902][T26344] loop4: detected capacity change from 0 to 262160
[  365.378308][T26346] loop5: detected capacity change from 0 to 262160
11:47:41 executing program 0:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
syz_open_procfs(0x0, &(0x7f00000001c0)='net/ip_vs_stats\x00')
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001) (fail_nth: 15)

[  365.440448][T26350] loop3: detected capacity change from 0 to 262160
[  365.532552][T26355] loop0: detected capacity change from 0 to 262160
[  365.674493][T26357] FAULT_INJECTION: forcing a failure.
[  365.674493][T26357] name failslab, interval 1, probability 0, space 0, times 0
[  365.687169][T26357] CPU: 0 PID: 26357 Comm: syz-executor.0 Not tainted 5.18.0-rc2-syzkaller-00275-g59250f8a7f3a-dirty #0
[  365.698284][T26357] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  365.708344][T26357] Call Trace:
[  365.711663][T26357]  <TASK>
[  365.714614][T26357]  dump_stack_lvl+0xd6/0x122
[  365.719339][T26357]  dump_stack+0x11/0x12
11:47:41 executing program 5:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800004)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

11:47:41 executing program 4:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00') (async)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000) (async)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0) (async)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)
ioctl$AUTOFS_IOC_EXPIRE_MULTI(r2, 0x40049366, &(0x7f00000000c0)=0x1)

11:47:41 executing program 1:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mount(0x0, 0x0, 0x0, 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80009700)
ioctl$BTRFS_IOC_GET_DEV_STATS(0xffffffffffffffff, 0xc4089434, 0x0)

11:47:41 executing program 2:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800029)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

[  365.723497][T26357]  should_fail+0x230/0x240
[  365.727917][T26357]  __should_failslab+0x81/0x90
[  365.732677][T26357]  ? mempool_alloc_slab+0x16/0x20
[  365.737700][T26357]  should_failslab+0x5/0x20
[  365.742204][T26357]  kmem_cache_alloc+0x46/0x300
[  365.747074][T26357]  ? update_cfs_rq_load_avg+0x16e/0x180
[  365.752626][T26357]  mempool_alloc_slab+0x16/0x20
[  365.757480][T26357]  ? mempool_free+0x130/0x130
[  365.762164][T26357]  mempool_alloc+0x9f/0x2a0
[  365.766680][T26357]  ? __schedule+0x514/0x6c0
11:47:41 executing program 3:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80002700)

[  365.771186][T26357]  bio_alloc_bioset+0xe4/0x730
[  365.775956][T26357]  submit_bh_wbc+0x161/0x2f0
[  365.780631][T26357]  __sync_dirty_buffer+0x141/0x1f0
[  365.785759][T26357]  sync_dirty_buffer+0x16/0x20
[  365.790571][T26357]  fat_mirror_bhs+0x268/0x330
[  365.795264][T26357]  fat_ent_write+0xc2/0xd0
[  365.799700][T26357]  fat_chain_add+0x15b/0x410
[  365.804307][T26357]  fat_get_block+0x486/0x600
[  365.808903][T26357]  ? fat_block_truncate_page+0x30/0x30
[  365.814442][T26357]  __block_write_begin_int+0x33d/0xc90
[  365.819903][T26357]  ? fat_block_truncate_page+0x30/0x30
[  365.825440][T26357]  ? PageHeadHuge+0x3b/0x120
[  365.830035][T26357]  ? fat_block_truncate_page+0x30/0x30
[  365.835497][T26357]  block_write_begin+0x77/0x170
[  365.840344][T26357]  ? cont_write_begin+0x3aa/0x500
[  365.845370][T26357]  cont_write_begin+0x3cf/0x500
[  365.850221][T26357]  fat_write_begin+0x61/0xf0
[  365.854897][T26357]  ? fat_block_truncate_page+0x30/0x30
[  365.860492][T26357]  generic_perform_write+0x1d6/0x3f0
[  365.865851][T26357]  __generic_file_write_iter+0x172/0x280
[  365.871475][T26357]  ? generic_write_checks+0x256/0x290
[  365.876849][T26357]  generic_file_write_iter+0x75/0x130
[  365.882224][T26357]  do_iter_readv_writev+0x27b/0x300
[  365.887505][T26357]  do_iter_write+0x16f/0x5c0
[  365.892094][T26357]  ? delay_tsc+0xc1/0xe0
[  365.896411][T26357]  vfs_iter_write+0x4c/0x70
[  365.900945][T26357]  iter_file_splice_write+0x44a/0x7c0
[  365.906318][T26357]  ? splice_from_pipe+0xc0/0xc0
[  365.911232][T26357]  direct_splice_actor+0x80/0xa0
[  365.916228][T26357]  splice_direct_to_actor+0x345/0x660
11:47:42 executing program 2:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x880002a)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

[  365.921685][T26357]  ? do_splice_direct+0x180/0x180
[  365.926746][T26357]  do_splice_direct+0xfb/0x180
[  365.931592][T26357]  do_sendfile+0x3ad/0x900
[  365.936006][T26357]  __x64_sys_sendfile64+0x10c/0x150
[  365.941261][T26357]  do_syscall_64+0x2b/0x70
[  365.945674][T26357]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  365.951571][T26357] RIP: 0033:0x7f99336e60e9
[  365.955989][T26357] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[  365.975621][T26357] RSP: 002b:00007f9932e3b168 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[  365.984041][T26357] RAX: ffffffffffffffda RBX: 00007f99337f9030 RCX: 00007f99336e60e9
[  365.992037][T26357] RDX: 0000000000000000 RSI: 000000000000000b RDI: 0000000000000004
[  366.000009][T26357] RBP: 00007f9932e3b1d0 R08: 0000000000000000 R09: 0000000000000000
[  366.007992][T26357] R10: 0000000080000001 R11: 0000000000000246 R12: 0000000000000002
[  366.015964][T26357] R13: 00007ffd90c343df R14: 00007f9932e3b300 R15: 0000000000022000
[  366.023968][T26357]  </TASK>
[  366.063502][T26366] loop4: detected capacity change from 0 to 262160
[  366.072291][T26369] loop5: detected capacity change from 0 to 262160
[  366.074912][T26368] loop1: detected capacity change from 0 to 262160
[  366.087644][T26371] loop3: detected capacity change from 0 to 262160
11:47:42 executing program 0:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
syz_open_procfs(0x0, &(0x7f00000001c0)='net/ip_vs_stats\x00')
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001) (fail_nth: 16)

[  366.318763][T26379] loop0: detected capacity change from 0 to 262160
11:47:42 executing program 5:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800005)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

[  366.406715][T26380] FAULT_INJECTION: forcing a failure.
[  366.406715][T26380] name failslab, interval 1, probability 0, space 0, times 0
[  366.419379][T26380] CPU: 1 PID: 26380 Comm: syz-executor.0 Not tainted 5.18.0-rc2-syzkaller-00275-g59250f8a7f3a-dirty #0
[  366.430402][T26380] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  366.440460][T26380] Call Trace:
[  366.443736][T26380]  <TASK>
[  366.446662][T26380]  dump_stack_lvl+0xd6/0x122
[  366.451363][T26380]  dump_stack+0x11/0x12
[  366.455525][T26380]  should_fail+0x230/0x240
[  366.459964][T26380]  __should_failslab+0x81/0x90
[  366.464736][T26380]  ? fat_cache_add+0x1f7/0x4e0
[  366.469617][T26380]  should_failslab+0x5/0x20
[  366.474124][T26380]  kmem_cache_alloc+0x46/0x300
[  366.478995][T26380]  ? fat16_ent_get+0x45/0x60
[  366.483597][T26380]  fat_cache_add+0x1f7/0x4e0
[  366.488193][T26380]  fat_get_cluster+0x62f/0x870
[  366.492966][T26380]  fat_get_mapped_cluster+0xe0/0x250
[  366.498324][T26380]  fat_bmap+0x259/0x290
[  366.502486][T26380]  fat_get_block+0x3c1/0x600
11:47:42 executing program 2:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x880002b)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

11:47:42 executing program 4:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[]) (async)
chdir(&(0x7f0000000140)='./file0\x00') (async)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000) (async)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)
ioctl$AUTOFS_IOC_EXPIRE_MULTI(r2, 0x40049366, &(0x7f00000000c0)=0x1)

11:47:42 executing program 3:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80002800)

11:47:42 executing program 1:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mount(0x0, 0x0, 0x0, 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80009800)
ioctl$BTRFS_IOC_GET_DEV_STATS(0xffffffffffffffff, 0xc4089434, 0x0)

[  366.507115][T26380]  ? fat_block_truncate_page+0x30/0x30
[  366.512630][T26380]  __block_write_begin_int+0x33d/0xc90
[  366.518098][T26380]  ? fat_block_truncate_page+0x30/0x30
[  366.523622][T26380]  ? PageHeadHuge+0x3b/0x120
[  366.528215][T26380]  ? fat_block_truncate_page+0x30/0x30
[  366.533676][T26380]  block_write_begin+0x77/0x170
[  366.538572][T26380]  ? cont_write_begin+0x3aa/0x500
[  366.543670][T26380]  cont_write_begin+0x3cf/0x500
[  366.548632][T26380]  fat_write_begin+0x61/0xf0
[  366.553224][T26380]  ? fat_block_truncate_page+0x30/0x30
[  366.558694][T26380]  generic_perform_write+0x1d6/0x3f0
[  366.564034][T26380]  __generic_file_write_iter+0x172/0x280
[  366.569703][T26380]  ? generic_write_checks+0x256/0x290
[  366.575086][T26380]  generic_file_write_iter+0x75/0x130
[  366.580569][T26380]  do_iter_readv_writev+0x27b/0x300
[  366.585781][T26380]  do_iter_write+0x16f/0x5c0
[  366.590382][T26380]  ? splice_from_pipe_next+0x34f/0x3b0
[  366.595850][T26380]  vfs_iter_write+0x4c/0x70
[  366.600364][T26380]  iter_file_splice_write+0x44a/0x7c0
[  366.605778][T26380]  ? splice_from_pipe+0xc0/0xc0
[  366.610637][T26380]  direct_splice_actor+0x80/0xa0
[  366.615588][T26380]  splice_direct_to_actor+0x345/0x660
[  366.621051][T26380]  ? do_splice_direct+0x180/0x180
[  366.626160][T26380]  do_splice_direct+0xfb/0x180
[  366.630928][T26380]  do_sendfile+0x3ad/0x900
[  366.635402][T26380]  __x64_sys_sendfile64+0x10c/0x150
[  366.640640][T26380]  do_syscall_64+0x2b/0x70
[  366.645194][T26380]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  366.651095][T26380] RIP: 0033:0x7f99336e60e9
11:47:42 executing program 2:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x880002c)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

[  366.655588][T26380] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[  366.675293][T26380] RSP: 002b:00007f9932e3b168 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[  366.683710][T26380] RAX: ffffffffffffffda RBX: 00007f99337f9030 RCX: 00007f99336e60e9
[  366.691683][T26380] RDX: 0000000000000000 RSI: 000000000000000b RDI: 0000000000000004
[  366.699732][T26380] RBP: 00007f9932e3b1d0 R08: 0000000000000000 R09: 0000000000000000
[  366.707710][T26380] R10: 0000000080000001 R11: 0000000000000246 R12: 0000000000000002
[  366.715681][T26380] R13: 00007ffd90c343df R14: 00007f9932e3b300 R15: 0000000000022000
[  366.723652][T26380]  </TASK>
11:47:42 executing program 0:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
syz_open_procfs(0x0, &(0x7f00000001c0)='net/ip_vs_stats\x00')
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001) (fail_nth: 17)

[  366.748497][T26388] loop5: detected capacity change from 0 to 262160
[  366.785346][T26391] loop3: detected capacity change from 0 to 262160
[  366.792305][T26393] loop1: detected capacity change from 0 to 262160
[  366.799228][T26395] loop4: detected capacity change from 0 to 262160
[  366.840289][T26400] loop0: detected capacity change from 0 to 262160
11:47:43 executing program 4:
r0 = syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000180)="eb3c8f000000732e66617400020101000240008080f801", 0x17, 0x9}, {0x0, 0x0, 0x10000001000}], 0x1294498, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r1, &(0x7f0000000040)=ANY=[], 0x8800000)
r2 = open(&(0x7f00000000c0)='./bus\x00', 0x1c5b42, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r2, r3, 0x0, 0x80000001)
mmap(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0xe, 0x1010, r2, 0xdede9000)
ioctl$BTRFS_IOC_SNAP_DESTROY(0xffffffffffffffff, 0x5000940f, &(0x7f0000000300)={{r0}, "3c7950568f9aba878c8c633f72bb0f409254fd5f3e0b15a600fb4b14d77e0f6463c9424bc61b11decdd28686ae81b20e326f1008c006bf17bcc630ff613d9edd1745d6bd198969dca9c610612dd820f760ff0024f5a871c5007c933fd91cc17646b18594d9963ebc935dfeeb53f4a09f4d4cd5a282d2b36ead054912b4d62b19dc9749fdeba86aedaf4b5dd134dd777214adf21ca6049951de03ddb3399dd6f4d24269725d4e614efadeb92388ae9dcdfa2ee126936e8ba044337e0bd463e3adb108bac5c6e309c29a11542c44a845d6bb50be34ac7d6680359a9aee3b940322f529c72efd5568ef49c075f6fc905b87d39e6498ca1a0ad6d62a83fb65b4dc936f42a257d2f217c41bfe808281b2336e123a92157232ebd8fcf3ba508a4a9b0ae1845f308eb91c0a6d8c2cce57a5b4e43b1de3fd9be96fa02546541fccfdaff8bd6f655c82a96b5163fd354a5cc31d2c683f20383087dd78005381c20fe501605953e5c5741da6d8a666f66606988eb26b14f7335d271c03158d22294bd6789af9361191cfb72702c0b7ede1a2d4fe972d01ad8ca82df7df7329652bf33ac50bdaba2df48092a4b2b733b2d6b210edb54e610a1bc2b3a6a63f96c78c8042bbe3c63089f0eecbbe8303c5a5af4ffdb0999250855e01cb41f0947a553e6c52a9f338b15881b0fd090867dd9503533db17261b3b64f5f426b4da82851385a43ad36ba3147c42b53a8101dd22adbde85f8918d1cd952e9e8df221129f04bbcee3b430d7190858976f432938de69af86c08724271fed7fe618b19e3ed7913ac9f6e516798f8952274a649d6153b083386c46f363fe52f1ff1e92aef7081cdd5f64459a5b896afd2ea0e69056392f47d1e2693b556b224d189c4a6d3f17acde416fcf27cae5fbe4e6e05e9d69c13d0abfee4aa0a0a3fd2978fcee3c9f1b64e1e40b216dc03bfc615110aa1a5838b93041331250bdbde229df257a42e4a728cf273863366d4f5e3b200703a043e821b8020e2092f9bd30bc2a13a6c894cd759867a178c30dc4e70076cb8f03bf14c891ce3c4bea02bcefe85494fe80b4590cea1293283b5ca25149ec090662b614cdae6f710a7659b58da32b7f4ec449cddfe3fc232a99a48e19f35f2ab7a34665634f401c5f693cca63d03f0f72acc2e7c222ffc8efd9c0aa0fc2d6751d5da59e476a3072642efcb30c2af2c4a7d745910a0bc101933b1d897b72137b604296ff203800864579438ce08e2bec30a5dbfb41d3e19290718148740dded94323300c0d27298fb38105facfba7be0f2b302abbe0ce5af6a11a6f66c17b03e031e0ff3b12123b6d1a56fd3bef4ef2890af527469a7805738b78f0a1524044cafd0b25b079248126f2485d07530ace0485c72668cef1f9bbdb3f402da2c2e9a4fa23762e7a2e8412448dde68f69eff4b2c1aa11d3fc3e1ef9e78ce1f4e912afc061bbe1b43de8edf81e4bfe6e8c84467d0fcf3eecc1ca2dbd7d8ee8c46a6f13af8b2e94b2dfcef5cc4f91fa7e36b76e33ff589a5c2879ef5fda8eb4e563a0df95e076232d060e06ef0b15359ff3f99b4f9fd2b913eb9503ee074368f5c16573d684f9e35ef25b5a1a74f8b2b80a0015ac72e19bbaef2bb4c72c924bd577fd7f157984459ad89478c6b7916ec85a268067820ac136c71e1ea62d008f4ce6f4e07e5406b32ef6692ca2ce1ff9f86b3652ed0a262cc1109569512d3ecad0eda5c5c8e6e871bc3b99e9928e12b1572dc05eb9eef85f295902173a3a0a71b55c210b8da21dbf613ccd6a3c6e57e12c43190cd6decdac54cbbe09bee474da57d08a8a0f0afa6342153f507fa7a57f0bd40e9cf2b518e4b0db765c24555d9a399e8387e6b0e7f0e6fedfeab0a73abf94ee8e05dc4448943d1a7137b8da14890ae5023671e304212c1a64b5c962876ead4a08af505a49730d3fa926324bbd668f7bfcfffe05b49067836caf8a37ccc11c1130b4481042d9c74b2575e3cf0312a60734b7c8e2e854eafb0b7b2df3f6f62c1487601be85146689a918442875191219ecf43de0d10422b7749724da2d01cba4fbbacc7b3f510cefff80c57b0579b6c1be696a573f94664d1a6eae294aa1f58fcd9d67ba4e22a55adde2a6b13c686cf25f70371e9faf58652e8c5a83034ca3c313d13be804ddbbc46ec278be364b408ec812c2ae6c28ecd78828fbf1eb833df37091b39517f540ac26c68080eb1ba931010be6da5002086f8fde570aa35c2dae68ecbd4591764d0068a9d9eb4ba04ebb388ddb803b72047156b957096c093e2eae9b5082c04e82d6a295ead56448c47bfe9d9111c4bfdb0f62d91348e4a1bf303b26a0fcd34916221a11a2d0920813b7b24e03f66b505a99640f1c585c981496d7568b7118d348d54ea5b55acb8ec69cce42d50820b8e5c66a1808f67ccf1851b2a0ee3b0c6342dc07b2789811bc5ee2fb39221b1a744131a5a127150730f957c218319871fb43580966e1774e08f97567bef400fea8cf2fa1694e1fc828ed0f5b65e957cbb21cc94718ee2a8cf81b12121bb77c5437cc215738ef5abdd5d2f3f3f6e264113939f62e1d3acede98921750cd20211d33b9f94bc0ee62ab008d8636ecaad660439799910281f7b2bfb2efbe20c7df20888919d60c6fbf6a5e65804c06fac75b00bfc052f2a89f57118646d74f8cff28f46fd5cca98f642c54050564cdc8e2a00fcd9275241f6822873aa868b991ae7be1b80321c61b157c8b57fc9710124880ae2102ace09dbda0ec4664ba3f75bbb42a95ee21aa3bddd0b5626727c44779a0518cdf58cd3cc4cce4c6d821b180498412dc78a7ff56f465227e71ed40bb2649b7e9f38904dd184632916da33fa75f1ec0abf30fbb4620e6b0c941ec687c7a1564317947e692c439db42d9039846bb5cee6990606bf21b2c579c17cdde97f6cd6027cca21cb4f4d37496905d5d4e22f977875364dc478470d32860b4b7876f43c28d97dcf2722bca17f2ecf76d0b4986b8a8c525eb8684445582c5c1fa09ccbddc4cf7dc4fcaa50babec2d930eb567f048d748e84de393239405f7d88ae4a4f569a1969b4d2a7a7fd58507114ba818e5a87f5c70cc2ec2c54f35a29526ff2324c8e220acfbb267b5ca47908972914dbb841f78bb04ea09c7df1bf5000ac1350a360138830b7fa02695316104b8d50b397c61eeb86b1620658c1501ffc1ae53929b34f68a49d0e8fd78d931c0f1362676a4504d02a65c39b05bc869c32eb0bf336695f999c41611afad4d9783c1719d32fa2b9b9150dc0f93522cf47af1d3521f9ecb7143d90304d88a399850effab16b0e91cc6dca31bb25cccb59a88ef6c01e3dcf90ba4553958c6948901ea9b8861713f22e002b113a54b8264d52e0c5d6fca281efde1416137d606895e178765e038afea42fcba9877add9fdf237673c6a12a3e0566231cc12cb5ac55c4f9ac02d7af62ed568aafd57a0c5bbcf4bc21085b7d42105ff2c4e181773ff4c35c0620abaee2b82d1cba1dc51a4b9497843aec4e7a44726a64a4411a4e25f3448d0aea2a790bcde2126fabf42c9b962fcc9b751b060ed613d7d438a8a0347dbb917029354a9e56bda55f4c7455757141d339b7d498a7fd2da063fd26f7c082a839ea64eac954b6a4d5a2e7c71114745bcb3b12eebfd98469cd14a9f35a2a4ea6fa3b5864fb17727199cd682657fc27d80b16436954021bd04be278edb63a6e9850ee1480ca31df4c00663a4556ab34f89b23cdeb498c391493f04b15979229e6989b21c56632e25bd130436a19773573786f43be2a56a0c0e3c07cfb116efc3d72986d3e287ea2e2ada88c955515600d4c68f0c564463fdfc8b679ec6cf95229ff05a8c0044368fce6770936043d00eecd28c3fcf8a6be08f7c1c6c8b147dea34cec2b3425c32dbf4ef7c7d62045fe7e29310053cc0fa61b0c8cef817a33ade1d7e5801e9a637fa342999988dd43c9a4bab494f2176b4b516f0d1417bbe6fee3d321f53cf411630218a92bdd41ecc08c6a6ff49beb01d8c22375c97cf872182c31d7758e4fae92ef7fee7a35095c2910544ecdf399f2a1bc4282cbe10088bd190f328de8b9a205c12d8593d3b520fd9c490f227a15c3caa4621115e892ed2ff66a3856c716e41d8af1a2849d428c0c1bbaebbac090d876bb5ed508cea4b1c7246d2ada5250f6c46af29fe549c76b178b3332b7ab0db938e8364335f5dee5340ac5d38004b793476bf1020b3212ba4b33eed6024a42f4217c12f9f4699e991e79642b2c4dfa9cd58ab17f3ca467906b5417138e55722b2950db10247d82750af72a2b09afb6b96631cae107fbdd36286903df41fe61abc27168231b10c7d10725aadb5f43d4d098670c8cd22f62507d831ebf6f7081667cc7a659c4790234314d9654996da6b9e3ea31cf6af5188fa2e5c8a7f27b9d25c169c4b8971b698717ba807e841892efaf471c8ef6205671ca9053c606268fb7d0a5252aab8a9338c83787aef9ebcfcc67a04749d927fd0749fa327d2616a09a4eeb9f9a96dec7903207571250b6d703490f89c7fb5fcbcc8ad33bb1932e546bc70f4c6a8c9c833603677947b281dced05384f70888ba113ded02e92bec990f1a8db5b3c18a2c43ca0e4ce109b687d244ff2ac56640de0d30d97e8a8e956a49a5db94b2e7b4e1263cddded8451b6d3150dd6f968a57a93e38357601af06ef6f5992ee744cd74f53060276eaba04541c9a8a8e87159204dc7bfd44e6ed757e993d89029d255837741f3ca6f49f39533ae25cabf6d2fe4be01b35a7f96a8657d4cd4ef772050e429c57079ca49c58ddf1dc903035d40745e332bd26e15709c84de411f5430a6b20655559db24802fb37f2b9e84e5007ed7754c433a67b49e5eda78e8b1510c6d29a15347bd2a70c76c4338aceda1acf9f3af1a187562506eaa879c08c9254a9fce888e59906c89a4dd15a2df494e03e42bd81d34d779cc2c845a791684a64591b79d00949088459d4aeae7c997edfda5a2ed1585bcf89d02c41f3e0aec8b52408bea8f87bc1c3fa3a4d68044f58307842b929ef0110a52f5f700cfe44192e5e845fc8ed482ae01ea8013e608a31f276e02e40634ffe71f6e23a6346bba1dddbf7ba6c4024ff7abcd1f4bf1d8a0f6576bc14e3960adefd9e66c05cff01dae3ebb159c9f8dd8688465e1fe37e9ed17f1c2d1b512e74590b472739a18f31271f6d07466558d6adce58446c1d454dab2760090284d8735d21b88361b4b95f4112c90a22a9a25b883fe8ef9fd192c05b7f06de613cfbfc22c523aa9b859c4e867135392652ab2105da3d98da57c1dc1a8875ff6db319385f0cef2904a1ff521f406bd17b85b85afb71889295ad47d8b1248b5623c3cb3cc62f9afa6ffc9a1b3314bea2eb61d8af6d1f3fa82f8a036975c415efd5497c332c55f14fa6157751bae5cdfc79bd916849c2260c4d76454db5a2b9ff973e981bdbe8a9af99a91abcc74a953a1dcf2432609ada73078956f31105eabccbc70329cce9d1606c517868b98ab38920e2c1848f30b4727cce33f86a805e7e94dc2058f877f63d54b81265e39ff3115e7c799d20fa5188f0e14a78a3803fbbcf063aa745842642d845ad6e1f01aad84bf54f48bc50b6eb32877e78cd71f7880cd50321f230a5663c73c10ae1ab642fa3d2b6c645e85202c76489a0abc7e6946c52241a377676c2771b77160dc13b7c55c250cb806208261cbd894ea2272de22640b95ed54556753924385de978f6266c573e9de3d2a55f2efacb753603b4f8938ce82fd4740a"})

[  366.961102][T26405] loop4: detected capacity change from 0 to 262160
[  366.980590][T26406] FAULT_INJECTION: forcing a failure.
[  366.980590][T26406] name failslab, interval 1, probability 0, space 0, times 0
[  366.993319][T26406] CPU: 0 PID: 26406 Comm: syz-executor.0 Not tainted 5.18.0-rc2-syzkaller-00275-g59250f8a7f3a-dirty #0
[  367.004400][T26406] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  367.014487][T26406] Call Trace:
[  367.017761][T26406]  <TASK>
[  367.020756][T26406]  dump_stack_lvl+0xd6/0x122
[  367.025354][T26406]  dump_stack+0x11/0x12
[  367.029606][T26406]  should_fail+0x230/0x240
[  367.034027][T26406]  __should_failslab+0x81/0x90
[  367.038841][T26406]  ? mempool_alloc_slab+0x16/0x20
[  367.043935][T26406]  should_failslab+0x5/0x20
[  367.048483][T26406]  kmem_cache_alloc+0x46/0x300
[  367.053245][T26406]  ? folio_mark_accessed+0x12f/0x380
[  367.058541][T26406]  mempool_alloc_slab+0x16/0x20
[  367.063452][T26406]  ? mempool_free+0x130/0x130
[  367.068127][T26406]  mempool_alloc+0x9f/0x2a0
[  367.072635][T26406]  bio_alloc_bioset+0xe4/0x730
[  367.077405][T26406]  submit_bh_wbc+0x161/0x2f0
[  367.081997][T26406]  write_dirty_buffer+0xdb/0xe0
[  367.086922][T26406]  fat_sync_bhs+0x52/0x160
[  367.091410][T26406]  fat_alloc_clusters+0x935/0xa80
[  367.096484][T26406]  fat_get_block+0x263/0x600
[  367.101125][T26406]  ? fat_block_truncate_page+0x30/0x30
11:47:43 executing program 3:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80002900)

11:47:43 executing program 1:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mount(0x0, 0x0, 0x0, 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80009900)
ioctl$BTRFS_IOC_GET_DEV_STATS(0xffffffffffffffff, 0xc4089434, 0x0)

[  367.106629][T26406]  __block_write_begin_int+0x33d/0xc90
[  367.112101][T26406]  ? fat_block_truncate_page+0x30/0x30
[  367.117576][T26406]  ? PageHeadHuge+0x3b/0x120
[  367.122171][T26406]  ? fat_block_truncate_page+0x30/0x30
[  367.127637][T26406]  block_write_begin+0x77/0x170
[  367.132591][T26406]  ? cont_write_begin+0x3aa/0x500
[  367.137624][T26406]  cont_write_begin+0x3cf/0x500
[  367.142481][T26406]  fat_write_begin+0x61/0xf0
[  367.147098][T26406]  ? fat_block_truncate_page+0x30/0x30
[  367.152566][T26406]  generic_perform_write+0x1d6/0x3f0
11:47:43 executing program 2:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x880002d)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

[  367.157857][T26406]  __generic_file_write_iter+0x172/0x280
[  367.163492][T26406]  ? generic_write_checks+0x256/0x290
[  367.168866][T26406]  generic_file_write_iter+0x75/0x130
[  367.174241][T26406]  do_iter_readv_writev+0x27b/0x300
[  367.179483][T26406]  do_iter_write+0x16f/0x5c0
[  367.184083][T26406]  ? splice_from_pipe_next+0x34f/0x3b0
[  367.189578][T26406]  vfs_iter_write+0x4c/0x70
[  367.194089][T26406]  iter_file_splice_write+0x44a/0x7c0
[  367.199490][T26406]  ? splice_from_pipe+0xc0/0xc0
[  367.204378][T26406]  direct_splice_actor+0x80/0xa0
[  367.209323][T26406]  splice_direct_to_actor+0x345/0x660
[  367.214718][T26406]  ? do_splice_direct+0x180/0x180
[  367.219752][T26406]  do_splice_direct+0xfb/0x180
[  367.224523][T26406]  do_sendfile+0x3ad/0x900
[  367.229127][T26406]  __x64_sys_sendfile64+0x10c/0x150
[  367.234336][T26406]  do_syscall_64+0x2b/0x70
[  367.238893][T26406]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  367.244865][T26406] RIP: 0033:0x7f99336e60e9
11:47:43 executing program 5:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800006)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

[  367.249276][T26406] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[  367.268892][T26406] RSP: 002b:00007f9932e3b168 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[  367.277403][T26406] RAX: ffffffffffffffda RBX: 00007f99337f9030 RCX: 00007f99336e60e9
[  367.285554][T26406] RDX: 0000000000000000 RSI: 000000000000000b RDI: 0000000000000004
[  367.293531][T26406] RBP: 00007f9932e3b1d0 R08: 0000000000000000 R09: 0000000000000000
[  367.301511][T26406] R10: 0000000080000001 R11: 0000000000000246 R12: 0000000000000002
[  367.309486][T26406] R13: 00007ffd90c343df R14: 00007f9932e3b300 R15: 0000000000022000
[  367.317469][T26406]  </TASK>
[  367.354384][T26416] loop1: detected capacity change from 0 to 262160
[  367.374424][T26419] loop5: detected capacity change from 0 to 262160
[  367.391024][T26420] loop3: detected capacity change from 0 to 262160
11:47:43 executing program 0:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
syz_open_procfs(0x0, &(0x7f00000001c0)='net/ip_vs_stats\x00')
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001) (fail_nth: 18)

11:47:43 executing program 5:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800007)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

11:47:43 executing program 1:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mount(0x0, 0x0, 0x0, 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80009b00)
ioctl$BTRFS_IOC_GET_DEV_STATS(0xffffffffffffffff, 0xc4089434, 0x0)

11:47:43 executing program 3:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80002a00)

[  367.643717][T26426] loop0: detected capacity change from 0 to 262160
[  367.659698][T26428] loop5: detected capacity change from 0 to 262160
[  367.693767][T26430] loop1: detected capacity change from 0 to 262160
[  367.723128][T26432] loop3: detected capacity change from 0 to 262160
[  367.736808][T26433] FAULT_INJECTION: forcing a failure.
[  367.736808][T26433] name failslab, interval 1, probability 0, space 0, times 0
[  367.749463][T26433] CPU: 1 PID: 26433 Comm: syz-executor.0 Not tainted 5.18.0-rc2-syzkaller-00275-g59250f8a7f3a-dirty #0
[  367.760488][T26433] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  367.770547][T26433] Call Trace:
[  367.773820][T26433]  <TASK>
[  367.776743][T26433]  dump_stack_lvl+0xd6/0x122
[  367.781335][T26433]  dump_stack+0x11/0x12
[  367.785493][T26433]  should_fail+0x230/0x240
[  367.789915][T26433]  __should_failslab+0x81/0x90
[  367.794765][T26433]  ? mempool_alloc_slab+0x16/0x20
[  367.799836][T26433]  should_failslab+0x5/0x20
[  367.804389][T26433]  kmem_cache_alloc+0x46/0x300
[  367.809152][T26433]  mempool_alloc_slab+0x16/0x20
[  367.814018][T26433]  ? mempool_free+0x130/0x130
[  367.818721][T26433]  mempool_alloc+0x9f/0x2a0
[  367.823225][T26433]  bio_alloc_bioset+0xe4/0x730
[  367.828070][T26433]  submit_bh_wbc+0x161/0x2f0
[  367.832663][T26433]  write_dirty_buffer+0xdb/0xe0
[  367.837583][T26433]  fat_sync_bhs+0x52/0x160
11:47:44 executing program 4:
r0 = syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000180)="eb3c8f000000732e66617400020101000240008080f801", 0x17, 0x9}, {0x0, 0x0, 0x10000001000}], 0x1294498, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r1, &(0x7f0000000040)=ANY=[], 0x8800000)
r2 = open(&(0x7f00000000c0)='./bus\x00', 0x1c5b42, 0x0) (async)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r2, r3, 0x0, 0x80000001) (async)
mmap(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0xe, 0x1010, r2, 0xdede9000) (async)
ioctl$BTRFS_IOC_SNAP_DESTROY(0xffffffffffffffff, 0x5000940f, &(0x7f0000000300)={{r0}, "3c7950568f9aba878c8c633f72bb0f409254fd5f3e0b15a600fb4b14d77e0f6463c9424bc61b11decdd28686ae81b20e326f1008c006bf17bcc630ff613d9edd1745d6bd198969dca9c610612dd820f760ff0024f5a871c5007c933fd91cc17646b18594d9963ebc935dfeeb53f4a09f4d4cd5a282d2b36ead054912b4d62b19dc9749fdeba86aedaf4b5dd134dd777214adf21ca6049951de03ddb3399dd6f4d24269725d4e614efadeb92388ae9dcdfa2ee126936e8ba044337e0bd463e3adb108bac5c6e309c29a11542c44a845d6bb50be34ac7d6680359a9aee3b940322f529c72efd5568ef49c075f6fc905b87d39e6498ca1a0ad6d62a83fb65b4dc936f42a257d2f217c41bfe808281b2336e123a92157232ebd8fcf3ba508a4a9b0ae1845f308eb91c0a6d8c2cce57a5b4e43b1de3fd9be96fa02546541fccfdaff8bd6f655c82a96b5163fd354a5cc31d2c683f20383087dd78005381c20fe501605953e5c5741da6d8a666f66606988eb26b14f7335d271c03158d22294bd6789af9361191cfb72702c0b7ede1a2d4fe972d01ad8ca82df7df7329652bf33ac50bdaba2df48092a4b2b733b2d6b210edb54e610a1bc2b3a6a63f96c78c8042bbe3c63089f0eecbbe8303c5a5af4ffdb0999250855e01cb41f0947a553e6c52a9f338b15881b0fd090867dd9503533db17261b3b64f5f426b4da82851385a43ad36ba3147c42b53a8101dd22adbde85f8918d1cd952e9e8df221129f04bbcee3b430d7190858976f432938de69af86c08724271fed7fe618b19e3ed7913ac9f6e516798f8952274a649d6153b083386c46f363fe52f1ff1e92aef7081cdd5f64459a5b896afd2ea0e69056392f47d1e2693b556b224d189c4a6d3f17acde416fcf27cae5fbe4e6e05e9d69c13d0abfee4aa0a0a3fd2978fcee3c9f1b64e1e40b216dc03bfc615110aa1a5838b93041331250bdbde229df257a42e4a728cf273863366d4f5e3b200703a043e821b8020e2092f9bd30bc2a13a6c894cd759867a178c30dc4e70076cb8f03bf14c891ce3c4bea02bcefe85494fe80b4590cea1293283b5ca25149ec090662b614cdae6f710a7659b58da32b7f4ec449cddfe3fc232a99a48e19f35f2ab7a34665634f401c5f693cca63d03f0f72acc2e7c222ffc8efd9c0aa0fc2d6751d5da59e476a3072642efcb30c2af2c4a7d745910a0bc101933b1d897b72137b604296ff203800864579438ce08e2bec30a5dbfb41d3e19290718148740dded94323300c0d27298fb38105facfba7be0f2b302abbe0ce5af6a11a6f66c17b03e031e0ff3b12123b6d1a56fd3bef4ef2890af527469a7805738b78f0a1524044cafd0b25b079248126f2485d07530ace0485c72668cef1f9bbdb3f402da2c2e9a4fa23762e7a2e8412448dde68f69eff4b2c1aa11d3fc3e1ef9e78ce1f4e912afc061bbe1b43de8edf81e4bfe6e8c84467d0fcf3eecc1ca2dbd7d8ee8c46a6f13af8b2e94b2dfcef5cc4f91fa7e36b76e33ff589a5c2879ef5fda8eb4e563a0df95e076232d060e06ef0b15359ff3f99b4f9fd2b913eb9503ee074368f5c16573d684f9e35ef25b5a1a74f8b2b80a0015ac72e19bbaef2bb4c72c924bd577fd7f157984459ad89478c6b7916ec85a268067820ac136c71e1ea62d008f4ce6f4e07e5406b32ef6692ca2ce1ff9f86b3652ed0a262cc1109569512d3ecad0eda5c5c8e6e871bc3b99e9928e12b1572dc05eb9eef85f295902173a3a0a71b55c210b8da21dbf613ccd6a3c6e57e12c43190cd6decdac54cbbe09bee474da57d08a8a0f0afa6342153f507fa7a57f0bd40e9cf2b518e4b0db765c24555d9a399e8387e6b0e7f0e6fedfeab0a73abf94ee8e05dc4448943d1a7137b8da14890ae5023671e304212c1a64b5c962876ead4a08af505a49730d3fa926324bbd668f7bfcfffe05b49067836caf8a37ccc11c1130b4481042d9c74b2575e3cf0312a60734b7c8e2e854eafb0b7b2df3f6f62c1487601be85146689a918442875191219ecf43de0d10422b7749724da2d01cba4fbbacc7b3f510cefff80c57b0579b6c1be696a573f94664d1a6eae294aa1f58fcd9d67ba4e22a55adde2a6b13c686cf25f70371e9faf58652e8c5a83034ca3c313d13be804ddbbc46ec278be364b408ec812c2ae6c28ecd78828fbf1eb833df37091b39517f540ac26c68080eb1ba931010be6da5002086f8fde570aa35c2dae68ecbd4591764d0068a9d9eb4ba04ebb388ddb803b72047156b957096c093e2eae9b5082c04e82d6a295ead56448c47bfe9d9111c4bfdb0f62d91348e4a1bf303b26a0fcd34916221a11a2d0920813b7b24e03f66b505a99640f1c585c981496d7568b7118d348d54ea5b55acb8ec69cce42d50820b8e5c66a1808f67ccf1851b2a0ee3b0c6342dc07b2789811bc5ee2fb39221b1a744131a5a127150730f957c218319871fb43580966e1774e08f97567bef400fea8cf2fa1694e1fc828ed0f5b65e957cbb21cc94718ee2a8cf81b12121bb77c5437cc215738ef5abdd5d2f3f3f6e264113939f62e1d3acede98921750cd20211d33b9f94bc0ee62ab008d8636ecaad660439799910281f7b2bfb2efbe20c7df20888919d60c6fbf6a5e65804c06fac75b00bfc052f2a89f57118646d74f8cff28f46fd5cca98f642c54050564cdc8e2a00fcd9275241f6822873aa868b991ae7be1b80321c61b157c8b57fc9710124880ae2102ace09dbda0ec4664ba3f75bbb42a95ee21aa3bddd0b5626727c44779a0518cdf58cd3cc4cce4c6d821b180498412dc78a7ff56f465227e71ed40bb2649b7e9f38904dd184632916da33fa75f1ec0abf30fbb4620e6b0c941ec687c7a1564317947e692c439db42d9039846bb5cee6990606bf21b2c579c17cdde97f6cd6027cca21cb4f4d37496905d5d4e22f977875364dc478470d32860b4b7876f43c28d97dcf2722bca17f2ecf76d0b4986b8a8c525eb8684445582c5c1fa09ccbddc4cf7dc4fcaa50babec2d930eb567f048d748e84de393239405f7d88ae4a4f569a1969b4d2a7a7fd58507114ba818e5a87f5c70cc2ec2c54f35a29526ff2324c8e220acfbb267b5ca47908972914dbb841f78bb04ea09c7df1bf5000ac1350a360138830b7fa02695316104b8d50b397c61eeb86b1620658c1501ffc1ae53929b34f68a49d0e8fd78d931c0f1362676a4504d02a65c39b05bc869c32eb0bf336695f999c41611afad4d9783c1719d32fa2b9b9150dc0f93522cf47af1d3521f9ecb7143d90304d88a399850effab16b0e91cc6dca31bb25cccb59a88ef6c01e3dcf90ba4553958c6948901ea9b8861713f22e002b113a54b8264d52e0c5d6fca281efde1416137d606895e178765e038afea42fcba9877add9fdf237673c6a12a3e0566231cc12cb5ac55c4f9ac02d7af62ed568aafd57a0c5bbcf4bc21085b7d42105ff2c4e181773ff4c35c0620abaee2b82d1cba1dc51a4b9497843aec4e7a44726a64a4411a4e25f3448d0aea2a790bcde2126fabf42c9b962fcc9b751b060ed613d7d438a8a0347dbb917029354a9e56bda55f4c7455757141d339b7d498a7fd2da063fd26f7c082a839ea64eac954b6a4d5a2e7c71114745bcb3b12eebfd98469cd14a9f35a2a4ea6fa3b5864fb17727199cd682657fc27d80b16436954021bd04be278edb63a6e9850ee1480ca31df4c00663a4556ab34f89b23cdeb498c391493f04b15979229e6989b21c56632e25bd130436a19773573786f43be2a56a0c0e3c07cfb116efc3d72986d3e287ea2e2ada88c955515600d4c68f0c564463fdfc8b679ec6cf95229ff05a8c0044368fce6770936043d00eecd28c3fcf8a6be08f7c1c6c8b147dea34cec2b3425c32dbf4ef7c7d62045fe7e29310053cc0fa61b0c8cef817a33ade1d7e5801e9a637fa342999988dd43c9a4bab494f2176b4b516f0d1417bbe6fee3d321f53cf411630218a92bdd41ecc08c6a6ff49beb01d8c22375c97cf872182c31d7758e4fae92ef7fee7a35095c2910544ecdf399f2a1bc4282cbe10088bd190f328de8b9a205c12d8593d3b520fd9c490f227a15c3caa4621115e892ed2ff66a3856c716e41d8af1a2849d428c0c1bbaebbac090d876bb5ed508cea4b1c7246d2ada5250f6c46af29fe549c76b178b3332b7ab0db938e8364335f5dee5340ac5d38004b793476bf1020b3212ba4b33eed6024a42f4217c12f9f4699e991e79642b2c4dfa9cd58ab17f3ca467906b5417138e55722b2950db10247d82750af72a2b09afb6b96631cae107fbdd36286903df41fe61abc27168231b10c7d10725aadb5f43d4d098670c8cd22f62507d831ebf6f7081667cc7a659c4790234314d9654996da6b9e3ea31cf6af5188fa2e5c8a7f27b9d25c169c4b8971b698717ba807e841892efaf471c8ef6205671ca9053c606268fb7d0a5252aab8a9338c83787aef9ebcfcc67a04749d927fd0749fa327d2616a09a4eeb9f9a96dec7903207571250b6d703490f89c7fb5fcbcc8ad33bb1932e546bc70f4c6a8c9c833603677947b281dced05384f70888ba113ded02e92bec990f1a8db5b3c18a2c43ca0e4ce109b687d244ff2ac56640de0d30d97e8a8e956a49a5db94b2e7b4e1263cddded8451b6d3150dd6f968a57a93e38357601af06ef6f5992ee744cd74f53060276eaba04541c9a8a8e87159204dc7bfd44e6ed757e993d89029d255837741f3ca6f49f39533ae25cabf6d2fe4be01b35a7f96a8657d4cd4ef772050e429c57079ca49c58ddf1dc903035d40745e332bd26e15709c84de411f5430a6b20655559db24802fb37f2b9e84e5007ed7754c433a67b49e5eda78e8b1510c6d29a15347bd2a70c76c4338aceda1acf9f3af1a187562506eaa879c08c9254a9fce888e59906c89a4dd15a2df494e03e42bd81d34d779cc2c845a791684a64591b79d00949088459d4aeae7c997edfda5a2ed1585bcf89d02c41f3e0aec8b52408bea8f87bc1c3fa3a4d68044f58307842b929ef0110a52f5f700cfe44192e5e845fc8ed482ae01ea8013e608a31f276e02e40634ffe71f6e23a6346bba1dddbf7ba6c4024ff7abcd1f4bf1d8a0f6576bc14e3960adefd9e66c05cff01dae3ebb159c9f8dd8688465e1fe37e9ed17f1c2d1b512e74590b472739a18f31271f6d07466558d6adce58446c1d454dab2760090284d8735d21b88361b4b95f4112c90a22a9a25b883fe8ef9fd192c05b7f06de613cfbfc22c523aa9b859c4e867135392652ab2105da3d98da57c1dc1a8875ff6db319385f0cef2904a1ff521f406bd17b85b85afb71889295ad47d8b1248b5623c3cb3cc62f9afa6ffc9a1b3314bea2eb61d8af6d1f3fa82f8a036975c415efd5497c332c55f14fa6157751bae5cdfc79bd916849c2260c4d76454db5a2b9ff973e981bdbe8a9af99a91abcc74a953a1dcf2432609ada73078956f31105eabccbc70329cce9d1606c517868b98ab38920e2c1848f30b4727cce33f86a805e7e94dc2058f877f63d54b81265e39ff3115e7c799d20fa5188f0e14a78a3803fbbcf063aa745842642d845ad6e1f01aad84bf54f48bc50b6eb32877e78cd71f7880cd50321f230a5663c73c10ae1ab642fa3d2b6c645e85202c76489a0abc7e6946c52241a377676c2771b77160dc13b7c55c250cb806208261cbd894ea2272de22640b95ed54556753924385de978f6266c573e9de3d2a55f2efacb753603b4f8938ce82fd4740a"})

[  367.842009][T26433]  fat_ent_write+0x85/0xd0
[  367.846437][T26433]  fat_chain_add+0x15b/0x410
[  367.851207][T26433]  fat_get_block+0x486/0x600
[  367.855855][T26433]  ? fat_block_truncate_page+0x30/0x30
[  367.861379][T26433]  __block_write_begin_int+0x33d/0xc90
[  367.866844][T26433]  ? fat_block_truncate_page+0x30/0x30
[  367.872345][T26433]  ? PageHeadHuge+0x3b/0x120
[  367.877014][T26433]  ? fat_block_truncate_page+0x30/0x30
[  367.882483][T26433]  block_write_begin+0x77/0x170
[  367.887346][T26433]  ? cont_write_begin+0x3aa/0x500
[  367.892388][T26433]  cont_write_begin+0x3cf/0x500
[  367.897305][T26433]  fat_write_begin+0x61/0xf0
[  367.901900][T26433]  ? fat_block_truncate_page+0x30/0x30
[  367.907431][T26433]  generic_perform_write+0x1d6/0x3f0
[  367.912797][T26433]  __generic_file_write_iter+0x172/0x280
[  367.918431][T26433]  ? generic_write_checks+0x256/0x290
[  367.923943][T26433]  generic_file_write_iter+0x75/0x130
[  367.929318][T26433]  do_iter_readv_writev+0x27b/0x300
[  367.934520][T26433]  do_iter_write+0x16f/0x5c0
[  367.939118][T26433]  ? splice_from_pipe_next+0x34f/0x3b0
[  367.944587][T26433]  vfs_iter_write+0x4c/0x70
[  367.949130][T26433]  iter_file_splice_write+0x44a/0x7c0
[  367.954585][T26433]  ? splice_from_pipe+0xc0/0xc0
[  367.959442][T26433]  direct_splice_actor+0x80/0xa0
[  367.964387][T26433]  splice_direct_to_actor+0x345/0x660
[  367.969853][T26433]  ? do_splice_direct+0x180/0x180
[  367.974896][T26433]  do_splice_direct+0xfb/0x180
[  367.979662][T26433]  do_sendfile+0x3ad/0x900
[  367.984128][T26433]  __x64_sys_sendfile64+0x10c/0x150
[  367.985816][T26440] loop4: detected capacity change from 0 to 262160
[  367.989396][T26433]  do_syscall_64+0x2b/0x70
[  367.989424][T26433]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  368.006169][T26433] RIP: 0033:0x7f99336e60e9
[  368.010577][T26433] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[  368.030212][T26433] RSP: 002b:00007f9932e3b168 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
11:47:44 executing program 1:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mount(0x0, 0x0, 0x0, 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80009c00)
ioctl$BTRFS_IOC_GET_DEV_STATS(0xffffffffffffffff, 0xc4089434, 0x0)

11:47:44 executing program 5:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800008)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

11:47:44 executing program 2:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x880002e)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

[  368.038625][T26433] RAX: ffffffffffffffda RBX: 00007f99337f9030 RCX: 00007f99336e60e9
[  368.046590][T26433] RDX: 0000000000000000 RSI: 000000000000000b RDI: 0000000000000004
[  368.054559][T26433] RBP: 00007f9932e3b1d0 R08: 0000000000000000 R09: 0000000000000000
[  368.062602][T26433] R10: 0000000080000001 R11: 0000000000000246 R12: 0000000000000002
[  368.070574][T26433] R13: 00007ffd90c343df R14: 00007f9932e3b300 R15: 0000000000022000
[  368.078545][T26433]  </TASK>
11:47:44 executing program 3:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80002b00)

11:47:44 executing program 4:
r0 = syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000180)="eb3c8f000000732e66617400020101000240008080f801", 0x17, 0x9}, {0x0, 0x0, 0x10000001000}], 0x1294498, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00') (async)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r1, &(0x7f0000000040)=ANY=[], 0x8800000)
r2 = open(&(0x7f00000000c0)='./bus\x00', 0x1c5b42, 0x0) (async, rerun: 32)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) (rerun: 32)
sendfile(r2, r3, 0x0, 0x80000001) (async)
mmap(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0xe, 0x1010, r2, 0xdede9000)
ioctl$BTRFS_IOC_SNAP_DESTROY(0xffffffffffffffff, 0x5000940f, &(0x7f0000000300)={{r0}, "3c7950568f9aba878c8c633f72bb0f409254fd5f3e0b15a600fb4b14d77e0f6463c9424bc61b11decdd28686ae81b20e326f1008c006bf17bcc630ff613d9edd1745d6bd198969dca9c610612dd820f760ff0024f5a871c5007c933fd91cc17646b18594d9963ebc935dfeeb53f4a09f4d4cd5a282d2b36ead054912b4d62b19dc9749fdeba86aedaf4b5dd134dd777214adf21ca6049951de03ddb3399dd6f4d24269725d4e614efadeb92388ae9dcdfa2ee126936e8ba044337e0bd463e3adb108bac5c6e309c29a11542c44a845d6bb50be34ac7d6680359a9aee3b940322f529c72efd5568ef49c075f6fc905b87d39e6498ca1a0ad6d62a83fb65b4dc936f42a257d2f217c41bfe808281b2336e123a92157232ebd8fcf3ba508a4a9b0ae1845f308eb91c0a6d8c2cce57a5b4e43b1de3fd9be96fa02546541fccfdaff8bd6f655c82a96b5163fd354a5cc31d2c683f20383087dd78005381c20fe501605953e5c5741da6d8a666f66606988eb26b14f7335d271c03158d22294bd6789af9361191cfb72702c0b7ede1a2d4fe972d01ad8ca82df7df7329652bf33ac50bdaba2df48092a4b2b733b2d6b210edb54e610a1bc2b3a6a63f96c78c8042bbe3c63089f0eecbbe8303c5a5af4ffdb0999250855e01cb41f0947a553e6c52a9f338b15881b0fd090867dd9503533db17261b3b64f5f426b4da82851385a43ad36ba3147c42b53a8101dd22adbde85f8918d1cd952e9e8df221129f04bbcee3b430d7190858976f432938de69af86c08724271fed7fe618b19e3ed7913ac9f6e516798f8952274a649d6153b083386c46f363fe52f1ff1e92aef7081cdd5f64459a5b896afd2ea0e69056392f47d1e2693b556b224d189c4a6d3f17acde416fcf27cae5fbe4e6e05e9d69c13d0abfee4aa0a0a3fd2978fcee3c9f1b64e1e40b216dc03bfc615110aa1a5838b93041331250bdbde229df257a42e4a728cf273863366d4f5e3b200703a043e821b8020e2092f9bd30bc2a13a6c894cd759867a178c30dc4e70076cb8f03bf14c891ce3c4bea02bcefe85494fe80b4590cea1293283b5ca25149ec090662b614cdae6f710a7659b58da32b7f4ec449cddfe3fc232a99a48e19f35f2ab7a34665634f401c5f693cca63d03f0f72acc2e7c222ffc8efd9c0aa0fc2d6751d5da59e476a3072642efcb30c2af2c4a7d745910a0bc101933b1d897b72137b604296ff203800864579438ce08e2bec30a5dbfb41d3e19290718148740dded94323300c0d27298fb38105facfba7be0f2b302abbe0ce5af6a11a6f66c17b03e031e0ff3b12123b6d1a56fd3bef4ef2890af527469a7805738b78f0a1524044cafd0b25b079248126f2485d07530ace0485c72668cef1f9bbdb3f402da2c2e9a4fa23762e7a2e8412448dde68f69eff4b2c1aa11d3fc3e1ef9e78ce1f4e912afc061bbe1b43de8edf81e4bfe6e8c84467d0fcf3eecc1ca2dbd7d8ee8c46a6f13af8b2e94b2dfcef5cc4f91fa7e36b76e33ff589a5c2879ef5fda8eb4e563a0df95e076232d060e06ef0b15359ff3f99b4f9fd2b913eb9503ee074368f5c16573d684f9e35ef25b5a1a74f8b2b80a0015ac72e19bbaef2bb4c72c924bd577fd7f157984459ad89478c6b7916ec85a268067820ac136c71e1ea62d008f4ce6f4e07e5406b32ef6692ca2ce1ff9f86b3652ed0a262cc1109569512d3ecad0eda5c5c8e6e871bc3b99e9928e12b1572dc05eb9eef85f295902173a3a0a71b55c210b8da21dbf613ccd6a3c6e57e12c43190cd6decdac54cbbe09bee474da57d08a8a0f0afa6342153f507fa7a57f0bd40e9cf2b518e4b0db765c24555d9a399e8387e6b0e7f0e6fedfeab0a73abf94ee8e05dc4448943d1a7137b8da14890ae5023671e304212c1a64b5c962876ead4a08af505a49730d3fa926324bbd668f7bfcfffe05b49067836caf8a37ccc11c1130b4481042d9c74b2575e3cf0312a60734b7c8e2e854eafb0b7b2df3f6f62c1487601be85146689a918442875191219ecf43de0d10422b7749724da2d01cba4fbbacc7b3f510cefff80c57b0579b6c1be696a573f94664d1a6eae294aa1f58fcd9d67ba4e22a55adde2a6b13c686cf25f70371e9faf58652e8c5a83034ca3c313d13be804ddbbc46ec278be364b408ec812c2ae6c28ecd78828fbf1eb833df37091b39517f540ac26c68080eb1ba931010be6da5002086f8fde570aa35c2dae68ecbd4591764d0068a9d9eb4ba04ebb388ddb803b72047156b957096c093e2eae9b5082c04e82d6a295ead56448c47bfe9d9111c4bfdb0f62d91348e4a1bf303b26a0fcd34916221a11a2d0920813b7b24e03f66b505a99640f1c585c981496d7568b7118d348d54ea5b55acb8ec69cce42d50820b8e5c66a1808f67ccf1851b2a0ee3b0c6342dc07b2789811bc5ee2fb39221b1a744131a5a127150730f957c218319871fb43580966e1774e08f97567bef400fea8cf2fa1694e1fc828ed0f5b65e957cbb21cc94718ee2a8cf81b12121bb77c5437cc215738ef5abdd5d2f3f3f6e264113939f62e1d3acede98921750cd20211d33b9f94bc0ee62ab008d8636ecaad660439799910281f7b2bfb2efbe20c7df20888919d60c6fbf6a5e65804c06fac75b00bfc052f2a89f57118646d74f8cff28f46fd5cca98f642c54050564cdc8e2a00fcd9275241f6822873aa868b991ae7be1b80321c61b157c8b57fc9710124880ae2102ace09dbda0ec4664ba3f75bbb42a95ee21aa3bddd0b5626727c44779a0518cdf58cd3cc4cce4c6d821b180498412dc78a7ff56f465227e71ed40bb2649b7e9f38904dd184632916da33fa75f1ec0abf30fbb4620e6b0c941ec687c7a1564317947e692c439db42d9039846bb5cee6990606bf21b2c579c17cdde97f6cd6027cca21cb4f4d37496905d5d4e22f977875364dc478470d32860b4b7876f43c28d97dcf2722bca17f2ecf76d0b4986b8a8c525eb8684445582c5c1fa09ccbddc4cf7dc4fcaa50babec2d930eb567f048d748e84de393239405f7d88ae4a4f569a1969b4d2a7a7fd58507114ba818e5a87f5c70cc2ec2c54f35a29526ff2324c8e220acfbb267b5ca47908972914dbb841f78bb04ea09c7df1bf5000ac1350a360138830b7fa02695316104b8d50b397c61eeb86b1620658c1501ffc1ae53929b34f68a49d0e8fd78d931c0f1362676a4504d02a65c39b05bc869c32eb0bf336695f999c41611afad4d9783c1719d32fa2b9b9150dc0f93522cf47af1d3521f9ecb7143d90304d88a399850effab16b0e91cc6dca31bb25cccb59a88ef6c01e3dcf90ba4553958c6948901ea9b8861713f22e002b113a54b8264d52e0c5d6fca281efde1416137d606895e178765e038afea42fcba9877add9fdf237673c6a12a3e0566231cc12cb5ac55c4f9ac02d7af62ed568aafd57a0c5bbcf4bc21085b7d42105ff2c4e181773ff4c35c0620abaee2b82d1cba1dc51a4b9497843aec4e7a44726a64a4411a4e25f3448d0aea2a790bcde2126fabf42c9b962fcc9b751b060ed613d7d438a8a0347dbb917029354a9e56bda55f4c7455757141d339b7d498a7fd2da063fd26f7c082a839ea64eac954b6a4d5a2e7c71114745bcb3b12eebfd98469cd14a9f35a2a4ea6fa3b5864fb17727199cd682657fc27d80b16436954021bd04be278edb63a6e9850ee1480ca31df4c00663a4556ab34f89b23cdeb498c391493f04b15979229e6989b21c56632e25bd130436a19773573786f43be2a56a0c0e3c07cfb116efc3d72986d3e287ea2e2ada88c955515600d4c68f0c564463fdfc8b679ec6cf95229ff05a8c0044368fce6770936043d00eecd28c3fcf8a6be08f7c1c6c8b147dea34cec2b3425c32dbf4ef7c7d62045fe7e29310053cc0fa61b0c8cef817a33ade1d7e5801e9a637fa342999988dd43c9a4bab494f2176b4b516f0d1417bbe6fee3d321f53cf411630218a92bdd41ecc08c6a6ff49beb01d8c22375c97cf872182c31d7758e4fae92ef7fee7a35095c2910544ecdf399f2a1bc4282cbe10088bd190f328de8b9a205c12d8593d3b520fd9c490f227a15c3caa4621115e892ed2ff66a3856c716e41d8af1a2849d428c0c1bbaebbac090d876bb5ed508cea4b1c7246d2ada5250f6c46af29fe549c76b178b3332b7ab0db938e8364335f5dee5340ac5d38004b793476bf1020b3212ba4b33eed6024a42f4217c12f9f4699e991e79642b2c4dfa9cd58ab17f3ca467906b5417138e55722b2950db10247d82750af72a2b09afb6b96631cae107fbdd36286903df41fe61abc27168231b10c7d10725aadb5f43d4d098670c8cd22f62507d831ebf6f7081667cc7a659c4790234314d9654996da6b9e3ea31cf6af5188fa2e5c8a7f27b9d25c169c4b8971b698717ba807e841892efaf471c8ef6205671ca9053c606268fb7d0a5252aab8a9338c83787aef9ebcfcc67a04749d927fd0749fa327d2616a09a4eeb9f9a96dec7903207571250b6d703490f89c7fb5fcbcc8ad33bb1932e546bc70f4c6a8c9c833603677947b281dced05384f70888ba113ded02e92bec990f1a8db5b3c18a2c43ca0e4ce109b687d244ff2ac56640de0d30d97e8a8e956a49a5db94b2e7b4e1263cddded8451b6d3150dd6f968a57a93e38357601af06ef6f5992ee744cd74f53060276eaba04541c9a8a8e87159204dc7bfd44e6ed757e993d89029d255837741f3ca6f49f39533ae25cabf6d2fe4be01b35a7f96a8657d4cd4ef772050e429c57079ca49c58ddf1dc903035d40745e332bd26e15709c84de411f5430a6b20655559db24802fb37f2b9e84e5007ed7754c433a67b49e5eda78e8b1510c6d29a15347bd2a70c76c4338aceda1acf9f3af1a187562506eaa879c08c9254a9fce888e59906c89a4dd15a2df494e03e42bd81d34d779cc2c845a791684a64591b79d00949088459d4aeae7c997edfda5a2ed1585bcf89d02c41f3e0aec8b52408bea8f87bc1c3fa3a4d68044f58307842b929ef0110a52f5f700cfe44192e5e845fc8ed482ae01ea8013e608a31f276e02e40634ffe71f6e23a6346bba1dddbf7ba6c4024ff7abcd1f4bf1d8a0f6576bc14e3960adefd9e66c05cff01dae3ebb159c9f8dd8688465e1fe37e9ed17f1c2d1b512e74590b472739a18f31271f6d07466558d6adce58446c1d454dab2760090284d8735d21b88361b4b95f4112c90a22a9a25b883fe8ef9fd192c05b7f06de613cfbfc22c523aa9b859c4e867135392652ab2105da3d98da57c1dc1a8875ff6db319385f0cef2904a1ff521f406bd17b85b85afb71889295ad47d8b1248b5623c3cb3cc62f9afa6ffc9a1b3314bea2eb61d8af6d1f3fa82f8a036975c415efd5497c332c55f14fa6157751bae5cdfc79bd916849c2260c4d76454db5a2b9ff973e981bdbe8a9af99a91abcc74a953a1dcf2432609ada73078956f31105eabccbc70329cce9d1606c517868b98ab38920e2c1848f30b4727cce33f86a805e7e94dc2058f877f63d54b81265e39ff3115e7c799d20fa5188f0e14a78a3803fbbcf063aa745842642d845ad6e1f01aad84bf54f48bc50b6eb32877e78cd71f7880cd50321f230a5663c73c10ae1ab642fa3d2b6c645e85202c76489a0abc7e6946c52241a377676c2771b77160dc13b7c55c250cb806208261cbd894ea2272de22640b95ed54556753924385de978f6266c573e9de3d2a55f2efacb753603b4f8938ce82fd4740a"})

[  368.156940][T26445] loop1: detected capacity change from 0 to 262160
[  368.163799][T26446] loop5: detected capacity change from 0 to 262160
[  368.192663][T26450] loop3: detected capacity change from 0 to 262160
[  368.209321][T26453] loop4: detected capacity change from 0 to 262160
11:47:44 executing program 0:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
syz_open_procfs(0x0, &(0x7f00000001c0)='net/ip_vs_stats\x00')
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001) (fail_nth: 19)

[  368.402785][T26462] loop0: detected capacity change from 0 to 262160
11:47:44 executing program 5:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800009)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

11:47:44 executing program 1:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mount(0x0, 0x0, 0x0, 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80009d00)
ioctl$BTRFS_IOC_GET_DEV_STATS(0xffffffffffffffff, 0xc4089434, 0x0)

[  368.491704][T26463] FAULT_INJECTION: forcing a failure.
[  368.491704][T26463] name failslab, interval 1, probability 0, space 0, times 0
[  368.504354][T26463] CPU: 0 PID: 26463 Comm: syz-executor.0 Not tainted 5.18.0-rc2-syzkaller-00275-g59250f8a7f3a-dirty #0
[  368.515395][T26463] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  368.525443][T26463] Call Trace:
[  368.528716][T26463]  <TASK>
[  368.531645][T26463]  dump_stack_lvl+0xd6/0x122
[  368.536241][T26463]  dump_stack+0x11/0x12
11:47:44 executing program 3:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80002c00)

[  368.540415][T26463]  should_fail+0x230/0x240
[  368.544833][T26463]  __should_failslab+0x81/0x90
[  368.549679][T26463]  ? mempool_alloc_slab+0x16/0x20
[  368.554707][T26463]  should_failslab+0x5/0x20
[  368.559203][T26463]  kmem_cache_alloc+0x46/0x300
[  368.563975][T26463]  mempool_alloc_slab+0x16/0x20
[  368.568822][T26463]  ? mempool_free+0x130/0x130
[  368.573499][T26463]  mempool_alloc+0x9f/0x2a0
[  368.578001][T26463]  bio_alloc_bioset+0xe4/0x730
[  368.582764][T26463]  submit_bh_wbc+0x161/0x2f0
11:47:44 executing program 4:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
pipe2(&(0x7f00000000c0)={0xffffffffffffffff, <r0=>0xffffffffffffffff}, 0x4000)
ioctl$AUTOFS_DEV_IOCTL_CLOSEMOUNT(r0, 0xc0189375, &(0x7f0000000180)={{0x1, 0x1, 0x18}, './file1\x00'})
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r1, &(0x7f0000000040)=ANY=[], 0x8800000)
r2 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r2, r3, 0x0, 0x80000001)

[  368.587351][T26463]  __sync_dirty_buffer+0x141/0x1f0
[  368.592518][T26463]  sync_dirty_buffer+0x16/0x20
[  368.597302][T26463]  fat_mirror_bhs+0x268/0x330
[  368.602027][T26463]  fat_ent_write+0xc2/0xd0
[  368.606508][T26463]  fat_chain_add+0x15b/0x410
[  368.611103][T26463]  fat_get_block+0x486/0x600
[  368.615693][T26463]  ? fat_block_truncate_page+0x30/0x30
[  368.621282][T26463]  __block_write_begin_int+0x33d/0xc90
[  368.626739][T26463]  ? fat_block_truncate_page+0x30/0x30
[  368.632218][T26463]  ? PageHeadHuge+0x3b/0x120
[  368.636926][T26463]  ? fat_block_truncate_page+0x30/0x30
[  368.642405][T26463]  block_write_begin+0x77/0x170
[  368.647262][T26463]  ? cont_write_begin+0x3aa/0x500
[  368.652391][T26463]  cont_write_begin+0x3cf/0x500
[  368.657273][T26463]  fat_write_begin+0x61/0xf0
[  368.661996][T26463]  ? fat_block_truncate_page+0x30/0x30
[  368.667538][T26463]  generic_perform_write+0x1d6/0x3f0
[  368.672845][T26463]  __generic_file_write_iter+0x172/0x280
[  368.678484][T26463]  ? generic_write_checks+0x256/0x290
[  368.683855][T26463]  generic_file_write_iter+0x75/0x130
[  368.689311][T26463]  do_iter_readv_writev+0x27b/0x300
[  368.694510][T26463]  do_iter_write+0x16f/0x5c0
[  368.699119][T26463]  ? splice_from_pipe_next+0x34f/0x3b0
[  368.704691][T26463]  vfs_iter_write+0x4c/0x70
[  368.709259][T26463]  iter_file_splice_write+0x44a/0x7c0
[  368.714632][T26463]  ? splice_from_pipe+0xc0/0xc0
[  368.719482][T26463]  direct_splice_actor+0x80/0xa0
[  368.724421][T26463]  splice_direct_to_actor+0x345/0x660
[  368.729829][T26463]  ? do_splice_direct+0x180/0x180
[  368.734857][T26463]  do_splice_direct+0xfb/0x180
11:47:44 executing program 2:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x880002f)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

[  368.739656][T26463]  do_sendfile+0x3ad/0x900
[  368.744144][T26463]  __x64_sys_sendfile64+0x10c/0x150
[  368.749422][T26463]  do_syscall_64+0x2b/0x70
[  368.753880][T26463]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  368.759778][T26463] RIP: 0033:0x7f99336e60e9
[  368.764201][T26463] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[  368.783813][T26463] RSP: 002b:00007f9932e3b168 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[  368.792240][T26463] RAX: ffffffffffffffda RBX: 00007f99337f9030 RCX: 00007f99336e60e9
[  368.800236][T26463] RDX: 0000000000000000 RSI: 000000000000000b RDI: 0000000000000004
[  368.808293][T26463] RBP: 00007f9932e3b1d0 R08: 0000000000000000 R09: 0000000000000000
[  368.816325][T26463] R10: 0000000080000001 R11: 0000000000000246 R12: 0000000000000002
[  368.824296][T26463] R13: 00007ffd90c343df R14: 00007f9932e3b300 R15: 0000000000022000
[  368.832271][T26463]  </TASK>
[  368.837420][T26465] loop4: detected capacity change from 0 to 262160
[  368.868820][T26470] loop5: detected capacity change from 0 to 262160
[  368.899210][T26474] loop3: detected capacity change from 0 to 262160
[  368.899453][T26473] loop1: detected capacity change from 0 to 262160
11:47:45 executing program 0:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
syz_open_procfs(0x0, &(0x7f00000001c0)='net/ip_vs_stats\x00')
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001) (fail_nth: 20)

11:47:45 executing program 4:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[]) (async)
chdir(&(0x7f0000000140)='./file0\x00') (async)
pipe2(&(0x7f00000000c0)={0xffffffffffffffff, <r0=>0xffffffffffffffff}, 0x4000)
ioctl$AUTOFS_DEV_IOCTL_CLOSEMOUNT(r0, 0xc0189375, &(0x7f0000000180)={{0x1, 0x1, 0x18}, './file1\x00'})
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r1, &(0x7f0000000040)=ANY=[], 0x8800000)
r2 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r2, r3, 0x0, 0x80000001)

[  369.124934][T26480] loop0: detected capacity change from 0 to 262160
[  369.167364][T26482] loop4: detected capacity change from 0 to 262160
[  369.205813][T26486] FAULT_INJECTION: forcing a failure.
11:47:45 executing program 3:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80002d00)

11:47:45 executing program 5:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x880000a)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

[  369.205813][T26486] name failslab, interval 1, probability 0, space 0, times 0
[  369.218521][T26486] CPU: 0 PID: 26486 Comm: syz-executor.0 Not tainted 5.18.0-rc2-syzkaller-00275-g59250f8a7f3a-dirty #0
[  369.229588][T26486] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  369.232570][T26482] FAT-fs (loop4): Unrecognized mount option "
" or missing value
[  369.239638][T26486] Call Trace:
[  369.239647][T26486]  <TASK>
[  369.239654][T26486]  dump_stack_lvl+0xd6/0x122
[  369.239681][T26486]  dump_stack+0x11/0x12
[  369.239701][T26486]  should_fail+0x230/0x240
[  369.266762][T26486]  __should_failslab+0x81/0x90
[  369.271553][T26486]  ? mempool_alloc_slab+0x16/0x20
[  369.276578][T26486]  should_failslab+0x5/0x20
[  369.281080][T26486]  kmem_cache_alloc+0x46/0x300
[  369.285842][T26486]  ? folio_mark_accessed+0x12f/0x380
[  369.291147][T26486]  mempool_alloc_slab+0x16/0x20
[  369.296001][T26486]  ? mempool_free+0x130/0x130
[  369.300677][T26486]  mempool_alloc+0x9f/0x2a0
[  369.305229][T26486]  bio_alloc_bioset+0xe4/0x730
[  369.310020][T26486]  submit_bh_wbc+0x161/0x2f0
11:47:45 executing program 2:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800030)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

[  369.314676][T26486]  write_dirty_buffer+0xdb/0xe0
[  369.319533][T26486]  fat_sync_bhs+0x52/0x160
[  369.323959][T26486]  fat_alloc_clusters+0x935/0xa80
[  369.329056][T26486]  fat_get_block+0x263/0x600
[  369.333657][T26486]  ? fat_block_truncate_page+0x30/0x30
[  369.339158][T26486]  __block_write_begin_int+0x33d/0xc90
[  369.344723][T26486]  ? fat_block_truncate_page+0x30/0x30
[  369.350331][T26486]  ? PageHeadHuge+0x3b/0x120
[  369.354989][T26486]  ? fat_block_truncate_page+0x30/0x30
[  369.360477][T26486]  block_write_begin+0x77/0x170
[  369.365343][T26486]  ? cont_write_begin+0x3aa/0x500
[  369.370463][T26486]  cont_write_begin+0x3cf/0x500
[  369.375328][T26486]  fat_write_begin+0x61/0xf0
[  369.379932][T26486]  ? fat_block_truncate_page+0x30/0x30
[  369.385473][T26486]  generic_perform_write+0x1d6/0x3f0
[  369.390796][T26486]  __generic_file_write_iter+0x172/0x280
[  369.396457][T26486]  ? generic_write_checks+0x256/0x290
[  369.401839][T26486]  generic_file_write_iter+0x75/0x130
[  369.407229][T26486]  do_iter_readv_writev+0x27b/0x300
[  369.412432][T26486]  do_iter_write+0x16f/0x5c0
[  369.417034][T26486]  ? splice_from_pipe_next+0x34f/0x3b0
[  369.422566][T26486]  vfs_iter_write+0x4c/0x70
[  369.427079][T26486]  iter_file_splice_write+0x44a/0x7c0
[  369.432458][T26486]  ? splice_from_pipe+0xc0/0xc0
[  369.437310][T26486]  direct_splice_actor+0x80/0xa0
[  369.442300][T26486]  splice_direct_to_actor+0x345/0x660
[  369.447784][T26486]  ? do_splice_direct+0x180/0x180
[  369.452889][T26486]  do_splice_direct+0xfb/0x180
[  369.457687][T26486]  do_sendfile+0x3ad/0x900
[  369.462099][T26486]  __x64_sys_sendfile64+0x10c/0x150
[  369.467381][T26486]  do_syscall_64+0x2b/0x70
[  369.471810][T26486]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  369.477713][T26486] RIP: 0033:0x7f99336e60e9
[  369.482245][T26486] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[  369.501863][T26486] RSP: 002b:00007f9932e3b168 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[  369.510278][T26486] RAX: ffffffffffffffda RBX: 00007f99337f9030 RCX: 00007f99336e60e9
11:47:45 executing program 1:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mount(0x0, 0x0, 0x0, 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80009e00)
ioctl$BTRFS_IOC_GET_DEV_STATS(0xffffffffffffffff, 0xc4089434, 0x0)

[  369.518246][T26486] RDX: 0000000000000000 RSI: 000000000000000b RDI: 0000000000000004
[  369.526216][T26486] RBP: 00007f9932e3b1d0 R08: 0000000000000000 R09: 0000000000000000
[  369.534185][T26486] R10: 0000000080000001 R11: 0000000000000246 R12: 0000000000000002
[  369.542301][T26486] R13: 00007ffd90c343df R14: 00007f9932e3b300 R15: 0000000000022000
[  369.550274][T26486]  </TASK>
[  369.607415][T26492] loop3: detected capacity change from 0 to 262160
[  369.609559][T26490] loop5: detected capacity change from 0 to 262160
11:47:45 executing program 0:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
syz_open_procfs(0x0, &(0x7f00000001c0)='net/ip_vs_stats\x00')
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001) (fail_nth: 21)

[  369.724796][T26497] loop1: detected capacity change from 0 to 262160
11:47:46 executing program 4:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00') (async)
pipe2(&(0x7f00000000c0)={0xffffffffffffffff, <r0=>0xffffffffffffffff}, 0x4000)
ioctl$AUTOFS_DEV_IOCTL_CLOSEMOUNT(r0, 0xc0189375, &(0x7f0000000180)={{0x1, 0x1, 0x18}, './file1\x00'}) (async, rerun: 32)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0) (rerun: 32)
write$binfmt_script(r1, &(0x7f0000000040)=ANY=[], 0x8800000)
r2 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0) (async)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r2, r3, 0x0, 0x80000001)

[  369.808912][T26499] loop0: detected capacity change from 0 to 262160
11:47:46 executing program 3:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80002e00)

[  369.893419][T26501] FAULT_INJECTION: forcing a failure.
[  369.893419][T26501] name failslab, interval 1, probability 0, space 0, times 0
[  369.906113][T26501] CPU: 1 PID: 26501 Comm: syz-executor.0 Not tainted 5.18.0-rc2-syzkaller-00275-g59250f8a7f3a-dirty #0
[  369.917212][T26501] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  369.927563][T26501] Call Trace:
[  369.930840][T26501]  <TASK>
[  369.933772][T26501]  dump_stack_lvl+0xd6/0x122
[  369.938376][T26501]  dump_stack+0x11/0x12
[  369.942537][T26501]  should_fail+0x230/0x240
[  369.946991][T26501]  __should_failslab+0x81/0x90
[  369.951761][T26501]  ? mempool_alloc_slab+0x16/0x20
[  369.956859][T26501]  should_failslab+0x5/0x20
[  369.961490][T26501]  kmem_cache_alloc+0x46/0x300
[  369.966254][T26501]  ? folio_mark_accessed+0x12f/0x380
[  369.971542][T26501]  mempool_alloc_slab+0x16/0x20
[  369.976398][T26501]  ? mempool_free+0x130/0x130
[  369.981122][T26501]  mempool_alloc+0x9f/0x2a0
[  369.985684][T26501]  bio_alloc_bioset+0xe4/0x730
[  369.990473][T26501]  submit_bh_wbc+0x161/0x2f0
[  369.995090][T26501]  write_dirty_buffer+0xdb/0xe0
[  369.999944][T26501]  fat_sync_bhs+0x52/0x160
[  370.004442][T26501]  fat_alloc_clusters+0x935/0xa80
[  370.009490][T26501]  fat_get_block+0x263/0x600
[  370.014124][T26501]  ? fat_block_truncate_page+0x30/0x30
[  370.019588][T26501]  __block_write_begin_int+0x33d/0xc90
[  370.025185][T26501]  ? fat_block_truncate_page+0x30/0x30
[  370.030653][T26501]  ? PageHeadHuge+0x3b/0x120
[  370.035342][T26501]  ? fat_block_truncate_page+0x30/0x30
[  370.040809][T26501]  block_write_begin+0x77/0x170
[  370.045739][T26501]  ? cont_write_begin+0x3aa/0x500
[  370.050768][T26501]  cont_write_begin+0x3cf/0x500
[  370.055742][T26501]  fat_write_begin+0x61/0xf0
[  370.060422][T26501]  ? fat_block_truncate_page+0x30/0x30
[  370.065949][T26501]  generic_perform_write+0x1d6/0x3f0
[  370.071240][T26501]  __generic_file_write_iter+0x172/0x280
[  370.073549][T26504] loop4: detected capacity change from 0 to 262160
[  370.076875][T26501]  ? generic_write_checks+0x256/0x290
[  370.076897][T26501]  generic_file_write_iter+0x75/0x130
[  370.094095][T26501]  do_iter_readv_writev+0x27b/0x300
[  370.099297][T26501]  do_iter_write+0x16f/0x5c0
[  370.103948][T26501]  ? splice_from_pipe_next+0x34f/0x3b0
[  370.109408][T26501]  vfs_iter_write+0x4c/0x70
[  370.113914][T26501]  iter_file_splice_write+0x44a/0x7c0
[  370.119292][T26501]  ? splice_from_pipe+0xc0/0xc0
[  370.124144][T26501]  direct_splice_actor+0x80/0xa0
[  370.129084][T26501]  splice_direct_to_actor+0x345/0x660
[  370.134477][T26501]  ? do_splice_direct+0x180/0x180
[  370.139510][T26501]  do_splice_direct+0xfb/0x180
[  370.144278][T26501]  do_sendfile+0x3ad/0x900
[  370.148693][T26501]  __x64_sys_sendfile64+0x10c/0x150
[  370.153901][T26501]  do_syscall_64+0x2b/0x70
[  370.158359][T26501]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  370.164257][T26501] RIP: 0033:0x7f99336e60e9
[  370.168669][T26501] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
11:47:46 executing program 1:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mount(0x0, 0x0, 0x0, 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80009f00)
ioctl$BTRFS_IOC_GET_DEV_STATS(0xffffffffffffffff, 0xc4089434, 0x0)

11:47:46 executing program 2:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800031)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

[  370.188288][T26501] RSP: 002b:00007f9932e3b168 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[  370.196706][T26501] RAX: ffffffffffffffda RBX: 00007f99337f9030 RCX: 00007f99336e60e9
[  370.204679][T26501] RDX: 0000000000000000 RSI: 000000000000000b RDI: 0000000000000004
[  370.212648][T26501] RBP: 00007f9932e3b1d0 R08: 0000000000000000 R09: 0000000000000000
[  370.220620][T26501] R10: 0000000080000001 R11: 0000000000000246 R12: 0000000000000002
[  370.228593][T26501] R13: 00007ffd90c343df R14: 00007f9932e3b300 R15: 0000000000022000
[  370.236573][T26501]  </TASK>
11:47:46 executing program 4:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f00000000c0)='./bus\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

[  370.251522][T26508] loop3: detected capacity change from 0 to 262160
[  370.320448][T26512] loop1: detected capacity change from 0 to 262160
11:47:46 executing program 5:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x880000c)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

[  370.369604][T26514] loop4: detected capacity change from 0 to 262160
11:47:46 executing program 0:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
syz_open_procfs(0x0, &(0x7f00000001c0)='net/ip_vs_stats\x00')
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001) (fail_nth: 22)

11:47:46 executing program 3:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80002f00)

[  370.530272][T26521] loop5: detected capacity change from 0 to 262160
[  370.543227][T26523] loop0: detected capacity change from 0 to 262160
11:47:46 executing program 1:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mount(0x0, 0x0, 0x0, 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x8000a200)
ioctl$BTRFS_IOC_GET_DEV_STATS(0xffffffffffffffff, 0xc4089434, 0x0)

[  370.618670][T26525] loop3: detected capacity change from 0 to 262160
[  370.654898][T26527] FAULT_INJECTION: forcing a failure.
[  370.654898][T26527] name failslab, interval 1, probability 0, space 0, times 0
[  370.667576][T26527] CPU: 1 PID: 26527 Comm: syz-executor.0 Not tainted 5.18.0-rc2-syzkaller-00275-g59250f8a7f3a-dirty #0
[  370.678600][T26527] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  370.688730][T26527] Call Trace:
[  370.692008][T26527]  <TASK>
[  370.694993][T26527]  dump_stack_lvl+0xd6/0x122
[  370.699591][T26527]  dump_stack+0x11/0x12
[  370.703821][T26527]  should_fail+0x230/0x240
[  370.708294][T26527]  __should_failslab+0x81/0x90
[  370.713060][T26527]  ? mempool_alloc_slab+0x16/0x20
[  370.718086][T26527]  should_failslab+0x5/0x20
[  370.722589][T26527]  kmem_cache_alloc+0x46/0x300
[  370.727421][T26527]  ? update_cfs_rq_load_avg+0x16e/0x180
[  370.733031][T26527]  mempool_alloc_slab+0x16/0x20
[  370.737914][T26527]  ? mempool_free+0x130/0x130
[  370.742591][T26527]  mempool_alloc+0x9f/0x2a0
[  370.747108][T26527]  ? __schedule+0x514/0x6c0
[  370.751688][T26527]  bio_alloc_bioset+0xe4/0x730
[  370.756522][T26527]  submit_bh_wbc+0x161/0x2f0
[  370.761117][T26527]  __sync_dirty_buffer+0x141/0x1f0
[  370.766262][T26527]  sync_dirty_buffer+0x16/0x20
[  370.771487][T26527]  fat_mirror_bhs+0x268/0x330
[  370.776297][T26527]  fat_alloc_clusters+0x983/0xa80
[  370.781338][T26527]  fat_get_block+0x263/0x600
[  370.785946][T26527]  ? fat_block_truncate_page+0x30/0x30
[  370.791468][T26527]  __block_write_begin_int+0x33d/0xc90
[  370.797002][T26527]  ? fat_block_truncate_page+0x30/0x30
[  370.802468][T26527]  ? PageHeadHuge+0x3b/0x120
[  370.807133][T26527]  ? fat_block_truncate_page+0x30/0x30
[  370.812597][T26527]  block_write_begin+0x77/0x170
[  370.817527][T26527]  ? cont_write_begin+0x3aa/0x500
[  370.822555][T26527]  cont_write_begin+0x3cf/0x500
[  370.827413][T26527]  fat_write_begin+0x61/0xf0
[  370.832011][T26527]  ? fat_block_truncate_page+0x30/0x30
[  370.837541][T26527]  generic_perform_write+0x1d6/0x3f0
[  370.842834][T26527]  __generic_file_write_iter+0x172/0x280
[  370.848468][T26527]  ? generic_write_checks+0x256/0x290
[  370.853934][T26527]  generic_file_write_iter+0x75/0x130
[  370.859307][T26527]  do_iter_readv_writev+0x27b/0x300
[  370.864507][T26527]  do_iter_write+0x16f/0x5c0
11:47:47 executing program 5:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x880000d)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

11:47:47 executing program 3:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80003000)

[  370.869106][T26527]  ? splice_from_pipe_next+0x34f/0x3b0
[  370.874574][T26527]  vfs_iter_write+0x4c/0x70
[  370.879163][T26527]  iter_file_splice_write+0x44a/0x7c0
[  370.884593][T26527]  ? splice_from_pipe+0xc0/0xc0
[  370.889504][T26527]  direct_splice_actor+0x80/0xa0
[  370.894500][T26527]  splice_direct_to_actor+0x345/0x660
[  370.899884][T26527]  ? do_splice_direct+0x180/0x180
[  370.904911][T26527]  do_splice_direct+0xfb/0x180
[  370.909661][T26527]  do_sendfile+0x3ad/0x900
[  370.914065][T26527]  __x64_sys_sendfile64+0x10c/0x150
[  370.919314][T26527]  do_syscall_64+0x2b/0x70
[  370.923873][T26527]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  370.929745][T26527] RIP: 0033:0x7f99336e60e9
[  370.934157][T26527] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[  370.953744][T26527] RSP: 002b:00007f9932e3b168 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[  370.962191][T26527] RAX: ffffffffffffffda RBX: 00007f99337f9030 RCX: 00007f99336e60e9
[  370.970165][T26527] RDX: 0000000000000000 RSI: 000000000000000b RDI: 0000000000000004
[  370.978116][T26527] RBP: 00007f9932e3b1d0 R08: 0000000000000000 R09: 0000000000000000
[  370.986066][T26527] R10: 0000000080000001 R11: 0000000000000246 R12: 0000000000000002
[  370.994021][T26527] R13: 00007ffd90c343df R14: 00007f9932e3b300 R15: 0000000000022000
[  371.002042][T26527]  </TASK>
[  371.013754][T26530] loop1: detected capacity change from 0 to 262160
[  371.065125][T26534] loop5: detected capacity change from 0 to 262160
[  371.065266][T26532] loop3: detected capacity change from 0 to 262160
11:47:47 executing program 2:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800032)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

11:47:47 executing program 4:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[]) (async)
chdir(&(0x7f00000000c0)='./bus\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000) (async)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0) (async)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

11:47:47 executing program 0:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
syz_open_procfs(0x0, &(0x7f00000001c0)='net/ip_vs_stats\x00')
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001) (fail_nth: 23)

11:47:47 executing program 1:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mount(0x0, 0x0, 0x0, 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x8000a300)
ioctl$BTRFS_IOC_GET_DEV_STATS(0xffffffffffffffff, 0xc4089434, 0x0)

[  371.282732][T26540] loop0: detected capacity change from 0 to 262160
11:47:47 executing program 4:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[]) (async)
chdir(&(0x7f00000000c0)='./bus\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000) (async)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

[  371.326694][T26544] loop1: detected capacity change from 0 to 262160
[  371.348358][T26546] loop4: detected capacity change from 0 to 262160
[  371.398214][T26552] FAULT_INJECTION: forcing a failure.
[  371.398214][T26552] name failslab, interval 1, probability 0, space 0, times 0
[  371.410886][T26552] CPU: 0 PID: 26552 Comm: syz-executor.0 Not tainted 5.18.0-rc2-syzkaller-00275-g59250f8a7f3a-dirty #0
[  371.421913][T26552] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  371.431965][T26552] Call Trace:
[  371.435239][T26552]  <TASK>
[  371.438180][T26552]  dump_stack_lvl+0xd6/0x122
[  371.442780][T26552]  dump_stack+0x11/0x12
11:47:47 executing program 3:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80003100)

[  371.446942][T26552]  should_fail+0x230/0x240
[  371.451448][T26552]  __should_failslab+0x81/0x90
[  371.456210][T26552]  ? mempool_alloc_slab+0x16/0x20
[  371.461248][T26552]  should_failslab+0x5/0x20
[  371.465751][T26552]  kmem_cache_alloc+0x46/0x300
[  371.470541][T26552]  mempool_alloc_slab+0x16/0x20
[  371.475396][T26552]  ? mempool_free+0x130/0x130
[  371.480140][T26552]  mempool_alloc+0x9f/0x2a0
[  371.484644][T26552]  ? __schedule+0x514/0x6c0
[  371.489200][T26552]  bio_alloc_bioset+0xe4/0x730
[  371.494008][T26552]  submit_bh_wbc+0x161/0x2f0
11:47:47 executing program 1:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mount(0x0, 0x0, 0x0, 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x8000a400)
ioctl$BTRFS_IOC_GET_DEV_STATS(0xffffffffffffffff, 0xc4089434, 0x0)

[  371.498601][T26552]  write_dirty_buffer+0xdb/0xe0
[  371.503510][T26552]  fat_sync_bhs+0x52/0x160
[  371.507946][T26552]  fat_ent_write+0x85/0xd0
[  371.512460][T26552]  fat_chain_add+0x15b/0x410
[  371.517120][T26552]  fat_get_block+0x486/0x600
[  371.521746][T26552]  ? fat_block_truncate_page+0x30/0x30
[  371.527205][T26552]  __block_write_begin_int+0x33d/0xc90
[  371.532691][T26552]  ? fat_block_truncate_page+0x30/0x30
[  371.538220][T26552]  ? PageHeadHuge+0x3b/0x120
[  371.542823][T26552]  ? fat_block_truncate_page+0x30/0x30
11:47:47 executing program 5:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x880000e)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

[  371.548360][T26552]  block_write_begin+0x77/0x170
[  371.553215][T26552]  ? cont_write_begin+0x3aa/0x500
[  371.558278][T26552]  cont_write_begin+0x3cf/0x500
[  371.563129][T26552]  fat_write_begin+0x61/0xf0
[  371.567727][T26552]  ? fat_block_truncate_page+0x30/0x30
[  371.573459][T26552]  generic_perform_write+0x1d6/0x3f0
[  371.578887][T26552]  __generic_file_write_iter+0x172/0x280
[  371.584624][T26552]  ? generic_write_checks+0x256/0x290
[  371.590026][T26552]  generic_file_write_iter+0x75/0x130
11:47:47 executing program 4:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(r1, &(0x7f0000000000)='/proc/self/exe\x00', 0x4000, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)
open(&(0x7f00000000c0)='./bus\x00', 0x40, 0xb)
r3 = socket$kcm(0x10, 0x2, 0x4)
sendmsg$kcm(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000000)="48000000140081fb7059ae08060c04000aff0f03000004000e11000000006fabca1b4e7d06a6bd7c493872f750375ed08a562ad6e74703c48f93b82a02000000461eb886a5e54e8f", 0x48}], 0x1}, 0x0)
mmap(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x2, 0x80010, r3, 0x64dc3000)

11:47:47 executing program 2:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800033)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

[  371.595397][T26552]  do_iter_readv_writev+0x27b/0x300
[  371.600601][T26552]  do_iter_write+0x16f/0x5c0
[  371.605194][T26552]  ? delay_tsc+0xc1/0xe0
[  371.609433][T26552]  vfs_iter_write+0x4c/0x70
[  371.613995][T26552]  iter_file_splice_write+0x44a/0x7c0
[  371.619453][T26552]  ? splice_from_pipe+0xc0/0xc0
[  371.624416][T26552]  direct_splice_actor+0x80/0xa0
[  371.629513][T26552]  splice_direct_to_actor+0x345/0x660
[  371.635011][T26552]  ? do_splice_direct+0x180/0x180
[  371.640138][T26552]  do_splice_direct+0xfb/0x180
[  371.644930][T26552]  do_sendfile+0x3ad/0x900
[  371.649353][T26552]  __x64_sys_sendfile64+0x10c/0x150
[  371.654567][T26552]  do_syscall_64+0x2b/0x70
[  371.658990][T26552]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  371.664963][T26552] RIP: 0033:0x7f99336e60e9
[  371.669373][T26552] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[  371.688979][T26552] RSP: 002b:00007f9932e3b168 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[  371.697426][T26552] RAX: ffffffffffffffda RBX: 00007f99337f9030 RCX: 00007f99336e60e9
[  371.705391][T26552] RDX: 0000000000000000 RSI: 000000000000000b RDI: 0000000000000004
[  371.713353][T26552] RBP: 00007f9932e3b1d0 R08: 0000000000000000 R09: 0000000000000000
[  371.721397][T26552] R10: 0000000080000001 R11: 0000000000000246 R12: 0000000000000002
[  371.729436][T26552] R13: 00007ffd90c343df R14: 00007f9932e3b300 R15: 0000000000022000
[  371.737407][T26552]  </TASK>
[  371.761340][T26563] loop4: detected capacity change from 0 to 262160
[  371.793224][T26565] loop3: detected capacity change from 0 to 262160
[  371.807672][T26567] loop5: detected capacity change from 0 to 262160
[  371.814649][T26569] loop1: detected capacity change from 0 to 262160
11:47:48 executing program 0:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
syz_open_procfs(0x0, &(0x7f00000001c0)='net/ip_vs_stats\x00')
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001) (fail_nth: 24)

[  371.953963][   T24] audit: type=1400 audit(1650109668.122:452): avc:  denied  { map } for  pid=26562 comm="syz-executor.4" path="socket:[86185]" dev="sockfs" ino=86185 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1
11:47:48 executing program 2:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800034)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

[  372.062667][T26577] loop0: detected capacity change from 0 to 262160
11:47:48 executing program 4:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[]) (async)
chdir(&(0x7f0000000140)='./file0\x00') (async, rerun: 32)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0) (rerun: 32)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000) (async, rerun: 32)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0) (rerun: 32)
r2 = openat(r1, &(0x7f0000000000)='/proc/self/exe\x00', 0x4000, 0x0)
sendfile(r1, r2, 0x0, 0x80000001) (async, rerun: 64)
open(&(0x7f00000000c0)='./bus\x00', 0x40, 0xb) (rerun: 64)
r3 = socket$kcm(0x10, 0x2, 0x4)
sendmsg$kcm(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000000)="48000000140081fb7059ae08060c04000aff0f03000004000e11000000006fabca1b4e7d06a6bd7c493872f750375ed08a562ad6e74703c48f93b82a02000000461eb886a5e54e8f", 0x48}], 0x1}, 0x0) (async)
mmap(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x2, 0x80010, r3, 0x64dc3000)

[  372.188705][T26578] FAULT_INJECTION: forcing a failure.
[  372.188705][T26578] name failslab, interval 1, probability 0, space 0, times 0
[  372.201348][T26578] CPU: 0 PID: 26578 Comm: syz-executor.0 Not tainted 5.18.0-rc2-syzkaller-00275-g59250f8a7f3a-dirty #0
[  372.212374][T26578] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  372.222430][T26578] Call Trace:
[  372.225800][T26578]  <TASK>
[  372.228732][T26578]  dump_stack_lvl+0xd6/0x122
[  372.233385][T26578]  dump_stack+0x11/0x12
11:47:48 executing program 1:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mount(0x0, 0x0, 0x0, 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x8000a500)
ioctl$BTRFS_IOC_GET_DEV_STATS(0xffffffffffffffff, 0xc4089434, 0x0)

[  372.237545][T26578]  should_fail+0x230/0x240
[  372.241961][T26578]  __should_failslab+0x81/0x90
[  372.246795][T26578]  ? mempool_alloc_slab+0x16/0x20
[  372.251836][T26578]  should_failslab+0x5/0x20
[  372.257027][T26578]  kmem_cache_alloc+0x46/0x300
[  372.261794][T26578]  mempool_alloc_slab+0x16/0x20
[  372.266684][T26578]  ? mempool_free+0x130/0x130
[  372.271371][T26578]  mempool_alloc+0x9f/0x2a0
[  372.275879][T26578]  ? __schedule+0x514/0x6c0
[  372.280447][T26578]  bio_alloc_bioset+0xe4/0x730
[  372.285216][T26578]  submit_bh_wbc+0x161/0x2f0
[  372.289810][T26578]  write_dirty_buffer+0xdb/0xe0
[  372.294726][T26578]  fat_sync_bhs+0x52/0x160
[  372.299146][T26578]  fat_ent_write+0x85/0xd0
[  372.303606][T26578]  fat_chain_add+0x15b/0x410
[  372.308232][T26578]  fat_get_block+0x486/0x600
[  372.312878][T26578]  ? fat_block_truncate_page+0x30/0x30
[  372.318451][T26578]  __block_write_begin_int+0x33d/0xc90
[  372.323948][T26578]  ? fat_block_truncate_page+0x30/0x30
[  372.329425][T26578]  ? PageHeadHuge+0x3b/0x120
11:47:48 executing program 3:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80003200)

11:47:48 executing program 2:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800035)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

11:47:48 executing program 5:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800010)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

[  372.334092][T26578]  ? fat_block_truncate_page+0x30/0x30
[  372.339610][T26578]  block_write_begin+0x77/0x170
[  372.344466][T26578]  ? cont_write_begin+0x3aa/0x500
[  372.349488][T26578]  cont_write_begin+0x3cf/0x500
[  372.354463][T26578]  fat_write_begin+0x61/0xf0
[  372.359062][T26578]  ? fat_block_truncate_page+0x30/0x30
[  372.364524][T26578]  generic_perform_write+0x1d6/0x3f0
[  372.369816][T26578]  __generic_file_write_iter+0x172/0x280
[  372.375445][T26578]  ? generic_write_checks+0x256/0x290
[  372.380822][T26578]  generic_file_write_iter+0x75/0x130
[  372.386201][T26578]  do_iter_readv_writev+0x27b/0x300
[  372.391447][T26578]  do_iter_write+0x16f/0x5c0
[  372.396040][T26578]  ? splice_from_pipe_next+0x34f/0x3b0
[  372.401507][T26578]  vfs_iter_write+0x4c/0x70
[  372.406017][T26578]  iter_file_splice_write+0x44a/0x7c0
[  372.411477][T26578]  ? splice_from_pipe+0xc0/0xc0
[  372.416329][T26578]  direct_splice_actor+0x80/0xa0
[  372.421269][T26578]  splice_direct_to_actor+0x345/0x660
[  372.426677][T26578]  ? do_splice_direct+0x180/0x180
[  372.431805][T26578]  do_splice_direct+0xfb/0x180
[  372.436571][T26578]  do_sendfile+0x3ad/0x900
[  372.440984][T26578]  __x64_sys_sendfile64+0x10c/0x150
[  372.446190][T26578]  do_syscall_64+0x2b/0x70
[  372.450623][T26578]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  372.456566][T26578] RIP: 0033:0x7f99336e60e9
[  372.461040][T26578] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[  372.480726][T26578] RSP: 002b:00007f9932e3b168 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[  372.489238][T26578] RAX: ffffffffffffffda RBX: 00007f99337f9030 RCX: 00007f99336e60e9
[  372.497291][T26578] RDX: 0000000000000000 RSI: 000000000000000b RDI: 0000000000000004
[  372.505254][T26578] RBP: 00007f9932e3b1d0 R08: 0000000000000000 R09: 0000000000000000
[  372.513220][T26578] R10: 0000000080000001 R11: 0000000000000246 R12: 0000000000000002
[  372.521183][T26578] R13: 00007ffd90c343df R14: 00007f9932e3b300 R15: 0000000000022000
[  372.529155][T26578]  </TASK>
11:47:48 executing program 2:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800036)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

[  372.587643][T26588] loop1: detected capacity change from 0 to 262160
[  372.611776][T26591] loop4: detected capacity change from 0 to 262160
[  372.618441][T26586] loop5: detected capacity change from 0 to 262160
[  372.627387][T26594] loop3: detected capacity change from 0 to 262160
11:47:48 executing program 0:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
syz_open_procfs(0x0, &(0x7f00000001c0)='net/ip_vs_stats\x00')
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001) (fail_nth: 25)

11:47:48 executing program 4:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[]) (async)
chdir(&(0x7f0000000140)='./file0\x00') (async)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000) (async)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(r1, &(0x7f0000000000)='/proc/self/exe\x00', 0x4000, 0x0)
sendfile(r1, r2, 0x0, 0x80000001) (async)
open(&(0x7f00000000c0)='./bus\x00', 0x40, 0xb) (async)
r3 = socket$kcm(0x10, 0x2, 0x4)
sendmsg$kcm(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000000)="48000000140081fb7059ae08060c04000aff0f03000004000e11000000006fabca1b4e7d06a6bd7c493872f750375ed08a562ad6e74703c48f93b82a02000000461eb886a5e54e8f", 0x48}], 0x1}, 0x0)
mmap(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x2, 0x80010, r3, 0x64dc3000)

[  372.714268][T26600] loop0: detected capacity change from 0 to 262160
[  372.808580][T26609] FAULT_INJECTION: forcing a failure.
[  372.808580][T26609] name failslab, interval 1, probability 0, space 0, times 0
[  372.821354][T26609] CPU: 1 PID: 26609 Comm: syz-executor.0 Not tainted 5.18.0-rc2-syzkaller-00275-g59250f8a7f3a-dirty #0
[  372.832381][T26609] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  372.842433][T26609] Call Trace:
[  372.845712][T26609]  <TASK>
[  372.848635][T26609]  dump_stack_lvl+0xd6/0x122
[  372.853235][T26609]  dump_stack+0x11/0x12
[  372.857394][T26609]  should_fail+0x230/0x240
[  372.861817][T26609]  __should_failslab+0x81/0x90
[  372.866622][T26609]  ? mempool_alloc_slab+0x16/0x20
[  372.871703][T26609]  should_failslab+0x5/0x20
[  372.876204][T26609]  kmem_cache_alloc+0x46/0x300
[  372.881015][T26609]  mempool_alloc_slab+0x16/0x20
[  372.885870][T26609]  ? mempool_free+0x130/0x130
[  372.890547][T26609]  mempool_alloc+0x9f/0x2a0
[  372.895117][T26609]  bio_alloc_bioset+0xe4/0x730
[  372.900027][T26609]  submit_bh_wbc+0x161/0x2f0
[  372.904622][T26609]  __sync_dirty_buffer+0x141/0x1f0
[  372.909797][T26609]  sync_dirty_buffer+0x16/0x20
[  372.914559][T26609]  fat_mirror_bhs+0x268/0x330
[  372.919335][T26609]  fat_alloc_clusters+0x983/0xa80
[  372.924452][T26609]  fat_get_block+0x263/0x600
[  372.929046][T26609]  ? fat_block_truncate_page+0x30/0x30
[  372.934500][T26609]  __block_write_begin_int+0x33d/0xc90
[  372.939949][T26609]  ? fat_block_truncate_page+0x30/0x30
[  372.945450][T26609]  ? PageHeadHuge+0x3b/0x120
[  372.950056][T26609]  ? fat_block_truncate_page+0x30/0x30
[  372.955522][T26609]  block_write_begin+0x77/0x170
[  372.960533][T26609]  ? cont_write_begin+0x3aa/0x500
[  372.965598][T26609]  cont_write_begin+0x3cf/0x500
[  372.970492][T26609]  fat_write_begin+0x61/0xf0
[  372.975334][T26609]  ? fat_block_truncate_page+0x30/0x30
[  372.980786][T26609]  generic_perform_write+0x1d6/0x3f0
[  372.986058][T26609]  __generic_file_write_iter+0x172/0x280
[  372.991705][T26609]  ? generic_write_checks+0x256/0x290
[  372.997115][T26609]  generic_file_write_iter+0x75/0x130
[  373.002623][T26609]  do_iter_readv_writev+0x27b/0x300
[  373.007805][T26609]  do_iter_write+0x16f/0x5c0
[  373.012485][T26609]  ? splice_from_pipe_next+0x34f/0x3b0
[  373.017945][T26609]  vfs_iter_write+0x4c/0x70
[  373.022457][T26609]  iter_file_splice_write+0x44a/0x7c0
[  373.027819][T26609]  ? splice_from_pipe+0xc0/0xc0
[  373.032662][T26609]  direct_splice_actor+0x80/0xa0
[  373.037589][T26609]  splice_direct_to_actor+0x345/0x660
[  373.043060][T26609]  ? do_splice_direct+0x180/0x180
[  373.048140][T26609]  do_splice_direct+0xfb/0x180
[  373.052951][T26609]  do_sendfile+0x3ad/0x900
[  373.057373][T26609]  __x64_sys_sendfile64+0x10c/0x150
[  373.062578][T26609]  do_syscall_64+0x2b/0x70
[  373.066989][T26609]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  373.073302][T26609] RIP: 0033:0x7f99336e60e9
[  373.077704][T26609] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[  373.097295][T26609] RSP: 002b:00007f9932e3b168 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
11:47:49 executing program 4:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
sendto$unix(0xffffffffffffffff, &(0x7f0000000180)="d657d6edd0f5c8c7fc66c4c75bd32edfcdfb7a7ed7", 0x15, 0x1040, &(0x7f00000001c0)=@file={0x0, './bus\x00'}, 0x6e)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x34df43, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
openat$vcs(0xffffffffffffff9c, &(0x7f00000000c0), 0x800, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)
write$binfmt_elf64(r0, 0xffffffffffffffff, 0x0)

[  373.105750][T26609] RAX: ffffffffffffffda RBX: 00007f99337f9030 RCX: 00007f99336e60e9
[  373.113706][T26609] RDX: 0000000000000000 RSI: 000000000000000b RDI: 0000000000000004
[  373.121663][T26609] RBP: 00007f9932e3b1d0 R08: 0000000000000000 R09: 0000000000000000
[  373.129693][T26609] R10: 0000000080000001 R11: 0000000000000246 R12: 0000000000000002
[  373.137651][T26609] R13: 00007ffd90c343df R14: 00007f9932e3b300 R15: 0000000000022000
[  373.145610][T26609]  </TASK>
[  373.211570][T26612] loop4: detected capacity change from 0 to 262160
11:47:49 executing program 1:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mount(0x0, 0x0, 0x0, 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x8000a600)
ioctl$BTRFS_IOC_GET_DEV_STATS(0xffffffffffffffff, 0xc4089434, 0x0)

11:47:49 executing program 3:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80003300)

11:47:49 executing program 2:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800037)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

11:47:49 executing program 0:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
syz_open_procfs(0x0, &(0x7f00000001c0)='net/ip_vs_stats\x00')
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001) (fail_nth: 26)

[  373.349125][T26615] loop1: detected capacity change from 0 to 262160
11:47:49 executing program 5:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x880001d)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

[  373.410786][T26617] loop3: detected capacity change from 0 to 262160
[  373.461878][T26622] loop0: detected capacity change from 0 to 262160
11:47:49 executing program 4:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[]) (async)
chdir(&(0x7f0000000140)='./file0\x00') (async)
sendto$unix(0xffffffffffffffff, &(0x7f0000000180)="d657d6edd0f5c8c7fc66c4c75bd32edfcdfb7a7ed7", 0x15, 0x1040, &(0x7f00000001c0)=@file={0x0, './bus\x00'}, 0x6e) (async)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x34df43, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
openat$vcs(0xffffffffffffff9c, &(0x7f00000000c0), 0x800, 0x0) (async)
sendfile(r1, r2, 0x0, 0x80000001)
write$binfmt_elf64(r0, 0xffffffffffffffff, 0x0)

11:47:49 executing program 4:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00') (async)
sendto$unix(0xffffffffffffffff, &(0x7f0000000180)="d657d6edd0f5c8c7fc66c4c75bd32edfcdfb7a7ed7", 0x15, 0x1040, &(0x7f00000001c0)=@file={0x0, './bus\x00'}, 0x6e) (async, rerun: 64)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0) (rerun: 64)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000) (async, rerun: 32)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x34df43, 0x0) (async, rerun: 32)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) (async)
openat$vcs(0xffffffffffffff9c, &(0x7f00000000c0), 0x800, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)
write$binfmt_elf64(r0, 0xffffffffffffffff, 0x0)

11:47:49 executing program 1:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mount(0x0, 0x0, 0x0, 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x8000a800)
ioctl$BTRFS_IOC_GET_DEV_STATS(0xffffffffffffffff, 0xc4089434, 0x0)

[  373.573529][T26628] loop5: detected capacity change from 0 to 262160
[  373.636264][T26622] FAULT_INJECTION: forcing a failure.
[  373.636264][T26622] name failslab, interval 1, probability 0, space 0, times 0
[  373.648941][T26622] CPU: 0 PID: 26622 Comm: syz-executor.0 Not tainted 5.18.0-rc2-syzkaller-00275-g59250f8a7f3a-dirty #0
[  373.659962][T26622] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  373.670064][T26622] Call Trace:
[  373.673343][T26622]  <TASK>
[  373.676271][T26622]  dump_stack_lvl+0xd6/0x122
[  373.680872][T26622]  dump_stack+0x11/0x12
[  373.685075][T26622]  should_fail+0x230/0x240
[  373.687231][T26636] loop1: detected capacity change from 0 to 262160
[  373.689552][T26622]  __should_failslab+0x81/0x90
[  373.700826][T26622]  ? jbd2__journal_start+0xa1/0x290
[  373.706047][T26622]  should_failslab+0x5/0x20
[  373.710551][T26622]  kmem_cache_alloc+0x46/0x300
[  373.715313][T26622]  jbd2__journal_start+0xa1/0x290
[  373.720425][T26622]  __ext4_journal_start_sb+0x10f/0x280
[  373.725969][T26622]  ext4_file_write_iter+0x89e/0xdf0
[  373.731211][T26622]  ? ext4_file_write_iter+0x351/0xdf0
[  373.736590][T26622]  do_iter_readv_writev+0x27b/0x300
[  373.741791][T26622]  do_iter_write+0x16f/0x5c0
[  373.746444][T26622]  vfs_iter_write+0x4c/0x70
[  373.751035][T26622]  iter_file_splice_write+0x44a/0x7c0
[  373.756451][T26622]  ? splice_from_pipe+0xc0/0xc0
[  373.761335][T26622]  direct_splice_actor+0x80/0xa0
[  373.766289][T26622]  splice_direct_to_actor+0x345/0x660
[  373.771712][T26622]  ? do_splice_direct+0x180/0x180
[  373.776762][T26622]  do_splice_direct+0xfb/0x180
[  373.781657][T26622]  do_sendfile+0x3ad/0x900
[  373.786151][T26622]  __x64_sys_sendfile64+0x10c/0x150
[  373.791376][T26622]  do_syscall_64+0x2b/0x70
[  373.795930][T26622]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  373.801836][T26622] RIP: 0033:0x7f99336e60e9
[  373.806283][T26622] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[  373.825917][T26622] RSP: 002b:00007f9932e5c168 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
11:47:50 executing program 3:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80003400)

[  373.834334][T26622] RAX: ffffffffffffffda RBX: 00007f99337f8f60 RCX: 00007f99336e60e9
[  373.842306][T26622] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000003
[  373.850396][T26622] RBP: 00007f9932e5c1d0 R08: 0000000000000000 R09: 0000000000000000
[  373.858365][T26622] R10: 0000000080000001 R11: 0000000000000246 R12: 0000000000000002
[  373.866329][T26622] R13: 00007ffd90c343df R14: 00007f9932e5c300 R15: 0000000000022000
[  373.874304][T26622]  </TASK>
[  373.880922][T26639] loop4: detected capacity change from 0 to 262160
11:47:50 executing program 4:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = creat(&(0x7f00000001c0)='./bus\x00', 0x0)
lseek(r0, 0x7ffffe, 0x0)
write$binfmt_elf64(r0, &(0x7f0000000280)=ANY=[], 0x1a0)
ioctl$FS_IOC_GET_ENCRYPTION_PWSALT(r0, 0x40106614, &(0x7f00000000c0))
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r1, &(0x7f0000000040)=ANY=[], 0x8800000)
r2 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r2, r3, 0x0, 0x80000001)

11:47:50 executing program 1:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mount(0x0, 0x0, 0x0, 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x8000ab00)
ioctl$BTRFS_IOC_GET_DEV_STATS(0xffffffffffffffff, 0xc4089434, 0x0)

[  373.942965][T26646] loop3: detected capacity change from 0 to 262160
[  373.981314][T26648] loop4: detected capacity change from 0 to 262160
11:47:50 executing program 5:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800022)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

[  374.055423][T26651] loop1: detected capacity change from 0 to 262160
11:47:50 executing program 2:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800038)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

[  374.143351][T26655] loop5: detected capacity change from 0 to 262160
11:47:50 executing program 3:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80003500)

11:47:50 executing program 4:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[]) (async)
chdir(&(0x7f0000000140)='./file0\x00') (async)
r0 = creat(&(0x7f00000001c0)='./bus\x00', 0x0)
lseek(r0, 0x7ffffe, 0x0) (async)
write$binfmt_elf64(r0, &(0x7f0000000280)=ANY=[], 0x1a0) (async)
ioctl$FS_IOC_GET_ENCRYPTION_PWSALT(r0, 0x40106614, &(0x7f00000000c0)) (async)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r1, &(0x7f0000000040)=ANY=[], 0x8800000) (async)
r2 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0) (async)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r2, r3, 0x0, 0x80000001)

11:47:50 executing program 0:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
syz_open_procfs(0x0, &(0x7f00000001c0)='net/ip_vs_stats\x00')
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001) (fail_nth: 27)

11:47:50 executing program 1:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mount(0x0, 0x0, 0x0, 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x8000ad00)
ioctl$BTRFS_IOC_GET_DEV_STATS(0xffffffffffffffff, 0xc4089434, 0x0)

11:47:50 executing program 4:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = creat(&(0x7f00000001c0)='./bus\x00', 0x0)
lseek(r0, 0x7ffffe, 0x0)
write$binfmt_elf64(r0, &(0x7f0000000280)=ANY=[], 0x1a0)
ioctl$FS_IOC_GET_ENCRYPTION_PWSALT(r0, 0x40106614, &(0x7f00000000c0))
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r1, &(0x7f0000000040)=ANY=[], 0x8800000)
r2 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r2, r3, 0x0, 0x80000001)
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[]) (async)
chdir(&(0x7f0000000140)='./file0\x00') (async)
creat(&(0x7f00000001c0)='./bus\x00', 0x0) (async)
lseek(r0, 0x7ffffe, 0x0) (async)
write$binfmt_elf64(r0, &(0x7f0000000280)=ANY=[], 0x1a0) (async)
ioctl$FS_IOC_GET_ENCRYPTION_PWSALT(r0, 0x40106614, &(0x7f00000000c0)) (async)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0) (async)
write$binfmt_script(r1, &(0x7f0000000040)=ANY=[], 0x8800000) (async)
open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0) (async)
openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) (async)
sendfile(r2, r3, 0x0, 0x80000001) (async)

[  374.321962][T26663] loop3: detected capacity change from 0 to 262160
[  374.336588][T26665] loop4: detected capacity change from 0 to 262160
[  374.391624][T26673] loop1: detected capacity change from 0 to 262160
[  374.426446][T26675] loop4: detected capacity change from 0 to 262160
11:47:50 executing program 5:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800204)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

[  374.476350][T26678] loop0: detected capacity change from 0 to 262160
[  374.544334][T26681] loop5: detected capacity change from 0 to 262160
[  374.616080][T26684] FAULT_INJECTION: forcing a failure.
[  374.616080][T26684] name failslab, interval 1, probability 0, space 0, times 0
[  374.628787][T26684] CPU: 0 PID: 26684 Comm: syz-executor.0 Not tainted 5.18.0-rc2-syzkaller-00275-g59250f8a7f3a-dirty #0
[  374.639859][T26684] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  374.649915][T26684] Call Trace:
[  374.653192][T26684]  <TASK>
[  374.656167][T26684]  dump_stack_lvl+0xd6/0x122
[  374.660790][T26684]  dump_stack+0x11/0x12
[  374.665007][T26684]  should_fail+0x230/0x240
[  374.669441][T26684]  __should_failslab+0x81/0x90
[  374.674211][T26684]  ? mempool_alloc_slab+0x16/0x20
[  374.679311][T26684]  should_failslab+0x5/0x20
[  374.683816][T26684]  kmem_cache_alloc+0x46/0x300
[  374.688646][T26684]  mempool_alloc_slab+0x16/0x20
[  374.693502][T26684]  ? mempool_free+0x130/0x130
[  374.698282][T26684]  mempool_alloc+0x9f/0x2a0
[  374.702788][T26684]  bio_alloc_bioset+0xe4/0x730
[  374.707662][T26684]  submit_bh_wbc+0x161/0x2f0
11:47:50 executing program 3:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80003600)

[  374.712302][T26684]  __sync_dirty_buffer+0x141/0x1f0
[  374.717419][T26684]  sync_dirty_buffer+0x16/0x20
[  374.722328][T26684]  fat_mirror_bhs+0x268/0x330
[  374.727017][T26684]  fat_alloc_clusters+0x983/0xa80
[  374.732107][T26684]  fat_get_block+0x263/0x600
[  374.736767][T26684]  ? fat_block_truncate_page+0x30/0x30
[  374.742237][T26684]  __block_write_begin_int+0x33d/0xc90
[  374.747708][T26684]  ? fat_block_truncate_page+0x30/0x30
[  374.753290][T26684]  ? PageHeadHuge+0x3b/0x120
[  374.757960][T26684]  ? fat_block_truncate_page+0x30/0x30
[  374.763458][T26684]  block_write_begin+0x77/0x170
[  374.768315][T26684]  ? cont_write_begin+0x3aa/0x500
[  374.773346][T26684]  cont_write_begin+0x3cf/0x500
[  374.778221][T26684]  fat_write_begin+0x61/0xf0
[  374.782895][T26684]  ? fat_block_truncate_page+0x30/0x30
[  374.788479][T26684]  generic_perform_write+0x1d6/0x3f0
[  374.793843][T26684]  __generic_file_write_iter+0x172/0x280
[  374.799490][T26684]  ? generic_write_checks+0x256/0x290
[  374.804854][T26684]  generic_file_write_iter+0x75/0x130
[  374.810230][T26684]  do_iter_readv_writev+0x27b/0x300
11:47:51 executing program 4:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
open(&(0x7f00000000c0)='./bus\x00', 0x18001, 0xe1)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

[  374.815424][T26684]  do_iter_write+0x16f/0x5c0
[  374.820089][T26684]  ? splice_from_pipe_next+0x34f/0x3b0
[  374.825562][T26684]  vfs_iter_write+0x4c/0x70
[  374.830076][T26684]  iter_file_splice_write+0x44a/0x7c0
[  374.835547][T26684]  ? splice_from_pipe+0xc0/0xc0
[  374.840405][T26684]  direct_splice_actor+0x80/0xa0
[  374.845370][T26684]  splice_direct_to_actor+0x345/0x660
[  374.850749][T26684]  ? do_splice_direct+0x180/0x180
[  374.855779][T26684]  do_splice_direct+0xfb/0x180
[  374.860549][T26684]  do_sendfile+0x3ad/0x900
11:47:51 executing program 1:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mount(0x0, 0x0, 0x0, 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x8000ae00)
ioctl$BTRFS_IOC_GET_DEV_STATS(0xffffffffffffffff, 0xc4089434, 0x0)

[  374.865038][T26684]  __x64_sys_sendfile64+0x10c/0x150
[  374.870242][T26684]  do_syscall_64+0x2b/0x70
[  374.875121][T26684]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  374.881016][T26684] RIP: 0033:0x7f99336e60e9
[  374.885471][T26684] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[  374.905139][T26684] RSP: 002b:00007f9932e3b168 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
11:47:51 executing program 2:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800039)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

11:47:51 executing program 5:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800300)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

[  374.913556][T26684] RAX: ffffffffffffffda RBX: 00007f99337f9030 RCX: 00007f99336e60e9
[  374.921535][T26684] RDX: 0000000000000000 RSI: 000000000000000b RDI: 0000000000000004
[  374.929597][T26684] RBP: 00007f9932e3b1d0 R08: 0000000000000000 R09: 0000000000000000
[  374.937774][T26684] R10: 0000000080000001 R11: 0000000000000246 R12: 0000000000000002
[  374.945756][T26684] R13: 00007ffd90c343df R14: 00007f9932e3b300 R15: 0000000000022000
[  374.953797][T26684]  </TASK>
[  375.012320][T26693] loop1: detected capacity change from 0 to 262160
[  375.019724][T26695] loop4: detected capacity change from 0 to 262160
[  375.020660][T26696] loop3: detected capacity change from 0 to 262160
[  375.055315][T26699] loop5: detected capacity change from 0 to 262160
11:47:51 executing program 0:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
syz_open_procfs(0x0, &(0x7f00000001c0)='net/ip_vs_stats\x00')
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001) (fail_nth: 28)

[  375.192901][T26706] loop0: detected capacity change from 0 to 262160
[  375.290605][T26707] FAULT_INJECTION: forcing a failure.
[  375.290605][T26707] name failslab, interval 1, probability 0, space 0, times 0
[  375.303267][T26707] CPU: 0 PID: 26707 Comm: syz-executor.0 Not tainted 5.18.0-rc2-syzkaller-00275-g59250f8a7f3a-dirty #0
[  375.314354][T26707] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  375.324407][T26707] Call Trace:
[  375.327676][T26707]  <TASK>
[  375.330604][T26707]  dump_stack_lvl+0xd6/0x122
[  375.335230][T26707]  dump_stack+0x11/0x12
[  375.339427][T26707]  should_fail+0x230/0x240
[  375.343847][T26707]  __should_failslab+0x81/0x90
[  375.348611][T26707]  ? mempool_alloc_slab+0x16/0x20
[  375.353635][T26707]  should_failslab+0x5/0x20
[  375.358137][T26707]  kmem_cache_alloc+0x46/0x300
[  375.363050][T26707]  ? debug_smp_processor_id+0x13/0x20
[  375.368518][T26707]  ? delay_tsc+0xc1/0xe0
[  375.373025][T26707]  mempool_alloc_slab+0x16/0x20
[  375.377877][T26707]  ? mempool_free+0x130/0x130
[  375.382585][T26707]  mempool_alloc+0x9f/0x2a0
11:47:51 executing program 2:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x880003a)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

[  375.387090][T26707]  bio_alloc_bioset+0xe4/0x730
[  375.391858][T26707]  submit_bh_wbc+0x161/0x2f0
[  375.396456][T26707]  __sync_dirty_buffer+0x141/0x1f0
[  375.401636][T26707]  sync_dirty_buffer+0x16/0x20
[  375.406407][T26707]  fat_mirror_bhs+0x268/0x330
[  375.411088][T26707]  fat_ent_write+0xc2/0xd0
[  375.415515][T26707]  fat_chain_add+0x15b/0x410
[  375.420170][T26707]  fat_get_block+0x486/0x600
[  375.424769][T26707]  ? fat_block_truncate_page+0x30/0x30
[  375.430232][T26707]  __block_write_begin_int+0x33d/0xc90
[  375.435787][T26707]  ? fat_block_truncate_page+0x30/0x30
[  375.441324][T26707]  ? PageHeadHuge+0x3b/0x120
[  375.445953][T26707]  ? fat_block_truncate_page+0x30/0x30
[  375.451434][T26707]  block_write_begin+0x77/0x170
[  375.456285][T26707]  ? cont_write_begin+0x3aa/0x500
[  375.461352][T26707]  cont_write_begin+0x3cf/0x500
[  375.466278][T26707]  fat_write_begin+0x61/0xf0
[  375.470876][T26707]  ? fat_block_truncate_page+0x30/0x30
[  375.476347][T26707]  generic_perform_write+0x1d6/0x3f0
[  375.481697][T26707]  __generic_file_write_iter+0x172/0x280
11:47:51 executing program 4:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[]) (async)
chdir(&(0x7f0000000140)='./file0\x00') (async)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0) (async)
open(&(0x7f00000000c0)='./bus\x00', 0x18001, 0xe1)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000) (async)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0) (async)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

[  375.487335][T26707]  ? generic_write_checks+0x256/0x290
[  375.492708][T26707]  generic_file_write_iter+0x75/0x130
[  375.498085][T26707]  do_iter_readv_writev+0x27b/0x300
[  375.503295][T26707]  do_iter_write+0x16f/0x5c0
[  375.507968][T26707]  ? splice_from_pipe_next+0x34f/0x3b0
[  375.513546][T26707]  vfs_iter_write+0x4c/0x70
[  375.518111][T26707]  iter_file_splice_write+0x44a/0x7c0
[  375.523525][T26707]  ? splice_from_pipe+0xc0/0xc0
[  375.528407][T26707]  direct_splice_actor+0x80/0xa0
[  375.533475][T26707]  splice_direct_to_actor+0x345/0x660
[  375.538851][T26707]  ? do_splice_direct+0x180/0x180
[  375.543944][T26707]  do_splice_direct+0xfb/0x180
[  375.548742][T26707]  do_sendfile+0x3ad/0x900
[  375.553153][T26707]  __x64_sys_sendfile64+0x10c/0x150
[  375.558409][T26707]  do_syscall_64+0x2b/0x70
[  375.562911][T26707]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  375.568805][T26707] RIP: 0033:0x7f99336e60e9
11:47:51 executing program 3:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80003700)

11:47:51 executing program 1:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mount(0x0, 0x0, 0x0, 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x8000b100)
ioctl$BTRFS_IOC_GET_DEV_STATS(0xffffffffffffffff, 0xc4089434, 0x0)

11:47:51 executing program 5:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800402)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

[  375.573213][T26707] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[  375.592930][T26707] RSP: 002b:00007f9932e3b168 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[  375.601346][T26707] RAX: ffffffffffffffda RBX: 00007f99337f9030 RCX: 00007f99336e60e9
[  375.609318][T26707] RDX: 0000000000000000 RSI: 000000000000000b RDI: 0000000000000004
[  375.617391][T26707] RBP: 00007f9932e3b1d0 R08: 0000000000000000 R09: 0000000000000000
[  375.625435][T26707] R10: 0000000080000001 R11: 0000000000000246 R12: 0000000000000002
[  375.633408][T26707] R13: 00007ffd90c343df R14: 00007f9932e3b300 R15: 0000000000022000
[  375.641385][T26707]  </TASK>
[  375.703601][T26712] loop3: detected capacity change from 0 to 262160
[  375.711983][T26715] loop1: detected capacity change from 0 to 262160
[  375.719374][T26716] loop4: detected capacity change from 0 to 262160
11:47:51 executing program 4:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
open(&(0x7f00000000c0)='./bus\x00', 0x18001, 0xe1)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[]) (async)
chdir(&(0x7f0000000140)='./file0\x00') (async)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0) (async)
open(&(0x7f00000000c0)='./bus\x00', 0x18001, 0xe1) (async)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000) (async)
open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0) (async)
openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) (async)
sendfile(r1, r2, 0x0, 0x80000001) (async)

11:47:51 executing program 0:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
syz_open_procfs(0x0, &(0x7f00000001c0)='net/ip_vs_stats\x00')
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001) (fail_nth: 29)

[  375.807420][T26723] loop5: detected capacity change from 0 to 262160
[  375.852086][T26728] loop0: detected capacity change from 0 to 262160
[  375.899910][ T1906] ==================================================================
[  375.908004][ T1906] BUG: KCSAN: data-race in copy_page_to_iter / fat16_ent_put
[  375.915380][ T1906] 
[  375.917700][ T1906] write to 0xffff88814e3f03a6 of 2 bytes by task 26715 on cpu 0:
[  375.925410][ T1906]  fat16_ent_put+0x24/0x50
[  375.929834][ T1906]  fat_alloc_clusters+0x47d/0xa80
[  375.934863][ T1906]  fat_get_block+0x263/0x600
[  375.939461][ T1906]  __block_write_begin_int+0x33d/0xc90
[  375.944926][ T1906]  block_write_begin+0x77/0x170
[  375.949784][ T1906]  cont_write_begin+0x3cf/0x500
[  375.954637][ T1906]  fat_write_begin+0x61/0xf0
[  375.959231][ T1906]  generic_perform_write+0x1d6/0x3f0
[  375.964513][ T1906]  __generic_file_write_iter+0xe3/0x280
[  375.970063][ T1906]  generic_file_write_iter+0x75/0x130
[  375.975429][ T1906]  vfs_write+0x71c/0x890
[  375.979671][ T1906]  ksys_write+0xe8/0x1a0
[  375.983915][ T1906]  __x64_sys_write+0x3e/0x50
[  375.988507][ T1906]  do_syscall_64+0x2b/0x70
[  375.992922][ T1906]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  375.998811][ T1906] 
[  376.001130][ T1906] read to 0xffff88814e3f0000 of 4096 bytes by task 1906 on cpu 1:
[  376.008926][ T1906]  copy_page_to_iter+0x415/0x7b0
[  376.013884][ T1906]  filemap_read+0x10b2/0x1400
[  376.018556][ T1906]  blkdev_read_iter+0x2c6/0x370
[  376.023407][ T1906]  vfs_read+0x5a5/0x6a0
[  376.027564][ T1906]  ksys_read+0xe8/0x1a0
[  376.031721][ T1906]  __x64_sys_read+0x3e/0x50
[  376.036241][ T1906]  do_syscall_64+0x2b/0x70
[  376.040659][ T1906]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  376.046553][ T1906] 
11:47:52 executing program 3:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80003800)

11:47:52 executing program 1:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x3, 0x4, &(0x7f0000000400)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}, {&(0x7f0000000180)="77536f2b02e13b3a4d462810ecb04c2a995f4707fcbc9c2b3993efa3a3d12614034d6cc2a7274cd68437fbfb250a0446075075067f9780636a8af9826f9f9692481b193776b02948b7408935f7780e5ffd1d4a422c0487210742af6967001f3457280e2b92e4b1900928bf43b4a95e1d5e4ee1b7623e4eede9708df4ebb0531f9c7c4c62", 0x84, 0x3}, {&(0x7f0000000300)="b3ec5bc7933a430295aaf9beb90a3c7fc016f81a4f68f52e73fac5e0d9e8b07bc98cfda06e3ef9f108e795e2e2e6c76785c07089830d387df717d021af98ef98d114d678dd07bfa079196f53305039dfdf576695a50d9ba60c7bc2525ddb07ba9b83832c2fbac63b828786242f8af61951ce67fd6f8a6c52ea8350feaad59fbf56a23604f2b78faabe27d7922a1c0e1a3362aac2b0adb6533d5a58224d2ae6db3cf22c7f075747c8fba63a287ebea63eeeffb1f13be22067d4ae9252652e98effc6612c279aaa2bc8f8f8f326da820e1aa873f80f3f1295a32b37041f092e1e3a05aaacce97c", 0xe6, 0xbaf}], 0x3214014, &(0x7f00000000c0)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mount(0x0, 0x0, 0x0, 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)
ioctl$BTRFS_IOC_GET_DEV_STATS(0xffffffffffffffff, 0xc4089434, 0x0)

11:47:52 executing program 4:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

[  376.048864][ T1906] Reported by Kernel Concurrency Sanitizer on:
[  376.055001][ T1906] CPU: 1 PID: 1906 Comm: udevd Not tainted 5.18.0-rc2-syzkaller-00275-g59250f8a7f3a-dirty #0
[  376.065150][ T1906] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  376.075202][ T1906] ==================================================================
11:47:52 executing program 5:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800406)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

[  376.140953][T26743] loop3: detected capacity change from 0 to 262160
[  376.148171][T26745] loop4: detected capacity change from 0 to 262160
[  376.180507][T26728] FAULT_INJECTION: forcing a failure.
[  376.180507][T26728] name failslab, interval 1, probability 0, space 0, times 0
[  376.193162][T26728] CPU: 0 PID: 26728 Comm: syz-executor.0 Not tainted 5.18.0-rc2-syzkaller-00275-g59250f8a7f3a-dirty #0
[  376.204188][T26728] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  376.214249][T26728] Call Trace:
[  376.217579][T26728]  <TASK>
[  376.220520][T26728]  dump_stack_lvl+0xd6/0x122
[  376.225110][T26728]  dump_stack+0x11/0x12
[  376.229267][T26728]  should_fail+0x230/0x240
[  376.233809][T26728]  __should_failslab+0x81/0x90
[  376.238641][T26728]  ? jbd2__journal_start+0xa1/0x290
[  376.243852][T26728]  should_failslab+0x5/0x20
[  376.248380][T26728]  kmem_cache_alloc+0x46/0x300
[  376.253153][T26728]  ? ktime_get_coarse_real_ts64+0x10d/0x120
[  376.259055][T26728]  jbd2__journal_start+0xa1/0x290
[  376.264132][T26728]  __ext4_journal_start_sb+0x10f/0x280
[  376.269600][T26728]  ext4_file_write_iter+0x6ed/0xdf0
[  376.274802][T26728]  ? ext4_file_write_iter+0x351/0xdf0
[  376.280182][T26728]  do_iter_readv_writev+0x27b/0x300
[  376.285383][T26728]  do_iter_write+0x16f/0x5c0
[  376.290028][T26728]  vfs_iter_write+0x4c/0x70
[  376.294582][T26728]  iter_file_splice_write+0x44a/0x7c0
[  376.299964][T26728]  ? splice_from_pipe+0xc0/0xc0
[  376.304819][T26728]  direct_splice_actor+0x80/0xa0
[  376.309763][T26728]  splice_direct_to_actor+0x345/0x660
[  376.315145][T26728]  ? do_splice_direct+0x180/0x180
[  376.320176][T26728]  do_splice_direct+0xfb/0x180
[  376.325005][T26728]  do_sendfile+0x3ad/0x900
[  376.329459][T26728]  __x64_sys_sendfile64+0x10c/0x150
[  376.334718][T26728]  do_syscall_64+0x2b/0x70
[  376.339140][T26728]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  376.345040][T26728] RIP: 0033:0x7f99336e60e9
[  376.349457][T26728] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[  376.369067][T26728] RSP: 002b:00007f9932e5c168 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[  376.377538][T26728] RAX: ffffffffffffffda RBX: 00007f99337f8f60 RCX: 00007f99336e60e9
11:47:52 executing program 2:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x880003b)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

[  376.385629][T26728] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000003
[  376.393600][T26728] RBP: 00007f9932e5c1d0 R08: 0000000000000000 R09: 0000000000000000
[  376.401578][T26728] R10: 0000000080000001 R11: 0000000000000246 R12: 0000000000000002
[  376.409549][T26728] R13: 00007ffd90c343df R14: 00007f9932e5c300 R15: 0000000000022000
[  376.417521][T26728]  </TASK>
11:47:52 executing program 3:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80003900)

[  376.445724][T26752] loop5: detected capacity change from 0 to 262160
[  376.563002][T26756] loop3: detected capacity change from 0 to 262160
11:47:52 executing program 0:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
syz_open_procfs(0x0, &(0x7f00000001c0)='net/ip_vs_stats\x00')
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001) (fail_nth: 30)

11:47:52 executing program 5:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800408)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

11:47:52 executing program 3:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80003a00)

[  376.795680][T26761] loop5: detected capacity change from 0 to 262160
[  376.813344][T26763] loop3: detected capacity change from 0 to 262160
[  376.856636][T26765] loop0: detected capacity change from 0 to 262160
11:47:53 executing program 4:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

11:47:53 executing program 1:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x3, 0x4, &(0x7f0000000400)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}, {&(0x7f0000000180)="77536f2b02e13b3a4d462810ecb04c2a995f4707fcbc9c2b3993efa3a3d12614034d6cc2a7274cd68437fbfb250a0446075075067f9780636a8af9826f9f9692481b193776b02948b7408935f7780e5ffd1d4a422c0487210742af6967001f3457280e2b92e4b1900928bf43b4a95e1d5e4ee1b7623e4eede9708df4ebb0531f9c7c4c62", 0x84, 0x3}, {&(0x7f0000000300)="b3ec5bc7933a430295aaf9beb90a3c7fc016f81a4f68f52e73fac5e0d9e8b07bc98cfda06e3ef9f108e795e2e2e6c76785c07089830d387df717d021af98ef98d114d678dd07bfa079196f53305039dfdf576695a50d9ba60c7bc2525ddb07ba9b83832c2fbac63b828786242f8af61951ce67fd6f8a6c52ea8350feaad59fbf56a23604f2b78faabe27d7922a1c0e1a3362aac2b0adb6533d5a58224d2ae6db3cf22c7f075747c8fba63a287ebea63eeeffb1f13be22067d4ae9252652e98effc6612c279aaa2bc8f8f8f326da820e1aa873f80f3f1295a32b37041f092e1e3a05aaacce97c", 0xe6, 0xbaf}], 0x3214014, &(0x7f00000000c0)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mount(0x0, 0x0, 0x0, 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)
ioctl$BTRFS_IOC_GET_DEV_STATS(0xffffffffffffffff, 0xc4089434, 0x0)
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x3, 0x4, &(0x7f0000000400)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}, {&(0x7f0000000180)="77536f2b02e13b3a4d462810ecb04c2a995f4707fcbc9c2b3993efa3a3d12614034d6cc2a7274cd68437fbfb250a0446075075067f9780636a8af9826f9f9692481b193776b02948b7408935f7780e5ffd1d4a422c0487210742af6967001f3457280e2b92e4b1900928bf43b4a95e1d5e4ee1b7623e4eede9708df4ebb0531f9c7c4c62", 0x84, 0x3}, {&(0x7f0000000300)="b3ec5bc7933a430295aaf9beb90a3c7fc016f81a4f68f52e73fac5e0d9e8b07bc98cfda06e3ef9f108e795e2e2e6c76785c07089830d387df717d021af98ef98d114d678dd07bfa079196f53305039dfdf576695a50d9ba60c7bc2525ddb07ba9b83832c2fbac63b828786242f8af61951ce67fd6f8a6c52ea8350feaad59fbf56a23604f2b78faabe27d7922a1c0e1a3362aac2b0adb6533d5a58224d2ae6db3cf22c7f075747c8fba63a287ebea63eeeffb1f13be22067d4ae9252652e98effc6612c279aaa2bc8f8f8f326da820e1aa873f80f3f1295a32b37041f092e1e3a05aaacce97c", 0xe6, 0xbaf}], 0x3214014, &(0x7f00000000c0)=ANY=[]) (async)
chdir(&(0x7f0000000140)='./file0\x00') (async)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0) (async)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000) (async)
open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0) (async)
openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) (async)
mount(0x0, 0x0, 0x0, 0x0, 0x0) (async)
sendfile(r1, r2, 0x0, 0x80000001) (async)
ioctl$BTRFS_IOC_GET_DEV_STATS(0xffffffffffffffff, 0xc4089434, 0x0) (async)

[  377.074015][T26765] FAULT_INJECTION: forcing a failure.
[  377.074015][T26765] name failslab, interval 1, probability 0, space 0, times 0
[  377.082090][T26770] loop4: detected capacity change from 0 to 262160
[  377.086675][T26765] CPU: 1 PID: 26765 Comm: syz-executor.0 Not tainted 5.18.0-rc2-syzkaller-00275-g59250f8a7f3a-dirty #0
[  377.104115][T26765] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  377.114238][T26765] Call Trace:
[  377.117508][T26765]  <TASK>
[  377.120436][T26765]  dump_stack_lvl+0xd6/0x122
[  377.125082][T26765]  dump_stack+0x11/0x12
[  377.129227][T26765]  should_fail+0x230/0x240
[  377.133711][T26765]  __should_failslab+0x81/0x90
[  377.138538][T26765]  ? jbd2__journal_start+0xa1/0x290
[  377.143799][T26765]  should_failslab+0x5/0x20
[  377.148285][T26765]  kmem_cache_alloc+0x46/0x300
[  377.153035][T26765]  ? ktime_get_coarse_real_ts64+0x10d/0x120
[  377.158919][T26765]  jbd2__journal_start+0xa1/0x290
[  377.163934][T26765]  __ext4_journal_start_sb+0x10f/0x280
[  377.169462][T26765]  ext4_file_write_iter+0x6ed/0xdf0
[  377.174654][T26765]  ? ext4_file_write_iter+0x351/0xdf0
[  377.180142][T26765]  do_iter_readv_writev+0x27b/0x300
[  377.185329][T26765]  do_iter_write+0x16f/0x5c0
[  377.189914][T26765]  ? splice_from_pipe_next+0x34f/0x3b0
[  377.195364][T26765]  vfs_iter_write+0x4c/0x70
[  377.199862][T26765]  iter_file_splice_write+0x44a/0x7c0
[  377.205265][T26765]  ? splice_from_pipe+0xc0/0xc0
[  377.210102][T26765]  direct_splice_actor+0x80/0xa0
[  377.215108][T26765]  splice_direct_to_actor+0x345/0x660
[  377.220469][T26765]  ? do_splice_direct+0x180/0x180
[  377.225482][T26765]  do_splice_direct+0xfb/0x180
[  377.230235][T26765]  do_sendfile+0x3ad/0x900
[  377.234718][T26765]  __x64_sys_sendfile64+0x10c/0x150
[  377.240026][T26765]  do_syscall_64+0x2b/0x70
[  377.244537][T26765]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  377.250514][T26765] RIP: 0033:0x7f99336e60e9
[  377.254915][T26765] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[  377.274508][T26765] RSP: 002b:00007f9932e5c168 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[  377.282983][T26765] RAX: ffffffffffffffda RBX: 00007f99337f8f60 RCX: 00007f99336e60e9
[  377.290946][T26765] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000003
[  377.298903][T26765] RBP: 00007f9932e5c1d0 R08: 0000000000000000 R09: 0000000000000000
[  377.306857][T26765] R10: 0000000080000001 R11: 0000000000000246 R12: 0000000000000002
[  377.314877][T26765] R13: 00007ffd90c343df R14: 00007f9932e5c300 R15: 0000000000022000
11:47:53 executing program 5:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800500)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

11:47:53 executing program 2:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x880003c)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

11:47:53 executing program 3:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80003b00)

[  377.322876][T26765]  </TASK>
[  377.327873][T26772] loop1: detected capacity change from 0 to 262160
[  377.378521][T26776] loop5: detected capacity change from 0 to 262160
[  377.403900][T26772] FAT-fs (loop1): invalid media value (0x47)
[  377.409929][T26772] FAT-fs (loop1): Can't find a valid FAT filesystem
[  377.444529][T26781] loop3: detected capacity change from 0 to 262160
11:47:53 executing program 1:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x3, 0x4, &(0x7f0000000400)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}, {&(0x7f0000000180)="77536f2b02e13b3a4d462810ecb04c2a995f4707fcbc9c2b3993efa3a3d12614034d6cc2a7274cd68437fbfb250a0446075075067f9780636a8af9826f9f9692481b193776b02948b7408935f7780e5ffd1d4a422c0487210742af6967001f3457280e2b92e4b1900928bf43b4a95e1d5e4ee1b7623e4eede9708df4ebb0531f9c7c4c62", 0x84, 0x3}, {&(0x7f0000000300)="b3ec5bc7933a430295aaf9beb90a3c7fc016f81a4f68f52e73fac5e0d9e8b07bc98cfda06e3ef9f108e795e2e2e6c76785c07089830d387df717d021af98ef98d114d678dd07bfa079196f53305039dfdf576695a50d9ba60c7bc2525ddb07ba9b83832c2fbac63b828786242f8af61951ce67fd6f8a6c52ea8350feaad59fbf56a23604f2b78faabe27d7922a1c0e1a3362aac2b0adb6533d5a58224d2ae6db3cf22c7f075747c8fba63a287ebea63eeeffb1f13be22067d4ae9252652e98effc6612c279aaa2bc8f8f8f326da820e1aa873f80f3f1295a32b37041f092e1e3a05aaacce97c", 0xe6, 0xbaf}], 0x3214014, &(0x7f00000000c0)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mount(0x0, 0x0, 0x0, 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)
ioctl$BTRFS_IOC_GET_DEV_STATS(0xffffffffffffffff, 0xc4089434, 0x0)
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x3, 0x4, &(0x7f0000000400)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}, {&(0x7f0000000180)="77536f2b02e13b3a4d462810ecb04c2a995f4707fcbc9c2b3993efa3a3d12614034d6cc2a7274cd68437fbfb250a0446075075067f9780636a8af9826f9f9692481b193776b02948b7408935f7780e5ffd1d4a422c0487210742af6967001f3457280e2b92e4b1900928bf43b4a95e1d5e4ee1b7623e4eede9708df4ebb0531f9c7c4c62", 0x84, 0x3}, {&(0x7f0000000300)="b3ec5bc7933a430295aaf9beb90a3c7fc016f81a4f68f52e73fac5e0d9e8b07bc98cfda06e3ef9f108e795e2e2e6c76785c07089830d387df717d021af98ef98d114d678dd07bfa079196f53305039dfdf576695a50d9ba60c7bc2525ddb07ba9b83832c2fbac63b828786242f8af61951ce67fd6f8a6c52ea8350feaad59fbf56a23604f2b78faabe27d7922a1c0e1a3362aac2b0adb6533d5a58224d2ae6db3cf22c7f075747c8fba63a287ebea63eeeffb1f13be22067d4ae9252652e98effc6612c279aaa2bc8f8f8f326da820e1aa873f80f3f1295a32b37041f092e1e3a05aaacce97c", 0xe6, 0xbaf}], 0x3214014, &(0x7f00000000c0)=ANY=[]) (async)
chdir(&(0x7f0000000140)='./file0\x00') (async)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0) (async)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000) (async)
open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0) (async)
openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) (async)
mount(0x0, 0x0, 0x0, 0x0, 0x0) (async)
sendfile(r1, r2, 0x0, 0x80000001) (async)
ioctl$BTRFS_IOC_GET_DEV_STATS(0xffffffffffffffff, 0xc4089434, 0x0) (async)

[  377.548070][T26788] loop1: detected capacity change from 0 to 262160
[  377.578502][T26788] FAT-fs (loop1): invalid media value (0x47)
[  377.584548][T26788] FAT-fs (loop1): Can't find a valid FAT filesystem
11:47:53 executing program 3:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80003c00)

11:47:53 executing program 5:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800600)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

11:47:53 executing program 0:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
syz_open_procfs(0x0, &(0x7f00000001c0)='net/ip_vs_stats\x00')
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001) (fail_nth: 31)

11:47:53 executing program 1:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mount(0x0, 0x0, 0x0, 0x0, 0x0)
chdir(&(0x7f00000000c0)='./bus/file0\x00')
sendfile(r1, r2, 0x0, 0x80000001)
prctl$PR_SET_MM_EXE_FILE(0x23, 0xd, 0xffffffffffffffff)
ioctl$BTRFS_IOC_GET_DEV_STATS(0xffffffffffffffff, 0xc4089434, 0x0)
r3 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000180)='/proc/sysvipc/msg\x00', 0x0, 0x0)
getdents(r3, &(0x7f00000001c0)=""/19, 0x13)

[  377.726573][T26798] loop1: detected capacity change from 0 to 262160
[  377.756199][T26802] loop3: detected capacity change from 0 to 262160
[  377.768370][T26800] loop5: detected capacity change from 0 to 262160
[  377.805385][T26805] loop0: detected capacity change from 0 to 262160
[  377.917241][T26809] FAULT_INJECTION: forcing a failure.
[  377.917241][T26809] name failslab, interval 1, probability 0, space 0, times 0
[  377.930083][T26809] CPU: 1 PID: 26809 Comm: syz-executor.0 Not tainted 5.18.0-rc2-syzkaller-00275-g59250f8a7f3a-dirty #0
[  377.941121][T26809] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  377.951173][T26809] Call Trace:
[  377.954453][T26809]  <TASK>
[  377.957423][T26809]  dump_stack_lvl+0xd6/0x122
[  377.962030][T26809]  dump_stack+0x11/0x12
[  377.966288][T26809]  should_fail+0x230/0x240
[  377.970720][T26809]  __should_failslab+0x81/0x90
[  377.975534][T26809]  ? mempool_alloc_slab+0x16/0x20
[  377.980586][T26809]  should_failslab+0x5/0x20
[  377.985153][T26809]  kmem_cache_alloc+0x46/0x300
[  377.989921][T26809]  mempool_alloc_slab+0x16/0x20
[  377.994810][T26809]  ? mempool_free+0x130/0x130
[  377.999484][T26809]  mempool_alloc+0x9f/0x2a0
[  378.004136][T26809]  bio_alloc_bioset+0xe4/0x730
[  378.008910][T26809]  submit_bh_wbc+0x161/0x2f0
11:47:54 executing program 1:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[]) (async)
chdir(&(0x7f0000000140)='./file0\x00') (async)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000) (async)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mount(0x0, 0x0, 0x0, 0x0, 0x0) (async)
chdir(&(0x7f00000000c0)='./bus/file0\x00')
sendfile(r1, r2, 0x0, 0x80000001)
prctl$PR_SET_MM_EXE_FILE(0x23, 0xd, 0xffffffffffffffff)
ioctl$BTRFS_IOC_GET_DEV_STATS(0xffffffffffffffff, 0xc4089434, 0x0)
r3 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000180)='/proc/sysvipc/msg\x00', 0x0, 0x0)
getdents(r3, &(0x7f00000001c0)=""/19, 0x13)

11:47:54 executing program 4:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[]) (async, rerun: 32)
chdir(&(0x7f0000000140)='./file0\x00') (async, rerun: 32)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000) (async)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0) (async)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

11:47:54 executing program 3:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80003d00)

[  378.013510][T26809]  write_dirty_buffer+0xdb/0xe0
[  378.018367][T26809]  fat_sync_bhs+0x52/0x160
[  378.022867][T26809]  fat_ent_write+0x85/0xd0
[  378.027388][T26809]  fat_chain_add+0x15b/0x410
[  378.031985][T26809]  fat_get_block+0x486/0x600
[  378.036584][T26809]  ? fat_block_truncate_page+0x30/0x30
[  378.042181][T26809]  __block_write_begin_int+0x33d/0xc90
[  378.047651][T26809]  ? fat_block_truncate_page+0x30/0x30
[  378.053194][T26809]  ? PageHeadHuge+0x3b/0x120
[  378.057786][T26809]  ? fat_block_truncate_page+0x30/0x30
[  378.063263][T26809]  block_write_begin+0x77/0x170
11:47:54 executing program 2:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x880003d)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

11:47:54 executing program 5:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800604)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

[  378.068117][T26809]  ? cont_write_begin+0x3aa/0x500
[  378.073147][T26809]  cont_write_begin+0x3cf/0x500
[  378.078080][T26809]  fat_write_begin+0x61/0xf0
[  378.082677][T26809]  ? fat_block_truncate_page+0x30/0x30
[  378.088169][T26809]  generic_perform_write+0x1d6/0x3f0
[  378.093471][T26809]  __generic_file_write_iter+0x172/0x280
[  378.099108][T26809]  ? generic_write_checks+0x256/0x290
[  378.104579][T26809]  generic_file_write_iter+0x75/0x130
[  378.110008][T26809]  do_iter_readv_writev+0x27b/0x300
[  378.115204][T26809]  do_iter_write+0x16f/0x5c0
[  378.119870][T26809]  ? splice_from_pipe_next+0x34f/0x3b0
[  378.125360][T26809]  vfs_iter_write+0x4c/0x70
[  378.129863][T26809]  iter_file_splice_write+0x44a/0x7c0
[  378.135246][T26809]  ? splice_from_pipe+0xc0/0xc0
[  378.140132][T26809]  direct_splice_actor+0x80/0xa0
[  378.145134][T26809]  splice_direct_to_actor+0x345/0x660
[  378.150559][T26809]  ? do_splice_direct+0x180/0x180
[  378.155676][T26809]  do_splice_direct+0xfb/0x180
[  378.160477][T26809]  do_sendfile+0x3ad/0x900
[  378.164984][T26809]  __x64_sys_sendfile64+0x10c/0x150
[  378.170255][T26809]  do_syscall_64+0x2b/0x70
[  378.174679][T26809]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  378.180603][T26809] RIP: 0033:0x7f99336e60e9
[  378.185014][T26809] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[  378.204622][T26809] RSP: 002b:00007f9932e3b168 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
11:47:54 executing program 2:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x880003e)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

[  378.213031][T26809] RAX: ffffffffffffffda RBX: 00007f99337f9030 RCX: 00007f99336e60e9
[  378.220998][T26809] RDX: 0000000000000000 RSI: 000000000000000b RDI: 0000000000000004
[  378.228961][T26809] RBP: 00007f9932e3b1d0 R08: 0000000000000000 R09: 0000000000000000
[  378.236989][T26809] R10: 0000000080000001 R11: 0000000000000246 R12: 0000000000000002
[  378.244953][T26809] R13: 00007ffd90c343df R14: 00007f9932e3b300 R15: 0000000000022000
[  378.252920][T26809]  </TASK>
[  378.332488][T26816] loop3: detected capacity change from 0 to 262160
[  378.341135][T26819] loop1: detected capacity change from 0 to 262160
[  378.344060][T26821] loop5: detected capacity change from 0 to 262160
11:47:54 executing program 0:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
syz_open_procfs(0x0, &(0x7f00000001c0)='net/ip_vs_stats\x00')
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001) (fail_nth: 32)

11:47:54 executing program 1:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mount(0x0, 0x0, 0x0, 0x0, 0x0)
chdir(&(0x7f00000000c0)='./bus/file0\x00')
sendfile(r1, r2, 0x0, 0x80000001)
prctl$PR_SET_MM_EXE_FILE(0x23, 0xd, 0xffffffffffffffff)
ioctl$BTRFS_IOC_GET_DEV_STATS(0xffffffffffffffff, 0xc4089434, 0x0)
r3 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000180)='/proc/sysvipc/msg\x00', 0x0, 0x0)
getdents(r3, &(0x7f00000001c0)=""/19, 0x13)
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[]) (async)
chdir(&(0x7f0000000140)='./file0\x00') (async)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0) (async)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000) (async)
open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0) (async)
openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) (async)
mount(0x0, 0x0, 0x0, 0x0, 0x0) (async)
chdir(&(0x7f00000000c0)='./bus/file0\x00') (async)
sendfile(r1, r2, 0x0, 0x80000001) (async)
prctl$PR_SET_MM_EXE_FILE(0x23, 0xd, 0xffffffffffffffff) (async)
ioctl$BTRFS_IOC_GET_DEV_STATS(0xffffffffffffffff, 0xc4089434, 0x0) (async)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000180)='/proc/sysvipc/msg\x00', 0x0, 0x0) (async)
getdents(r3, &(0x7f00000001c0)=""/19, 0x13) (async)

[  378.397143][T26826] loop4: detected capacity change from 0 to 262160
11:47:54 executing program 4:
r0 = syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./bus\x00')
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r1, &(0x7f0000000040)=ANY=[], 0x8800000)
open(&(0x7f0000000180)='./bus\x00', 0x200800, 0x4)
openat(r0, &(0x7f00000000c0)='./file0\x00', 0x321000, 0x0)
r2 = open(&(0x7f0000000080)='./bus\x00', 0x145a01, 0x0)
openat(0xffffffffffffffff, &(0x7f0000000280)='./file0\x00', 0x2000, 0x140)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x201, 0x0)
creat(&(0x7f0000000200)='./file0\x00', 0x38)
sendfile(r2, r3, 0x0, 0x80000001)
setsockopt$inet_sctp6_SCTP_AUTO_ASCONF(r2, 0x84, 0x1e, &(0x7f0000000300)=0x7fff, 0x4)
write$P9_RREADLINK(r3, &(0x7f00000001c0)={0x10, 0x17, 0x1, {0x7, './file1'}}, 0x10)

[  378.481799][T26834] loop0: detected capacity change from 0 to 262160
[  378.510456][T26836] loop1: detected capacity change from 0 to 262160
[  378.607296][T26837] FAULT_INJECTION: forcing a failure.
[  378.607296][T26837] name failslab, interval 1, probability 0, space 0, times 0
[  378.619955][T26837] CPU: 0 PID: 26837 Comm: syz-executor.0 Not tainted 5.18.0-rc2-syzkaller-00275-g59250f8a7f3a-dirty #0
[  378.630982][T26837] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  378.641107][T26837] Call Trace:
[  378.644455][T26837]  <TASK>
[  378.647386][T26837]  dump_stack_lvl+0xd6/0x122
[  378.652014][T26837]  dump_stack+0x11/0x12
11:47:54 executing program 1:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
creat(&(0x7f0000000180)='./bus\x00', 0x98)
mount(0x0, 0x0, 0x0, 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)
ioctl$BTRFS_IOC_GET_DEV_STATS(0xffffffffffffffff, 0xc4089434, 0x0)
connect$rds(r0, &(0x7f00000000c0)={0x2, 0x4e23, @multicast2}, 0x10)

[  378.656243][T26837]  should_fail+0x230/0x240
[  378.660732][T26837]  __should_failslab+0x81/0x90
[  378.665619][T26837]  ? mempool_alloc_slab+0x16/0x20
[  378.671066][T26837]  should_failslab+0x5/0x20
[  378.675610][T26837]  kmem_cache_alloc+0x46/0x300
[  378.680428][T26837]  mempool_alloc_slab+0x16/0x20
[  378.685284][T26837]  ? mempool_free+0x130/0x130
[  378.690046][T26837]  mempool_alloc+0x9f/0x2a0
[  378.694571][T26837]  ? __schedule+0x514/0x6c0
[  378.699078][T26837]  bio_alloc_bioset+0xe4/0x730
[  378.703873][T26837]  submit_bh_wbc+0x161/0x2f0
[  378.708483][T26837]  write_dirty_buffer+0xdb/0xe0
[  378.713461][T26837]  fat_sync_bhs+0x52/0x160
[  378.717942][T26837]  fat_alloc_clusters+0x935/0xa80
[  378.723001][T26837]  fat_get_block+0x263/0x600
[  378.727630][T26837]  ? fat_block_truncate_page+0x30/0x30
[  378.733100][T26837]  __block_write_begin_int+0x33d/0xc90
[  378.738566][T26837]  ? fat_block_truncate_page+0x30/0x30
[  378.744043][T26837]  ? PageHeadHuge+0x3b/0x120
[  378.748685][T26837]  ? fat_block_truncate_page+0x30/0x30
11:47:54 executing program 5:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800700)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

[  378.754203][T26837]  block_write_begin+0x77/0x170
[  378.759057][T26837]  ? cont_write_begin+0x3aa/0x500
[  378.764232][T26837]  cont_write_begin+0x3cf/0x500
[  378.769134][T26837]  fat_write_begin+0x61/0xf0
[  378.774042][T26837]  ? fat_block_truncate_page+0x30/0x30
[  378.779590][T26837]  generic_perform_write+0x1d6/0x3f0
[  378.784938][T26837]  __generic_file_write_iter+0x172/0x280
[  378.790701][T26837]  ? generic_write_checks+0x256/0x290
[  378.796162][T26837]  generic_file_write_iter+0x75/0x130
[  378.801633][T26837]  do_iter_readv_writev+0x27b/0x300
11:47:54 executing program 3:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80003e00)

[  378.806837][T26837]  do_iter_write+0x16f/0x5c0
[  378.811481][T26837]  vfs_iter_write+0x4c/0x70
[  378.816054][T26837]  iter_file_splice_write+0x44a/0x7c0
[  378.821436][T26837]  ? splice_from_pipe+0xc0/0xc0
[  378.826291][T26837]  direct_splice_actor+0x80/0xa0
[  378.831268][T26837]  splice_direct_to_actor+0x345/0x660
[  378.836736][T26837]  ? do_splice_direct+0x180/0x180
[  378.841846][T26837]  do_splice_direct+0xfb/0x180
[  378.846618][T26837]  do_sendfile+0x3ad/0x900
[  378.851036][T26837]  __x64_sys_sendfile64+0x10c/0x150
11:47:55 executing program 2:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800041)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

[  378.856340][T26837]  do_syscall_64+0x2b/0x70
[  378.860893][T26837]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  378.866833][T26837] RIP: 0033:0x7f99336e60e9
[  378.871316][T26837] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[  378.890948][T26837] RSP: 002b:00007f9932e3b168 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[  378.899363][T26837] RAX: ffffffffffffffda RBX: 00007f99337f9030 RCX: 00007f99336e60e9
[  378.907338][T26837] RDX: 0000000000000000 RSI: 000000000000000b RDI: 0000000000000004
[  378.915316][T26837] RBP: 00007f9932e3b1d0 R08: 0000000000000000 R09: 0000000000000000
[  378.923288][T26837] R10: 0000000080000001 R11: 0000000000000246 R12: 0000000000000002
[  378.931258][T26837] R13: 00007ffd90c343df R14: 00007f9932e3b300 R15: 0000000000022000
[  378.939300][T26837]  </TASK>
11:47:55 executing program 4:
r0 = syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[]) (async)
chdir(&(0x7f0000000140)='./bus\x00') (async)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r1, &(0x7f0000000040)=ANY=[], 0x8800000)
open(&(0x7f0000000180)='./bus\x00', 0x200800, 0x4)
openat(r0, &(0x7f00000000c0)='./file0\x00', 0x321000, 0x0) (async)
r2 = open(&(0x7f0000000080)='./bus\x00', 0x145a01, 0x0)
openat(0xffffffffffffffff, &(0x7f0000000280)='./file0\x00', 0x2000, 0x140) (async)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x201, 0x0)
creat(&(0x7f0000000200)='./file0\x00', 0x38) (async)
sendfile(r2, r3, 0x0, 0x80000001) (async)
setsockopt$inet_sctp6_SCTP_AUTO_ASCONF(r2, 0x84, 0x1e, &(0x7f0000000300)=0x7fff, 0x4) (async)
write$P9_RREADLINK(r3, &(0x7f00000001c0)={0x10, 0x17, 0x1, {0x7, './file1'}}, 0x10)

[  379.012807][T26859] loop3: detected capacity change from 0 to 262160
[  379.021253][T26862] loop5: detected capacity change from 0 to 262160
[  379.028307][T26861] loop1: detected capacity change from 0 to 262160
11:47:55 executing program 0:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
syz_open_procfs(0x0, &(0x7f00000001c0)='net/ip_vs_stats\x00')
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001) (fail_nth: 33)

[  379.152878][T26867] loop0: detected capacity change from 0 to 262160
[  379.176074][T26870] loop4: detected capacity change from 0 to 262160
11:47:55 executing program 4:
r0 = syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[]) (async)
chdir(&(0x7f0000000140)='./bus\x00')
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r1, &(0x7f0000000040)=ANY=[], 0x8800000) (async)
open(&(0x7f0000000180)='./bus\x00', 0x200800, 0x4)
openat(r0, &(0x7f00000000c0)='./file0\x00', 0x321000, 0x0)
r2 = open(&(0x7f0000000080)='./bus\x00', 0x145a01, 0x0) (async)
openat(0xffffffffffffffff, &(0x7f0000000280)='./file0\x00', 0x2000, 0x140) (async)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x201, 0x0)
creat(&(0x7f0000000200)='./file0\x00', 0x38) (async)
sendfile(r2, r3, 0x0, 0x80000001) (async)
setsockopt$inet_sctp6_SCTP_AUTO_ASCONF(r2, 0x84, 0x1e, &(0x7f0000000300)=0x7fff, 0x4) (async)
write$P9_RREADLINK(r3, &(0x7f00000001c0)={0x10, 0x17, 0x1, {0x7, './file1'}}, 0x10)

11:47:55 executing program 1:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00') (async)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000) (async)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0) (async)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) (async)
creat(&(0x7f0000000180)='./bus\x00', 0x98)
mount(0x0, 0x0, 0x0, 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001) (async)
ioctl$BTRFS_IOC_GET_DEV_STATS(0xffffffffffffffff, 0xc4089434, 0x0)
connect$rds(r0, &(0x7f00000000c0)={0x2, 0x4e23, @multicast2}, 0x10)

[  379.269680][T26874] FAULT_INJECTION: forcing a failure.
[  379.269680][T26874] name failslab, interval 1, probability 0, space 0, times 0
[  379.282342][T26874] CPU: 0 PID: 26874 Comm: syz-executor.0 Not tainted 5.18.0-rc2-syzkaller-00275-g59250f8a7f3a-dirty #0
[  379.293404][T26874] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  379.303504][T26874] Call Trace:
[  379.306779][T26874]  <TASK>
[  379.309761][T26874]  dump_stack_lvl+0xd6/0x122
[  379.314488][T26874]  dump_stack+0x11/0x12
[  379.318644][T26874]  should_fail+0x230/0x240
[  379.323124][T26874]  __should_failslab+0x81/0x90
[  379.327937][T26874]  ? mempool_alloc_slab+0x16/0x20
[  379.332957][T26874]  should_failslab+0x5/0x20
[  379.337456][T26874]  kmem_cache_alloc+0x46/0x300
[  379.342221][T26874]  ? update_cfs_rq_load_avg+0x16e/0x180
[  379.347785][T26874]  mempool_alloc_slab+0x16/0x20
[  379.352637][T26874]  ? mempool_free+0x130/0x130
[  379.357318][T26874]  mempool_alloc+0x9f/0x2a0
[  379.361880][T26874]  ? __schedule+0x514/0x6c0
11:47:55 executing program 3:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80003f00)

11:47:55 executing program 5:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800804)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

11:47:55 executing program 2:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800042)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

[  379.366447][T26874]  bio_alloc_bioset+0xe4/0x730
[  379.371214][T26874]  submit_bh_wbc+0x161/0x2f0
[  379.375805][T26874]  __sync_dirty_buffer+0x141/0x1f0
[  379.380966][T26874]  sync_dirty_buffer+0x16/0x20
[  379.385733][T26874]  fat_mirror_bhs+0x268/0x330
[  379.390443][T26874]  fat_alloc_clusters+0x983/0xa80
[  379.395583][T26874]  fat_get_block+0x263/0x600
[  379.400185][T26874]  ? fat_block_truncate_page+0x30/0x30
[  379.405676][T26874]  __block_write_begin_int+0x33d/0xc90
[  379.411200][T26874]  ? fat_block_truncate_page+0x30/0x30
[  379.416735][T26874]  ? PageHeadHuge+0x3b/0x120
[  379.421338][T26874]  ? fat_block_truncate_page+0x30/0x30
[  379.426805][T26874]  block_write_begin+0x77/0x170
[  379.431677][T26874]  ? cont_write_begin+0x3aa/0x500
[  379.436738][T26874]  cont_write_begin+0x3cf/0x500
[  379.441600][T26874]  fat_write_begin+0x61/0xf0
[  379.446196][T26874]  ? fat_block_truncate_page+0x30/0x30
[  379.451755][T26874]  generic_perform_write+0x1d6/0x3f0
[  379.457046][T26874]  __generic_file_write_iter+0x172/0x280
[  379.462680][T26874]  ? generic_write_checks+0x256/0x290
[  379.468085][T26874]  generic_file_write_iter+0x75/0x130
[  379.473531][T26874]  do_iter_readv_writev+0x27b/0x300
[  379.478733][T26874]  do_iter_write+0x16f/0x5c0
[  379.483442][T26874]  ? splice_from_pipe_next+0x34f/0x3b0
[  379.488975][T26874]  vfs_iter_write+0x4c/0x70
[  379.493482][T26874]  iter_file_splice_write+0x44a/0x7c0
[  379.498854][T26874]  ? splice_from_pipe+0xc0/0xc0
[  379.503705][T26874]  direct_splice_actor+0x80/0xa0
[  379.508713][T26874]  splice_direct_to_actor+0x345/0x660
[  379.514184][T26874]  ? do_splice_direct+0x180/0x180
[  379.519327][T26874]  do_splice_direct+0xfb/0x180
[  379.524094][T26874]  do_sendfile+0x3ad/0x900
[  379.528512][T26874]  __x64_sys_sendfile64+0x10c/0x150
[  379.533716][T26874]  do_syscall_64+0x2b/0x70
[  379.538232][T26874]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  379.544124][T26874] RIP: 0033:0x7f99336e60e9
[  379.548530][T26874] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
11:47:55 executing program 2:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800043)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

[  379.568137][T26874] RSP: 002b:00007f9932e3b168 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[  379.576547][T26874] RAX: ffffffffffffffda RBX: 00007f99337f9030 RCX: 00007f99336e60e9
[  379.584518][T26874] RDX: 0000000000000000 RSI: 000000000000000b RDI: 0000000000000004
[  379.592482][T26874] RBP: 00007f9932e3b1d0 R08: 0000000000000000 R09: 0000000000000000
[  379.600457][T26874] R10: 0000000080000001 R11: 0000000000000246 R12: 0000000000000002
[  379.608429][T26874] R13: 00007ffd90c343df R14: 00007f9932e3b300 R15: 0000000000022000
[  379.616477][T26874]  </TASK>
[  379.667198][T26882] loop5: detected capacity change from 0 to 262160
[  379.674921][T26884] loop1: detected capacity change from 0 to 262160
[  379.675209][T26885] loop3: detected capacity change from 0 to 262160
11:47:55 executing program 1:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[]) (async)
chdir(&(0x7f0000000140)='./file0\x00') (async)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000) (async)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0) (async)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) (async)
creat(&(0x7f0000000180)='./bus\x00', 0x98)
mount(0x0, 0x0, 0x0, 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)
ioctl$BTRFS_IOC_GET_DEV_STATS(0xffffffffffffffff, 0xc4089434, 0x0) (async)
connect$rds(r0, &(0x7f00000000c0)={0x2, 0x4e23, @multicast2}, 0x10)

[  379.732748][T26891] loop4: detected capacity change from 0 to 262160
11:47:55 executing program 0:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
syz_open_procfs(0x0, &(0x7f00000001c0)='net/ip_vs_stats\x00')
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001) (fail_nth: 34)

11:47:55 executing program 4:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0xffffffffffffff80, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f02400001000000", 0xa, 0x4}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
openat$cgroup_ro(r0, &(0x7f00000000c0)='rdma.current\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

[  379.820254][T26899] loop1: detected capacity change from 0 to 262160
[  379.860949][T26905] loop0: detected capacity change from 0 to 262160
[  379.877352][ T1908] I/O error, dev loop4, sector 262016 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 0
11:47:56 executing program 1:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x4, &(0x7f0000000380)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}, {&(0x7f0000000180)="357a92970dc73f10713c615e90e54d70a08189055ba271f08bb92f434dc4045e66d15bbd4eec307af63b6ccbb4629c0e376e5864112b912b315b7e756a23278d3fa8e7d935ff319f80f79639cd19cdbe71cbc97fb3d031ce5bd4691952383057ee509c7b838284867180bfcf37e8a899066ba11386def3825b35967f5a0e655420f0d3a4f27d84d1606ae5be5996fc696ed748a654ff9c2a105690ae7284ceb709c20992d2d1093f2bc4d2", 0xab, 0x1000}, {&(0x7f0000000300)="291bc720394dd1bde826e805ee0f99b44e6cf624d0f2a7fca1c73042cd3468086b7560c060c2ac6b5a7cdc11512e65021808f8f04ca1a84b1999f616293d6c1a7c805bc544b60b5f1e32067fff39bd184884ba192baaccca94e49d9f7b572a2a86a69853e7e91a681d305e66e0f3b1da3f3b82c95720", 0x76, 0x2}], 0x3014014, &(0x7f00000000c0)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mount(0x0, 0x0, 0x0, 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)
ioctl$BTRFS_IOC_GET_DEV_STATS(0xffffffffffffffff, 0xc4089434, 0x0)

11:47:56 executing program 3:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80004000)

[  379.932395][T26907] loop4: detected capacity change from 0 to 264192
[  379.994488][T26907] FAT-fs (loop4): bogus number of reserved sectors
[  380.001172][T26907] FAT-fs (loop4): Can't find a valid FAT filesystem
[  380.010996][T26910] FAULT_INJECTION: forcing a failure.
[  380.010996][T26910] name failslab, interval 1, probability 0, space 0, times 0
[  380.023716][T26910] CPU: 0 PID: 26910 Comm: syz-executor.0 Not tainted 5.18.0-rc2-syzkaller-00275-g59250f8a7f3a-dirty #0
[  380.034751][T26910] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  380.044801][T26910] Call Trace:
[  380.048078][T26910]  <TASK>
[  380.051001][T26910]  dump_stack_lvl+0xd6/0x122
[  380.055601][T26910]  dump_stack+0x11/0x12
[  380.059763][T26910]  should_fail+0x230/0x240
[  380.064183][T26910]  __should_failslab+0x81/0x90
[  380.068999][T26910]  ? mempool_alloc_slab+0x16/0x20
[  380.074054][T26910]  should_failslab+0x5/0x20
[  380.078557][T26910]  kmem_cache_alloc+0x46/0x300
[  380.083326][T26910]  mempool_alloc_slab+0x16/0x20
[  380.088181][T26910]  ? mempool_free+0x130/0x130
[  380.092861][T26910]  mempool_alloc+0x9f/0x2a0
[  380.097375][T26910]  bio_alloc_bioset+0xe4/0x730
[  380.102203][T26910]  submit_bh_wbc+0x161/0x2f0
[  380.106860][T26910]  __sync_dirty_buffer+0x141/0x1f0
[  380.111958][T26910]  sync_dirty_buffer+0x16/0x20
[  380.116711][T26910]  fat_mirror_bhs+0x268/0x330
[  380.121380][T26910]  fat_ent_write+0xc2/0xd0
[  380.125797][T26910]  fat_chain_add+0x15b/0x410
[  380.130390][T26910]  fat_get_block+0x486/0x600
[  380.134990][T26910]  ? fat_block_truncate_page+0x30/0x30
[  380.140474][T26910]  __block_write_begin_int+0x33d/0xc90
[  380.145922][T26910]  ? fat_block_truncate_page+0x30/0x30
[  380.151443][T26910]  ? PageHeadHuge+0x3b/0x120
[  380.156018][T26910]  ? fat_block_truncate_page+0x30/0x30
[  380.161525][T26910]  block_write_begin+0x77/0x170
[  380.166363][T26910]  ? cont_write_begin+0x3aa/0x500
[  380.171390][T26910]  cont_write_begin+0x3cf/0x500
[  380.176276][T26910]  fat_write_begin+0x61/0xf0
[  380.180854][T26910]  ? fat_block_truncate_page+0x30/0x30
[  380.186362][T26910]  generic_perform_write+0x1d6/0x3f0
[  380.191633][T26910]  __generic_file_write_iter+0x172/0x280
[  380.197325][T26910]  ? generic_write_checks+0x256/0x290
[  380.202715][T26910]  generic_file_write_iter+0x75/0x130
[  380.208073][T26910]  do_iter_readv_writev+0x27b/0x300
[  380.213258][T26910]  do_iter_write+0x16f/0x5c0
[  380.217836][T26910]  ? delay_tsc+0xc1/0xe0
[  380.222062][T26910]  vfs_iter_write+0x4c/0x70
[  380.226554][T26910]  iter_file_splice_write+0x44a/0x7c0
[  380.231958][T26910]  ? splice_from_pipe+0xc0/0xc0
[  380.236797][T26910]  direct_splice_actor+0x80/0xa0
[  380.241727][T26910]  splice_direct_to_actor+0x345/0x660
[  380.247132][T26910]  ? do_splice_direct+0x180/0x180
[  380.252172][T26910]  do_splice_direct+0xfb/0x180
[  380.256977][T26910]  do_sendfile+0x3ad/0x900
[  380.261383][T26910]  __x64_sys_sendfile64+0x10c/0x150
[  380.266599][T26910]  do_syscall_64+0x2b/0x70
[  380.271006][T26910]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  380.276884][T26910] RIP: 0033:0x7f99336e60e9
[  380.281285][T26910] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[  380.300897][T26910] RSP: 002b:00007f9932e3b168 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[  380.309298][T26910] RAX: ffffffffffffffda RBX: 00007f99337f9030 RCX: 00007f99336e60e9
[  380.317322][T26910] RDX: 0000000000000000 RSI: 000000000000000b RDI: 0000000000000004
[  380.325291][T26910] RBP: 00007f9932e3b1d0 R08: 0000000000000000 R09: 0000000000000000
[  380.333369][T26910] R10: 0000000080000001 R11: 0000000000000246 R12: 0000000000000002
[  380.341323][T26910] R13: 00007ffd90c343df R14: 00007f9932e3b300 R15: 0000000000022000
[  380.349320][T26910]  </TASK>
11:47:56 executing program 5:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800900)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

[  380.387081][T26915] loop3: detected capacity change from 0 to 262160
[  380.432204][T26917] loop5: detected capacity change from 0 to 262160
11:47:56 executing program 2:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800044)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

11:47:56 executing program 0:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
syz_open_procfs(0x0, &(0x7f00000001c0)='net/ip_vs_stats\x00')
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001) (fail_nth: 35)

11:47:56 executing program 3:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80004100)

11:47:56 executing program 5:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800a00)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

[  380.750888][T26926] loop3: detected capacity change from 0 to 262160
[  380.764527][T26924] loop0: detected capacity change from 0 to 262160
[  380.812912][T26928] loop5: detected capacity change from 0 to 262160
[  380.861905][T26930] FAULT_INJECTION: forcing a failure.
[  380.861905][T26930] name failslab, interval 1, probability 0, space 0, times 0
[  380.874577][T26930] CPU: 1 PID: 26930 Comm: syz-executor.0 Not tainted 5.18.0-rc2-syzkaller-00275-g59250f8a7f3a-dirty #0
[  380.885657][T26930] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  380.895718][T26930] Call Trace:
[  380.898998][T26930]  <TASK>
[  380.901929][T26930]  dump_stack_lvl+0xd6/0x122
[  380.906542][T26930]  dump_stack+0x11/0x12
[  380.910701][T26930]  should_fail+0x230/0x240
[  380.915199][T26930]  __should_failslab+0x81/0x90
[  380.919978][T26930]  ? mempool_alloc_slab+0x16/0x20
[  380.925009][T26930]  should_failslab+0x5/0x20
[  380.929514][T26930]  kmem_cache_alloc+0x46/0x300
[  380.934360][T26930]  ? update_cfs_rq_load_avg+0x16e/0x180
[  380.939938][T26930]  mempool_alloc_slab+0x16/0x20
[  380.944871][T26930]  ? mempool_free+0x130/0x130
[  380.949548][T26930]  mempool_alloc+0x9f/0x2a0
[  380.954057][T26930]  ? __schedule+0x514/0x6c0
[  380.958639][T26930]  bio_alloc_bioset+0xe4/0x730
[  380.963409][T26930]  submit_bh_wbc+0x161/0x2f0
[  380.968028][T26930]  __sync_dirty_buffer+0x141/0x1f0
[  380.973157][T26930]  sync_dirty_buffer+0x16/0x20
[  380.977958][T26930]  fat_mirror_bhs+0x268/0x330
[  380.982642][T26930]  fat_ent_write+0xc2/0xd0
[  380.986561][T26934] loop4: detected capacity change from 0 to 264192
[  380.987114][T26930]  fat_chain_add+0x15b/0x410
[  380.998222][T26930]  fat_get_block+0x486/0x600
[  381.002823][T26930]  ? fat_block_truncate_page+0x30/0x30
[  381.008339][T26930]  __block_write_begin_int+0x33d/0xc90
[  381.013885][T26930]  ? fat_block_truncate_page+0x30/0x30
[  381.019351][T26930]  ? PageHeadHuge+0x3b/0x120
[  381.023977][T26930]  ? fat_block_truncate_page+0x30/0x30
[  381.029510][T26930]  block_write_begin+0x77/0x170
[  381.034350][T26930]  ? cont_write_begin+0x3aa/0x500
[  381.039363][T26930]  cont_write_begin+0x3cf/0x500
[  381.044310][T26930]  fat_write_begin+0x61/0xf0
[  381.048890][T26930]  ? fat_block_truncate_page+0x30/0x30
[  381.054376][T26930]  generic_perform_write+0x1d6/0x3f0
[  381.059652][T26930]  __generic_file_write_iter+0x172/0x280
[  381.065333][T26930]  ? generic_write_checks+0x256/0x290
[  381.070698][T26930]  generic_file_write_iter+0x75/0x130
[  381.076135][T26930]  do_iter_readv_writev+0x27b/0x300
[  381.081339][T26930]  do_iter_write+0x16f/0x5c0
[  381.085917][T26930]  ? splice_from_pipe_next+0x34f/0x3b0
[  381.091390][T26930]  vfs_iter_write+0x4c/0x70
[  381.095917][T26930]  iter_file_splice_write+0x44a/0x7c0
[  381.101305][T26930]  ? splice_from_pipe+0xc0/0xc0
[  381.106150][T26930]  direct_splice_actor+0x80/0xa0
[  381.111175][T26930]  splice_direct_to_actor+0x345/0x660
[  381.116571][T26930]  ? do_splice_direct+0x180/0x180
[  381.121656][T26930]  do_splice_direct+0xfb/0x180
[  381.126440][T26930]  do_sendfile+0x3ad/0x900
[  381.130844][T26930]  __x64_sys_sendfile64+0x10c/0x150
[  381.136036][T26930]  do_syscall_64+0x2b/0x70
[  381.140452][T26930]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  381.146342][T26930] RIP: 0033:0x7f99336e60e9
[  381.150750][T26930] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[  381.170375][T26930] RSP: 002b:00007f9932e3b168 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[  381.178773][T26930] RAX: ffffffffffffffda RBX: 00007f99337f9030 RCX: 00007f99336e60e9
[  381.186729][T26930] RDX: 0000000000000000 RSI: 000000000000000b RDI: 0000000000000004
[  381.194684][T26930] RBP: 00007f9932e3b1d0 R08: 0000000000000000 R09: 0000000000000000
[  381.202639][T26930] R10: 0000000080000001 R11: 0000000000000246 R12: 0000000000000002
11:47:57 executing program 4:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0xffffffffffffff80, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f02400001000000", 0xa, 0x4}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00') (async, rerun: 32)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0) (rerun: 32)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000) (async)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) (async)
openat$cgroup_ro(r0, &(0x7f00000000c0)='rdma.current\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

11:47:57 executing program 3:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80004200)

11:47:57 executing program 1:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x4, &(0x7f0000000380)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}, {&(0x7f0000000180)="357a92970dc73f10713c615e90e54d70a08189055ba271f08bb92f434dc4045e66d15bbd4eec307af63b6ccbb4629c0e376e5864112b912b315b7e756a23278d3fa8e7d935ff319f80f79639cd19cdbe71cbc97fb3d031ce5bd4691952383057ee509c7b838284867180bfcf37e8a899066ba11386def3825b35967f5a0e655420f0d3a4f27d84d1606ae5be5996fc696ed748a654ff9c2a105690ae7284ceb709c20992d2d1093f2bc4d2", 0xab, 0x1000}, {&(0x7f0000000300)="291bc720394dd1bde826e805ee0f99b44e6cf624d0f2a7fca1c73042cd3468086b7560c060c2ac6b5a7cdc11512e65021808f8f04ca1a84b1999f616293d6c1a7c805bc544b60b5f1e32067fff39bd184884ba192baaccca94e49d9f7b572a2a86a69853e7e91a681d305e66e0f3b1da3f3b82c95720", 0x76, 0x2}], 0x3014014, &(0x7f00000000c0)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mount(0x0, 0x0, 0x0, 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)
ioctl$BTRFS_IOC_GET_DEV_STATS(0xffffffffffffffff, 0xc4089434, 0x0)
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x4, &(0x7f0000000380)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}, {&(0x7f0000000180)="357a92970dc73f10713c615e90e54d70a08189055ba271f08bb92f434dc4045e66d15bbd4eec307af63b6ccbb4629c0e376e5864112b912b315b7e756a23278d3fa8e7d935ff319f80f79639cd19cdbe71cbc97fb3d031ce5bd4691952383057ee509c7b838284867180bfcf37e8a899066ba11386def3825b35967f5a0e655420f0d3a4f27d84d1606ae5be5996fc696ed748a654ff9c2a105690ae7284ceb709c20992d2d1093f2bc4d2", 0xab, 0x1000}, {&(0x7f0000000300)="291bc720394dd1bde826e805ee0f99b44e6cf624d0f2a7fca1c73042cd3468086b7560c060c2ac6b5a7cdc11512e65021808f8f04ca1a84b1999f616293d6c1a7c805bc544b60b5f1e32067fff39bd184884ba192baaccca94e49d9f7b572a2a86a69853e7e91a681d305e66e0f3b1da3f3b82c95720", 0x76, 0x2}], 0x3014014, &(0x7f00000000c0)=ANY=[]) (async)
chdir(&(0x7f0000000140)='./file0\x00') (async)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0) (async)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000) (async)
open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0) (async)
openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) (async)
mount(0x0, 0x0, 0x0, 0x0, 0x0) (async)
sendfile(r1, r2, 0x0, 0x80000001) (async)
ioctl$BTRFS_IOC_GET_DEV_STATS(0xffffffffffffffff, 0xc4089434, 0x0) (async)

[  381.210592][T26930] R13: 00007ffd90c343df R14: 00007f9932e3b300 R15: 0000000000022000
[  381.218553][T26930]  </TASK>
[  381.233643][T26934] FAT-fs (loop4): bogus number of reserved sectors
[  381.240187][T26934] FAT-fs (loop4): Can't find a valid FAT filesystem
11:47:57 executing program 0:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
syz_open_procfs(0x0, &(0x7f00000001c0)='net/ip_vs_stats\x00')
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001) (fail_nth: 36)

[  381.315556][T26938] loop1: detected capacity change from 0 to 262160
[  381.328583][T26940] loop3: detected capacity change from 0 to 262160
[  381.343083][T26938] FAT-fs (loop1): invalid media value (0x24)
[  381.349153][T26938] FAT-fs (loop1): Can't find a valid FAT filesystem
11:47:57 executing program 2:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800045)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

[  381.456222][T26944] loop0: detected capacity change from 0 to 262160
[  381.539870][T26947] loop1: detected capacity change from 0 to 262160
[  381.557415][T26956] FAULT_INJECTION: forcing a failure.
[  381.557415][T26956] name failslab, interval 1, probability 0, space 0, times 0
[  381.570093][T26956] CPU: 0 PID: 26956 Comm: syz-executor.0 Not tainted 5.18.0-rc2-syzkaller-00275-g59250f8a7f3a-dirty #0
11:47:57 executing program 5:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800c00)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

[  381.581122][T26956] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  381.591237][T26956] Call Trace:
[  381.594545][T26956]  <TASK>
[  381.597472][T26956]  dump_stack_lvl+0xd6/0x122
[  381.602132][T26956]  dump_stack+0x11/0x12
[  381.606362][T26956]  should_fail+0x230/0x240
[  381.610811][T26956]  __should_failslab+0x81/0x90
[  381.615602][T26956]  ? fat_cache_add+0x1f7/0x4e0
[  381.620397][T26956]  should_failslab+0x5/0x20
[  381.624904][T26956]  kmem_cache_alloc+0x46/0x300
[  381.629670][T26956]  ? fat16_ent_get+0x45/0x60
[  381.634321][T26956]  fat_cache_add+0x1f7/0x4e0
[  381.638958][T26956]  fat_get_cluster+0x62f/0x870
[  381.643834][T26956]  fat_get_mapped_cluster+0xe0/0x250
[  381.649128][T26956]  fat_bmap+0x259/0x290
[  381.653302][T26956]  fat_get_block+0x3c1/0x600
[  381.657901][T26956]  ? fat_block_truncate_page+0x30/0x30
[  381.663374][T26956]  __block_write_begin_int+0x33d/0xc90
[  381.668880][T26956]  ? fat_block_truncate_page+0x30/0x30
[  381.674350][T26956]  ? PageHeadHuge+0x3b/0x120
[  381.678973][T26956]  ? fat_block_truncate_page+0x30/0x30
[  381.684439][T26956]  block_write_begin+0x77/0x170
[  381.689386][T26956]  ? cont_write_begin+0x3aa/0x500
[  381.694419][T26956]  cont_write_begin+0x3cf/0x500
[  381.699293][T26956]  fat_write_begin+0x61/0xf0
[  381.703891][T26956]  ? fat_block_truncate_page+0x30/0x30
[  381.709363][T26956]  generic_perform_write+0x1d6/0x3f0
[  381.714672][T26956]  __generic_file_write_iter+0x172/0x280
[  381.720304][T26956]  ? generic_write_checks+0x256/0x290
[  381.725680][T26956]  generic_file_write_iter+0x75/0x130
[  381.731059][T26956]  do_iter_readv_writev+0x27b/0x300
[  381.736315][T26956]  do_iter_write+0x16f/0x5c0
11:47:57 executing program 3:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80004300)

[  381.740913][T26956]  ? splice_from_pipe_next+0x34f/0x3b0
[  381.746374][T26956]  vfs_iter_write+0x4c/0x70
[  381.750886][T26956]  iter_file_splice_write+0x44a/0x7c0
[  381.756341][T26956]  ? splice_from_pipe+0xc0/0xc0
[  381.761201][T26956]  direct_splice_actor+0x80/0xa0
[  381.766147][T26956]  splice_direct_to_actor+0x345/0x660
[  381.771521][T26956]  ? do_splice_direct+0x180/0x180
[  381.776548][T26956]  do_splice_direct+0xfb/0x180
[  381.781323][T26956]  do_sendfile+0x3ad/0x900
[  381.785736][T26956]  __x64_sys_sendfile64+0x10c/0x150
11:47:57 executing program 4:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0xffffffffffffff80, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f02400001000000", 0xa, 0x4}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
openat$cgroup_ro(r0, &(0x7f00000000c0)='rdma.current\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0xffffffffffffff80, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f02400001000000", 0xa, 0x4}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[]) (async)
chdir(&(0x7f0000000140)='./file0\x00') (async)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0) (async)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000) (async)
open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0) (async)
openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) (async)
openat$cgroup_ro(r0, &(0x7f00000000c0)='rdma.current\x00', 0x0, 0x0) (async)
sendfile(r1, r2, 0x0, 0x80000001) (async)

[  381.790987][T26956]  do_syscall_64+0x2b/0x70
[  381.795533][T26956]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  381.801636][T26956] RIP: 0033:0x7f99336e60e9
[  381.806049][T26956] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[  381.825656][T26956] RSP: 002b:00007f9932e3b168 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[  381.834070][T26956] RAX: ffffffffffffffda RBX: 00007f99337f9030 RCX: 00007f99336e60e9
[  381.842056][T26956] RDX: 0000000000000000 RSI: 000000000000000b RDI: 0000000000000004
[  381.850035][T26956] RBP: 00007f9932e3b1d0 R08: 0000000000000000 R09: 0000000000000000
[  381.858007][T26956] R10: 0000000080000001 R11: 0000000000000246 R12: 0000000000000002
[  381.858995][T26959] loop4: detected capacity change from 0 to 264192
[  381.866016][T26956] R13: 00007ffd90c343df R14: 00007f9932e3b300 R15: 0000000000022000
[  381.866094][T26956]  </TASK>
11:47:58 executing program 0:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
syz_open_procfs(0x0, &(0x7f00000001c0)='net/ip_vs_stats\x00')
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001) (fail_nth: 37)

11:47:58 executing program 1:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x4, &(0x7f0000000380)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}, {&(0x7f0000000180)="357a92970dc73f10713c615e90e54d70a08189055ba271f08bb92f434dc4045e66d15bbd4eec307af63b6ccbb4629c0e376e5864112b912b315b7e756a23278d3fa8e7d935ff319f80f79639cd19cdbe71cbc97fb3d031ce5bd4691952383057ee509c7b838284867180bfcf37e8a899066ba11386def3825b35967f5a0e655420f0d3a4f27d84d1606ae5be5996fc696ed748a654ff9c2a105690ae7284ceb709c20992d2d1093f2bc4d2", 0xab, 0x1000}, {&(0x7f0000000300)="291bc720394dd1bde826e805ee0f99b44e6cf624d0f2a7fca1c73042cd3468086b7560c060c2ac6b5a7cdc11512e65021808f8f04ca1a84b1999f616293d6c1a7c805bc544b60b5f1e32067fff39bd184884ba192baaccca94e49d9f7b572a2a86a69853e7e91a681d305e66e0f3b1da3f3b82c95720", 0x76, 0x2}], 0x3014014, &(0x7f00000000c0)=ANY=[]) (async)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000) (async)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0) (async)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mount(0x0, 0x0, 0x0, 0x0, 0x0) (async, rerun: 64)
sendfile(r1, r2, 0x0, 0x80000001) (async, rerun: 64)
ioctl$BTRFS_IOC_GET_DEV_STATS(0xffffffffffffffff, 0xc4089434, 0x0)

[  381.905673][T26959] FAT-fs (loop4): bogus number of reserved sectors
[  381.912230][T26959] FAT-fs (loop4): Can't find a valid FAT filesystem
[  381.947517][T26962] loop3: detected capacity change from 0 to 262160
[  381.955025][T26963] loop5: detected capacity change from 0 to 262160
[  381.993924][T26966] loop0: detected capacity change from 0 to 262160
[  382.010561][T26968] loop1: detected capacity change from 0 to 262160
[  382.020993][ T2374] I/O error, dev loop4, sector 264064 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 0
11:47:58 executing program 2:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800046)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

[  382.076399][T26968] FAT-fs (loop1): invalid media value (0x24)
[  382.082493][T26968] FAT-fs (loop1): Can't find a valid FAT filesystem
11:47:58 executing program 4:
r0 = syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r1 = creat(&(0x7f00000001c0)='./bus\x00', 0x0)
lseek(r1, 0x7ffffe, 0x0)
write$binfmt_elf64(r1, &(0x7f0000000280)=ANY=[], 0x1a0)
ioctl$F2FS_IOC_MOVE_RANGE(r0, 0xc020f509, &(0x7f0000000180)={<r2=>r0, 0x400, 0x7f, 0xfffffffeffffffff})
ioctl$AUTOFS_DEV_IOCTL_ISMOUNTPOINT(r1, 0xc018937e, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r2}, './bus\x00'})
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r3, &(0x7f0000000040)=ANY=[], 0x8800000)
r4 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r5 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
ioctl$FIBMAP(r4, 0x1, &(0x7f0000000200)=0x7)
sendfile(r4, r5, 0x0, 0x80000001)
chdir(&(0x7f00000000c0)='./bus\x00')

[  382.180832][T26982] FAULT_INJECTION: forcing a failure.
[  382.180832][T26982] name failslab, interval 1, probability 0, space 0, times 0
[  382.193497][T26982] CPU: 0 PID: 26982 Comm: syz-executor.0 Not tainted 5.18.0-rc2-syzkaller-00275-g59250f8a7f3a-dirty #0
[  382.199322][T26984] loop4: detected capacity change from 0 to 262160
[  382.204572][T26982] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  382.204586][T26982] Call Trace:
[  382.204592][T26982]  <TASK>
[  382.227294][T26982]  dump_stack_lvl+0xd6/0x122
[  382.231903][T26982]  dump_stack+0x11/0x12
[  382.236090][T26982]  should_fail+0x230/0x240
[  382.240621][T26982]  __should_failslab+0x81/0x90
[  382.245374][T26982]  ? mempool_alloc_slab+0x16/0x20
[  382.250465][T26982]  should_failslab+0x5/0x20
[  382.254956][T26982]  kmem_cache_alloc+0x46/0x300
[  382.259743][T26982]  ? update_cfs_rq_load_avg+0x16e/0x180
[  382.265280][T26982]  mempool_alloc_slab+0x16/0x20
[  382.270116][T26982]  ? mempool_free+0x130/0x130
[  382.274810][T26982]  mempool_alloc+0x9f/0x2a0
[  382.279298][T26982]  ? __schedule+0x514/0x6c0
[  382.283788][T26982]  bio_alloc_bioset+0xe4/0x730
[  382.288611][T26982]  submit_bh_wbc+0x161/0x2f0
[  382.293205][T26982]  __sync_dirty_buffer+0x141/0x1f0
[  382.298310][T26982]  sync_dirty_buffer+0x16/0x20
[  382.303073][T26982]  fat_mirror_bhs+0x268/0x330
[  382.307741][T26982]  fat_alloc_clusters+0x983/0xa80
[  382.312767][T26982]  fat_get_block+0x263/0x600
[  382.317425][T26982]  ? fat_block_truncate_page+0x30/0x30
[  382.322879][T26982]  __block_write_begin_int+0x33d/0xc90
[  382.328334][T26982]  ? fat_block_truncate_page+0x30/0x30
[  382.333786][T26982]  ? PageHeadHuge+0x3b/0x120
[  382.338363][T26982]  ? fat_block_truncate_page+0x30/0x30
[  382.343811][T26982]  block_write_begin+0x77/0x170
[  382.348672][T26982]  ? cont_write_begin+0x3aa/0x500
[  382.353736][T26982]  cont_write_begin+0x3cf/0x500
[  382.358577][T26982]  fat_write_begin+0x61/0xf0
[  382.363182][T26982]  ? fat_block_truncate_page+0x30/0x30
[  382.368699][T26982]  generic_perform_write+0x1d6/0x3f0
[  382.374088][T26982]  __generic_file_write_iter+0x172/0x280
[  382.379708][T26982]  ? generic_write_checks+0x256/0x290
[  382.385071][T26982]  generic_file_write_iter+0x75/0x130
[  382.390430][T26982]  do_iter_readv_writev+0x27b/0x300
[  382.395627][T26982]  do_iter_write+0x16f/0x5c0
[  382.400226][T26982]  ? splice_from_pipe_next+0x34f/0x3b0
[  382.405691][T26982]  vfs_iter_write+0x4c/0x70
[  382.410188][T26982]  iter_file_splice_write+0x44a/0x7c0
[  382.415591][T26982]  ? splice_from_pipe+0xc0/0xc0
[  382.420430][T26982]  direct_splice_actor+0x80/0xa0
[  382.425389][T26982]  splice_direct_to_actor+0x345/0x660
[  382.430751][T26982]  ? do_splice_direct+0x180/0x180
[  382.435801][T26982]  do_splice_direct+0xfb/0x180
[  382.440649][T26982]  do_sendfile+0x3ad/0x900
[  382.445056][T26982]  __x64_sys_sendfile64+0x10c/0x150
[  382.450247][T26982]  do_syscall_64+0x2b/0x70
[  382.454671][T26982]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  382.460583][T26982] RIP: 0033:0x7f99336e60e9
[  382.464982][T26982] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[  382.484574][T26982] RSP: 002b:00007f9932e3b168 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[  382.492970][T26982] RAX: ffffffffffffffda RBX: 00007f99337f9030 RCX: 00007f99336e60e9
[  382.500931][T26982] RDX: 0000000000000000 RSI: 000000000000000b RDI: 0000000000000004
[  382.508889][T26982] RBP: 00007f9932e3b1d0 R08: 0000000000000000 R09: 0000000000000000
[  382.516844][T26982] R10: 0000000080000001 R11: 0000000000000246 R12: 0000000000000002
11:47:58 executing program 1:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0xa, &(0x7f0000000c00)=[{&(0x7f0000000380)="ea8a5056d940ed44ad20ccc8c913ceafe094ff5f030720907ccd67798332d2ced63a822b62c38f12c2bee54c72e6ffd379c402eb9af55bb73bd4df282804d7d000"/76, 0x4c, 0x7}, {&(0x7f0000000800)="7e3fa06add1df904cdf7aa14097bf456f5ee04d9c1945322263a832af92197b49bacd9b47804ad72509487dfc7777b46b6f245c5a171a7351a050e5f443e08c754018dc2a2bde9de55b39f00c94763e89585bb5a9fae90c6a26037ffcd699a7c98929ed31b8878243f130122e1b9891619a73853dd180a6eea1d7faefcd8425b883d54b8e368d6fb57d43defdc94e518ef0d56f3dc87e05a02242f871fe072cde2c49c50fe274b7b359803d899977f1f3950d369cd897fdffdc85b8ef15fb08d82c445c9850830444ac59190bc968ad5fdb808bc49625245956d04065b8a", 0xde, 0x3}, {&(0x7f0000000900)="8a69894e2eb05032f21e9b2b8cf7a37360e2cedba57ab2dc12c3f6100b3a860b9534f03e2dbd0c768d4357607bd9dfef401c1f48749759343c5bb512e7e0dac947cae59b7208aed749049f15e44f70c7997c94e4cb6164baf3a50bae297415f54e8f1aa3da6554ba2a666284f94c1cb0a17d174656521b7bf1f745605343317bc41283", 0x83, 0x8}, {&(0x7f0000000d00)="d88e31986929fcc181e8c5f713a9b492dd65004529283c6c07cf21266195b4dd512f7044b844347335a4d70472d6663fd3794907c8c9a81d1b0d565fff64d8f2ac15e9a8828ce0e6bbb04784f94421ed5435a84c166756b703cbeff324ef923cb2e745155477495ee6f6b82bb53ecef35c00a912aabccb3fcaf5f37dbcfd1fb282623d0ec7dca6114661ff8da95ec571f812039691ccad0000000000000000", 0x9f, 0x5}, {&(0x7f00000001c0)="99e696754dbd563b4bf194c30a4a88f6d3d629e95cba36899bbe", 0x1a, 0x3ff}, {&(0x7f00000009c0)="c6e946ee93d93f9496b55db89ec581f2ca8e5a09065bad81616114c7f8d9e2100af58720443c23ec5fdadde70fd099edafee1b8c070a32ef9577f39c872d906cd8f4c5a59828de49d7f29be2ae984f0ea8cd4dfeaf4e5c4682089d3ef9255fbb2d1d88ddee08e4a225642939a9a54a0ff06a5b977048ed33652c04c5cee638bedb78b46473cffb8467e5116ed76e11166fa4bf8b24fa48d0abc5e69acf7286265692b2bc6d7a85095de4c91f7e933304ce700d00a71d09ba5f32a4596bac7c34b048d4326324b5adab2a7b88dcfd31c0170c893c15f60063e8817f5e1e82c384005649eeaab24017ad3228c8bf16f0bbd4642a513c533bfeeab6e6d26951", 0xfe, 0x1}, {&(0x7f0000000ac0), 0x0, 0x1ff}, {&(0x7f0000000b00)="e9c9029e82dd6db31290670083e7377dc34a4e5980b9ba93dd72", 0x1a, 0x8000000000000006}, {&(0x7f0000000b40)="a8a29ab21daa1a39dcf41c24403a556606f1b549a520a3d1a4513ffa7d06117cbf1c28", 0x23, 0x101}, {&(0x7f0000000b80)="fcc57c73f5885baa5fc2a65f688009133273ea638d793a9315214668607b05546956c8edbfa64a9f98f2255bd5143ff64c8fb381abc7894ffd6812e4e0d3d8adaaea6b53dd78d45eb3312fa97245c1bb342aea16618baa4ddd23d0ff7f557a956a9c96d989", 0x65, 0xfffffffffffffffa}], 0x3014014, &(0x7f0000000180)=ANY=[])
creat(&(0x7f0000000200)='./file0\x00', 0x0)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
r1 = open(&(0x7f00000000c0)='./bus\x00', 0x200601, 0x8f)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r2 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mount(0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x884, &(0x7f0000000080), &(0x7f0000ee8000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f00000002c0)=<r4=>0x0, &(0x7f0000000040)=<r5=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x40, &(0x7f0000000140)=0x307f, 0x0, 0x4)
syz_io_uring_submit(r4, r5, &(0x7f0000000540)=@IORING_OP_POLL_ADD, 0x3)
r6 = socket$nl_route(0x10, 0x3, 0x0)
syz_io_uring_submit(r4, r5, &(0x7f0000000400)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r6, 0x0, &(0x7f0000000180)={0x0, 0x0, 0x0}}, 0x0)
r7 = mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2000000, 0x30, r2, 0x10000000)
r8 = io_uring_register$IORING_REGISTER_PERSONALITY(r1, 0x9, 0x0, 0x0)
syz_io_uring_submit(r4, r7, &(0x7f00000007c0)=@IORING_OP_RECVMSG={0xa, 0x4, 0x0, r1, 0x0, &(0x7f0000000780)={&(0x7f0000000240)=@sco, 0x80, &(0x7f0000000700)=[{&(0x7f0000000400)=""/160, 0xa0}, {&(0x7f00000004c0)=""/51, 0x33}, {&(0x7f0000000500)=""/187, 0xbb}, {&(0x7f00000005c0)=""/214, 0xd6}, {&(0x7f00000006c0)=""/53, 0x35}], 0x5}, 0x0, 0x20, 0x1, {0x2, r8}}, 0x8e6)
sendfile(r2, r3, 0x0, 0x80000001)
ioctl$BTRFS_IOC_GET_DEV_STATS(0xffffffffffffffff, 0xc4089434, 0x0)

[  382.524944][T26982] R13: 00007ffd90c343df R14: 00007f9932e3b300 R15: 0000000000022000
[  382.532930][T26982]  </TASK>
11:47:58 executing program 5:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800d00)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

[  382.565830][T26988] loop1: detected capacity change from 0 to 16383
[  382.598723][T26988] FAT-fs (loop1): invalid media value (0x06)
[  382.604777][T26988] FAT-fs (loop1): Can't find a valid FAT filesystem
11:47:58 executing program 3:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80004400)

[  382.718174][T26993] loop5: detected capacity change from 0 to 262160
[  382.725562][T26995] loop3: detected capacity change from 0 to 262160
11:47:59 executing program 0:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
syz_open_procfs(0x0, &(0x7f00000001c0)='net/ip_vs_stats\x00')
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

[  382.926743][T27001] loop0: detected capacity change from 0 to 262160
11:47:59 executing program 4:
r0 = syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00') (async)
r1 = creat(&(0x7f00000001c0)='./bus\x00', 0x0)
lseek(r1, 0x7ffffe, 0x0) (async)
write$binfmt_elf64(r1, &(0x7f0000000280)=ANY=[], 0x1a0) (async)
ioctl$F2FS_IOC_MOVE_RANGE(r0, 0xc020f509, &(0x7f0000000180)={<r2=>r0, 0x400, 0x7f, 0xfffffffeffffffff})
ioctl$AUTOFS_DEV_IOCTL_ISMOUNTPOINT(r1, 0xc018937e, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r2}, './bus\x00'}) (async)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r3, &(0x7f0000000040)=ANY=[], 0x8800000) (async)
r4 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0) (async)
r5 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
ioctl$FIBMAP(r4, 0x1, &(0x7f0000000200)=0x7) (async)
sendfile(r4, r5, 0x0, 0x80000001) (async)
chdir(&(0x7f00000000c0)='./bus\x00')

11:47:59 executing program 3:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80004500)

11:47:59 executing program 5:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800e00)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

11:47:59 executing program 2:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800047)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

[  383.061462][T27004] loop3: detected capacity change from 0 to 262160
[  383.068327][T27006] loop5: detected capacity change from 0 to 262160
[  383.084473][T27008] loop4: detected capacity change from 0 to 262160
11:47:59 executing program 4:
r0 = syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[]) (async)
chdir(&(0x7f0000000140)='./file0\x00') (async)
r1 = creat(&(0x7f00000001c0)='./bus\x00', 0x0)
lseek(r1, 0x7ffffe, 0x0)
write$binfmt_elf64(r1, &(0x7f0000000280)=ANY=[], 0x1a0) (async)
ioctl$F2FS_IOC_MOVE_RANGE(r0, 0xc020f509, &(0x7f0000000180)={<r2=>r0, 0x400, 0x7f, 0xfffffffeffffffff})
ioctl$AUTOFS_DEV_IOCTL_ISMOUNTPOINT(r1, 0xc018937e, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r2}, './bus\x00'})
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r3, &(0x7f0000000040)=ANY=[], 0x8800000) (async)
r4 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r5 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
ioctl$FIBMAP(r4, 0x1, &(0x7f0000000200)=0x7) (async)
sendfile(r4, r5, 0x0, 0x80000001) (async, rerun: 32)
chdir(&(0x7f00000000c0)='./bus\x00') (rerun: 32)

11:47:59 executing program 1:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0xa, &(0x7f0000000c00)=[{&(0x7f0000000380)="ea8a5056d940ed44ad20ccc8c913ceafe094ff5f030720907ccd67798332d2ced63a822b62c38f12c2bee54c72e6ffd379c402eb9af55bb73bd4df282804d7d000"/76, 0x4c, 0x7}, {&(0x7f0000000800)="7e3fa06add1df904cdf7aa14097bf456f5ee04d9c1945322263a832af92197b49bacd9b47804ad72509487dfc7777b46b6f245c5a171a7351a050e5f443e08c754018dc2a2bde9de55b39f00c94763e89585bb5a9fae90c6a26037ffcd699a7c98929ed31b8878243f130122e1b9891619a73853dd180a6eea1d7faefcd8425b883d54b8e368d6fb57d43defdc94e518ef0d56f3dc87e05a02242f871fe072cde2c49c50fe274b7b359803d899977f1f3950d369cd897fdffdc85b8ef15fb08d82c445c9850830444ac59190bc968ad5fdb808bc49625245956d04065b8a", 0xde, 0x3}, {&(0x7f0000000900)="8a69894e2eb05032f21e9b2b8cf7a37360e2cedba57ab2dc12c3f6100b3a860b9534f03e2dbd0c768d4357607bd9dfef401c1f48749759343c5bb512e7e0dac947cae59b7208aed749049f15e44f70c7997c94e4cb6164baf3a50bae297415f54e8f1aa3da6554ba2a666284f94c1cb0a17d174656521b7bf1f745605343317bc41283", 0x83, 0x8}, {&(0x7f0000000d00)="d88e31986929fcc181e8c5f713a9b492dd65004529283c6c07cf21266195b4dd512f7044b844347335a4d70472d6663fd3794907c8c9a81d1b0d565fff64d8f2ac15e9a8828ce0e6bbb04784f94421ed5435a84c166756b703cbeff324ef923cb2e745155477495ee6f6b82bb53ecef35c00a912aabccb3fcaf5f37dbcfd1fb282623d0ec7dca6114661ff8da95ec571f812039691ccad0000000000000000", 0x9f, 0x5}, {&(0x7f00000001c0)="99e696754dbd563b4bf194c30a4a88f6d3d629e95cba36899bbe", 0x1a, 0x3ff}, {&(0x7f00000009c0)="c6e946ee93d93f9496b55db89ec581f2ca8e5a09065bad81616114c7f8d9e2100af58720443c23ec5fdadde70fd099edafee1b8c070a32ef9577f39c872d906cd8f4c5a59828de49d7f29be2ae984f0ea8cd4dfeaf4e5c4682089d3ef9255fbb2d1d88ddee08e4a225642939a9a54a0ff06a5b977048ed33652c04c5cee638bedb78b46473cffb8467e5116ed76e11166fa4bf8b24fa48d0abc5e69acf7286265692b2bc6d7a85095de4c91f7e933304ce700d00a71d09ba5f32a4596bac7c34b048d4326324b5adab2a7b88dcfd31c0170c893c15f60063e8817f5e1e82c384005649eeaab24017ad3228c8bf16f0bbd4642a513c533bfeeab6e6d26951", 0xfe, 0x1}, {&(0x7f0000000ac0), 0x0, 0x1ff}, {&(0x7f0000000b00)="e9c9029e82dd6db31290670083e7377dc34a4e5980b9ba93dd72", 0x1a, 0x8000000000000006}, {&(0x7f0000000b40)="a8a29ab21daa1a39dcf41c24403a556606f1b549a520a3d1a4513ffa7d06117cbf1c28", 0x23, 0x101}, {&(0x7f0000000b80)="fcc57c73f5885baa5fc2a65f688009133273ea638d793a9315214668607b05546956c8edbfa64a9f98f2255bd5143ff64c8fb381abc7894ffd6812e4e0d3d8adaaea6b53dd78d45eb3312fa97245c1bb342aea16618baa4ddd23d0ff7f557a956a9c96d989", 0x65, 0xfffffffffffffffa}], 0x3014014, &(0x7f0000000180)=ANY=[])
creat(&(0x7f0000000200)='./file0\x00', 0x0)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
r1 = open(&(0x7f00000000c0)='./bus\x00', 0x200601, 0x8f) (async)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000) (async)
r2 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0) (async)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) (async)
mount(0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x884, &(0x7f0000000080), &(0x7f0000ee8000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f00000002c0)=<r4=>0x0, &(0x7f0000000040)=<r5=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x40, &(0x7f0000000140)=0x307f, 0x0, 0x4) (async)
syz_io_uring_submit(r4, r5, &(0x7f0000000540)=@IORING_OP_POLL_ADD, 0x3)
r6 = socket$nl_route(0x10, 0x3, 0x0)
syz_io_uring_submit(r4, r5, &(0x7f0000000400)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r6, 0x0, &(0x7f0000000180)={0x0, 0x0, 0x0}}, 0x0)
r7 = mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2000000, 0x30, r2, 0x10000000)
r8 = io_uring_register$IORING_REGISTER_PERSONALITY(r1, 0x9, 0x0, 0x0)
syz_io_uring_submit(r4, r7, &(0x7f00000007c0)=@IORING_OP_RECVMSG={0xa, 0x4, 0x0, r1, 0x0, &(0x7f0000000780)={&(0x7f0000000240)=@sco, 0x80, &(0x7f0000000700)=[{&(0x7f0000000400)=""/160, 0xa0}, {&(0x7f00000004c0)=""/51, 0x33}, {&(0x7f0000000500)=""/187, 0xbb}, {&(0x7f00000005c0)=""/214, 0xd6}, {&(0x7f00000006c0)=""/53, 0x35}], 0x5}, 0x0, 0x20, 0x1, {0x2, r8}}, 0x8e6)
sendfile(r2, r3, 0x0, 0x80000001) (async)
ioctl$BTRFS_IOC_GET_DEV_STATS(0xffffffffffffffff, 0xc4089434, 0x0)

11:47:59 executing program 5:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8801d00)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

[  383.274033][T27017] loop4: detected capacity change from 0 to 262160
11:47:59 executing program 0:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
syz_open_procfs(0x0, &(0x7f00000001c0)='net/ip_vs_stats\x00')
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x7ffff000)

11:47:59 executing program 4:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, &(0x7f00000000c0), 0x8000, &(0x7f00000000c0)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = socket$isdn(0x22, 0x3, 0x1)
ioctl$FS_IOC_RESVSP(r1, 0x40305828, &(0x7f00000001c0)={0x0, 0x0, 0x83f0, 0xfd4c})
r2 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000100), 0x10000, 0x0)
openat$cgroup_ro(r2, &(0x7f0000000180)='cpuset.effective_cpus\x00', 0x0, 0x0)
open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)

11:47:59 executing program 3:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80004600)

[  383.371941][T27026] loop1: detected capacity change from 0 to 16383
[  383.383612][T27028] loop5: detected capacity change from 0 to 262160
[  383.393622][T27031] loop3: detected capacity change from 0 to 262160
[  383.401065][T27032] loop0: detected capacity change from 0 to 262160
[  383.412917][T27026] FAT-fs (loop1): invalid media value (0x06)
[  383.418979][T27026] FAT-fs (loop1): Can't find a valid FAT filesystem
11:47:59 executing program 1:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0xa, &(0x7f0000000c00)=[{&(0x7f0000000380)="ea8a5056d940ed44ad20ccc8c913ceafe094ff5f030720907ccd67798332d2ced63a822b62c38f12c2bee54c72e6ffd379c402eb9af55bb73bd4df282804d7d000"/76, 0x4c, 0x7}, {&(0x7f0000000800)="7e3fa06add1df904cdf7aa14097bf456f5ee04d9c1945322263a832af92197b49bacd9b47804ad72509487dfc7777b46b6f245c5a171a7351a050e5f443e08c754018dc2a2bde9de55b39f00c94763e89585bb5a9fae90c6a26037ffcd699a7c98929ed31b8878243f130122e1b9891619a73853dd180a6eea1d7faefcd8425b883d54b8e368d6fb57d43defdc94e518ef0d56f3dc87e05a02242f871fe072cde2c49c50fe274b7b359803d899977f1f3950d369cd897fdffdc85b8ef15fb08d82c445c9850830444ac59190bc968ad5fdb808bc49625245956d04065b8a", 0xde, 0x3}, {&(0x7f0000000900)="8a69894e2eb05032f21e9b2b8cf7a37360e2cedba57ab2dc12c3f6100b3a860b9534f03e2dbd0c768d4357607bd9dfef401c1f48749759343c5bb512e7e0dac947cae59b7208aed749049f15e44f70c7997c94e4cb6164baf3a50bae297415f54e8f1aa3da6554ba2a666284f94c1cb0a17d174656521b7bf1f745605343317bc41283", 0x83, 0x8}, {&(0x7f0000000d00)="d88e31986929fcc181e8c5f713a9b492dd65004529283c6c07cf21266195b4dd512f7044b844347335a4d70472d6663fd3794907c8c9a81d1b0d565fff64d8f2ac15e9a8828ce0e6bbb04784f94421ed5435a84c166756b703cbeff324ef923cb2e745155477495ee6f6b82bb53ecef35c00a912aabccb3fcaf5f37dbcfd1fb282623d0ec7dca6114661ff8da95ec571f812039691ccad0000000000000000", 0x9f, 0x5}, {&(0x7f00000001c0)="99e696754dbd563b4bf194c30a4a88f6d3d629e95cba36899bbe", 0x1a, 0x3ff}, {&(0x7f00000009c0)="c6e946ee93d93f9496b55db89ec581f2ca8e5a09065bad81616114c7f8d9e2100af58720443c23ec5fdadde70fd099edafee1b8c070a32ef9577f39c872d906cd8f4c5a59828de49d7f29be2ae984f0ea8cd4dfeaf4e5c4682089d3ef9255fbb2d1d88ddee08e4a225642939a9a54a0ff06a5b977048ed33652c04c5cee638bedb78b46473cffb8467e5116ed76e11166fa4bf8b24fa48d0abc5e69acf7286265692b2bc6d7a85095de4c91f7e933304ce700d00a71d09ba5f32a4596bac7c34b048d4326324b5adab2a7b88dcfd31c0170c893c15f60063e8817f5e1e82c384005649eeaab24017ad3228c8bf16f0bbd4642a513c533bfeeab6e6d26951", 0xfe, 0x1}, {&(0x7f0000000ac0), 0x0, 0x1ff}, {&(0x7f0000000b00)="e9c9029e82dd6db31290670083e7377dc34a4e5980b9ba93dd72", 0x1a, 0x8000000000000006}, {&(0x7f0000000b40)="a8a29ab21daa1a39dcf41c24403a556606f1b549a520a3d1a4513ffa7d06117cbf1c28", 0x23, 0x101}, {&(0x7f0000000b80)="fcc57c73f5885baa5fc2a65f688009133273ea638d793a9315214668607b05546956c8edbfa64a9f98f2255bd5143ff64c8fb381abc7894ffd6812e4e0d3d8adaaea6b53dd78d45eb3312fa97245c1bb342aea16618baa4ddd23d0ff7f557a956a9c96d989", 0x65, 0xfffffffffffffffa}], 0x3014014, &(0x7f0000000180)=ANY=[])
creat(&(0x7f0000000200)='./file0\x00', 0x0)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
r1 = open(&(0x7f00000000c0)='./bus\x00', 0x200601, 0x8f)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r2 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mount(0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x884, &(0x7f0000000080), &(0x7f0000ee8000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f00000002c0)=<r4=>0x0, &(0x7f0000000040)=<r5=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x40, &(0x7f0000000140)=0x307f, 0x0, 0x4)
syz_io_uring_submit(r4, r5, &(0x7f0000000540)=@IORING_OP_POLL_ADD, 0x3)
r6 = socket$nl_route(0x10, 0x3, 0x0)
syz_io_uring_submit(r4, r5, &(0x7f0000000400)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r6, 0x0, &(0x7f0000000180)={0x0, 0x0, 0x0}}, 0x0)
r7 = mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2000000, 0x30, r2, 0x10000000)
r8 = io_uring_register$IORING_REGISTER_PERSONALITY(r1, 0x9, 0x0, 0x0)
syz_io_uring_submit(r4, r7, &(0x7f00000007c0)=@IORING_OP_RECVMSG={0xa, 0x4, 0x0, r1, 0x0, &(0x7f0000000780)={&(0x7f0000000240)=@sco, 0x80, &(0x7f0000000700)=[{&(0x7f0000000400)=""/160, 0xa0}, {&(0x7f00000004c0)=""/51, 0x33}, {&(0x7f0000000500)=""/187, 0xbb}, {&(0x7f00000005c0)=""/214, 0xd6}, {&(0x7f00000006c0)=""/53, 0x35}], 0x5}, 0x0, 0x20, 0x1, {0x2, r8}}, 0x8e6)
sendfile(r2, r3, 0x0, 0x80000001)
ioctl$BTRFS_IOC_GET_DEV_STATS(0xffffffffffffffff, 0xc4089434, 0x0)
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0xa, &(0x7f0000000c00)=[{&(0x7f0000000380)="ea8a5056d940ed44ad20ccc8c913ceafe094ff5f030720907ccd67798332d2ced63a822b62c38f12c2bee54c72e6ffd379c402eb9af55bb73bd4df282804d7d000"/76, 0x4c, 0x7}, {&(0x7f0000000800)="7e3fa06add1df904cdf7aa14097bf456f5ee04d9c1945322263a832af92197b49bacd9b47804ad72509487dfc7777b46b6f245c5a171a7351a050e5f443e08c754018dc2a2bde9de55b39f00c94763e89585bb5a9fae90c6a26037ffcd699a7c98929ed31b8878243f130122e1b9891619a73853dd180a6eea1d7faefcd8425b883d54b8e368d6fb57d43defdc94e518ef0d56f3dc87e05a02242f871fe072cde2c49c50fe274b7b359803d899977f1f3950d369cd897fdffdc85b8ef15fb08d82c445c9850830444ac59190bc968ad5fdb808bc49625245956d04065b8a", 0xde, 0x3}, {&(0x7f0000000900)="8a69894e2eb05032f21e9b2b8cf7a37360e2cedba57ab2dc12c3f6100b3a860b9534f03e2dbd0c768d4357607bd9dfef401c1f48749759343c5bb512e7e0dac947cae59b7208aed749049f15e44f70c7997c94e4cb6164baf3a50bae297415f54e8f1aa3da6554ba2a666284f94c1cb0a17d174656521b7bf1f745605343317bc41283", 0x83, 0x8}, {&(0x7f0000000d00)="d88e31986929fcc181e8c5f713a9b492dd65004529283c6c07cf21266195b4dd512f7044b844347335a4d70472d6663fd3794907c8c9a81d1b0d565fff64d8f2ac15e9a8828ce0e6bbb04784f94421ed5435a84c166756b703cbeff324ef923cb2e745155477495ee6f6b82bb53ecef35c00a912aabccb3fcaf5f37dbcfd1fb282623d0ec7dca6114661ff8da95ec571f812039691ccad0000000000000000", 0x9f, 0x5}, {&(0x7f00000001c0)="99e696754dbd563b4bf194c30a4a88f6d3d629e95cba36899bbe", 0x1a, 0x3ff}, {&(0x7f00000009c0)="c6e946ee93d93f9496b55db89ec581f2ca8e5a09065bad81616114c7f8d9e2100af58720443c23ec5fdadde70fd099edafee1b8c070a32ef9577f39c872d906cd8f4c5a59828de49d7f29be2ae984f0ea8cd4dfeaf4e5c4682089d3ef9255fbb2d1d88ddee08e4a225642939a9a54a0ff06a5b977048ed33652c04c5cee638bedb78b46473cffb8467e5116ed76e11166fa4bf8b24fa48d0abc5e69acf7286265692b2bc6d7a85095de4c91f7e933304ce700d00a71d09ba5f32a4596bac7c34b048d4326324b5adab2a7b88dcfd31c0170c893c15f60063e8817f5e1e82c384005649eeaab24017ad3228c8bf16f0bbd4642a513c533bfeeab6e6d26951", 0xfe, 0x1}, {&(0x7f0000000ac0), 0x0, 0x1ff}, {&(0x7f0000000b00)="e9c9029e82dd6db31290670083e7377dc34a4e5980b9ba93dd72", 0x1a, 0x8000000000000006}, {&(0x7f0000000b40)="a8a29ab21daa1a39dcf41c24403a556606f1b549a520a3d1a4513ffa7d06117cbf1c28", 0x23, 0x101}, {&(0x7f0000000b80)="fcc57c73f5885baa5fc2a65f688009133273ea638d793a9315214668607b05546956c8edbfa64a9f98f2255bd5143ff64c8fb381abc7894ffd6812e4e0d3d8adaaea6b53dd78d45eb3312fa97245c1bb342aea16618baa4ddd23d0ff7f557a956a9c96d989", 0x65, 0xfffffffffffffffa}], 0x3014014, &(0x7f0000000180)=ANY=[]) (async)
creat(&(0x7f0000000200)='./file0\x00', 0x0) (async)
chdir(&(0x7f0000000140)='./file0\x00') (async)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0) (async)
open(&(0x7f00000000c0)='./bus\x00', 0x200601, 0x8f) (async)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000) (async)
open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0) (async)
openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) (async)
mount(0x0, 0x0, 0x0, 0x0, 0x0) (async)
syz_io_uring_setup(0x884, &(0x7f0000000080), &(0x7f0000ee8000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f00000002c0), &(0x7f0000000040)) (async)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x40, &(0x7f0000000140)=0x307f, 0x0, 0x4) (async)
syz_io_uring_submit(r4, r5, &(0x7f0000000540)=@IORING_OP_POLL_ADD, 0x3) (async)
socket$nl_route(0x10, 0x3, 0x0) (async)
syz_io_uring_submit(r4, r5, &(0x7f0000000400)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r6, 0x0, &(0x7f0000000180)={0x0, 0x0, 0x0}}, 0x0) (async)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2000000, 0x30, r2, 0x10000000) (async)
io_uring_register$IORING_REGISTER_PERSONALITY(r1, 0x9, 0x0, 0x0) (async)
syz_io_uring_submit(r4, r7, &(0x7f00000007c0)=@IORING_OP_RECVMSG={0xa, 0x4, 0x0, r1, 0x0, &(0x7f0000000780)={&(0x7f0000000240)=@sco, 0x80, &(0x7f0000000700)=[{&(0x7f0000000400)=""/160, 0xa0}, {&(0x7f00000004c0)=""/51, 0x33}, {&(0x7f0000000500)=""/187, 0xbb}, {&(0x7f00000005c0)=""/214, 0xd6}, {&(0x7f00000006c0)=""/53, 0x35}], 0x5}, 0x0, 0x20, 0x1, {0x2, r8}}, 0x8e6) (async)
sendfile(r2, r3, 0x0, 0x80000001) (async)
ioctl$BTRFS_IOC_GET_DEV_STATS(0xffffffffffffffff, 0xc4089434, 0x0) (async)

[  383.546367][T27043] loop1: detected capacity change from 0 to 16383
[  383.572823][T27043] FAT-fs (loop1): invalid media value (0x06)
[  383.578878][T27043] FAT-fs (loop1): Can't find a valid FAT filesystem
11:47:59 executing program 5:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8801f00)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

11:47:59 executing program 0:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
syz_open_procfs(0x0, &(0x7f00000001c0)='net/ip_vs_stats\x00')
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000002)

11:47:59 executing program 3:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80004700)

[  383.732138][T27045] loop1: detected capacity change from 0 to 16383
[  383.765281][T27064] loop0: detected capacity change from 0 to 262160
11:47:59 executing program 1:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, &(0x7f0000000240), 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
ioctl$EXT4_IOC_MIGRATE(0xffffffffffffffff, 0x6609)
mount(0x0, 0x0, 0x0, 0x0, 0x0)
r3 = memfd_secret(0x80000)
r4 = socket$kcm(0x10, 0x2, 0x4)
sendmsg$kcm(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000000)="48000000140081fb7059ae08060c04000aff0f03000004000e11000000006fabca1b4e7d06a6bd7c493872f750375ed08a562ad6e74703c48f93b82a02000000461eb886a5e54e8f", 0x48}], 0x1}, 0x0)
ioctl$AUTOFS_DEV_IOCTL_READY(r3, 0xc0189376, &(0x7f0000000280)={{0x1, 0x1, 0x18, r4, {0x148d}}, './file0\x00'})
r5 = syz_mount_image$nfs4(&(0x7f00000000c0), &(0x7f0000000180)='./bus\x00', 0x3, 0x1, &(0x7f00000001c0)=[{&(0x7f0000000300)="e6a6788ce99931370f42a86217ba9103c8ea1f9d3304c2476e3e84e365b0ba7028c0ca95d00c0c55fb6e83005ad8514432c83b58ed633aefb69dadc1d7a6a22415f04c07dc7d7a20205aa08d2fe826465bbbd26fbb5b433979fbabc5d30e028e762b7ae3ffb4598aa5437f13883be6077225e37eb33e0fe7a5caf4b2815c48e520e38902577b4ea4addf44a45797be8ec01acd56832be65b75569b77b6da3916c407c68fad7a2e52652088a53a2978a4bbdf46062e4570d91515d20d8d517ccf2c5844a7effd792a717a68d7539e486d7210fe5e6668a9856247dffbc041", 0xde, 0x100}], 0x132048, &(0x7f0000000400)={[{'cgroup.controllers\x00'}, {'$'}], [{@smackfstransmute={'smackfstransmute', 0x3d, ')\''}}, {@euid_gt={'euid>', 0xee00}}, {@obj_type={'obj_type', 0x3d, 'cgroup.controllers\x00'}}, {@fsname={'fsname', 0x3d, '%)}-%/)\x05@\'(+'}}, {@hash}, {@rootcontext={'rootcontext', 0x3d, 'system_u'}}, {@fowner_eq={'fowner', 0x3d, 0xee01}}, {@smackfsfloor={'smackfsfloor', 0x3d, 'cgroup.controllers\x00'}}, {@subj_type={'subj_type', 0x3d, '+!'}}]})
openat(r5, &(0x7f0000000200)='./file0\x00', 0x480000, 0x2)
sendfile(r1, r2, 0x0, 0x80000001)
ioctl$BTRFS_IOC_GET_DEV_STATS(0xffffffffffffffff, 0xc4089434, 0x0)

[  383.783538][T27066] loop5: detected capacity change from 0 to 262160
[  383.817968][T27068] loop3: detected capacity change from 0 to 262160
11:48:00 executing program 2:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800048)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

[  383.935433][T27072] loop1: detected capacity change from 0 to 1
11:48:00 executing program 4:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, &(0x7f00000000c0), 0x8000, &(0x7f00000000c0)=ANY=[]) (async)
chdir(&(0x7f0000000140)='./file0\x00') (async)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = socket$isdn(0x22, 0x3, 0x1)
ioctl$FS_IOC_RESVSP(r1, 0x40305828, &(0x7f00000001c0)={0x0, 0x0, 0x83f0, 0xfd4c}) (async)
r2 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000100), 0x10000, 0x0)
openat$cgroup_ro(r2, &(0x7f0000000180)='cpuset.effective_cpus\x00', 0x0, 0x0)
open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0) (async)
openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)

11:48:00 executing program 0:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
syz_open_procfs(0x0, &(0x7f00000001c0)='net/ip_vs_stats\x00')
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000003)

[  384.006984][ T2374] I/O error, dev loop1, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 0
[  384.090443][T27078] loop0: detected capacity change from 0 to 262160
11:48:00 executing program 5:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8802000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80000001)

11:48:00 executing program 4:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, &(0x7f00000000c0), 0x8000, &(0x7f00000000c0)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = socket$isdn(0x22, 0x3, 0x1)
ioctl$FS_IOC_RESVSP(r1, 0x40305828, &(0x7f00000001c0)={0x0, 0x0, 0x83f0, 0xfd4c})
r2 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000100), 0x10000, 0x0)
openat$cgroup_ro(r2, &(0x7f0000000180)='cpuset.effective_cpus\x00', 0x0, 0x0)
open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, &(0x7f00000000c0), 0x8000, &(0x7f00000000c0)=ANY=[]) (async)
chdir(&(0x7f0000000140)='./file0\x00') (async)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0) (async)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000) (async)
socket$isdn(0x22, 0x3, 0x1) (async)
ioctl$FS_IOC_RESVSP(r1, 0x40305828, &(0x7f00000001c0)={0x0, 0x0, 0x83f0, 0xfd4c}) (async)
openat$vsock(0xffffffffffffff9c, &(0x7f0000000100), 0x10000, 0x0) (async)
openat$cgroup_ro(r2, &(0x7f0000000180)='cpuset.effective_cpus\x00', 0x0, 0x0) (async)
open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0) (async)
openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) (async)

11:48:00 executing program 3:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)="eb3c8f000000732e66617400020101000240008080f801", 0x17}, {0x0, 0x0, 0x10000001000}], 0x3014014, &(0x7f0000000180)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x8800000)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x1c5b42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80004800)

[  384.233807][T27090] loop5: detected capacity change from 0 to 262160
[  384.248101][T27092] loop3: detected capacity change from 0 to 262160
11:48:00 executing program 0:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000002c0)